summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore1
-rw-r--r--.gitlab-ci.yml2
-rw-r--r--Makefile33
-rwxr-xr-xbin/add-dsa-needed.sh22
-rwxr-xr-xbin/apt-update-file19
-rwxr-xr-xbin/bts-update1
-rwxr-xr-xbin/check-new-issues13
-rwxr-xr-xbin/check-syntax19
-rwxr-xr-xbin/compare-nvd-cve2
-rwxr-xr-xbin/contact-maintainers9
-rwxr-xr-xbin/embedded-cleanup4
-rwxr-xr-xbin/gen-DSA56
-rwxr-xr-xbin/grab-cve-in-fix414
-rwxr-xr-xbin/inject-embedded-code-copies2
-rwxr-xr-xbin/list-queue2
-rwxr-xr-xbin/lts-bts7
-rwxr-xr-xbin/lts-cve-triage.py16
-rwxr-xr-xbin/lts-missing-uploads (renamed from bin/lts-missing-uploads.py)18
-rwxr-xr-xbin/lts-needs-forward-port.py30
-rwxr-xr-xbin/mass-bug-filer2
-rwxr-xr-xbin/merge-cve-files151
-rwxr-xr-xbin/remove-cve-dist-tags68
-rwxr-xr-xbin/report-vuln25
-rwxr-xr-x[-rw-r--r--]bin/secmaster.py (renamed from lib/python/secmaster.py)3
-rw-r--r--bin/setup_paths.py11
-rwxr-xr-xbin/show-debsecan8
-rwxr-xr-xbin/src2bin_text.py2
-rwxr-xr-xbin/support-ended.py8
-rwxr-xr-xbin/test-web-server4
-rw-r--r--bin/tracker_data.py49
-rwxr-xr-xbin/tracker_service.py227
-rw-r--r--bin/unsupported_packages.py2
-rwxr-xr-xbin/update-db18
-rwxr-xr-xbin/update-nvd23
-rwxr-xr-xbin/update-vuln369
-rwxr-xr-xcheck-external/unknown-packages.py2
-rwxr-xr-xcheck-external/update.sh2
-rw-r--r--conf/cvelist.el116
-rw-r--r--data/CVE/1999.list12
-rw-r--r--data/CVE/2000.list12
-rw-r--r--data/CVE/2001.list10
-rw-r--r--data/CVE/2002.list17
-rw-r--r--data/CVE/2003.list12
-rw-r--r--data/CVE/2004.list18
-rw-r--r--data/CVE/2005.list48
-rw-r--r--data/CVE/2006.list18
-rw-r--r--data/CVE/2007.list28
-rw-r--r--data/CVE/2008.list70
-rw-r--r--data/CVE/2009.list87
-rw-r--r--data/CVE/2010.list119
-rw-r--r--data/CVE/2011.list120
-rw-r--r--data/CVE/2012.list391
-rw-r--r--data/CVE/2013.list333
-rw-r--r--data/CVE/2014.list285
-rw-r--r--data/CVE/2015.list1047
-rw-r--r--data/CVE/2016.list1550
-rw-r--r--data/CVE/2017.list2129
-rw-r--r--data/CVE/2018.list3002
-rw-r--r--data/CVE/2019.list6107
-rw-r--r--data/CVE/2020.list67815
-rw-r--r--data/CVE/2021.list71102
-rw-r--r--data/CVE/2022.list13963
-rw-r--r--data/DLA/list2143
-rw-r--r--data/DSA/list1302
-rwxr-xr-xdata/DTSA/dtsa2
-rw-r--r--data/config.json26
-rw-r--r--data/dla-needed.txt170
-rw-r--r--data/dsa-needed.txt35
-rw-r--r--data/embedded-code-copies252
-rw-r--r--data/next-oldstable-point-update.txt348
-rw-r--r--data/next-point-update.txt176
-rw-r--r--data/packages/removed-packages117
-rw-r--r--doc/DLA.template17
-rw-r--r--doc/README.releases14
-rw-r--r--doc/security-team.d.o/Makefile2
-rw-r--r--doc/security-team.d.o/glossary14
-rw-r--r--doc/security-team.d.o/index10
-rw-r--r--doc/security-team.d.o/security_tracker161
-rw-r--r--doc/security-team.d.o/style.css2
-rw-r--r--doc/security-team.d.o/triage30
-rw-r--r--doc/setup.txt109
l---------[-rw-r--r--]doc/soriano.txt105
-rw-r--r--lib/debian-releases.mk15
-rw-r--r--lib/python/bugs.py104
-rw-r--r--lib/python/config.py59
-rw-r--r--lib/python/debian_support.py187
-rw-r--r--lib/python/dist_config.py97
-rw-r--r--lib/python/helpers.py7
-rw-r--r--lib/python/sectracker/analyzers.py12
-rw-r--r--lib/python/sectracker/diagnostics.py4
-rw-r--r--lib/python/sectracker/parsers.py196
-rw-r--r--lib/python/sectracker/repo.py15
-rw-r--r--lib/python/sectracker/xpickle.py6
-rw-r--r--lib/python/sectracker_test/run.py3
-rw-r--r--lib/python/sectracker_test/test_analyzers.py1
-rw-r--r--lib/python/sectracker_test/test_parsers.py2
-rw-r--r--lib/python/sectracker_test/test_regexpcase.py2
-rw-r--r--lib/python/sectracker_test/test_xpickle.py6
-rw-r--r--lib/python/security_db.py224
-rw-r--r--lib/python/web_support.py98
-rw-r--r--org/TODO74
-rw-r--r--org/lts-frontdesk.2020.txt18
-rw-r--r--org/lts-frontdesk.2021.txt65
-rw-r--r--org/lts-frontdesk.2022.txt65
-rw-r--r--static/distributions.json24
-rw-r--r--templates/lts-no-dsa.txt8
-rw-r--r--templates/lts-update-planned-minor.txt6
-rw-r--r--templates/lts-update-planned.txt4
108 files changed, 155270 insertions, 21122 deletions
diff --git a/.gitignore b/.gitignore
index ff9cca0f42..c63b128fb0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@ data/usertags
stamps/
*_Packages
*_Sources
+*.xpck
*.pyc
*~
\#*#
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 67884599da..9b4b4e6fd8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,7 @@ check-syntax:
stage: build
before_script:
- - apt-get update && apt-get -y --no-install-recommends install git ca-certificates make python python-apt
+ - apt-get update && apt-get -y --no-install-recommends install git ca-certificates make jq python3 python3-apt
script:
- make check-syntax
diff --git a/Makefile b/Makefile
index 545a293228..d58e9b0e7e 100644
--- a/Makefile
+++ b/Makefile
@@ -1,23 +1,8 @@
PYTHON_MODULES = $(wildcard lib/python/*.py)
-# The following variables need to be kept up-to-date and can be adjusted
-# currently unsupported releases can be commented out
-OLDOLDSTABLE = jessie
-OLDSTABLE = stretch
-STABLE = buster
-TESTING = bullseye
-
MIRROR = http://debian.csail.mit.edu/debian
SECURITY_MIRROR = http://security.debian.org/debian-security
-jessie_ARCHS = amd64 armel armhf i386
-stretch_ARCHS = amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x
-buster_ARCHS = amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x
-bullseye_ARCHS = amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x
-sid_ARCHS = amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x
-
-# The rest of the file should not need to be edited
-
# Include the definitions of the releases to be fetched
include lib/*-releases.mk
@@ -78,30 +63,12 @@ endef
$(foreach release,$(RELEASES),$(eval $(call add_update_rule,$(release))))
# Define some common aliases
-.PHONY: update-unstable update-testing update-stable update-oldstable update-oldoldstable
-.PHONY: update-testing-security update-stable-security update-oldstable-security update-oldoldstable-security
.PHONY: update-main update-security update-backports
-update-unstable: update-sid
-update-testing: update-$(TESTING)
-update-testing-security: update-$(TESTING)_security
-update-stable: update-$(STABLE)
-update-stable-security: update-$(STABLE)_security
-update-oldstable: update-$(OLDSTABLE)
-update-oldstable-security: update-$(OLDSTABLE)_security
-ifeq ($(OLDOLDSTABLE),)
-update-oldoldstable:
-update-oldoldstable-security:
-else
-update-oldoldstable: update-$(OLDOLDSTABLE)
-update-oldoldstable-security: update-$(OLDOLDSTABLE)_security
-endif
update-main: $(foreach release,$(MAIN_RELEASES),update-$(release))
update-security: $(foreach release,$(SECURITY_RELEASES),update-$(release)_security)
update-backports: $(foreach release,$(BACKPORT_RELEASES),update-$(release)_backports)
supported-update-targets:
- @echo -n "unstable testing stable oldstable oldoldstable "
- @echo -n "testing-security stable-security oldstable-security oldoldstable-security "
@echo -n "main security backports "
@echo -n "$(RELEASES) "
@echo -n "packages lists nvd"
diff --git a/bin/add-dsa-needed.sh b/bin/add-dsa-needed.sh
index 7c71d1cc75..3a79b36a31 100755
--- a/bin/add-dsa-needed.sh
+++ b/bin/add-dsa-needed.sh
@@ -34,6 +34,18 @@ cleanup() {
}
trap cleanup EXIT
+pkgs_print() {
+ local pkg=$1
+ local include_suffix=$2
+ local suffix=$3
+
+ if $include_suffix ; then
+ printf "%s/%s\n--\n" "$pkg" "$suffix"
+ else
+ printf "%s\n--\n" "$pkg"
+ fi
+}
+
output=data/dsa-needed.txt
case "${1:-}" in
--stdout)
@@ -87,16 +99,18 @@ for release in $releases; do
done < $tmpd/$release.txt
done
+# Handle packages which need update in multiple releases
+# These are added without /$release suffix
cat $tmpd/toadd-*.txt | sort | uniq -d |
while read pkg; do
- printf "%s\n--\n" "$pkg" >> $output
+ pkgs_print "$pkg" false false >> $output
sed -ri "/^$pkg\$/d" $tmpd/toadd-*.txt
done
-# Skip oldoldstable for now as it is an LTS release, tracked with
-# dla-needed:
+# Handle package which need update in distinct releases
+# and that are added with /$release suffix
for release in $releases; do
while read pkg; do
- printf "%s/%s\n--\n" "$pkg" "$release" >> $output
+ pkgs_print "$pkg" "$include_oldstable" "$release" >> $output
done < $tmpd/toadd-$release.txt
done
diff --git a/bin/apt-update-file b/bin/apt-update-file
index 244ae4436d..505d23f602 100755
--- a/bin/apt-update-file
+++ b/bin/apt-update-file
@@ -1,25 +1,10 @@
-#!/usr/bin/python
+#!/usr/bin/python3
# This script is mainly used to demo the updateFile function.
from __future__ import print_function
-import os
-import os.path
-import string
import sys
-def setup_paths():
- check_file = 'lib/python/debian_support.py'
- path = os.getcwd()
- while 1:
- if os.path.exists("%s/%s" % (path, check_file)):
- sys.path = [path + '/lib/python'] + sys.path
- return path
- idx = string.rfind(path, '/')
- if idx == -1:
- raise ImportError("could not setup paths")
- path = path[0:idx]
-root_path = setup_paths()
-
+import setup_paths
import debian_support
if len(sys.argv) != 3:
diff --git a/bin/bts-update b/bin/bts-update
index 99e15d9a7d..8e1c59e1d3 100755
--- a/bin/bts-update
+++ b/bin/bts-update
@@ -60,7 +60,6 @@ if (@changes) {
print MAIL "$_\n" foreach @changes;
close MAIL;
}
-print int(@changes)." tags changed\n";
sub processlist {
my $list=shift;
diff --git a/bin/check-new-issues b/bin/check-new-issues
index 649d0abcb1..9660e18e14 100755
--- a/bin/check-new-issues
+++ b/bin/check-new-issues
@@ -12,13 +12,14 @@ getopts('ln:fhi:t:Tca:e:uUsDb', \%opts);
sub print_commands {
print <<'EOF';
* blank line to skip to next issue
+ * .h to repeat this help output of the list of commands
* .fname to do "apt-file search name"
* .cname to do "apt-cache search name"
* .wname to look up name in wnpp
* .mpackage to search data/embedded-code-copies for "package"
* .rpackage to launch an editor with a report of the issue against "package"
* .gissue to go to the given issue, even if it's not a todo
- * d to display again the issue information
+ * d to display the issue information again
* !command to execute a command with system() without any escaping
* v or e to launch an editor with the current item
* - package-entry to add an entry for "package" and launch an editor (e.g. - poppler <unfixed>)
@@ -30,7 +31,7 @@ EOF
if ($opts{h}) {
print <<'EOF';
-downloads allitems.txt from cve.mitre.org and shows full decription for each
+downloads allitems.txt from cve.mitre.org and shows full description for each
"TODO: check" item (2003 and newer). Then
- tries to guess product name and php filename and does
@@ -164,7 +165,7 @@ foreach my $entry (@{$entries}) {
$name=$1;
}
else {
- die "invlid entry:\n$entry";
+ die "invalid entry:\n$entry";
}
if (!$opts{l} && $entry =~ /^\s+-\s+([^\s]+)/m ) {
my $pkg = $1;
@@ -198,6 +199,12 @@ print ", $num_todo todos matching /$todo_regexp/" if $num_todo;
print ", $num_missing_bug entries with missing bug reference" if $num_missing_bug;
print "\n";
+if ((! $opts{l}) and (! $opts{b})) {
+ print "\nCommands:\n";
+ print_commands;
+ print "\n";
+}
+
if ($opts{l}) {
#list only
foreach my $todo (sort {$b <=> $a} @todos) {
diff --git a/bin/check-syntax b/bin/check-syntax
index 2daaeaefde..529f378550 100755
--- a/bin/check-syntax
+++ b/bin/check-syntax
@@ -1,23 +1,8 @@
-#!/usr/bin/python
+#!/usr/bin/python3
-import os
-import os.path
-import string
import sys
-def setup_paths():
- check_file = 'lib/python/debian_support.py'
- path = os.getcwd()
- while 1:
- if os.path.exists("%s/%s" % (path, check_file)):
- sys.path = [path + '/lib/python'] + sys.path
- return path
- idx = string.rfind(path, '/')
- if idx == -1:
- raise ImportError("could not setup paths")
- path = path[0:idx]
-root_path = setup_paths()
-
+import setup_paths
import bugs
import debian_support
diff --git a/bin/compare-nvd-cve b/bin/compare-nvd-cve
index 707ac839ea..bcee148ab5 100755
--- a/bin/compare-nvd-cve
+++ b/bin/compare-nvd-cve
@@ -87,7 +87,7 @@ for my $year (reverse 2002 .. (gmtime())[5]+1900) {
print STDERR "warning: $cve in Debian refer to $cpe, while NVD do not (found $cpelist).\n"
} elsif (2 == $info{$cpe}) {
if (exists $cperevmap{$cpe}) {
- print STDERR "warning: $cve in NVD is not refering to $cpe found in Debian.\n"
+ print STDERR "warning: $cve in NVD is not referring to $cpe found in Debian.\n"
}
} elsif (3 == $info{$cpe}) {
diff --git a/bin/contact-maintainers b/bin/contact-maintainers
index 12d19d6dc1..516495c52d 100755
--- a/bin/contact-maintainers
+++ b/bin/contact-maintainers
@@ -19,17 +19,15 @@ def get_full_name():
return pwd.getpwuid(os.getuid()).pw_gecos.split(",")[0]
-def get_maintainers(pkg):
- return u"{}@packages.debian.org".format(pkg)
-
-
try:
import rdflib
except ImportError:
warnings.warn("python-rdflib not installed; will fall back to PTS email address")
-else:
def get_maintainers(pkg):
+ return u"{}@packages.debian.org".format(pkg)
+else:
+ def get_maintainers(pkg):
# RDF object and predicate references used on PTS
project = rdflib.term.URIRef(
@@ -74,7 +72,6 @@ else:
return u", ".join(maint)
-
# Parse command line
parser = argparse.ArgumentParser(description="Get in touch with package maintainers")
parser.add_argument("--force", action="store_true", help="Ignore safety checks")
diff --git a/bin/embedded-cleanup b/bin/embedded-cleanup
index f6fda3a7c1..83eff2844e 100755
--- a/bin/embedded-cleanup
+++ b/bin/embedded-cleanup
@@ -42,8 +42,8 @@ esac
PKGSLIST=$(mktemp)
-echo "Querying UDD via alioth (you may need to enter a password):"
-ssh -oBatchMode=yes alioth.debian.org "psql -Atx -c \"SELECT DISTINCT source,release from sources where distribution='debian';\" 'service=udd'" > "$PKGSLIST"
+echo "Querying UDD via coccia.debian.org (you may need to enter a password):"
+ssh -oBatchMode=yes coccia.debian.org "psql -Atx -c \"SELECT DISTINCT source,release from sources where distribution='debian';\" 'service=udd'" > "$PKGSLIST"
export PKGSLIST
diff --git a/bin/gen-DSA b/bin/gen-DSA
index 0a453b6d31..346214c2ff 100755
--- a/bin/gen-DSA
+++ b/bin/gen-DSA
@@ -27,10 +27,20 @@ case "$(basename "$0")" in
;;
esac
-OLDOLDSTABLE=jessie
-OLDSTABLE=stretch
-STABLE=buster
-TESTING=bullseye
+if ! command -v jq >/dev/null ; then
+ echo "error: jq is needed to parse distributions, please install it"
+ exit 1
+fi
+
+RELEASES=`jq -r '.distributions | to_entries[] | select(.value.release) | .value.release | ascii_upcase' data/config.json`
+CODENAMES=`jq -r '.distributions | to_entries[] | select(.value.release) | .key' data/config.json`
+
+while read dist; do
+ read codename
+ eval $dist=$codename
+done << EOF
+`jq -r '.distributions | to_entries[] | select(.value.release) | (.value.release | ascii_upcase), .key' data/config.json`
+EOF
NAME_SPACING=24
DATE_SPACING=22
@@ -139,7 +149,7 @@ setvar() {
sed -i "s=\$$var=$value=g" "$tmpf"
}
-if which tput >/dev/null; then
+if command -v tput >/dev/null; then
RED=$(tput setaf 1)
YELLOW=$(tput setaf 3)
MAGENTA=$(tput setaf 5)
@@ -185,7 +195,7 @@ while [ $# -gt 0 ]; do
[cC][vV][eE]-*)
CVE="$CVE $(toupper "$1")"
;;
- [0-9][0-9][0-9][0-9][0-9][0-9]|[#][0-9]*)
+ [0-9][0-9][0-9][0-9][0-9][0-9][0-9]|[#][0-9]*)
BUGNUM="$BUGNUM ${1#\#}"
;;
*)
@@ -323,6 +333,10 @@ if [ $REFERENCES -gt 1 ]; then
sed -ri 's/this problem has/these problems have/' $tmpf
fi
+if [ -z "$DEBFULLNAME" ]; then
+ "error: DEBFULLNAME env variable required"
+ exit 1
+fi
SPACEDDEBFULLNAME="$(left_space "$DEBFULLNAME" "$NAME_SPACING")"
DATE="$(date +"%B %d, %Y")"
@@ -335,15 +349,17 @@ setvar PACKAGE
setvar CVE "$CVE_LIST"
setvar ${IDMODE}ID "$DAID"
setvar BUGNUM
-setvar OLDOLDSTABLE
-setvar OLDSTABLE
-setvar STABLE
-setvar TESTING
setvar SPACEDDATE
setvar DATE
setvar TEXT "${TEXT:-$IDMODE text goes here}"
-for dist in $OLDOLDSTABLE $OLDSTABLE $STABLE $TESTING UNSTABLE; do
+for dist in $RELEASES; do
+ setvar $dist
+done
+
+DISTS=
+
+for dist in $CODENAMES; do
version="$(eval 'printf "%s" "$'"$dist"_VERSION'"')"
if $save && [ -z "$version" ] && grep -q "${dist}_VERSION" "$tmpf"; then
printf "Enter $dist's version [unset]: "
@@ -353,8 +369,15 @@ for dist in $OLDOLDSTABLE $OLDSTABLE $STABLE $TESTING UNSTABLE; do
fi
fi
[ -z "$version" ] || setvar "${dist}_VERSION" "$version"
+ [ -z "$version" ] || DISTS="${DISTS},${dist}"
done
+DISTS="${DISTS#,}"
+
+if [ -n "${DISTS}" ]; then
+ bin/remove-cve-dist-tags "${DISTS}" "${PACKAGE}" ${CVE}
+fi
+
if ! $save; then
cat $tmpf
echo
@@ -377,7 +400,7 @@ EOF
printf "\t{%s}\n" "$CVE" >> $daid_entry
fi
- for dist in $OLDOLDSTABLE $OLDSTABLE $STABLE; do
+ for dist in $CODENAMES; do
version="$(eval 'printf "%s" "$'"$dist"_VERSION'"')"
[ -z "$version" ] || \
printf "\t[%s] - %s %s\n" "$dist" "$PACKAGE" "$version" >> $daid_entry
@@ -391,11 +414,14 @@ EOF
echo "$IDMODE text written to ./$IDMODE-$DAID"
if [ "$IDMODE" = "DLA" ] || [ "$IDMODE" = "ELA" ]; then
idmode=$(echo "$IDMODE" | tr A-Z a-z)
+ if [ -n "${DISTS}" ]; then
+ extracvefile=`jq -r ".distributions.${DISTS}.maincvefile // empty" data/config.json`
+ fi
if [ -d .git ]; then
echo "Made the following changes:"
- git diff -- data/$IDMODE/list $needed_file
+ git diff -- data/$IDMODE/list data/CVE/list $extracvefile $needed_file
if ! git diff-index --name-only HEAD -- $needed_file | grep -qs . && [ $TYPE = security ]; then
- warn "did not make any changes to $needed_file - this may indicate duplicate work"
+ warn "did not make any changes to $needed_file - this may indicate duplicate work or misspelled package name"
fi
fi
warn "you need to commit and push the changes to data/$IDMODE/list etc. to actually reserve the $IDMODE-$DAID number and avoid conflicts with others."
@@ -403,7 +429,7 @@ EOF
echo -n "Do you want to commit and push them now ? [Yn] "
read reply
if [ "$reply" = "Y" ] || [ "$reply" = "" ] || [ "$reply" = "y" ]; then
- git add data/$IDMODE/list $needed_file
+ git add data/$IDMODE/list data/CVE/list $extracvefile $needed_file
git commit -m "Reserve $IDMODE-$DAID for $PACKAGE"
git push origin master
fi
diff --git a/bin/grab-cve-in-fix b/bin/grab-cve-in-fix
new file mode 100755
index 0000000000..98ea9cd476
--- /dev/null
+++ b/bin/grab-cve-in-fix
@@ -0,0 +1,414 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+"""
+grab-cve-in-fix - #1001451
+
+- queries the latest version of source:<package_name> in unstable
+- extracts all mentioned CVE IDs from the change
+- creates a correctly formatted CVE snippet with the recorded fixes that
+ can be reviewed and merged into the main data/CVE/list
+"""
+
+#
+# Copyright 2021-2022 Neil Williams <codehelp@debian.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+#
+
+# pylint: disable=too-few-public-methods,line-too-long,too-many-instance-attributes,too-many-branches
+
+# Examples:
+# --archive https://lists.debian.org/debian-devel-changes/2021/12/msg01280.html
+# --tracker https://tracker.debian.org/news/1285227/accepted-freerdp2-241dfsg1-1-source-into-unstable/
+
+import argparse
+import os
+import glob
+import logging
+import re
+import sys
+import requests
+
+# depends on python3-apt
+import apt_pkg
+
+# depends on python3-debian
+from debian.deb822 import Changes
+
+import setup_paths # noqa # pylint: disable=unused-import
+from sectracker.parsers import (
+ sourcepackages,
+ FlagAnnotation,
+ StringAnnotation,
+ PackageAnnotation,
+ Bug,
+ cvelist,
+ writecvelist,
+)
+
+
+class ParseChanges:
+ """Base for parsing DEB822 content into a CVE list"""
+
+ def __init__(self, url):
+ self.url = url
+ self.source_package = None
+ self.cves = []
+ self.bugs = {}
+ self.parsed = []
+ self.unstable_version = None
+ self.tracker_base = "https://security-tracker.debian.org/tracker/source-package/"
+ self.logger = logging.getLogger("grab-cve-in-fix")
+ self.logger.setLevel(logging.DEBUG)
+ # console logging
+ ch_log = logging.StreamHandler()
+ ch_log.setLevel(logging.DEBUG)
+ formatter = logging.Formatter("%(name)s - %(levelname)s - %(message)s")
+ ch_log.setFormatter(formatter)
+ self.logger.addHandler(ch_log)
+ apt_pkg.init_system() # pylint: disable=c-extension-no-member
+
+ def _read_cvelist(self):
+ os.chdir(os.path.dirname(os.path.dirname(os.path.realpath(__file__))))
+ data, _ = cvelist("data/CVE/list") # pylint: disable=no-value-for-parameter
+ for cve in self.cves:
+ for bug in data:
+ if bug.header.name == cve:
+ self.bugs[cve] = bug
+ package_checks = {}
+ cve_notes = {}
+ for cve, bug in self.bugs.items():
+ self.logger.info("%s: %s", bug.header.name, bug.header.description)
+ for line in bug.annotations:
+ if isinstance(line, PackageAnnotation):
+ package_checks.setdefault(cve, [])
+ package_checks[cve].append(line.package)
+ if isinstance(line, StringAnnotation) or isinstance(line, FlagAnnotation):
+ cve_notes.setdefault(cve, [])
+ cve_notes[cve].append(line.type)
+ if cve not in package_checks:
+ self.logger.error("CVE %s is not attributed to a Debian package: %s", cve, cve_notes.get(cve, ""))
+ elif self.source_package not in package_checks[cve]:
+ self.logger.warning(
+ "%s is listed against %s, not %s", cve, list(set(package_checks[cve])), self.source_package
+ )
+ if not self.cves:
+ self.logger.warning(
+ "no CVEs found in the changes output " "for %s %s",
+ self.source_package,
+ self.unstable_version,
+ )
+
+ def parse(self):
+ """Parser-specific code to pick out the DEB822 content"""
+ raise NotImplementedError
+
+ def _read_changes(self):
+ if not self.parsed:
+ return
+ rel = Changes(self.parsed)
+ changes = rel.get("Changes")
+ if not changes:
+ self.logger.error("%s %s\n", rel, self.parsed)
+ return
+ self.source_package = rel.get("Source")
+ self.unstable_version = rel.get("Version")
+ match = None
+ for log in changes.splitlines():
+ match = re.findall(r"(CVE-[0-9]{4}-[0-9]+)", log)
+ if match:
+ self.cves += match
+
+ def add_unstable_version(self):
+ """
+ Writes out a CVE file snippet with the filename:
+ ./<src_package>.list
+ Fails if the file already exists.
+
+ Prints error if any of the listed CVEs are not found
+ for the specified source_package.
+
+ If a new version is set, the fixed version for the CVE will
+ be updated to that version. Uses python3-apt to only update
+ if the version is declared, by apt, to be newer.
+
+ A typo in the CVE ID *may* cause a CVE to be declared as
+ fixed in the wrong source package. This is complicated by
+ the need to allow for embedded copies and removed packages.
+ """
+ modified = []
+ cve_file = f"{self.source_package}.list"
+ cves = sorted(set(self.cves))
+ cves.reverse()
+ for cve in cves:
+ if cve not in self.bugs:
+ self.logger.error(
+ "%s was not found in the Security Tracker CVE list! Check %s%s - "
+ "possible typo in the package changelog? Check the list of CVEs "
+ "in the security tracker and use this script again, in offline mode."
+ " ./bin grab-cve-in-fix --src %s --cves corrected-cve",
+ cve,
+ self.tracker_base,
+ self.source_package,
+ self.source_package,
+ )
+ continue
+ for line in self.bugs[cve].annotations:
+ if not isinstance(line, PackageAnnotation):
+ continue # skip notes etc.
+ if line.release: # only update unstable
+ continue
+ if line.package != self.source_package:
+ self.logger.info(
+ "Ignoring %s annotation for %s",
+ cve,
+ line.package,
+ )
+ continue # allow for removed, old or alternate pkg names
+ if line.version:
+ vcompare = apt_pkg.version_compare( # pylint: disable=c-extension-no-member
+ line.version, self.unstable_version
+ )
+ if vcompare < 0:
+ self.logger.info("Updating %s to %s", line.version, self.unstable_version)
+ mod_line = line._replace(version=self.unstable_version)
+ index = self.bugs[cve].annotations.index(line)
+ bug_list = list(self.bugs[cve].annotations)
+ bug_list[index] = mod_line
+ mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
+ modified.append(mod_bug)
+ elif vcompare > 0:
+ self.logger.error(
+ "%s is listed as fixed in %s which is newer than %s",
+ cve,
+ line.version,
+ self.unstable_version,
+ )
+ else:
+ self.logger.info(
+ "%s already has annotation for - %s %s",
+ cve,
+ self.source_package,
+ line.version,
+ )
+ else:
+ mod_line = line._replace(version=self.unstable_version)
+ index = self.bugs[cve].annotations.index(line)
+ bug_list = list(self.bugs[cve].annotations)
+ bug_list[index] = mod_line
+ mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
+ modified.append(mod_bug)
+ if not modified:
+ return 0
+ if os.path.exists(cve_file):
+ self.logger.critical("%s already exists", cve_file)
+ return -1
+ for cve in modified:
+ self.logger.info(
+ "Writing to ./%s with update for %s - %s %s",
+ cve_file,
+ cve.header.name,
+ self.source_package,
+ self.unstable_version,
+ )
+ with open(cve_file, "a") as snippet:
+ writecvelist(modified, snippet)
+ return 0
+
+
+class ParseSources(ParseChanges):
+ """Read latest version in unstable from updated local Sources files"""
+
+ def parse(self):
+ """
+ Support to pick up unstable_version from the local packages cache.
+
+ Also supports explicitly setting the version for times when
+ the package has received an unrelated update in unstable.
+ """
+ if self.unstable_version:
+ self.logger.info("Using forced version: %s", self.unstable_version)
+ self._read_cvelist()
+ self.add_unstable_version()
+ return 0
+
+ self.logger.info("Retrieving data from local packages data...")
+ if not self.source_package or not self.cves:
+ self.logger.error("for offline use, specify both --src and --cves options")
+ return 1
+ # self.url contains pkgdir which needs to contain Sources files
+ os.chdir(self.url)
+ for srcs_file in glob.glob("sid*Sources"):
+ srcs = sourcepackages(srcs_file) # pylint: disable=no-value-for-parameter
+ if srcs.get(self.source_package):
+ self.unstable_version = srcs[self.source_package].version
+ # src package is only listed in one Sources file
+ break
+ self._read_cvelist()
+ self.add_unstable_version()
+ return 0
+
+
+class ParseTrackerAccepted(ParseChanges):
+ """
+ Download and parse Accepted tracker NEWS
+
+ e.g. https://tracker.debian.org/news/1285227/accepted-freerdp2-241dfsg1-1-source-into-unstable/
+ """
+
+ MARKER = '<div class="email-news-body">'
+
+ def parse(self):
+ self.logger.info("Retrieving data from distro-tracker...")
+ req = requests.get(self.url)
+ if req.status_code != requests.codes.ok: # pylint: disable=no-member
+ return 2
+ self.parsed = []
+ for line in req.text.splitlines():
+ if not self.parsed and not line.startswith(self.MARKER):
+ continue
+ if self.MARKER in line:
+ line = line.replace(self.MARKER, "")
+ if "<pre>" in line:
+ line = line.replace("<pre>", "")
+ if line.startswith("\t"):
+ line = line.replace("\t", "")
+ self.parsed.append(line)
+ if line.startswith("</pre>"):
+ break
+ self._read_changes()
+ self._read_cvelist()
+ self.add_unstable_version()
+ return 0
+
+
+class ParseDDChanges(ParseChanges):
+ """
+ Download and parse an email in the debian-devel-changes archive
+
+ e.g. https://lists.debian.org/debian-devel-changes/2021/12/msg01280.html
+ """
+
+ def parse(self):
+ self.logger.info("Retrieving data from debian-devel-changes archive...")
+ req = requests.get(self.url)
+ if req.status_code != requests.codes.ok: # pylint: disable=no-member
+ return 3
+ for line in req.text.splitlines():
+ if not self.parsed and not line.startswith("<pre>"):
+ continue
+ pars = line.replace("<pre>", "")
+ self.parsed.append(pars)
+ if line.startswith("</pre>"):
+ break
+ self._read_changes()
+ self._read_cvelist()
+ self.add_unstable_version()
+ return 0
+
+
+class ParseDDStdIn(ParseChanges):
+ """
+ Parse an email originating from debian-devel-changes passed
+ on STDIN
+ """
+
+ MARKER = "-----BEGIN PGP SIGNED MESSAGE-----"
+
+ def parse(self):
+ self.logger.info("Retrieving data STDIN ...")
+ content = sys.stdin.read()
+ for line in content.splitlines():
+ if not self.parsed and not line.startswith(self.MARKER):
+ continue
+ self.parsed.append(line)
+ if not self.parsed:
+ self.logger.warning("Unable to find PGP marker - unsigned content?")
+ return 1
+ self._read_changes()
+ self._read_cvelist()
+ self.add_unstable_version()
+ return 0
+
+
+def main():
+ """
+ 1: Provide an option to parse the email from debian-devel-changes
+ 2: Provide an option to lookup the information using tracker.d.o
+ 3: Provide an option to read an email from debian-devel-changes on stdin
+ 4: Fallback to lookup the information in the local apt-cache
+ data populated by 'make update-packages'
+ data/packages/sid__main_Sources
+ data/packages/sid__contrib_Sources
+ data/packages/sid__non-free_Sources
+ """
+ parser = argparse.ArgumentParser(
+ description="Grab CVE data from a package upload for manual review",
+ usage="%(prog)s [-h] [[--input] | [--archive URL] | [--tracker TRACKER]] | "
+ "[[--src SRC] & [--cves [CVES ...]]]",
+ epilog="Data is written to a new <source_package>.list " "file which can be used with './bin/merge-cve-files'",
+ )
+ online = parser.add_argument_group(
+ "Online - query one of distro-tracker or " "debian-devel-changes mail archive or debian-devel-changes email"
+ )
+ online.add_argument(
+ "--input",
+ action="store_true",
+ help="Read from a debian-devel-changes email on STDIN",
+ )
+ online.add_argument(
+ "--archive",
+ help="URL of debian-devel-changes " "announcement in the list archive",
+ )
+ online.add_argument(
+ "--tracker",
+ help="URL of tracker.debian.org 'Accepted NEWS' page for unstable",
+ )
+ offline = parser.add_argument_group(
+ "Offline - run 'make update-packages' first & specify source package and CVE list"
+ )
+ offline.add_argument("--src", help="Source package name to look up version in local packages files")
+ offline.add_argument(
+ "--force-version",
+ help="Explicitly set the fixed version, in case sid has moved ahead.",
+ )
+ offline.add_argument("--cves", nargs="*", help="CVE ID tag with version from local packages files")
+ args = parser.parse_args()
+ if args.input:
+ data = ParseDDStdIn(args.input)
+ return data.parse()
+ if args.archive:
+ data = ParseDDChanges(args.archive)
+ return data.parse()
+ if args.tracker:
+ data = ParseTrackerAccepted(args.tracker)
+ return data.parse()
+ pkg_dir = os.path.join(".", "data", "packages")
+ if os.path.exists(pkg_dir):
+ data = ParseSources(pkg_dir)
+ data.source_package = args.src
+ data.cves = args.cves
+ if args.force_version:
+ data.unstable_version = args.force_version
+ return data.parse()
+ logger = logging.getLogger("grab-cve-in-fix")
+ logger.error("Unable to parse package data!")
+ return -1
+
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/bin/inject-embedded-code-copies b/bin/inject-embedded-code-copies
index c54fc02de4..fcfd0f371b 100755
--- a/bin/inject-embedded-code-copies
+++ b/bin/inject-embedded-code-copies
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
#
# inject embedded code copy data into the secure-testing cve list
#
diff --git a/bin/list-queue b/bin/list-queue
index 2ac1e2f1de..52af2825f7 100755
--- a/bin/list-queue
+++ b/bin/list-queue
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# list-queue -- list security-master queue contents
# Copyright (C) 2011 Florian Weimer <fw@deneb.enyo.de>
#
diff --git a/bin/lts-bts b/bin/lts-bts
index 98df374c03..d1a70b63c2 100755
--- a/bin/lts-bts
+++ b/bin/lts-bts
@@ -11,7 +11,10 @@ import sys
import tempfile
import warnings
-from tracker_data import TrackerData, RELEASES
+from tracker_data import TrackerData
+
+import setup_paths
+import config
from jinja2 import Template
@@ -103,7 +106,7 @@ def main():
cc = 'debian-lts@lists.debian.org'
team = 'lts'
- release = RELEASES['lts']
+ release = config.get_supported_releases()[0]
# Basic check
instructions = "packages/{}.txt".format(args.package)
diff --git a/bin/lts-cve-triage.py b/bin/lts-cve-triage.py
index 9cb6306983..f1f2a66ca5 100755
--- a/bin/lts-cve-triage.py
+++ b/bin/lts-cve-triage.py
@@ -15,13 +15,21 @@
# You should have received a copy of the GNU General Public License
# along with this file. If not, see <https://www.gnu.org/licenses/>.
+import setup_paths
+
import sys
import argparse
import collections
-from tracker_data import TrackerData, RELEASES
+from tracker_data import TrackerData
from unsupported_packages import UnsupportedPackages, LimitedSupportPackages
+import config
+
+RELEASES = {
+ 'lts': config.get_supported_releases()[0],
+ 'next_lts': config.get_supported_releases()[1],
+}
def colored(x, *args, **kwargs):
return x
@@ -85,7 +93,7 @@ parser.add_argument('--exclude', nargs='+', choices=[x[0] for x in LIST_NAMES],
args = parser.parse_args()
tracker = TrackerData(update_cache=not args.skip_cache_update)
-unsupported = UnsupportedPackages(debian_version=8,
+unsupported = UnsupportedPackages(debian_version=9,
update_cache=not args.skip_cache_update)
limited = LimitedSupportPackages(update_cache=not args.skip_cache_update)
@@ -100,8 +108,8 @@ for pkg in tracker.iterate_packages():
continue
for issue in tracker.iterate_pkg_issues(pkg):
- status_in_lts = issue.get_status('lts')
- status_in_next_lts = issue.get_status('next_lts')
+ status_in_lts = issue.get_status(RELEASES['lts'])
+ status_in_next_lts = issue.get_status(RELEASES['next_lts'])
if status_in_lts.status in ('not-affected', 'resolved'):
continue
diff --git a/bin/lts-missing-uploads.py b/bin/lts-missing-uploads
index 4c2ef994e2..eb84a234df 100755
--- a/bin/lts-missing-uploads.py
+++ b/bin/lts-missing-uploads
@@ -28,7 +28,8 @@ from debian.debian_support import Version
class LTSMissingUploads(object):
MONTHS = 6
- SOURCES = 'http://security.debian.org/dists/jessie/updates/main/source/Sources.gz'
+ SOURCES = ['http://security.debian.org/dists/stretch/updates/{}/source/Sources.gz'.format(component)
+ for component in ('main', 'contrib', 'non-free')]
re_line = re.compile(
r'(?P<suffix>msg\d+.html).*\[DLA (?P<dla>[\d-]+)\] (?P<source>[^\s]+) security update.*'
@@ -114,14 +115,19 @@ class LTSMissingUploads(object):
return self.parse(url, self.re_version)
def get_sources(self):
- self.info("Downloading Sources from {} ...", self.SOURCES)
+ pkgver = {}
+ for src in self.SOURCES:
+ self.info("Downloading Sources from {} ...", src)
- response = self.session.get(self.SOURCES)
- response.raise_for_status()
+ response = self.session.get(src)
+ response.raise_for_status()
- val = gzip.decompress(response.content).decode('utf-8')
+ val = gzip.decompress(response.content).decode('utf-8')
- return {x['Package']: x['Version'] for x in Sources.iter_paragraphs(val)}
+ for x in Sources.iter_paragraphs(val):
+ pkgver[x['Package']] = x['Version']
+
+ return pkgver
def parse(self, url, pattern):
result = []
diff --git a/bin/lts-needs-forward-port.py b/bin/lts-needs-forward-port.py
index 4277a832bc..06a5630f8f 100755
--- a/bin/lts-needs-forward-port.py
+++ b/bin/lts-needs-forward-port.py
@@ -1,5 +1,4 @@
-#!/usr/bin/python
-# vim: set fileencoding=utf-8 :
+#!/usr/bin/python3
#
# Copyright 2016 Guido Günther <agx@sigxcpu.org>
#
@@ -20,19 +19,25 @@ import argparse
import collections
import sys
-from tracker_data import TrackerData, RELEASES
+from tracker_data import TrackerData
+
+import setup_paths
+import config
+
+lts = config.get_supported_releases()[0]
+next_lts = config.get_supported_releases()[1]
+oldstable = config.get_release_codename('oldstable')
-# lts is currently jessie, next_lts stretch
LIST_NAMES = (
('needs_fix_in_next_lts',
- ('Issues that are unfixed in {next_lts} but fixed in {lts}'
- ).format(**RELEASES)),
+ ('Issues that are unfixed in {} but fixed in {}'
+ ).format(next_lts, lts)),
('needs_review_in_next_lts',
- ('Issues that are no-dsa in {next_lts} but fixed in {lts}'
- ).format(**RELEASES)),
+ ('Issues that are no-dsa in {} but fixed in {}'
+ ).format(next_lts, lts)),
('fixed_via_pu_in_oldstable',
- ('Issues that will be fixed via p-u in {oldstable}'
- ).format(**RELEASES)),
+ ('Issues that will be fixed via p-u in {}'
+ ).format(oldstable)),
)
@@ -55,8 +60,8 @@ def main():
for pkg in tracker.iterate_packages():
for issue in tracker.iterate_pkg_issues(pkg):
- status_in_lts = issue.get_status('lts')
- status_in_next_lts = issue.get_status('next_lts')
+ status_in_lts = issue.get_status(lts)
+ status_in_next_lts = issue.get_status(next_lts)
if status_in_lts.status in ('not-affected', 'open'):
continue
@@ -64,6 +69,7 @@ def main():
if status_in_lts.status == 'resolved':
# Package will be updated via the next oldstable
# point release
+ # FIXME: when lts == oldstable, this should look at the stable pu list
if (issue.name in tracker.oldstable_point_update and
pkg in tracker.oldstable_point_update[issue.name]):
add_to_list('fixed_via_pu_in_oldstable', pkg, issue)
diff --git a/bin/mass-bug-filer b/bin/mass-bug-filer
index 0c1d3d9dec..6b559a5e99 100755
--- a/bin/mass-bug-filer
+++ b/bin/mass-bug-filer
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
from __future__ import print_function
import sys
diff --git a/bin/merge-cve-files b/bin/merge-cve-files
new file mode 100755
index 0000000000..36dee7acd5
--- /dev/null
+++ b/bin/merge-cve-files
@@ -0,0 +1,151 @@
+#!/usr/bin/python3
+#
+# Merge a separate CVE file (such as data/next-point-update.txt) back into
+# the main one.
+#
+# Copyright © 2020 Emilio Pozuelo Monfort <pochu@debian.org>
+# Copyright (c) 2021-2022 Neil Williams <codehelp@debian.org>
+
+import os
+import sys
+
+import setup_paths # noqa
+from debian_support import internRelease
+from sectracker.parsers import (
+ Bug,
+ cvelist,
+ writecvelist,
+ PackageAnnotation,
+ FlagAnnotation,
+ StringAnnotation,
+ XrefAnnotation
+)
+
+def merge_notes(bug, notes):
+ """
+ Special support for StringAnnotations.
+
+ notes is a dict containing a list of string annotations for
+ each CVE in the file being merged. Pick out the string annotations
+ for this bug, ignore if already exist, append if new.
+ """
+ new_notes = []
+ cve = bug.header.name
+ merge_list = notes.get(cve) # list of notes to merge
+ if not merge_list:
+ # nothing to merge
+ return bug
+ tagged_notes = [note.description for note in merge_list]
+ bug_notes = [ann.description for ann in bug.annotations if isinstance(ann, StringAnnotation)]
+ # get the list items in tagged_notes which are not in bug_notes
+ new_strings = list(set(tagged_notes) - set(bug_notes))
+ if not new_strings:
+ return bug
+ for new_ann in merge_list:
+ if new_ann.description in new_strings:
+ new_notes.append(new_ann)
+ bug_list = list(bug.annotations)
+ bug_list.extend(new_notes)
+ mod_bug = Bug(
+ bug.file, bug.header, tuple(bug_list)
+ )
+ return mod_bug
+
+
+def merge_annotations(annotations, new_annotation):
+ if not isinstance(new_annotation, PackageAnnotation):
+ raise NotImplementedError(f"unsupported annotation of type {new_annotation.type} (line {new_annotation.line})")
+
+ annotations = list(annotations)
+
+ annotations_for_pkg = [ann for ann in annotations \
+ if isinstance(ann, PackageAnnotation) \
+ and ann.package == new_annotation.package]
+ if not annotations_for_pkg:
+ if new_annotation.release:
+ raise ValueError(f"new annotation for {new_annotation.package}/{new_annotation.release} "
+ "but there is no annotation for sid")
+ # new package, add it at the top
+ for idx, annotation in enumerate(annotations):
+ if isinstance(annotation, FlagAnnotation) \
+ or isinstance(annotation, XrefAnnotation):
+ continue
+
+ annotations.insert(idx, new_annotation)
+ return annotations
+
+
+ # append/substitute the new one at the right place
+ for idx, annotation in enumerate(annotations):
+ if not isinstance(annotation, PackageAnnotation) \
+ or annotation.package != new_annotation.package:
+ continue
+
+ # if the annotation is for the same package/release, replace it
+ if annotation.package == new_annotation.package \
+ and annotation.release == new_annotation.release:
+ annotations[idx] = new_annotation
+ break
+
+ # if the next annotation's release is the same, we continue to replace
+ # it in the next iteration. otherwise if we found the right place, we
+ # insert the new annotation
+ next_annotation = annotations[idx + 1] if len(annotations) > (idx + 1) else None
+ if next_annotation and isinstance(next_annotation, PackageAnnotation) \
+ and next_annotation.package == new_annotation.package \
+ and internRelease(new_annotation.release) <= internRelease(next_annotation.release):
+ continue
+
+ annotations.insert(idx + 1, new_annotation)
+ break
+
+ return annotations
+
+def parse_list(path):
+ data, messages = cvelist(path)
+
+ for m in messages:
+ sys.stderr.write(str(m) + "\n")
+
+ return data
+
+if len(sys.argv) not in (2, 3):
+ print(f"Usage: {os.path.basename(sys.argv[0])} (CVE/list) extra-cve-list")
+ sys.exit(1)
+
+if len(sys.argv) == 3:
+ main_list = sys.argv[1]
+else:
+ main_list = os.path.dirname(__file__) + '/../data/CVE/list'
+
+extra_list = sys.argv[-1]
+
+data = parse_list(main_list)
+extra_data = parse_list(extra_list)
+
+for extra_bug in extra_data:
+ bug = next(bug for bug in data if bug.header.name == extra_bug.header.name)
+
+ notes = {}
+ new_annotations = bug.annotations
+ for extra_annotation in extra_bug.annotations:
+ if isinstance(extra_annotation, FlagAnnotation):
+ continue
+ if isinstance(extra_annotation, StringAnnotation):
+ cve = f"{extra_bug.header.name}"
+ note_tag = notes.setdefault(cve, [])
+ note_tag.append(extra_annotation)
+ continue
+ new_annotations = merge_annotations(new_annotations, extra_annotation)
+
+ bug = bug._replace(annotations=new_annotations)
+ bug = merge_notes(bug, notes)
+ data = [bug if bug.header.name == old_bug.header.name else old_bug for old_bug in data]
+
+with open(main_list, 'w') as f:
+ writecvelist(data, f)
+
+# check for and erase an .xpck file built from the merge
+xpck = f"{extra_list}.xpck"
+if os.path.exists(xpck):
+ os.unlink(xpck)
diff --git a/bin/remove-cve-dist-tags b/bin/remove-cve-dist-tags
new file mode 100755
index 0000000000..18db2a0257
--- /dev/null
+++ b/bin/remove-cve-dist-tags
@@ -0,0 +1,68 @@
+#!/usr/bin/python3
+#
+# Remove no-dsa tags from data/CVE/list
+#
+# Copyright © 2021 Emilio Pozuelo Monfort <pochu@debian.org>
+
+import os.path
+import sys
+
+import setup_paths # noqa
+import config
+from sectracker.parsers import cvelist, writecvelist, PackageAnnotation
+
+
+def keep_annotation(cve, annotation):
+ if not isinstance(annotation, PackageAnnotation):
+ return True
+
+ if cve.header.name in cves and \
+ annotation.release in releases and \
+ annotation.package == package:
+ print(f"removing annotation for {cve.header.name}/{package}/{annotation.release}")
+ return False
+
+ return True
+
+
+def parse_list(path):
+ data, messages = cvelist(path)
+
+ return data
+
+if len(sys.argv) <= 3:
+ # assume there are no CVEs, so nothing to do
+ sys.exit(0)
+
+releases = sys.argv[1].split(",")
+package = sys.argv[2]
+cves = sys.argv[3:]
+
+main_list = os.path.dirname(__file__) + '/../data/CVE/list'
+# check if another file was specified in config, e.g. a ExtendedFile
+
+for release in releases:
+ distconfig = config.get_config()[release]
+ if 'maincvefile' in distconfig:
+ main_list = os.path.dirname(__file__) + '/../' + distconfig['maincvefile']
+
+data = parse_list(main_list)
+new_data = []
+
+for cve in data:
+ annotations = list(
+ annotation
+ for annotation in cve.annotations
+ if keep_annotation(cve, annotation)
+ )
+ cve = cve._replace(annotations=annotations)
+ if not cve.annotations:
+ # this shouldn't happen on a normal CVE file as we're only removing
+ # the dist specific tags, but it may happen in an ExtendFile, in
+ # which case we don't want to keep an empty CVE entry
+ continue
+
+ new_data.append(cve)
+
+with open(main_list, 'w') as f:
+ writecvelist(new_data, f)
diff --git a/bin/report-vuln b/bin/report-vuln
index 7e8f93b506..35d4f3be64 100755
--- a/bin/report-vuln
+++ b/bin/report-vuln
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
#
# generate bug report content/mail for a given package name and a
# number of CVE ids
@@ -9,22 +9,19 @@
#
# export http_proxy if you need to use an http proxy to report bugs
-from __future__ import print_function
-
import argparse
from tempfile import NamedTemporaryFile
-import sys, re, urllib, os
+import os
+import re
+import sys
+from urllib.parse import urlencode
+from urllib.request import urlopen
from textwrap import wrap
temp_id = re.compile('(?:CVE|cve)\-[0-9]{4}-XXXX')
-def setup_path():
- dirname = os.path.dirname
- base = dirname(dirname(os.path.realpath(sys.argv[0])))
- sys.path.insert(0, os.path.join(base, "lib", "python"))
-
def description_from_list(id, pkg='', skip_entries=0):
- setup_path()
+ import setup_paths
import bugs
import debian_support
is_temp = temp_id.match(id)
@@ -57,10 +54,10 @@ def gen_index(ids):
return ret
def http_get(id):
- param = urllib.urlencode({'name' : id})
+ param = urlencode({'name' : id})
resp = ''
try:
- f = urllib.urlopen('https://cve.mitre.org/cgi-bin/cvename.cgi?%s' % param)
+ f = urlopen('https://cve.mitre.org/cgi-bin/cvename.cgi?%s' % param)
resp = f.read()
except Exception as e:
error('on doing HTTP request' + str(e))
@@ -78,7 +75,7 @@ def get_cve(id):
ret = ''
resp = http_get(id)
- for line in resp.rsplit('\n'):
+ for line in resp.decode('utf-8').rsplit('\n'):
if r.match(line):
desc = True
continue
@@ -250,7 +247,7 @@ def main():
if args.mail:
with NamedTemporaryFile(prefix='report-vuln', suffix='.txt') as bugmail:
- bugmail.write(text)
+ bugmail.write(text.encode())
bugmail.flush()
os.system(args.mailer.format(bugmail.name))
else:
diff --git a/lib/python/secmaster.py b/bin/secmaster.py
index f1f17303ee..9ad44ea8e4 100644..100755
--- a/lib/python/secmaster.py
+++ b/bin/secmaster.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
# secmaster -- access to data on security-master.debian.org
# Copyright (C) 2011 Florian Weimer <fw@deneb.enyo.de>
#
@@ -23,6 +23,7 @@ HOST = "seger.debian.org"
import json
import subprocess
+import setup_paths
import debian_support
def listqueue():
diff --git a/bin/setup_paths.py b/bin/setup_paths.py
new file mode 100644
index 0000000000..d2f8194662
--- /dev/null
+++ b/bin/setup_paths.py
@@ -0,0 +1,11 @@
+# inserts lib/python/ into sys.path
+
+import os
+import sys
+
+def setup_path():
+ dirname = os.path.dirname
+ base = dirname(dirname(os.path.realpath(__file__)))
+ sys.path.insert(0, os.path.join(base, "lib", "python"))
+
+setup_path()
diff --git a/bin/show-debsecan b/bin/show-debsecan
index 91286adc86..0352c19e54 100755
--- a/bin/show-debsecan
+++ b/bin/show-debsecan
@@ -1,10 +1,10 @@
-#!/usr/bin/python
+#!/usr/bin/python3
import sys
import apsw
import base64
import zlib
-from cStringIO import StringIO
+from io import StringIO
if len(sys.argv) not in (2, 3):
print("usage: show-debsecan DATABASE-PATH [BLOB-NAME]")
@@ -25,7 +25,7 @@ else: # len(sys.argv) == 3
data = zlib.decompress(data)
# The following has been taken from a debsecan test case.
- data = StringIO(data)
+ data = StringIO(data.decode('utf-8'))
if data.readline() != "VERSION 1\n":
sys.stderr.write("error: server sends data in unknown format\n")
@@ -50,6 +50,6 @@ else: # len(sys.argv) == 3
print("%s,%s,%s" % (package, vuln, rest))
for line in data:
- print(line)
+ print(line.strip())
db.close()
diff --git a/bin/src2bin_text.py b/bin/src2bin_text.py
index 87354b288e..bc83b5fa98 100755
--- a/bin/src2bin_text.py
+++ b/bin/src2bin_text.py
@@ -24,7 +24,7 @@ def joinEN(words):
def filterPkg(bins,rms):
for rm in rms:
bins = filter(lambda x: not x.endswith('-%s' % rm), bins)
- return bins
+ return list(bins)
def getBin(srcPkg):
bins = soappy_query(default_url,'binary_names',source=srcPkg)
diff --git a/bin/support-ended.py b/bin/support-ended.py
index 81235a9954..ba3d522845 100755
--- a/bin/support-ended.py
+++ b/bin/support-ended.py
@@ -1,7 +1,6 @@
-#!/usr/bin/python
-# vim: set fileencoding=utf-8 :
+#!/usr/bin/python3
#
-# Copyright 2016 Guido Günther <agx@sigxcpu.org>
+# Copyright 2016 Guido Günther <agx@sigxcpu.org>
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -30,9 +29,10 @@ release_mapping = {
'deb6': ('squeeze', '2016-02-29'),
'deb7': ('wheezy', '2018-05-31'),
'deb8': ('jessie', '2020-06-30'),
+ 'deb9': ('stretch', '2022-06-30'),
# End date not yet fixed
- 'deb9': ('stretch', None),
'deb10': ('buster', None),
+ 'deb11': ('bullseye', None),
}
diff --git a/bin/test-web-server b/bin/test-web-server
index 302a9a1a72..a12751ad4b 100755
--- a/bin/test-web-server
+++ b/bin/test-web-server
@@ -4,7 +4,7 @@ set -e
server_port=10605
ip_address="127.0.0.1"
-service=tracker_service.py
+service=./tracker_service.py
url="http://$ip_address:$server_port/tracker"
bindir="`dirname $0`"
@@ -15,4 +15,4 @@ fi
cd "$bindir"
echo "URL: $url"
-python "$service" "$url" "$ip_address" "$server_port" ../data/security.db || true
+"$service" "$url" "$ip_address" "$server_port" ../data/security.db || true
diff --git a/bin/tracker_data.py b/bin/tracker_data.py
index 13eab0f4b8..863f83e0af 100644
--- a/bin/tracker_data.py
+++ b/bin/tracker_data.py
@@ -21,31 +21,14 @@ import subprocess
import requests
import six
-RELEASES = {
- 'oldoldstable': 'jessie',
- 'oldstable': 'stretch',
- 'stable': 'buster',
- 'testing': 'bullseye',
- 'unstable': 'sid',
- 'experimental': 'experimental',
- # LTS specific aliases
- 'lts': 'jessie',
- 'next_lts': 'stretch',
-}
-
-
-def normalize_release(release):
- if release in RELEASES:
- return RELEASES[release]
- elif release in RELEASES.values():
- return release
- else:
- raise ValueError("Unknown release: {}".format(release))
+import setup_paths # noqa
+from debian_support import PointUpdateParser
class TrackerData(object):
DATA_URL = "https://security-tracker.debian.org/tracker/data/json"
GIT_URL = "https://salsa.debian.org/security-tracker-team/security-tracker.git"
+ CACHED_DATA_DIR = "~/.cache"
CACHED_DATA_PATH = "~/.cache/debian_security_tracker.json"
CACHED_REVISION_PATH = "~/.cache/debian_security_tracker.rev"
GET_REVISION_COMMAND = \
@@ -54,6 +37,7 @@ class TrackerData(object):
def __init__(self, update_cache=True):
self._latest_revision = None
+ self.cached_data_dir = os.path.expanduser(self.CACHED_DATA_DIR)
self.cached_data_path = os.path.expanduser(self.CACHED_DATA_PATH)
self.cached_revision_path = os.path.expanduser(
self.CACHED_REVISION_PATH)
@@ -95,6 +79,9 @@ class TrackerData(object):
self.DATA_URL))
response = requests.get(self.DATA_URL, allow_redirects=True)
response.raise_for_status()
+ # if ~/.cache does not exist, then open() will fail
+ if not os.path.exists(self.cached_data_dir):
+ os.mkdir(self.cached_data_dir, mode=0o700)
with open(self.cached_data_path, 'w') as cache_file:
cache_file.write(response.text)
with open(self.cached_revision_path, 'w') as rev_file:
@@ -141,26 +128,9 @@ class TrackerData(object):
with open(os.path.join(self.DATA_DIR, 'dla-needed.txt'), 'r') as f:
self.dla_needed = self.parse_needed_file(f)
- @classmethod
- def parse_point_update_file(self, inputfile):
- CVE_RE = 'CVE-[0-9]{4}-[0-9X]{4}'
- result = {}
- for line in inputfile:
- res = re.match(CVE_RE, line)
- if res:
- cve = res.group(0)
- result[cve] = {}
- continue
- elif line.startswith('\t['):
- dist, _, pkg, ver = line.split()
- result[cve][pkg] = ver
- return result
-
def load_point_updates(self):
- with open(os.path.join(self.DATA_DIR, 'next-oldstable-point-update.txt'), 'r') as f:
- self.oldstable_point_update = self.parse_point_update_file(f)
- with open(os.path.join(self.DATA_DIR, 'next-point-update.txt'), 'r') as f:
- self.stable_point_update = self.parse_point_update_file(f)
+ self.oldstable_point_update = PointUpdateParser.parseNextOldstablePointUpdate()
+ self.stable_point_update = PointUpdateParser.parseNextPointUpdateStable()
def iterate_packages(self):
"""Iterate over known packages"""
@@ -189,7 +159,6 @@ class Issue(object):
self.data = data
def get_status(self, release):
- release = normalize_release(release)
data = self.data['releases'].get(release)
if data is None:
status = 'not-affected'
diff --git a/bin/tracker_service.py b/bin/tracker_service.py
index d45d83b6a1..4092a58bd9 100755
--- a/bin/tracker_service.py
+++ b/bin/tracker_service.py
@@ -1,14 +1,18 @@
-#!/usr/bin/python
+#!/usr/bin/python3
+import email.utils
+import json
+import os.path
+import re
import sys
-sys.path.insert(0,'../lib/python')
+import time
+
+import setup_paths # noqa
import bugs
-import re
+import config
+import debian_support
import security_db
from web_support import *
-import json
-import time
-import email.utils
if __name__ == "__main__":
if len(sys.argv) not in (3, 5):
@@ -36,7 +40,7 @@ def clean_dict(d):
This alters the input so you may wish to ``copy`` the dict first.
"""
# d.iteritems isn't used as you can't del or the iterator breaks.
- for key, value in d.items():
+ for key, value in list(d.items()):
if value is None:
del d[key]
elif isinstance(value, dict):
@@ -106,10 +110,10 @@ class BugFilter:
return filterlow or filtermed or filterhigh or filterund or filteruni or filteruna or filterend
def remoteFiltered(self, remote):
- filterr = self.params['remote'] and remote and remote is not None
- filterl = self.params['local'] and not remote and remote is not None
- filteru = self.params['unclear'] and remote is None
- return filterr or filterl or filteru
+ filterr = self.params['remote'] and remote and remote is not None
+ filterl = self.params['local'] and not remote and remote is not None
+ filteru = self.params['unclear'] and remote is None
+ return filterr or filterl or filteru
def nodsaFiltered(self, nodsa):
"""Returns True for no DSA issues if filtered."""
@@ -138,21 +142,24 @@ class TrackerService(webservice_base_class):
self.json_data = None # the JSON dump itself
self.json_timestamp = None # timestamp of JSON generation
self.json_last_modified = None
+
+ self.stable_releases = config.get_supported_releases()
+ self.stable_releases.remove(config.get_release_codename('testing'))
+ self.stable_releases.remove('sid')
+ self.stable_releases.reverse()
+
self.register('', self.page_home)
self.register('*', self.page_object)
self.register('redirect/*', self.page_redirect)
self.register('source-package/*', self.page_source_package)
- self.register('status/release/oldoldstable',
- self.page_status_release_oldoldstable)
- self.register('status/release/oldstable',
- self.page_status_release_oldstable)
- self.register('status/release/stable', self.page_status_release_stable)
- self.register('status/release/stable-backports',
- self.page_status_release_stable_backports)
- self.register('status/release/oldstable-backports',
- self.page_status_release_oldstable_backports)
- self.register('status/release/oldoldstable-backports',
- self.page_status_release_oldoldstable_backports)
+
+ for release in self.stable_releases:
+ alias = config.get_release_alias(release)
+ self.register('status/release/' + alias,
+ self.page_status_release_stable_like)
+ self.register('status/release/' + alias + '-backports',
+ self.page_status_release_backports_like)
+
self.register('status/release/testing',
self.page_status_release_testing)
self.register('status/release/unstable',
@@ -181,28 +188,24 @@ class TrackerService(webservice_base_class):
self.register('script.js', self.page_script_js)
def page_style_css(self, path, params, url):
- f=open('../static/style.css', 'r')
- content=f.read()
- f.close()
- return BinaryResult(content,'text/css')
+ with open('../static/style.css', 'r') as f:
+ content=f.read()
+ return BinaryResult(content,'text/css')
def page_logo_png(self, path, params, url):
- f=open('../static/logo.png', 'r')
- content=f.read()
- f.close()
- return BinaryResult(content,'image/png')
+ with open('../static/logo.png', 'rb') as f:
+ content=f.read()
+ return BinaryResult(content,'image/png')
def page_distributions_json(self, path, params, url):
- f=open('../static/distributions.json', 'r')
- content=f.read()
- f.close()
- return BinaryResult(content,'application/json')
+ with open('../static/distributions.json', 'r') as f:
+ content=f.read()
+ return BinaryResult(content,'application/json')
def page_script_js(self, path, params, url):
- f=open('../static/script.js', 'r')
- content=f.read()
- f.close()
- return BinaryResult(content,'text/javascript')
+ with open('../static/script.js', 'r') as f:
+ content=f.read()
+ return BinaryResult(content,'text/javascript')
def page_home(self, path, params, url):
@@ -213,6 +216,16 @@ class TrackerService(webservice_base_class):
else:
return RedirectResult(url.scriptRelativeFull(query))
+ def gen_stable_links():
+ links = []
+ for release in self.stable_releases:
+ alias = config.get_release_alias(release)
+ links.append(('status/release/' + alias,
+ 'Vulnerable packages in the ' + alias + ' suite'))
+ links.append(('status/release/' + alias + '-backports',
+ 'Vulnerable packages in backports for ' + alias))
+ return links
+
return self.create_page(
url, 'Security Bug Tracker',
[P(
@@ -238,23 +251,12 @@ aware of and/or help us improve the quality of this information by """,
NAV(make_menu(
url.scriptRelative,
- ('status/release/unstable',
+ *[('status/release/unstable',
'Vulnerable packages in the unstable suite'),
('status/release/testing',
- 'Vulnerable packages in the testing suite'),
- ('status/release/stable',
- 'Vulnerable packages in the stable suite'),
- ('status/release/stable-backports',
- 'Vulnerable packages in backports for stable'),
- ('status/release/oldstable',
- 'Vulnerable packages in the oldstable suite'),
- ('status/release/oldstable-backports',
- 'Vulnerable packages in backports for oldstable'),
- ('status/release/oldoldstable',
- 'Vulnerable packages in the oldoldstable suite'),
- ('status/release/oldoldstable-backports',
- 'Vulnerable packages in backports for oldoldstable'),
- ('status/dtsa-candidates', "Candidates for DTSAs"),
+ 'Vulnerable packages in the testing suite')]
+ + gen_stable_links() +
+ [('status/dtsa-candidates', "Candidates for DTSAs"),
('status/todo', 'TODO items'),
('status/undetermined', 'Packages that may be vulnerable but need to be checked (undetermined issues)'),
('status/unimportant', 'Packages that have open unimportant issues'),
@@ -273,7 +275,7 @@ aware of and/or help us improve the quality of this information by """,
'Covered Debian releases and architectures'),
('data/json',
'All information in JSON format')
- )),
+ ])),
self.make_search_button(url),
P("""(You can enter CVE names, Debian bug numbers and package
@@ -406,7 +408,7 @@ data source.""")],
", ",
self.make_web_search_bug_ref(url, bug.name, 'web search'),
", ",
- A(url.absolute('http://oss-security.openwall.org/wiki/vendors'), 'more'),
+ A(url.absolute('https://oss-security.openwall.org/wiki/vendors'), 'more'),
")")
elif source == 'DSA':
source_xref = self.make_dsa_ref(url, bug.name, 'Debian')
@@ -483,15 +485,15 @@ data source.""")],
def gen_data():
notes_sorted = bug.notes[:]
- notes_sorted.sort(lambda a, b: cmp(a.package, b.package))
+ notes_sorted.sort(key=lambda n: (n.package, n.release or debian_support.internRelease('sid')))
for n in notes_sorted:
if n.release:
rel = str(n.release)
else:
rel = '(unstable)'
urgency = str(n.urgency)
- if urgency == 'end-of-life':
- urgency = self.make_purple('end-of-life')
+ if urgency == 'end-of-life':
+ urgency = self.make_purple('end-of-life')
if n.fixed_version:
ver = str(n.fixed_version)
if ver == '0':
@@ -515,7 +517,7 @@ data source.""")],
bugs = n.bugs
bugs.sort()
bugs = make_list(
- map(lambda x: self.make_debian_bug(url, x), bugs))
+ list(map(lambda x: self.make_debian_bug(url, x), bugs)))
if n.bug_origin:
origin = self.make_xref(url, n.bug_origin)
else:
@@ -615,6 +617,12 @@ question about how things work, don't be afraid to ask, we would like
to improve our documentation and procedures, so feedback is welcome.""")])])
def page_source_package(self, path, params, url):
+ if path == ():
+ return self.create_page(
+ url, "Object not found",
+ [P("No source package was provided.")],
+ status=404)
+
pkg = path[0]
data = security_db.getBugsForSourcePackage(self.db.cursor(), pkg)
@@ -693,8 +701,8 @@ to improve our documentation and procedures, so feedback is welcome.""")])])
replacement='No known security announcements.')
])
- def page_status_release_stable_oldstable_oldoldstable(self, release, params, url):
- assert release in ('stable', 'oldstable', 'oldoldstable',)
+ def page_status_release_stable_like(self, path, params, url):
+ release = os.path.basename(url.path_info)
bf = BugFilter(params)
@@ -704,7 +712,8 @@ to improve our documentation and procedures, so feedback is welcome.""")])])
self.db.cursor().execute(
"""SELECT package, bug, section, urgency, vulnerable, remote, no_dsa, no_dsa_reason
FROM %s_status
- WHERE (bug LIKE 'CVE-%%' OR bug LIKE 'TEMP-%%')""" % release):
+ WHERE (bug LIKE 'CVE-%%' OR bug LIKE 'TEMP-%%')
+ ORDER BY package, bug COLLATE version""" % release):
if bf.urgencyFiltered(urgency, vulnerable):
continue
if bf.remoteFiltered(remote):
@@ -750,15 +759,6 @@ to improve our documentation and procedures, so feedback is welcome.""")])])
for this vulnerability.'''),
self.nvd_text])
- def page_status_release_stable(self, path, params, url):
- return self.page_status_release_stable_oldstable_oldoldstable('stable', params, url)
- def page_status_release_oldstable(self, path, params, url):
- return self.page_status_release_stable_oldstable_oldoldstable('oldstable',
- params, url)
- def page_status_release_oldoldstable(self, path, params, url):
- return self.page_status_release_stable_oldstable_oldoldstable('oldoldstable',
- params, url)
-
def page_status_release_testing(self, path, params, url):
bf = BugFilter(params)
@@ -769,7 +769,8 @@ to improve our documentation and procedures, so feedback is welcome.""")])])
in self.db.cursor().execute(
"""SELECT package, bug, section, urgency, vulnerable,
unstable_vulnerable, testing_security_fixed, remote, no_dsa
- FROM testing_status"""):
+ FROM testing_status
+ ORDER BY package, bug COLLATE version"""):
if bf.urgencyFiltered(urgency, vulnerable):
continue
if bf.remoteFiltered(remote):
@@ -832,7 +833,7 @@ to improve our documentation and procedures, so feedback is welcome.""")])])
FROM source_package_status AS st, source_packages AS sp
WHERE st.vulnerable AND sp.rowid = st.package
AND sp.release = ? AND sp.subrelease = ''
- ORDER BY sp.name, st.bug_name""", (rel,)):
+ ORDER BY sp.name, st.bug_name COLLATE version""", (rel,)):
if bf.urgencyFiltered(urgency, vulnerable):
continue
if bf.remoteFiltered(remote):
@@ -878,24 +879,14 @@ to improve our documentation and procedures, so feedback is welcome.""")])])
title='Vulnerable source packages in the unstable suite',
rel='sid')
- def page_status_release_stable_backports(self, path, params, url):
- return self.page_status_release_unstable_like(
- path, params, url,
- title='Vulnerable source packages among backports for stable',
- rel='buster-backports')
+ def page_status_release_backports_like(self, path, params, url):
+ release = os.path.basename(url.path_info)
+ release = release.split("-")[0]
- def page_status_release_oldstable_backports(self, path, params, url):
return self.page_status_release_unstable_like(
path, params, url,
- title='Vulnerable source packages among backports for oldstable',
- rel='stretch-backports')
-
- def page_status_release_oldoldstable_backports(self, path, params, url):
- return self.page_status_release_unstable_like(
- path, params, url,
- title='Vulnerable source packages among backports for oldoldstable',
- rel='jessie-backports')
-
+ title='Vulnerable source packages among backports for ' + release,
+ rel=config.get_release_codename(release, '-backports'))
def page_status_dtsa_candidates(self, path, params, url):
bf = BugFilter(params,nonodsa=True,noignored=True,nopostponed=True)
@@ -909,18 +900,19 @@ to improve our documentation and procedures, so feedback is welcome.""")])])
(SELECT testing.version_id < stable.version_id
FROM source_packages AS testing, source_packages AS stable
WHERE testing.name = testing_status.package
- AND testing.release = 'bullseye'
+ AND testing.release = ?
AND testing.subrelease = ''
AND testing.archive = testing_status.section
AND stable.name = testing_status.package
- AND stable.release = 'buster'
+ AND stable.release = ?
AND stable.subrelease = 'security'
AND stable.archive = testing_status.section),
(SELECT range_remote FROM nvd_data
WHERE cve_name = bug)
FROM testing_status
WHERE (NOT unstable_vulnerable)
- AND (NOT testing_security_fixed)"""):
+ AND (NOT testing_security_fixed)""",
+ (config.get_release_codename('testing'), config.get_release_codename('stable'))):
if bf.urgencyFiltered(urgency, vulnerable):
continue
if bf.remoteFiltered(remote):
@@ -994,16 +986,15 @@ checker to find out why they have not entered testing yet."""),
old_pkg = ''
old_dsc = ''
last_displayed = ''
- releases = ('sid', 'bullseye', 'buster', 'stretch', 'jessie')
+ releases = config.get_supported_releases()
for (pkg_name, bug_name, release, desc) in self.db.cursor().execute(
"""SELECT DISTINCT sp.name, st.bug_name, sp.release,
bugs.description
FROM source_package_status AS st, source_packages AS sp, bugs
WHERE st.vulnerable == 2 AND sp.rowid = st.package
- AND ( sp.release = ? OR sp.release = ? OR sp.release = ?
- OR sp.release = ? OR sp.release = ? )
+ AND sp.release IN (""" + ",".join("?" * len(releases)) + """)
AND sp.subrelease = '' AND st.bug_name == bugs.name
- ORDER BY sp.name, st.bug_name""", releases):
+ ORDER BY sp.name, st.bug_name COLLATE version""", releases):
if old_bug == '':
old_bug = bug_name
@@ -1039,16 +1030,16 @@ checker to find out why they have not entered testing yet."""),
old_dsc = ''
old_name = ''
last_displayed = ''
- releases = ('sid', 'bullseye', 'buster', 'stretch', 'jessie')
+ releases = config.get_supported_releases()
for (pkg_name, bug_name, release, desc) in self.db.cursor().execute(
"""SELECT DISTINCT sp.name, st.bug_name, sp.release,
bugs.description
FROM source_package_status AS st, source_packages AS sp, bugs
WHERE st.vulnerable > 0 AND sp.rowid = st.package
- AND ( sp.release = ? OR sp.release = ? OR sp.release = ?
- OR sp.release = ? OR sp.release = ? ) AND st.urgency == 'unimportant'
+ AND sp.release IN (""" + ",".join("?" * len(releases)) + """)
+ AND st.urgency == 'unimportant'
AND sp.subrelease = '' AND st.bug_name == bugs.name
- ORDER BY sp.name, st.bug_name""", releases):
+ ORDER BY sp.name, st.bug_name COLLATE version""", releases):
if old_bug == '':
old_bug = bug_name
@@ -1129,7 +1120,7 @@ package which is no longer in the archive."""),
AND n.bug_origin = ''
AND sp.name = n.package
AND sp.version LIKE '%:%'
- ORDER BY bug_name, package"""):
+ ORDER BY bug_name COLLATE version, package"""):
if bug == old_bug:
bug = ''
else:
@@ -1325,8 +1316,9 @@ Debian bug number.'''),
urgency = defaultdict(lambda: defaultdict(dict))
nodsa = defaultdict(lambda: defaultdict(dict))
nodsa_reason = defaultdict(lambda: defaultdict(dict))
- supported_releases = ('sid', 'bullseye', 'buster', 'stretch', 'jessie')
- for (pkg, issue, desc, debianbug, release, subrelease, db_version, db_fixed_version, db_status, db_urgency, db_remote, db_nodsa, db_nodsa_reason) in self.db.cursor().execute(
+ next_point_update = defaultdict(lambda: defaultdict(set))
+ supported_releases = config.get_supported_releases()
+ for (pkg, issue, desc, debianbug, release, subrelease, db_version, db_fixed_version, db_status, db_urgency, db_remote, db_nodsa, db_nodsa_reason, db_next_point_update) in self.db.cursor().execute(
"""SELECT sp.name, st.bug_name,
(SELECT cve_desc FROM nvd_data
WHERE cve_name = st.bug_name),
@@ -1346,12 +1338,13 @@ Debian bug number.'''),
AND nd.bug_name = st.bug_name) AS nodsa,
(SELECT reason FROM package_notes_nodsa AS nd
WHERE nd.package = sp.name AND nd.release = sp.release
- AND nd.bug_name = st.bug_name) AS nodsa_reason
+ AND nd.bug_name = st.bug_name) AS nodsa_reason,
+ (SELECT next_point_update.release as next_point_update_release FROM next_point_update
+ WHERE st.bug_name=next_point_update.cve_name) AS next_point_update_release
FROM source_package_status AS st, source_packages AS sp, bugs
WHERE sp.rowid = st.package AND st.bug_name = bugs.name
AND ( st.bug_name LIKE 'CVE-%' OR st.bug_name LIKE 'TEMP-%' )
- AND ( sp.release = ? OR sp.release = ? OR sp.release = ?
- OR sp.release = ? OR sp.release = ? )
+ AND sp.release IN (""" + ",".join("?" * len(supported_releases)) + """)
ORDER BY sp.name, st.bug_name, sp.release, sp.subrelease""" , supported_releases):
### to ease debugging...:
@@ -1377,6 +1370,8 @@ Debian bug number.'''),
fixed_version[pkg][issue][repository] = db_fixed_version
status[pkg][issue][repository] = db_status
urgency[pkg][issue][repository] = db_urgency
+ if db_next_point_update:
+ next_point_update[pkg][issue].add(db_next_point_update)
if str(db_nodsa) != 'None':
nodsa[pkg][issue][repository] = db_nodsa
if str(db_nodsa_reason) != 'None':
@@ -1434,6 +1429,12 @@ Debian bug number.'''),
suite_nodsa = nodsa[pkg][issue][repository]
if repository in nodsa_reason[pkg][issue]:
suite_nodsa_reason = nodsa_reason[pkg][issue][repository]
+ if pkg in next_point_update and \
+ issue in next_point_update[pkg] and \
+ release in next_point_update[pkg][issue]:
+ suite_next_point_update = True
+ else:
+ suite_next_point_update = None
for repository in repositories[pkg][issue]:
for suffix in ('','-security','-lts'):
subrelease=release+suffix
@@ -1444,7 +1445,9 @@ Debian bug number.'''),
"fixed_version" : suite_fixed_version,
"urgency": suite_urgency,
"nodsa": suite_nodsa,
- "nodsa_reason": suite_nodsa_reason}
+ "nodsa_reason": suite_nodsa_reason,
+ "next_point_update": suite_next_point_update
+ }
clean_dict(suites[release])
pkg_issue = { "description": description,
"debianbug": debianbug,
@@ -1487,9 +1490,9 @@ Debian bug number.'''),
append(FOOTER(P(A(url.scriptRelative(""), "Home"),
" - ", A(url.absolute("https://www.debian.org/security/"),
"Debian Security"),
- " - ", A(url.absolute("https://salsa.debian.org/security-tracker-team/security-tracker/blob/master/bin/tracker_service.py"),
- "Source"),
- " ", A(url.absolute("https://salsa.debian.org/security-tracker-team/security-tracker"), "(Git)"),
+ " - ", A(url.absolute("https://salsa.debian.org/security-tracker-team/security-tracker/blob/master/bin/tracker_service.py"),
+ "Source"),
+ " ", A(url.absolute("https://salsa.debian.org/security-tracker-team/security-tracker"), "(Git)"),
)))
if search_in_page:
on_load = "selectSearch()"
@@ -1609,12 +1612,12 @@ Debian bug number.'''),
return A(url.scriptRelative(name), name)
def make_xref_list(self, url, lst, separator=', '):
- return make_list(map(lambda x: self.make_xref(url, x), lst), separator)
+ return make_list(list(map(lambda x: self.make_xref(url, x), lst)), separator)
def make_debian_bug(self, url, debian):
return A(self.url_debian_bug(url, debian), str(debian))
def make_debian_bug_list(self, url, lst):
- return make_list(map(lambda x: self.make_debian_bug(url, x), lst))
+ return make_list(list(map(lambda x: self.make_debian_bug(url, x), lst)))
def make_cve_ref(self, url, cve, name=None):
if name is None:
@@ -1746,7 +1749,7 @@ Debian bug number.'''),
return SPAN(contents, _class="yellow")
def make_purple(self, contents):
- return SPAN(contents, _class="purple")
+ return SPAN(contents, _class="purple")
def make_green(self, contents):
return SPAN(contents, _class="green")
diff --git a/bin/unsupported_packages.py b/bin/unsupported_packages.py
index 8cbced4ee0..0f68305c67 100644
--- a/bin/unsupported_packages.py
+++ b/bin/unsupported_packages.py
@@ -49,7 +49,7 @@ class UnsupportedPackages(DebSecSupport):
URL = "https://salsa.debian.org/debian/debian-security-support/raw/master/security-support-ended.deb{}"
CACHED_DATA_PATH = "~/.cache/security-support-ended.deb{}"
- def __init__(self, debian_version=7, update_cache=True):
+ def __init__(self, debian_version, update_cache=True):
self.debian_version = debian_version
self.url = self.URL.format(self.debian_version)
diff --git a/bin/update-db b/bin/update-db
index 000ee00606..46368096ba 100755
--- a/bin/update-db
+++ b/bin/update-db
@@ -1,24 +1,10 @@
-#!/usr/bin/python
+#!/usr/bin/python3
from __future__ import print_function
import os
-import os.path
-import string
import sys
-def setup_paths():
- check_file = 'lib/python/debian_support.py'
- path = os.getcwd()
- while 1:
- if os.path.exists("%s/%s" % (path, check_file)):
- sys.path = [path + '/lib/python'] + sys.path
- return path
- idx = string.rfind(path, '/')
- if idx == -1:
- raise ImportError("could not setup paths")
- path = path[0:idx]
-os.chdir(setup_paths())
-
+import setup_paths
import bugs
import debian_support
import security_db
diff --git a/bin/update-nvd b/bin/update-nvd
index 9a07e78887..6573b9139f 100755
--- a/bin/update-nvd
+++ b/bin/update-nvd
@@ -1,27 +1,14 @@
-#!/usr/bin/python
+#!/usr/bin/python3
-import os
import os.path
-import string
import sys
-def setup_paths():
- check_file = 'lib/python/debian_support.py'
- path = os.getcwd()
- while 1:
- if os.path.exists("%s/%s" % (path, check_file)):
- sys.path = [path + '/lib/python'] + sys.path
- return path
- idx = string.rfind(path, '/')
- if idx == -1:
- raise ImportError("could not setup paths")
- path = path[0:idx]
-os.chdir(setup_paths())
-
+import setup_paths
import nvd
import security_db
-db_file = 'data/security.db'
+base = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
+db_file = os.path.join(base, 'data/security.db')
db = security_db.DB(db_file)
incremental = False
@@ -39,7 +26,7 @@ for name in sys.argv[1:]:
deduplicate = {}
for x in data:
deduplicate[x[0]] = x
-data = deduplicate.values()
+data = list(deduplicate.values())
data.sort()
cursor = db.writeTxn()
diff --git a/bin/update-vuln b/bin/update-vuln
new file mode 100755
index 0000000000..f6f93f2e46
--- /dev/null
+++ b/bin/update-vuln
@@ -0,0 +1,369 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+ update-vuln - #1001453
+
+ - mark a given released suite (stable/oldstable/LTS) as <not-affected>
+ for a specific CVE ID
+ - add a bug number to an existing CVE entry
+ - add a NOTE: entry to an existing CVE
+
+Only make one change to one CVE at a time. Review and merge that
+change and delete the merged file before updating the same CVE.
+
+The workflow would be:
+./bin/update-vuln --cve CVE-YYYY-NNNNN ...
+# on exit zero:
+./bin/merge-cve-files ./CVE-YYYY-NNNNN.list
+# review change to data/CVE/list
+git diff data/CVE/list
+rm ./CVE-YYYY-NNNNN.list
+# .. repeat
+git add data/CVE/list
+git commit
+
+"""
+# Copyright 2021-2022 Neil Williams <codehelp@debian.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+import os
+import argparse
+import bisect
+import logging
+import sys
+
+import setup_paths # noqa # pylint: disable=unused-import
+from sectracker.parsers import (
+ PackageAnnotation,
+ PackageBugAnnotation,
+ StringAnnotation,
+ Bug,
+ cvelist,
+ writecvelist,
+)
+
+# pylint: disable=line-too-long
+
+
+class ParseUpdates:
+ """
+ Update a CVE with requested changes and produce a file for
+ manual review and use with merge-cve-files.
+ """
+
+ def __init__(self):
+ self.cves = []
+ self.bugs = {}
+ self.marker = "aaaaaaaaaaaaa" # replacement for NoneType to always sort first
+ self.logger = logging.getLogger("update-vuln")
+ self.logger.setLevel(logging.DEBUG)
+ # console logging
+ ch_log = logging.StreamHandler()
+ ch_log.setLevel(logging.DEBUG)
+ formatter = logging.Formatter("%(name)s - %(levelname)s - %(message)s")
+ ch_log.setFormatter(formatter)
+ self.logger.addHandler(ch_log)
+
+ def _read_cvelist(self):
+ """Build a list of Bug items for the CVE from data/CVE/list"""
+ os.chdir(os.path.dirname(os.path.dirname(os.path.realpath(__file__))))
+ data, _ = cvelist("data/CVE/list") # pylint: disable=no-value-for-parameter
+ for cve in self.cves:
+ for bug in data:
+ if bug.header.name == cve:
+ self.bugs[cve] = bug
+
+ def _add_annotation_to_cve(self, cve, annotation):
+ """
+ Adds an annotation to a CVE entry.
+
+ StringAnnotation - appended to the end
+ PackageAnnotation - inserted in alphabetical order by release
+
+ Accounts for PackageAnnotation.release == None for unstable.
+ """
+ if isinstance(annotation, PackageAnnotation):
+ store = {ann.release: ann for ann in self.bugs[cve].annotations if isinstance(ann, PackageAnnotation)}
+ store[annotation.release] = annotation
+ # this is needed despite python3 >= 3.7 having ordered dicts
+ # because using the dict.keys() would need a copy of that list anyway.
+ existing = [ann.release for ann in self.bugs[cve].annotations if isinstance(ann, PackageAnnotation)]
+ if None in existing:
+ # release == None for unstable
+ index = existing.index(None)
+ existing[index] = self.marker
+ insertion = annotation.release if annotation.release else self.marker
+
+ # bisect cannot work with NoneType
+ bisect.insort(existing, insertion)
+
+ if self.marker in existing:
+ index = existing.index(self.marker)
+ existing[index] = None
+
+ bug_list = []
+ for item in existing:
+ bug_list.append(store[item])
+
+ elif isinstance(annotation, StringAnnotation):
+ bug_list = list(self.bugs[cve].annotations)
+ bug_list.append(annotation)
+ else:
+ raise ValueError(f"Unsupported annotation type: {type(annotation)}")
+
+ return Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
+
+ def _replace_annotation_on_line(self, cve, line, mod_line):
+ index = self.bugs[cve].annotations.index(line)
+ bug_list = list(self.bugs[cve].annotations)
+ bug_list[index] = mod_line
+ return Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(bug_list))
+
+ def write_modified(self, modified, cve_file):
+ """
+ Write out a CVE snippet for review and merge
+
+ Fails if the file already exists.
+ """
+ if not modified:
+ return 0
+ if not isinstance(modified, list):
+ return 0
+ if os.path.exists(cve_file):
+ self.logger.critical(
+ "%s already exists - merge the update and remove the file first.",
+ cve_file,
+ )
+ return -1
+ for cve in modified:
+ self.logger.info("Writing to ./%s with update for %s", cve_file, cve.header.name)
+ with open(cve_file, "a") as snippet:
+ writecvelist(modified, snippet)
+ return 0
+
+ def mark_not_affected(self, suite, src, description):
+ """
+ Writes out a CVE file snippet with the filename:
+ ./<cve>.list
+ Fails if the file already exists.
+ """
+ release = suite
+ if suite in ("unstable", "sid"):
+ # special handling for unstable
+ suite = None
+ release = "unstable"
+ modified = []
+ cve = self.cves[0]
+ cve_file = f"{cve}.list"
+ existing = [line.release for line in self.bugs[cve].annotations if isinstance(line, PackageAnnotation)]
+ if suite not in existing:
+ # line type release package kind version description flags
+ line = PackageAnnotation(0, "package", suite, src, "not-affected", None, description, [])
+ mod_bug = self._add_annotation_to_cve(cve, line)
+ modified.append(mod_bug)
+ for line in self.bugs[cve].annotations:
+ if not isinstance(line, PackageAnnotation):
+ continue # skip notes etc.
+ if line.release != suite:
+ continue
+ if line.package != src:
+ continue
+ # need to define the allowed changes
+ # if fixed, version would need to be undone too.
+ if line.kind == "not-affected":
+ self.logger.info("Nothing to do for %s in %s.", cve, suite)
+ return
+ mod_line = line._replace(kind="not-affected")
+ self.logger.info("Modified %s for %s in %s to <not-affected>", cve, src, release)
+ if mod_line.version:
+ self.logger.info("Removing version %s", line.version)
+ ver_line = mod_line
+ mod_line = ver_line._replace(version=None)
+ if description:
+ self.logger.info("Replacing description %s", line.description)
+ desc_line = mod_line
+ mod_line = desc_line._replace(description=description)
+ elif mod_line.description:
+ self.logger.info("Removing description %s", line.description)
+ desc_line = mod_line
+ mod_line = desc_line._replace(description=None)
+ # removing a bug annotation is not covered, yet.
+ mod_bug = self._replace_annotation_on_line(cve, line, mod_line)
+ modified.append(mod_bug)
+ self.write_modified(modified, cve_file)
+
+ def add_note(self, note):
+ """
+ Writes out a CVE file snippet with the filename:
+ ./<cve>.list
+ Fails if the file already exists.
+ """
+ # use _add_annotation_to_cve to add the note
+ modified = []
+ cve = self.cves[0]
+ cve_file = f"{cve}.list"
+ existing = [note.description for note in self.bugs[cve].annotations if isinstance(note, StringAnnotation)]
+ if note in existing:
+ self.logger.info("Note already exists, ignoring")
+ return
+ new_note = StringAnnotation(line=0, type="NOTE", description=note)
+ mod_bug = self._add_annotation_to_cve(cve, new_note)
+ modified.append(mod_bug)
+ self.write_modified(modified, cve_file)
+
+ def add_bug_number(self, bug, itp=False): # pylint: disable=too-many-locals
+ """
+ Writes out a CVE file snippet with the filename:
+ ./<cve>.list
+ Fails if the file already exists.
+ """
+ # bugs only apply to unstable (or itp)
+ modified = []
+ cve = self.cves[0]
+ cve_file = f"{cve}.list"
+ existing = [
+ pkg.flags
+ for pkg in self.bugs[cve].annotations
+ if isinstance(pkg, PackageAnnotation)
+ if not pkg.release and pkg.kind != "removed"
+ ]
+ bugs = [bug for sublist in existing for bug in sublist]
+ if bugs:
+ self.logger.warning("%s already has a bug annotation for unstable: %s", cve, bugs[0].bug)
+ return -1
+ pkgs = [
+ pkg
+ for pkg in self.bugs[cve].annotations
+ if isinstance(pkg, PackageAnnotation)
+ if not pkg.release and pkg.kind != "removed"
+ ]
+ if itp:
+ # no useful entry will exist in pkgs
+ new_flags = [PackageBugAnnotation(bug)]
+ new_pkg = PackageAnnotation(
+ 0,
+ "package",
+ None,
+ itp,
+ "itp",
+ None,
+ None,
+ new_flags,
+ )
+ others = []
+ else:
+ if not pkgs:
+ self.logger.error("%s does not have a package annotation.", cve)
+ return -1
+ old_pkg = pkgs[0]
+ if itp and old_pkg.kind == "fixed":
+ self.logger.error("%s is already marked as <fixed> but --itp flag was set.", cve)
+ return -3
+ new_flags = [PackageBugAnnotation(bug)]
+ new_pkg = PackageAnnotation(
+ old_pkg.line,
+ old_pkg.type,
+ old_pkg.release,
+ old_pkg.package,
+ old_pkg.kind,
+ old_pkg.version,
+ old_pkg.description,
+ new_flags,
+ )
+ bug_list = list(self.bugs[cve].annotations)
+ others = [pkg for pkg in bug_list if pkg.line != old_pkg.line]
+ bug_list = list(self.bugs[cve].annotations)
+ # may need to retain the original order.
+ new_list = [new_pkg] + others
+ mod_bug = Bug(self.bugs[cve].file, self.bugs[cve].header, tuple(new_list))
+ modified.append(mod_bug)
+ self.write_modified(modified, cve_file)
+ return 0
+
+ def load_cve(self, cve):
+ """Load all data for the specified CVE"""
+ self.logger.info("Loading data for %s...", cve)
+ self.cves.append(cve)
+ self._read_cvelist()
+
+
+def main():
+ """
+ This script does NOT reparse the output file - create, review and
+ merge ONE update at a time.
+ (For some operations, check-new-issues may be more suitable).
+
+ For example, --bug 100 --itp intended_pkg_name
+ then, merge-cve-list, then:
+ --note "URL:"
+ """
+ parser = argparse.ArgumentParser(
+ description="Make a single update to specified CVE data as not-affected, add bug number or add a note",
+ usage="%(prog)s [-h] --cve CVE [--src SRC --suite SUITE "
+ "[--description DESCRIPTION]] | [[--number NUMBER] [--itp SRC]] | [--note NOTE]",
+ epilog="Data is written to a new <cve_number>.list "
+ "file which can be used with './bin/merge-cve-files'. "
+ "Make sure the output file is merged and removed before "
+ "updating the same CVE again.",
+ )
+
+ required = parser.add_argument_group("Required arguments")
+ required.add_argument("--cve", required=True, help="The CVE ID to update")
+
+ affected = parser.add_argument_group(
+ "Marking a CVE as not-affected - must use --src and --suite "
+ "Optionally add a description or omit to remove the current description"
+ )
+ # needs to specify the src_package as well as suite to cope with removed etc.
+ affected.add_argument("--src", help="Source package name in SUITE")
+ affected.add_argument("--suite", default="unstable", help="Mark the CVE as <not-affected> in SUITE")
+ affected.add_argument(
+ "--description",
+ help="Optional description of why the SRC is unaffected in SUITE",
+ )
+
+ buggy = parser.add_argument_group("Add a bug number to the CVE")
+ buggy.add_argument("--number", help="Debian BTS bug number")
+ buggy.add_argument(
+ "--itp",
+ metavar="SRC",
+ help="Mark as an ITP bug for the specified source package name",
+ )
+
+ notes = parser.add_argument_group("Add a NOTE: entry to the CVE")
+ notes.add_argument("--note", help="Content of the NOTE: entry to add to the CVE")
+
+ args = parser.parse_args()
+ parser = ParseUpdates()
+ parser.load_cve(args.cve)
+
+ logger = logging.getLogger("update-vuln")
+ if not parser.bugs:
+ logger.critical("Unable to parse CVE ID %s", args.cve)
+ return -1
+ if args.src and args.suite:
+ parser.mark_not_affected(args.suite, args.src, args.description)
+ if args.note:
+ parser.add_note(args.note)
+ if args.number:
+ # to set itp properly, the source package name also needs to be set.
+ parser.add_bug_number(args.number, args.itp)
+ return 0
+
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/check-external/unknown-packages.py b/check-external/unknown-packages.py
index 63f30f4914..094d1d88ae 100755
--- a/check-external/unknown-packages.py
+++ b/check-external/unknown-packages.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
import urllib2
import SOAPpy
import os
diff --git a/check-external/update.sh b/check-external/update.sh
index 8121eadcbd..8ad1660d03 100755
--- a/check-external/update.sh
+++ b/check-external/update.sh
@@ -58,7 +58,7 @@ check_list cve.list
# or as specified at the individual html files or elsewhere on cve.mitre.org's website
for vendor in SUSE DEBIAN GENTOO FEDORA REDHAT UBUNTU; do
wget -N http://cve.mitre.org/data/refs/refmap/source-$vendor.html
- sed -rn '/CVE-[12][0-9]{3}-/{s/^.+>(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\1/;p}' source-$vendor.html |
+ sed -rn "/CVE-[12][0-9]{3}-/{s/^.+>($vendor:)?(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\2/;p}" source-$vendor.html |
sort -u > $vendor.list
check_list $vendor.list
done
diff --git a/conf/cvelist.el b/conf/cvelist.el
index fa8b16c6da..0242d4fca5 100644
--- a/conf/cvelist.el
+++ b/conf/cvelist.el
@@ -1,32 +1,110 @@
-;; Major mode for Debian's CVE list
-;; currently only does some syntax highlighting
-;;
-;; Can be enabled via
-;;
-;; (autoload 'debian-cvelist-mode "cvelist.el"
-;; "Major mode for debian CVE lists" t)
-;; (setq auto-mode-alist
-;; (cons '("list" . debian-cvelist-mode) auto-mode-alist))
+;;; cvelist --- Major mode for Debian's CVE list
+;;;
+;;; Commentary:
+;;; only useful for security-tracker-team/security-tracker.git's data/CVE/list
+;;;
+;;; Code:
+;;; Guido Günther
+;;; Moritz Muehlenhoff
+;;; Sébastien Delafond
+;;;
+;;; Can be enabled via:
+;;;
+;;; (autoload 'debian-cvelist-mode "cvelist.el"
+;;; "Major mode for debian CVE lists" t)
+;;; (setq auto-mode-alist
+;;; (cons '("list" . debian-cvelist-mode) auto-mode-alist))
+(setq last-nfu "")
+(setq bugnum "")
+
+; TODO: Tab completion for existing NFUs
(defun debian-cvelist-insert-not-for-us ()
- "Insert NOT-FOR-US keyword"
+ "Insert NOT-FOR-US keyword."
+ (setq last-nfu (read-string "Name of software: " last-nfu))
(interactive)
- (insert "\tNOT-FOR-US: "))
+ (beginning-of-line)
+ (kill-whole-line)
+ (insert "\tNOT-FOR-US: " last-nfu "\n" ))
(defun debian-cvelist-insert-note ()
- "Insert NOTE comment"
+ "Insert NOTE comment."
(interactive)
(insert "\tNOTE: "))
+(defun debian-cvelist-insert-bug ()
+ "Add bugnumber to end of line."
+ (setq bugnum (read-string "Bug number (without #): " bugnum))
+ (interactive)
+ (end-of-line)
+ (insert " (bug #" bugnum ")" ))
+
+; TODO: Read supported distros from central config and prompt for applicable suites
+(defun debian-cvelist-insert-nodsa ()
+ "Insert no-dsa comment based on the current source entry."
+ (interactive)
+ (setq reason (read-string "Reason for no-dsa: " "Minor issue"))
+ (setq srcpkg (thing-at-point 'filename))
+ (next-line)
+ (beginning-of-line)
+ (insert (concat "\t[buster] - " srcpkg " <no-dsa> (" reason ")\n" )))
+
+(defun debian-cvelist-insert-postponed ()
+ "Insert postponed comment based on the current source entry."
+ (interactive)
+ (setq reason (read-string "Reason for postponed: " "Minor issue, fix along with next update"))
+ (setq srcpkg (thing-at-point 'filename))
+ (next-line)
+ (beginning-of-line)
+ (insert (concat "\t[buster] - " srcpkg " <postponed> (" reason ")\n" )))
+
+; TODO: Read supported distros from central config and prompt for applicable suites
+(defun debian-cvelist-insert-not-affected ()
+ "Insert not-affected comment based on the current source entry."
+ (interactive)
+ (setq reason (read-string "Reason for not-affected: " "Vulnerable code not present"))
+ (setq srcpkg (thing-at-point 'filename))
+ (next-line)
+ (beginning-of-line)
+ (insert (concat "\t[buster] - " srcpkg " <not-affected> (" reason ")\n" )))
+
+; TODO: Parse existing source entries for buffer tab completion
+(defun debian-cvelist-insert-srcentry ()
+ "Insert new source package entry."
+ (interactive)
+ (setq srcpkg (read-string "Source package: " ""))
+ (setq version (read-string "Fixed version: " "<unfixed>"))
+ (next-line)
+ (beginning-of-line)
+ (insert (concat "\t- " srcpkg " " version "\n")))
+
+(defun debian-cvelist-cvesearch ()
+ "Look up a CVE ID at the MITRE website."
+ (interactive)
+ (browse-url (concat "https://www.cve.org/CVERecord?id=" (thing-at-point 'symbol))))
+
+(defun debian-cvelist-ptslookup ()
+ "Look up a package name in Debian Package Tracker."
+ (interactive)
+ (browse-url (concat "https://tracker.debian.org/pkg/" (thing-at-point 'symbol))))
+
(defvar debian-cvelist-mode-map
(let ((map (make-sparse-keymap)))
(define-key map (kbd "C-c C-f") 'debian-cvelist-insert-not-for-us)
(define-key map (kbd "C-c C-n") 'debian-cvelist-insert-note)
+ (define-key map (kbd "C-c C-c") 'debian-cvelist-cvesearch)
+ (define-key map (kbd "C-c C-l") 'debian-cvelist-insert-nodsa)
+ (define-key map (kbd "C-c C-a") 'debian-cvelist-insert-srcentry)
+ (define-key map (kbd "C-c C-x") 'debian-cvelist-insert-not-affected)
+ (define-key map (kbd "C-c C-p") 'debian-cvelist-insert-postponed)
+ (define-key map (kbd "C-c C-b") 'debian-cvelist-insert-bug)
+ (define-key map (kbd "C-c C-p") 'debian-cvelist-ptslookup)
map)
"Keymap for `debian-cvelist-mode'.")
(defvar debian-cvelist-font-lock-keywords
- '(("^CVE-[0-9]\\{4\\}-[0-9X]\\{4,7\\}" (0 font-lock-function-name-face) ;; face for CVE keyword
+ '(("^CVE-[0-9]\\{4\\}-[0-9X]\\{4,7\\}"
+ (0 font-lock-function-name-face) ;; face for CVE keyword
("(\\(.+\\))$" nil nil (1 font-lock-warning-face))) ;; face for the rest of the line
("D[LS]A-[0-9]\\{4,5\\}-[0-9]" . font-lock-function-name-face)
("#[0-9]\\{1,7\\}" . font-lock-type-face)
@@ -35,24 +113,26 @@
("^\t\\(RESERVED\\|NOT-FOR-US\\|REJECTED\\)" . font-lock-keyword-face)
("\\<unfixed\\|undetermined\\>" . font-lock-warning-face)
("\\<end-of-life\\|not-affected\\|no-dsa\\|ignored\\|postponed\\>" . font-lock-constant-face))
- "Keyword highlighting for `debian-cvelist-mode'")
+ "Keyword highlighting for `debian-cvelist-mode'.")
(defun debian-cvelist-is-cve ()
+ "Checks if a current line is a CVE description."
(save-excursion
(beginning-of-line)
(looking-at "[[:space:]]*CVE-")))
(defun debian-cvelist-indent-line ()
- "Indent current line as debian CVE list"
+ "Indent current line as debian CVE list."
(beginning-of-line)
(if (debian-cvelist-is-cve)
(indent-line-to 0)
(indent-line-to 8)))
(define-derived-mode debian-cvelist-mode fundamental-mode "debian-cvelist"
- "A major mode for editing data/CVE/list in the Debian secure-testing repo."
- (setq-local font-lock-defaults '(debian-cvelist-font-lock-keywords nil))
- (setq font-lock-keywords-only t)
+ "A major mode for editing data/CVE/list in the Debian
+ secure-tracker repository."
+ (setq-local font-lock-defaults '(debian-cvelist-font-lock-keywords t))
(setq indent-line-function 'debian-cvelist-indent-line))
(provide 'debian-cvelist)
+;;; cvelist.el ends here
diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index f20ac0a576..d23b8b457b 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -1,13 +1,15 @@
+CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a ...)
+ - glibc 2.2-1
CVE-1999-1598
- RESERVED
+ REJECTED
CVE-1999-1597
- RESERVED
+ REJECTED
CVE-1999-1596
- RESERVED
+ REJECTED
CVE-1999-1595
- RESERVED
+ REJECTED
CVE-1999-1594
- RESERVED
+ REJECTED
CVE-1999-1593 (Windows Internet Naming Service (WINS) allows remote attackers to caus ...)
NOT-FOR-US: Windows
CVE-1999-1592 (Multiple unspecified vulnerabilities in sendmail 5, as installed on Su ...)
diff --git a/data/CVE/2000.list b/data/CVE/2000.list
index db60f5b21e..d795255720 100644
--- a/data/CVE/2000.list
+++ b/data/CVE/2000.list
@@ -4,15 +4,15 @@ CVE-2000-1254 (crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise
CVE-2000-1253
RESERVED
CVE-2000-1252
- RESERVED
+ REJECTED
CVE-2000-1251
- RESERVED
+ REJECTED
CVE-2000-1250
- RESERVED
+ REJECTED
CVE-2000-1249
- RESERVED
+ REJECTED
CVE-2000-1248
- RESERVED
+ REJECTED
CVE-2000-1247 (The default configuration of the jserv-status handler in jserv.conf in ...)
- apache <removed>
CVE-2000-1246 (NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 al ...)
@@ -1022,7 +1022,7 @@ CVE-2000-0486 (Buffer overflow in Cisco TACACS+ tac_plus server allows remote at
NOT-FOR-US: Cisco
CVE-2000-0485 (Microsoft SQL Server allows local users to obtain database passwords v ...)
NOT-FOR-US: Microsoft
-CVE-2000-0484 (Buffer overflow in Small HTTP Server allows remote attackers to cause ...)
+CVE-2000-0484 (Small HTTP Server ver 3.06 contains a memory corruption bug causing a ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0483 (The DocumentTemplate package in Zope 2.2 and earlier allows a remote a ...)
NOT-FOR-US: Data pre-dating the Security Tracker
diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index aa21f783f1..cff8eeeb46 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -4,15 +4,15 @@ CVE-2001-1593 (The tempname_ensure function in lib/routines.h in a2ps 4.14 and e
{DSA-2892-1}
- a2ps 1:4.14-1.2 (low; bug #737385)
CVE-2001-1592
- RESERVED
+ REJECTED
CVE-2001-1591
- RESERVED
+ REJECTED
CVE-2001-1590
- RESERVED
+ REJECTED
CVE-2001-1589
- RESERVED
+ REJECTED
CVE-2001-1588
- RESERVED
+ REJECTED
CVE-2001-1587 (NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows rem ...)
NOT-FOR-US: Novell NetWare
CVE-2001-1586 (Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier ...)
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 9de6ba0658..d32b288e4d 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1,3 +1,5 @@
+CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote attackers (fro ...)
+ NOT-FOR-US: Diffie Hellmann kex protocol issue
CVE-2002-2447
RESERVED
CVE-2002-2446 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite ...)
@@ -8,7 +10,7 @@ CVE-2002-2483
- linux-2.6 2.4.20
CVE-2002-2444 (Snoopy before 2.0.0 has a security hole in exec cURL ...)
- libphp-snoopy <not-affected> (affected version never was in the repo)
- NOTE: http://www.openwall.com/lists/oss-security/2014/07/18/2
+ NOTE: https://www.openwall.com/lists/oss-security/2014/07/18/2
NOTE: http://sourceforge.net/p/snoopy/bugs/13/
CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) ...)
{DSA-2701-1}
@@ -16,11 +18,11 @@ CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637
NOTE: https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
CVE-2002-2442
- RESERVED
+ REJECTED
CVE-2002-2441
- RESERVED
+ REJECTED
CVE-2002-2440
- RESERVED
+ REJECTED
CVE-2002-2439 (Integer overflow in the new[] operator in gcc before 4.8.0 allows atta ...)
- gcc-4.1 <removed>
[squeeze] - gcc-4.1 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
@@ -39,8 +41,7 @@ CVE-2002-2439 (Integer overflow in the new[] operator in gcc before 4.8.0 allows
NOTE: This should be addressed in jessie by getting this fixed in gcc 4.7, so that the archive is
NOTE: properly rebuild with a fixed version from the start
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439
-CVE-2002-2438
- RESERVED
+CVE-2002-2438 (TCP firewalls could be circumvented by sending a SYN Packets with othe ...)
NOT-FOR-US: ancient linux 2.4 issue
CVE-2002-2437 (The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbi ...)
- iceweasel 4.0-1 (unimportant)
@@ -1038,7 +1039,7 @@ CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissi
CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting CI ...)
NOT-FOR-US: Iomega hardware issue
CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in PH ...)
- NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a
+ NOTE: According to https://bugs.php.net/bug.php?id=19881 this only affects a
NOTE: php function that displays the PHP logo and version information. In the bug
NOTE: log the developers seem unwilling to fix this, as it only affects a debug
NOTE: function.
@@ -4178,7 +4179,7 @@ CVE-2002-0186 (Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Se
NOT-FOR-US: Microsoft
CVE-2002-0185 (mod_python version 2.7.6 and earlier allows a module indirectly import ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2002-0184 (Heap-based buffer overflow in sudo before 1.6.6 may allow local users ...)
+CVE-2002-0184 (Sudo before 1.6.6 contains an off-by-one error that can result in a he ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0181 (Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HO ...)
NOT-FOR-US: Data pre-dating the Security Tracker
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index e734f58e33..ad61892565 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,3 +1,9 @@
+CVE-2003-5003
+ RESERVED
+CVE-2003-5002
+ RESERVED
+CVE-2003-5001
+ RESERVED
CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote s ...)
- curl 7.10.7-1
NOTE: https://curl.haxx.se/docs/CVE-2003-1605.html
@@ -8,11 +14,11 @@ CVE-2003-1604 (The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c
- linux-2.6 <not-affected> (Fixed before initial upload of linux-2.6 in Debian)
NOTE: https://marc.info/?l=netfilter-devel&m=106668497403047&w=2
CVE-2003-1602
- RESERVED
+ REJECTED
CVE-2003-1601
- RESERVED
+ REJECTED
CVE-2003-1600
- RESERVED
+ REJECTED
CVE-2003-1599 (PHP remote file inclusion vulnerability in wp-links/links.all.php in W ...)
NOT-FOR-US: WordPress plugin wp-links
CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...)
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index f9799a6afc..3a95f73424 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -12,13 +12,13 @@ CVE-2004-XXXX [base-passwd: sets valid shells for system services]
CVE-2004-2776 (go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary co ...)
NOT-FOR-US: Montitorix
CVE-2004-2775
- RESERVED
+ REJECTED
CVE-2004-2774
- RESERVED
+ REJECTED
CVE-2004-2773
- RESERVED
+ REJECTED
CVE-2004-2772
- RESERVED
+ REJECTED
CVE-2004-2771 (The expand function in fio.c in Heirloom mailx 12.5 and earlier and BS ...)
{DSA-3105-1 DLA-114-1}
- heirloom-mailx 12.5-3.1 (bug #773417)
@@ -568,7 +568,7 @@ CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of servi
CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote attack ...)
NOT-FOR-US: myServer
CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2 build-8848, if ...)
- NOT-FOR-US: VMWare Workstation
+ NOT-FOR-US: VMware Workstation
CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in modules/private_messages/i ...)
NOT-FOR-US: PowerPortal
CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 all ...)
@@ -1809,11 +1809,11 @@ CVE-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to
CVE-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...)
- clamav 0.68.1
CVE-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows rem ...)
- NOT-FOR-US: Mcafee FreeScan
+ NOT-FOR-US: McAfee FreeScan
CVE-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.1 ...)
NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service a ...)
- NOT-FOR-US: Mcafee FreeScan
+ NOT-FOR-US: McAfee FreeScan
CVE-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...)
NOT-FOR-US: Panda ActiveScan
CVE-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...)
@@ -2895,7 +2895,7 @@ CVE-2004-1388 (Format string vulnerability in the gpsd_report function for Berli
CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...)
- apache 1.3.33-3
CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, whic ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain se ...)
- phpgroupware 0.9.16.005-1 (unimportant)
NOTE: path disclosure only, path is known on Debian anyway
@@ -6187,7 +6187,7 @@ CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag whe
CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote attackers to c ...)
- libapache-mod-python 2:2.7.10
CVE-2004-0095 (McAfee ePolicy Orchestrator agent allows remote attackers to cause a d ...)
- NOT-FOR-US: mcafee
+ NOT-FOR-US: McAfee
CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote attackers to c ...)
{DSA-443}
- xfree86 4.2.1-6
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 290ad63d67..d5b0e08cad 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -1,3 +1,5 @@
+CVE-2005-10001
+ RESERVED
CVE-2005-3590 (The getgrouplist function in the GNU C library (glibc) before version ...)
- glibc 2.3.5-3
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=661
@@ -17,11 +19,11 @@ CVE-2005-XXXX [more related to CVE-2005-4890]
CVE-2005-4895 (Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools bef ...)
- google-perftools 0.7-1
CVE-2005-4894
- RESERVED
+ REJECTED
CVE-2005-4893
- RESERVED
+ REJECTED
CVE-2005-4892
- RESERVED
+ REJECTED
CVE-2005-4891 (Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL inje ...)
NOT-FOR-US: Simple Machine Forum (SMF)
CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo ...)
@@ -30,7 +32,8 @@ CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and
[lenny] - shadow <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008
- sudo 1.7.4p4 (low; bug #657784)
- NOTE: sudo might be fixed earlier, use_pty present in stable
+ NOTE: sudo might be fixed earlier, use_pty present in stable. Only since 1.9.6-1~exp2
+ NOTE: use_pty is added to default configuration.
CVE-2005-4889 (lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of ...)
- rpm 4.7.0-1 (bug #584257; unimportant)
NOTE: Marking as unimportant since rpm isn't used as a package manager
@@ -754,7 +757,7 @@ CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause
- bzflag 2.0.6.20060412-1 (bug #345245; low)
[sarge] - bzflag <no-dsa> (Minor DoS against a game)
CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware ESX Se ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2005-4582 (Electric Sheep 2.6.3 does not require authentication or integrity chec ...)
- electricsheep 2.6.3+cvs20051206-1 (unimportant)
NOTE: Even an authenticated server might serve unwanted content, so
@@ -1027,7 +1030,7 @@ CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 a
CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ea ...)
NOT-FOR-US: Beehive Forum
CVE-2005-4459 (Heap-based buffer overflow in the NAT networking components vmnat.exe ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly ...)
NOT-FOR-US: Metadot Portal Server
CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote attacker ...)
@@ -2901,7 +2904,7 @@ CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 2.0.2
CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface f ...)
NOT-FOR-US: VMware ESX
CVE-2005-3618 (Cross-site request forgery (CSRF) vulnerability in the management inte ...)
- NOT-FOR-US: VMWare ESX
+ NOT-FOR-US: VMware ESX
CVE-2005-3617
RESERVED
CVE-2005-3616
@@ -3094,9 +3097,9 @@ CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
NOT-FOR-US: Antville
CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remo ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows l ...)
- linux-2.6 2.6.14-1 (low)
- kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced later)
@@ -3718,7 +3721,7 @@ CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in comersus_backoffice_s
CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0 ...)
NOT-FOR-US: AhnLab
CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 al ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authenticati ...)
NOT-FOR-US: Splatt Forum
CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 al ...)
@@ -4523,7 +4526,7 @@ CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 U
NOT-FOR-US: HP Tru64
CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...)
- ncompress <not-affected> (bug #329052; unimportant)
- NOTE: see bug close message, Debian's ncompress doesn't expose affected scripts
+ NOTE: see bug close message, Debian's ncompress doesn't expose affected scripts
CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...)
{DSA-843-1}
- arc 5.21m-1 (low)
@@ -4663,7 +4666,7 @@ CVE-2005-2941
CVE-2005-2940 (Unquoted Windows search path vulnerability in Microsoft Antispyware 1. ...)
NOT-FOR-US: Microsoft Antispyware
CVE-2005-2939 (Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2005-2938 (Unquoted Windows search path vulnerability in iTunesHelper.exe in iTun ...)
NOT-FOR-US: iTunes
CVE-2005-2937
@@ -4993,7 +4996,7 @@ CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 an
{DSA-809-1}
- squid 2.5.10-5 (medium)
CVE-2005-2795
- RESERVED
+ REJECTED
CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to c ...)
{DSA-809-3 DSA-809-1}
- squid 2.5.10-5 (medium)
@@ -5176,7 +5179,7 @@ CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE
NOT-FOR-US: ISS
CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 allo ...)
{DSA-826-1}
- NOTE: see http://www.open-security.org/advisories/13
+ NOTE: see http://www.open-security.org/advisories/13
- helix-player 1.0.6-1 (bug #330364; high)
CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 al ...)
{DSA-1018-1 DSA-1017-1}
@@ -5725,7 +5728,7 @@ CVE-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain ro
{DSA-815-1}
- kdebase 4:3.4.2-3 (bug #327039; medium)
CVE-2005-2493
- RESERVED
+ REJECTED
CVE-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allow ...)
- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular Expressi ...)
@@ -7129,7 +7132,7 @@ CVE-2005-1927
CVE-2005-1926
RESERVED
CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...)
- NOT-FOR-US: Tikiwiki
+ - tikiwiki <removed>
CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote a ...)
NOT-FOR-US: External Squirrelmail plugin not packaged in Debian
CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, an ...)
@@ -8147,20 +8150,21 @@ CVE-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a al
CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass auth ...)
NOT-FOR-US: DMail
CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions i ...)
- {DSA-4692-1}
+ {DSA-4692-1 DLA-2234-1}
- qmail 1.03-38
- netqmail 1.06-6.2
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large amo ...)
- {DSA-4692-1}
+ {DSA-4692-1 DLA-2234-1}
- qmail 1.03-38
- netqmail 1.06-6.2
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when run ...)
- {DSA-4692-1}
+ {DSA-4692-1 DLA-2234-1}
- qmail 1.03-38
- netqmail 1.06-6.2
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/16/2
CVE-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the b ...)
- mozilla-firefox 1.0.4-1
CVE-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...)
@@ -10154,7 +10158,7 @@ CVE-2005-0598 (The RealServer RealSubscriber on Cisco devices running Applicatio
CVE-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...)
NOT-FOR-US: Cisco
CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon cra ...)
- NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037
+ NOTE: Fixed in CVS after 4.3.4 release; see https://bugs.php.net/bug.php?id=27037
- php4 4:4.3.8-1
CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to ...)
NOT-FOR-US: BadBlue
@@ -10620,7 +10624,7 @@ CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in
CVE-2005-0395
REJECTED
CVE-2005-0394
- RESERVED
+ REJECTED
CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, w ...)
{DSA-733-1}
- crip 3.5-1sarge2 (low)
@@ -11064,7 +11068,7 @@ CVE-2005-0202 (Directory traversal vulnerability in the true_path function in pr
CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a socket ...)
- dbus 0.22
CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ngIRC ...)
NOT-FOR-US: ngIRCd
CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Labe ...)
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index cef1eacf1a..f092ad18c3 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -6,7 +6,7 @@ CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia fo
CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in jem ...)
NOT-FOR-US: NetBSD/FreeBSD libc
CVE-2006-7251
- RESERVED
+ REJECTED
CVE-2006-7250 (The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t ...)
{DSA-2454-1}
- openssl 1.0.0h-1
@@ -1936,7 +1936,7 @@ CVE-2006-6412
CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows r ...)
NOT-FOR-US: Linksys
CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local use ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to ...)
NOT-FOR-US: F-Secure
CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote attac ...)
@@ -2848,7 +2848,7 @@ CVE-2006-5992
CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts CactuShop all ...)
NOT-FOR-US: CactuShop
CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allo ...)
{DSA-1247-1}
- libapache-mod-auth-kerb 5.3-1 (low; bug #400589)
@@ -14082,7 +14082,7 @@ CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.
CVE-2006-1054
REJECTED
CVE-2006-1053
- RESERVED
+ REJECTED
CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows ...)
{DSA-1184-2}
- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
@@ -14353,7 +14353,7 @@ CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::A
CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...)
- php5 <removed> (bug #368545; unimportant)
- php4 <removed> (bug #368545; unimportant)
- NOTE: is this really a vulnerability in pear? it seems it should be a bug
+ NOTE: is this really a vulnerability in pear? it seems it should be a bug
NOTE: in any application not checking for such archives.
NOTE: Lack of a security feature is not a vulnerability
CVE-2006-0930 (Directory traversal vulnerability in Webmail in ArGoSoft Mail Server P ...)
@@ -14538,7 +14538,7 @@ CVE-2006-0851 (SQL injection vulnerability in the forum module of ilchClan 1.05g
CVE-2006-0850 (SQL injection vulnerability in include/includes/user/login.php in ilch ...)
NOT-FOR-US: ilchClan
CVE-2006-0849
- RESERVED
+ REJECTED
CVE-2006-0848 (The "Open 'safe' files after downloading" option in Safari on Apple Ma ...)
NOT-FOR-US: Apple Safari
CVE-2006-0847 (Directory traversal vulnerability in the staticfilter component in Che ...)
@@ -14790,7 +14790,7 @@ CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors, a
{DSA-1103 DSA-1097-1}
- linux-2.6 2.6.15-8
CVE-2006-0740
- RESERVED
+ REJECTED
CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial of serv ...)
NOT-FOR-US: eStara SIP softphone
CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone allow r ...)
@@ -16472,9 +16472,9 @@ CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in Inte
CVE-2006-0018
REJECTED
CVE-2006-0017
- RESERVED
+ REJECTED
CVE-2006-0016
- RESERVED
+ REJECTED
CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll ...)
NOT-FOR-US: Microsoft
CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote a ...)
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index be8232b6c5..3a8985e71a 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,5 @@
+CVE-2007-20001 (StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustio ...)
+ NOT-FOR-US: StarWind
CVE-2007-6763 (SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, w ...)
NOT-FOR-US: SAS Drug Development (SDD)
CVE-2007-6762 (In the Linux kernel before 2.6.20, there is an off-by-one bug in net/n ...)
@@ -32,11 +34,11 @@ CVE-2007-6750 (The Apache HTTP Server 1.x and 2.x allows remote attackers to cau
- apache <removed> (medium; bug #533662)
[lenny] - apache2 <no-dsa> (Minor issue)
CVE-2007-6749
- RESERVED
+ REJECTED
CVE-2007-6748
- RESERVED
+ REJECTED
CVE-2007-6747
- RESERVED
+ REJECTED
CVE-2007-6746 (telepathy-idle before 0.1.15 does not verify (1) that the issuer is a ...)
- telepathy-idle 0.1.15-1 (low; bug #706094)
[wheezy] - telepathy-idle <no-dsa> (Minor issue)
@@ -1917,8 +1919,8 @@ CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0
- mysql-dfsg-4.1 <removed>
CVE-2007-5968
REJECTED
-CVE-2007-5967
- RESERVED
+CVE-2007-5967 (A flaw in Mozilla's embedded certificate code might allow web sites to ...)
+ NOT-FOR-US: Historic Mozilla issue
CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in ...)
{DSA-1436-1}
- linux-2.6 2.6.23-2
@@ -2095,7 +2097,7 @@ CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function i
CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms co ...)
NOTE: Apparently a dupe of CVE-2007-4659 due to temporary revoke of the patch
NOTE: from CVS and later re-introduction
- NOTE: http://bugs.php.net/bug.php?id=41561
+ NOTE: https://bugs.php.net/bug.php?id=41561
CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...)
{DSA-1444-1}
- php5 5.2.5-1 (bug #453295)
@@ -4209,7 +4211,7 @@ CVE-2007-5004 (Integer overflow in CA (Computer Associates) BrightStor ARCserve
CVE-2007-5003 (Multiple stack-based buffer overflows in CA (Computer Associates) Brig ...)
NOT-FOR-US: CA ARCserve Backup
CVE-2007-5002
- RESERVED
+ REJECTED
CVE-2007-5001 (Linux kernel before 2.4.21 allows local users to cause a denial of ser ...)
- linux-2.6 <not-affected> (RedHat/RHEL3 specific patch only)
CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ...)
@@ -4475,7 +4477,7 @@ CVE-2007-4893 (wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpr
CVE-2007-4892 (Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8 ...)
NOT-FOR-US: Plesk (Windows)
CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer]
- - libwmf <unfixed> (unimportant)
+ - libwmf <unfixed> (unimportant)
- racket 5.0.2-1 (unimportant; bug #601525)
NOTE: Only present in one of the sample pl-scheme packages (plot)
- libgd2 2.0.35.dfsg-3
@@ -7239,7 +7241,7 @@ CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Moz
- xulrunner 1.8.1.5-1 (high)
NOTE: MFSA2007-18
CVE-2007-3733
- RESERVED
+ REJECTED
CVE-2007-3732 (In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc cal ...)
- linux-2.6 2.6.23-1
NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1)
@@ -7663,7 +7665,7 @@ CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1
- wordpress 2.2.1-1
[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0 ...)
- NOT-FOR-US: Pluxml
+ - pluxml <undetermined>
CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 a ...)
NOT-FOR-US: Kurinton sHTTPd
CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in r ...)
@@ -7820,7 +7822,7 @@ CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c
CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics Libra ...)
{DSA-1613-1}
- libgd2 2.0.35.dfsg-1 (low)
- - libwmf <unfixed> (unimportant)
+ - libwmf <unfixed> (unimportant)
- racket 5.0.2-1 (unimportant; bug #601525)
NOTE: Only present in one of the sample pl-scheme packages (plot)
NOTE: CPU consumption DoS
@@ -7927,7 +7929,7 @@ CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attacker
CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and earl ...)
NOT-FOR-US: Pharmacy System
CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml 0 ...)
- NOT-FOR-US: Pluxml
+ - pluxml <undetermined>
CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio Cap ...)
NOT-FOR-US: Dagger
CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...)
@@ -11663,7 +11665,7 @@ CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 thro
- tomcat5.5 5.5.17-1 (low)
- tomcat4 <removed> (low)
CVE-2007-1857
- RESERVED
+ REJECTED
CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure p ...)
- cron <not-affected> (Debian uses proper permission scheme)
CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_cl ...)
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 62b48f5c87..605b8fb349 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -1,3 +1,5 @@
+CVE-2008-10001
+ RESERVED
CVE-2008-7321 (The tubepress plugin before 1.6.5 for WordPress has XSS. ...)
NOT-FOR-US: tubepress plugin for WordPress
CVE-2008-7320 (** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ...)
@@ -25,7 +27,7 @@ CVE-2008-7315 (UI-Dialog 1.09 and earlier allows remote attackers to execute arb
[wheezy] - libui-dialog-perl <no-dsa> (Minor issue)
[squeeze] - libui-dialog-perl <no-dsa> (Minor issue)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=107364
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/08/2
CVE-2008-7314 (mIRC before 6.35 allows attackers to cause a denial of service (crash) ...)
NOT-FOR-US: mIRC
CVE-2008-7313 (The _httpsrequest function in Snoopy allows remote attackers to execut ...)
@@ -42,15 +44,15 @@ CVE-2008-7310 (Spree 0.2.0 does not properly restrict the use of a hash to provi
CVE-2008-7309 (Insoshi before 20080920 does not properly restrict the use of a hash t ...)
NOT-FOR-US: Insoshi
CVE-2008-7308
- RESERVED
+ REJECTED
CVE-2008-7307
- RESERVED
+ REJECTED
CVE-2008-7306
- RESERVED
+ REJECTED
CVE-2008-7305
- RESERVED
+ REJECTED
CVE-2008-7304
- RESERVED
+ REJECTED
CVE-2008-7303 (The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do ...)
NOT-FOR-US: Apple Mac OS X
CVE-2008-7302 (SQL injection vulnerability in netinvoice.php in the nBill (com_netinv ...)
@@ -761,7 +763,7 @@ CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unk
CVE-2008-7003 (Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alp ...)
NOT-FOR-US: The Rat CMS
CVE-2008-7002 (PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...)
- - php5 (unimportant)
+ - php5 <removed> (unimportant)
NOTE: safe-mode and basedir violations not treated as security issues
CVE-2008-7001 (Unrestricted file upload vulnerability in the file manager in Creative ...)
NOT-FOR-US: Creative Mind Creator CMS
@@ -2630,7 +2632,7 @@ CVE-2008-6097 (Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog b
CVE-2008-6096 (Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS ...)
NOT-FOR-US: Juniper NetScreen ScreenOS
CVE-2008-6095 (Cross-site scripting (XSS) vulnerability in surveillanceView.htm in Op ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2008-6094 (Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technol ...)
NOT-FOR-US: Celoxis Technologies Celoxis
CVE-2008-6093 (SQL injection vulnerability in index.php in Noname CMS 1.0, when magic ...)
@@ -3898,7 +3900,7 @@ CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the RFC822
[etch] - uw-imap <not-affected> (Vulnerable code not present)
- alpine 2.02-3.1 (low)
[lenny] - alpine <no-dsa> (Minor issue)
- [squeeze] - alpine 2.00+dfsg-6+squeeze1
+ [squeeze] - alpine 2.00+dfsg-6+squeeze1
CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla Fi ...)
{DSA-1707-1}
- iceweasel 3.0.5-1
@@ -3924,7 +3926,7 @@ CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before
[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next round
CVE-2008-5509
- RESERVED
+ REJECTED
CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
@@ -5089,9 +5091,9 @@ CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login (wrg_a
CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a conn ...)
- libvirt 0.4.6-10
CVE-2008-5085
- RESERVED
+ REJECTED
CVE-2008-5084
- RESERVED
+ REJECTED
CVE-2008-5083 (In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security ...)
NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) componen ...)
@@ -5429,7 +5431,7 @@ CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1)
CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and ...)
NOT-FOR-US: VMware Workstation
CVE-2008-4916 (Unspecified vulnerability in a guest virtual device driver in VMware W ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and ...)
NOT-FOR-US: VMware Workstation
CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401- ...)
@@ -6701,7 +6703,7 @@ CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage before
CVE-2008-4393 (Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery ...)
NOT-FOR-US: VeriSign Kontiki
CVE-2008-4392 (dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultane ...)
- - djbdns <removed> (high; bug #516394)
+ - djbdns 1:1.05-10 (high; bug #516394)
CVE-2008-4391 (Stack-based buffer overflow in the SetSource method in the NetCamPlaye ...)
NOT-FOR-US: Cisco Linksys WVC54GC
CVE-2008-4390 (The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 s ...)
@@ -6890,7 +6892,7 @@ CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin
CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FT ...)
NOT-FOR-US: FlashGet FTP
CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 ...)
NOT-FOR-US: Libra File Manager
CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute arbitr ...)
@@ -6978,13 +6980,13 @@ CVE-2008-4283 (CRLF injection vulnerability in the WebContainer component in IBM
CVE-2008-4282
RESERVED
CVE-2008-4281 (Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-20 ...)
- NOT-FOR-US: VMWare ESXi
+ NOT-FOR-US: VMware ESXi
CVE-2008-4280
RESERVED
CVE-2008-4279 (The CPU hardware emulation for 64-bit guest operating systems in VMwar ...)
NOT-FOR-US: VMware Workstation
CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displ ...)
- NOT-FOR-US: VMWare VirtualCenter
+ NOT-FOR-US: VMware VirtualCenter
CVE-2008-4277
REJECTED
CVE-2008-4276
@@ -8935,7 +8937,7 @@ CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subs
CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux ...)
NOT-FOR-US: rc.sysinit on Fedora
CVE-2008-3523
- RESERVED
+ REJECTED
CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in libjasper/base/ja ...)
{DSA-2080-1}
- jasper 1.900.1-5.1 (medium; bug #501021)
@@ -9468,8 +9470,8 @@ CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion dur
{DSA-1631-1 DTSA-158-1}
- libxml2 2.6.32.dfsg-3 (medium)
- chromium-browser 5.0.375.29~r46008-1
-CVE-2008-3280
- RESERVED
+CVE-2008-3280 (It was found that various OpenID Providers (OPs) had TLS Server Certif ...)
+ NOT-FOR-US: Historic OpenID issues
CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...)
- brltty <not-affected> (RedHat-specific)
CVE-2008-3278 (frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Lin ...)
@@ -9698,7 +9700,7 @@ CVE-2008-XXXX [libetpan NULL deref]
CVE-2008-XXXX [XSS in press-this of wordpress]
- wordpress <not-affected> (Vulnerable code not present)
NOTE: this code was never present in a released wordpress version
- NOTE: http://www.openwall.com/lists/oss-security/2008/07/15/5
+ NOTE: https://www.openwall.com/lists/oss-security/2008/07/15/5
CVE-2008-3224 (Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and ...)
- phpbb3 3.0.2-1 (low)
- phpbb2 <not-affected> (Vulnerable code not present)
@@ -10914,7 +10916,7 @@ CVE-2008-2686 (webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier all
NOT-FOR-US: Flux CMS
CVE-2008-XXXX [insecure tempfile in wdiff]
- wdiff 0.5-18 (low; bug #425254)
- [etch] - wdiff <no-dsa> (Minor issue)
+ [etch] - wdiff <no-dsa> (Minor issue)
CVE-2008-2719 (Off-by-one error in the ppscan function (preproc.c) in Netwide Assembl ...)
- nasm 2.03.01-1 (low; bug #486715)
[etch] - nasm <not-affected> (vulnerable code not present)
@@ -10931,7 +10933,7 @@ CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attacker
CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, ...)
- fetchmail 6.3.9~rc2-1 (unimportant)
[etch] - fetchmail 6.3.6-1etch3
- NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1
+ NOTE: https://www.openwall.com/lists/oss-security/2008/06/13/1
NOTE: -vv is only used for debugging purposes so this does not
NOTE: prevent a victim from getting mails. -vv is not used in non-interactive
NOTE: use.
@@ -11011,7 +11013,7 @@ CVE-2008-2662 (Multiple integer overflows in the rb_str_buf_append function in R
CVE-2008-2661
RESERVED
CVE-2008-2660
- RESERVED
+ REJECTED
CVE-2008-2659
RESERVED
CVE-2008-2658
@@ -11250,8 +11252,7 @@ CVE-2008-2546
REJECTED
CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sens ...)
NOT-FOR-US: Skype
-CVE-2008-2544
- RESERVED
+CVE-2008-2544 (Mounting /proc filesystem via chroot command silently mounts it in rea ...)
- linux <unfixed> (unimportant)
NOTE: non-issue, cf. https://bugzilla.redhat.com/show_bug.cgi?id=449089#c22
CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and As ...)
@@ -11617,7 +11618,7 @@ CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby b
{DSA-1618-1 DSA-1612-1}
- ruby1.9 1.9.0.2-2
- ruby1.8 1.8.7.22-2
- NOTE: http://www.openwall.com/lists/oss-security/2008/07/02/3
+ NOTE: https://www.openwall.com/lists/oss-security/2008/07/02/3
CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on ...)
- vsftpd <not-affected> (debian versions all include the fix)
CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.3 ...)
@@ -12223,7 +12224,7 @@ CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0
{DSA-1819-1 DTSA-132-1}
- vlc 0.8.6.e-2.2 (low; bug #480724)
NOTE: https://trac.videolan.org/vlc/ticket/1578
- NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
CVE-2008-6339
REJECTED
CVE-2008-2112 (Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and r ...)
@@ -12272,7 +12273,7 @@ CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (
NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 ...)
- NOT-FOR-US: Vmware ESX/i
+ NOT-FOR-US: VMware ESX/i
CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers ...)
NOT-FOR-US: BackLinkSpider
CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook (com_flip ...)
@@ -12780,7 +12781,7 @@ CVE-2008-1880 (The default configuration of Firebird before 2.0.3.12981.0-r6 on
NOTE: on debian after the installation firebird2.0-super is disabled, to enable it
NOTE: you need to call dpkg-reconfigure
CVE-2008-1879
- RESERVED
+ REJECTED
CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have ...)
- egroupware 1.4.004-2.dfsg-1 (bug #476977)
CVE-2008-1876 (PHP remote file inclusion vulnerability in index.php in VisualPic 0.3. ...)
@@ -14303,7 +14304,7 @@ CVE-2008-1240 (LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey befo
- xulrunner 1.8.1.13-1
- iceape 1.1.9-1
CVE-2008-1239
- RESERVED
+ REJECTED
CVE-2008-1238 (Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when gener ...)
{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
- iceweasel 2.0.0.13-1
@@ -15142,7 +15143,7 @@ CVE-2008-0887 (gnome-screensaver before 2.22.1, when a remote authentication ser
CVE-2008-0886
REJECTED
CVE-2008-0885
- RESERVED
+ REJECTED
CVE-2008-0884 (The Replace function in the capp-lspp-config script in the (1) lspp-ea ...)
NOT-FOR-US: Red Hat Enterprise Linux
NOTE: Seems Redhat specific
@@ -15304,7 +15305,7 @@ CVE-2008-0983 (lighttpd 1.4.18, and possibly other versions before 1.5.0, does n
- lighttpd 1.4.18-2 (medium; bug #466663)
CVE-2008-0883 (acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite ...)
NOT-FOR-US: Adobe Acrobat Reader
- NOTE: http://www.openwall.com/lists/oss-security/2008/02/21/5
+ NOTE: https://www.openwall.com/lists/oss-security/2008/02/21/5
CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan M ...)
NOT-FOR-US: LookStrike Lan Manager
CVE-2008-0802 (SQL injection vulnerability in index.php in the MediaSlide (com_medias ...)
@@ -16124,9 +16125,10 @@ CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the
NOTE: but not with arbitrary contents.
CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...)
- apache <removed> (unimportant)
- - apache2 <unfixed> (unimportant)
+ - apache2 2.2.22-8 (unimportant)
NOTE: This is only relevant if an attacker can upload files with arbitrary names
NOTE: but not with arbitrary contents.
+ NOTE: https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2012-2687
CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web contro ...)
NOT-FOR-US: Skype
CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe allo ...)
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 0a315da66c..08d3154472 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -1,3 +1,5 @@
+CVE-2009-20001 (An issue was discovered in MantisBT before 2.24.5. It associates a uni ...)
+ - mantis <removed>
CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Int ...)
NOT-FOR-US: Invision Power Board
CVE-2009-5158 (The google-analyticator plugin before 5.2.1 for WordPress has insuffic ...)
@@ -142,11 +144,11 @@ CVE-2009-5108
CVE-2009-5107
REJECTED
CVE-2009-5106
- RESERVED
+ REJECTED
CVE-2009-5105
- RESERVED
+ REJECTED
CVE-2009-5104
- RESERVED
+ REJECTED
CVE-2009-5103 (Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP ...)
NOT-FOR-US: ATCOM Netvolution
CVE-2009-5102 (SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 AS ...)
@@ -220,9 +222,9 @@ CVE-2009-5072 (Memory leak in the ldap_explode_dn function in IBM Tivoli Directo
CVE-2009-5071 (Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown i ...)
NOT-FOR-US: Palm WebOS
CVE-2009-5070
- RESERVED
+ REJECTED
CVE-2009-5069
- RESERVED
+ REJECTED
CVE-2009-5068 (There is a file disclosure vulnerability in SMF (Simple Machines Forum ...)
NOT-FOR-US: Simple Machines Forum
CVE-2009-5067 (Directory traversal vulnerability in html2ps before 1.0b6 allows remot ...)
@@ -295,8 +297,8 @@ CVE-2009-5031 (ModSecurity before 2.5.11 treats request parameter values contain
- modsecurity-apache <not-affected> (Fixed before initial upload)
- libapache-mod-security 2.5.12-1
NOTE: https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/2
CVE-2009-5030 (The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allo ...)
{DSA-2629-1}
- openjpeg 1.3+dfsg-4.1 (medium; bug #672455)
@@ -1943,35 +1945,35 @@ CVE-2009-4306 (Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move exte
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2009-4291
- RESERVED
+ REJECTED
CVE-2009-4290
- RESERVED
+ REJECTED
CVE-2009-4289
- RESERVED
+ REJECTED
CVE-2009-4288
- RESERVED
+ REJECTED
CVE-2009-4287
- RESERVED
+ REJECTED
CVE-2009-4286
- RESERVED
+ REJECTED
CVE-2009-4285
- RESERVED
+ REJECTED
CVE-2009-4284
- RESERVED
+ REJECTED
CVE-2009-4283
- RESERVED
+ REJECTED
CVE-2009-4282
- RESERVED
+ REJECTED
CVE-2009-4281
- RESERVED
+ REJECTED
CVE-2009-4280
- RESERVED
+ REJECTED
CVE-2009-4279
- RESERVED
+ REJECTED
CVE-2009-4278
- RESERVED
+ REJECTED
CVE-2009-4277
- RESERVED
+ REJECTED
CVE-2009-4276
REJECTED
CVE-2009-4275
@@ -2688,12 +2690,12 @@ CVE-2009-4024 (Argument injection vulnerability in the ping function in Ping.php
CVE-2009-4111 (Argument injection vulnerability in Mail/sendmail.php in the Mail pack ...)
{DSA-1938-1}
- php-mail 1.1.14-2 (medium; bug #557121)
- [lenny] - php-mail 1.1.14-1+lenny1
+ [lenny] - php-mail 1.1.14-1+lenny1
[etch] - php-mail 1.1.6-2+etch1
CVE-2009-4023 (Argument injection vulnerability in the sendmail implementation of the ...)
{DSA-1938-1}
- php-mail 1.1.14-2 (medium; bug #557121)
- [lenny] - php-mail 1.1.14-1+lenny1
+ [lenny] - php-mail 1.1.14-1+lenny1
[etch] - php-mail 1.1.6-2+etch1
CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...)
{DSA-1961-1}
@@ -3074,7 +3076,7 @@ CVE-2009-3894 (Multiple untrusted search path vulnerabilities in dstat before 0.
[etch] - dstat <no-dsa> (Minor issue)
NOTE: http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
CVE-2009-3893
- RESERVED
+ REJECTED
CVE-2009-3891 (Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ...)
- wordpress 2.8.6-1 (low)
[etch] - wordpress <not-affected> (Vulnerable code not present)
@@ -3634,8 +3636,7 @@ CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem
- kvm 88+dfsg-2 (low; bug #557739)
NOTE: http://bugzilla.redhat.com/531660
NOTE: https://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
-CVE-2009-3721 [ytnef buffer overflow]
- RESERVED
+CVE-2009-3721 (Multiple directory traversal and buffer overflow vulnerabilities were ...)
- ytnef <removed> (bug #567631)
[lenny] - ytnef <no-dsa> (Minor issue)
NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
@@ -3974,7 +3975,7 @@ CVE-2009-3613 (The swiotlb functionality in the r8169 driver in drivers/net/r816
{DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.29-1 (medium)
- linux-2.6.24 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2009/10/15/4
+ NOTE: https://www.openwall.com/lists/oss-security/2009/10/15/4
CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink subsy ...)
{DSA-1929-1 DSA-1928-1 DSA-1927-1}
- linux-2.6 2.6.31-2 (low)
@@ -4251,7 +4252,7 @@ CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before
- linux-2.6.24 <removed> (high)
CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5. ...)
{DSA-1936-1}
- - libwmf <unfixed> (unimportant)
+ - libwmf <unfixed> (unimportant)
- racket 5.0.2-1 (unimportant; bug #601525)
NOTE: Only present in one of the sample pl-scheme packages (plot)
- libgd2 2.0.36~rc1~dfsg-3.1 (medium; bug #552534)
@@ -4857,7 +4858,7 @@ CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote attacker
[lenny] - polipo <no-dsa> (Minor issue)
CVE-2009-3304 (GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbi ...)
{DSA-1945-1}
- - gforge 4.8.2-1
+ - gforge 4.8.2-1
CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GF ...)
{DSA-1937-1}
- gforge 4.8.1-3 (low)
@@ -5884,7 +5885,7 @@ CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28
- tomcat6 <not-affected> (Windows-only)
- tomcat5.5 <not-affected> (Windows-only)
CVE-2009-2900
- RESERVED
+ REJECTED
CVE-2009-2899 (The monitor perl script in the Sybase database plug-in in SpringSource ...)
NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list feature in ...)
@@ -7637,7 +7638,7 @@ CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote att
CVE-2009-2281 (Multiple heap-based buffer underflows in the readPostBody function in ...)
{DSA-1914-1}
- mapserver 5.4.2-1 (medium; bug #535340)
- NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
+ NOTE: https://www.openwall.com/lists/oss-security/2009/06/22/2
CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4 ...)
{DSA-1836-1}
- fckeditor 1:2.6.4.1-1 (medium; bug #536051)
@@ -8037,10 +8038,10 @@ CVE-2009-XXXX [pcsc-lite: creates world-writable directory]
- pcsc-lite 1.5.4-1 (low; bug #533670)
[etch] - pcsc-lite <not-affected> (directory introduced in 1.5.0)
[lenny] - pcsc-lite <not-affected> (directory introduced in 1.5.0)
-CVE-2009-XXXX ["slowloris" denial-of-service vulnerabilty in webservers]
+CVE-2009-XXXX ["slowloris" denial-of-service vulnerability in webservers]
- squid <not-affected>
- squid3 <not-affected>
- NOTE: http://www.squid-cache.org/bugs/show_bug.cgi?id=2694
+ NOTE: https://bugs.squid-cache.org/show_bug.cgi?id=2694
- lighttpd <not-affected>
CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in We ...)
NOT-FOR-US: Webmedia Explorer
@@ -10498,7 +10499,7 @@ CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi
- bugzilla 3.2.4.0-1 (low; bug #514143)
[etch] - bugzilla <no-dsa> (Minor issue)
[lenny] - bugzilla <no-dsa> (Minor issue)
- NOTE: should this really be considered minor? see fedora bug and FSA:
+ NOTE: should this really be considered minor? See fedora bug and FSA:
NOTE: - https://bugzilla.redhat.com/show_bug.cgi?id=494398
NOTE: - https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html
CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the Precis ...)
@@ -11177,11 +11178,9 @@ CVE-2009-0950 (Stack-based buffer overflow in Apple iTunes before 8.2 allows rem
CVE-2009-0949 (The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 do ...)
{DSA-1811-1}
- cups 1.3.10-1
-CVE-2009-0948
- RESERVED
+CVE-2009-0948 (Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_s ...)
- file 5.02-1
-CVE-2009-0947
- RESERVED
+CVE-2009-0947 (Multiple integer overflows in the (1) cdf_read_property_info and (2) c ...)
- file 5.02-1
CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow remote ...)
{DSA-1784-1}
@@ -11544,7 +11543,7 @@ CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.
[lenny] - poppler 0.8.7-2
- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
[squeeze] - xpdf 3.02-1.4+lenny1
- - kdegraphics 4:4.0 (medium; bug #524810)
+ - kdegraphics 4:4.0 (medium; bug #524810)
- swftools 0.9.2+ds1-2
CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
{DSA-1793-1 DSA-1790-1}
@@ -11601,7 +11600,7 @@ CVE-2009-0787 (The ecryptfs_write_metadata_to_contents function in the eCryptfs
CVE-2009-0786
REJECTED
CVE-2009-0785
- RESERVED
+ REJECTED
CVE-2009-0784 (Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.2009031 ...)
{DSA-1755-1}
- systemtap 0.0.20090314-2
@@ -12013,9 +12012,9 @@ CVE-2009-XXXX [sysvinit: no-root option in expert installer exposes locally expl
NOTE: hardly a security issue, if an attacker has local access to the machine and you
NOTE: don't use encryption or something similar you have lost anyway
NOTE: - this ^ philosophy is flawed; it should not be trivial to get root just because you
- NOTE: have local access to the machine. it is worth it to make it as difficult as
- NOTE: possible without impacting authorized users. otherwise, why spend so much effort
- NOTE: to make sure xscreensaver, gdm, and login are rock solid?
+ NOTE: have local access to the machine. it is worth it to make it as difficult as
+ NOTE: possible without impacting authorized users. otherwise, why spend so much effort
+ NOTE: to make sure xscreensaver, gdm, and login are rock solid?
NOTE: - i would like to track as low, rather than unimportant
CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...)
{DSA-1739-1}
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 8d7e637d06..9ff03ef468 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1,3 +1,5 @@
+CVE-2010-10001
+ RESERVED
CVE-2010-5340 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
NOT-FOR-US: IceWarp Webclient
CVE-2010-5339 (IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webm ...)
@@ -48,7 +50,7 @@ CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earl
NOT-FOR-US: ZeusCart
CVE-2010-XXXX [crash when parsing overly long links]
- lynx-cur 2.8.8dev.4-1
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/07/2
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/07/2
CVE-2010-5321 (Memory leak in drivers/media/video/videobuf-core.c in the videobuf sub ...)
- linux <unfixed> (unimportant; bug #827340)
- linux-2.6 <removed> (unimportant)
@@ -75,11 +77,13 @@ CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc3a9157d314 (v2.6.38-rc1)
CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...)
- {DSA-3249-1 DLA-258-1}
+ {DSA-3249-1 DLA-2889-1 DLA-258-1}
+ - drupal7 <removed>
- jqueryui 1.10.1+dfsg-1
- owncloud <not-affected> (embedded copy, bug #722500, of version 1.10.1, already fixed)
NOTE: http://bugs.jqueryui.com/ticket/6016
NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
+ NOTE: https://www.drupal.org/sa-core-2022-002
CVE-2010-5311
RESERVED
CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst]
@@ -480,15 +484,15 @@ CVE-2010-5118
CVE-2010-5117
REJECTED
CVE-2010-5116
- RESERVED
+ REJECTED
CVE-2010-5115
- RESERVED
+ REJECTED
CVE-2010-5114
- RESERVED
+ REJECTED
CVE-2010-5113
- RESERVED
+ REJECTED
CVE-2010-5112
- RESERVED
+ REJECTED
CVE-2010-5111 (Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote ...)
- echoping 6.0.2-4 (low; bug #606808)
[squeeze] - echoping <no-dsa> (Minor issue)
@@ -652,7 +656,7 @@ CVE-2010-5051 (Cross-site scripting (XSS) vulnerability in admin/core/admin_func
CVE-2010-5050 (Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_sha ...)
NOT-FOR-US: ManageEngine ADManager Plus
CVE-2010-5049 (SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier ...)
- - zabbix 1:1.8.2-1
+ - zabbix 1:1.8.2-1
CVE-2010-5048 (Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the ...)
NOT-FOR-US: Joomla extension
CVE-2010-5047 (SQL injection vulnerability in page.php in V-EVA Press Release Script ...)
@@ -1129,8 +1133,8 @@ CVE-2010-4818 (The GLX extension in X.Org xserver 1.7.7 allows remote authentica
NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=3f0d3f4d97bce75c1828635c322b6560a45a037f
CVE-2010-4817 (pithos before 0.3.5 allows overwrite of arbitrary files via symlinks. ...)
- pithos 0.3.5-1
-CVE-2010-4816
- RESERVED
+CVE-2010-4816 (It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null ...)
+ NOT-FOR-US: Historic freeBSD issue
CVE-2010-4815 (Coppermine gallery before 1.4.26 has an input validation vulnerability ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2010-4814 (SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Adva ...)
@@ -2585,12 +2589,12 @@ CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall (com_
CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/ ...)
{DSA-2152-1}
- hplip 3.10.6-2 (bug #610960)
-CVE-2010-4266
- RESERVED
+CVE-2010-4266 (It was found in vanilla forums before 2.0.10 a potential linkbait vuln ...)
+ NOT-FOR-US: Vanilla Forums
CVE-2010-4265 (The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$Second ...)
- jbossas4 <not-affected> (Red Hat issue, they didn't include the fix for CVE-2010-3862 in the update)
-CVE-2010-4264
- RESERVED
+CVE-2010-4264 (It was found in vanilla forums before 2.0.10 a cross-site scripting vu ...)
+ NOT-FOR-US: Vanilla Forums
CVE-2010-4263 (The igb_receive_skb function in drivers/net/igb/igb_main.c in the Inte ...)
- linux-2.6 2.6.32-30
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -3109,14 +3113,14 @@ CVE-2010-4054 (The gs_type2_interpret function in Ghostscript allows remote atta
CVE-2010-4053 (Stack-based buffer overflow in an unspecified logging function in onin ...)
NOT-FOR-US: IBM Informix Dynamic Server
CVE-2010-4052 (Stack consumption vulnerability in the regcomp implementation in the G ...)
- - glibc <removed> (unimportant)
- - eglibc <unfixed> (unimportant)
+ - glibc 2.19-4 (unimportant)
+ - eglibc 2.13-1 (unimportant)
NOTE: Deficiency in the regexp engine of glibc, while there implementations which
NOTE: process such expressions more efficiently, imposing a limit lies within
NOTE: the application accepting it from user input
CVE-2010-4051 (The regcomp implementation in the GNU C Library (aka glibc or libc6) t ...)
- - glibc <removed> (unimportant)
- - eglibc <unfixed> (unimportant)
+ - glibc 2.19-4 (unimportant)
+ - eglibc 2.13-1 (unimportant)
NOTE: Deficiency in the regexp engine of glibc, while there implementations which
NOTE: process such expressions more efficiently, imposing a limit lies within
NOTE: the application accepting it from user input
@@ -3615,8 +3619,7 @@ CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CV
CVE-2010-3844 (An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure ...)
- ettercap 1:0.7.4-1 (unimportant; bug #600130)
NOTE: Very far-fetched attack vector
-CVE-2010-3843
- RESERVED
+CVE-2010-3843 (The GTK version of ettercap uses a global settings file at /tmp/.etter ...)
- ettercap 1:0.7.4-1 (unimportant; bug #600130)
NOTE: Very far-fetched attack vector
CVE-2010-3842 (Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, w ...)
@@ -4325,8 +4328,8 @@ CVE-2010-3674 (TYPO3 before 4.4.1 allows XSS in the frontend search box. ...)
CVE-2010-XXXX [piwigo]
- piwigo 2.1.2-2
NOTE: http://www.exploit-db.com/exploits/14973/
- NOTE: First unfilled CVE-request http://www.openwall.com/lists/oss-security/2010/12/07/1
- NOTE: Second CVE-request http://www.openwall.com/lists/oss-security/2012/10/06/3
+ NOTE: First unfilled CVE-request https://www.openwall.com/lists/oss-security/2010/12/07/1
+ NOTE: Second CVE-request https://www.openwall.com/lists/oss-security/2012/10/06/3
CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote atta ...)
NOT-FOR-US: wpQuiz
CVE-2010-3607 (Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt ...)
@@ -4710,7 +4713,7 @@ CVE-2010-3447 (Cross-site scripting (XSS) vulnerability in view.php in the file
[lenny] - gollem <not-affected> ($filename not printed directly and passed through htmlspecialchars())
NOTE: http://bugs.horde.org/ticket/9191
CVE-2010-3446
- RESERVED
+ REJECTED
CVE-2010-3445 (Stack consumption vulnerability in the dissect_ber_unknown function in ...)
{DSA-2127-1}
- wireshark 1.2.11-3 (low)
@@ -5101,8 +5104,8 @@ CVE-2010-3302 (Buffer overflow in programs/pluto/xauth.c in the client in Opensw
CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia32entr ...)
- linux-2.6 2.6.32-23
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.27)
-CVE-2010-3300
- RESERVED
+CVE-2010-3300 (It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are v ...)
+ NOT-FOR-US: OWASP ESAPI
CVE-2010-3299 (The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to p ...)
- rails <unfixed> (unimportant)
NOTE: http://seclists.org/oss-sec/2010/q3/415
@@ -6199,9 +6202,9 @@ CVE-2010-2897 (Google Chrome before 5.0.375.125 does not properly mitigate an un
CVE-2010-2896 (IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before ...)
NOT-FOR-US: IBM FileNet Content Manager
CVE-2010-XXXX [flaw that allows unsigned code to access any file on the machine (accessible to the user) and write to it.]
- - openjdk-6 6b18-1.8.1-1
+ - openjdk-6 6b18-1.8.1-1
CVE-2010-XXXX [flaw in NetX that allows arbitrary unsigned apps to set any java property]
- - openjdk-6 6b18-1.8.1-1
+ - openjdk-6 6b18-1.8.1-1
CVE-2010-2895
RESERVED
CVE-2010-2894
@@ -6393,7 +6396,7 @@ CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in FreeType
{DSA-2105-1}
- freetype 2.4.2-1
CVE-2010-2804
- RESERVED
+ REJECTED
CVE-2010-2803 (The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rend ...)
{DSA-2094-1}
- linux-2.6 2.6.32-22
@@ -7182,8 +7185,8 @@ CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before 2.4
CVE-2010-2526 (The cluster logical volume manager daemon (clvmd) in lvm2-cluster in L ...)
{DSA-2095-1}
- lvm2 2.02.66-3 (bug #591204)
-CVE-2010-2525
- RESERVED
+CVE-2010-2525 (A flaw was discovered in gfs2 file system&#8217;s handling of acls (ac ...)
+ - linux-2.6 2.6.32-19
CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in the Lin ...)
{DSA-2264-1}
- linux-2.6 2.6.32-19
@@ -7248,8 +7251,12 @@ CVE-2010-2498 (The psh_glyph_find_strong_points function in pshinter/pshalgo.c i
CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0 allows re ...)
{DSA-2070-1}
- freetype 2.4.0-1
-CVE-2010-2496
- RESERVED
+CVE-2010-2496 (stonith-ng in pacemaker and cluster-glue passed passwords as commandli ...)
+ - cluster-glue 1.0.6-1
+ - pacemaker 1.1.13-1
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=620781
+ NOTE: https://github.com/ClusterLabs/cluster-glue/commit/3d7b464439ee0271da76e0ee9480f3dc14005879 (glue-1.0.6)
+ NOTE: https://github.com/ClusterLabs/pacemaker/commit/7901f43c5800374d41ae2287fe122692fe045664 (Pacemaker-1.1.3)
CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) i ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messagin ...)
@@ -7273,9 +7280,9 @@ CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1
{DSA-2083-1}
- moin 1.9.3-1 (bug #584809)
CVE-2010-2486
- RESERVED
+ REJECTED
CVE-2010-2485
- RESERVED
+ REJECTED
CVE-2010-2484 (The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ...)
- php5 5.3.3-1 (unimportant)
CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers ...)
@@ -7301,7 +7308,7 @@ CVE-2010-2477 (Multiple cross-site scripting (XSS) vulnerabilities in the paste.
[lenny] - paste 1.7.1-1+lenny1
NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
CVE-2010-2475
- RESERVED
+ REJECTED
CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through ...)
@@ -8253,7 +8260,7 @@ CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c, a
- mplayer 2:1.0~rc3+svn20100502-3 (medium; bug #581245)
[lenny] - mplayer 1.0~rc2-17+lenny3.2
- xine-lib <not-affected> (immune due to additional check in xio_rw_abbort())
- NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
NOTE: DSA-2043 and DSA-2044
CVE-2010-2061 (rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) ...)
@@ -8690,7 +8697,7 @@ CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in S
CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 ...)
{DSA-2080-1}
- ghostscript 8.71~dfsg-4
- NOTE: http://www.openwall.com/lists/oss-security/2010/05/11/3
+ NOTE: https://www.openwall.com/lists/oss-security/2010/05/11/3
CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ex ...)
- php5 <removed> (unimportant)
CVE-2010-1867 (SQL injection vulnerability in the ArticleAttachment::GetAttachmentsBy ...)
@@ -9885,14 +9892,14 @@ CVE-2010-1437 (Race condition in the find_keyring_by_name function in security/k
CVE-2010-1436 (gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not ...)
- linux-2.6 2.6.32-25
[lenny] - linux-2.6 2.6.26-23
-CVE-2010-1435
- RESERVED
-CVE-2010-1434
- RESERVED
-CVE-2010-1433
- RESERVED
-CVE-2010-1432
- RESERVED
+CVE-2010-1435 (Joomla! Core is prone to a security bypass vulnerability. Exploiting t ...)
+ NOT-FOR-US: Joomla!
+CVE-2010-1434 (Joomla! Core is prone to a session fixation vulnerability. An attacker ...)
+ NOT-FOR-US: Joomla!
+CVE-2010-1433 (Joomla! Core is prone to a vulnerability that lets attackers upload ar ...)
+ NOT-FOR-US: Joomla!
+CVE-2010-1432 (Joomla! Core is prone to an information disclosure vulnerability. Atta ...)
+ NOT-FOR-US: Joomla!
CVE-2010-1430
REJECTED
CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) ...)
@@ -10778,7 +10785,7 @@ CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
CVE-2010-1145
REJECTED
-CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids 1.24, as used in d ...)
+CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids before 1.24, as us ...)
- libnids 1.23-1.2 (low; bug #576281)
[lenny] - libnids <no-dsa> (Minor issue)
NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor
@@ -11559,7 +11566,7 @@ CVE-2010-2450 (The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/
CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' ...)
- libesmtp 1.0.4-5 (bug #572960)
[lenny] - libesmtp <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
+ NOTE: https://www.openwall.com/lists/oss-security/2010/03/03/6
CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...)
NOT-FOR-US: VMware Server
CVE-2010-XXXX [argyll unsafe udev rules]
@@ -11571,10 +11578,10 @@ CVE-2010-2473 (Drupal 6.x before 6.16 and 5.x before version 5.22 does not prope
CVE-2010-2472 (Locale module and dependent contributed modules in Drupal 6.x before 6 ...)
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
-CVE-2010-2471 (drupal6 version 6.16 has open redirection ...)
+CVE-2010-2471 (Drupal versions 5.x and 6.x has open redirection ...)
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
-CVE-2010-2250 (Drupal 6.x before 6.16 uses a user-supplied value in output during sit ...)
+CVE-2010-2250 (Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output du ...)
{DSA-2016-1}
- drupal6 6.18-1 (bug #592716)
CVE-2010-XXXX [linux-ftpd: null ptr dereference]
@@ -11787,7 +11794,7 @@ CVE-2010-0735
CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enab ...)
{DSA-2023-1}
- curl 7.20.0-1 (low)
- NOTE: http://www.openwall.com/lists/oss-security/2010/03/16/11
+ NOTE: https://www.openwall.com/lists/oss-security/2010/03/16/11
NOTE: depends on the application that uses libcurl
CVE-2010-0733 (Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4. ...)
- postgresql-8.4 8.4.2-1
@@ -11795,7 +11802,7 @@ CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensav
- gtk+2.0 2.18.5-1
[lenny] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
[etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
- NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/1
+ NOTE: https://www.openwall.com/lists/oss-security/2010/02/12/1
CVE-2010-0731 (The gnutls_x509_crt_get_serial function in the GnuTLS library before 1 ...)
- gnutls26 <not-affected> (Fixed before initial release)
- gnutls13 1.2.1-1
@@ -12513,7 +12520,7 @@ CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache H
- apache2 2.2.15-1
CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before ...)
- openssl <not-affected> (Kerberos support not enabled)
- NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/5
+ NOTE: https://www.openwall.com/lists/oss-security/2010/03/03/5
CVE-2010-0432 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open ...)
NOT-FOR-US: Apache Open For Business Project (OFBiz)
CVE-2010-0431 (QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat E ...)
@@ -12528,11 +12535,11 @@ CVE-2010-0428 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervi
CVE-2010-0427 (sudo 1.6.x before 1.6.9p21, when the runas_default option is used, doe ...)
{DSA-2006-1}
- sudo 1.7.0-1
- NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
+ NOTE: https://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-com ...)
{DSA-2006-1}
- sudo 1.7.2p1-1.2 (bug #570737)
- NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
+ NOTE: https://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0425 (modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server ...)
- apache2 <not-affected> (Windows only)
CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) ...)
@@ -12573,7 +12580,7 @@ CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attac
[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2010-0413
- RESERVED
+ REJECTED
CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the value of t ...)
- systemtap 1.2-1 (bug #572560)
[lenny] - systemtap <not-affected> (Server component not yet present)
@@ -13151,7 +13158,7 @@ CVE-2010-0207 (In xpdf, the xref table contains an infinite loop which allows re
NOTE: Just a crasher, not treated as a security issue
CVE-2010-0206 (xpdf allows remote attackers to cause a denial of service (NULL pointe ...)
- kdegraphics 4:4.0.0-1 (unimportant)
- - xpdf <unfixed> (unimportant)
+ - xpdf <unfixed> (unimportant)
- poppler 0.16.3-1 (unimportant)
[squeeze] - poppler 0.12.4-1.2+squeeze1
NOTE: Just a crasher, not treated as a security issue
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 257b1a3d42..ec117e233f 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -13,11 +13,10 @@ CVE-2011-5326 (imlib2 before 1.4.9 allows remote attackers to cause a denial of
{DSA-3555-1}
- imlib2 1.4.8-1 (bug #639414)
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/10/5
CVE-2011-5325 (Directory traversal vulnerability in the BusyBox implementation of tar ...)
- {DLA-1445-1}
+ {DLA-2559-1 DLA-1445-1}
- busybox 1:1.27.2-1 (bug #802702)
- [stretch] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
[squeeze] - busybox <no-dsa> (Minor issue)
CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7. ...)
@@ -44,7 +43,7 @@ CVE-2011-5320 (scanf and related functions in glibc before 2.15 allow local user
NOTE: 2.15 ist the first version recieving the fix, mark with upstream version which should
NOTE: be handled correctly then by the tracker.
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=13138
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/26/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/26/2
NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0
NOTE: CVE assigned specific to the https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4 issue
CVE-2011-5318 (Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.C ...)
@@ -156,7 +155,7 @@ CVE-2011-5268 (connection.c in Bip before 0.8.9 does not properly close sockets,
- bip 0.8.9-1
[squeeze] - bip <no-dsa> (Minor issue)
[wheezy] - bip <no-dsa> (Minor issue)
- NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9
+ NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: https://www.openwall.com/lists/oss-security/2014/01/02/9
CVE-2011-5267 (Multiple cross-site scripting (XSS) vulnerabilities in spell-check-sav ...)
NOT-FOR-US: SpellChecker module in Xinha
CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2 ...)
@@ -448,7 +447,7 @@ CVE-2011-5131 (Cross-site request forgery (CSRF) vulnerability in global.php in
CVE-2011-5130 (dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when regi ...)
NOT-FOR-US: Family Connections CMS
CVE-2011-5129 (Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote at ...)
- - xchat <unfixed> (unimportant; bug #686454)
+ - xchat <removed> (unimportant; bug #686454)
CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize ...)
NOT-FOR-US: Adminimize plugin for Wordpress
CVE-2011-5127 (Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2 ...)
@@ -783,15 +782,15 @@ CVE-2011-4980
CVE-2011-4979
REJECTED
CVE-2011-4978
- RESERVED
+ REJECTED
CVE-2011-4977
- RESERVED
+ REJECTED
CVE-2011-4976
- RESERVED
+ REJECTED
CVE-2011-4975
- RESERVED
+ REJECTED
CVE-2011-4974
- RESERVED
+ REJECTED
CVE-2011-4973 (Authentication bypass vulnerability in mod_nss 1.0.8 allows remote att ...)
- libapache2-mod-nss 1.0.8-4 (low; bug #729626)
[wheezy] - libapache2-mod-nss <no-dsa> (Minor issue)
@@ -892,7 +891,7 @@ CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in SimpleH
- python2.7 2.7.2-8 (unimportant)
- python2.6 <unfixed> (unimportant; bug #664135)
- python2.5 <removed> (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/11
+ NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/11
NOTE: This only affects IE7, which is inherently insecure anyway
CVE-2011-4939 (The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin befor ...)
- pidgin 2.10.2-1 (bug #664028)
@@ -1181,8 +1180,8 @@ CVE-2011-4822 (Multiple cross-site scripting (XSS) vulnerabilities in the user p
NOT-FOR-US: Atlassian FishEye
CVE-2011-4821 (Directory traversal vulnerability in the TFTP server in D-Link DIR-601 ...)
NOT-FOR-US: D-Link router
-CVE-2011-4820
- RESERVED
+CVE-2011-4820 (IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass ...)
+ NOT-FOR-US: IBM
CVE-2011-4819 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asse ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4818 (Open redirect vulnerability in IBM Maximo Asset Management and Asset M ...)
@@ -1745,7 +1744,7 @@ CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in
- libav 4:0.7.3-1
- ffmpeg 7:2.4.1-1
- ffmpeg-debian <end-of-life>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2
CVE-2011-4578 (event.c in acpid (aka acpid2) before 2.0.11 does not have an appropria ...)
{DSA-2362-1}
- acpid 1:2.0.11-1
@@ -1757,8 +1756,9 @@ CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x befor
- openssl 1.0.0f-1
CVE-2011-4575 (Cross-site scripting (XSS) vulnerability in the JMX console in JBoss E ...)
NOT-FOR-US: JMX Console
-CVE-2011-4574
- RESERVED
+CVE-2011-4574 (PolarSSL versions prior to v1.1 use the HAVEGE random number generatio ...)
+ - polarssl 1.1.0-1
+ NOTE: https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02
CVE-2011-4573 (Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly ...)
NOT-FOR-US: JBoss Operations Network
CVE-2011-4572 (Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF ...)
@@ -2287,7 +2287,7 @@ CVE-2011-4345 (Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21,
- namazu2 2.0.21-1 (low)
[squeeze] - namazu2 <no-dsa> (Minor issue)
CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins be ...)
- - jenkins-winstone 0.9.10-jenkins-29+dfsg-1 (bug #649900)
+ - jenkins-winstone 0.9.10-jenkins-29+dfsg-1 (bug #649900)
CVE-2011-4343 (Information disclosure vulnerability in Apache MyFaces Core 2.0.1 thro ...)
NOT-FOR-US: Apache MyFaces
CVE-2011-4342 (PHP remote file inclusion vulnerability in wp_xml_export.php in the Ba ...)
@@ -2304,7 +2304,7 @@ CVE-2011-4338 (Shaman 1.0.9: Users can add the line askforpwd=false to his shama
CVE-2011-4337 (Static code injection vulnerability in translate.php in Support Incide ...)
NOT-FOR-US: Support Incident Tracker
CVE-2011-4336 (Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to sn ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2011-4335 (Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2 ...)
NOT-FOR-US: Contao
CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify uploaded ...)
@@ -2786,12 +2786,21 @@ CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO io
{DSA-2443-1 DSA-2389-1}
- libguestfs 1:1.14.8-1
- linux-2.6 <removed>
-CVE-2011-4126
- RESERVED
-CVE-2011-4125
- RESERVED
-CVE-2011-4124
- RESERVED
+CVE-2011-4126 (Race condition issues were found in Calibre at devices/linux_mount_hel ...)
+ - calibre 1.5.0+dfsg-1 (bug #584915)
+ NOTE: Vulnerable code removed upstream at version 1.4.0
+ NOTE: https://github.com/kovidgoyal/calibre/commit/7d54d25844efebfb3d6de2bb2b9af77dbf72d8b8 (v1.4.0)
+ NOTE: Removed by Debian packaging in 0.6.54+dfsg-1.
+CVE-2011-4125 (A untrusted search path issue was found in Calibre at devices/linux_mo ...)
+ - calibre 1.5.0+dfsg-1 (bug #584915)
+ NOTE: Vulnerable code removed upstream at version 1.4.0
+ NOTE: https://github.com/kovidgoyal/calibre/commit/7d54d25844efebfb3d6de2bb2b9af77dbf72d8b8 (v1.4.0)
+ NOTE: Removed by Debian packaging in 0.6.54+dfsg-1.
+CVE-2011-4124 (Input validation issues were found in Calibre at devices/linux_mount_h ...)
+ - calibre 1.5.0+dfsg-1 (bug #584915)
+ NOTE: Vulnerable code removed upstream at version 1.4.0
+ NOTE: https://github.com/kovidgoyal/calibre/commit/7d54d25844efebfb3d6de2bb2b9af77dbf72d8b8 (v1.4.0)
+ NOTE: Removed by Debian packaging in 0.6.54+dfsg-1.
CVE-2011-4123
REJECTED
CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM be ...)
@@ -2800,8 +2809,8 @@ CVE-2011-4121 (The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-
- ruby1.9.1 <not-affected> (Only affected trunk versions)
CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when 'use_ ...)
- yubico-pam 2.10-1
-CVE-2011-4119
- RESERVED
+CVE-2011-4119 (caml-light &lt;= 0.75 uses mktemp() insecurely, and also does unsafe t ...)
+ NOT-FOR-US: caml-light
CVE-2011-4117 (The Batch::BatchRun module 1.03 for Perl does not properly handle temp ...)
NOT-FOR-US: perl Batch::BatchRun CPAN module
CVE-2011-4116 (_is_safe in the File::Temp module for Perl does not properly handle sy ...)
@@ -2819,7 +2828,7 @@ CVE-2011-4113 (SQL injection vulnerability in the Views module before 6.x-2.13 f
- drupal6-mod-views 2.14-1
CVE-2011-4112 (The net subsystem in the Linux kernel before 3.1 does not properly res ...)
- linux-2.6 3.1-1 (unimportant)
- NOTE: Turned out to be a non-issue, http://www.openwall.com/lists/oss-security/2011/11/24/3
+ NOTE: Turned out to be a non-issue, https://www.openwall.com/lists/oss-security/2011/11/24/3
CVE-2011-4111 (Buffer overflow in the ccid_card_vscard_handle_message function in hw/ ...)
- qemu 0.15.1+dfsg-2
[lenny] - qemu <not-affected> (Vulnerable CCID code not present)
@@ -3555,7 +3564,7 @@ CVE-2011-3869 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows
{DSA-2314-1}
- puppet 2.7.3-3
CVE-2011-3868 (Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player ...)
- NOT-FOR-US: Vmware
+ NOT-FOR-US: VMware
CVE-2011-3867
REJECTED
CVE-2011-3866 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly re ...)
@@ -4027,8 +4036,7 @@ CVE-2011-3657 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2
- bugzilla <removed> (low)
[squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS)
[lenny] - bugzilla <no-dsa> (Minor issue)
-CVE-2011-3656
- RESERVED
+CVE-2011-3656 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6 ...)
- iceweasel 4.0-1
[squeeze] - iceweasel <end-of-life> (Iceweasel not supported in Squeeze LTS)
CVE-2011-3655 (Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perfor ...)
@@ -4992,15 +5000,15 @@ CVE-2011-3344 (Cross-site scripting (XSS) vulnerability in the Lookup Login/Pass
CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to ...)
{DSA-2386-1}
- openttd 1.1.3-1
- NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
+ NOTE: https://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3342 (Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attacke ...)
{DSA-2386-1}
- openttd 1.1.3-1
- NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
+ NOTE: https://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3341 (Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 al ...)
{DSA-2386-1}
- openttd 1.1.3-1
- NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
+ NOTE: https://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3340 (SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remo ...)
NOT-FOR-US: ATCOM Netvolution
CVE-2011-3339 (Cross-site scripting (XSS) vulnerability in the Admin Control Center i ...)
@@ -6210,7 +6218,7 @@ CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux
CVE-2011-2927 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...)
NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2926
- RESERVED
+ REJECTED
CVE-2011-2925 (Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 re ...)
NOT-FOR-US: Cumin
CVE-2011-2924 (foomatic-rip filter v4.0.12 and prior used insecurely creates temporar ...)
@@ -6399,8 +6407,8 @@ CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle Tibeta
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
-CVE-2011-2863
- RESERVED
+CVE-2011-2863 (Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0 ...)
+ - chromium-browser 14.0.835.163~r101024-1
CVE-2011-2862 (Google V8, as used in Google Chrome before 14.0.835.163, does not prop ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
@@ -8194,8 +8202,10 @@ CVE-2011-2197 (The cross-site scripting (XSS) prevention feature in Ruby on Rail
- rails <not-affected> (Affected plugin not installed, see bug #634990)
CVE-2011-2196 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as dis ...)
NOT-FOR-US: JBoss Seam
-CVE-2011-2195
- RESERVED
+CVE-2011-2195 (A flaw was found in WebSVN 2.3.2. Without prior authentication, if the ...)
+ - websvn <removed>
+ NOTE: Windows-specific
+ NOTE: mitigated by https://github.com/websvnphp/websvn/commit/50f02cf848c5bdebb66d9b017389c9d688887d4f
CVE-2011-2193 (Multiple buffer overflows in Terascale Open-Source Resource and Queue ...)
{DSA-2329-1}
- torque 2.4.15+dfsg-1 (bug #635342)
@@ -8312,7 +8322,7 @@ CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC medi
{DSA-2257-1}
- vlc 1.1.10-1
[lenny] - vlc <not-affected> (Vulnerable code not present)
- NOTE: http://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c
+ NOTE: https://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c
CVE-2011-2190 (The generate_admin_password function in Cherokee before 1.2.99 uses ti ...)
- cherokee 1.0.14-1 (low; bug #647205)
[squeeze] - cherokee 1.0.8-5+squeeze1
@@ -8404,14 +8414,14 @@ CVE-2011-2161 (The ape_read_header function in ape.c in libavformat in FFmpeg be
- libav 4:0.6-1 (bug #628448)
- ffmpeg 7:2.4.1-1
- ffmpeg-debian <end-of-life>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1c31b26b
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1c31b26b
CVE-2011-2160 (The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPl ...)
{DSA-2306-1}
- libav 4:0.6-1 (bug #628448)
- ffmpeg 7:2.4.1-1
- ffmpeg-debian <end-of-life>
NOTE: duplicate of CVE-2011-0723
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8069e2f6
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8069e2f6
CVE-2011-2159 (The SmarterTools SmarterStats 6.0 web server omits the Content-Type he ...)
NOT-FOR-US: SmarterStats
CVE-2011-2158 (The SmarterTools SmarterStats 6.0 web server sends incorrect Content-T ...)
@@ -8840,7 +8850,7 @@ CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect
[squeeze] - wireshark <not-affected> (Affects 1.4.5 only)
NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1955
- RESERVED
+ REJECTED
CVE-2011-1954 (Multiple cross-site request forgery (CSRF) vulnerabilities in Post Rev ...)
NOT-FOR-US: Post Revolution
CVE-2011-1953 (Multiple cross-site scripting (XSS) vulnerabilities in common.php in P ...)
@@ -8873,7 +8883,7 @@ CVE-2011-1943 (The destroy_one_secret function in nm-setting-vpn.c in libnm-util
- network-manager-openvpn <not-affected> (Affected code was only in experimental, see bug #628730)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876
CVE-2011-1942
- RESERVED
+ REJECTED
CVE-2011-1941 (Open redirect vulnerability in the redirector feature in phpMyAdmin 3. ...)
- phpmyadmin 4:3.4.1-1
[lenny] - phpmyadmin <not-affected> (3.4.x only)
@@ -9252,8 +9262,8 @@ CVE-2011-1806 (Google Chrome before 11.0.696.71 does not properly implement the
- chromium-browser 11.0.696.71~r86024-1
[squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
-CVE-2011-1805
- RESERVED
+CVE-2011-1805 (Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote at ...)
+ - chromium-browser 11.0.696.65~r84435-1
CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in ...)
- chromium-browser 11.0.696.71~r86024-1
[squeeze] - chromium-browser <not-affected>
@@ -9349,7 +9359,7 @@ CVE-2011-1775 (The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.
NOTE: https://github.com/TigerVNC/tigervnc/commit/ce6c8b097f0d5b161039dc8c8208aff078d433ff
CVE-2011-1774 (WebKit in Apple Safari before 5.0.6 has improper libxslt security sett ...)
NOTE: CVE-2011-1774 is about webkit's interface to xmlsec, CVE-2011-1425 is the actual issue
- NOTE: http://www.openwall.com/lists/oss-security/2011/05/09/4
+ NOTE: https://www.openwall.com/lists/oss-security/2011/05/09/4
CVE-2011-1773 (virt-v2v before 0.8.4 does not preserve the VNC console password when ...)
NOT-FOR-US: virt-v2v
CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache ...)
@@ -10071,8 +10081,10 @@ CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when
[squeeze] - httpcomponents-client 4.0.1-1squeeze1
NOTE: http://seclists.org/oss-sec/2011/q2/188
NOTE: http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
-CVE-2011-1497
- RESERVED
+CVE-2011-1497 (A cross-site scripting vulnerability flaw was found in the auto_link f ...)
+ - rails <not-affected> (Fixed before initial release of rails 4.0 to Debian)
+ NOTE: https://www.openwall.com/lists/oss-security/2011/04/06/13
+ NOTE: https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
CVE-2011-1496 (tmux 1.3 and 1.4 does not properly drop group privileges, which allows ...)
{DSA-2212-1}
- tmux 1.4-6 (bug #620304)
@@ -10939,7 +10951,7 @@ CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx
- gimp 2.6.10-1
NOTE: Likely fixed earlier, but only the squeeze version was checked
CVE-2011-1177
- RESERVED
+ REJECTED
CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk ...)
{DSA-2202-1}
- apache2 2.2.17-2 (bug #618857; medium)
@@ -11297,8 +11309,8 @@ CVE-2011-1076 (net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allo
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
[wheezy] - linux-2.6 <not-affected> (Introduced in 2.6.36)
-CVE-2011-1075
- RESERVED
+CVE-2011-1075 (FreeBSD's crontab calculates the MD5 sum of the previous and new cronj ...)
+ - cron <not-affected> (Debian's cron not affected)
CVE-2011-1074 (crontab.c in crontab in FreeBSD allows local users to determine the ex ...)
- cron <not-affected> (Debian's cron not affected)
CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...)
@@ -14085,7 +14097,7 @@ CVE-2011-0025 (IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5
CVE-2011-0024 (Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 ...)
- wireshark 1.2-0-1
CVE-2011-0023
- RESERVED
+ REJECTED
CVE-2011-0022 (The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory ...)
NOT-FOR-US: 389 LDAP server
CVE-2011-0522 (The StripTags function in (1) the USF decoder (modules/codec/subtitles ...)
@@ -14094,7 +14106,7 @@ CVE-2011-0522 (The StripTags function in (1) the USF decoder (modules/codec/subt
CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder in Vi ...)
- vlc 1.1.3-1squeeze2
[lenny] - vlc <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
CVE-2011-0020 (Heap-based buffer overflow in the pango_ft2_font_render_box_glyph func ...)
- pango1.0 1.28.3-1+squeeze1 (bug #610792)
CVE-2011-0019 (slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Dire ...)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 0b63b2ef00..d986dec88d 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1,3 +1,7 @@
+CVE-2012-20001 (PrestaShop before 1.5.2 allows XSS via the "&lt;object data='data:text ...)
+ NOT-FOR-US: PrestaShop
+CVE-2012-10001 (The Limit Login Attempts plugin before 1.7.1 for WordPress does not cl ...)
+ NOT-FOR-US: Limit Login Attempts plugin for WordPress
CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
NOT-FOR-US: SocialEngine
CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...)
@@ -46,6 +50,7 @@ CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) a
NOTE: 1.9 release introduced backwards incompatible changes to fix this, so may be too invasive to fix
CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing algorit ...)
- wordpress <unfixed> (bug #880868)
+ [bullseye] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
[buster] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
[stretch] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
[jessie] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
@@ -61,7 +66,7 @@ CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before 5.5
- libclamunrar 0.99-4 (bug #867223)
[stretch] - libclamunrar 0.99-3+deb9u1
[jessie] - libclamunrar 0.99-0+deb8u3
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/9
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/9
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6
NOTE: https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd
CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Stat ...)
@@ -118,23 +123,23 @@ CVE-2012-6696 (inspircd in Debian before 2.0.7 does not properly handle unsigned
{DSA-3226-1 DLA-276-1}
- inspircd 2.0.16-1 (bug #780880)
NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/5
CVE-2012-6697 (InspIRCd before 2.0.7 allows remote attackers to cause a denial of ser ...)
{DSA-3226-1 DLA-276-1}
- inspircd 2.0.16-1 (bug #780880)
NOTE: https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/5
CVE-2012-6690
RESERVED
CVE-2012-6688
- RESERVED
+ REJECTED
CVE-2012-6689 (The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux ...)
{DLA-246-1}
- linux 3.6.4-1
[wheezy] - linux 3.2.30-1
- linux-2.6 <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=848949
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/13
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/13
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (v3.6-rc5)
CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause ...)
{DLA-431-1 DLA-430-1}
@@ -143,7 +148,7 @@ CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to c
- libfcgi-perl 0.78-2 (bug #815840)
[jessie] - libfcgi-perl 0.77-1+deb8u1
[wheezy] - libfcgi-perl <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/4
CVE-2012-XXXX [Insufficient validation of USB device descriptors]
- oss4 4.2-build2010-2 (bug #775662)
[wheezy] - oss4 <no-dsa> (Minor issue)
@@ -236,6 +241,7 @@ CVE-2012-6656 (iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allow
NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=6e230d11837f3ae7b375ea69d7905f0d18eb79e5
CVE-2012-6655 (An issue exists AccountService 0.6.37 in the user_change_password_auth ...)
- accountsservice <unfixed> (low; bug #757912)
+ [bullseye] - accountsservice <ignored> (Minor issue)
[buster] - accountsservice <ignored> (Minor issue)
[stretch] - accountsservice <ignored> (Minor issue)
[jessie] - accountsservice <ignored> (Minor issue)
@@ -280,7 +286,7 @@ CVE-2012-6639 (An privilege elevation vulnerability exists in Cloud-init before
NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12299
CVE-2012-6638 (The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linu ...)
- linux 3.2.29-1
- - linux-2.6 <removed>
+ - linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-47
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf5af0daf8019cec2396cdef8fb042d80fe71fa
CVE-2012-6637 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...)
@@ -311,13 +317,13 @@ CVE-2012-6618 (The av_probe_input_buffer function in libavformat/utils.c in FFmp
- libav 6:9.11-1
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=2115a3597457231a6e5c0527fe0ff8550f64b733
CVE-2012-6617 (The prepare_sdp_description function in ffserver.c in FFmpeg before 1. ...)
- libav 6:9.11-1
[wheezy] - libav <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)
- ffmpeg <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=82b9799bb211ecd117171115e4a8b832c4942314
CVE-2012-6616 (The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpe ...)
- libav <not-affected> (Vulnerable code not present in libav)
@@ -660,45 +666,45 @@ CVE-2012-6494 (Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerab
CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Secu ...)
NOT-FOR-US: Rapid7 Nexpose Security Console
CVE-2012-6492
- RESERVED
+ REJECTED
CVE-2012-6491
- RESERVED
+ REJECTED
CVE-2012-6490
- RESERVED
+ REJECTED
CVE-2012-6489
- RESERVED
+ REJECTED
CVE-2012-6488
- RESERVED
+ REJECTED
CVE-2012-6487
- RESERVED
+ REJECTED
CVE-2012-6486
- RESERVED
+ REJECTED
CVE-2012-6485
- RESERVED
+ REJECTED
CVE-2012-6484
- RESERVED
+ REJECTED
CVE-2012-6483
- RESERVED
+ REJECTED
CVE-2012-6482
- RESERVED
+ REJECTED
CVE-2012-6481
- RESERVED
+ REJECTED
CVE-2012-6480
- RESERVED
+ REJECTED
CVE-2012-6479
- RESERVED
+ REJECTED
CVE-2012-6478
- RESERVED
+ REJECTED
CVE-2012-6477
- RESERVED
+ REJECTED
CVE-2012-6476
- RESERVED
+ REJECTED
CVE-2012-6475
- RESERVED
+ REJECTED
CVE-2012-6474
- RESERVED
+ REJECTED
CVE-2012-6473
- RESERVED
+ REJECTED
CVE-2012-6472 (Opera before 12.12 on UNIX uses weak permissions for the profile direc ...)
NOT-FOR-US: Opera
CVE-2012-6471 (Opera before 12.12 allows remote attackers to spoof the address field ...)
@@ -1050,7 +1056,7 @@ CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generi
[squeeze] - snack 2.2.10-dfsg1-9+squeeze1
- wavesurfer <not-affected> (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615)
NOTE: http://secunia.com/advisories/49889/
- NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/12/10/2
CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...)
NOT-FOR-US: Soapbox
CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...)
@@ -1342,13 +1348,13 @@ CVE-2012-6159
CVE-2012-6158
REJECTED
CVE-2012-6157
- RESERVED
+ REJECTED
CVE-2012-6156
- RESERVED
+ REJECTED
CVE-2012-6155
- RESERVED
+ REJECTED
CVE-2012-6154
- RESERVED
+ REJECTED
CVE-2012-6153 (http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient befor ...)
{DLA-222-1}
- commons-httpclient 3.1-10.2 (bug #692442)
@@ -1489,8 +1495,8 @@ CVE-2012-6114 (The git-changelog utility in git-extras 1.7.0 allows local users
CVE-2012-6113 (The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 thr ...)
- php5 5.4.0~beta2-1
[squeeze] - php5 <not-affected> (Introduced in 5.3.9)
- NOTE: Introduced in http://git.php.net/?p=php-src.git;a=commitdiff;h=095cbc48a8f0090f3b0abc6155f2b61943c9eafb
- NOTE: Fixed in 5.3.14 http://git.php.net/?p=php-src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e
+ NOTE: Introduced in https://git.php.net/?p=php-src.git;a=commitdiff;h=095cbc48a8f0090f3b0abc6155f2b61943c9eafb
+ NOTE: Fixed in 5.3.14 https://git.php.net/?p=php-src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e
NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1099793
NOTE: https://bugs.php.net/bug.php?id=61413
CVE-2012-6112 (classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellcheck ...)
@@ -1508,7 +1514,7 @@ CVE-2012-6111 (gnome-keyring does not discard stored secrets when using gnome_ke
- gnome-keyring 3.8.2-1 (low; bug #697896)
[squeeze] - gnome-keyring <no-dsa> (Minor issue)
[wheezy] - gnome-keyring <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/11/5
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/11/5
CVE-2012-6109 (lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x ...)
- ruby-rack 1.4.1-2.1 (bug #698440)
- librack-ruby <removed>
@@ -1607,8 +1613,8 @@ CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybd
{DSA-2612-1}
- charybdis 3.3.0-7.1 (bug #697092)
- ircd-ratbox 3.0.7.dfsg-3 (bug #697093)
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/2
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/01/2
CVE-2012-6083 (Freeciv before 2.3.3 allows remote attackers to cause a denial of serv ...)
- freeciv 2.3.4-1 (low; bug #696306)
[squeeze] - freeciv <no-dsa> (Minor issue)
@@ -1630,13 +1636,13 @@ CVE-2012-6080 (Directory traversal vulnerability in the _do_attachment_move func
NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
CVE-2012-6079 (W3 Total Cache before 0.9.2.5 exposes sensitive cached database inform ...)
NOT-FOR-US: W3 Total Cache
- NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
+ NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3
CVE-2012-6078 (W3 Total Cache before 0.9.2.5 generates hash keys insecurely which all ...)
NOT-FOR-US: W3 Total Cache
- NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
+ NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3
CVE-2012-6077 (W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve pass ...)
NOT-FOR-US: W3 Total Cache
- NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
+ NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3
CVE-2012-6076 (Inkscape before 0.48.4 reads .eps files from /tmp instead of the curre ...)
- inkscape 0.48.3.1-1.3 (low; bug #654341)
[squeeze] - inkscape <no-dsa> (Minor issue)
@@ -1647,20 +1653,20 @@ CVE-2012-6075 (Buffer overflow in the e1000_receive function in the e1000 device
- qemu-kvm 1.1.2+dfsg-4 (bug #696051)
- xen 4.1.3-8
[squeeze] - xen <not-affected> (In Squeeze the code is in the package xen-qemu-dm-4.0)
- NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/1
CVE-2012-6074 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenk ...)
- jenkins 1.447.2+dfsg-3 (bug #696816)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
- NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1
CVE-2012-6073 (Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS befor ...)
- jenkins 1.447.2+dfsg-3 (bug #696816)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
- NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1
CVE-2012-6072 (CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS befo ...)
- jenkins 1.447.2+dfsg-3 (bug #696816)
- jenkins-winstone 0.9.10-jenkins-37+dfsg-2 (bug #696974)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
- NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1
CVE-2012-6071 (nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. ...)
- nusoap 0.7.3-5 (low; bug #696707)
[squeeze] - nusoap <no-dsa> (Minor issue)
@@ -2637,7 +2643,7 @@ CVE-2012-5667 (Multiple integer overflows in GNU Grep before 2.11 might allow co
[squeeze] - grep 2.6.3-3+squeeze1
NOTE: https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
NOTE: patch http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
- NOTE: http://www.openwall.com/lists/oss-security/2012/12/22/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/12/22/1
CVE-2012-5666 (Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js ...)
- owncloud 4.0.8debian-1.3 (bug #696574)
[wheezy] - owncloud 4.0.4debian2-3.2
@@ -2648,7 +2654,7 @@ CVE-2012-5664
REJECTED
CVE-2012-5663 (The isearch package (textproc/isearch) before 1.47.01nb1 uses the temp ...)
NOT-FOR-US: Isearch
- NOTE: http://www.openwall.com/lists/oss-security/2012/12/21/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/12/21/1
CVE-2012-5662 (x3270 before 3.3.12ga12 does not verify that the server hostname match ...)
- ibm-3270 3.3.14ga11-1 (bug #706547)
[wheezy] - ibm-3270 <no-dsa> (Non-free not supported)
@@ -2664,7 +2670,7 @@ CVE-2012-5658 (rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug
CVE-2012-5657 (The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Z ...)
{DSA-2602-1}
- zendframework 1.11.13-1.1 (bug #696483)
- NOTE: http://www.openwall.com/lists/oss-security/2012/12/20/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/12/20/2
NOTE: http://framework.zend.com/security/advisory/ZF2012-05
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=889037
NOTE: http://secunia.com/advisories/51583
@@ -2749,7 +2755,7 @@ CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthro
CVE-2012-5633 (The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6 ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5632
- RESERVED
+ REJECTED
CVE-2012-5631 (ipa 3.0 does not properly check server identity before sending credent ...)
NOT-FOR-US: FreeIPA
CVE-2012-5630 (libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race co ...)
@@ -2791,7 +2797,7 @@ CVE-2012-5618 (Ushahidi before 2.6.1 has insufficient entropy for forgot-passwor
CVE-2012-5617 (gksu-polkit: permissive PolicyKit policy configuration file allows pri ...)
- gksu-polkit <removed> (bug #695807)
[squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts)
- NOTE: http://www.openwall.com/lists/oss-security/2012/12/12/8
+ NOTE: https://www.openwall.com/lists/oss-security/2012/12/12/8
CVE-2012-5616 (Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly ...)
NOT-FOR-US: CloudStack
CVE-2012-5615 (Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.2 ...)
@@ -2810,7 +2816,7 @@ CVE-2012-5614 (Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and Maria
[squeeze] - mysql-5.1 5.1.73-1
NOTE: https://mariadb.atlassian.net/browse/MDEV-3910
NOTE: http://seclists.org/fulldisclosure/2012/Dec/7
- NOTE: http://www.openwall.com/lists/oss-security/2013/02/28/10
+ NOTE: https://www.openwall.com/lists/oss-security/2013/02/28/10
CVE-2012-5613
- mysql-5.1 <unfixed> (unimportant; bug #695001)
- mysql-5.5 <removed> (unimportant; bug #695001)
@@ -2828,23 +2834,23 @@ CVE-2012-5611 (Stack-based buffer overflow in the acl_get function in Oracle MyS
CVE-2012-5610 (Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud b ...)
- owncloud 4.0.8debian-1.1 (bug #693990)
[wheezy] - owncloud 4.0.4debian2-3.1
- NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5609 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...)
- owncloud 4.0.8debian-1.1 (bug #693990)
[wheezy] - owncloud 4.0.4debian2-3.1
- NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5608 (Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/setti ...)
- owncloud 4.0.8debian-1.1 (bug #693990)
[wheezy] - owncloud 4.0.4debian2-3.1
- NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5607 (The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4 ...)
- owncloud 4.0.8debian-1.1 (bug #693990)
[wheezy] - owncloud 4.0.4debian2-3.1
- NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5606 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
- owncloud 4.0.8debian-1.1 (bug #693990)
[wheezy] - owncloud 4.0.4debian2-3.1
- NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable permissio ...)
NOT-FOR-US: Red Hat CloudForms
CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when u ...)
@@ -2902,7 +2908,7 @@ CVE-2012-5581 (Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2
{DSA-2589-1}
- tiff 4.0.2-1 (bug #694693)
- tiff3 3.9.6-10
- NOTE: http://www.openwall.com/lists/oss-security/2012/11/28/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/11/28/1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=867235
CVE-2012-5580 (Format string vulnerability in the print_proxies function in bin/proxy ...)
- libproxy 0.3.1-4 (low)
@@ -2924,7 +2930,7 @@ CVE-2012-5576 (Multiple stack-based buffer overflows in file-xwd.c in the X Wind
[squeeze] - gimp 2.6.10-1+squeeze4
NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392
- NOTE: http://www.openwall.com/lists/oss-security/2012/11/21/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/11/21/2
CVE-2012-5575 (Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x befo ...)
NOT-FOR-US: Apache CXF
CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote a ...)
@@ -2980,7 +2986,7 @@ CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x befo
CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in the REST ...)
NOT-FOR-US: Drupal contributed-module
CVE-2012-5555
- RESERVED
+ REJECTED
CVE-2012-5554 (The default configuration for the Webform CiviCRM Integration module 7 ...)
NOT-FOR-US: Drupal contributed-module
CVE-2012-5553 (Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu ...)
@@ -3042,7 +3048,7 @@ CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled,
- firebird2.5 2.5.2~svn+54698.ds4-2 (low; bug #693210)
- firebird2.1 <not-affected> (Only affects 2.5.x)
CVE-2012-5528
- RESERVED
+ REJECTED
CVE-2012-5527 (Claws Mail vCalendar plugin: credentials exposed on interface ...)
- claws-mail-extra-plugins 3.8.1-2 (unimportant; bug #693391)
NOTE: More of a plain bug than a security vulnerability
@@ -3068,7 +3074,7 @@ CVE-2012-5522 (MantisBT before 1.2.12 does not use an expected default value dur
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.mantisbt.org/bugs/view.php?id=14496
CVE-2012-5521 (quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon pe ...)
- - quagga <unfixed> (unimportant; bug #693102)
+ - quagga <removed> (unimportant; bug #693102)
NOTE: Not reproducible so far
CVE-2012-5520 (The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x ...)
NOT-FOR-US: OpenVAS Manager
@@ -3396,7 +3402,7 @@ CVE-2012-5373 (Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes
[jessie] - openjdk-7 <ignored> (Minor issue, no icedtea fix, too complex to backport)
[wheezy] - openjdk-7 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
CVE-2012-5372 (Rubinius computes hash values without properly restricting the ability ...)
- - rubinius <itp> (bug #591817)
+ - rubinius <itp> (bug #591817)
CVE-2012-5371 (Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes ...)
{DLA-263-1}
- ruby1.8 <not-affected> (Only affects 1.9.x)
@@ -4659,8 +4665,8 @@ CVE-2012-4820 (Unspecified vulnerability in the JRE component in IBM Java 7 SR2
- openjdk-7 <not-affected> (Vulnerabilities specific to IBM Java)
CVE-2012-4819 (Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossa ...)
NOT-FOR-US: IBM InfoSphere
-CVE-2012-4818
- RESERVED
+CVE-2012-4818 (IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remo ...)
+ NOT-FOR-US: IBM
CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS ...)
NOT-FOR-US: IBM AIX, VIOS
CVE-2012-4816 (IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows rem ...)
@@ -4792,12 +4798,12 @@ CVE-2012-4754 (Multiple untrusted search path vulnerabilities in MindManager 201
CVE-2012-4410
REJECTED
CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
- NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
+ NOTE: https://www.openwall.com/lists/oss-security/2012/09/05/17
NOTE: False assignment, will be rejected, see #688123
CVE-2012-4752 (appconfig.php in ownCloud before 4.0.6 does not properly restrict acce ...)
- owncloud 4.0.7debian-1
[wheezy] - owncloud 4.0.4debian2-2
- NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
+ NOTE: https://www.openwall.com/lists/oss-security/2012/09/05/17
CVE-2012-4751 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
- otrs2 3.1.7+dfsg1-6
[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
@@ -4965,9 +4971,9 @@ CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain priv
CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and e ...)
NOT-FOR-US: Tunnelblick
CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...)
- NOT-FOR-US: PluXml
+ - pluxml <undetermined>
CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...)
- NOT-FOR-US: PluXml
+ - pluxml <undetermined>
CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in ...)
NOT-FOR-US: Neoinvoice
CVE-2012-4672 (Apple iChat Server does not verify that a request was made for an XMPP ...)
@@ -5362,7 +5368,7 @@ CVE-2012-4510 (cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGe
{DSA-2562-1}
- cups-pk-helper 0.2.3-1
CVE-2012-4509
- RESERVED
+ REJECTED
CVE-2012-4508 (Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 ...)
{DSA-2668-1}
- linux 3.2.35-1
@@ -5555,7 +5561,7 @@ CVE-2012-4437 (Cross-site scripting (XSS) vulnerability in the SmartyException c
- smarty <removed> (bug #702710)
[squeeze] - smarty 2.6.26-0.2+squeeze1
[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
- NOTE: http://www.openwall.com/lists/oss-security/2012/09/19/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/09/19/1
NOTE: http://secunia.com/advisories/50589/
NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt
NOTE: http://code.google.com/p/smarty-php/source/detail?r=4658
@@ -5604,16 +5610,17 @@ CVE-2012-4428 (openslp: SLPIntersectStringList()' Function has a DoS vulnerabili
[squeeze] - openslp-dfsg <no-dsa> (Minor issue)
[wheezy] - openslp-dfsg <no-dsa> (Minor issue)
CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...)
- - gnome-shell <unfixed> (unimportant)
+ - gnome-shell 3.34.0-2 (unimportant)
NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215
- NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut
+ NOTE: Problem with GNOME Shell's NPAPI browser extension which is not shipped
+ NOTE: anymore since GNOME 3.32.
CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier mig ...)
- mcrypt 2.6.8-1.1
[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
CVE-2012-4425 (libgio, when used in setuid or other privileged programs in spice-gtk ...)
- spice-gtk 0.12-5 (bug #689155)
- NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
+ NOTE: https://www.openwall.com/lists/oss-security/2012/09/13/18
CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...)
{DLA-165-1}
- eglibc <removed>
@@ -5623,7 +5630,7 @@ CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.
- libvirt 0.9.12-5 (bug #687598)
[squeeze] - libvirt <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=857133
- NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/11
+ NOTE: https://www.openwall.com/lists/oss-security/2012/09/13/11
CVE-2012-4422 (wp-admin/plugins.php in WordPress before 3.4.2, when the multisite fea ...)
- wordpress 3.4.2+dfsg-1
CVE-2012-4421 (The create_post function in wp-includes/class-wp-atom-server.php in Wo ...)
@@ -5633,7 +5640,7 @@ CVE-2012-4420 (An information disclosure flaw was found in the way the Java Virt
CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor b ...)
{DSA-2548-1}
- tor 0.2.3.22-rc-1
- NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/5
+ NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/5
NOTE: https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
NOTE: https://gitweb.torproject.org/tor.git/commitdiff/973c18bf0e84d14d8006a9ae97fde7f7fb97e404
NOTE: https://gitweb.torproject.org/tor.git/commitdiff/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
@@ -5656,7 +5663,7 @@ CVE-2012-4414 (Multiple SQL injection vulnerabilities in the replication code in
- mysql-5.5 5.5.30+dfsg-1 (bug #687485)
CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when g ...)
- keystone 2012.1.1-6 (bug #687428)
- NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/7
+ NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/7
CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...)
{DLA-165-1}
- eglibc <removed>
@@ -5750,32 +5757,32 @@ CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not proper
- mediawiki 1:1.19.2-1 (bug #686330)
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823
- NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+ NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4381 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in t ...)
- mediawiki 1:1.19.2-1 (bug #686330)
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184
- NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+ NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4380 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attack ...)
- mediawiki 1:1.19.2-1 (bug #686330)
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39824
- NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+ NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4379 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a rest ...)
- mediawiki 1:1.19.2-1 (bug #686330)
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39180
- NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+ NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4378 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki befor ...)
- mediawiki 1:1.19.2-1 (bug #686330)
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=37587
- NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+ NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4377 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 an ...)
- mediawiki 1:1.19.2-1 (bug #686330)
[squeeze] - mediawiki <not-affected> (Introduced in 1.16)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39700
- NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
+ NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4376
RESERVED
CVE-2012-4375
@@ -6098,7 +6105,7 @@ CVE-2012-4232 (SQL injection vulnerability in admin/index.php in jCore before 1.
CVE-2012-4231 (Cross-site scripting (XSS) vulnerability in admin/index.php in jCore b ...)
NOT-FOR-US: jCore
CVE-2012-4230 (The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyM ...)
- - tinymce <unfixed> (low; bug #796117)
+ - tinymce <removed> (low; bug #796117)
[buster] - tinymce <no-dsa> (Minor issue)
[stretch] - tinymce <no-dsa> (Minor issue)
[jessie] - tinymce <no-dsa> (Minor issue)
@@ -6628,14 +6635,14 @@ CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.
- wireshark 1.8.2-1
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: http://www.wireshark.org/security/wnpa-sec-2012-12.html
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/2
CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9 ...)
{DSA-2590-1}
- wireshark 1.8.2-1 (bug #680056)
NOTE: http://www.wireshark.org/security/wnpa-sec-2012-11.html
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/2
CVE-2012-4033 (Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin be ...)
NOT-FOR-US: Zingiri not in Debian
CVE-2012-4032 (Open redirect vulnerability in the login page in WebsitePanel before 1 ...)
@@ -6704,12 +6711,12 @@ CVE-2012-4003 (Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJE
- glpi 0.83.31-1 (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
NOTE: https://forge.indepnet.net/projects/glpi/versions/771
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/13/1
CVE-2012-4002 (Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI b ...)
- glpi 0.83.31-1 (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
NOTE: https://forge.indepnet.net/projects/glpi/versions/771
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/13/1
CVE-2012-4001 (The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server d ...)
NOT-FOR-US: mod_pagespeed
CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var f ...)
@@ -7847,7 +7854,7 @@ CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privilege
- glib2.0 2.33.12+really2.32.4-2
[squeeze] - glib2.0 <not-affected> (Vulnerable code not present)
NOTE: fixed in 2.34.0-1 from experimental
- NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
+ NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/6
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=697105
NOTE: http://stealth.openwall.net/null/dzug.c
CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does not prop ...)
@@ -7985,7 +7992,7 @@ CVE-2012-3482 (Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in
CVE-2012-3481 (Integer overflow in the ReadImage function in plug-ins/common/file-gif ...)
- gimp 2.8.2-1 (bug #685397)
[squeeze] - gimp 2.6.10-1+squeeze4
- NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/8
+ NOTE: https://www.openwall.com/lists/oss-security/2012/08/20/8
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=776572
CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...)
{DLA-165-1}
@@ -7995,8 +8002,8 @@ CVE-2012-3479 (lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically e
{DSA-2603-1}
- emacs23 23.4+1-4 (bug #684695)
- emacs24 24.2+1-1 (bug #684694)
- NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/1
- NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/08/13/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/08/13/2
CVE-2012-3478 (rssh 2.3.3 and earlier allows local users to bypass intended restricte ...)
{DSA-2530-1}
- rssh 2.3.3-5
@@ -8039,7 +8046,7 @@ CVE-2012-3464 (Cross-site scripting (XSS) vulnerability in activesupport/lib/act
CVE-2012-3463 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...)
- rails <not-affected> (Only affects RoR 3.x)
- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
- NOTE: http://www.openwall.com/lists/oss-security/2012/08/09/8
+ NOTE: https://www.openwall.com/lists/oss-security/2012/08/09/8
CVE-2012-3462 (A flaw was found in SSSD version 1.9.0. The SSSD's access-provider log ...)
- sssd 1.10.0-1
NOTE: https://pagure.io/SSSD/sssd/issue/1470
@@ -8078,8 +8085,8 @@ CVE-2012-3450 (pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5
- php5 5.4.4-1 (bug #683694)
NOTE: http://seclists.org/bugtraq/2012/Jun/60
NOTE: https://bugs.php.net/bug.php?id=61755
- NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/3
- NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/7
+ NOTE: https://www.openwall.com/lists/oss-security/2012/08/02/3
+ NOTE: https://www.openwall.com/lists/oss-security/2012/08/02/7
CVE-2012-3449 (Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/op ...)
- openvswitch 1.4.2+git20120612-8 (bug #683665)
CVE-2012-3448 (Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote at ...)
@@ -8098,20 +8105,20 @@ CVE-2012-3444 (The get_image_dimensions function in the image-handling functiona
{DSA-2529-1}
- python-django 1.4.1-1 (bug #683364)
NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2
CVE-2012-3443 (The django.forms.ImageField class in the form system in Django before ...)
{DSA-2529-1}
- python-django 1.4.1-1 (bug #683364)
NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2
CVE-2012-3442 (The (1) django.http.HttpResponseRedirect and (2) django.http.HttpRespo ...)
{DSA-2529-1}
- python-django 1.4.1-1 (bug #683364)
NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2
CVE-2012-3441 (The database creation script (module/idoutils/db/scripts/create_mysqld ...)
- icinga <not-affected> (Debian uses dbconfig, which does the right thing, bug #683320)
CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (R ...)
@@ -8146,7 +8153,7 @@ CVE-2012-3430 (The rds_recvmsg function in net/rds/recv.c in the Linux kernel be
- linux 3.2.29-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-36
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/26/3
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/26/3
CVE-2012-3429 (The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb ...)
NOT-FOR-US: Dynamic LDAP backend plugin for BIND
CVE-2012-3428 (The IronJacamar container before 1.0.12.Final for JBoss Application Se ...)
@@ -8190,7 +8197,7 @@ CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFU
NOTE: https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
CVE-2012-3413 (The HTMLQuoteColorer::process function in messageviewer/htmlquotecolor ...)
- kdepim <not-affected> (Only affects kdepim >= 4.6)
- NOTE: CVE-request http://www.openwall.com/lists/oss-security/2012/07/13/3
+ NOTE: CVE-request https://www.openwall.com/lists/oss-security/2012/07/13/3
NOTE: https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54
NOTE: https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690
CVE-2012-3412 (The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before ...)
@@ -8216,16 +8223,16 @@ CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Pupp
NOTE: Fixed in 2.7.18 by updated docs
CVE-2012-3407 (plow has local buffer overflow vulnerability ...)
NOT-FOR-US: plow
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/6
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/16
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/6
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/16
CVE-2012-3406 (The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...)
{DSA-3169-1 DLA-165-1}
- eglibc <removed>
- glibc 2.19-14 (low; bug #681888)
NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5985c6ea868db23380977a35a2167549f9a3653b
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=826943
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17
CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...)
{DLA-165-1}
- glibc 2.13-35 (low; bug #681473)
@@ -8234,8 +8241,8 @@ CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C
NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a4647e727a2a52e1259474c13f4b13288938bed4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833704
NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1d498daa95384e5c9ad5bcb35e7a996e5869ac39
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17
CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...)
- glibc 2.13-35 (low; bug #681473)
- eglibc 2.13-35 (low; bug #681473)
@@ -8243,8 +8250,8 @@ CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12445
NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=84a4211850e3d23a9d3a4f3b294752a3b30bc0ff
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833703
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17
CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP ...)
- gimp 2.8.2-1 (bug #685397)
[squeeze] - gimp 2.6.10-1+squeeze4
@@ -8309,16 +8316,16 @@ CVE-2012-3386 (The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.
[squeeze] - automake1.9 1.9.6+nogfdl-3.1+squeeze1
CVE-2012-3385 (WordPress before 3.4.1 does not properly restrict access to post conte ...)
- wordpress 3.4.1+dfsg-1 (bug #680721)
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1
CVE-2012-3384 (Cross-site request forgery (CSRF) vulnerability in the customizer in W ...)
- wordpress 3.4.1+dfsg-1 (bug #680721)
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1
CVE-2012-3383 (The map_meta_cap function in wp-includes/capabilities.php in WordPress ...)
- wordpress 3.4.1+dfsg-1 (bug #680721)
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1
CVE-2012-3382 (Cross-site scripting (XSS) vulnerability in the ProcessRequest functio ...)
{DSA-2512-1}
- mono 2.10.8.1-5 (bug #681095)
@@ -8328,8 +8335,8 @@ CVE-2012-3381 (sfcb in sblim-sfcb places a zero-length directory name in the LD_
NOT-FOR-US: sblim-sfcb
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770234
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/7
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/8
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/06/7
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/06/8
CVE-2012-3380 (Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Nax ...)
- nginx 1.2.1-2
[squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1)
@@ -8340,7 +8347,7 @@ CVE-2012-3378 (The register_application function in atk-adaptor/bridge.c in GNOM
CVE-2012-3377 (Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...)
- vlc 2.0.2-1 (bug #680665)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
- NOTE: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
+ NOTE: https://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
NOTE: http://securitytracker.com/id/1027224
CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens ...)
- hadoop <itp> (bug #535861)
@@ -8362,7 +8369,7 @@ CVE-2012-3372 (** DISPUTED ** The default configuration of Cyberoam UTM applianc
NOTE: http://seclists.org/bugtraq/2012/Jul/20
CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Ess ...)
- nova 2012.1.1-5 (bug #681301)
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/13
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/13
NOTE: https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d
NOTE: https://github.com/openstack/nova/commit/25f5bd31805bd21d7b7e3583c775252aa8f737e9
NOTE: https://bugs.launchpad.net/nova/+bug/1017795
@@ -8405,7 +8412,7 @@ CVE-2012-3359 (Luci in Red Hat Conga stores the user's username and password in
CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in j ...)
{DSA-2629-1}
- openjpeg 1.3+dfsg-4.4 (bug #681075)
- NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/1
NOTE: Upstream patch: http://code.google.com/p/openjpeg/source/detail?r=1727
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835767
CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1. ...)
@@ -8428,7 +8435,7 @@ CVE-2012-3355 ((1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) Lyric
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835076
CVE-2012-3354 (doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain P ...)
- dokuwiki 0.0.20130510a-1 (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/24/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/24/2
CVE-2012-3353 (The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling J ...)
NOT-FOR-US: Apache Sling
CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open ...)
@@ -8450,7 +8457,7 @@ CVE-2012-3346
RESERVED
CVE-2012-3345 (ioquake3 before r2253 allows local users to overwrite arbitrary files ...)
- ioquake3 1.36+svn2224-4
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/3
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/15/3
CVE-2012-3344
RESERVED
CVE-2012-3343 (Cross-site request forgery (CSRF) vulnerability in Microdasys before 3 ...)
@@ -8458,18 +8465,18 @@ CVE-2012-3343 (Cross-site request forgery (CSRF) vulnerability in Microdasys bef
CVE-2012-3342 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2012-3341
- RESERVED
-CVE-2012-3340
- RESERVED
+CVE-2012-3341 (IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross ...)
+ NOT-FOR-US: IBM
+CVE-2012-3340 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML extern ...)
+ NOT-FOR-US: IBM
CVE-2012-3339
RESERVED
-CVE-2012-3338
- RESERVED
-CVE-2012-3337
- RESERVED
-CVE-2012-3336
- RESERVED
+CVE-2012-3338 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attack ...)
+ NOT-FOR-US: IBM
+CVE-2012-3337 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attack ...)
+ NOT-FOR-US: IBM
+CVE-2012-3336 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL inject ...)
+ NOT-FOR-US: IBM
CVE-2012-3335
RESERVED
CVE-2012-3334 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 ...)
@@ -9785,7 +9792,7 @@ CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in
CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg be ...)
- ffmpeg <not-affected> (there is no crash, just a couple uninitialized reads, harmless according to Janne)
- libav <not-affected> (there is no crash, just a couple uninitialized reads, harmless according to Janne)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
NOTE: patch proposed: http://patches.libav.org/patch/32644/
CVE-2012-2773 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...)
- ffmpeg 7:2.4.1-1
@@ -9816,7 +9823,7 @@ CVE-2012-2764 (Untrusted search path vulnerability in Google Chrome before 20.0.
CVE-2012-2763 (Buffer overflow in the readstr_upto function in plug-ins/script-fu/tin ...)
- gimp 2.8.0-1 (unimportant)
NOTE: Only exploitable in rare/theoretical setups
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/31/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/31/1
NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html
NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfubof.c
CVE-2012-2762 (SQL injection vulnerability in include/functions_trackbacks.inc.php in ...)
@@ -9846,8 +9853,8 @@ CVE-2012-2751 (ModSecurity before 2.6.6, when used with PHP, does not properly h
{DSA-2506-1}
- modsecurity-apache 2.6.6-1 (bug #678527)
- libapache-mod-security <removed> (bug #678529)
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/2
CVE-2012-2750 (Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown imp ...)
{DSA-2780-1}
- mysql-5.5 5.5.23-1
@@ -9875,11 +9882,11 @@ CVE-2012-2744 (net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel befor
CVE-2012-2743 (Revelation 0.4.13-2 and earlier does not iterate through SHA hashing a ...)
- revelation 0.4.11-10 (low; bug #633088)
[squeeze] - revelation <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/18/1
CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32 characters of a ...)
- revelation 0.4.11-10 (bug #633088)
[squeeze] - revelation <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/18/1
CVE-2012-2741 (Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ i ...)
- phplist <itp> (bug #612288)
CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in phpList befo ...)
@@ -9890,15 +9897,15 @@ CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build
NOTE: Upstream disputes this and states it needs to be fixed in Java apps itself
NOTE: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
NOTE: http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/12
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/15/12
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/17/1
CVE-2012-2738 (The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote au ...)
- vte 1:0.28.2-5 (bug #677717)
- vte3 1:0.32.2-1
[squeeze] - vte 1:0.24.3-4
CVE-2012-2737 (The user_change_icon_file_authorized_cb function in /usr/libexec/accou ...)
- accountsservice 0.6.21-6 (bug #679429)
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/28/9
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/28/9
NOTE: http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=832532
CVE-2012-2736 (In NetworkManager 0.9.2.0, when a new wireless network was created wit ...)
@@ -10007,10 +10014,10 @@ CVE-2012-2690 (virt-edit in libguestfs before 1.18.0 does not preserve the permi
NOTE: Upstream patch https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html
NOTE: https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=788642
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/1
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/5
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/5
CVE-2012-2689
- RESERVED
+ REJECTED
CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in the s ...)
{DSA-2527-1}
- php5 5.4.4-4 (low; bug #683274)
@@ -10077,8 +10084,8 @@ CVE-2012-2667 (Session fixation vulnerability in lib/user/sfBasicSecurityUser.cl
NOTE: http://symfony.com/blog/security-release-symfony-1-4-18-released
NOTE: http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
NOTE: http://trac.symfony-project.org/changeset/33466?format=diff&new=33466
-CVE-2012-2666
- RESERVED
+CVE-2012-2666 (golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/ ...)
+ NOT-FOR-US: Historic Go issue
CVE-2012-2665 (Multiple heap-based buffer overflows in the XML manifest encryption ta ...)
{DSA-2520-1}
- libreoffice 1:3.5.4-7
@@ -10098,7 +10105,7 @@ CVE-2012-2660 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails b
- ruby-activerecord-3.2 3.2.6-1 (bug #675429)
NOTE: http://seclists.org/oss-sec/2012/q2/449
CVE-2012-2659
- RESERVED
+ REJECTED
CVE-2012-2658
- unixodbc 2.3.6-0.1 (unimportant; bug #675058)
NOTE: Only triggerable by trusted input, not a security issue
@@ -10798,7 +10805,7 @@ CVE-2012-2353 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote au
CVE-2012-2352 (The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in ...)
{DSA-2477-1}
- sympa 6.1.11~dfsg-1 (bug #672893; high)
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/12/8
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/12/8
CVE-2012-2351 (The default configuration of the auth/saml plugin in Mahara before 1.4 ...)
{DSA-2467-1}
- mahara 1.4.2-1
@@ -10822,23 +10829,23 @@ CVE-2012-2343
CVE-2012-2342
REJECTED
CVE-2012-2341 (Cross-site request forgery (CSRF) vulnerability in the Take Control mo ...)
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2
NOT-FOR-US: Drupal Take Control
CVE-2012-2340 (The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not sp ...)
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2
NOT-FOR-US: Drupal Contact Forms
CVE-2012-2339 (Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1. ...)
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2
NOT-FOR-US: Drupal Glossary
CVE-2012-2338 (SQL injection vulnerability in includes/picture.class.php in Galette 0 ...)
NOT-FOR-US: Galette
NOTE: http://redmine.ulysses.fr/issues/250
NOTE: http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/5
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/1
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/5
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/1
CVE-2012-2337 (sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does no ...)
{DSA-2478-1}
- sudo 1.8.3p2-1.1 (bug #673766)
@@ -10882,15 +10889,15 @@ CVE-2012-2328 (internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Ins
CVE-2012-2327 (MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obt ...)
NOT-FOR-US: MyBB (aka MyBulletinBoard)
NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14
CVE-2012-2326 (Cross-site scripting (XSS) vulnerability in the Admin Control Panel (A ...)
NOT-FOR-US: MyBB (aka MyBulletinBoard)
NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14
CVE-2012-2325 (SQL injection vulnerability in the User Inline Moderation feature in t ...)
NOT-FOR-US: MyBB (aka MyBulletinBoard)
NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14
CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) b ...)
NOT-FOR-US: MyBB
CVE-2012-2323
@@ -11187,8 +11194,8 @@ CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in
NOT-FOR-US: IBM Global Security Kit
CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus ...)
NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security System
-CVE-2012-2201
- RESERVED
+CVE-2012-2201 (IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by a ...)
+ NOT-FOR-US: IBM
CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS ...)
NOT-FOR-US: sendmail configuration in AIX
CVE-2012-2199 (The server message channel agent in the queue manager in the server in ...)
@@ -11270,8 +11277,8 @@ CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS)
NOT-FOR-US: WebSphere
CVE-2012-2161 (Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Ec ...)
NOT-FOR-US: IBM Security AppScan Source
-CVE-2012-2160
- RESERVED
+CVE-2012-2160 (IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused ...)
+ NOT-FOR-US: IBM
CVE-2012-2159 (Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used ...)
NOT-FOR-US: IBM Eclipse Help System
CVE-2012-2158
@@ -11289,7 +11296,7 @@ CVE-2012-2153 (Drupal 7.x before 7.14 does not properly restrict access to nodes
CVE-2012-2152 (Stack-based buffer overflow in the get_packet method in socket.c in dh ...)
{DSA-2498-1}
- dhcpcd 1:3.2.3-11 (bug #671265)
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/02/4
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/02/4
CVE-2012-2151 (Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x befo ...)
{DSA-2461-1}
- spip 2.1.13-1 (low; bug #671264)
@@ -11327,7 +11334,7 @@ CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9.
NOTE: Uses the unaffected system libraries since 5.3.3
CVE-2012-2142 (The error function in Error.cc in poppler before 0.21.4 allows remote ...)
- xpdf <not-affected> (uses poppler's Error.cc)
- - poppler 0.18.4-7 (unimportant; bug #487773)
+ - poppler 0.18.4-7 (unimportant; bug #487773)
NOTE: poppler upstream patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in agent ...)
- net-snmp 5.4.3~dfsg-2.5 (low; bug #672492)
@@ -12635,7 +12642,7 @@ CVE-2012-1610 (Integer overflow in the GetEXIFProperty function in magick/proper
{DSA-2462-1}
- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-1609
- RESERVED
+ REJECTED
CVE-2012-1608 (The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5 ...)
{DSA-2445-1}
- typo3-src 4.5.14+dfsg1-1
@@ -12890,8 +12897,7 @@ CVE-2012-1496 (Local file inclusion in WebCalendar before 1.2.5. ...)
- webcalendar <removed>
CVE-2012-1495 (install/index.php in WebCalendar before 1.2.5 allows remote attackers ...)
- webcalendar <removed>
-CVE-2012-1102 [XML::Atom Perl module XML entity expansion]
- RESERVED
+CVE-2012-1102 (It was discovered that the XML::Atom Perl module before version 0.39 d ...)
{DSA-2424-1}
- libxml-atom-perl 0.39-1 (medium)
CVE-2012-1494
@@ -13515,9 +13521,10 @@ CVE-2012-1193 (The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwri
CVE-2012-1192 (The resolver in Unbound before 1.4.11 overwrites cached server names a ...)
NOTE: DNS protocol flaw
CVE-2012-1191 (The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites ...)
- - djbdns <removed>
+ - djbdns 1:1.05-10
NOTE: DNS protocol flaw
NOTE: RH made an update: https://bugzilla.redhat.com/show_bug.cgi?id=838761
+ NOTE: https://marc.info/?l=djbdns&m=134269902121506&w=2
CVE-2012-0869 (Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EX ...)
{DSA-2414-1}
- fex 20120215-1 (low; bug #660621)
@@ -13544,11 +13551,11 @@ CVE-2012-1185 (Multiple integer overflows in (1) magick/profile.c or (2) magick/
CVE-2012-1184 (Stack-based buffer overflow in the ast_parse_digest function in main/u ...)
- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
[squeeze] - asterisk <not-affected> (HTTP digest authentication code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
+ NOTE: https://www.openwall.com/lists/oss-security/2012/03/16/10
CVE-2012-1183 (Stack-based buffer overflow in the milliwatt_generate function in the ...)
{DSA-2460-1}
- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
- NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
+ NOTE: https://www.openwall.com/lists/oss-security/2012/03/16/10
CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14 ...)
{DSA-2450-1}
- samba 2:3.6.4-1 (bug #668309)
@@ -13570,14 +13577,14 @@ CVE-2012-1178 (The msn_oim_report_to_user function in oim.c in the MSN protocol
CVE-2012-1177 (libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL ...)
{DSA-2482-1}
- libgdata 0.10.2-1 (bug #664032)
- NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/3
+ NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/3
CVE-2012-1176 (Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi b ...)
- pyfribidi 0.11.0-1 (bug #663189)
[squeeze] - pyfribidi <no-dsa> (Minor issue)
CVE-2012-1175 (Integer overflow in the GnashImage::size method in libbase/GnashImage. ...)
{DSA-2435-1}
- gnash 0.8.10-5 (bug #664023)
- NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/5
+ NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/5
CVE-2012-1174 (The rm_rf_children function in util.c in the systemd-logind login mana ...)
- systemd 44-1 (bug #664364)
CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow r ...)
@@ -13599,18 +13606,18 @@ CVE-2012-1168 (Moodle before 2.2.2 has a password and web services issue where w
CVE-2012-1167 (The JBoss Server in JBoss Enterprise Application Platform 5.1.x before ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-1166 (The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x be ...)
- - ldm 2:2.2.7-1 (bug #663645)
+ - ldm 2:2.2.7-1 (bug #663645)
[squeeze] - ldm <not-affected> (Introduced in 2.2)
NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340
CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL befor ...)
{DSA-2454-1}
- openssl 1.0.0h-1 (low; bug #663642)
- NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/3
+ NOTE: https://www.openwall.com/lists/oss-security/2012/03/12/3
CVE-2012-1164 (slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a den ...)
{DLA-203-1}
- openldap 2.4.31-1 (low; bug #663644)
[squeeze] - openldap <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/4
+ NOTE: https://www.openwall.com/lists/oss-security/2012/03/12/4
CVE-2012-1163 (Integer overflow in the _zip_readcdir function in zip_open.c in libzip ...)
- libzip 0.10.1-1 (bug #664990)
[squeeze] - libzip <not-affected> (Only affects 0.10.x)
@@ -13811,15 +13818,10 @@ CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before
{DSA-2443-1}
- linux-2.6 3.2.10-1 (low)
CVE-2012-1096 (NetworkManager 0.9 and earlier allows local users to use other users' ...)
- - network-manager <unfixed> (low; bug #684259)
- [buster] - network-manager <ignored> (Minor issue)
- [stretch] - network-manager <ignored> (Minor issue)
- [jessie] - network-manager <ignored> (Minor issue)
- [wheezy] - network-manager <ignored> (Minor issue)
- [squeeze] - network-manager <no-dsa> (Minor issue)
- NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=793329
+ NOTE: Design limitation, not treated as a security issue by upstream:
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=793329#c1
CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or package ...)
- - osc <unfixed> (unimportant)
+ - osc 0.134.0-1 (unimportant)
NOTE: This is ultimately a bug in the respectice terminal emulations and not a vulnerability in osc
CVE-2012-1094 (JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostna ...)
- libapache2-mod-cluster <itp> (bug #731410)
@@ -14127,8 +14129,9 @@ CVE-2012-0957 (The override_release function in kernel/sys.c in the Linux kernel
NOTE: https://lkml.org/lkml/2012/10/9/550
CVE-2012-0956 (ubiquity-slideshow-ubuntu before 58.2, during installation, allows rem ...)
NOT-FOR-US: ubiquity-slideshow-ubuntu
-CVE-2012-0955
- RESERVED
+CVE-2012-0955 (software-properties was vulnerable to a person-in-the-middle attack du ...)
+ - software-properties 0.92.25debian1
+ NOTE: https://launchpad.net/bugs/1036839
CVE-2012-0954 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-ke ...)
- apt 0.7.25 (unimportant)
NOTE: net-update is not enabled by default in Debian
@@ -14149,7 +14152,7 @@ CVE-2012-0947 (Heap-based buffer overflow in the vqa_decode_chunk function in th
- libav 6:0.8.2-1
- ffmpeg 7:2.4.1-1
NOTE: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963
- NOTE: http://www.openwall.com/lists/oss-security/2012/05/03/4
+ NOTE: https://www.openwall.com/lists/oss-security/2012/05/03/4
CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access arbi ...)
- nvidia-graphics-drivers 295.40-1
[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1
@@ -14283,7 +14286,7 @@ CVE-2012-0908 (Cross-site scripting (XSS) vulnerability in logout.php in SimpleS
CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 i ...)
{DSA-2454-1}
- openssl 1.0.0h-1 (low)
- NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- http://www.openwall.com/lists/oss-security/2012/03/23/12
+ NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- https://www.openwall.com/lists/oss-security/2012/03/23/12
CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 place ...)
- apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package)
CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other v ...)
@@ -14443,7 +14446,7 @@ CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php i
CVE-2012-0833 (The acllas__handle_group_entry function in servers/plugins/acl/acllas. ...)
- 389-ds-base <not-affected> (Fixed before initial upload)
CVE-2012-0832
- RESERVED
+ REJECTED
CVE-2012-0831 (PHP before 5.3.10 does not properly perform a temporary change to the ...)
{DSA-2408-1}
- php5 5.3.10-1
@@ -14489,7 +14492,7 @@ CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote att
[squeeze] - samba <not-affected> (Only affects 3.6.x)
[lenny] - samba <not-affected> (Only affects 3.6.x)
CVE-2012-0816
- RESERVED
+ REJECTED
CVE-2012-0815 (The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 al ...)
{DLA-140-1}
- rpm 4.9.1.3-1 (bug #667031)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 44ea8b402e..9fc3286a3f 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1,5 +1,28 @@
+CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak. ...)
+ NOT-FOR-US: StarWind
+CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (usin ...)
+ NOT-FOR-US: Z-Wave devices
+CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...)
+ NOT-FOR-US: Elemin
+CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...)
+ NOT-FOR-US: OpenZFS
+CVE-2013-7491 (An issue was discovered in the DBI module before 1.628 for Perl. Stack ...)
+ - libdbi-perl 1.628-1
+ NOTE: https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d
+ NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85562
+CVE-2013-7490 (An issue was discovered in the DBI module before 1.632 for Perl. Using ...)
+ - libdbi-perl 1.633-1
+ NOTE: https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766
+ NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=86744
+CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by deserializ ...)
+ - beaker <unfixed> (bug #966197)
+ [bullseye] - beaker <no-dsa> (Minor issue)
+ [buster] - beaker <no-dsa> (Minor issue)
+ [stretch] - beaker <no-dsa> (Minor issue)
+ NOTE: https://github.com/bbangert/beaker/issues/191
+ NOTE: https://www.openwall.com/lists/oss-security/2020/05/14/11
CVE-2013-7488 (perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 ...)
- - libconvert-asn1-perl <unfixed> (bug #956186)
+ - libconvert-asn1-perl 0.27-3 (bug #956186)
[buster] - libconvert-asn1-perl <no-dsa> (Minor issue)
[stretch] - libconvert-asn1-perl <no-dsa> (Minor issue)
[jessie] - libconvert-asn1-perl <no-dsa> (Minor issue)
@@ -11,10 +34,13 @@ CVE-2013-7486 (Cross-site scripting (XSS) vulnerability in the backend in Open-X
CVE-2013-7485 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...)
NOT-FOR-US: Open-Xchange App Suite
CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with unsalte ...)
- - zabbix <unfixed>
+ - zabbix 1:5.0.0+dfsg-1
[buster] - zabbix <no-dsa> (Minor issue)
[stretch] - zabbix <no-dsa> (Minor issue)
[jessie] - zabbix <no-dsa> (Minor issue)
+ NOTE: https://support.zabbix.com/browse/ZBX-16551
+ NOTE: https://support.zabbix.com/browse/ZBXNEXT-1898
+ NOTE: https://www.zabbix.com/documentation/5.0/manual/introduction/whatsnew500#stronger_cryptography_for_passwords
CVE-2013-7483 (The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. ...)
NOT-FOR-US: slidedeck2 plugin for WordPress
CVE-2013-7482 (The reflex-gallery plugin before 1.4.3 for WordPress has XSS. ...)
@@ -45,7 +71,7 @@ CVE-2013-7470 (cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel
- linux 3.11.7-1
NOTE: Fixed by: https://git.kernel.org/linus/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b
CVE-2013-7469 (Seafile through 6.2.11 always uses the same Initialization Vector (IV) ...)
- - seafile <unfixed> (bug #923009)
+ - seafile 7.0.2-1 (bug #923009)
[buster] - seafile <ignored> (Minor issue)
NOTE: https://github.com/haiwen/seafile/issues/350
CVE-2013-7468 (Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the in ...)
@@ -60,7 +86,7 @@ CVE-2013-7464 (In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not
- zoneminder <not-affected> (Vulnerable code never in a embedded copy version for zoneminder)
- cacti <not-affected> (Vulnerable code never in any release inclusing embedded copy, i.e. pre 1.0.4)
NOTE: Issue is in embedded csrf-magic
- NOTE: http://repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11 (v1.0.4)
+ NOTE: https://repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11 (v1.0.4)
CVE-2013-7463 (The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use ...)
NOT-FOR-US: aescrypt gem for Ruby
CVE-2013-7462 (A directory traversal vulnerability in the web application in McAfee ( ...)
@@ -77,11 +103,11 @@ CVE-2013-7459 (Heap-based buffer overflow in the ALGnew function in block_templa
NOTE: Fixed by: https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
NOTE: All users of pycrypto's AES module in Debian that allow the mode
NOTE: of operation to be specified from outside check for ECB explicitly
- NOTE: and create the objects without specifying an IV.
+ NOTE: and create the objects without specifying an IV.
CVE-2013-7458 (linenoise, as used in Redis before 3.2.3, uses world-readable permissi ...)
{DSA-3634-1 DLA-577-1}
- redis 2:3.2.1-4 (bug #832460)
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/1
CVE-2013-7457 (Unspecified vulnerability in the Qualcomm components in Android before ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2013-7456 (gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1 ...)
@@ -94,7 +120,7 @@ CVE-2013-7456 (gd_interpolation.c in the GD Graphics Library (aka libgd) before
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72227
NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2013-7455 (Double free vulnerability in the DefaultICCintents function in cmscnvr ...)
- lcms2 2.6-1
[wheezy] - lcms2 <not-affected> (vulnerable code not present, no cmsPipelineFree(Lut); in Error:-part)
@@ -114,7 +140,7 @@ CVE-2013-7448 (Directory traversal vulnerability in wiki.c in didiwiki allows re
{DSA-3485-1 DLA-424-1}
- didiwiki 0.5-12 (bug #815111)
NOTE: https://github.com/OpenedHand/didiwiki/pull/1/files
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/19/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/19/4
CVE-2013-7447 (Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gd ...)
{DLA-419-1}
- gtk+2.0 2.24.30-1.1 (bug #799275)
@@ -130,16 +156,16 @@ CVE-2013-7446 (Use-after-free vulnerability in net/unix/af_unix.c in the Linux k
- linux-2.6 <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1273845
NOTE: https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/18/9
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/18/9
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec0d215f9420564fc8286dcf93d2d068bb53a07e (v2.6.26-rc9)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c (v4.4-rc4)
CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel throu ...)
- - linux <unfixed>
+ - linux <unfixed> (bug #1000886)
+ [bullseye] - linux <ignored> (Minor issue, requires invasive changes)
[buster] - linux <ignored> (Minor issue, requires invasive changes)
[stretch] - linux <ignored> (Minor issue, requires invasive changes)
[jessie] - linux <ignored> (Minor issue, requires invasive changes)
[wheezy] - linux <no-dsa> (Minor issue, requires invasive changes)
- [jessie] - linux-4.9 <ignored> (Minor issue, requires invasive changes)
- linux-2.6 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=60533
CVE-2013-7444 (The Special:Contributions page in MediaWiki before 1.22.0 allows remot ...)
@@ -155,7 +181,7 @@ CVE-2013-7443 (Buffer overflow in the skip-scan optimization in SQLite 3.8.2 all
NOTE: Fixed by: https://www.sqlite.org/src/info/ac5852d6403c9c96
NOTE: Introduced by: https://www.sqlite.org/src/info/b0bb975c0986fe01
NOTE: https://www.sqlite.org/src/info/520070ec7fbaac
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/14/5
CVE-2013-7442 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...)
NOT-FOR-US: GE Healthcare Centricity PACS Workstation
CVE-2013-7440 (The ssl.match_hostname function in CPython (aka Python) before 2.7.9 a ...)
@@ -180,7 +206,7 @@ CVE-2013-7439 (Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLe
- libx11 2:1.6.0-1
NOTE: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=56508
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/08/4
NOTE: The following packages will be recompiled after the release of
NOTE: the DSA for wheezy and the DLA for squeeze:
NOTE: libxrender (1:0.9.7-1+deb7u2 / 0.9.6-1+squeeze1+build1)
@@ -203,7 +229,7 @@ CVE-2013-7441 (The modern style negotiation in Network Block Device (nbd-server)
{DSA-3271-1}
- nbd 1:3.4-1 (bug #781547)
[squeeze] - nbd <not-affected> (Named export introduced in 2.9.17)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/19/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/19/6
CVE-2013-7435 (The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2. ...)
NOT-FOR-US: Evergreen library
CVE-2013-7434
@@ -226,12 +252,12 @@ CVE-2013-7436 (noVNC before 0.5 does not set the secure flag for a cookie in an
- novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-4 (bug #778618)
[wheezy] - novnc <not-affected> (Only an issue in combination with later OpenStack components)
NOTE: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/17/1
CVE-2013-7425
RESERVED
CVE-2013-XXXX [TOCTOU race when expanding JAR files]
- libbluray 0.7.0-1 (unimportant)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/9
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/06/9
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=959433
NOTE: libbluray is only in wheezy and later and the issue is neutered by the kernel hardening for /tmp
NOTE: Affected code removed in 0.7.0-1
@@ -240,7 +266,7 @@ CVE-2013-7437 (Multiple integer overflows in potrace 1.11 allow remote attackers
- potrace 1.12-1 (bug #778646)
[squeeze] - potrace <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=955808
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/12
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/12
CVE-2013-7449 (The ssl_do_connect function in common/server.c in HexChat before 2.10. ...)
- xchat 2.8.8-10 (bug #776609)
[jessie] - xchat <no-dsa> (Minor issue)
@@ -266,11 +292,11 @@ CVE-2013-7424 (The getaddrinfo function in glibc before 2.15, when compiled with
CVE-2013-7423 (The send_dg function in resolv/res_send.c in GNU C Library (aka glibc ...)
{DLA-165-1}
- glibc 2.19-1 (bug #722075)
- [wheezy] - eglibc 2.13-38+deb7u5
- eglibc <removed>
+ [wheezy] - eglibc 2.13-38+deb7u5
NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9d2d03254a58d92635a311a42253eeed5a40a47
NOTE: Upstream report: https://sourceware.org/bugzilla/show_bug.cgi?id=15946
- NOTE: http://www.openwall.com/lists/oss-security/2015/01/28/16
+ NOTE: https://www.openwall.com/lists/oss-security/2015/01/28/16
CVE-2013-7421 (The Crypto API in the Linux kernel before 3.18.5 allows local users to ...)
{DSA-3170-1}
- linux 3.16.7-ckt4-2
@@ -284,7 +310,7 @@ CVE-2013-7422 (Integer underflow in regcomp.c in Perl before 5.20, as used in Ap
[wheezy] - perl <no-dsa> (Minor issue)
[squeeze] - perl <no-dsa> (Minor issue)
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=119505
- NOTE: http://www.openwall.com/lists/oss-security/2015/01/23/9
+ NOTE: https://www.openwall.com/lists/oss-security/2015/01/23/9
CVE-2013-XXXX [lhasa: several directory traversal vulnerabilities]
- lhasa 0.2.0-1
[wheezy] - lhasa <no-dsa> (Minor issue)
@@ -571,7 +597,7 @@ CVE-2013-7338 (Python before 3.3.4 RC1 allows remote attackers to cause a denial
CVE-2013-XXXX [libclamunrar: double-free error libclamunrar_iface/unrar_iface.c]
- libclamunrar 0.97.7+dfsg-1 (bug #770647)
[wheezy] - libclamunrar <no-dsa> (Non-free not supported, also minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
+ NOTE: https://www.openwall.com/lists/oss-security/2013/11/29/6
CVE-2013-XXXX [staden-io-lib buffer overflow]
- staden-io-lib 1.13.3-2 (low; bug #729276)
[squeeze] - staden-io-lib <no-dsa> (Minor issue)
@@ -1117,9 +1143,8 @@ CVE-2013-7116
REJECTED
CVE-2013-7115
REJECTED
-CVE-2013-7109 (OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE ...)
- - glance 2012.1~e4-1
- NOTE: https://github.com/openstack/glance/commit/804396204e23ebb
+CVE-2013-7109
+ REJECTED
CVE-2013-7105 (Buffer overflow in the Interstage HTTP Server log functionality, as us ...)
NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2013-7104 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...)
@@ -1188,7 +1213,7 @@ CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earli
[squeeze] - nagios3 <no-dsa> (Minor issue)
[wheezy] - nagios3 <no-dsa> (Minor issue)
NOTE: https://dev.icinga.org/issues/5251
- NOTE: separate CVE requested for nagios, http://www.openwall.com/lists/oss-security/2013/12/23/4
+ NOTE: separate CVE requested for nagios, https://www.openwall.com/lists/oss-security/2013/12/23/4
NOTE: Fixed by https://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/
CVE-2013-7107 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1 ...)
{DSA-2956-1}
@@ -1350,7 +1375,7 @@ CVE-2013-7060 (Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allow
NOT-FOR-US: Plone
CVE-2013-7049 (Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as ...)
NOTE: vulnerable code not found in Debian
- NOTE: http://www.openwall.com/lists/oss-security/2013/12/11/14
+ NOTE: https://www.openwall.com/lists/oss-security/2013/12/11/14
NOT-FOR-US: FiSH Plugin for ZNC IRC Bouncer
CVE-2013-7048 (OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlie ...)
- nova 2013.2.2 (bug #732022)
@@ -2145,7 +2170,7 @@ CVE-2013-6713 (The Data Protection for VMware component in IBM Tivoli Storage Ma
CVE-2013-6712 (The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...)
{DSA-2816-1}
- php5 5.5.6+dfsg-2 (bug #731112)
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071
CVE-2013-6711 (Cross-site scripting (XSS) vulnerability in the product-creation admin ...)
NOT-FOR-US: Cisco
CVE-2013-6710 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Trainin ...)
@@ -2716,15 +2741,15 @@ CVE-2013-6508
CVE-2013-6507
REJECTED
CVE-2013-6506
- RESERVED
+ REJECTED
CVE-2013-6505
- RESERVED
+ REJECTED
CVE-2013-6504
- RESERVED
+ REJECTED
CVE-2013-6503
- RESERVED
+ REJECTED
CVE-2013-6502
- RESERVED
+ REJECTED
CVE-2013-6501 (The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...)
- php5 <removed> (unimportant)
NOTE: Rendererd unexpoitable by kernel level hardening for tmp races
@@ -3026,7 +3051,7 @@ CVE-2013-6421 (The unpack_zip function in archive_unpacker.rb in the sprout gem
CVE-2013-6420 (The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP befor ...)
{DSA-2816-1}
- php5 5.5.6+dfsg-2 (bug #731895)
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415
CVE-2013-6419 (Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 ...)
- neutron 2013.2.1-1
- nova 2013.2.1-1
@@ -3137,7 +3162,7 @@ CVE-2013-6396 (The OpenStack Python client library for Swift (python-swiftclient
- python-swiftclient 1:2.0.2-1 (bug #730626)
NOTE: https://bugs.launchpad.net/python-swiftclient/+bug/1199783
CVE-2013-6395 (Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web ...)
- - ganglia-web <unfixed> (unimportant; bug #730507)
+ - ganglia-web 3.6.1-1 (unimportant; bug #730507)
[squeeze] - ganglia <not-affected> (Vulnerable code not present)
NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
- ganglia 3.6.0-1
@@ -3145,6 +3170,7 @@ CVE-2013-6395 (Cross-site scripting (XSS) vulnerability in header.php in Ganglia
NOTE: ganglia-web and ganglia are now two separate source packages
NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
NOTE: https://github.com/ganglia/ganglia-web/issues/218
+ NOTE: https://github.com/ganglia/ganglia-web/commit/fbdf26542510c01931dac7856bb908f651ad05e6
CVE-2013-6394 (Percona XtraBackup before 2.1.6 uses a constant string for the initial ...)
- percona-xtrabackup 2.1.6-2 (bug #730544)
CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0 ...)
@@ -3459,8 +3485,8 @@ CVE-2013-6278
RESERVED
CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...)
NOT-FOR-US: QNAP
-CVE-2013-6276
- RESERVED
+CVE-2013-6276 (** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 ...)
+ NOT-FOR-US: QNAP
CVE-2013-6274
RESERVED
CVE-2013-6273
@@ -4134,7 +4160,7 @@ CVE-2013-5961 (Unrestricted file upload vulnerability in lazyseo.php in the Lazy
CVE-2013-5960 (The authenticated-encryption feature in the symmetric-encryption imple ...)
NOT-FOR-US: OWASP Enterprise Security API for Java
CVE-2013-5958 (The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2. ...)
- NOT-FOR-US: Symfony
+ - symfony <not-affected> (Fixed before initial upload)
CVE-2013-5957 (Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location. ...)
- civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2013-5956 (Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php ...)
@@ -4913,7 +4939,7 @@ CVE-2013-5653 (The getenv and filenameforall functions in Ghostscript 9.10 ignor
{DSA-3691-1 DLA-674-1}
- ghostscript 9.19~dfsg-3.1 (low; bug #839118)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694724
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
CVE-2013-5652
RESERVED
CVE-2013-5650 (Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7 ...)
@@ -7039,20 +7065,18 @@ CVE-2013-4720 (SQL injection vulnerability in the WEC Discussion Forum extension
NOT-FOR-US: WEC Discussion Forum
CVE-2013-4719 (SQL injection vulnerability in the SEO Pack for tt_news extension befo ...)
NOT-FOR-US: SEO Pack for tt_news extension for TYPO3
-CVE-2013-4718 [XSS]
- RESERVED
+CVE-2013-4718 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
NOT-FOR-US: OTRS ITSM
-CVE-2013-4717 [SQL injection]
- RESERVED
+CVE-2013-4717 (Multiple SQL injection vulnerabilities in Open Ticket Request System ( ...)
{DSA-2733-1}
- otrs2 3.2.9-1
NOTE: http://web.archive.org/web/20131023033811/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-05/
CVE-2013-4716 (Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and ...)
NOT-FOR-US: Tattyan HP TOWN
CVE-2013-4715 (SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6. ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2013-4714 (Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2013-4713 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk w ...)
NOT-FOR-US: I-O DATA DEVICE RockDisk
CVE-2013-4712 (I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlie ...)
@@ -7461,7 +7485,7 @@ CVE-2013-4550 (Bip before 0.8.9, when running as a daemon, writes SSL handshake
[squeeze] - bip <no-dsa> (Minor issue)
NOTE: Upstream commit: https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c
NOTE: https://projects.duckcorp.org/issues/261
- NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9
+ NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: https://www.openwall.com/lists/oss-security/2014/01/02/9
CVE-2013-4549 (QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers t ...)
- qtbase-opensource-src 5.1.1+dfsg-6
- qt4-x11 4:4.8.5+git192-g085f851+dfsg-1 (low; bug #750141)
@@ -7532,8 +7556,7 @@ CVE-2013-4537 (The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4536
- RESERVED
+CVE-2013-4536 (An user able to alter the savevm data (either on the disk or over the ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -7682,7 +7705,7 @@ CVE-2013-4509 (The default configuration of IBUS 1.5.4, and possibly 1.5.2 and e
- ibus-chewing 1.4.3-4 (low; bug #730781)
[wheezy] - ibus-chewing <not-affected> (Only in combination with Ibus 1.5.4, which is not in stable)
[squeeze] - ibus-chewing <not-affected> (Only in combination with Ibus 1.5.4, which is not in oldstable)
- NOTE: http://www.openwall.com/lists/oss-security/2013/11/04/2
+ NOTE: https://www.openwall.com/lists/oss-security/2013/11/04/2
NOTE: This is rather a bug in the various IBus engines not in ibus itself, asked maintainers to investigate affected engines,
NOTE: can be assigned to affected engines once more info is available
NOTE: Introduced in 1.5, so stable/oldstable not affected
@@ -7981,7 +8004,7 @@ CVE-2013-4421 (The buf_decompress function in packet.c in Dropbear SSH Server be
- dropbear 2012.55-1.4 (low; bug #726019)
[squeeze] - dropbear <no-dsa> (Minor issue)
[wheezy] - dropbear <no-dsa> (Minor issue)
- NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f
+ NOTE: https://hg.ucc.asn.au/dropbear/rev/0bf76f54de6f
CVE-2013-4420 (Multiple directory traversal vulnerabilities in the (1) tar_extract_gl ...)
{DSA-2863-1}
- libtar 1.2.20-2 (bug #731860)
@@ -8092,7 +8115,7 @@ CVE-2013-4388 (Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4a
{DSA-2973-1}
- vlc 2.1.0-1 (bug #726528)
[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not prop ...)
{DLA-0015-1}
- linux-2.6 <removed>
@@ -8177,7 +8200,7 @@ CVE-2013-4365 (Heap-based buffer overflow in the fcgid_header_bucket_read functi
CVE-2013-4364 ((1) oo-analytics-export and (2) oo-analytics-import in the openshift-o ...)
NOT-FOR-US: OpenShift
CVE-2013-4363 (Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION ...)
- - rubygems <removed> (unimportant; bug #722361)
+ - rubygems 3.2.0~rc.1-1 (unimportant; bug #722361)
- libgems-ruby <removed> (unimportant; bug #722361)
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
@@ -8238,7 +8261,7 @@ CVE-2013-4350 (The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kern
- linux-2.6 <not-affected> (Vulnerable code not present)
- linux 3.11.5-1
[wheezy] - linux 3.2.53-1
- NOTE: http://www.openwall.com/lists/oss-security/2013/09/13/2
+ NOTE: https://www.openwall.com/lists/oss-security/2013/09/13/2
NOTE: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7
CVE-2013-4349
REJECTED
@@ -8249,12 +8272,12 @@ CVE-2013-4348 (The skb_flow_dissect function in net/core/flow_dissector.c in the
CVE-2013-4347 (The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier func ...)
- python-oauth2 <removed> (low; bug #722657)
[wheezy] - python-oauth2 <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
+ NOTE: https://www.openwall.com/lists/oss-security/2013/09/12/5
NOTE: https://github.com/simplegeo/python-oauth2/issues/9
CVE-2013-4346 (The Server.verify_request function in SimpleGeo python-oauth2 does not ...)
- python-oauth2 <removed> (low; bug #722656)
[wheezy] - python-oauth2 <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
+ NOTE: https://www.openwall.com/lists/oss-security/2013/09/12/5
NOTE: https://github.com/simplegeo/python-oauth2/issues/129
CVE-2013-4345 (Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c ...)
{DSA-2906-1}
@@ -8354,7 +8377,7 @@ CVE-2013-4319 (pbs_mom in Terascale Open-Source Resource and Queue Manager (aka
NOTE: http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html
CVE-2013-4318 (File injection vulnerability in Ruby gem Features 0.3.0 allows remote ...)
NOT-FOR-US: Ruby gem Features
- NOTE: http://www.openwall.com/lists/oss-security/2013/09/09/9
+ NOTE: https://www.openwall.com/lists/oss-security/2013/09/09/9
CVE-2013-4317 (In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API ...)
NOT-FOR-US: CloudStack
CVE-2013-4316 (Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation ...)
@@ -8467,7 +8490,7 @@ CVE-2013-4288 (Race condition in PolicyKit (aka polkit) allows local users to by
[squeeze] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
[wheezy] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
CVE-2013-4287 (Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...)
- - rubygems <removed> (unimportant; bug #722361)
+ - rubygems 3.2.0~rc.1-1 (unimportant; bug #722361)
- libgems-ruby <removed> (unimportant; bug #722361)
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
@@ -8832,7 +8855,7 @@ CVE-2013-4170
CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to change ...)
- gdm <removed> (unimportant)
- gdm3 <not-affected> (Only affected older gdm < 2.21.1)
- NOTE: In Debian /tmp/.X11-unix is created by /etc/init.d/x11-common
+ NOTE: In Debian /tmp/.X11-unix is created by /etc/init.d/x11-common
CVE-2013-4168 (Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the sta ...)
{DLA-348-1}
- smokeping 2.6.8-2 (low)
@@ -10078,7 +10101,7 @@ CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FF
{DSA-3003-1}
- ffmpeg <not-affected> (CD Graphics Video Decoder not present in 0.5 ffmpeg)
- libav 6:10.4-1
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812
CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg befo ...)
- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
@@ -10088,7 +10111,7 @@ CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10.4-1
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=70cd3b8e659c3522eea5c16a65d14b8658894a94
CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...)
- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
@@ -10098,7 +10121,7 @@ CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10-1
[wheezy] - libav <not-affected> (Vulnerable code not present in 0.8)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
NOTE: [Anton] not present in 0.8, 10 or master; possibly present in 9
CVE-2013-3669
RESERVED
@@ -11013,7 +11036,7 @@ CVE-2013-3246 (Stack-based buffer overflow in xnview.exe in XnView before 2.03 a
CVE-2013-3245 (** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media P ...)
- vlc 2.0.7-1 (unimportant)
NOTE: Harmless crasher
- NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=59c9e8309d5b435a2d85c2c9eaae979ba56ccdd9
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=59c9e8309d5b435a2d85c2c9eaae979ba56ccdd9
NOTE: http://secunia.com/blog/372/
NOTE: http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia
CVE-2013-3244 (Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB ...)
@@ -12769,8 +12792,8 @@ CVE-2013-2514
RESERVED
CVE-2013-2513
RESERVED
-CVE-2013-2512
- RESERVED
+CVE-2013-2512 (The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitra ...)
+ NOT-FOR-US: Ruby ftpd gem
CVE-2013-2511
RESERVED
CVE-2013-2510
@@ -13628,7 +13651,7 @@ CVE-2013-2221 (Heap-based buffer overflow in the ZRtp::storeMsgTemp function in
CVE-2013-2220 (Buffer overflow in the radius_get_vendor_attr function in the Radius e ...)
{DSA-2726-1}
- php-radius 1.2.5-2.4 (bug #714362)
- NOTE: http://www.openwall.com/lists/oss-security/2013/06/28/2
+ NOTE: https://www.openwall.com/lists/oss-security/2013/06/28/2
CVE-2013-2219 (The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server ...)
- 389-ds-base 1.3.2.9-1 (bug #718325)
CVE-2013-2218 (Double free vulnerability in the virConnectListAllInterfaces method in ...)
@@ -13751,7 +13774,7 @@ CVE-2013-2186 (The DiskFileItem class in Apache Commons FileUpload, as used in R
CVE-2013-2185 (** DISPUTED ** The readObject method in the DiskFileItem class in Apac ...)
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=974813
- NOTE: http://www.openwall.com/lists/oss-security/2013/09/05/4
+ NOTE: https://www.openwall.com/lists/oss-security/2013/09/05/4
CVE-2013-2184 (Movable Type before 5.2.6 does not properly use the Storable::thaw fun ...)
{DSA-3183-1}
- movabletype-opensource 5.2.7+dfsg-1 (bug #712602)
@@ -13774,7 +13797,7 @@ CVE-2013-2179 (X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when perfo
- xdm <not-affected> (Not affected when PAM is used)
[squeeze] - xdm <not-affected> (same as above and glibc too old)
[wheezy] - xdm <not-affected> (same as above and glibc too old)
- NOTE: http://www.openwall.com/lists/oss-security/2013/06/11/5
+ NOTE: https://www.openwall.com/lists/oss-security/2013/06/11/5
CVE-2013-2178 (The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and ap ...)
{DSA-2708-1}
- fail2ban 0.8.10-1
@@ -13936,7 +13959,7 @@ CVE-2013-2127 (Buffer overflow in the exposure correction code in LibRaw before
- libraw <not-affected> (Only affects 0.15, 0.15 was only in experimental)
- libkdcraw <not-affected> (embeds libraw 0.14)
- darktable <not-affected> (embeds libraw 0.14)
- NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2013/05/28/3
NOTE: https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d
CVE-2013-2126 (Multiple double free vulnerabilities in the LibRaw::unpack function in ...)
- libraw 0.15.3-1 (low; bug #710353)
@@ -13948,11 +13971,11 @@ CVE-2013-2126 (Multiple double free vulnerabilities in the LibRaw::unpack functi
NOTE: Not suitable for code injection, no security impact for an enduser application like Darktable
- kdegraphics <removed>
[squeeze] - kdegraphics <not-affected> (embedded version of kdcraw+libraw too old)
- NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2013/05/28/3
NOTE: https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6
CVE-2013-2125 (OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which al ...)
- opensmtpd 5.3.3p1-1
- NOTE: http://www.openwall.com/lists/oss-security/2013/05/18/8
+ NOTE: https://www.openwall.com/lists/oss-security/2013/05/18/8
CVE-2013-2124 (Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before ...)
- libguestfs 1:1.20.8-1 (bug #710290)
[wheezy] - libguestfs <not-affected> (Vulnerable code not present)
@@ -13995,13 +14018,13 @@ CVE-2013-2112 (The svnserve server in Subversion before 1.6.23 and 1.7.x before
CVE-2013-2111 (The IMAP functionality in Dovecot before 2.2.2 allows remote attackers ...)
- dovecot <not-affected> (vulnerable code appeared in 2.2)
[squeeze] - dovecot <not-affected> (vulnerable code appeared in 2.2)
- [wheezy] - dovecot <not-affected> (vulnerable code appeared in 2.2)
+ [wheezy] - dovecot <not-affected> (vulnerable code appeared in 2.2)
CVE-2013-2110 (Heap-based buffer overflow in the php_quot_print_encode function in ex ...)
- php5 5.5.0~rc3+dfsg-1
[wheezy] - php5 <not-affected> (Vulnerable code not present)
[squeeze] - php5 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0
- NOTE: vulnerability introduced with commit http://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629
+ NOTE: vulnerability introduced with commit https://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629
CVE-2013-2109 (WordPress plugin wp-cleanfix has Remote Code Execution ...)
NOT-FOR-US: WordPress plugin wp-cleanfix
CVE-2013-2108 (WordPress WP Cleanfix Plugin 2.4.4 has CSRF ...)
@@ -14129,8 +14152,8 @@ CVE-2013-2074 (kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allow
- kde4libs 4:4.10.5-1 (low; bug #707776)
[squeeze] - kde4libs <no-dsa> (Minor issue)
NOTE: https://bugs.kde.org/show_bug.cgi?id=319428
- NOTE: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=65d736dab592bced4410ccfa4699de89f78c96ca
- NOTE: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=898135a59d91184692ed1bcee8bb4c6d80d6f7b9
+ NOTE: https://github.com/KDE/kdelibs/commit/65d736dab592bced4410ccfa4699de89f78c96ca
+ NOTE: https://github.com/KDE/kdelibs/commit/898135a59d91184692ed1bcee8bb4c6d80d6f7b9
CVE-2013-2073 (Transifex command-line client before 0.9 does not validate X.509 certi ...)
- transifex-client 0.9-1 (low)
[wheezy] - transifex-client <no-dsa> (Minor issue)
@@ -14150,7 +14173,7 @@ CVE-2013-2070 (http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8
[squeeze] - nginx <not-affected> (Vulnerable code not present)
CVE-2013-2069 (Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18. ...)
NOT-FOR-US: Red Hat livecd-tools
- NOTE: http://www.openwall.com/lists/oss-security/2013/05/23/2
+ NOTE: https://www.openwall.com/lists/oss-security/2013/05/23/2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=964299
CVE-2013-2068 (Multiple directory traversal vulnerabilities in the AgentController in ...)
NOT-FOR-US: RedHat CloudForms Management Engine
@@ -14191,7 +14214,7 @@ CVE-2013-2058 (The host_start function in drivers/usb/chipidea/host.c in the Lin
- linux-2.6 <not-affected> (Vulnerable code not present)
- linux 3.8-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2013/05/03/2
+ NOTE: https://www.openwall.com/lists/oss-security/2013/05/03/2
CVE-2013-2057 (YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Includ ...)
NOT-FOR-US: YaBB
CVE-2013-2056 (The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Sate ...)
@@ -14268,7 +14291,7 @@ CVE-2013-2030 (keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizz
NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html
CVE-2013-2029 (nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others ...)
- nagios3 <not-affected> (Affected file nagios.upgrade_to_v3.sh not in Debian)
- NOTE: http://www.openwall.com/lists/oss-security/2013/04/30/8
+ NOTE: https://www.openwall.com/lists/oss-security/2013/04/30/8
CVE-2013-2028 (The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx ...)
- nginx <not-affected> (Vulnerable code not present)
CVE-2013-2027 (Jython 2.2.1 uses the current umask to set the privileges of the class ...)
@@ -14294,12 +14317,12 @@ CVE-2013-2024 (OS command injection vulnerability in the "qs" procedure from the
CVE-2013-2023 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in ...)
- jquery-jplayer 2.1.0-2
NOTE: used for jPlayer 2.2.23 XSS
- NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
+ NOTE: https://www.openwall.com/lists/oss-security/2013/05/05/3
CVE-2013-2022 (Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jp ...)
- jquery-jplayer 2.1.0-2
NOTE: https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373
NOTE: used for jPlayer 2.2.20 XSS
- NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
+ NOTE: https://www.openwall.com/lists/oss-security/2013/05/05/3
CVE-2013-2021 (pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause ...)
- clamav 0.97.8+dfsg-1
[squeeze] - clamav 0.97.8+dfsg-1~squeeze1
@@ -14452,7 +14475,7 @@ CVE-2013-1978 (Heap-based buffer overflow in the read_xwd_cols function in file-
- gimp 2.8.10-0.1 (bug #731305)
CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf, ...)
- keystone <not-affected> (permissions to /etc/keystone/keystone.conf restricted in postinst)
- NOTE: http://www.openwall.com/lists/oss-security/2013/04/19/2
+ NOTE: https://www.openwall.com/lists/oss-security/2013/04/19/2
CVE-2013-1976 (The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in ...)
- tomcat6 <not-affected> (RedHat-specific issue)
- tomcat7 <not-affected> (RedHat-specific issue)
@@ -14543,7 +14566,7 @@ CVE-2013-1950 (The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows
- libtirpc <not-affected> (regression code not present)
NOTE: Regression introduced with 82cc2e6129c872c8be09381055f2fb5641c5e6fe
NOTE: Regression fixed with a9f437119d79a438cb12e510f3cadd4060102c9f
- NOTE: http://www.openwall.com/lists/oss-security/2013/04/22/9
+ NOTE: https://www.openwall.com/lists/oss-security/2013/04/22/9
CVE-2013-1949 (Social Media Widget (social-media-widget) plugin 4.0 for WordPress con ...)
NOT-FOR-US: Wordpress Social Media Widget
CVE-2013-1948 (converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent ...)
@@ -14596,13 +14619,13 @@ CVE-2013-1933 (The extract_from_ocr function in lib/docsplit/text_extractor.rb i
NOT-FOR-US: Karteek Docsplit Ruby Gem
CVE-2013-1932 (A cross-site scripting (XSS) vulnerability in the configuration report ...)
- mantis <not-affected> (affects Mantis 1.2.13 only)
- NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
+ NOTE: https://www.openwall.com/lists/oss-security/2013/04/04/8
CVE-2013-1931 (A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows r ...)
- mantis <not-affected> (affects Mantis 1.2.14 only)
- NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
+ NOTE: https://www.openwall.com/lists/oss-security/2013/04/04/8
CVE-2013-1930 (MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the wor ...)
- mantis <not-affected> (affects only Mantis 1.2.12 and later)
- NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
+ NOTE: https://www.openwall.com/lists/oss-security/2013/04/04/8
CVE-2013-1929 (Heap-based buffer overflow in the tg3_read_vpd function in drivers/net ...)
{DSA-2669-1 DSA-2668-1}
- linux 3.8.11-1
@@ -14725,7 +14748,7 @@ CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly val
- mongodb 1:2.4.1-1 (bug #704042)
[wheezy] - mongodb 1:2.0.6-1.1
[squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is EOLed)
- NOTE: http://www.openwall.com/lists/oss-security/2013/03/25/7
+ NOTE: https://www.openwall.com/lists/oss-security/2013/03/25/7
CVE-2013-1891
RESERVED
CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...)
@@ -14754,7 +14777,7 @@ CVE-2013-1884 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 th
NOTE: http://subversion.apache.org/security/CVE-2013-1884-advisory.txt
CVE-2013-1883 (Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote a ...)
- mantis <not-affected> (only affects 1.2.12 to 1.2.14)
- NOTE: http://www.openwall.com/lists/oss-security/2013/03/21/3
+ NOTE: https://www.openwall.com/lists/oss-security/2013/03/21/3
CVE-2013-1882
RESERVED
CVE-2013-1881 (GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary f ...)
@@ -14779,7 +14802,7 @@ CVE-2013-1874 (Untrusted search path vulnerability in csi in Chicken before 4.8.
- chicken 4.8.0.3-1 (low; bug #702410)
[squeeze] - chicken <no-dsa> (Minor issue)
[wheezy] - chicken <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2013/03/19/11
+ NOTE: https://www.openwall.com/lists/oss-security/2013/03/19/11
CVE-2013-1873 [linux kernel kernel stack memory disclosure]
REJECTED
CVE-2013-1872 (The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent atta ...)
@@ -14806,7 +14829,7 @@ CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revo
- keystone <not-affected> (only affects folsom)
NOTE: fixed in experimental with keystone/2012.2.3-2
CVE-2013-1864 (The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga ...)
- NOTE: http://www.openwall.com/lists/oss-security/2013/03/15/6
+ NOTE: https://www.openwall.com/lists/oss-security/2013/03/15/6
- ekiga 4.0.1-1 (low; bug #704133)
[wheezy] - ekiga <no-dsa> (Minor issue)
[squeeze] - ekiga <no-dsa> (Minor issue)
@@ -14869,11 +14892,11 @@ CVE-2013-1852 (SQL injection vulnerability in leaguemanager.php in the LeagueMan
CVE-2013-1851 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...)
- owncloud 4.0.8debian-1.6 (bug #703094)
NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-010/
- NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
+ NOTE: https://www.openwall.com/lists/oss-security/2013/03/14/8
CVE-2013-1850 (Multiple incomplete blacklist vulnerabilities in (1) import.php and (2 ...)
- owncloud 4.0.8debian-1.6 (bug #703094)
NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-009/
- NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
+ NOTE: https://www.openwall.com/lists/oss-security/2013/03/14/8
CVE-2013-1849 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through ...)
{DLA-207-1}
- subversion 1.7.9-1 (bug #704940)
@@ -14884,7 +14907,7 @@ CVE-2013-1848 (fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect a
- linux 3.2.41-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
- NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/8
+ NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/8
CVE-2013-1847 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through ...)
{DLA-207-1}
- subversion 1.7.9-1 (bug #704940)
@@ -14913,6 +14936,7 @@ CVE-2013-1842 (SQL injection vulnerability in the Extbase Framework in TYPO3 4.5
- typo3-src 4.5.19+dfsg1-5 (bug #702574)
CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not check ...)
- libnet-server-perl <unfixed> (low; bug #702914)
+ [bullseye] - libnet-server-perl <ignored> (Minor issue)
[buster] - libnet-server-perl <ignored> (Minor issue)
[stretch] - libnet-server-perl <ignored> (Minor issue)
[jessie] - libnet-server-perl <ignored> (Minor issue)
@@ -14928,7 +14952,7 @@ CVE-2013-1839 (The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x
CVE-2013-1838 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) ...)
- nova 2012.1.1-15 (bug #703064)
CVE-2013-1837
- RESERVED
+ REJECTED
CVE-2013-1836 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...)
- moodle 2.5-1 (bug #703870)
[squeeze] - moodle <not-affected> (Vulnerable code not present)
@@ -14970,13 +14994,13 @@ CVE-2013-1824 (The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allo
{DSA-2639-1}
- php5 5.4.4-14
NOTE: See CVE-2013-1643
- NOTE: http://git.php.net/?p=web/php.git;a=commitdiff;h=e8432b34ee7a196a14a6e0191a00fe73b5a095e7
+ NOTE: https://git.php.net/?p=web/php.git;a=commitdiff;h=e8432b34ee7a196a14a6e0191a00fe73b5a095e7
CVE-2013-1823 (Cross-site scripting (XSS) vulnerability in the Notifications form in ...)
NOT-FOR-US: Katello
CVE-2013-1822 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x ...)
- owncloud <not-affected> (owncloud stable4 (4.0.x) is not affected)
NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-008/
- NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
+ NOTE: https://www.openwall.com/lists/oss-security/2013/03/14/8
CVE-2013-1821 (lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows ...)
{DSA-2809-1 DSA-2738-1}
- ruby1.9.1 1.9.3.194-8.1 (bug #702525)
@@ -15049,17 +15073,17 @@ CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the Lin
{DSA-2668-1}
- linux 3.2.41-2
- linux-2.6 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
+ NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/9
CVE-2013-1797 (Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel ...)
- linux 3.2.41-2
- linux-2.6 <removed>
[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport, KVM server not supported in squeeze-lts)
- NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
+ NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/9
CVE-2013-1796 (The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux ker ...)
{DSA-2669-1 DSA-2668-1}
- linux 3.2.41-2
- linux-2.6 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
+ NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/9
CVE-2013-1795 (Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote att ...)
{DSA-2638-1}
- openafs 1.6.1-3
@@ -15073,7 +15097,7 @@ CVE-2013-1792 (Race condition in the install_user_keyrings function in security/
- linux 3.2.41-1
- linux-2.6 <removed>
CVE-2013-1791
- RESERVED
+ REJECTED
CVE-2013-1790 (poppler/Stream.cc in poppler before 0.22.1 allows context-dependent at ...)
{DSA-2719-1}
- poppler 0.18.4-6 (low; bug #702071)
@@ -15126,7 +15150,7 @@ CVE-2013-1772 (The log_prefix function in kernel/printk.c in the Linux kernel 3.
CVE-2013-1771 (The web server Monkeyd produces a world-readable log (/var/log/monkeyd ...)
- monkey <removed> (low)
[squeeze] - monkey <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2013/02/24/5
+ NOTE: https://www.openwall.com/lists/oss-security/2013/02/24/5
CVE-2013-1770 (Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia ...)
- ganglia 3.6.0-1 (low; bug #700158)
[squeeze] - ganglia <no-dsa> (Minor issue)
@@ -15182,7 +15206,7 @@ CVE-2013-1753 (The gzip_decode function in the xmlrpc client library in Python 3
- python3.2 <removed> (low)
- python3.3 <removed> (low; bug #742928)
- python3.4 3.4.2-4 (low; bug #742927)
- [jessie] - python3.4 <no-dsa> (Minor issue)
+ [jessie] - python3.4 <postponed> (Minor issue)
[squeeze] - python2.5 <no-dsa> (Minor issue)
[squeeze] - python2.6 <no-dsa> (Minor issue)
[wheezy] - python2.6 <no-dsa> (Minor issue)
@@ -15190,7 +15214,7 @@ CVE-2013-1753 (The gzip_decode function in the xmlrpc client library in Python 3
[squeeze] - python3.1 <no-dsa> (Minor issue)
[wheezy] - python3.2 <no-dsa> (Minor issue)
NOTE: http://bugs.python.org/issue16043
- NOTE: preliminary patch: http://bugs.python.org/file28796/xmlrpc_gzip_27.patch
+ NOTE: https://github.com/python/cpython/commit/eca72d47f5a639a0ac66a98a2d63b30df2ce310f (3.4)
CVE-2013-1752
REJECTED
CVE-2013-1751 (TWiki before 5.1.4 allows remote attackers to execute arbitrary shell ...)
@@ -15446,7 +15470,7 @@ CVE-2013-1704 (Use-after-free vulnerability in the nsINode::GetParentNode functi
- iceweasel <not-affected> (Only affects Firefox > 17)
- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1703
- RESERVED
+ REJECTED
CVE-2013-1702 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox > 17)
- icedove <not-affected> (Only affects Firefox > 17)
@@ -15726,7 +15750,7 @@ CVE-2013-1644
CVE-2013-1643 (The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows re ...)
{DSA-2639-1}
- php5 5.4.4-14 (bug #702221)
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36
CVE-2013-1642 (Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer befo ...)
NOT-FOR-US: QuiXplorer
CVE-2013-1641 (Directory traversal vulnerability in the zip download functionality in ...)
@@ -15747,7 +15771,7 @@ CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does
{DSA-2639-1}
- php5 5.4.4-14 (unimportant; bug #702221)
NOTE: open_basedir not supported
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74
CVE-2013-1634 (A denial of service vulnerability exists in some motherboard implement ...)
NOT-FOR-US: Intel
CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packages f ...)
@@ -16388,7 +16412,7 @@ CVE-2013-1430 (An issue was discovered in xrdp before 0.9.1. When successfully l
[wheezy] - xrdp <no-dsa> (Minor issue)
NOTE: https://github.com/neutrinolabs/xrdp/pull/497
NOTE: When successfully logging in using RDP into a xrdp session, the file
- NOTE: ~/.vnc/sesman_${username}_passwd is created. Its content is the
+ NOTE: ~/.vnc/sesman_${username}_passwd is created. Its content is the
NOTE: equivalent of the users clear text password, DES encrypted with a known
NOTE: key.
CVE-2013-1429 (Lintian before 2.5.12 allows remote attackers to gather information ab ...)
@@ -17176,12 +17200,12 @@ CVE-2013-1057 (Untrusted search path vulnerability in maas-import-pxe-files in M
NOT-FOR-US: Ubuntu MAAS
CVE-2013-1056 (X.org X server 1.13.3 and earlier, when not run as root, allows local ...)
- xorg-server <not-affected> (Ubuntu-specific patch, see http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1056.html)
-CVE-2013-1055
- RESERVED
-CVE-2013-1054
- RESERVED
-CVE-2013-1053
- RESERVED
+CVE-2013-1055 (The unity-firefox-extension package could be tricked into dropping a C ...)
+ NOT-FOR-US: unity-firefox-extension
+CVE-2013-1054 (The unity-firefox-extension package could be tricked into destroying t ...)
+ NOT-FOR-US: unity-firefox-extension
+CVE-2013-1053 (In crypt.c of remote-login-service, the cryptographic algorithm used t ...)
+ NOT-FOR-US: remote-login-service Ubuntu package
CVE-2013-1052 (pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the ...)
NOT-FOR-US: pam-xdg-support (Ubuntu-specific package)
CVE-2013-1051 (apt 0.8.16, 0.9.7, and possibly other versions does not properly handl ...)
@@ -17609,7 +17633,7 @@ CVE-2013-0873 (The read_header function in libavcodec/shorten.c in FFmpeg before
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.6-1 (bug #717009)
NOTE: Commit in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
NOTE: Fix needed for ffmpeg 0.5
CVE-2013-0872 (The swr_init function in libswresample/swresample.c in FFmpeg before 1 ...)
- ffmpeg <not-affected> (libswresample not yet present in ffmpeg/0.5)
@@ -17626,25 +17650,25 @@ CVE-2013-0869 (The field_end function in libavcodec/h264.c in FFmpeg before 1.1.
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.5-1
NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
NOTE: Fix needed in ffmpeg 0.5
CVE-2013-0868 (libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers ...)
{DSA-3003-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10.3-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
CVE-2013-0867 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <not-affected> (Code in libav is different/not affect as per libav h264 maintainer)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
CVE-2013-0866 (The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1 ...)
{DSA-2793-1}
- ffmpeg <not-affected> (Code in 0.5 is different/not affected)
- libav 6:0.8.7-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a943a132f36f4df8fe2f749744677b71984abce7
CVE-2013-0865 (The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg befor ...)
{DSA-2855-1}
@@ -17664,14 +17688,14 @@ CVE-2013-0862 (Multiple integer overflows in the process_frame_obj function in l
CVE-2013-0861 (The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg bef ...)
- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
- libav <not-affected> (Affected code not present in libav 0.8.x)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
NOTE: Affects the libav version in experimental
CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpe ...)
{DSA-3003-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10.1-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
NOTE: [Vittorio] not present in master and 10, fix pushed to 9 and 0.8
CVE-2013-0859 (The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg befor ...)
- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
@@ -17681,14 +17705,14 @@ CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.9-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a
NOTE: Fixed in 0.8.9
CVE-2013-0857 (The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1. ...)
{DSA-2793-1}
- ffmpeg <not-affected> (IFF PBM/ILBM bitmap decoder not present in 0.5 ffmpeg)
- libav 6:9.9-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=7d65e960c72f36b73ae7fe84f8e427d758e61da9
NOTE: Fixed in 0.8.9
CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 ...)
@@ -17696,37 +17720,37 @@ CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.10-1
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=78aa2ed620178044a227fbbe48f749c0dc86023f
CVE-2013-0855 (Integer overflow in the alac_decode_close function in libavcodec/alac. ...)
- ffmpeg <not-affected> (0.5 series not affected)
- libav 6:9.9-1 (bug #717009)
[wheezy] - libav <not-affected> (0.8 series not affected)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=f7c5883126f9440547933eefcf000aa78af4821c
CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c ...)
{DSA-2793-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.8-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=cfbd98abe82cfcb9984a18d08697251b72b110c8
CVE-2013-0853 (The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg be ...)
{DSA-2793-1}
- ffmpeg <not-affected> (Vulnerability introduced later)
- libav 6:0.8.8-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=ed50673066956d6f2201a57c3254569f2ab08d9d
CVE-2013-0852 (The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg ...)
{DSA-3003-1}
- ffmpeg <not-affected> (PGS subtitle decoder not present)
- libav 6:10.3-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
CVE-2013-0851 (The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 a ...)
{DSA-3003-1}
- ffmpeg <not-affected> (Electronic Arts Madcow Video decoder not present in ffmpeg 0.5)
- libav 6:10.3-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f9204ec56a4cf73843d1e5b8563d3584c2c05b47 (v10)
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e8ff7972064631afbdf240ec6bfd9dec30cf2ce8 (v9)
NOTE: https://git.libav.org/?p=libav.git;a=commit;h=187cfd3c13a1deb47661486824a5b8f41e158a7a (v0.8)
@@ -17735,39 +17759,39 @@ CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg b
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.7-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6e5cdf26281945ddea3aaf5eca4d127791f23ca8
CVE-2013-0849 (The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg bef ...)
{DSA-2855-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.3-1 (bug #717009)
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
{DSA-3003-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:10.4-1
- NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
+ NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a7153444df9040bf6ae103e0bbf6104b66f974cb
CVE-2013-0847 (The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1. ...)
- ffmpeg <not-affected> (Affected code not present in ffmpeg 0.5)
- libav <not-affected> (Code in libav is different, read_ttag)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952
CVE-2013-0846 (Array index error in the qdm2_decode_super_block function in libavcode ...)
{DSA-2855-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.3-1 (bug #717009)
- NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
+ NOTE: ffmpeg commit: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b
NOTE: Needed for ffmpeg 0.5
CVE-2013-0845 (libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to ...)
{DSA-2855-1}
- ffmpeg <not-affected> (MPEG-4 ALS decoder not present in ffmpeg/0.5)
- libav 6:9.11-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16
NOTE: Fixed in revisions: v9-2748-g2a0fb72, v9.10-7-g3f7d890
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=2a0fb72
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=3f7d890
@@ -17776,7 +17800,7 @@ CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in libavcodec
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:9.10-1
- NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
+ NOTE: ffmpeg commit: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
NOTE: libav commit: https://git.libav.org/?p=libav.git;a=commitdiff;h=12576afe206d35231ccd61f9033c5fdab6a11e
NOTE: Fixed in 0.8.9
CVE-2013-0843 (content/renderer/media/webrtc_audio_renderer.cc in Google Chrome befor ...)
@@ -17880,7 +17904,7 @@ CVE-2013-0804 (The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 befo
CVE-2013-0803 (A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload ...)
NOT-FOR-US: PolarBear CMS
CVE-2013-0802
- RESERVED
+ REJECTED
CVE-2013-0801 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2720-1 DSA-2699-1}
- iceweasel 17.0.6esr-1
@@ -18258,7 +18282,7 @@ CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spr
CVE-2013-0722 (Stack-based buffer overflow in the scan_load_hosts function in ec_scan ...)
- ettercap 1:0.7.5.1-2 (low; bug #697987)
[squeeze] - ettercap 1:0.7.3-2.1+squeeze1
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/10/2
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/10/2
NOTE: http://www.exploit-db.com/exploits/23945/
NOTE: https://secunia.com/advisories/51731/
NOTE: Proposed patch http://www.securation.com/files/2013/01/ec.patch
@@ -18899,7 +18923,7 @@ CVE-2013-0423 (Unspecified vulnerability in the Java Runtime Environment (JRE) c
CVE-2013-0422 (Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remot ...)
- openjdk-6 <not-affected> (Only affects Java 7)
- openjdk-7 7u3-2.1.4-1
- NOTE: Exploitable on Linux http://www.openwall.com/lists/oss-security/2013/01/11/1
+ NOTE: Exploitable on Linux https://www.openwall.com/lists/oss-security/2013/01/11/1
CVE-2013-0421
REJECTED
CVE-2013-0420 (Unspecified vulnerability in the VirtualBox component in Oracle Virtua ...)
@@ -19083,7 +19107,7 @@ CVE-2013-0346 (** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions
CVE-2013-0345 (varnish 3.0.3 uses world-readable permissions for the /var/log/varnish ...)
- varnish <not-affected> (Logfiles are owned by varnishlog:varnishlog)
CVE-2013-0344
- RESERVED
+ REJECTED
CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux ...)
{DSA-2906-1}
- linux 3.10.11-1 (low)
@@ -19091,6 +19115,7 @@ CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the L
- linux-2.6 <removed> (low)
CVE-2013-0342 (The CreateID function in packet.py in pyrad before 2.1 uses sequential ...)
- pyrad <unfixed> (low; bug #701151)
+ [bullseye] - pyrad <ignored> (Minor issue)
[buster] - pyrad <ignored> (Minor issue)
[stretch] - pyrad <ignored> (Minor issue)
[jessie] - pyrad <no-dsa> (Minor issue)
@@ -19100,7 +19125,8 @@ CVE-2013-0342 (The CreateID function in packet.py in pyrad before 2.1 uses seque
CVE-2013-0341 [external entity expansion]
REJECTED
CVE-2013-0340 (expat 2.1.0 and earlier does not properly handle entities expansion un ...)
- - expat <unfixed> (unimportant)
+ [experimental] - expat 2.4.1-1
+ - expat 2.4.1-2 (unimportant; bug #1001864)
NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat
NOTE: https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-0340.html
CVE-2013-0339 (libxml2 through 2.9.1 does not properly handle external entities expan ...)
@@ -19111,14 +19137,15 @@ CVE-2013-0338 (libxml2 2.9.0 and earlier allows context-dependent attackers to c
- libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260)
CVE-2013-0337 (The default configuration of nginx, possibly 1.3.13 and earlier, uses ...)
- nginx <unfixed> (low; bug #701112)
+ [bullseye] - nginx <ignored> (Minor issue)
[buster] - nginx <ignored> (Minor issue)
[stretch] - nginx <ignored> (Minor issue)
[jessie] - nginx <ignored> (Minor issue)
[wheezy] - nginx <no-dsa> (Minor issue)
[squeeze] - nginx <no-dsa> (Minor issue)
- NOTE: Can only be fixed properly once https://trac.nginx.org/nginx/ticket/376
- NOTE: resolved upstream.
- NOTE: Originally fixed in 1.4.4-2 but reintroduced with DSA-3701-1 fixes.
+ NOTE: Can only be fixed properly once https://trac.nginx.org/nginx/ticket/376 is resolved upstream
+ NOTE: Originally fixed in 1.4.4-2 but reintroduced with DSA-3701-1 (CVE-2016-1247)
+ NOTE: Post DSA-3701-1, Debian's default configuration is not affected, new log files are
CVE-2013-0336 (The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ ...)
- 389-ds-base 1.3.2.9-1 (bug #704077)
CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) ...)
@@ -19252,7 +19279,7 @@ CVE-2013-0288 (nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows contex
- nss-pam-ldapd 0.8.10-3 (bug #690319)
CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SSSD) 1 ...)
- sssd <not-affected> (Introduced in 1.9.0)
- NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12
+ NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/12
CVE-2013-0286 (Pinboard 1.0.6 theme for Wordpress has XSS. ...)
NOT-FOR-US: Wordpress theme
CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before ...)
@@ -19381,7 +19408,7 @@ CVE-2013-0251 (Stack-based buffer overflow in llogincircuit.cc in latd 1.25 thro
CVE-2013-0250 (The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 befor ...)
- corosync <not-affected> (Introduced in v1.99.8-2-ge925f42; bug #699615)
NOTE: https://github.com/corosync/corosync/commit/4378915a33ab7fbbb5874f79dd7cd71b014ef44e#L0R407
- NOTE: http://www.openwall.com/lists/oss-security/2013/02/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2013/02/01/1
CVE-2013-0249 (Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message ...)
- curl 7.29.0-1 (bug #700002)
[squeeze] - curl <not-affected> (Only affects 7.26.0 to 7.28.1)
@@ -19427,15 +19454,15 @@ CVE-2013-0238 (The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid be
CVE-2013-0237 (Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode p ...)
- wordpress 3.5.1+dfsg-1 (bug #698929)
NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/25/7
CVE-2013-0236 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...)
- wordpress 3.5.1+dfsg-1 (bug #698927)
NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/25/7
CVE-2013-0235 (The XMLRPC API in WordPress before 3.5.1 allows remote attackers to se ...)
- wordpress 3.5.1+dfsg-1 (bug #698916)
NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/25/7
CVE-2013-0234 (Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg ...)
- elgg <itp> (bug #526197)
CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, ...)
@@ -19469,13 +19496,13 @@ CVE-2013-0224 (The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using th
NOT-FOR-US: Drupal addon
CVE-2013-0223 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...)
- coreutils <not-affected> (Affected patch not added to Debian package)
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/21/14
CVE-2013-0222 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...)
- coreutils <not-affected> (Affected patch not added to Debian package)
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/21/14
CVE-2013-0221 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...)
- coreutils <not-affected> (Affected patch not added to Debian package)
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/21/14
CVE-2013-0220 (The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomnt ...)
- sssd 1.8.4-2 (low; bug #698871)
[squeeze] - sssd <not-affected> (autofs and ssh responders not yet present)
@@ -19544,7 +19571,7 @@ CVE-2013-0198 (Dnsmasq before 2.66test2, when used with certain libvirt configur
- dnsmasq 2.66-1 (low)
[wheezy] - dnsmasq <no-dsa> (Minor issue)
[squeeze] - dnsmasq <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/18/2
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/18/2
CVE-2013-0197 (Cross-site scripting (XSS) vulnerability in the filter_draw_selection_ ...)
- mantis <not-affected> (This only affects the 1.2.12 version, which isn't present in Debian, bug #698481)
NOTE: http://www.mantisbt.org/bugs/view.php?id=15373
@@ -19677,7 +19704,7 @@ CVE-2013-0163 (OpenShift haproxy cartridge: predictable /tmp in set-proxy connec
NOT-FOR-US: OpenShift haproxy cartridge
CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser ...)
- ruby-parser 2.3.1-2 (bug #701637)
- NOTE: http://www.openwall.com/lists/oss-security/2013/02/22/5
+ NOTE: https://www.openwall.com/lists/oss-security/2013/02/22/5
CVE-2013-0161 (Havalite CMS 1.1.7 has a stored XSS vulnerability ...)
NOT-FOR-US: Havalite CMS
CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive ...)
@@ -19701,7 +19728,7 @@ CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails befo
- ruby-activesupport-3.2 3.2.6-5 (bug #697790)
NOTE: Starting with 2.3.14.1 rails is a transition package
NOTE: http://www.insinuator.net/2013/01/rails-yaml/
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/14
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/08/14
NOTE: experimental has 3.2.8-1 and should be affected too
CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x befo ...)
{DSA-2609-1}
@@ -19710,7 +19737,7 @@ CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x
- ruby-actionpack-3.2 3.2.6-5 (bug #697802)
- rails 2.3.14.1
NOTE: Starting with 2.3.14.1 rails is a transition package
- NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/13
+ NOTE: https://www.openwall.com/lists/oss-security/2013/01/08/13
CVE-2013-0154 (The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debug ...)
- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
CVE-2013-0153 (The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, wh ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 7d970d3fc6..2a1783abae 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1,3 +1,13 @@
+CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl. DBD: ...)
+ - libdbi-perl 1.643-3 (bug #972180)
+ [buster] - libdbi-perl 1.642-1+deb10u2
+ [stretch] - libdbi-perl <postponed> (Revisit when fixed upstream)
+ NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
+CVE-2014-10401 (An issue was discovered in the DBI module before 1.632 for Perl. DBD:: ...)
+ - libdbi-perl 1.633-1
+ NOTE: https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a
+ NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508
+ NOTE: Proposed fix: https://github.com/perl5-dbi/dbi/pull/93
CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential session IDs, w ...)
- lua-cgi <not-affected> (session generation changed in 5.1.x, cf. CVE-2014-10399)
NOTE: https://seclists.org/fulldisclosure/2014/Apr/318
@@ -1325,7 +1335,7 @@ CVE-2014-9913 (Buffer overflow in the list_files function in list.c in Info-Zip
NOTE: Same reproducer as in https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750
NOTE: can be used to verify a fix (which trigger the issue in unzip -l but crash
NOTE: in different areas of the unzip codebase)
- NOTE: http://www.openwall.com/lists/oss-security/2014/11/03/5
+ NOTE: https://www.openwall.com/lists/oss-security/2014/11/03/5
CVE-2014-9912 (The get_icu_disp_value_src_php function in ext/intl/locale/locale_meth ...)
- php5 5.6.0+dfsg-1
[wheezy] - php5 5.4.34-0+deb7u1
@@ -1352,7 +1362,7 @@ CVE-2014-9907 (coders/dds.c in ImageMagick allows remote attackers to cause a de
NOTE: https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52
NOTE: https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2014-9906 (Use-after-free vulnerability in DBD::mysql before 4.029 allows attacke ...)
{DSA-3635-1 DLA-576-1}
- libdbd-mysql-perl 4.033-1
@@ -1375,7 +1385,7 @@ CVE-2014-9904 (The snd_compress_check_input function in sound/core/compress_offl
NOTE: Fixed by: https://git.kernel.org/linus/6217e5ede23285ddfee10d2e4ba0cc2d4c046205 (3.17-rc1)
NOTE: Introduced by: https://git.kernel.org/linus/b35cc8225845112a616e3a2266d2fde5ab13d3ab (3.7-rc1)
CVE-2014-9903 (The sched_read_attr function in kernel/sched/core.c in the Linux kerne ...)
- - linux <not-affected>
+ - linux <not-affected> (Vulnerable code not present in a Debian released version)
NOTE: vulnerable code between 3.14-rc1 and 3.14-rc4
CVE-2014-9902 (Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualc ...)
NOT-FOR-US: Qualcomm driver for Android
@@ -1703,7 +1713,7 @@ CVE-2014-9773 (modules/chanserv/flags.c in Atheme before 7.2.7 allows remote att
NOTE: https://github.com/atheme/atheme/issues/397
NOTE: Fixed by: https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b
NOTE: Introduced in: https://github.com/atheme/atheme/commit/5c734f28068cf47b9b450af4dcf37195734b15be
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/02/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/02/2
CVE-2014-9772 (The validator package before 2.0.0 for Node.js allows remote attackers ...)
- validator.js <not-affected> (Fixed before initial release)
CVE-2014-9771 (Integer overflow in imlib2 before 1.4.7 allows remote attackers to cau ...)
@@ -1711,7 +1721,7 @@ CVE-2014-9771 (Integer overflow in imlib2 before 1.4.7 allows remote attackers t
- imlib2 1.4.7-1 (bug #820206)
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324774
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/09/3
CVE-2014-9770 (tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions fo ...)
- systemd 215-1
[wheezy] - systemd <not-affected> (Vulnerable code not present)
@@ -1724,7 +1734,7 @@ CVE-2014-9769 (pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps
[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
NOTE: Upstream fix: http://vcs.pcre.org/pcre?view=revision&revision=1475 (8.36)
NOTE: Introduced in: http://vcs.pcre.org/pcre?view=revision&revision=1434 (8.35)
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/26/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/26/1
CVE-2014-9768 (** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote ...)
NOT-FOR-US: Tivoli
CVE-2014-9767 (Directory traversal vulnerability in the ZipArchive::extractTo functio ...)
@@ -1744,7 +1754,7 @@ CVE-2014-9765 (Buffer overflow in the main_get_appheader function in xdelta3-mai
{DSA-3484-1 DLA-417-1}
- xdelta3 3.0.8-dfsg-1.1 (bug #814067)
NOTE: https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/08/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/08/1
CVE-2014-9764 (imlib2 before 1.4.7 allows remote attackers to cause a denial of servi ...)
{DSA-3537-1 DLA-401-1}
- imlib2 1.4.7-1
@@ -1761,8 +1771,8 @@ CVE-2014-9761 (Multiple stack-based buffer overflows in the GNU C Library (aka g
{DLA-411-1}
- glibc 2.23-1 (bug #813187)
[jessie] - glibc <no-dsa> (Minor issue)
- [wheezy] - eglibc <no-dsa> (Minor issue)
- eglibc <removed>
+ [wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16962
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
@@ -1778,7 +1788,7 @@ CVE-2014-9759 (Incomplete blacklist vulnerability in the config_is_private funct
NOTE: http://github.com/mantisbt/mantisbt/commit/7927c275
NOTE: https://sourceforge.net/p/mantisbt/mailman/message/32948048/
NOTE: https://mantisbt.org/bugs/view.php?id=20277
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/02/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/02/1
CVE-2014-9758 (Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platfor ...)
NOT-FOR-US: Magento
CVE-2014-9757 (The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before ...)
@@ -1823,7 +1833,7 @@ CVE-2014-9745 (The parse_encoding function in type1/t1load.c in FreeType before
NOTE: http://www.ubuntu.com/usn/usn-2739-1/
NOTE: https://savannah.nongnu.org/bugs/?41590
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 (VER-2-5-3)
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/11/4
CVE-2014-9746 (The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse ...)
{DSA-3370-1 DLA-319-1}
- freetype 2.6-1 (bug #798619)
@@ -1831,7 +1841,7 @@ CVE-2014-9746 (The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_
NOTE: http://www.ubuntu.com/usn/usn-2739-1/
NOTE: https://savannah.nongnu.org/bugs/?41309
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/11/4
CVE-2014-9747 (The t42_parse_encoding function in type42/t42parse.c in FreeType befor ...)
{DSA-3370-1 DLA-319-1}
- freetype 2.6-1 (bug #798619)
@@ -1839,7 +1849,7 @@ CVE-2014-9747 (The t42_parse_encoding function in type42/t42parse.c in FreeType
NOTE: http://www.ubuntu.com/usn/usn-2739-1/
NOTE: https://savannah.nongnu.org/bugs/?41309
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/11/4
CVE-2014-9744 (Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause ...)
- polarssl 1.3.9-1
[wheezy] - polarssl <not-affected> (Affects only 1.3.x series)
@@ -1858,7 +1868,7 @@ CVE-2014-9939 (ihex.c in GNU Binutils before 2.26 contains a stack buffer overfl
- binutils 2.25.90.20151125-1
[jessie] - binutils <ignored> (Minor issue)
- gdb 7.10-1 (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/31/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/31/6
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18750
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b
CVE-2014-8878 (KDE KMail does not encrypt attachments in emails when "automatic encry ...)
@@ -1867,7 +1877,7 @@ CVE-2014-8878 (KDE KMail does not encrypt attachments in emails when "automatic
[wheezy] - kdepim <no-dsa> (Minor issue)
[squeeze] - kdepim <not-affected> (Bogus condition not present)
NOTE: https://bugs.kde.org/show_bug.cgi?id=340312
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/15/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/15/5
CVE-2014-9741 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
NOT-FOR-US: ArcGIS
CVE-2014-9740 (Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x- ...)
@@ -1894,21 +1904,21 @@ CVE-2014-9731 (The UDF filesystem implementation in the Linux kernel before 3.18
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 (v3.19-rc3)
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/03/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/03/4
CVE-2014-9730 (The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel be ...)
{DLA-246-1}
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 (v3.19-rc3)
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2014-9729 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel befo ...)
{DLA-246-1}
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 (v3.19-rc3)
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2014-9728 (The UDF filesystem implementation in the Linux kernel before 3.18.2 do ...)
{DLA-246-1}
- linux 3.16.7-ckt4-1
@@ -1917,7 +1927,7 @@ CVE-2014-9728 (The UDF filesystem implementation in the Linux kernel before 3.18
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 (v3.19-rc3)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 (v3.19-rc3)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c (v3.19-rc3)
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2014-9726
RESERVED
CVE-2014-9725
@@ -1941,7 +1951,7 @@ CVE-2014-9721 (libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attacker
- zeromq3 4.0.5+dfsg-3 (bug #784366)
NOTE: https://github.com/zeromq/libzmq/issues/1273
NOTE: https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/8
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/8
CVE-2014-9717 (fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH u ...)
- linux 4.0.2-1 (low)
[jessie] - linux <ignored> (Too intrusive to backport)
@@ -1949,7 +1959,7 @@ CVE-2014-9717 (fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DET
- linux-2.6 <not-affected> (user namespaces known broken before 3.5, see kernel-sec info)
NOTE: https://groups.google.com/forum/#!topic/linux.kernel/HnegnbXk0Vs
NOTE: Proposed fixes: http://www.spinics.net/lists/linux-containers/msg30786.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/17/4
NOTE: CVE assignement for issue in http://marc.info/?l=linux-kernel&m=141271552117745&w=2
CVE-2014-9716 (Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows ...)
- owncloud <not-affected> (embedded partial copy doesn't contain the related code)
@@ -1963,7 +1973,7 @@ CVE-2014-9715 (include/net/netfilter/nf_conntrack_extend.h in the netfilter subs
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=223b02d923ecd7c84cf9780bb3686f455d279279 (v3.15-rc1)
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b423f6a40a0327f9d40bc8b97ce9be266f74368 (v3.6-rc5)
NOTE: Introduced in 3.2.x in https://git.kernel.org/cgit/linux/kernel/git/bwh/linux-3.2.y.git/commit/?id=cc1b75d796ad050c83c95733c4220aaa04fa1304 (v3.2.33)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/08/1
CVE-2014-9714 (Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveA ...)
- hhvm 3.11.0+dfsg-1
NOTE: https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34
@@ -1984,7 +1994,7 @@ CVE-2014-9710 (The Btrfs implementation in the Linux kernel before 3.19 does not
- linux-2.6 <removed>
[squeeze] - linux-2.6 <no-dsa> (btrfs in 2.6.32 is just a tech preview and not usable for production)
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 (v3.19-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/11
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/24/11
CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ...)
{DSA-3259-1}
- qemu 1:2.3+dfsg-1 (unimportant; bug #781250)
@@ -1992,7 +2002,7 @@ CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionalit
- qemu-kvm <removed> (unimportant)
[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2)
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/24/4
NOTE: Per maintainer not a security issue:
NOTE: Qemu either leaks memory or loops infinitely. Memory leakage can be easily
NOTE: mitigated using some kind of resource limits in security-sensitive environments,
@@ -2004,13 +2014,13 @@ CVE-2014-9706 (The build_index_from_tree function in index.py in Dulwich before
[jessie] - dulwich 0.9.7-3
[squeeze] - dulwich <not-affected> (Repo.checkout (later renamed to build_index_from_tree) introduced past 0.6.1)
NOTE: Patch: https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/21/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/21/1
CVE-2014-9704
RESERVED
CVE-2014-9703
RESERVED
CVE-2014-9702 (system/classes/DbPDO.php in Cmfive through 2015-03-15, when database c ...)
- TODO: check
+ NOT-FOR-US: Cmfive
CVE-2014-9700
RESERVED
CVE-2014-9699 (The MakerBot Replicator 5G printer runs an Apache HTTP Server with dir ...)
@@ -2025,8 +2035,8 @@ CVE-2014-9709 (The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as
NOTE: https://bugs.php.net/bug.php?id=68601
NOTE: Fix in libgd2: https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43
NOTE: Also related: https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=07b5896a1389c3e865cbd2fb353806b2cefe4f5c
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5fc2fede9c7c963c950d8b96dcc0f7af88b4d695
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=07b5896a1389c3e865cbd2fb353806b2cefe4f5c
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=5fc2fede9c7c963c950d8b96dcc0f7af88b4d695
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd, the embedded copy was fixed upstream in 5.6.5
NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/469990b43c294692493f15f8400560fe5d966a02
CVE-2014-9701 (Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and ...)
@@ -2057,7 +2067,7 @@ CVE-2014-9705 (Heap-based buffer overflow in the enchant_broker_request_dict fun
- php5 5.6.6+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68552
NOTE: http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/10/6
CVE-2014-9689 (content/renderer/device_sensors/device_orientation_event_pump.cc in Go ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
@@ -2100,10 +2110,10 @@ CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in ffmpeg
{DLA-464-1}
- ffmpeg <not-affected> (Vulnerable code not present in a ffmpeg version in the archive)
- libav 6:11.2-1
- NOTE: Patch in http://www.openwall.com/lists/oss-security/2015/01/04/10 seem to apply for libav
+ NOTE: Patch in https://www.openwall.com/lists/oss-security/2015/01/04/10 seem to apply for libav
NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=169065fbfb3da1ab776379c333aebc54bb1f1bc4
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
- NOTE: http://www.openwall.com/lists/oss-security/2015/01/04/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/01/04/10
CVE-2014-9675 (bdf/bdflib.c in FreeType before 2.5.4 identifies property names by onl ...)
{DSA-3188-1 DLA-185-1}
- freetype 2.5.2-3 (bug #777656)
@@ -2222,19 +2232,19 @@ CVE-2014-9679 (Integer underflow in the cupsRasterReadPixels function in filter/
NOTE: Marked with [experimental] tag as the fix is only in experimental so far
NOTE: Switch this to regular fixed version once the fix is in unstable
NOTE: https://www.cups.org/strfiles.php/3438/str4551.patch
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/10/15
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/10/15
CVE-2014-9681
REJECTED
CVE-2014-9680 (sudo before 1.8.12 does not ensure that the TZ environment variable is ...)
{DSA-3167-1 DLA-160-1}
- sudo 1.8.12-1 (bug #772707)
[jessie] - sudo 1.8.10p3-1+deb8u2
- NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
+ NOTE: https://www.openwall.com/lists/oss-security/2014/10/15/24
NOTE: http://www.sudo.ws/repos/sudo/rev/650ac6938b59 (1.8.x)
NOTE: http://www.sudo.ws/repos/sudo/rev/ac1467f71ac0 (typos)
NOTE: http://www.sudo.ws/repos/sudo/rev/91859f613b88 (description)
NOTE: http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0 (improved description)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/12
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/09/12
CVE-2014-XXXX [RPATH set to untrusted directory]
[experimental] - noise <unfixed> (bug #759868)
CVE-2014-9655 (The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeX ...)
@@ -2254,7 +2264,7 @@ CVE-2014-9653 (readelf.c in file before 5.22, as used in the Fileinfo component
- php5 <not-affected> (readelf.c not used and even removed in 5.4.36-0+deb7u3)
NOTE: http://bugs.gw.com/view.php?id=409
NOTE: http://mx.gw.com/pipermail/file/2014/001649.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/04/13
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/04/13
CVE-2014-9983 (Directory Traversal exists in RAR 4.x and 5.x because an unpack operat ...)
- rar 2:5.3.b2-1 (bug #774172)
[jessie] - rar <no-dsa> (Non-free not supported)
@@ -2327,7 +2337,7 @@ CVE-2014-9649 (Cross-site scripting (XSS) vulnerability in the management plugin
[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
[squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
- NOTE: http://www.openwall.com/lists/oss-security/2015/01/21/13
+ NOTE: https://www.openwall.com/lists/oss-security/2015/01/21/13
CVE-2014-9650 (CRLF injection vulnerability in the management plugin in RabbitMQ 2.1. ...)
- rabbitmq-server 3.4.1-1
[jessie] - rabbitmq-server <no-dsa> (Minor issue)
@@ -2335,10 +2345,10 @@ CVE-2014-9650 (CRLF injection vulnerability in the management plugin in RabbitMQ
[squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/b5a5fc31bd49ad821a655ea9e2fe920d670a62ad
- NOTE: http://www.openwall.com/lists/oss-security/2015/01/21/13
+ NOTE: https://www.openwall.com/lists/oss-security/2015/01/21/13
CVE-2014-9732 (The cabd_extract function in cabd.c in libmspack before 0.5 does not p ...)
- libmspack 0.5-1 (bug #774665)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2014-9637 (GNU patch 2.7.2 and earlier allows remote attackers to cause a denial ...)
- patch 2.7.1-7
[wheezy] - patch <not-affected> (Vulnerability introduced later)
@@ -2349,7 +2359,7 @@ CVE-2014-XXXX [formail: memory corruption]
- procmail 3.22-24 (bug #769937)
[wheezy] - procmail <no-dsa> (Minor issue)
[squeeze] - procmail <no-dsa> (Minor issue)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/21/9
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/01/21/9
CVE-2014-9630 (The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c ...)
{DSA-3150-1}
- vlc 2.2.0~rc2-2 (bug #775866)
@@ -2420,12 +2430,12 @@ CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for
- libav 6:11.3-1 (bug #775593)
NOTE: Applies to 0.8, but in different file (utvideo.c)
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0ce3a0f9d9523a9bcad4c6d451ca5bbd7a4f420d
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5. ...)
- ffmpeg 7:2.5.1-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd
CVE-2014-9602 (libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits a ...)
- ffmpeg 7:2.5.1-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -2684,7 +2694,7 @@ CVE-2014-9651 (Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4
[jessie] - chicken <no-dsa> (Minor issue)
[wheezy] - chicken <no-dsa> (Minor issue)
[squeeze] - chicken <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/01/12/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/01/12/3
NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/txt2UqAS9CtvH.txt
CVE-2014-1155
REJECTED
@@ -2898,7 +2908,7 @@ CVE-2014-9490 (The numtok function in lib/raven/okjson.rb in the raven-ruby gem
NOT-FOR-US: raven ruby gem
CVE-2014-9488 (The is_utf8_well_formed function in GNU less before 475 allows remote ...)
- less 481-1 (unimportant; bug #780247)
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/14
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/10/14
NOTE: https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
CVE-2014-9484
RESERVED
@@ -3102,13 +3112,13 @@ CVE-2014-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the
NOT-FOR-US: IP Ban (simple-ip-ban) plugin for WordPress
CVE-2014-9482 (Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through ...)
- dwarfutils <not-affected> (Vulnerable code introduced later, see bug #774530)
- NOTE: http://www.openwall.com/lists/oss-security/2014/12/31/3
+ NOTE: https://www.openwall.com/lists/oss-security/2014/12/31/3
CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x ...)
{DSA-3117-1}
- php5 5.6.5+dfsg-1
[squeeze] - php5 <not-affected> (Introduced in 5.4.1)
NOTE: https://bugs.php.net/bug.php?id=68618
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35
CVE-2014-XXXX [CRAM-MD5 authentication bypass]
- dbmail <not-affected> (Only affects versions supporting cram-md5, so 3.0.0 and later)
NOTE: http://blog.gmane.org/gmane.mail.imap.dbmail/day=20141219
@@ -3436,33 +3446,32 @@ CVE-2014-9322 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does
- linux 3.16.7-ckt2-1
[wheezy] - linux 3.2.63-2+deb7u2
- linux-2.6 <removed>
- [squeeze] - linux-2.6 2.6.32-48squeeze9
+ [squeeze] - linux-2.6 2.6.32-48squeeze9
CVE-2014-9321
RESERVED
-CVE-2014-9320
- RESERVED
+CVE-2014-9320 (SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_ ...)
NOT-FOR-US: SAP Business Objects
CVE-2014-9319 (The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg ...)
- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
- ffmpeg 2.4.4-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c
CVE-2014-9318 (The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, ...)
- libav <not-affected> (Vulnerable code not present, format not supported)
- ffmpeg 2.4.4-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff
CVE-2014-9317 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before ...)
{DLA-1611-1}
- libav <removed>
- ffmpeg 2.4.4-1
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8
CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg befor ...)
- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
- ffmpeg 2.4.4-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844
CVE-2014-9315
RESERVED
CVE-2014-9314
@@ -4085,7 +4094,7 @@ CVE-2014-9129 (Cross-site request forgery (CSRF) vulnerability in the CreativeMi
NOT-FOR-US: WordPress plugin cm-download-manager
CVE-2014-8123 (Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 ...)
- antiword 0.37-5 (bug #771768)
- NOTE: http://www.openwall.com/lists/oss-security/2014/12/01/4
+ NOTE: https://www.openwall.com/lists/oss-security/2014/12/01/4
NOTE: This actually was fixed long time ago in https://bugs.debian.org/407015
CVE-2014-8104 (OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before ...)
{DSA-3084-1 DLA-98-1}
@@ -4163,7 +4172,7 @@ CVE-2014-9114 (Blkid in util-linux before 2.26rc-1 allows local users to execute
- util-linux 2.25.2-4 (bug #771274)
[squeeze] - util-linux <no-dsa> (Minor issue)
[wheezy] - util-linux <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2014/11/26/13
+ NOTE: https://www.openwall.com/lists/oss-security/2014/11/26/13
NOTE: https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc
CVE-2014-9112 (Heap-based buffer overflow in the process_copy_in function in GNU Cpio ...)
{DSA-3111-1 DLA-111-1}
@@ -4219,7 +4228,7 @@ CVE-2014-9365 (The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and
[wheezy] - python3.2 <no-dsa> (Too intrusive to backport)
- python3.3 <removed>
- python3.4 3.4.2-2
- [jessie] - python3.4 <no-dsa> (Backporting to stable would break existing applications)
+ [jessie] - python3.4 <ignored> (Backporting to stable would break existing applications)
NOTE: http://bugs.python.org/issue22417
CVE-2014-9351 (engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote ...)
- teeworlds 0.6.2+dfsg-2 (bug #770514)
@@ -4296,8 +4305,8 @@ CVE-2014-9028 (Heap-based buffer overflow in stream_decoder.c in libFLAC before
{DSA-3082-1 DLA-99-1}
- flac 1.3.0-3 (bug #770918)
NOTE: Upstream patches:
- NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
- NOTE: https://git.xiph.org/?p=flac.git;a=patch;h=5a365996d739bdf4711af51d9c2c71c8a5e14660
+ NOTE: https://github.com/xiph/flac/commit/fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 (1.3.1pre1)
+ NOTE: https://github.com/xiph/flac/commit/5a365996d739bdf4711af51d9c2c71c8a5e14660 (1.3.1)
CVE-2014-9014 (Directory traversal vulnerability in the ajaxinit function in wpmarket ...)
NOT-FOR-US: WP Marketplace plugin for WordPress
CVE-2014-9013 (The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketp ...)
@@ -4428,7 +4437,7 @@ CVE-2014-8963
CVE-2014-8962 (Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3. ...)
{DSA-3082-1 DLA-99-1}
- flac 1.3.0-3 (bug #770918)
- NOTE: https://git.xiph.org/?p=flac.git;a=patch;h=5b3033a2b355068c11fe637e14ac742d273f076e
+ NOTE: https://github.com/xiph/flac/commit/5b3033a2b355068c11fe637e14ac742d273f076e (1.3.1pre1)
NOTE: http://lists.xiph.org/pipermail/flac-dev/2014-November/005185.html
CVE-2014-8961 (Directory traversal vulnerability in libraries/error_report.lib.php in ...)
- phpmyadmin 4:4.2.12-1
@@ -4477,23 +4486,23 @@ CVE-2014-8947
CVE-2014-8946
RESERVED
CVE-2014-8945 (admin.php?page=projects in Lexiglot through 2014-11-20 allows command ...)
- TODO: check
+ NOT-FOR-US: Lexiglot
CVE-2014-8944 (Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, o ...)
- TODO: check
+ NOT-FOR-US: Lexiglot
CVE-2014-8943 (Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=project ...)
- TODO: check
+ NOT-FOR-US: Lexiglot
CVE-2014-8942 (Lexiglot through 2014-11-20 allows CSRF. ...)
- TODO: check
+ NOT-FOR-US: Lexiglot
CVE-2014-8941 (Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page ...)
- TODO: check
+ NOT-FOR-US: Lexiglot
CVE-2014-8940 (Lexiglot through 2014-11-20 allows remote attackers to obtain sensitiv ...)
- TODO: check
+ NOT-FOR-US: Lexiglot
CVE-2014-8939 (Lexiglot through 2014-11-20 allows remote attackers to obtain sensitiv ...)
- TODO: check
+ NOT-FOR-US: Lexiglot
CVE-2014-8938 (Lexiglot through 2014-11-20 allows local users to obtain sensitive inf ...)
- TODO: check
+ NOT-FOR-US: Lexiglot
CVE-2014-8937 (Lexiglot through 2014-11-20 allows denial of service because api/updat ...)
- TODO: check
+ NOT-FOR-US: Lexiglot
CVE-2014-8936
REJECTED
CVE-2014-8935
@@ -4620,11 +4629,11 @@ CVE-2014-8873 (A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8
{DSA-3316-1 DSA-3235-1}
- openjdk-8 8u45-b14-1 (high)
- openjdk-7 7u79-2.5.5-1 (high)
+ [wheezy] - openjdk-7 <not-affected> (MIME type setting is harmless on wheezy)
+ [squeeze] - openjdk-7 <not-affected> (MIME type setting is harmless on this squeeze)
- openjdk-6 <removed> (high)
- [squeeze] - openjdk-6 <not-affected> (MIME type setting is harmless on squeeze)
[wheezy] - openjdk-6 <not-affected> (MIME type setting is harmless on wheezy)
- [squeeze] - openjdk-7 <not-affected> (MIME type setting is harmless on this squeeze)
- [wheezy] - openjdk-7 <not-affected> (MIME type setting is harmless on wheezy)
+ [squeeze] - openjdk-6 <not-affected> (MIME type setting is harmless on squeeze)
NOTE: Starting with mime-support 3.53, MimeType entries in desktop
NOTE: files end up in /etc/mailcap, which introduces the user-initiated
NOTE: code execution.
@@ -5177,6 +5186,7 @@ CVE-2014-8601 (PowerDNS Recursor before 3.6.2 does not limit delegation chaining
CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.1 ...)
- kde-runtime 4:4.14.2-2 (bug #769632)
[wheezy] - kde-runtime <no-dsa> (Minor issue)
+ - kdebase-runtime <removed>
[squeeze] - kdebase-runtime <no-dsa> (Minor issue)
- webkitkde 1.3.4-2 (unimportant)
NOTE: webkitpart: http://quickgit.kde.org/?p=kwebkitpart.git&a=commit&h=641aa7c75631084260ae89aecbdb625e918c6689
@@ -5185,8 +5195,8 @@ CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtim
NOTE: webkit not covered by security support
CVE-2014-8599
RESERVED
-CVE-2014-8597
- RESERVED
+CVE-2014-8597 (A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.0 ...)
+ NOT-FOR-US: PHP-Fusion
CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow rem ...)
NOT-FOR-US: PHP-Fusion
CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not ...)
@@ -5278,7 +5288,7 @@ CVE-2014-8627 (PolarSSL 1.3.8 does not properly negotiate the signature algorith
CVE-2014-8626 (Stack-based buffer overflow in the date_from_ISO8601 function in ext/x ...)
- php5 5.2.9.dfsg.1-1
NOTE: https://bugs.php.net/bug.php?id=45226
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c818d0d01341907fee82bdb81cab07b7d93bb9db
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c818d0d01341907fee82bdb81cab07b7d93bb9db
CVE-2014-8625 (Multiple format string vulnerabilities in the parse_error_msg function ...)
- dpkg 1.17.22 (unimportant; bug #768485)
[wheezy] - dpkg 1.16.16
@@ -5369,45 +5379,45 @@ CVE-2014-8549 (libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the
[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
- libav 6:11.2-1 (bug #773626)
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=cee4490b521fd0d02476d46aa2598af24fb8d686
CVE-2014-8548 (Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows rem ...)
{DSA-3189-1}
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:11.2-1 (bug #773626)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=d423dd72be451462c6fb1cbbe313bed0194001ab
CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute i ...)
{DSA-3189-1}
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:11.2-1 (bug #773626)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0b39ac6f54505a538c21fe49a626de94c518c903
CVE-2014-8546 (Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allow ...)
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5
CVE-2014-8545 (libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-blac ...)
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
CVE-2014-8544 (libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bi ...)
{DSA-3189-1}
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:11.3-1 (bug #773626)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=ae5e1f3d663a8c9a532d89e588cbc61f171c9186
CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all line ...)
{DSA-3189-1}
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:11.2-1 (bug #773626)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=17ba719d9ba30c970f65747f42d5fbb1e447ca28
CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID dur ...)
{DLA-1654-1}
@@ -5415,14 +5425,14 @@ CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec I
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:11.2-1 (bug #773626)
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=88626e5af8d006e67189bf10b96b982502a7e8ad
CVE-2014-8541 (libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension ...)
- ffmpeg 7:2.4.3-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:11.2-1 (bug #773626)
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=809c3023b699c54c90511913d3b6140dd2436550
CVE-2014-8539 (Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 an ...)
NOT-FOR-US: Simple Email
@@ -5581,19 +5591,19 @@ CVE-2014-8559 (The d_walk function in fs/dcache.c in the Linux kernel through 3.
{DSA-3170-1}
- linux 3.16.7-ckt4-1
- linux-2.6 <not-affected> (Introduced in 2.6.38)
- NOTE: References in http://www.openwall.com/lists/oss-security/2014/10/30/7
+ NOTE: References in https://www.openwall.com/lists/oss-security/2014/10/30/7
NOTE: Upstream fix: https://git.kernel.org/linus/ca5358ef75fc69fee5322a38a340f5739d997c10 (v3.19-rc1)
NOTE: Upstream fix: https://git.kernel.org/linus/946e51f2bf37f1656916eb75bd0742ba33983c28 (v3.19-rc1)
CVE-2014-8517 (The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in Net ...)
- tnftp 20130505-2 (low; bug #767171)
[wheezy] - tnftp <no-dsa> (Minor issue)
[squeeze] - tnftp <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2014/10/28/4
+ NOTE: https://www.openwall.com/lists/oss-security/2014/10/28/4
CVE-2014-9915 (Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers ...)
- imagemagick 8:6.8.9.9-1 (bug #767240)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
[squeeze] - imagemagick <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2014-8355 (PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers ...)
{DLA-960-1 DLA-242-1}
- imagemagick 8:6.8.9.9-1 (bug #767240)
@@ -6029,8 +6039,8 @@ CVE-2014-8317 (Cross-site scripting (XSS) vulnerability in the Webform Validatio
CVE-2014-8350 (Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...)
{DLA-452-1}
- smarty3 3.1.21-1 (bug #765920)
- - smarty <not-affected> (Only affects 3.x series)
[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
+ - smarty <not-affected> (Only affects 3.x series)
NOTE: https://github.com/smarty-php/smarty/commit/279bdbd3521cd717cae6a3ba48f1c3c6823f439d.patch
CVE-2014-8399 (The default configuration in systemd-shim 8 enables the Abandon debugg ...)
- systemd-shim 8-4
@@ -6119,12 +6129,12 @@ CVE-2014-8764 (DokuWiki 2014-05-05a and earlier, when using Active Directory for
{DSA-3059-1 DLA-79-1}
- dokuwiki 0.0.20140929.a-1 (bug #766545)
[jessie] - dokuwiki <not-affected> (PHP 5.6 in jessie fixes this on the PHP level, see #766545)
- NOTE: Fix at PHP level: http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
+ NOTE: Fix at PHP level: https://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
CVE-2014-8763 (DokuWiki before 2014-05-05b, when using Active Directory for LDAP auth ...)
{DSA-3059-1 DLA-79-1}
- dokuwiki 0.0.20140929.a-1 (bug #766545)
[jessie] - dokuwiki <not-affected> (PHP 5.6 in jessie fixes this on the PHP level, see #766545)
- NOTE: Fix at PHP level: http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
+ NOTE: Fix at PHP level: https://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
CVE-2014-8762 (The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remo ...)
{DSA-3059-1}
- dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545)
@@ -6573,8 +6583,8 @@ CVE-2014-8143 (Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before
CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data function in ex ...)
{DSA-3117-1}
- php5 5.6.5+dfsg-1 (unimportant)
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc
NOTE: Only affects an inherently insecure use case
CVE-2014-8141 (Heap-based buffer overflow in the getZip64Data function in Info-ZIP Un ...)
{DSA-3113-1 DLA-124-1}
@@ -6717,7 +6727,7 @@ CVE-2014-8117 (softmagic.c in file before 5.21 does not properly limit recursion
- php5 5.6.4+dfsg-2
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
NOTE: https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c
- NOTE: Other commits needed as well: http://www.openwall.com/lists/oss-security/2014/12/16/2
+ NOTE: Other commits needed as well: https://www.openwall.com/lists/oss-security/2014/12/16/2
CVE-2014-8116 (The ELF parser (readelf.c) in file before 5.21 allows remote attackers ...)
{DSA-3121-1 DLA-131-1}
- file 1:5.21+15-1 (low; bug #773148)
@@ -6727,7 +6737,7 @@ CVE-2014-8116 (The ELF parser (readelf.c) in file before 5.21 allows remote atta
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
NOTE: https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b
NOTE: https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6
- NOTE: Other commits needed as well: http://www.openwall.com/lists/oss-security/2014/12/16/2
+ NOTE: Other commits needed as well: https://www.openwall.com/lists/oss-security/2014/12/16/2
CVE-2014-8115 (The default authorization constrains in KIE Workbench 6.0.x allows rem ...)
NOT-FOR-US: KIE Workbench
CVE-2014-8114 (The UberFire Framework 0.3.x does not properly restrict paths, which a ...)
@@ -7191,7 +7201,7 @@ CVE-2014-7937 (Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg be
- libav <not-affected> (bug #785326; can't reproduce the issue)
[jessie] - libav <not-affected> (Can't reproduce the issue)
[wheezy] - libav <not-affected> (Can't reproduce the issue)
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057
CVE-2014-7936 (Use-after-free vulnerability in the ZoomBubbleView::Close function in ...)
- chromium-browser 40.0.2214.91-1
[wheezy] - chromium-browser <end-of-life>
@@ -7212,7 +7222,7 @@ CVE-2014-7933 (Use-after-free vulnerability in the matroska_read_seek function i
- ffmpeg 7:2.5.1-1
[squeeze] - ffmpeg <end-of-life>
- libav 6:11.3-1
- NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
+ NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
CVE-2014-7932 (Use-after-free vulnerability in the Element::detach function in core/d ...)
- chromium-browser 40.0.2214.91-1
@@ -7464,9 +7474,9 @@ CVE-2014-7858 (The check_login function in D-Link DNR-326 before 2.10 build 03 a
CVE-2014-7857 (D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build ...)
NOT-FOR-US: D-Link
CVE-2014-7856
- RESERVED
+ REJECTED
CVE-2014-7855
- RESERVED
+ REJECTED
CVE-2014-7854
RESERVED
CVE-2014-7853 (The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBo ...)
@@ -7612,7 +7622,7 @@ CVE-2014-7821 (OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 al
NOTE: Versions up to 2014.1.3 and 2014.2
NOTE: https://launchpad.net/bugs/1378450
CVE-2014-7820
- RESERVED
+ REJECTED
CVE-2014-7819 (Multiple directory traversal vulnerabilities in server.rb in Sprockets ...)
- ruby-sprockets 2.12.3-1
[wheezy] - ruby-sprockets <no-dsa> (Minor issue)
@@ -10361,9 +10371,9 @@ CVE-2014-6541 (Unspecified vulnerability in the Recovery component in Oracle Dat
NOT-FOR-US: Oracle
CVE-2014-6540 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...)
- virtualbox-guest-additions <removed>
+ [squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
- virtualbox-guest-additions-iso 4.3.14-1
[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
- [squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
CVE-2014-6539 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
NOT-FOR-US: Oracle E-Business Suite
@@ -11236,7 +11246,7 @@ CVE-2014-6228 (Integer overflow in the string_chunk_split function in hphp/runti
CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail 3.22 al ...)
{DSA-3019-1 DLA-46-1}
- procmail 3.22-22 (bug #760443)
- NOTE: http://www.openwall.com/lists/oss-security/2014/09/03/8
+ NOTE: https://www.openwall.com/lists/oss-security/2014/09/03/8
CVE-2014-6241 (SQL injection vulnerability in the wt_directory extension before 1.4.1 ...)
NOT-FOR-US: TYPO3 extension wt_directory
CVE-2014-6240 (Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar ...)
@@ -13028,7 +13038,7 @@ CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI hotplug
[squeeze] - qemu-kvm <not-affected> (Introduced in 1.7)
[wheezy] - qemu-kvm <not-affected> (Introduced in 1.7)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html
- NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091
+ NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091
CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...)
NOT-FOR-US: Schrack Technik microControl
CVE-2014-5381 (Grand MA 300 allows a brute-force attack on the PIN. ...)
@@ -13137,7 +13147,7 @@ CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.
NOTE: introduces incompatible changes to older versions, see https://bugzilla.redhat.com/show_bug.cgi?id=1132337#c2
CVE-2014-5339 (Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authent ...)
- check-mk 1.2.6p4-1 (bug #758883)
- [wheezy] - check-mk <not-affected> (Vulnerable code not present)
+ [wheezy] - check-mk <not-affected> (Vulnerable code not present)
NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7998aa4d53d2fef7302c0761b9c8f47e2f626e18
CVE-2014-5338 (Multiple cross-site scripting (XSS) vulnerabilities in the multisite c ...)
- check-mk 1.2.6p4-1 (bug #758883)
@@ -13337,13 +13347,13 @@ CVE-2014-5272 (libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
NOTE: <lu_zero> Does not apply to Libav at all.
CVE-2014-5271 (Heap-based buffer overflow in the encode_slice function in libavcodec/ ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav 6:11-1
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803
NOTE: new ffmpeg now in experimental, CVE fixed in 7:2.4-1
NOTE: https://git.libav.org/?p=libav.git;a=commitdiff;h=45ce880a9b3e50cfa088f111dffaf8685bd7bc6b
CVE-2014-5262 (SQL injection vulnerability in the graph settings script (graph_settin ...)
@@ -13580,13 +13590,13 @@ CVE-2014-5207 (fs/namespace.c in the Linux kernel through 3.16.1 does not proper
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=9566d6742852c527bf5af38af5cbb878dad75705 (v3.17-rc1)
NOTE: and: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e (v3.17-rc1)
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0c55cfc4166d9a0f38de779bd4d75a90afbe7734 (v3.8)
- NOTE: Thread starting at http://www.openwall.com/lists/oss-security/2014/08/12/6
+ NOTE: Thread starting at https://www.openwall.com/lists/oss-security/2014/08/12/6
CVE-2014-5206 (The do_remount function in fs/namespace.c in the Linux kernel through ...)
- linux 3.16.2-1
[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=db181ce011e3c033328608299cd6fac06ea50130
- NOTE: Thread starting at http://www.openwall.com/lists/oss-security/2014/08/12/6
+ NOTE: Thread starting at https://www.openwall.com/lists/oss-security/2014/08/12/6
CVE-2014-5247 (The _UpgradeBeforeConfigurationChange function in lib/client/gnt_clust ...)
- ganeti 2.11.5-1
[wheezy] - ganeti <not-affected> (Vulnerable code not present)
@@ -13981,7 +13991,7 @@ CVE-2014-5033 (KDE kdelibs before 4.14 and kauth before 5.1 does not properly us
NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
CVE-2014-5032 (GLPI before 0.84.7 does not properly restrict access to cost informati ...)
- glpi <removed> (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2014/07/22/6
+ NOTE: https://www.openwall.com/lists/oss-security/2014/07/22/6
NOTE: Only supported behind an authenticated HTTP zone
CVE-2014-5031 (The web interface in CUPS before 2.0 does not check that files have wo ...)
{DSA-2990-1 DLA-0022-1}
@@ -14651,7 +14661,7 @@ CVE-2014-5119 (Off-by-one error in the __gconv_translit_find function in gconv_t
{DSA-3012-1 DLA-43-1}
- glibc 2.19-10 (medium)
- eglibc <removed> (medium)
- NOTE: http://www.openwall.com/lists/oss-security/2014/07/14/2
+ NOTE: https://www.openwall.com/lists/oss-security/2014/07/14/2
NOTE: http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
CVE-2014-4909 (Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bit ...)
{DSA-2988-1}
@@ -14749,7 +14759,7 @@ CVE-2014-4699 (The Linux kernel before 3.15.4 on Intel processors does not prope
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a
CVE-2014-4698 (Use-after-free vulnerability in ext/spl/spl_array.c in the SPL compone ...)
- php5 5.6.0~rc3+dfsg-1 (unimportant)
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=22882a9d89712ff2b6ebc20a689a89452bba4dcd
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=22882a9d89712ff2b6ebc20a689a89452bba4dcd
NOTE: https://bugs.php.net/bug.php?id=67539
NOTE: exploitable by malicious scripts only
CVE-2014-4697
@@ -14808,7 +14818,7 @@ CVE-2014-4670 (Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL c
{DSA-3008-1}
- php5 5.6.0~rc3+dfsg-1 (unimportant)
NOTE: exploitable by malicious scripts only
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=df78c48354f376cf419d7a97f88ca07d572f00fb
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=df78c48354f376cf419d7a97f88ca07d572f00fb
NOTE: https://bugs.php.net/bug.php?id=67538
CVE-2014-4669 (HP Enterprise Maps 1.00 allows remote authenticated users to read arbi ...)
NOT-FOR-US: HP Enterprise Maps
@@ -14881,7 +14891,7 @@ CVE-2014-4652 (Race condition in the tlv handler functionality in the snd_ctl_el
CVE-2014-4678 (The safe_eval function in Ansible before 1.6.4 does not properly restr ...)
- ansible 1.6.6+dfsg-1
NOTE: https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916
- NOTE: See http://www.openwall.com/lists/oss-security/2014/06/26/30
+ NOTE: See https://www.openwall.com/lists/oss-security/2014/06/26/30
CVE-2014-4660 (Ansible before 1.5.5 constructs filenames containing user and password ...)
- ansible 1.5.5+dfsg-1
NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
@@ -14979,7 +14989,7 @@ CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used in
CVE-2014-4610 (Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- NOTE: Fixed in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee
+ NOTE: Fixed in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee
CVE-2014-4609 (Integer overflow in the get_len function in libavutil/lzo.c in Libav b ...)
{DSA-2977-1}
- libav 6:10.2-1
@@ -16509,7 +16519,7 @@ CVE-2014-3962 (Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow r
CVE-2014-3961 (SQL injection vulnerability in the Export CSV page in the Participants ...)
NOT-FOR-US: WordPress plugin Participants Database
CVE-2014-3960 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2014-3980 (libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in ...)
- libfep <itp> (bug #658575)
CVE-2014-3959 (Cross-site scripting (XSS) vulnerability in list.jsp in the Configurat ...)
@@ -16606,7 +16616,7 @@ CVE-2014-3956 (The sm_close_on_exec function in conf.c in sendmail before 8.14.9
- sendmail 8.14.4-6 (low; bug #750562)
[wheezy] - sendmail 8.14.4-4+deb7u1
[squeeze] - sendmail <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2014/06/03/1
+ NOTE: https://www.openwall.com/lists/oss-security/2014/06/03/1
CVE-2014-3940 (The Linux kernel through 3.14.5 does not properly consider the presenc ...)
- linux 3.14.7-1 (low)
[wheezy] - linux 3.2.60-1
@@ -16727,10 +16737,10 @@ CVE-2014-3874
RESERVED
CVE-2014-3873 (The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p1 ...)
- kfreebsd-8 <removed>
- - kfreebsd-9 <removed> (bug #750493)
+ [wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
+ - kfreebsd-9 <removed> (bug #750493)
[wheezy] - kfreebsd-9 <not-affected> (introduced by the merge of r237663)
- [wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
CVE-2014-3872 (Multiple SQL injection vulnerabilities in the administration login pag ...)
NOT-FOR-US: D-Link firmware
CVE-2014-3871 (Multiple SQL injection vulnerabilities in register.php in Geodesic Sol ...)
@@ -17075,7 +17085,7 @@ CVE-2014-3710 (The donote function in readelf.c in file through 5.20, as used in
NOTE: Upstream fix: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
- php5 5.6.3+dfsg-1 (bug #768807)
NOTE: https://bugs.php.net/bug.php?id=68283
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=1803228597e82218a8c105e67975bc50e6f5bf0d (PHP 5.4 branch)
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=1803228597e82218a8c105e67975bc50e6f5bf0d (PHP 5.4 branch)
CVE-2014-3709 (The org.keycloak.services.resources.SocialResource.callback method in ...)
NOT-FOR-US: JBoss KeyCloak
CVE-2014-3708 (OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 ...)
@@ -17140,9 +17150,9 @@ CVE-2014-3690 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel befor
CVE-2014-3689 (The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local g ...)
{DSA-3067-1 DSA-3066-1}
- qemu 2.1+dfsg-6 (bug #765496)
+ [squeeze] - qemu <end-of-life>
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life>
- [squeeze] - qemu <end-of-life>
NOTE: Upstream's quick and easy stopgap for this issue: compile out the hardware acceleration functions which lack sanity checks.
NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=83afa38eb20ca27e30683edc7729880e091387fc
CVE-2014-3688 (The SCTP implementation in the Linux kernel before 3.17.4 allows remot ...)
@@ -17307,9 +17317,9 @@ CVE-2014-3641 (The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder
CVE-2014-3640 (The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local ...)
{DSA-3045-1 DSA-3044-1}
- qemu 2.1+dfsg-5 (bug #762532)
+ [squeeze] - qemu <end-of-life>
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life>
- [squeeze] - qemu <end-of-life>
NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...)
{DSA-3026-1 DLA-87-1}
@@ -17641,7 +17651,7 @@ CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
[squeeze] - matrixssl <no-dsa> (Minor issue)
[wheezy] - matrixssl <no-dsa> (Minor issue)
- midori <unfixed> (unimportant)
- - netsurf <unfixed> (unimportant)
+ - netsurf 3.6-1 (unimportant)
- nss 2:3.17.1-1
[squeeze] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that)
[wheezy] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that)
@@ -17986,7 +17996,7 @@ CVE-2014-3480 (The cdf_count_chain function in cdf.c in file before 5.19, as use
NOTE: https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382
- php5 5.6.0~rc1+dfsg-1
[squeeze] - php5 5.3.3-7+squeeze21
- NOTE: http://bugs.php.net/bug.php?id=67412
+ NOTE: https://bugs.php.net/bug.php?id=67412
CVE-2014-3479 (The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...)
{DSA-3021-1 DSA-2974-1 DLA-27-1}
- file 1:5.19-1
@@ -18002,7 +18012,7 @@ CVE-2014-3478 (Buffer overflow in the mconvert function in softmagic.c in file b
NOTE: https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
- php5 5.6.0~rc1+dfsg-1
[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
- NOTE: http://bugs.php.net/bug.php?id=67410
+ NOTE: https://bugs.php.net/bug.php?id=67410
CVE-2014-3477 (The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and ...)
{DSA-2971-1 DLA-87-1}
- dbus 1.8.4-1 (low)
@@ -19356,7 +19366,7 @@ CVE-2014-3985 (The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows
[wheezy] - miniupnpc <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1085618
NOTE: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9
- NOTE: http://www.openwall.com/lists/oss-security/2014/04/30/3
+ NOTE: https://www.openwall.com/lists/oss-security/2014/04/30/3
CVE-2014-4338 (cups-browsed in cups-filters before 1.0.53 allows remote attackers to ...)
- cups-filters 1.0.53-1
[wheezy] - cups-filters <not-affected> (vulnerable code not present)
@@ -20738,7 +20748,7 @@ CVE-2014-2440 (Unspecified vulnerability in the MySQL Client component in Oracle
- mariadb-10.0 <not-affected> (Fixed before initial upload)
- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
- NOTE: this is the same issue as CVE-2014-0001, see http://www.openwall.com/lists/oss-security/2014/09/11/23
+ NOTE: this is the same issue as CVE-2014-0001, see https://www.openwall.com/lists/oss-security/2014/09/11/23
CVE-2014-2439 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) co ...)
NOT-FOR-US: Oracle Secure Global Desktop (SGD)
CVE-2014-2438 (Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier an ...)
@@ -21207,7 +21217,7 @@ CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka
{DSA-3003-1}
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
- libav 6:10.4-1
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257
CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9 ...)
@@ -21561,7 +21571,7 @@ CVE-2014-2284 (The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5
NOTE: http://sourceforge.net/p/net-snmp/mailman/message/32026655/
NOTE: http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/
CVE-2014-XXXX [buffer overflow]
- - mp3gain <removed> (low; bug #740268)
+ - mp3gain 1.6.2-1 (low; bug #740268)
[squeeze] - mp3gain <no-dsa> (Minor issue)
[wheezy] - mp3gain <no-dsa> (Minor issue)
NOTE: http://sourceforge.net/p/mp3gain/bugs/36/
@@ -21571,7 +21581,7 @@ CVE-2014-2270 (softmagic.c in file before 5.17 and libmagic allows context-depen
NOTE: http://bugs.gw.com/view.php?id=313
NOTE: https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801
- php5 5.5.10+dfsg-1 (bug #740960)
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a33759fd275b32ed0bbe89796fe2953b3cb0b41f
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=a33759fd275b32ed0bbe89796fe2953b3cb0b41f
CVE-2014-5795
REJECTED
CVE-2014-2245 (SQL injection vulnerability in the News module in CMS Made Simple (CMS ...)
@@ -21993,7 +22003,7 @@ CVE-2014-1949 (GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-s
[wheezy] - gtk+3.0 <not-affected> (Only affects GTK+ 3.10.9 and later)
- gtk+2.0 <not-affected> (Only affects GTK+ 3.10.9 and later)
- cinnamon 2.2.14-1 (bug #738828)
- NOTE: http://www.openwall.com/lists/oss-security/2014/02/12/7
+ NOTE: https://www.openwall.com/lists/oss-security/2014/02/12/7
NOTE: https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4
NOTE: The CVE was originally assigned specifically for cinnamon-screensaver, but the underlying fix lies in gtk+3.0
NOTE: and later MITRE assigned the CVE to GTK+ 3.10.9 and later, see official MITRE CVE description.
@@ -22332,7 +22342,7 @@ CVE-2014-2013 (Stack-based buffer overflow in the xps_parse_color function in xp
- mupdf 1.3-2 (bug #738857)
NOTE: http://www.hdwsec.fr/blog/mupdf.html
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694957
- NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc
CVE-2014-1828 (The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad d ...)
NOT-FOR-US: iOS iThoughtsHD app
CVE-2014-1827 (The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transf ...)
@@ -23567,7 +23577,7 @@ CVE-2014-1642 (The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrou
- xen 4.4.0-1
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
- NOTE: http://www.openwall.com/lists/oss-security/2014/01/23/2
+ NOTE: https://www.openwall.com/lists/oss-security/2014/01/23/2
CVE-2014-1640 (axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe tem ...)
- axiom 20120501-17 (low; bug #736358)
[squeeze] - axiom <no-dsa> (Minor issue)
@@ -23699,14 +23709,14 @@ CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubunt
NOTE: include the faulty patch.
CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch ...)
NOT-FOR-US: signond from Ubuntu Touch
-CVE-2014-1422
- RESERVED
+CVE-2014-1422 (In Ubuntu's trust-store, if a user revokes location access from an app ...)
+ NOT-FOR-US: Ubuntu trust-store
CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the u ...)
- mountall <not-affected> (partman-efi in jessie uses secure umask, mount in older releases not affected)
NOTE: See https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
NOTE: and http://www.ubuntu.com/usn/usn-2411-1
-CVE-2014-1420
- RESERVED
+CVE-2014-1420 (On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp ...)
+ NOT-FOR-US: ubuntu-ui-toolkit
CVE-2014-1419 (Race condition in the power policy functions in policy-funcs in acpi-s ...)
{DSA-2984-1 DLA-30-1}
- acpi-support 0.142-2
@@ -24150,15 +24160,15 @@ CVE-2014-1213 (Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.9
CVE-2014-1212
RESERVED
CVE-2014-1211 (Cross-site request forgery (CSRF) vulnerability in VMware vCloud Direc ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2014-1210 (VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does ...)
NOT-FOR-US: VMware vSphere Client
CVE-2014-1209 (VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Up ...)
NOT-FOR-US: VMware vSphere Client
CVE-2014-1208 (VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, V ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2014-1207 (VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers ...)
- NOT-FOR-US: VMWare
+ NOT-FOR-US: VMware
CVE-2014-1206 (SQL injection vulnerability in the password reset page in Open Web Ana ...)
NOT-FOR-US: Open Web Analytics
CVE-2014-1205
@@ -24643,7 +24653,8 @@ CVE-2014-0792 (Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers t
CVE-2014-0790
RESERVED
CVE-2014-0791 (Integer overflow in the license_read_scope_list function in libfreerdp ...)
- - freerdp <unfixed> (unimportant)
+ {DLA-2356-1}
+ - freerdp <removed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941
NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by simply stating that no valid license exists etc.
@@ -26807,7 +26818,7 @@ CVE-2014-0001 (Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB be
CVE-2014-0158 (Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJ ...)
- openjpeg 1.3+dfsg-4.7
NOTE: Not considering a duplicate of CVE-2013-1447 following
- NOTE: http://www.openwall.com/lists/oss-security/2014/04/02/2 . A query
+ NOTE: https://www.openwall.com/lists/oss-security/2014/04/02/2 . A query
NOTE: to MITRE though indicated that CVE-2014-0158 will not be REJECTED
NOTE: since people might have tracked CVE-2014-0158 of the much higher
NOTE: impact as due https://bugzilla.redhat.com/show_bug.cgi?id=1082925
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 7628c29e11..4456217dd6 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -1,3 +1,31 @@
+CVE-2015-10002
+ RESERVED
+CVE-2015-20106 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2015-20105 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not hav ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9 does not s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2015-20002
+ RESERVED
+CVE-2015-20001 (In the standard library in Rust before 1.2.0, BinaryHeap is not panic- ...)
+ - rustc 1.2.0+dfsg1-1
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/25842
+ NOTE: https://github.com/rust-lang/rust/pull/25856
+CVE-2015-9551 (An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1 ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2015-9550 (An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1 ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2015-9549 (A reflected Cross-site Scripting (XSS) vulnerability exists in OcPorta ...)
+ NOT-FOR-US: OcPortal
+CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It allows a ...)
+ - mattermost-server <itp> (bug #823556)
CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) and KK ...)
NOT-FOR-US: Samsung mobile devices
CVE-2015-9546 (An issue was discovered on Samsung mobile devices with KK(4.4) and lat ...)
@@ -7,15 +35,17 @@ CVE-2015-9545 (An issue was discovered in xdLocalStorage through 2.0.5. The rece
CVE-2015-9544 (An issue was discovered in xdLocalStorage through 2.0.5. The receiveMe ...)
NOT-FOR-US: xdLocalStorage
CVE-2015-9543 (An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 1 ...)
- - nova <unfixed> (bug #951635)
+ - nova 2:20.1.1-1 (bug #951635)
[buster] - nova <no-dsa> (Minor issue)
[stretch] - nova <no-dsa> (Minor issue)
[jessie] - nova <no-dsa> (Minor issue)
NOTE: https://launchpad.net/bugs/1492140
NOTE: https://review.opendev.org/220622
+ NOTE: https://www.openwall.com/lists/oss-security/2020/02/19/2
CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...)
- {DLA-2116-1}
+ {DLA-2304-1 DLA-2116-1}
- libpam-radius-auth 1.4.0-3 (bug #951396)
+ [buster] - libpam-radius-auth 1.4.0-3~deb10u1
NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec
NOTE: https://github.com/FreeRADIUS/pam_radius/commit/6bae92d
NOTE: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677
@@ -554,7 +584,9 @@ CVE-2015-9286 (Controllers.outgoing in controllers/index.js in NodeBB before 0.7
CVE-2015-9285 (esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. ...)
NOT-FOR-US: esoTalk
CVE-2015-9284 (The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vuln ...)
- - ruby-omniauth <unfixed>
+ - ruby-omniauth <unfixed> (bug #973384)
+ [bullseye] - ruby-omniauth <ignored> (Minor issue)
+ [buster] - ruby-omniauth <ignored> (Minor issue)
[stretch] - ruby-omniauth <no-dsa> (Minor issue)
[jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs CSRF protection in apps)
NOTE: https://github.com/omniauth/omniauth/pull/809
@@ -702,7 +734,7 @@ CVE-2015-9227 (PHP remote file inclusion vulnerability in the get_file function
CVE-2015-9226 (Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remot ...)
NOT-FOR-US: AlegroCart
CVE-2015-9225
- RESERVED
+ REJECTED
CVE-2015-9224 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9223 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -724,7 +756,7 @@ CVE-2015-9216 (In Android before 2018-04-05 or earlier security patch level on Q
CVE-2015-9215 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9214
- RESERVED
+ REJECTED
CVE-2015-9213 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9212 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -816,7 +848,7 @@ CVE-2015-9170 (In Android before 2018-04-05 or earlier security patch level on Q
CVE-2015-9169 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9168
- RESERVED
+ REJECTED
CVE-2015-9167 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9166 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -842,9 +874,9 @@ CVE-2015-9157 (In Android before 2018-04-05 or earlier security patch level on Q
CVE-2015-9156 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9155
- RESERVED
+ REJECTED
CVE-2015-9154
- RESERVED
+ REJECTED
CVE-2015-9153 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9152 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -902,7 +934,7 @@ CVE-2015-9127 (In Android before 2018-04-05 or earlier security patch level on Q
CVE-2015-9126 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9125
- RESERVED
+ REJECTED
CVE-2015-9124 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9123 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -910,7 +942,7 @@ CVE-2015-9123 (In Android before 2018-04-05 or earlier security patch level on Q
CVE-2015-9122 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9121
- RESERVED
+ REJECTED
CVE-2015-9120 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9119 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -918,7 +950,7 @@ CVE-2015-9119 (In Android before 2018-04-05 or earlier security patch level on Q
CVE-2015-9118 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9117
- RESERVED
+ REJECTED
CVE-2015-9116 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2015-9115 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -963,49 +995,49 @@ CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command inje
NOTE: https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee
NOTE: https://github.com/rubysec/ruby-advisory-db/issues/215
CVE-2015-9095
- RESERVED
+ REJECTED
CVE-2015-9094
- RESERVED
+ REJECTED
CVE-2015-9093
- RESERVED
+ REJECTED
CVE-2015-9092
- RESERVED
+ REJECTED
CVE-2015-9091
- RESERVED
+ REJECTED
CVE-2015-9090
- RESERVED
+ REJECTED
CVE-2015-9089
- RESERVED
+ REJECTED
CVE-2015-9088
- RESERVED
+ REJECTED
CVE-2015-9087
- RESERVED
+ REJECTED
CVE-2015-9086
- RESERVED
+ REJECTED
CVE-2015-9085
- RESERVED
+ REJECTED
CVE-2015-9084
- RESERVED
+ REJECTED
CVE-2015-9083
- RESERVED
+ REJECTED
CVE-2015-9082
- RESERVED
+ REJECTED
CVE-2015-9081
- RESERVED
+ REJECTED
CVE-2015-9080
- RESERVED
+ REJECTED
CVE-2015-9079
- RESERVED
+ REJECTED
CVE-2015-9078
- RESERVED
+ REJECTED
CVE-2015-9077
- RESERVED
+ REJECTED
CVE-2015-9076
- RESERVED
+ REJECTED
CVE-2015-9075
- RESERVED
+ REJECTED
CVE-2015-9074
- RESERVED
+ REJECTED
CVE-2015-9073 (In all Qualcomm products with Android releases from CAF using the Linu ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9072 (In all Qualcomm products with Android releases from CAF using the Linu ...)
@@ -1035,9 +1067,8 @@ CVE-2015-9061 (In all Qualcomm products with Android releases from CAF using the
CVE-2015-9060 (In all Qualcomm products with Android releases from CAF using the Linu ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send ...)
- {DLA-974-1}
+ {DLA-2259-1 DLA-974-1}
- picocom 1.7-2 (bug #863671)
- [jessie] - picocom <no-dsa> (Minor issue)
NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
CVE-2015-9058 (Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4. ...)
NOT-FOR-US: Proxmox Mail Gateway
@@ -1220,7 +1251,7 @@ CVE-2015-8979 (Stack-based buffer overflow in the parsePresentationContext funct
NOTE: 3.6.1~20160216-2 is the first version in unstable containing the fix
NOTE: http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php
NOTE: Fixed by: https://github.com/commontk/DCMTK/commit/1b6bb76
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/2
CVE-2015-8978 (In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, ...)
{DLA-723-1}
- libsoap-lite-perl 1.19-1
@@ -1246,7 +1277,7 @@ CVE-2015-8971 (Terminology 0.7.0 allows remote attackers to execute arbitrary co
{DSA-3712-1}
- terminology 0.7.0-2 (bug #843434)
NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/12
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/04/12
CVE-2015-8969 (git-fastclone before 1.0.5 passes user modifiable strings directly to ...)
NOT-FOR-US: git-fastclone
CVE-2015-8968 (git-fastclone before 1.0.1 permits arbitrary shell command execution f ...)
@@ -1260,7 +1291,7 @@ CVE-2015-8970 (crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not
NOTE: Fixed by: https://git.kernel.org/linus/dd504589577d8e8e70f51f997ad487a4cb6c026f (v4.5-rc1)
NOTE: Followed by a complete set of related upstrema commits. See kernel-sec
NOTE: triage for details.
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/6
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/6
CVE-2015-8967 (arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local us ...)
- linux 4.0.2-1 (unimportant)
NOTE: Fixed by: https://git.kernel.org/linus/c623b33b4e9599c6ac5076f7db7369eb9869aa04 (v4.0-rc1)
@@ -1336,7 +1367,7 @@ CVE-2015-8957 (Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote
NOTE: https://github.com/ImageMagick/ImageMagick/commit/78f82d9d1c2944725a279acd573a22168dc6e22a
NOTE: https://github.com/ImageMagick/ImageMagick/commit/bd96074b254c6607a0f7731e59f923ad19d5a46d
NOTE: https://github.com/ImageMagick/ImageMagick/commit/450bd716ed3b9186dd10f9e60f630a3d9eeea2a4
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2015-8958 (coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attacker ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832465)
@@ -1345,14 +1376,14 @@ CVE-2015-8958 (coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote att
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1aa0c6dab6dcef4d9bc3571866ae1c1ddbec7d8f
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6b4aff0f117b978502ee5bcd6e753c17aec5a961
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8ea44b48a182dd46d018f4b4f09a5e2ee9638105
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2015-8959 (coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attacker ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832944)
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26861
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3ab016764c7f787829d9065440d86f5609765110
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b428b7af688fe319320aed15f2b94281d1e37b4
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2015-8949 (Use-after-free vulnerability in the my_login function in DBD::mysql be ...)
{DSA-3635-1 DLA-576-1}
- libdbd-mysql-perl 4.035-1
@@ -1375,7 +1406,7 @@ CVE-2015-8946 (ecryptfs-setup-swap in eCryptfs before 111 does not prevent the u
[wheezy] - ecryptfs-utils <no-dsa> (Only happens if using systemd v207 onward)
NOTE: https://launchpad.net/bugs/1447282
NOTE: Fixed by: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/2
CVE-2015-8945 (openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores ...)
NOT-FOR-US: OpenShift
CVE-2015-8944 (The ioresources_init function in kernel/resource.c in the Linux kernel ...)
@@ -1399,7 +1430,7 @@ CVE-2015-8936 (Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squ
- squidguard 1.5-5 (unimportant)
NOTE: Only affects an example script
NOTE: Fix applied: 16_XSS-security-bugfix.patch in 1.5-5
- NOTE: http://www.openwall.com/lists/oss-security/2016/06/20/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/06/20/2
CVE-2015-8935 (The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x ...)
- php5 5.6.6+dfsg-1
[wheezy] - php5 5.4.38-0+deb7u1
@@ -1499,7 +1530,7 @@ CVE-2015-8919 (The lha_read_file_extended_header function in archive_read_suppor
NOTE: Fixed by https://github.com/libarchive/libarchive/commit/e8a2e4d
CVE-2015-8918 (The archive_string_append function in archive_string.c in libarchive b ...)
- libarchive <not-affected> (Vulnerable code not in a released version)
- NOTE: Introduced in https://github.com/libarchive/libarchive/commit/cf8e67ffc8a2227b63fc6d3d1569b0214f160f54
+ NOTE: Introduced in https://github.com/libarchive/libarchive/commit/cf8e67ffc8a2227b63fc6d3d1569b0214f160f54
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/b6ba56037f0da44efebfa271cc4b1a736a74c62f
NOTE: https://github.com/libarchive/libarchive/issues/506
CVE-2015-8917 (bsdtar in libarchive before 3.2.0 allows remote attackers to cause a d ...)
@@ -1601,8 +1632,8 @@ CVE-2015-8896 (Integer truncation issue in coders/pict.c in ImageMagick before 7
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/07/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/22/4
CVE-2015-8895 (Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later all ...)
{DLA-353-1}
- imagemagick 8:6.8.9.9-7 (bug #806441)
@@ -1610,8 +1641,8 @@ CVE-2015-8895 (Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and late
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/07/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/22/4
NOTE: The issue is only exploitable on 32 bit architectures.
CVE-2015-8894 (Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and lat ...)
- imagemagick 8:6.8.9.9-6 (bug #806442; bug #799524)
@@ -1620,8 +1651,8 @@ CVE-2015-8894 (Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 an
[squeeze] - imagemagick <not-affected> (Can't reproduce crash with file)
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4f68e9661518463fca523c9726bb5d940a2aa6d8
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/07/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/22/4
NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
CVE-2015-8893 (app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07 ...)
NOT-FOR-US: Qualcomm components for Android
@@ -1715,7 +1746,7 @@ CVE-2015-8869 (OCaml before 4.03.0 does not properly handle sign extensions, whi
- ocaml 4.02.3-9 (bug #824139)
[jessie] - ocaml <no-dsa> (Minor issue; can be fixed via point release and sheduling binNMUs there)
NOTE: https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74#diff-a97df53e3ebc59bb457191b496c90762
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/1
NOTE: Ocaml applications using the patched functions need to be recompiled with the
NOTE: fixed ocaml version.
CVE-2015-8864 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...)
@@ -1725,7 +1756,7 @@ CVE-2015-8864 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail bef
NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18
NOTE: https://github.com/roundcube/roundcubemail/commit/7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0 (release-1.1)
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/23/3
NOTE: https://lists.debian.org/debian-lts/2016/06/msg00159.html
CVE-2015-8862 (mustache package before 2.2.1 for Node.js allows remote attackers to c ...)
- mustache.js <unfixed> (unimportant)
@@ -1757,9 +1788,9 @@ CVE-2015-8866 (ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6,
NOTE: https://bugs.php.net/bug.php?id=64938
NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817
NOTE: http://framework.zend.com/security/advisory/ZF2015-06 -> Relation to CVE-2015-5161
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9
NOTE: Fixed in 5.6.6, 5.5.22
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/21/8
CVE-2015-8867 (The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in P ...)
- php7.0 7.0.0-1
- php5 5.6.12+dfsg-1
@@ -1767,22 +1798,22 @@ CVE-2015-8867 (The openssl_random_pseudo_bytes function in ext/openssl/openssl.c
[wheezy] - php5 5.4.44-0+deb7u1
NOTE: https://bugs.php.net/bug.php?id=70014
NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1534203
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827
NOTE: Fixed in 7.0.0, 5.6.12, 5.5.28, 5.5.44
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/21/8
CVE-2015-8853 (The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in ...)
- perl 5.22.1-1 (bug #821848)
[jessie] - perl 5.20.2-3+deb8u5
[wheezy] - perl <no-dsa> (Minor issue)
NOTE: https://rt.perl.org/Public/Bug/Display.html?id=123562
NOTE: http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/20/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/20/5
CVE-2015-8863 (Off-by-one error in the tokenadd function in jv_parse.c in jq allows r ...)
- jq 1.5+dfsg-1.1 (low; bug #802231)
[jessie] - jq 1.4-2.1+deb8u1
NOTE: https://github.com/stedolan/jq/issues/995
NOTE: https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/23/1
CVE-2015-8850
RESERVED
CVE-2015-8849
@@ -1821,7 +1852,7 @@ CVE-2015-8868 (Heap-based buffer overflow in the ExponentialFunction::Exponentia
- poppler 0.38.0-3 (bug #822578)
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93476
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/12/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/12/1
CVE-2015-8841 (Heap-based buffer overflow in the Archive support module in ESET NOD32 ...)
NOT-FOR-US: ESET NOD32
CVE-2015-8840 (The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does ...)
@@ -1845,11 +1876,12 @@ CVE-2015-8865 (The file_check_mem function in funcs.c in file before 5.23, as us
NOTE: http://bugs.gw.com/view.php?id=522
NOTE: https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36
NOTE: https://bugs.php.net/bug.php?id=71527
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e
NOTE: PHP fixed in 7.0.5, 5.6.20, 5.5.34
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/4e614ba041e24af8351afbb49c92444c0850f23b
CVE-2015-8839 (Multiple race conditions in the ext4 filesystem implementation in the ...)
+ {DLA-2241-1}
- linux 4.5.1-1
[wheezy] - linux <ignored> (Too much work to backport)
NOTE: https://git.kernel.org/linus/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b (v4.5-rc1)
@@ -1892,19 +1924,19 @@ CVE-2015-8833 (Use-after-free vulnerability in the create_smp_dialog function in
NOTE: https://bugs.otr.im/issues/128
NOTE: Fixed by: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
NOTE: Introduced by: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/c276bfa786bef8a4572a37d5633cf40f480d3ae0
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/09/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/09/8
CVE-2015-8832 (Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.cor ...)
- dotclear <removed> (bug #815979)
NOTE: https://hg.dotclear.org/dotclear/rev/198580bc3d80
NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2
NOTE: Fixed upstream in 2.8.2
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/05/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/05/4
CVE-2015-8831 (Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotc ...)
- dotclear <removed> (bug #815979)
NOTE: https://hg.dotclear.org/dotclear/rev/65e65154dadf
NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2
NOTE: Fixed upstream in 2.8.2
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/05/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/05/4
CVE-2015-8829
REJECTED
CVE-2015-8828
@@ -1933,7 +1965,7 @@ CVE-2015-8818 (The cpu_physical_memory_write_rom_internal function in exec.c in
[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/01/10
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63 (v2.4.0-rc0)
NOTE: same patchset than CVE-2015-8817
NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00065.html
@@ -1943,7 +1975,7 @@ CVE-2015-8817 (QEMU (aka Quick Emulator) built to use 'address_space_translate'
[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/01/10
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459 (v2.3.0-rc1)
NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3 (v2.4.0-rc0)
@@ -1951,7 +1983,7 @@ CVE-2015-8817 (QEMU (aka Quick Emulator) built to use 'address_space_translate'
CVE-2015-8852 (Varnish 3.x before 3.0.7, when used in certain stacked installations, ...)
{DSA-3553-1}
- varnish 4.0.0-1 (bug #783510)
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/16/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/16/1
NOTE: fixed in 3.0.7 upstream, mark as fixed with first 4.x version in unstable
NOTE: 4.x not affected
CVE-2015-8857 (The uglify-js package before 2.4.24 for Node.js does not properly acco ...)
@@ -2007,7 +2039,7 @@ CVE-2015-8812 (drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before
{DSA-3503-1 DLA-439-1}
- linux 4.4.2-1
- linux-2.6 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/11/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/11/1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303532
NOTE: Fixed by: https://git.kernel.org/linus/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3 (v4.5-rc1)
NOTE: Introduced by: https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2)
@@ -2020,7 +2052,7 @@ CVE-2015-8809
CVE-2015-8808 (The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allo ...)
{DSA-3746-1 DLA-484-1}
- graphicsmagick 1.3.21-2
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/06/1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e8fa353f53
CVE-2015-8802
REJECTED
@@ -2036,7 +2068,7 @@ CVE-2015-8807 (Cross-site scripting (XSS) vulnerability in the _renderVarInput_n
{DSA-3496-1}
- php-horde-core 2.22.4+debian0-1 (bug #813590)
NOTE: https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/06/4
CVE-2015-8806 (dict.c in libxml2 allows remote attackers to cause a denial of service ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1 (bug #813613)
@@ -2101,9 +2133,9 @@ CVE-2015-XXXX [Type Confusion Vulnerability in PHP_to_XMLRPC_worker()]
[jessie] - php5 5.6.17+dfsg-0+deb8u1
[wheezy] - php5 5.4.45-0+deb7u4
NOTE: Workaround entry for DLA-533-1 until CVE is assigned
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f3c1863aa2721343245b63ac7bd68cfdc3dd41f3
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=f3c1863aa2721343245b63ac7bd68cfdc3dd41f3
NOTE: https://bugs.php.net/bug.php?id=70728
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/02/03/3
CVE-2015-XXXX [Session WDDX Packet Deserialization Type Confusion Vulnerability]
- php5 5.6.17+dfsg-1
[jessie] - php5 5.6.17+dfsg-0+deb8u1
@@ -2111,7 +2143,7 @@ CVE-2015-XXXX [Session WDDX Packet Deserialization Type Confusion Vulnerability]
NOTE: Workaround entry for DLA-533-1 until CVE is assigned
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1785d2b805f64eaaacf98c14c9e13107bf085ab1
NOTE: https://bugs.php.net/bug.php?id=70741
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/02/03/3
CVE-2015-XXXX [Use-after-free in WDDX Packet Deserialization]
- php5 5.6.17+dfsg-1
[jessie] - php5 5.6.17+dfsg-0+deb8u1
@@ -2119,7 +2151,7 @@ CVE-2015-XXXX [Use-after-free in WDDX Packet Deserialization]
NOTE: Workaround entry for DLA-533-1 until CVE is assigned
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=366f9505a4aae98ef2f4ca39a838f628a324b746
NOTE: https://bugs.php.net/bug.php?id=70661
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/02/03/3
CVE-2015-8792 (The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 al ...)
{DSA-3526-1 DLA-420-1}
- libmatroska 1.4.4-1
@@ -2142,7 +2174,7 @@ CVE-2015-8787 (The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirec
NOTE: https://lkml.org/lkml/2015/12/2/618
NOTE: Introduced by: https://git.kernel.org/linus/8b13eddfdf04cbfa561725cfc42d6868fe896f56 (v3.19-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/94f9cd81436c85d8c3a318ba92e236ede73752fc (v4.4-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/27/6
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/27/6
CVE-2015-8786 (The Management plugin in RabbitMQ before 3.6.1 allows remote authentic ...)
- rabbitmq-server 3.6.5-1
[jessie] - rabbitmq-server <no-dsa> (Minor issue)
@@ -2156,21 +2188,21 @@ CVE-2015-8783 (tif_luv.c in libtiff allows attackers to cause a denial of servic
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8782 (tif_luv.c in libtiff allows attackers to cause a denial of service (ou ...)
{DSA-3467-1 DLA-880-1 DLA-405-1}
- tiff 4.0.6-1
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8781 (tif_luv.c in libtiff allows attackers to cause a denial of service (ou ...)
{DSA-3467-1 DLA-880-1 DLA-405-1}
- tiff 4.0.6-1
- tiff3 <removed>
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522#0
NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8784 (The NeXTDecode function in tif_next.c in LibTIFF allows remote attacke ...)
{DSA-3467-1 DLA-880-1 DLA-405-1}
- tiff 4.0.6-1
@@ -2179,7 +2211,7 @@ CVE-2015-8784 (The NeXTDecode function in tif_next.c in LibTIFF allows remote at
NOTE: Can be reproduced with tiff compiled with AddressSanitizer
NOTE: and the same reproducer file http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
NOTE: Commit: https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/4
CVE-2015-XXXX [buffer overflows in init_cups]
- cups-filters 1.6.0-1 (unimportant)
- foomatic-filters <unfixed> (unimportant)
@@ -2259,7 +2291,7 @@ CVE-2015-8767 (net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not
[wheezy] - linux 3.2.73-2+deb7u3
- linux-2.6 <removed>
NOTE: https://git.kernel.org/linus/635682a14427d241bab7bbdeebb48a7d7b91638e (v4.3-rc4)
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/11/4
CVE-2015-XXXX [use after free / double free]
- lighttpd 1.4.39-1
[jessie] - lighttpd <not-affected> (Regression introduced in 1.4.36)
@@ -2312,7 +2344,7 @@ CVE-2015-8604 (SQL injection vulnerability in the host_new_graphs function in gr
{DSA-3494-1 DLA-386-1}
- cacti 0.8.8f+ds1-4
NOTE: http://bugs.cacti.net/view.php?id=2652
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/04/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/04/8
CVE-2015-8742 (The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c ...)
- wireshark 2.0.1+g59ea380-1
[jessie] - wireshark <not-affected> (Only affects 2.x)
@@ -2596,7 +2628,7 @@ CVE-2015-8743 (QEMU (aka Quick Emulator) built with the NE2000 device emulation
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1264929
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html
NOTE: Introduced by (at least after): http://git.qemu.org/?p=qemu.git;a=commit;h=69b910399a3c40620a5213adaeb14a37366d97ac
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/04/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/04/1
CVE-2015-8706
RESERVED
CVE-2015-8705 (buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logg ...)
@@ -2619,7 +2651,7 @@ CVE-2015-8701 (QEMU (aka Quick Emulator) built with the Rocker switch emulation
[wheezy] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
[squeeze] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
- qemu-kvm <not-affected> (Vulnerable code introduced after qemu 2.3)
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/28/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/28/6
CVE-2015-8700
RESERVED
CVE-2015-8699 (Multiple cross-site scripting (XSS) vulnerabilities in CA Release Auto ...)
@@ -2695,7 +2727,7 @@ CVE-2015-8663 (The ff_get_buffer function in libavcodec/utils.c in FFmpeg before
- ffmpeg 7:2.8.4-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf
NOTE: For libav in jessie the patch needs to applied in libavcodec/decode.c in line 1884.
CVE-2015-8662 (The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg befor ...)
{DLA-1611-1}
@@ -2703,13 +2735,13 @@ CVE-2015-8662 (The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5
CVE-2015-8661 (The h264_slice_header_init function in libavcodec/h264_slice.c in FFmp ...)
{DLA-1611-1}
- ffmpeg 7:2.8.3-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5
CVE-2015-8658 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-8657 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.2 ...)
@@ -2803,13 +2835,13 @@ CVE-2015-8683 (The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0
{DSA-3467-1 DLA-610-1 DLA-402-1}
- tiff 4.0.6-1 (bug #809021)
- tiff3 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/25/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/25/1
NOTE: https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
CVE-2015-8665 (tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a den ...)
{DSA-3467-1 DLA-610-1 DLA-402-1}
- tiff 4.0.6-1 (bug #808968)
- tiff3 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/24/2
NOTE: https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
CVE-2015-8666 (Heap-based buffer overflow in QEMU, when built with the Q35-chipset-ba ...)
{DLA-1497-1}
@@ -2821,7 +2853,7 @@ CVE-2015-8666 (Heap-based buffer overflow in QEMU, when built with the Q35-chips
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb (v2.5.0-rc1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283722
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/24/1
NOTE: Vulnerable code introduced after 0.14.50: http://git.qemu.org/?p=qemu.git;a=commit;h=23910d3f669d46073b403876e30a7314599633af
CVE-2015-8660 (The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel t ...)
- linux 4.3.3-3
@@ -2830,7 +2862,7 @@ CVE-2015-8660 (The ovl_setattr function in fs/overlayfs/inode.c in the Linux ker
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545 (v4.4-rc4)
NOTE: OverlayFS introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/23/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/23/5
CVE-2015-8659 (The idle stream handling in nghttp2 before 1.6.0 allows attackers to h ...)
- nghttp2 1.6.0-1
[jessie] - nghttp2 <not-affected> (Vulnerable code introduced later)
@@ -2882,11 +2914,11 @@ CVE-2015-8617 (Format string vulnerability in the zend_throw_or_error function i
CVE-2015-8616 (Use-after-free vulnerability in the Collator::sortWithSortKeys functio ...)
- php7.0 7.0.1-1
NOTE: https://bugs.php.net/bug.php?id=71020
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/22/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/22/4
CVE-2015-8697 (stalin 0.11-5 allows local users to write to arbitrary files. ...)
- stalin <unfixed> (unimportant; bug #808730)
[squeeze] - stalin <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/27/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/27/1
NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-8708 (Stack-based buffer overflow in the conv_euctojis function in codeconv. ...)
- claws-mail 3.13.1-1.1 (bug #811048)
@@ -2917,7 +2949,7 @@ CVE-2015-8613 (Stack-based buffer overflow in the megasas_ctrl_get_info function
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284008
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/21/7
NOTE: LSI Megaraid SAS HBA emulation introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
CVE-2015-8618 (The Int.Exp Montgomery code in the math/big library in Go 1.5.x before ...)
- golang 2:1.5.3-1 (bug #809168)
@@ -2925,7 +2957,7 @@ CVE-2015-8618 (The Int.Exp Montgomery code in the math/big library in Go 1.5.x b
[wheezy] - golang <not-affected> (Introduced in 1.5 release)
NOTE: https://go-review.googlesource.com/#/c/17672/
NOTE: Introduced in 1.5 release. Fixed in 1.5.3 upstream.
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/21/6
CVE-2015-8615 (The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 doe ...)
{DLA-479-1}
- xen 4.8.0~rc3-1 (bug #823620)
@@ -2994,15 +3026,16 @@ CVE-2015-8612 (The EnableNetwork method in the Network class in plugins/mechanis
{DSA-3427-1}
- blueman 2.0.3-1
[squeeze] - blueman <not-affected> (vulnerable code not present)
+ NOTE: https://github.com/blueman-project/blueman/security/advisories/GHSA-59mx-cfv4-h4hw
NOTE: https://twitter.com/thegrugq/status/677809527882813440
NOTE: https://github.com/blueman-project/blueman/commit/a3845bbed5fdddf14daec436b7e74f62719a71c1
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/18/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/18/6
CVE-2015-8709 (** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 misha ...)
- linux 4.3.3-3
[jessie] - linux 3.16.7-ckt20-1+deb8u2
[wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (Vulnerable code not present)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/17/12
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/12/17/12
NOTE: https://lkml.org/lkml/2015/12/12/259
CVE-2015-8591
REJECTED
@@ -3146,7 +3179,7 @@ CVE-2015-8569 (The (1) pptp_bind and (2) pptp_connect functions in drivers/net/p
- linux 4.3.3-3
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced later)
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/15/7
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1 (v4.4-rc6)
NOTE: pptp_{connect,bind} introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=00959ade36acadc00e757f87060bf6e4501d545f (v2.6.37-rc1)
NOTE: https://lkml.org/lkml/2015/12/14/252
@@ -3157,7 +3190,7 @@ CVE-2015-8568 (Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/15/4
CVE-2015-8567 (Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause ...)
{DSA-3471-1}
- qemu 1:2.5+dfsg-3 (bug #808145)
@@ -3165,16 +3198,16 @@ CVE-2015-8567 (Memory leak in net/vmxnet3.c in QEMU allows remote attackers to c
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
-CVE-2015-8559 (The knife bootstrap command in chef leaks the validator.pem private RS ...)
- - chef <unfixed> (low; bug #809670)
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/15/4
+CVE-2015-8559 (The knife bootstrap command in chef Infra client before version 15.4.4 ...)
+ - chef <removed> (low; bug #809670)
[buster] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
[stretch] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
[jessie] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
[wheezy] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
NOTE: https://github.com/chef/chef/issues/3871
NOTE: https://github.com/chef/chef/pull/8885
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/14/10
NOTE: Workaround: use validatorless bootstrapping
CVE-2015-8558 (The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows loca ...)
{DSA-3471-1 DSA-3470-1 DSA-3469-1}
@@ -3183,13 +3216,13 @@ CVE-2015-8558 (The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=156a2e4dbffa85997636a7a39ef12da6f1b40254
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/9
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/14/9
CVE-2015-8557 (The FontManager._get_nix_font_path function in formatters/img.py in Py ...)
{DSA-3445-1 DLA-369-1}
- pygments 2.0.1+dfsg-2 (bug #802828)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1276321
NOTE: https://bitbucket.org/birkenfeld/pygments-main/commits/0036ab1c99e256298094505e5e92f
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/14/6
CVE-2015-8548 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...)
{DSA-3418-1}
- chromium-browser 47.0.2526.80-1
@@ -3205,7 +3238,7 @@ CVE-2015-8542 (An issue was discovered in Open-Xchange Guard before 2.2.0-rev8.
NOT-FOR-US: Open-Xchange
CVE-2015-8556 (Local privilege escalation vulnerability in the Gentoo QEMU package be ...)
- qemu <not-affected> (Issue specific to virtfs-proxy-helper in Gentoo installed suid)
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/14/5
CVE-2015-8785 (The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kern ...)
{DSA-3503-1 DLA-412-1}
- linux 4.3.5-1
@@ -3213,7 +3246,7 @@ CVE-2015-8785 (The fuse_fill_write_pages function in fs/fuse/file.c in the Linux
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876 (v4.4-rc5)
NOTE: Introduced in: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea9b9907b82a09bd1a708004454f7065de77c5b0 (v2.6.26-rc1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1290642
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/1
CVE-2015-XXXX [remotely triggerable crash]
- ruby-eventmachine 1.0.7-1 (bug #678512; bug #696015)
[jessie] - ruby-eventmachine 1.0.3-6+deb8u1
@@ -3226,12 +3259,12 @@ CVE-2015-8560 (Incomplete blacklist vulnerability in util.c in foomatic-rip in c
[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
- foomatic-filters 4.0.17-7 (bug #807993)
NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/13/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/13/2
CVE-2015-9097 (The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is ...)
{DLA-489-1}
- ruby-mail 2.6.1+dfsg1-1
NOTE: https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/11/3
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/12/11/3
NOTE: Fixed in 2.6.0
NOTE: "Note that, this patch might not be complete ..." https://bugzilla.redhat.com/show_bug.cgi?id=1293598
CVE-2015-8547 (The CoreUserInputHandler::doMode function in core/coreuserinputhandler ...)
@@ -3242,7 +3275,7 @@ CVE-2015-8547 (The CoreUserInputHandler::doMode function in core/coreuserinputha
NOTE: https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7
NOTE: Support for oping a whole channel with /op * was only added in
NOTE: https://github.com/quassel/quassel/commit/7ecbc1bf921880f7b03af779de7d9611853a0d46 (0.10-beta1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/12/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/12/1
CVE-2015-8541
RESERVED
CVE-2015-8536 (MITRE is populating this ID because it was assigned prior to Lenovo be ...)
@@ -3254,7 +3287,7 @@ CVE-2015-8534 (MITRE is populating this ID because it was assigned prior to Leno
CVE-2015-8540 (Integer underflow in the png_check_keyword function in pngwutil.c in l ...)
{DSA-3443-1 DLA-375-1}
- libpng <removed> (bug #807694)
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/10/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/10/6
NOTE: https://sourceforge.net/p/libpng/bugs/244/
NOTE: http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
NOTE: Fixed in 1.0.66, 1.2.56, 1.4.19, and 1.5.26
@@ -3264,7 +3297,7 @@ CVE-2015-8543 (The networking implementation in the Linux kernel through 4.3.3,
[jessie] - linux 3.16.7-ckt20-1+deb8u1
[wheezy] - linux 3.2.73-2+deb7u2
- linux-2.6 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/09/3
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9 (v4.4-rc6)
CVE-2015-8539 (The KEYS subsystem in the Linux kernel before 4.4 allows local users t ...)
- linux <not-affected> (Vulnerable code not present)
@@ -3272,14 +3305,14 @@ CVE-2015-8539 (The KEYS subsystem in the Linux kernel before 4.4 allows local us
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd (v4.4-rc3)
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc (v4.4-rc1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284450
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/09/1
CVE-2015-8538 (dwarf_leb.c in libdwarf allows attackers to cause a denial of service ...)
{DLA-669-1}
- dwarfutils 20160507-1 (bug #807817)
[jessie] - dwarfutils 20120410-2+deb8u1
[squeeze] - dwarfutils <not-affected> (No segfault with provided test case)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1289385
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/09/2
NOTE: http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/
CVE-2015-8533
REJECTED
@@ -3393,7 +3426,7 @@ CVE-2015-8504 (Qemu, when built with VNC display driver support, allows remote a
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: Fixed by http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3 (v2.5.0-rc3)
NOTE: Issue possibly introduced after http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cec5487990bf3f1f22b3fcb871978255e92ae0d (v0.10.0)
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/08/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/08/4
CVE-2015-8480 (The VideoFramePool::PoolImpl::CreateFrame function in media/base/video ...)
- chromium-browser 47.0.2526.73-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
@@ -3440,7 +3473,7 @@ CVE-2015-8537 (app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x b
NOTE: https://www.redmine.org/issues/21419 (private)
NOTE: https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56
NOTE: upstream fixed in 2.6.9, 3.0.6 and 3.1.3
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/08/8
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/08/8
CVE-2015-8476 (Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 all ...)
{DSA-3416-1 DLA-363-1}
- libphp-phpmailer 5.2.14+dfsg-1 (bug #807265)
@@ -3454,7 +3487,7 @@ CVE-2015-8474 (Open redirect vulnerability in the valid_back_url function in app
NOTE: https://www.redmine.org/issues/19577 (private)
NOTE: commit: https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472
NOTE: upstream fixed in 2.6.7, 3.0.5 and 3.1.1
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/04/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/04/1
NOTE: depends on the CVE-2014-1985 fix first
CVE-2015-8473 (The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x ...)
{DSA-3529-1}
@@ -3463,7 +3496,7 @@ CVE-2015-8473 (The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3
[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
NOTE: https://www.redmine.org/issues/21136
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/03/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/03/7
NOTE: https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22
CVE-2015-8465
RESERVED
@@ -3627,7 +3660,7 @@ CVE-2015-8400 (The HTTPS fallback implementation in Shell In A Box (aka shellina
- shellinabox 2.19
[jessie] - shellinabox <no-dsa> (Minor issue)
[wheezy] - shellinabox <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/02/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/02/6
CVE-2015-8377 (SQL injection vulnerability in the host_new_graphs_save function in gr ...)
{DSA-3494-1 DLA-374-1}
- cacti 0.8.8f+ds1-4
@@ -3664,7 +3697,7 @@ CVE-2015-8378 (In KeePassX before 0.4.4, a cleartext copy of password data is cr
[jessie] - keepassx 0.4.3+dfsg-0.1+deb8u1
[wheezy] - keepassx <no-dsa> (Minor issue)
[squeeze] - keepassx <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/30/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/30/4
CVE-2015-8375 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. ...)
NOT-FOR-US: PHP-Fusion
CVE-2015-8368 (ntopng (aka ntop) before 2.2 allows remote authenticated users to chan ...)
@@ -3729,7 +3762,7 @@ CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in FFmpeg
- ffmpeg 7:2.8.3-1 (bug #806519)
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892
NOTE: fix for the libav 11.9 branch: https://git.libav.org/?p=libav.git;a=commit;h=v11.9-5-g88762a0
NOTE: fix for the libav 0.8 branch: https://git.libav.org/?p=libav.git;a=commit;h=9fba59f471725e5235d5378e795ebf8b59472817
CVE-2015-8364 (Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi. ...)
@@ -3737,14 +3770,14 @@ CVE-2015-8364 (Integer overflow in the ff_ivi_init_planes function in libavcodec
- ffmpeg 7:2.8.3-1 (bug #806519)
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
CVE-2015-8363 (The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ...)
{DLA-1611-1}
- ffmpeg 7:2.8.3-1 (bug #806519)
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
CVE-2015-8362 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices b ...)
NOT-FOR-US: Harman AMX
CVE-2015-8361 (Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.1 ...)
@@ -3812,7 +3845,7 @@ CVE-2015-8374 (fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles comp
- linux-2.6 <removed>
[squeeze] - linux-2.6 <no-dsa> (btrfs in 2.6.32 is just a tech preview and not usable for production)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7 (v4.4-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/27/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/27/2
NOTE: CVE assignment for the vulnerability with the impact of "User B now
NOTE: gets to see the 1000 bytes that user A truncated from its file before
NOTE: it made its file world readable"
@@ -3847,7 +3880,7 @@ CVE-2015-8325 (The do_setup_env function in session.c in sshd in OpenSSH through
NOTE: Upstream fix: https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
CVE-2015-XXXX [RCE in gitlab-shell 2.6.6-2.6.7]
- gitlab-shell <not-affected> (Only affects version 2.6.6-2.6.7)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/25/5
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/11/25/5
CVE-2015-8345 (The eepro100 emulator in QEMU qemu-kvm blank allows local guest users ...)
{DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-1 (bug #806373)
@@ -3859,7 +3892,7 @@ CVE-2015-8345 (The eepro100 emulator in QEMU qemu-kvm blank allows local guest u
[wheezy] - qemu-kvm <no-dsa> (Minor issue, can be fixed along in a later DSA)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/25/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/25/3
CVE-2015-8346 (app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before ...)
{DSA-3529-1 DLA-351-1}
- redmine 3.2.0-1 (bug #806376)
@@ -3868,7 +3901,7 @@ CVE-2015-8346 (app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x b
NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
NOTE: https://www.redmine.org/issues/21150 (private)
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/25/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/25/1
NOTE: Commit: https://github.com/redmine/redmine/commit/945a091c94a9ed651f61e225fa8646479478e9d4
NOTE: Commit: https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c
NOTE: For squeeze, the bug is in app/views/timelog/edit.rhtml
@@ -3889,7 +3922,7 @@ CVE-2015-8326 (The IPTables-Parse module before 1.6 for Perl allows local users
[wheezy] - libiptables-parse-perl 1.1-1+deb7u1
[squeeze] - libiptables-parse-perl <no-dsa> (Minor issue)
NOTE: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/24/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/24/6
CVE-2015-8381 (The compile_regex function in pcre_compile.c in PCRE before 8.38 and p ...)
- pcre3 2:8.38-1 (bug #796762; bug #795539)
[jessie] - pcre3 2:8.35-3.3+deb8u2
@@ -3897,9 +3930,9 @@ CVE-2015-8381 (The compile_regex function in pcre_compile.c in PCRE before 8.38
[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.exim.org/show_bug.cgi?id=1672
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1594
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/24/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/24/1
NOTE: https://bugs.exim.org/show_bug.cgi?id=1667
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/05/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/05/3
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1585
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1250943
CVE-2015-8380 (The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a ...)
@@ -3959,7 +3992,7 @@ CVE-2015-8324 (The ext4 implementation in the Linux kernel before 2.6.34 does no
{DLA-360-1}
- linux 2.6.37-1
- linux-2.6 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/23/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/23/2
NOTE: https://bugs.openvz.org/browse/OVZ-6541
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1267261
NOTE: Commit fixing the issue: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=744692dc059845b2a3022119871846e74d4f6e11 (v2.6.34-rc1)
@@ -3969,7 +4002,7 @@ CVE-2015-8316 (Array index error in LightDM (aka Light Display Manager) 1.14.3,
- lightdm 1.16.6-1
[jessie] - lightdm <not-affected> (Affects 1.14.x, 1.16.x and development 1.17.x)
[wheezy] - lightdm <not-affected> (Affects 1.14.x, 1.16.x and development 1.17.x)
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/21/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/21/2
NOTE: https://bugs.launchpad.net/lightdm/+bug/15168
NOTE: https://bazaar.launchpad.net/~lightdm-team/lightdm/1.14/revision/2166 (1.14.x)
NOTE: https://bazaar.launchpad.net/~lightdm-team/lightdm/1.16/revision/2207 (1.16.x)
@@ -4123,7 +4156,7 @@ CVE-2015-8308 (LXDM before 0.5.2 did not start X server with -auth, which allows
NOTE: http://git.lxde.org/gitweb/?p=lxde/lxdm.git;a=commitdiff;h=e8f387089e241360bdc6955d3e479450722dcea3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268900
NOTE: http://advisories.mageia.org/MGASA-2015-0411.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/20/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/20/2
CVE-2015-8243
RESERVED
CVE-2015-8240 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, A ...)
@@ -4180,13 +4213,13 @@ CVE-2015-8241 (The xmlNextChar function in libxml2 2.9.2 does not properly check
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
NOTE: Introduced/Uncovered by https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941)
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/17/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/17/5
CVE-2015-8239 (The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 all ...)
- sudo 1.8.17p1-1 (bug #805563)
[jessie] - sudo <no-dsa> (Minor issue)
[wheezy] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
[squeeze] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/10/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/10/2
CVE-2015-8234 (The image signature algorithm in OpenStack Glance 11.0.0 allows remote ...)
- glance <unfixed> (unimportant)
CVE-2015-8219 (The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2. ...)
@@ -4225,7 +4258,7 @@ CVE-2015-8215 (net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before
- linux-2.6 <removed>
NOTE: Patch for the kernel to harden against invalid MTUs: http://article.gmane.org/gmane.linux.network/351269
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac (v4.0-rc3)
-CVE-2015-8214 (Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean ...)
+CVE-2015-8214 (A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIP ...)
NOT-FOR-US: Siemens
CVE-2015-8213 (The get_format function in utils/formats.py in Django before 1.7.x bef ...)
{DSA-3404-1 DLA-349-1}
@@ -4501,10 +4534,10 @@ CVE-2015-8472 (Buffer overflow in the png_set_PLTE function in libpng before 1.0
CVE-2015-8126 (Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE ...)
{DSA-3507-1 DSA-3399-1 DLA-410-1 DLA-343-1}
- libpng 1.2.54-1 (bug #805113)
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/12/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/12/2
NOTE: Fixed in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64
NOTE: The original patch was incomplete, cf.
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/03/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/03/6
NOTE: and fixed in new upstream versions 1.6.20, 1.5.25,
NOTE: 1.4.18, 1.2.55, and 1.0.65
- chromium-browser 49.0.2623.75-1
@@ -4549,8 +4582,8 @@ CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.
{DSA-3454-1 DSA-3426-1 DSA-3414-1 DLA-479-1}
- linux 4.2.6-2
- linux-2.6 <removed>
- - xen 4.8.0~rc3-1 (bug #823620)
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
+ - xen 4.8.0~rc3-1 (bug #823620)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-156.html
NOTE: Upstream patch: https://lkml.org/lkml/2015/11/10/218
@@ -4591,7 +4624,7 @@ CVE-2015-7501 (Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; D
- libcommons-collections4-java <unfixed> (unimportant)
NOTE: severity unimportant since this is a hardening change, actual vulnerability relies in specific
NOTE: https://issues.apache.org/jira/browse/COLLECTIONS-580
- NOTE: No CVE is expected to be assigned, cf http://www.openwall.com/lists/oss-security/2015/11/17/19
+ NOTE: No CVE is expected to be assigned, cf https://www.openwall.com/lists/oss-security/2015/11/17/19
NOTE: Patches for 3.2.x:
NOTE: https://github.com/apache/commons-collections/commit/1642b00d67b96de87cad44223efb9ab5b4fb7be5
NOTE: https://github.com/apache/commons-collections/commit/5ec476b0b756852db865b2e442180f091f8209ee
@@ -4715,10 +4748,10 @@ CVE-2015-8034 (The state.sls function in Salt before 2015.8.3 uses weak permissi
NOTE: https://github.com/saltstack/salt/issues/28455
CVE-2015-8075
REJECTED
-CVE-2015-8033
- RESERVED
-CVE-2015-8032
- RESERVED
+CVE-2015-8033 (In Textpattern 4.5.7, the password-reset feature does not securely tet ...)
+ NOT-FOR-US: Textpattern
+CVE-2015-8032 (In Textpattern 4.5.7, an unprivileged author can change an article's m ...)
+ NOT-FOR-US: Textpattern
CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly d ...)
{DSA-3430-1}
- libxml2 2.9.3+dfsg1-1 (bug #803942)
@@ -4729,7 +4762,7 @@ CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not prope
NOTE: so it barfs on the problematic file (parser error : Start tag expected,
NOTE: '<' not found) even though it does not have the fix yet. The next upstream
NOTE: release will fix this issue and will restore XZ support.
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/02/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/02/2
CVE-2015-7984 (Multiple cross-site request forgery (CSRF) vulnerabilities in Horde be ...)
{DSA-3391-1}
- php-horde 5.2.8+debian0-1 (bug #803641)
@@ -4783,12 +4816,12 @@ CVE-2015-XXXX [iptables-persistent minor local info leak]
[jessie] - iptables-persistent 1.0.3+deb8u1
[wheezy] - iptables-persistent 0.5.7+deb7u1
[squeeze] - iptables-persistent <no-dsa> (Minor issue)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/05/5
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/01/05/5
CVE-2015-XXXX
- cinnamon-settings-daemon 2.8.3-1 (low)
[jessie] - cinnamon-settings-daemon 2.2.4.repack-7+deb8u1
NOTE: https://github.com/linuxmint/cinnamon-settings-daemon/commit/ac5e0be8c1817616dbdb056b6881cfc4660f57a8
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/28/3
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/10/28/3
CVE-2015-8025 (driver/subprocs.c in XScreenSaver before 5.34 does not properly perfor ...)
{DSA-3438-1 DLA-338-1}
- xscreensaver 5.34-1 (bug #802914)
@@ -4850,7 +4883,7 @@ CVE-2015-7985 (Valve Steam 2.10.91.91 uses weak permissions (Users: read and wri
CVE-2015-8019 (The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c i ...)
- linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/11
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/27/11
NOTE: Only for all stable kernels before v3.19 which have backported commit
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=89c22d8c3b278212eef6a8cc66b570bc840a6f5a
NOTE: but are lacking the ioviter conversion.
@@ -4865,7 +4898,7 @@ CVE-2015-7990 (Race condition in the rds_sendmsg function in net/rds/sendmsg.c i
- linux 4.2.6-1
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2015/10/16/530
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/27/5
CVE-2015-7979 (NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...)
{DSA-3629-1 DLA-559-1}
- ntp 1:4.2.8p7+dfsg-1
@@ -4994,10 +5027,9 @@ CVE-2015-7944 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti
NOTE: http://www.ocert.org/advisories/ocert-2015-012.html
NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=201fcb916b8164c78f4ed8e0c9cfc0227a78684c
CVE-2015-9261 (huft_build in archival/libarchive/decompress_gunzip.c in BusyBox befor ...)
- {DLA-1445-1 DLA-337-1}
+ {DLA-2559-1 DLA-1445-1 DLA-337-1}
- busybox 1:1.27.2-1 (bug #803097)
- [stretch] - busybox <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/25/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/25/3
NOTE: http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
NOTE: https://git.busybox.net/busybox/commit/archival/libarchive/decompress_gunzip.c?id=6bd3fff51aa74e2ee2d87887b12182a3b09792ef
CVE-2015-7995 (The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does n ...)
@@ -5005,13 +5037,13 @@ CVE-2015-7995 (The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 d
- libxslt 1.1.28-2.1 (bug #802971)
[squeeze] - libxslt <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1257962
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/27/10
NOTE: https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 (v1.1.29-rc1)
CVE-2015-8982 (Integer overflow in the strxfrm function in the GNU C Library (aka gli ...)
- glibc 2.21-1 (bug #803927)
[jessie] - glibc 2.19-18+deb8u2
- [wheezy] - eglibc 2.13-38+deb7u9
- eglibc <removed>
+ [wheezy] - eglibc 2.13-38+deb7u9
[squeeze] - eglibc 2.11.3-4+deb6u8
NOTE: workaround entry for DLA-350-1 until/if CVE assigned
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16009
@@ -5037,7 +5069,7 @@ CVE-2015-XXXX [Endlees loop issue]
NOTE: https://github.com/relan/exfat/issues/6
NOTE: https://crashes.fuzzing-project.org/exfatfsck-endless-loop
NOTE: https://github.com/relan/exfat/commit/35a1f77f9be2d8b21731f758baba4334935bf18b
- NOTE: will possibly not get a CVE, cf. http://www.openwall.com/lists/oss-security/2015/10/29/13
+ NOTE: will possibly not get a CVE, cf. https://www.openwall.com/lists/oss-security/2015/10/29/13
CVE-2015-8010 (Cross-site scripting (XSS) vulnerability in the Classic-UI with the CS ...)
- icinga 1.13.3-3 (bug #803432)
[jessie] - icinga <no-dsa> (Minor issue)
@@ -5046,7 +5078,7 @@ CVE-2015-8010 (Cross-site scripting (XSS) vulnerability in the Classic-UI with t
NOTE: Introduced by: https://dev.icinga.org/issues/593 in 1.3.
NOTE: Upstream issue: https://dev.icinga.org/issues/10453
NOTE: Upstream fix: https://dev.icinga.org/projects/icinga-core/repository/revisions/5c816f5d9352c373e9dadb95b63612a96cf96dff
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/23/15
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/23/15
CVE-2015-7981 (The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1. ...)
{DSA-3399-1 DLA-343-1}
- libpng 1.2.54-1 (bug #803078)
@@ -5191,7 +5223,7 @@ CVE-2015-7943 (Open redirect vulnerability in the Overlay module in Drupal 7.x b
- drupal7 7.41-1
[jessie] - drupal7 7.32-1+deb8u9
NOTE: https://www.drupal.org/SA-CORE-2015-004
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/21/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/21/6
NOTE: http://cgit.drupalcode.org/drupal/commit/?id=9f72251c9291b5613acb9ca4ea7a51b4739e3f93
CVE-2015-7885 (The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in th ...)
- linux 4.4.2-1 (unimportant)
@@ -5245,7 +5277,7 @@ CVE-2015-7858 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows re
CVE-2015-7857 (SQL injection vulnerability in the getListQuery function in administra ...)
NOT-FOR-US: Joomla!
CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account, which makes ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2015-7855 (The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3 ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
@@ -5320,10 +5352,10 @@ CVE-2015-7872 (The key_gc_unused_keys function in security/keys/gc.c in the Linu
NOTE: Prerequisite for Fedora patches: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94c4554ba07adbdde396748ee7ae01e86cf2d8d7
NOTE: Patches from Fedora: http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?id=d76d5fe34b5c151ad83761160998b1075729b541
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 (v4.3-rc7)
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/20/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/20/5
CVE-2015-8013 (s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of pas ...)
- node-openpgp <itp> (bug #787774)
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/13/7
CVE-2015-7840 (The command line management console (CMC) in SolarWinds Log and Event ...)
NOT-FOR-US: SolarWinds
CVE-2015-7839 (SolarWinds Log and Event Manager (LEM) allows remote attackers to exec ...)
@@ -5417,19 +5449,24 @@ CVE-2015-7812 (The hypercall_create_continuation function in arch/arm/domain.c i
[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-145.html
CVE-2015-8011 (Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c ...)
+ {DSA-4836-1 DLA-2571-1}
- lldpd 0.7.19-1
[jessie] - lldpd 0.7.11-2+deb8u1
[wheezy] - lldpd <not-affected> (Vulnerable code not present)
[squeeze] - lldpd <not-affected> (Vulnerable code not present)
- NOTE: https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/16/2
+ - openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-1
+ NOTE: https://github.com/lldpd/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/16/2
+ NOTE: https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000268.html
+ NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2020-November/377394.html
+ NOTE: https://github.com/openvswitch/ovs/commit/bb5a9937fa8e04e71052fb50e23894448d19678f
CVE-2015-8012 (lldpd before 0.8.0 allows remote attackers to cause a denial of servic ...)
- lldpd 0.7.19-1
[jessie] - lldpd 0.7.11-2+deb8u1
[wheezy] - lldpd <not-affected> (Vulnerable code not present)
[squeeze] - lldpd <not-affected> (Vulnerable code not present)
- NOTE: https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/18/2
+ NOTE: https://github.com/lldpd/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/18/2
CVE-2015-XXXX [cakephp: XML class SSRF vulnerability]
- cakephp 2.6.7-1 (bug #832283)
[jessie] - cakephp <no-dsa> (Minor issue)
@@ -5450,9 +5487,9 @@ CVE-2015-7810 (libbluray MountManager class has a time-of-check time-of-use (TOC
[jessie] - libbluray <no-dsa> (Minor issue, too intrusive to backport)
[wheezy] - libbluray <no-dsa> (Minor issue)
NOTE: CVE was assigned specific to the Fedora packages, cf.
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/12/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/12/7
NOTE: Salvatored asked if Debian needs a separate CVE:
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/13/6
NOTE: No reply, so we'll just use the same ID
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=959434
CVE-2015-7808 (The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 t ...)
@@ -5636,8 +5673,8 @@ CVE-2015-7733
RESERVED
CVE-2015-7732 (The Avira Mobile Security app before 1.5.11 for iOS sends sensitive lo ...)
NOT-FOR-US: Avira Mobile Security app
-CVE-2015-7731
- RESERVED
+CVE-2015-7731 (SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the ...)
+ NOT-FOR-US: SAP
CVE-2015-7730 (SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and Bus ...)
NOT-FOR-US: SAP BusinessObjects
CVE-2015-7729 (Eval injection in test-net.xsjs in the Web-based Development Workbench ...)
@@ -5698,20 +5735,20 @@ CVE-2015-7758 (Gummi 0.6.5 allows local users to write to arbitrary files via a
- gummi 0.6.5-6 (bug #756432)
[jessie] - gummi 0.6.5-3+deb8u1
[wheezy] - gummi 0.6.3-1.2+deb7u2
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/08/4
CVE-2015-7740 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P ...)
NOT-FOR-US: ARM Mali GPU driver
CVE-2015-7545 (The (1) git-remote-ext and (2) unspecified other remote helper program ...)
{DSA-3435-1}
- git 1:2.6.1-1
[squeeze] - git <not-affected> (git 1.7.2 did not have git-remote-ext yet)
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/06/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/06/1
CVE-2015-7747 (Buffer overflow in the afReadFrames function in audiofile (aka libaudi ...)
- audiofile 0.3.6-3 (bug #801102)
[jessie] - audiofile 0.3.6-2+deb8u1
[wheezy] - audiofile <no-dsa> (Minor issue)
[squeeze] - audiofile <not-affected> (Vulnerable code introduced later)
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/06/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/06/2
CVE-2015-7705 (The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4 ...)
- ntp 1:4.2.8p4+dfsg-3
[jessie] - ntp <no-dsa> (Default config not affected)
@@ -5815,10 +5852,10 @@ CVE-2015-7713 (OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x befo
[jessie] - nova <no-dsa> (Minor issue)
[wheezy] - nova <no-dsa> (Minor issue)
NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/05/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/05/10
CVE-2015-XXXX [Remotely triggerable buffer overflow in OpenSMTPD]
- opensmtpd 5.7.3p1-1
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/04/2
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/10/04/2
NOTE: Fixed with 5.7.3 upstream release
CVE-2015-7687 (Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote a ...)
- opensmtpd 5.7.3p1-1 (bug #800787)
@@ -5828,7 +5865,7 @@ CVE-2015-7686 (Algorithmic complexity vulnerability in Address.pm in the Email-A
[jessie] - libemail-address-perl <no-dsa> (Minor issue)
[wheezy] - libemail-address-perl <no-dsa> (Minor issue)
[squeeze] - libemail-address-perl <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/02/13
NOTE: Possibility of DoS vs. usability issue for Email::Address
NOTE: Mitigation: https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
CVE-2015-7671
@@ -5949,7 +5986,7 @@ CVE-2015-7612 (Multiple cross-site request forgery (CSRF) vulnerabilities in the
NOT-FOR-US: McAfee
CVE-2015-7665 (Tails before 1.7 includes the wget program but does not prevent automa ...)
NOT-FOR-US: wget as used in Tails
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/01/10
CVE-2015-7613 (Race condition in the IPC object implementation in the Linux kernel th ...)
{DSA-3372-1 DLA-325-1}
- linux 4.2.3-1
@@ -5971,7 +6008,7 @@ CVE-2015-7673 (io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its a
{DSA-3378-1 DLA-434-1}
- gdk-pixbuf 2.32.0-1
- gtk+2.0 2.21.5-1
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/01/3
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e
@@ -5980,11 +6017,11 @@ CVE-2015-8875 (Multiple integer overflows in the (1) pixops_composite_nearest, (
{DSA-3589-1 DLA-450-1}
- gdk-pixbuf 2.34.0-1
NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22 (2.33.1)
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/12/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/12/3
CVE-2015-7674 (Integer overflow in the pixops_scale_nearest function in pixops/pixops ...)
{DSA-3378-1 DLA-450-1 DLA-434-1}
- gdk-pixbuf 2.32.1-1
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/01/4
NOTE: Fix for CVE-2015-7674: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa (2.32.1)
NOTE: Additional hardening against further overflows (but not part of the CVE assignment): https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22 (2.33.1)
NOTE: The CVE is only assigned for the overflow in the pixops_scale_nearest function.
@@ -6118,7 +6155,7 @@ CVE-2015-7575 (Mozilla Network Security Services (NSS) before 3.20.2, as used in
NOTE: https://gitlab.com/gnutls/gnutls/commit/7d9d5c61f8445dc9e9ca47bb575c77cef17da17a
NOTE: https://gitlab.com/gnutls/gnutls/commit/0e3fc7881d37246fc2d51dc404cad95b205c0e1e
NOTE: https://gitlab.com/gnutls/gnutls/commit/6822a37947d4e38c45b1afc0121cda35ba897182
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/05/8
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/05/8
NOTE: http://www.mitls.org/pages/attacks/SLOTH
CVE-2015-7574
REJECTED
@@ -6189,7 +6226,7 @@ CVE-2015-7554 (The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows
- tiff 4.0.7-7 (bug #809066; bug #842043; bug #850316)
[jessie] - tiff 4.0.3-12.3+deb8u4
- tiff3 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/26/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/26/7
NOTE: SUSE seem to have a fix (disputed): https://bugzilla.suse.com/show_bug.cgi?id=960341
NOTE: Reproducer file here: https://bugzilla.suse.com/attachment.cgi?id=665389
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2564
@@ -6439,8 +6476,8 @@ CVE-2015-7497 (Heap-based buffer overflow in the xmlDictComputeFastQKey function
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756528 (upstream bug not yet open)
CVE-2015-7496 (GNOME Display Manager (gdm) before 3.18.2 allows physically proximate ...)
- gdm3 3.18.2-1
- [jessie] - gdm3 <not-affected> (Vulnerable code not present, unreproducible)
- [wheezy] - gdm3 <not-affected> (Vulnerable code not present, unreproducible)
+ [jessie] - gdm3 <not-affected> (Vulnerable code not present, unreproducible)
+ [wheezy] - gdm3 <not-affected> (Vulnerable code not present, unreproducible)
[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758032
NOTE: https://git.gnome.org/browse/gdm/commit/?id=5ac2246
@@ -6675,7 +6712,7 @@ CVE-2015-8076 (The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before
- cyrus-imapd-2.4 2.4.17+nocaldav-2
[jessie] - cyrus-imapd-2.4 2.4.17+nocaldav-0~deb8u1
[wheezy] - cyrus-imapd-2.4 <no-dsa> (Minor issue; can be fixed alone in a future DLA)
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/29/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/29/2
NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b
CVE-2015-7383 (Multiple cross-site scripting (XSS) vulnerabilities in Web Reference D ...)
@@ -6685,9 +6722,9 @@ CVE-2015-7382 (SQL injection vulnerability in install.php in Web Reference Datab
CVE-2015-7381 (Multiple PHP remote file inclusion vulnerabilities in install.php in W ...)
NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-7380
- RESERVED
+ REJECTED
CVE-2015-7379
- RESERVED
+ REJECTED
CVE-2015-7378 (Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "P ...)
NOT-FOR-US: Panda Security
CVE-2015-7377 (Cross-site scripting (XSS) vulnerability in pie-register/pie-register. ...)
@@ -6738,7 +6775,7 @@ CVE-2015-XXXX [DoS]
NOTE: No CVE will be assigned for behaviour change between 1.907 and 1.908
NOTE: See CVE-2015-7686 for the underlying CWE-407 ("Algorithmic Complexity")
NOTE: issue still present in 1.908
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/02/13
CVE-2015-7359 (The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in ...)
NOT-FOR-US: TrueCrypt
CVE-2015-7358 (The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7. ...)
@@ -6884,7 +6921,7 @@ CVE-2015-7296 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W
NOT-FOR-US: Securifi Almond devices
CVE-2015-7294 (ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP inj ...)
NOT-FOR-US: NodeJS ldapauth
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/18/4
NOTE: https://github.com/vesse/node-ldapauth-fork/issues/21
NOTE: https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4
NOTE: https://nodesecurity.io/advisories/19
@@ -7034,7 +7071,7 @@ CVE-2015-7295 (hw/virtio/virtio.c in the Virtual Network Device (virtio-net) sup
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along in a later DSA)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/18/5
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04730.html
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04731.html
@@ -7232,7 +7269,7 @@ CVE-2015-7183 (Integer overflow in the PL_ARENA_ALLOCATE implementation in Netsc
- virtualbox 5.0.10-dfsg-1
[jessie] - virtualbox 4.3.36-dfsg-1+deb8u1
[wheezy] - virtualbox <no-dsa> (Minor issue, will be fixed when included in next CPU)
- NOTE: VirtualBox fixed: 4.0.36, 4.1.44, 4.2.36, 4.3.34, 5.0.10
+ NOTE: VirtualBox fixed: 4.0.36, 4.1.44, 4.2.36, 4.3.34, 5.0.10
NOTE: http://hg.mozilla.org/projects/nspr/rev/c9c965b2b19c
NOTE: http://hg.mozilla.org/projects/nspr/rev/bd8fb4498fa6
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
@@ -7722,7 +7759,7 @@ CVE-2015-7236 (Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c
- rpcbind 0.2.1-6.1 (bug #799307)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=946204
NOTE: http://www.spinics.net/lists/linux-nfs/msg53045.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/17/1
CVE-2015-6961 (Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows ...)
- web2py 2.12.3-1
[jessie] - web2py <ignored> (Minor issue)
@@ -7778,10 +7815,10 @@ CVE-2015-7989 (Cross-site scripting (XSS) vulnerability in the user list table i
{DSA-3383-1 DSA-3375-1 DLA-321-1}
- wordpress 4.3.1+dfsg-1 (bug #799140)
NOTE: https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/26/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/26/7
CVE-2015-7337 (The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x ...)
- ipython <not-affected> (Affects versions 3.0 to 3.2.1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/16/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/16/3
CVE-2015-7940 (The Bouncy Castle Java library before 1.51 does not validate a point i ...)
{DSA-3417-1 DLA-361-1}
- bouncycastle 1.51-1 (bug #802671)
@@ -7810,7 +7847,7 @@ CVE-2015-8871 (Use-after-free vulnerability in the opj_j2k_write_mco function in
NOTE: https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f
NOTE: https://github.com/uclouvain/openjpeg/issues/563
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1263359
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/15/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/15/4
CVE-2015-6930
RESERVED
CVE-2015-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks ...)
@@ -8001,22 +8038,22 @@ CVE-2015-6908 (The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2
- openldap 2.4.42+dfsg-2 (bug #798622)
NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240;selectid=8240
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/11/2
CVE-2015-7312 (Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3 ...)
- linux 4.2.1-1 (bug #796036)
[jessie] - linux 3.16.7-ckt11-1+deb8u4
[wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/10/3
NOTE: http://sourceforge.net/p/aufs/mailman/message/34449209/
NOTE: For Linux kernel with aufs aufs3-mmap.patch or aufs4-mmap.patch mmap patch
CVE-2015-6855 (hw/ide/core.c in QEMU does not properly restrict the commands accepted ...)
{DSA-3362-1 DSA-3361-1}
- qemu 1:2.4+dfsg-2
- - qemu-kvm <removed>
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
+ - qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/10/1
NOTE: Fix commit: http://git.qemu.org/?p=qemu.git;a=commit;h=d9033e1d3aa666c5071580617a57bd853c5d794a
NOTE: exec_cmd introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7cff87ff6ab117799e32e42c2e4dc4c0588e583a
NOTE: cmd_table introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=844505b12e722d9ba7060480e766351fc6313501
@@ -8042,44 +8079,44 @@ CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a
CVE-2015-6825 (The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFm ...)
{DLA-1611-1}
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
[wheezy] - libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a38264f20382731cf2cc75fdd98f4c9a84a626
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a38264f20382731cf2cc75fdd98f4c9a84a626
CVE-2015-6824 (The sws_init_context function in libswscale/utils.c in FFmpeg before 2 ...)
{DLA-1611-2}
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111
CVE-2015-6823 (The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2. ...)
{DLA-1611-2}
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7068bf277a37479aecde2832208d820682b35e6
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7068bf277a37479aecde2832208d820682b35e6
CVE-2015-6822 (The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7 ...)
{DLA-1611-2 DLA-1611-1}
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4
CVE-2015-6821 (The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg be ...)
{DLA-1611-1}
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1
CVE-2015-6820 (The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7. ...)
{DLA-1611-1}
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3
CVE-2015-6819 (Multiple integer underflows in the ff_mjpeg_decode_frame function in l ...)
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
@@ -8089,7 +8126,7 @@ CVE-2015-6818 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg b
- ffmpeg 7:2.7.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91
NOTE: For libav in jessie, the patch needs to go into the decode_frame() function in libavcodec/pngdec.c
CVE-2015-6814
RESERVED
@@ -8122,34 +8159,34 @@ CVE-2015-XXXX [hardening for RSA-CRT leak]
- libgcrypt20 1.6.4-3
[jessie] - libgcrypt20 <no-dsa> (Minor issue; additional hardening)
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/08/5
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/09/08/5
NOTE: Thread on oss-security to clarify if this should be CVE-2015-5738 or a new CVE
CVE-2015-6838 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...)
{DSA-3358-1 DLA-341-1}
- php5 5.6.13+dfsg-1
- hhvm 3.12.1+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69782
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/07/5
NOTE: Fixed in 5.5.45 and 5.6.13
NOTE: https://github.com/facebook/hhvm/commit/f358ec0e905df41feaa9dc75f4dee814cfe5a60a
CVE-2015-6837 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...)
{DSA-3358-1 DLA-341-1}
- php5 5.6.13+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69782
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/07/5
NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6836 (The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, ...)
{DSA-3358-1 DLA-341-1}
- php5 5.6.13+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=70388
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/07/5
NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6835 (The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, an ...)
{DSA-3358-1}
- php5 5.6.13+dfsg-1
[squeeze] - php5 <no-dsa> (Too intrusive to backport)
NOTE: https://bugs.php.net/bug.php?id=70219
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/07/5
NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6834 (Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x be ...)
{DSA-3358-1 DLA-341-1}
@@ -8157,18 +8194,18 @@ CVE-2015-6834 (Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5
NOTE: https://bugs.php.net/bug.php?id=70172
NOTE: https://bugs.php.net/bug.php?id=70365
NOTE: https://bugs.php.net/bug.php?id=70366
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/07/5
NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-7225 (Tinfoil Devise-two-factor before 2.0.0 does not strictly follow sectio ...)
- ruby-devise-two-factor 2.0.0-1 (bug #798466)
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/06/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/06/2
CVE-2015-8777 (The process_envvars function in elf/rtld.c in the GNU C Library (aka g ...)
{DSA-3480-1 DLA-316-1}
- glibc 2.21-1 (bug #798316; bug #801691)
[jessie] - glibc 2.19-18+deb8u2
- eglibc <removed>
[squeeze] - eglibc 2.11.3-4+deb6u7
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/05/8
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/05/8
NOTE: Upstream bug https://sourceware.org/bugzilla/show_bug.cgi?id=18928
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a014cecd82b71b70a6a843e250e06b541ad524f7
CVE-2015-6815 (The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 ...)
@@ -8177,16 +8214,17 @@ CVE-2015-6815 (The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/04/4
NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
CVE-2015-6816 (ganglia-web before 3.7.1 allows remote attackers to bypass authenticat ...)
- - ganglia-web <unfixed> (unimportant; bug #798213)
+ - ganglia-web 3.7.5+debian-1 (unimportant; bug #798213)
- ganglia 3.6.0-1 (unimportant)
[squeeze] - ganglia <not-affected> (affected code not present)
NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/04/2
NOTE: https://github.com/ganglia/ganglia-web/issues/267
+ NOTE: https://github.com/ganglia/ganglia-web/commit/f8cc17054270d54f53d92bbe3f7764dc3d9efcc7
CVE-2015-6817 (PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows r ...)
- pgbouncer 1.6.1-1
[jessie] - pgbouncer <not-affected> (Introduced in 1.6)
@@ -8194,7 +8232,7 @@ CVE-2015-6817 (PgBouncer 1.6.x before 1.6.1, when configured with auth_user, all
[squeeze] - pgbouncer <not-affected> (Introduced in 1.6)
NOTE: http://web.archive.org/web/20150905195759/http://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/
NOTE: https://github.com/pgbouncer/pgbouncer/issues/69
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/04/3
CVE-2015-XXXX [val_dane_check: usage DANE-TA(2) may bypass cert validation entirely]
[experimental] - dnsval 2.1-1
- dnsval 2.0-2 (bug #797470)
@@ -8206,7 +8244,7 @@ CVE-2015-XXXX [Memory corruption]
[squeeze] - libvncserver 0.9.7-2+deb6u2
NOTE: workaround entry for DLA-380-1 until/if CVE assigned
NOTE: https://github.com/LibVNC/libvncserver/commit/804335f9d296440bb708ca844f5d89b58b50b0c6
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/03/8
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/09/03/8
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=706087#c1 notes that the fix breaks ABI
CVE-2015-6938 (Cross-site scripting (XSS) vulnerability in the file browser in notebo ...)
- ipython 2.4.1-1 (low; bug #798886)
@@ -8214,7 +8252,7 @@ CVE-2015-6938 (Cross-site scripting (XSS) vulnerability in the file browser in n
[wheezy] - ipython <no-dsa> (Minor issue)
[squeeze] - ipython <not-affected> (Vulnerable code not present)
NOTE: Affected versions: 0.12 <= x <= 4.0
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/02/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/02/3
CVE-2015-6804
RESERVED
CVE-2015-6803
@@ -8413,7 +8451,7 @@ CVE-2015-6761 (The update_dimensions function in libavcodec/vp8.c in FFmpeg thro
NOTE: https://code.google.com/p/chromium/issues/detail?id=532967
NOTE: Starting with 44.0.2403.157-1 chromium uses the ffmpeg system copy
NOTE: It looks like this relates to multithreaded decoding of VPx codecs, which is not implemented in the squeeze version. But I'm not sure as the second bug report is still private.
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=dabea74d0e82ea80cd344f630497cafcb3ef872c
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=dabea74d0e82ea80cd344f630497cafcb3ef872c
CVE-2015-6760 (The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGL ...)
{DSA-3376-1}
- chromium-browser 46.0.2490.71-1
@@ -8472,12 +8510,12 @@ CVE-2015-6806 (The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier d
{DSA-3352-1 DLA-305-1}
- screen 4.3.1-2 (bug #797624)
NOTE: https://savannah.gnu.org/bugs/?45713
- NOTE: http://www.openwall.com/lists/oss-security/2015/09/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/09/01/1
CVE-2015-6749 (Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis- ...)
{DLA-1010-1 DLA-317-1}
- vorbis-tools 1.4.0-7 (bug #797461)
[jessie] - vorbis-tools 1.4.0-6+deb8u1
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/29/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/29/1
NOTE: https://trac.xiph.org/ticket/2212
CVE-2015-6741
RESERVED
@@ -8494,7 +8532,7 @@ CVE-2015-6748 (Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. .
NOTE: https://github.com/jhy/jsoup/pull/582
NOTE: https://hibernate.atlassian.net/browse/HV-1012
NOTE: https://issues.jboss.org/browse/WFLY-5223
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/28/3
CVE-2015-6726
RESERVED
CVE-2015-6725 (The ANSendForSharedReview method in Adobe Reader and Acrobat 10.x befo ...)
@@ -8953,41 +8991,41 @@ CVE-2015-6661 (Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attacker
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2015-003
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6660 (The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not pr ...)
{DSA-3346-1}
- drupal7 7.39-1
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2015-003
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6659 (SQL injection vulnerability in the SQL comment filtering system in the ...)
{DSA-3346-1}
- drupal7 7.39-1
NOTE: https://www.drupal.org/SA-CORE-2015-003
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6658 (Cross-site scripting (XSS) vulnerability in the Autocomplete system in ...)
{DSA-3346-1}
- drupal7 7.39-1
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2015-003
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6665 (Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal ...)
{DSA-3346-1}
- drupal7 7.39-1
NOTE: https://www.drupal.org/SA-CORE-2015-003
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6673 (Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. ...)
{DLA-2035-1}
- libpgf 6.14.12-3.2 (bug #798032)
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/14
- NOTE: Details on the CVE assignment: http://www.openwall.com/lists/oss-security/2015/08/25/9
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/19/14
+ NOTE: Details on the CVE assignment: https://www.openwall.com/lists/oss-security/2015/08/25/9
NOTE: https://sourceforge.net/p/libpgf/code/147/
NOTE: https://sourceforge.net/p/libpgf/code/148/
CVE-2015-6527 (The php_str_replace_in_subject function in ext/standard/string.c in PH ...)
- php5 <not-affected> (Specific to PHP 7)
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5
NOTE: https://bugs.php.net/bug.php?id=70140
CVE-2015-6521 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS vers ...)
NOT-FOR-US: ATutor
@@ -9021,7 +9059,7 @@ CVE-2015-6833 (Directory traversal vulnerability in the PharData class in PHP be
{DSA-3344-1 DLA-341-1}
- php5 5.6.12+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=70019
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/19/3
NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6831 (Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5 ...)
{DSA-3344-1 DLA-341-1}
@@ -9030,13 +9068,13 @@ CVE-2015-6831 (Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.
NOTE: https://bugs.php.net/bug.php?id=70168
NOTE: https://bugs.php.net/bug.php?id=70166
NOTE: https://bugs.php.net/bug.php?id=70155
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/19/3
NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6832 (Use-after-free vulnerability in the SPL unserialize implementation in ...)
{DSA-3344-1 DLA-341-1}
- php5 5.6.12+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=70068
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/19/3
NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6505
RESERVED
@@ -9558,7 +9596,7 @@ CVE-2015-6526 (The perf_callchain_user_64 function in arch/powerpc/perf/callchai
[wheezy] - linux 3.2.71-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (powerpc not supported in Squeeze LTS)
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/18/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/18/4
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5cbce421a283e6aea3c4007f141735bf9da8c3 (v4.1-rc1)
CVE-2015-6252 (The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux ker ...)
{DSA-3364-1}
@@ -10135,7 +10173,7 @@ CVE-2015-5986 (openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.
CVE-2015-6496 (conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that t ...)
{DSA-3341-1 DLA-295-1}
- conntrack 1:1.4.2-3 (bug #796103)
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/14/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/14/4
NOTE: http://bugzilla.netfilter.org/show_bug.cgi?id=910
NOTE: https://git.netfilter.org/conntrack-tools/commit/?id=c392c159605956c7bd4a264ab4490e2b2704c0cd
CVE-2015-5985
@@ -10186,26 +10224,26 @@ CVE-2015-6506 (Cross-site scripting (XSS) vulnerability in the cryptography inte
[jessie] - request-tracker4 4.2.8-3+deb8u1
[wheezy] - request-tracker4 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d1c7767d8484c4
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/13/8
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/13/8
CVE-2015-6565 (sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY de ...)
- openssh <not-affected> (Vulnerable code introduce in V_6_8_P1)
NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=6f941396b6835ad18018845f515b0c4fe20be21a
NOTE: Issue introduced with https://anongit.mindrot.org/openssh.git/commit/?id=a5883d4eccb94b16c355987f58f86a7dee17a0c2 (V_6_8_P1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/12/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/12/1
CVE-2015-6563 (The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD pla ...)
{DLA-1500-1}
- openssh 1:6.9p1-1 (bug #795711)
[wheezy] - openssh <no-dsa> (Minor issue)
[squeeze] - openssh <no-dsa> (Minor issue)
NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/9
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/11/9
CVE-2015-6564 (Use-after-free vulnerability in the mm_answer_pam_free_ctx function in ...)
{DLA-1500-1}
- openssh 1:6.9p1-1 (bug #795711)
[wheezy] - openssh <no-dsa> (Minor issue)
[squeeze] - openssh <no-dsa> (Minor issue)
NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=5e75f5198769056089fb06c4d738ab0e5abc66f7
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/9
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/11/9
CVE-2015-6737 (Cross-site scripting (XSS) vulnerability in the Widgets extension for ...)
NOT-FOR-US: Widgets extension for MediaWiki
NOTE: https://phabricator.wikimedia.org/T88964
@@ -10266,7 +10304,7 @@ CVE-2015-5960 (Mozilla Firefox OS before 2.2 allows physically proximate attacke
NOT-FOR-US: Mozilla Firefox OS
CVE-2015-6520 (IPPUSBXD before 1.22 listens on all interfaces, which allows remote at ...)
- ippusbxd 1.22-1 (bug #795162)
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/11/1
NOTE: https://github.com/tillkamppeter/ippusbxd/commit/46844402bca7a38fc224483ba6f0a93c4613203f
NOTE: https://github.com/tillkamppeter/ippusbxd/commit/a632841f8e65d402e13e81921515f5a1e2736c82
CVE-2015-XXXX [publicfile-installer: insecure use of /tmp]
@@ -10277,12 +10315,12 @@ CVE-2015-XXXX [net/http: broken trailers don't close a server connection]
[wheezy] - golang <no-dsa> (Minor issue)
NOTE: https://github.com/golang/go/issues/12027
NOTE: https://github.com/golang/go/commit/26049f6f9171d1190f3bbe05ec304845cfe6399f
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/06/2
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/08/06/2
CVE-2015-6251 (Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4 ...)
{DSA-3334-1}
- gnutls28 3.3.17-1 (bug #795068)
- gnutls26 <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/10/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/10/1
NOTE: https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12
NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2015-3
NOTE: _gnutls_x509_dn_to_string() introduced in 3.1.10 via:
@@ -10749,7 +10787,7 @@ CVE-2015-5745 (Buffer overflow in the send_control_msg function in hw/char/virti
[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/06/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/06/3
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=7882080388be5088e72c425b02223c02e6cb4295 (v2.4.0-rc3)
NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=98b19252cf1bd97c54bc4613f3537c5ec0aae263 (v0.13.0-rc0)
NOTE: Patch for wheezy needs change since uses iov_from_buf:
@@ -10970,7 +11008,7 @@ CVE-2015-8383 (PCRE before 8.38 mishandles certain repeated conditional groups,
[wheezy] - pcre3 <not-affected> (vulnerable coded introduce in 8.34)
[squeeze] - pcre3 <not-affected> (vulnerable code introduced in 8.34)
NOTE: Fixed in 8.38
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/29/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/29/1
NOTE: Fixed by http://vcs.pcre.org/pcre?view=revision&revision=1557
NOTE: Introduced by/first bad commit: http://vcs.pcre.org/pcre?view=revision&revision=1365
CVE-2015-8382 (The match function in pcre_exec.c in PCRE before 8.37 mishandles the / ...)
@@ -10981,7 +11019,7 @@ CVE-2015-8382 (The match function in pcre_exec.c in PCRE before 8.37 mishandles
NOTE: http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510
NOTE: https://bugs.exim.org/show_bug.cgi?id=1537
NOTE: Fixed upstream in upstream release pcre-8.37
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/04/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/04/2
CVE-2015-XXXX [more to CVE-2015-2059]
- libidn 1.32-1
[jessie] - libidn 1.29-1+deb8u1
@@ -11000,26 +11038,26 @@ CVE-2015-XXXX [Sidekiq::Web lacks CSRF protection]
NOTE: Fix released in sidekiq 3.4.2
NOTE: Follow-up fix: https://github.com/mperham/sidekiq/commit/75a3524c919857aac16e0541b0cb107f48d00694
NOTE: Follow-up commit not included in 3.4.2~dfsg-1
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-XXXX [XSS via job arguments display class in Sidekiq::Web]
- ruby-sidekiq 3.4.2~dfsg-3
[jessie] - ruby-sidekiq <no-dsa> (Minor issue)
NOTE: https://github.com/mperham/sidekiq/pull/2309
NOTE: Fixed by https://github.com/mperham/sidekiq/commit/54766f336620ca0ce3b0b87a7a56382496e64b61
NOTE: Fix released in sidekiq 3.4.0
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-XXXX [XSS via queue name in Sidekiq::Web]
- ruby-sidekiq 3.4.2~dfsg-3
[jessie] - ruby-sidekiq <no-dsa> (Minor issue)
NOTE: https://github.com/mperham/sidekiq/issues/2330
NOTE: Fixed by https://github.com/mperham/sidekiq/commit/2178d66b6686fbf4430223c34c184a64c9906828
NOTE: Fix released in sidekiq 3.4.0
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-5707 (Integer overflow in the sg_start_req function in drivers/scsi/sg.c in ...)
{DSA-3329-1 DLA-310-1}
- linux 4.1.3-1
- linux-2.6 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/01/6
NOTE: Probably introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=10db10d144c0248f285242f79daf6b9de6b00a62 (v2.6.28-rc1)
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81 (v4.1-rc1)
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee (v4.1-rc1)
@@ -11028,7 +11066,7 @@ CVE-2015-5706 (Use-after-free vulnerability in the path_openat function in fs/na
[jessie] - linux 3.16.7-ckt11-1+deb8u3
[wheezy] - linux <not-affected> (Introduced in v3.11-rc1)
- linux-2.6 <not-affected> (Introduced in v3.11-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/01/5
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=60545d0d4610b02e55f65d141c95b18ccf855b6e (v3.11-rc1)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0 (v4.1-rc3)
CVE-2015-5702
@@ -11045,7 +11083,7 @@ CVE-2015-5704 (scripts/licensecheck.pl in devscripts before 2.15.7 allows local
[wheezy] - devscripts <not-affected> (Vulnerable code not present)
[squeeze] - devscripts <not-affected> (Vulnerable code not present)
NOTE: Introduced in https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=025ad4ea8ba92d32bd698a83149f782c17f78bf0 (v2.15.5)
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/01/1
CVE-2015-5699 (The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux ...)
NOT-FOR-US: Cumulus Linux
NOTE: https://lists.cumulusnetworks.com/pipermail/cumulus-security-announce/2015-July/000002.html
@@ -11229,7 +11267,7 @@ CVE-2015-5697 (The get_bitmap_file function in drivers/md/md.c in the Linux kern
- linux 4.1.3-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16 (v4.2-rc6)
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/28/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/28/2
CVE-2015-5620
RESERVED
CVE-2015-5619 (Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack out ...)
@@ -11420,13 +11458,13 @@ CVE-2015-XXXX [integer overflow]
[jessie] - freexl 1.0.0g-1+deb8u2
[wheezy] - freexl 1.0.0b-1+deb7u2
NOTE: For the issue fixed in DSA-3310-1 not yet CVEified
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/06/7
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/06/7
CVE-2015-XXXX [SQL Injection in host_templates.php]
- cacti 0.8.8e+ds1-1
[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
[squeeze] - cacti 0.8.7g-1+squeeze7
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/18/4
NOTE: http://bugs.cacti.net/view.php?id=2584
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection in graph_templates.php]
@@ -11434,7 +11472,7 @@ CVE-2015-XXXX [SQL Injection in graph_templates.php]
[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
[squeeze] - cacti 0.8.7g-1+squeeze7
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/18/4
NOTE: http://bugs.cacti.net/view.php?id=2583
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection in data_templates.php]
@@ -11442,7 +11480,7 @@ CVE-2015-XXXX [SQL Injection in data_templates.php]
[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
[squeeze] - cacti 0.8.7g-1+squeeze7
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/18/4
NOTE: http://bugs.cacti.net/view.php?id=2582
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection in cdef.php]
@@ -11450,7 +11488,7 @@ CVE-2015-XXXX [SQL Injection in cdef.php]
[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
[squeeze] - cacti 0.8.7g-1+squeeze7
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/18/4
NOTE: http://bugs.cacti.net/view.php?id=2580
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection Vulnerability in data sources]
@@ -11458,7 +11496,7 @@ CVE-2015-XXXX [SQL Injection Vulnerability in data sources]
[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
[squeeze] - cacti 0.8.7g-1+squeeze7
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/18/4
NOTE: http://bugs.cacti.net/view.php?id=2579
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection Vulnerability in graph items and graph template items]
@@ -11466,20 +11504,20 @@ CVE-2015-XXXX [SQL Injection Vulnerability in graph items and graph template ite
[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
[squeeze] - cacti 0.8.7g-1+squeeze7
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/07/18/4
NOTE: http://bugs.cacti.net/view.php?id=2574
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-5590 (Stack-based buffer overflow in the phar_fix_filepath function in ext/p ...)
{DSA-3344-1 DLA-307-1}
- php5 5.6.11+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69923
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
NOTE: Fixed in 5.6.11, 5.4.43
CVE-2015-5589 (The phar_convert_to_other function in ext/phar/phar_object.c in PHP be ...)
{DSA-3344-1 DLA-307-1}
- php5 5.6.11+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69958
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
NOTE: Fixed in 5.6.11, 5.4.43
CVE-2015-5536 (Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.1 ...)
NOT-FOR-US: Belkin router
@@ -11526,7 +11564,7 @@ CVE-2015-5516 (Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM,
CVE-2015-6240 (The chroot, jail, and zone connection plugins in ansible before 1.9.2 ...)
{DLA-1923-1}
- ansible 1.9.2+dfsg-1 (low)
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/14/3
CVE-2015-5515 (The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x- ...)
NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5514 (Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x ...)
@@ -11653,7 +11691,7 @@ CVE-2015-5607 (Cross-site request forgery in the REST API in IPython 2 and 3. ..
NOTE: https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0 (2.x)
NOTE: https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816 (3.x)
NOTE: Affected versions: 0.12 <= version <= 3.2.0
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/12/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/12/4
CVE-2015-5461 (Open redirect vulnerability in the Redirect function in stageshow_redi ...)
NOT-FOR-US: Redirect function in stageshow_redirect.php in the StageShow plugin for WordPress
CVE-2015-5460 (Cross-site scripting (XSS) vulnerability in app/views/events/_menu.htm ...)
@@ -11704,8 +11742,8 @@ CVE-2015-5438
REJECTED
CVE-2015-5437
REJECTED
-CVE-2015-5436
- REJECTED
+CVE-2015-5436 (A potential security vulnerability has been identified with HP Integra ...)
+ NOT-FOR-US: HP
CVE-2015-5435 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 ...)
NOT-FOR-US: HP
CVE-2015-5434 (HPE Networking Products, originally branded as Comware 5, Comware 7, H ...)
@@ -11843,13 +11881,13 @@ CVE-2015-8041 (Multiple integer overflows in the NDEF record parser in hostapd b
[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with CONFIG_WPS_NFC=y)
- hostapd <removed>
[squeeze] - hostapd <not-affected> (v0.7.0-v2.4 with CONFIG_WPS_NFC=y)
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/08/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/08/3
NOTE: http://w1.fi/security/2015-5/
CVE-2015-5395 (Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. ...)
- sogo 3.2.4-0.2 (bug #796197)
[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
NOTE: https://lists.debian.org/debian-lts/2016/05/msg00197.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/07/10
NOTE: http://www.sogo.nu/bugs/view.php?id=3246
NOTE: https://github.com/inverse-inc/sogo/commit/582baf2960969c73f98643e46cfb49432c30b711 (SOGo-3.1.0)
CVE-2015-5470 (The label decompression functionality in PowerDNS Recursor before 3.6. ...)
@@ -11860,24 +11898,24 @@ CVE-2015-5470 (The label decompression functionality in PowerDNS Recursor before
- pdns-recursor 3.7.3-1
[wheezy] - pdns-recursor <not-affected> (3.5 and up affected)
[squeeze] - pdns-recursor <not-affected> (3.5 and up affected)
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/07/6
NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
NOTE: Patch: http://downloads.powerdns.com/patches/2015-01/rec-3.7.2.patch
CVE-2015-5383 (Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain ...)
- roundcube <not-affected> (protection is done in apache config in binary package)
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/06/10
NOTE: http://trac.roundcube.net/ticket/1490378
CVE-2015-5382 (program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 ...)
- roundcube 1.1.2+dfsg.1-1 (bug #791643)
[wheezy] - roundcube <not-affected> (Vulnerable code not present)
[squeeze] - roundcube <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/06/10
NOTE: http://trac.roundcube.net/ticket/1490379
CVE-2015-5381 (Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...)
- roundcube 1.1.2+dfsg.1-1 (bug #791643)
[wheezy] - roundcube <not-affected> (Vulnerable code not present)
[squeeze] - roundcube <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/06/10
NOTE: http://trac.roundcube.net/ticket/1490417
CVE-2015-5400 (Squid before 3.5.6 does not properly handle CONNECT method peer respon ...)
{DSA-3327-1 DLA-286-1}
@@ -11888,13 +11926,13 @@ CVE-2015-5400 (Squid before 3.5.6 does not properly handle CONNECT method peer r
NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch (3.5)
NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch (3.4)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/8
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/06/8
NOTE: In squeeze's squid3 the code is structured differently but the bug still appears to be present.
NOTE: For squid 2.x all versions are affected, cf. comment by upstream in
NOTE: https://bugs.debian.org/793128#12
CVE-2015-5380 (The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in ...)
- nodejs <not-affected> (Only affects 0.12.x)
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/05/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/05/1
CVE-2015-5365 (Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows rem ...)
NOT-FOR-US: Zurmo CRM
CVE-2015-5363 (The SRX Network Security Daemon (nsd) in Juniper SRX Series services g ...)
@@ -11934,7 +11972,7 @@ CVE-2015-5351 (The (1) Manager and (2) Host Manager applications in Apache Tomca
CVE-2015-5350 (In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered ...)
NOT-FOR-US: Cloud Foundry
CVE-2015-5349 (The CSV export in Apache LDAP Studio and Apache Directory Studio befor ...)
- NOT-FOR-US: Apache LDAP Studio and Apache Directory Studio
+ - apache-directory-server <not-affected> (Fixed before initial upload to Debian)
CVE-2015-5348 (Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x be ...)
NOT-FOR-US: Apache Camel
CVE-2015-5347 (Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScrip ...)
@@ -12100,7 +12138,7 @@ CVE-2015-5311 (PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allow
[wheezy] - pdns <not-affected> (Only 3.4.4 and later affected)
[squeeze] - pdns <not-affected> (Only 3.4.4 and later affected)
- pdns-recursor <not-affected> (recursor not affected)
- NOTE: http://www.openwall.com/lists/oss-security/2015/11/09/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/11/09/3
CVE-2015-5310 (The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not prop ...)
{DSA-3397-1}
- wpa 2.3-2.3 (bug #804707)
@@ -12121,8 +12159,8 @@ CVE-2015-5307 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.
{DSA-3454-1 DSA-3414-1 DSA-3396-1 DLA-479-1}
- linux 4.2.6-1
- linux-2.6 <removed>
- - xen 4.8.0~rc3-1 (bug #823620)
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
+ - xen 4.8.0~rc3-1 (bug #823620)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-156.html
- virtualbox 5.0.10-dfsg-1
@@ -12409,13 +12447,16 @@ CVE-2015-5239 (Integer overflow in the VNC display driver in QEMU before 2.1.0 a
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d (v2.1.0-rc0)
CVE-2015-5238
- RESERVED
+ REJECTED
CVE-2015-5237 (protobuf allows remote authenticated attackers to cause a heap-based b ...)
- protobuf <unfixed> (unimportant)
NOTE: https://github.com/google/protobuf/issues/760
NOTE: Upstream doesn't consider this a real issue in practice.
CVE-2015-5236
RESERVED
+ - icedtea-web <unfixed> (unimportant)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1256403
+ NOTE: Negligible impact
CVE-2015-5235 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly dete ...)
- icedtea-web 1.6.1-1 (bug #798467)
[jessie] - icedtea-web 1.5.3-1
@@ -12471,7 +12512,7 @@ CVE-2015-5221 (Use-after-free vulnerability in the mif_process_cmpt function in
- jasper <removed> (bug #796253)
[wheezy] - jasper <no-dsa> (Minor issue)
[squeeze] - jasper <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/20/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/20/4
NOTE: Fixed by https://github.com/mdadams/jasper/commit/df5d2867e8004e51e18b89865bc4aa69229227b3
CVE-2015-5220 (The Web Console in Red Hat Enterprise Application Platform (EAP) befor ...)
NOT-FOR-US: JBoss EAP
@@ -12535,8 +12576,8 @@ CVE-2015-5203 (Double free vulnerability in the jasper_image_stop_load function
[wheezy] - jasper <no-dsa> (Minor issue)
[squeeze] - jasper <no-dsa> (Minor issue)
NOTE: Analysis/More information/Fixing commits: https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c11
-CVE-2015-5202 (Red Hat Satellite 6 allows remote authenticated users with privileged ...)
- NOT-FOR-US: Satellite6
+CVE-2015-5202
+ REJECTED
CVE-2015-5201 (VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka ...)
NOT-FOR-US: Red Hat vdms
CVE-2015-5200 (The trace functionality in libvdpau before 1.1.1, when used in a setui ...)
@@ -12602,9 +12643,9 @@ CVE-2015-5186 (Audit before 2.4.4 in Linux does not sanitize escape characters i
NOTE: https://fedorahosted.org/audit/changeset/1122
CVE-2015-5185 (The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and ...)
- sblim-sfcb <itp> (bug #754493)
-CVE-2015-5184 (The Hawtio console in A-MQ allows remote attackers to obtain sensitive ...)
+CVE-2015-5184 (Console: CORS headers set to allow all in Red Hat AMQ. ...)
NOT-FOR-US: A-MQ's Hawtio console
-CVE-2015-5183 (The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes ...)
+CVE-2015-5183 (Console: HTTPOnly and Secure attributes not set on cookies in Red Hat ...)
NOT-FOR-US: A-MQ's Hawtio console
CVE-2015-5182 (Cross-site request forgery (CSRF) vulnerability in the jolokia API in ...)
NOT-FOR-US: A-MQ's Hawtio console
@@ -12702,7 +12743,7 @@ CVE-2015-5162 (The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.
- nova 2:13.0.0-1 (low)
[jessie] - nova <no-dsa> (Minor issue)
[wheezy] - nova <no-dsa> (Minor issue)
- NOTE: Patches: http://www.openwall.com/lists/oss-security/2016/10/06/8
+ NOTE: Patches: https://www.openwall.com/lists/oss-security/2016/10/06/8
CVE-2015-5161 (The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework ...)
{DSA-3340-1 DLA-302-1}
- zendframework 1.12.14+dfsg-1
@@ -12935,12 +12976,12 @@ CVE-2015-5352 (The x11_open_helper function in channels.c in ssh in OpenSSH befo
{DLA-1500-1 DLA-288-1}
- openssh 1:6.9p1-1 (bug #790798)
[wheezy] - openssh <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/01/7
NOTE: https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d
CVE-2015-5147 (Stack-based buffer overflow in the header_anchor function in the HTML ...)
- ruby-redcarpet <not-affected> (Affects v3.3.0 - v3.3.1)
NOTE: https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/29/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/29/3
CVE-2015-5081 (Cross-site request forgery (CSRF) vulnerability in django CMS before 3 ...)
- python-django-cms <itp> (bug #516183)
CVE-2015-5073 (Heap-based buffer overflow in the find_fixedlength function in pcre_co ...)
@@ -12951,7 +12992,7 @@ CVE-2015-5073 (Heap-based buffer overflow in the find_fixedlength function in pc
NOTE: https://bugs.exim.org/show_bug.cgi?id=1651
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1571 (8.38)
NOTE: Introduced in http://vcs.pcre.org/pcre?view=revision&revision=454 (8.00)
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/26/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/26/1
CVE-2015-5068 (XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allow ...)
NOT-FOR-US: SAP
CVE-2015-5067 (The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetW ...)
@@ -13878,8 +13919,8 @@ CVE-2015-4721 (Multiple cross-site scripting (XSS) vulnerabilities in Concrete5
NOT-FOR-US: Concrete5
CVE-2015-4720
REJECTED
-CVE-2015-4719
- RESERVED
+CVE-2015-4719 (The client API authentication mechanism in Pexip Infinity before 10 al ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2015-4718 (The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x ...)
{DSA-3373-1}
- owncloud 7.0.6+dfsg-1
@@ -13994,7 +14035,7 @@ CVE-2015-4707 (Cross-site scripting (XSS) vulnerability in IPython before 3.2 al
[wheezy] - ipython <not-affected> (Problematic code introduced in rel-2.0.0)
[squeeze] - ipython <not-affected> (Problematic code introduced in rel-2.0.0)
NOTE: https://github.com/ipython/ipython/commit/1fcc9943c000ab553ebc029db99ecbd0536960d6
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/22/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/22/4
CVE-2015-4706 (Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 all ...)
- ipython <not-affected> (Only affects 3.x)
CVE-2015-4704 (Directory traversal vulnerability in the Download Zip Attachments plug ...)
@@ -14112,22 +14153,22 @@ CVE-2015-4645 (Integer overflow in the read_fragment_table_4 function in unsquas
CVE-2015-4642 (The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.4 ...)
- php5 <not-affected> (Windows specific)
NOTE: https://bugs.php.net/bug.php?id=69646
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4643 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...)
{DSA-3344-1 DLA-307-1}
- php5 5.6.11+dfsg-1
NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
NOTE: https://bugs.php.net/bug.php?id=69545#1431550655
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4644 (The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgs ...)
{DSA-3344-1 DLA-307-1}
- php5 5.6.11+dfsg-1
NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
NOTE: https://bugs.php.net/bug.php?id=69667
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4639 (Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl ...)
NOT-FOR-US: Koha
CVE-2015-4638 (The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ...)
@@ -14492,7 +14533,7 @@ CVE-2015-4491 (Integer overflow in the make_filter_table function in pixops/pixo
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=752297
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=8dba67cb4f38d62a47757741ad41e3f245b4a32a
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/17/17
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/17/17
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/
NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and build-depends on external gdk-pixbuf
CVE-2015-4490 (The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in M ...)
@@ -14501,23 +14542,23 @@ CVE-2015-4490 (The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp
CVE-2015-4489 (The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38 ...)
{DSA-3410-1 DSA-3333-1}
- iceweasel 38.2.0esr-1
+ [squeeze] - iceweasel <end-of-life>
- icedove 38.3.0-1
[squeeze] - icedove <end-of-life>
- [squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
CVE-2015-4488 (Use-after-free vulnerability in the StyleAnimationValue class in Mozil ...)
{DSA-3410-1 DSA-3333-1}
- iceweasel 38.2.0esr-1
+ [squeeze] - iceweasel <end-of-life>
- icedove 38.3.0-1
[squeeze] - icedove <end-of-life>
- [squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
CVE-2015-4487 (The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, ...)
{DSA-3410-1 DSA-3333-1}
- iceweasel 38.2.0esr-1
+ [squeeze] - iceweasel <end-of-life>
- icedove 38.3.0-1
[squeeze] - icedove <end-of-life>
- [squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
CVE-2015-4486 (The decrease_ref_count function in libvpx in Mozilla Firefox before 40 ...)
- libvpx 1.4.0-1
@@ -14580,9 +14621,9 @@ CVE-2015-4474 (Multiple unspecified vulnerabilities in the browser engine in Moz
CVE-2015-4473 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-3410-1 DSA-3333-1}
- iceweasel 38.2.0esr-1
+ [squeeze] - iceweasel <end-of-life>
- icedove 38.3.0-1
[squeeze] - icedove <end-of-life>
- [squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/
CVE-2015-4466
RESERVED
@@ -14612,21 +14653,21 @@ CVE-2015-4602 (The __PHP_Incomplete_Class function in ext/standard/incomplete_cl
- php5 5.6.9+dfsg-1
[jessie] - php5 5.6.9+dfsg-0+deb8u1
[wheezy] - php5 5.4.41-0+deb7u1
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1
NOTE: https://bugs.php.net/bug.php?id=69152
CVE-2015-4601 (PHP before 5.6.7 might allow remote attackers to cause a denial of ser ...)
{DLA-307-1}
- php5 5.6.9+dfsg-1
[jessie] - php5 5.6.9+dfsg-0+deb8u1
[wheezy] - php5 5.4.41-0+deb7u1
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
NOTE: https://bugs.php.net/bug.php?id=69152
CVE-2015-4600 (The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.2 ...)
{DLA-307-1}
- php5 5.6.9+dfsg-1
[jessie] - php5 5.6.9+dfsg-0+deb8u1
[wheezy] - php5 5.4.41-0+deb7u1
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
NOTE: https://bugs.php.net/bug.php?id=69152
CVE-2015-4599 (The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4. ...)
{DLA-307-1}
@@ -14634,7 +14675,7 @@ CVE-2015-4599 (The SoapFault::__toString method in ext/soap/soap.c in PHP before
[jessie] - php5 5.6.9+dfsg-0+deb8u1
[wheezy] - php5 5.4.41-0+deb7u1
NOTE: https://bugs.php.net/bug.php?id=69152
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4
CVE-2015-4598 (PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does n ...)
{DSA-3344-1 DLA-307-1}
- php5 5.6.11+dfsg-1
@@ -14648,7 +14689,7 @@ CVE-2015-4556 (The string-translate* procedure in the data-structures unit in CH
[jessie] - chicken <no-dsa> (Minor issue)
[wheezy] - chicken <no-dsa> (Minor issue)
[squeeze] - chicken <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/15/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/15/1
CVE-2015-2967 (Cross-site scripting (XSS) vulnerability in settings.php in Cacti befo ...)
{DSA-3295-1 DLA-255-1}
- cacti 0.8.8d+ds1-1
@@ -15220,7 +15261,7 @@ CVE-2015-4692 (The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the L
[jessie] - linux 3.16.7-ckt11-1+deb8u3
[wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/10/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/10/6
NOTE: Vulnerable function introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=66450a21f99636af4fafac2afd33f1a40631bc3a (v3.10-rc1)
CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function in Po ...)
[experimental] - policykit-1 0.113-1
@@ -15232,13 +15273,13 @@ CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function
NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=90837
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=90832
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/08/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/08/3
NOTE: http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17
NOTE: http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766
NOTE: http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228
CVE-2015-4412 (BSON injection vulnerability in the legal? function in BSON (bson-ruby ...)
- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
- NOTE: Originating from https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
+ NOTE: Originating from https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
CVE-2015-4411 (The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0 ...)
- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
@@ -15249,7 +15290,7 @@ CVE-2015-4410 (The Moped::BSON::ObjecId.legal? method in rubygem-moped before co
NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
NOTE: https://sources.debian.org/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/06/1
CVE-2015-4338 (Static code injection vulnerability in the XCloner plugin 3.1.2 for Wo ...)
NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4337 (Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 f ...)
@@ -15263,23 +15304,23 @@ CVE-2015-4335 (Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers
[squeeze] - redis <not-affected> (Lua support introduced in version 2.6.0)
NOTE: http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
NOTE: Patch: https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/05/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/05/3
CVE-2015-XXXX [Null pointer access in inflatehd tool]
- nghttp2 <unfixed> (unimportant)
NOTE: Upstream report: https://github.com/tatsuhiro-t/nghttp2/issues/235
NOTE: Git commit: https://github.com/tatsuhiro-t/nghttp2/commit/3572e7c6343cb85fc21f5667a7ed0902cf5305cf
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/03/20
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/06/03/20
NOTE: inflatehd not installed into the Debian binary packages
CVE-2015-5523 (The ParseValue function in lexer.c in tidy before 4.9.31 allows remote ...)
{DSA-3309-1 DLA-273-1}
- tidy 20091223cvs-1.5 (bug #792571)
NOTE: https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/04/2
CVE-2015-5522 (Heap-based buffer overflow in the ParseValue function in lexer.c in ti ...)
{DSA-3309-1 DLA-273-1}
- tidy 20091223cvs-1.5 (bug #792571)
NOTE: https://github.com/htacg/tidy-html5/issues/217
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/04/2
CVE-2015-6593
REJECTED
CVE-2015-4179 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Code ...)
@@ -15364,7 +15405,7 @@ CVE-2015-5366 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 (v4.1-rc7)
NOTE: http://web.archive.org/web/20160309082241/https://twitter.com/grsecurity/status/605854034260426753
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/30/13
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/30/13
CVE-2015-5364 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kerne ...)
{DSA-3313-1 DLA-310-1}
- linux 4.0.7-1
@@ -15372,17 +15413,17 @@ CVE-2015-5364 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 (v4.1-rc7)
NOTE: http://web.archive.org/web/20160309082241/https://twitter.com/grsecurity/status/605854034260426753
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/30/13
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/30/13
CVE-2015-XXXX [uudecode: stack out of bounds read access]
- sharutils <unfixed> (unimportant)
NOTE: Negligible security impact
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/02/8
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/06/02/8
CVE-2015-4167 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel befo ...)
{DSA-3313-1 DSA-3290-1 DLA-246-1}
- linux 4.0.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 (v4.0-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/02/6
CVE-2015-4140 (Cross-site request forgery (CSRF) vulnerability in the WP Smiley plugi ...)
NOT-FOR-US: WordPress plugin wp-smiley
CVE-2015-4139 (Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP S ...)
@@ -15416,7 +15457,7 @@ CVE-2015-4178 (The fs_pin implementation in the Linux kernel before 4.0.5 does n
- linux-2.6 <not-affected> (Introduced and fixed in 4.1-rc1 upstream)
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953 (v4.1-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/29/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/29/5
CVE-2015-4177 (The collect_mounts function in fs/namespace.c in the Linux kernel befo ...)
- linux <not-affected> (Commit was applied to 4.0.2 as well but fixed in Debian by two subsequent commits)
NOTE: Debian both applies "mnt: Fail collect_mounts when applied to unmounted mounts"
@@ -15425,7 +15466,7 @@ CVE-2015-4177 (The collect_mounts function in fs/namespace.c in the Linux kernel
- linux-2.6 <not-affected> (Introduced and fixed in 4.1-rc1 upstream)
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae (v4.1-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/29/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/29/5
CVE-2015-4126
RESERVED
CVE-2015-4125
@@ -15600,20 +15641,20 @@ CVE-2015-XXXX [hwclock(8) SUID privilege escalation]
- util-linux 2.27-1 (unimportant; bug #786804)
NOTE: hwclock is not installed suid in Debian
NOTE: https://github.com/karelzak/util-linux/commit/687cc5d58942b24a9f4013c68876d8cbea907ab1
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/26/10
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/05/26/10
CVE-2015-4082 (attic before 0.15 does not confirm unencrypted backups with the user, ...)
- attic 0.16-1 (bug #787435)
[jessie] - attic <no-dsa> (Minor issue)
NOTE: https://github.com/jborg/attic/issues/271
NOTE: https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/25/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/25/3
CVE-2015-4170 (Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem. ...)
- linux 3.13.4-1
[wheezy] - linux <not-affected> (commit 4898e640caf03fdbaf2122d5a33949bf3e4a5b34 not backported)
- linux-2.6 <not-affected> (commit 4898e640caf03fdbaf2122d5a33949bf3e4a5b34 not backported)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae (v3.13-rc5)
NOTE: Affected code was introduced by the rewrite in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4898e640caf03fdbaf2122d5a33949bf3e4a5b34 (v3.11-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/26/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/26/1
CVE-2015-4065 (Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound- ...)
NOT-FOR-US: WordPress plugin landing-pages
CVE-2015-4064 (SQL injection vulnerability in modules/module.ab-testing.php in the La ...)
@@ -15650,7 +15691,7 @@ CVE-2015-4054 (PgBouncer before 1.5.5 allows remote attackers to cause a denial
NOTE: https://github.com/pgbouncer/pgbouncer/commit/edab5be6665b9e8de66c25ba527509b229468573 (master)
NOTE: https://github.com/pgbouncer/pgbouncer/commit/74d6e5f7de5ec736f71204b7b422af7380c19ac5 (stable-1.5)
NOTE: https://github.com/pgbouncer/pgbouncer/issues/42
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/21/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/21/2
CVE-2015-8147
REJECTED
CVE-2015-8146
@@ -15696,7 +15737,7 @@ CVE-2015-4027 (The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scan
CVE-2015-4047 (racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause ...)
{DSA-3272-1 DLA-234-1}
- ipsec-tools 1:0.8.2+20140711-3 (bug #785778)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/20/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/20/1
CVE-2015-4023
RESERVED
CVE-2015-4020 (RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4 ...)
@@ -15741,7 +15782,7 @@ CVE-2015-4041 (The keycompare_mb function in sort.c in sort in GNU Coreutils thr
NOTE: http://pkgs.fedoraproject.org/cgit/coreutils.git/plain/coreutils-i18n.patch
CVE-2015-4035 (scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not ...)
- xz-utils <not-affected> (Affects 4.999.9beta)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/18/7
CVE-2015-4010 (Cross-site request forgery (CSRF) vulnerability in the Encrypted Conta ...)
NOT-FOR-US: Encrypted Contact Form plugin for WordPress
CVE-2015-4009
@@ -15850,7 +15891,7 @@ CVE-2015-4024 (Algorithmic complexity vulnerability in the multipart_buffer_head
- php5 5.6.9+dfsg-1
[squeeze] - php5 <no-dsa> (Too intrusive to backport)
NOTE: https://bugs.php.net/bug.php?id=69364
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/18/2
NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
- hhvm 3.11.0+dfsg-1
NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/6188457bd90ed2f3516e778dca8e91536d91802e
@@ -15858,14 +15899,14 @@ CVE-2015-4022 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in
{DSA-3280-1 DLA-307-1}
- php5 5.6.9+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69545
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/18/2
NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
CVE-2015-4021 (The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41 ...)
{DSA-3280-1 DLA-307-1}
- php5 5.6.9+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69453
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c27f012b7a447e59d4a704688971cbfa7dddaa74
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/17/2 and http://www.openwall.com/lists/oss-security/2015/05/18/2
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c27f012b7a447e59d4a704688971cbfa7dddaa74
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/17/2 and https://www.openwall.com/lists/oss-security/2015/05/18/2
NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
CVE-2015-3987 (Multiple unquoted Windows search path vulnerabilities in the (1) Clien ...)
NOT-FOR-US: McAfee
@@ -16038,7 +16079,7 @@ CVE-2015-3909
CVE-2015-3908 (Ansible before 1.9.2 does not verify that the server hostname matches ...)
{DLA-1923-1}
- ansible 1.9.2+dfsg-1 (low)
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/14/4
NOTE: Fixed in commit https://github.com/ansible/ansible/commit/be7c59c7bbe2c7cfaad0151c42693ebd0ea4243f
CVE-2015-3907 (CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE ...)
NOT-FOR-US: CodeIgniter Rest Server
@@ -16246,12 +16287,12 @@ CVE-2015-4036 (Array index error in the tcm_vhost_make_tpg function in drivers/v
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c (v4.0-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/13/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/13/4
CVE-2015-3988 (Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashb ...)
- horizon 2015.1.0-2 (bug #786741)
[jessie] - horizon <not-affected> (Vulnerable code not present)
[wheezy] - horizon <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/9
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/12/9
CVE-2015-3886 (libinfinity before 0.6.6-1 does not validate expired SSL certificates, ...)
- libinfinity 0.6.6-1 (bug #783601)
[jessie] - libinfinity 0.6.6-1~deb8u1
@@ -16259,7 +16300,7 @@ CVE-2015-3886 (libinfinity before 0.6.6-1 does not validate expired SSL certific
[squeeze] - libinfinity <not-affected> (vulnerable code not present)
NOTE: https://github.com/gobby/libinfinity/commit/c97f870f5ae13112988d9f8ad464b4f679903706
NOTE: https://github.com/gobby/gobby/issues/61
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/12/1
CVE-2015-3815 (The detect_version function in wiretap/logcat.c in the Android Logcat ...)
{DSA-3277-1}
- wireshark 1.12.5+g5819e5b-1
@@ -16690,20 +16731,20 @@ CVE-2015-3880 (Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x befo
[squeeze] - phpbb3 <no-dsa> (Minor issue)
NOTE: https://wiki.phpbb.com/Release_Highlights/3.0.14
NOTE: Patch: https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/12/2
CVE-2015-XXXX [pdf2djvu: insecure use of /tmp when executing c44]
- pdf2djvu 0.7.21-1 (bug #784889)
[jessie] - pdf2djvu 0.7.17-4+deb8u1
[wheezy] - pdf2djvu 0.7.12-2+deb7u1
[squeeze] - pdf2djvu <no-dsa> (Minor issue)
NOTE: https://bitbucket.org/jwilk/pdf2djvu/issue/103
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/05/09/7
CVE-2015-XXXX [didjvu: insecure use of /tmp when executing c44]
- didjvu 0.4-1 (bug #784888)
[jessie] - didjvu 0.2.8-1+deb8u1
[wheezy] - didjvu 0.2.3-2+deb7u1
NOTE: https://bitbucket.org/jwilk/didjvu/issue/8
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/05/09/7
CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 thro ...)
{DSA-3397-1}
- wpa 2.3-2.2 (bug #787371)
@@ -16714,7 +16755,7 @@ CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0
NOTE: http://w1.fi/security/2015-4/
NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
NOTE: http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and wpa_supplica ...)
{DSA-3397-1}
- wpa 2.3-2.2 (bug #787371)
@@ -16726,7 +16767,7 @@ CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and wpa_sup
NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
NOTE: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and wpa_supplica ...)
{DSA-3397-1}
- wpa 2.3-2.2 (bug #787371)
@@ -16738,7 +16779,7 @@ CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and wpa_sup
NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
NOTE: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4143 (The EAP-pwd server and peer implementation in hostapd and wpa_supplica ...)
{DSA-3397-1}
- wpa 2.3-2.2 (bug #787371)
@@ -16748,7 +16789,7 @@ CVE-2015-4143 (The EAP-pwd server and peer implementation in hostapd and wpa_sup
NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
NOTE: http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
NOTE: http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4142 (Integer underflow in the WMM Action frame parser in hostapd 0.5.5 thro ...)
{DSA-3397-1 DLA-260-1}
- wpa 2.3-2.2 (bug #787373)
@@ -16757,7 +16798,7 @@ CVE-2015-4142 (Integer underflow in the WMM Action frame parser in hostapd 0.5.5
- hostapd <removed>
NOTE: http://w1.fi/security/2015-3/
NOTE: http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/09/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/09/5
CVE-2015-4141 (The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplican ...)
{DSA-3397-1}
- wpa 2.3-2.2 (bug #787372)
@@ -16767,7 +16808,7 @@ CVE-2015-4141 (The WPS UPnP function in hostapd, when using WPS AP, and wpa_supp
[squeeze] - hostapd <not-affected> (Affects 0.7.0-v2.4 with CONFIG_WPS_UPNP=y in the build configuration and upnp_iface parameter on runtime)
NOTE: http://w1.fi/security/2015-2/
NOTE: http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/09/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/09/4
CVE-2015-XXXX [incorrect parsing of from header when assigning pgp keys]
- semi 1.14.7~0.20120428-17 (bug #784712)
[jessie] - semi 1.14.7~0.20120428-14+deb8u1
@@ -16827,18 +16868,18 @@ CVE-2015-3632 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allo
NOT-FOR-US: Foxit Reader, Enterprise Reader, PhantomPDF
CVE-2015-3631 (Docker Engine before 1.6.1 allows local users to set arbitrary Linux S ...)
- docker.io 1.6.1+dfsg1-1 (bug #784726)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3630 (Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, ...)
- docker.io 1.6.1+dfsg1-1 (bug #784726)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3629 (Libcontainer 1.6.0, as used in Docker Engine, allows local users to es ...)
- docker.io 1.6.1+dfsg1-1 (bug #784726)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3628 (The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Cont ...)
NOT-FOR-US: F5
CVE-2015-3627 (Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor ...)
- docker.io 1.6.1+dfsg1-1 (bug #784726)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3626 (Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in t ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2015-3625 (The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.7 ...)
@@ -17178,7 +17219,7 @@ CVE-2015-3905 (Buffer overflow in the set_cs_start function in t1disasm.c in t1u
- t1utils 1.38-4 (bug #779274)
[wheezy] - t1utils <no-dsa> (Minor issue)
NOTE: https://github.com/kohler/t1utils/issues/4
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/13/9
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/13/9
CVE-2015-XXXX [crashes on crafted upack packed file]
- clamav 0.98.7+dfsg-1
[jessie] - clamav 0.98.7+dfsg-0+deb8u1
@@ -17186,14 +17227,14 @@ CVE-2015-XXXX [crashes on crafted upack packed file]
[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
NOTE: https://github.com/vrtadmin/clamav-devel/commit/a18af359decd270f5088e80e2ee2866c62e0843e
NOTE: https://github.com/vrtadmin/clamav-devel/commit/ed56f56c1f1529bda877ddd116ae7bc064667c73
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/03/3
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/05/03/3
CVE-2015-XXXX [crash during algorithmic detection on crafted PE file]
- clamav 0.98.7+dfsg-1
[jessie] - clamav 0.98.7+dfsg-0+deb8u1
[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
NOTE: https://github.com/vrtadmin/clamav-devel/commit/a7bdfb4f0d3210eeab49280726ff3ea6d703280e
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/03/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/05/03/4
CVE-2015-XXXX [BUG/MAJOR: http: don't read past buffer's end in http_replace_value]
- haproxy 1.5.12-1
[jessie] - haproxy <no-dsa> (Minor issue)
@@ -17208,7 +17249,7 @@ CVE-2015-XXXX [BUG/MAJOR: http: prevent risk of reading past end with balance ur
NOTE: For squeeze, the above commit message implies that the fix does not need to be backported to version 1.4 and indeed, the code already contains a (different) check that limits the value of "len".
CVE-2015-4017 (Salt before 2014.7.6 does not verify certificates when connecting via ...)
- salt <not-affected> (Vulnerable code not present in the version in Debian stable/unstable)
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/02/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/02/1
CVE-2015-3646 (OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014 ...)
- keystone 2015.1.0-1
[jessie] - keystone <no-dsa> (Minor issue)
@@ -17231,7 +17272,6 @@ CVE-2015-3457 (Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE
CVE-2015-3456 (The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and ear ...)
{DSA-3274-1 DSA-3262-1 DSA-3259-1 DLA-268-1 DLA-249-1 DLA-248-1}
- qemu 1:2.3+dfsg-3
- NOTE: qemu 1:2.3+dfsg-3 is pending in the NEW queue
[wheezy] - qemu 1.1.2+dfsg-6a+deb7u7
- qemu-kvm <removed>
[wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u7
@@ -17329,8 +17369,8 @@ CVE-2015-3412 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 do
- php5 5.6.9+dfsg-1
[jessie] - php5 5.6.9+dfsg-0+deb8u1
[wheezy] - php5 5.4.41-0+deb7u1
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=4435b9142ff9813845d5c97ab29a5d637bedb257
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4435b9142ff9813845d5c97ab29a5d637bedb257
NOTE: https://bugs.php.net/bug.php?id=69353
CVE-2015-3411 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does no ...)
{DLA-307-1}
@@ -17352,7 +17392,7 @@ CVE-2015-3420 (The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when S
[jessie] - dovecot 1:2.2.13-12~deb8u1
[wheezy] - dovecot <not-affected> (Problematic patch introducing the issue not applied)
[squeeze] - dovecot <not-affected> (Vulnerable code not present & not reproducible)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/26/3
NOTE: Patch: http://web.archive.org/web/20150907231530/http://hg.dovecot.org/dovecot-2.2/rev/86f535375750
NOTE: Segfault reproducible if using openssl/1.0.2a-1 from sid.
NOTE: http://dovecot.org/pipermail/dovecot/2015-April/100579.html
@@ -17365,7 +17405,7 @@ CVE-2015-3440 (Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php
- wordpress 4.2.1+dfsg-1 (bug #783554)
NOTE: http://klikki.fi/adv/wordpress2.html
NOTE: https://wordpress.org/news/2015/04/wordpress-4-2-1/
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/27/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/27/4
NOTE: https://core.trac.wordpress.org/changeset/32299
CVE-2015-XXXX [Some plugins were vulnerable to an SQL injection vulnerability]
- wordpress 4.2+dfsg-1 (bug #783347)
@@ -17373,17 +17413,17 @@ CVE-2015-XXXX [Some plugins were vulnerable to an SQL injection vulnerability]
[wheezy] - wordpress 3.6.1+dfsg-1~deb7u6
[squeeze] - wordpress 3.6.1+dfsg-1~deb6u6
NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/2
- NOTE: To be decided: http://www.openwall.com/lists/oss-security/2015/04/28/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/26/2
+ NOTE: To be decided: https://www.openwall.com/lists/oss-security/2015/04/28/7
CVE-2015-XXXX [files with invalid or unsafe names could be uploaded]
- wordpress 4.2+dfsg-1 (bug #783347)
[jessie] - wordpress 4.1+dfsg-1+deb8u1
[wheezy] - wordpress <not-affected> (File upload vulnerability only in WordPress 4.1 and higher)
[squeeze] - wordpress <not-affected> (File upload vulnerability only in WordPress 4.1 and higher)
NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/2
- NOTE: To be decided: http://www.openwall.com/lists/oss-security/2015/04/28/7
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/10/11
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/26/2
+ NOTE: To be decided: https://www.openwall.com/lists/oss-security/2015/04/28/7
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/06/10/11
CVE-2015-3439 (Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiec ...)
{DSA-3250-1 DLA-236-1}
- wordpress 4.2+dfsg-1 (bug #783347)
@@ -17397,7 +17437,7 @@ CVE-2015-3438 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
CVE-2015-3451 (The _clone function in XML::LibXML before 2.0119 does not properly set ...)
{DSA-3243-1 DLA-214-1}
- libxml-libxml-perl 2.0116+dfsg-2 (bug #783443)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/25/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/25/2
NOTE: https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30
NOTE: https://bitbucket.org/shlomif/perl-xml-libxml/commits/915f1dbaf21c5f3c21d7c519c70fd93859e47152
CVE-2015-3418 (The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserv ...)
@@ -17604,7 +17644,7 @@ CVE-2015-3339 (Race condition in the prepare_binprm function in fs/exec.c in the
- linux 3.16.7-ckt9-3
- linux-2.6 <removed>
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/20/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/20/1
CVE-2015-7942 (The xmlParseConditionalSections function in parser.c in libxml2 does n ...)
{DSA-3430-1 DLA-334-1}
- libxml2 2.9.3+dfsg1-1 (bug #802827)
@@ -17616,15 +17656,15 @@ CVE-2015-7941 (libxml2 2.9.2 does not properly stop parsing invalid input, which
{DSA-3430-1 DLA-266-1}
- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bug #783010)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=744980
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/19/5
- NOTE: http://www.openwall.com/lists/oss-security/2015/10/22/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/19/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/10/22/5
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (v2.9.3)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 (v2.9.3)
CVE-2015-8710 (The htmlParseComment function in HTMLparser.c in libxml2 allows attack ...)
{DSA-3430-1 DLA-266-1}
- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bug #782985)
NOTE: Added workaround item to reflect entry fixed status, remove once CVE assigned
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/19/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/04/19/4
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=746048
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c
CVE-2015-3328
@@ -17650,9 +17690,9 @@ CVE-2015-3330 (The php_handler function in sapi/apache2handler/sapi_apache2.c in
- php5 5.6.7+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69218
NOTE: https://bugs.php.net/bug.php?id=68486
- NOTE: Fixed by: http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/3
- NOTE: For details on scope of the CVE assignment: http://www.openwall.com/lists/oss-security/2015/04/17/7
+ NOTE: Fixed by: https://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/17/3
+ NOTE: For details on scope of the CVE assignment: https://www.openwall.com/lists/oss-security/2015/04/17/7
CVE-2015-3319 (Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly ...)
NOT-FOR-US: Hotspot Express hotEx Billing Manager
CVE-2015-3318 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
@@ -17673,13 +17713,13 @@ CVE-2015-3307 (The phar_parse_metadata function in ext/phar/phar.c in PHP before
{DSA-3280-1 DLA-307-1}
- php5 5.6.9+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69443
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae
CVE-2015-3329 (Multiple stack-based buffer overflows in the phar_set_inode function i ...)
{DSA-3280-1 DLA-212-1}
- php5 5.6.9+dfsg-1
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c
NOTE: https://bugs.php.net/bug.php?id=69441
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/16/22
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/16/22
NOTE: Fixed in 5.6.8 and 5.4.40
CVE-2015-3315 (Automatic Bug Reporting Tool (ABRT) allows local users to read, change ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
@@ -17879,7 +17919,7 @@ CVE-2015-3251 (Apache CloudStack before 4.5.2 might allow remote authenticated a
NOT-FOR-US: Apache CloudStack
CVE-2015-3250 (Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct ...)
- apache-directory-api 1.0.0~M20-3 (bug #791957)
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/07/5
CVE-2015-3249 (The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before ...)
- trafficserver 5.3.1-1
[wheezy] - trafficserver <not-affected> (HTTP2 support does not exist)
@@ -17983,7 +18023,7 @@ CVE-2015-3228 (Integer overflow in the gs_heap_alloc_bytes function in base/gsma
{DSA-3326-1 DLA-280-1}
- ghostscript 9.15~dfsg-1 (bug #793489)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696070
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859
NOTE: File to reproduce segfault with ps2pdf: http://bugs.ghostscript.com/attachment.cgi?id=11776
CVE-2015-3227 (The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby ...)
{DSA-3464-1 DLA-603-1}
@@ -18102,12 +18142,13 @@ CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows
{DSA-3286-1 DSA-3285-1 DSA-3284-1}
- qemu 1:2.3+dfsg-6 (bug #788460)
[wheezy] - qemu 1.1.2+dfsg-6a+deb7u8
+ [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <removed>
+ [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
- xen 4.4.0-1
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
+ - xen-qemu-dm-4.0 <removed>
[squeeze] - xen-qemu-dm-4.0 <end-of-life> (Not supported in Squeeze LTS)
- [squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://xenbits.xen.org/xsa/advisory-135.html
CVE-2015-3208 (XML external entity (XXE) vulnerability in the XPath selector componen ...)
@@ -18652,7 +18693,7 @@ CVE-2015-3306 (The mod_copy module in ProFTPD 1.3.5 allows remote attackers to r
{DSA-3263-1}
- proftpd-dfsg 1.3.5-2 (bug #782781)
[squeeze] - proftpd-dfsg <not-affected> (mod_copy not available in version 1.3.3)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/15/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/15/2
NOTE: https://github.com/proftpd/proftpd/pull/109
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4169
NOTE: https://cxsecurity.com/issue/WLB-2015040075
@@ -18661,7 +18702,7 @@ CVE-2015-3331 (The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-in
- linux 3.16.7-ckt9-3 (bug #782561)
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in v2.6.38-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/14/16
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/14/16
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccfe8c3f7e52ae83155cb038753f4c75b774ca8a (v4.0-rc5)
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0bd82f5f6355775fbaf7d3c664432ce1b862be1e (v2.6.38-rc1)
CVE-2015-3332 (A certain backport in the TCP Fast Open implementation for the Linux k ...)
@@ -18669,34 +18710,34 @@ CVE-2015-3332 (A certain backport in the TCP Fast Open implementation for the Li
[jessie] - linux 3.16.7-ckt9-3~deb8u1
[wheezy] - linux <not-affected> (TCP Fast Open introduced in v3.6-rc1)
- linux-2.6 <not-affected> (TCP Fast Open introduced in v3.6-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/14/14
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/14/14
NOTE: http://thread.gmane.org/gmane.linux.network/359588
CVE-2015-3310 (Buffer overflow in the rc_mksid function in plugins/radius/util.c in P ...)
{DSA-3228-1 DLA-205-1}
- ppp 2.4.6-3.1 (bug #782450)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/4
NOTE: Patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=ppp_2.4.6-3.1-nmu.diff;att=1;bug=782450
CVE-2015-5621 (The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlie ...)
{DSA-4154-1 DLA-1317-1}
- net-snmp 5.7.3+dfsg-1.1 (bug #788964)
[squeeze] - net-snmp <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/1
NOTE: Upstream patch: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
NOTE: https://sourceforge.net/p/net-snmp/bugs/2615/ (currently not public)
CVE-2015-4085 (Directory traversal vulnerability in node/hooks/express/tests.js in Et ...)
- etherpad-lite <itp> (bug #576998)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/11/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/11/10
CVE-2015-3297 (Directory traversal vulnerability in node/utils/Minify.js in Etherpad ...)
- etherpad-lite <itp> (bug #576998)
CVE-2015-3010 (ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.cl ...)
- ceph-deploy <not-affected> (Fixed with initial upload to Debian)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/9
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/09/9
CVE-2015-3405 (ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 d ...)
{DSA-3223-1 DLA-192-1}
- ntp 1:4.2.6.p5+dfsg-7
NOTE: https://bugs.ntp.org/show_bug.cgi?id=2797
NOTE: Patch: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/09/5
CVE-2015-3008 (Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x be ...)
{DSA-3700-1 DLA-455-1}
- asterisk 1:13.7.2~dfsg-1 (bug #782411)
@@ -18838,7 +18879,7 @@ CVE-2015-3026 (Icecast before 2.4.2, when a stream_auth handler is defined for U
[wheezy] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
[squeeze] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
NOTE: https://trac.xiph.org/ticket/2191
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/8
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/08/8
CVE-2015-3030 (The web interface in McAfee Advanced Threat Defense (MATD) before 3.4. ...)
NOT-FOR-US: McAfee Advanced Threat Defense
CVE-2015-3029 (The web interface in McAfee Advanced Threat Defense (MATD) before 3.4. ...)
@@ -18853,25 +18894,25 @@ CVE-2015-3406 (The PGP signature parsing in Module::Signature before 0.74 allows
{DSA-3261-1 DLA-264-1}
- libmodule-signature-perl 0.78-1 (bug #783451)
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/07/1
NOTE: Changes might needed in libtest-signature-perl, need further investigation
CVE-2015-3407 (Module::Signature before 0.74 allows remote attackers to bypass signat ...)
{DSA-3261-1 DLA-264-1}
- libmodule-signature-perl 0.78-1 (bug #783451)
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/07/1
NOTE: libtest-signature-perl needed to be updated
CVE-2015-3408 (Module::Signature before 0.74 allows remote attackers to execute arbit ...)
{DSA-3261-1 DLA-264-1}
- libmodule-signature-perl 0.78-1 (bug #783451)
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/07/1
NOTE: Changes might needed in libtest-signature-perl, need further investigation
CVE-2015-3409 (Untrusted search path vulnerability in Module::Signature before 0.75 a ...)
{DSA-3261-1 DLA-264-1}
- libmodule-signature-perl 0.78-1 (bug #783451)
NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/07/1
NOTE: Changes might needed in libtest-signature-perl, need further investigation
CVE-2015-2921
RESERVED
@@ -19049,12 +19090,12 @@ CVE-2015-2929 (The Hidden Service (HS) client implementation in Tor before 0.2.4
{DSA-3216-1 DLA-187-1}
- tor 0.2.5.12-1
NOTE: https://trac.torproject.org/projects/tor/ticket/15601
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/06/5
CVE-2015-2928 (The Hidden Service (HS) server implementation in Tor before 0.2.4.27, ...)
{DSA-3216-1 DLA-187-1}
- tor 0.2.5.12-1
NOTE: https://trac.torproject.org/projects/tor/ticket/15600
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/06/5
CVE-2015-2837
RESERVED
CVE-2015-2836
@@ -19072,12 +19113,12 @@ CVE-2015-2927 (node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to
[jessie] - node <no-dsa> (Minor issue)
[squeeze] - node <no-dsa> (Minor issue)
[wheezy] - node <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/03/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/03/10
CVE-2015-XXXX [caja automounts USB flash drives and CD/DVD drives while session is locked]
- caja 1.8.2-4 (bug #781608)
[jessie] - caja 1.8.2-3+deb8u1
NOTE: https://github.com/mate-desktop/caja/issues/398
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/03/12
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/04/03/12
CVE-2015-3013 (ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 ...)
{DSA-3244-1}
[experimental] - owncloud 7.0.5+dfsg-1
@@ -19174,12 +19215,12 @@ CVE-2015-2830 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does
- linux 3.16.7-ckt9-1
- linux-2.6 <removed>
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=956421fbb74c3a6261903f3836c0740187cf038b (v4.0-rc3)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/02/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/02/1
CVE-2015-XXXX [Signature Bypass in several JSON Web Token Libraries]
- pyjwt 1.3.0-1 (bug #781640)
[jessie] - pyjwt 0.2.1-1+deb8u1
NOTE: Added workaround item to reflect entry fixed status, remove once CVE assigned
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/01/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/04/01/4
NOTE: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
NOTE: ruby-jwt not directly affected, see https://github.com/jwt/ruby-jwt/issues/76
CVE-2015-2810 (Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Off ...)
@@ -19202,7 +19243,7 @@ CVE-2015-2831 (Buffer overflow in das_watchdog 0.9.0 allows local users to execu
{DSA-3221-1 DLA-194-1}
- das-watchdog 0.9.0-3.1 (bug #781806)
NOTE: Upstream commit: https://github.com/kmatheussen/das_watchdog/commit/bd20bb02e75e2c
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/8
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/8
CVE-2015-2805 (Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa ...)
NOT-FOR-US: Alcatel-Lucent OmniSwitch
CVE-2015-2804 (The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, ...)
@@ -19243,71 +19284,71 @@ CVE-2015-2931 (Incomplete blacklist vulnerability in includes/upload/UploadBase.
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2932 (Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x b ...)
- mediawiki 1:1.19.20+dfsg-2.3
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2933 (Cross-site scripting (XSS) vulnerability in the Html class in MediaWik ...)
- mediawiki 1:1.19.20+dfsg-2.3
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2934 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
- mediawiki 1:1.19.20+dfsg-2.3
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2935 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
- mediawiki 1:1.19.20+dfsg-2.3
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2936 (MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing ...)
- mediawiki 1:1.19.20+dfsg-2.3
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2937 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
- mediawiki 1:1.19.20+dfsg-2.3
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2938 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, ...)
- mediawiki 1:1.19.20+dfsg-2.3
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2939 (Cross-site scripting (XSS) vulnerability in the Scribunto extension fo ...)
- mediawiki 1:1.19.20+dfsg-2.3
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2940 (Cross-site request forgery (CSRF) vulnerability in the CheckUser exten ...)
- mediawiki 1:1.19.20+dfsg-2.3
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2941 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, ...)
- mediawiki 1:1.19.20+dfsg-2.3 (unimportant)
NOTE: HHVM not packaged in Debian
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2942 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
- mediawiki 1:1.19.20+dfsg-2.3 (unimportant)
NOTE: HHVM not packaged in Debian
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 h ...)
NOT-FOR-US: MyBB
CVE-2015-2784 (The papercrop gem before 0.3.0 for Ruby on Rails does not properly han ...)
@@ -19316,7 +19357,7 @@ CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.
{DSA-3280-1 DLA-212-1}
- php5 5.6.9+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69324
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae
NOTE: Fixed in 5.6.8 and 5.4.40
CVE-2015-2781 (Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi i ...)
NOT-FOR-US: Hotspot Express hotEx Billing Manager
@@ -19371,14 +19412,14 @@ CVE-2015-2793 (Cross-site scripting (XSS) vulnerability in templates/openid-sele
- ikiwiki 3.20141016.2 (bug #781483)
[wheezy] - ikiwiki 3.20120629.2
[squeeze] - ikiwiki <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/30/5
CVE-2015-2806 (Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4. ...)
{DSA-3220-1 DLA-195-1}
[experimental] - libtasn1-6 4.4-1
- libtasn1-6 4.2-3
- libtasn1-3 <removed>
NOTE: https://gitlab.com/gnutls/libtasn1/commit/4d4f992826a4962790ecd0cce6fbba4a415ce149
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/4
NOTE: Only in the asn1 definition parser, not in the asn1 parser itself
NOTE: https://lists.gnu.org/archive/html/help-libtasn1/2015-01/msg00000.html
CVE-2015-2787 (Use-after-free vulnerability in the process_nested_data function in ex ...)
@@ -19388,7 +19429,7 @@ CVE-2015-2787 (Use-after-free vulnerability in the process_nested_data function
CVE-2015-2782 (Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote atta ...)
{DSA-3213-1 DLA-188-1}
- arj 3.10.22-13 (bug #774015)
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/28/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/28/5
CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict a ...)
{DSA-3259-1 DLA-479-1}
- xen 4.2.0~rc2-1 (bug #781620)
@@ -20530,35 +20571,35 @@ CVE-2015-6674 (Buffer underflow vulnerability in the Debian inspircd package bef
{DSA-3226-1 DLA-276-1}
- inspircd 2.0.16-1 (bug #780880)
NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/5
CVE-2015-2788 (Multiple stack-based buffer overflows in the ib_fill_isqlda function i ...)
{DSA-3219-1}
- libdbd-firebird-perl 1.18-2 (bug #780925)
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/30/4
CVE-2015-4148 (The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5 ...)
{DLA-307-1}
- php5 5.6.7+dfsg-1
[wheezy] - php5 5.4.39-0+deb7u1
NOTE: https://bugs.php.net/bug.php?id=69085
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/14
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/20/14
CVE-2015-4147 (The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, ...)
{DLA-307-1}
- php5 5.6.7+dfsg-1
[wheezy] - php5 5.4.39-0+deb7u1
NOTE: https://bugs.php.net/bug.php?id=69085
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/14
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/20/14
CVE-2015-2779 (Stack consumption vulnerability in the message splitting functionality ...)
- quassel 1:0.10.0-2.3 (bug #781024)
[wheezy] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.8)
[squeeze] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.6)
NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/20/12
CVE-2015-2778 (Quassel before 0.12-rc1 uses an incorrect data-type size when splittin ...)
- quassel 1:0.10.0-2.3 (bug #781024)
[wheezy] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.8)
[squeeze] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.6)
NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/20/12
CVE-2015-2348 (The move_uploaded_file implementation in ext/standard/basic_functions. ...)
{DSA-3198-1 DLA-444-1}
- php5 5.6.7+dfsg-1
@@ -20616,7 +20657,7 @@ CVE-2015-2749 (Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x bef
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2015-001
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/19/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/19/5
CVE-2015-2329 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin bef ...)
NOT-FOR-US: WooCommerce plugin for WordPress
CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...)
@@ -20630,7 +20671,7 @@ CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and rel
[squeeze] - pcre3 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=1515
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1498
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/31/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/31/4
CVE-2015-2327 (PCRE before 8.36 mishandles the /(((a\2)|(a*)\g&lt;-1&gt;))*/ pattern ...)
- mongodb <removed> (unimportant)
NOTE: CVE for bundled version of pcre3 in mongodb
@@ -20642,7 +20683,7 @@ CVE-2015-2327 (PCRE before 8.36 mishandles the /(((a\2)|(a*)\g&lt;-1&gt;))*/ pat
[squeeze] - pcre3 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=1503
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1495
- NOTE: http://www.openwall.com/lists/oss-security/2015/05/31/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/05/31/5
CVE-2015-2326 (The pcre_compile2 function in PCRE before 8.37 allows context-dependen ...)
- pcre3 2:8.35-7.2 (bug #783285)
[jessie] - pcre3 2:8.35-3.3+deb8u1
@@ -20697,7 +20738,7 @@ CVE-2015-2666 (Stack-based buffer overflow in the get_matching_model_microcode f
- linux-2.6 <not-affected> (Introduced in 3.9)
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec400ddeff200b068ddc6c70f7321f49ecf32ed5 (v3.9-rc1)
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 (v4.0-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/18/7
CVE-2015-2684 (Shibboleth Service Provider (SP) before 2.5.4 allows remote authentica ...)
{DSA-3207-1 DLA-259-1}
- shibboleth-sp2 2.5.3+dfsg-2
@@ -20707,7 +20748,7 @@ CVE-2015-2672 (The xsave/xrstor implementation in arch/x86/include/asm/xsave.h i
- linux-2.6 <not-affected>
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324 (v3.17-rc1)
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 (v4.0-rc3)
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/18/6
CVE-2015-2331 (Integer overflow in the _zip_cdir_new function in zip_dirent.c in libz ...)
{DSA-3198-1 DLA-212-1}
- php5 5.6.7+dfsg-1 (bug #780713)
@@ -20716,7 +20757,7 @@ CVE-2015-2331 (Integer overflow in the _zip_cdir_new function in zip_dirent.c in
[squeeze] - libzip <not-affected> (Vulnerable code introduced with added Zip64 support in 0.11)
NOTE: https://bugs.php.net/bug.php?id=69253
NOTE: https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/18/1
NOTE: libzip patch: http://hg.nih.at/libzip/rev/9f11d54f692e
CVE-2015-2330 (Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows ...)
- webkitgtk 2.4.9-1 (unimportant)
@@ -20786,7 +20827,7 @@ CVE-2015-8903 (The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x
- imagemagick 8:6.8.9.9-6 (low)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
[squeeze] - imagemagick <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/20/4
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
NOTE: http://web.archive.org/web/20150428140926/http://trac.imagemagick.org/changeset/17856
CVE-2015-8902 (The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6. ...)
@@ -20795,7 +20836,7 @@ CVE-2015-8902 (The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x befo
- imagemagick 8:6.8.9.9-6 (low)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
[squeeze] - imagemagick <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/20/4
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
NOTE: http://web.archive.org/web/20150428145652/http://trac.imagemagick.org/changeset/17855
CVE-2015-8901 (ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a ...)
@@ -20804,7 +20845,7 @@ CVE-2015-8901 (ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to ca
- imagemagick 8:6.8.9.9-6
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
[squeeze] - imagemagick <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/20/4
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
CVE-2015-8900 (The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x a ...)
{DLA-960-1}
@@ -20812,7 +20853,7 @@ CVE-2015-8900 (The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and
- imagemagick 8:6.8.9.9-6
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
[squeeze] - imagemagick <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/20/4
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
NOTE: http://web.archive.org/web/20150501030131/http://trac.imagemagick.org/changeset/17845
NOTE: http://web.archive.org/web/20150429001241/http://trac.imagemagick.org/changeset/17846
@@ -20844,7 +20885,7 @@ CVE-2015-2674 (Restkit allows man-in-the-middle attackers to spoof TLS servers b
[wheezy] - python-restkit <ignored> (Minor issue)
[squeeze] - python-restkit <no-dsa> (Minor issue)
NOTE: https://github.com/benoitc/restkit/issues/140
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/12/9
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/12/9
CVE-2015-2283
RESERVED
CVE-2015-2282 (Stack-based buffer overflow in the LZC decompression implementation (C ...)
@@ -20951,13 +20992,13 @@ CVE-2015-2301 (Use-after-free vulnerability in the phar_rename_archive function
{DSA-3198-1 DLA-212-1}
- php5 5.6.6+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68901
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/10/6
CVE-2015-2265 (The remove_bad_chars function in utils/cups-browsed.c in cups-filters ...)
- cups-filters 1.0.61-5 (bug #780267)
[wheezy] - cups-filters <not-affected> (vulnerable code not present)
NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1265
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/09/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/09/5
CVE-2015-2241 (Cross-site scripting (XSS) vulnerability in the contents function in a ...)
- python-django 1.7.6-1
[wheezy] - python-django <not-affected> (Only affects 1.7.x and 1.8.x)
@@ -21086,7 +21127,7 @@ CVE-2015-2675 (The OAuth implementation in librest before 0.7.93 incorrectly tru
[squeeze] - librest <not-affected> (rest_proxy_call_get_url not yet used)
NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644
NOTE: Commit: https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/04/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/04/6
CVE-2015-2204 (Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 all ...)
NOT-FOR-US: Evergreen library
CVE-2015-2203 (Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users wi ...)
@@ -21193,10 +21234,10 @@ CVE-2015-2156 (Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x befor
- netty 1:4.0.31-1 (bug #796114)
[jessie] - netty <ignored> (Minor issue, invasive patch)
[wheezy] - netty <no-dsa> (Minor issue)
+ [squeeze] - netty <no-dsa> (Minor issue)
- netty-3.9 3.9.9.Final-1 (bug #793770)
[jessie] - netty-3.9 <ignored> (Minor issue, invasive patch)
- playframework <itp> (bug #646523)
- [squeeze] - netty <no-dsa> (Minor issue)
NOTE: http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html
NOTE: https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass
NOTE: http://web.archive.org/web/20150925094949/http://engineering.linkedin.com/security/look-netty%E2%80%99s-recent-security-update-cve%C2%AD-2015%C2%AD-2156
@@ -21356,7 +21397,7 @@ CVE-2015-XXXX [MATTA-2015-002: Enforce acceptable range for Diffie-Hellman serve
[wheezy] - putty 0.62-9+deb7u2
[squeeze] - putty 0.60+2010-02-20-1+squeeze3
NOTE: temporary workaround until CVE assigned to explitly tag for wheezy+squeeze
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/27/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/27/4
NOTE: http://advisories.mageia.org/MGASA-2015-0098.html
CVE-2015-2172 (DokuWiki before 2014-05-05d and before 2014-09-29c does not properly c ...)
- dokuwiki 0.0.20140929.d-1 (bug #779547)
@@ -21370,17 +21411,17 @@ CVE-2015-2158 (Off-by-one error in the pngcrush_measure_idat function in pngcrus
- pngcrush <not-affected> (Vulnerable code not present)
NOTE: Introduced by http://sourceforge.net/p/pmt/code/ci/e1a36a9639e2db16494d90459c7c2b78677a20bf/ (1.7.83)
NOTE: Fixed by: http://sourceforge.net/p/pmt/code/ci/a1ce646d00a400fd9ec321ab5cb522f40b7bdfe6/ (1.7.84)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/28/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/28/6
CVE-2015-2157 (The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY ...)
{DSA-3190-1 DLA-173-1}
- putty 0.63-10 (bug #779488)
NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
-CVE-2015-2100
- RESERVED
-CVE-2015-2099
- RESERVED
-CVE-2015-2098
- RESERVED
+CVE-2015-2100 (Multiple stack-based buffer overflows in WebGate eDVR Manager and Cont ...)
+ NOT-FOR-US: eDVR Manager and Control Center
+CVE-2015-2099 (Multiple buffer overflows in WebGate Control Center allow remote attac ...)
+ NOT-FOR-US: WebGate Control Center
+CVE-2015-2098 (Multiple stack-based buffer overflows in WebGate eDVR Manager allow re ...)
+ NOT-FOR-US: WebGate eDVR Manager
CVE-2015-2097 (Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) ...)
NOT-FOR-US: WESP SDK
CVE-2015-2096 (Use-after-free vulnerability in the Connect function in the WESPMonito ...)
@@ -21426,7 +21467,7 @@ CVE-2015-8984 (The fnmatch function in the GNU C Library (aka glibc or libc6) be
[wheezy] - eglibc 2.13-38+deb7u9
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18032
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/26/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/26/5
CVE-2015-2079
RESERVED
CVE-2015-2078 (The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft ...)
@@ -21437,10 +21478,10 @@ CVE-2015-2076 (The Auditing service in SAP BusinessObjects Edge 4.0 allows remot
NOT-FOR-US: SAP
CVE-2015-2075 (SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit e ...)
NOT-FOR-US: SAP
-CVE-2015-2074
- RESERVED
-CVE-2015-2073
- RESERVED
+CVE-2015-2074 (The File Repository Server (FRS) CORBA listener in SAP BussinessObject ...)
+ NOT-FOR-US: SAP
+CVE-2015-2073 (The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObject ...)
+ NOT-FOR-US: SAP
CVE-2015-2072 (Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1. ...)
NOT-FOR-US: SAP
CVE-2015-2071 (Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouc ...)
@@ -21514,7 +21555,7 @@ CVE-2015-8983 (Integer overflow in the _IO_wstr_overflow function in libio/wstro
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17269
NOTE: Fixed upstream in 2.22
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/22/15
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/22/15
CVE-2015-8477 (Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allow ...)
- redmine 3.0~20140825-5 (low)
[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
@@ -21880,7 +21921,7 @@ CVE-2015-1872 (The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmp
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <removed>
[wheezy] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037
CVE-2015-1871
RESERVED
CVE-2015-1870 (The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-re ...)
@@ -21981,7 +22022,7 @@ CVE-2015-1852 (The s3_token middleware in OpenStack keystonemiddleware before 1.
CVE-2015-1851 (OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 ...)
{DSA-3292-1}
- cinder 2015.1.0+2015.06.16.git26.9634b76ba5-1 (bug #788996)
- NOTE: http://www.openwall.com/lists/oss-security/2015/06/13/1
+ NOTE: https://www.openwall.com/lists/oss-security/2015/06/13/1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1231817
NOTE: https://bugs.launchpad.net/cinder/+bug/1415087
CVE-2015-1850
@@ -22057,13 +22098,13 @@ CVE-2015-1827 (The get_user_grouplist function in the extdom plug-in in FreeIPA
- freeipa <not-affected> (Only affects 4.1, see bug #781224)
NOTE: https://fedorahosted.org/freeipa/ticket/4908
CVE-2015-1826
- RESERVED
+ REJECTED
CVE-2015-1825
- RESERVED
+ REJECTED
CVE-2015-1824
- RESERVED
+ REJECTED
CVE-2015-1823
- RESERVED
+ REJECTED
CVE-2015-1822 (chrony before 1.31.1 does not initialize the last "next" pointer when ...)
{DSA-3222-1 DLA-193-1}
- chrony 1.30-2 (bug #782160)
@@ -22609,7 +22650,7 @@ CVE-2015-XXXX [incorrect memory management in Gtk2::Gdk::Display::list_devices]
NOTE: CVE needs to be added to data/D[SL]A/list
NOTE: https://mail.gnome.org/archives/gtk-perl-list/2015-January/msg00039.html
NOTE: https://bugs.mageia.org/show_bug.cgi?id=15173
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/20/14
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/20/14
CVE-2015-XXXX [Linux ASLR mmap weakness: Reducing entropy by half]
- linux 4.0.2-1
[jessie] - linux 3.16.7-ckt17-1
@@ -22626,7 +22667,7 @@ CVE-2015-2060 (cabextract before 1.6 does not properly check for leading slashes
[jessie] - cabextract <no-dsa> (Minor issue)
[wheezy] - cabextract <no-dsa> (Minor issue)
[squeeze] - cabextract <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/18/3
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/18/3
NOTE: Upstream commit: http://sourceforge.net/p/libmspack/code/217
NOTE: CVE assigned for issue were path traversal occurs because the unpatched
NOTE: code does neither of the following: 1) checking for slashes after decoding
@@ -22637,7 +22678,7 @@ CVE-2015-2297 (nanohttp in libcsoap allows remote attackers to cause a denial of
[squeeze] - libcsoap <no-dsa> (Minor issue)
[wheezy] - libcsoap <no-dsa> (Minor issue)
NOTE: CVE assigned only for the null pointer dereference, not all issues in
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/17/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/17/2
CVE-2015-2091 (The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earl ...)
{DSA-3177-1 DLA-170-1}
- mod-gnutls 0.6-1.3 (bug #578663)
@@ -22711,7 +22752,7 @@ CVE-2015-1592 (Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro
- movabletype-opensource <removed>
[squeeze] - movabletype-opensource <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/12/2
CVE-2015-1572 (Heap-based buffer overflow in closefs.c in the libext2fs library in e2 ...)
{DSA-3166-1 DLA-162-1}
- e2fsprogs 1.42.12-1.1 (bug #778948)
@@ -22767,7 +22808,7 @@ CVE-2015-2305 (Integer overflow in the regcomp implementation in the Henry Spenc
NOTE: No security impact in nvi/vigor and openrpt
NOTE: http://www.kb.cert.org/vuls/id/695940
NOTE: https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/16/8
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/16/8
CVE-2015-XXXX [insecure storage of password in the NUT-monitor app]
- nut 2.7.2-2 (low; bug #777706)
[wheezy] - nut <no-dsa> (Minor issue)
@@ -22776,8 +22817,7 @@ CVE-2015-1881 (OpenStack Image Registry and Delivery Service (Glance) 2014.2 thr
- glance <not-affected> (Only affects 2014.2.x releases, only present in experimental)
[wheezy] - glance <not-affected> (Vulnerable code not present)
NOTE: https://review.openstack.org/#/c/156553
-CVE-2015-1877 [command injection vulnerability]
- RESERVED
+CVE-2015-1877 (The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 ...)
{DSA-3165-1 DLA-217-1}
- xdg-utils 1.1.0~rc1+git20111210-7.4 (bug #777722)
CVE-2015-1568 (Cross-site request forgery (CSRF) vulnerability in the GD Infinite Scr ...)
@@ -22954,7 +22994,7 @@ CVE-2015-2046 (Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and l
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: Upstream patch: https://github.com/mantisbt/mantisbt/commit/6defeed5 (1.2.x)
NOTE: https://www.mantisbt.org/bugs/view.php?id=19301
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/10
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/09/10
NOTE: CVE for specific portion of the original May 2014 adm_config_report.php discovery
NOTE: that remains present in version 1.2.18 and 1.2.19
CVE-2015-XXXX [fails to detect silent driver failure to change MAC]
@@ -22965,17 +23005,17 @@ CVE-2015-9101 (The fill_buffer_resample function in util.c in libmp3lame.a in LA
- lame 3.99.5+repack1-6 (bug #777161)
[wheezy] - lame 3.99.5+repack1-3+deb7u1
[squeeze] - lame <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/12/8
CVE-2015-9100 (The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3. ...)
- lame 3.99.5+repack1-6 (bug #777160)
[wheezy] - lame 3.99.5+repack1-3+deb7u1
[squeeze] - lame <no-dsa> (minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/12/8
CVE-2015-9099 (The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 ...)
- lame 3.99.5+repack1-6 (bug #775959)
[wheezy] - lame 3.99.5+repack1-3+deb7u1
[squeeze] - lame <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/12/8
CVE-2015-XXXX [denial of service under memory stress]
- libhtp 1:0.5.25-1 (bug #777522)
[squeeze] - libhtp <no-dsa> (Minor issue)
@@ -22984,11 +23024,11 @@ CVE-2015-XXXX [denial of service under memory stress]
CVE-2015-2058 (c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates dat ...)
- jabberd2 2.3.3-1 (bug #779154)
NOTE: https://github.com/jabberd2/jabberd2/issues/85
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/09/13
CVE-2015-2059 (The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in ...)
{DSA-3578-1 DLA-476-1 DLA-277-1}
- libidn 1.31-1 (medium)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/23/25
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/23/25
NOTE: Patch: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c2796581c27213962c77f5a8571a598f9a2e
NOTE: This could be attributed to a misuse of a (poorly documented) API
NOTE: but since upstream provided a patch it makes more sense to fix
@@ -23009,20 +23049,20 @@ CVE-2015-1546 (Double free vulnerability in the get_vrFilter function in servers
CVE-2015-2785 (The GIF encoder in Byzanz allows remote attackers to cause a denial of ...)
- byzanz <unfixed> (unimportant; bug #778261)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=852481
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/11
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/11
NOTE: Only applies to debug recordings, negligable security impact
CVE-2015-8837 (Stack-based buffer overflow in the isofs_real_readdir function in isof ...)
{DSA-3551-1 DLA-323-1}
- fuseiso 20070708-3.2 (bug #779047)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=863091
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862211
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/7
CVE-2015-8836 (Integer overflow in the isofs_real_read_zf function in isofs.c in Fuse ...)
{DSA-3551-1 DLA-323-1}
- fuseiso 20070708-3.2 (bug #779047)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=863102
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=861358
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/7
CVE-2015-1547 (The NeXTDecode function in tif_next.c in LibTIFF allows remote attacke ...)
{DSA-3273-1 DLA-610-1 DLA-221-1}
- tiff 4.0.3-12.1 (bug #777390)
@@ -23156,21 +23196,21 @@ CVE-2015-XXXX [Invalid read in ensure_filepath]
- cabextract 1.4-5
[wheezy] - cabextract <no-dsa> (Minor issue)
[squeeze] - cabextract <no-dsa> (Minor issue)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/03/12
NOTE: Starting with 1.4-5 cabextract uses the mspack system library
CVE-2015-XXXX [Invalid read in create_output_name]
- libmspack 0.5-1
- cabextract 1.4-5
[wheezy] - cabextract <no-dsa> (Minor issue)
[squeeze] - cabextract <no-dsa> (Minor issue)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/03/12
NOTE: Starting with 1.4-5 cabextract uses the mspack system library
CVE-2015-1465 (The IPv4 implementation in the Linux kernel before 3.18.8 does not pro ...)
- linux 3.16.7-ckt7-1
[wheezy] - linux <not-affected> (Introduced in 3.16)
- linux-2.6 <not-affected> (Introduced in 3.16)
NOTE: Upstream patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df4d92549f23e1c037e83323aff58a21b3de7fe0 (v3.19-rc7)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/02/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/02/2
CVE-2015-1473 (The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka gli ...)
{DSA-3169-1 DLA-165-1}
- glibc 2.19-15 (bug #777197)
@@ -23219,7 +23259,7 @@ CVE-2015-1430 (Buffer overflow in xymon 4.3.17-1. ...)
[squeeze] - xymon <not-affected> (Vulnerable code not present)
[wheezy] - xymon <not-affected> (Vulnerable code not present)
NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/
- NOTE: http://www.openwall.com/lists/oss-security/2015/01/30/17
+ NOTE: https://www.openwall.com/lists/oss-security/2015/01/30/17
CVE-2015-1425 (JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities ...)
NOT-FOR-US: JAKWEB Gecko CMS
CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2 ...)
@@ -23236,7 +23276,7 @@ CVE-2015-1589 (Directory traversal vulnerability in arCHMage 0.2.4 allows remote
- archmage 1:0.2.4-4 (bug #776164)
[squeeze] - archmage <no-dsa> (Minor issue)
[wheezy] - archmage <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/9
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/12/9
CVE-2015-1419 (Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote at ...)
- vsftpd 3.0.2-18 (unimportant; bug #776922)
[jessie] - vsftpd 3.0.2-17+deb8u1
@@ -23249,7 +23289,7 @@ CVE-2015-1417 (The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BET
NOTE: kfreebsd not covered by security support in Jessie
CVE-2015-1416 (Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 ...)
- patch 2.5-1
- NOTE: http://www.openwall.com/lists/oss-security/2015/08/02/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/08/02/6
NOTE: CVE assignment applies as well to GNU patch before 2.3 and 2.2.5
CVE-2015-1415 (The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configur ...)
NOT-FOR-US: FreeBSD installer
@@ -23538,7 +23578,7 @@ CVE-2015-1379 (The signal handler implementations in socat before 1.7.3.0 and 2.
- socat 1.7.2.4-2 (bug #776234)
[wheezy] - socat <no-dsa> (Minor issue)
[squeeze] - socat <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/6
+ NOTE: https://www.openwall.com/lists/oss-security/2015/01/24/6
NOTE: Upstream advisory: http://www.dest-unreach.org/socat/contrib/socat-secadv6.txt
CVE-2015-1378 (cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68 ...)
- grml-debootstrap 0.68.1 (low; bug #776502)
@@ -23551,7 +23591,7 @@ CVE-2015-1395 (Directory traversal vulnerability in GNU patch versions which sup
[wheezy] - patch <not-affected> (Support for git-style patches added in 2.7)
[squeeze] - patch <not-affected> (Support for git-style patches added in 2.7)
NOTE: Upstream report: https://savannah.gnu.org/bugs/?44059
- NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/01/24/2
CVE-2015-1370 (Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Nod ...)
- node-marked 0.3.6+dfsg-1 (unimportant)
NOTE: https://nodesecurity.io/advisories/marked_vbscript_injection
@@ -24036,12 +24076,12 @@ CVE-2015-1209 (Use-after-free vulnerability in the VisibleSelection::nonBoundary
[squeeze] - chromium-browser <end-of-life>
CVE-2015-1208 (Integer underflow in the mov_read_default function in libavformat/mov. ...)
- ffmpeg 7:2.5.3-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3ebd76a9c57558e284e94da367dd23b435e6a6d0
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3ebd76a9c57558e284e94da367dd23b435e6a6d0
CVE-2015-1207 (Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chr ...)
{DLA-1654-1}
- ffmpeg 7:2.6.1-1
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75
CVE-2015-1206 (Heap-based buffer overflow in Google Chrome before M40 allows remote a ...)
- chromium-browser 40.0.2214.91-1
[wheezy] - chromium-browser <end-of-life>
@@ -24106,19 +24146,19 @@ CVE-2015-1161
CVE-2015-1396 (A Directory Traversal vulnerability exists in the GNU patch before 2.7 ...)
- patch 2.7.3-1 (bug #775901)
[wheezy] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied)
- [squeeze] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied)
- NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/3
+ [squeeze] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied)
+ NOTE: https://www.openwall.com/lists/oss-security/2015/01/24/3
CVE-2015-1353
REJECTED
CVE-2015-4471 (Off-by-one error in the lzxd_decompress function in lzxd.c in libmspac ...)
- libmspack 0.5-1 (bug #775499)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-4470 (Off-by-one error in the inflate function in mszipd.c in libmspack befo ...)
- libmspack 0.5-1 (bug #775498)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-4472 (Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack befor ...)
- libmspack 0.5-1 (bug #775687)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-1591 (The kamailio build in kamailio before 4.2.0-2 process allows local use ...)
- kamailio 4.2.0-2 (bug #775681)
NOTE: https://github.com/kamailio/kamailio/issues/48
@@ -24405,7 +24445,7 @@ CVE-2015-1051 (Open redirect vulnerability in the Context UI module in the Conte
CVE-2015-2304 (Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 a ...)
{DSA-3180-1 DLA-166-1}
- libarchive 3.1.2-11 (bug #778266)
- NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/7
+ NOTE: https://www.openwall.com/lists/oss-security/2015/01/16/7
NOTE: Patch: https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526
CVE-2015-1200 (Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for t ...)
- pxz 4.999.99~beta3+git659fc9b-3 (bug #775306)
@@ -24458,9 +24498,7 @@ CVE-2015-1034
CVE-2015-1033
RESERVED
CVE-2015-1032 (Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when u ...)
- - kiwix <removed>
- NOTE: actually RFP again, but was removed from the archive on 2014-09-25
- NOTE: See https://bugs.debian.org/763321
+ - kiwix 2.0.4-1
CVE-2015-1029 (The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x b ...)
- puppet-module-puppetlabs-stdlib 4.9.0-1 (bug #775535)
[jessie] - puppet-module-puppetlabs-stdlib <not-affected> (The jessie version of facter is recent enough)
@@ -24706,8 +24744,8 @@ CVE-2015-5700 (mktexlsr revision 22855 through revision 36625 as packaged in tex
- texlive-bin 2014.20140926.35254-5 (bug #775139)
[wheezy] - texlive-bin <no-dsa> (Minor issue)
[squeeze] - texlive-bin <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/23/22
- NOTE: http://www.openwall.com/lists/oss-security/2015/07/28/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/23/22
+ NOTE: https://www.openwall.com/lists/oss-security/2015/07/28/5
NOTE: https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
CVE-2015-1196 (GNU patch 2.7.1 allows remote attackers to write to arbitrary files vi ...)
- patch 2.7.1-7 (bug #775227)
@@ -24843,7 +24881,7 @@ CVE-2015-0881 (CRLF injection vulnerability in Squid before 3.1.1 allows remote
[squeeze] - squid <no-dsa> (Minor issue)
[wheezy] - squid <no-dsa> (Minor issue)
- squid3 3.1.1-1
- NOTE: http://www.openwall.com/lists/oss-security/2015/03/01/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/03/01/2
NOTE: Patch: http://www.squid-cache.org/Versions/v3/3.1/changesets/b9619.patch
NOTE: https://jvn.jp/en/jp/JVN64455813/index.html
CVE-2015-0880 (Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attacker ...)
@@ -25666,13 +25704,13 @@ CVE-2015-1352 (The build_tablename function in pgsql.c in the PostgreSQL (aka pg
- php5 5.6.6+dfsg-2 (bug #777036)
[squeeze] - php5 <not-affected> (vulnerable code (build_tablename()) introduced later)
NOTE: https://bugs.php.net/bug.php?id=68741
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e
CVE-2015-1351 (Use-after-free vulnerability in the _zend_shared_memdup function in ze ...)
- php5 5.6.6+dfsg-2 (bug #777033)
[squeeze] - php5 <not-affected> (opcache introduced in 5.5)
[wheezy] - php5 <not-affected> (opcache introduced in 5.5)
NOTE: https://bugs.php.net/bug.php?id=68677
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115
CVE-2015-XXXX [insecure keyring handling]
- weboob 1.0-3 (low; bug #774838)
[wheezy] - weboob <no-dsa> (Minor issue)
@@ -25702,13 +25740,13 @@ CVE-2015-1197 (cpio 2.11, when using the --no-absolute-filenames option, allows
NOTE: Regression in upstream's handling of patch https://bugs.debian.org/946267
CVE-2015-4469 (The chmd_read_headers function in chmd.c in libmspack before 0.5 does ...)
- libmspack 0.4-3 (bug #774726)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-4468 (Multiple integer overflows in the search_chunk function in chmd.c in l ...)
- libmspack 0.4-3 (bug #774726)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-4467 (The chmd_init_decomp function in chmd.c in libmspack before 0.5 does n ...)
- libmspack 0.4-3 (bug #774725)
- NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
+ NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-9275 (ARC 5.21q allows directory traversal via a full pathname in an archive ...)
- arc 5.21q-6 (low; bug #774527)
[stretch] - arc 5.21q-4+deb9u1
@@ -25720,7 +25758,7 @@ CVE-2015-XXXX [saves unknown host's fingerprint in known_hosts without any promp
[jessie] - lftp 4.6.0-1+deb8u1
[squeeze] - lftp <no-dsa> (Minor issue)
[wheezy] - lftp <no-dsa> (Minor issue)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/12/10
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/03/12/10
CVE-2015-0564 (Buffer underflow in the ssl_decrypt_record function in epan/dissectors ...)
{DSA-3141-1 DLA-198-1}
- wireshark 1.12.1+g01b65bf-3 (bug #776135)
@@ -25771,13 +25809,6 @@ CVE-2015-XXXX [Zoo directory traversal]
[wheezy] - zoo <no-dsa> (Minor issue)
[squeeze] - zoo <no-dsa> (Minor issue)
NOTE: CVE Request: https://marc.info/?l=oss-security&m=142024361327375&w=2
-CVE-2015-XXXX [buffer over-read]
- - arc <unfixed> (low; bug #774439)
- [buster] - arc <ignored> (Minor issue)
- [stretch] - arc <ignored> (Minor issue)
- [jessie] - arc <ignored> (Minor issue)
- [wheezy] - arc <no-dsa> (Minor issue)
- [squeeze] - arc <no-dsa> (Minor issue)
CVE-2015-0557 (Open-source ARJ archiver 3.10.22 does not properly remove leading slas ...)
{DSA-3213-1 DLA-188-1}
- arj 3.10.22-13 (low; bug #774435)
@@ -25969,7 +26000,7 @@ CVE-2015-0480 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, a
- openjdk-8 8u45-b14-1
- openjdk-7 7u79-2.5.5-1 (bug #774953)
- openjdk-6 6b35-1.13.7-1
- NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/2
+ NOTE: https://www.openwall.com/lists/oss-security/2015/01/16/2
CVE-2015-0479 (Unspecified vulnerability in the XDK and XDB - XML Database component ...)
NOT-FOR-US: Oracle
CVE-2015-0478 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u ...)
@@ -26436,7 +26467,7 @@ CVE-2015-0302 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before
CVE-2015-0301 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0 ...)
NOT-FOR-US: Adobe Flash Player
CVE-2015-0300
- RESERVED
+ REJECTED
CVE-2015-0299 (Multiple cross-site scripting (XSS) vulnerabilities in Open Source Poi ...)
NOT-FOR-US: Open Source Point of Sale
CVE-2015-0298 (Cross-site scripting (XSS) vulnerability in the manager web interface ...)
@@ -26524,8 +26555,8 @@ CVE-2015-0273 (Multiple use-after-free vulnerabilities in ext/date/php_date.c in
{DSA-3195-1}
- php5 5.6.6+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68942
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c377f1a715476934133f3254d1e0d4bf3743e2d2
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c377f1a715476934133f3254d1e0d4bf3743e2d2
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24
CVE-2015-0272 (GNOME NetworkManager allows remote attackers to cause a denial of serv ...)
- network-manager 1.0.4-1
[jessie] - network-manager <no-dsa> (Will be fixed on the kernel side)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index c45be144ff..d7e669870d 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,3 +1,99 @@
+CVE-2016-20013 (sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...)
+ NOTE: https://akkadia.org/drepper/SHA-crypt.txt
+ NOTE: https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
+ NOTE: https://twitter.com/solardiz/status/795601240151457793
+ TODO: check, several sources (busybox, sssd, dietlibc, php*, ...) do embed an implentation of the code, but only track those with security impact
+CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...)
+ - openssh <unfixed> (unimportant)
+ NOTE: https://github.com/openssh/openssh-portable/pull/270
+ NOTE: Negligible impact, not treated as a security issue by upstream
+CVE-2016-20011 (libgrss through 0.7.0 fails to perform TLS certificate verification wh ...)
+ - libgrss <unfixed> (bug #989149)
+ [bullseye] - libgrss <ignored> (Minor issue)
+ [buster] - libgrss <ignored> (Minor issue)
+ [stretch] - libgrss <ignored> (Minor issue)
+ NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=772647
+ NOTE: https://gitlab.gnome.org/GNOME/libgrss/-/issues/4
+CVE-2016-20010 (EWWW Image Optimizer before 2.8.5 allows remote command execution beca ...)
+ NOT-FOR-US: EWWW Image Optimizer
+CVE-2016-20009 (** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overfl ...)
+ NOT-FOR-US: Wind River VxWorks
+CVE-2016-20008 (The REST/JSON project 7.x-1.x for Drupal allows session enumeration, a ...)
+ NOT-FOR-US: REST/JSON project for Drupal
+CVE-2016-20007 (The REST/JSON project 7.x-1.x for Drupal allows session name guessing, ...)
+ NOT-FOR-US: REST/JSON project for Drupal
+CVE-2016-20006 (The REST/JSON project 7.x-1.x for Drupal allows blockage of user login ...)
+ NOT-FOR-US: REST/JSON project for Drupal
+CVE-2016-20005 (The REST/JSON project 7.x-1.x for Drupal allows user registration bypa ...)
+ NOT-FOR-US: REST/JSON project for Drupal
+CVE-2016-20004 (The REST/JSON project 7.x-1.x for Drupal allows field access bypass, a ...)
+ NOT-FOR-US: REST/JSON project for Drupal
+CVE-2016-20003 (The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka ...)
+ NOT-FOR-US: REST/JSON project for Drupal
+CVE-2016-20002 (The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, ...)
+ NOT-FOR-US: REST/JSON project for Drupal
+CVE-2016-20001 (The REST/JSON project 7.x-1.x for Drupal allows node access bypass, ak ...)
+ NOT-FOR-US: REST/JSON project for Drupal
+CVE-2016-15001
+ REJECTED
+CVE-2016-11086 (lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby doe ...)
+ [experimental] - ruby-oauth 0.5.6-1
+ - ruby-oauth <unfixed> (unimportant; bug #970932)
+ NOTE: https://github.com/oauth-xx/oauth-ruby/issues/137
+ NOTE: Likely minor issue since the package that exist is generated by ca-certificates
+ NOTE: package and ca-certificates in the package dependency list. Hence even though the
+ NOTE: package is vulnerable the problem do not exist in Debian unless the admin has
+ NOTE: explicitly removed the file from the filesystem.
+ NOTE: Fixing this vulnerability can cause a regression in the case the
+ NOTE: admin has intentionally removed this file to not check certificates.
+CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11083 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11082 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11081 (An issue was discovered in Mattermost Server before 2.2.0. It allows u ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11080 (An issue was discovered in Mattermost Server before 3.0.0. It offers s ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11079 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11078 (An issue was discovered in Mattermost Server before 3.0.0. It potentia ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11077 (An issue was discovered in Mattermost Server before 3.0.0. It has a su ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11076 (An issue was discovered in Mattermost Server before 3.0.0. It does not ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11075 (An issue was discovered in Mattermost Server before 3.0.0. It allows a ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11074 (An issue was discovered in Mattermost Server before 3.0.0. A password- ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11073 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11072 (An issue was discovered in Mattermost Server before 3.0.2. The purpose ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11071 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11070 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11069 (An issue was discovered in Mattermost Server before 3.2.0. It mishandl ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11068 (An issue was discovered in Mattermost Server before 3.2.0. Attackers c ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11067 (An issue was discovered in Mattermost Server before 3.2.0. It allowed ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11066 (An issue was discovered in Mattermost Server before 3.2.0. The initial ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11065 (An issue was discovered in Mattermost Server before 3.3.0. An attacker ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11064 (An issue was discovered in Mattermost Desktop App before 3.4.0. String ...)
+ - mattermost-desktop <itp> (bug #831861)
+CVE-2016-11063 (An issue was discovered in Mattermost Server before 3.5.1. XSS can occ ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2016-11062 (An issue was discovered in Mattermost Server before 3.5.1. E-mail addr ...)
+ - mattermost-server <itp> (bug #823556)
CVE-2016-11061 (Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 7 ...)
NOT-FOR-US: Xerox
CVE-2016-11060 (Certain NETGEAR devices are affected by insecure renegotiation. This a ...)
@@ -18,8 +114,8 @@ CVE-2016-11053 (An issue was discovered on Samsung mobile devices with software
NOT-FOR-US: Samsung mobile devices
CVE-2016-11052 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) soft ...)
NOT-FOR-US: Samsung mobile devices
-CVE-2016-11051 (An issue was discovered on Samsung mobile devices with J(4.2) (Qualcom ...)
- NOT-FOR-US: Samsung mobile devices
+CVE-2016-11051
+ REJECTED
CVE-2016-11050 (An issue was discovered on Samsung mobile devices with S3(KK), Note2(K ...)
NOT-FOR-US: Samsung mobile devices
CVE-2016-11049 (An issue was discovered on Samsung mobile devices with software throug ...)
@@ -252,7 +348,7 @@ CVE-2016-10937 (IMAPFilter through 2.6.12 does not validate the hostname in an S
[buster] - imapfilter <no-dsa> (Minor issue)
[stretch] - imapfilter <no-dsa> (Minor issue)
NOTE: https://github.com/lefcha/imapfilter/issues/142
- NOTE: Patch for support for hostname validation (requrires OpenSSL 1.1.0 and later):
+ NOTE: Patch for support for hostname validation (requrires OpenSSL 1.1.0 and later):
NOTE: https://github.com/lefcha/imapfilter/commit/bf2515da752eddd54973adb0853c6aa289e921b6
NOTE: Patch for support for hostname validation (for OpenSSL 1.0.2 and later):
NOTE: https://github.com/lefcha/imapfilter/commit/3daa2692e37fc52ce630e39a3fb6faf270c054b1
@@ -351,7 +447,7 @@ CVE-2016-10894 (xtrlock through 2.10 does not block multitouch events. Consequen
{DLA-1959-1}
- xtrlock 2.12 (bug #830726)
[buster] - xtrlock 2.8+deb10u1
- [stretch] - xtrlock <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - xtrlock 2.8+deb9u1
CVE-2016-10893 (The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has mu ...)
NOT-FOR-US: Wordpress plugin
CVE-2016-10892 (The chained-quiz plugin before 1.0 for WordPress has multiple XSS issu ...)
@@ -665,11 +761,11 @@ CVE-2016-10743 (hostapd before 2.6 does not prevent use of the low-quality PRNG
NOTE: There was already a 2.6 upload late in 2016 but then reverted to a 2.4 based
NOTE: version and only reuploaded as 2:2.6-7 to unstable.
CVE-2016-10742 (Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before ...)
- {DLA-1708-1}
+ {DLA-2461-1 DLA-1708-1}
- zabbix 1:3.0.17+dfsg-1 (low)
- [stretch] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-10272
NOTE: https://support.zabbix.com/browse/ZBX-13133
+ NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/2b340b8128af6c00469ef4066de16d4b1e81c841 (3.0.13rc1)
CVE-2016-1000282 (Haraka version 2.8.8 and earlier comes with a plugin for processing at ...)
NOT-FOR-US: Haraka
CVE-2016-1000276
@@ -785,9 +881,10 @@ CVE-2016-1000339 (In the Bouncy Castle JCE Provider version 1.55 and earlier the
NOTE: https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0
NOTE: https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2
CVE-2016-10723 (** DISPUTED ** An issue was discovered in the Linux kernel through 4.1 ...)
- - linux <unfixed>
- [jessie] - linux-4.9 <unfixed>
+ - linux <unfixed> (unimportant)
+ - linux-4.9 <removed> (unimportant)
NOTE: https://patchwork.kernel.org/patch/10395909/
+ NOTE: Negligible security impact, long standing limitation
CVE-2016-10722 (partclone.fat in Partclone before 0.2.88 is prone to a heap-based buff ...)
- partclone 0.2.88-1
[jessie] - partclone <no-dsa> (Minor issue)
@@ -1262,7 +1359,7 @@ CVE-2016-10517 (networking.c in Redis before 3.2.7 allows "Cross Protocol Script
CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function i ...)
{DLA-1191-1}
- python-werkzeug 0.11.11+dfsg1-1
- [jessie] - python-werkzeug <no-dsa> (Minor issue)
+ [jessie] - python-werkzeug 0.9.6+dfsg-1+deb8u1
NOTE: http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
NOTE: https://github.com/pallets/werkzeug/pull/1001
NOTE: https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65
@@ -1542,7 +1639,7 @@ CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling o
[jessie] - php5 5.6.28+dfsg-0+deb8u1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=73192
NOTE: Fixed in 7.1.0, 7.0.13, 5.6.28
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...)
{DLA-1044-1}
@@ -1717,7 +1814,7 @@ CVE-2016-10347 (In all Qualcomm products with Android releases from CAF using th
CVE-2016-10346 (In all Qualcomm products with Android releases from CAF using the Linu ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used duri ...)
- - passenger <unfixed> (unimportant)
+ - passenger 6.0.10-1 (unimportant)
NOTE: https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
NOTE: Source present, but passenger-install-nginx-module not installed
CVE-2016-10344 (In all Qualcomm products with Android releases from CAF using the Linu ...)
@@ -1806,7 +1903,7 @@ CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Art
[jessie] - ghostscript 9.06~dfsg-2+deb8u7
[wheezy] - ghostscript <no-dsa> (Not directly reproducible, to re-evaluate once the upstream fix is known)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4
NOTE: I got the reproducer file from the bug submitter and tried to reproduce it.
NOTE: Results are the following: sid/stretch with 9.20~dfsg-3 are
NOTE: affected, it even segfaults. But with wheezy 9.05~dfsg-6.3+deb7u2
@@ -1937,7 +2034,7 @@ CVE-2016-10270 (LibTIFF 4.0.7 allows remote attackers to cause a denial of servi
NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
NOTE: https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608
-CVE-2016-10269 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...)
+CVE-2016-10269 (LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0. ...)
{DSA-3844-1 DLA-877-1}
- tiff 4.0.7-2
- tiff3 <removed>
@@ -2017,26 +2114,28 @@ CVE-2016-10252 (Memory leak in the IsOptionMember function in MagickCore/option.
CVE-2016-10251 (Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in Jas ...)
{DSA-3827-1 DLA-920-1}
- jasper <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/11
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/04/11
NOTE: https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387
NOTE: https://github.com/asarubbo/poc/blob/master/00029-jasper-uninitvalue-jpc_pi_nextcprl
CVE-2016-10248 (The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900. ...)
- jasper <removed> (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/20/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/20/5
NOTE: Not suitable for code injection, hardly denial of service
NOTE: https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd
CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in Mujstes ...)
- - mupdf <unfixed> (unimportant)
+ {DLA-2765-1}
+ - mupdf 1.11+ds1-1 (unimportant)
[wheezy] - mupdf <not-affected> (Vulnerable code not present)
NOTE: Although jstest_main.c compiled during build and mujstest is created
NOTE: it is not included in the produced binary packages
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/16/19
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/19
CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in Mujstest in A ...)
- - mupdf <unfixed> (unimportant)
+ {DLA-2765-1}
+ - mupdf 1.11+ds1-1 (unimportant)
[wheezy] - mupdf <not-affected> (Vulnerable code not present)
NOTE: Although jstest_main.c compiled during build and mujstest is created
NOTE: it is not included in the produced binary packages
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/16/20
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/20
CVE-2016-10245 (Insufficient sanitization of the query parameter in templates/html/sea ...)
{DLA-1812-1}
- doxygen 1.8.12-1
@@ -2088,14 +2187,15 @@ CVE-2016-10229 (udp.c in the Linux kernel before 4.5 allows remote attackers to
[jessie] - linux 3.16.7-ckt20-1+deb8u2
[wheezy] - linux 3.2.73-2+deb7u2
NOTE: Fixed by: https://git.kernel.org/linus/197c949e7798fbf28cfadc69d9ca0c2abbf93191 (v4.5-rc1)
-CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and e ...)
- - glibc <unfixed> (low; bug #856503)
+CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and e ...)
+ - glibc 2.31-3 (low; bug #856503)
[buster] - glibc <no-dsa> (Minor issue)
[stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19519
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=91927b7c76437db860cd86a7714476b56bb39d07
CVE-2016-10227 (Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote ...)
NOT-FOR-US: Zyxel
CVE-2016-10226 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...)
@@ -2125,14 +2225,14 @@ CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697453
CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...)
- ghostscript <not-affected> (Vulnerable code introduced later)
- NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
- NOTE: Introduced by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91
+ NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
+ NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697444
CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Gh ...)
- ghostscript 9.20~dfsg-3.1 (bug #859662)
[jessie] - ghostscript <not-affected> (pdf14_cleanup_parent_color_profiles not yet present)
[wheezy] - ghostscript <not-affected> (pdf14_cleanup_parent_color_profiles not yet present)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456
CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The ...)
NOT-FOR-US: IT ITems DataBase
@@ -2202,28 +2302,28 @@ CVE-2016-10197 (The search_make_new function in evdns.c in libevent before 2.1.6
{DSA-3789-1 DLA-824-1}
- libevent 2.0.21-stable-3 (bug #854092)
NOTE: https://github.com/libevent/libevent/issues/332
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2016-10196 (Stack-based buffer overflow in the evutil_parse_sockaddr_port function ...)
{DSA-3789-1 DLA-824-1}
- libevent 2.0.21-stable-3 (bug #854092)
NOTE: https://github.com/libevent/libevent/issues/318
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2016-10195 (The name_parse function in evdns.c in libevent before 2.1.6-beta allow ...)
{DSA-3789-1 DLA-824-1}
- libevent 2.0.21-stable-3 (bug #854092)
NOTE: https://github.com/libevent/libevent/issues/317
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2016-10199 (The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-p ...)
{DSA-3820-1}
- gst-plugins-good1.0 1.10.3-1 (low)
- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775451
CVE-2016-10198 (The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacpars ...)
{DSA-3820-1 DLA-2225-1 DLA-828-1}
- gst-plugins-good1.0 1.10.3-1 (low)
- gst-plugins-good0.10 <removed> (low)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775450
CVE-2016-XXXX [iio-sensor-proxy: insecure dbus policy]
- iio-sensor-proxy 2.0-4 (bug #853951)
@@ -2231,19 +2331,19 @@ CVE-2016-10192 (Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10
- ffmpeg 7:3.2.2-1
- libav <not-affected> (Vulnerable code not present in libav, only in ffmpeg)
NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12
CVE-2016-10191 (Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2 ...)
{DLA-1611-1}
- ffmpeg 7:3.2.2-1
- libav <removed>
NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12
CVE-2016-10190 (Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8. ...)
{DLA-1611-1}
- ffmpeg 7:3.2.2-1
- libav <removed>
NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12
CVE-2016-10193 (The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to e ...)
NOT-FOR-US: espeak-ruby Ruby gem
CVE-2016-10194 (The festivaltts4r gem for Ruby allows remote attackers to execute arbi ...)
@@ -2279,7 +2379,7 @@ CVE-2016-10189 (BitlBee before 3.5 allows remote attackers to cause a denial of
- bitlbee 3.5-1
NOTE: https://bugs.bitlbee.org/ticket/1282
NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f (3.5)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4
NOTE: When fixing this CVE make sure to apply as well
NOTE: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441
NOTE: to not open CVE-2017-5668
@@ -2288,14 +2388,14 @@ CVE-2016-10188 (Use-after-free vulnerability in bitlbee-libpurple before 3.5 all
- bitlbee 3.5-1
NOTE: https://bugs.bitlbee.org/ticket/1281
NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2 (3.5)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4
CVE-2016-10187 (The E-book viewer in calibre before 2.75 allows remote attackers to re ...)
{DLA-859-1}
- calibre 2.75.1+dfsg-1 (low; bug #853004)
[jessie] - calibre <no-dsa> (Minor issue)
NOTE: Upstream report: https://launchpad.net/bugs/1651728
NOTE: Upstream fix: https://github.com/kovidgoyal/calibre/commit/3a89718664cb8cce0449d1758eee585ed0d0433c
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/29/8
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/29/8
CVE-2016-10173 (Directory traversal vulnerability in the minitar before 0.6 and archiv ...)
{DSA-3778-1 DLA-808-1}
- ruby-minitar 0.5.4-3.1 (bug #853075)
@@ -2323,7 +2423,6 @@ CVE-2016-10170 (The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1
NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10169 (The read_code function in read_words.c in Wavpack before 5.1.0 allows ...)
- wavpack 5.0.0-2 (bug #853076)
- [jessie] - wavpack <no-dsa> (Minor issue)
[wheezy] - wavpack <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/wavpack/mailman/message/35557889/
NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
@@ -2332,7 +2431,7 @@ CVE-2016-10166 (Integer underflow in the _gdContributionsAlloc function in gd_in
- libgd2 2.2.4-1
[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2016-10167 (The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Li ...)
{DSA-3777-1 DLA-804-1}
- php7.1 7.1.1-1 (unimportant)
@@ -2343,7 +2442,7 @@ CVE-2016-10167 (The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graph
NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30
- libgd2 2.2.4-1
NOTE: https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2016-10168 (Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) bef ...)
{DSA-3777-1 DLA-804-1}
- php7.1 7.1.1-1 (unimportant)
@@ -2354,7 +2453,7 @@ CVE-2016-10168 (Integer overflow in gd_io.c in the GD Graphics Library (aka libg
NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30
- libgd2 2.2.4-1
NOTE: https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2016-10165 (The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) all ...)
{DSA-3774-1 DLA-803-1}
- lcms2 2.8-4 (bug #852627)
@@ -2364,7 +2463,7 @@ CVE-2016-10164 (Multiple integer overflows in libXpm before 3.5.12, when a progr
{DSA-3772-1 DLA-801-1}
- libxpm 1:3.5.12-1
NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/22/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/22/2
CVE-2016-10163 (Memory leak in the vrend_renderer_context_create_internal function in ...)
- virglrenderer 0.6.0-1 (bug #852603)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7 (0.6.0)
@@ -2372,35 +2471,35 @@ CVE-2016-10163 (Memory leak in the vrend_renderer_context_create_internal functi
CVE-2016-10162 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x befo ...)
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- NOTE: PHP Bug: http://bugs.php.net/73831
+ NOTE: PHP Bug: https://bugs.php.net/73831
NOTE: Fixed in 7.0.15, 7.1.1
CVE-2016-10161 (The object_common1 function in ext/standard/var_unserializer.c in PHP ...)
{DSA-3783-1 DLA-818-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
- NOTE: PHP Bug: http://bugs.php.net/73825
+ NOTE: PHP Bug: https://bugs.php.net/73825
NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10160 (Off-by-one error in the phar_parse_pharfile function in ext/phar/phar. ...)
{DSA-3783-1 DLA-818-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
- NOTE: PHP Bug: http://bugs.php.net/73768
+ NOTE: PHP Bug: https://bugs.php.net/73768
NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10159 (Integer overflow in the phar_parse_pharfile function in ext/phar/phar. ...)
{DSA-3783-1 DLA-818-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
- NOTE: PHP Bug: http://bugs.php.net/73764
+ NOTE: PHP Bug: https://bugs.php.net/73764
NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10158 (The exif_convert_any_to_int function in ext/exif/exif.c in PHP before ...)
{DSA-3783-1 DLA-818-1}
- php7.1 7.1.1-1
- php7.0 7.0.15-1
- php5 <removed>
- NOTE: PHP Bug: http://bugs.php.net/73737
+ NOTE: PHP Bug: https://bugs.php.net/73737
NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10157 (Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to ...)
NOT-FOR-US: Akamai NetSession
@@ -2480,7 +2579,7 @@ CVE-2016-10146 (Multiple memory leaks in the caption and label handling code in
{DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.0+dfsg-2 (bug #851380)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2016-10140 (Information disclosure and authentication bypass vulnerability exists ...)
{DLA-806-1}
- zoneminder 1.30.4+dfsg-1 (bug #851710)
@@ -2491,18 +2590,24 @@ CVE-2016-10144 (coders/ipl.c in ImageMagick allows remote attackers to have unsp
{DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851485)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2016-10145 (Off-by-one error in coders/wpg.c in ImageMagick allows remote attacker ...)
{DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851483)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit function ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697448
CVE-2016-10133 (Heap-based buffer overflow in the js_stackoverflow function in jsrun.c ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=77ab465f1c394bb77f00966cd950650f3f53cb24
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697401
CVE-2016-10132 (regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a de ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697381
CVE-2016-10131 (system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote a ...)
- codeigniter <itp> (bug #471583)
CVE-2016-10130 (The http_connect function in transports/http.c in libgit2 before 0.24. ...)
@@ -2532,13 +2637,14 @@ CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hard
NOT-FOR-US: D-Link
CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity (XXE) a ...)
- python-pysaml2 <unfixed> (low; bug #859135)
+ [bullseye] - python-pysaml2 <no-dsa> (Minor issue)
[buster] - python-pysaml2 <no-dsa> (Minor issue)
[stretch] - python-pysaml2 <no-dsa> (Minor issue)
[jessie] - python-pysaml2 <no-dsa> (Minor issue)
NOTE: https://github.com/rohe/pysaml2/issues/366
NOTE: A proper fix for this issue would be to fix the underlying issue in src:libxml2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/19/5 (for the scope of the CVE)
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/19/5 (for the scope of the CVE)
CVE-2016-10149 (XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier a ...)
{DSA-3759-1}
- python-pysaml2 3.0.0-5 (bug #850716)
@@ -2548,7 +2654,7 @@ CVE-2016-10134 (SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 befo
{DSA-3802-1}
- zabbix 1:3.0.4+dfsg-1 (bug #850936)
NOTE: https://support.zabbix.com/browse/ZBX-11023
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/12/4
CVE-2016-10124 (An issue was discovered in Linux Containers (LXC) before 2016-02-22. W ...)
- lxc 1:2.0.0-1
[jessie] - lxc <no-dsa> (Minor issue)
@@ -2557,35 +2663,35 @@ CVE-2016-10124 (An issue was discovered in Linux Containers (LXC) before 2016-02
NOTE: https://github.com/lxc/lxc/commit/5eacdc3dbd0e45abf3cc90cf0216a7f8ee560abf (lxc-2.0.0.rc2)
CVE-2016-10123 (Firejail allows --chroot when seccomp is not supported, which might al ...)
- firejail 0.9.38-1
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/a23ac1bf390fa4c3db4ea31e6ee6100a9c511d59 (0.9.38-rc1)
CVE-2016-10122 (Firejail does not properly clean environment variables, which allows l ...)
- firejail 0.9.44.2-1
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/3b81e1f2c331644ced87d26a943b22eed6242b8f
NOTE: https://github.com/netblue30/firejail/commit/72bc0e145c67da24e555d868086953148c52b5fc
NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/e847207df28e181a8f590ade825b5f06d4fadf17 (0.9.44.2)
NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/18f6e9dc9b304f7aca291c3edce5122562b1e36c (0.9.44.2)
CVE-2016-10121 (Firejail uses weak permissions for /dev/shm/firejail and possibly othe ...)
- firejail 0.9.38-1
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/1cab02f5ae3c90c01fae4d1c16381820b757a3a6 (0.9.38)
CVE-2016-10120 (Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, ( ...)
- firejail 0.9.38-1
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/cd0ecfc7a7b30abde20db6dea505cd8c58e7c046 (0.9.38-rc1)
CVE-2016-10119 (Firejail uses 0777 permissions when mounting /tmp, which allows local ...)
- firejail 0.9.38-1
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/aa28ac9e09557b833f194f594e2940919d940d1f (0.9.38)
CVE-2016-10118 (Firejail allows local users to truncate /etc/resolv.conf via a chroot ...)
- firejail 0.9.44.2-1 (low)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/6144229605177764b7f3f3450c1a47f56595dc9e
NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/8b5b444c766b8d0592346decc6ed4a6d345e4f67 (0.9.44.2)
CVE-2016-10117 (Firejail does not restrict access to --tmpfs, which allows local users ...)
- firejail 0.9.38-1
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4
NOTE: https://github.com/netblue30/firejail/commit/678cd1495457318dad39178bb646ba1b96332ddb (0.9.38-rc1)
CVE-2016-10116 (NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo ...)
NOT-FOR-US: NETGEAR
@@ -2628,7 +2734,7 @@ CVE-2016-10109 (Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a
- pcsc-lite 1.8.20-1
NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22
NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=3aaab9d998b5deb16a246cc7517e44144d281d3b
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/03/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/03/2
CVE-2016-10098 (An issue was discovered on SendQuick Entera and Avera devices before 2 ...)
NOT-FOR-US: SendQuick Entera and Avera devices
CVE-2016-10097 (XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/ ...)
@@ -2657,7 +2763,7 @@ CVE-2016-10094 (Off-by-one error in the t2p_readwrite_pdf_image_tile function in
- tiff3 <not-affected> (vulnerable code introduced later)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
-CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote atta ...)
+CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9 ...)
{DSA-3762-1 DLA-795-1}
- tiff 4.0.7-2
- tiff3 <removed>
@@ -2736,8 +2842,8 @@ CVE-2016-10040 (Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allo
[jessie] - qt4-x11 <ignored> (Minor issue)
[wheezy] - qt4-x11 <ignored> (Minor issue)
- qtbase-opensource-src 5.2.0+dfsg-7
- NOTE: CVE assignment specific to http://www.openwall.com/lists/oss-security/2016/12/24/2
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/24/1
+ NOTE: CVE assignment specific to https://www.openwall.com/lists/oss-security/2016/12/24/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/24/1
NOTE: https://github.com/qt/qtbase/commit/f1053d94f59f053ce4acad9320df14f1fbe4faac
CVE-2016-10039 (Directory traversal in /connectors/index.php in MODX Revolution before ...)
NOT-FOR-US: MODX Revolution
@@ -2762,7 +2868,7 @@ CVE-2016-10033 (The mailSend function in the isMail transport in PHPMailer befor
- libphp-phpmailer 5.2.14+dfsg-2.1 (bug #849365)
NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc#diff-ace81e501931d8763b49f2410cf3094dR1449
- NOTE: Fix potentially incomplete, cf http://www.openwall.com/lists/oss-security/2016/12/28/1
+ NOTE: Fix potentially incomplete, cf https://www.openwall.com/lists/oss-security/2016/12/28/1
NOTE: When updating libphp-phpmailer for CVE-2016-10033 make sure to apply the
NOTE: complete patch to not make libphp-phpmailer affected by CVE-2016-10045.
NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
@@ -2812,7 +2918,7 @@ CVE-2016-10026 (ikiwiki 3.20161219 does not properly check if a revision changes
- ikiwiki 3.20161219
NOTE: http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/
NOTE: Fix: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9cada49ed6ad24556dbe9861ad5b0a9f526167f9
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/7
NOTE: When fixing this issue make sure to apply the complete correct fix to
NOTE: not open ikiwiki to be vulnerable for CVE-2016-9645.
CVE-2016-10025 (VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD v ...)
@@ -2830,7 +2936,7 @@ CVE-2016-10028 (The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/1
NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
NOTE: still present.
@@ -2842,7 +2948,7 @@ CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=acfc4846508a02cc4c83aa27799fd7 (v2.7.0-rc0)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=2fe760554eb3769d70f608a158474f (v2.7.0-rc0)
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/2
CVE-2016-9999
RESERVED
CVE-2016-9996
@@ -2923,7 +3029,7 @@ CVE-2016-9954 (The backtrack compilation code in the Irregex package (aka IrRegu
[stretch] - chicken <no-dsa> (Minor issue)
[jessie] - chicken <no-dsa> (Minor issue)
[wheezy] - chicken <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/18
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/18
NOTE: https://github.com/ashinn/irregex/commit/a16ffc86eca15fca9e40607d41de3cea9cf868f1
NOTE: For chicken vulnerable code in ./irregex-core.scm
CVE-2016-9953 (The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30 ...)
@@ -2997,7 +3103,7 @@ CVE-2016-10003 (Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5
NOTE: Vulnerable Squid Versions:
NOTE: 3.5.0.1 up to and including 3.5.22
NOTE: 4.0.1 up to and including 4.0.16
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/1
CVE-2016-10002 (Incorrect processing of responses to If-None-Modified HTTP conditional ...)
{DSA-3745-1 DLA-763-1}
- squid3 3.5.23-1 (bug #848493)
@@ -3013,7 +3119,7 @@ CVE-2016-10002 (Incorrect processing of responses to If-None-Modified HTTP condi
NOTE: 3.1.10 up to and including 3.1.23
NOTE: 3.2.0.3 up to and including 3.5.22
NOTE: 4.0.1 up to and including 4.0.16
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/1
CVE-2016-582384
REJECTED
CVE-2016-9964 (redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequ ...)
@@ -3025,37 +3131,37 @@ CVE-2016-9963 (Exim before 4.87.1 might allow remote attackers to obtain the pri
{DSA-3747-1 DLA-762-1}
- exim4 4.88~RC6-2
NOTE: https://bugs.exim.org/show_bug.cgi?id=1996
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/16/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/16/1
NOTE: https://exim.org/static/doc/CVE-2016-9963.txt
CVE-2016-9961 (game-music-emu before 0.6.1 mishandles unspecified integer values. ...)
{DSA-3735-1 DLA-750-1}
- game-music-emu 0.6.0-4 (bug #848071)
NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9960 (game-music-emu before 0.6.1 allows local users to cause a denial of se ...)
{DSA-3735-1 DLA-750-1}
- game-music-emu 0.6.0-4 (bug #848071)
NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9959 (game-music-emu before 0.6.1 allows remote attackers to generate out of ...)
{DSA-3735-1 DLA-750-1}
- game-music-emu 0.6.0-4 (bug #848071)
NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9958 (game-music-emu before 0.6.1 allows remote attackers to write to arbitr ...)
{DSA-3735-1 DLA-750-1}
- game-music-emu 0.6.0-4 (bug #848071)
NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9957 (Stack-based buffer overflow in game-music-emu before 0.6.1. ...)
{DSA-3735-1 DLA-750-1}
- game-music-emu 0.6.0-4 (bug #848071)
NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9956 (The route manager in FlightGear before 2016.4.4 allows remote attacker ...)
{DSA-3742-1}
- flightgear 1:2016.4.3+dfsg-1 (bug #848114)
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/11
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/11
CVE-2016-9951 (An issue was discovered in Apport before 2.20.4. A malicious Apport cr ...)
NOT-FOR-US: Apport
CVE-2016-9950 (An issue was discovered in Apport before 2.20.4. There is a path trave ...)
@@ -3096,7 +3202,7 @@ CVE-2016-9955 (The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp b
[jessie] - simplesamlphp <no-dsa> (Minor issue)
NOTE: https://simplesamlphp.org/security/201612-02
NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/a2326d75dd14accaac162dd2cb30aaefcc1f9205
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/7
CVE-2016-9939 (Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its A ...)
{DSA-3748-1 DLA-766-1}
- libcrypto++ 5.6.4-5 (bug #848009)
@@ -3124,7 +3230,7 @@ CVE-2016-9936 (The unserialize implementation in ext/standard/var.c in PHP 7.x b
NOTE: Fixed in PHP 7.0.14 and 7.1.0
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72978
NOTE: Fixed by: https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ...)
{DSA-3737-1 DLA-818-1}
- php7.0 7.0.14-1
@@ -3132,7 +3238,7 @@ CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP befo
NOTE: Fixed in PHP 5.6.29 and 7.0.14
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73631
NOTE: Fixed by: https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remo ...)
{DSA-3732-1 DLA-818-1}
- php7.0 7.0.13-1
@@ -3140,7 +3246,7 @@ CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows
NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73331
NOTE: Fixed by: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9933 (Stack consumption vulnerability in the gdImageFillToBorder function in ...)
{DSA-3751-1 DSA-3732-1 DLA-758-1}
- libgd2 2.2.2-29-g3c2b605-1 (bug #849038)
@@ -3155,7 +3261,7 @@ CVE-2016-9933 (Stack consumption vulnerability in the gdImageFillToBorder functi
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72696
NOTE: Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9937 (An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x be ...)
- asterisk <not-affected> (Introduced in 13.12.0 but fixed with first version to unstable based on 13.12.1)
NOTE: Vulnerability introduced in 13.12.0, but the first upload to unstable
@@ -3289,7 +3395,7 @@ CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and a
CVE-2016-9890
RESERVED
CVE-2016-9889 (Some forms with the parameter geo_zoomlevel_to_found_location in Tiki ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2016-9888 (An error within the "tar_directory_for_file()" function (gsf-infile-ta ...)
{DLA-2183-1 DLA-740-1}
- libgsf 1.14.41-1
@@ -3361,7 +3467,7 @@ CVE-2016-9912 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator s
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/12
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/12
CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-1 (bug #847496)
@@ -3371,7 +3477,7 @@ CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) al
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68 (v2.8.0-rc2)
NOTE: Proxy filesystem driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=4c793dda22213a7aba8e4d9a814e8f368a5f8bf7 (v1.0-rc0)
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11
CVE-2016-9915 (Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-1 (bug #847496)
@@ -3381,7 +3487,7 @@ CVE-2016-9915 (Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) a
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30 (v2.8.0-rc2)
NOTE: handle based fs driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=5f5422258e1f50f871bafcc5bfb2b498f414a310 (v1.0-rc0)
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11
NOTE: proxy driver not included during compilation in wheezy, see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
CVE-2016-9914 (Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local ...)
{DLA-1497-1}
@@ -3391,7 +3497,7 @@ CVE-2016-9914 (Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows l
[wheezy] - qemu-kvm <no-dsa> (proxy and handle drivers not included during compilation)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d (v2.8.0-rc2)
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11
NOTE: proxy and handle drivers not included during compilation in wheezy, so the cleanup function is never implemented:
NOTE: see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
CVE-2016-9913 (Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p ...)
@@ -3401,13 +3507,13 @@ CVE-2016-9913 (Memory leak in the v9fs_device_unrealize_common function in hw/9p
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42 (v2.8.0-rc2)
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11
CVE-2016-9911 (Quick Emulator (Qemu) built with the USB EHCI Emulation support is vul ...)
{DLA-1497-1 DLA-765-1 DLA-764-1}
- qemu 1:2.8+dfsg-1 (bug #847951)
- qemu-kvm <removed>
NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0)
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/10
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/10
CVE-2016-9907 (Quick Emulator (Qemu) built with the USB redirector usb-guest support ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-1 (bug #847953)
@@ -3416,7 +3522,7 @@ CVE-2016-9907 (Quick Emulator (Qemu) built with the USB redirector usb-guest sup
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/3
NOTE: Leakage introduced after 1.2.50: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3f6e1b106abcf6b8cf487ac8f8e5fc2fd86776
CVE-2016-9908 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator suppor ...)
- qemu 1:2.8+dfsg-1 (bug #847400)
@@ -3424,7 +3530,7 @@ CVE-2016-9908 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator s
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: http://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/2
CVE-2016-9920 (steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2 ...)
{DLA-737-1}
- roundcube 1.2.3+dfsg.1-1 (bug #847287)
@@ -3437,14 +3543,14 @@ CVE-2016-9910 (The serializer in html5lib before 0.99999999 might allow remote a
[wheezy] - html5lib <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/5
CVE-2016-9909 (The serializer in html5lib before 0.99999999 might allow remote attack ...)
- html5lib 0.999999999-1
[jessie] - html5lib <no-dsa> (Minor issue)
[wheezy] - html5lib <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/5
CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too verbose a ...)
{DLA-734-1}
- mapserver 7.0.3-1
@@ -3582,8 +3688,8 @@ CVE-2016-9844 (Buffer overflow in the zi_short function in zipinfo.c in Info-Zip
- unzip 6.0-21 (bug #847486)
[jessie] - unzip 6.0-16+deb8u3
NOTE: https://launchpad.net/bugs/1643750
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/05/13
- NOTE: Proposed patch in http://www.openwall.com/lists/oss-security/2016/12/05/19
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/05/13
+ NOTE: Proposed patch in https://www.openwall.com/lists/oss-security/2016/12/05/19
CVE-2016-XXXX [tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing]
- tiff 4.0.7-2 (unimportant; bug #846838)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619
@@ -3701,7 +3807,7 @@ CVE-2016-9814 (The validateSignature method in the SAML2\Utils class in SimpleSA
NOTE: https://github.com/simplesamlphp/saml2/pull/81
NOTE: https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c
NOTE: only exploitable in hard to achieve conditions
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/03/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/03/5
CVE-2016-9754 (The ring_buffer_resize function in kernel/trace/ring_buffer.c in the p ...)
- linux 4.6.1-1
[jessie] - linux 3.16.39-1
@@ -3896,7 +4002,7 @@ CVE-2016-9775 (The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb
NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
- tomcat6 6.0.41-3
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/5
CVE-2016-9774 (The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 ...)
{DSA-3739-1 DSA-3738-1 DLA-753-1 DLA-746-1}
- tomcat8 8.5.8-2 (bug #845393)
@@ -3904,7 +4010,7 @@ CVE-2016-9774 (The postinst script in the tomcat6 package before 6.0.45+dfsg-1~d
NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
- tomcat6 6.0.41-3
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/5
CVE-2016-9777 (KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does ...)
- linux 4.8.15-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -3912,7 +4018,7 @@ CVE-2016-9777 (KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled,
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400804
NOTE: Fixed by: https://git.kernel.org/linus/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 (v4.9-rc7)
NOTE: Introduced in: https://git.kernel.org/linus/af1bae5497b98cb99d6b0492e6981f060420a00c (v4.8-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/2
CVE-2016-9776 (QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Contro ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-1 (bug #846797)
@@ -4016,7 +4122,7 @@ CVE-2016-9772 (OpenAFS 1.6.19 and earlier allows remote attackers to obtain sens
NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt
NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003-master.patch (master)
NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003.patch
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/01/12
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/01/12
CVE-2016-9685 (Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the ...)
- linux 4.5.1-1
[jessie] - linux 3.16.36-1
@@ -4035,7 +4141,7 @@ CVE-2016-9646 (ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder
CVE-2016-9643 (The regex code in Webkit 2.4.11 allows remote attackers to cause a den ...)
- webkitgtk 2.14.6-1 (unimportant)
NOTE: Not covered by security support
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/26/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/26/2
CVE-2016-9642 (JavaScriptCore in WebKit allows attackers to cause a denial of service ...)
- webkitgtk <removed> (unimportant)
NOTE: Not covered by security support
@@ -4101,7 +4207,7 @@ CVE-2016-9603 (A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx
- xen 4.4.0-1
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: https://xenbits.xen.org/xsa/advisory-211.html
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/14/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/14/2
NOTE: Upstream patch http://git.qemu-project.org/?p=qemu.git;a=commit;h=50628d3479e4f9aa97e323506856e394fe7ad7a6
CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link following wh ...)
{DLA-1497-1 DLA-1035-1 DLA-965-1}
@@ -4109,7 +4215,7 @@ CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link followi
- qemu-kvm <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1413929
NOTE: The original proposed patch does not fix the issue, cf.
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/17/14
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/17/14
NOTE: Upstream patchset: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1035
NOTE: If fixing this issue for older suites, then make sure not to open the
@@ -4119,7 +4225,7 @@ CVE-2016-9601 (ghostscript before version 9.21 is vulnerable to a heap based buf
{DSA-3817-1 DLA-874-1}
- jbig2dec 0.13-4 (bug #850497)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457
- NOTE: Patch: http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092
+ NOTE: Patch: https://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092
CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer dereferen ...)
- jasper <removed> (unimportant)
NOTE: https://github.com/mdadams/jasper/issues/109
@@ -4178,7 +4284,7 @@ CVE-2016-9584 (libical allows remote attackers to cause a denial of service (use
- libical <removed> (bug #852034)
[stretch] - libical <ignored> (Minor issue)
[jessie] - libical <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/5
NOTE: Upstream ticket: https://github.com/libical/libical/issues/253
CVE-2016-9583 (An out-of-bounds heap read vulnerability was found in the jpc_pi_nextp ...)
- jasper <removed> (unimportant)
@@ -4286,7 +4392,7 @@ CVE-2016-9562 (SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Deni
NOT-FOR-US: SAP
CVE-2016-9561 (The che_configure function in libavcodec/aacdec_template.c in FFmpeg b ...)
- ffmpeg 7:3.2.4-1 (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/08/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/08/1
NOTE: non-issue, legitimate media file. If a server application uses libav* on untrusted media
NOTE: files, it needs to set resource limits
CVE-2016-9554 (The Sophos Web Appliance Remote / Secure Web Gateway server (version 4 ...)
@@ -4505,7 +4611,7 @@ CVE-2016-9866 (An issue was discovered in phpMyAdmin. When the arg_separator is
CVE-2016-9639 (Salt before 2015.8.11 allows deleted minions to read or write to minio ...)
- salt 2016.3.0+ds-1
[jessie] - salt <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/25/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/25/2
CVE-2016-9813 (The _parse_pat function in the mpegts parser in GStreamer before 1.10. ...)
{DSA-3818-1}
- gst-plugins-bad1.0 1.10.2-1 (low)
@@ -4680,7 +4786,7 @@ CVE-2016-9480 (libdwarf 2016-10-21 allows context-dependent attackers to obtain
NOTE: https://sourceforge.net/p/libdwarf/bugs/5/
NOTE: https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/
NOTE: The code has substantially changed in libdwarf/dwarf_util.c from older
- NOTE: versions, but there seem to be still back then an unchecked dereference
+ NOTE: versions, but there seem to be still back then an unchecked dereference
NOTE: of val_ptr.
CVE-2016-9479 (The "lost password" functionality in b2evolution before 6.7.9 allows r ...)
- b2evolution <removed>
@@ -4742,12 +4848,11 @@ CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, a
- bind9 1:9.10.3.dfsg.P4-11 (bug #851062)
NOTE: https://kb.isc.org/article/AA-01441/0
CVE-2016-9928 (MCabber before 1.0.4 is vulnerable to roster push attacks, which allow ...)
- {DLA-724-1}
+ {DLA-2260-1 DLA-724-1}
- mcabber 0.10.2-1.1 (bug #845258)
- [jessie] - mcabber <no-dsa> (Minor issue)
NOTE: https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/09/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/09/5
CVE-2016-XXXX [Rorster vulnerability similar to CVE-2015-8688]
- slixmpp 1.2.2-1
NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688 (but should get a seprate CVE)
@@ -4768,19 +4873,19 @@ CVE-2016-10071 (coders/mat.c in ImageMagick before 6.9.4-0 allows remote attacke
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10070 (Heap-based buffer overflow in the CalcMinMax function in coders/mat.c ...)
{DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845246)
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10069 (coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to ...)
{DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845244)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-9559 (coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to ...)
{DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.5+dfsg-1 (bug #845243)
@@ -4804,46 +4909,46 @@ CVE-2016-10068 (The MSL interpreter in ImageMagick before 6.9.6-4 allows remote
- imagemagick 8:6.9.6.5+dfsg-1 (bug #845241)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797
NOTE: https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10058 (Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagi ...)
- imagemagick 8:6.9.6.5+dfsg-1 (bug #845239)
[jessie] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
[wheezy] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10067 (magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers ...)
{DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10066 (Buffer overflow in the ReadVIFFImage function in coders/viff.c in Imag ...)
{DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10065 (The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0. ...)
{DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845212)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/129
NOTE: https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05
NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10064 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows ...)
{DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845202)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10063 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows ...)
{DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845198)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10062 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not ...)
{DSA-3799-1 DLA-868-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #849439)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
NOTE: https://github.com/ImageMagick/ImageMagick/issues/352
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
NOTE: CVE is for the fwrite issue in ReadGROUP4Image. This was
NOTE: specifically noted at the beginning of issues/196, but not fixed in
NOTE: either of these commits 933e96f01a8c889c7bf5ffd30020e86a02a046e7 nor
@@ -4855,19 +4960,19 @@ CVE-2016-10061 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick bef
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9
NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10060 (The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagi ...)
{DLA-756-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7
NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10059 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows ...)
{DSA-3726-1 DLA-756-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #845195)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-9448 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attacke ...)
- tiff <not-affected> (Vulnerable code introduced by fix for CVE-2016-9297)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593
@@ -5072,23 +5177,23 @@ CVE-2016-9452 (The transliterate mechanism in Drupal 8.x before 8.2.3 allows rem
- drupal8 <itp> (bug #756305)
- drupal7 <not-affected> (Only affects Drupal 8)
NOTE: https://www.drupal.org/SA-CORE-2016-005
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9451 (Confirmation forms in Drupal 7.x before 7.52 make it easier for remote ...)
{DSA-3718-1 DLA-715-1}
- drupal7 7.52-1
NOTE: https://www.drupal.org/SA-CORE-2016-005
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9450 (The user password reset form in Drupal 8.x before 8.2.3 allows remote ...)
- drupal8 <itp> (bug #756305)
- drupal7 <not-affected> (Only affects Drupal 8)
NOTE: https://www.drupal.org/SA-CORE-2016-005
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9449 (The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 mig ...)
{DSA-3718-1 DLA-715-1}
- drupal8 <itp> (bug #756305)
- drupal7 7.52-1
NOTE: https://www.drupal.org/SA-CORE-2016-005
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9443 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...)
- w3m 0.5.3-30
[jessie] - w3m 0.5.3-19+deb8u1
@@ -5327,7 +5432,7 @@ CVE-2016-9400 (The CClient::ProcessServerPacket method in engine/client/client.c
[wheezy] - teeworlds <end-of-life> (Games are not supported in Wheezy)
NOTE: https://www.teeworlds.com/?page=news&id=12086
NOTE: https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62 (0.6.4-release)
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/16/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/16/8
CVE-2016-9321
RESERVED
CVE-2016-9320
@@ -5455,13 +5560,13 @@ CVE-2016-9447 (The ROM mappings in the NSF decoder in gstreamer 0.10.x allow rem
NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
CVE-2016-9299 (The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allow ...)
- jenkins <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/12/4
CVE-2016-9298 (Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c i ...)
- imagemagick 8:6.9.6.5+dfsg-1 (bug #844211)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/296
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/13/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/13/1
CVE-2016-9300
REJECTED
CVE-2016-9301
@@ -5474,7 +5579,7 @@ CVE-2016-9297 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote at
- tiff3 <removed>
[wheezy] - tiff3 <not-affected> (Unreproducible)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/12/2
NOTE: Patch https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed
NOTE: Reproducible with valgrind in wheezy with 4.0.2-6+deb7u7
NOTE: Reproducible with valgrind in jessie with 4.0.3-12.3+deb8u1
@@ -5530,7 +5635,7 @@ CVE-2016-9532 (Integer overflow in the writeBufferToSeparateStrips function in t
[wheezy] - tiff3 <not-affected> (Tools not shipped by tiff3)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592
NOTE: Patch: https://github.com/vadz/libtiff/commit/21d39de1002a5e69caa0574b2cc05d795d6fbfad
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/11/14
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/11/14
CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old versions ...)
- p7zip 16.02+dfsg-2 (unimportant; bug #844344)
[jessie] - p7zip <not-affected> (Vulnerable code with potential NULL pointer dereference introduced later)
@@ -5538,7 +5643,9 @@ CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old ver
NOTE: https://sourceforge.net/p/p7zip/bugs/185/
NOTE: no security impact
CVE-2016-9294 (Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225 ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697172
+ NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=5008105780c0b0182ea6eda83ad5598f225be3ee
CVE-2016-9279 (Use-after-free vulnerability in the Samsung Exynos fimg2d driver for A ...)
NOT-FOR-US: Samsung Exynos fimg2d driver for Android
CVE-2016-9278 (The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, o ...)
@@ -5632,7 +5739,7 @@ CVE-2016-9243 (HKDF in cryptography before 1.5.2 returns an empty byte-string if
[jessie] - python-cryptography 0.6.1-1+deb8u1
NOTE: Upstream bug: https://github.com/pyca/cryptography/issues/3211
NOTE: Upstream commit: https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/08/6
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/08/6
CVE-2016-9242 (Multiple SQL injection vulnerabilities in the update method in framewo ...)
NOT-FOR-US: Exponent CMS
CVE-2016-9241
@@ -5845,7 +5952,7 @@ CVE-2016-9179 (lynx: It was found that Lynx doesn't parse the authority componen
- lynx 2.8.9dev11-1 (bug #843258)
- lynx-cur <removed>
[jessie] - lynx-cur <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/4
NOTE: Slight mitigation and documentation improvement was done in 2.8.9dev.10 upstream
NOTE: the uplaod to unstable as 2.8.9dev10-1
CVE-2016-9644 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...)
@@ -5856,7 +5963,7 @@ CVE-2016-9644 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in
NOTE: 548acf19234dbda5a52d5a8e7e205af46e9da840 (added in 4.6), as such
NOTE: src:linux was never affected. 1c109fabbd5 also wasn't backported to
NOTE: the 3.2 and 3.16 LTS series
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/2
CVE-2016-9178 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...)
{DLA-772-1}
- linux 4.7.5-1
@@ -5882,7 +5989,7 @@ CVE-2016-9181 (perl-Image-Info: When parsing an SVG file, external entity expans
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118099
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379556
NOTE: Upstream commit: https://github.com/eserte/image-info/commit/781625b643bc05ba92127a4554de7910f3f2f8e6
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/02/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/02/1
NOTE: Older versions of libimage-info-perl only can use XML::Simple.
NOTE: Controlling XXE processing behavior in XML::Simple is not really
NOTE: possible (see https://rt.cpan.org/Ticket/Display.html?id=83794),
@@ -5896,11 +6003,12 @@ CVE-2016-9180 (perl-XML-Twig: The option to `expand_external_ents`, documented a
[wheezy] - libxml-twig-perl <no-dsa> (Minor issue, new flag would require changes to applications too, not worth the effort)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118097
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379553
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/02/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/02/1
NOTE: Release 3.50 adds a no_xxe flag which will fail to parse files with external entities.
NOTE: 2016-12-13: The corresponding changes is not in the public git repository yet: https://github.com/mirod/xmltwig/commits/master
CVE-2016-9136 (Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8 ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697244
CVE-2016-9135 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/fra ...)
NOT-FOR-US: Exponent CMS
CVE-2016-9134 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/exp ...)
@@ -5945,7 +6053,7 @@ CVE-2016-9139 (Cross-site scripting (XSS) vulnerability in Open Ticket Request S
- otrs2 5.0.14-1 (bug #843091)
[jessie] - otrs2 3.3.18-1+deb8u1
NOTE: https://community.otrs.com/security-advisory-2016-02-security-update-otrs
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/01/5
NOTE: upstream fix likely https://github.com/OTRS/otrs/commit/6578a8bcf82529461302291ab3fcb500363b005a
CVE-2016-9120 (Race condition in the ion_ioctl function in drivers/staging/android/io ...)
- linux 4.6.1-1 (unimportant)
@@ -6015,40 +6123,40 @@ CVE-2016-9090
CVE-2016-9089
RESERVED
CVE-2016-9109 (Artifex Software MuJS allows attackers to cause a denial of service (c ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
CVE-2016-9108 (Integer overflow in the js_regcomp function in regexp.c in Artifex Sof ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
CVE-2016-9107 (The OTR plugin for Gajim sends information in cleartext when using XHT ...)
- gajim-otr <itp> (bug #722130)
NOTE: Upstream bug: https://trac-plugins.gajim.org/ticket/145
NOTE: Upstream fix: https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/30/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/30/2
CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Qu ...)
{DLA-1599-1 DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/4
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9
CVE-2016-9105 (Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Qui ...)
{DLA-1599-1 DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/3
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c
CVE-2016-9104 (Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xat ...)
{DLA-1599-1 DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/2
CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emula ...)
{DLA-1599-1 DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #842463)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/1
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d
CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU ( ...)
{DLA-1599-1 DLA-698-1 DLA-689-1}
@@ -6056,7 +6164,7 @@ CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in Q
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389550
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/15
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/15
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff55e94d23ae94c8628b0115320157c763eb3e06
CVE-2016-9101 (Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows l ...)
{DLA-1599-1 DLA-698-1 DLA-689-1}
@@ -6064,7 +6172,7 @@ CVE-2016-9101 (Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) all
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389538
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/14
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/14
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=2634ab7fe29b3f75d0865b719caf8f310d634aae (v2.8.0-rc0)
CVE-2016-9088
RESERVED
@@ -6262,18 +6370,18 @@ CVE-2016-9028 (Unauthorized redirect vulnerability in Citrix NetScaler ADC befor
NOT-FOR-US: Citrix
CVE-2016-9027
RESERVED
-CVE-2016-9026
- RESERVED
-CVE-2016-9025
- RESERVED
+CVE-2016-9026 (Exponent CMS before 2.6.0 has improper input validation in fileControl ...)
+ NOT-FOR-US: Exponent CMS
+CVE-2016-9025 (Exponent CMS before 2.6.0 has improper input validation in purchaseOrd ...)
+ NOT-FOR-US: Exponent CMS
CVE-2016-9024
RESERVED
-CVE-2016-9023
- RESERVED
-CVE-2016-9022
- RESERVED
-CVE-2016-9021
- RESERVED
+CVE-2016-9023 (Exponent CMS before 2.6.0 has improper input validation in cron/find_h ...)
+ NOT-FOR-US: Exponent CMS
+CVE-2016-9022 (Exponent CMS before 2.6.0 has improper input validation in usersContro ...)
+ NOT-FOR-US: Exponent CMS
+CVE-2016-9021 (Exponent CMS before 2.6.0 has improper input validation in storeContro ...)
+ NOT-FOR-US: Exponent CMS
CVE-2016-9020 (SQL injection vulnerability in framework/modules/help/controllers/help ...)
NOT-FOR-US: Exponent CMS
CVE-2016-9019 (SQL injection vulnerability in the activate_address function in framew ...)
@@ -6281,7 +6389,8 @@ CVE-2016-9019 (SQL injection vulnerability in the activate_address function in f
CVE-2016-9018 (Improper handling of a repeating VRAT chunk in qcpfformat.dll allows a ...)
NOT-FOR-US: RealPlayer
CVE-2016-9017 (Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697171
CVE-2016-9015 (Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vul ...)
- python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 releases)
CVE-2016-9014 (Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x bef ...)
@@ -6500,12 +6609,12 @@ CVE-2016-8911 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remo
CVE-2016-9016 (Firejail 0.9.38.4 allows local users to execute arbitrary commands out ...)
- firejail 0.9.44-1
NOTE: https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/25/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/25/3
CVE-2016-9011 (The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attac ...)
{DLA-694-1}
- libwmf 0.2.8.4-10.6 (bug #842090)
[jessie] - libwmf 0.2.8.4-10.3+deb8u2
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/9
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/18/9
NOTE: https://blogs.gentoo.org/ago/2016/10/18/libwmf-memory-allocation-failure-in-wmf_malloc-api-c
NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00015-libwmf-memalloc-wmf_malloc
NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=842090;filename=libwmf-0.2.8.4-CVE-2016-9011-debian.patch;msg=10
@@ -6912,7 +7021,7 @@ CVE-2016-8729 (An exploitable memory corruption vulnerability exists in the JBIG
- jbig2dec 0.13-4 (bug #863886)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698438
- NOTE: http://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092
+ NOTE: https://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092
CVE-2016-8728 (An exploitable heap out of bounds write vulnerability exists in the Fi ...)
- mupdf <not-affected> (Vulnerable code introduced in 1.10, cf. #863545)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20
@@ -6996,13 +7105,13 @@ CVE-2016-8910 (The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (
- qemu 1:2.8+dfsg-1 (bug #841955)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/24/2
CVE-2016-8909 (The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick ...)
{DLA-1599-1 DLA-698-1 DLA-689-1}
- qemu 1:2.8+dfsg-1 (bug #841950)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/24/1
CVE-2016-XXXX [Privilege escalation possible to other user than root]
- bash <unfixed> (unimportant; bug #841856)
NOTE: This is strongly related to the problem described in CVE-2016-7543 and the correction
@@ -7014,7 +7123,7 @@ CVE-2016-10249 (Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568 (version-1.900.12)
NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/
NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00001-jasper-heapoverflow-jpc_dec_tiledecode
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/23/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/23/7
CVE-2016-10250 (The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 a ...)
- jasper <not-affected> (Incomplete fix for CVE-206-8887 not applied)
NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00002-jasper-NULLptr-jp2_colr_destroy
@@ -7067,8 +7176,7 @@ CVE-2016-8880
REJECTED
CVE-2016-8866 (The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick ...)
{DLA-756-1}
- - imagemagick <not-affected>
- NOTE: For incomplete fix of CVE-2016-8862
+ - imagemagick <not-affected> (Incomplete fix for CVE-2016-8862 not applied)
NOTE: https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
NOTE: This is not a real problem in imagemagick but caused by the "observer" (the address sanitizer), cf.
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255 .
@@ -7078,7 +7186,7 @@ CVE-2016-8859 (Multiple integer overflows in the TRE library and musl libc allow
[jessie] - tre 0.8.0-4+deb8u1
- musl 1.1.15-2 (bug #842171)
[jessie] - musl 1.1.5-2+deb8u1
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/19/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/19/1
NOTE: other issues may still be present in tre after this: https://github.com/laurikari/tre/issues/37
NOTE: musl patch: http://git.musl-libc.org/cgit/musl/commit/?id=c3edc06d1e1360f3570db9155d6b318ae0d0f0f7, not released yet
CVE-2016-8858 (** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x ...)
@@ -7095,30 +7203,30 @@ CVE-2016-8862 (The AcquireMagickMemory function in MagickCore/memory.c in ImageM
NOTE: The initial patch was initiall meant to be incomplete and resulted in CVE-2016-8866. So when fixing
NOTE: this CVE make sure to fix it completely to not open up CVE-2016-8866.
NOTE: The "incomplete fix" though is not a real problem, cf. https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/17/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/17/4
CVE-2016-8860 (Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal funct ...)
{DSA-3694-1 DLA-663-1}
- tor 0.2.8.9-1
NOTE: https://trac.torproject.org/projects/tor/ticket/20384
NOTE: https://blog.torproject.org/blog/tor-0289-released-important-fixes
NOTE: https://gitweb.torproject.org/tor.git/commit/?id=3cea86eb2fbb65949673eb4ba8ebb695c87a57ce
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/11
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/18/11
CVE-2016-9138 (PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modifica ...)
{DSA-3732-1}
- php7.0 7.0.12-1
- php5 <removed>
[wheezy] - php5 <not-affected> (Vulnerable code not present in version 5.4.45)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/01/7
CVE-2016-9137 (Use-after-free vulnerability in the CURLFile implementation in ext/cur ...)
{DSA-3698-1}
- php7.0 7.0.12-1
- php5 <removed>
[wheezy] - php5 <not-affected> (Vulnerable code not present in version 5.4.45)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
NOTE: Fixed in 7.0.12, 5.6.27
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/18/1
CVE-2016-8673 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl ...)
NOT-FOR-US: Siemens SIMATIC CP
CVE-2016-8672 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl ...)
@@ -7199,7 +7307,7 @@ CVE-2016-8690 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer bef
{DLA-1583-1}
- jasper <removed> (low; bug #841112)
[wheezy] - jasper <no-dsa> (Minor issue)
- NOTE: CVE ID for the first and fifth items of http://www.openwall.com/lists/oss-security/2016/08/23/6 post
+ NOTE: CVE ID for the first and fifth items of https://www.openwall.com/lists/oss-security/2016/08/23/6 post
NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
NOTE: The original fix is incomplete resulting in two follow ups CVE-2016-8884 and
NOTE: CVE-2016-8885.
@@ -7247,7 +7355,7 @@ CVE-2016-8674 (The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allo
{DSA-3797-1}
- mupdf 1.9a+ds1-2 (bug #840957)
[wheezy] - mupdf <not-affected> (Crash is not reproducible with reprocuder. Needs clarification from upstream.)
- NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697015
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697019
CVE-2016-8670 (Integer signedness error in the dynamicGetbuf function in gd_io_dp.c i ...)
@@ -7255,7 +7363,7 @@ CVE-2016-8670 (Integer signedness error in the dynamicGetbuf function in gd_io_d
- libgd2 2.2.3-87-gd0fec80-1 (bug #840805)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73280
NOTE: https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/15/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/15/1
CVE-2016-8671 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not prop ...)
- matrixssl <not-affected> (Incomplete fix for CVE-2016-6887 not applied)
NOTE: https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-incomplete-fix-for-CVE-2016-6887.html
@@ -7512,11 +7620,11 @@ CVE-2016-8612 (Apache HTTP Server mod_cluster before version httpd 2.4.23 is vul
- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-8611 (A vulnerability was found in Openstack Glance. No limits are enforced ...)
- glance <unfixed> (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/16
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/16
CVE-2016-8610 (A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 thro ...)
{DSA-3773-1 DLA-814-1}
- openssl 1.0.2j-1
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/24/3
NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384743 mentions countermeasures in gnutls
NOTE: https://gitlab.com/gnutls/gnutls/commit/1ffb827e45721ef56982d0ffd5c5de52376c428e
@@ -7545,7 +7653,7 @@ CVE-2016-8596 (Buffer overflow in the csp_can_process_frame in csp_if_can.c in t
NOTE: https://github.com/GomSpace/libcsp/pull/81/commits/4435fbed4090ff3cd090a61517430fe8a3924cd8
CVE-2016-8595 (The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1 ...)
- ffmpeg 7:3.1.5-1
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/08/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/08/2
NOTE: https://github.com/FFmpeg/FFmpeg/commit/987690799dd86433bf98b897aaa4c8d93ade646d
CVE-2016-8594
RESERVED
@@ -7555,12 +7663,13 @@ CVE-2016-8666 (The IP stack in the Linux kernel before 4.6 allows remote attacke
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/fac8e0f579695a3ecbc4d3cac369139d7f819971
NOTE: Introduced by: htttps://git.kernel.org/linus/bf5a755f5e9186406bbf50f4087100af5bd68e40
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/13/11
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/13/11
CVE-2016-8660 (The XFS subsystem in the Linux kernel through 4.8.2 allows local users ...)
- - linux <unfixed> (low)
+ - linux <unfixed> (unimportant)
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
- [jessie] - linux-4.9 <unfixed> (low)
+ - linux-4.9 <removed> (unimportant)
+ NOTE: Not a security bug per upstream at https://marc.info/?l=linux-fsdevel&m=147639177409294&w=2
CVE-2016-8659 (Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might all ...)
- bubblewrap 0.1.2-2 (bug #840605)
NOTE: https://github.com/projectatomic/bubblewrap/issues/107
@@ -7791,7 +7900,7 @@ CVE-2016-XXXX [dbus format string vulnerability]
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=98157
NOTE: Versions affected: dbus >= 1.4.0
NOTE: Fixed in: dbus >= 1.11.6, 1.10.x >= 1.10.12, 1.8.x >= 1.8.22
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/10/9
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/10/10/9
NOTE: In Debian CVE-2015-0245 was already fixed, and this issue is
NOTE: not believed to be exploitable in practice, because the relevant
NOTE: message is ignored unless it comes from the owner of the bus name
@@ -7832,7 +7941,7 @@ CVE-2016-8679 (The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in L
- dwarfutils 20161001-2 (bug #840958)
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/11
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/08/11
NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
NOTE: Same fix as CVE-2016-8681 but different issue
@@ -7840,7 +7949,7 @@ CVE-2016-8680 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwa
- dwarfutils 20161001-2 (bug #840960)
[jessie] - dwarfutils <no-dsa> (Minor issue)
[wheezy] - dwarfutils <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/12
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/08/12
NOTE: https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2
CVE-2016-8681 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20 ...)
- dwarfutils 20161001-2 (bug #840961)
@@ -7848,12 +7957,12 @@ CVE-2016-8681 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwa
[wheezy] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/13
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/08/13
CVE-2016-8602 (The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 al ...)
{DSA-3691-1 DLA-674-1}
- ghostscript 9.19~dfsg-3.1 (bug #840451)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
CVE-2016-8601
REJECTED
CVE-2016-8578 (The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (ak ...)
@@ -8098,30 +8207,30 @@ CVE-2016-7979 (Ghostscript before 9.21 might allow remote attackers to bypass th
- ghostscript 9.19~dfsg-3.1 (bug #839846)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0
- NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/19
+ NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/19
CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remote at ...)
{DSA-3691-1 DLA-674-1}
- ghostscript 9.19~dfsg-3.1 (bug #839845)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
- NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
+ NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-7977 (Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...)
{DSA-3691-1 DLA-674-1}
- ghostscript 9.19~dfsg-3.1 (high; bug #839841)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169
- NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/29/28
- NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
+ NOTE: Reproducer: https://www.openwall.com/lists/oss-security/2016/09/29/28
+ NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-7976 (The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attacker ...)
{DSA-3691-1 DLA-674-1}
- ghostscript 9.19~dfsg-3.1 (high; bug #839260)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178
- NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/30/8
- NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
+ NOTE: Reproducer: https://www.openwall.com/lists/oss-security/2016/09/30/8
+ NOTE: Patch: https://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-1000247 [mpg123 memory overread]
{DLA-655-1}
- mpg123 1.23.8-1 (low; bug #838960)
@@ -8137,7 +8246,7 @@ CVE-2016-XXXX [nspr, nss: unprotected environment variables]
[wheezy] - nss 2:3.26-1+debu7u1
NOTE: Workaround entry for DSA-3688-1/DLA-677-1 until CVE is assigned
NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.1_release_notes
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/02/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/10/02/4
CVE-2016-8390 (An exploitable out of bounds write vulnerability exists in the parsing ...)
NOT-FOR-US: Hopper Disassembler
CVE-2016-8389 (An exploitable integer-overflow vulnerability exists within Iceni Argu ...)
@@ -8267,8 +8376,8 @@ CVE-2016-8332 (A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code executi
CVE-2016-8331 (An exploitable remote code execution vulnerability exists in the handl ...)
{DLA-693-1}
- tiff 4.0.6-3
- - tiff3 <removed>
[jessie] - tiff 4.0.3-12.3+deb8u2
+ - tiff3 <removed>
[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0190/
NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
@@ -8406,7 +8515,7 @@ CVE-2016-7553 (The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak pe
[jessie] - irssi 0.8.17-1+deb8u2
NOTE: Fixed by: https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
NOTE: https://irssi.org/2016/09/22/buf.pl-update/
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/24/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/24/1
CVE-2016-1000242
RESERVED
CVE-2016-1000241
@@ -8418,7 +8527,7 @@ CVE-2016-1000239
CVE-2016-1000238
RESERVED
CVE-2016-1000237 (sanitize-html before 1.4.3 has XSS. ...)
- NOT-FOR-US: sanitize-html
+ - node-sanitize-html <not-affected> (Fixed before initial upload)
CVE-2016-1000236 (Node-cookie-signature before 1.0.6 is affected by a timing attack due ...)
- node-cookie-signature 1.1.0-1 (unimportant; bug #838618)
NOTE: https://nodesecurity.io/advisories/134
@@ -8469,7 +8578,7 @@ CVE-2016-7466 (Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e
NOTE: The usb_xhci_exit and thus the patched code was introduced in:
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=53c30545fb34c43c84d62ea1c2b0dc6b53303c34 (v2.2.0-rc0)
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/19/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/19/8
CVE-2016-8280 (Directory traversal vulnerability in Huawei eSight before V300R003C20S ...)
NOT-FOR-US: Huawei eSight UMS
CVE-2016-8279 (The video driver in Huawei Mate S smartphones with software CRR-TL00 b ...)
@@ -8597,7 +8706,7 @@ CVE-2016-7423 (The mptsas_process_scsi_io_request function in QEMU (aka Quick Em
- qemu-kvm <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376776
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/16/5
NOTE: LSI SAS1068 (mptsas) device support added in
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
@@ -8609,7 +8718,7 @@ CVE-2016-7422 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (ak
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376755
NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/16/4
CVE-2016-7421 (The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU ...)
{DLA-1599-1}
- qemu 1:2.7+dfsg-1 (bug #838147)
@@ -8617,7 +8726,7 @@ CVE-2016-7421 (The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in
- qemu-kvm <not-affected> (Vulnerable code not present, introduced after 1.5)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376731
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/16/3
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=d251157ac1928191af851d199a9ff255d330bec9
CVE-2016-8220 (Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x pri ...)
NOT-FOR-US: Pivotal
@@ -8666,195 +8775,195 @@ CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in Gnu
NOTE: http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
NOTE: Upstream fix: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1374266
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/18/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/18/3
CVE-2016-8200
- RESERVED
+ REJECTED
CVE-2016-8199
- RESERVED
+ REJECTED
CVE-2016-8198
- RESERVED
+ REJECTED
CVE-2016-8197
- RESERVED
+ REJECTED
CVE-2016-8196
- RESERVED
+ REJECTED
CVE-2016-8195
- RESERVED
+ REJECTED
CVE-2016-8194
- RESERVED
+ REJECTED
CVE-2016-8193
- RESERVED
+ REJECTED
CVE-2016-8192
- RESERVED
+ REJECTED
CVE-2016-8191
- RESERVED
+ REJECTED
CVE-2016-8190
- RESERVED
+ REJECTED
CVE-2016-8189
- RESERVED
+ REJECTED
CVE-2016-8188
- RESERVED
+ REJECTED
CVE-2016-8187
- RESERVED
+ REJECTED
CVE-2016-8186
- RESERVED
+ REJECTED
CVE-2016-8185
- RESERVED
+ REJECTED
CVE-2016-8184
- RESERVED
+ REJECTED
CVE-2016-8183
- RESERVED
+ REJECTED
CVE-2016-8182
- RESERVED
+ REJECTED
CVE-2016-8181
- RESERVED
+ REJECTED
CVE-2016-8180
- RESERVED
+ REJECTED
CVE-2016-8179
- RESERVED
+ REJECTED
CVE-2016-8178
- RESERVED
+ REJECTED
CVE-2016-8177
- RESERVED
+ REJECTED
CVE-2016-8176
- RESERVED
+ REJECTED
CVE-2016-8175
- RESERVED
+ REJECTED
CVE-2016-8174
- RESERVED
+ REJECTED
CVE-2016-8173
- RESERVED
+ REJECTED
CVE-2016-8172
- RESERVED
+ REJECTED
CVE-2016-8171
- RESERVED
+ REJECTED
CVE-2016-8170
- RESERVED
+ REJECTED
CVE-2016-8169
- RESERVED
+ REJECTED
CVE-2016-8168
- RESERVED
+ REJECTED
CVE-2016-8167
- RESERVED
+ REJECTED
CVE-2016-8166
- RESERVED
+ REJECTED
CVE-2016-8165
- RESERVED
+ REJECTED
CVE-2016-8164
- RESERVED
+ REJECTED
CVE-2016-8163
- RESERVED
+ REJECTED
CVE-2016-8162
- RESERVED
+ REJECTED
CVE-2016-8161
- RESERVED
+ REJECTED
CVE-2016-8160
- RESERVED
+ REJECTED
CVE-2016-8159
- RESERVED
+ REJECTED
CVE-2016-8158
- RESERVED
+ REJECTED
CVE-2016-8157
- RESERVED
+ REJECTED
CVE-2016-8156
- RESERVED
+ REJECTED
CVE-2016-8155
- RESERVED
+ REJECTED
CVE-2016-8154
- RESERVED
+ REJECTED
CVE-2016-8153
- RESERVED
+ REJECTED
CVE-2016-8152
- RESERVED
+ REJECTED
CVE-2016-8151
- RESERVED
+ REJECTED
CVE-2016-8150
- RESERVED
+ REJECTED
CVE-2016-8149
- RESERVED
+ REJECTED
CVE-2016-8148
- RESERVED
+ REJECTED
CVE-2016-8147
- RESERVED
+ REJECTED
CVE-2016-8146
- RESERVED
+ REJECTED
CVE-2016-8145
- RESERVED
+ REJECTED
CVE-2016-8144
- RESERVED
+ REJECTED
CVE-2016-8143
- RESERVED
+ REJECTED
CVE-2016-8142
- RESERVED
+ REJECTED
CVE-2016-8141
- RESERVED
+ REJECTED
CVE-2016-8140
- RESERVED
+ REJECTED
CVE-2016-8139
- RESERVED
+ REJECTED
CVE-2016-8138
- RESERVED
+ REJECTED
CVE-2016-8137
- RESERVED
+ REJECTED
CVE-2016-8136
- RESERVED
+ REJECTED
CVE-2016-8135
- RESERVED
+ REJECTED
CVE-2016-8134
- RESERVED
+ REJECTED
CVE-2016-8133
- RESERVED
+ REJECTED
CVE-2016-8132
- RESERVED
+ REJECTED
CVE-2016-8131
- RESERVED
+ REJECTED
CVE-2016-8130
- RESERVED
+ REJECTED
CVE-2016-8129
- RESERVED
+ REJECTED
CVE-2016-8128
- RESERVED
+ REJECTED
CVE-2016-8127
- RESERVED
+ REJECTED
CVE-2016-8126
- RESERVED
+ REJECTED
CVE-2016-8125
- RESERVED
+ REJECTED
CVE-2016-8124
- RESERVED
+ REJECTED
CVE-2016-8123
- RESERVED
+ REJECTED
CVE-2016-8122
- RESERVED
+ REJECTED
CVE-2016-8121
- RESERVED
+ REJECTED
CVE-2016-8120
- RESERVED
+ REJECTED
CVE-2016-8119
- RESERVED
+ REJECTED
CVE-2016-8118
- RESERVED
+ REJECTED
CVE-2016-8117
- RESERVED
+ REJECTED
CVE-2016-8116
- RESERVED
+ REJECTED
CVE-2016-8115
- RESERVED
+ REJECTED
CVE-2016-8114
- RESERVED
+ REJECTED
CVE-2016-8113
- RESERVED
+ REJECTED
CVE-2016-8112
- RESERVED
+ REJECTED
CVE-2016-8111
- RESERVED
+ REJECTED
CVE-2016-8110
- RESERVED
+ REJECTED
CVE-2016-8109
- RESERVED
+ REJECTED
CVE-2016-8108
- RESERVED
+ REJECTED
CVE-2016-8107
- RESERVED
+ REJECTED
CVE-2016-8106 (A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non ...)
NOT-FOR-US: Intel driver
CVE-2016-8105 (Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Cont ...)
@@ -8970,25 +9079,25 @@ CVE-2016-8051
CVE-2016-8050
REJECTED
CVE-2016-8049
- RESERVED
+ REJECTED
CVE-2016-8048
- RESERVED
+ REJECTED
CVE-2016-8047
- RESERVED
+ REJECTED
CVE-2016-8046
- RESERVED
+ REJECTED
CVE-2016-8045
- RESERVED
+ REJECTED
CVE-2016-8044
- RESERVED
+ REJECTED
CVE-2016-8043
- RESERVED
+ REJECTED
CVE-2016-8042
- RESERVED
+ REJECTED
CVE-2016-8041
- RESERVED
+ REJECTED
CVE-2016-8040
- RESERVED
+ REJECTED
CVE-2016-8039
REJECTED
CVE-2016-8038
@@ -9012,7 +9121,7 @@ CVE-2016-8030 (A memory corruption vulnerability in Scriptscan COM Object in McA
CVE-2016-8029
REJECTED
CVE-2016-8028
- RESERVED
+ REJECTED
CVE-2016-8027 (SQL injection vulnerability in core services in Intel Security McAfee ...)
NOT-FOR-US: Intel antivirus
CVE-2016-8026 (Arbitrary command execution vulnerability in Intel Security McAfee Sec ...)
@@ -9038,11 +9147,11 @@ CVE-2016-8017 (Special element injection vulnerability in Intel Security VirusSc
CVE-2016-8016 (Information exposure in Intel Security VirusScan Enterprise Linux (VSE ...)
NOT-FOR-US: Intel antivirus
CVE-2016-8015
- RESERVED
+ REJECTED
CVE-2016-8014
- RESERVED
+ REJECTED
CVE-2016-8013
- RESERVED
+ REJECTED
CVE-2016-8012 (Access control vulnerability in Intel Security Data Loss Prevention En ...)
NOT-FOR-US: Intel antivirus
CVE-2016-8011 (Cross-site scripting vulnerability in Intel Security McAfee Endpoint S ...)
@@ -9060,13 +9169,13 @@ CVE-2016-8006 (Authentication bypass vulnerability in Enterprise Security Manage
CVE-2016-8005 (File extension filtering vulnerability in Intel Security McAfee Email ...)
NOT-FOR-US: Intel antivirus
CVE-2016-8004
- RESERVED
+ REJECTED
CVE-2016-8003
- RESERVED
+ REJECTED
CVE-2016-8002
REJECTED
CVE-2016-8001
- RESERVED
+ REJECTED
CVE-2016-7999 (ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote at ...)
{DLA-695-1}
- spip 3.1.3-1
@@ -9210,20 +9319,20 @@ CVE-2016-7969 (The wrap_lines_smart function in ass_render.c in libass before 0.
CVE-2016-7968 (KMail since version 5.3.0 used a QWebEngine based viewer that had Java ...)
- kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241)
NOTE: https://www.kde.org/info/security/advisory-20161006-3.txt
- NOTE: Would by fixed by: https://cgit.kde.org/messagelib.git/commit/?id=f601f9ffb706f7d3a5893b04f067a1f75da62c99
+ NOTE: Would by fixed by: https://github.com/KDE/messagelib/commit/f601f9ffb706f7d3a5893b04f067a1f75da62c99
NOTE: and building with Qt 5.7.0.
NOTE: Following patches partly sanitize mails but still make it possible to inject code:
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=3503b75e9c79c3861e182588a0737baf165abd23 (v16.08.2)
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=a8744798dfdf8e41dd6a378e48662c66302b0019 (v16.08.2)
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=77976584a4ed2797437a2423704abdd7ece7834a (v16.08.2)
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=fb1be09360c812d24355076da544030a67b736fc (v16.08.2)
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=0402c17a8ead92188971cb604d905b3072d56a73 (v16.08.2)
+ NOTE: https://github.com/KDE/messagelib/commit/3503b75e9c79c3861e182588a0737baf165abd23 (v16.08.2)
+ NOTE: https://github.com/KDE/messagelib/commit/a8744798dfdf8e41dd6a378e48662c66302b0019 (v16.08.2)
+ NOTE: https://github.com/KDE/messagelib/commit/77976584a4ed2797437a2423704abdd7ece7834a (v16.08.2)
+ NOTE: https://github.com/KDE/messagelib/commit/fb1be09360c812d24355076da544030a67b736fc (v16.08.2)
+ NOTE: https://github.com/KDE/messagelib/commit/0402c17a8ead92188971cb604d905b3072d56a73 (v16.08.2)
NOTE: The issue is mitigated with the fixes applied for CVE-2016-7966, and a
NOTE: user protected from this CVE by only viewing plain text mails.
CVE-2016-7967 (KMail since version 5.3.0 used a QWebEngine based viewer that had Java ...)
- kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241)
NOTE: https://www.kde.org/info/security/advisory-20161006-2.txt
- NOTE: Fixed by: https://cgit.kde.org/messagelib.git/commit/?id=dfc6a86f1b25f1da04b8f1df5320fcdd7085bcc1 (16.11.80)
+ NOTE: Fixed by: https://github.com/KDE/messagelib/commit/dfc6a86f1b25f1da04b8f1df5320fcdd7085bcc1 (16.11.80)
NOTE: The issue is mitigated with the fixes applied for CVE-2016-7966, and a
NOTE: user protected from this CVE by only viewing plain text mails.
CVE-2016-7966 (Through a malicious URL that contained a quote character it was possib ...)
@@ -9238,6 +9347,7 @@ CVE-2016-7965 (DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead o
NOTE: https://github.com/splitbrain/dokuwiki/issues/1709#issuecomment-262337572
CVE-2016-7964 (The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php ...)
- dokuwiki <unfixed> (low; bug #844731)
+ [bullseye] - dokuwiki <ignored> (Minor issue)
[buster] - dokuwiki <ignored> (Minor issue)
[jessie] - dokuwiki <no-dsa> (Minor issue)
[wheezy] - dokuwiki <no-dsa> (Minor issue)
@@ -9276,7 +9386,7 @@ CVE-2016-7954 (Bundler 1.x might allow remote attackers to inject arbitrary Ruby
[stretch] - bundler <ignored> (Minor issue, too intrusive to backport)
[jessie] - bundler <ignored> (Minor issue, too intrusive to backport)
[wheezy] - bundler <no-dsa> (Minor issue, too intrusive to backport)
- NOTE: http://www.openwall.com/lists/oss-security/2016/10/04/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/10/04/5
NOTE: There is no plan from upstream to address this for bundler 1.x
NOTE: due to lockfile format.
CVE-2016-7953 (Buffer underflow in X.org libXvMC before 1.0.10 allows remote X server ...)
@@ -9612,7 +9722,6 @@ CVE-2016-7838 (Untrusted search path vulnerability in WinSparkle versions prior
NOT-FOR-US: WinSparkle
CVE-2016-7837 (Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execut ...)
- bluez 5.43-1
- [jessie] - bluez <no-dsa> (Minor issue)
[wheezy] - bluez <no-dsa> (Minor issue)
NOTE: Fixed by: http://git.kernel.org/cgit/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 (5.42)
CVE-2016-7836 (SKYSEA Client View Ver.11.221.03 and earlier allows remote code execut ...)
@@ -10234,9 +10343,11 @@ CVE-2016-7566
CVE-2016-7565 (install/index.php in Exponent CMS 2.3.9 allows remote attackers to exe ...)
NOT-FOR-US: Exponent CMS
CVE-2016-7564 (Heap-based buffer overflow in the Fp_toString function in jsfunction.c ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697137
CVE-2016-7563 (The chartorune function in Artifex Software MuJS allows attackers to c ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697136
CVE-2016-7562 (The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before ...)
- ffmpeg 7:3.1.4-1 (bug #840434)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/496267f8e9ec218351e4359e1fde48722d4fc804 (n3.1.4)
@@ -10285,7 +10396,7 @@ CVE-2016-7543 (Bash before 4.4 allows local users to execute arbitrary commands
{DLA-680-1}
- bash 4.4-1
[jessie] - bash 4.3-11+deb8u1
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/9
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/26/9
NOTE: Default shell is dash which is not vulnerable, but bash in Jessie and
NOTE: Wheezy are affected.
NOTE: Fixed by (4.3): https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-048
@@ -10327,11 +10438,14 @@ CVE-2016-7507 (Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 al
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7506 (An out-of-bounds read vulnerability was observed in Sp_replace_regexp ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697141
CVE-2016-7505 (A buffer overflow vulnerability was observed in divby function of Arti ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697140
CVE-2016-7504 (A use-after-free vulnerability was observed in Rp_toString function of ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697142
CVE-2016-7503
RESERVED
CVE-2016-7502 (The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before ...)
@@ -10397,8 +10511,8 @@ CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, res
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72610
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092
NOTE: Fixed in 7.0.15
- NOTE: PHP 5.x/7.x: http://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0
- NOTE: PHP 7.x: http://git.php.net/?p=php-src.git;a=commit;h=b47c49d7a00bc34d7e0f3d72732f66e904da6fa7
+ NOTE: PHP 5.x/7.x: https://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0
+ NOTE: PHP 7.x: https://git.php.net/?p=php-src.git;a=commit;h=b47c49d7a00bc34d7e0f3d72732f66e904da6fa7
NOTE: The change is in 5.6+, even though the property table issue only affects
NOTE: PHP 7, because this also prevents a wide range of other __wakeup() based
NOTE: attacks.
@@ -10408,7 +10522,7 @@ CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x
- php7.0 7.0.13-1
- php5 <removed>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093
- NOTE: Patch for 5.6.x: http://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6 (5.6.28)
+ NOTE: Patch for 5.6.x: https://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6 (5.6.28)
NOTE: backported patch for 5.4: https://lists.debian.org/87efysy07p.fsf@curie.anarc.at
CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 al ...)
- libav <removed> (unimportant)
@@ -10669,24 +10783,24 @@ CVE-2016-7410 (The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 2
NOTE: Introduced by (as confirmed by upstream): https://sourceforge.net/p/libdwarf/code/ci/b446e23dc21704ccd3b76d8945aaf39e4aca8c27
CVE-2016-7409 (The dbclient and server in Dropbear SSH before 2016.74, when compiled ...)
- dropbear 2016.74-1 (unimportant)
- NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04
+ NOTE: https://hg.ucc.asn.au/dropbear/rev/6a14b1f6dc04
NOTE: Not an issue for the the Debian binary package since we do not
NOTE: compile with DEBUG_TRACE.
CVE-2016-7408 (The dbclient in Dropbear SSH before 2016.74 allows remote attackers to ...)
- dropbear 2016.74-1
[jessie] - dropbear 2014.65-1+deb8u1
[wheezy] - dropbear <not-affected> (Vulnerable code not present)
- NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
+ NOTE: https://hg.ucc.asn.au/dropbear/rev/eed9376a4ad6
CVE-2016-7407 (The dropbearconvert command in Dropbear SSH before 2016.74 allows atta ...)
{DLA-634-1}
- dropbear 2016.74-1
[jessie] - dropbear 2014.65-1+deb8u1
- NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
+ NOTE: https://hg.ucc.asn.au/dropbear/rev/34e6127ef02e
CVE-2016-7406 (Format string vulnerability in Dropbear SSH before 2016.74 allows remo ...)
{DLA-634-1}
- dropbear 2016.74-1
[jessie] - dropbear 2014.65-1+deb8u1
- NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
+ NOTE: https://hg.ucc.asn.au/dropbear/rev/b66a483f3dcb
CVE-2016-7404 (OpenStack Magnum passes OpenStack credentials into the Heat templates ...)
- magnum 3.1.1-5 (bug #863547)
NOTE: https://git.openstack.org/cgit/openstack/magnum/commit/?id=0bb0d6486d6771ee21bbf897a091b1aa59e01b22
@@ -11303,7 +11417,7 @@ CVE-2016-7405 (The qstr method in the PDO driver in the ADOdb Library for PHP be
NOTE: https://github.com/ADOdb/ADOdb/commit/bd9eca9
NOTE: Issue only with the PDO driver and only if queries built by inlining
NOTE: the quoted string (not recommended).
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/07/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/07/8
CVE-2016-7154 (Use-after-free vulnerability in the FIFO event channel code in Xen 4.4 ...)
{DSA-3663-1}
- xen 4.6.0-1
@@ -11336,7 +11450,7 @@ CVE-2016-7153 (The HTTP/2 protocol does not consider the role of the TCP congest
CVE-2016-7152 (The HTTPS protocol does not consider the role of the TCP congestion wi ...)
NOTE: CVE assigned for the HTTP/2 protocol issue
CVE-2016-7151 (Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a re ...)
- - capstone <unfixed> (low; bug #930002)
+ - capstone 4.0.2-2 (low; bug #930002)
[buster] - capstone <no-dsa> (Minor issue)
[stretch] - capstone <no-dsa> (Minor issue)
[jessie] - capstone <not-affected> (Vulnerable code not present)
@@ -11372,7 +11486,7 @@ CVE-2016-7155 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local gu
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373462
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/06/2
NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
CVE-2016-7156 (The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (ak ...)
{DLA-1599-1}
@@ -11382,7 +11496,7 @@ CVE-2016-7156 (The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEM
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373478
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/06/3
NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
CVE-2016-7157 (The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 func ...)
- qemu 1:2.6+dfsg-3.1 (bug #837603)
@@ -11392,7 +11506,7 @@ CVE-2016-7157 (The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html
NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/06/4
NOTE: Vulnerable code introduced after version 2.6: http://wiki.qemu.org/ChangeLog/2.6
CVE-2016-7140 (Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in ...)
NOT-FOR-US: Plone
@@ -11416,20 +11530,20 @@ CVE-2016-7145 (The m_authenticate function in ircd/m_authenticate.c in nefarious
NOT-FOR-US: Nefarious 2
CVE-2016-7144 (The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3 ...)
- unrealircd <itp> (bug #515130)
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/04/3
NOTE: unrealircd reportedly vulnerable, and ircd-seven reportedly not vulnerable
CVE-2016-7143 (The m_authenticate function in modules/m_sasl.c in Charybdis before 3. ...)
{DSA-3661-1}
- charybdis 3.5.3-1 (bug #836714)
[wheezy] - charybdis <no-dsa> (unsupported)
NOTE: charybdis patch: https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/04/3
CVE-2016-7142 (The m_sasl module in InspIRCd before 2.0.23, when used with a service ...)
{DSA-3662-1}
- inspircd 2.0.23-1 (bug #836706)
[wheezy] - inspircd <end-of-life> (not supported in Wheezy)
NOTE: http://www.inspircd.org/2016/09/03/v2023-released.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/04/3
CVE-2016-7120
RESERVED
CVE-2016-7134 (ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a l ...)
@@ -11437,14 +11551,14 @@ CVE-2016-7134 (ext/curl/interface.c in PHP 7.x before 7.0.10 does not work aroun
- php5 <not-affected> (Only affects PHP 7)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72674
NOTE: Fixed in 7.0.10
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
NOTE: https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7?w=1
CVE-2016-7133 (Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabl ...)
- php7.0 7.0.10-1
- php5 <not-affected> (Only affects PHP 7)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72742
NOTE: Fixed in 7.0.10
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
NOTE: https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1
CVE-2016-7132 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ...)
{DSA-3689-1 DLA-749-1}
@@ -11452,7 +11566,7 @@ CVE-2016-7132 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72799
NOTE: Fixed in 7.0.10, 5.6.25
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
NOTE: https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
NOTE: 72790 and 72799 are associated with the same commit. Not all of the
NOTE: commit is about the pop issue in 72799.
@@ -11462,7 +11576,7 @@ CVE-2016-7131 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72790
NOTE: Fixed in 7.0.10, 5.6.25
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
NOTE: https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
NOTE: Cf. as well https://bugs.php.net/bug.php?id=72799
NOTE: 72790 and 72799 are associated with the same commit. Not all of the
@@ -11473,7 +11587,7 @@ CVE-2016-7130 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP befor
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72750
NOTE: Fixed in 7.0.10, 5.6.25
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
NOTE: https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1
CVE-2016-7129 (The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5. ...)
{DSA-3689-1 DLA-749-1}
@@ -11481,7 +11595,7 @@ CVE-2016-7129 (The php_wddx_process_data function in ext/wddx/wddx.c in PHP befo
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72749
NOTE: Fixed in 7.0.10, 5.6.25
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
NOTE: https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1
CVE-2016-7128 (The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...)
{DSA-3689-1 DLA-749-1}
@@ -11489,7 +11603,7 @@ CVE-2016-7128 (The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP b
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72627
NOTE: Fixed in 7.0.10, 5.6.25
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
NOTE: https://github.com/php/php-src/commit/6dbb1ee46b5f4725cc6519abf91e512a2a10dfed?w=1
CVE-2016-7127 (The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...)
{DSA-3689-1}
@@ -11498,7 +11612,7 @@ CVE-2016-7127 (The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.2
- php5 5.6.26+dfsg-1 (unimportant)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72730
NOTE: Fixed in 7.0.10, 5.6.25
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
NOTE: https://github.com/php/php-src/commit/1bd103df00f49cf4d4ade2cfe3f456ac058a4eae?w=1
CVE-2016-7126 (The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6. ...)
{DSA-3689-1}
@@ -11507,7 +11621,7 @@ CVE-2016-7126 (The imagetruecolortopalette function in ext/gd/gd.c in PHP before
- php5 5.6.26+dfsg-1 (unimportant)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72697
NOTE: Fixed in 7.0.10, 5.6.25
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
NOTE: https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
CVE-2016-7125 (ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ...)
{DSA-3689-1 DLA-628-1}
@@ -11515,7 +11629,7 @@ CVE-2016-7125 (ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681
NOTE: Fixed in 7.0.10, 5.6.25
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
NOTE: https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1
NOTE: Scope of CVE also includes the "The similar issue also exist in session php_binary
NOTE: handler" part of 72681.
@@ -11525,7 +11639,7 @@ CVE-2016-7124 (ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x befo
- php5 5.6.26+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72663
NOTE: Fixed in 7.0.10, 5.6.25
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/02/5
NOTE: https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e?w=1
CVE-2016-7123 (Cross-site request forgery (CSRF) vulnerability in the admin web inter ...)
- mailman 2.1.15-1
@@ -11553,34 +11667,35 @@ CVE-2016-10057 (Buffer overflow in the WriteGROUP4Image function in coders/tiff.
{DSA-3675-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10056 (Buffer overflow in the sixel_decode function in coders/sixel.c in Imag ...)
{DSA-3675-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10055 (Buffer overflow in the WritePDBImage function in coders/pdb.c in Image ...)
{DSA-3675-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10054 (Buffer overflow in the WriteMAPImage function in coders/map.c in Image ...)
{DSA-3675-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10053 (The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9 ...)
{DSA-3675-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #836171)
[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-7118 (fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image p ...)
{DLA-609-1}
- - linux <not-affected>
+ - linux <not-affected> (Vulnerable code not present)
NOTE: Bit of complicated tracking information. For jessie the affected version is not in any yet
- NOTE: released version, thus should be n/a. wheezy OTOH, has already the issue in a released version. Issue then was fixed in 3.2.81-2 in DLA-609-1
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/31/1
+ NOTE: released version, thus should be n/a. wheezy OTOH, has already the issue in a released version.
+ NOTE: Issue then was fixed in 3.2.81-2 in DLA-609-1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/31/1
CVE-2016-7116 (Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick E ...)
{DLA-1599-1 DLA-619-1 DLA-618-1}
- qemu 1:2.6+dfsg-3.1 (bug #836502)
@@ -11623,6 +11738,8 @@ CVE-2016-7111 (MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Con
NOTE: https://github.com/mantisbt/mantisbt/commit/b3511d2feb47eaee41feb5f69cf3c8a2c9acd229
NOTE: https://mantisbt.org/bugs/view.php?id=21263
CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 mi ...)
+ {DLA-2889-1}
+ - drupal7 <removed>
- jqueryui 1.12.1+dfsg-1
[jessie] - jqueryui <no-dsa> (Minor issue)
[wheezy] - jqueryui <no-dsa> (Minor issue)
@@ -11630,6 +11747,7 @@ CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12
NOTE: https://github.com/jquery/jquery-ui/pull/1622
NOTE: https://github.com/jquery/jquery-ui/pull/1632
NOTE: https://github.com/jquery/api.jqueryui.com/issues/281
+ NOTE: https://www.drupal.org/sa-core-2022-002
CVE-2016-7094 (Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS ...)
{DSA-3663-1 DLA-614-1}
- xen 4.8.0~rc3-1
@@ -11748,10 +11866,10 @@ CVE-2016-7066 (It was found that the improper default permissions on /tmp/auth d
NOT-FOR-US: admin-cli / jboss-cli in Red Hat
CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) ...)
NOT-FOR-US: Red Hat JBoss EAP
-CVE-2016-7064
- RESERVED
-CVE-2016-7063
- RESERVED
+CVE-2016-7064 (A flaw was found in pritunl-client before version 1.0.1116.6. A lack o ...)
+ NOT-FOR-US: pritunl-client
+CVE-2016-7063 (A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrar ...)
+ NOT-FOR-US: pritunl-client
CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Co ...)
NOT-FOR-US: Red Hat rhscon-core
CVE-2016-7061 (An information disclosure vulnerability was found in JBoss Enterprise ...)
@@ -12098,8 +12216,7 @@ CVE-2016-6921 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.
NOT-FOR-US: Adobe Flash Player
CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in libavcodec/ ...)
- ffmpeg 7:3.1.3-1
- - libav <not-affected>
- NOTE: Vulnerable code not present in any Libav version.
+ - libav <not-affected> (Vulnerable code not present in any Libav version)
CVE-2016-6919
RESERVED
CVE-2016-6918 (Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attacke ...)
@@ -12163,15 +12280,14 @@ CVE-2016-6889
RESERVED
CVE-2016-6881 (The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1. ...)
- ffmpeg 7:3.1.3-1 (unimportant)
- - libav <not-affected>
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/6
+ - libav <not-affected> (Vulnerable code not present in any Libav version)
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/26/6
NOTE: https://github.com/FFmpeg/FFmpeg/commit/4770eac6
- NOTE: Vulnerable code not present in any Libav version.
CVE-2016-6902 (lshell 0.9.16 allows remote authenticated users to break out of a limi ...)
- lshell <removed> (bug #834949)
[wheezy] - lshell <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ghantoos/lshell/issues/147
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/22/15
NOTE: As for 2016-08-23 https://github.com/ghantoos/lshell/issues/147#issuecomment-241366750 ist still
NOTE: as well under the scope of CVE-2016-6902, until "there is further vendor followup
NOTE: about issues/147" and possibly a new/additional CVE assignment.
@@ -12179,7 +12295,7 @@ CVE-2016-6903 (lshell 0.9.16 allows remote authenticated users to break out of a
- lshell <removed> (bug #834946)
[wheezy] - lshell <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ghantoos/lshell/issues/149
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/22/15
CVE-2016-6897 (Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_ ...)
- wordpress 4.6.1+dfsg-1 (bug #837090)
[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
@@ -12317,7 +12433,7 @@ CVE-2016-6866 (slock allows attackers to bypass the screen lock via vectors invo
{DLA-598-1}
- suckless-tools 41-1
[jessie] - suckless-tools 40-1+deb8u2
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/18/22
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/18/22
NOTE: http://s1m0n.dft-labs.eu/files/slock/
NOTE: Starting with 41-1 slock.c got patched to use PAM, cf. #739629
NOTE: and with the patch readpw(dpy, pws) is not called anymore, and
@@ -12392,7 +12508,7 @@ CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x
NOT-FOR-US: Apache CXF
CVE-2016-6811 (In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn use ...)
- hadoop <itp> (bug #793644)
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/01/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/01/2
CVE-2016-6810 (In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scri ...)
- activemq 5.14.2+dfsg-1 (unimportant)
NOTE: Admin console not enabled in the Debian package, see #702670
@@ -12477,7 +12593,7 @@ CVE-2016-10052 (Buffer overflow in the WriteProfile function in coders/jpeg.c in
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #834501)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6792
RESERVED
CVE-2016-6791 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...)
@@ -12741,7 +12857,7 @@ CVE-2016-10051 (Use-after-free vulnerability in the ReadPWPImage function in cod
- imagemagick 8:6.9.6.2+dfsg-2 (bug #834183)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write function in ...)
{DLA-1497-1}
- qemu 1:2.6+dfsg-3.1 (bug #834904)
@@ -12750,7 +12866,7 @@ CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write functio
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/12/1
CVE-2016-6834 (The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in ...)
{DLA-1599-1}
- qemu 1:2.6+dfsg-3.1 (bug #834905)
@@ -12759,7 +12875,7 @@ CVE-2016-6834 (The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/11/8
CVE-2016-6835 (The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in ...)
{DLA-1497-1}
- qemu 1:2.6+dfsg-3.1 (bug #835031)
@@ -12767,7 +12883,7 @@ CVE-2016-6835 (The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/11/7
CVE-2016-6836 (The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka ...)
{DLA-1599-1}
- qemu 1:2.6+dfsg-3.1 (bug #834944)
@@ -12776,7 +12892,7 @@ CVE-2016-6836 (The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1366369
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/11/5
CVE-2016-6671 (The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 ...)
- ffmpeg 7:3.1.2-1
CVE-2016-6670 (Huawei S7700, S9300, S9700, and S12700 devices with software before V2 ...)
@@ -12831,7 +12947,7 @@ CVE-2016-6662 (Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x thro
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=998309
NOTE: Fixed in upstream Oracle MySQL 5.5.52, 5.6.33 and 5.7.15
NOTE: MariaDB: https://jira.mariadb.org/browse/MDEV-10465
- NOTE: Fixed in upstream MariaDB 5.5.51, 10.0.27, 10.1.17
+ NOTE: Fixed in upstream MariaDB 5.5.51, 10.0.27, 10.1.17
NOTE: PerconaDB: https://www.percona.com/blog/2016/09/12/database-affected-cve-2016-6662/
NOTE: Although Oracle mentions this CVE only to be fixed in 5.5.53 this is not
NOTE: true for src:mysql-5.5 as in Debian and other Linux distributions, so
@@ -12894,30 +13010,30 @@ CVE-2016-10050 (Heap-based buffer overflow in the ReadRLEImage function in coder
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833744)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fb0aac5b958521e1511e179ecc0ad49f70ebaf
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10049 (Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageM ...)
{DSA-3652-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833743)
[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29710
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10048 (Directory traversal vulnerability in magick/module.c in ImageMagick 6. ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.5.7+dfsg-1 (bug #833735)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10047 (Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMa ...)
{DSA-3652-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833732)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present in version 6.7.7.10)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10046 (Heap-based buffer overflow in the DrawImage function in magick/draw.c ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833730)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
- NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6887 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not prop ...)
- matrixssl <removed>
[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
@@ -13075,7 +13191,7 @@ CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom searc
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The decryp ...)
- {DLA-1821-1 DLA-626-1}
+ {DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to ...)
@@ -13096,65 +13212,65 @@ CVE-2016-7514 (The ReadPSDChannelPixels function in coders/psd.c in ImageMagick
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6f1879d498bcc5cce12fe0c5decb8dbc0f608e5d
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e14fd0a2801f73bdc123baf4fbab97dec55919eb
NOTE: https://github.com/ImageMagick/ImageMagick/commit/280215b9936d145dd5ee91403738ccce1333cab1
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7515 (The ReadRLEImage function in coders/rle.c in ImageMagick allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832461)
NOTE: https://bugs.launchpad.net/bugs/1533445
NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7516 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows remo ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533452
NOTE: https://github.com/ImageMagick/ImageMagick/issues/77
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7517 (The EncodeImage function in coders/pict.c in ImageMagick allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533449
NOTE: https://github.com/ImageMagick/ImageMagick/issues/80
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7518 (The ReadSUNImage function in coders/sun.c in ImageMagick allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533447
NOTE: https://github.com/ImageMagick/ImageMagick/issues/81
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7519 (The ReadRLEImage function in coders/rle.c in ImageMagick allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
NOTE: https://bugs.launchpad.net/bugs/1533445
NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7520 (Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remot ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832469)
NOTE: https://bugs.launchpad.net/bugs/1537213
NOTE: https://github.com/ImageMagick/ImageMagick/issues/90
NOTE: https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7521 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows remot ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832474)
NOTE: https://bugs.launchpad.net/bugs/1537418
NOTE: https://github.com/ImageMagick/ImageMagick/issues/92
NOTE: https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7522 (The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832475)
NOTE: https://bugs.launchpad.net/bugs/1537419
NOTE: https://github.com/ImageMagick/ImageMagick/issues/93
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7523 (coders/meta.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
NOTE: https://bugs.launchpad.net/bugs/1537420
NOTE: https://github.com/ImageMagick/ImageMagick/issues/94
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7524 (coders/meta.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
@@ -13167,7 +13283,7 @@ CVE-2016-7525 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows
NOTE: https://bugs.launchpad.net/bugs/1537424
NOTE: https://github.com/ImageMagick/ImageMagick/issues/98
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7526 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
@@ -13175,21 +13291,21 @@ CVE-2016-7526 (coders/wpg.c in ImageMagick allows remote attackers to cause a de
NOTE: https://github.com/ImageMagick/ImageMagick/issues/102
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7527 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
NOTE: https://bugs.launchpad.net/bugs/1542115
NOTE: https://github.com/ImageMagick/ImageMagick/issues/122
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7528 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows remo ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832483)
NOTE: https://bugs.launchpad.net/bugs/1537425
NOTE: https://github.com/ImageMagick/ImageMagick/issues/99
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7529 (coders/xcf.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832504)
@@ -13198,7 +13314,7 @@ CVE-2016-7529 (coders/xcf.c in ImageMagick allows remote attackers to cause a de
NOTE: https://github.com/ImageMagick/ImageMagick/issues/104
NOTE: https://github.com/ImageMagick/ImageMagick/issues/103
NOTE: https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7530 (The quantum handling code in ImageMagick allows remote attackers to ca ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832506)
@@ -13209,74 +13325,74 @@ CVE-2016-7530 (The quantum handling code in ImageMagick allows remote attackers
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70
NOTE: https://github.com/ImageMagick/ImageMagick/issues/110
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7531 (MagickCore/memory.c in ImageMagick allows remote attackers to cause a ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832633)
NOTE: https://bugs.launchpad.net/bugs/1539061
NOTE: https://bugs.launchpad.net/bugs/1542112
NOTE: https://github.com/ImageMagick/ImageMagick/issues/107
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7532 (coders/psd.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832776)
NOTE: https://bugs.launchpad.net/bugs/1539066
NOTE: https://github.com/ImageMagick/ImageMagick/issues/109
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7533 (The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832780)
NOTE: https://bugs.launchpad.net/bugs/1542114
NOTE: https://github.com/ImageMagick/ImageMagick/issues/120
NOTE: https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7534 (The generic decoder in ImageMagick allows remote attackers to cause a ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832785)
NOTE: https://bugs.launchpad.net/bugs/1542785
NOTE: https://github.com/ImageMagick/ImageMagick/issues/126
NOTE: https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7535 (coders/psd.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832787)
NOTE: https://bugs.launchpad.net/bugs/1545180
NOTE: https://github.com/ImageMagick/ImageMagick/issues/128
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7536 (magick/profile.c in ImageMagick allows remote attackers to cause a den ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832789)
NOTE: https://bugs.launchpad.net/bugs/1545367
NOTE: https://github.com/ImageMagick/ImageMagick/issues/130
NOTE: https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7537 (MagickCore/memory.c in ImageMagick allows remote attackers to cause a ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832791)
NOTE: https://bugs.launchpad.net/bugs/1553366
NOTE: https://github.com/ImageMagick/ImageMagick/issues/143
NOTE: https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7538 (coders/psd.c in ImageMagick allows remote attackers to cause a denial ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #832793)
NOTE: https://bugs.launchpad.net/bugs/1556273
NOTE: https://github.com/ImageMagick/ImageMagick/issues/148
NOTE: https://github.com/ImageMagick/ImageMagick/commit/53c1dcd34bed85181b901bfce1a2322f85a59472
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7539 (Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows rem ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833101)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7540 (coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to ...)
{DSA-3652-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #827643)
[wheezy] - imagemagick <not-affected> (RGF coder is not present in version 6.7.7.10)
NOTE: https://bugs.launchpad.net/bugs/1594060
NOTE: https://github.com/ImageMagick/ImageMagick/pull/223
- NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-6603 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypas ...)
NOT-FOR-US: ZOHO WebNMS
CVE-2016-6602 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm ...)
@@ -13456,15 +13572,15 @@ CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH be
CVE-2016-6514
RESERVED
CVE-2016-6502
- RESERVED
+ REJECTED
CVE-2016-6501 (JFrog Artifactory before 4.11 allows remote attackers to execute arbit ...)
NOT-FOR-US: JFrog Artifactory
CVE-2016-6500 (Unspecified methods in the RACF Connector component before 1.1.1.0 in ...)
NOT-FOR-US: ForgeRock
CVE-2016-6499
- RESERVED
+ REJECTED
CVE-2016-6498
- RESERVED
+ REJECTED
CVE-2016-6497 (main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP ...)
NOT-FOR-US: Groovy LDAP extension
CVE-2016-6496 (The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x ...)
@@ -13473,7 +13589,7 @@ CVE-2016-6525 (Heap-based buffer overflow in the pdf_load_mesh_params function i
{DSA-3655-1 DLA-589-1}
- mupdf 1.9a+ds1-1.2 (bug #833417)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696954
- NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
CVE-2016-6523 (Multiple cross-site scripting (XSS) vulnerabilities in the media manag ...)
- dotclear <removed>
NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/40d0207e520d
@@ -13515,7 +13631,7 @@ CVE-2016-6494 (The client in MongoDB uses world-readable permissions on .dbshell
{DLA-588-1}
- mongodb 1:2.6.12-3 (bug #832908)
[jessie] - mongodb 1:2.4.10-5+deb8u1
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/29/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/29/4
CVE-2016-6491 (Buffer overflow in the Get8BIMProperty function in MagickCore/property ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #833099)
@@ -13527,7 +13643,7 @@ CVE-2016-6489 (The RSA and DSA decryption code in Nettle makes it easier for att
NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003093.html
NOTE: https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3
NOTE: Original patch had some unintended side effects: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003104.html
- NOTE: Cf. http://www.openwall.com/lists/oss-security/2016/07/30/2
+ NOTE: Cf. https://www.openwall.com/lists/oss-security/2016/07/30/2
NOTE: Additionally needed: https://git.lysator.liu.se/nettle/nettle/commit/52b9223126b3f997c00d399166c006ae28669068
NOTE: GnuTLS needs an update when/before src:nettle is fixed to continue working with patched src:nettle for CVE-2016-6489
NOTE: but not a vulnerability in GnuTLS. Needs https://gitlab.com/gnutls/gnutls/commit/186dc9c2012003587a38d7f4d03edd8da5fe989f
@@ -13543,7 +13659,7 @@ CVE-2016-6513 (epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshar
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-49.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6512 (epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an ov ...)
- wireshark 2.0.5+ga3be9c6-1
[jessie] - wireshark <not-affected> (Only affects 2.x)
@@ -13552,7 +13668,7 @@ CVE-2016-6512 (epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-48.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12661
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2193bea3212d74e2a907152055e27d409b59485e
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6511 (epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 a ...)
{DSA-3648-1 DLA-595-1}
- wireshark 2.0.5+ga3be9c6-1
@@ -13560,7 +13676,7 @@ CVE-2016-6511 (epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-47.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12659
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=56706427f53cc64793870bf072c2c06248ae88f3
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6510 (Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector ...)
{DSA-3648-1 DLA-595-1}
- wireshark 2.0.5+ga3be9c6-1
@@ -13568,7 +13684,7 @@ CVE-2016-6510 (Off-by-one error in epan/dissectors/packet-rlc.c in the RLC disse
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-46.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6509 (epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12. ...)
{DSA-3648-1 DLA-595-1}
- wireshark 2.0.5+ga3be9c6-1
@@ -13576,15 +13692,15 @@ CVE-2016-6509 (epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-45.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12662
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5a469ddc893f7c1912d0e15cc73bd3011e6cc2fb
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6508 (epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x ...)
{DSA-3648-1 DLA-595-1}
- wireshark 2.0.5+ga3be9c6-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-44.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb
- NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+ NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6507 (epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12. ...)
{DSA-3648-1 DLA-595-1}
- wireshark 2.0
@@ -13593,7 +13709,7 @@ CVE-2016-6507 (epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5a10743258bd016c07ebf6479137fda3d172a0f
NOTE: Affects 1.12.0 to 1.12.12, fixed 1.12.13
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6506 (epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x ...)
{DSA-3648-1 DLA-595-1}
- wireshark 2.0.5+ga3be9c6-1
@@ -13601,7 +13717,7 @@ CVE-2016-6506 (epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499
NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 , fixed in 2.0.5, 1.12.13
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6505 (epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wiresha ...)
{DSA-3648-1 DLA-595-1}
- wireshark 2.0.5+ga3be9c6-1
@@ -13609,7 +13725,7 @@ CVE-2016-6505 (epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wi
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95
NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6504 (epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1 ...)
{DSA-3648-1 DLA-595-1}
- wireshark 2.0
@@ -13618,13 +13734,13 @@ CVE-2016-6504 (epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wiresh
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9eacbb4d48df647648127b9258f9e5aeeb0c7d99
NOTE: Affects 1.12.0 to 1.12.12, fixed in 1.12.13.
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6503 (The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windo ...)
- wireshark <not-affected> (Only affects Wireshark on Windows)
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-39.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6490 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Qui ...)
- qemu 1:2.6+dfsg-3.1 (bug #832767)
[jessie] - qemu <not-affected> (Vulnerable code not present)
@@ -13894,21 +14010,26 @@ CVE-2016-6355 (Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.
CVE-2016-6353 (Cloudera Search in CDH before 5.7.0 allows unauthorized document acces ...)
NOT-FOR-US: Cloudera
CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote attackers to co ...)
- - resteasy <unfixed> (low; bug #837170)
+ - resteasy 3.1.0-1 (low; bug #837170)
[jessie] - resteasy <no-dsa> (Minor issue)
- - resteasy3.0 <undetermined>
+ - resteasy3.0 3.0.26-1
+ NOTE: https://github.com/resteasy/Resteasy/commit/7cc46c65b11de69b87ef8850dc68cca3de8cd7c6 (3.1.0.CR1)
CVE-2016-6347 (Cross-site scripting (XSS) vulnerability in the default exception hand ...)
- - resteasy <unfixed> (low; bug #837170)
+ - resteasy 3.1.0-1 (low; bug #837170)
[jessie] - resteasy <no-dsa> (Minor issue)
- - resteasy3.0 <undetermined>
+ - resteasy3.0 3.0.26-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1372124
CVE-2016-6346 (RESTEasy enables GZIPInterceptor, which allows remote attackers to cau ...)
- - resteasy <unfixed> (low; bug #837170)
+ - resteasy 3.1.0-1 (low; bug #837170)
[jessie] - resteasy <no-dsa> (Minor issue)
- - resteasy3.0 <undetermined>
+ - resteasy3.0 3.0.26-1
+ NOTE: https://issues.jboss.org/browse/RESTEASY-1484 (not public)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1372120
CVE-2016-6345 (RESTEasy allows remote authenticated users to obtain sensitive informa ...)
- - resteasy <unfixed> (low; bug #837170)
+ - resteasy 3.1.0-1 (low; bug #837170)
[jessie] - resteasy <no-dsa> (Minor issue)
- - resteasy3.0 <undetermined>
+ - resteasy3.0 3.0.26-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1372117
CVE-2016-6344 (Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a ...)
NOT-FOR-US: Red Hat JBoss bpm Suite
CVE-2016-6343 (JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Re ...)
@@ -13963,7 +14084,7 @@ CVE-2016-6329 (OpenVPN, when using a 64-bit block cipher, makes it easier for re
CVE-2016-6328 (A vulnerability was found in libexif. An integer overflow when parsing ...)
{DLA-2214-1}
- libexif 0.6.21-2.1 (bug #873022)
- [stretch] - libexif <no-dsa> (Minor issue)
+ [stretch] - libexif 0.6.21-2+deb9u2
[wheezy] - libexif <no-dsa> (Minor issue)
NOTE: http://libexif.cvs.sourceforge.net/viewvc/libexif/libexif/libexif/pentax/mnote-pentax-entry.c?r1=1.26&r2=1.27
CVE-2016-6327 (drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 ...)
@@ -14114,13 +14235,13 @@ CVE-2016-6351 (The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emula
- qemu-kvm <removed>
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3 (v2.7.0-rc0)
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/25/14
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/25/14
NOTE: According to maintainer the fix relies on the fix for CVE-2016-4439
CVE-2016-6350 (OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (N ...)
NOT-FOR-US: OpenBSD
CVE-2016-6349 (The machinectl command in oci-register-machine allows local users to l ...)
NOT-FOR-US: oci-register-machine
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/26/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/26/5
NOTE: Requirement is that docker containers would register themselves to
NOTE: to systemd-machined by oci-register-machine (not packaged in Debian,
NOTE: and https://github.com/projectatomic/docker/commit/a307e90141ba31b378bc31bb7720ed141f47cd9b
@@ -14165,14 +14286,14 @@ CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ext/zip
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72520
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6296 (Integer signedness error in the simplestring_addn function in simplest ...)
{DSA-3631-1 DLA-2011-1 DLA-628-1 DLA-569-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72606
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
- xmlrpc-epi 0.54.2-1.2 (bug #832959)
NOTE: In stretch/sid php7.0 is using the system library not the embedded one.
@@ -14181,14 +14302,14 @@ CVE-2016-6295 (ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72479
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6294 (The locale_accept_from_http function in ext/intl/locale/locale_methods ...)
{DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72533
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6293 (The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in Interna ...)
{DSA-3725-1 DLA-615-1}
@@ -14202,28 +14323,28 @@ CVE-2016-6292 (The exif_process_user_comment function in ext/exif/exif.c in PHP
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72618
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6291 (The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP b ...)
{DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72603
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6290 (ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7 ...)
{DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72562
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6289 (Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_ ...)
{DSA-3631-1 DLA-628-1}
- php7.0 7.0.9-1
- php5 5.6.24+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/72513
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87
NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6271 (The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the- ...)
- bzrtp 1.0.2-1.2 (bug #859277)
@@ -14472,8 +14593,8 @@ CVE-2016-6265 (Use-after-free vulnerability in the pdf_load_xref function in pdf
- mupdf 1.9a+ds1-1.1 (bug #832031)
[wheezy] - mupdf <not-affected> (vulnerable code not present, no segfault)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941
- NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958
- NOTE: Possibly introduced with: http://git.ghostscript.com/?p=mupdf.git;h=e767bd783d91ae88cd79da19e79afb2c36bcf32a (1.7-rc1)
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958
+ NOTE: Possibly introduced with: https://git.ghostscript.com/?p=mupdf.git;h=e767bd783d91ae88cd79da19e79afb2c36bcf32a (1.7-rc1)
NOTE: Although the e767bd783d91ae88cd79da19e79afb2c36bcf32a introduced the solid xrefs,
NOTE: that part of the code went trough several iterations before it settled down, and
NOTE: thus the issue could possibly be presend already before. The code in 1.5-1 looks
@@ -14482,9 +14603,9 @@ CVE-2016-6265 (Use-after-free vulnerability in the pdf_load_xref function in pdf
CVE-2016-6264 (Integer signedness error in libc/string/arm/memset.S in uClibc and uCl ...)
{DLA-561-1}
- uclibc-ng <itp> (bug #811275)
- - uclibc <unfixed> (unimportant)
+ - uclibc 1.0.20-1 (unimportant; bug #990648)
NOTE: Just for cross-compiling, not used for actual packages
- NOTE: http://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed
+ NOTE: https://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed
NOTE: http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html
NOTE: Fixed in 1.0.16 of uClibc-ng
CVE-2016-6263 (The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn be ...)
@@ -14492,11 +14613,11 @@ CVE-2016-6263 (The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libi
- libidn 1.33-1
NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
NOTE: Test / Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555 (libidn-1-33)
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6262 (idn in libidn before 1.33 might allow remote attackers to obtain sensi ...)
- libidn <not-affected> (Incomplete fix for CVE-2015-8948 not applied)
NOTE: Follow-up fix for CVE-2015-8948: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60 (libidn-1-33)
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6261 (The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allo ...)
{DSA-3658-1 DLA-582-1}
- libidn 1.33-1
@@ -14504,7 +14625,7 @@ CVE-2016-6261 (The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33
NOTE: Test: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=9a1a7e15d0706634971364493fbb06e77e74726c (libidn-1-33)
NOTE: Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d (libidn-1-33)
NOTE: Follow-up memory leak fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=11abd0e02c16f9e0b6944aea4ef0f2df44b42dd4 (libidn-1-33)
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6249 (F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout durin ...)
NOT-FOR-US: F5
CVE-2016-1000037 (Pagure: XSS possible in file attachment endpoint ...)
@@ -14528,7 +14649,7 @@ CVE-2016-6250 (Integer overflow in the ISO9660 writer in libarchive before 3.2.1
- libarchive 3.2.1-1 (low)
NOTE: https://github.com/libarchive/libarchive/issues/711
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6 (v3.2.1)
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/20/1
CVE-2016-6252 (Integer overflow in shadow 4.2.1 allows local users to gain privileges ...)
{DSA-3793-1}
- shadow 1:4.4-1 (bug #832170)
@@ -14606,6 +14727,7 @@ CVE-2016-1000110 (The CGIHandler class in Python before 2.7.12 does not protect
- python2.7 2.7.12-2 (unimportant)
- python2.6 <removed> (unimportant)
NOTE: https://bugs.python.org/issue27568
+ NOTE: https://github.com/python/cpython/commit/436fe5a447abb69e5e5a4f453325c422af02dcaa (3.4)
NOTE: No part of Python does set HTTP_PROXY based on a Proxy: header, the Python bug
NOTE: just provides a hardening to discard HTTP_PROXY if it thinks a Python script is
NOTE: running as a CGI script
@@ -14623,7 +14745,7 @@ CVE-2016-1000103
REJECTED
CVE-2016-1000102
REJECTED
-CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential remote code ex ...)
+CVE-2016-1000027 (Pivotal Spring Framework through 5.3.16 suffers from a potential remot ...)
- libspring-java 4.2.7-1 (unimportant)
NOTE: https://www.tenable.com/security/research/tra-2016-20
NOTE: This is not a vulnerability in Spring itself, just how applications are using it
@@ -14632,7 +14754,7 @@ CVE-2016-6255 (Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attac
- libupnp 1:1.6.19+git20160116-1.1 (bug #831857)
NOTE: https://twitter.com/mjg59/status/755062278513319936
NOTE: Proposed fix: https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/18/13
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/18/13
CVE-2016-6233 (The (1) order and (2) group methods in Zend_Db_Select in the Zend Fram ...)
- zendframework 1.12.19+dfsg-1
[jessie] - zendframework <not-affected> (introduced after 1.12.9)
@@ -14760,12 +14882,12 @@ CVE-2016-6905 (The read_image_tga function in gd_tga.c in the GD Graphics Librar
NOTE: https://github.com/libgd/libgd/commit/5a3f19e962b507560c9206965087db4dc0ad107f
NOTE: Fixed by: https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186
NOTE: followed by: https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/12/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/12/4
CVE-2016-6352 (The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows ...)
{DLA-2043-1}
- gdk-pixbuf 2.35.4-1 (bug #832496)
[wheezy] - gdk-pixbuf <not-affected> (Fails with ENOMEM, no crash)
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/11
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/11
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170
NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599
CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap ...)
@@ -14773,7 +14895,7 @@ CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted
NOTE: Actually due to an incomplete fix of LP#1447282
NOTE: https://launchpad.net/bugs/1597154
NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/2
CVE-2016-6214 (gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows re ...)
{DSA-3619-1}
- libgd2 2.2.2-29-g3c2b605-1
@@ -14781,12 +14903,12 @@ CVE-2016-6214 (gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allo
NOTE: https://github.com/libgd/libgd/issues/247#issuecomment-232084241
NOTE: https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7
NOTE: Different issue than CVE-2016-6132
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/5
CVE-2016-6223 (The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in ...)
{DSA-3762-1 DLA-693-1 DLA-610-1}
- tiff 4.0.6-2 (bug #842270)
- tiff3 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/3
NOTE: Upstream patch: https://github.com/vadz/libtiff/commit/0ba5d8814a17a64bdb8d9035f4c533f3f3f4b496
CVE-2016-1000023
REJECTED
@@ -14844,7 +14966,7 @@ CVE-2016-6187 (The apparmor_setprocattr function in security/apparmor/lsm.c in t
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by: https://git.kernel.org/linus/bb646cdb12e75d82258c2f2e7746d5952d3e321a (v4.5-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/30a46a4647fd1df9cf52e43bf467f0d9265096ca (v4.7-rc7)
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/09/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/09/1
CVE-2016-XXXX [GNUTLS-SA-2016-2: certificate verification issue]
- gnutls28 3.4.14-1 (unimportant)
NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-2
@@ -14872,7 +14994,7 @@ CVE-2016-6185 (The XSLoader::load method in XSLoader in Perl does not properly l
{DSA-3628-1 DLA-565-1}
- perl 5.22.2-2 (bug #829578)
CVE-2016-6175 (Eval injection vulnerability in php-gettext 1.0.12 and earlier allows ...)
- - php-gettext <unfixed> (bug #851771)
+ - php-gettext 1.0.12-1 (bug #851771)
[buster] - php-gettext <no-dsa> (Minor issue)
[stretch] - php-gettext <no-dsa> (Minor issue)
[jessie] - php-gettext <no-dsa> (Minor issue)
@@ -14893,7 +15015,7 @@ CVE-2016-6165
RESERVED
CVE-2016-6164 (Integer overflow in the mov_build_index function in libavformat/mov.c ...)
- ffmpeg 7:3.1.1-1
- NOTE: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823
+ NOTE: https://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823
CVE-2016-1000101
REJECTED
CVE-2016-1000100
@@ -15785,13 +15907,13 @@ CVE-2016-5844 (Integer overflow in the ISO parser in libarchive before 3.2.1 all
CVE-2016-5842 (MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote atta ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
- NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
+ NOTE: Details: https://www.openwall.com/lists/oss-security/2016/06/23/1
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5842.jpg
CVE-2016-5841 (Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 ...)
{DSA-3652-1 DLA-731-1}
- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
- NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
+ NOTE: Details: https://www.openwall.com/lists/oss-security/2016/06/23/1
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5841.jpg
CVE-2016-5829 (Multiple heap-based buffer overflows in the hiddev_ioctl_usage functio ...)
@@ -15839,7 +15961,7 @@ CVE-2016-5824 (libical 1.0 allows remote attackers to cause a denial of service
NOTE: Related upstream ticket: https://github.com/libical/libical/issues/251
NOTE: Whilst the upstream commits in issues/251 fix the issue of #251 itself
NOTE: they do not fix the bugzilla.mozilla.org case 1275400 which was assigned
- NOTE: in http://www.openwall.com/lists/oss-security/2016/06/25/4
+ NOTE: in https://www.openwall.com/lists/oss-security/2016/06/25/4
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2016-5824
NOTE: thunderbird uses embedded libical copy
CVE-2016-5823 (The icalproperty_new_clone function in libical 0.47 and 1.0 allows rem ...)
@@ -15900,42 +16022,42 @@ CVE-2016-5773 (php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5772 (Double free vulnerability in the php_wddx_process_data function in wdd ...)
{DSA-3618-1 DLA-628-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5771 (spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...)
{DSA-3618-1 DLA-628-1}
- php7.0 <not-affected> (Does not affect PHP 7.x)
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
NOTE: Fixed in 5.5.37, 5.6.23
CVE-2016-5770 (Integer overflow in the SplFileObject::fread function in spl_directory ...)
{DSA-3618-1 DLA-628-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5769 (Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...)
{DSA-3618-1 DLA-628-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5768 (Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ...)
{DSA-3618-1 DLA-628-1}
- php7.0 7.0.8-1
- php5 5.6.23+dfsg-1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5767 (Integer overflow in the gdImageCreate function in gd.c in the GD Graph ...)
- php7.0 7.0.8-1 (unimportant)
@@ -15943,7 +16065,7 @@ CVE-2016-5767 (Integer overflow in the gdImageCreate function in gd.c in the GD
[jessie] - php5 5.6.23+dfsg-0+deb8u1
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72446
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
- libgd2 2.0.34~rc1-1
NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (GD_2_0_34RC1)
@@ -15954,7 +16076,7 @@ CVE-2016-5766 (Integer overflow in the _gd2GetHeader function in gd_gd2.c in the
[jessie] - php5 5.6.23+dfsg-0+deb8u1
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72339
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac
NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
- libgd2 2.2.2-29-g3c2b605-1 (bug #829014)
NOTE: https://github.com/libgd/libgd/issues/243
@@ -15971,9 +16093,8 @@ CVE-2016-5738
CVE-2016-5736 (The default configuration of the IPsec IKE peer listener in F5 BIG-IP ...)
NOT-FOR-US: BIG-IP
CVE-2016-5735 (Integer overflow in the rwpng_read_image24_libpng function in rwpng.c ...)
- {DLA-966-1}
+ {DLA-2257-1 DLA-966-1}
- pngquant 2.5.0-2 (bug #863469)
- [jessie] - pngquant <no-dsa> (Minor issue)
NOTE: https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x be ...)
- phpmyadmin 4:4.6.3-1
@@ -15996,7 +16117,7 @@ CVE-2016-5742 (SQL injection vulnerability in the XML-RPC interface in Movable T
{DLA-532-1}
- movabletype-opensource <removed>
NOTE: https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/06/22/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/06/22/3
NOTE: https://github.com/movabletype/movabletype/commit/42113544e7d8ebf6064b7b01b921734b667a1682
CVE-2016-5737 (The Gerrit configuration in the Openstack Puppet module for Gerrit (ak ...)
NOT-FOR-US: Openstack-infra puppet-gerrit module
@@ -16807,7 +16928,7 @@ CVE-2016-6211 (The User module in Drupal 7.x before 7.44 allows remote authentic
{DSA-3604-1 DLA-550-1}
- drupal7 7.44-1
NOTE: https://www.drupal.org/SA-CORE-2016-002
- NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/07/13/4
NOTE: https://gist.github.com/lamby/4697fea399f3f01ca6de3ce9ed79fce7 tarball diff
NOTE: https://gist.github.com/lamby/dbeda4d49f48a32aa0dd4b3ed7f06a13 filtered diff
CVE-2016-5636 (Integer overflow in the get_data function in zipimport.c in CPython (a ...)
@@ -16911,10 +17032,12 @@ CVE-2016-5417 (Memory leak in the __res_vinit function in the IPv6 name server m
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19257
CVE-2016-5416 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, ...)
- 389-ds-base <unfixed> (bug #834233)
- [buster] - 389-ds-base <no-dsa> (Minor issue)
+ [bullseye] - 389-ds-base <ignored> (Minor issue)
+ [buster] - 389-ds-base <ignored> (Minor issue)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
[jessie] - 389-ds-base <no-dsa> (Minor issue)
NOTE: https://fedorahosted.org/389/ticket/48852
+ NOTE: https://github.com/389ds/389-ds-base/issues/1912
NOTE: Potentially related: https://fedorahosted.org/389/ticket/48354
CVE-2016-5415
RESERVED
@@ -17148,7 +17271,7 @@ CVE-2016-5339
RESERVED
CVE-2016-5361 (programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial ...)
- libreswan <not-affected> (Fixed before initial upload to Debian)
- NOTE: Possibly the CVE should be rejected: http://www.openwall.com/lists/oss-security/2016/06/13/1
+ NOTE: Possibly the CVE should be rejected: https://www.openwall.com/lists/oss-security/2016/06/13/1
NOTE: MITRE has not assigned the CVE to the protocol flaw, but specific to libreswan, but as
NOTE: Huzaifa Sidhpurwala <huzaifas@redhat.com> pointed out that is not a libreswan issue, rather
NOTE: the protocol is flawed.
@@ -17589,9 +17712,10 @@ CVE-2016-4456 (The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 all
- gnutls28 3.4.13-1
[jessie] - gnutls28 <not-affected> (Introduced in 3.4.12)
NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-1
- NOTE: http://www.openwall.com/lists/oss-security/2016/06/07/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/06/07/2
CVE-2016-1000002 (gdm3 3.14.2 and possibly later has an information leak before screen l ...)
- gdm3 <unfixed> (low; bug #849432)
+ [bullseye] - gdm3 <ignored> (Minor issue)
[buster] - gdm3 <ignored> (Minor issue)
[stretch] - gdm3 <ignored> (Minor issue)
[jessie] - gdm3 <ignored> (Minor issue)
@@ -17668,7 +17792,7 @@ CVE-2016-XXXX [doesn't remove metadata in embedded images in PDFs]
NOTE: Workaround entry for DLA-650-1/DSA-3708-1 until/if CVE is assigned
NOTE: https://0xacab.org/mat/mat/issues/11067
NOTE: Patch in 0.6.1-3 disabled PDF support
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/06/02/5
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/06/02/5
CVE-2016-5239 (The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and G ...)
{DSA-3580-1 DLA-1456-1 DLA-486-1 DLA-484-1}
- graphicsmagick 1.3.24-1
@@ -17993,7 +18117,7 @@ CVE-2016-5157 (Heap-based buffer overflow in the opj_dwt_interleave_v function i
[jessie] - openjpeg2 2.1.0-2+deb8u3
- chromium-browser 53.0.2785.89-1
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/08/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/08/8
NOTE: https://github.com/uclouvain/openjpeg/pull/823
CVE-2016-5156 (extensions/renderer/event_bindings.cc in the event bindings in Google ...)
{DSA-3660-1}
@@ -18159,7 +18283,7 @@ CVE-2016-5126 (Heap-based buffer overflow in the iscsi_aio_ioctl function in blo
NOTE: https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1340924
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/30/6
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/30/6
CVE-2016-XXXX [CSRF protection for POST requests]
- postfixadmin 2.93-2 (bug #825151)
[jessie] - postfixadmin <no-dsa> (Minor issue)
@@ -18172,7 +18296,7 @@ CVE-2016-5118 (The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 a
- imagemagick 8:6.8.9.9-7.1 (bug #825799)
- graphicsmagick 1.3.24-1 (bug #825800)
NOTE: fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858
- NOTE: patch available at http://www.openwall.com/lists/oss-security/2016/05/29/7
+ NOTE: patch available at https://www.openwall.com/lists/oss-security/2016/05/29/7
CVE-2016-5116 (gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...)
{DSA-3619-1}
- libgd2 2.2.1-1
@@ -18183,7 +18307,7 @@ CVE-2016-5116 (gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as
- php5 <removed> (unimportant)
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72115
NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/29/3
CVE-2016-5115 (The avcodec_decode_audio4 function in libavcodec in libavformat 57.34. ...)
- libav <removed> (low)
[jessie] - libav <no-dsa> (Minor issue)
@@ -18228,7 +18352,7 @@ CVE-2016-5108 (Buffer overflow in the DecodeAdpcmImaQT function in modules/codec
{DSA-3598-1}
- vlc 2.2.3-2 (bug #825728)
[wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
- NOTE: Details: http://www.openwall.com/lists/oss-security/2016/05/27/3
+ NOTE: Details: https://www.openwall.com/lists/oss-security/2016/05/27/3
NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9
CVE-2016-5090
RESERVED
@@ -18392,7 +18516,7 @@ CVE-2016-5008 (libvirt before 2.0.0 improperly disables password checking when t
NOTE: http://security.libvirt.org/2016/0001.html
CVE-2016-5007 (Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2. ...)
- libspring-java 4.3.2-1
- [jessie] - libspring-java <no-dsa> (Minor issue)
+ [jessie] - libspring-java <ignored> (Minor issue, no rdeps using both spring-framework and spring-security, trimTokens mitigation not present in 3.0.x)
[wheezy] - libspring-java <not-affected> (Vulnerable code not present)
NOTE: https://pivotal.io/security/cve-2016-5007
NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab30 (v4.3.1.RELEASE)
@@ -18569,33 +18693,33 @@ CVE-2016-4552 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail bef
[wheezy] - roundcube <not-affected> (vulnerable code not present)
NOTE: https://github.com/roundcube/roundcubemail/issues/5240
NOTE: https://github.com/roundcube/roundcubemail/pull/5241
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/8
CVE-2016-5096 (Integer overflow in the fread function in ext/standard/file.c in PHP b ...)
{DSA-3602-1 DLA-533-1}
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72114
NOTE: Fixed in 5.6.22, 5.5.36
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5095 (Integer overflow in the php_escape_html_entities_ex function in ext/st ...)
{DSA-3602-1 DLA-533-1}
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
NOTE: Fixed in 5.6.22, 5.5.36
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
NOTE: For the additional issue reported in the "[2016-05-17 12:55 UTC]" comment
CVE-2016-5094 (Integer overflow in the php_html_entities function in ext/standard/htm ...)
{DSA-3602-1 DLA-533-1}
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
NOTE: Fixed in 5.6.22, 5.5.36
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5093 (The get_icu_value_internal function in ext/intl/locale/locale_methods. ...)
{DSA-3602-1 DLA-533-1}
- php7.0 7.0.7-1
- php5 5.6.22+dfsg-1
NOTE: PHP bug: https://bugs.php.net/bug.php?id=72241
NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5091 (Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allo ...)
- typo3-src <removed>
[wheezy] - typo3-src <end-of-life> (Not supported in Wheezy LTS)
@@ -18745,7 +18869,7 @@ CVE-2016-5117 (OpenNTPD before 6.0p1 does not validate the CN for HTTPS constrai
- openntpd 1:6.0p1-1 (bug #825856; unimportant)
[jessie] - openntpd <not-affected> (Vulnerable code introduced later)
[wheezy] - openntpd <not-affected> (Vulnerable code introduced later)
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/23/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/23/2
NOTE: Authenticated TLS "contraints" introduced in 2015-03-24 OpenNTPD 5.7p4
NOTE: Option is not enabled at buildtime.
CVE-2016-4964 (The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Qu ...)
@@ -18774,8 +18898,8 @@ CVE-2016-XXXX [mediawiki issues from 1.26.3, 1.25.6 and 1.23.14]
CVE-2016-4952 (QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual S ...)
{DLA-1599-1}
- qemu 1:2.6+dfsg-2 (bug #825210)
- [wheezy] - qemu <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
- - qemu-kvm <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
+ [wheezy] - qemu <not-affected> (VMware PVSCSI paravirtual device implementation introduced later)
+ - qemu-kvm <not-affected> (VMware PVSCSI paravirtual device implementation introduced later)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html
NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed (v1.5.0-rc0)
CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kerne ...)
@@ -19209,7 +19333,7 @@ CVE-2016-4762 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, i
NOT-FOR-US: Webkit as used by Apple
CVE-2016-4761 (WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow rem ...)
- webkitgtk <removed> (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/14
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/04/14
NOTE: Not covered by security support
CVE-2016-4760 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Sa ...)
NOT-FOR-US: Webkit as used by Apple
@@ -19672,14 +19796,14 @@ CVE-2016-4567 (Cross-site scripting (XSS) vulnerability in flash/FlashMediaEleme
NOTE: Fixed by: https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e
NOTE: Vulnerable code present, but Flash Player disabled in Debian
NOTE: See 0004-Deactivate-Flash-and-Silverlight.patch
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/07/2
CVE-2016-4566 (Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plup ...)
- wordpress 4.5.2+dfsg-1 (bug #823640)
[jessie] - wordpress <not-affected> (Vulnerable code not present)
[wheezy] - wordpress <not-affected> (Vulnerable code not present)
NOTE: https://wordpress.org/news/2016/05/wordpress-4-5-2/
NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37382
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/07/2
CVE-2016-4568 (drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4. ...)
- linux 4.5.3-1
[jessie] - linux <not-affected> (Vulnerable code introduced in 4.4)
@@ -19704,7 +19828,7 @@ CVE-2016-4561 (Cross-site scripting (XSS) vulnerability in the cgierror function
{DSA-3571-1 DLA-463-1}
- ikiwiki 3.20160506
NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/06/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/06/8
CVE-2016-4547 (Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow atta ...)
NOT-FOR-US: Samsung Android component
CVE-2016-4546 (Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users t ...)
@@ -19713,13 +19837,13 @@ CVE-2016-4570 (The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and poss
{DLA-1641-1}
- mxml 2.9-1 (bug #825855)
[wheezy] - mxml <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/07/8
NOTE: https://github.com/michaelrsweet/mxml/commit/d8c0ba900728d47523d76ba4acf33176cd04647c
CVE-2016-4571 (The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and poss ...)
{DLA-1641-1}
- mxml 2.9-2 (bug #825855)
[wheezy] - mxml <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/07/8
NOTE: https://github.com/michaelrsweet/mxml/commit/5f74dc212497332d05882660db130a37d2f458eb
CVE-2016-4558 (The BPF subsystem in the Linux kernel before 4.5.5 mishandles referenc ...)
- linux 4.5.3-1
@@ -19736,7 +19860,7 @@ CVE-2016-4557 (The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c
NOTE: Fixed by: https://git.kernel.org/linus/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7 (v4.6-rc6)
NOTE: Introduced by: https://git.kernel.org/linus/0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (v3.18-rc1)
NOTE: Exploitable since: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc (v4.4-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/06/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/06/4
CVE-2016-4556 (Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x ...)
{DSA-3625-1 DLA-478-1}
- squid3 3.5.19-1 (bug #823968)
@@ -19948,7 +20072,7 @@ CVE-2016-4539 (The xml_parse_into_struct function in ext/xml/xml.c in PHP before
NOTE: https://bugs.php.net/bug.php?id=72099
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/7290b3bbcaa1e10a8d807fab3242204e9ec3a015
CVE-2016-4537 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ...)
{DSA-3602-1 DLA-499-1}
@@ -19957,7 +20081,7 @@ CVE-2016-4537 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35
NOTE: https://bugs.php.net/bug.php?id=72093
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4538 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6 ...)
{DSA-3602-1 DLA-628-1}
- php7.0 7.0.6-1
@@ -19965,7 +20089,7 @@ CVE-2016-4538 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35
NOTE: https://bugs.php.net/bug.php?id=72093
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4540 (The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c i ...)
{DSA-3602-1 DLA-499-1}
- php7.0 7.0.6-1
@@ -19973,7 +20097,7 @@ CVE-2016-4540 (The grapheme_stripos function in ext/intl/grapheme/grapheme_strin
NOTE: https://bugs.php.net/bug.php?id=72061
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4541 (The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ...)
{DSA-3602-1 DLA-499-1}
- php7.0 7.0.6-1
@@ -19981,7 +20105,7 @@ CVE-2016-4541 (The grapheme_strpos function in ext/intl/grapheme/grapheme_string
NOTE: https://bugs.php.net/bug.php?id=72061
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4542 (The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5 ...)
{DSA-3602-1 DLA-499-1}
- php7.0 7.0.6-1
@@ -19989,7 +20113,7 @@ CVE-2016-4542 (The exif_process_IFD_TAG function in ext/exif/exif.c in PHP befor
NOTE: https://bugs.php.net/bug.php?id=72094
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4543 (The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ...)
{DSA-3602-1 DLA-499-1}
- php7.0 7.0.6-1
@@ -19997,7 +20121,7 @@ CVE-2016-4543 (The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP b
NOTE: https://bugs.php.net/bug.php?id=72094
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4544 (The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP befor ...)
{DSA-3602-1 DLA-499-1}
- php7.0 7.0.6-1
@@ -20005,7 +20129,7 @@ CVE-2016-4544 (The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP
NOTE: https://bugs.php.net/bug.php?id=72094
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4536 (The client in OpenAFS before 1.6.17 does not properly initialize the ( ...)
{DLA-493-1}
- openafs 1.6.17-1
@@ -20043,7 +20167,7 @@ CVE-2016-4473 (/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote atta
NOTE: The issue was introduced as part CVE-2015-6833, which was applied upstream
NOTE: in versions 5.4.44, 5.5.28, and 5.6.12.
NOTE: https://bugs.php.net/bug.php?id=72321
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d144590d38fa321b46b8e199c754006318985c84
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=d144590d38fa321b46b8e199c754006318985c84
NOTE: Fixed in 5.6.23
CVE-2016-4472 (The overflow protection in Expat is removed by compilers with certain ...)
{DSA-3582-1 DLA-483-1}
@@ -20184,13 +20308,13 @@ CVE-2016-4430 (Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validati
- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
NOTE: https://struts.apache.org/docs/s2-038.html
CVE-2016-4429 (Stack-based buffer overflow in the clntudp_call function in sunrpc/cln ...)
+ {DLA-2256-1}
- glibc 2.22-10
[jessie] - glibc 2.19-18+deb8u5
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20112
- libtirpc 0.2.5-1.1 (bug #840347)
- [jessie] - libtirpc <no-dsa> (Minor issue)
[wheezy] - libtirpc <no-dsa> (Minor issue)
CVE-2016-4428 (Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horiz ...)
{DSA-3617-1 DLA-520-1}
@@ -20209,12 +20333,12 @@ CVE-2016-4423 (The attemptAuthentication function in Component/Security/Http/Fir
NOTE: https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
CVE-2016-XXXX [XSS]
- dotclear <removed>
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/04/9
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/05/04/9
CVE-2016-4482 (The proc_connectinfo function in drivers/usb/core/devio.c in the Linux ...)
{DSA-3607-1 DLA-516-1}
- linux 4.5.5-1
NOTE: http://www.spinics.net/lists/linux-usb/msg140243.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/04/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/04/2
NOTE: Fixed by: https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee
CVE-2016-4483 (The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 all ...)
{DSA-3593-1 DLA-503-1}
@@ -20355,19 +20479,19 @@ CVE-2016-4478 (Buffer overflow in the xmlrpc_char_encode function in modules/tra
{DSA-3586-1}
- atheme-services 7.0.7-2
NOTE: https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/02/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/02/2
CVE-2016-4425 (Jansson 2.7 and earlier allows context-dependent attackers to cause a ...)
{DSA-3577-1 DLA-471-1}
- jansson 2.7-5 (bug #823238)
NOTE: https://github.com/akheron/jansson/issues/282
NOTE: https://github.com/akheron/jansson/pull/284
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/01/5
CVE-2016-4422 (The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth mi ...)
{DSA-3567-1}
- libpam-sshauth 0.4.1-2
NOTE: Introduced in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/93/src/pam_sshauth.c
NOTE: Fixed in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/01/2
CVE-2016-4414 (The onReadyRead function in core/coreauthhandler.cpp in Quassel before ...)
- quassel 1:0.12.4-2 (bug #826402)
[jessie] - quassel 1:0.10.0-2.3+deb8u3
@@ -20375,7 +20499,7 @@ CVE-2016-4414 (The onReadyRead function in core/coreauthhandler.cpp in Quassel b
NOTE: https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100
NOTE: Introduced by: https://github.com/quassel/quassel/commit/d1bf207 (0.10.0)
NOTE: Fixed by: https://github.com/quassel/quassel/commit/e67887343c433cc35bc26ad6a9392588f427e746 (0.12.4)
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/30/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/30/2
CVE-2016-4349 (Untrusted search path vulnerability in Cisco WebEx Productivity Tools ...)
NOT-FOR-US: Cisco
CVE-2016-4352 (Integer overflow in the demuxer function in libmpdemux/demux_gif.c in ...)
@@ -20385,7 +20509,7 @@ CVE-2016-4352 (Integer overflow in the demuxer function in libmpdemux/demux_gif.
[jessie] - mplayer2 <no-dsa> (Minor issue)
NOTE: https://trac.mplayerhq.hu/ticket/2295
NOTE: Fixed in Revision r37857 upstream
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/3
CVE-2016-4341 (NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to ...)
NOT-FOR-US: NetApp
CVE-2016-4339
@@ -20971,7 +21095,7 @@ CVE-2016-4074 (The jv_dump_term function in jq 1.5 allows remote attackers to ca
- jq 1.5+dfsg-1.1 (low; bug #822456)
[jessie] - jq 1.4-2.1+deb8u1
NOTE: https://github.com/stedolan/jq/issues/1136
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/24/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/24/3
CVE-2016-4069 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail b ...)
{DLA-613-1}
- roundcube 1.1.5+dfsg.1-1 (bug #822333)
@@ -20979,7 +21103,7 @@ CVE-2016-4069 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webm
NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5
NOTE: https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1)
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/23/3
CVE-2016-4068 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1 ...)
{DLA-537-1}
- roundcube 1.2.1+dfsg.1-1
@@ -21126,7 +21250,7 @@ CVE-2016-3955 (The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c
{DSA-3607-1 DLA-516-1}
- linux 4.5.2-1
NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3)
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/19/1
CVE-2016-4038 (Array index error in the msm_sensor_config function in kernel/SM-G9008 ...)
NOT-FOR-US: Samsung Android driver
CVE-2016-4035
@@ -21147,7 +21271,7 @@ CVE-2016-4037 (The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allo
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/18/3
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2 (v2.6.0-rc3)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a49923d2837d20510d645d3758f1ad87c32d0730 (v2.6.0-rc3)
CVE-2016-4030 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005 ...)
@@ -21209,7 +21333,7 @@ CVE-2016-4024 (Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allow
{DSA-3555-1}
- imlib2 1.4.8-1 (bug #821732)
NOTE: Upstream fix: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/14/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/14/5
CVE-2016-4005 (The Huawei Hilink App application before 3.19.2 for Android does not v ...)
NOT-FOR-US: Huawei
CVE-2016-4004 (Directory traversal vulnerability in Dell OpenManage Server Administra ...)
@@ -21223,7 +21347,7 @@ CVE-2016-4020 (The patch_instruction function in hw/i386/kvmvapic.c in QEMU does
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1313686
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/13/6
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/13/6
CVE-2016-4000 (Jython before 2.7.1rc1 allows attackers to execute arbitrary code via ...)
{DSA-3893-1 DLA-989-1}
- jython 2.5.3-17 (bug #864859)
@@ -21238,7 +21362,7 @@ CVE-2016-3997 (NetApp Clustered Data ONTAP allows man-in-the-middle attackers to
CVE-2016-XXXX [auth bypass]
- brltty <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=967436
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/12/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/04/12/4
NOTE: Introduced in: https://github.com/brltty/brltty/commit/e62b3c925d03239a372d425fb87b2cac65d8ef19
NOTE: Fixed by: https://github.com/brltty/brltty/commit/74affe7d1401f2b43ad32e18cb78704d22604ad7
CVE-2016-3996 (ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly che ...)
@@ -21284,7 +21408,7 @@ CVE-2016-4002 (Buffer overflow in the mipsnet_receive function in hw/net/mipsnet
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326082
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/6
CVE-2016-4001 (Buffer overflow in the stellaris_enet_receive function in hw/net/stell ...)
{DLA-1599-1}
- qemu 1:2.6+dfsg-1 (bug #821038)
@@ -21294,12 +21418,12 @@ CVE-2016-4001 (Buffer overflow in the stellaris_enet_receive function in hw/net/
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325884
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3a15cc0e1ee7168db0782133d2607a6bfa422d66 (v2.6.0-rc2)
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/4
CVE-2016-4008 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...)
{DSA-3568-1 DLA-495-1}
- libtasn1-6 4.8-1
- libtasn1-3 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/3
NOTE: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=f435825c0f527a8e52e6ffbc3ad0bc60531d537e
NOTE: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625
CVE-2016-3995 (The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and ...)
@@ -21307,13 +21431,13 @@ CVE-2016-3995 (The timing attack protection in Rijndael::Enc::ProcessAndXorBlock
[jessie] - libcrypto++ 5.6.1-6+deb8u2
[wheezy] - libcrypto++ 5.6.1-6+deb7u2
NOTE: https://github.com/weidai11/cryptopp/issues/146
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/6
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/10/6
NOTE: Initial upload in 5.6.3-5 was incomplete
CVE-2016-3994 (The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause ...)
{DSA-3555-1}
- imlib2 1.4.8-1 (bug #785369)
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/6
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/09/6
CVE-2016-4070 (** DISPUTED ** Integer overflow in the php_raw_url_encode function in ...)
{DSA-3560-1 DLA-499-1}
- php7.0 7.0.5-1
@@ -21322,7 +21446,7 @@ CVE-2016-4070 (** DISPUTED ** Integer overflow in the php_raw_url_encode functio
NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
NOTE: https://bugs.php.net/bug.php?id=71798
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/ea6ff01f6c31f1615a935ef96622d623a6277d37
CVE-2016-4071 (Format string vulnerability in the php_snmp_error function in ext/snmp ...)
{DSA-3560-1 DLA-499-1}
@@ -21331,7 +21455,7 @@ CVE-2016-4071 (Format string vulnerability in the php_snmp_error function in ext
NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
NOTE: https://bugs.php.net/bug.php?id=71704
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-4072 (The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x ...)
{DSA-3560-1 DLA-499-1}
- php7.0 7.0.5-1
@@ -21340,7 +21464,7 @@ CVE-2016-4072 (The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and
NOTE: https://bugs.php.net/bug.php?id=71860
NOTE: https://gist.github.com/smalyshev/80b5c2909832872f2ba2
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1e9b175204e3286d64dfd6c9f09151c31b5e099a
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-4073 (Multiple integer overflows in the mbfl_strcut function in ext/mbstring ...)
{DSA-3560-1 DLA-499-1}
- php7.0 7.0.5-1
@@ -21349,7 +21473,7 @@ CVE-2016-4073 (Multiple integer overflows in the mbfl_strcut function in ext/mbs
NOTE: https://bugs.php.net/bug.php?id=71906
NOTE: https://gist.github.com/smalyshev/d8355c96a657cc5dba70
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=64f42c73efc58e88671ad76b6b6bc8e2b62713e1
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-3976 (Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through ...)
NOT-FOR-US: SAP
CVE-2016-3975 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 ...)
@@ -21400,7 +21524,7 @@ CVE-2016-3963 (Siemens SCALANCE S613 allows remote attackers to cause a denial o
NOT-FOR-US: Siemens
CVE-2016-3992 (cronic before 3 allows local users to write to arbitrary files via a s ...)
- cronic 3-1 (bug #820331)
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/09/4
CVE-2016-3962 (Stack-based buffer overflow in the NTP time-server interface on Meinbe ...)
NOT-FOR-US: Meinberg
CVE-2016-3961 (Xen and the Linux kernel through 4.5.x do not properly suppress hugetl ...)
@@ -21464,7 +21588,7 @@ CVE-2016-3993 (Off-by-one error in the __imlib_MergeUpdate function in lib/updat
{DSA-3555-1}
- imlib2 1.4.8-1 (bug #819818)
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/09/5
CVE-2016-3948 (Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds ...)
{DSA-3625-1}
- squid3 3.5.16-1 (bug #819784)
@@ -21475,7 +21599,6 @@ CVE-2016-3948 (Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform b
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
CVE-2016-3947 (Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.c ...)
- squid3 3.5.16-1 (bug #819783)
- [jessie] - squid3 <no-dsa> (Minor issue)
[wheezy] - squid3 <no-dsa> (Minor issue)
- squid 4.1-1
[wheezy] - squid <no-dsa> (Minor issue)
@@ -21651,7 +21774,7 @@ CVE-2016-3863 (Multiple stack-based buffer overflows in the AVCC reassembly impl
CVE-2016-3862 (media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5 ...)
NOT-FOR-US: libstagefright
CVE-2016-3861 (LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...)
- - android-platform-system-core 1:7.0.0+r1-4 (unimportant; bug #858177)
+ - android-platform-system-core 1:7.0.0+r1-4 (unimportant; bug #858177)
NOTE: Not running as a privileged process in SDK
CVE-2016-3860 (sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver ...)
NOT-FOR-US: Qualcomm driver for Android
@@ -21917,9 +22040,9 @@ CVE-2016-3738 (Red Hat OpenShift Enterprise 3.2 does not properly restrict acces
CVE-2016-3737 (The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allo ...)
NOT-FOR-US: Red Hat / JBoss Operations Network server
CVE-2016-3736
- RESERVED
-CVE-2016-3735
- RESERVED
+ REJECTED
+CVE-2016-3735 (Piwigo is image gallery software written in PHP. When a criteria is no ...)
+ - piwigo <removed>
CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in markposts.php in Mo ...)
- moodle 2.7.14+dfsg-1
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
@@ -22299,7 +22422,7 @@ CVE-2016-3622 (The fpAcc function in tif_predict.c in the tiff2rgba tool in LibT
{DSA-3762-1 DLA-795-1}
- tiff 4.0.7-1 (low; bug #820365)
- tiff3 <not-affected> (tiff tools not built)
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/07/4
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286
CVE-2016-3621 (The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4. ...)
{DLA-693-1}
@@ -22307,7 +22430,7 @@ CVE-2016-3621 (The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTI
[jessie] - tiff 4.0.3-12.3+deb8u2
- tiff3 <not-affected> (tiff tools not built)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2565
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/07/3
NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3620 (The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4. ...)
@@ -22316,7 +22439,7 @@ CVE-2016-3620 (The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTI
[jessie] - tiff 4.0.3-12.3+deb8u2
- tiff3 <not-affected> (tiff tools not built)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2570
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/07/2
NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3619 (The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in ...)
@@ -22325,7 +22448,7 @@ CVE-2016-3619 (The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff too
[jessie] - tiff 4.0.3-12.3+deb8u2
- tiff3 <not-affected> (tiff tools not built)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2567
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/07/1
NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3618
@@ -22348,7 +22471,7 @@ CVE-2016-3627 (The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1 (bug #819006)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bdd66182ef53fe1f7209ab6535fda56366bd7ac9 (v2.9.4)
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/21/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/21/3
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762100
CVE-2016-3615 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 a ...)
{DSA-3632-1 DSA-3624-1 DLA-567-1}
@@ -23376,7 +23499,7 @@ CVE-2016-3159 (The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not p
NOTE: http://xenbits.xen.org/xsa/advisory-172.html
NOTE: CVE-2016-3159 is for the code change which is applicable for later
NOTE: versions only, but which must always be combined with the code change
- NOTE: for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which
+ NOTE: for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which
NOTE: patches the function fpu_fxrstor.
CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly ...)
{DSA-3554-1 DLA-571-1}
@@ -23384,7 +23507,7 @@ CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not prop
NOTE: http://xenbits.xen.org/xsa/advisory-172.html
NOTE: CVE-2016-3158 is for the code change which is required for all
NOTE: versions (but which is sufficient only on Xen 4.3.x, and insufficient
- NOTE: on later versions). Ie for the second hunk in xsa172.patch (the only
+ NOTE: on later versions). Ie for the second hunk in xsa172.patch (the only
NOTE: hunk in xsa172-4.3.patch), which patches the function xrstor.
CVE-2016-3157 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux ...)
{DSA-3607-1 DLA-516-1}
@@ -23427,13 +23550,13 @@ CVE-2016-3156 (The IPv4 implementation in the Linux kernel before 4.5.2 mishandl
{DSA-3607-1}
- linux 4.5.1-1
[wheezy] - linux <not-affected> (Not a security issue since containers are not supported)
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/15/3
CVE-2016-3133
RESERVED
CVE-2016-3132 (Double free vulnerability in the SplDoublyLinkedList::offsetSet functi ...)
- php7.0 7.0.6-1
NOTE: https://bugs.php.net/bug.php?id=71735
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5
CVE-2016-3131 (Cloudera CDH before 5.6.1 allows authorization bypass via direct inter ...)
NOT-FOR-US: Cloudera
CVE-2016-3130 (An information disclosure vulnerability in the Core and Management Con ...)
@@ -23500,7 +23623,7 @@ CVE-2016-3104 (mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow
NOTE: MongoDB 2.4 installation with authentication enabled, upgraded
NOTE: to 2.6, and did not complete a full upgrade
CVE-2016-3103
- RESERVED
+ REJECTED
CVE-2016-3102 (The Script Security plugin before 1.18.1 in Jenkins might allow remote ...)
- jenkins <removed>
CVE-2016-3101 (Cross-site scripting (XSS) vulnerability in the Extra Columns plugin b ...)
@@ -23577,15 +23700,16 @@ CVE-2016-3079 (Multiple cross-site scripting (XSS) vulnerabilities in the Web UI
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2016-3078 (Multiple integer overflows in php_zip.c in the zip extension in PHP be ...)
- php7.0 7.0.6-1
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/28/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/28/1
NOTE: Fixed in 7.0.6
NOTE: https://bugs.php.net/bug.php?id=71923
CVE-2016-3077 (The VersionMapper.fromKernelVersionString method in oVirt Engine allow ...)
NOT-FOR-US: ovirt-engine
CVE-2016-3076 (Heap-based buffer overflow in the j2k_encode_entry function in Pillow ...)
- - pillow <unfixed> (unimportant)
+ - pillow 3.2.0-1 (unimportant)
- python-imaging <removed> (unimportant)
- NOTE: https://github.com/python-pillow/Pillow/commit/a1f244343df389cf15cdfff80327594821097295 (3.1.2)
+ NOTE: https://github.com/python-pillow/Pillow/commit/a1f244343df389cf15cdfff80327594821097295 (3.2.0)
+ NOTE: https://github.com/python-pillow/Pillow/commit/d00d8571c2cc7e0f137e4ce4b3669d0698dee79b (3.1.2)
NOTE: Marked as unimportant since source vulnerable but in Debian we do
NOTE: not built against openjpeg by default
CVE-2016-3075 (Stack-based buffer overflow in the nss_dns implementation of the getne ...)
@@ -23656,12 +23780,12 @@ CVE-2016-XXXX [fscanf format string security bug in flashrom layout code]
CVE-2016-3183 (The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 ...)
- openjpeg2 2.1.1-1 (low; bug #818399)
[jessie] - openjpeg2 <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/14
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/14/14
NOTE: https://github.com/uclouvain/openjpeg/issues/726
CVE-2016-3182 (The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG befo ...)
- openjpeg2 2.1.1-1
[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/13
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/14/13
NOTE: https://github.com/uclouvain/openjpeg/issues/725
CVE-2016-3181
REJECTED
@@ -24126,24 +24250,24 @@ CVE-2016-2860 (The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6
CVE-2016-3154 (The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2 ...)
{DSA-3518-1}
- spip 3.0.22-1
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/15/2
NOTE: patch https://core.spip.net/projects/spip/repository/revisions/22903
CVE-2016-3153 (SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 al ...)
{DSA-3518-1}
- spip 3.0.22-1
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/15/2
NOTE: patch https://core.spip.net/projects/spip/repository/revisions/22911
CVE-2016-XXXX [Cross-site scripting (XSS) vulnerability in cgit's "txt2html" filter]
- cgit 0.12.0.git2.7.0-1
[jessie] - cgit 0.10.2.git2.0.1-3+deb8u1
NOTE: https://git.zx2c4.com/cgit/commit/filters/html-converters/txt2html?id=13c2d3df0440ce04273de3149631a9bd97490c6e
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/05/8
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/03/05/8
CVE-2016-3172 (SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier al ...)
{DLA-560-1}
- cacti 0.8.8g+ds1-2 (bug #818647)
[jessie] - cacti 0.8.8b+dfsg-8+deb8u5
NOTE: http://bugs.cacti.net/view.php?id=2667
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/13
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/13
NOTE: Requires authenticated user
CVE-2016-3116 (CRLF injection vulnerability in Dropbear SSH before 2016.72 allows rem ...)
- dropbear 2016.72-1
@@ -24157,7 +24281,7 @@ CVE-2016-3115 (Multiple CRLF injection vulnerabilities in session.c in sshd in O
[wheezy] - openssh <no-dsa> (Minor issue)
NOTE: http://www.openssh.com/txt/x11fwd.adv
NOTE: Portable OpenSSH 7.2p2 contains a fix for this vulnerability.
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/8
NOTE: Upstream fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&sortby=date&f=h
CVE-2016-3134 (The netfilter subsystem in the Linux kernel through 4.5.2 does not val ...)
{DSA-3607-1 DLA-516-1}
@@ -24166,8 +24290,8 @@ CVE-2016-3134 (The netfilter subsystem in the Linux kernel through 4.5.2 does no
NOTE: https://code.google.com/p/google-security-research/issues/detail?id=758
NOTE: https://patchwork.ozlabs.org/patch/595575/
NOTE: http://marc.info/?l=netfilter-devel&m=145757134822741&w=2
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/4
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/7
NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-3135 (Integer overflow in the xt_alloc_table_info function in net/netfilter/ ...)
- linux 4.4.6-1
@@ -24175,7 +24299,7 @@ CVE-2016-3135 (Integer overflow in the xt_alloc_table_info function in net/netfi
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: http://marc.info/?l=netfilter-devel&m=145757136822750&w=2
NOTE: https://patchwork.ozlabs.org/patch/595576/
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/7
CVE-2016-2859
REJECTED
CVE-2016-3124 (The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote at ...)
@@ -24183,7 +24307,7 @@ CVE-2016-3124 (The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remo
NOTE: https://simplesamlphp.org/security/201603-01
NOTE: Fixed upstream in 1.14.1
NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/952027dd7f794ff4b2d4f5eddf549c5b5070fa38
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/08/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/08/4
NOTE: Not treated as a security issue, many components in Debian reveal the release in use
CVE-2016-2855 (The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier use ...)
NOT-FOR-US: Huawei
@@ -24248,8 +24372,8 @@ CVE-2016-3142 (The phar_parse_zipfile function in zip.c in the PHAR extension in
[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
NOTE: https://bugs.php.net/bug.php?id=71498
NOTE: Fixed in 5.5.33, 5.6.19
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/5
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/13/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/13/2
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd
CVE-2016-3141 (Use-after-free vulnerability in wddx.c in the WDDX extension in PHP be ...)
{DLA-818-1}
@@ -24258,8 +24382,8 @@ CVE-2016-3141 (Use-after-free vulnerability in wddx.c in the WDDX extension in P
[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
NOTE: https://bugs.php.net/bug.php?id=71587
NOTE: Fixed in 5.5.33, 5.6.19
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/5
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/13/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/10/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/13/1
CVE-2016-2858 (QEMU, when built with the Pseudo Random Number Generator (PRNG) back-e ...)
{DLA-1599-1}
- qemu 1:2.6+dfsg-1 (bug #817183)
@@ -24269,7 +24393,7 @@ CVE-2016-2858 (QEMU, when built with the Pseudo Random Number Generator (PRNG) b
NOTE: Upstream patch: http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 (v2.6.0-rc0)
NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=a9b7b2ad7b075dba5495271706670e5c6b1304bc (v1.3.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1314676
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/04/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/04/1
CVE-2016-8000
REJECTED
CVE-2016-2840 (An issue was discovered in Open-Xchange Server 6 / OX AppSuite before ...)
@@ -24280,7 +24404,7 @@ CVE-2016-2857 (The net_checksum_calculate function in net/checksum.c in QEMU all
- qemu-kvm <removed>
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=362786f14a753d8a5256ef97d7c10ed576d6572b (v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296567
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/9
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/03/9
CVE-2016-2854 (The aufs module for the Linux kernel 3.x and 4.x does not properly mai ...)
- linux 3.18-1~exp1
[jessie] - linux <ignored> (Not exploitable in default configuration)
@@ -24585,7 +24709,7 @@ CVE-2016-2841 (The ne2000_receive function in the NE2000 NIC emulation support (
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=415ab35a441eca767d033a2702223e785b9d5190 (v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303106
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/02/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/02/8
CVE-2016-2788 (MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise ...)
- mcollective 2.12.0+dfsg-1 (bug #850968)
[jessie] - mcollective <no-dsa> (Minor issue)
@@ -24626,7 +24750,7 @@ CVE-2016-2774 (ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.
- isc-dhcp 4.3.4-1 (bug #817158)
[wheezy] - isc-dhcp <no-dsa> (Minor issue)
NOTE: https://kb.isc.org/article/AA-01354
- NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=0b209ea5cc333255e055113fa2ad636dda681a21
+ NOTE: https://gitlab.isc.org/isc-projects/dhcp/-/commit/0b209ea5cc333255e055113fa2ad636dda681a21
CVE-2016-2773
REJECTED
CVE-2016-2772
@@ -25044,6 +25168,7 @@ CVE-2016-2782 (The treo_attach function in drivers/usb/serial/visor.c in the Lin
NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 (v4.5-rc2)
CVE-2016-2781 (chroot in GNU coreutils, when used with --userspec, allows local users ...)
- coreutils <unfixed> (low; bug #816320)
+ [bullseye] - coreutils <ignored> (Minor issue)
[buster] - coreutils <ignored> (Minor issue)
[stretch] - coreutils <ignored> (Minor issue)
[jessie] - coreutils <ignored> (Minor issue)
@@ -25058,7 +25183,7 @@ CVE-2016-2779 (runuser in util-linux allows local users to escape to the parent
[wheezy] - util-linux <not-affected> (runuser[.c] not yet present)
[squeeze] - util-linux <not-affected> (runuser[.c] not yet present)
NOTE: Restricting ioctl on the kernel side seems the better approach, patches have been posted to kernel-hardening list
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/27/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/27/1
NOTE: https://marc.info/?l=util-linux-ng&m=145694736107128&w=2
NOTE: 2.31 introduces a new --pty option to separate privileged and unprivileged
NOTE: shells (not enabled by default and the cli switch is necessary).
@@ -25069,7 +25194,7 @@ CVE-2016-XXXX [Partial SMAP bypass on 64-bit Linux kernels]
- linux-2.6 <not-affected> (Introduced in 3.10)
NOTE: Introduced by: https://git.kernel.org/linus/63bcff2a307b9bcc712a8251eb27df8b2e117967 (v3.10-rc1)
NOTE: Fixed by: https://git.kernel.org/linus/3d44d51bd339766f0178f0cf2e8d048b4a4872aa (v4.5-rc6)
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/26/6
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/02/26/6
CVE-2016-7575
REJECTED
CVE-2016-2573
@@ -25093,7 +25218,7 @@ CVE-2016-2562 (The checkHTTP function in libraries/Config.class.php in phpMyAdmi
- phpmyadmin 4:4.5.5.1-1 (unimportant)
[jessie] - phpmyadmin <not-affected>
[wheezy] - phpmyadmin <not-affected>
- NOTE: vulnerabilty is only in the test suite
+ NOTE: vulnerability is only in the test suite
CVE-2016-2561 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4. ...)
{DSA-3627-1}
- phpmyadmin 4:4.5.5.1-1
@@ -25124,7 +25249,6 @@ CVE-2016-2571 (http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds
NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x ...)
- squid3 3.5.15-1 (bug #816011)
- [jessie] - squid3 <no-dsa> (Minor issue, needs substantial backporting; too intrusive to backport)
[wheezy] - squid3 <no-dsa> (Minor issue, needs substantial backporting; too intrusive to backport)
- squid <not-affected> (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
@@ -25135,7 +25259,6 @@ CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 an
NOTE: It's maybe too instrusive to fix in 3.1 (squeeze and wheezy).
CVE-2016-2569 (Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append ...)
- squid3 3.5.15-1 (bug #816011)
- [jessie] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
[wheezy] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
- squid <not-affected> (Vulnerable code not present)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
@@ -25146,6 +25269,7 @@ CVE-2016-2569 (Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly ap
NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2568 (pkexec, when used with --user nonpriv, allows local users to escape to ...)
- policykit-1 <unfixed> (low; bug #816062; bug #812512)
+ [bullseye] - policykit-1 <ignored> (Minor issue)
[buster] - policykit-1 <ignored> (Minor issue)
[stretch] - policykit-1 <ignored> (Minor issue)
[jessie] - policykit-1 <ignored> (Minor issue)
@@ -25182,14 +25306,14 @@ CVE-2016-3162 (The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 al
- drupal7 7.43-1
- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3163 (The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might ...)
{DSA-3498-1}
- drupal7 7.43-1
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3164 (Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might al ...)
{DSA-3498-1}
- drupal8 <itp> (bug #756305)
@@ -25197,52 +25321,52 @@ CVE-2016-3164 (Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 mig
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3165 (The Form API in Drupal 6.x before 6.38 ignores access restrictions on ...)
- drupal7 <not-affected> (Only affects Drupal 6)
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3166 (CRLF injection vulnerability in the drupal_set_header function in Drup ...)
- drupal7 <not-affected> (Only affects Drupal 6)
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3167 (Open redirect vulnerability in the drupal_goto function in Drupal 6.x ...)
- drupal7 <not-affected> (Only affects Drupal 6)
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3168 (The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might ...)
{DSA-3498-1}
- drupal7 7.43-1
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3169 (The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows r ...)
{DSA-3498-1}
- drupal7 7.43-1
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3170 (The "have you forgotten your password" links in the User module in Dru ...)
{DSA-3498-1}
- drupal8 <itp> (bug #756305)
- drupal7 7.43-1
- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3171 (Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before ...)
- drupal7 <not-affected> (Only affects Drupal 6)
- drupal6 <removed>
[squeeze] - drupal6 <end-of-life>
NOTE: https://www.drupal.org/SA-CORE-2016-001
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-2541 (Audacity before 2.1.2 allows remote attackers to cause a denial of ser ...)
- audacity 2.1.2-1 (unimportant)
[jessie] - audacity <not-affected> (Vulnerable code not present)
@@ -25481,7 +25605,7 @@ CVE-2016-2538 (Multiple integer overflows in the USB Net device emulator (hw/usb
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303120
NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e (v2.6.0-rc0)
NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=6c9f886ceae5b998dc2b9af2bf77666941689bce (v0.10.0)
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/22/3
CVE-2016-2515 (Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause ...)
NOT-FOR-US: NodeJS Hawk
CVE-2016-2511 (Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier a ...)
@@ -25692,7 +25816,7 @@ CVE-2016-2410 (A Qualcomm video kernel driver in Android 6.x before 2016-04-01 a
NOT-FOR-US: Android
CVE-2016-2409 (A Texas Instruments (TI) haptic kernel driver in Android 6.x before 20 ...)
NOT-FOR-US: Android
-CVE-2016-2408 (An unspecified client-side component in Pulse Secure Desktop Client be ...)
+CVE-2016-2408 (Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service b ...)
NOT-FOR-US: Pulse Secure Desktop Client
CVE-2016-2407
REJECTED
@@ -25741,7 +25865,7 @@ CVE-2016-2393 (Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint b
NOT-FOR-US: Lenovo
CVE-2016-2389 (Directory traversal vulnerability in the GetFileList function in the S ...)
NOT-FOR-US: SAP
-CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4 allows remot ...)
+CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allo ...)
NOT-FOR-US: SAP
CVE-2016-2387 (Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy ...)
NOT-FOR-US: SAP
@@ -25767,7 +25891,7 @@ CVE-2016-2391 (The ohci_bus_start function in the USB OHCI emulation support (hw
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360 (v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/16/2
CVE-2016-2390 (The FwdState::connectedToPeer method in FwdState.cc in Squid before 3. ...)
- squid 4.1-1 (unimportant)
- squid3 3.5.14-1 (unimportant)
@@ -25983,7 +26107,7 @@ CVE-2016-2384 (Double free vulnerability in the snd_usbmidi_create function in s
- linux 4.4.2-1
- linux-2.6 <removed>
NOTE: Fixed by: https://git.kernel.org/linus/07d86ca93db7e5cdf4743564d98292042ec21af7 (v4.5-rc4)
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/14/2
NOTE: https://xairy.github.io/blog/2016/cve-2016-2384
CVE-2016-2383 (The adjust_branches function in kernel/bpf/verifier.c in the Linux ker ...)
- linux 4.4.2-1
@@ -25992,14 +26116,14 @@ CVE-2016-2383 (The adjust_branches function in kernel/bpf/verifier.c in the Linu
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/a1b14d27ed0965838350f1377ff97c93ee383492 (v4.5-rc4)
NOTE: Introduced by: https://git.kernel.org/linus/9bac3d6d548e5cc925570b263f35b70a00a00ffd (v4.1-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/14/1
CVE-2016-XXXX [exec functions ignore length but look for NULL termination]
- php5 5.6.18+dfsg-1
[jessie] - php5 5.6.19+dfsg-0+deb8u1
[wheezy] - php5 5.4.45-0+deb7u7
+ [squeeze] - php5 5.3.3.1-7+squeeze29
- php5.6 5.6.18+dfsg-1
- php7.0 7.0.3-1
- [squeeze] - php5 5.3.3.1-7+squeeze29
NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
NOTE: https://bugs.php.net/bug.php?id=71039
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305494
@@ -26019,13 +26143,13 @@ CVE-2016-XXXX [Integer overflow in iptcembed()]
- php5 5.6.18+dfsg-1
[jessie] - php5 5.6.19+dfsg-0+deb8u1
[wheezy] - php5 5.4.45-0+deb7u7
+ [squeeze] - php5 5.3.3.1-7+squeeze29
- php5.6 5.6.18+dfsg-1
- php7.0 7.0.3-1
- [squeeze] - php5 5.3.3.1-7+squeeze29
NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
NOTE: https://bugs.php.net/bug.php?id=71459
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305518
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886
NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
- hhvm 3.12.1+dfsg-1
NOTE: https://github.com/facebook/hhvm/commit/381702ffbfdae170ba3fff97d6cc1b9c69666854
@@ -26074,9 +26198,9 @@ CVE-2016-XXXX [NULL Pointer Dereference in phar_tar_setupmetadata()]
- php5 5.6.18+dfsg-1
[jessie] - php5 5.6.19+dfsg-0+deb8u1
[wheezy] - php5 5.4.45-0+deb7u7
+ [squeeze] - php5 5.3.3.1-7+squeeze29
- php5.6 5.6.18+dfsg-1
- php7.0 7.0.3-1
- [squeeze] - php5 5.3.3.1-7+squeeze29
NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
NOTE: https://bugs.php.net/bug.php?id=71391
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305540
@@ -26093,7 +26217,7 @@ CVE-2016-2554 (Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305543
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=07c7df68bd68bbe706371fccc77c814ebb335d9e
NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/22/5
CVE-2016-XXXX [Type confusion vulnerability in WDDX packet deserialization]
- php5 5.6.18+dfsg-1
[jessie] - php5 5.6.19+dfsg-0+deb8u1
@@ -26108,9 +26232,9 @@ CVE-2016-XXXX [Crash on bad SOAP request]
- php5 5.6.18+dfsg-1
[jessie] - php5 5.6.19+dfsg-0+deb8u1
[wheezy] - php5 5.4.45-0+deb7u7
+ [squeeze] - php5 5.3.3.1-7+squeeze29
- php5.6 5.6.18+dfsg-1
- php7.0 7.0.3-1
- [squeeze] - php5 5.3.3.1-7+squeeze29
NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
NOTE: https://bugs.php.net/bug.php?id=70979
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305551
@@ -26119,33 +26243,33 @@ CVE-2016-XXXX [Crash on bad SOAP request]
CVE-2016-2330 (libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a ...)
- ffmpeg 2.8.6-1
- libav <not-affected> (Libav not affected according to upstream)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
CVE-2016-2329 (libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate Ro ...)
- ffmpeg 2.8.6-1
- libav <not-affected> (Vulnerable code not present in any Libav version)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd
CVE-2016-2328 (libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate ...)
- ffmpeg 2.8.6-1
- libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718
CVE-2016-2327 (libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes i ...)
- ffmpeg 2.8.5-1
- libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971
CVE-2016-2326 (Integer overflow in the asf_write_packet function in libavformat/asfen ...)
{DSA-3506-1}
- ffmpeg 2.8.5-1
- libav <removed>
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2
CVE-2016-2325
RESERVED
CVE-2016-2324 (Integer overflow in Git before 2.7.4 allows remote attackers to execut ...)
{DSA-3521-1}
- git 1:2.8.0~rc3-1 (bug #818318)
NOTE: Removal of path_name: https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d (v2.8.0-rc0)
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/16/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/16/2
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=971328#c4
- cgit <not-affected> (path_name function from embedded git is not called)
CVE-2016-2323
@@ -26328,7 +26452,7 @@ CVE-2016-2313 (auth_login.php in Cacti before 0.8.8g allows remote authenticated
NOTE: http://bugs.cacti.net/view.php?id=2656
NOTE: Upstream fix: http://svn.cacti.net/viewvc?view=rev&revision=7770
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=965930
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/09/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/09/3
NOTE: Only exploitable in non default setup
CVE-2016-2312 (Turning all screens off in Plasma-workspace and kscreenlocker while th ...)
- plasma-workspace 4:5.4.3-2 (bug #814355)
@@ -26400,16 +26524,16 @@ CVE-2016-2218
RESERVED
CVE-2016-2224 (The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before ...)
{DLA-561-1}
- - uclibc <unfixed> (unimportant)
+ - uclibc 1.0.20-1 (unimportant; bug #990648)
NOTE: Just for cross-compiling, not used for actual packages
- NOTE: http://repo.or.cz/uclibc-ng.git/commit/d9c3a16dcab57d6b56225b9a67e9119cc9e2e4ac
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/05/2
+ NOTE: https://repo.or.cz/uclibc-ng.git/commit/d9c3a16dcab57d6b56225b9a67e9119cc9e2e4ac
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/05/2
CVE-2016-2225 (The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng bef ...)
{DLA-561-1}
- - uclibc <unfixed> (unimportant)
+ - uclibc 1.0.20-1 (unimportant; bug #990648)
NOTE: Just for cross-compiling, not used for actual packages
- NOTE: http://repo.or.cz/uclibc-ng.git/commit/6932f2282ba0578d6ca2f21eead920d6b78bc93c
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/05/2
+ NOTE: https://repo.or.cz/uclibc-ng.git/commit/6932f2282ba0578d6ca2f21eead920d6b78bc93c
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/05/2
CVE-2016-2216 (The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 ...)
- nodejs 4.3.0~dfsg-1 (unimportant)
NOTE: libv8 is not covered by security support
@@ -26481,7 +26605,7 @@ CVE-2016-2228 (Cross-site scripting (XSS) vulnerability in horde/templates/topba
NOTE: http://lists.horde.org/archives/announce/2016/001140.html
NOTE: https://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99a0
NOTE: https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/06/4
CVE-2016-7028
REJECTED
CVE-2016-2199 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Orga ...)
@@ -26490,7 +26614,7 @@ CVE-2016-2213 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in
- ffmpeg 7:2.8.6-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4
CVE-2016-2196 (Heap-based buffer overflow in the P-521 reduction function in Botan 1. ...)
- botan1.10 <not-affected> (Introduced in 1.11.10)
NOTE: Introduced in 1.11.10, fixed in 1.11.27
@@ -26519,7 +26643,7 @@ CVE-2016-2191 (The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG befo
{DSA-3546-1}
- optipng 0.7.6-1 (bug #820068)
NOTE: https://sourceforge.net/p/optipng/bugs/59/
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/04/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/04/2
CVE-2016-2190 (Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x ...)
- moodle 2.7.13+dfsg-1
CVE-2016-2189
@@ -26680,15 +26804,13 @@ CVE-2016-2150 (SPICE allows local guest OS users to read from or write to arbitr
CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to ...)
NOT-FOR-US: OpenShift
CVE-2016-2148 (Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox befo ...)
- {DLA-1445-1}
+ {DLA-2559-1 DLA-1445-1}
- busybox 1:1.27.2-1 (bug #818497)
- [stretch] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE: https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2
CVE-2016-2147 (Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 ...)
- {DLA-1445-1}
+ {DLA-2559-1 DLA-1445-1}
- busybox 1:1.27.2-1 (bug #818499)
- [stretch] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE: https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87
CVE-2016-2146 (The am_read_post_data function in mod_auth_mellon before 0.11.1 does n ...)
@@ -26709,6 +26831,7 @@ CVE-2016-2142 (Red Hat OpenShift Enterprise 3.1 uses world-readable permissions
NOT-FOR-US: OpenShift
CVE-2016-2141 (JGroups before 4.0 does not require the proper headers for the ENCRYPT ...)
- libjgroups-java <unfixed> (low; bug #867493)
+ [bullseye] - libjgroups-java <ignored> (Minor issue, only used as build dep)
[buster] - libjgroups-java <ignored> (Minor issue, only used as build dep)
[stretch] - libjgroups-java <ignored> (Minor issue, only used as build dep)
[jessie] - libjgroups-java <no-dsa> (Minor issue)
@@ -26754,8 +26877,12 @@ CVE-2016-2125 (It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 alwa
- samba 2:4.5.2+dfsg-2
NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
-CVE-2016-2124
- RESERVED
+CVE-2016-2124 (A flaw was found in the way samba implemented SMB1 authentication. An ...)
+ {DSA-5003-1}
+ - samba 2:4.13.14+dfsg-1
+ [buster] - samba <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12444
+ NOTE: https://www.samba.org/samba/security/CVE-2016-2124.html
CVE-2016-2123 (A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine n ...)
{DSA-3740-1}
- samba 2:4.5.2+dfsg-2
@@ -26789,11 +26916,11 @@ CVE-2016-2117 (The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2
- linux 4.5.2-1
[wheezy] - linux <not-affected> (Issue introduced with v3.10-rc1)
NOTE: Introduced in https://git.kernel.org/linus/ec5f061564238892005257c83565a0b58ec79295 (v3.10-rc1)
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/16/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/16/7
CVE-2016-2116 (Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900. ...)
{DSA-3508-1}
- jasper <removed> (bug #816626)
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/03/12
CVE-2016-2115 (Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before ...)
{DSA-3548-1}
- samba 2:4.3.7+dfsg-1
@@ -26892,20 +27019,20 @@ CVE-2016-2533 (Buffer overflow in the ImagingPcdDecode function in PcdDecode.c i
- python-imaging <removed>
[wheezy] - python-imaging 1.1.7-4+deb7u2
NOTE: https://github.com/python-pillow/Pillow/pull/1706
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/02/5
NOTE: https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4
CVE-2016-2221 (Open redirect vulnerability in the wp_validate_redirect function in wp ...)
{DSA-3472-1 DLA-418-1}
- wordpress 4.4.2+dfsg-1 (bug #813697)
NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
NOTE: https://core.trac.wordpress.org/changeset/36444
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/04/4
CVE-2016-2222 (The wp_http_validate_url function in wp-includes/http.php in WordPress ...)
{DSA-3472-1 DLA-418-1}
- wordpress 4.4.2+dfsg-1 (bug #813697)
NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
NOTE: https://core.trac.wordpress.org/changeset/36435
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/04/4
CVE-2016-2217 (The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does ...)
- socat 1.7.3.1-1 (bug #813536)
[jessie] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
@@ -26914,7 +27041,7 @@ CVE-2016-2217 (The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8
NOTE: The issues is about "In the OpenSSL address implementation the hard coded 1024 bit DH
NOTE: p parameter was not prime.". Upstream has generated new parametes (and made it 2048
NOTE: bit long.
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/01/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/01/4
NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv7.html
CVE-2016-5114 (sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and ...)
{DLA-628-1}
@@ -26924,7 +27051,7 @@ CVE-2016-5114 (sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17,
NOTE: https://bugs.php.net/bug.php?id=70755
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=2721a0148649e07ed74468f097a28899741eb58f
NOTE: http://seclists.org/bugtraq/2016/Jan/117
- NOTE: http://www.openwall.com/lists/oss-security/2016/02/02/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/02/02/4
CVE-2016-3197
REJECTED
CVE-2016-2092
@@ -26945,7 +27072,7 @@ CVE-2016-2197 (QEMU (aka Quick Emulator) built with an IDE AHCI emulation suppor
- qemu-kvm <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=99b4cb71069f109b79b27bc629fc0cf0886dbc4b (v2.6.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302057
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/29/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/29/2
NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3d8e1138cd0c843d6fd75272633a31be6554ef (v2.3.0-rc2)
CVE-2016-2088 (resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cook ...)
- bind9 <not-affected> (Introduced in Bind 9.10)
@@ -26971,7 +27098,7 @@ CVE-2016-2091 (The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdw
{DLA-669-1}
- dwarfutils 20160507-1 (bug #813148)
[jessie] - dwarfutils 20120410-2+deb8u1
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/19/3
NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/9565964f26966d8391fe2cfa8e6e8e59278c5f91
CVE-2016-2090 (Off-by-one vulnerability in the fgetwln function in libbsd before 0.8. ...)
{DLA-2052-1}
@@ -27029,13 +27156,13 @@ CVE-2016-XXXX [out of bound read and write issues]
[wheezy] - giflib <no-dsa> (Minor issue)
[squeeze] - giflib <no-dsa> (Minor issue)
NOTE: http://sourceforge.net/p/giflib/bugs/82/
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/01/26/5
NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/
CVE-2016-2073 (The htmlParseNameComplex function in HTMLparser.c in libxml2 allows at ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1 (bug #812807)
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/26/8 has details
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/25/6
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/26/8 has details
NOTE: Same fix as CVE-2016-1839 and CVE-2015-8806
CVE-2016-2070 (The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux k ...)
- linux 4.3.5-1
@@ -27160,7 +27287,7 @@ CVE-2016-2069 (Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.
{DSA-3503-1 DLA-412-1}
- linux 4.3.5-1
- linux-2.6 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/25/1
NOTE: https://git.kernel.org/linus/71b3c126e61177eb693423f2e18a1914205b165e (v4.5-rc1)
NOTE: https://git.kernel.org/linus/4eaffdd5a5fe6ff9f95e1ab4de1ac904d5e0fa8b (v4.5-rc1)
CVE-2016-2053 (The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kerne ...)
@@ -27174,7 +27301,7 @@ CVE-2016-2053 (The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux
CVE-2016-2049 (examples/consumer/common.php in JanRain PHP OpenID library (aka php-op ...)
- php-openid <unfixed> (unimportant)
NOTE: sample code only, actual vulnerable code not shipped in package
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/24/2
NOTE: https://github.com/openid/php-openid/issues/128
CVE-2016-2047 (The ssl_verify_server_cert function in sql-common/client.c in MariaDB ...)
{DSA-3557-1 DSA-3453-1 DLA-447-1}
@@ -27294,10 +27421,10 @@ CVE-2016-1980
CVE-2016-1979 (Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndRet ...)
{DSA-3688-1 DSA-3576-1 DLA-480-1 DLA-472-1}
- iceweasel <removed>
- - firefox-esr 45.0esr-1
- - firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+ - firefox-esr 45.0esr-1
+ - firefox 45.0-1
- icedove 38.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/
- nss 2:3.21-1
@@ -27332,10 +27459,10 @@ CVE-2016-1974 (The nsScannerString::AppendUnicodeTo function in Mozilla Firefox
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/
CVE-2016-1973 (Race condition in the GetStaticInstance function in the WebRTC impleme ...)
- iceweasel <removed>
- - firefox-esr 45.0esr-1
- - firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+ - firefox-esr 45.0esr-1
+ - firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/
CVE-2016-1972 (Race condition in libvpx in Mozilla Firefox before 45.0 on Windows mig ...)
- iceweasel <not-affected> (Windows-specific)
@@ -27353,19 +27480,19 @@ CVE-2016-1969 (The setAttr function in Graphite 2 before 1.3.6, as used in Mozil
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/
CVE-2016-1968 (Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, a ...)
- iceweasel <removed>
- - firefox-esr 45.0esr-1
- - firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+ - firefox-esr 45.0esr-1
+ - firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/
- brotli 0.3.0+dfsg-3 (bug #817233)
NOTE: https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
CVE-2016-1967 (Mozilla Firefox before 45.0 does not properly restrict the availabilit ...)
- iceweasel <removed>
- - firefox-esr 45.0esr-1
- - firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+ - firefox-esr 45.0esr-1
+ - firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/
CVE-2016-1966 (The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRu ...)
{DSA-3520-1 DSA-3510-1}
@@ -27389,10 +27516,10 @@ CVE-2016-1964 (Use-after-free vulnerability in the AtomicBaseIncDec function in
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/
CVE-2016-1963 (The FileReader class in Mozilla Firefox before 45.0 allows local users ...)
- iceweasel <removed>
- - firefox-esr 45.0esr-1
- - firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+ - firefox-esr 45.0esr-1
+ - firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/
CVE-2016-1962 (Use-after-free vulnerability in the mozilla::DataChannelConnection::Cl ...)
{DSA-3520-1 DSA-3510-1}
@@ -27437,17 +27564,17 @@ CVE-2016-1957 (Memory leak in libstagefright in Mozilla Firefox before 45.0 and
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/
CVE-2016-1956 (Mozilla Firefox before 45.0 on Linux, when an Intel video driver is us ...)
- iceweasel <removed>
- - firefox-esr 45.0esr-1
- - firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+ - firefox-esr 45.0esr-1
+ - firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/
CVE-2016-1955 (Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ...)
- iceweasel <removed>
- - firefox-esr 45.0esr-1
- - firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+ - firefox-esr 45.0esr-1
+ - firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/
CVE-2016-1954 (The nsCSPContext::SendReports function in dom/security/nsCSPContext.cp ...)
{DSA-3520-1 DSA-3510-1}
@@ -27458,10 +27585,10 @@ CVE-2016-1954 (The nsCSPContext::SendReports function in dom/security/nsCSPConte
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/
CVE-2016-1953 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <removed>
- - firefox-esr 45.0esr-1
- - firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
+ - firefox-esr 45.0esr-1
+ - firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
CVE-2016-1952 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-3510-1}
@@ -27489,11 +27616,11 @@ CVE-2016-1950 (Heap-based buffer overflow in Mozilla Network Security Services (
NOTE: NSS fixed in 3.21.1
CVE-2016-1949 (Mozilla Firefox before 44.0.2 does not properly restrict the interacti ...)
- iceweasel <removed>
- - firefox-esr 45.0esr-1
- - firefox 45.0-1
[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
+ - firefox-esr 45.0esr-1
+ - firefox 45.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/
CVE-2016-1948 (Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is u ...)
- iceweasel <not-affected> (Only affects Firefox for Android)
@@ -27613,12 +27740,12 @@ CVE-2016-1983 (The client_host function in parsers.c in Privoxy before 3.0.24 al
{DSA-3460-1 DLA-398-1}
- privoxy 3.0.24-1
NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/21/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/21/4
CVE-2016-1982 (The remove_chunked_transfer_coding function in filters.c in Privoxy be ...)
{DSA-3460-1 DLA-398-1}
- privoxy 3.0.24-1
NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/21/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/21/4
CVE-2016-1926 (Cross-site scripting (XSS) vulnerability in the charts module in Green ...)
NOT-FOR-US: Greenbone Security Assistant
CVE-2016-1921
@@ -27654,11 +27781,11 @@ CVE-2016-1981 (QEMU (aka Quick Emulator) built with the e1000 NIC emulation supp
NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html
NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7c23b8920329180f48b8a147b629d8837709d201 (v0.10.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298570
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/10
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/19/10
CVE-2016-2037 (The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remo ...)
{DSA-3483-1 DLA-415-1}
- cpio 2.11+dfsg-5 (bug #812401)
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/4
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/19/4
NOTE: To reproduce and uncover the issue with unstable version compile with ASAN
NOTE: Patch: https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
NOTE: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b
@@ -27666,7 +27793,7 @@ CVE-2016-2050 (The get_abbrev_array_info function in libdwarf-20151114 allows re
{DLA-669-1}
- dwarfutils 20160507+git20160523.9086738-1 (unimportant)
[jessie] - dwarfutils 20120410-2+deb8u1
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/9
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/19/9
NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/a05f5e2ae6a5f34daa566975894fc2803d6ec684
NOTE: Reasoning for "unimportant" severity: The affected source code is present
NOTE: in dwarfdump/, but in the binary package is installed dwarfdump2/ .
@@ -27676,7 +27803,7 @@ CVE-2016-XXXX [Multiple minor security issues]
- imagemagick 8:6.8.9.9-7 (bug #811308)
[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/02/22/4
CVE-2016-1925 (Integer underflow in header.c in lha allows remote attackers to have u ...)
- lha <removed> (unimportant)
NOTE: Non-free not supported
@@ -28722,6 +28849,7 @@ CVE-2016-1586 (A malicious webview could install long-lived unload handlers that
NOT-FOR-US: Oxide
CVE-2016-1585 (In all versions of AppArmor mount rules are accidentally widened when ...)
- apparmor <unfixed> (low; bug #929990)
+ [bullseye] - apparmor <ignored> (Minor overall security impact)
[buster] - apparmor <ignored> (Minor overall security impact)
[stretch] - apparmor <ignored> (Minor overall security impact)
[jessie] - apparmor <ignored> (Minor overall security impact)
@@ -28751,7 +28879,7 @@ CVE-2016-1578 (Use-after-free vulnerability in Oxide allows remote attackers to
CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function in Ja ...)
{DSA-3508-1}
- jasper <removed> (bug #816625)
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/03/12
CVE-2016-1576 (The overlayfs implementation in the Linux kernel through 4.5.2 does no ...)
- linux 4.5.1-1
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -28796,11 +28924,11 @@ CVE-2016-1567 (chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer asso
NOTE: Fix for 2.x http://git.tuxfamily.org/chrony/chrony.git/commit/?id=a78bf9725a7b481ebff0e0c321294ba767f2c1d8
NOTE: Fix for 1.x http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=df46e5ca5d70be1c0ae037f96b4b038362703832
CVE-2016-1566 (Cross-site scripting (XSS) vulnerability in the file browser in Guacam ...)
- - guacamole-client <unfixed> (bug #859136)
- [stretch] - guacamole-client <no-dsa> (Minor issue)
- [jessie] - guacamole-client <not-affected> (Vulnerable code not present)
+ - guacamole-client <not-affected> (Vulnerable code never present in released Debian version, cf #859136)
- guacamole <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://github.com/glyptodon/guacamole-client/commit/7da13129c432d1c0a577342a9bf23ca2bde9c367
+ NOTE: The Debian released versions never contained the broken code in guacFileBrowser.js
+ NOTE: in a released version.
CVE-2016-1565 (Cross-site scripting (XSS) vulnerability in the Field Group module 7.x ...)
NOT-FOR-US: Field Group module for Drupal
CVE-2016-1714 (The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg. ...)
@@ -28811,7 +28939,7 @@ CVE-2016-1714 (The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296060
NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/7
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/11/7
NOTE: fw_cfg support for guest-side data writes removed in 2.4 (1:2.4+dfsg-1a)
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=023e3148567ac898c7258138f8e86c3c2bb40d07 (v2.4.0-rc0)
NOTE: fw_cfg_read removed in: http://git.qemu.org/?p=qemu.git;a=commit;h=6c8d56a2e95712a6206a2671d2b04b2e59cabc0b
@@ -28821,7 +28949,7 @@ CVE-2016-1569 (FireBird 2.5.5 allows remote authenticated users to cause a denia
[wheezy] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
[squeeze] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
NOTE: http://tracker.firebirdsql.org/browse/CORE-5068
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/10/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/10/2
CVE-2016-1568 (Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with ...)
{DSA-3471-1 DSA-3470-1 DSA-3469-1}
- qemu 1:2.5+dfsg-2 (bug #810527)
@@ -28831,7 +28959,7 @@ CVE-2016-1568 (Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built
NOTE: Fixed by: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html
NOTE: ahci emulation added in: http://git.qemu.org/?p=qemu.git;a=commit;h=f6ad2e32f8d833c7f1c75dc084a84a8f02704d64 (v0.14.0-rc0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288532
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/09/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/09/1
CVE-2016-1563 (NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certi ...)
NOT-FOR-US: NetApp
CVE-2016-1562 (The REST API in the DTE Energy Insight application before 1.7.8 for An ...)
@@ -28993,10 +29121,9 @@ CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of service
NOTE: https://arxiv.org/pdf/1701.04739.pdf
NOTE: https://github.com/opencv/opencv/issues/5956
CVE-2016-1516 (OpenCV 3.0.0 has a double free issue that allows attackers to execute ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872043)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://arxiv.org/pdf/1701.04739.pdf
NOTE: https://github.com/opencv/opencv/issues/5956
CVE-2016-1515
@@ -29041,14 +29168,14 @@ CVE-2016-1564 (Multiple cross-site scripting (XSS) vulnerabilities in wp-include
NOTE: https://core.trac.wordpress.org/changeset/36185
NOTE: https://wpvulndb.com/vulnerabilities/8358
NOTE: https://twitter.com/brutelogic/status/685105483397619713
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/08/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/08/3
CVE-2016-1503 (dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x befor ...)
- dhcpcd5 6.10.1-1 (bug #810621)
[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
[wheezy] - dhcpcd5 <not-affected> (Vulnerable code not present)
- dhcpcd <not-affected> (Vulnerable code not present)
NOTE: https://dev.marples.name/rDHC1475a702df74b120db847991bc011e3441a045b8
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/07/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/07/3
NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions.
CVE-2016-1504 (dhcpcd before 6.10.0 allows remote attackers to cause a denial of serv ...)
- dhcpcd5 6.10.1-1 (bug #810620)
@@ -29057,12 +29184,12 @@ CVE-2016-1504 (dhcpcd before 6.10.0 allows remote attackers to cause a denial of
- dhcpcd <not-affected> (Vulnerable code not present)
[squeeze] - dhcpcd <not-affected> (Vulnerable code not present)
NOTE: https://dev.marples.name/rDHC33c03b26c01201152774ef92e7b773281b8d8443
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/07/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/07/3
NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions.
CVE-2016-XXXX [Missing normalization]
- ruby-rack-attack 4.3.1-1
NOTE: https://github.com/kickstarter/rack-attack/commit/76c2e3143099d938883ae5654527b47e9e6a8977
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/07/1
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2016/01/07/1
CVE-2016-1501 (ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authe ...)
- owncloud 7.0.12~dfsg-2
[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
@@ -29618,7 +29745,7 @@ CVE-2016-1249 (The DBD::mysql module before 4.039 for Perl, when using server-si
[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue)
[wheezy] - libdbd-mysql-perl <no-dsa> (Minor issue)
NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe (4.039)
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/16/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/16/1
CVE-2016-1248 (vim before patch 8.0.0056 does not properly validate values for the 'f ...)
{DSA-3722-1 DLA-718-1}
- vim 2:8.0.0095-1
@@ -29659,11 +29786,10 @@ CVE-2016-1240 (The Tomcat init script in the tomcat7 package before 7.0.56-3+deb
- tomcat7 7.0.70-3
- tomcat6 6.0.41-3
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
-CVE-2016-1239 [loads arbitrary code from the current untrusted directory]
- RESERVED
+CVE-2016-1239 (duck before 0.10 did not properly handle loading of untrusted code fro ...)
- duck 0.10
[jessie] - duck 0.7+deb8u1
- NOTE: https://anonscm.debian.org/cgit/collab-maint/duck.git/commit/?id=b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10)
+ NOTE: https://salsa.debian.org/debian/duck/-/commit/b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10)
CVE-2016-1238 ((1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) ...)
{DSA-3628-1 DLA-1578-1 DLA-584-1 DLA-565-1}
- perl 5.22.2-3
@@ -29683,7 +29809,7 @@ CVE-2016-1237 (nfsd in the Linux kernel through 4.6.3 allows local users to bypa
CVE-2016-1236 (Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.ph ...)
{DSA-3572-1 DLA-462-1}
- websvn <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/22
+ NOTE: https://www.openwall.com/lists/oss-security/2016/05/05/22
CVE-2016-1235 (The oarsh script in OAR before 2.5.7 allows remote authenticated users ...)
{DSA-3543-1}
- oar 2.5.7-1 (bug #819952)
@@ -30334,7 +30460,7 @@ CVE-2016-1922 (QEMU (aka Quick Emulator) built with the TPR optimization for 32-
[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283934
- NOTE: http://www.openwall.com/lists/oss-security/2016/01/16/1
+ NOTE: https://www.openwall.com/lists/oss-security/2016/01/16/1
NOTE: Possibly introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=4917cf44326a1bda2fd7f27303aff7a25ad86518 (v1.6.0-rc0)
NOTE: kvmapic introduced after 1.0.50 (http://git.qemu.org/?p=qemu.git;a=commit;h=e5ad936b0fd7dfd7fd7908be6f9f1ca88f63b96b)
CVE-2016-0930 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before ...)
@@ -30855,11 +30981,11 @@ CVE-2016-0746 (Use-after-free vulnerability in the resolver in nginx 0.6.18 thro
NOTE: https://github.com/nginx/nginx/commit/4b581a7c21e4328d059bf400a059c0458fc9f806 (release-1.9.10)
NOTE: https://github.com/nginx/nginx/commit/a3d42258d97ebd0b638c20976654d3edfbaf943f (release-1.9.10)
CVE-2016-0745
- RESERVED
+ REJECTED
CVE-2016-0744
- RESERVED
+ REJECTED
CVE-2016-0743
- RESERVED
+ REJECTED
CVE-2016-0742 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remo ...)
{DSA-3473-1 DLA-404-1}
- nginx 1.9.10-1 (bug #812806)
@@ -31281,7 +31407,7 @@ CVE-2016-0635 (Unspecified vulnerability in the Enterprise Manager Ops Center co
CVE-2016-0634 (The expansion of '\h' in the prompt string in bash 4.3 allows remote a ...)
- bash 4.4-1 (unimportant)
[jessie] - bash 4.3-11+deb8u1
- NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/8
+ NOTE: https://www.openwall.com/lists/oss-security/2016/09/16/8
NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
NOTE: Fixed bin Bash upstream bash-4.4
NOTE: This doesn't cross any reasonable security boundaries, an attacker with the
@@ -32666,39 +32792,39 @@ CVE-2016-1000033 (Shotwell version 0.22.0 (and possibly other versions) is vulne
[jessie] - shotwell <no-dsa> (Minor issue)
[wheezy] - shotwell <no-dsa> (Minor issue)
[squeeze] - shotwell <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/12/04/4
+ NOTE: https://www.openwall.com/lists/oss-security/2015/12/04/4
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=754488
CVE-2016-4353 (ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder ...)
- libksba 1.3.3-1 (low)
[jessie] - libksba 1.3.2-1+deb8u1
[wheezy] - libksba <no-dsa> (Minor issue)
[squeeze] - libksba <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/5
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a
CVE-2016-4355 (Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 al ...)
- libksba 1.3.3-1 (low)
[jessie] - libksba 1.3.2-1+deb8u1
[wheezy] - libksba <no-dsa> (Minor issue)
[squeeze] - libksba <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/5
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
CVE-2016-4354 (ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data t ...)
- libksba 1.3.3-1 (low)
[jessie] - libksba 1.3.2-1+deb8u1
[wheezy] - libksba <no-dsa> (Minor issue)
[squeeze] - libksba <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/5
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
CVE-2016-4356 (The append_utf8_value function in the DN decoder (dn.c) in Libksba bef ...)
- libksba 1.3.3-1 (low)
[jessie] - libksba 1.3.2-1+deb8u1
[wheezy] - libksba <no-dsa> (Minor issue)
[squeeze] - libksba <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
- NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
+ NOTE: https://www.openwall.com/lists/oss-security/2015/04/13/5
+ NOTE: https://www.openwall.com/lists/oss-security/2016/04/29/5
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
CVE-2016-9675 (openjpeg: A heap-based buffer overflow flaw was found in the patch for ...)
- openjpeg 1.5.2-1
@@ -32717,4 +32843,4 @@ CVE-2016-2856 (pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jes
[jessie] - glibc 2.19-18+deb8u4
NOTE: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403
NOTE: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958
- NOTE: http://www.openwall.com/lists/oss-security/2016/03/07/2
+ NOTE: https://www.openwall.com/lists/oss-security/2016/03/07/2
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 63540ca902..dcb1defe6c 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,176 @@
+CVE-2017-20016
+ RESERVED
+CVE-2017-20015
+ RESERVED
+CVE-2017-20014
+ RESERVED
+CVE-2017-20013
+ RESERVED
+CVE-2017-20012
+ RESERVED
+CVE-2017-20011
+ RESERVED
+CVE-2017-20010
+ RESERVED
+ NOT-FOR-US: MODX Revolution
+CVE-2017-20009
+ RESERVED
+ NOT-FOR-US: MODX Revolution
+CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...)
+ NOT-FOR-US: Ingeteam INGEPAC DA AU
+CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack:: ...)
+ - unrar-nonfree 1:5.6.6-1
+ [stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373
+ NOTE: https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml
+CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow for years that exceed four d ...)
+ {DLA-2680-1}
+ - nginx 1.13.6-1
+ NOTE: https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf
+ NOTE: https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b
+ NOTE: https://trac.nginx.org/nginx/ticket/1368
+CVE-2017-20004 (In the standard library in Rust before 1.19.0, there is a synchronizat ...)
+ - rustc 1.19.0+dfsg3-2
+ NOTE: https://github.com/rust-lang/rust/issues/41622
+ NOTE: https://github.com/rust-lang/rust/pull/41624
+CVE-2017-20003
+ REJECTED
+CVE-2017-20002 (The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists ...)
+ {DLA-2596-1}
+ - shadow 1:4.5-1 (bug #914957)
+ NOTE: Introduced in attempt to address #830255 in 1:4.4-2
+CVE-2017-20001 (The AES encryption project 7.x and 8.x for Drupal does not sufficientl ...)
+ NOT-FOR-US: AES encryption project for Drupal
+CVE-2017-18926 (raptor_xml_writer_start_element_common in raptor_xml_writer.c in Rapto ...)
+ {DSA-4785-1 DLA-2438-1}
+ - raptor <removed>
+ - raptor2 2.0.14-1.1 (bug #973889)
+ NOTE: Fixed by: https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/07/1
+CVE-2017-18925 (opentmpfiles through 0.3.1 allows local users to take ownership of arb ...)
+ - opentmpfiles <removed> (bug #973242)
+ NOTE: https://github.com/OpenRC/opentmpfiles/issues/4
+CVE-2017-18924 (** DISPUTED ** oauth2-server (aka node-oauth2-server) through 3.1.1 im ...)
+ NOT-FOR-US: node-oauth2-server
+CVE-2017-18923 (beroNet VoIP Gateways before 3.0.16 have a PHP script that allows down ...)
+ NOT-FOR-US: beroNet
+CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9.12 di ...)
+ - libvncserver 0.9.12+dfsg-3
+ [buster] - libvncserver <ignored> (Required change too invasive, minor issue)
+ [stretch] - libvncserver <ignored> (Required change too invasive, minor issue)
+ NOTE: https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/30/2
+CVE-2017-18921 (An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. X ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18920 (An issue was discovered in Mattermost Server before 3.6.2. The WebSock ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18919 (An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. A ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18918 (An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18917 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18916 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18915 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18914 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18913 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18912 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18911 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18910 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18909 (An issue was discovered in Mattermost Server before 3.9.0 when SAML is ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18908 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18907 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18906 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18905 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18904 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18903 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18902 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18901 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18900 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18899 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18898 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18897 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18896 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18895 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18894 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18893 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18892 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18891 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18890 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18889 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18888 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18887 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18886 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18885 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18884 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18883 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18882 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18881 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18880 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18879 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18878 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18877 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18876 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18875 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18874 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18873 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18872 (An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. A ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18871 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18870 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2017-18869 (A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 co ...)
+ - node-chownr 1.1.1-1 (bug #909024)
+ NOTE: https://github.com/isaacs/chownr/issues/14
+ NOTE: https://snyk.io/vuln/npm:chownr:20180731
CVE-2017-18868 (Digi XBee 2 devices do not have an effective protection mechanism agai ...)
NOT-FOR-US: Digi XBee 2 devices
CVE-2017-18867 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
@@ -453,7 +626,9 @@ CVE-2017-18643 (An issue was discovered on Samsung mobile devices with M(6.x) an
CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB parameters ove ...)
NOT-FOR-US: Syska Smart Bulb devices
CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext HTTP, a ...)
- - lxc-templates <unfixed>
+ - lxc-templates <unfixed> (bug #988730)
+ [bullseye] - lxc-templates <ignored> (Minor issue)
+ [buster] - lxc-templates <ignored> (Minor issue)
- lxc 1:3.0.3-1 (low)
[stretch] - lxc <no-dsa> (Minor issue)
[jessie] - lxc <ignored> (https://lists.debian.org/debian-lts/2020/02/msg00102.html)
@@ -473,9 +648,8 @@ CVE-2017-18640 (The Alias feature in SnakeYAML 1.18 allows entity expansion duri
CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : ...)
NOT-FOR-US: Progress Sitefinity CMS
CVE-2017-1002201 (In haml versions prior to version 5.0.0.beta.2, when using user input ...)
- {DLA-1986-1}
+ {DLA-2864-1 DLA-1986-1}
- ruby-haml 5.0.4-1
- [stretch] - ruby-haml <no-dsa> (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-RUBY-HAML-20362
NOTE: https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
CVE-2017-18638 (send_email in graphite-web/webapp/graphite/composer/views.py in Graphi ...)
@@ -490,9 +664,8 @@ CVE-2017-18637
CVE-2017-18636 (CDG through 2017-01-01 allows downloadDocument.jsp?command=download&am ...)
NOT-FOR-US: CDG
CVE-2017-18635 (An XSS vulnerability was discovered in noVNC before 0.6.2 in which the ...)
- {DLA-1946-1}
+ {DLA-2854-1 DLA-1946-1}
- novnc 1:1.0.0-1
- [stretch] - novnc <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/horizon/+bug/1656435
NOTE: https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
NOTE: https://github.com/novnc/noVNC/issues/748
@@ -1062,6 +1235,7 @@ CVE-2017-18369 (The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnl
CVE-2017-18368 (The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 rou ...)
NOT-FOR-US: ZyXEL
CVE-2017-18367 (libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR ...)
+ {DLA-2320-1}
- golang-github-seccomp-libseccomp-golang 0.9.0-2 (bug #927981)
NOTE: https://github.com/seccomp/libseccomp-golang/issues/22
NOTE: https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e
@@ -1088,9 +1262,8 @@ CVE-2017-18360 (In change_port_settings in drivers/usb/serial/io_ti.c in the Lin
[jessie] - linux 3.16.48-1
NOTE: Fixed by: https://git.kernel.org/linus/6aeb75e6adfaed16e58780309613a578fe1ee90b
CVE-2017-18359 (PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attac ...)
- {DLA-1653-1}
+ {DLA-2857-1 DLA-1653-1}
- postgis 2.3.3+dfsg-1 (low)
- [stretch] - postgis <no-dsa> (Minor issue)
NOTE: https://trac.osgeo.org/postgis/ticket/3704
NOTE: https://trac.osgeo.org/postgis/changeset/15444
NOTE: https://trac.osgeo.org/postgis/changeset/15445
@@ -1124,6 +1297,7 @@ CVE-2017-18347 (Incorrect access control in RDP Level 1 on STMicroelectronics ST
NOT-FOR-US: STMicroelectronics STM32F0 series devices
CVE-2017-1000600 (WordPress version &lt;4.9 contains a CWE-20 Input Validation vulnerabi ...)
- wordpress 4.9.1+dfsg-1
+ [stretch] - wordpress <postponed> (requires authenticated user, root cause in PHP phar:// unserialization and requires thorough application-level checks, no upstream patch)
[jessie] - wordpress <postponed> (requires authenticated user, root cause in PHP phar:// unserialization and requires thorough application-level checks, no upstream patch)
NOTE: https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/
NOTE: https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf
@@ -1294,9 +1468,8 @@ CVE-2017-18275 (A new account can be inserted into simContacts service using And
CVE-2017-18274 (While iterating through the models contained in a fixed-size array in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...)
- {DLA-1785-1 DLA-1381-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/910
NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8fcb59e9e1d1189caf2e0f5e39346944dcd6b9d
CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-fr ...)
@@ -1307,9 +1480,8 @@ CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-af
NOTE: https://github.com/ImageMagick/ImageMagick/issues/918
NOTE: https://github.com/ImageMagick/ImageMagick/commit/93d029b70ac766ce0b5d7261a2dd334535f48038
CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulner ...)
- {DLA-1785-1 DLA-1381-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1381-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/911
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7523250e2664028aa1d8f02d2d7ae49c769a851e
CVE-2017-18269 (An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686 ...)
@@ -1328,10 +1500,9 @@ CVE-2017-18270 (In the Linux kernel before 4.13.5, a local user could create key
CVE-2017-18268 (Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Ble ...)
NOT-FOR-US: Symantec
CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler thr ...)
- {DLA-1562-1}
+ {DLA-2287-1 DLA-1562-1}
[experimental] - poppler 0.65.0-1
- poppler 0.69.0-2 (bug #898357)
- [stretch] - poppler <no-dsa> (Minor issue)
[wheezy] - poppler <ignored> (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=104942
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103238
@@ -1376,11 +1547,10 @@ CVE-2017-18257 (The __get_data_block function in fs/f2fs/data.c in the Linux ker
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/b86e33075ed1909d8002745b56ecf73b833db143
CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote ...)
- {DLA-1524-1}
+ {DLA-2369-1 DLA-1524-1}
[experimental] - libxml2 2.9.7+dfsg-1
- libxml2 2.9.10+dfsg-2 (low; bug #895245)
- [buster] - libxml2 <no-dsa> (Minor issue)
- [stretch] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
[wheezy] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=786696
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
@@ -1403,8 +1573,8 @@ CVE-2017-18253 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer der
NOTE: https://github.com/ImageMagick/ImageMagick/issues/794
NOTE: https://github.com/ImageMagick/ImageMagick/commit/de5deab202c340162b65f65bafbbe17b1eda2c1a
CVE-2017-18252 (An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList fun ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/802
@@ -1425,7 +1595,7 @@ CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux kernel
[stretch] - linux 4.9.144-1
[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
[wheezy] - linux <not-affected> (Vulnerable code not present)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: Fixed by: https://git.kernel.org/linus/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-B ...)
{DLA-1412-1 DLA-1387-1}
@@ -1516,7 +1686,7 @@ CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux kerne
[stretch] - linux <ignored> (Minor issue)
[jessie] - linux <ignored> (Minor issue)
[wheezy] - linux <not-affected> (Vulnerability introduced later)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: Fixed by: https://git.kernel.org/linus/0558f33c06bb910e2879e355192227a8e8f0219d
CVE-2017-18231 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer deref ...)
{DSA-4321-1 DLA-1456-1 DLA-1322-1}
@@ -1539,6 +1709,7 @@ CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect certificate validation fo
NOT-FOR-US: TitanHQ WebTitan Gateway
CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of ...)
- jabberd2 <unfixed> (low; bug #902783)
+ [bullseye] - jabberd2 <ignored> (Minor issue, default init system not affected)
[buster] - jabberd2 <ignored> (Minor issue, default init system not affected)
[stretch] - jabberd2 <ignored> (Minor issue, default init system not affected)
NOTE: https://bugs.gentoo.org/631068
@@ -1599,10 +1770,12 @@ CVE-2017-18214 (The moment module before 2.19.3 for Node.js is prone to a regula
NOTE: https://nodesecurity.io/advisories/532
NOTE: nodejs not covered by security support
CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
- NOT-FOR-US: JerryScript
+ - iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/2140
CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was fou ...)
+ {DLA-2366-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <not-affected> (vulnerable code not present)
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/792
@@ -1615,8 +1788,8 @@ CVE-2017-18210 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability w
NOTE: The commit referenced the wrong issue in the upstream issue tracker, but
NOTE: as noted in https://github.com/ImageMagick/ImageMagick/issues/791#issuecomment-334050314
CVE-2017-18209 (In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in Im ...)
+ {DLA-2366-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <not-affected> (vulnerable code not present)
[wheezy] - imagemagick <not-affected> (vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/790
@@ -1631,9 +1804,8 @@ CVE-2017-18208 (The madvise_willneed function in mm/madvise.c in the Linux kerne
CVE-2017-18207 (** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py i ...)
NOTE: Nonsense report for Python
CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. ...)
- {DLA-1304-1}
+ {DLA-2470-1 DLA-1304-1}
- zsh 5.4.1-1
- [stretch] - zsh <no-dsa> (Minor issue)
[jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d
CVE-2017-18205 (In builtin.c in zsh before 5.4, when sh compatibility mode is used, th ...)
@@ -1733,7 +1905,8 @@ CVE-2017-18189 (In the startread function in xa.c in Sound eXchange (SoX) throug
[stretch] - sox 14.4.1-5+deb9u2
NOTE: https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53
CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sys ...)
- NOT-FOR-US: opentmpfiles
+ - opentmpfiles <removed> (bug #973246)
+ NOTE: https://github.com/OpenRC/opentmpfiles/issues/3
CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through a ...)
{DSA-4147-1 DSA-4138-1}
- mbedtls 2.7.0-2
@@ -1920,10 +2093,10 @@ CVE-2017-18115
RESERVED
CVE-2017-18114
RESERVED
-CVE-2017-18113
- RESERVED
-CVE-2017-18112
- RESERVED
+CVE-2017-18113 (The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data C ...)
+ NOT-FOR-US: Atlassian
+CVE-2017-18112 (Affected versions of Atlassian Fisheye allow remote attackers to view ...)
+ NOT-FOR-US: Atlassian
CVE-2017-18111 (The OAuthHelper in Atlassian Application Links before version 5.0.10, ...)
NOT-FOR-US: Atlassian Application Links
CVE-2017-18110 (The administration backup restore resource in Atlassian Crowd before v ...)
@@ -2139,7 +2312,7 @@ CVE-2017-18036 (The Github repository importer in Atlassian Bitbucket Server bef
NOT-FOR-US: Atlassian Bitbucket
CVE-2017-18035 (The /rest/review-coverage-chart/1.0/data/&lt;repository_name&gt;/.json ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
-CVE-2017-18034 (The source browse resource in Atlassian FishEye and Crucible before ve ...)
+CVE-2017-18034 (The source browse resource in Atlassian Fisheye and Crucible before ve ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allow ...)
NOT-FOR-US: Jira-importers-plugin in Atlassian Jira
@@ -2158,6 +2331,7 @@ CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was fou
- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/691
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3144a8be81aed6e635de68f0d8e97881638a398
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/77fcc8d92a602299a23be9ac76887ba6cfe50bd3
CVE-2017-18028 (In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was foun ...)
- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/736
@@ -2214,7 +2388,7 @@ CVE-2017-18019 (In K7 Total Security before 15.1.0.305, user-controlled input to
CVE-2017-18018 (In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does no ...)
- coreutils <unfixed> (unimportant)
NOTE: http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
- NOTE: http://www.openwall.com/lists/oss-security/2018/01/04/3
+ NOTE: https://www.openwall.com/lists/oss-security/2018/01/04/3
NOTE: Documentation patches proposed:
NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html
NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html
@@ -2278,9 +2452,8 @@ CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scrip
CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result ...)
NOT-FOR-US: XMLBundle
CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...)
- {DLA-1785-1 DLA-1229-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1229-1}
- imagemagick 8:6.9.9.34+dfsg-3
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/867
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e5dae180b9236bccd73ce93bfce81e99232a8533
CVE-2017-1000473 (Linux Dash up to version v2 is vulnerable to multiple command injectio ...)
@@ -2339,9 +2512,8 @@ CVE-2017-1000437 (Creolabs Gravity 1.0 contains a stack based buffer overflow in
CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redir ...)
NOT-FOR-US: Wordpress plugin Furikake
CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run with pyth ...)
- {DLA-1410-1}
+ {DLA-2577-1 DLA-1410-1}
- python-pysaml2 4.5.0-2 (bug #886423)
- [stretch] - python-pysaml2 <no-dsa> (Minor issue)
NOTE: https://github.com/rohe/pysaml2/issues/451
NOTE: Fixed by: https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5
CVE-2017-1000432 (Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting to ...)
@@ -2371,8 +2543,9 @@ CVE-2017-1000456 (freedesktop.org libpoppler 0.60.1 fails to validate boundaries
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103116
NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=7ee9dadef37b20bca707a6b1e858e17d191e368b
CVE-2017-1000455 (GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d us ...)
- - guix <itp> (bug #850644)
+ - guix <not-affected> (Fixed before initial upload to Debian)
NOTE: https://lists.gnu.org/archive/html/guix-devel/2017-10/msg00090.html
+ NOTE: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=5e66574a128937e7f2fcf146d146225703ccfd5d (v0.14.0)
CVE-2017-1000454 (CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template In ...)
NOT-FOR-US: CMS Made Simple
CVE-2017-1000453 (CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templat ...)
@@ -2382,10 +2555,9 @@ CVE-2017-1000452 (An XML Signature Wrapping vulnerability exists in Samlify 2.2.
CVE-2017-1000451 (fs-git is a file system like api for git repository. The fs-git versio ...)
NOT-FOR-US: fs-git
CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and ...)
- {DLA-1438-1 DLA-1235-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1235-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #886282)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9723
NOTE: https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor
NOTE: https://github.com/opencv/opencv/pull/9726
@@ -2394,9 +2566,8 @@ CVE-2017-1000449
CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are vulnerable to a di ...)
NOT-FOR-US: Structured Data Linter
CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null pointer d ...)
- {DLA-1785-1 DLA-1229-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1229-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #886281)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/775
NOTE: https://github.com/ImageMagick/ImageMagick/commit/441fde32557eb3cec573b0f877ac324173feed7f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/839a14e43d0c88db7b3fffe8aa4ec57d80c93623
@@ -2409,8 +2580,8 @@ CVE-2017-1000442 (Passbolt API version 1.6.4 and older are vulnerable to a XSS i
CVE-2017-1000431 (eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is ...)
NOT-FOR-US: eZ Systems eZ Publish
CVE-2017-1000430 (rust-base64 version &lt;= 0.5.1 is vulnerable to a buffer overflow whe ...)
- NOTE: https://github.com/RustSec/advisory-db/blob/master/crates/base64/RUSTSEC-2017-0004.toml
- NOT-FOR-US: rust-base64
+ - rust-base64 <not-affected> (Fixed before initial release to Debian)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2017-0004.html
CVE-2017-1000424 (Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable ...)
- electron <itp> (bug #842420)
CVE-2017-1000423 (b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation ( ...)
@@ -2732,9 +2903,8 @@ CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-base
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/
CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...)
- {DLA-1785-1 DLA-1227-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1227-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #886584)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/908
NOTE: https://github.com/ImageMagick/ImageMagick/commit/650ec57d84b7b1dce66435b8cd3b58f7ae66db1b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/42781eeebadf111a2e01559735ea504a78192046
@@ -2880,7 +3050,7 @@ CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certai
- mupdf 1.12.0+ds1-1 (bug #885120)
[jessie] - mupdf <no-dsa> (Minor issue)
[wheezy] - mupdf <no-dsa> (Minor issue)
- NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698699 (not public)
CVE-2017-17865
RESERVED
@@ -2911,8 +3081,8 @@ CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to by
CVE-2017-17858 (Heap-based buffer overflow in the ensure_solid_xref function in pdf/pd ...)
- mupdf <not-affected> (Vulnerable code introduced in 1.11.1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698819 (not public)
- NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731
- NOTE: Commit http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f595e889b91a674eb94db7ca4d832da54f5194cd
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731
+ NOTE: Commit https://git.ghostscript.com/?p=mupdf.git;a=commit;h=f595e889b91a674eb94db7ca4d832da54f5194cd
NOTE: switches to use int64_t for public file API offsets and introduced the flaw.
NOTE: https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md
CVE-2017-17851
@@ -2971,7 +3141,7 @@ CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local a
[stretch] - open-iscsi <no-dsa> (Minor issue)
[jessie] - open-iscsi <ignored> (Minor issue, iscsiuio not built in this version, source affected)
[wheezy] - open-iscsi <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/12/13/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/12/13/2
NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1072312
NOTE: Specfic CVE fixed by https://github.com/open-iscsi/open-iscsi/pull/72/commits/b9c33683bdc0aed28ffe31c3f3d50bf5cdf519ea
NOTE: But all of the commits in https://github.com/open-iscsi/open-iscsi/pull/72
@@ -3061,7 +3231,7 @@ CVE-2017-17819 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address
[jessie] - nasm <no-dsa> (Minor issue)
[wheezy] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392435
- NOTE: http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af (nasm-2.13.02rc3)
+ NOTE: https://github.com/netwide-assembler/nasm/commit/7524cfd91492e6e3719b959498be584a9ced13af (nasm-2.13.02rc3)
CVE-2017-17818 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...)
- nasm 2.13.02-0.1
[stretch] - nasm <no-dsa> (Minor issue)
@@ -3085,7 +3255,7 @@ CVE-2017-17815 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address
[stretch] - nasm <no-dsa> (Minor issue)
[jessie] - nasm <no-dsa> (Minor issue)
[wheezy] - nasm <no-dsa> (Minor issue)
- NOTE: http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 (nasm-2.13.02rc3)
+ NOTE: https://github.com/netwide-assembler/nasm/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 (nasm-2.13.02rc3)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392436
CVE-2017-17814 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_d ...)
- nasm 2.13.02-0.1
@@ -3104,7 +3274,7 @@ CVE-2017-17812 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffe
[stretch] - nasm <no-dsa> (Minor issue)
[jessie] - nasm <no-dsa> (Minor issue)
[wheezy] - nasm <no-dsa> (Minor issue)
- NOTE: http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 (nasm-2.13.02rc3)
+ NOTE: https://github.com/netwide-assembler/nasm/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 (nasm-2.13.02rc3)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392424
CVE-2017-17811 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...)
- nasm 2.13.02-0.1
@@ -3117,7 +3287,7 @@ CVE-2017-17810 (In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown
[stretch] - nasm <no-dsa> (Minor issue)
[jessie] - nasm <no-dsa> (Minor issue)
[wheezy] - nasm <no-dsa> (Minor issue)
- NOTE: http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 (nasm-2.13.02rc3)
+ NOTE: https://github.com/netwide-assembler/nasm/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 (nasm-2.13.02rc3)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392431
CVE-2017-17809 (In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservic ...)
NOT-FOR-US: Golden Frog VyprVPN
@@ -3279,10 +3449,9 @@ CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in read_c
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
NOTE: Crash in desktop tool, no/negligible security impact
CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData fun ...)
- {DLA-1438-1 DLA-1235-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1235-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #885843)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10351
NOTE: https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c
CVE-2017-17759 (Conarc iChannel allows remote attackers to obtain sensitive informatio ...)
@@ -3320,13 +3489,17 @@ CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plu
CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...)
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x befo ...)
- {DSA-4259-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
+ {DSA-4259-1 DLA-2330-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
+ - jruby <unfixed> (bug #972230)
+ [buster] - jruby <no-dsa> (Minor issue)
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- ruby1.8 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
+ NOTE: https://github.com/jruby/jruby/releases/tag/9.2.12.0
+ NOTE: https://github.com/ruby/ruby/commit/d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16
CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows attac ...)
{DSA-4082-1 DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
@@ -3493,15 +3666,14 @@ CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 0xb37
CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 ...)
NOT-FOR-US: Panda Global Protection
CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in t ...)
- {DLA-1785-1 DLA-1227-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1227-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885942)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/870
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a
NOTE: https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885941)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (vulnerable code not present, unreproducible)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/869
@@ -3518,16 +3690,16 @@ CVE-2017-17680 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was fou
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b97357e7f8d6ae848a4c699fe17db6fcf4bd7a9
CVE-2017-17679
RESERVED
-CVE-2017-17678
- RESERVED
-CVE-2017-17677
- RESERVED
+CVE-2017-17678 (BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). ...)
+ NOT-FOR-US: BMC
+CVE-2017-17677 (BMC Remedy 9.1SP3 is affected by authenticated code execution. Authent ...)
+ NOT-FOR-US: BMC
CVE-2017-17676
RESERVED
-CVE-2017-17675
- RESERVED
-CVE-2017-17674
- RESERVED
+CVE-2017-17675 (BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote loggin ...)
+ NOT-FOR-US: BMC
+CVE-2017-17674 (BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclus ...)
+ NOT-FOR-US: BMC
CVE-2017-17673
RESERVED
CVE-2017-17672 (In vBulletin through 5.3.x, there is an unauthenticated deserializatio ...)
@@ -3539,7 +3711,7 @@ CVE-2017-17670 (In VideoLAN VLC media player through 2.2.8, there is a type conv
- vlc 3.0.0~rc2-1
[jessie] - vlc <end-of-life> (See DSA-4203-1)
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
- NOTE: http://www.openwall.com/lists/oss-security/2017/12/15/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/12/15/1
NOTE: POC: https://gist.github.com/dyntopia/194d912287656f66dd502158b0cd2e68
CVE-2017-17669 (There is a heap-based buffer over-read in the Exiv2::Internal::PngChun ...)
- exiv2 0.27.2-6 (bug #886006)
@@ -3913,7 +4085,7 @@ CVE-2017-17522 (** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does no
- python3.4 <removed> (unimportant)
- python3.5 <removed> (unimportant)
- python3.6 <removed> (unimportant)
- - python3.7 <unfixed> (unimportant)
+ - python3.7 <removed> (unimportant)
NOTE: Lib/webbrowser.py does not validate strings before launching the program
NOTE: specified by the BROWSER environment variable.
NOTE: https://bugs.python.org/issue32367
@@ -3987,15 +4159,12 @@ CVE-2017-17508 (In HDF5 1.10.1, there is a divide-by-zero vulnerability in the f
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/0a7128c0d5bd035288be7b02ca9cf9bba321aadd
CVE-2017-17507 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the fu ...)
- - hdf5 <unfixed> (low; bug #915807)
- [buster] - hdf5 <no-dsa> (Minor issue, requires ABI change)
- [stretch] - hdf5 <no-dsa> (Minor issue)
- [jessie] - hdf5 <no-dsa> (Minor issue)
- [wheezy] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 <unfixed> (unimportant; bug #915807)
NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/3-hdf5-outbound-read-H5T_conv_struct_opt
NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
NOTE: Fixing the bug requires an ABI changes thus upstream will only include a fix
NOTE: on a major version bump.
+ NOTE: Negligible security impact
CVE-2017-17506 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the fu ...)
- hdf5 1.10.4+repack-1 (bug #884365)
[stretch] - hdf5 <no-dsa> (Minor issue)
@@ -4113,8 +4282,8 @@ CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered
NOTE: Debian packaging does not build JPWL, has BUILD_JPWL:BOOL=OFF
CVE-2017-17478 (An XSS issue was discovered in Designer Studio in Pegasystems Pega Pla ...)
NOT-FOR-US: Pegasystems Pega Platform
-CVE-2017-17477
- RESERVED
+CVE-2017-17477 (Pexip Infinity before 17 allows an unauthenticated remote attacker to ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
@@ -4154,7 +4323,7 @@ CVE-2017-17459 (http_transport.c in Fossil before 2.4, when the SSH sync protoco
[wheezy] - fossil <no-dsa> (Minor issue)
NOTE: https://www.fossil-scm.org/xfer/info/1f63db591c77108c
CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially malformed r ...)
- {DLA-1414-2 DLA-1414-1 DLA-1224-1}
+ {DLA-2293-1 DLA-1414-2 DLA-1414-1 DLA-1224-1}
- mercurial 4.4.1-1
NOTE: https://bz.mercurial-scm.org/show_bug.cgi?id=5730
NOTE: https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
@@ -4272,21 +4441,21 @@ CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a vu
{DSA-4082-1 DSA-4073-1}
- linux 4.14.7-1
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.3)
- NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3
+ NOTE: https://www.openwall.com/lists/oss-security/2017/12/06/3
CVE-2017-1000409 (A buffer overflow in glibc 2.5 (released on September 29, 2006) and ca ...)
- glibc 2.25-5 (bug #884133)
[stretch] - glibc 2.24-11+deb9u4
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/12/11/4
CVE-2017-1000408 (A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached ...)
- glibc 2.25-5 (bug #884132)
[stretch] - glibc 2.24-11+deb9u4
[jessie] - glibc <no-dsa> (Minor issue)
- eglibc <removed>
[wheezy] - eglibc <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/12/11/4
CVE-2017-17432 (OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, w ...)
{DSA-4067-1 DLA-1213-1}
- openafs 1.6.22-1 (bug #883602)
@@ -4399,105 +4568,105 @@ CVE-2017-17381 (The Virtio Vring implementation in QEMU allows local OS guest us
[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html
CVE-2017-17380
- RESERVED
+ REJECTED
CVE-2017-17379
- RESERVED
+ REJECTED
CVE-2017-17378
- RESERVED
+ REJECTED
CVE-2017-17377
- RESERVED
+ REJECTED
CVE-2017-17376
- RESERVED
+ REJECTED
CVE-2017-17375
- RESERVED
+ REJECTED
CVE-2017-17374
- RESERVED
+ REJECTED
CVE-2017-17373
- RESERVED
+ REJECTED
CVE-2017-17372
- RESERVED
+ REJECTED
CVE-2017-17371
- RESERVED
+ REJECTED
CVE-2017-17370
- RESERVED
+ REJECTED
CVE-2017-17369
- RESERVED
+ REJECTED
CVE-2017-17368
- RESERVED
+ REJECTED
CVE-2017-17367
- RESERVED
+ REJECTED
CVE-2017-17366
- RESERVED
+ REJECTED
CVE-2017-17365
- RESERVED
+ REJECTED
CVE-2017-17364
- RESERVED
+ REJECTED
CVE-2017-17363
- RESERVED
+ REJECTED
CVE-2017-17362
- RESERVED
+ REJECTED
CVE-2017-17361
- RESERVED
+ REJECTED
CVE-2017-17360
- RESERVED
+ REJECTED
CVE-2017-17359
- RESERVED
+ REJECTED
CVE-2017-17358
- RESERVED
+ REJECTED
CVE-2017-17357
- RESERVED
+ REJECTED
CVE-2017-17356
- RESERVED
+ REJECTED
CVE-2017-17355
- RESERVED
+ REJECTED
CVE-2017-17354
- RESERVED
+ REJECTED
CVE-2017-17353
- RESERVED
+ REJECTED
CVE-2017-17352
- RESERVED
+ REJECTED
CVE-2017-17351
- RESERVED
+ REJECTED
CVE-2017-17350
- RESERVED
+ REJECTED
CVE-2017-17349
- RESERVED
+ REJECTED
CVE-2017-17348
- RESERVED
+ REJECTED
CVE-2017-17347
- RESERVED
+ REJECTED
CVE-2017-17346
- RESERVED
+ REJECTED
CVE-2017-17345
- RESERVED
+ REJECTED
CVE-2017-17344
- RESERVED
+ REJECTED
CVE-2017-17343
- RESERVED
+ REJECTED
CVE-2017-17342
- RESERVED
+ REJECTED
CVE-2017-17341
- RESERVED
+ REJECTED
CVE-2017-17340
- RESERVED
+ REJECTED
CVE-2017-17339
- RESERVED
+ REJECTED
CVE-2017-17338
- RESERVED
+ REJECTED
CVE-2017-17337
- RESERVED
+ REJECTED
CVE-2017-17336
- RESERVED
+ REJECTED
CVE-2017-17335
- RESERVED
+ REJECTED
CVE-2017-17334
- RESERVED
+ REJECTED
CVE-2017-17333
- RESERVED
+ REJECTED
CVE-2017-17332
- RESERVED
+ REJECTED
CVE-2017-17331
- RESERVED
+ REJECTED
CVE-2017-17330 (Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200 ...)
NOT-FOR-US: Huawei
CVE-2017-17329 (Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. Th ...)
@@ -5050,9 +5219,8 @@ CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attack
CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affected b ...)
NOT-FOR-US: SyncBreeze
CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp f ...)
- {DLA-1871-1}
+ {DLA-2876-1 DLA-1871-1}
- vim 2:8.0.1401-1
- [stretch] - vim <no-dsa> (Minor issue)
[wheezy] - vim <no-dsa> (Minor issue)
NOTE: https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 (8.0.1263)
CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a "&lt;/script&gt;" substring in ...)
@@ -5077,7 +5245,7 @@ CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dis
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-48.html
CVE-2017-17082
REJECTED
-CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 do ...)
+CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 an ...)
{DSA-4099-1}
- ffmpeg 7:3.4.1-1
NOTE: https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8
@@ -5315,7 +5483,7 @@ CVE-2017-1000207 (A vulnerability in Swagger-Parser's version &lt;= 1.0.30 and S
CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This af ...)
{DSA-4624-1 DLA-1882-1 DLA-1881-1 DLA-1204-1}
- atril 1.20.0-1 (low)
- [stretch] - atril <no-dsa> (Minor issue)
+ [stretch] - atril 1.16.1-2+deb9u2
- evince 3.25.92-1 (low)
[stretch] - evince <no-dsa> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784947
@@ -5566,40 +5734,37 @@ CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 an
[stretch] - linux 4.9.80-1
NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
CVE-2017-16910 (An error within the "LibRaw::xtrans_interpolate()" function (internal/ ...)
+ {DLA-2903-1}
- libraw 0.18.6-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
CVE-2017-16909 (An error related to the "LibRaw::panasonic_load_raw()" function (dcraw ...)
+ {DLA-2903-1}
- libraw 0.18.6-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during crea ...)
+ {DLA-2350-1}
- php-horde-kronolith 4.2.24-1 (bug #909738)
- [stretch] - php-horde-kronolith <no-dsa> (Minor issue)
[jessie] - php-horde-kronolith <not-affected> (vulnerable code not present)
NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
NOTE: https://bugs.horde.org/ticket/14857
NOTE: https://github.com/horde/kronolith/commit/39f740068ad21618f6f70b6e37855c61cadbd716
CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...)
- {DLA-1536-1 DLA-1535-1}
+ {DLA-2349-1 DLA-2348-1 DLA-1536-1 DLA-1535-1}
- php-horde 5.2.18+debian0-1 (bug #909739)
- [stretch] - php-horde <no-dsa> (Minor issue)
- php-horde-core 2.31.3+debian0-1 (bug #909800)
- [stretch] - php-horde-core <no-dsa> (Minor issue)
NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
NOTE: https://bugs.horde.org/ticket/14857
NOTE: php-horde: https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230
NOTE: php-horde-core: https://github.com/horde/Core/commit/ecea6ea740419e19122a50579ba2903c1cb71d7a
CVE-2017-16906 (In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ...)
- {DLA-1537-1}
+ {DLA-2351-1 DLA-1537-1}
- php-horde-kronolith 4.2.24-1 (bug #909737)
- [stretch] - php-horde-kronolith <no-dsa> (Minor issue)
NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
NOTE: https://bugs.horde.org/ticket/14857
NOTE: https://github.com/horde/kronolith/commit/09d90141292f9ec516a7a2007bf828ce2bbdf60d
@@ -5634,7 +5799,7 @@ CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass
CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqgl ...)
NOT-FOR-US: Arq
CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain sensi ...)
- NOT-FOR-US: Laravel framework
+ - php-laravel-framework <undetermined>
CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability i ...)
- piwigo <removed>
CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename functio ...)
@@ -5668,7 +5833,7 @@ CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problemat
[jessie] - linux 3.16.51-1
[wheezy] - linux <not-affected> (vulnerable code not present, cf. kernel-sec information)
NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
- NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/11/30/1
NOTE: https://github.com/bindecy/HugeDirtyCowPOC
CVE-2017-1000404 (The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used th ...)
NOT-FOR-US: Jenkins plugin
@@ -5677,27 +5842,27 @@ CVE-2017-1000403 (Jenkins Speaks! Plugin, all current versions, allows users wit
CVE-2017-1000402 (Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the c ...)
NOT-FOR-US: Jenkins plugin
CVE-2017-1000401 (The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000400 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(j ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000399 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/ ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000398 (The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /com ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000397 (Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons ...)
NOT-FOR-US: Jenkins plugin
CVE-2017-1000396 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000395 (Jenkins 2.73.1 and earlier, 2.83 and earlier provides information abou ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000394 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000393 (Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000392 (Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestion ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000391 (Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metada ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2017-1000390 (Jenkins Multijob plugin version 1.25 and earlier did not check permiss ...)
NOT-FOR-US: Jenkins plugin
CVE-2017-1000389 (Some URLs provided by Jenkins global-build-stats plugin version 1.4 an ...)
@@ -5744,15 +5909,15 @@ CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 thro
NOT-FOR-US: Phoenix Framework
CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...)
- exiv2 <not-affected> (Vulnerable code introduced in 0.26; only affected experimental)
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/30/1
NOTE: https://github.com/Exiv2/exiv2/issues/177
CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser ...)
- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888863)
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/30/1
NOTE: https://github.com/Exiv2/exiv2/issues/176
CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...)
- exiv2 <not-affected> (WebP support introduced in 0.26; only affected experimental; bug #888864)
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/30/1
NOTE: https://github.com/Exiv2/exiv2/issues/175
CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in tinfo/w ...)
- ncurses 6.0+20171125-1 (bug #882620)
@@ -5785,7 +5950,7 @@ CVE-2017-1000233
CVE-2017-1000222
REJECTED
CVE-2017-1000215 (ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticate ...)
- - xrootd <itp> (bug #687222)
+ - xrootd <not-affected> (Fixed with first upload to Debian)
CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code execut ...)
NOT-FOR-US: Elixir's vim plugin
CVE-2017-1000211 (Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML ...)
@@ -5868,19 +6033,18 @@ CVE-2017-1000235 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to OS Co
CVE-2017-1000234 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to Directory Enu ...)
- i-librarian <itp> (bug #649291)
CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecifi ...)
+ {DLA-2910-1}
- ldns 1.7.0-4 (bug #882014)
- [stretch] - ldns <no-dsa> (Minor issue)
[jessie] - ldns <no-dsa> (Minor issue)
[wheezy] - ldns <not-affected> (Vulnerable code not present)
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257
- NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02505c9bbacb3b64a97ddcb1de967153b7
+ NOTE: https://github.com/NLnetLabs/ldns/commit/3bdeed02505c9bbacb3b64a97ddcb1de967153b7
CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...)
- {DLA-1182-1}
+ {DLA-2910-1 DLA-1182-1}
- ldns 1.7.0-4 (bug #882015)
- [stretch] - ldns <no-dsa> (Minor issue)
[jessie] - ldns <no-dsa> (Minor issue)
NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
- NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
+ NOTE: https://github.com/NLnetLabs/ldns/commit/c8391790c96d4c8a2c10f9ab1460fda83b509fc2
CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...)
{DSA-4058-1 DLA-1184-1}
- optipng 0.7.6-1.1 (bug #882032)
@@ -6037,16 +6201,17 @@ CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in admin/google_search_
NOT-FOR-US: Yoast SEO plugin for WordPress
CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to /Calend ...)
NOT-FOR-US: LanSweeper
-CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote attacke ...)
+CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote ...)
{DSA-4049-1}
- ffmpeg 7:3.4.1-1
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root ...)
NOT-FOR-US: vagrant-vmware-fusion
CVE-2017-16838
RESERVED
CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are no ...)
- - tboot <itp> (bug #803180)
+ - tboot <not-affected> (Fixed with first upload to Debian)
+ NOTE: https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/
CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC2 ...)
NOT-FOR-US: Arris TG1682G devices
CVE-2017-16835 (The "Photo,Video Locker-Calculator" application 12.0 for Android has a ...)
@@ -6656,14 +6821,14 @@ CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass a
NOT-FOR-US: Joomla!
CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only i ...)
NOT-FOR-US: Joomla!
-CVE-2017-16632
- RESERVED
-CVE-2017-16631
- RESERVED
-CVE-2017-16630
- RESERVED
-CVE-2017-16629
- RESERVED
+CVE-2017-16632 (In SapphireIMS 4097_1, the password in the database is stored in Base6 ...)
+ NOT-FOR-US: SapphireIMS
+CVE-2017-16631 (In SapphireIMS 4097_1, a guest user is able to change the password of ...)
+ NOT-FOR-US: SapphireIMS
+CVE-2017-16630 (In SapphireIMS 4097_1, a guest user can create a local administrator a ...)
+ NOT-FOR-US: SapphireIMS
+CVE-2017-16629 (In SapphireIMS 4097_1, it is possible to guess the registered/active u ...)
+ NOT-FOR-US: SapphireIMS
CVE-2017-16628
RESERVED
CVE-2017-16627
@@ -6705,7 +6870,7 @@ CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that coul
[stretch] - wayland 1.12.0-1+deb9u1
[jessie] - wayland <no-dsa> (Minor issue)
[wheezy] - wayland <not-affected> (vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/11/28/6
NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
NOTE: Wayland: https://bugs.freedesktop.org/show_bug.cgi?id=103961
@@ -6713,12 +6878,12 @@ CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that coul
NOTE: For src:wayland originally fixed in 1.14.0-2 but the 1.15.0-1 upload
NOTE: did not merge in the 1.14.0-2 upload.
CVE-2017-16611 (In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker ...)
+ {DLA-2901-1}
- libxfont 1:2.0.3-1 (low; bug #883929)
- [stretch] - libxfont <no-dsa> (Minor issue)
[jessie] - libxfont <no-dsa> (Minor issue)
[wheezy] - libxfont <postponed> (Minor issue)
- libxfont1 <removed> (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/11/28/7
NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8
NOTE: (for 1.5.x): https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?h=libXfont-1.5-branch&id=5ed8ac0e4f063825b8ecda48e9a111d3ce92e825
NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2
@@ -6875,9 +7040,8 @@ CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.
NOTE: the severity of the wheezy version is low even though the vulnerable code is still present.
NOTE: The patch is trivial so it may be worth fixing in combination with some other fix.
CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through 1.27. ...)
- {DLA-1445-1}
+ {DLA-2559-1 DLA-1445-1}
- busybox 1:1.27.2-2 (bug #882258)
- [stretch] - busybox <no-dsa> (Minor issue, can be fixed via point release)
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
NOTE: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
@@ -7406,7 +7570,7 @@ CVE-2017-16355 (In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10
[wheezy] - ruby-passenger <not-affected> (Vulnerable code introduced later)
NOTE: https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
NOTE: https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
- NOTE: http://www.openwall.com/lists/oss-security/2017/11/21/2 and following.
+ NOTE: https://www.openwall.com/lists/oss-security/2017/11/21/2 and following.
NOTE: Problem mitigated in versions prior to 5.0.10 where root privileges were required to
NOTE: get the status information.
CVE-2017-16354
@@ -7658,8 +7822,8 @@ CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) igno
NOTE: Upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182
CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask wh ...)
- vim <unfixed> (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
- NOTE: Cf. http://www.openwall.com/lists/oss-security/2017/11/01/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/10/31/15
+ NOTE: Cf. https://www.openwall.com/lists/oss-security/2017/11/01/4
NOTE: vim creates the .swp file according to the permissions of the file being
NOTE: edited, admitely ignoring the umask, so in the reporters case the .swp
NOTE: file is readable by others. But that seem to be the intended behaviour.
@@ -7677,7 +7841,7 @@ CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenSt
[stretch] - nova <not-affected> (Fix for CVE-2017-16239 not applied and not affecting 14.x.y)
[jessie] - nova <not-affected> (Vulnerable code not present)
[wheezy] - nova <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/12/05/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/12/05/5
NOTE: https://launchpad.net/bugs/1732976
CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x throug ...)
{DSA-4056-1}
@@ -7686,7 +7850,7 @@ CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x
[wheezy] - nova <not-affected> (Vulnerble code introduced later)
NOTE: https://launchpad.net/bugs/1664931
NOTE: https://security.openstack.org/ossa/OSSA-2017-005.html
- NOTE: Regression fix: http://www.openwall.com/lists/oss-security/2017/12/05/4
+ NOTE: Regression fix: https://www.openwall.com/lists/oss-security/2017/12/05/4
CVE-2017-16238
RESERVED
CVE-2017-16237 (In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64 ...)
@@ -8179,15 +8343,16 @@ CVE-2017-16019 (GitBook is a command line tool (and Node.js library) for buildin
CVE-2017-16018 (Restify is a framework for building REST APIs. Restify &gt;=2.0.0 &lt; ...)
NOT-FOR-US: Restify
CVE-2017-16017 (sanitize-html is a library for scrubbing html input for malicious valu ...)
- NOT-FOR-US: sanitize-html
+ - node-sanitize-html <not-affected> (Fixed before initial upload)
CVE-2017-16016 (Sanitize-html is a library for scrubbing html input of malicious value ...)
- NOT-FOR-US: sanitize-html
+ - node-sanitize-html <not-affected> (Fixed before initial upload)
CVE-2017-16015 (Forms is a library for easily creating HTML forms. Versions before 1.3 ...)
NOT-FOR-US: Forms
CVE-2017-16014 (Http-proxy is a proxying library. Because of the way errors are handle ...)
- - node-http-proxy <itp> (bug #896978)
+ - node-http-proxy <not-affected> (Fixed before initial upload to Debian)
NOTE: https://nodesecurity.io/advisories/323
NOTE: https://github.com/nodejitsu/node-http-proxy/pull/101
+ NOTE: https://github.com/http-party/node-http-proxy/commit/07c8d2ee6017264c3d4deac9f42ca264a3740b48 (v0.7.0)
CVE-2017-16013 (hapi is a web and services application framework. When hapi &gt;= 15.0 ...)
NOT-FOR-US: hapi
CVE-2017-16012
@@ -8426,7 +8591,7 @@ CVE-2017-15925
CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote ...)
{DSA-4033-1 DLA-1174-1}
- konversation 1.7.3-1 (bug #881586)
- NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
+ NOTE: https://github.com/KDE/konversation/commit/6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACT ...)
{DLA-1198-1}
- libextractor 1:1.6-2 (low; bug #880016)
@@ -8549,9 +8714,8 @@ CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an
NOTE: Introduced in: https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0
NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b
CVE-2017-15873 (The get_next_block function in archival/libarchive/decompress_bunzip2. ...)
- {DLA-1445-1}
+ {DLA-2559-1 DLA-1445-1}
- busybox 1:1.27.2-2 (bug #879732)
- [stretch] - busybox <no-dsa> (Minor issue)
[wheezy] - busybox <no-dsa> (Minor issue)
NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0
NOTE: https://bugs.busybox.net/show_bug.cgi?id=10431
@@ -8903,7 +9067,7 @@ CVE-2017-15715 (In Apache httpd 2.4.0 to 2.4.29, the expression specified in &lt
{DSA-4164-1}
- apache2 2.4.33-1
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/6
+ NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/6
CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape u ...)
NOT-FOR-US: BIRT plugin in Apache OFBiz
CVE-2017-15713 (Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before ...)
@@ -8915,10 +9079,10 @@ CVE-2017-15711
CVE-2017-15710 (In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29 ...)
{DSA-4164-1 DLA-1389-1}
- apache2 2.4.33-1
- NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/8
+ NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/8
CVE-2017-15709 (When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...)
+ {DLA-2583-1}
- activemq 5.15.3-1 (bug #890352)
- [stretch] - activemq <no-dsa> (Minor issue)
[jessie] - activemq <not-affected> (Issue introduced with OpenWire protocol support)
[wheezy] - activemq <not-affected> (Issue introduced with OpenWire protocol support)
CVE-2017-15708 (In Apache Synapse, by default no authentication is required for Java R ...)
@@ -8955,7 +9119,7 @@ CVE-2017-15700 (A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectVali
NOT-FOR-US: Apache Sling Authentication Service
CVE-2017-15699 (A Denial of Service vulnerability was found in Apache Qpid Dispatch Ro ...)
- qpid-dispatch <itp> (bug #737776)
- NOTE: http://www.openwall.com/lists/oss-security/2018/02/13/5
+ NOTE: https://www.openwall.com/lists/oss-security/2018/02/13/5
CVE-2017-15698 (When parsing the AIA-Extension field of a client certificate, Apache T ...)
{DSA-4118-1 DLA-1276-1}
- tomcat-native 1.2.16-1
@@ -8995,20 +9159,20 @@ CVE-2017-15688
RESERVED
CVE-2017-15687 (DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7 ...)
NOT-FOR-US: Logitech
-CVE-2017-15686
- RESERVED
-CVE-2017-15685
- RESERVED
-CVE-2017-15684
- RESERVED
-CVE-2017-15683
- RESERVED
-CVE-2017-15682
- RESERVED
-CVE-2017-15681
- RESERVED
-CVE-2017-15680
- RESERVED
+CVE-2017-15686 (Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting ...)
+ NOT-FOR-US: Crafter CMS Crafter Studio
+CVE-2017-15685 (Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity ( ...)
+ NOT-FOR-US: Crafter CMS Crafter Studio
+CVE-2017-15684 (Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerabili ...)
+ NOT-FOR-US: Crafter CMS Crafter Studio
+CVE-2017-15683 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...)
+ NOT-FOR-US: Crafter CMS Crafter Studio
+CVE-2017-15682 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...)
+ NOT-FOR-US: Crafter CMS Crafter Studio
+CVE-2017-15681 (In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerabilit ...)
+ NOT-FOR-US: Crafter CMS Crafter Studio
+CVE-2017-15680 (In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which ...)
+ NOT-FOR-US: Crafter CMS Crafter Studio
CVE-2017-15679
RESERVED
CVE-2017-15678
@@ -9023,11 +9187,11 @@ CVE-2017-15674
RESERVED
CVE-2017-15673 (The files function in the administration section in CS-Cart 4.6.2 and ...)
NOT-FOR-US: CS-Cart
-CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and e ...)
+CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3 ...)
{DSA-4049-1 DLA-1630-1}
- ffmpeg 7:3.4-1
- libav <removed>
- NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904
+ NOTE: Fixed by: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904
CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...)
[experimental] - glibc 2.26-0experimental0
- glibc 2.25-3 (low; bug #879500)
@@ -9085,7 +9249,7 @@ CVE-2017-15652 (Artifex Ghostscript 9.22 is affected by: Obtain Information. The
- ghostscript 9.25~dfsg-1
[stretch] - ghostscript 9.25~dfsg-0+deb9u1
[jessie] - ghostscript 9.26a~dfsg-0+deb8u1
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e (ghostpdl-9.23rc1)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e (ghostpdl-9.23rc1)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698676
CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated administ ...)
NOT-FOR-US: PRTG Network Monitor
@@ -9318,7 +9482,7 @@ CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via the
CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section in pdf ...)
{DSA-4006-2 DSA-4006-1 DLA-1164-1}
- mupdf 1.11+ds1-2 (bug #879055)
- NOTE: http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public)
NOTE: https://nandynarwhals.org/CVE-2017-15587/
CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of ILIAS befor ...)
@@ -9892,8 +10056,8 @@ CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function
NOTE: https://github.com/mansr/sox/commit/ef3d8be0f80cbb650e4766b545d61e10d7a24c9e
CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF b ...)
- mupdf <not-affected> (Vulnerable code introduced later)
- NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a
- NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;h=2707fa9e8e6d17d794330e719dec1b08161fb045
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a
+ NOTE: Introduced by: https://git.ghostscript.com/?p=mupdf.git;h=2707fa9e8e6d17d794330e719dec1b08161fb045
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698592
CVE-2017-15368 (The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 al ...)
- radare2 2.1.0+dfsg-1 (bug #878767)
@@ -9913,7 +10077,7 @@ CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x b
[jessie] - mariadb-10.0 <not-affected> (vulnerable code not present)
- percona-xtrabackup <undetermined>
[jessie] - percona-xtrabackup <not-affected> (vulnerable code not present)
- - mysql-5.7 <undetermined>
+ - mysql-5.7 <removed>
- mysql-5.5 <not-affected> (Vulnerable code not present)
NOTE: MariaDB: Fixed in 10.2.10, 10.1.30
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524234
@@ -10152,9 +10316,8 @@ CVE-2017-15283
CVE-2017-15282
RESERVED
CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote atta ...)
- {DLA-1785-1 DLA-1139-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1139-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878579)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/832
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e
NOTE: https://github.com/ImageMagick/ImageMagick/commit/32cbfceeee57962321b2ead627129c9d9ffbfcdb
@@ -10295,8 +10458,8 @@ CVE-2017-15237
CVE-2017-15236 (Tiandy IP cameras 5.56.17.120 do not properly restrict a certain propr ...)
NOT-FOR-US: Tiandy IP cameras
CVE-2017-15235 (The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allo ...)
+ {DLA-2352-1}
- php-horde-gollem 3.0.12-1
- [stretch] - php-horde-gollem <no-dsa> (Minor issue)
[jessie] - php-horde-gollem <no-dsa> (Minor issue)
NOTE: https://blogs.securiteam.com/index.php/archives/3454
NOTE: https://lists.horde.org/archives/announce/2017/001260.html
@@ -10306,8 +10469,7 @@ CVE-2017-15234
CVE-2017-15233
RESERVED
CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and j ...)
- [experimental] - libjpeg-turbo 1:2.0.2-1~exp1
- - libjpeg-turbo <unfixed> (unimportant; bug #878567)
+ - libjpeg-turbo 1:2.0.5-1 (unimportant; bug #878567)
- libjpeg6b <not-affected> (Vulnerable code not present)
- libjpeg8 <not-affected> (Vulnerable code not present)
- libjpeg9 <not-affected> (Vulnerable code not present)
@@ -10369,7 +10531,7 @@ CVE-2017-15217 (ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/
CVE-2017-15216 (MISP before 2.4.81 has a potential reflected XSS in a quickDelete acti ...)
NOT-FOR-US: MISP
CVE-2017-15215 (Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticate ...)
- - shaarli <itp> (bug #864559)
+ - shaarli <not-affected> (Fixed before initial re-upload to the archive)
CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an ...)
NOT-FOR-US: Flyspray
CVE-2017-15213 (Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenti ...)
@@ -10469,7 +10631,7 @@ CVE-2017-15186 (Double free vulnerability in FFmpeg 3.3.4 and earlier allows rem
- ffmpeg 7:3.4-1
- libav <removed>
[jessie] - libav <not-affected> (vulnerable code was introduced later)
- NOTE: http://www.openwall.com/lists/oss-security/2017/10/20/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/10/20/4
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/df62b70de8aaa285168e72fe8f6e740843ca91fa
CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_cle ...)
- mp3splt 2.6.2+20170630-2
@@ -10481,95 +10643,95 @@ CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_blo
[wheezy] - libmp3splt <no-dsa> (Minor issue)
NOTE: https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932
CVE-2017-15184
- RESERVED
+ REJECTED
CVE-2017-15183
- RESERVED
+ REJECTED
CVE-2017-15182
- RESERVED
+ REJECTED
CVE-2017-15181
- RESERVED
+ REJECTED
CVE-2017-15180
- RESERVED
+ REJECTED
CVE-2017-15179
- RESERVED
+ REJECTED
CVE-2017-15178
- RESERVED
+ REJECTED
CVE-2017-15177
- RESERVED
+ REJECTED
CVE-2017-15176
- RESERVED
+ REJECTED
CVE-2017-15175
- RESERVED
+ REJECTED
CVE-2017-15174
- RESERVED
+ REJECTED
CVE-2017-15173
- RESERVED
+ REJECTED
CVE-2017-15172
- RESERVED
+ REJECTED
CVE-2017-15171
- RESERVED
+ REJECTED
CVE-2017-15170
- RESERVED
+ REJECTED
CVE-2017-15169
- RESERVED
+ REJECTED
CVE-2017-15168
- RESERVED
+ REJECTED
CVE-2017-15167
- RESERVED
+ REJECTED
CVE-2017-15166
- RESERVED
+ REJECTED
CVE-2017-15165
- RESERVED
+ REJECTED
CVE-2017-15164
- RESERVED
+ REJECTED
CVE-2017-15163
- RESERVED
+ REJECTED
CVE-2017-15162
- RESERVED
+ REJECTED
CVE-2017-15161
- RESERVED
+ REJECTED
CVE-2017-15160
- RESERVED
+ REJECTED
CVE-2017-15159
- RESERVED
+ REJECTED
CVE-2017-15158
- RESERVED
+ REJECTED
CVE-2017-15157
- RESERVED
+ REJECTED
CVE-2017-15156
- RESERVED
+ REJECTED
CVE-2017-15155
- RESERVED
+ REJECTED
CVE-2017-15154
- RESERVED
+ REJECTED
CVE-2017-15153
- RESERVED
+ REJECTED
CVE-2017-15152
- RESERVED
+ REJECTED
CVE-2017-15151
- RESERVED
+ REJECTED
CVE-2017-15150
- RESERVED
+ REJECTED
CVE-2017-15149
- RESERVED
+ REJECTED
CVE-2017-15148
- RESERVED
+ REJECTED
CVE-2017-15147
- RESERVED
+ REJECTED
CVE-2017-15146
- RESERVED
+ REJECTED
CVE-2017-15145
- RESERVED
+ REJECTED
CVE-2017-15144
- RESERVED
+ REJECTED
CVE-2017-15143
- RESERVED
+ REJECTED
CVE-2017-15142
- RESERVED
+ REJECTED
CVE-2017-15141
- RESERVED
+ REJECTED
CVE-2017-15140
- RESERVED
+ REJECTED
CVE-2017-15139 (A vulnerability was found in openstack-cinder releases up to and inclu ...)
[experimental] - cinder 2:13.0.0-1
- cinder 2:13.0.0-2
@@ -10658,7 +10820,7 @@ CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) 2.11.0 and ol
[wheezy] - qemu <postponed> (Can be fixed along in later update)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
- NOTE: http://www.openwall.com/lists/oss-security/2017/12/19/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/12/19/4
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03705.html
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg00796.html
CVE-2017-15123 (A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, ...)
@@ -10724,8 +10886,8 @@ CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other st
CVE-2017-15109
RESERVED
CVE-2017-15108 (spice-vdagent up to and including 0.17.0 does not properly escape save ...)
+ {DLA-2524-1}
- spice-vdagent 0.18.0-1 (bug #883238)
- [stretch] - spice-vdagent <no-dsa> (Minor issue)
[jessie] - spice-vdagent <no-dsa> (Minor issue)
[wheezy] - spice-vdagent <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61
@@ -10736,8 +10898,8 @@ CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dns
[jessie] - dnsmasq <no-dsa> (Minor issue)
[wheezy] - dnsmasq <no-dsa> (Minor issue)
NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
- NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6
- NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cd7df612b14ec1bf831a966ccaf076be0dae7404
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cd7df612b14ec1bf831a966ccaf076be0dae7404
NOTE: https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be
CVE-2017-15106
RESERVED
@@ -10791,9 +10953,10 @@ CVE-2017-15096 (A flaw was found in GlusterFS in versions prior to 3.10. A null
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1502928
NOTE: Fixed by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=1f48d17fee0cac95648ec34d13f038b27ef5c6ac
CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind in versi ...)
- {DSA-4037-1 DLA-2091-1}
+ {DSA-4037-1 DLA-2342-1 DLA-2091-1}
- jackson-databind 2.9.1-1
- - libjackson-json-java <unfixed>
+ - libjackson-json-java 1.9.13-2
+ [buster] - libjackson-json-java <no-dsa> (Minor issue)
NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.4.2-2+deb8u1)
NOTE: misses the further sets of blacklists, in particular as well
NOTE: https://github.com/FasterXML/jackson-databind/commit/3bfbb835
@@ -10807,7 +10970,7 @@ CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind in
NOTE: This CVE-2017-15095 should be considered to include everything in
NOTE: NO_DESER_CLASS_NAMES as of:
NOTE: https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43
- NOTE: Details: http://www.openwall.com/lists/oss-security/2017/11/02/3
+ NOTE: Details: https://www.openwall.com/lists/oss-security/2017/11/02/3
NOTE: For libjackson-json-java:
NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31
CVE-2017-15094 (An issue has been found in the DNSSEC parsing code of PowerDNS Recurso ...)
@@ -10969,14 +11132,14 @@ CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allow
[wheezy] - redis <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/antirez/redis/issues/4278
NOTE: Pull request: https://github.com/antirez/redis/pull/4365
-CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples i ...)
+CVE-2017-15046 (LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based ...)
- lame 3.99.5+repack1-8
[jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://sourceforge.net/p/lame/bugs/479/
NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
-CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3 ...)
+CVE-2017-15045 (LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and ...)
- lame 3.99.5+repack1-8
[jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://sourceforge.net/p/lame/bugs/478/
@@ -10990,29 +11153,28 @@ CVE-2017-15043 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440,
CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x befo ...)
- golang-1.9 1.9.1-1
- golang-1.8 1.8.4-1
- [stretch] - golang-1.8 <ignored> (Minor issue, would require builds of all go packages in stable)
+ [stretch] - golang-1.8 <ignored> (Minor issue, would require rebuilds of affected go-based packages)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue, would require builds of all go packages in stable)
+ [stretch] - golang-1.7 <ignored> (Minor issue, would require rebuilds of affected go-based packages)
- golang <removed>
- [jessie] - golang <ignored> (Minor issue, would require builds of all go packages in stable)
+ [jessie] - golang <ignored> (Minor issue, would require rebuilds of affected go packages in oldstable)
[wheezy] - golang <not-affected> (Vulnerable code introduced later in version 1.1)
NOTE: https://github.com/golang/go/issues/22134
NOTE: https://golang.org/cl/68023
NOTE: https://golang.org/cl/68210
NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command ...)
- {DLA-1148-1}
+ {DLA-2592-1 DLA-2591-1 DLA-1148-1}
- golang-1.9 1.9.1-1
- golang-1.8 1.8.4-1
- [stretch] - golang-1.8 <ignored> (Minor issue)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
[jessie] - golang <ignored> (Minor issue)
NOTE: https://go.googlesource.com/go/+/a4544a0f8af001d1fb6df0e70750f570ec49ccf9%5E%21/
NOTE: https://github.com/golang/go/issues/22125
- NOTE: https://golang.org/cl/68022
- NOTE: https://golang.org/cl/68190
+ NOTE: https://golang.org/cl/68022 (1.9.x)
+ NOTE: https://golang.org/cl/68190 (1.8.x)
+ NOTE: https://github.com/golang/go/commit/533ee44cd45c064608ee2b833af9e86ef1cb294e (regression)
NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
CVE-2017-15040
RESERVED
@@ -11113,7 +11275,7 @@ CVE-2017-15019 (LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_ini
[stretch] - lame <ignored> (Minor issue)
[jessie] - lame <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/lame/bugs/477/
-CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a malforme ...)
+CVE-2017-15018 (LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and ...)
- lame 3.99.5+repack1-8
[jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://sourceforge.net/p/lame/bugs/480/
@@ -11121,9 +11283,8 @@ CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a ma
NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878554)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/723
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820
NOTE: https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375
@@ -11135,9 +11296,8 @@ CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerabi
NOTE: https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905
NOTE: emf.c not compiled under Debian
CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...)
- {DLA-1785-1}
+ {DLA-2366-1 DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878555)
- [stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/724
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0cbb3b3b02e7af493a9aafa8f7e7d23fc70644e4
@@ -11470,8 +11630,8 @@ CVE-2017-14929 (In Poppler 0.59.0, memory corruption occurs in a call to Object:
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102969
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2c92c7b6a828c9db8a38f079ea7a3d51c12a481d
CVE-2017-14928 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...)
+ {DLA-2440-1}
- poppler 0.61.1-2 (low; bug #877231)
- [stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <not-affected> (Problematic code introduced in 0.36)
[wheezy] - poppler <not-affected> (Problematic code introduced in 0.36)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102607
@@ -11484,16 +11644,16 @@ CVE-2017-14927 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the Spla
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102604
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=6472d8493f7e82cc78b41da20a2bf19fcb4e0a7d
CVE-2017-14926 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...)
+ {DLA-2440-1}
- poppler 0.61.1-2 (low; bug #877239)
- [stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <not-affected> (Problematic code introduced in 0.36)
[wheezy] - poppler <not-affected> (Problematic code introduced in 0.36)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102601
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2532df6060092e9fab7f041ae9598aff9cdd94bb
CVE-2017-14925 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2017-14924 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2017-14923 (Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine ...)
NOT-FOR-US: Tine groupware
CVE-2017-14922 (Stored XSS vulnerability via IMG element at "History" of Profile, Cale ...)
@@ -11595,7 +11755,7 @@ CVE-2017-14876 (In msm_ispif_config_stereo() in Android for MSM, Firefox OS for
CVE-2017-14875 (In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE i ...)
NOT-FOR-US: Qualcomm component for Android
CVE-2017-14874
- RESERVED
+ REJECTED
CVE-2017-14873 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-14872 (While flashing a meta image, a buffer over-read can potentially occur ...)
@@ -11837,7 +11997,8 @@ CVE-2017-14777
CVE-2017-14776
REJECTED
CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token verification pr ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/laravel/framework/pull/21320
CVE-2017-14774
RESERVED
CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to an elev ...)
@@ -11893,7 +12054,9 @@ CVE-2017-14751 (The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, relat
CVE-2017-14750
RESERVED
CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of service ( ...)
- NOT-FOR-US: JerryScript
+ - iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/2008
CVE-2017-14748 (Race condition in Blizzard Overwatch 1.15.0.2 allows remote authentica ...)
NOT-FOR-US: Blizzard Overwatch
CVE-2017-14747
@@ -11914,7 +12077,7 @@ CVE-2017-14745 (The *_get_synthetic_symtab functions in the Binary File Descript
CVE-2017-14867 (Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x ...)
{DSA-3984-1 DLA-1120-1}
- git 1:2.14.2-1 (bug #876854)
- NOTE: http://www.openwall.com/lists/oss-security/2017/09/26/9
+ NOTE: https://www.openwall.com/lists/oss-security/2017/09/26/9
NOTE: https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u
CVE-2017-14744 (UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. ...)
NOT-FOR-US: UEditor
@@ -11923,18 +12086,16 @@ CVE-2017-14743 (Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQ
CVE-2017-14742 (Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to ex ...)
NOT-FOR-US: LabF nfsAxe
CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7 ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/771
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d
CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remo ...)
NOT-FOR-US: GeniXCMS
CVE-2017-14739 (The AcquireResampleFilterThreadSet function in magick/resample-private ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/780
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/700fcf95b2c3f554dfbe75833b91f19dde208089
@@ -11944,9 +12105,8 @@ CVE-2017-14739 (The AcquireResampleFilterThreadSet function in magick/resample-p
CVE-2017-14738 (FileRun (version 2017.09.18 and below) suffers from a remote SQL injec ...)
NOT-FOR-US: FileRun
CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in ...)
- {DLA-1125-1}
+ {DLA-2812-1 DLA-1125-1}
- botan1.10 1.10.17-0.1 (bug #877436)
- [stretch] - botan1.10 <no-dsa> (Minor issue)
[jessie] - botan1.10 <no-dsa> (Minor issue)
NOTE: https://github.com/randombit/botan/issues/1222
NOTE: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai
@@ -12110,7 +12270,7 @@ CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of service
- mupdf 1.11+ds1-1.1 (bug #877379)
[jessie] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698558
- NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
NOTE: Several fz_xml_tag && !strcmp idoms are used in older versions
CVE-2017-14686 (Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause ...)
{DSA-4006-1}
@@ -12118,14 +12278,14 @@ CVE-2017-14686 (Artifex MuPDF 1.11 allows attackers to execute arbitrary code or
[jessie] - mupdf <not-affected> (vulnerable code not present, poc not effective)
[wheezy] - mupdf <not-affected> (vulnerable code not present)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698540
- NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
CVE-2017-14685 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or po ...)
{DSA-4006-1}
- mupdf 1.11+ds1-1.1 (bug #877379)
[jessie] - mupdf <not-affected> (vulnerable code not present, poc not effective)
[wheezy] - mupdf <not-affected> (vulnerable code not present)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698539
- NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
CVE-2017-14684 (In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in t ...)
- imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #876487)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/770
@@ -12260,9 +12420,8 @@ CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Hord
NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2
NOTE: https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b
CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function do ...)
- {DLA-1618-1}
+ {DLA-2418-1 DLA-1618-1}
- libsndfile 1.0.28-5 (bug #876783)
- [stretch] - libsndfile <ignored> (Minor issue)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/318
NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788
@@ -12303,25 +12462,22 @@ CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxL
CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...)
NOT-FOR-US: CyberLink LabelPrint
CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
- {DLA-1785-1}
+ {DLA-2366-1 DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878524)
- [stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/720
NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
- {DLA-1785-1}
+ {DLA-2366-1 DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877355)
- [stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...)
- {DLA-1785-1}
+ {DLA-2366-1 DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877354)
- [stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/722
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9ff805077fd5297dc41dc989f9dba59877e12f97
@@ -12363,7 +12519,7 @@ CVE-2017-14612 ("Shpock Boot Sale &amp; Classifieds" app before 3.17.0 -- aka sh
CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote att ...)
NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 a ...)
- - bareos <unfixed> (low; bug #877334)
+ - bareos <removed> (low; bug #877334)
[buster] - bareos <ignored> (Minor issue)
[stretch] - bareos <ignored> (Minor issue)
[jessie] - bareos <no-dsa> (Minor issue)
@@ -12372,9 +12528,8 @@ CVE-2017-14609 (The server daemons in Kannel 1.5.0 and earlier create a PID file
- kannel <not-affected> (No real security issue in combination with start-stop-daemon from dpkg, see #877361)
NOTE: https://redmine.kannel.org/issues/771
CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_ ...)
- {DLA-1109-1}
+ {DLA-2903-1 DLA-1109-1}
- libraw 0.18.5-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
NOTE: https://github.com/LibRaw/LibRaw/issues/101
@@ -12431,9 +12586,9 @@ CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial re
NOT-FOR-US: Atlassian Bamboo
CVE-2017-14589 (It was possible for double OGNL evaluation in FreeMarker templates thr ...)
NOT-FOR-US: Atlassian Bamboo
-CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before version 4.4 ...)
+CVE-2017-14588 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...)
NOT-FOR-US: Atlassian
-CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye and Cru ...)
+CVE-2017-14587 (The administration user deletion resource in Atlassian Fisheye and Cru ...)
NOT-FOR-US: Atlassian
CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to client-side remote ...)
NOT-FOR-US: Atlassian
@@ -12550,9 +12705,8 @@ CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1f2089e79bcf5714cefba7cdc47049b4ac53c6b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907
CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags i ...)
- {DLA-1785-1}
+ {DLA-2366-1 DLA-1785-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #878541)
- [stretch] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/719
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1942317d9208ea17ee17d976a39768cd51d74160
@@ -12573,13 +12727,14 @@ CVE-2017-14529 (The pe_print_idata function in peXXigen.c in the Binary File Des
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582
CVE-2017-14528 (The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has ...)
+ {DLA-2523-1}
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick 8:6.9.10.2+dfsg-2 (bug #878544)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
[wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2730
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/6f7cba13ebae405b2689647a2277827f1c272364
CVE-2017-14527 (Multiple XML external entity (XXE) vulnerabilities in the OpenText Doc ...)
NOT-FOR-US: OpenText Documentum Webtop
CVE-2017-14526 (Multiple XML external entity (XXE) vulnerabilities in the OpenText Doc ...)
@@ -12639,9 +12794,8 @@ CVE-2017-14507 (Multiple SQL injection vulnerabilities in the Content Timeline p
CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by ...)
NOT-FOR-US: geminabox
CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 m ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878545)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/716
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948
@@ -12692,7 +12846,7 @@ CVE-2017-14496 (Integer underflow in the add_pseudoheader function in dnsmasq be
[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
[wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later)
NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
- NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7
CVE-2017-14495 (Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id o ...)
- dnsmasq 2.78-1
[stretch] - dnsmasq 2.76-5+deb9u1
@@ -12858,7 +13012,7 @@ CVE-2017-14459 (An exploitable OS Command Injection vulnerability exists in the
CVE-2017-14458 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
NOT-FOR-US: Foxit PDF Reader
CVE-2017-14457 (An exploitable information leak/denial of service vulnerability exists ...)
- - cpp-etherum <itp> (bug #860434)
+ - cpp-ethereum <itp> (bug #860434)
CVE-2017-14456
REJECTED
CVE-2017-14455 (On Insteon Hub 2245-222 devices with firmware version 1012, specially ...)
@@ -12869,8 +13023,8 @@ CVE-2017-14453 (On Insteon Hub 2245-222 devices with firmware version 1012, spec
NOT-FOR-US: Insteon Hub
CVE-2017-14452 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...)
NOT-FOR-US: Insteon Hub
-CVE-2017-14451
- RESERVED
+CVE-2017-14451 (An exploitable out-of-bounds read vulnerability exists in libevm (Ethe ...)
+ NOT-FOR-US: CPP-Ethereum
CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image parsing functi ...)
{DSA-4184-1 DSA-4177-1 DLA-1341-1}
- libsdl2-image 2.0.3+dfsg1-1
@@ -12970,31 +13124,33 @@ CVE-2017-14414 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_be
CVE-2017-14413 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...)
NOT-FOR-US: D-Link
CVE-2017-14412 (An invalid memory write was discovered in copy_mp in interface.c in mp ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-1
[wheezy] - mp3gain <end-of-life>
NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-invalid-memory-write-in-copy_mp-mpglibdblinterface-c/
CVE-2017-14411 (A stack-based buffer overflow was discovered in copy_mp in interface.c ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-1
[wheezy] - mp3gain <end-of-life>
NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-copy_mp-mpglibdblinterface-c/
CVE-2017-14410 (A buffer over-read was discovered in III_i_stereo in layer3.c in mpgli ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-1
[wheezy] - mp3gain <end-of-life>
NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/
CVE-2017-14409 (A buffer overflow was discovered in III_dequantize_sample in layer3.c ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-1
[wheezy] - mp3gain <end-of-life>
NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/
CVE-2017-14408 (A stack-based buffer over-read was discovered in dct36 in layer3.c in ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-1
[wheezy] - mp3gain <end-of-life>
NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/
CVE-2017-14407 (A stack-based buffer over-read was discovered in filterYule in gain_an ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-1
[wheezy] - mp3gain <end-of-life>
NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-filteryule-gain_analysis-c/
+ NOTE: Not reproducible with 1.6.2.
+ NOTE: Caught by ASAN according to CVE. mp3gain is compiled with ASAN on: amd64 i386 armel armhf powerpc
CVE-2017-14406 (A NULL pointer dereference was discovered in sync_buffer in interface. ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-1
[wheezy] - mp3gain <end-of-life>
NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/
CVE-2017-14405 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote comma ...)
@@ -13008,9 +13164,8 @@ CVE-2017-14402 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injec
CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/c ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878546)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/746
NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/04b863f15effa4375e4ee42f413f0246062b48af
NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/44a55580ac8c01d8cff1e6e0063820af113f8591
@@ -13133,15 +13288,14 @@ CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in Rea
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21
CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876105)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/654
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4
CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCa ...)
+ {DLA-2903-1}
- libraw 0.18.5-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
[wheezy] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/100
@@ -13327,7 +13481,7 @@ CVE-2017-14482 (GNU Emacs before 25.3 allows remote attackers to execute arbitra
- emacs25 25.2+1-6 (bug #875447)
- emacs24 <removed> (bug #875448)
- emacs23 <removed> (bug #875449)
- NOTE: http://www.openwall.com/lists/oss-security/2017/09/11/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/09/11/1
NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350
NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
CVE-2017-14313 (The shibboleth_login_form function in shibboleth.php in the Shibboleth ...)
@@ -13350,8 +13504,8 @@ CVE-2017-14266 (tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow v
NOTE: are addressed with the same patch:
NOTE: Patch enforce-maxpacket.patch addresses the issue
CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...)
+ {DLA-2903-1}
- libraw 0.18.5-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/99
@@ -13388,9 +13542,8 @@ CVE-2017-14251 (Unrestricted File Upload vulnerability in the fileDenyPattern in
CVE-2017-14250 (In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Fir ...)
NOT-FOR-US: TP-LINK Router
CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coder ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876099)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/708
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2071d67ebf729f76d73c33c1152df4816d1d79ac
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/66112b7a7b64f688efe6fec53a829874a74dea04
@@ -13401,16 +13554,14 @@ CVE-2017-14248 (A heap-based buffer over-read in SampleImage() in MagickCore/res
CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5 ...)
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of libs ...)
- {DLA-1618-1}
+ {DLA-2418-1 DLA-1618-1}
- libsndfile 1.0.28-5 (low; bug #876682)
- [stretch] - libsndfile <ignored> (Minor issue)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/317
NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of libs ...)
- {DLA-1618-1}
+ {DLA-2418-1 DLA-1618-1}
- libsndfile 1.0.28-5 (low; bug #876682)
- [stretch] - libsndfile <ignored> (Minor issue)
[wheezy] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/317
NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
@@ -13601,36 +13752,32 @@ CVE-2017-14177 (Apport through 2.20.7 does not properly handle core dumps from s
CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 ...)
NOT-FOR-US: aacplusenc
CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() du ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875502)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/712
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56
CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInte ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875503)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/714
NOTE: https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10 ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875504)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/713
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d
CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875506)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/715
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c
-CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_heade ...)
+CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NS ...)
{DSA-3996-1 DLA-1630-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7
-CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry ...)
+CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3 -&gt; 2.4, a DoS in mxf_read_i ...)
{DSA-3996-1 DLA-1630-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <removed>
@@ -13659,21 +13806,20 @@ CVE-2017-14161
CVE-2017-14166 (libarchive 3.3.2 allows remote attackers to cause a denial of service ...)
{DSA-4360-1 DLA-1600-1 DLA-1092-1}
- libarchive 3.2.2-3.1 (bug #874539)
- NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/09/06/5
NOTE: https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
NOTE: https://github.com/libarchive/libarchive/issues/935
CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...)
- graphicsmagick 1.3.26-9 (unimportant; bug #874724)
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa
- NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/09/06/4
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/442/
CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...)
- {DLA-2013-1}
+ {DLA-2828-1 DLA-2013-1}
- libvorbis 1.3.6-2 (bug #876780)
- [stretch] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
- NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/2
- NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
+ NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/3
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330
NOTE: Upstream fix: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attac ...)
@@ -13808,7 +13954,7 @@ CVE-2017-14134 (A Reflected XSS Vulnerability affects the forgotten password pag
NOT-FOR-US: Maplesoft Maple
CVE-2017-14133
RESERVED
-CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of service (he ...)
+CVE-2017-14132 (JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900 ...)
{DLA-1583-1}
- jasper <removed> (low)
[wheezy] - jasper <ignored> (Minor issue)
@@ -13848,19 +13994,20 @@ CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR wh
CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upl ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based b ...)
+ {DLA-2567-1}
- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874060)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
NOTE: Crash in CLI tool, no security impact
CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...)
+ {DLA-2567-1}
- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874061)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
NOTE: Crash in CLI tool, no security impact
CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory tra ...)
- {DLA-1091-1}
+ {DLA-2567-1 DLA-1091-1}
- unrar-free 1:0.0.1+cvs20140707-2 (bug #874059)
- [stretch] - unrar-free <no-dsa> (Minor issue)
[jessie] - unrar-free <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29
CVE-2017-14119 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all ...)
NOT-FOR-US: EyesOfNetwork (EON)
@@ -13900,9 +14047,9 @@ CVE-2017-14108 (libgedit.a in GNOME gedit through 3.22.1 allows remote attackers
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=791037
NOTE: negligible security impact
CVE-2017-14107 (The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mis ...)
+ {DLA-2858-1}
[experimental] - libzip 1.3.0+dfsg.1-1
- libzip 1.5.1-3 (low; bug #874010)
- [stretch] - libzip <no-dsa> (Minor issue)
[jessie] - libzip <no-dsa> (Minor issue)
[wheezy] - libzip <no-dsa> (Minor issue)
- php5 <removed> (unimportant)
@@ -13925,7 +14072,7 @@ CVE-2017-14103 (The ReadJNGImage and ReadOneJNGImage functions in coders/png.c i
[stretch] - graphicsmagick <not-affected> (Incomplete fix for CVE-2017-11403 not applied)
[jessie] - graphicsmagick <not-affected> (Incomplete fix for CVE-2017-11403 not applied)
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
- NOTE: http://www.openwall.com/lists/oss-security/2017/09/01/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/09/01/6
NOTE: https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/
CVE-2017-14102 (MIMEDefang 2.80 and earlier creates a PID file after dropping privileg ...)
- mimedefang 2.83-1 (bug #877363)
@@ -14041,9 +14188,8 @@ CVE-2017-14061 (Integer overflow in the _isBidi function in bidi.c in Libidn2 be
- libidn <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305
CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present i ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878506)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/710
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5bdfef29f5e6744f36f25ec04583c6b6f4a13b48
@@ -14053,7 +14199,7 @@ CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an E
- libav <removed>
[jessie] - libav <not-affected> (vulnerable code is not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6
-CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ...)
+CVE-2017-14058 (In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c d ...)
{DSA-3996-1 DLA-1740-1}
- ffmpeg 7:3.3.4-1 (low)
- libav <removed>
@@ -14375,18 +14521,18 @@ CVE-2017-13912
RESERVED
CVE-2017-13911 (A configuration issue was addressed with additional restrictions. This ...)
NOT-FOR-US: Apple
-CVE-2017-13910
- RESERVED
-CVE-2017-13909
- RESERVED
-CVE-2017-13908
- RESERVED
-CVE-2017-13907
- RESERVED
-CVE-2017-13906
- RESERVED
-CVE-2017-13905
- RESERVED
+CVE-2017-13910 (An access issue was addressed with additional sandbox restrictions on ...)
+ NOT-FOR-US: Apple
+CVE-2017-13909 (An issue existed in the storage of sensitive tokens. This issue was ad ...)
+ NOT-FOR-US: Apple
+CVE-2017-13908 (An issue in handling file permissions was addressed with improved vali ...)
+ NOT-FOR-US: Apple
+CVE-2017-13907 (A state management issue was addressed with improved state validation. ...)
+ NOT-FOR-US: Apple
+CVE-2017-13906 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2017-13905 (A race condition was addressed with additional validation. This issue ...)
+ NOT-FOR-US: Apple
CVE-2017-13904 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 11.2.1 i ...)
@@ -14411,8 +14557,8 @@ CVE-2017-13894
RESERVED
CVE-2017-13893
RESERVED
-CVE-2017-13892
- RESERVED
+CVE-2017-13892 (An issue existed in the handling of Contact sharing. This issue was ad ...)
+ NOT-FOR-US: Apple
CVE-2017-13891 (In iOS before 11.2, an inconsistent user interface issue was addressed ...)
NOT-FOR-US: Apple
CVE-2017-13890 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -14441,8 +14587,8 @@ CVE-2017-13882
RESERVED
CVE-2017-13881
RESERVED
-CVE-2017-13880
- RESERVED
+CVE-2017-13880 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
NOT-FOR-US: Apple
CVE-2017-13878 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -14537,8 +14683,8 @@ CVE-2017-13837 (An issue was discovered in certain Apple products. macOS before
NOT-FOR-US: Apple
CVE-2017-13836 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
NOT-FOR-US: Apple
-CVE-2017-13835
- RESERVED
+CVE-2017-13835 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
CVE-2017-13834 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
NOT-FOR-US: Apple
CVE-2017-13833 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
@@ -14722,9 +14868,8 @@ CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageM
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5a3897693a8b4e97add649c0ca1d538bd90f59c9
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260
CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in MagickCore/i ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875352)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/706
NOTE: https://github.com/ImageMagick/ImageMagick/commit/152e510e2b7858efe5992ed95090d8e0049417f3
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2c1b360d80e5f8f7c7108c0afedde64ab79318ff
@@ -14880,8 +15025,8 @@ CVE-2017-13736 (There are lots of memory leaks in the GMCommand function in magi
- graphicsmagick <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484192
CVE-2017-13735 (There is a floating point exception in the kodak_radc_load_raw functio ...)
+ {DLA-2903-1}
- libraw 0.18.5-1 (low; bug #874729)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/issues/96
@@ -15046,7 +15191,7 @@ CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the FG
- flightgear 1:2017.2.1+dfsg-4 (low; bug #873439)
[stretch] - flightgear 1:2016.4.4+dfsg-3+deb9u1
[jessie] - flightgear 3.0.0-5+deb8u3
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/27/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/27/1
CVE-2017-13705
RESERVED
CVE-2017-13704 (In dnsmasq before 2.78, if the DNS packet size does not match the expe ...)
@@ -16280,9 +16425,8 @@ CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based b
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1b234b4fe2ec864b2d5af898a31c06c9736da904
NOTE: GraphicsMagick: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05
CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873100)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/679
NOTE: https://github.com/ImageMagick/ImageMagick/commit/19dbe11c5060f66abb393d1945107c5f54894fa8
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/fad03699658d2607562a8487c944c300d59a1ca5
@@ -16499,8 +16643,8 @@ CVE-2017-13062 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in
- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/669
CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was found in ...)
+ {DLA-2366-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #873131)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/645
@@ -16837,16 +16981,11 @@ CVE-2017-12966 (The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in l
CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows remote att ...)
NOT-FOR-US: Apache2Triad
CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...)
- - libsass <undetermined> (low; bug #873034)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482397
+ NOTE: Bogus report against historic libsass version
CVE-2017-12963 (There is an illegal address access in Sass::Eval::operator() in eval.c ...)
- - libsass <undetermined> (low; bug #873034)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482335
- NOTE: Similar issue to CVE-2017-11555 but for the issue which remains unfixed
- NOTE: with the upstream patch for CVE-2017-11555.
+ NOTE: Bogus report against historic libsass version
CVE-2017-12962 (There are memory leaks in LibSass 3.4.5 triggered by deeply nested cod ...)
- - libsass <undetermined> (low; bug #873034)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482331
+ NOTE: Bogus report against historic libsass version
CVE-2017-12961 (There is an assertion abort in the function parse_attributes() in data ...)
- pspp 1.0.1-1 (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482436
@@ -16937,39 +17076,39 @@ CVE-2017-12942 (libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Un
[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/6
CVE-2017-12941 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpa ...)
- unrar-nonfree 1:5.5.8-1
[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/6
CVE-2017-12940 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Enco ...)
- unrar-nonfree 1:5.5.8-1
[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/6
CVE-2017-12938 (UnRAR before 5.5.7 allows remote attackers to bypass a directory-trave ...)
- unrar-nonfree 1:5.5.8-1
[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/2
CVE-2017-12937 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...)
{DSA-4321-1 DLA-1401-1 DLA-1082-1}
- graphicsmagick 1.3.26-6 (bug #872574)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/5
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
CVE-2017-12936 (The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has ...)
{DSA-4321-1 DLA-1456-1 DLA-1082-1}
- graphicsmagick 1.3.26-6 (bug #872575)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/3
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/3
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd
CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mis ...)
{DSA-4321-1 DLA-1456-1 DLA-1082-1}
- graphicsmagick 1.3.26-6 (bug #872576)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/4
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
CVE-2017-12934 (ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x ...)
{DSA-4080-1}
@@ -17014,11 +17153,11 @@ CVE-2017-12914
CVE-2017-12913
RESERVED
CVE-2017-12912 (The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-1
[wheezy] - mp3gain <end-of-life>
NOTE: https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU
CVE-2017-12911 (The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which resu ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-1
[wheezy] - mp3gain <end-of-life>
NOTE: https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU
CVE-2017-12910 (SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows rem ...)
@@ -17143,9 +17282,8 @@ CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7.
NOTE: https://github.com/ImageMagick/ImageMagick/issues/663
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e
CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remot ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873871)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/659
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6f95e543c80319721e22d623bb23712cd29afa9e
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d96b55ea41e71de43663818ccd17c6af3fa6c4fd
@@ -17156,22 +17294,19 @@ CVE-2017-12865 (Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and
- connman 1.35-1 (bug #872844)
NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 (1.35)
CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #875345)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9372
CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::re ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #875344)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9371
CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffe ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #875342)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9370
CVE-2017-12861 (The Epson "EasyMP" software is designed to remotely stream a users com ...)
NOT-FOR-US: Epson "EasyMP"
@@ -17182,7 +17317,7 @@ CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS
CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in zip_dire ...)
- libzip <not-affected> (Vulnerable code introduced later)
NOTE: Introduced after: https://github.com/nih-at/libzip/commit/796c5968ad679220db3fb65ec6f48c66e554e5d5 (rel-1-2-0)
- NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
+ NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 (rel-1-3-0)
CVE-2017-12857 (Polycom SoundStation IP, VVX, and RealPresence Trio that are running s ...)
NOT-FOR-US: Polycom
CVE-2017-12856 (Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote ...)
@@ -17261,7 +17396,7 @@ CVE-2017-12847 (Nagios Core before 4.3.3 creates a nagios.lock PID file after dr
- nagios3 <removed>
[jessie] - nagios3 <no-dsa> (Minor issue)
[wheezy] - nagios3 <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/16/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/16/7
NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/404
NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752
NOTE: https://github.com/orlitzky/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb
@@ -17363,13 +17498,13 @@ CVE-2017-12808
CVE-2017-12807
REJECTED
CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...)
+ {DLA-2366-1}
- imagemagick 8:6.9.9.34+dfsg-3
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/660
CVE-2017-12805 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.9.34+dfsg-3
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/664
CVE-2017-12804 (The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1. ...)
@@ -17385,7 +17520,7 @@ CVE-2017-12800 (The EBML_FindNextElement function in ebmlmain.c in libebml2 thro
CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote repositories, might ...)
{DSA-3940-1 DLA-1056-1}
- cvs 2:1.12.13+real-24 (bug #871810)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/11/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/11/1
CVE-2017-12799 (The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows re ...)
- binutils 2.29-9
[stretch] - binutils <ignored> (Minor issue)
@@ -17567,7 +17702,7 @@ CVE-2017-12743
RESERVED
CVE-2017-12742
RESERVED
-CVE-2017-12741 (A vulnerability has been identified in SIMATIC S7-200 Smart (All versi ...)
+CVE-2017-12741 (A vulnerability has been identified in Development/Evaluation Kits for ...)
NOT-FOR-US: Siemens
CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity ...)
NOT-FOR-US: Siemens
@@ -17579,9 +17714,9 @@ CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Module
NOT-FOR-US: Siemens
CVE-2017-12736 (A vulnerability has been identified in RUGGEDCOM ROS for RSL910 device ...)
NOT-FOR-US: Siemens
-CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. An attac ...)
+CVE-2017-12735 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: Siemens
-CVE-2017-12734 (A vulnerability has been identified in Siemens LOGO! devices before V1 ...)
+CVE-2017-12734 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: Siemens
CVE-2017-12733 (A Missing Authentication for Critical Function issue was discovered in ...)
NOT-FOR-US: SiteSentinel
@@ -17680,23 +17815,20 @@ CVE-2017-1000099 (When asking to get a file from a file:// URL, libcurl provides
NOTE: https://curl.haxx.se/CVE-2017-1000099.patch
NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allow ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875341)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/652
NOTE: https://github.com/ImageMagick/ImageMagick/commit/75fcbf5d649bba046c6a0db650a518f7bfc0fb3f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e
CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 all ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875339)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/653
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4a25fe5447bfb3a1918a2e9d595928e853b09d2e
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15
CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allow ...)
- {DLA-1785-1 DLA-1131-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1131-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875338)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/656
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1ea048a3a34df293764502401d966aeacf9179d
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/68bbe7b8b226ed79e339296793f68f1b2bebc519
@@ -17725,13 +17857,13 @@ CVE-2017-12680 (Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type p
CVE-2017-12679 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater ...)
NOT-FOR-US: NexusPHP
CVE-2017-12678 (In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefac ...)
+ {DLA-2772-1}
- taglib 1.11.1+dfsg.1-0.2 (bug #871511)
- [stretch] - taglib <no-dsa> (Minor issue)
[jessie] - taglib <not-affected> (Vulnerable code not present)
[wheezy] - taglib <not-affected> (Vulnerable code not present)
- silverjuke <not-affected> (Vulnerable code not present, based on older taglib version)
NOTE: https://github.com/taglib/taglib/issues/829
- NOTE: https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6#diff-37f706c8696a7c1ca939b169c0a04d97
+ NOTE: https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a
CVE-2017-12677 (IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Ang ...)
NOT-FOR-US: IdentityServer
CVE-2017-12676 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...)
@@ -17747,9 +17879,8 @@ CVE-2017-12675 (In ImageMagick 7.0.6-3, a missing check for multidimensional dat
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a020acbcfea6e53eff6766c87ea175eac9dcd18
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e33a39a6a168cdd800fd160e8f93f0059432bdf7
CVE-2017-12674 (In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in th ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #872609)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/604
NOTE: https://github.com/ImageMagick/ImageMagick/commit/91651bd482b6637cf650700ffd7b3b63de1cb049
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a91708c6b70bd4e3d2b931465307e0aeababb3c
@@ -17868,13 +17999,13 @@ CVE-2017-12637 (Directory traversal vulnerability in scheduler/ui/js/ffffffffbca
CVE-2017-12636 (CouchDB administrative users can configure the database server via HTT ...)
{DLA-1252-1}
- couchdb <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/11/14/6
NOTE: Likely patch for 1.2.x: https://github.com/apache/couchdb/commit/9a28df7e9703a1a3420e7616c4d33a523ee06354
NOTE: Possibly needs more updates: https://github.com/apache/couchdb/commit/bf6b6a1c84321baee2c4ad354059a45e0b8fdec7
CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and JavaScript-base ...)
{DLA-1252-1}
- couchdb <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/11/14/6
NOTE: Likely patch for 1.2.x: https://github.com/apache/couchdb/commit/3706a77c13a78672e5a3fbde06e7bffd3665f73b
CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20. ...)
NOT-FOR-US: Apache Camel
@@ -17924,7 +18055,7 @@ CVE-2017-12621 (During Jelly (xml) file parsing with Apache Xerces, if a custom
- jenkins-commons-jelly <removed>
[jessie] - jenkins-commons-jelly <ignored> (Minor issue, only used by Jenkins which got removed)
[wheezy] - jenkins-commons-jelly <ignored> (Minor issue, only used by Jenkins which got removed)
- NOTE: http://www.openwall.com/lists/oss-security/2017/09/27/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/09/27/6
CVE-2017-12620 (When loading models or dictionaries that contain XML it is possible to ...)
NOT-FOR-US: Apache OpenNLP
CVE-2017-12619 (Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation whic ...)
@@ -17961,14 +18092,13 @@ CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP
CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be exploited to ...)
- airflow <itp> (bug #819700)
CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with ...)
- {DLA-1162-1}
+ {DLA-2897-1 DLA-1162-1}
- apr 1.6.3-1 (low; bug #879708)
- [stretch] - apr <no-dsa> (Minor issue)
[jessie] - apr <no-dsa> (Minor issue)
NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
NOTE: Fixed by: https://github.com/apache/apr/commit/ad958385a4180d7a83d90589689fcd36e3bbc57a
CVE-2017-12612 (In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe de ...)
- NOT-FOR-US: Apache Spark
+ - apache-spark <itp> (bug #802194)
CVE-2017-12611 (In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using ...)
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <ignored> (Minor issue)
@@ -17991,28 +18121,24 @@ CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, an
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607
NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=334dba623dfb0c4fb2b5292c2d03741b7b33aef1
CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invali ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...)
[experimental] - opencv 3.4.4+dfsg-1~exp1
@@ -18022,10 +18148,9 @@ CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a d
[wheezy] - opencv <ignored> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...)
[experimental] - opencv 3.4.4+dfsg-1~exp1
@@ -18035,30 +18160,28 @@ CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a d
[wheezy] - opencv <ignored> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...)
- {DLA-1438-1 DLA-1117-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1117-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #872044)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...)
+ {DLA-2358-1}
- openexr 2.2.0-11.1 (bug #877352)
- [stretch] - openexr <no-dsa> (Minor issue)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr 1.6.1-6+deb7u1
NOTE: https://github.com/openexr/openexr/issues/238
- NOTE: Upstream fix https://github.com/openexr/openexr/commit/f09f5f26c1924c4f7e183428ca79c9881afaf53c
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/f09f5f26c1924c4f7e183428ca79c9881afaf53c (v2.3.0)
CVE-2017-12595 (The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dic ...)
- qpdf 7.0.0-1
[stretch] - qpdf <no-dsa> (Minor issue)
@@ -18151,9 +18274,8 @@ CVE-2017-12564 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ff3faa31166439d81b72de22daea2b6404569137
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a4779cfbee2e4235fa9f9f8f2e58dca17f7ccc6b
CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870530)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/599
NOTE: https://github.com/ImageMagick/ImageMagick/commit/82b53bd74df1489332e4043035a51b43f54d43f1
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7d3af83d8b946f952bfd028451e6dfb1f7ace07a
@@ -18496,9 +18618,8 @@ CVE-2017-12437
CVE-2017-12436
RESERVED
CVE-2017-12435 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870504)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/543
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2dd8d55742fce7d079b6a16039c18e49c091224f
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/44cb8dfd4cbe6fc475c863a5946cff64e34c2088
@@ -18516,9 +18637,8 @@ CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was fo
NOTE: https://github.com/ImageMagick/ImageMagick/commit/061de02095a56d438409c63f723f340b2d9d36c7
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ded916c5da6febe9660c3cfa44c3114567adf74
CVE-2017-12429 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
- {DLA-1081-1}
+ {DLA-2366-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/545
NOTE: https://github.com/ImageMagick/ImageMagick/commit/30a74ed25a4890acfa94f452d653d54c9628c87e
@@ -18538,8 +18658,8 @@ CVE-2017-12426 (GitLab Community Edition (CE) and Enterprise Edition (EE) before
NOTE: The CVE is for the issue when importing a project via crafted SSH URLs,
NOTE: which becomes ineffective with a fixed git version itself.
CVE-2017-12424 (In shadow before 4.5, the newusers tool could be made to manipulate in ...)
+ {DLA-2596-1}
- shadow 1:4.5-1 (bug #756630)
- [stretch] - shadow <no-dsa> (Minor issue)
[jessie] - shadow <no-dsa> (Minor issue)
[wheezy] - shadow <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675
@@ -19200,7 +19320,7 @@ CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnera
[jessie] - openvpn <no-dsa> (Minor issue)
[wheezy] - openvpn <no-dsa> (Minor issue)
NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
- NOTE: http://www.openwall.com/lists/oss-security/2017/09/28/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/09/28/2
NOTE: https://community.openvpn.net/openvpn/changeset/3b1a61e9fb27213c46f76312f4065816bee8ed01/ (master)
NOTE: https://community.openvpn.net/openvpn/changeset/c7e259160b28e94e4ea7f0ef767f8134283af255/ (release/2.4)
NOTE: https://community.openvpn.net/openvpn/changeset/fce34375295151f548a26c2d0eb30141e427c81a/ (release/2.3)
@@ -19301,9 +19421,8 @@ CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was f
[wheezy] - libytnef <no-dsa> (Minor issue)
NOTE: https://github.com/Yeraze/ytnef/issues/50
CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has a ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873059)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/533
NOTE: https://github.com/ImageMagick/ImageMagick/commit/94933146cb2d9d95889a385f08d5eb5f92d4e3cd
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6bf56fbe1fc551f198c3491ed58d56bb5efea23c
@@ -20196,9 +20315,8 @@ CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOn
- imagemagick 8:6.9.7.4+dfsg-15 (bug #870109)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05
CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJN ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870107)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/549
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG fi ...)
@@ -20249,7 +20367,7 @@ CVE-2017-11748 (VIT Spider Player 2.5.3 has an untrusted search path, allowing D
CVE-2017-11747 (main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinypro ...)
{DLA-2163-1}
- tinyproxy 1.10.0-1 (bug #870307)
- [stretch] - tinyproxy <no-dsa> (Minor issue)
+ [stretch] - tinyproxy 1.8.4-3~deb9u2
[wheezy] - tinyproxy <no-dsa> (Minor issue)
NOTE: https://github.com/tinyproxy/tinyproxy/issues/106
CVE-2017-11746 (Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a n ...)
@@ -20273,7 +20391,7 @@ CVE-2017-11740 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the a
NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2017-11739 (In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenti ...)
NOT-FOR-US: Zoho ManageEngine Application Manager
-CVE-2017-11738 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the 'haid' ...)
+CVE-2017-11738 (In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, th ...)
NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2017-11737 (interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS ...)
- rspamd 1.7.6-1
@@ -20328,14 +20446,17 @@ CVE-2017-11724 (The ReadMATImage function in coders/mat.c in ImageMagick through
CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, ...)
{DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020)
- [stretch] - imagemagick <ignored> (Minor issue)
+ [stretch] - imagemagick <ignored> (Minor issue, PoC triggers earlier assertion, fix reverted upstream)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
- NOTE: https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
- NOTE: https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9f1a91d93871cc6a5c0b99e8bacad4d730acf36
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/de8cdeceafdc7bbdfcc55cd08e6a8b0cc979c91c
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/75db34b6a4d642cb6f88c792942de27490c900e0
+ NOTE: fix reverted with CVE-2017-18029
+ NOTE: triggered by CVE-2017-12877
CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missi ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/598
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89
CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found i ...)
@@ -20371,7 +20492,7 @@ CVE-2017-11720 (There is a division-by-zero vulnerability in LAME 3.99.5, caused
[wheezy] - lame 3.99.5+repack1-3+deb7u1
NOTE: https://sourceforge.net/p/lame/bugs/460/
NOTE: Duplicate/same as: https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/
-CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg th ...)
+CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3. ...)
{DSA-3957-1}
- ffmpeg 7:3.3.3-1
- libav <removed>
@@ -20391,7 +20512,7 @@ CVE-2017-11714 (psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references t
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript 9.22~dfsg-1 (bug #869977)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698158
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=671fd59eb657743aa86fbc1895cb15872a317caa (ghostpdl-9.22rc1)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=671fd59eb657743aa86fbc1895cb15872a317caa (ghostpdl-9.22rc1)
CVE-2017-11713
RESERVED
CVE-2017-11712
@@ -20467,8 +20588,8 @@ CVE-2017-11692 (The function "Token&amp; Scanner::peek" in scanner.cpp in yaml-c
[jessie] - yaml-cpp <no-dsa> (Minor issue)
[wheezy] - yaml-cpp <no-dsa> (Minor issue)
- yaml-cpp0.3 <removed> (bug #870327)
- [stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
- [jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
+ [stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
+ [jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
NOTE: https://github.com/jbeder/yaml-cpp/issues/519
NOTE: https://github.com/jbeder/yaml-cpp/commit/c9460110e072df84b7dee3eb651f2ec5df75fb18
CVE-2017-11690
@@ -20603,11 +20724,11 @@ CVE-2017-11656
RESERVED
CVE-2017-11655 (A memory leak was found in the way SIPcrack 0.2 handled processing of ...)
- sipcrack <unfixed> (unimportant; bug #869803)
- NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/07/26/1
NOTE: Negligible security impact
CVE-2017-11654 (An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 ...)
- sipcrack <unfixed> (unimportant; bug #869803)
- NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/07/26/1
NOTE: Negligible security impact
CVE-2017-11653 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the D ...)
NOT-FOR-US: Razer Synapse
@@ -20741,9 +20862,8 @@ CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b580ad0564aefd9beeccbcbb8d62ccd05795a84
CVE-2017-12430 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
- {DLA-1785-1 DLA-1081-1}
+ {DLA-2366-1 DLA-1785-1 DLA-1081-1}
- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869727)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/546
NOTE: https://github.com/ImageMagick/ImageMagick/commit/98e5d0001cda195da0e8ea7650ab85c6f8333ff5
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8d537f6d778675e08ef9d238606d05101bf471b9
@@ -20814,8 +20934,7 @@ CVE-2017-11607
CVE-2017-11606
RESERVED
CVE-2017-11605 (There is a heap based buffer over-read in LibSass 3.4.5, related to ad ...)
- - libsass <undetermined> (bug #870184)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1474019
+ NOTE: Bogus report against historic libsass version
CVE-2017-11604
RESERVED
CVE-2017-11603
@@ -21085,9 +21204,8 @@ CVE-2017-11531 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c81594c6ee93581b97e8f8c743200b1366d83989
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1885ab1231e82f90d3f0e839555ee3e1a441bbf8
CVE-2017-11521 (The SdpContents::Session::Medium::parse function in resip/stack/SdpCon ...)
- {DLA-1439-1 DLA-1040-1}
+ {DLA-2865-1 DLA-1439-1 DLA-1040-1}
- resiprocate <removed> (low; bug #869404)
- [stretch] - resiprocate <no-dsa> (Minor issue)
NOTE: https://github.com/resiprocate/resiprocate/pull/88
NOTE: https://github.com/resiprocate/resiprocate/pull/88/commits/4b8ffa5afd3291a2701f8d39c31ada443f79a5c8
CVE-2017-11520
@@ -21113,15 +21231,15 @@ CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary
CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera that all ...)
NOT-FOR-US: Wanscam's HW0021 network camera
CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in Firebir ...)
- {DLA-2129-1 DLA-1374-1}
+ {DLA-2824-1 DLA-2129-1 DLA-1374-1}
- firebird3.0 3.0.3.32900.ds4-3
- [stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in a future update)
- firebird2.5 <removed>
NOTE: https://www.tenable.com/security/research/tra-2017-36
+ NOTE: https://github.com/FirebirdSQL/firebird/issues/5787
NOTE: Firebird upstream responded to Tenable the issue is not intended to be addressed
NOTE: in "any current release".
NOTE: Issue adressed by disabling UDFs in firebird.conf, this is not a source code fix,
- NOTE: and might actually be considered more justof a mitigation.
+ NOTE: and might actually be considered more of just a mitigation.
NOTE: Steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at
CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...)
NOT-FOR-US: SecurityCenter
@@ -21151,7 +21269,7 @@ CVE-2017-11522 (The WriteOnePNGImage function in coders/png.c in ImageMagick thr
CVE-2017-11504
RESERVED
CVE-2017-11503 (PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Add ...)
- - libphp-phpmailer <unfixed> (unimportant)
+ - libphp-phpmailer 6.0.6-0.1 (unimportant)
NOTE: code_generator.phps installed to examples
CVE-2017-11502 (Technicolor DPC3928AD DOCSIS devices allow remote attackers to read ar ...)
NOT-FOR-US: Technicolor
@@ -21227,8 +21345,8 @@ CVE-2017-11465 (The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 al
- ruby2.3 <not-affected> (Specific to Ruby 2.4)
- ruby2.1 <not-affected> (Specific to Ruby 2.4)
CVE-2017-11464 (A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in G ...)
+ {DLA-2285-1}
- librsvg 2.40.18-1 (bug #869129)
- [stretch] - librsvg <no-dsa> (Minor issue)
[jessie] - librsvg <not-affected> (Vulnerable code introduced in 2.40.9)
[wheezy] - librsvg <not-affected> (Vulnerable code introduced in 2.40.9)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783835
@@ -21461,7 +21579,7 @@ CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.
- graphicsmagick 1.3.26-3
NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
NOTE: When fixing this CVE make sure to not make the fix incomplete and open the CVE-2017-14103
- NOTE: issue. See: http://www.openwall.com/lists/oss-security/2017/09/01/6
+ NOTE: issue. See: https://www.openwall.com/lists/oss-security/2017/09/01/6
NOTE: The addition required commit is: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
CVE-2017-11402 (An issue has been discovered on the Belden Hirschmann Tofino Xenon Sec ...)
NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance
@@ -21619,11 +21737,9 @@ CVE-2017-11343 (Due to an incomplete fix for CVE-2012-6125, all versions of CHIC
[wheezy] - chicken <no-dsa> (Minor issue)
NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
CVE-2017-11342 (There is an illegal address access in ast.cpp of LibSass 3.4.5. A craf ...)
- - libsass <undetermined> (bug #868577)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470722
+ NOTE: Bogus report against historic libsass version
CVE-2017-11341 (There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. ...)
- - libsass <undetermined> (bug #868577)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470714
+ NOTE: Bogus report against historic libsass version
CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function i ...)
- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #868578)
NOTE: https://github.com/Exiv2/exiv2/issues/53
@@ -21691,7 +21807,7 @@ CVE-2017-11524 (The WriteBlob function in MagickCore/blob.c in ImageMagick befor
CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka Quick ...)
{DSA-3925-1}
- qemu 1:2.8+dfsg-7 (bug #869173)
- [jessie] - qemu <postponed> (Minor issue, root DoS, backport caused Xen regression in Ubuntu and was reverted)
+ [jessie] - qemu <ignored> (Minor issue, root DoS, Xen regression, multiple refactorings after 2.5, no reproducer)
[wheezy] - qemu <no-dsa> (Minor issue)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <no-dsa> (Minor issue)
@@ -22018,11 +22134,14 @@ CVE-2017-11192
CVE-2017-11191 (** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote auth ...)
NOTE: non-issue claimed for freepia
CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...)
- - unrar-free <unfixed> (unimportant)
+ - unrar-free 1:0.0.2-0.1 (unimportant; bug #995065)
NOTE: Affected debug code not enabled
+ NOTE: https://gitlab.com/bgermann/unrar-free/-/commit/e4b3d2d974780af12d8221a25165809e611676df
CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...)
- - unrar-free <unfixed> (unimportant)
+ - unrar-free 1:0.0.1+cvs20140707-4 (unimportant)
NOTE: Crash in CLI tool, no security impact
+ NOTE: https://github.com/0x09AL/my-exploits/blob/master/pocs/unrar-free/dos/DESCRIPTION
+ NOTE: Same fix as CVE-2017-14121 and possibly to be considered a duplicate
CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks t ...)
NOT-FOR-US: phpMyFAQ
CVE-2017-11186
@@ -22244,6 +22363,7 @@ CVE-2017-1000048 (the web framework using ljharb's qs module older than v6.3.2,
NOT-FOR-US: ljharb
CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory Traversal in t ...)
- rbenv <unfixed> (bug #869702)
+ [bullseye] - rbenv <no-dsa> (Minor issue)
[buster] - rbenv <no-dsa> (Minor issue)
[stretch] - rbenv <no-dsa> (Minor issue)
[jessie] - rbenv <no-dsa> (Minor issue)
@@ -22512,7 +22632,7 @@ CVE-2017-11105 (The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL
NOT-FOR-US: OnePlus
CVE-2017-1000050 (JasPer 2.0.12 is vulnerable to a NULL pointer exception in the functio ...)
- jasper <removed> (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/06/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/06/1
NOTE: https://github.com/mdadams/jasper/issues/120
NOTE: Fixed by: https://github.com/mdadams/jasper/commit/58ba0365d911b9f9dd68e9abf826682c0b4f2293
CVE-2017-1002024 (Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/u ...)
@@ -22606,7 +22726,7 @@ CVE-2017-11073 (In android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-11072 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: HTC component for Android
CVE-2017-11071
- RESERVED
+ REJECTED
CVE-2017-11070
RESERVED
CVE-2017-11069 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -22708,7 +22828,7 @@ CVE-2017-11022 (In android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-11021
RESERVED
CVE-2017-11020
- RESERVED
+ REJECTED
CVE-2017-11019 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
@@ -22869,7 +22989,7 @@ CVE-2017-1000082 (systemd v233 and earlier fails to safely parse usernames start
[wheezy] - systemd <not-affected> (Vulnerable code introduced in systemd-229)
NOTE: https://github.com/systemd/systemd/issues/6237
NOTE: Fixed by: https://github.com/systemd/systemd/commit/bb28e68477a3a39796e4999a6cbc6ac6345a9159
- NOTE: http://www.openwall.com/lists/oss-security/2017/07/02/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/07/02/1
CVE-2017-10977
RESERVED
CVE-2017-10976 (When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead t ...)
@@ -22898,7 +23018,7 @@ CVE-2017-11147 (In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive han
[jessie] - php5 5.6.30+dfsg-0+deb8u1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73773
NOTE: Fixed in 7.1.1, 7.0.15, 5.6.30
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the o ...)
{DSA-4081-1 DSA-4080-1 DLA-1034-1}
@@ -22907,9 +23027,9 @@ CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7,
- php5 <removed>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74651
NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserialization of b ...)
{DSA-4081-1 DLA-1034-1}
@@ -22917,8 +23037,8 @@ CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserializatio
- php7.0 <not-affected> (Only affected 5.6)
- php5 <removed>
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74145
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
- NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
+ NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9
NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11142 (In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remot ...)
{DSA-4081-1}
@@ -22935,14 +23055,14 @@ CVE-2017-10972 (Uninitialized data in endianness conversion in the XEvent handli
{DSA-3905-1 DLA-1026-1}
- xorg-server 2:1.19.3-2 (bug #867492)
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
- NOTE: http://www.openwall.com/lists/oss-security/2017/07/06/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/07/06/6
CVE-2017-10971 (In the X.Org X server before 2017-06-19, a user authenticated to an X ...)
{DSA-3905-1 DLA-1026-1}
- xorg-server 2:1.19.3-2 (bug #867492)
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
- NOTE: http://www.openwall.com/lists/oss-security/2017/07/06/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/07/06/6
CVE-2017-10969
RESERVED
CVE-2017-10968 (In FineCMS through 2017-07-07, application\core\controller\template.ph ...)
@@ -23278,11 +23398,14 @@ CVE-2017-10807 (JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authent
NOTE: Fixed by: https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16
NOTE: https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1
CVE-2017-10805 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/17921
CVE-2017-10804 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/17914
CVE-2017-10803 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/17898
CVE-2017-10802
RESERVED
CVE-2017-10801 (phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO ...)
@@ -23326,9 +23449,8 @@ CVE-2017-10791 (There is an Integer overflow in the hash_int function of the lib
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467004
NOTE: No security impact as built in Debian
CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through 4.12 cause ...)
- {DSA-4106-1 DLA-1038-1}
+ {DSA-4106-1 DLA-2255-1 DLA-1038-1}
- libtasn1-6 4.12-2.1 (bug #867398)
- [jessie] - libtasn1-6 <no-dsa> (Minor issue)
- libtasn1-3 <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464141
NOTE: Fixed by: https://gitlab.com/gnutls/libtasn1/commit/d8d805e1f2e6799bb2dff4871a8598dc83088a39
@@ -23537,8 +23659,8 @@ CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x befo
{DSA-4045-1}
- vlc 2.2.6-3
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
- NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b
- NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49
+ NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b
+ NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49
NOTE: https://trac.videolan.org/vlc/ticket/18467
CVE-2017-10698
RESERVED
@@ -23578,8 +23700,7 @@ CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDir
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2712
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1
CVE-2017-10687 (In LibSass 3.4.5, there is a heap-based buffer over-read in the functi ...)
- - libsass <undetermined> (low; bug #866672)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1466411
+ NOTE: Bogus report against historic libsass version
CVE-2017-10686 (In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...)
{DLA-1041-1}
- nasm 2.13.02-0.1 (bug #867988)
@@ -24011,14 +24132,14 @@ CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware
CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmwa ...)
NOT-FOR-US: Green Packet
CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #866020)
- [stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/75
CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #866022)
- [stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/74
@@ -24263,7 +24384,7 @@ CVE-2017-9835 (The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghosts
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript 9.22~dfsg-1 (bug #869907)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697985
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066 (ghostpdl-9.22rc1)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066 (ghostpdl-9.22rc1)
CVE-2017-9834 (SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for W ...)
NOT-FOR-US: WatuPRO plugin for WordPress
CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of ...)
@@ -24328,13 +24449,13 @@ CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libt
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b
NOTE: The issue is addressed with the same commit as for CVE-2017-9403
CVE-2017-9814 (cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote atta ...)
- - cairo <unfixed> (low; bug #868580)
- [buster] - cairo <no-dsa> (Minor issue)
+ - cairo 1.16.0-1 (low; bug #868580)
[stretch] - cairo <no-dsa> (Minor issue)
[jessie] - cairo <no-dsa> (Minor issue)
[wheezy] - cairo <no-dsa> (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101547
NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/264
+ NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/commit/199823938780c8e50099b627d3e9137acba7a263 (1.15.14)
CVE-2017-9813 (In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack ...)
NOT-FOR-US: Kaspersky Anti-Virus
CVE-2017-9812 (The reportId parameter of the getReportStatus action method can be abu ...)
@@ -25566,7 +25687,7 @@ CVE-2017-10140 (Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6,
- db4.0 <removed>
- db <removed>
[jessie] - db 5.1.29-9+deb8u1
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/12/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/12/1
NOTE: Patch as used in Fedora: https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
NOTE: and is acknowledged by libdb upstream, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9
CVE-2017-10139
@@ -26284,13 +26405,13 @@ CVE-2017-9740 (The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex
[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
NOTE: The Debian binary package is not affected xps/ not used
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698064
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626
CVE-2017-9739 (The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostX ...)
{DSA-3986-1 DLA-1048-1}
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript 9.22~dfsg-1 (bug #869910)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698063
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 (ghostpdl-9.22rc1)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 (ghostpdl-9.22rc1)
CVE-2017-9738
RESERVED
CVE-2017-9737
@@ -26322,17 +26443,16 @@ CVE-2017-9727 (The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghost
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript 9.22~dfsg-1 (bug #869913)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698056
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b (ghostpdl-9.22rc1)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b (ghostpdl-9.22rc1)
CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...)
{DSA-3986-1 DLA-1048-1}
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript 9.22~dfsg-1 (bug #869915)
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698055
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b (ghostpdl-9.22rc1)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b (ghostpdl-9.22rc1)
CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in util/security/Pass ...)
- {DLA-1021-1 DLA-1020-1}
+ {DLA-2661-1 DLA-1021-1 DLA-1020-1}
- jetty9 9.2.22-1 (bug #864898)
- [stretch] - jetty9 <ignored> (Harmless information leak)
- jetty8 <removed>
[jessie] - jetty8 <no-dsa> (Minor issue)
- jetty <removed>
@@ -26569,21 +26689,21 @@ CVE-2017-9620 (The xps_select_font_encoding function in xps/xpsfont.c in Artifex
[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
NOTE: The Debian binary package is not affected xps/ not used
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698050
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9
CVE-2017-9619 (The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex G ...)
- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
[jessie] - ghostscript <not-affected> (Vulnerable code not present)
[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
NOTE: The Debian binary package is not affected xps/ not used
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698042
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323
CVE-2017-9618 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...)
- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
[jessie] - ghostscript <not-affected> (Vulnerable code not present)
[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
NOTE: The Debian binary package is not affected xps/ not used
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698044
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb
CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...)
- wireshark 2.4.0-1 (low; bug #870174)
[jessie] - wireshark <no-dsa> (Minor issue)
@@ -26608,26 +26728,26 @@ CVE-2017-9612 (The Ins_IP function in base/ttinterp.c in Artifex Ghostscript Gho
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript 9.22~dfsg-1 (bug #869916)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698026
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c (ghostpdl-9.22rc1)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c (ghostpdl-9.22rc1)
CVE-2017-9611 (The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...)
{DSA-3986-1 DLA-1048-1}
[experimental] - ghostscript 9.22~~rc1~dfsg-1
- ghostscript 9.22~dfsg-1 (bug #869917)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698024
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe (ghostpdl-9.22rc1)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe (ghostpdl-9.22rc1)
CVE-2017-9610 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...)
- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
[jessie] - ghostscript <not-affected> (Vulnerable code not present)
[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
NOTE: The Debian binary package is not affected xps/ not used
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698025
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06
CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows re ...)
NOT-FOR-US: Blackcat CMS
CVE-2017-9608 (The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allow ...)
{DSA-3957-1}
- ffmpeg 7:3.3.3-1
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/14/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/14/1
NOTE: https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd
NOTE: https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89
CVE-2017-9607 (The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might ...)
@@ -26655,7 +26775,7 @@ CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCT
{DSA-3945-1 DSA-3927-1}
- linux 4.11.6-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/13/2
NOTE: Fixed by: https://git.kernel.org/linus/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c (v4.12-rc5)
CVE-2017-9603 (SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordP ...)
NOT-FOR-US: WP Jobs plugin for WordPress
@@ -26839,11 +26959,14 @@ CVE-2017-9524 (The qemu-nbd server in QEMU (aka Quick Emulator), when built with
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html
CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-1 ...)
- {DLA-1723-1}
+ {DLA-2801-1 DLA-1723-1}
- cron 3.0pl1-129 (bug #864466)
- [stretch] - cron <no-dsa> (Minor issue)
[wheezy] - cron <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/08/3
+ - systemd-cron 1.5.17-2 (bug #993731)
+ [bullseye] - systemd-cron <no-dsa> (Minor issue)
+ [buster] - systemd-cron <no-dsa> (Minor issue)
+ [stretch] - systemd-cron <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/08/3
CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page ...)
NOT-FOR-US: Sophos
CVE-2017-9522 (The Time Warner firmware on Technicolor TC8717T devices sets the defau ...)
@@ -26870,15 +26993,15 @@ CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 h
NOT-FOR-US: Atlassian Bamboo
CVE-2017-9513 (Several rest inline action resources of Atlassian Activity Streams bef ...)
NOT-FOR-US: Atlassian Activity Streams
-CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and Crucible ...)
+CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible ...)
NOT-FOR-US: Atlassian
-CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible, before ...)
+CVE-2017-9511 (The MultiPathResource class in Atlassian Fisheye and Crucible, before ...)
NOT-FOR-US: Atlassian
-CVE-2017-9510 (The repository changelog resource in Atlassian FishEye before version ...)
+CVE-2017-9510 (The repository changelog resource in Atlassian Fisheye before version ...)
NOT-FOR-US: Atlassian
CVE-2017-9509 (The review file upload resource in Atlassian Crucible before version 4 ...)
NOT-FOR-US: Atlassian
-CVE-2017-9508 (Various resources in Atlassian FishEye and Crucible before version 4.4 ...)
+CVE-2017-9508 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...)
NOT-FOR-US: Atlassian
CVE-2017-9507 (The review dashboard resource in Atlassian Crucible from version 4.1.0 ...)
NOT-FOR-US: Atlassian
@@ -26889,9 +27012,8 @@ CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not che
CVE-2017-9504
REJECTED
CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host B ...)
- {DLA-1497-1}
+ {DLA-2288-1 DLA-1497-1}
- qemu 1:2.10.0-1 (low; bug #865754)
- [stretch] - qemu <ignored> (Minor issue, too intrusive to backport)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
@@ -27080,7 +27202,7 @@ CVE-2017-9445 (In systemd through 233, certain sizes passed to dns_packet_new in
[jessie] - systemd <not-affected> (Vulnerable code not present)
[wheezy] - systemd <not-affected> (Vulnerable code not present)
NOTE: Introduced by: https://github.com/systemd/systemd/commit/a0166609f782da91710dea9183d1bf138538db37
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/27/8
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/27/8
CVE-2017-9444 (BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\ ...)
NOT-FOR-US: BigTree CMS
CVE-2017-9443 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated ...)
@@ -27167,7 +27289,8 @@ CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute ar
NOTE: https://www.blackhat.com/us-17/briefings/schedule/#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets-7603
NOTE: https://marc.info/?l=linux-wireless&m=150391055518346&w=2
CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/17394
CVE-2017-9415 (Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allo ...)
NOT-FOR-US: Subsonic
CVE-2017-9414 (Cross-site request forgery (CSRF) vulnerability in the Subscribe to Po ...)
@@ -27545,7 +27668,7 @@ CVE-2017-1000368 (Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable
[buster] - sudo 1.8.19p1-2.1
[stretch] - sudo 1.8.19p1-2.1
[jessie] - sudo 1.8.10p3-1+deb8u5
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/02/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/02/7
NOTE: https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd
CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an inpu ...)
{DSA-3867-1 DLA-970-1}
@@ -27553,7 +27676,7 @@ CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable to
[buster] - sudo 1.8.19p1-2
[stretch] - sudo 1.8.19p1-2
NOTE: https://www.sudo.ws/alerts/linux_tty.html
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/30/16
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/30/16
NOTE: https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b
CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulation su ...)
{DSA-3920-1}
@@ -27562,9 +27685,9 @@ CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulati
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
- NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b7
+ NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b77
CVE-2017-9303 (Laravel 5.4.x before 5.4.22 does not properly constrain the host porti ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
CVE-2017-9302 (RealPlayer 16.0.2.32 allows remote attackers to cause a denial of serv ...)
NOT-FOR-US: RealPlayer
CVE-2017-9301 (plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...)
@@ -27639,7 +27762,8 @@ CVE-2017-9273 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susc
CVE-2017-9272 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptib ...)
NOT-FOR-US: IDM
CVE-2017-9271 (The commandline package update tool zypper writes HTTP proxy credentia ...)
- - zypper <unfixed> (low)
+ - zypper <unfixed> (low; bug #988152)
+ [bullseye] - zypper <ignored> (Minor issue)
[buster] - zypper <ignored> (Minor issue)
[jessie] - zypper <ignored> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1050625
@@ -27649,9 +27773,12 @@ CVE-2017-9269 (In libzypp before August 2018 GPG keys attached to YUM repositori
- libzypp 17.3.1-1 (bug #899065)
[jessie] - libzypp <ignored> (Minor issue)
CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and rebuild ...)
- - open-build-service <unfixed> (low)
+ - open-build-service 2.9.4-1 (low)
[stretch] - open-build-service <no-dsa> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1045519
+ NOTE: https://github.com/openSUSE/open-build-service/pull/3267
+ NOTE: https://github.com/openSUSE/open-build-service/pull/3269
+ NOTE: https://github.com/openSUSE/open-build-service/commit/b43efe6be46387b16c0b27cf8ee7b9ca53f905ef
CVE-2017-9267 (In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictl ...)
NOT-FOR-US: Novell eDirectory
CVE-2017-9266
@@ -27863,18 +27990,18 @@ CVE-2017-9217 (systemd-resolved through 233 allows remote attackers to cause a d
[wheezy] - systemd <not-affected> (vulnerable code introduced later)
NOTE: https://github.com/systemd/systemd/pull/5998
CVE-2017-9216 (libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscri ...)
+ {DLA-2796-1}
- jbig2dec 0.13-5 (bug #863279)
- [stretch] - jbig2dec <no-dsa> (Minor issue)
[jessie] - jbig2dec <no-dsa> (Minor issue)
[wheezy] - jbig2dec <no-dsa> (Minor issue, can be fixed in a future update)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697934
- NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853
+ NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853
CVE-2017-9215
RESERVED
CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_RE ...)
+ {DLA-2571-1}
[experimental] - openvswitch 2.8.1+dfsg1-1
- openvswitch 2.8.1+dfsg1-2 (bug #863228)
- [stretch] - openvswitch <no-dsa> (Minor issue)
[jessie] - openvswitch <not-affected> (Vulnerable code not present)
[wheezy] - openvswitch <not-affected> (Vulnerable code not present)
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html
@@ -28048,7 +28175,7 @@ CVE-2017-9210 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial
[stretch] - qpdf <no-dsa> (Minor issue)
[jessie] - qpdf <no-dsa> (Minor issue)
[wheezy] - qpdf <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/23/10
NOTE: https://github.com/qpdf/qpdf/issues/101
CVE-2017-9209 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...)
[experimental] - qpdf 7.0~b1-1
@@ -28056,7 +28183,7 @@ CVE-2017-9209 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial
[stretch] - qpdf <no-dsa> (Minor issue)
[jessie] - qpdf <no-dsa> (Minor issue)
[wheezy] - qpdf <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/23/10
NOTE: https://github.com/qpdf/qpdf/issues/100
CVE-2017-9208 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...)
[experimental] - qpdf 7.0~b1-1
@@ -28064,7 +28191,7 @@ CVE-2017-9208 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial
[stretch] - qpdf <no-dsa> (Minor issue)
[jessie] - qpdf <no-dsa> (Minor issue)
[wheezy] - qpdf <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/23/10
NOTE: https://github.com/qpdf/qpdf/issues/99
CVE-2017-9207 (The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener ...)
NOT-FOR-US: ImageWorsener
@@ -28084,7 +28211,7 @@ CVE-2017-9148 (The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x be
{DLA-977-1}
- freeradius 3.0.12+dfsg-5 (bug #863673)
[jessie] - freeradius <not-affected> (Only affects 2.1.1 to 2.1.7 and 3.0 to 3.0.13)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/29/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/29/1
NOTE: http://freeradius.org/security.html#session-resumption-2017
NOTE: https://anonscm.debian.org/cgit/pkg-freeradius/freeradius.git/commit/?id=8d681449aa95ee4388b5e3c266bdb070a264f563
CVE-2017-9147 (LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in ti ...)
@@ -28222,72 +28349,86 @@ CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verify
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2690
NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2
CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...)
- {DLA-1083-1}
+ {DLA-2358-1 DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
- [stretch] - openexr <no-dsa> (Minor issue)
[jessie] - openexr <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1)
CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...)
- - openexr <unfixed> (bug #873885)
- [buster] - openexr <no-dsa> (Minor issue)
- [stretch] - openexr <no-dsa> (Minor issue)
+ {DSA-4755-1 DLA-2358-1}
+ - openexr 2.5.3-2 (bug #873885)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0)
CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...)
- - openexr <unfixed> (bug #873885)
- [buster] - openexr <no-dsa> (Minor issue)
- [stretch] - openexr <no-dsa> (Minor issue)
- [jessie] - openexr <no-dsa> (Minor issue)
- [wheezy] - openexr <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+ {DLA-2358-1 DLA-1083-1}
+ - openexr 2.2.0-11.1 (bug #864078)
+ [jessie] - openexr <not-affected> (ImfFastHuf.cpp / DWA compressor introduced v2.2)
+ [wheezy] - openexr <not-affected> (ImfFastHuf.cpp / DWA compressor introduced v2.2)
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1)
CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...)
- - openexr <unfixed> (low; bug #873885)
- [buster] - openexr <no-dsa> (Minor issue)
- [stretch] - openexr <no-dsa> (Minor issue)
+ {DSA-4755-1 DLA-2358-1}
+ - openexr 2.5.3-2 (low; bug #873885)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0)
CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...)
- {DLA-1083-1}
+ {DLA-2358-1 DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
- [stretch] - openexr <no-dsa> (Minor issue)
[jessie] - openexr <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1)
CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function ...)
- - openexr <unfixed> (bug #873885)
- [buster] - openexr <no-dsa> (Minor issue)
- [stretch] - openexr <no-dsa> (Minor issue)
+ {DSA-4755-1 DLA-2358-1}
+ - openexr 2.5.3-2 (bug #873885)
[jessie] - openexr <no-dsa> (Minor issue)
[wheezy] - openexr <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0)
CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...)
- {DLA-1083-1}
+ {DLA-2358-1 DLA-1083-1}
- openexr 2.2.0-11.1 (bug #864078)
- [stretch] - openexr <no-dsa> (Minor issue)
[jessie] - openexr <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5
NOTE: https://github.com/openexr/openexr/issues/232
-CVE-2017-9109
- RESERVED
-CVE-2017-9108
- RESERVED
-CVE-2017-9107
- RESERVED
-CVE-2017-9106
- RESERVED
-CVE-2017-9105
- RESERVED
-CVE-2017-9104
- RESERVED
-CVE-2017-9103
- RESERVED
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1)
+CVE-2017-9109 (An issue was discovered in adns before 1.5.2. It fails to ignore appar ...)
+ - adns 1.6.0-2 (unimportant)
+ NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=fcf2b4e1faf22accb6184cca595aaee602839868
+ NOTE: Stub resolver that should only be used with trusted recursors
+CVE-2017-9108 (An issue was discovered in adns before 1.5.2. adnshost mishandles a mi ...)
+ - adns 1.6.0-2 (unimportant)
+ NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=72c6bfd77dfdb34457a792874fd1c3030fca90ac
+ NOTE: Stub resolver that should only be used with trusted recursors
+CVE-2017-9107 (An issue was discovered in adns before 1.5.2. It overruns reading a bu ...)
+ - adns 1.6.0-2 (unimportant)
+ NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=278f8eee581c4c4a0ddd0f98c4dc8c2974cf6b90
+ NOTE: Stub resolver that should only be used with trusted recursors
+CVE-2017-9106 (An issue was discovered in adns before 1.5.2. adns_rr_info mishandles ...)
+ - adns 1.6.0-2 (unimportant)
+ NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=37792aacaf7abbcdac6a02715a5ef794b5147f13
+ NOTE: Stub resolver that should only be used with trusted recursors
+CVE-2017-9105 (An issue was discovered in adns before 1.5.2. It corrupts a pointer wh ...)
+ - adns 1.6.0-2 (unimportant)
+ NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=17afb298d90c5aafed76bd3855a5fe7dcd58594c
+ NOTE: Stub resolver that should only be used with trusted recursors
+CVE-2017-9104 (An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if ...)
+ - adns 1.6.0-2 (unimportant)
+ NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=7ba7a232de0516d2cce934bdc91627b33b46ef47
+ NOTE: Stub resolver that should only be used with trusted recursors
+CVE-2017-9103 (An issue was discovered in adns before 1.5.2. pap_mailbox822 does not ...)
+ - adns 1.6.0-2 (unimportant)
+ NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=020d86e2eccc2dbdfa9dcca08ddb327cc7ca3ae2
+ NOTE: Stub resolver that should only be used with trusted recursors
CVE-2017-9102
RESERVED
CVE-2017-9101 (import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows re ...)
@@ -28344,12 +28485,12 @@ CVE-2017-9080 (PlaySMS 1.4 allows remote code execution because PHP code in the
CVE-2017-9079 (Dropbear before 2017.75 might allow local users to read certain files ...)
{DSA-3859-1 DLA-948-1}
- dropbear 2016.74-5 (bug #862970)
- NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
+ NOTE: Patch: https://hg.ucc.asn.au/dropbear/rev/0d889b068123
CVE-2017-9078 (The server in Dropbear before 2017.75 might allow post-authentication ...)
{DSA-3859-1}
- dropbear 2016.74-5 (bug #862970)
[wheezy] - dropbear <not-affected> (Vulnerable code not present)
- NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
+ NOTE: Patch: https://hg.ucc.asn.au/dropbear/rev/c8114a48837c
CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...)
{DSA-3886-1 DLA-993-1}
- linux 4.9.30-1
@@ -28433,25 +28574,25 @@ CVE-2017-9050 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based
{DSA-3952-1 DLA-1008-1}
- libxml2 2.9.4+dfsg1-3.1 (bug #863018)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not public)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
CVE-2017-9049 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buff ...)
{DSA-3952-1 DLA-1008-1}
- libxml2 2.9.4+dfsg1-3.1 (bug #863019)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not public)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
CVE-2017-9048 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buf ...)
{DSA-3952-1 DLA-1008-1}
- libxml2 2.9.4+dfsg1-3.1 (bug #863021)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not public)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
CVE-2017-9047 (A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g074180 ...)
{DSA-3952-1 DLA-1008-1}
- libxml2 2.9.4+dfsg1-3.1 (bug #863022)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not public)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
CVE-2017-9046 (winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code e ...)
NOT-FOR-US: Pegasus Mail
@@ -28576,35 +28717,35 @@ CVE-2017-9020
CVE-2017-9019
RESERVED
CVE-2017-9018
- RESERVED
+ REJECTED
CVE-2017-9017
- RESERVED
+ REJECTED
CVE-2017-9016
- RESERVED
+ REJECTED
CVE-2017-9015
- RESERVED
+ REJECTED
CVE-2017-9014
- RESERVED
+ REJECTED
CVE-2017-9013
- RESERVED
+ REJECTED
CVE-2017-9012
- RESERVED
+ REJECTED
CVE-2017-9011
- RESERVED
+ REJECTED
CVE-2017-9010
- RESERVED
+ REJECTED
CVE-2017-9009
- RESERVED
+ REJECTED
CVE-2017-9008
- RESERVED
+ REJECTED
CVE-2017-9007
- RESERVED
+ REJECTED
CVE-2017-9006
- RESERVED
+ REJECTED
CVE-2017-9005
- RESERVED
+ REJECTED
CVE-2017-9004
- RESERVED
+ REJECTED
CVE-2017-9003 (Multiple memory corruption flaws are present in ArubaOS which could al ...)
NOT-FOR-US: Aruba
CVE-2017-9002 (All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross ...)
@@ -28614,15 +28755,15 @@ CVE-2017-9001 (Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lo
CVE-2017-9000 (ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x ...)
NOT-FOR-US: Aruba
CVE-2017-8999
- RESERVED
+ REJECTED
CVE-2017-8998
- RESERVED
+ REJECTED
CVE-2017-8997
- RESERVED
+ REJECTED
CVE-2017-8996
- RESERVED
+ REJECTED
CVE-2017-8995
- RESERVED
+ REJECTED
CVE-2017-8994 (A input validation vulnerability in HPE Operations Orchestration produ ...)
NOT-FOR-US: HPE
CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and Portfol ...)
@@ -28640,7 +28781,7 @@ CVE-2017-8988 (A Remote Bypass of Security Restrictions vulnerability was identi
CVE-2017-8987 (A Unauthenticated Remote Denial of Service vulnerability was identifie ...)
NOT-FOR-US: HPE
CVE-2017-8986
- RESERVED
+ REJECTED
CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local au ...)
NOT-FOR-US: HPE XP Storage
CVE-2017-8984 (A remote code execution vulnerability in HPE Intelligent Management Ce ...)
@@ -28745,9 +28886,9 @@ CVE-2017-8935 (The Quest Information Systems Indiana Voters app 1.1.24 for iOS d
NOT-FOR-US: Quest Information Systems Indiana Voters app
CVE-2017-8932 (A bug in the standard library ScalarMult implementation of curve P-256 ...)
- golang-1.8 1.8.3-1 (bug #863307)
- [stretch] - golang-1.8 <ignored> (Minor issue, would require builds of all go packages in stable)
+ [stretch] - golang-1.8 <ignored> (Minor issue, would require rebuilds of affected go-based packages in stable)
- golang-1.7 1.7.6-1 (bug #863308)
- [stretch] - golang-1.7 <ignored> (Minor issue, would require builds of all go packages in stable)
+ [stretch] - golang-1.7 <ignored> (Minor issue, would require rebuilds of affected go-based packages in stable)
- golang <removed>
[wheezy] - golang <not-affected> (Vulnerable code not present, no ASM implementation of the p256 elliptic curve)
[jessie] - golang <not-affected> (Vulnerable code not present, no ASM implementation of the p256 elliptic curve)
@@ -28840,7 +28981,7 @@ CVE-2017-8908 (The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.2
[jessie] - ghostscript <not-affected> (Vulnerable code not present)
[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697810
- NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
+ NOTE: edgebuffer scan converter was made default only in: https://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present.
CVE-2017-8907 (Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correc ...)
NOT-FOR-US: Atlassian Bamboo
@@ -28912,14 +29053,14 @@ CVE-2017-8874 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mau
CVE-2017-8873
RESERVED
CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 all ...)
+ {DLA-2369-1}
- libxml2 2.9.4+dfsg1-6.1 (bug #862450)
- [stretch] - libxml2 <no-dsa> (Minor issue)
[jessie] - libxml2 <no-dsa> (Minor issue)
[wheezy] - libxml2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775200
NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407
CVE-2017-8871 (The cr_parser_parse_selector_core function in cr-parser.c in libcroco ...)
- - libcroco <unfixed> (bug #864666; low)
+ - libcroco <removed> (bug #864666; low)
[buster] - libcroco <ignored> (Minor issue)
[stretch] - libcroco <ignored> (Minor issue)
[jessie] - libcroco <no-dsa> (Minor issue)
@@ -28974,7 +29115,7 @@ CVE-2017-8850 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices.
CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges by lever ...)
{DSA-3951-1 DLA-1002-1}
- smb4k 1.2.1-2 (bug #862505)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/3
NOTE: https://www.kde.org/info/security/advisory-20170510-2.txt
NOTE: https://github.com/stealth/plasmapulsar
NOTE: smb4k 2.0.0: https://commits.kde.org/smb4k/a90289b0962663bc1d247bbbd31b9e65b2ca000e
@@ -28987,8 +29128,8 @@ CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so i
NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/
NOTE: Crash in CLI tool, no security implications
CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 all ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #863150)
- [stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/71
@@ -29000,8 +29141,8 @@ CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used
NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/
NOTE: Crash in CLI tool, no security implications
CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #863153)
- [stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/70
@@ -29031,7 +29172,7 @@ CVE-2017-8836 (CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500
CVE-2017-8835 (SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and ...)
NOT-FOR-US: Peplink Balance devices
CVE-2017-8834 (The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 a ...)
- - libcroco <unfixed> (bug #864666; low)
+ - libcroco <removed> (bug #864666; low)
[buster] - libcroco <ignored> (Minor issue)
[stretch] - libcroco <ignored> (Minor issue)
[jessie] - libcroco <no-dsa> (Minor issue)
@@ -29173,7 +29314,7 @@ CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster
- postgresql-common 188
CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync --safe-links opt ...)
- archvsync 20171017
- NOTE: http://www.openwall.com/lists/oss-security/2017/10/17/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/10/17/2
NOTE: https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016
CVE-2017-1000041
REJECTED
@@ -29185,11 +29326,11 @@ CVE-2017-8829 (Deserialization vulnerability in lintian through 2.5.50.3 allows
- lintian 2.5.50.4 (bug #861958)
[jessie] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)
[wheezy] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)
-CVE-2017-8804 (The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc ...)
+CVE-2017-8804 (** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Lib ...)
NOTE: This is not a vulnerability in glibc, but a bug in the application, see
NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00128.html and
NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/05/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/05/2
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21461
CVE-2017-8803 (Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow use ...)
NOT-FOR-US: Notepad++
@@ -29266,8 +29407,12 @@ CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc throug
- rpcbind 0.2.3-0.6 (bug #861835)
- libtirpc 0.2.5-1.2 (bug #861834)
- ntirpc 1.4.4-1 (bug #861836)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/04/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/04/1
NOTE: https://github.com/guidovranken/rpcbomb/
+ NOTE: For rpcbind, 0.2.3-0.6 upload was based on Guido Vranken 's patch in
+ NOTE: https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt
+ NOTE: Upstream patch: https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commit;h=7ea36eeece56b59f98e469934e4c20b4da043346 (rpcbind-0_2_5-rc1)
+ NOTE: Followup for typo: https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commitdiff;h=c49a7ea639eb700823e174fd605bbbe183e229aa (rpcbind-0_2_5-rc2)
CVE-2017-8776 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...)
NOT-FOR-US: Quick Heal Internet Security
CVE-2017-8775 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...)
@@ -29300,8 +29445,11 @@ CVE-2017-8763 (Cross-site scripting (XSS) vulnerability in modules/Base/Box/chec
NOT-FOR-US: EPESI
CVE-2017-8762 (GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits ...)
NOT-FOR-US: GenixCMS
-CVE-2017-8761
- RESERVED
+CVE-2017-8761 (In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, ...)
+ - swift 2.17.0-2
+ [stretch] - swift <no-dsa> (Minor issue)
+ [jessie] - swift <end-of-life> (Not supported in Jessie LTS)
+ NOTE: https://bugs.launchpad.net/swift/+bug/1685798
CVE-2017-8760 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
NOT-FOR-US: Accellion FTA devices
CVE-2017-8759 (Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and ...)
@@ -29983,9 +30131,9 @@ CVE-2017-8422 (KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local user
{DSA-3849-1 DLA-952-1}
- kauth 5.28.0-2
- kde4libs 4:4.14.26-2
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3
- NOTE: patch for kauth: https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a
- NOTE: patch for kde4libs: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=264e97625abe2e0334f97de17f6ffb52582888ab
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/3
+ NOTE: patch for kauth: https://github.com/KDE/kauth/commit/df875f725293af53399f5146362eb158b4f9216a
+ NOTE: patch for kde4libs: https://github.com/KDE/kdelibs/commit/264e97625abe2e0334f97de17f6ffb52582888ab
NOTE: https://www.kde.org/info/security/advisory-20170510-1.txt
CVE-2017-8421 (The function coff_set_alignment_hook in coffcode.h in Binary File Desc ...)
- binutils 2.28-5
@@ -30376,22 +30524,22 @@ CVE-2017-8313 (Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 d
{DSA-3899-1}
- vlc 2.2.5-1
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
- NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c
+ NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c
CVE-2017-8312 (Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing chec ...)
{DSA-3899-1}
- vlc 2.2.6-1~deb9u1
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=611398fc8d32f3fe4331f60b220c52ba3557beaa
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=611398fc8d32f3fe4331f60b220c52ba3557beaa
CVE-2017-8311 (Potential heap based buffer overflow in ParseJSS in VideoLAN VLC befor ...)
{DSA-3899-1}
- vlc 2.2.5-1
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6
CVE-2017-8310 (Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due ...)
{DSA-3899-1}
- vlc 2.2.5.1-1~deb9u1
[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
- NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328
+ NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328
CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows r ...)
{DLA-1497-1 DLA-1071-1 DLA-1070-1}
- qemu 1:2.8+dfsg-5 (bug #862280)
@@ -30423,13 +30571,14 @@ CVE-2017-8296 (kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that
[jessie] - kedpm 1.0+deb8u1
NOTE: patch in BTS gives workaround to always prompt for password and do not save
NOTE: to database.
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/25/9
CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a password- ...)
{DSA-3870-1 DLA-975-1}
- wordpress 4.7.5+dfsg-2 (bug #862053)
NOTE: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
NOTE: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
NOTE: https://core.trac.wordpress.org/ticket/25239
+ NOTE: https://core.trac.wordpress.org/changeset/48601 (5.5)
CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote attack ...)
- yara 3.6.0+dfsg-1 (bug #861590)
[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
@@ -30455,7 +30604,7 @@ CVE-2017-8305 (The UDFclient (before 0.8.8) custom strlcpy implementation has a
- udfclient 0.8.8-1 (bug #861347)
CVE-2017-8301 (LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_ ...)
- libressl <itp> (bug #754513)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/27/11
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/27/11
CVE-2017-8291 (Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remot ...)
{DSA-3838-1 DLA-932-1}
- ghostscript 9.20~dfsg-3.1 (bug #861295)
@@ -30544,7 +30693,7 @@ CVE-2017-8251 (In all Qualcomm products with Android releases from CAF using the
CVE-2017-8250 (In all Qualcomm products with Android releases from CAF using the Linu ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8249
- RESERVED
+ REJECTED
CVE-2017-8248 (A buffer overflow may occur in the processing of a downlink NAS messag ...)
NOT-FOR-US: Qualcomm Telephony
CVE-2017-8247 (In all Qualcomm products with Android releases from CAF using the Linu ...)
@@ -30580,7 +30729,7 @@ CVE-2017-8234 (In all Android releases from CAF using the Linux kernel, an out o
CVE-2017-8233 (In a camera driver function in all Android releases from CAF using the ...)
NOT-FOR-US: Android driver
CVE-2017-8232
- RESERVED
+ REJECTED
CVE-2017-8231
RESERVED
CVE-2017-8230 (On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on th ...)
@@ -30595,7 +30744,7 @@ CVE-2017-8226 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default c
NOT-FOR-US: Amcrest
CVE-2017-8283 (dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU pat ...)
- dpkg 1.18.24 (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/20/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/20/2
CVE-2017-8225 (On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (con ...)
NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices
CVE-2017-8224 (Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account ...)
@@ -31230,12 +31379,12 @@ CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads becau
{DSA-3855-1 DLA-942-1}
- jbig2dec 0.13-4.1 (bug #860787)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697683
- NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d
+ NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d
CVE-2017-7975 (Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds wr ...)
{DSA-3855-1 DLA-942-1}
- jbig2dec 0.13-4.1 (bug #860788)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693
- NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b
+ NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b
CVE-2017-7974 (A path traversal information disclosure vulnerability exists in Schnei ...)
NOT-FOR-US: Schneider Electric
CVE-2017-7973 (A SQL injection vulnerability exists in Schneider Electric's U.motion ...)
@@ -31304,8 +31453,8 @@ CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex Ghostscrip
[jessie] - ghostscript <not-affected> (Vulnerable code not present)
[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697762
- NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699
- NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
+ NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699
+ NOTE: edgebuffer scan converter was made default only in: https://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present.
CVE-2017-7947 (NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 be ...)
NOT-FOR-US: NetApp
@@ -31462,21 +31611,21 @@ CVE-2017-7890 (The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c
NOTE: https://github.com/libgd/libgd/commit/c613bc169802bb4b639ee2e15c61b25b80a88424
CVE-2017-7888 (Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which ...)
- dolibarr 5.0.4+dfsg3-1 (bug #863544)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7887 (Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall p ...)
- dolibarr 5.0.4+dfsg3-1 (bug #863544)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7886 (Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css. ...)
- dolibarr 5.0.4+dfsg3-1 (bug #863544)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to den ...)
{DSA-3855-1 DLA-942-1}
- jbig2dec 0.13-4.1 (bug #860460)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697703
- NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
+ NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default i ...)
- apcupsd <not-affected> (Only APC UPS Daemon on Windows)
-CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not properly ...)
+CVE-2017-7889 (The mm subsystem in the Linux kernel through 3.2 does not properly enf ...)
{DSA-3945-1 DLA-1099-1}
- linux 4.9.25-1
NOTE: Fixed by: https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94 (v4.11-rc7)
@@ -31495,7 +31644,7 @@ CVE-2017-7878 (SQL Injection vulnerability in flatCore version 1.4.6 allows an a
NOT-FOR-US: flatCore
CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote attackers t ...)
NOT-FOR-US: flatCore
-CVE-2017-7876 (QNAP QTS before 4.2.6 build 20170517 allows command injection. ...)
+CVE-2017-7876 (This command injection vulnerability in QTS allows attackers to run ar ...)
NOT-FOR-US: QNAP QTS
CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends t ...)
{DLA-2219-1 DLA-899-1}
@@ -32256,8 +32405,8 @@ CVE-2017-7698 (A Use After Free in the pdf2swf part of swftools 0.9.2 and earlie
NOTE: https://github.com/matthiaskramm/swftools/pull/19
NOTE: Vulnerable code removed with the 0.9.2+dfs1-2 upload
CVE-2017-7697 (In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_o ...)
+ {DLA-2845-1}
- libsamplerate 0.1.9-1 (bug #860159)
- [stretch] - libsamplerate <no-dsa> (Minor issue)
[jessie] - libsamplerate <no-dsa> (Minor issue)
[wheezy] - libsamplerate <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsamplerate/issues/11
@@ -32274,7 +32423,7 @@ CVE-2017-7693 (Directory traversal vulnerability in viewer_script.jsp in Riverbe
CVE-2017-7692 (SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allo ...)
{DSA-3852-1 DLA-941-1}
- squirrelmail <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/19/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/19/6
NOTE: https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html
CVE-2017-7691 (A code injection vulnerability exists in SAP TREX / Business Warehouse ...)
NOT-FOR-US: SAP TREX
@@ -32304,7 +32453,7 @@ CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_
{DSA-3896-1 DLA-1009-1}
- apache2 2.4.25-4
CVE-2017-7678 (In Apache Spark before 2.2.0, it is possible for an attacker to take a ...)
- NOT-FOR-US: Apache Spark
+ - apache-spark <itp> (bug #802194)
CVE-2017-7677 (In environments that use external location for hive tables, Hive Autho ...)
NOT-FOR-US: Apache Ranger
CVE-2017-7676 (Policy resource matcher in Apache Ranger before 0.7.1 ignores characte ...)
@@ -32370,7 +32519,7 @@ CVE-2017-7659 (A maliciously constructed HTTP/2 request could cause mod_http2 in
[jessie] - apache2 <not-affected> (Vulnerable code not present)
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
NOTE: HTTP/2 support introduced in 2.4.17
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/19/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/19/5
CVE-2017-7658 (In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP ...)
{DSA-4278-1}
- jetty <removed>
@@ -32400,7 +32549,7 @@ CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurat
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667
NOTE: https://github.com/eclipse/jetty.project/commit/a285deea
CVE-2017-7655 (In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vu ...)
- {DLA-1972-1}
+ {DLA-2793-1 DLA-1972-1}
- mosquitto 1.5.4-1 (low)
[stretch] - mosquitto <no-dsa> (Minor issue)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775
@@ -32509,7 +32658,7 @@ CVE-2017-7616 (Incorrect error handling in the set_mempolicy and mbind compat sy
CVE-2017-7615 (MantisBT through 2.3.0 allows arbitrary password reset and unauthentic ...)
- mantis <removed>
[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/16/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/16/2
CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
- binutils 2.28-4 (low; bug #859989)
[jessie] - binutils <ignored> (Minor issue)
@@ -32707,7 +32856,7 @@ CVE-2017-7572 (The _checkPolkitPrivilege function in serviceHelper.py in Back In
- backintime 1.1.12-2 (bug #859815)
[jessie] - backintime <no-dsa> (Minor issue)
[wheezy] - backintime <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/07/2
NOTE: https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869
CVE-2017-7571 (public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtai ...)
NOT-FOR-US: Faveo
@@ -32730,7 +32879,7 @@ CVE-2017-7563 (In ARM Trusted Firmware 1.3, RO memory is always executable at AA
CVE-2017-7578 (Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allo ...)
{DLA-890-1}
- ming <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/07/1
NOTE: https://github.com/libming/libming/issues/68
CVE-2017-7562 (An authentication bypass flaw was found in the way krb5's certauth int ...)
- krb5 <not-affected> (Vulnerable code introduced later, cf. #873281)
@@ -32826,7 +32975,7 @@ CVE-2017-7545 (It was discovered that the XmlUtils class in jbpmmigration 6.5 pe
CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulner ...)
{DLA-2214-1}
- libexif 0.6.21-2.1 (bug #876466)
- [stretch] - libexif <no-dsa> (Minor issue)
+ [stretch] - libexif 0.6.21-2+deb9u2
[wheezy] - libexif <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/libexif/bugs/130/
CVE-2017-7543 (A race-condition flaw was discovered in openstack-neutron before 7.2.0 ...)
@@ -32869,7 +33018,7 @@ CVE-2017-7533 (Race condition in the fsnotify implementation in the Linux kernel
{DSA-3945-1 DSA-3927-1}
- linux 4.12.6-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/08/03/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/08/03/2
NOTE: Fixed by: https://git.kernel.org/linus/49d31c2f389acfe83417083e1208422b4091cd9 (v4.13-rc1)
CVE-2017-7532 (In Moodle 3.x, course creators are able to change system default setti ...)
- moodle <removed>
@@ -32910,9 +33059,10 @@ CVE-2017-7526 (libgcrypt before version 1.7.8 is vulnerable to a cache side-chan
NOTE: GnuPG: https://dev.gnupg.org/rC8725c99ffa41778f382ca97233183bcd687bb0ce
NOTE: GnuPG1: https://dev.gnupg.org/D438
CVE-2017-7525 (A deserialization flaw was discovered in the jackson-databind, version ...)
- {DSA-4004-1 DLA-2091-1}
+ {DSA-4004-1 DLA-2342-1 DLA-2091-1}
- jackson-databind 2.9.1-1 (bug #870848)
- - libjackson-json-java <unfixed>
+ - libjackson-json-java 1.9.13-2
+ [buster] - libjackson-json-java <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/1599
NOTE: For libjackson-json-java:
NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31
@@ -32927,7 +33077,7 @@ CVE-2017-7522 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to
[wheezy] - openvpn <not-affected> (x509-track implemented in 2.4.0)
NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/426392940c
NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6
NOTE: In Debian openvpn is compiled against OpenSSL, thus even affected
NOTE: code present.
CVE-2017-7521 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remo ...)
@@ -32941,7 +33091,7 @@ CVE-2017-7521 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to
NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/84e1775961de1c9d2ab32159fc03f758591f5238
NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/1dde0cd6e5e6a0f2f45ec9969b7ff1b6537514ad
NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6
CVE-2017-7520 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...)
{DSA-3900-1 DLA-999-1}
- openvpn 2.4.3-1 (bug #865480)
@@ -32949,7 +33099,7 @@ CVE-2017-7520 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to
NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/043fe327878eba75efa13794c9845f85c3c629f2
NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/f38a4a105979b87ebebe9be1c3d323116d3fb924
NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6
CVE-2017-7519 (In Ceph, a format string flaw was found in the way libradosstriper par ...)
{DSA-4339-1}
- ceph 12.2.8+dfsg1-1 (bug #864535)
@@ -32959,7 +33109,7 @@ CVE-2017-7518 (A flaw was found in the Linux kernel before version 4.12 in the w
{DSA-3981-1}
- linux 4.11.11-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/23/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/23/5
NOTE: https://www.spinics.net/lists/kvm/msg151817.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464473
NOTE: Fixed by: https://git.kernel.org/linus/c8401dda2f0a00cd25c0af6a95ed50e478d25de4
@@ -32993,7 +33143,7 @@ CVE-2017-7508 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to
{DSA-3900-1}
- openvpn 2.4.3-1 (bug #865480)
[wheezy] - openvpn <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6
NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/c3f47077a7756de5929094569421a95aa66f2022
NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/ed28cde3d8bf3f1459b2f42f0e27d64801009f92
@@ -33099,18 +33249,18 @@ CVE-2017-7484 (It was found that some selectivity estimation functions in Postgr
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cad15943225adbcadea51602b38b04d71d1183d2
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=935e77d527a018b652f247c7374c558871210db6
CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the ...)
+ {DLA-2683-1}
- rxvt 1:2.7.10-7.1 (low; bug #861694)
- [stretch] - rxvt <no-dsa> (Minor issue)
[jessie] - rxvt <no-dsa> (Minor issue)
[wheezy] - rxvt <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
+ NOTE: https://www.openwall.com/lists/oss-security/2017/05/01/15
CVE-2017-7482 (In the Linux kernel before version 4.12, Kerberos 5 tickets decoded wh ...)
{DSA-3945-1 DSA-3927-1 DLA-1099-1}
- linux 4.11.11-1
NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
CVE-2017-7481 (Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark loo ...)
+ {DLA-2535-1}
- ansible 2.3.1.0+dfsg-1 (bug #862666)
- [stretch] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (vulnerable code introduced in version 2.x)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450018
NOTE: Fixed by: https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
@@ -33119,7 +33269,7 @@ CVE-2017-7480 (rkhunter versions before 1.4.4 are vulnerable to file download ov
- rkhunter 1.4.4-1 (bug #866677)
[stretch] - rkhunter 1.4.2-6+deb9u1
[jessie] - rkhunter 1.4.2-0.4+deb8u1
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/29/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/29/2
NOTE: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550&view=patch
CVE-2017-7479 (OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reac ...)
{DLA-944-1}
@@ -33144,7 +33294,7 @@ CVE-2017-7477 (Heap-based buffer overflow in drivers/net/macsec.c in the MACsec
- linux 4.9.25-1
[jessie] - linux <not-affected> (Introduced in 4.6)
[wheezy] - linux <not-affected> (Introduced in 4.6)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/25/4
NOTE: Fixed by: https://git.kernel.org/linus/4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee
NOTE: Fixed by: https://git.kernel.org/linus/5294b83086cc1c35b4efeca03644cf9d12282e5b
CVE-2017-7476 (Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ ...)
@@ -33153,7 +33303,8 @@ CVE-2017-7476 (Gnulib before 2017-04-26 has a heap-based buffer overflow with th
NOTE: Introduced with 4bc76593 and 4e6e16b3f.
CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a NULL pointer dereference relat ...)
- cairo <unfixed> (low; bug #870264)
- [buster] - cairo <no-dsa> (Minor issue)
+ [bullseye] - cairo <ignored> (Minor issue)
+ [buster] - cairo <ignored> (Minor issue)
[stretch] - cairo <no-dsa> (Minor issue)
[jessie] - cairo <no-dsa> (Minor issue)
[wheezy] - cairo <no-dsa> (Minor issue)
@@ -33193,7 +33344,7 @@ CVE-2017-7467 (A buffer overflow flaw was found in the way minicom before versio
{DLA-914-1}
- minicom 2.7-1.1 (bug #860940)
[jessie] - minicom 2.7-1+deb8u1
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/18/5
CVE-2017-7466 (Ansible before version 2.3 has an input validation vulnerability in th ...)
- ansible 2.2.1.0-2
[jessie] - ansible <not-affected> (Vulnerable code not present)
@@ -33409,41 +33560,41 @@ CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #859329)
[jessie] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attac ...)
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #859329)
[jessie] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attacker ...)
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #859329)
[jessie] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attacker ...)
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #859329)
[jessie] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3
NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncodi ...)
{DLA-929-1}
- libpodofo 0.9.4-5 (bug #859331)
[jessie] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/2
NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/
CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoF ...)
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #859330)
[jessie] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/1
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1847
CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in ...)
{DLA-1497-1 DLA-1035-1 DLA-965-1}
@@ -33451,7 +33602,7 @@ CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html
NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/03/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/03/2
NOTE: For older releases affected code is in hw/9pfs/virtio-9p.c
CVE-2017-7376 (Buffer overflow in libxml2 allows remote attackers to execute arbitrar ...)
{DSA-3952-1 DLA-1060-1}
@@ -33610,7 +33761,7 @@ CVE-2017-7310 (A buffer overflow vulnerability in Import Command in SyncBreeze b
CVE-2017-7309 (A cross-site scripting (XSS) vulnerability in the MantisBT Configurati ...)
- mantis <removed>
[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/30/4
CVE-2017-7307 (Riverbed RiOS before 9.0.1 does not properly restrict shell access in ...)
NOT-FOR-US: Riverbed RiOS
CVE-2017-7306 (** DISPUTED ** Riverbed RiOS through 9.6.0 has a weak default password ...)
@@ -33758,7 +33909,7 @@ CVE-2017-7264 (Use-after-free vulnerability in the fz_subsample_pixmap function
- mupdf 1.9a+ds1-3 (bug #854734)
[wheezy] - mupdf <not-affected> (vulnerable code not present)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515
- NOTE: Fix http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
+ NOTE: Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
NOTE: Related to CVE-2017-5896. But CVE-2017-7264 is for the use-after-free
NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow
@@ -33840,7 +33991,7 @@ CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modu
CVE-2017-7241 (A cross-site scripting (XSS) vulnerability in the MantisBT Move Attach ...)
- mantis <removed>
[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/30/4
CVE-2017-7240 (An issue was discovered on Miele Professional PST10 devices. The corre ...)
NOT-FOR-US: Miele Professional PG 8528 PST10 devices
CVE-2017-7239 (Ninka before 1.3.2 might allow remote attackers to obtain sensitive in ...)
@@ -33955,7 +34106,7 @@ CVE-2017-7208 (The decode_residual function in libavcodec in libav 9.21 allows r
CVE-2017-7207 (The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscr ...)
{DSA-3838-1 DLA-1048-1}
- ghostscript 9.20~dfsg-3 (bug #858350)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697676
CVE-2017-7206 (The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows ...)
- libav <removed>
@@ -34593,7 +34744,7 @@ CVE-2017-6974 (An issue was discovered in certain Apple products. macOS before 1
CVE-2017-6973 (A cross-site scripting (XSS) vulnerability in the MantisBT Configurati ...)
- mantis <removed>
[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/30/4
CVE-2017-6972 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an e ...)
NOT-FOR-US: AlienVault
CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow rem ...)
@@ -34618,7 +34769,7 @@ CVE-2017-6967 (xrdp 0.9.1 calls the PAM function auth_start_session() in an inco
NOTE: https://github.com/neutrinolabs/xrdp/issues/350
NOTE: First attempt: https://github.com/neutrinolabs/xrdp/pull/694
NOTE: Followed by: https://github.com/neutrinolabs/xrdp/pull/696
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/18/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/18/1
NOTE: https://github.com/neutrinolabs/xrdp/pull/696/commits/44129acd210c803fc8bbcfaf1b0db05e5bb4034f
CVE-2017-6966 (readelf in GNU Binutils 2.28 has a use-after-free (specifically read-a ...)
- binutils 2.28-3 (bug #858263)
@@ -34639,19 +34790,18 @@ CVE-2017-6964 (dmcrypt-get-device, as shipped in the eject package of Debian and
CVE-2017-6963
RESERVED
CVE-2017-6962 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...)
+ {DLA-2911-1}
- apng2gif 1.8-0.1 (bug #854447)
- [stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper sanitizatio ...)
+ {DLA-2911-1}
- apng2gif 1.8-0.1 (bug #854441)
- [stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...)
- {DLA-2165-1 DLA-981-1}
+ {DLA-2911-1 DLA-2165-1 DLA-981-1}
- apng2gif 1.8-0.1 (bug #854367)
- [stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
CVE-2017-6959
REJECTED
CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin (before ...)
@@ -34798,9 +34948,8 @@ CVE-2017-6894
CVE-2017-6893
RESERVED
CVE-2017-6892 (In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" fu ...)
- {DLA-985-1}
+ {DLA-2418-1 DLA-985-1}
- libsndfile 1.0.28-1 (bug #864704)
- [stretch] - libsndfile <ignored> (Minor issue)
[jessie] - libsndfile <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
CVE-2017-6891 (Two errors in the "asn1_find_node()" function (lib/parser_aux.c) withi ...)
@@ -34814,12 +34963,13 @@ CVE-2017-6890 (A boundary error within the "foveon_load_camf()" function (dcraw_
CVE-2017-6889 (An integer overflow error within the "foveon_load_camf()" function (dc ...)
NOT-FOR-US: libraw demosaic extension (not packaged in Debian)
CVE-2017-6888 (An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC ...)
+ {DLA-2514-1}
- flac 1.3.2-2 (low; bug #897015)
- [stretch] - flac <no-dsa> (Minor issue)
[jessie] - flac <no-dsa> (Minor issue)
[wheezy] - flac <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/
- NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67
+ NOTE: https://github.com/xiph/flac/commit/4f47b63e9c971e6391590caf00a0f2a5ed612e67 (1.3.3)
+ NOTE: https://android.googlesource.com/platform/external/flac/+/4f47b63e9c971e6391590caf00a0f2a5ed612e67
CVE-2017-6887 (A boundary error within the "parse_tiff_ifd()" function (internal/dcra ...)
{DSA-3950-1 DLA-1057-1}
- libraw 0.18.2-2 (bug #864183)
@@ -35593,7 +35743,7 @@ CVE-2017-6542 (The ssh_agent_channel_data function in PuTTY before 0.68 allows r
NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html
NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8 (0.68)
NOTE: Bug only exploitable if SSH agent forwarding enabled (not the default) and if
- NOTE: the attacker can already be able to connect to the Unix-domain socket
+ NOTE: the attacker can already be able to connect to the Unix-domain socket
NOTE: representing the forwarded agent connection.
CVE-2017-6541 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...)
NOT-FOR-US: webpagetest
@@ -36009,7 +36159,7 @@ CVE-2017-6849 (The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/10
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/10
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp
NOTE: https://sourceforge.net/p/podofo/tickets/8/
NOTE: Same fix as for CVE-2017-6845
@@ -36018,14 +36168,14 @@ CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in
- libpodofo 0.9.4-6 (bug #861565)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/9
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/9
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #861564)
[jessie] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/8
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/8
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace fun ...)
@@ -36033,7 +36183,7 @@ CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpac
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/7
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/
NOTE: https://sourceforge.net/p/podofo/tickets/9/
NOTE: Same fix as for CVE-2017-6845
@@ -36045,21 +36195,21 @@ CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo
NOTE: The motivation for no-dsa in wheezy is that there are no known
NOTE: services that use this library (apart from desktop applications)
NOTE: and the worst case is a DoS.
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/6
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp
NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1892
CVE-2017-6844 (Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function ...)
{DLA-929-1}
- libpodofo 0.9.4-5 (bug #861561)
[jessie] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/5
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/
CVE-2017-6843 (Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad func ...)
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #861560)
[jessie] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/4
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
@@ -36067,7 +36217,7 @@ CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #861559)
[jessie] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/3
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/3
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
@@ -36076,7 +36226,7 @@ CVE-2017-6841 (The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/2
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h
NOTE: https://sourceforge.net/p/podofo/tickets/10/
NOTE: Same fix as for CVE-2017-6845
@@ -36084,7 +36234,7 @@ CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp
{DLA-968-1}
- libpodofo 0.9.4-6 (bug #861557)
[jessie] - libpodofo <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/1
NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
@@ -36431,6 +36581,7 @@ CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows context-depende
NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=a6303ad765882555cf1b278a09be5f9e4cf3a39d
CVE-2017-6311 (gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attack ...)
- gdk-pixbuf 2.36.10-1 (bug #858491; unimportant)
+ [stretch] - gdk-pixbuf <ignored> (thumbnailer not installed before 2.36.5-3)
[jessie] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
[wheezy] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204
@@ -36467,55 +36618,55 @@ CVE-2017-6306 (An issue was discovered in ytnef before 1.9.1. This is related to
- libytnef 1.9.1-1
[wheezy] - libytnef <not-affected> (vulnerable code not present)
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6305 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
{DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6304 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
{DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6303 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
{DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6302 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
{DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6301 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
{DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6300 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
{DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6299 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
{DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...)
{DSA-3846-1 DLA-878-1}
- libytnef 1.9.1-1
NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4
NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6297 (The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does n ...)
NOT-FOR-US: MikroTik RouterOS
@@ -36575,7 +36726,7 @@ CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the kernel
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
@@ -36609,7 +36760,7 @@ CVE-2017-6266 (NVIDIA GPU Display Driver contains a vulnerability in the kernel
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
@@ -36777,8 +36928,8 @@ CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2 1.2.
CVE-2017-6196 (Multiple use-after-free vulnerabilities in the gx_image_enum_begin fun ...)
- ghostscript <not-affected> (Issue introduced later, cf. bug #856142)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697596
- NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283
- NOTE: Possibly introduced only after http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784
+ NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283
+ NOTE: Possibly introduced only after https://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784
CVE-2017-6195 (Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blin ...)
NOT-FOR-US: Ipswitch MOVEit Transfer
CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows r ...)
@@ -37068,11 +37219,12 @@ CVE-2017-6063
CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component of SAP ...)
NOT-FOR-US: SAP
CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artifex So ...)
- - mupdf <unfixed> (unimportant)
+ {DLA-2765-1}
+ - mupdf 1.12.0+ds1-1 (unimportant)
[wheezy] - mupdf <not-affected> (Vulnerable code not present)
NOTE: Although jstest_main.c compiled during build and mujstest is created
NOTE: it is not included in the produced binary packages
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/18/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/18/1
CVE-2017-6058 (Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU ( ...)
- qemu 1:2.8+dfsg-3 (bug #855616)
[jessie] - qemu <not-affected> (Vulnerable code not present)
@@ -37241,12 +37393,12 @@ CVE-2017-5993 (Memory leak in the vrend_renderer_init_blit_ctx function in vrend
- virglrenderer 0.6.0-1 (bug #858255)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=6eb13f7a2dcf391ec9e19b4c2a79e68305f63c22 (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422438
-CVE-2017-5991 (An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5 ...)
+CVE-2017-5991 (An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9 ...)
{DSA-3797-1}
- mupdf 1.9a+ds1-4 (low)
[wheezy] - mupdf <not-affected> (vulnerable code not present)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697500
- NOTE: http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465
CVE-2017-5990 (An issue was discovered in PhreeBooksERP before 2017-02-13. The vulner ...)
NOT-FOR-US: PhreeBooksERP
CVE-2017-5989
@@ -37282,7 +37434,7 @@ CVE-2017-5984 (In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() ha
CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3. ...)
NOT-FOR-US: JIRA Workflow Designer Plugin
CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...)
- - kodi <unfixed> (bug #855225)
+ - kodi 2:18.6+dfsg1-1 (bug #855225)
[buster] - kodi <ignored> (Minor issue)
[stretch] - kodi <ignored> (Minor issue)
[jessie] - kodi <ignored> (Minor issue)
@@ -37343,7 +37495,7 @@ CVE-2017-5973 (The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Qu
- qemu 1:2.8+dfsg-3 (bug #855611)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/13/11
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/13/11
CVE-2017-5972 (The TCP stack in the Linux kernel 3.x does not properly implement a SY ...)
- linux 4.4.2-1
[jessie] - linux <ignored> (Known perfomance limitation)
@@ -37360,7 +37512,7 @@ CVE-2017-5969 (** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows r
[stretch] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
[jessie] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
[wheezy] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
- NOTE: http://www.openwall.com/lists/oss-security/2016/11/05/3
+ NOTE: https://www.openwall.com/lists/oss-security/2016/11/05/3
NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=778519
NOTE: Duplicate upstream bug (contains patch): https://bugzilla.gnome.org/show_bug.cgi?id=758422
NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882
@@ -37394,7 +37546,7 @@ CVE-2017-5956 (The vrend_draw_vbo function in virglrenderer before 0.6.0 allows
- virglrenderer 0.6.0-1 (bug #858255)
NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a5ac49940c40ae415eac0cf912eac7070b4ba95d (0.6.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421073
- NOTE: The original fix opens a memory leak: http://www.openwall.com/lists/oss-security/2017/02/24/2
+ NOTE: The original fix opens a memory leak: https://www.openwall.com/lists/oss-security/2017/02/24/2
NOTE: Additional patch required: https://bugzilla.suse.com/attachment.cgi?id=715395
CVE-2017-5955
RESERVED
@@ -37411,7 +37563,7 @@ CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex
{DSA-3838-1 DLA-905-1}
- ghostscript 9.20~dfsg-3.1 (bug #859696)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548
- NOTE: Fixed by: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
+ NOTE: Fixed by: https://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...)
- yaml-cpp 0.6.3-1 (low; bug #859891)
[buster] - yaml-cpp <no-dsa> (Minor issue)
@@ -37475,12 +37627,12 @@ CVE-2017-5931 (Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/8
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/07/8
CVE-2017-5930 (The AliasHandler component in PostfixAdmin before 3.0.2 allows remote ...)
- postfixadmin 3.0.2-1 (bug #854742)
[jessie] - postfixadmin <not-affected> (Vulnerable code not present)
[wheezy] - postfixadmin <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/07/6
CVE-2017-5929 (QOS.ch Logback before 1.2.0 has a serialization vulnerability affectin ...)
{DLA-888-1}
- logback 1:1.1.9-3 (bug #857343)
@@ -37557,9 +37709,9 @@ CVE-2017-5896 (Heap-based buffer overflow in the fz_subsample_pixmap function in
- mupdf 1.9a+ds1-3 (bug #854734)
[wheezy] - mupdf <not-affected> (vulnerable code not present)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515
- NOTE: Fix http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
+ NOTE: Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/10/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/10/1
CVE-2017-5895
RESERVED
CVE-2017-5894
@@ -37618,13 +37770,13 @@ CVE-2017-5878 (The AMF unmarshallers in Red5 Media Server before 1.0.8 do not re
CVE-2017-5938 (Cross-site scripting (XSS) vulnerability in the nav_path function in l ...)
{DSA-3784-1 DLA-820-1}
- viewvc 1.1.26-1 (bug #854681)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/08/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/08/7
NOTE: https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad
CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows rem ...)
- openpyxl 2.3.0-3 (bug #854442)
[jessie] - openpyxl <not-affected> (vulnerable code not present)
[wheezy] - openpyxl <not-affected> (vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/07/5
NOTE: https://bitbucket.org/openpyxl/openpyxl/issues/749
NOTE: https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1
CVE-2017-6059 (Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication ...)
@@ -37640,11 +37792,11 @@ CVE-2017-XXXX [irssi memory leak]
[jessie] - irssi <not-affected> (support for sasl not present)
[wheezy] - irssi <not-affected> (support for sasl not present)
NOTE: Patch: https://github.com/irssi/irssi/commit/19c51789967a2f63da033e60f6ef08848b9cd144
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/02/05/8
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2017/02/05/8
CVE-2017-XXXX [irssi missing null terminator]
- irssi 1.0.1-1 (unimportant)
NOTE: Patch: https://github.com/irssi/irssi/pull/619/commits/677fb1f55ca52d0e43c93f7d8361d333ff5bffd6
- NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/02/05/8
+ NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2017/02/05/8
CVE-2017-5886 (Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken f ...)
{DLA-929-1}
- libpodofo 0.9.4-5 (bug #854604)
@@ -37665,7 +37817,7 @@ CVE-2017-5873 (Unquoted Windows search path vulnerability in the guest service i
CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with TCP- ...)
NOT-FOR-US: Unisys ClearPath
CVE-2017-5871 (Odoo Version &lt;= 8.0-20160726 and Version 9 is affected by: CWE-601: ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.1 ...)
NOT-FOR-US: ViMbAdmin
CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo ...)
@@ -37697,17 +37849,17 @@ CVE-2017-5836 (The plist_free_data function in plist.c in libplist allows attack
[jessie] - libplist <no-dsa> (Minor issue)
[wheezy] - libplist <no-dsa> (pointers are not incorrectly freed and non-string key nodes are officially allowed)
NOTE: https://github.com/libimobiledevice/libplist/issues/86
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/6
CVE-2017-5835 (libplist allows attackers to cause a denial of service (large memory a ...)
{DLA-2168-1 DLA-840-1}
- libplist 1.12+git+1+e37ca00-0.1 (bug #854000)
NOTE: https://github.com/libimobiledevice/libplist/issues/88
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/6
CVE-2017-5834 (The parse_dict_node function in bplist.c in libplist allows attackers ...)
{DLA-2168-1 DLA-840-1}
- libplist 1.12+git+1+e37ca00-0.1 (bug #854000)
NOTE: https://github.com/libimobiledevice/libplist/issues/89
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/6
CVE-2017-5829 (An access restriction bypass vulnerability in HPE Aruba ClearPass Poli ...)
NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5828 (An arbitrary command execution vulnerability in HPE Aruba ClearPass Po ...)
@@ -37811,55 +37963,55 @@ CVE-2017-5781 (A CSRF vulnerability in HPE Matrix Operating Environment version
CVE-2017-5780 (A remote clickjacking vulnerability in HPE Matrix Operating Environmen ...)
NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5779
- RESERVED
+ REJECTED
CVE-2017-5778
- RESERVED
+ REJECTED
CVE-2017-5777
- RESERVED
+ REJECTED
CVE-2017-5776
- RESERVED
+ REJECTED
CVE-2017-5775
- RESERVED
+ REJECTED
CVE-2017-5774
- RESERVED
+ REJECTED
CVE-2017-5773
- RESERVED
+ REJECTED
CVE-2017-5772
- RESERVED
+ REJECTED
CVE-2017-5771
- RESERVED
+ REJECTED
CVE-2017-5770
- RESERVED
+ REJECTED
CVE-2017-5769
- RESERVED
+ REJECTED
CVE-2017-5768
- RESERVED
+ REJECTED
CVE-2017-5767
- RESERVED
+ REJECTED
CVE-2017-5766
- RESERVED
+ REJECTED
CVE-2017-5765
- RESERVED
+ REJECTED
CVE-2017-5764
- RESERVED
+ REJECTED
CVE-2017-5763
- RESERVED
+ REJECTED
CVE-2017-5762
- RESERVED
+ REJECTED
CVE-2017-5761
- RESERVED
+ REJECTED
CVE-2017-5760
- RESERVED
+ REJECTED
CVE-2017-5759
- RESERVED
+ REJECTED
CVE-2017-5758
- RESERVED
+ REJECTED
CVE-2017-5757
- RESERVED
+ REJECTED
CVE-2017-5756
- RESERVED
+ REJECTED
CVE-2017-5755
- RESERVED
+ REJECTED
CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and indir ...)
{DSA-4120-1 DSA-4082-1 DSA-4078-1 DLA-1232-1}
- linux 4.14.12-1
@@ -37901,37 +38053,37 @@ CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and
NOTE: Paper: https://spectreattack.com/spectre.pdf
NOTE: https://01.org/security/advisories/intel-oss-10002
CVE-2017-5752
- RESERVED
+ REJECTED
CVE-2017-5751
- RESERVED
+ REJECTED
CVE-2017-5750
- RESERVED
+ REJECTED
CVE-2017-5749
- RESERVED
+ REJECTED
CVE-2017-5748
- RESERVED
+ REJECTED
CVE-2017-5747
- RESERVED
+ REJECTED
CVE-2017-5746
- RESERVED
+ REJECTED
CVE-2017-5745
- RESERVED
+ REJECTED
CVE-2017-5744
- RESERVED
+ REJECTED
CVE-2017-5743
- RESERVED
+ REJECTED
CVE-2017-5742
- RESERVED
+ REJECTED
CVE-2017-5741
- RESERVED
+ REJECTED
CVE-2017-5740
- RESERVED
+ REJECTED
CVE-2017-5739
- RESERVED
+ REJECTED
CVE-2017-5738 (Escalation of privilege vulnerability in admin portal for Intel Unite ...)
NOT-FOR-US: Intel Unite App
CVE-2017-5737
- RESERVED
+ REJECTED
CVE-2017-5736 (An elevation of privilege in Intel Software Guard Extensions Platform ...)
NOT-FOR-US: Intel
CVE-2017-5735
@@ -37947,43 +38099,42 @@ CVE-2017-5731 (Bounds checking in Tianocompress before November 7, 2017 may allo
NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150
NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html
CVE-2017-5730
- RESERVED
+ REJECTED
CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and T ...)
NOT-FOR-US: Intel
CVE-2017-5728
- RESERVED
+ REJECTED
CVE-2017-5727 (Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 1 ...)
NOT-FOR-US: Intel
CVE-2017-5726
- RESERVED
+ REJECTED
CVE-2017-5725
- RESERVED
+ REJECTED
CVE-2017-5724
- RESERVED
+ REJECTED
CVE-2017-5723
- RESERVED
+ REJECTED
CVE-2017-5722 (Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, N ...)
NOT-FOR-US: Intel
CVE-2017-5721 (Insufficient input validation in system firmware for Intel NUC7i3BNK, ...)
NOT-FOR-US: Intel
CVE-2017-5720
- RESERVED
+ REJECTED
CVE-2017-5719 (A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows ...)
NOT-FOR-US: Intel
CVE-2017-5718
- RESERVED
+ REJECTED
CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphics Dr ...)
NOT-FOR-US: Intel graphics driver
CVE-2017-5716
REJECTED
CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and indir ...)
- {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-2148-1 DLA-1497-1 DLA-1422-1 DLA-1369-1}
+ {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-2743-1 DLA-2148-1 DLA-1497-1 DLA-1422-1 DLA-1369-1}
- linux 4.15.11-1
- intel-microcode 3.20180425.1
[stretch] - intel-microcode 3.20180425.1~deb9u1
[jessie] - intel-microcode 3.20180425.1~deb8u1
- amd64-microcode 3.20180515.1
- [stretch] - amd64-microcode <no-dsa> (Can be fixed via point release)
NOTE: https://spectreattack.com/
NOTE: https://xenbits.xen.org/xsa/advisory-254.html
NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
@@ -38018,9 +38169,9 @@ CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and
- xen 4.11.1~pre+1.733450b39b-1
[jessie] - xen <ignored> (Too intrusive to backport)
CVE-2017-5714
- RESERVED
+ REJECTED
CVE-2017-5713
- RESERVED
+ REJECTED
CVE-2017-5712 (Buffer overflow in Active Management Technology (AMT) in Intel Managea ...)
NOT-FOR-US: Intel
CVE-2017-5711 (Multiple buffer overflows in Active Management Technology (AMT) in Int ...)
@@ -38042,7 +38193,7 @@ CVE-2017-5704 (Platform sample code firmware included with 4th Gen Intel Core Pr
CVE-2017-5703 (Configuration of SPI Flash in platforms based on multiple Intel platfo ...)
NOT-FOR-US: Intel
CVE-2017-5702
- RESERVED
+ REJECTED
CVE-2017-5701 (Insecure platform configuration in system firmware for Intel NUC7i3BNK ...)
NOT-FOR-US: Intel
CVE-2017-5700 (Insufficient protection of password storage in system firmware for Int ...)
@@ -38067,13 +38218,13 @@ CVE-2017-5692 (Out-of-bounds read condition in older versions of some Intel Grap
CVE-2017-5691 (Incorrect check in Intel processors from 6th and 7th Generation Intel ...)
NOT-FOR-US: Intel CPUs
CVE-2017-5690
- RESERVED
+ REJECTED
CVE-2017-5689 (An unprivileged network attacker could gain system privileges to provi ...)
NOT-FOR-US: Intel AMT
CVE-2017-5688 (There is an escalation of privilege vulnerability in the Intel Solid S ...)
NOT-FOR-US: Intel Solid State Drive Toolbox
CVE-2017-5687
- RESERVED
+ REJECTED
CVE-2017-5686 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors p ...)
NOT-FOR-US: BIOS in Intel NUC systems
CVE-2017-5685 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors p ...)
@@ -38085,80 +38236,80 @@ CVE-2017-5683 (Privilege escalation in IntelHAXM.sys driver in the Intel Hardwar
CVE-2017-5682 (Intel PSET Application Install wrapper of Intel Parallel Studio XE, In ...)
NOT-FOR-US: Intel PSET
CVE-2017-5680
- RESERVED
+ REJECTED
CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in ...)
{DSA-3818-1 DLA-2164-1 DLA-830-1}
- gst-plugins-bad1.0 1.10.4-1 (low)
- gst-plugins-bad0.10 <unfixed> (low)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957
NOTE: Patch: https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3
CVE-2017-5847 (The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gs ...)
{DSA-3821-1 DLA-2226-1 DLA-829-1}
- gst-plugins-ugly1.0 1.10.4-1 (low)
- gst-plugins-ugly0.10 <removed> (low)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777955
NOTE: https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
CVE-2017-5846 (The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gs ...)
{DSA-3821-1 DLA-2226-1 DLA-829-1}
- gst-plugins-ugly1.0 1.10.3-1 (low)
- gst-plugins-ugly0.10 <removed> (low)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777937
CVE-2017-5845 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst- ...)
{DSA-3820-1}
- gst-plugins-good1.0 1.10.3-1 (low)
- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777532
CVE-2017-5844 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...)
{DSA-3819-1 DLA-2126-1 DLA-827-1}
- gst-plugins-base1.0 1.10.3-1 (low)
- gst-plugins-base0.10 <removed> (low)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777525
CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unr ...)
{DSA-3818-1 DLA-2164-1 DLA-830-1}
- gst-plugins-bad1.0 1.10.3-1
- gst-plugins-bad0.10 <unfixed> (low)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503
CVE-2017-5842 (The html_context_handle_element function in gst/subparse/samiparse.c i ...)
{DSA-3819-1}
- gst-plugins-base1.0 1.10.3-1
- gst-plugins-base0.10 <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777502
CVE-2017-5841 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst- ...)
{DSA-3820-1}
- gst-plugins-good1.0 1.10.3-1 (low)
- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777500
CVE-2017-5840 (The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plug ...)
{DSA-3820-1 DLA-2225-1 DLA-828-1}
- gst-plugins-good1.0 1.10.3-1 (low)
- gst-plugins-good0.10 <removed> (low)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777469
CVE-2017-5839 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...)
{DSA-3819-1}
- gst-plugins-base1.0 1.10.3-1
- gst-plugins-base0.10 <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777265
CVE-2017-5838 (The gst_date_time_new_from_iso8601_string function in gst/gstdatetime. ...)
{DSA-3822-1}
- gstreamer1.0 1.10.3-1 (low)
- gstreamer0.10 <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777263
CVE-2017-5837 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...)
{DSA-3819-1 DLA-2126-1 DLA-827-1}
- gst-plugins-base1.0 1.10.3-1 (low)
- gst-plugins-base0.10 <removed> (low)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777262
CVE-2017-5851 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...)
- mp3splt <unfixed> (unimportant)
@@ -38181,14 +38332,14 @@ CVE-2017-5857 (Memory leak in the virgl_cmd_resource_unref function in hw/displa
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418382
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/21
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/21
CVE-2017-5856 (Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c i ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-3 (bug #853996)
[wheezy] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/19
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/19
NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418342
CVE-2017-5855 (The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in ...)
@@ -38229,7 +38380,7 @@ CVE-2017-5852 (The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/P
NOTE: further patch for ABI compatibility: https://sourceforge.net/p/podofo/mailman/message/36084628/
CVE-2017-5849 (tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRG ...)
- netpbm-free <not-affected> (vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/02/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/02/2
NOTE: Debian uses an unaffected fork:
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2654#c8
CVE-2017-5850 (httpd in OpenBSD allows remote attackers to cause a denial of service ...)
@@ -38289,14 +38440,14 @@ CVE-2017-5663 (In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-
CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of the serve ...)
{DSA-4215-1 DLA-926-1}
- batik 1.9-1 (bug #860566)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/18/1
NOTE: Upstream bug: https://issues.apache.org/jira/browse/BATIK-1139
NOTE: Fixed by: http://svn.apache.org/r1743326
NOTE: Similar issue to CVE-2015-0250
CVE-2017-5661 (In Apache FOP before 2.2, files lying on the filesystem of the server ...)
{DSA-3864-1 DLA-927-1}
- fop 1:2.1-6 (bug #860567)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/18/2
NOTE: Upstream bug: https://issues.apache.org/jira/browse/FOP-2668
NOTE: Fixed by: http://svn.apache.org/r1769967
NOTE: Fixed by: http://svn.apache.org/r1769968 (fix for Java 6)
@@ -38331,13 +38482,13 @@ CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the r
- tomcat9 <not-affected> (Fixed before initial upload to Debian)
- tomcat8 8.5.11-2 (bug #860071)
[jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/21
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/21
NOTE: Fixed by: http://svn.apache.org/r1788546 (8.5.x)
CVE-2017-5650 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handli ...)
- tomcat9 <not-affected> (Fixed before initial upload to Debian)
- tomcat8 8.5.11-2 (bug #860070)
[jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/22
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/22
NOTE: Fixed by: http://svn.apache.org/r1788480 (8.5.x)
CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by sett ...)
NOT-FOR-US: Apache Geode
@@ -38348,7 +38499,7 @@ CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to
- tomcat7 7.0.72-3
NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
- tomcat6 <not-affected> (Only affects 7.0 an later)
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/23
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/23
NOTE: Fixed by: http://svn.apache.org/r1785775 (8.5.x)
NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x)
NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x)
@@ -38360,7 +38511,7 @@ CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat
NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
- tomcat6 6.0.41-3
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
- NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/24
+ NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/24
NOTE: Fixed by: http://svn.apache.org/r1788932 (8.5.x)
NOTE: Fixed by: http://svn.apache.org/r1788999 (8.0.x)
NOTE: Fixed by: http://svn.apache.org/r1789008 (7.0.x)
@@ -38379,7 +38530,7 @@ CVE-2017-5644 (Apache POI in versions prior to release 3.15 allows remote attack
[stretch] - libapache-poi-java <no-dsa> (Minor issue)
[jessie] - libapache-poi-java <no-dsa> (Minor issue)
[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/20/9
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/20/9
CVE-2017-5643 (Apache Camel's Validation Component is vulnerable against SSRF via rem ...)
NOT-FOR-US: Apache Camel
CVE-2017-5642 (During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artif ...)
@@ -38461,14 +38612,14 @@ CVE-2017-5667 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in
[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417559
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/2
CVE-2017-5668 (bitlbee-libpurple before 3.5.1 allows remote attackers to cause a deni ...)
- bitlbee 3.5.1-1 (bug #853282)
[jessie] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189 not applied)
[wheezy] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189 not applied)
NOTE: https://bugs.bitlbee.org/ticket/1282
NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 (3.5.1)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4
NOTE: This CVE exists because of an incomplete fix for CVE-2016-10189
CVE-2017-5940 (Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does no ...)
- firejail 0.9.44.6-1
@@ -38477,22 +38628,26 @@ CVE-2017-5940 (Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS do
NOTE: https://github.com/netblue30/firejail/blob/0.9.44.6/RELNOTES
NOTE: https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f (0.9.44.6)
NOTE: https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 (0.9.44.6)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/29/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/29/4
CVE-2017-5899 (Directory traversal vulnerability in the setuid root helper binary in ...)
- s-nail 14.8.16-1 (bug #852934)
NOTE: https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html
NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f797c27efecad45af191c518b7f87fda32ada160
NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f2699449b66dd702a98925bd1b11153a6f7294bf
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/7
CVE-2017-5628 (An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10 ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://git.ghostscript.com/?p=mujs.git;h=8f62ea10a0af68e56d5c00720523ebcba13c2e6a
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697496
CVE-2017-5627 (An issue was discovered in Artifex Software, Inc. MuJS before 4006739a ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://git.ghostscript.com/?p=mujs.git;h=4006739a28367c708dea19aeb19b8a1a9326ce08
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697497
CVE-2017-5617 (The SVG Salamander (aka svgSalamander) library, when used in a web app ...)
{DSA-3781-1 DLA-816-1}
- svgsalamander 1.1.1+dfsg-2 (bug #853134)
NOTE: https://github.com/blackears/svgSalamander/issues/11
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/3
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/3
CVE-2017-5608 (Cross-site scripting (XSS) vulnerability in the image upload function ...)
- piwigo <removed>
CVE-2017-5600 (The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 ...)
@@ -38505,17 +38660,17 @@ CVE-2017-5612 (Cross-site scripting (XSS) vulnerability in wp-admin/includes/cla
{DSA-3779-1 DLA-813-1}
- wordpress 4.7.2+dfsg-1 (bug #852767)
NOTE: https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/2
CVE-2017-5611 (SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Qu ...)
{DSA-3779-1 DLA-813-1}
- wordpress 4.7.2+dfsg-1 (bug #852767)
NOTE: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/2
CVE-2017-5610 (wp-admin/includes/class-wp-press-this.php in Press This in WordPress b ...)
{DSA-3779-1 DLA-813-1}
- wordpress 4.7.2+dfsg-1 (bug #852767)
NOTE: https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/2
CVE-2017-5595 (A file disclosure and inclusion vulnerability exists in web/views/file ...)
{DLA-1145-1}
- zoneminder 1.30.4+dfsg-1 (bug #854733)
@@ -38555,17 +38710,17 @@ CVE-2017-6852 (Heap-based buffer overflow in the jpc_dec_decodepkt function in j
[jessie] - jasper <no-dsa> (Minor issue)
[wheezy] - jasper <no-dsa> (Minor issue)
NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/114
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/10
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/25/10
NOTE: The POC only triggers an assertion failure but an overflow cannot be observed.
CVE-2017-6850 (The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 all ...)
- jasper <removed> (unimportant)
NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/112
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/8
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/25/8
NOTE: Not suitable for code injection, hardly denial of service
CVE-2017-6851 (The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows r ...)
- jasper <removed> (unimportant)
NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/113
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/9
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/25/9
NOTE: Not suitable for code injection, hardly denial of service
CVE-2017-5618 (GNU screen before 4.5.1 allows local users to modify arbitrary files a ...)
- screen 4.5.0-3 (bug #852484)
@@ -38576,7 +38731,7 @@ CVE-2017-5618 (GNU screen before 4.5.1 allows local users to modify arbitrary fi
NOTE: https://savannah.gnu.org/bugs/?50142
NOTE: Introduced in (screen-v4): http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=5460f5d28c01a9a58e021eb1dffef2965e629d58
NOTE: Introduced in (master): http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c575c40c9bd7653470639da32e06faed0a9b2ec4
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/24/10
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/24/10
CVE-2017-5597 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector c ...)
{DSA-3811-1 DLA-858-1}
- wireshark 2.2.4+gcc3dc1b-1
@@ -38726,19 +38881,19 @@ CVE-2017-5527 (TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6
CVE-2017-5616 (Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allow ...)
{DLA-869-1}
- cgiemail <removed> (bug #852031)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2017-5615 (cgiemail and cgiecho allow remote attackers to inject HTTP headers via ...)
{DLA-869-1}
- cgiemail <removed> (bug #852031)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2017-5614 (Open redirect vulnerability in cgiemail and cgiecho allows remote atta ...)
{DLA-869-1}
- cgiemail <removed> (bug #852031)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2017-5613 (Format string vulnerability in cgiemail and cgiecho allows remote atta ...)
{DLA-869-1}
- cgiemail <removed> (bug #852031)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2017-5552 (Memory leak in the virgl_resource_attach_backing function in hw/displa ...)
- qemu 1:2.10.0-1 (bug #852119; unimportant)
[jessie] - qemu <not-affected> (Vulnerable code not present)
@@ -38787,7 +38942,7 @@ CVE-2017-5524 (Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attac
NOT-FOR-US: Plone
CVE-2017-5537 (The password reset form in Weblate before 2.10.1 provides different er ...)
- weblate <itp> (bug #745661)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/18/11
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/18/11
CVE-2017-5526 (Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows l ...)
{DLA-1497-1}
- qemu 1:2.8+dfsg-2 (bug #851910)
@@ -38940,9 +39095,11 @@ CVE-2017-5462 (A flaw in DRBG number generation within the Network Security Serv
CVE-2017-5461 (Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ...)
{DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1}
- firefox 52.0.1-1
+ - firefox-esr 45.9.0esr-1
[experimental] - nss 2:3.30.1-1
- nss 2:3.26.2-1.1 (bug #862958)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
NOTE: https://hg.mozilla.org/projects/nss/rev/77a5bb81dbaa
CVE-2017-5460 (A use-after-free vulnerability in frame selection triggered by a combi ...)
@@ -39401,77 +39558,77 @@ CVE-2017-5506 (Double free vulnerability in magick/profile.c in ImageMagick allo
{DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851383)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/354
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb
CVE-2017-5507 (Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x befo ...)
{DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851382)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2017-5508 (Heap-based buffer overflow in the PushQuantumPixel function in ImageMa ...)
{DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851381)
NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
NOTE: https://github.com/ImageMagick/ImageMagick/commit/379e21cd32483df6e128147af3bc4ce1f82eb9c4
CVE-2017-5509 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...)
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851377)
[jessie] - imagemagick <not-affected> (Vulnerable code not present)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/350
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2017-5510 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...)
{DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851376)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/348
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
NOTE: https://github.com/ImageMagick/ImageMagick/commit/e87af64b1ff1635a32d9b6162f1b0e260fb54ed9
CVE-2017-5511 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...)
{DSA-3799-1 DLA-807-1}
- imagemagick 8:6.9.7.4+dfsg-1 (bug #851374)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/347
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d65a814ac76bd04760072c33e452371692ee790
CVE-2017-5487 (wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in t ...)
- wordpress 4.7.1+dfsg-1 (bug #851310)
[jessie] - wordpress <not-affected> (vulnerable code not present)
[wheezy] - wordpress <not-affected> (vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8715
NOTE: https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
CVE-2017-5488 (Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update ...)
{DSA-3779-1 DLA-813-1}
- wordpress 4.7.1+dfsg-1 (bug #851310)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8716
NOTE: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
CVE-2017-5489 (Cross-site request forgery (CSRF) vulnerability in WordPress before 4. ...)
{DSA-3779-1 DLA-813-1}
- wordpress 4.7.1+dfsg-1 (bug #851310)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8717
CVE-2017-5490 (Cross-site scripting (XSS) vulnerability in the theme-name fallback fu ...)
{DSA-3779-1 DLA-813-1}
- wordpress 4.7.1+dfsg-1 (bug #851310)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8718
NOTE: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
CVE-2017-5491 (wp-mail.php in WordPress before 4.7.1 might allow remote attackers to ...)
{DSA-3779-1 DLA-813-1}
- wordpress 4.7.1+dfsg-1 (bug #851310)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8719
NOTE: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
CVE-2017-5492 (Cross-site request forgery (CSRF) vulnerability in the widget-editing ...)
{DSA-3779-1 DLA-813-1}
- wordpress 4.7.1+dfsg-1 (bug #851310)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8720
NOTE: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
CVE-2017-5493 (wp-includes/ms-functions.php in the Multisite WordPress API in WordPre ...)
{DSA-3779-1 DLA-813-1}
- wordpress 4.7.1+dfsg-1 (bug #851310)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1
NOTE: https://wpvulndb.com/vulnerabilities/8721
NOTE: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
CVE-2017-5356 (Irssi before 0.8.21 allows remote attackers to cause a denial of servi ...)
@@ -39515,7 +39672,7 @@ CVE-2017-5341 (The OTV parser in tcpdump before 4.9.0 has a buffer overflow in p
- tcpdump 4.9.0-1
CVE-2017-5357 (regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of ...)
- ed <not-affected> (Vulnerable code not present, cf #851159)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/5
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/12/5
NOTE: The issue is only present from 1.14 onwards, and prior to 1.14.1 since upstream
NOTE: changed a malloc'ed buffer for a static one.
NOTE: https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00001.html
@@ -39828,8 +39985,8 @@ CVE-2017-5330 (ark before 16.12.1 might allow remote attackers to execute arbitr
- ark 4:16.08.3-2 (bug #850874)
[jessie] - ark <not-affected> (Vulnerable code introduced later)
[wheezy] - ark <not-affected> (Vulnerable code introduced later)
- NOTE: Fixed by: https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
- NOTE: "Open File" action introduced in https://cgit.kde.org/ark.git/commit/?id=f1cf10f25af245823f81b8ff457a04c7593dede7 (v15.11.80)
+ NOTE: Fixed by: https://github.com/KDE/ark/commit/82fdfd24d46966a117fa625b68784735a40f9065
+ NOTE: "Open File" action introduced in https://github.com/KDE/ark/commit/f1cf10f25af245823f81b8ff457a04c7593dede7 (v15.11.80)
CVE-2017-5226 (When executing a program via the bubblewrap sandbox, the nonpriv sessi ...)
- bubblewrap 0.1.5-2 (bug #850702)
NOTE: https://github.com/projectatomic/bubblewrap/issues/142
@@ -39837,7 +39994,7 @@ CVE-2017-5207 (Firejail before 0.9.44.4, when running a bandwidth command, allow
- firejail 0.9.44.4-1 (bug #850528)
NOTE: https://github.com/netblue30/firejail/issues/1023
NOTE: Fixed by: https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/07/3
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/07/3
CVE-2017-5206 (Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, a ...)
- firejail 0.9.44.4-1 (bug #850558)
NOTE: Fixed by: https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e
@@ -39883,28 +40040,28 @@ CVE-2017-5196 (Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a den
- irssi 0.8.21-1 (bug #850403)
[jessie] - irssi <not-affected> (Affects only 0.8.18 and later)
[wheezy] - irssi <not-affected> (Affects only 0.8.18 and later)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2
NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5195 (Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial o ...)
- irssi 0.8.21-1 (bug #850403)
[jessie] - irssi 0.8.17-1+deb8u3
[wheezy] - irssi <not-affected> (Affects only 0.8.17 and later)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2
NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5194 (Use-after-free vulnerability in Irssi before 0.8.21 allows remote atta ...)
{DLA-1217-1}
- irssi 0.8.21-1 (bug #850403)
[jessie] - irssi 0.8.17-1+deb8u3
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2
NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5193 (The nickcmp function in Irssi before 0.8.21 allows remote attackers to ...)
{DLA-1217-1}
- irssi 0.8.21-1 (bug #850403)
[jessie] - irssi 0.8.17-1+deb8u3
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2
NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5179 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9. ...)
@@ -39997,7 +40154,7 @@ CVE-2017-5136 (An issue was discovered on SendQuick Entera and Avera devices bef
NOT-FOR-US: SendQuick Entera and Avera devices
CVE-2017-5180 (Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not ...)
- firejail 0.9.44.2-3 (bug #850160)
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/04/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/04/1
NOTE: https://github.com/netblue30/firejail/issues/1020
CVE-2017-5135 (Certain Technicolor devices have an SNMP access-control bypass, possib ...)
NOT-FOR-US: Technicolor
@@ -40061,8 +40218,7 @@ CVE-2017-5124 (Incorrect application of sandboxing in Blink in Google Chrome pri
- chromium-browser 62.0.3202.75-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2017-5123 [waitid() not calling access_ok()]
- RESERVED
+CVE-2017-5123 (Insufficient data validation in waitid allowed an user to escape sandb ...)
- linux 4.13.4-2
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
@@ -40612,19 +40768,19 @@ CVE-2017-5332 (The extract_group_icon_cursor_resource in wrestool/extract.c in i
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1249276
NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a
NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/10/4
NOTE: CVE for "all of 1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a and also the index correction in
NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a."
CVE-2017-5331 (Integer overflow in the check_offset function in b/wrestool/fileread.c ...)
{DSA-3765-1 DLA-789-1}
- icoutils 0.31.1-1
NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/10/4
CVE-2017-5208 (Integer overflow in the wrestool program in icoutils before 0.31.1 all ...)
{DSA-3756-1 DLA-789-1}
- icoutils 0.31.0-4 (bug #850017)
NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/08/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/08/1
CVE-2017-5340 (Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandle ...)
- php7.1 7.1.1-1 (bug #852022)
- php7.0 7.0.15-1 (bug #850158)
@@ -40706,20 +40862,20 @@ CVE-2017-4969 (The Cloud Controller in Cloud Foundry cf-release versions prior t
CVE-2017-4968
REJECTED
CVE-2017-4967 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...)
+ {DLA-2710-1}
- rabbitmq-server 3.6.10-1 (low; bug #863586)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <no-dsa> (Minor issue)
[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4966 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...)
+ {DLA-2710-1}
- rabbitmq-server 3.6.10-1 (low; bug #863586)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
[wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/2371633f99ad0d293899384f078872ff9e9f3e10 (rabbitmq_v3_6_9)
NOTE: Introduced by: https://github.com/rabbitmq/rabbitmq-management/commit/ced47b0bdca862a58e8f31833643e948655f8368 (rabbitmq_v3_4_0)
CVE-2017-4965 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...)
+ {DLA-2710-1}
- rabbitmq-server 3.6.10-1 (low; bug #863586)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <no-dsa> (Minor issue)
[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a ...)
@@ -42549,9 +42705,9 @@ CVE-2017-4053 (Command Injection vulnerability in the web interface in McAfee Ad
CVE-2017-4052 (Authentication Bypass vulnerability in the web interface in McAfee Adv ...)
NOT-FOR-US: McAfee
CVE-2017-4051
- RESERVED
+ REJECTED
CVE-2017-4050
- RESERVED
+ REJECTED
CVE-2017-4049
REJECTED
CVE-2017-4048
@@ -42579,7 +42735,7 @@ CVE-2017-4038
CVE-2017-4037
REJECTED
CVE-2017-4036
- RESERVED
+ REJECTED
CVE-2017-4035
REJECTED
CVE-2017-4034
@@ -42659,7 +42815,7 @@ CVE-2017-3998
CVE-2017-3997
REJECTED
CVE-2017-3996
- RESERVED
+ REJECTED
CVE-2017-3995
REJECTED
CVE-2017-3994
@@ -42675,7 +42831,7 @@ CVE-2017-3990
CVE-2017-3989
REJECTED
CVE-2017-3988
- RESERVED
+ REJECTED
CVE-2017-3987
REJECTED
CVE-2017-3986
@@ -42711,7 +42867,7 @@ CVE-2017-3972 (Infrastructure-based foot printing vulnerability in the web inter
CVE-2017-3971 (Cryptanalysis vulnerability in the web interface in McAfee Network Sec ...)
NOT-FOR-US: McAfee
CVE-2017-3970
- RESERVED
+ REJECTED
CVE-2017-3969 (Abuse of communication channels vulnerability in the server in McAfee ...)
NOT-FOR-US: McAfee
CVE-2017-3968 (Session fixation vulnerability in the web interface in McAfee Network ...)
@@ -42777,7 +42933,7 @@ CVE-2017-3939
CVE-2017-3938
REJECTED
CVE-2017-3937
- RESERVED
+ REJECTED
CVE-2017-3936 (OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO ...)
NOT-FOR-US: McAfee
CVE-2017-3935 (Network Data Loss Prevention is vulnerable to MIME type sniffing which ...)
@@ -42787,7 +42943,7 @@ CVE-2017-3934 (Missing HTTP Strict Transport Security state information vulnerab
CVE-2017-3933 (Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network ...)
NOT-FOR-US: McAfee Network Data Loss Prevention
CVE-2017-3932
- RESERVED
+ REJECTED
CVE-2017-3931
REJECTED
CVE-2017-3930
@@ -42795,63 +42951,63 @@ CVE-2017-3930
CVE-2017-3929
REJECTED
CVE-2017-3928
- RESERVED
+ REJECTED
CVE-2017-3927
- RESERVED
+ REJECTED
CVE-2017-3926
- RESERVED
+ REJECTED
CVE-2017-3925
- RESERVED
+ REJECTED
CVE-2017-3924
- RESERVED
+ REJECTED
CVE-2017-3923
- RESERVED
+ REJECTED
CVE-2017-3922
- RESERVED
+ REJECTED
CVE-2017-3921
- RESERVED
+ REJECTED
CVE-2017-3920
- RESERVED
+ REJECTED
CVE-2017-3919
- RESERVED
+ REJECTED
CVE-2017-3918
- RESERVED
+ REJECTED
CVE-2017-3917
- RESERVED
+ REJECTED
CVE-2017-3916
- RESERVED
+ REJECTED
CVE-2017-3915
- RESERVED
+ REJECTED
CVE-2017-3914
- RESERVED
+ REJECTED
CVE-2017-3913
- RESERVED
+ REJECTED
CVE-2017-3912 (Bypassing password security vulnerability in McAfee Application and Ch ...)
NOT-FOR-US: McAfee
CVE-2017-3911
- RESERVED
+ REJECTED
CVE-2017-3910
- RESERVED
+ REJECTED
CVE-2017-3909
- RESERVED
+ REJECTED
CVE-2017-3908
- RESERVED
+ REJECTED
CVE-2017-3907 (Code Injection vulnerability in the ePolicy Orchestrator (ePO) extensi ...)
NOT-FOR-US: McAfee
CVE-2017-3906
- RESERVED
+ REJECTED
CVE-2017-3905
- RESERVED
+ REJECTED
CVE-2017-3904
- RESERVED
+ REJECTED
CVE-2017-3903
- RESERVED
+ REJECTED
CVE-2017-3902 (Cross-site scripting (XSS) vulnerability in the Web user interface (UI ...)
NOT-FOR-US: Intel Security ePO
CVE-2017-3901
- RESERVED
+ REJECTED
CVE-2017-3900
- RESERVED
+ REJECTED
CVE-2017-3899 (SQL injection vulnerability in Intel Security Advanced Threat Defense ...)
NOT-FOR-US: Intel antivirus
CVE-2017-3898 (A man-in-the-middle attack vulnerability in the non-certificate-based ...)
@@ -44276,7 +44432,7 @@ CVE-2017-3305 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
NOTE: issue as well in 5.5 (in 5.5.49) and 5.6 (5.6.30) series resulting in
NOTE: opening CVE-2017-3305.
NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1217506#c22
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/17/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/17/4
CVE-2017-3304 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...)
- mysql-cluster <itp> (bug #833356)
CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle E-Business ...)
@@ -44292,7 +44448,7 @@ CVE-2017-3302 (Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.
NOTE: Fixed in Oracle MySQL 5.6.21, 5.7.5
NOTE: https://bugs.mysql.com/bug.php?id=70429
NOTE: https://bugs.mysql.com/bug.php?id=63363
- NOTE: http://www.openwall.com/lists/oss-security/2017/01/28/1
+ NOTE: https://www.openwall.com/lists/oss-security/2017/01/28/1
CVE-2017-3301 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
NOT-FOR-US: Solaris
CVE-2017-3300 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
@@ -44542,12 +44698,14 @@ CVE-2017-3225 (Das U-Boot is a device bootloader that can read its configuration
NOTE: https://www.kb.cert.org/vuls/id/166743
NOTE: Negligible security impact
CVE-2017-3224 (Open Shortest Path First (OSPF) protocol implementations may improperl ...)
- - quagga <unfixed> (low; bug #871617)
+ - quagga <removed> (low; bug #871617)
[buster] - quagga <no-dsa> (Minor issue)
[stretch] - quagga <no-dsa> (Minor issue)
[jessie] - quagga <no-dsa> (Minor issue)
[wheezy] - quagga <no-dsa> (Minor issue)
+ - frr <not-affected> (Fixed before initial upload to Debian)
NOTE: http://www.kb.cert.org/vuls/id/793496
+ NOTE: https://github.com/FRRouting/frr/commit/7791d3deab8f4bbee2ccdd98ea596617536bc681
CVE-2017-3223 (Dahua IP camera products using firmware versions prior to V2.400.0000. ...)
NOT-FOR-US: Dahua IP camera products
CVE-2017-3222 (Hard-coded credentials in AmosConnect 8 allow remote attackers to gain ...)
@@ -44731,8 +44889,8 @@ CVE-2017-3144 (A vulnerability stemming from failure to properly clean up closed
[wheezy] - isc-dhcp <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1522918
NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=46767
- NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
- NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
+ NOTE: https://gitlab.isc.org/isc-projects/dhcp/-/commit/1a6b62fe17a42b00fa234d06b6dfde3d03451894
+ NOTE: Fixes for 4.3.6p1: https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2017-3143 (An attacker who is able to send and receive messages to an authoritati ...)
{DSA-3904-1 DLA-1025-1}
- bind9 1:9.10.3.dfsg.P4-12.4 (bug #866564)
@@ -44752,7 +44910,7 @@ CVE-2017-3140 (If named is configured to use Response Policy Zones (RPZ) an erro
NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=2648c49be78568ba9f4123d22122f2a649e2e1b7
NOTE: Introduced by: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7
NOTE: CVE-2017-3140 is introduced by the upstream change #4377
- NOTE: http://www.openwall.com/lists/oss-security/2017/06/14/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/06/14/4
CVE-2017-3139 (A denial of service flaw was found in the way BIND handled DNSSEC vali ...)
- bind9 <not-affected> (RHEL6 specific)
CVE-2017-3138 (named contains a feature which allows operators to issue commands to a ...)
@@ -44769,7 +44927,7 @@ CVE-2017-3137 (Mistaken assumptions about the ordering of records in the answer
{DSA-3854-1 DLA-957-1}
- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860225)
NOTE: https://kb.isc.org/article/AA-01466
- NOTE: Additional information for backporting patch: http://www.openwall.com/lists/oss-security/2017/04/17/5
+ NOTE: Additional information for backporting patch: https://www.openwall.com/lists/oss-security/2017/04/17/5
NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=69fd759b4aa02047e42e5cf4227f8257c4547988
NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=6841d7b854c15df9ec56cab38da201b315bbcabb (reimplentation)
NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=7ab9e8e00775782d474522a5b2bffba8daefefa5 (regression fix)
@@ -45251,8 +45409,10 @@ CVE-2017-2912 (An exploitable vulnerability exists in the remote control functio
NOT-FOR-US: Circle with Disney
CVE-2017-2911 (An exploitable vulnerability exists in the remote control functionalit ...)
NOT-FOR-US: Circle with Disney
-CVE-2017-2910
- RESERVED
+CVE-2017-2910 (An exploitable Out-of-bounds Write vulnerability exists in the xls_add ...)
+ - r-cran-readxl <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0417
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927234
CVE-2017-2909 (An infinite loop programming error exists in the DNS server functional ...)
- smplayer 18.5.0~ds1-1 (bug #898943)
[stretch] - smplayer <not-affected> (Vulnerable code not present)
@@ -45365,8 +45525,8 @@ CVE-2017-2890 (An exploitable vulnerability exists in the /api/CONFIG/restore fu
CVE-2017-2889 (An exploitable Denial of Service vulnerability exists in the API daemo ...)
NOT-FOR-US: Circle with Disney
CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a n ...)
+ {DLA-2803-1 DLA-1714-2}
- libsdl2 2.0.6+dfsg1-4 (bug #878264)
- [stretch] - libsdl2 <no-dsa> (Minor issue)
[jessie] - libsdl2 <no-dsa> (Minor issue)
- libsdl1.2 <not-affected> (Issue not present, SDL_CreateRGBSurface contains further check for too large width or height)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395
@@ -45416,6 +45576,7 @@ CVE-2017-2871 (Insufficient security checks exist in the recovery procedure used
CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the tiff_image ...)
{DLA-2043-1}
- gdk-pixbuf 2.36.10-1 (unimportant; bug #873787)
+ [stretch] - gdk-pixbuf <ignored> (Built with GCC in Debian)
NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269
@@ -45537,15 +45698,14 @@ CVE-2017-2828 (An exploitable command injection vulnerability exists in the web
CVE-2017-2827 (An exploitable command injection vulnerability exists in the web manag ...)
NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2826 (An information disclosure vulnerability exists in the iConfig proxy re ...)
- {DLA-1708-1}
- - zabbix <unfixed> (low)
- [buster] - zabbix <ignored> (Minor issue, workaround exists)
+ - zabbix 1:4.0.0+dfsg-1 (low)
[stretch] - zabbix <ignored> (Minor issue, workaround exists)
+ [jessie] - zabbix <ignored> (Minor issue, workaround exists)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327
NOTE: Relates to the information disclosure as mentioned in (but is not the same issue)
NOTE: https://support.zabbix.com/browse/ZBX-12076
NOTE: Workaround for Zabbix 3.0 exists: https://www.zabbix.com/documentation/3.0/manual/distributed_monitoring/proxies#configuration
- NOTE: using encyrpted connections with the proxy.
+ NOTE: using encrypted connections with the proxy.
CVE-2017-2825 (In the trapper functionality of Zabbix Server 2.4.x, specifically craf ...)
{DSA-3937-1}
- zabbix 1:3.0.7+dfsg-3 (bug #863584)
@@ -45884,9 +46044,9 @@ CVE-2017-2683 (A non-privileged user of the Siemens web application RUGGEDCOM NM
NOT-FOR-US: Siemens
CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS &lt; V1.2 on port 8080/TCP a ...)
NOT-FOR-US: Siemens
-CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std (All versi ...)
+CVE-2017-2681 (Specially crafted PROFINET DCP packets sent on a local Ethernet segmen ...)
NOT-FOR-US: Siemens
-CVE-2017-2680 (SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP ...)
+CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a denial ...)
NOT-FOR-US: Siemens
CVE-2017-2679
REJECTED
@@ -45911,7 +46071,7 @@ CVE-2017-2671 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel t
{DLA-922-1}
- linux 4.9.25-1
[jessie] - linux 3.16.43-1
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/24/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/24/6
NOTE: Fixed by: https://git.kernel.org/linus/43a6684519ab0a6c52024b5e25322476cabad893
CVE-2017-2670 (It was found in Undertow before 1.3.28 that with non-clean TCP close, ...)
{DSA-3906-1}
@@ -45948,12 +46108,12 @@ CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-s
- pcs 0.9.155+dfsg-2 (bug #858379)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1428948
NOTE: https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/23/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/23/2
CVE-2017-2660
REJECTED
CVE-2017-2659 (It was found that dropbear before version 2013.59 with GSSAPI leaks wh ...)
- dropbear 2013.60-1
- NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86
+ NOTE: https://hg.ucc.asn.au/dropbear/rev/d7784616409a#l1.86
CVE-2017-2658 (It was discovered that the Dashbuilder login page as used in Red Hat J ...)
NOT-FOR-US: JBoss BPMS
CVE-2017-2657
@@ -46016,7 +46176,7 @@ CVE-2017-2637 (A design flaw issue was found in the Red Hat OpenStack Platform d
CVE-2017-2636 (Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.1 ...)
{DSA-3804-1 DLA-849-1}
- linux 4.9.16-1
- NOTE: http://www.openwall.com/lists/oss-security/2017/03/07/6
+ NOTE: https://www.openwall.com/lists/oss-security/2017/03/07/6
NOTE: Fixed by: https://git.kernel.org/linus/82f2341c94d270421f383641b7cd670e474db56b (v4.11-rc2)
NOTE: https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
CVE-2017-2635 (A NULL pointer deference flaw was found in the way libvirt from 2.5.0 ...)
@@ -46224,20 +46384,20 @@ CVE-2017-2582 (It was found that while parsing the SAML messages the StaxParserU
CVE-2017-2581 (An out-of-bounds write vulnerability was found in netpbm before 10.61. ...)
- netpbm-free <undetermined> (bug #854978)
NOTE: Debian uses an old fork of netpbm
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7
NOTE: PoC+report attached to #854978
NOTE: Similar code path seems protected by earlier stricter size checks ("object too large")
CVE-2017-2580 (An out-of-bounds write vulnerability was found in netpbm before 10.61. ...)
- netpbm-free <undetermined> (bug #854978)
[jessie] - netpbm-free <not-affected> (pnm/giftopnm.c and bpm/libpm.c rewritten, PoC triggers clean check "Zero byte allocation" missing in later versions)
NOTE: Debian uses an old fork of netpbm
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7
NOTE: PoC+report attached to #854978
CVE-2017-2579 (An out-of-bounds read vulnerability was found in netpbm before 10.61. ...)
- netpbm-free <undetermined> (bug #854978)
[jessie] - netpbm-free <not-affected> (pnm/giftopnm.c rewritten, PoC triggers clean application error handling)
NOTE: Debian uses an old fork of netpbm
- NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
+ NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1024288 (reproducer)
CVE-2017-2577
REJECTED
@@ -46456,8 +46616,8 @@ CVE-2017-2490 (An issue was discovered in certain Apple products. iOS before 10.
NOT-FOR-US: Apple involving Kernel component
CVE-2017-2489 (An issue was discovered in certain Apple products. macOS before 10.12. ...)
NOT-FOR-US: Apple involving Intel Graphics Driver
-CVE-2017-2488
- RESERVED
+CVE-2017-2488 (A cryptographic weakness existed in the authentication protocol of Rem ...)
+ NOT-FOR-US: Apple
CVE-2017-2487 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
NOT-FOR-US: Apple involving FontParser component
CVE-2017-2486 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
@@ -46714,8 +46874,8 @@ CVE-2017-2377 (An issue was discovered in certain Apple products. iOS before 10.
CVE-2017-2376 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
- webkit2gtk 2.16.3-2 (unimportant)
NOTE: Not covered by security support
-CVE-2017-2375
- RESERVED
+CVE-2017-2375 (An issue existed in preventing the uploading of CallKit call history t ...)
+ NOT-FOR-US: Apple
CVE-2017-2374 (An issue was discovered in certain Apple products. GarageBand before 1 ...)
NOT-FOR-US: Apple
CVE-2017-2373 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...)
@@ -48065,8 +48225,8 @@ CVE-2017-1714 (IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated
NOT-FOR-US: IBM Notes and Domino NSD
CVE-2017-1713 (IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic a ...)
NOT-FOR-US: IBM
-CVE-2017-1712
- RESERVED
+CVE-2017-1712 ("A vulnerability in the TLS protocol implementation of the Domino serv ...)
+ NOT-FOR-US: IBM
CVE-2017-1711 (IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicio ...)
NOT-FOR-US: IBM iNotes
CVE-2017-1710 (A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (20 ...)
@@ -48171,8 +48331,8 @@ CVE-2017-1661
RESERVED
CVE-2017-1660
RESERVED
-CVE-2017-1659
- RESERVED
+CVE-2017-1659 ("HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerabili ...)
+ NOT-FOR-US: HCL iNotes
CVE-2017-1658
RESERVED
CVE-2017-1657
@@ -49343,27 +49503,27 @@ CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc
NOTE: kfreebsd not covered by security support
CVE-2017-1080
- RESERVED
+ REJECTED
CVE-2017-1079
- RESERVED
+ REJECTED
CVE-2017-1078
- RESERVED
+ REJECTED
CVE-2017-1077
- RESERVED
+ REJECTED
CVE-2017-1076
- RESERVED
+ REJECTED
CVE-2017-1075
- RESERVED
+ REJECTED
CVE-2017-1074
- RESERVED
+ REJECTED
CVE-2017-1073
- RESERVED
+ REJECTED
CVE-2017-1072
- RESERVED
+ REJECTED
CVE-2017-1071
- RESERVED
+ REJECTED
CVE-2017-1070
- RESERVED
+ REJECTED
CVE-2017-1069
RESERVED
CVE-2017-1068
@@ -49733,9 +49893,9 @@ CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a po
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
[wheezy] - rubygems <not-affected> (Vulnerable code introduced later)
- NOTE: http://www.openwall.com/lists/oss-security/2017/10/10/2
+ NOTE: https://www.openwall.com/lists/oss-security/2017/10/10/2
NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html
NOTE: Fixed by: https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49
CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking v ...)
@@ -49744,7 +49904,7 @@ CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijack
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
[wheezy] - rubygems <not-affected> (Vulnerable code introduced later)
NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
@@ -49755,7 +49915,7 @@ CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specificati
- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
@@ -49765,7 +49925,7 @@ CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously
- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
@@ -49775,7 +49935,7 @@ CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously
- ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802)
- ruby2.1 <removed> (unimportant)
- ruby1.9.1 <removed> (unimportant)
- - rubygems <removed> (unimportant)
+ - rubygems 3.2.0~rc.1-1 (unimportant)
NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
@@ -50353,8 +50513,9 @@ CVE-2017-0632 (An information disclosure vulnerability in the Qualcomm sound cod
CVE-2017-0631 (An information disclosure vulnerability in the Qualcomm camera driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0630 (An information disclosure vulnerability in the kernel trace subsystem ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
NOTE: https://lore.kernel.org/lkml/20180725202238.165314-1-salyzyn@android.com/
+ NOTE: Negligible security impact
CVE-2017-0629 (An information disclosure vulnerability in the Qualcomm camera driver ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0628 (An information disclosure vulnerability in the Qualcomm camera driver ...)
@@ -50883,7 +51044,7 @@ CVE-2017-0381 (An information disclosure vulnerability in silk/NLSF_stabilize.c
- opus 1.2~alpha2-1 (bug #851612)
[jessie] - opus <ignored> (Minor issue, https://bugs.debian.org/851612#10)
NOTE: Fixed by: https://github.com/xiph/opus/commit/79e8f527b0344b0897a65be35e77f7885bd99409 (v1.2-alpha)
- NOTE: https://git.xiph.org/?p=opus.git;a=commitdiff;h=70a3d641b
+ NOTE: https://github.com/xiph/opus/commit/70a3d641b760b3d313b6025f82aed93a460720e5
CVE-2017-0380 (The rend_service_intro_established function in or/rendservice.c in Tor ...)
{DSA-3993-1}
- tor 0.3.1.7-1 (bug #876221)
@@ -50936,10 +51097,10 @@ CVE-2017-0372 (Parameters injection in the SyntaxHighlight extension of Mediawik
NOTE: https://phabricator.wikimedia.org/T158689
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html
-CVE-2017-0371
- RESERVED
+CVE-2017-0371 (MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.2 ...)
- mediawiki 1:1.27.2-1
[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
+ NOTE: https://phabricator.wikimedia.org/T140591
NOTE: https://phabricator.wikimedia.org/T68404
CVE-2017-0370 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam b ...)
- mediawiki 1:1.27.2-1
@@ -51000,7 +51161,7 @@ CVE-2017-0359 (diffoscope before 77 writes to arbitrary locations on disk based
CVE-2017-0358 (Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write ...)
{DSA-3780-1 DLA-815-1}
- ntfs-3g 1:2016.2.22AR.1-4
- NOTE: PoC http://www.openwall.com/lists/oss-security/2017/02/04/1
+ NOTE: PoC https://www.openwall.com/lists/oss-security/2017/02/04/1
CVE-2017-0357 (A heap-overflow flaw exists in the -tr loader of iucode-tool starting ...)
- iucode-tool 2.1.1-1
[jessie] - iucode-tool <not-affected> (Vulnerable code not present)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 166dcb6453..8d31324b2a 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,17 +1,206 @@
+CVE-2018-25030
+ RESERVED
+CVE-2018-25029 (The Z-Wave specification requires that S2 security can be downgraded t ...)
+ NOT-FOR-US: Z-Wave specification
+CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...)
+ NOT-FOR-US: Rust crate libpulse-binding
+CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...)
+ NOT-FOR-US: Rust crate libpulse-binding
+CVE-2018-25026 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
+ NOT-FOR-US: Rust crate actix-web
+CVE-2018-25025 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
+ NOT-FOR-US: Rust crate actix-web
+CVE-2018-25024 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...)
+ NOT-FOR-US: Rust crate actix-web
+CVE-2018-25023 (An issue was discovered in the smallvec crate before 0.6.13 for Rust. ...)
+ - rust-smallvec 1.1.0-1
+ [buster] - rust-smallvec <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0018.html
+ NOTE: https://github.com/servo/rust-smallvec/issues/126
+CVE-2018-25022 (The Onion module in toxcore before 0.2.2 doesn't restrict which packet ...)
+ - libtoxcore 0.2.2-1
+ NOTE: https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release
+ NOTE: https://github.com/TokTok/c-toxcore/issues/873
+ NOTE: https://github.com/TokTok/c-toxcore/pull/872
+CVE-2018-25021 (The TCP Server module in toxcore before 0.2.8 doesn't free the TCP pri ...)
+ - libtoxcore 0.2.8-1
+ NOTE: https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/
+ NOTE: https://github.com/TokTok/c-toxcore/issues/1214
+ NOTE: https://github.com/TokTok/c-toxcore/pull/1216
+CVE-2018-25020 (The BPF subsystem in the Linux kernel before 4.17 mishandles situation ...)
+ - linux 4.17.3-1
+ NOTE: https://git.kernel.org/linus/050fad7c4534c13c8eb1d9c2ba66012e014773cb (4.17-rc7)
+CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...)
+ - unrar-nonfree 1:5.6.6-1 (bug #990541)
+ [stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml
+CVE-2018-25017 (RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in Tab ...)
+ - darktable 2.6.0-1
+ [stretch] - darktable <not-affected> (Vulnerable code added later)
+ - photoflow <not-affected> (Fixed before initial upload to the archive)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5256
+ NOTE: https://github.com/darktable-org/rawspeed/commit/dbe7591e54bad5e6430d38be6bed051582da76b9
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/librawspeed/OSV-2018-227.yaml
+ NOTE: darktable 2.6.0 is the first release to bundle rawspeed 3.2 with the fixes
+CVE-2018-25016 (Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) ...)
+ NOT-FOR-US: Greenbone Security Assistant
+CVE-2018-25015 (An issue was discovered in the Linux kernel before 4.14.16. There is a ...)
+ - linux 4.14.17-1
+ [stretch] - linux 4.9.80-1
+ NOTE: https://git.kernel.org/linus/a0ff660058b88d12625a783ce9e5c1371c87951f
+CVE-2018-25014 (A flaw was found in libwebp in versions before 1.0.1. An unitialized v ...)
+ {DSA-4930-1 DLA-2677-1}
+ - libwebp 0.6.1-2.1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
+CVE-2018-25013 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+ {DSA-4930-1 DLA-2677-1}
+ - libwebp 0.6.1-2.1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6
+CVE-2018-25012 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+ {DSA-4930-1 DLA-2677-1}
+ - libwebp 0.6.1-2.1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
+CVE-2018-25011 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...)
+ {DSA-4930-1 DLA-2677-1}
+ - libwebp 0.6.1-2.1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119
+CVE-2018-25010 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+ {DSA-4930-1 DLA-2677-1}
+ - libwebp 0.6.1-2.1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63%5E%21/#F0
+CVE-2018-25009 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+ {DSA-4930-1 DLA-2677-1}
+ - libwebp 0.6.1-2.1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/
+CVE-2018-25008 (In the standard library in Rust before 1.29.0, there is weak synchroni ...)
+ - rustc 1.29.0+dfsg1-1
+ NOTE: https://github.com/rust-lang/rust/issues/51780
+ NOTE: https://github.com/rust-lang/rust/pull/52031
+CVE-2018-25007 (Missing check in UIDL request handler in com.vaadin:flow-server versio ...)
+ NOT-FOR-US: Vaadin
+CVE-2018-25006
+ RESERVED
+CVE-2018-25005
+ RESERVED
+CVE-2018-25004 (A user authorized to performing a specific type of query may trigger a ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-38275
+CVE-2018-25003
+ RESERVED
+CVE-2018-25002 (uploader.php in the KCFinder integration project through 2018-06-01 fo ...)
+ NOT-FOR-US: KCFinder integration project for Drupal
+CVE-2018-25001 (An issue was discovered in the libpulse-binding crate before 2.5.0 for ...)
+ NOT-FOR-US: libpulse-binding rust crate
+CVE-2018-21270 (Versions less than 0.0.6 of the Node.js stringstream module are vulner ...)
+ - node-stringstream 0.0.6-1
+ NOTE: https://github.com/mhart/StringStream/issues/7
+ NOTE: https://hackerone.com/reports/321670
+CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to take own ...)
+ - openrc <unfixed> (bug #973245)
+ [bullseye] - openrc <no-dsa> (Minor issue)
+ [buster] - openrc <no-dsa> (Minor issue)
+ [stretch] - openrc <no-dsa> (Minor issue)
+ NOTE: https://github.com/OpenRC/openrc/issues/201
+ NOTE: http://michael.orlitzky.com/cves/cve-2018-21269.xhtml
+ NOTE: https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335
+CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...)
+ NOT-FOR-US: Node traceroute
+CVE-2018-21267
+ REJECTED
+CVE-2018-21266
+ REJECTED
+CVE-2018-21265 (An issue was discovered in Mattermost Desktop App before 4.0.0. It mis ...)
+ - mattermost-desktop <itp> (bug #831861)
+CVE-2018-21264 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21263 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21262 (An issue was discovered in Mattermost Server before 4.7.3. It allows a ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21261 (An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21260 (An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21259 (An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21258 (An issue was discovered in Mattermost Server before 5.1. It allows att ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21257 (An issue was discovered in Mattermost Server before 5.1. It allows att ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21256 (An issue was discovered in Mattermost Server before 5.1. It allows att ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21255 (An issue was discovered in Mattermost Server before 5.1. Non-members o ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21254 (An issue was discovered in Mattermost Server before 5.1. An attacker c ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21253 (An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21252 (An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21251 (An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Aut ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21250 (An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21249 (An issue was discovered in Mattermost Server before 5.3.0. It mishandl ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21248 (An issue was discovered in Mattermost Server before 5.4.0. It mishandl ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is an inf ...)
+ {DSA-4383-1 DLA-1617-1}
+ - libvncserver 0.9.11+dfsg-1.2
+ NOTE: https://github.com/LibVNC/libvncserver/issues/253
+ NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
+CVE-2018-21246 (Caddy before 0.10.13 mishandles TLS client authentication, as demonstr ...)
+ - caddy <itp> (bug #810890)
+CVE-2018-21245 (Pound before 2.8 allows HTTP request smuggling, a related issue to CVE ...)
+ - pound 2.8-2
+ [stretch] - pound 2.7-1.3+deb9u1
+ [jessie] - pound 2.6-6+deb8u2
+ NOTE: https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html
+ NOTE: The exact scope of CVE-2018-21245 (a related issue to CVE-2016-10711) was
+ NOTE: as well fixed with the same changes as done upstream for 2.8. The backport
+ NOTE: for 2.7 was a backport of all security relevant changes between 2.7 and 2.8.
+ NOTE: The same corrections were made in 2.6 version for jessie so fixed in that too.
+CVE-2018-21244 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows ar ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2018-21243 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2018-21242 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Re ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2018-21241 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an un ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2018-21240 (An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2018-21239 (An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2018-21238 (An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows me ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2018-21237 (An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NT ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2018-21236 (An issue was discovered in Foxit Reader before 2.4.4. It has a NULL po ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2018-21235 (An issue was discovered in Foxit E-mail advertising system before Sept ...)
+ NOT-FOR-US: Foxit E-mail advertising system
CVE-2018-21234 (Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when ...)
- jodd <unfixed> (bug #961298)
- [buster] - jodd <no-dsa> (Minor issue)
+ [buster] - jodd <ignored> (Minor issue; upstream fix needs changes in rdeps and none present in Buster)
NOTE: https://github.com/oblac/jodd/commit/9bffc3913aeb8472c11bb543243004b4b4376f16
NOTE: https://github.com/oblac/jodd/issues/628
CVE-2018-21233 (TensorFlow before 1.7.0 has an integer overflow that causes an out-of- ...)
- tensorflow <itp> (bug #804612)
CVE-2018-21232 (re2c before 2.0 has uncontrolled recursion that causes stack consumpti ...)
- - re2c <unfixed>
- [buster] - re2c <no-dsa> (Minor issue)
- [stretch] - re2c <no-dsa> (Minor issue)
- [jessie] - re2c <no-dsa> (Minor issue)
+ - re2c <unfixed> (unimportant)
NOTE: https://github.com/skvadrik/re2c/issues/219
NOTE: https://www.openwall.com/lists/oss-security/2020/04/27/2
+ NOTE: Crash im CLI tool, no security impact
CVE-2018-21231 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
NOT-FOR-US: Netgear
CVE-2018-21230 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
@@ -402,15 +591,16 @@ CVE-2018-21038 (An issue was discovered on Samsung mobile devices with N(7.x) so
NOT-FOR-US: Samsung mobile devices
CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...)
NOT-FOR-US: Subrion CMS
-CVE-2018-21036
- RESERVED
+CVE-2018-21036 (Sails.js before v1.0.0-46 allows attackers to cause a denial of servic ...)
+ NOT-FOR-US: Sails.js
CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB f ...)
- - qtwebsockets-opensource-src <unfixed> (low; bug #953049)
- [buster] - qtwebsockets-opensource-src <ignored> (Minor issue)
+ - qtwebsockets-opensource-src 5.15.1-2 (low; bug #953049)
+ [buster] - qtwebsockets-opensource-src <ignored> (Minor issue, fix adds new API only)
[stretch] - qtwebsockets-opensource-src <ignored> (Minor issue)
[jessie] - qtwebsockets-opensource-src <no-dsa> (Minor issue)
NOTE: https://bugreports.qt.io/browse/QTBUG-70693
NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735
+ NOTE: https://github.com/qt/qtwebsockets/commit/ed93680f34e92ad0383aa4e610bb65689118ca93
CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...)
NOT-FOR-US: Argo
CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Au ...)
@@ -420,9 +610,10 @@ CVE-2018-21032 (A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and H
CVE-2018-21031 (Tautulli versions 2.1.38 and below allows remote attackers to bypass i ...)
NOT-FOR-US: Plex Media Server
CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...)
+ {DLA-2432-1}
- jupyter-notebook 5.7.4-1
NOTE: https://github.com/jupyter/notebook/pull/3341
-CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate signed ...)
+CVE-2018-21029 (** DISPUTED ** systemd 239 through 245 accepts any certificate signed ...)
- systemd 244-1 (low)
[buster] - systemd <not-affected> (Only affected v243)
[stretch] - systemd <not-affected> (Only affected v243)
@@ -451,23 +642,26 @@ CVE-2018-21019 (Home Assistant before 0.67.0 was vulnerable to an information di
CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established ...)
NOT-FOR-US: Mastodon
CVE-2018-21017 (GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c. ...)
- [experimental] - gpac <unfixed> (bug #940855)
+ [experimental] - gpac 1.0.1+dfsg1-1 (bug #940855)
- gpac <not-affected> (Vulnerable code introduced in 0.6.0)
NOTE: https://github.com/gpac/gpac/issues/1183
NOTE: Introduced in https://github.com/gpac/gpac/commit/6cfd65819add78426d9635e3f8358f8bc149b645 (v0.6.0)
- NOTE: Fixed by: https://github.com/gpac/gpac/commit/d2371b4b204f0a3c0af51ad4e9b491144dd1225c (v0.8.)
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/d2371b4b204f0a3c0af51ad4e9b491144dd1225c (v0.8.0)
CVE-2018-21016 (audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 ...)
{DLA-2072-1}
- - gpac <unfixed> (bug #940882)
+ - gpac 1.0.1+dfsg1-2 (bug #940882)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1180
NOTE: https://github.com/gpac/gpac/commit/ea13945f3c2dc2c21e30e2731bf2782384307a13
CVE-2018-21015 (AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remot ...)
{DLA-2072-1}
- - gpac <unfixed> (bug #940882)
+ - gpac 1.0.1+dfsg1-2 (bug #940882)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1179
NOTE: https://github.com/gpac/gpac/commit/0545bb0a01bfac6764c43bd5074e9c2d1eae495f
CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...)
@@ -485,7 +679,7 @@ CVE-2018-21010 (OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_
[stretch] - openjpeg2 2.1.2-1.1+deb9u4
NOTE: https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea
CVE-2018-21009 (Poppler before 0.66.0 has an integer overflow in Parser::makeStream in ...)
- {DLA-1939-1}
+ {DLA-2287-1 DLA-1939-1}
- poppler 0.69.0-2
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
CVE-2018-21008 (An issue was discovered in the Linux kernel before 4.16.7. A use-after ...)
@@ -782,7 +976,7 @@ CVE-2018-20873 (cPanel before 74.0.8 allows local users to disable the ClamAV da
CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or ...)
NOT-FOR-US: DrayTek routers
CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...)
- - gridengine <undetermined>
+ - gridengine <not-affected> (Vulnerable code specific to Univa Grid Engine fork)
CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables debug log ...)
NOT-FOR-US: cPanel
CVE-2018-20869 (cPanel before 76.0.8 allows arbitrary code execution in the context of ...)
@@ -830,13 +1024,12 @@ CVE-2018-20854 (An issue was discovered in the Linux kernel before 4.20. drivers
CVE-2018-20853 (An issue was discovered in the MailPoet Newsletters (aka wysija-newsle ...)
NOT-FOR-US: MailPoet Newsletters (aka wysija- newsletters) plugin for WordPress
CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...)
- {DLA-1906-1 DLA-1889-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1906-1 DLA-1889-1}
- python3.7 3.7.3~rc1-1
- python3.5 <removed>
- python3.4 <removed>
- python2.7 2.7.16-3
[buster] - python2.7 2.7.16-2+deb10u1
- [stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue35121
NOTE: https://python-security.readthedocs.io/vuln/cookie-domain-check.html
NOTE: https://github.com/python/cpython/commit/979daae300916adb399ab5b51410b6ebd0888f13 (2.7.x branch)
@@ -911,7 +1104,8 @@ CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There i
- linux 5.2.6-1
NOTE: Fixed by: https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae
CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...)
- - node-tar-fs <itp> (bug #897023)
+ - node-tar-fs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2 (v1.16.2)
CVE-2018-20834 (A vulnerability was found in node-tar before version 4.4.2 (excluding ...)
- node-tar 4.4.4+ds1-2
[stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support, minor issue)
@@ -941,13 +1135,14 @@ CVE-2018-20824 (The WallboardServlet resource in Jira before version 7.13.1 allo
CVE-2018-20823 (The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a deni ...)
NOT-FOR-US: Xiaomi Mi 5s devices
CVE-2018-20822 (LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrol ...)
- - libsass <unfixed> (low)
+ - libsass 3.6.3-1 (low)
[buster] - libsass <no-dsa> (Minor issue)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2671
NOTE: Possibly introduced after https://github.com/sass/libsass/commit/25c9b4952f5838b615da996035453967d0420f57 (3.4.7)
+ NOTE: Fixed in 3.6.1, but 3.6.3 first to land in unstable
CVE-2018-20821 (The parsing component in LibSass through 3.5.5 allows attackers to cau ...)
- - libsass <unfixed> (low)
+ - libsass 3.6.3-1 (low)
[buster] - libsass <no-dsa> (Minor issue)
[stretch] - libsass <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/sass/libsass/issues/2658
@@ -995,19 +1190,35 @@ CVE-2018-20806 (Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS vi
[stretch] - phamm <no-dsa> (Minor issue)
[jessie] - phamm <no-dsa> (Minor issue)
NOTE: https://github.com/lota/phamm/issues/24
-CVE-2018-20805
- RESERVED
-CVE-2018-20804
- RESERVED
-CVE-2018-20803
- RESERVED
-CVE-2018-20802
- RESERVED
+CVE-2018-20805 (A user authorized to perform database queries may trigger denial of se ...)
+ - mongodb <removed>
+ [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jira.mongodb.org/browse/SERVER-38164
+ NOTE: https://github.com/mongodb/mongo/commit/66316884a4b1180a8cceb6381e3c51e56586fc3e (v3.6.10, SSPL)
+ NOTE: Introduced by: https://github.com/mongodb/mongo/commit/f77527a942347313e2848e050e89480bc3cadb95 (v3.5.4)
+CVE-2018-20804 (A user authorized to perform database queries may trigger denial of se ...)
+ - mongodb <removed>
+ [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jira.mongodb.org/browse/SERVER-35636
+ NOTE: https://github.com/mongodb/mongo/commit/736d214fe2b1ad7cd9b57c05571b53628124668e (v3.6.13, SSPL)
+ NOTE: Introduced by: https://github.com/mongodb/mongo/commit/a69ae445303fc4821c6745866b3902623a385c1c (v3.5.10)
+CVE-2018-20803 (A user authorized to perform database queries may trigger denial of se ...)
+ - mongodb <removed>
+ [stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
+ NOTE: https://jira.mongodb.org/browse/SERVER-38070
+ NOTE: https://github.com/mongodb/mongo/commit/a2d97db8fe449d15eb8e275bbf318491781472bf (v3.4.19, AGPL)
+ NOTE: Introduced by: https://github.com/mongodb/mongo/commit/a8176cf1da9fdbcc48334bfb3c71fedf37e77879 (v3.1.7)
+CVE-2018-20802 (A user authorized to perform database queries may trigger denial of se ...)
+ - mongodb <removed>
+ [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jira.mongodb.org/browse/SERVER-36993
+ NOTE: https://github.com/mongodb/mongo/commit/2b4634bb6512c5345de2ab8f698a687c6cec9973 (v3.6.9, AGPL)
+ NOTE: Introduced by: https://github.com/mongodb/mongo/commit/2f3b96e636329b68809bc63b681a862e3d3bccd5 (v3.6)
CVE-2018-20801 (In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of b ...)
NOT-FOR-US: Highcharts JS
CVE-2018-20800 (An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 an ...)
- otrs2 6.0.14-1
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (Vulnerable code not present)
NOTE: https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8d17d58029efbb0bba25c4208e09e2d320eeb0c3
@@ -1018,11 +1229,9 @@ CVE-2018-20799 (In pfSense 2.4.4_1, blocking of source IP addresses on the basis
CVE-2018-20798 (The expiretable configuration in pfSense 2.4.4_1 establishes block dur ...)
NOT-FOR-US: pfSense
CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. There is an attempted excessi ...)
- - libpodofo <unfixed> (low; bug #923415)
- [buster] - libpodofo <no-dsa> (Minor issue)
- [stretch] - libpodofo <no-dsa> (Minor issue)
- [jessie] - libpodofo <no-dsa> (Minor issue)
+ - libpodofo <unfixed> (unimportant; bug #923415)
NOTE: https://sourceforge.net/p/podofo/tickets/34/
+ NOTE: Negligible security impact
CVE-2018-20796 (In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limi ...)
- glibc <unfixed> (unimportant)
- eglibc <removed> (unimportant)
@@ -1183,7 +1392,7 @@ CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively conve
CVE-2018-20742 (An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. ...)
NOT-FOR-US: UC Berkeley RISE Opaque
CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web framework use ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-20741
RESERVED
CVE-2018-20740
@@ -1228,8 +1437,8 @@ CVE-2018-20725 (A cross-site scripting (XSS) vulnerability exists in graph_templ
NOTE: https://github.com/Cacti/cacti/issues/2214
CVE-2018-20724 (A cross-site scripting (XSS) vulnerability exists in pollers.php in Ca ...)
- cacti 1.2.1+ds1-1 (low)
- [stretch] - cacti <no-dsa> (Minor issue)
- [jessie] - cacti <ignored> (Minor issue)
+ [stretch] - cacti <not-affected> (Vulnerable code introduced in 1.0.0)
+ [jessie] - cacti <not-affected> (Vulnerable code introduced in 1.0.0)
NOTE: https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53
NOTE: https://github.com/Cacti/cacti/issues/2212
CVE-2018-20723 (A cross-site scripting (XSS) vulnerability exists in color_templates.p ...)
@@ -1241,9 +1450,8 @@ CVE-2018-20723 (A cross-site scripting (XSS) vulnerability exists in color_templ
CVE-2018-20722
RESERVED
CVE-2018-20721 (URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bound ...)
- {DLA-1682-1}
+ {DLA-2834-1 DLA-1682-1}
- uriparser 0.9.1-1 (low)
- [stretch] - uriparser <no-dsa> (Minor issue)
NOTE: https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4
CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1 ...)
NOT-FOR-US: ABB Relion 630 devices
@@ -1326,7 +1534,7 @@ CVE-2018-20688
CVE-2018-20687 (An XML external entity (XXE) vulnerability in CommandCenterWebServices ...)
NOT-FOR-US: Raritan CommandCenter Secure Gateway
CVE-2018-20686
- RESERVED
+ REJECTED
CVE-2018-20684 (In WinSCP before 5.14 beta, due to missing validation, the scp impleme ...)
NOT-FOR-US: WinSCP
CVE-2018-20685 (In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to b ...)
@@ -1377,15 +1585,15 @@ CVE-2018-1000412 (An improper authorization vulnerability exists in Jenkins Jira
CVE-2018-1000411 (A cross-site request forgery vulnerability exists in Jenkins JUnit Plu ...)
NOT-FOR-US: Jenkins plugin
CVE-2018-1000410 (An information exposure vulnerability exists in Jenkins 2.145 and earl ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000409 (A session fixation vulnerability exists in Jenkins 2.145 and earlier, ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000408 (A denial of service vulnerability exists in Jenkins 2.145 and earlier, ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000407 (A cross-site scripting vulnerability exists in Jenkins 2.145 and earli ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000406 (A path traversal vulnerability exists in Jenkins 2.145 and earlier, LT ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-20683 (commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsyn ...)
- gitolite3 3.6.11-1 (bug #918849)
[stretch] - gitolite3 <no-dsa> (Minor issue)
@@ -1450,6 +1658,7 @@ CVE-2018-20670
RESERVED
CVE-2018-20669 (An issue where a provided address with access_ok() is not checked was ...)
- linux 5.2.6-1 (unimportant)
+ [buster] - linux 4.19.131-1
NOTE: Fixed by: https://git.kernel.org/linus/594cc251fdd0d231d342d88b2fdff4bc42fb0690
CVE-2018-20668
RESERVED
@@ -1464,9 +1673,8 @@ CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has X
CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Pl ...)
NOT-FOR-US: Reporting Addon for CUBA Platform
CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to caus ...)
- {DLA-1706-1}
+ {DLA-2440-1 DLA-1706-1}
- poppler 0.71.0-4 (low; bug #918158)
- [stretch] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
CVE-2018-20661
@@ -1478,7 +1686,7 @@ CVE-2018-20659 (An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom cl
CVE-2018-20658 (The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote ...)
NOT-FOR-US: Core FTP
CVE-2018-20657 (The demangle_template function in cplus-dem.c in GNU libiberty, as dis ...)
- NOTE: Short-lived, small memleak, not considered a real bug by upstream
+ NOTE: Short-lived, small memleak, not considered a real bug by upstream
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539
CVE-2018-20656
RESERVED
@@ -1489,18 +1697,19 @@ CVE-2018-20654
CVE-2018-20653
RESERVED
CVE-2018-20652 (An attempted excessive memory allocation was discovered in the functio ...)
- NOT-FOR-US: tinyexr
+ - tinyexr <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/syoyo/tinyexr/issues/104
+ NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#cve-2018-20652-heap-buffer-overflow-in-function-tinyexrallocateimage-tinyexrh10302
CVE-2018-20651 (A NULL pointer dereference was discovered in elf_link_add_object_symbo ...)
- binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24041
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f
NOTE: binutils not covered by security support
CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allows atta ...)
- {DLA-1939-1}
+ {DLA-2440-1 DLA-1939-1}
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #917974)
+ - poppler 0.85.0-2 (low; bug #917974)
[buster] - poppler <ignored> (Minor issue)
- [stretch] - poppler <ignored> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/704
CVE-2018-20649
@@ -1623,7 +1832,7 @@ CVE-2018-20595 (A CSRF issue was discovered in web/authorization/oauth2/controll
CVE-2018-20594 (An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerab ...)
NOT-FOR-US: hsweb
CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in ...)
- - mxml <unfixed> (low; bug #924353)
+ - mxml 3.0-1 (low; bug #924353)
[buster] - mxml <ignored> (Minor issue)
[stretch] - mxml <ignored> (Minor issue)
[jessie] - mxml <no-dsa> (Minor issue, only affects the mxmldoc tool)
@@ -1632,9 +1841,9 @@ CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overfl
NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt
NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err (error output)
NOTE: https://github.com/michaelrsweet/mxml/issues/237
- NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely
+ NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely in 3.0, marking that version as fix
CVE-2018-20592 (In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd ...)
- - mxml <unfixed> (low; bug #924353)
+ - mxml 3.0-1 (low; bug #924353)
[buster] - mxml <ignored> (Minor issue)
[stretch] - mxml <ignored> (Minor issue)
[jessie] - mxml <no-dsa> (Minor issue, only affected the mxmldoc tool)
@@ -1643,7 +1852,7 @@ CVE-2018-20592 (In Mini-XML (aka mxml) v2.12, there is a use-after-free in the m
NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt
NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt.err (error output)
NOTE: https://github.com/michaelrsweet/mxml/issues/237
- NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely
+ NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely in 3.0, marking that version as fix
CVE-2018-20591 (A heap-based buffer over-read was discovered in decompileJUMP function ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/168
@@ -1656,6 +1865,7 @@ CVE-2018-20588 (lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.
CVE-2018-20587 (Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0. ...)
- bitcoin <unfixed>
NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587
+ NOTE: Documentation of issue: https://github.com/bitcoin/bitcoin/pull/15223
CVE-2018-20586 (bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary d ...)
- bitcoin 0.17.1~dfsg-1
CVE-2018-20585
@@ -1746,18 +1956,24 @@ CVE-2018-20553 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_
[jessie] - tcpreplay <no-dsa> (hard to exploit)
NOTE: https://github.com/appneta/tcpreplay/issues/530
NOTE: https://github.com/appneta/tcpreplay/pull/532/commits/6b830a1640ca20528032c89a4fdd8291a4d2d8b2
+ NOTE: initial set of fixes got additional hardening, see:
+ NOTE: https://github.com/appneta/tcpreplay/issues/530#issuecomment-480312372
+ NOTE: https://github.com/appneta/tcpreplay/pull/584
CVE-2018-20552 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tre ...)
- tcpreplay 4.3.1-1 (low; bug #917574)
[stretch] - tcpreplay <no-dsa> (Minor issue)
[jessie] - tcpreplay <no-dsa> (hard to exploit)
NOTE: https://github.com/appneta/tcpreplay/issues/530
NOTE: https://github.com/appneta/tcpreplay/pull/532/commits/6b830a1640ca20528032c89a4fdd8291a4d2d8b2
-CVE-2018-1000893
- RESERVED
-CVE-2018-1000892
- RESERVED
-CVE-2018-1000891
- RESERVED
+ NOTE: initial set of fixes got additional hardening, see:
+ NOTE: https://github.com/appneta/tcpreplay/issues/530#issuecomment-480312372
+ NOTE: https://github.com/appneta/tcpreplay/pull/584
+CVE-2018-1000893 (Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when ...)
+ NOT-FOR-US: Bitcoin SV
+CVE-2018-1000892 (Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when ...)
+ NOT-FOR-US: Bitcoin SV
+CVE-2018-1000891 (Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when ...)
+ NOT-FOR-US: Bitcoin SV
CVE-2018-20551 (A reachable Object::getString assertion in Poppler 0.72.0 allows attac ...)
- poppler 0.71.0-4 (low; bug #917525)
[stretch] - poppler <ignored> (Minor issue)
@@ -1859,7 +2075,7 @@ CVE-2018-20536 (There is a heap-based buffer over-read at liblas::SpatialReferen
NOTE: https://github.com/libLAS/libLAS/pull/183
NOTE: https://github.com/libLAS/libLAS/commit/ca88a11a8a0548d3aa78b643e6c701708b826fa9
CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...)
- - nasm <unfixed> (unimportant; bug #918270)
+ - nasm 2.15.04-1 (unimportant; bug #918270)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
NOTE: Crash in CLI tool, no security impact
CVE-2018-20534 (** DISPUTED ** There is an illegal address access at ext/testcase.c in ...)
@@ -1957,13 +2173,12 @@ CVE-2018-20507 (An issue was discovered in GitLab Enterprise Edition 11.2.x thro
- gitlab 11.5.6+dfsg-1 (bug #918086)
NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20506 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...)
+ {DLA-2340-1 DLA-1613-1}
- sqlite3 3.25.3-1
- [stretch] - sqlite3 <no-dsa> (Minor issue)
- [jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://sqlite.org/src/info/940f2adc8541a838
CVE-2018-20505 (SQLite 3.25.2, when queries are run on a table with a malformed PRIMAR ...)
- sqlite3 3.25.3-1
- [stretch] - sqlite3 <no-dsa> (Minor issue)
+ [stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
NOTE: https://sqlite.org/src/info/1a84668dcfdebaf12415d
CVE-2018-20504
@@ -2031,18 +2246,16 @@ CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a
NOTE: Don't use extended attributes by default: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8
NOTE: Introduced by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3 (v1.19)
CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...)
- {DLA-1623-1}
+ {DLA-2830-1 DLA-1623-1}
- tar 1.30+dfsg-3.1 (bug #917377)
- [stretch] - tar <no-dsa> (Minor issue)
NOTE: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
NOTE: https://news.ycombinator.com/item?id=18745431
NOTE: https://twitter.com/thatcks/status/1076166645708668928
NOTE: https://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html
NOTE: Fixed by https://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42c
CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRe ...)
- {DLA-1706-1}
+ {DLA-2287-1 DLA-1706-1}
- poppler 0.71.0-4 (low; bug #917325)
- [stretch] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/692
NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/39a251b1b3a3343400a08e2f03c5518a26624626
@@ -2073,8 +2286,8 @@ CVE-2018-20469 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0
CVE-2018-20468 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A we ...)
NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20467 (In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can resu ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.10.23+dfsg-1 (low; bug #917326)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1408
NOTE: https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb
@@ -2180,8 +2393,8 @@ CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in co
- c3p0 0.9.1.2-10 (bug #917257)
[stretch] - c3p0 0.9.1.2-9+deb9u1
NOTE: https://github.com/swaldman/c3p0/commit/7dfdda63f42759a5ec9b63d725b7412f74adb3e1
-CVE-2018-20432
- RESERVED
+CVE-2018-20432 (D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded ...)
+ NOT-FOR-US: D-Link
CVE-2018-20431 (GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerabil ...)
{DSA-4361-1 DLA-1616-1}
- libextractor 1:1.8-2 (bug #917213)
@@ -2214,7 +2427,7 @@ CVE-2018-20423 (Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote
CVE-2018-20422 (Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attac ...)
NOT-FOR-US: DiscuzX
CVE-2018-20421 (Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of se ...)
- NOT-FOR-US: Go Ethereum
+ - golang-github-go-ethereum <itp> (bug #890541)
CVE-2018-20420 (In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access C ...)
NOT-FOR-US: webERP
CVE-2018-20419 (DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add a ...)
@@ -2244,7 +2457,7 @@ CVE-2018-20408 (An issue was discovered in Bento4 1.5.1-627. There is a memory l
CVE-2018-20407 (An issue was discovered in Bento4 1.5.1-627. There is a memory leak in ...)
NOT-FOR-US: Bento4
CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a ...)
- {DLA-1663-1}
+ {DLA-2280-1 DLA-1663-1}
- python3.7 3.7.0-7 (unimportant)
- python3.6 3.6.7~rc1-1 (unimportant)
- python3.5 <removed> (unimportant)
@@ -2341,24 +2554,24 @@ CVE-2018-20367 (The "mall some commodity details: commodity consultation" compon
CVE-2018-20366
RESERVED
CVE-2018-20365 (LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow ...)
+ {DLA-2903-1}
- libraw 0.19.2-2 (bug #917111)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/195
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20364 (LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL point ...)
+ {DLA-2903-1}
- libraw 0.19.2-2 (bug #917112)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/194
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointe ...)
+ {DLA-2903-1}
- libraw 0.19.2-2 (bug #917113)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/193
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
@@ -2377,10 +2590,9 @@ CVE-2018-20361 (An invalid memory address dereference was discovered in the hf_a
NOTE: https://github.com/knik0/faad2/issues/30
NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20360 (An invalid memory address dereference was discovered in the sbr_proces ...)
- {DLA-1899-1}
+ {DLA-2792-1 DLA-1899-1}
- faad2 2.8.8-3.1 (low)
[buster] - faad2 <no-dsa> (Minor issue)
- [stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/32
NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
CVE-2018-20359 (An invalid memory address dereference was discovered in the sbrDecodeS ...)
@@ -2458,7 +2670,7 @@ CVE-2018-20338 (Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote function ...)
- libraw 0.19.2-1 (bug #917080)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://github.com/LibRaw/LibRaw/issues/192
CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack ...)
@@ -2513,22 +2725,22 @@ CVE-2018-1000883 (Elixir Plug Plug version All contains a Header Injection vulne
NOT-FOR-US: Elixir Plug, different from src:elixir-lang
CVE-2018-20317
RESERVED
-CVE-2018-20316
- RESERVED
-CVE-2018-20315
- RESERVED
-CVE-2018-20314
- RESERVED
-CVE-2018-20313
- RESERVED
-CVE-2018-20312
- RESERVED
-CVE-2018-20311
- RESERVED
-CVE-2018-20310
- RESERVED
-CVE-2018-20309
- RESERVED
+CVE-2018-20316 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2018-20315 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2018-20314 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2018-20313 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2018-20312 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2018-20311 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2018-20310 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2018-20309 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
+ NOT-FOR-US: Foxit Reader
CVE-2018-20308
RESERVED
CVE-2018-1000882 (WeBid version up to current version 1.2.2 contains a Directory Travers ...)
@@ -2690,7 +2902,7 @@ CVE-2018-1000826 (Microweber version &lt;= 1.0.7 contains a Cross Site Scripting
NOT-FOR-US: Microweber
CVE-2018-1000825 (FreeCol version &lt;= nightly-2018-08-22 contains a XML External Entit ...)
- freecol 0.11.6+dfsg2-3 (bug #917023; low)
- [buster] - freecol <no-dsa> (Minor issue)
+ [buster] - freecol 0.11.6+dfsg2-2+deb10u1
[stretch] - freecol <no-dsa> (Minor issue)
[jessie] - freecol <end-of-life> (Games are not supported)
NOTE: https://github.com/FreeCol/freecol/issues/26
@@ -2711,7 +2923,7 @@ CVE-2018-1000816 (Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross
- grafana <removed>
NOTE: https://github.com/grafana/grafana/issues/13667
CVE-2018-1000815 (Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains ...)
- NOT-FOR-US: Brave Software Inc. Brave
+ - brave-browser <itp> (bug #864795)
CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Un ...)
NOT-FOR-US: aio-libs aiohttp-session
CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scriptin ...)
@@ -2848,8 +3060,8 @@ CVE-2018-20245 (The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth)
- airflow <itp> (bug #819700)
CVE-2018-20244 (In Apache Airflow before 1.10.2, a malicious admin user could edit the ...)
- airflow <itp> (bug #819700)
-CVE-2018-20243
- RESERVED
+CVE-2018-20243 (The implementation of POST with the username and password in the URL p ...)
+ NOT-FOR-US: Apache Fineract
CVE-2018-20242 (A carefully crafted URL could trigger an XSS vulnerability on Apache J ...)
- jspwiki <removed>
CVE-2018-20241 (The Edit upload resource for a review in Atlassian Fisheye and Crucibl ...)
@@ -2908,9 +3120,8 @@ CVE-2018-20219 (An issue was discovered on Teracue ENC-400 devices with firmware
CVE-2018-20218 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56 ...)
NOT-FOR-US: Teracue ENC-400 devices
CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT Kerberos ...)
- {DLA-1643-1}
+ {DLA-2771-1 DLA-1643-1}
- krb5 1.16.2-1 (low; bug #917387)
- [stretch] - krb5 <no-dsa> (Minor issue)
NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
NOTE: https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
CVE-2018-20216 (QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c becaus ...)
@@ -2956,10 +3167,9 @@ CVE-2018-20200 (** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12
NOTE: https://github.com/square/okhttp/issues/4967
NOTE: No practicable security imapacting relevance
CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
- {DLA-1899-1}
+ {DLA-2792-1 DLA-1899-1}
- faad2 2.8.8-3.1 (low)
[buster] - faad2 <no-dsa> (Minor issue)
- [stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://github.com/knik0/faad2/issues/24
NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
@@ -3082,9 +3292,8 @@ CVE-2018-20174 (rdesktop versions up to and including v1.8.3 contain an Out-Of-B
CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection vi ...)
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-20346 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...)
- {DSA-4352-1 DLA-1613-1}
+ {DSA-4352-1 DLA-2340-1 DLA-1613-1}
- sqlite3 3.25.3-1
- [stretch] - sqlite3 <no-dsa> (Minor issue)
- chromium 71.0.3578.80-1
NOTE: https://blade.tencent.com/magellan/index_en.html
NOTE: RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1659379
@@ -3400,8 +3609,8 @@ CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/
CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through ...)
NOT-FOR-US: Frappe ERPNext
CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization HTTP hea ...)
+ {DLA-2686-1}
- python-urllib3 1.24-1
- [stretch] - python-urllib3 <no-dsa> (Minor issue)
[jessie] - python-urllib3 <ignored> (Minor issue)
NOTE: https://github.com/urllib3/urllib3/issues/1316
NOTE: https://github.com/urllib3/urllib3/pull/1346
@@ -3480,7 +3689,7 @@ CVE-2018-20031 (A Denial of Service vulnerability related to preemptive item del
CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EX ...)
{DLA-2222-1 DLA-2214-1}
- libexif 0.6.21-5.1 (bug #918730)
- [stretch] - libexif <no-dsa> (Minor issue)
+ [stretch] - libexif 0.6.21-2+deb9u2
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/
NOTE: https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89
CVE-2018-20029 (The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6 ...)
@@ -3499,8 +3708,8 @@ CVE-2018-20024 (LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 co
- italc <removed>
[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
- ssvnc 1.0.29-5 (bug #945827)
- [buster] - ssvnc <no-dsa> (Minor issue)
- [stretch] - ssvnc <no-dsa> (Minor issue)
+ [buster] - ssvnc 1.0.29-4+deb10u1
+ [stretch] - ssvnc 1.0.29-3+deb9u1
- veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/issues/254
NOTE: https://github.com/LibVNC/libvncserver/commit/4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7
@@ -3510,7 +3719,7 @@ CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains
- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
- italc <removed>
[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
- - veyon 4.1.4+repack1-1
+ - veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/issues/253
NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
@@ -3520,8 +3729,8 @@ CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains
- italc <removed>
[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
- ssvnc 1.0.29-5 (bug #945827)
- [buster] - ssvnc <no-dsa> (Minor issue)
- [stretch] - ssvnc <no-dsa> (Minor issue)
+ [buster] - ssvnc 1.0.29-4+deb10u1
+ [stretch] - ssvnc 1.0.29-3+deb9u1
- tightvnc 1:1.3.9-9.1
[buster] - tightvnc 1:1.3.9-9deb10u1
[stretch] - tightvnc 1:1.3.9-9+deb9u1
@@ -3535,8 +3744,8 @@ CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c co
- italc <removed>
[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
- ssvnc 1.0.29-5 (bug #945827)
- [buster] - ssvnc <no-dsa> (Minor issue)
- [stretch] - ssvnc <no-dsa> (Minor issue)
+ [buster] - ssvnc 1.0.29-4+deb10u1
+ [stretch] - ssvnc 1.0.29-3+deb9u1
- tightvnc 1:1.3.9-9.1
[buster] - tightvnc 1:1.3.9-9deb10u1
[stretch] - tightvnc 1:1.3.9-9+deb9u1
@@ -3550,8 +3759,8 @@ CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d co
- italc <removed>
[stretch] - italc <not-affected> (Incomplete fix for CVE-2018-20019 not applied)
- ssvnc 1.0.29-5 (bug #945827)
- [buster] - ssvnc <no-dsa> (Minor issue)
- [stretch] - ssvnc <no-dsa> (Minor issue)
+ [buster] - ssvnc 1.0.29-4+deb10u1
+ [stretch] - ssvnc 1.0.29-3+deb9u1
- veyon 4.1.4+repack1-1
NOTE: https://github.com/LibVNC/libvncserver/issues/250
NOTE: https://github.com/LibVNC/libvncserver/commit/09f2f3fb6a5a163e453e5c2979054670c39694bc
@@ -3604,17 +3813,17 @@ CVE-2018-20010 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-accoun
CVE-2018-20009 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Prov ...)
NOT-FOR-US: DomainMOD
CVE-2018-1000866 (A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000865 (A sandbox bypass vulnerability exists in Script Security Plugin 1.47 a ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000864 (A denial of service vulnerability exists in Jenkins 2.153 and earlier, ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000863 (A data modification vulnerability exists in Jenkins 2.153 and earlier, ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000862 (An information exposure vulnerability exists in Jenkins 2.153 and earl ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000861 (A code execution vulnerability exists in the Stapler web framework use ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-20008 (iBall Baton iB-WRB302N20122017 devices have improper access control ov ...)
NOT-FOR-US: iBall Baton iB-WRB302N20122017 devices
CVE-2018-20007 (Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access con ...)
@@ -3736,7 +3945,7 @@ CVE-2018-19971 (JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. ...)
CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navi ...)
{DLA-1658-1}
- phpmyadmin 4:4.9.1+dfsg1-2
- [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
NOTE: https://www.phpmyadmin.net/security/PMASA-2018-8/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a s ...)
@@ -3749,47 +3958,47 @@ CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected
CVE-2018-19968 (An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents o ...)
{DLA-1658-1}
- phpmyadmin 4:4.9.1+dfsg1-2
- [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
NOTE: https://www.phpmyadmin.net/security/PMASA-2018-6/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
CVE-2018-19959
RESERVED
CVE-2018-19958
RESERVED
-CVE-2018-19957
- RESERVED
-CVE-2018-19956
- RESERVED
-CVE-2018-19955
- RESERVED
-CVE-2018-19954
- RESERVED
-CVE-2018-19953
- RESERVED
-CVE-2018-19952
- RESERVED
-CVE-2018-19951
- RESERVED
-CVE-2018-19950
- RESERVED
-CVE-2018-19949
- RESERVED
-CVE-2018-19948
- RESERVED
-CVE-2018-19947
- RESERVED
-CVE-2018-19946
- RESERVED
-CVE-2018-19945
- RESERVED
-CVE-2018-19944
- RESERVED
-CVE-2018-19943
- RESERVED
-CVE-2018-19942
- RESERVED
-CVE-2018-19941
- RESERVED
+CVE-2018-19957 (A vulnerability involving insufficient HTTP security headers has been ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19956 (The cross-site scripting vulnerability has been reported to affect ear ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19955 (The cross-site scripting vulnerability has been reported to affect ear ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19954 (The cross-site scripting vulnerability has been reported to affect ear ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19953 (If exploited, this cross-site scripting vulnerability could allow remo ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19952 (If exploited, this SQL injection vulnerability could allow remote atta ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19951 (If exploited, this cross-site scripting vulnerability could allow remo ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19950 (If exploited, this command injection vulnerability could allow remote ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19949 (If exploited, this command injection vulnerability could allow remote ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19948 (The vulnerability have been reported to affect earlier versions of Hel ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19947 (The vulnerability have been reported to affect earlier versions of Hel ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19946 (The vulnerability have been reported to affect earlier versions of Hel ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19945 (A vulnerability has been reported to affect earlier QNAP devices runni ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19944 (A cleartext transmission of sensitive information vulnerability has be ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19943 (If exploited, this cross-site scripting vulnerability could allow remo ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19942 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2018-19941 (A vulnerability has been reported to affect QNAP NAS. If exploited, th ...)
+ NOT-FOR-US: QNAP
CVE-2018-19940
RESERVED
CVE-2018-19939 (The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi ...)
@@ -3943,15 +4152,21 @@ CVE-2018-19884
CVE-2018-19883
RESERVED
CVE-2018-19882 (In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c a ...)
- - mupdf <unfixed> (unimportant)
+ - mupdf 1.15.0+ds1-1 (unimportant)
+ [buster] - mupdf <not-affected> (Vulnerable code introduced later)
+ [stretch] - mupdf <not-affected> (Vulnerable code introduced later)
NOTE: Negligable security impact, crash in CLI tool
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700342
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=a7f7d91cdff8d303c11d458fa8b802776f73c8cc
CVE-2018-19881 (In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to caus ...)
- - mupdf <unfixed> (unimportant)
+ - mupdf 1.15.0+ds1-1 (unimportant)
+ [buster] - mupdf <not-affected> (Vulnerable code introduced later)
+ [stretch] - mupdf <not-affected> (Vulnerable code introduced later)
NOTE: Negligable security impact, crash in CLI tool
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700342
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=a7f7d91cdff8d303c11d458fa8b802776f73c8cc
CVE-2018-19880
RESERVED
CVE-2018-19879 (An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RU ...)
@@ -3984,53 +4199,47 @@ CVE-2018-19875
CVE-2018-19874
RESERVED
CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer ...)
- {DSA-4374-1 DLA-1786-1 DLA-1627-1}
+ {DSA-4374-1 DLA-2377-1 DLA-1786-1 DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2 (low)
- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
- [stretch] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/238749/
NOTE: https://github.com/qt/qtbase/commit/621ab8ab59901cc3f9bd98be709929c9eac997a8
CVE-2018-19872 (An issue was discovered in Qt 5.11. A malformed PPM image causes a div ...)
+ {DLA-2377-1 DLA-2376-1}
- qtbase-opensource-src 5.11.2+dfsg-3 (low)
- [stretch] - qtbase-opensource-src <no-dsa> (Minor issue)
[jessie] - qtbase-opensource-src <no-dsa> (Minor issue)
- qt4-x11 4:4.8.7+dfsg-18
- [stretch] - qt4-x11 <no-dsa> (Minor issue)
[jessie] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://bugreports.qt.io/browse/QTBUG-69449
NOTE: qt4-x11: POC doesn't crash on neither jessie nor stretch, it's possibly incomplete; patch applies though.
CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontr ...)
- {DLA-1786-1}
+ {DLA-2377-1 DLA-1786-1}
- qtimageformats-opensource-src 5.11.3-2 (low)
[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
[jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
- [stretch] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/237761/
NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
NOTE: https://github.com/qt/qtimageformats/commit/7cfe47a8fe2f987fb2a066a696fb3d9d0afe4d65
CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF image cau ...)
- {DSA-4374-1 DLA-1786-1 DLA-1627-1}
+ {DSA-4374-1 DLA-2377-1 DLA-1786-1 DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2 (low)
- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
- [stretch] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/235998/
NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in
NOTE: src/plugins/imageformats/gif/qgifhandler.cpp depending on the version
NOTE: https://github.com/qt/qtbase/commit/2841e2b61e32f26900bde987d469c8b97ea31999
CVE-2018-19869 (An issue was discovered in Qt before 5.11.3. A malformed SVG image cau ...)
- {DLA-1786-1}
+ {DLA-2422-1 DLA-2377-1 DLA-1786-1}
[experimental] - qtsvg-opensource-src 5.11.3-1
- qtsvg-opensource-src 5.11.3-2 (low)
- [stretch] - qtsvg-opensource-src <no-dsa> (Minor issue)
[jessie] - qtsvg-opensource-src <no-dsa> (Minor issue)
- qt4-x11 4:4.8.7+dfsg-18 (low)
- [stretch] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/234142/
NOTE: https://github.com/qt/qtsvg/commit/8c199714e9bc638fb3f6ec747fb7a23373e49335
@@ -4106,15 +4315,13 @@ CVE-2018-19842 (getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allo
NOTE: https://github.com/radare/radare2/commit/66191f780863ea8c66ace4040d0d04a8842e8432
NOTE: https://github.com/radare/radare2/issues/12239
CVE-2018-19841 (The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a ...)
+ {DLA-2525-1}
- wavpack 5.1.0-5 (bug #915565)
- [stretch] - wavpack <no-dsa> (Minor issue)
- [jessie] - wavpack <no-dsa> (Minor issue)
NOTE: https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b
NOTE: https://github.com/dbry/WavPack/issues/54
CVE-2018-19840 (The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPac ...)
+ {DLA-2525-1}
- wavpack 5.1.0-5 (bug #915564)
- [stretch] - wavpack <no-dsa> (Minor issue)
- [jessie] - wavpack <no-dsa> (Minor issue)
NOTE: https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51
NOTE: https://github.com/dbry/WavPack/issues/53
CVE-2018-19839 (In LibSass prior to 3.5.5, the function handle_error in sass_context.c ...)
@@ -4123,10 +4330,11 @@ CVE-2018-19839 (In LibSass prior to 3.5.5, the function handle_error in sass_con
NOTE: https://github.com/sass/libsass/issues/2657
NOTE: https://github.com/sass/libsass/pull/2767
CVE-2018-19838 (In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_ ...)
- - libsass <unfixed> (low)
+ - libsass 3.6.3-1 (low)
[buster] - libsass <no-dsa> (Minor issue)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2660
+ NOTE: Fixed in 3.6.1, but 3.6.3 first to land in unstable
CVE-2018-19837 (In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Express ...)
- libsass 3.5.4+20180621~c0a6cf3-1
[stretch] - libsass <no-dsa> (Minor issue)
@@ -4230,10 +4438,11 @@ CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexp
CVE-2018-19798 (Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uplo ...)
NOT-FOR-US: Fleetco Fleet Maintenance Management (FMM)
CVE-2018-19797 (In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Sel ...)
- - libsass <unfixed>
+ - libsass 3.6.3-1
[buster] - libsass <no-dsa> (Minor issue)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2779
+ NOTE: https://github.com/sass/libsass/commit/e94b5f91ec372a84be1f9c0da32cb6e0af0b99fe
CVE-2018-19796 (An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPre ...)
NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-19795 (ChipsBank UMPTool saves the password to the NAND with a simple substit ...)
@@ -4262,9 +4471,8 @@ CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a u
NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379
NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126
CVE-2018-19787 (An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in th ...)
- {DLA-1604-1}
+ {DLA-2467-1}
- lxml 4.2.5-1
- [stretch] - lxml <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 (lxml-4.2.5)
CVE-2018-19786 (HashiCorp Vault before 1.0.0 writes the master key to the server log i ...)
NOT-FOR-US: HashiCorp Vault
@@ -4288,6 +4496,8 @@ CVE-2018-19777 (In Artifex MuPDF 1.14.0, there is an infinite loop in the functi
- mupdf 1.15.0+ds1-1 (unimportant; bug #915137)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700301
NOTE: No security impact, hang in GUI/CLI tool
+ NOTE: Not able to reproduce on buster or stretch
+ NOTE: upstream fix for bug #700301 may be incomplete
CVE-2018-19776
RESERVED
CVE-2018-19775 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
@@ -4351,9 +4561,8 @@ CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (fun
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
NOTE: CVE description is misleading, not an issue in libstb
CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
- {DLA-1632-1}
+ {DLA-2418-1 DLA-1632-1}
- libsndfile 1.0.28-5 (bug #917416)
- [stretch] - libsndfile <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812
NOTE: https://github.com/erikd/libsndfile/issues/435
NOTE: https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e
@@ -4374,9 +4583,9 @@ CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h (function:
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer)
NOTE: CVE description is misleading, not an issue in libstb
CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: is_mmac ...)
- - nasm <unfixed> (unimportant; bug #915087)
+ - nasm 2.15.02-1 (unimportant; bug #915087)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392528
- NOTE: https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb
+ NOTE: https://github.com/netwide-assembler/nasm/commit/3079f7966dbed4497e36d5067cbfd896a90358cb
NOTE: Crash in CLI tool, no security impact
CVE-2018-19754 (Tarantella Enterprise before 3.11 allows bypassing Access Control. ...)
NOT-FOR-US: Tarantella Enterprise
@@ -4569,9 +4778,9 @@ CVE-2018-19665 (The Bluetooth subsystem in QEMU mishandles negative values for l
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03822.html
NOTE: second patch never accepted, no activity as of 20190909
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
- NOTE: https://lists.debian.org/debian-lts/2019/01/msg00073.html
- NOTE: 3.1 marked bluetooth subsystem deprecated
- NOTE: https://github.com/qemu/qemu/commit/c0188e69d
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg07426.html
+ NOTE: https://github.com/qemu/qemu/commit/c0188e69d (bluetooth subsystem deprecated in 3.1)
+ NOTE: https://github.com/qemu/qemu/commit/1d4ffe8dc (bluetooth subsystem removed in 5.0)
CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel ...)
- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305
@@ -4580,16 +4789,14 @@ CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put
CVE-2018-19663
RESERVED
CVE-2018-19662 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...)
- {DLA-1618-1}
+ {DLA-2418-1 DLA-1618-1}
- libsndfile 1.0.28-5 (low)
- [stretch] - libsndfile <ignored> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/429
NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate)
CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...)
- {DLA-1618-1}
+ {DLA-2418-1 DLA-1618-1}
- libsndfile 1.0.28-5 (low)
- [stretch] - libsndfile <ignored> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/429
NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate)
@@ -4913,11 +5120,11 @@ CVE-2018-19542 (An issue was discovered in JasPer 2.0.14. There is a NULL pointe
{DLA-1628-1}
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/182
-CVE-2018-19541 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...)
+CVE-2018-19541 (An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11 ...)
{DLA-1628-1}
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/182
-CVE-2018-19540 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...)
+CVE-2018-19540 (An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11 ...)
{DLA-1628-1}
- jasper <removed>
NOTE: https://github.com/mdadams/jasper/issues/182
@@ -4981,7 +5188,7 @@ CVE-2018-19516 (messagepartthemes/default/defaultrenderer.cpp in messagelib in K
- kf5-messagelib 4:18.08.3-2 (bug #915039)
[stretch] - kf5-messagelib <no-dsa> (Minor issue)
NOTE: https://www.kde.org/info/security/advisory-20181128-1.txt
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=34765909cdf8e55402a8567b48fb288839c61612
+ NOTE: https://github.com/KDE/messagelib/commit/34765909cdf8e55402a8567b48fb288839c61612
CVE-2018-19515 (In Webgalamb through 7.0, system/ajax.php functionality is supposed to ...)
NOT-FOR-US: Webgalamb
CVE-2018-19514 (In Webgalamb through 7.0, an arbitrary code execution vulnerability co ...)
@@ -5103,7 +5310,7 @@ CVE-2018-19478 (In Artifex Ghostscript before 9.26, a carefully crafted PDF file
{DSA-4346-1 DLA-1620-1}
- ghostscript 9.26~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699856
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace
CVE-2018-19474
RESERVED
CVE-2018-19473
@@ -5153,29 +5360,28 @@ CVE-2018-19486 (Git before 2.19.2 on Linux and UNIX executes commands from the c
CVE-2018-19477 (psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attacke ...)
{DSA-4346-1 DLA-1598-1}
- ghostscript 9.26~dfsg-1
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb (ghostscript-9.26)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03 (master)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb (ghostscript-9.26)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03 (master)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700168
CVE-2018-19476 (psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers ...)
{DSA-4346-1 DLA-1598-1}
- ghostscript 9.26~dfsg-1
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a (ghostscript-9.26)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16 (master)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a (ghostscript-9.26)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16 (master)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700169
CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attack ...)
{DSA-4346-1 DLA-1598-1}
- ghostscript 9.26~dfsg-1
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e (ghostscript-9.26)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 (master)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e (ghostscript-9.26)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 (master)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700153
CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_o ...)
- {DSA-4353-1 DLA-1700-1 DLA-1608-1}
+ {DSA-4353-1 DLA-2866-1 DLA-1700-1 DLA-1608-1}
- php7.3 7.3.0-1 (bug #913775)
- php7.2 <removed> (bug #913835)
- php7.0 <removed> (bug #913836)
- php5 <removed>
- uw-imap 8:2007f~dfsg-6 (bug #914632)
- [stretch] - uw-imap <no-dsa> (Minor issue)
NOTE: Fixed in 5.6.39, 7.0.33, 7.1.25, 7.2.13, 7.3.0
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76428
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77153
@@ -5262,8 +5468,8 @@ CVE-2018-19420 (In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads bu
NOT-FOR-US: GetSimpleCMS
CVE-2018-19419
RESERVED
-CVE-2018-19418
- RESERVED
+CVE-2018-19418 (Foxit PDF ActiveX before 5.5.1 allows remote code execution via comman ...)
+ NOT-FOR-US: Foxit PDF ActiveX
CVE-2018-19417 (An issue was discovered in the MQTT server in Contiki-NG before 4.2. T ...)
NOT-FOR-US: Contiki-NG
CVE-2018-19517 (An issue was discovered in sysstat 12.1.1. The remap_struct function i ...)
@@ -5483,8 +5689,10 @@ CVE-2018-19353 (The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.
NOT-FOR-US: libansilove
CVE-2018-19352 (Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name ...)
- jupyter-notebook 5.7.4-1 (bug #917408)
+ [stretch] - jupyter-notebook <not-affected> (Vulnerable code not present)
NOTE: https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648
CVE-2018-19351 (Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook bec ...)
+ {DLA-2432-1}
- jupyter-notebook 5.7.4-1 (bug #917409)
NOTE: https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491
CVE-2018-19350 (In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwd ...)
@@ -5759,10 +5967,10 @@ CVE-2018-19221 (An issue was discovered in LAOBANCMS 2.0. It allows SQL Injectio
CVE-2018-19220 (An issue was discovered in LAOBANCMS 2.0. It allows remote attackers t ...)
NOT-FOR-US: LAOBANCMS
CVE-2018-19219 (In LibSass 3.5-stable, there is an illegal address access at Sass::Eva ...)
- - libsass <undetermined>
+ NOTE: Bogus report for libsass
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643760
CVE-2018-19218 (In LibSass 3.5-stable, there is an illegal address access at Sass::Par ...)
- - libsass <undetermined>
+ NOTE: Bogus report for libsass
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643758
CVE-2018-19217 (** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL poi ...)
- ncurses 6.0+20170701-1
@@ -5775,17 +5983,17 @@ CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in
[stretch] - nasm <no-dsa> (Minor issue)
[jessie] - nasm <ignored> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392425
- NOTE: Fix: https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
+ NOTE: Fix: https://github.com/netwide-assembler/nasm/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1115758#c7
CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...)
- nasm 2.14-1 (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392525
- NOTE: https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
+ NOTE: https://github.com/netwide-assembler/nasm/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
NOTE: No security impact, crash in CLI tool
CVE-2018-19214 (Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...)
- nasm 2.14-1 (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392521
- NOTE: https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354
+ NOTE: https://github.com/netwide-assembler/nasm/commit/661f723d39e03ca6eb05d7376a43ca33db478354
NOTE: No security impact, crash in CLI tool
CVE-2018-19213 (Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may le ...)
- nasm <unfixed> (unimportant)
@@ -5796,7 +6004,7 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by libwe
NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...)
- ncurses 6.1+20180210-3 (low)
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses <ignored> (Minor issue)
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754
@@ -5883,7 +6091,7 @@ CVE-2018-19186 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2
CVE-2018-19185 (An issue has been found in libIEC61850 v1.3. It is a heap-based buffer ...)
NOT-FOR-US: libIEC61850
CVE-2018-19184 (cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to ...)
- NOT-FOR-US: Go Ethereum
+ - golang-github-go-ethereum <itp> (bug #890541)
CVE-2018-19183 (ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm. ...)
NOT-FOR-US: ethereumjs-vm
CVE-2018-19182 (Engelsystem before commit hash 2e28336 allows CSRF. ...)
@@ -5953,10 +6161,10 @@ CVE-2018-19151 (qtum through 0.16 (a chain-based proof-of-stake cryptocurrency)
CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdffor ...)
NOT-FOR-US: pdfforge PDF Architect
CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attac ...)
- - poppler <unfixed> (unimportant; bug #914600)
+ - poppler 0.71.0-2 (unimportant; bug #914600)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/664
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649457#c3
- NOTE: https://github.com/freedesktop/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44
+ NOTE: https://github.com/freedesktop/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 (poppler-0.70.0)
CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain invalid ...)
- caddy <itp> (bug #810890)
CVE-2018-19147
@@ -5985,8 +6193,8 @@ CVE-2018-19134 (In Artifex Ghostscript through 9.25, the setpattern operator did
{DSA-4346-1 DLA-1620-1}
- ghostscript 9.26~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700141
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf (master)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7c8f85a23db24031945af3cacb2c0b4740e67072 (ghostscript-9.26)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf (master)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7c8f85a23db24031945af3cacb2c0b4740e67072 (ghostscript-9.26)
CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email ...)
NOT-FOR-US: Flarum Core
CVE-2018-19130 (** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1 ...)
@@ -6020,7 +6228,7 @@ CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in Eth
CVE-2018-19141 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before ...)
{DLA-1592-1}
- otrs2 6.0.1-1
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/
NOTE: Only the 4.x and 5.x series are affected (and possibly earlier versions).
NOTE: Add workaround and mark first 6.x version as fixing version
@@ -6032,13 +6240,13 @@ CVE-2018-19142 (Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an
CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5. ...)
{DLA-1592-1}
- otrs2 6.0.13-1
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows ...)
- kio-extras 4:18.08.3-1 (bug #913595)
[stretch] - kio-extras <no-dsa> (Minor issue)
- kde-runtime <removed> (bug #913596)
- [buster] - kde-runtime <no-dsa> (Minor issue)
+ [buster] - kde-runtime <ignored> (Minor issue)
[stretch] - kde-runtime <no-dsa> (Minor issue)
[jessie] - kde-runtime <ignored> (Minor issue)
NOTE: https://www.kde.org/info/security/advisory-20181012-1.txt
@@ -6190,21 +6398,20 @@ CVE-2018-19062
CVE-2018-19061 (DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter ...)
NOT-FOR-US: DedeCMS
CVE-2018-19060 (An issue was discovered in Poppler 0.71.0. There is a NULL pointer der ...)
- - poppler <unfixed> (unimportant; bug #913182)
+ - poppler 0.85.0-2 (unimportant; bug #913182)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/660
- NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/d2f5d424ba8752f9a9e9dad410546ec1b46caa0a
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/d2f5d424ba8752f9a9e9dad410546ec1b46caa0a (poppler-0.72.0)
NOTE: Issue in pdfdetach cli tool leading to crash
CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bounds re ...)
- - poppler <unfixed> (unimportant; bug #913180)
+ - poppler 0.85.0-2 (unimportant; bug #913180)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/661
- NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118 (poppler-0.72.0)
NOTE: Issue in pdfdetach cli tool leading to crash
CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort ...)
- {DLA-1706-1}
+ {DLA-2440-1 DLA-1706-1}
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #913177)
+ - poppler 0.85.0-2 (low; bug #913177)
[buster] - poppler <ignored> (Minor issue)
- [stretch] - poppler <ignored> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d
CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG ele ...)
@@ -6230,8 +6437,8 @@ CVE-2018-19050 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword la
CVE-2018-19049
RESERVED
CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c i ...)
+ {DLA-2887-1}
- lighttpd 1.4.52-1 (bug #913528)
- [stretch] - lighttpd <no-dsa> (Minor issue)
[jessie] - lighttpd <no-dsa> (Minor issue)
NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1
CVE-2018-19048 (Simditor through 2.3.21 allows DOM XSS via an onload attribute within ...)
@@ -6291,8 +6498,8 @@ CVE-2018-19027 (Three type confusion vulnerabilities exist in CX-One Versions 4.
NOT-FOR-US: CX-One
CVE-2018-19026
RESERVED
-CVE-2018-19025
- RESERVED
+CVE-2018-19025 (In JUUKO K-808, an attacker could specially craft a packet that encode ...)
+ NOT-FOR-US: JUUKO K-808
CVE-2018-19024
RESERVED
CVE-2018-19023 (Hetronic Nova-M prior to verson r161 uses fixed codes that are reprodu ...)
@@ -6574,7 +6781,7 @@ CVE-2018-18898 (The email-ingestion feature in Best Practical Request Tracker 4.
NOTE: https://github.com/bestpractical/email-address-list/commit/31bd4dc2dfb26fd6a17e4436df3d3c8904856f30
CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory leak in G ...)
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #913164)
+ - poppler 0.85.0-2 (low; bug #913164)
[buster] - poppler <ignored> (Negligible security impact)
[stretch] - poppler <ignored> (Negligible security impact)
[jessie] - poppler <ignored> (Negligible security impact; memory leak)
@@ -6790,10 +6997,9 @@ CVE-2018-18808 (The domain management component of TIBCO Software Inc.'s TIBCO J
CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO Softwar ...)
NOT-FOR-US: TIBCO
CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of service (Me ...)
- {DLA-1596-1}
+ {DLA-2278-1 DLA-1596-1}
- squid 4.4-1 (low; bug #912294)
- squid3 <removed> (low)
- [stretch] - squid3 <postponed> (Can be fixed along in a future DSA)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
NOTE: 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-bc9786119f058a76ddf0625424bc33d36460b9a2.patch
NOTE: 4.x: http://www.squid-cache.org/Versions/v4/changesets/squid-4-983c5c36e5f109512ed1af38a329d0b5d0967498.patch
@@ -6804,7 +7010,7 @@ CVE-2018-19131 (Squid before 4.4 has XSS via a crafted X.509 certificate during
NOTE: Squid in Debian builds without TLS support
CVE-2018-18806 (School Equipment Monitoring System 1.0 allows SQL injection via the lo ...)
NOT-FOR-US: School Equipment Monitoring System
-CVE-2018-18805 (PointOfSales 1.0 allows SQL injection via the login screen, related to ...)
+CVE-2018-18805 (Point Of Sales 1.0 allows SQL injection via the login screen, related ...)
NOT-FOR-US: PointOfSales
CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login screen, ...)
NOT-FOR-US: Bakeshop Inventory System
@@ -7065,10 +7271,10 @@ CVE-2018-18690 (In the Linux kernel before 4.17, a local attacker able to set at
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199119
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1105025
NOTE: https://git.kernel.org/linus/7b38460dc8e4eafba06c78f8e37099d3b34d473c
-CVE-2018-18689
- RESERVED
-CVE-2018-18688
- RESERVED
+CVE-2018-18689 (The Portable Document Format (PDF) specification does not provide any ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2018-18688 (The Portable Document Format (PDF) specification does not provide any ...)
+ NOT-FOR-US: Foxit Reader
CVE-2018-18687
RESERVED
CVE-2018-18686
@@ -7120,10 +7326,11 @@ CVE-2018-18664
CVE-2018-18663
RESERVED
CVE-2018-18662 (There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Ar ...)
+ {DLA-2289-1}
- mupdf 1.14.0+ds1-3 (bug #912013)
[jessie] - mupdf <not-affected> (vulnerable code introduced later)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700043
- NOTE: http://git.ghostscript.com/?p=mupdf.git;h=164ddc22ee0d5b63a81d5148f44c37dd132a9356
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;h=164ddc22ee0d5b63a81d5148f44c37dd132a9356
CVE-2018-18661 (An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dere ...)
{DLA-2009-1}
- tiff 4.0.10-1 (unimportant; bug #912012)
@@ -7142,8 +7349,12 @@ CVE-2018-18657 (An issue was discovered in Arcserve Unified Data Protection (UDP
CVE-2018-18656 (The PureVPN client before 6.1.0 for Windows stores Login Credentials ( ...)
NOT-FOR-US: PureVPN client for Windows
CVE-2018-18653 (The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Se ...)
- - linux <undetermined>
- TODO: check, this should be very Ubuntu specific, but it is introduced with the out-of-tree patch from the Lockdown patchset https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/cosmic/commit/?id=03c7de9e956395f3b36f86f89b62780ad9501eef and so possibly affect our kernel as well in some way.
+ - linux 5.4.6-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1798863
+ NOTE: Broken lockdown patch introduced in: https://salsa.debian.org/kernel-team/linux/commit/a7cd45ba217652e89afd40020fa3ee9d8900b2d6
+ NOTE: Dropped in: https://salsa.debian.org/kernel-team/linux/commit/bcf44784663c6b77a4922d9a88f114c9810623cc
CVE-2018-18652 (A remote command execution vulnerability in Veritas NetBackup Applianc ...)
NOT-FOR-US: Veritas NetBackup Appliance
CVE-2018-18655 (Prayer through 1.3.5 sends a Referer header, containing a user's usern ...)
@@ -7224,12 +7435,12 @@ CVE-2018-18627
RESERVED
CVE-2018-18626 (An issue was discovered in PHPYun V4.6. There is a vulnerability that ...)
NOT-FOR-US: PHPYun
-CVE-2018-18625
- RESERVED
-CVE-2018-18624
- RESERVED
-CVE-2018-18623
- RESERVED
+CVE-2018-18625 (Grafana 5.3.1 has XSS via a link on the "Dashboard &gt; All Panels &gt ...)
+ - grafana <removed>
+CVE-2018-18624 (Grafana 5.3.1 has XSS via a column style on the "Dashboard &gt; Table ...)
+ - grafana <removed>
+CVE-2018-18623 (Grafana 5.3.1 has XSS via the "Dashboard &gt; Text Panel" screen. NOTE ...)
+ - grafana <removed>
CVE-2018-18622 (An issue was discovered in Waimai Super Cms 20150505. There is XSS via ...)
NOT-FOR-US: Waimai Super Cms
CVE-2018-18621 (CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Ma ...)
@@ -7391,7 +7602,7 @@ CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur due
NOTE: Fixed by: https://git.kernel.org/linus/15fe076edea787807a7cdc168df832544b58eba6
CVE-2018-18558 (An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 ...)
NOT-FOR-US: Espressif ESP-IDF
-CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into ...)
+CVE-2018-18557 (LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4 ...)
{DSA-4349-1 DLA-1557-1}
- tiff 4.0.9+git181026-1 (bug #911635)
- tiff3 <removed>
@@ -7483,16 +7694,14 @@ CVE-2018-18523
CVE-2018-18522
RESERVED
CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in ...)
- {DLA-1689-1}
+ {DLA-2802-1 DLA-1689-1}
- elfutils 0.175-1 (low; bug #911413)
- [stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786
NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end i ...)
- {DLA-1689-1}
+ {DLA-2802-1 DLA-1689-1}
- elfutils 0.175-1 (low; bug #911414)
- [stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209
@@ -7532,9 +7741,8 @@ CVE-2018-18509 (A flaw during verification of certain S/MIME signatures causes e
{DSA-4392-1 DLA-1678-1}
- thunderbird 1:60.5.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18511
-CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in a denial of service]
- RESERVED
- {DLA-1704-1}
+CVE-2018-18508 (In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a ...)
+ {DLA-2388-1 DLA-1704-1}
- nss 2:3.42.1-1 (bug #921614)
NOTE: https://hg.mozilla.org/projects/nss/rev/08d1b0c1117f
NOTE: https://hg.mozilla.org/projects/nss/rev/5e70b72131ac
@@ -7677,7 +7885,7 @@ CVE-2018-18474
RESERVED
CVE-2018-18473 (A hidden backdoor on PATLITE NH-FB Series devices with firmware versio ...)
NOT-FOR-US: PATLITE NBM-D88N
-CVE-2018-18472 (Western Digital WD My Book Live (all versions) has a root Remote Comma ...)
+CVE-2018-18472 (Western Digital WD My Book Live and WD My Book Live Duo (all versions) ...)
NOT-FOR-US: Western Digital WD My Book Live
CVE-2018-18471 (/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stor ...)
NOT-FOR-US: Axentra firmware
@@ -7762,11 +7970,14 @@ CVE-2018-18447
CVE-2018-18446
RESERVED
CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...)
- - openexr <unfixed> (unimportant)
+ {DSA-4755-1 DLA-2358-1}
+ - openexr 2.5.3-2 (unimportant)
+ [jessie] - openexr <not-affected> (exrmultiview code not present in tarball)
NOTE: Issue in exrmultiview which is not installed in the binary package.
NOTE: https://github.com/openexr/openexr/issues/351
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0)
CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ...)
- - openexr <unfixed> (unimportant)
+ - openexr 2.5.3-2 (unimportant)
NOTE: https://github.com/openexr/openexr/issues/350
NOTE: https://github.com/openexr/openexr/commit/adbc1900cb9d25fcc4df008d4008b781cf2fa4f8
NOTE: Memory leak with overall negligible security impact
@@ -8133,9 +8344,8 @@ CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflo
NOTE: Introduced by: https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/0589f071dc6836de80b24fd798c3336c72ead850
CVE-2018-18310 (An invalid memory address dereference was discovered in dwfl_segment_r ...)
- {DLA-1689-1}
+ {DLA-2802-1 DLA-1689-1}
- elfutils 0.175-1 (bug #911083)
- [stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752
NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd
@@ -8199,7 +8409,7 @@ CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699963
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
NOTE: https://www.openwall.com/lists/oss-security/2018/10/16/2
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b
CVE-2018-18283
RESERVED
CVE-2018-18282 (Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. ...)
@@ -8407,41 +8617,29 @@ CVE-2018-18199 (Mediamanager in REDAXO before 5.6.4 has XSS. ...)
CVE-2018-18198 (The $opener_input_field variable in addons/mediapool/pages/index.php i ...)
NOT-FOR-US: REDAXO
CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator new[] fa ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
+ - libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
+ - libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-18195 (An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-ze ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
+ - libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
+ - libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-18193 (An issue was discovered in libgig 4.1.0. There is operator new[] failu ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
+ - libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer deref ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
+ - libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member ...)
NOT-FOR-US: FineCms
CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a ...)
@@ -8691,7 +8889,7 @@ CVE-2018-18073 (Artifex Ghostscript allows attackers to bypass a sandbox protect
- ghostscript 9.25~dfsg-3 (bug #910758)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1690
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699927
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c
NOTE: https://www.openwall.com/lists/oss-security/2018/10/10/12
CVE-2018-18072
RESERVED
@@ -8719,7 +8917,8 @@ CVE-2018-18065 (_set_key in agent/helpers/table_container.c in Net-SNMP before 5
NOTE: https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/
CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write during p ...)
- cairo <unfixed> (low; bug #916083)
- [buster] - cairo <no-dsa> (Minor issue)
+ [bullseye] - cairo <ignored> (Minor issue)
+ [buster] - cairo <ignored> (Minor issue)
[stretch] - cairo <no-dsa> (Minor issue)
[jessie] - cairo <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/341
@@ -8760,9 +8959,8 @@ CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to vers
NOTE: https://github.com/pyca/pyopenssl/pull/723
NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 con ...)
- {DLA-1556-1}
+ {DLA-2860-1 DLA-1556-1}
- paramiko 2.4.2-0.1 (bug #910760)
- [stretch] - paramiko <no-dsa> (Minor issue)
NOTE: https://github.com/paramiko/paramiko/issues/1283
NOTE: https://github.com/paramiko/paramiko/commit/56c96a659658acdbb873aef8809a7b508434dcce
CVE-2018-1000804 (contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL ( ...)
@@ -8832,15 +9030,14 @@ CVE-2018-18027
CVE-2018-18026 (IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower ...)
NOT-FOR-US: IObit Malware Fighter
CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in ...)
- {DLA-1574-1}
+ {DLA-2366-1 DLA-1574-1}
- imagemagick 8:6.9.10.14+dfsg-1 (low; bug #911435)
- [stretch] - imagemagick <postponed> (Fix along in next DSA)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1335
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1a22fc0c8837838e60daecc0bf01648f359dd6fd
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/394b3e6edf74d1337ce338927da053bb40c00ae9
CVE-2018-18024 (In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPI ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.10.14+dfsg-1 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1337
NOTE: https://github.com/ImageMagick/ImageMagick/commit/948f1c86d649a29df08a38d2ff8b91cdf3e92b82
@@ -8926,7 +9123,7 @@ CVE-2018-17990 (An issue was discovered on D-Link DSL-3782 devices with firmware
NOT-FOR-US: D-Link
CVE-2018-17989 (A stored XSS vulnerability exists in the web interface on D-Link DSL-3 ...)
NOT-FOR-US: D-Link
-CVE-2018-17988 (LayerBB 1.1.1 has SQL Injection via the search.php search_query parame ...)
+CVE-2018-17988 (LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_qu ...)
NOT-FOR-US: LayerBB
CVE-2018-17987 (The determineWinner function of a smart contract implementation for Ha ...)
NOT-FOR-US: Some Ethereum application
@@ -8955,7 +9152,8 @@ CVE-2018-17979
CVE-2018-17978
RESERVED
CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among XFRM Net ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
+ NOTE: Needs major rework on protocol level to fix. Exploitable (likely) only with CAP_NET_ADMIN.
CVE-2018-17976 (An issue was discovered in GitLab Community Edition 11.x before 11.1.8 ...)
- gitlab 11.1.8+dfsg-2
NOTE: https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/
@@ -9015,9 +9213,9 @@ CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass
- ghostscript 9.25~dfsg-3 (bug #910678)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1682
NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d02bbc620bcba9b1c208462a876afb
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94b708be24758287b606154daaaed9
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63aa4ac6874234fe8cd63e72077291
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d02bbc620bcba9b1c208462a876afb
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94b708be24758287b606154daaaed9
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63aa4ac6874234fe8cd63e72077291
CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source ...)
- ckeditor 4.11.1+dfsg-1 (low)
[stretch] - ckeditor <no-dsa> (Minor issue)
@@ -9085,10 +9283,9 @@ CVE-2018-17939 (An issue was discovered in GitLab Community and Enterprise Editi
CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content spoofing via ...)
NOT-FOR-US: Zimbra
CVE-2018-17937 (gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open ...)
- {DLA-1738-1}
+ {DLA-2795-1 DLA-1738-1}
[experimental] - gpsd 3.18.1-1
- gpsd 3.17-6 (low; bug #925327)
- [stretch] - gpsd <no-dsa> (Minor issue)
NOTE: http://git.savannah.nongnu.org/cgit/gpsd.git/commit/?id=7646cbd04055a50b157312ba6b376e88bd398c19
CVE-2018-17936 (NUUO CMS All versions 3.3 and prior the application allows the upload ...)
NOT-FOR-US: NUUO CMS
@@ -9098,8 +9295,8 @@ CVE-2018-17934 (NUUO CMS All versions 3.3 and prior the application allows exter
NOT-FOR-US: NUUO CMS
CVE-2018-17933 (VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may al ...)
NOT-FOR-US: VGo Robot
-CVE-2018-17932
- RESERVED
+CVE-2018-17932 (JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, . ...)
+ NOT-FOR-US: JUUKO K-800
CVE-2018-17931 (If an attacker has physical access to the VGo Robot (Versions 3.0.3.52 ...)
NOT-FOR-US: VGo Robot
CVE-2018-17930 (A stack-based buffer overflow vulnerability has been identified in Tel ...)
@@ -9223,8 +9420,8 @@ CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an Ether
NOT-FOR-US: Greedy 599
CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version o ...)
NOT-FOR-US: Coaster CMS
-CVE-2018-17875
- RESERVED
+CVE-2018-17875 (A remote code execution issue in the ping command on Poly Trio 8800 5. ...)
+ NOT-FOR-US: Poly Trio 8800 devices
CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
NOT-FOR-US: ExpressionEngine
CVE-2018-17873 (An incorrect access control vulnerability in the FTP configuration of ...)
@@ -9243,16 +9440,16 @@ CVE-2018-17867 (The Port Forwarding functionality on DASAN H660GW devices allows
NOT-FOR-US: DASAN H660GW device
CVE-2018-17866 (Multiple cross-site scripting (XSS) vulnerabilities in includes/core/u ...)
NOT-FOR-US: "Ultimate Member - User Profile & Membership" plugin for WordPress
-CVE-2018-17865
- RESERVED
+CVE-2018-17865 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: SAP
CVE-2018-17864
RESERVED
CVE-2018-17863
RESERVED
-CVE-2018-17862
- RESERVED
-CVE-2018-17861
- RESERVED
+CVE-2018-17862 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: SAP
+CVE-2018-17861 (** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: SAP
CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be revoked.Th ...)
NOT-FOR-US: Cloudera
CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks in ...)
@@ -9404,7 +9601,7 @@ CVE-2018-17797 (An issue was discovered in zzcms 8.3. user/zssave.php allows rem
NOT-FOR-US: zzcms
CVE-2018-17796 (An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The Web ...)
NOT-FOR-US: MRCMS
-CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows remot ...)
+CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier ...)
- tiff 4.0.9-2
[stretch] - tiff 4.0.8-2+deb9u2
[jessie] - tiff 4.0.3-12.3+deb8u5
@@ -9462,26 +9659,26 @@ CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for
NOT-FOR-US: PCProtect Anti-Virus
CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PR ...)
NOT-FOR-US: Seqrite End Point Security
-CVE-2018-17774
- RESERVED
-CVE-2018-17773
- RESERVED
-CVE-2018-17772
- RESERVED
-CVE-2018-17771
- RESERVED
-CVE-2018-17770
- RESERVED
-CVE-2018-17769
- RESERVED
-CVE-2018-17768
- RESERVED
-CVE-2018-17767
- RESERVED
-CVE-2018-17766
- RESERVED
-CVE-2018-17765
- RESERVED
+CVE-2018-17774 (Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This ...)
+ NOT-FOR-US: Ingenico
+CVE-2018-17773 (Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK ...)
+ NOT-FOR-US: Ingenico
+CVE-2018-17772 (Ingenico Telium 2 POS terminals allow arbitrary code execution via the ...)
+ NOT-FOR-US: Ingenico
+CVE-2018-17771 (Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This i ...)
+ NOT-FOR-US: Ingenico
+CVE-2018-17770 (Ingenico Telium 2 POS terminals have a buffer overflow via the RemoteP ...)
+ NOT-FOR-US: Ingenico
+CVE-2018-17769 (Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 co ...)
+ NOT-FOR-US: Ingenico
+CVE-2018-17768 (Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This ...)
+ NOT-FOR-US: Ingenico
+CVE-2018-17767 (Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This i ...)
+ NOT-FOR-US: Ingenico
+CVE-2018-17766 (Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrict ...)
+ NOT-FOR-US: Ingenico
+CVE-2018-17765 (Ingenico Telium 2 POS terminals have undeclared TRACE protocol command ...)
+ NOT-FOR-US: Ingenico
CVE-2018-17764
RESERVED
CVE-2018-17763
@@ -10241,20 +10438,18 @@ CVE-2018-17441 (An issue was discovered on D-Link Central WiFi Manager before v
CVE-2018-17440 (An issue was discovered on D-Link Central WiFi Manager before v 1.03r0 ...)
NOT-FOR-US: D-Link
CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a sta ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10589
+ NOTE: Negligible security impact
CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5Dselec ...)
- - hdf5 <unfixed> (low)
- [buster] - hdf5 <no-dsa> (Minor issue)
- [stretch] - hdf5 <no-dsa> (Minor issue)
- [jessie] - hdf5 <ignored> (Minor issue)
+ - hdf5 1.10.6+repack-1 (unimportant)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10587
NOTE: fix in develop branch: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7add52ff4f2443357648d53d52add274d1b18b5f
+ NOTE: Negligible security impact
CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
- [experimental] - hdf5 1.10.5+repack-1~exp1
- - hdf5 <unfixed> (low)
+ - hdf5 1.10.6+repack-2 (low)
[buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <ignored> (Minor issue)
@@ -10263,15 +10458,16 @@ CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtyp
NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377
CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allo ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc
+ NOTE: Negligible security impact
CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591
+ NOTE: Negligible security impact
CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5repack_ ...)
- [experimental] - hdf5 1.10.5+repack-1~exp1
- - hdf5 <unfixed> (low)
+ - hdf5 1.10.6+repack-2 (low)
[buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <ignored> (Minor issue)
@@ -10280,17 +10476,19 @@ CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5r
NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377
CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10592
+ NOTE: Negligible security impact
CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ...)
- - hdf5 <unfixed>
+ - hdf5 <unfixed> (unimportant)
[buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <ignored> (Minor issue)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
NOTE: upstream bug tracker (not public): https://jira.hdfgroup.org/browse/HDFFV-10590
NOTE: fix planned for HDF5-1.10.6 (will also be backported to HDF5-1.8)
+ NOTE: Negligible security impact, malicous scientific data has more issues than a crash
CVE-2018-17431 (Web Console in Comodo UTM Firewall before 2.7.0 allows remote attacker ...)
NOT-FOR-US: Comodo UTM
CVE-2018-17430
@@ -10421,7 +10619,7 @@ CVE-2018-17367
RESERVED
CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability t ...)
NOT-FOR-US: MCMS
-CVE-2018-17365 (SeaCMS 6.64 allows remote attackers to delete arbitrary files via the ...)
+CVE-2018-17365 (SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files ...)
NOT-FOR-US: SeaCMS
CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via t ...)
NOT-FOR-US: OTCMS
@@ -10673,8 +10871,8 @@ CVE-2018-17257
REJECTED
CVE-2018-17256 (Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.1 ...)
NOT-FOR-US: Umbraco CMS
-CVE-2018-17255 (Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter. ...)
- NOT-FOR-US: Navigate CMS
+CVE-2018-17255
+ REJECTED
CVE-2018-17254 (The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via th ...)
NOT-FOR-US: JCK Editor component for Joomla!
CVE-2018-17253
@@ -10710,7 +10908,7 @@ CVE-2018-17239
CVE-2018-17238
RESERVED
CVE-2018-17237 (A SIGFPE signal is raised in the function H5D__chunk_set_info_real() o ...)
- - hdf5 <unfixed> (low)
+ - hdf5 1.10.6+repack-2 (low)
[buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <ignored> (Minor issue)
@@ -10729,7 +10927,7 @@ CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp
[jessie] - mp4v2 <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451
CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in ...)
- - hdf5 <unfixed> (low)
+ - hdf5 1.10.6+repack-2 (low)
[buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <ignored> (Minor issue)
@@ -10738,8 +10936,7 @@ CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache
NOTE: does not appear in 1.10.5 release notes, but fixed in
NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/f4138013dbc6851e968ea3d37b32776538ef306b
CVE-2018-17233 (A SIGFPE signal is raised in the function H5D__create_chunk_file_map_h ...)
- [experimental] - hdf5 1.10.5+repack-1~exp1
- - hdf5 <unfixed> (low)
+ - hdf5 1.10.6+repack-2 (low)
[buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <ignored> (Minor issue)
@@ -10813,12 +11010,13 @@ CVE-2018-17208 (Linksys Velop 1.1.2.187020 devices allow unauthenticated command
CVE-2018-17207 (An issue was discovered in Snap Creek Duplicator before 1.2.42. By acc ...)
NOT-FOR-US: Snap Creek Duplicator
CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The ...)
+ {DLA-2571-1}
- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
- [stretch] - openvswitch <no-dsa> (Minor issue)
[jessie] - openvswitch <not-affected> (Vulnerable code does not exist; no such function)
NOTE: https://github.com/openvswitch/ovs/commit/5026a263d7846077eee540de42192d27da513226 (master)
NOTE: https://github.com/openvswitch/ovs/commit/20626d38c1a1d4cebb5a6911ea3cb6a7f4f993f8 (branch-2.8)
NOTE: https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8 (branch-2.7)
+ NOTE: https://github.com/openvswitch/ovs/commit/ee47d61ba1c97cf67a68f0191dec1f93bfafc0a0 (branch-2.6)
CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, aff ...)
- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
[stretch] - openvswitch <not-affected> (Vulnerable code introduced later)
@@ -10827,12 +11025,13 @@ CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.
NOTE: https://github.com/openvswitch/ovs/commit/638d406e3b647359f3d82189d7a6ee56b4a54928 (branch-2.8)
NOTE: https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 (branch-2.7)
CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, aff ...)
+ {DLA-2571-1}
- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
- [stretch] - openvswitch <no-dsa> (Minor issue)
[jessie] - openvswitch <not-affected> (Vulnerable code does not exist; no such function)
NOTE: https://github.com/openvswitch/ovs/commit/9740d81d94888cb158fa99a9366fe2b32b3e4aaa (master)
NOTE: https://github.com/openvswitch/ovs/commit/8976ea1d680ab7a2d726a50e5666aa8fefd24168 (branch-2.8)
NOTE: https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde (branch-2.7)
+ NOTE: https://github.com/openvswitch/ovs/commit/fbe37f3ccc819a044a500fb5da13d3e53596c2a7 (branch-2.6)
NOTE: ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
CVE-2018-17203
REJECTED
@@ -10870,7 +11069,7 @@ CVE-2018-17191 (Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configurati
NOTE: Fixed upstream in version 10.0
NOTE: https://www.openwall.com/lists/oss-security/2018/12/30/1
CVE-2018-17190 (In all versions of Apache Spark, its standalone resource manager accep ...)
- NOT-FOR-US: Apache Spark
+ - apache-spark <itp> (bug #802194)
CVE-2018-17189 (In Apache HTTP server versions 2.4.37 and prior, by sending request bo ...)
{DSA-4422-1}
- apache2 2.4.38-1 (low; bug #920302)
@@ -10992,8 +11191,9 @@ CVE-2018-17147 (Nagios XI before 5.5.4 has XSS in the auto login admin managemen
NOT-FOR-US: Nagios XI
CVE-2018-17146 (A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 ...)
NOT-FOR-US: Nagios XI
-CVE-2018-17145
- RESERVED
+CVE-2018-17145 (Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16 ...)
+ - bitcoin 0.16.2~dfsg-1
+ NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145
CVE-2018-17144 (Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x be ...)
- bitcoin 0.16.3~dfsg-1
- litecoin 0.16.3-1
@@ -11126,7 +11326,7 @@ CVE-2018-17183 (Artifex Ghostscript before 9.25 allowed a user-writable error ex
{DSA-4294-1 DLA-1527-1}
- ghostscript 9.25~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699708
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka audiof ...)
- audiofile 0.3.6-5 (low; bug #913166)
[stretch] - audiofile 0.3.6-4+deb9u1
@@ -11176,7 +11376,7 @@ CVE-2018-17078
CVE-2018-17077 (An issue was discovered in yiqicms through 2016-11-20. There is stored ...)
NOT-FOR-US: yiqicms
CVE-2018-17076 (GPP through 2.25 will try to use more memory space than is available o ...)
- - gpp <unfixed> (unimportant; bug #908939)
+ - gpp 2.26-1 (unimportant; bug #908939)
NOTE: https://github.com/logological/gpp/issues/26
NOTE: https://github.com/logological/gpp/commit/329aa63a70d32d1e2ae529130a792e0c6ae4ce79
NOTE: Crash in CLI tool, no security impact
@@ -11267,7 +11467,7 @@ CVE-2018-17038
RESERVED
CVE-2018-17037 (user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escala ...)
NOT-FOR-US: UCMS
-CVE-2018-17036 (An issue was discovered in UCMS 1.4.6. It allows PHP code injection du ...)
+CVE-2018-17036 (An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code inje ...)
NOT-FOR-US: UCMS
CVE-2018-17035 (UCMS 1.4.6 has SQL injection during installation via the install/index ...)
NOT-FOR-US: UCMS
@@ -11487,97 +11687,97 @@ CVE-2018-16938
CVE-2018-16937
RESERVED
CVE-2018-16936
- RESERVED
+ REJECTED
CVE-2018-16935
- RESERVED
+ REJECTED
CVE-2018-16934
- RESERVED
+ REJECTED
CVE-2018-16933
- RESERVED
+ REJECTED
CVE-2018-16932
- RESERVED
+ REJECTED
CVE-2018-16931
- RESERVED
+ REJECTED
CVE-2018-16930
- RESERVED
+ REJECTED
CVE-2018-16929
- RESERVED
+ REJECTED
CVE-2018-16928
- RESERVED
+ REJECTED
CVE-2018-16927
- RESERVED
+ REJECTED
CVE-2018-16926
- RESERVED
+ REJECTED
CVE-2018-16925
- RESERVED
+ REJECTED
CVE-2018-16924
- RESERVED
+ REJECTED
CVE-2018-16923
- RESERVED
+ REJECTED
CVE-2018-16922
- RESERVED
+ REJECTED
CVE-2018-16921
- RESERVED
+ REJECTED
CVE-2018-16920
- RESERVED
+ REJECTED
CVE-2018-16919
- RESERVED
+ REJECTED
CVE-2018-16918
- RESERVED
+ REJECTED
CVE-2018-16917
- RESERVED
+ REJECTED
CVE-2018-16916
- RESERVED
+ REJECTED
CVE-2018-16915
- RESERVED
+ REJECTED
CVE-2018-16914
- RESERVED
+ REJECTED
CVE-2018-16913
- RESERVED
+ REJECTED
CVE-2018-16912
- RESERVED
+ REJECTED
CVE-2018-16911
- RESERVED
+ REJECTED
CVE-2018-16910
- RESERVED
+ REJECTED
CVE-2018-16909
- RESERVED
+ REJECTED
CVE-2018-16908
- RESERVED
+ REJECTED
CVE-2018-16907
- RESERVED
+ REJECTED
CVE-2018-16906
- RESERVED
+ REJECTED
CVE-2018-16905
- RESERVED
+ REJECTED
CVE-2018-16904
- RESERVED
+ REJECTED
CVE-2018-16903
- RESERVED
+ REJECTED
CVE-2018-16902
- RESERVED
+ REJECTED
CVE-2018-16901
- RESERVED
+ REJECTED
CVE-2018-16900
- RESERVED
+ REJECTED
CVE-2018-16899
- RESERVED
+ REJECTED
CVE-2018-16898
- RESERVED
+ REJECTED
CVE-2018-16897
- RESERVED
+ REJECTED
CVE-2018-16896
- RESERVED
+ REJECTED
CVE-2018-16895
- RESERVED
+ REJECTED
CVE-2018-16894
- RESERVED
+ REJECTED
CVE-2018-16893
- RESERVED
+ REJECTED
CVE-2018-16892
- RESERVED
+ REJECTED
CVE-2018-16891
- RESERVED
+ REJECTED
CVE-2018-16890 (libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap ...)
{DSA-4386-1 DLA-1672-1}
- curl 7.64.0-1
@@ -11647,15 +11847,15 @@ CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in t
CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel as it ...)
NOT-FOR-US: Ansible Tower
CVE-2018-16878 (A flaw was found in pacemaker up to and including version 2.0.1. An in ...)
+ {DLA-2519-1}
- pacemaker 2.0.1-3 (bug #927714)
- [stretch] - pacemaker <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html
CVE-2018-16877 (A flaw was found in the way pacemaker's client-server authentication w ...)
+ {DLA-2519-1}
- pacemaker 2.0.1-3 (bug #927714)
- [stretch] - pacemaker <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
@@ -11669,23 +11869,35 @@ CVE-2018-16876 (ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a
CVE-2018-16875 (The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 d ...)
- golang-1.11 1.11.3-1
- golang-1.10 1.10.6-1
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <ignored> (Minor issue, DoS, requires rebuilding affected go-based packages)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <ignored> (Minor issue, DoS, requires rebuilding affected go-based packages)
NOTE: https://github.com/golang/go/issues/29233
NOTE: https://github.com/golang/go/commit/df523969435b8945d939c7e2a849b50910ef4c25 (1.11.3)
NOTE: https://github.com/golang/go/commit/0a4a37f1f0a36e55d8ae5c34210a79499f9f2a9d (1.10.6)
CVE-2018-16874 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is ...)
+ {DLA-2592-1 DLA-2591-1}
- golang-1.11 1.11.3-1
- golang-1.10 1.10.6-1
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
NOTE: https://github.com/golang/go/issues/29231
- NOTE: https://github.com/golang/go/commit/8954addb3294a5e664a9833354bafa58f163fe8f (1.11.3)
- NOTE: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972 (1.10.6)
+ NOTE: See CVE-2018-16873 for patches and regression fix
CVE-2018-16873 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is ...)
+ {DLA-2592-1 DLA-2591-1}
- golang-1.11 1.11.3-1
- golang-1.10 1.10.6-1
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
NOTE: https://github.com/golang/go/issues/29230
NOTE: https://github.com/golang/go/commit/8954addb3294a5e664a9833354bafa58f163fe8f (1.11.3)
NOTE: https://github.com/golang/go/commit/5aedc8af94c0a8ffc58cbd09993192dea9b238db (1.11.3)
NOTE: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972 (1.10.6)
NOTE: https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be (1.10.6)
+ NOTE: https://github.com/golang/go/issues/29241 (regression)
+ NOTE: https://github.com/golang/go/commit/ef209c9eb1216252ee7a59d78156ad9dcccab656 (1.11.4)
+ NOTE: https://github.com/golang/go/commit/25bee965c685e3f35c10076648685e22e59fd656 (1.10.7)
CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The code openi ...)
{DSA-4454-1 DLA-1694-1}
- qemu 1:3.1+dfsg-2 (bug #916397)
@@ -11713,6 +11925,7 @@ CVE-2018-16869 (A Bleichenbacher type side-channel based padding oracle attack w
CVE-2018-16868 (A Bleichenbacher type side-channel based padding oracle attack was fou ...)
[experimental] - gnutls28 3.6.5-1
- gnutls28 3.6.5-2
+ [stretch] - gnutls28 <no-dsa> (Minor issue)
[jessie] - gnutls28 <ignored> (Too invasive to fix, requires newer nettle shared lib - https://lists.debian.org/debian-lts/2019/03/msg00021.html)
- gnutls26 <removed>
NOTE: http://cat.eyalro.net/
@@ -11826,8 +12039,12 @@ CVE-2018-16849 (A flaw was found in openstack-mistral. By manipulating the SSH p
- mistral 7.0.0-2 (low; bug #912714)
[stretch] - mistral 3.0.0-4+deb9u1
NOTE: https://bugs.launchpad.net/mistral/+bug/1783708
-CVE-2018-16848
- RESERVED
+CVE-2018-16848 (A Denial of Service (DoS) condition is possible in OpenStack Mistral i ...)
+ - mistral 10.0.0~rc1-2
+ [buster] - mistral <no-dsa> (Minor issue)
+ [stretch] - mistral <end-of-life> (OpenStack component; not supported in stretch LTS)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1645332
+ NOTE: https://bugs.launchpad.net/mistral/%2Bbug/1785657
CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express Contr ...)
- qemu 1:3.1+dfsg-1 (bug #912655)
[stretch] - qemu <not-affected> (support for Controller Memory Buffers added later)
@@ -11836,7 +12053,7 @@ CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=87ad860c622cc8f8916b5232bd8728c08f938fce
CVE-2018-16846 (It was found in Ceph versions before 13.2.4 that authenticated ceph RG ...)
- {DLA-1696-1}
+ {DLA-2735-1 DLA-1696-1}
- ceph 12.2.11+dfsg1-1 (bug #921947)
NOTE: http://tracker.ceph.com/issues/35994
NOTE: https://github.com/ceph/ceph/commit/4337e6a7d9f92c8549ebee20d0dd67a01e49857f
@@ -11952,8 +12169,8 @@ CVE-2018-1002001 (There is a reflected XSS vulnerability in WordPress Arigato Au
CVE-2018-1002000 (There is blind SQL injection in WordPress Arigato Autoresponder and Ne ...)
NOTE: Wordpress plugin
CVE-2018-16831 (Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir ...)
+ {DLA-2618-1}
- smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 (bug #908698)
- [stretch] - smarty3 <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - smarty3 <not-affected> (vulnerable code not present)
NOTE: https://github.com/smarty-php/smarty/issues/486
NOTE: CVE is about the include tag as an attack vector.
@@ -12031,8 +12248,8 @@ CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1
NOT-FOR-US: PotPlayer
CVE-2018-16796 (HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files wit ...)
NOT-FOR-US: HiScout GRC Suite
-CVE-2018-16795
- RESERVED
+CVE-2018-16795 (OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/a ...)
+ NOT-FOR-US: OpenEMR
CVE-2018-16794 (Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory ...)
NOT-FOR-US: Microsoft ADFS 4.0 Windows Server
CVE-2018-16793 (Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions ...)
@@ -12041,8 +12258,8 @@ CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Inco
{DSA-4294-1 DLA-1504-1}
[experimental] - ghostscript 9.25~dfsg-1~exp1
- ghostscript 9.25~dfsg-1
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590
CVE-2018-16792 (SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via ...)
NOT-FOR-US: SolarWinds SFTP/SCP server
@@ -12143,9 +12360,8 @@ CVE-2018-16750 (In ImageMagick 7.0.7-29 and earlier, a memory leak in the format
NOTE: https://github.com/ImageMagick/ImageMagick/commit/33d1b9590c401d4aee666ffd10b16868a38cf705
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/359331c61193138ce2b85331df25235b81499cfc
CVE-2018-16749 (In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJN ...)
- {DLA-1530-1}
+ {DLA-2366-1 DLA-1530-1}
- imagemagick 8:6.9.10.2+dfsg-2 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1119
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4
CVE-2018-16748
@@ -12203,7 +12419,7 @@ CVE-2018-16735
CVE-2018-16734
RESERVED
CVE-2018-16733 (In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer. ...)
- NOT-FOR-US: Go Ethereum
+ - golang-github-go-ethereum <itp> (bug #890541)
CVE-2018-16732 (\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via adm ...)
NOT-FOR-US: CScms
CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by (for example) adding the php ...)
@@ -12222,16 +12438,16 @@ CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the asset
NOT-FOR-US: baijiacms
CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...)
NOT-FOR-US: baijiacms
-CVE-2018-16723
- RESERVED
-CVE-2018-16722
- RESERVED
-CVE-2018-16721
- RESERVED
-CVE-2018-16720
- RESERVED
-CVE-2018-16719
- RESERVED
+CVE-2018-16723 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
+ NOT-FOR-US: Jingyun Antivirus
+CVE-2018-16722 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
+ NOT-FOR-US: Jingyun Antivirus
+CVE-2018-16721 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
+ NOT-FOR-US: Jingyun Antivirus
+CVE-2018-16720 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
+ NOT-FOR-US: Jingyun Antivirus
+CVE-2018-16719 (In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows ...)
+ NOT-FOR-US: Jingyun Antivirus
CVE-2018-16718 (An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 ...)
NOT-FOR-US: NCBI ToolBox
CVE-2018-16717 (A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 th ...)
@@ -12381,19 +12597,20 @@ CVE-2018-16650 (phpMyFAQ before 2.9.11 allows CSRF. ...)
CVE-2018-16649
RESERVED
CVE-2018-16648 (In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c ...)
+ {DLA-2289-1}
- mupdf 1.14.0+ds1-4 (bug #924351)
[jessie] - mupdf <ignored> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699685
NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?38f883fe129a5e89306252a4676eaaf4bc968824
CVE-2018-16647 (In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xr ...)
+ {DLA-2289-1}
- mupdf 1.14.0+ds1-4 (bug #924351)
[jessie] - mupdf <ignored> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699686
NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?351c99d8ce23bbf7099dbd52771a095f67e45a2c
CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may caus ...)
- {DLA-1562-3 DLA-1562-2 DLA-1562-1}
+ {DLA-2287-1 DLA-1562-3 DLA-1562-2 DLA-1562-1}
- poppler 0.71.0-4 (low; bug #909802)
- [stretch] - poppler <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951
NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/91
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/3d35d209c19c1d3b09b794a0c863ba5de44a9c0a
@@ -12413,9 +12630,8 @@ CVE-2018-16644 (There is a missing check for length in the functions ReadDCMImag
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/01ca29604515fa4ddf3180870827df5c8ec93ada
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1269
CVE-2018-16643 (The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp ...)
- {DLA-1530-1}
+ {DLA-2366-1 DLA-1530-1}
- imagemagick 8:6.9.10.8+dfsg-1 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6b6bff054d569a77973f2140c0e86366e6168a6c
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/11d9dac3d991c62289d1ef7a097670166480e76c
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1199
@@ -12627,19 +12843,17 @@ CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversa
{DSA-4303-1 DLA-1516-1}
- okular 4:17.12.2-2.1 (bug #908168)
NOTE: https://bugs.kde.org/show_bug.cgi?id=398096
- NOTE: https://cgit.kde.org/okular.git/commit/?id=8ff7abc14d41906ad978b6bc67e69693863b9d47
+ NOTE: https://github.com/KDE/okular/commit/8ff7abc14d41906ad978b6bc67e69693863b9d47
CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference vuln ...)
NOT-FOR-US: zephyr-rtos
CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...)
- - wordpress <unfixed>
- [jessie] - wordpress <postponed> (cf. CVE-2017-1000600)
+ - wordpress <undetermined>
NOTE: This CVE exists due to an incomplete fix in 4.9 for CVE-2017-1000600.
CVE-2018-1000673
REJECTED
CVE-2018-1000671 (sympa version 6.2.16 and later contains a CWE-601: URL Redirection to ...)
- {DLA-1512-1}
+ {DLA-2441-1 DLA-1512-1}
- sympa 6.2.36~dfsg-1 (bug #908165)
- [stretch] - sympa <no-dsa> (Minor issue)
NOTE: https://github.com/sympa-community/sympa/issues/268
NOTE: https://github.com/sympa-community/sympa/commit/c6ce32a6c203070702eac45a4442a17d2bf7b0c1
NOTE: https://github.com/sympa-community/sympa/commit/03314a9baf7f7903283253829877afd0ae50e325
@@ -12679,9 +12893,9 @@ CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass t
CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via t ...)
NOT-FOR-US: HScripts PHP File Browser Script
CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (low; bug #910335)
[stretch] - zziplib 0.13.62-3.2~deb9u1
- [jessie] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/58
NOTE: https://github.com/gdraheim/zziplib/commit/9411bde3e4a70a81ff3ffd256b71927b2d90dcbb
NOTE: https://github.com/gdraheim/zziplib/commit/d2e5d5c53212e54a97ad64b793a4389193fec687
@@ -12780,18 +12994,18 @@ CVE-2018-16501
RESERVED
CVE-2018-16500
RESERVED
-CVE-2018-16499
- RESERVED
-CVE-2018-16498
- RESERVED
-CVE-2018-16497
- RESERVED
-CVE-2018-16496
- RESERVED
-CVE-2018-16495
- RESERVED
-CVE-2018-16494
- RESERVED
+CVE-2018-16499 (In VOS compromised, an attacker at network endpoints can possibly view ...)
+ NOT-FOR-US: Versa
+CVE-2018-16498 (In Versa Director, the unencrypted backup files stored on the Versa de ...)
+ NOT-FOR-US: Versa
+CVE-2018-16497 (In Versa Analytics, the cron jobs are used for scheduling tasks by exe ...)
+ NOT-FOR-US: Versa
+CVE-2018-16496 (In Versa Director, the un-authentication request found. ...)
+ NOT-FOR-US: Versa
+CVE-2018-16495 (In VOS user session identifier (authentication token) is issued to the ...)
+ NOT-FOR-US: Versa
+CVE-2018-16494 (In VOS and overly permissive "umask" may allow for authorized users of ...)
+ NOT-FOR-US: Versa
CVE-2018-16493 (A path traversal vulnerability was found in module static-resource-ser ...)
NOT-FOR-US: node static-resource-server
CVE-2018-16492 (A prototype pollution vulnerability was found in module extend &lt;2.0 ...)
@@ -12850,7 +13064,11 @@ CVE-2018-16474 (A stored xss in tianma-static module versions &lt;=1.0.4 allows
CVE-2018-16473 (A path traversal in takeapeek module versions &lt;=0.2.2 allows an att ...)
NOT-FOR-US: takeapeek
CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions &lt;=1.0 ...)
- NOT-FOR-US: cached-path-relative
+ - node-cached-path-relative 1.0.2-1
+ [buster] - node-cached-path-relative <no-dsa> (Minor issue)
+ NOTE: https://hackerone.com/reports/390847
+ NOTE: https://github.com/ashaffer/cached-path-relative/issues/3
+ NOTE: Fixed by: https://github.com/ashaffer/cached-path-relative/commit/a43cffec84ed0e9eceecb43b534b6937a8028fc0
CVE-2018-16471 (There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. ...)
{DLA-1585-1}
- ruby-rack 1.6.4-6 (bug #913005)
@@ -12937,8 +13155,9 @@ CVE-2018-16440
CVE-2018-16439
RESERVED
CVE-2018-16438 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: H5L_extern_query@H5Lexternal.c:498-10___out-of-bounds-read
+ NOTE: Negligible security impact
CVE-2018-16437 (Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable ...)
NOT-FOR-US: Gxlcms
CVE-2018-16436 (Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an ...)
@@ -12973,7 +13192,7 @@ CVE-2018-16429 (GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_m
CVE-2018-16428 (In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c ...)
{DLA-1866-1}
- glib2.0 2.58.0-1 (low)
- [stretch] - glib2.0 <no-dsa> (Minor issue)
+ [stretch] - glib2.0 2.50.3-2+deb9u1
NOTE: https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9
NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1364
CVE-2018-16427 (Various out of bounds reads when handling responses in OpenSC before 0 ...)
@@ -13082,8 +13301,8 @@ CVE-2018-16403 (libdw in elfutils 0.173 checks the end of the attributes list in
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23529
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda
CVE-2018-16402 (libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a ...)
+ {DLA-2802-1}
- elfutils 0.175-1 (low)
- [stretch] - elfutils <no-dsa> (Minor issue)
[jessie] - elfutils <not-affected> (vulnerable code introduced later)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23528
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=56b18521fb8d46d40fc090c0de9d11a08bc982fa
@@ -13145,7 +13364,7 @@ CVE-2018-16386 (An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A
CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index ...)
NOT-FOR-US: ThinkPHP
CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Co ...)
- - modsecurity-crs <unfixed> (low; bug #924352)
+ - modsecurity-crs 3.2.0-1 (low; bug #924352)
[buster] - modsecurity-crs <no-dsa> (Minor issue)
[stretch] - modsecurity-crs <no-dsa> (Minor issue)
[jessie] - modsecurity-crs <no-dsa> (Minor issue)
@@ -13257,8 +13476,8 @@ CVE-2018-16337 (An issue was discovered in Cscms V4.1.8. There is a CSRF vulnera
CVE-2018-16336 (Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote ...)
{DLA-1551-1}
- exiv2 0.27.2-6 (bug #916081)
- [buster] - exiv2 <ignored> (Minor issue)
- [stretch] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 0.25-4+deb10u1
+ [stretch] - exiv2 0.25-3.1+deb9u2
NOTE: https://github.com/Exiv2/exiv2/issues/400
NOTE: https://github.com/Exiv2/exiv2/commit/35b3e596edacd2437c2c5d3dd2b5c9502626163d
CVE-2018-16335 (newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c ...)
@@ -13347,8 +13566,14 @@ CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers to
NOT-FOR-US: PDF-XChange Editor
CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted fil ...)
NOT-FOR-US: MediaComm Zip-n-Go
-CVE-2018-16301
- REJECTED
+CVE-2018-16301 (The command-line argument parser in tcpdump before 4.99.0 has a buffer ...)
+ - tcpdump 4.99.0-1 (unimportant)
+ NOTE: https://github.com/the-tcpdump-group/libpcap/issues/855
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/ad7c25bc0decf96dc7768c9e903734d38528b1bd
+ NOTE: https://www.tcpdump.org/public-cve-list.txt
+ NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/faf8fb70af3a013e5d662b8283dec742fd6b1a77 (tcpdump-4.99-bp)
+ NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 (tcpdump-4.9)
+ NOTE: Negligible security impact
CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...)
{DSA-4547-1 DLA-1955-1}
- tcpdump 4.9.3-1 (bug #941698)
@@ -13467,8 +13692,8 @@ CVE-2018-16245
RESERVED
CVE-2018-16244
RESERVED
-CVE-2018-16243
- RESERVED
+CVE-2018-16243 (SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 ...)
+ NOT-FOR-US: SolarWinds
CVE-2018-16242 (oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which ...)
NOT-FOR-US: oBike
CVE-2018-16241
@@ -13607,7 +13832,7 @@ CVE-2018-16179 (The Mizuho Direct App for Android version 3.13.0 and earlier doe
NOT-FOR-US: Mizuho Direct App for Android
CVE-2018-16178 (Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access ...)
NOT-FOR-US: Cybozu Garoon
-CVE-2018-16177 (Untrusted search path vulnerability in The installer of Windows10 Fall ...)
+CVE-2018-16177 (Untrusted search path vulnerability in The installer of Windows 10 Fal ...)
NOT-FOR-US: Random Windows installer
CVE-2018-16176 (Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1 ...)
NOT-FOR-US: Random Windows installer
@@ -13922,15 +14147,14 @@ CVE-2018-16064 (Insufficient data validation in Extensions API in Google Chrome
CVE-2018-16063
RESERVED
CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 201 ...)
- {DLA-1689-1}
+ {DLA-2802-1 DLA-1689-1}
- elfutils 0.175-1 (bug #907562)
- [stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9
-CVE-2018-16061
- RESERVED
-CVE-2018-16060
- RESERVED
+CVE-2018-16061 (Mitsubishi Electric SmartRTU devices allow XSS via the username parame ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2018-16060 (Mitsubishi Electric SmartRTU devices allow remote attackers to obtain ...)
+ NOT-FOR-US: Mitsubishi
CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Director ...)
NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...)
@@ -14231,34 +14455,32 @@ CVE-2018-15913 (An issue was discovered in Cloudera Manager 5.x through 5.15.0.
CVE-2018-15912 (An issue was discovered in manjaro-update-system.sh in manjaro-system ...)
NOT-FOR-US: manjaro-update-system.sh in manjaro-system on Manjaro Linux
CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 co ...)
- - openssh <unfixed> (low; bug #907503)
- [buster] - openssh <ignored> (Minor issue)
- [stretch] - openssh <ignored> (Minor issue)
- [jessie] - openssh <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/2
+ - openssh <unfixed> (unimportant; bug #907503)
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/27/2
+ NOTE: Not treated as a security issue by upstream
CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to suppl ...)
{DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699665
NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15910 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
{DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699656
NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15909 (In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using ...)
{DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699660
NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to s ...)
{DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699657
NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15907 (** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow remote ...)
@@ -14325,65 +14547,65 @@ CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and gsgetres
{DSA-4288-1 DLA-1527-1}
[experimental] - ghostscript 9.25~dfsg-1~exp1
- ghostscript 9.25~dfsg-1 (bug #908303)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699670
CVE-2018-16542 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
{DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699668
CVE-2018-16541 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
{DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699664
CVE-2018-16540 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
{DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699661
CVE-2018-16539 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
{DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699658
NOTE: To not break cups with https://github.com/apple/cups/issues/5392
NOTE: an additional (no-security) followup fix is needed as:
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=150c8f69646b854a99f35f27edaae012eb2e900f
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=150c8f69646b854a99f35f27edaae012eb2e900f
NOTE: Cf. https://bugs.debian.org/908300
CVE-2018-16513 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
{DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699655
CVE-2018-16511 (An issue was discovered in Artifex Ghostscript before 9.24. A type con ...)
{DSA-4288-1 DLA-1504-1}
- ghostscript 9.22~dfsg-3 (bug #907332)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699659
CVE-2018-16510 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...)
[experimental] - ghostscript 9.25~dfsg-1~exp1
- ghostscript 9.25~dfsg-1 (bug #908304)
[stretch] - ghostscript <not-affected> (Introduced in 9.22)
[jessie] - ghostscript <not-affected> (vulnerable code is not present)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699671
CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...)
{DSA-4294-1 DLA-1504-1}
[experimental] - ghostscript 9.25~dfsg-1~exp1
- ghostscript 9.25~dfsg-1 (bug #907332; bug #907703)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519aa3e79db78aaf0589dae02103764
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519aa3e79db78aaf0589dae02103764
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699654
NOTE: Partially fixed in 9.22~dfsg-3, see #907703
CVE-2018-16585 (** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9 ...)
{DSA-4288-1 DLA-1504-1}
[experimental] - ghostscript 9.25~dfsg-1~exp1
- ghostscript 9.25~dfsg-1 (bug #908305)
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699663
CVE-2018-15877 (The Plainview Activity Monitor plugin before 20180826 for WordPress is ...)
NOT-FOR-US: Wordpress plugin
@@ -14686,10 +14908,13 @@ CVE-2018-15758 (Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prio
CVE-2018-15757
REJECTED
CVE-2018-15756 (Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, version ...)
+ {DLA-2635-1}
- libspring-java 4.3.21-1 (bug #911786)
- [stretch] - libspring-java <no-dsa> (Minor issue)
[jessie] - libspring-java <not-affected> (vulnerable code introduced in later version)
NOTE: https://pivotal.io/security/cve-2018-15756
+ NOTE: https://jira.spring.io/browse/SPR-17318?redirect=false
+ NOTE: https://github.com/spring-projects/spring-framework/commit/044772641d12b9281185f6cf50f8485b8747132c
+ NOTE: Introduced by: https://github.com/spring-projects/spring-framework/commit/da48739628303e3d25ff78d80ff6e9ba87aaeae2 (v4.2)
CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0, ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-15754 (Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization ...)
@@ -14699,14 +14924,15 @@ CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensa
CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) a ...)
NOT-FOR-US: MensaMax application for Android
CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remo ...)
+ {DLA-2294-1}
- salt 2018.3.3+dfsg1-1 (bug #913475)
[jessie] - salt <not-affected> (REST netapi code was first introduced with v2014.7)
NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3
NOTE: https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix
NOTE: minimal patch: https://github.com/saltstack/salt/compare/v2016.11.9..v2016.11.10
CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack Salt before ...)
+ {DLA-2294-1}
- salt 2018.3.3+dfsg1-1 (bug #913476)
- [stretch] - salt <no-dsa> (Minor issue)
[jessie] - salt <not-affected> (REST netapi code was first introduced with v2014.7)
NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3
NOTE: https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix
@@ -14908,9 +15134,10 @@ CVE-2018-15673
CVE-2018-15672
REJECTED
CVE-2018-15671 (An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stac ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5#stack-overflow---stackoverflow_h5p__get_cb
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10557
+ NOTE: Negligible security impact
CVE-2018-15670 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primar ...)
NOT-FOR-US: Bloop Airmail
CVE-2018-15669 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primar ...)
@@ -14963,36 +15190,45 @@ CVE-2018-15647
RESERVED
CVE-2018-15646
RESERVED
-CVE-2018-15645
- RESERVED
+CVE-2018-15645 (Improper access control in message routing in Odoo Community 12.0 and ...)
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/63705
CVE-2018-15644
RESERVED
CVE-2018-15643
RESERVED
CVE-2018-15642
RESERVED
-CVE-2018-15641
- RESERVED
+CVE-2018-15641 (Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 ...)
+ - odoo 14.0.0+dfsg.2-1
+ NOTE: https://github.com/odoo/odoo/issues/63704
CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise 10.0 th ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Only in enterprise version)
+ NOTE: https://github.com/odoo/odoo/issues/32514
CVE-2018-15639
RESERVED
-CVE-2018-15638
- RESERVED
+CVE-2018-15638 (Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 ...)
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/63703
CVE-2018-15637
RESERVED
CVE-2018-15636
RESERVED
CVE-2018-15635 (Cross-site scripting vulnerability in the Discuss App of Odoo Communit ...)
- NOT-FOR-US: Odoo
-CVE-2018-15634
- RESERVED
-CVE-2018-15633
- RESERVED
-CVE-2018-15632
- RESERVED
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32515
+CVE-2018-15634 (Cross-site scripting (XSS) issue in attachment management in Odoo Comm ...)
+ - odoo 14.0.0+dfsg.2-1
+ NOTE: https://github.com/odoo/odoo/issues/63702
+CVE-2018-15633 (Cross-site scripting (XSS) issue in "document" module in Odoo Communit ...)
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/63701
+CVE-2018-15632 (Improper input validation in database creation logic in Odoo Community ...)
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/63700
CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community 12.0 and ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32514
CVE-2018-15630
RESERVED
CVE-2018-15629
@@ -15071,7 +15307,7 @@ CVE-2018-15599 (The recv_msg_userauth_request function in svr-auth.c in Dropbear
- dropbear 2018.76-4 (bug #906890)
[stretch] - dropbear 2016.74-5+deb9u1
NOTE: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
- NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00
+ NOTE: https://hg.ucc.asn.au/dropbear/rev/5d2d1021ca00
CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the ...)
NOT-FOR-US: Traefik
CVE-2018-15597
@@ -15083,7 +15319,8 @@ CVE-2018-1000226 (Cobbler version Verified as present in Cobbler versions 2.6.11
CVE-2018-1000225 (Cobbler version Verified as present in Cobbler versions 2.6.11+, but c ...)
- cobbler <removed>
CVE-2018-1000224 (Godot Engine version All versions prior to 2.1.5, all 3.0 versions pri ...)
- NOT-FOR-US: Godot
+ - godot <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/godotengine/godot/issues/20558
CVE-2018-1000222 (Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability ...)
{DLA-1651-1}
- libgd2 2.2.5-4.1 (low; bug #906886)
@@ -15196,7 +15433,10 @@ CVE-2018-1000639 (LatexDraw version &lt;=4.0 contains a XML External Entity (XXE
CVE-2018-1000638 (MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerabilit ...)
NOT-FOR-US: MiniCMS
CVE-2018-1000636 (JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726 ...)
- NOT-FOR-US: JerryScript
+ - iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/2435
+ NOTE: https://github.com/jerryscript-project/jerryscript/commit/87897849f6879df10e8ad68a41bf8cf507edf710
CVE-2018-1000635 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 co ...)
NOT-FOR-US: Open Microscopy Environment
CVE-2018-1000634 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 co ...)
@@ -15355,11 +15595,10 @@ CVE-2018-15520 (Various Lexmark devices have a Buffer Overflow (issue 2 of 2). .
CVE-2018-15519 (Various Lexmark devices have a Buffer Overflow (issue 1 of 2). ...)
NOT-FOR-US: Lexmark devices
CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption dur ...)
- {DSA-4374-1 DLA-1786-1 DLA-1627-1}
+ {DSA-4374-1 DLA-2377-1 DLA-1786-1 DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2
- qt4-x11 4:4.8.7+dfsg-18 (low)
- [stretch] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/236691/
CVE-2018-15517 (The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r00 ...)
@@ -15704,7 +15943,7 @@ CVE-2018-15350 (Router Default Credentials in Kraftway 24F2XG Router firmware ve
CVE-2018-15473 (OpenSSH through 7.7 is prone to a user enumeration vulnerability due t ...)
{DSA-4280-1 DLA-1474-1}
- openssh 1:7.7p1-4 (bug #906236)
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/15/5
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/15/5
NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8
NOTE: https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
NOTE: PoC at https://bugfuzz.com/stuff/ssh-check-username.py
@@ -16118,16 +16357,16 @@ CVE-2018-15163
CVE-2018-15162
RESERVED
CVE-2018-15161 (** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ...)
- - libesedb <undetermined>
+ NOTE: Disputed libesedb issues
NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15160 (** DISPUTED ** The libesedb_catalog_definition_read function in libese ...)
- - libesedb <undetermined>
+ NOTE: Disputed libesedb issues
NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15159 (** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ...)
- - libesedb <undetermined>
+ NOTE: Disputed libesedb issues
NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15158 (** DISPUTED ** The libesedb_page_read_values function in libesedb_page ...)
- - libesedb <undetermined>
+ NOTE: Disputed libesedb issues
NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15157 (** DISPUTED ** The libfsclfs_block_read function in libfsclfs_block.c ...)
NOT-FOR-US: libfsclfs
@@ -16178,7 +16417,7 @@ CVE-2018-15135
CVE-2018-15134
RESERVED
CVE-2018-15133 (In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote c ...)
- NOT-FOR-US: Laravel
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
CVE-2018-15132 (An issue was discovered in ext/standard/link_win32.c in PHP before 5.6 ...)
- php7.2 <not-affected> (Windows-specific)
- php7.1 <not-affected> (Windows-specific)
@@ -16602,12 +16841,12 @@ CVE-2018-1000637 (zutils version prior to version 1.8-pre2 contains a Buffer Ove
{DLA-1505-1}
- zutils 1.7-3 (bug #902936; bug #904819)
[stretch] - zutils 1.5-5+deb9u1
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/05/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/05/1
NOTE: https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
NOTE: Fixed by: upstream/0001-zcat-buffer-overrun.patch (in 1.7-3)
CVE-2018-14938 (An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1. ...)
+ {DLA-2468-1}
- tcpflow 1.5.0+repack1-1 (bug #905483)
- [stretch] - tcpflow <no-dsa> (Minor issue)
[jessie] - tcpflow <no-dsa> (Minor issue)
NOTE: https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb
NOTE: https://github.com/simsong/tcpflow/issues/182
@@ -16721,11 +16960,14 @@ CVE-2018-14889 (CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 c
CVE-2018-14888 (inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin be ...)
NOT-FOR-US: Eldenroot Thank You/Like plugin for MyBB
CVE-2018-14887 (Improper Host header sanitization in the dbfilter routing component in ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32511
CVE-2018-14886 (The module-description renderer in Odoo Community 11.0 and earlier and ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32513
CVE-2018-14885 (Incorrect access control in the database manager component in Odoo Com ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32512
CVE-2018-14884 (An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.1 ...)
- php7.2 7.2.1-1
- php7.1 7.1.13-1
@@ -16796,25 +17038,35 @@ CVE-2018-14870
CVE-2018-14869 (PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Add ...)
NOT-FOR-US: PHP Template Store Script
CVE-2018-14868 (Incorrect access control in the Password Encryption module in Odoo Com ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32507
CVE-2018-14867 (Incorrect access control in the portal messaging system in Odoo Commun ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32503
CVE-2018-14866 (Incorrect access control in the TransientModel framework in Odoo Commu ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32509
CVE-2018-14865 (Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32501
CVE-2018-14864 (Incorrect access control in asset bundles in Odoo Community 9.0 throug ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32502
CVE-2018-14863 (Incorrect access control in the RPC framework in Odoo Community 8.0 th ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32508
CVE-2018-14862 (Incorrect access control in the mail templating system in Odoo Communi ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32504
CVE-2018-14861 (Improper data access control in Odoo Community 10.0 and 11.0 and Odoo ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32506
CVE-2018-14860 (Improper sanitization of dynamic user expressions in Odoo Community 11 ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32505
CVE-2018-14859 (Incorrect access control in the password reset component in Odoo Commu ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32510
CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2018-14857 (Unrestricted file upload (with remote code execution) in require/mail/ ...)
@@ -17160,7 +17412,8 @@ CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-
CVE-2018-14735 (An Information Exposure issue was discovered in Hitachi Command Suite ...)
NOT-FOR-US: Hitachi
CVE-2018-14733 (The Odoo Community Association (OCA) dbfilter_from_header module makes ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/OCA/server-tools/issues/1335
CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 all ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.14-1
@@ -17307,22 +17560,22 @@ CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 0.7
{DSA-4260-1 DLA-1460-1}
- libmspack 0.7-1 (bug #904802)
NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14680 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
{DSA-4260-1 DLA-1460-1}
- libmspack 0.7-1 (bug #904801)
NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14682 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
{DSA-4260-1 DLA-1460-1}
- libmspack 0.7-1 (bug #904800)
NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c in lib ...)
{DSA-4260-1 DLA-1460-1}
- libmspack 0.7-1 (bug #904799)
NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14667 (The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression ...)
NOT-FOR-US: RichFaces
CVE-2018-14666 (An improper authorization flaw was found in the Smart Class feature of ...)
@@ -17341,30 +17594,28 @@ CVE-2018-14663 (An issue has been found in PowerDNS DNSDist before 1.3.3 allowin
[stretch] - dnsdist <no-dsa> (Minor issue)
NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html
CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph users ...)
- {DLA-1696-1}
+ {DLA-2735-1 DLA-1696-1}
- ceph 12.2.11+dfsg1-1 (bug #921948)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327
NOTE: https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578
CVE-2018-14661 (It was found that usage of snprintf function in feature/locks translat ...)
- {DLA-1565-1}
+ {DLA-2806-1 DLA-1565-1}
- glusterfs 5.1-1 (bug #912997)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880
NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127
CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 ...)
+ {DLA-2806-1}
- glusterfs 5.1-1 (bug #912997)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926
NOTE: https://review.gluster.org/#/c/glusterfs/+/21531/
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=c2c70552188ee1b15bb748b4f2272062505c7696
CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...)
- {DLA-1565-1}
+ {DLA-2806-1 DLA-1565-1}
- glusterfs 5.1-1 (bug #912997)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
NOTE: https://review.gluster.org/#/c/glusterfs/+/21530/
@@ -17381,8 +17632,8 @@ CVE-2018-14656 (A missing address check in the callers of the show_opcodes() in
CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. Wh ...)
NOT-FOR-US: Keycloak
CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse o ...)
+ {DLA-2806-1}
- glusterfs 5.1-1 (bug #912997)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576
@@ -17390,9 +17641,8 @@ CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to a
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=5f4ae8a80543332a2e92dfa5c7f833ae7b93a664 (release-4.1)
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=dc775c4ae052d1e9d0f61ace3be999f73f0ffa23 (release-5)
CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable ...)
- {DLA-1565-1}
+ {DLA-2806-1 DLA-1565-1}
- glusterfs 5.1-1 (bug #912997)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431
NOTE: https://review.gluster.org/#/c/glusterfs/+/21528/
@@ -17400,9 +17650,8 @@ CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulne
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=d3ec5f5a089edb68206b5d4a469358867340d4f7
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2712fbd38477e736f157c9dbfbbae9c253b6c13
CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...)
- {DLA-1565-1}
+ {DLA-2806-1 DLA-1565-1}
- glusterfs 5.0-1 (bug #912997)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
NOTE: https://review.gluster.org/#/c/glusterfs/+/21535/
@@ -17471,9 +17720,9 @@ CVE-2018-14641 (A security flaw was found in the ip_frag_reasm() function in net
NOTE: https://www.openwall.com/lists/oss-security/2018/09/18/1
NOTE: Fixed by: https://git.kernel.org/linus/5d407b071dc369c26a38398326ee2be53651cfe4
CVE-2018-14640
- RESERVED
+ REJECTED
CVE-2018-14639
- RESERVED
+ REJECTED
CVE-2018-14638 (A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ...)
- 389-ds-base 1.4.0.18-1 (bug #908859)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
@@ -17564,7 +17813,7 @@ CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel bef
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/28/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/28/1
CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun in the NT ...)
{DSA-4286-1 DLA-1498-1}
- curl 7.62.0-1 (bug #908327)
@@ -17594,26 +17843,26 @@ CVE-2018-14614 (An issue was discovered in the Linux kernel through 4.17.10. The
[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200419
CVE-2018-14613 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
- {DLA-1715-1}
+ {DLA-2241-1 DLA-1715-1}
- linux 4.19.9-1
[stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199849
NOTE: https://patchwork.kernel.org/patch/10503147/
CVE-2018-14612 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
- {DLA-1715-1}
+ {DLA-2241-1 DLA-1715-1}
- linux 4.18.8-1
[stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199847
NOTE: https://patchwork.kernel.org/patch/10503403/
NOTE: https://patchwork.kernel.org/patch/10503413/
CVE-2018-14611 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
- {DLA-1715-1}
+ {DLA-2241-1 DLA-1715-1}
- linux 4.19.9-1
[stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199839
NOTE: https://patchwork.kernel.org/patch/10503099/
CVE-2018-14610 (An issue was discovered in the Linux kernel through 4.17.10. There is ...)
- {DLA-1715-1}
+ {DLA-2241-1 DLA-1715-1}
- linux 4.19.9-1
[stretch] - linux 4.9.144-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199837
@@ -17730,7 +17979,7 @@ CVE-2018-14578
RESERVED
CVE-2018-14577
RESERVED
-CVE-2018-14576 (The mintToken function of a smart contract implementation for SunContr ...)
+CVE-2018-14576 (The mintTokens function of a smart contract implementation for SunCont ...)
NOT-FOR-US: smart contract implementation for SunContract
CVE-2018-14575 (Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a t ...)
NOT-FOR-US: MyBB plugin
@@ -17815,11 +18064,10 @@ CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST
NOTE: https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
NOTE: https://redmine.openinfosecfoundation.org/issues/2501
CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers to caus ...)
- {DLA-1524-1}
+ {DLA-2369-1 DLA-1524-1}
[experimental] - libxml2 2.9.9+dfsg1-1~exp1
- libxml2 2.9.10+dfsg-2
- [buster] - libxml2 <no-dsa> (Minor issue)
- [stretch] - libxml2 <postponed> (Minor issue)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
CVE-2018-14566
@@ -17859,8 +18107,8 @@ CVE-2018-14553 (gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL
CVE-2018-14552
RESERVED
CVE-2018-14551 (The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 use ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.10.8+dfsg-1 (bug #904713)
- [stretch] - imagemagick <postponed> (Can be fixed along in a future DSA)
[jessie] - imagemagick <not-affected> (vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1221
NOTE: https://github.com/ImageMagick/ImageMagick/commit/389ecc365a7c61404ba078a72c3fa5a3cf1b4101
@@ -17992,7 +18240,7 @@ CVE-2018-1999023 (The Battle for Wesnoth Project version 1.7.0 through 1.14.3 co
[stretch] - wesnoth-1.12 1:1.12.6-1+deb9u1
- wesnoth-1.10 <removed>
[jessie] - wesnoth-1.10 <end-of-life> (Games are not supported in Jessie)
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/20/1
NOTE: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318 (1.14.x)
CVE-2018-14505 (mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to t ...)
- mitmproxy 3.0.4-1 (bug #904293)
@@ -18003,11 +18251,9 @@ CVE-2018-14505 (mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, relate
CVE-2018-14499 (An issue was found in HYBBS through 2016-03-08. There is an XSS vulner ...)
NOT-FOR-US: HYBBS
CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG th ...)
- {DLA-1719-1}
- [experimental] - libjpeg-turbo 1:2.0.2-1~exp1
- - libjpeg-turbo <unfixed> (low; bug #924678)
- [buster] - libjpeg-turbo <no-dsa> (Minor issue)
- [stretch] - libjpeg-turbo <no-dsa> (Minor issue)
+ {DLA-2302-1 DLA-1719-1}
+ - libjpeg-turbo 1:2.0.5-1 (low; bug #924678)
+ [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
- mozjpeg <itp> (bug #741487)
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
@@ -18111,74 +18357,53 @@ CVE-2018-14461 (The LDP parser in tcpdump before 4.9.3 has a buffer over-read in
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md
+ NOTE: Negligible security impact
CVE-2018-14459 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14458 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14457 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14456 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14455 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14454 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14453 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14452 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14451 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14450 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14449 (An issue was discovered in libgig 4.1.0. There is an out of bounds rea ...)
- - libgig <unfixed> (low; bug #931309)
- [buster] - libgig <ignored> (Minor issue)
- [stretch] - libgig <ignored> (Minor issue)
- [jessie] - libgig <no-dsa> (Minor issue)
- NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md
+ - libgig <unfixed> (unimportant; bug #931309)
+ NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
+ NOTE: Negligible security impact
CVE-2018-14448 (Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL poi ...)
- untrunc <itp> (bug #702476)
CVE-2018-14447 (trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds r ...)
@@ -18233,7 +18458,7 @@ CVE-2018-14432 (In the Federation component of OpenStack Keystone before 11.0.4,
{DSA-4275-1}
- keystone 2:13.0.0-7 (bug #904616)
[jessie] - keystone <end-of-life> (Not supported in Jessie)
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/25/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/25/2
NOTE: https://bugs.launchpad.net/keystone/+bug/1779205
CVE-2018-14431
RESERVED
@@ -18297,11 +18522,10 @@ CVE-2018-14406
CVE-2018-14405
RESERVED
CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPat ...)
- {DLA-1524-1}
+ {DLA-2369-1 DLA-1524-1}
[experimental] - libxml2 2.9.9+dfsg1-1~exp1
- libxml2 2.9.10+dfsg-2 (low; bug #901817)
- [buster] - libxml2 <no-dsa> (Minor issue)
- [stretch] - libxml2 <no-dsa> (Minor issue)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10
NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
@@ -18309,7 +18533,7 @@ CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles sub
- mp4v2 <removed> (bug #904897)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/3
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/3
CVE-2018-14402 (axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::p ...)
NOT-FOR-US: axmldec
CVE-2018-14401 (CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out- ...)
@@ -18324,7 +18548,7 @@ CVE-2018-14397 (An issue was discovered in Creme CRM 1.6.12. The organization cr
NOT-FOR-US: Creme CRM
CVE-2018-14396 (An issue was discovered in Creme CRM 1.6.12. The salesman creation pag ...)
NOT-FOR-US: Creme CRM
-CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause ...)
+CVE-2018-14395 (libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause ...)
{DSA-4258-1}
- ffmpeg 7:4.0.2-1
- libav <removed>
@@ -18344,19 +18568,19 @@ CVE-2018-14391
CVE-2018-14390
RESERVED
CVE-2018-1999001 (A unauthorized modification of configuration vulnerability exists in J ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1999002 (A arbitrary file read vulnerability exists in Jenkins 2.132 and earlie ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1999003 (A Improper authorization vulnerability exists in Jenkins 2.132 and ear ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1999004 (A Improper authorization vulnerability exists in Jenkins 2.132 and ear ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1999005 (A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1999006 (A exposure of sensitive information vulnerability exists in Jenkins 2. ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1999007 (A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-14389 (joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val ...)
NOT-FOR-US: joyplus-cms
CVE-2018-14388 (joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_de ...)
@@ -18381,7 +18605,7 @@ CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses
- mp4v2 <removed> (bug #904898)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/17/1
CVE-2018-14378
REJECTED
CVE-2018-14377
@@ -18795,12 +19019,12 @@ CVE-2018-14326 (In MP4v2 2.0.0, there is an integer overflow (with resultant mem
- mp4v2 <removed> (bug #904900)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/16/1
CVE-2018-14325 (In MP4v2 2.0.0, there is an integer underflow (with resultant memory c ...)
- mp4v2 <removed> (bug #904901)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/16/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/16/1
CVE-2018-14240
RESERVED
CVE-2018-14239
@@ -19155,8 +19379,8 @@ CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnera
NOT-FOR-US: SRCMS
CVE-2018-14068 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...)
NOT-FOR-US: SRCMS
-CVE-2018-14067
- RESERVED
+CVE-2018-14067 (Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injec ...)
+ NOT-FOR-US: Green Packet WiMax DV-360 devices
CVE-2018-14066 (The content://wappush content provider in com.android.provider.telepho ...)
NOT-FOR-US: Lenovo
CVE-2018-14065 (XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. ...)
@@ -19182,12 +19406,12 @@ CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted lines
- znc 1.7.1-1 (bug #903787)
NOTE: https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
NOTE: https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/4
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/4
CVE-2018-14056 (ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a we ...)
{DSA-4252-1 DLA-1427-1}
- znc 1.7.1-1 (bug #903788)
NOTE: https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/5
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/5
CVE-2018-14053
RESERVED
CVE-2018-14052 (An issue has been found in libwav through 2017-04-20. It is a SEGV in ...)
@@ -19274,10 +19498,11 @@ CVE-2018-14037 (Cross-site scripting (XSS) vulnerability in Progress Kendo UI Ed
NOT-FOR-US: Progress Kendo UI Editor
CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...)
- ruby-doorkeeper 4.4.2-1 (bug #903980)
- [stretch] - ruby-doorkeeper <no-dsa> (Minor issue)
+ [stretch] - ruby-doorkeeper <ignored> (Minor issue, invasive, no reverse dependencies, require changes in calling code)
NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891
NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1119
- NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1031
+ NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/16e76e666b63e0e5e2704dd45b59e426190ddc78 (v4.4.0)
+ NOTE: Requires changes in the reverse dependencies
CVE-2018-1000210 (YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object ...)
NOT-FOR-US: YamlDotNet
CVE-2018-1000209 (Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insec ...)
@@ -19292,36 +19517,42 @@ CVE-2018-14054 (A double free exists in the MP4StringProperty class in mp4proper
- mp4v2 <removed> (bug #903859)
[stretch] - mp4v2 <no-dsa> (Minor issue)
[jessie] - mp4v2 <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/13/1
CVE-2018-14036 (Directory Traversal with ../ sequences occurs in AccountsService befor ...)
- accountsservice 0.6.45-2 (low; bug #903828)
[stretch] - accountsservice <no-dsa> (Minor issue)
[jessie] - accountsservice <ignored> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/02/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/02/2
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=107085
NOTE: https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/f9abd359f71a5bce421b9ae23432f539a067847a
CVE-2018-14035 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
+ NOTE: Negligible security impact
CVE-2018-14034 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
+ NOTE: Negligible security impact
CVE-2018-14033 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
+ NOTE: Negligible security impact
CVE-2018-14032
REJECTED
CVE-2018-14031 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
+ NOTE: Negligible security impact
CVE-2018-14030
RESERVED
CVE-2018-14029 (CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allo ...)
NOT-FOR-US: Creatiwity wityCMS
CVE-2018-14028 (In WordPress 4.9.7, plugins uploaded via the admin area are not verifi ...)
- wordpress <unfixed> (bug #906565)
- [stretch] - wordpress <no-dsa> (Minor issue)
- [jessie] - wordpress <postponed> (no sanctioned patch)
+ [bullseye] - wordpress <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - wordpress <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - wordpress <postponed> (Minor issue, no sanctioned patch)
+ [jessie] - wordpress <postponed> (Minor issue, no sanctioned patch)
NOTE: https://core.trac.wordpress.org/ticket/44710
NOTE: https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/
CVE-2018-14027 (Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or ...)
@@ -19429,8 +19660,8 @@ CVE-2018-13984
CVE-2018-13983 (ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.ph ...)
NOT-FOR-US: ImpressCMS
CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ...)
+ {DLA-2618-1}
- smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1
- [stretch] - smarty3 <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - smarty3 <not-affected> (vulnerable code not present)
NOTE: https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe
NOTE: https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8
@@ -19445,123 +19676,123 @@ CVE-2018-13981 (The websites that were built from Zeta Producer Desktop CMS befo
CVE-2018-13980 (The websites that were built from Zeta Producer Desktop CMS before 14. ...)
NOT-FOR-US: Zeta Producer Desktop CMS
CVE-2018-13979
- RESERVED
+ REJECTED
CVE-2018-13978
- RESERVED
+ REJECTED
CVE-2018-13977
- RESERVED
+ REJECTED
CVE-2018-13976
- RESERVED
+ REJECTED
CVE-2018-13975
- RESERVED
+ REJECTED
CVE-2018-13974
- RESERVED
+ REJECTED
CVE-2018-13973
- RESERVED
+ REJECTED
CVE-2018-13972
- RESERVED
+ REJECTED
CVE-2018-13971
- RESERVED
+ REJECTED
CVE-2018-13970
- RESERVED
+ REJECTED
CVE-2018-13969
- RESERVED
+ REJECTED
CVE-2018-13968
- RESERVED
+ REJECTED
CVE-2018-13967
- RESERVED
+ REJECTED
CVE-2018-13966
- RESERVED
+ REJECTED
CVE-2018-13965
- RESERVED
+ REJECTED
CVE-2018-13964
- RESERVED
+ REJECTED
CVE-2018-13963
- RESERVED
+ REJECTED
CVE-2018-13962
- RESERVED
+ REJECTED
CVE-2018-13961
- RESERVED
+ REJECTED
CVE-2018-13960
- RESERVED
+ REJECTED
CVE-2018-13959
- RESERVED
+ REJECTED
CVE-2018-13958
- RESERVED
+ REJECTED
CVE-2018-13957
- RESERVED
+ REJECTED
CVE-2018-13956
- RESERVED
+ REJECTED
CVE-2018-13955
- RESERVED
+ REJECTED
CVE-2018-13954
- RESERVED
+ REJECTED
CVE-2018-13953
- RESERVED
+ REJECTED
CVE-2018-13952
- RESERVED
+ REJECTED
CVE-2018-13951
- RESERVED
+ REJECTED
CVE-2018-13950
- RESERVED
+ REJECTED
CVE-2018-13949
- RESERVED
+ REJECTED
CVE-2018-13948
- RESERVED
+ REJECTED
CVE-2018-13947
- RESERVED
+ REJECTED
CVE-2018-13946
- RESERVED
+ REJECTED
CVE-2018-13945
- RESERVED
+ REJECTED
CVE-2018-13944
- RESERVED
+ REJECTED
CVE-2018-13943
- RESERVED
+ REJECTED
CVE-2018-13942
- RESERVED
+ REJECTED
CVE-2018-13941
- RESERVED
+ REJECTED
CVE-2018-13940
- RESERVED
+ REJECTED
CVE-2018-13939
- RESERVED
+ REJECTED
CVE-2018-13938
- RESERVED
+ REJECTED
CVE-2018-13937
- RESERVED
+ REJECTED
CVE-2018-13936
- RESERVED
+ REJECTED
CVE-2018-13935
- RESERVED
+ REJECTED
CVE-2018-13934
- RESERVED
+ REJECTED
CVE-2018-13933
- RESERVED
+ REJECTED
CVE-2018-13932
- RESERVED
+ REJECTED
CVE-2018-13931
- RESERVED
+ REJECTED
CVE-2018-13930
- RESERVED
+ REJECTED
CVE-2018-13929
- RESERVED
+ REJECTED
CVE-2018-13928
- RESERVED
+ REJECTED
CVE-2018-13927 (Debug policy with invalid signature can be loaded when the debug polic ...)
NOT-FOR-US: Snapdragon
CVE-2018-13926
- RESERVED
+ REJECTED
CVE-2018-13925 (Error in parsing PMT table frees the memory allocated for the map sect ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13924 (Lack of check to prevent the buffer length taking negative values can ...)
NOT-FOR-US: Snapdragon
CVE-2018-13923
- RESERVED
+ REJECTED
CVE-2018-13922
- RESERVED
+ REJECTED
CVE-2018-13921
- RESERVED
+ REJECTED
CVE-2018-13920 (Use-after-free condition due to Improper handling of hrtimers when the ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13919 (Use-after-free vulnerability will occur if reset of the routing table ...)
@@ -19574,7 +19805,7 @@ CVE-2018-13917
CVE-2018-13916 (Out-of-bounds memory access in Qurt kernel function when using the ide ...)
NOT-FOR-US: Snapdragon
CVE-2018-13915
- RESERVED
+ REJECTED
CVE-2018-13914 (Lack of input validation for data received from user space can lead to ...)
NOT-FOR-US: CodeAurora components for Android
CVE-2018-13913 (Improper validation of array index can lead to unauthorized access whi ...)
@@ -19597,8 +19828,8 @@ CVE-2018-13905 (KGSL syncsource lock not handled properly during syncsource clea
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13904 (Improper input validation in SCM handler to access storage in TZ can l ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13903
- RESERVED
+CVE-2018-13903 (u'Error in UE due to race condition in EPCO handling' in Snapdragon Au ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2018-13902 (Out of bounds memory read and access due to improper array index valid ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13901 (Due to missing permissions in Android Manifest file, Sensitive informa ...)
@@ -19620,11 +19851,11 @@ CVE-2018-13894
CVE-2018-13893 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
CVE-2018-13892
- RESERVED
+ REJECTED
CVE-2018-13891
- RESERVED
+ REJECTED
CVE-2018-13890
- RESERVED
+ REJECTED
CVE-2018-13889 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
CVE-2018-13888 (There is potential for memory corruption in the RIL daemon due to de r ...)
@@ -19638,13 +19869,13 @@ CVE-2018-13885 (Possible memory overread may be lead to access of sensitive data
CVE-2018-13884
REJECTED
CVE-2018-13883
- RESERVED
+ REJECTED
CVE-2018-13882
- RESERVED
+ REJECTED
CVE-2018-13881
- RESERVED
+ REJECTED
CVE-2018-13880
- RESERVED
+ REJECTED
CVE-2018-13879 (A reflected XSS issue was discovered in the registration form in Rocke ...)
NOT-FOR-US: Rocket.Chat
CVE-2018-13878 (An XSS issue was discovered in packages/rocketchat-mentions/Mentions.j ...)
@@ -19652,37 +19883,37 @@ CVE-2018-13878 (An XSS issue was discovered in packages/rocketchat-mentions/Ment
CVE-2018-13877 (The doPayouts() function of the smart contract implementation for Mega ...)
NOT-FOR-US: MegaCryptoPolis
CVE-2018-13876 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...)
- - hdf5 <undetermined>
+ NOTE: Negligible HDF crash, never properly reported upstrem
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13875 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
- - hdf5 <undetermined>
+ NOTE: Negligible HDF crash, never properly reported upstrem
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13874 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...)
- - hdf5 <undetermined>
+ NOTE: Negligible HDF crash, never properly reported upstrem
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13873 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a buf ...)
- - hdf5 <undetermined>
+ NOTE: Negligible HDF crash, never properly reported upstrem
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13872 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- - hdf5 <undetermined>
+ NOTE: Negligible HDF crash, never properly reported upstrem
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13871 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- - hdf5 <undetermined>
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
+ NOTE: Negligible HDF crash, never properly reported upstrem
CVE-2018-13870 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- - hdf5 <undetermined>
+ NOTE: Negligible HDF crash, never properly reported upstrem
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13869 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a mem ...)
- - hdf5 <undetermined>
+ NOTE: Negligible HDF crash, never properly reported upstrem
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13868 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- - hdf5 <undetermined>
+ NOTE: Negligible HDF crash, never properly reported upstrem
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13867 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
- - hdf5 <undetermined>
+ NOTE: Negligible HDF crash, never properly reported upstrem
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13866 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...)
- - hdf5 <undetermined>
+ NOTE: Negligible HDF crash, never properly reported upstrem
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13865 (An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the c ...)
NOT-FOR-US: idreamsoft iCMS
@@ -19730,7 +19961,7 @@ CVE-2018-13845 (An issue has been found in HTSlib 1.8. It is a buffer over-read
[stretch] - htslib <no-dsa> (Minor issue)
[jessie] - htslib <no-dsa> (Minor issue)
NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403681105
-CVE-2018-13844 (An issue has been found in HTSlib 1.8. It is a memory leak in fai_read ...)
+CVE-2018-13844 (** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory l ...)
- htslib 1.9-2 (low)
[stretch] - htslib <no-dsa> (Minor issue)
[jessie] - htslib <no-dsa> (Minor issue)
@@ -20697,7 +20928,7 @@ CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux kernel
{DSA-4266-1 DLA-1529-1 DLA-1466-1}
- linux 4.17.6-1
NOTE: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/13/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/13/2
CVE-2018-13404 (The VerifyPopServerConnection resource in Atlassian Jira before versio ...)
NOT-FOR-US: Atlassian
CVE-2018-13403 (The two-dimensional filter statistics gadget in Atlassian Jira before ...)
@@ -20740,11 +20971,11 @@ CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree for
NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13384 (A Host Header Redirection vulnerability in Fortinet FortiOS all versio ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5. ...)
+CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13382 (An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6 ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2018-13381 (A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5. ...)
+CVE-2018-13381 (A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0. ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13380 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 t ...)
NOT-FOR-US: Fortinet FortiOS
@@ -20758,7 +20989,7 @@ CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS 5
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13375 (An Improper Neutralization of Script-Related HTML Tags in Fortinet For ...)
NOT-FOR-US: FortiAnalyzer and FortiManager
-CVE-2018-13374 (A Improper Access Control in Fortinet FortiOS allows attacker to obtai ...)
+CVE-2018-13374 (A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2018-13373
RESERVED
@@ -20772,7 +21003,7 @@ CVE-2018-13369
RESERVED
CVE-2018-13368 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
NOT-FOR-US: Fortinet FortiClient
-CVE-2018-13367 (An information exposure vulnerability in FortiOS 6.2.0 and below may a ...)
+CVE-2018-13367 (An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and belo ...)
NOT-FOR-US: FortiOS
CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6 ...)
NOT-FOR-US: Fortinet FortiOS
@@ -20922,7 +21153,7 @@ CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value befor
[jessie] - libav <not-affected> (Vulnerable code path not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b
NOTE: It looks like Jessie is not affected but we need the reproducer to confirm this assumption.
-CVE-2018-13300 (In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to th ...)
+CVE-2018-13300 (In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) pass ...)
{DSA-4249-1}
- ffmpeg 7:3.4.3-1
- libav <removed>
@@ -21010,8 +21241,8 @@ CVE-2018-13261
CVE-2018-13260
REJECTED
CVE-2018-13259 (An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 ...)
+ {DLA-2470-1}
- zsh 5.6-1 (bug #908000)
- [stretch] - zsh <no-dsa> (Minor issue)
[jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/mla/zsh-announce/136
NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
@@ -21359,7 +21590,7 @@ CVE-2018-13099 (An issue was discovered in fs/f2fs/inline.c in the Linux kernel
{DSA-4308-1 DLA-1531-1}
- linux 4.18.10-1
[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200179
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a
NOTE: https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/
@@ -21381,7 +21612,7 @@ CVE-2018-13096 (An issue was discovered in fs/f2fs/super.c in the Linux kernel t
- linux 4.19.9-1
[stretch] - linux 4.9.144-1
[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200167
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34
CVE-2018-13095 (An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux ...)
@@ -21393,7 +21624,7 @@ CVE-2018-13094 (An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the
{DLA-2114-1 DLA-1529-1}
- linux 4.17.14-1
[stretch] - linux 4.9.210-1
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199969
NOTE: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a
CVE-2018-13093 (An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel thr ...)
@@ -21486,7 +21717,7 @@ CVE-2018-13053 (The alarm_timer_nsleep function in kernel/time/alarmtimer.c in t
{DLA-1731-1 DLA-1715-1}
- linux 4.18.20-1
[stretch] - linux 4.9.135-1
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200303
NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef
CVE-2018-13052 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privileg ...)
@@ -21541,7 +21772,7 @@ CVE-2018-13033 (The Binary File Descriptor (BFD) library (aka libbfd), as distri
NOTE: binutils not covered by security support
CVE-2018-13032 (ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser a ...)
NOT-FOR-US: ECESSA ShieldLink
-CVE-2018-13031 (DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an admi ...)
+CVE-2018-13031 (DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to ...)
NOT-FOR-US: DamiCMS
CVE-2018-13030 (An issue was discovered in jpeg-compressor 0.1. The build_huffman func ...)
NOT-FOR-US: jpeg-compressor
@@ -21646,6 +21877,7 @@ CVE-2018-12984 (Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" cred
NOT-FOR-US: Hycus CMS
CVE-2018-12983 (A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryp ...)
- libpodofo <unfixed> (low; bug #916580)
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
@@ -21791,9 +22023,10 @@ CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the L
[jessie] - linux <ignored> (ntfs is not supportable)
CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was discovered ...)
- linux <unfixed> (low)
+ [bullseye] - linux <ignored> (Minor issue)
[buster] - linux <ignored> (Minor issue)
[stretch] - linux <ignored> (Minor issue)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384
NOTE: https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2
CVE-2018-12927 (Northern Electric &amp; Power (NEP) inverter devices allow remote atta ...)
@@ -21907,8 +22140,8 @@ CVE-2018-12888
CVE-2018-12887
RESERVED
CVE-2018-12886 (stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu ...)
- - gcc-snapshot <unfixed>
- gcc-8 <unfixed>
+ [bullseye] - gcc-8 <ignored> (Too intrusive to backport)
[buster] - gcc-8 <ignored> (Too intrusive to backport)
- gcc-7 <unfixed>
[buster] - gcc-7 <ignored> (Too intrusive to backport)
@@ -21918,7 +22151,8 @@ CVE-2018-12886 (stack_protect_prologue in cfgexpand.c and stack_protect_epilogue
[jessie] - gcc-4.9 <ignored> (Too intrusive to backport)
- gcc-4.8 <removed>
[jessie] - gcc-4.8 <ignored> (Too intrusive to backport)
- NOTE: https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup
+ NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85434
+ NOTE: https://gcc.gnu.org/git/?p=gcc.git&a=commit;h=89d7557202d25a393666ac4c0f7dbdab31e452a2
CVE-2018-12885 (The randMod() function of the smart contract implementation for MyCryp ...)
NOT-FOR-US: MyCryptoChamp
CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user ...)
@@ -21960,7 +22194,7 @@ CVE-2018-12882 (exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.
- php7.0 <not-affected> (Specific to 7.2.x)
- php5 <not-affected> (Specific to 7.2.x)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76409
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3fdde65617e9f954e2c964768aac8831005497e5
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=3fdde65617e9f954e2c964768aac8831005497e5
CVE-2018-12881 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
NOT-FOR-US: Adobe
CVE-2018-12880 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
@@ -22327,12 +22561,8 @@ CVE-2018-12702 (The approveAndCallcode function of a smart contract implementati
NOT-FOR-US: Globalvillage ecosystem
CVE-2018-12701
RESERVED
-CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in debug.c ...)
- - binutils 2.32.51.20190707-1 (unimportant)
- NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
- NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
- NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
- NOTE: binutils not covered by security support
+CVE-2018-12700
+ REJECTED
CVE-2018-12699 (finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause ...)
- binutils 2.32.51.20190707-1 (unimportant)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
@@ -22371,9 +22601,11 @@ CVE-2018-12689 (phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id
NOTE: Non-security issue as demostrated in https://bugs.debian.org/902186
NOTE: and disputed as security issue. Should be properly rejected by MITRE.
CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. ...)
- NOT-FOR-US: tinyexr
+ - tinyexr <undetermined>
+ NOTE: https://github.com/syoyo/tinyexr/issues/83
CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h ...)
- NOT-FOR-US: tinyexr
+ - tinyexr <undetermined>
+ NOTE: https://github.com/syoyo/tinyexr/issues/84
CVE-2018-12686
RESERVED
CVE-2018-12685
@@ -22526,7 +22758,7 @@ CVE-2018-1000546 (Triplea version &lt;= 1.9.0.0.10291 contains a XML External En
CVE-2018-1000545
REJECTED
CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Tra ...)
- {DLA-1467-1}
+ {DLA-2307-1 DLA-1467-1}
- ruby-zip 1.2.2-1 (bug #902720)
NOTE: https://github.com/rubyzip/rubyzip/issues/369
NOTE: Part of fixes:
@@ -22599,9 +22831,8 @@ CVE-2018-1000519 (aio-libs aiohttp-session contains a Session Fixation vulnerabi
CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper Handling o ...)
NOT-FOR-US: aaugustin websockets
CVE-2018-1000517 (BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c ...)
- {DLA-1445-1}
+ {DLA-2559-1 DLA-1445-1}
- busybox 1:1.27.2-3 (low; bug #902724)
- [stretch] - busybox <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
CVE-2018-1000516 (The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper N ...)
NOT-FOR-US: Galaxy Project Galaxy
@@ -22795,9 +23026,8 @@ CVE-2018-12586
CVE-2018-12585 (An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allo ...)
NOT-FOR-US: OPC UA Java and .NET Legacy Stack
CVE-2018-12584 (The ConnectionBase::preparseNewBytes function in resip/stack/Connectio ...)
- {DLA-1439-1}
+ {DLA-2865-1 DLA-1439-1}
- resiprocate <removed> (bug #905495)
- [stretch] - resiprocate <no-dsa> (Minor issue)
NOTE: http://joachimdezutter.webredirect.org/advisory.html
NOTE: https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an article via a ...)
@@ -22862,7 +23092,7 @@ CVE-2018-12563 (An issue was discovered in Linaro LAVA before 2018.5.post1. Beca
NOTE: https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214
CVE-2018-12562 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/18/1
NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
@@ -22870,7 +23100,7 @@ CVE-2018-12562 (An issue was discovered in the cantata-mounter D-Bus service in
NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12561 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/18/1
NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
@@ -22878,14 +23108,14 @@ CVE-2018-12561 (An issue was discovered in the cantata-mounter D-Bus service in
NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12560 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/18/1
NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
CVE-2018-12559 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/18/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/18/1
NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
@@ -22960,13 +23190,16 @@ CVE-2018-12538 (In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the op
CVE-2018-12537 (In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response header ...)
NOT-FOR-US: Eclipse Vertx
CVE-2018-12536 (In Eclipse Jetty Server, all 9.x versions, on webapps deployed using d ...)
+ {DLA-2661-1}
- jetty9 9.2.25-1 (low; bug #902774)
- [stretch] - jetty9 <ignored> (Harmless information leak)
- jetty8 <removed>
[jessie] - jetty8 <ignored> (Harmless information leak)
- jetty <removed>
[jessie] - jetty <ignored> (Harmless information leak)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535670
+ NOTE: https://github.com/eclipse/jetty.project/issues/2560
+ NOTE: Introduced by https://github.com/eclipse/jetty.project/commit/9f844383cdb528d67ec69895dd8c6117b6e36e13 (v9.3)
+ NOTE: Marked as fixed by 9.2.25 at https://www.eclipse.org/jetty/security_reports.php but no related commit found for 9.2.x
CVE-2018-12535
RESERVED
CVE-2018-12534 (A SQL injection issue was discovered in the Quick Chat plugin before 4 ...)
@@ -23035,9 +23268,13 @@ CVE-2018-12506
CVE-2018-12505
RESERVED
CVE-2018-12504 (tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tiny ...)
- NOT-FOR-US: tinyexr
+ - tinyexr <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_b53a457
+ NOTE: https://github.com/syoyo/tinyexr/issues/82
CVE-2018-12503 (tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMem ...)
- NOT-FOR-US: tinyexr
+ - tinyexr <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/syoyo/tinyexr/issues/81
+ NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#duplicated-cve-2018-12503-heap-buffer-overflow-in-function-tinyexrloadexrimagefromfile-tinyexrh11593
CVE-2018-12502
RESERVED
CVE-2018-12501 (Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. ...)
@@ -23104,8 +23341,8 @@ CVE-2018-12477 (A Improper Neutralization of CRLF Sequences vulnerability in Ope
NOTE: https://github.com/openSUSE/obs-service-refresh_patches/commit/d6244245dda5367767efc989446fe4b5e4609cce
CVE-2018-12476 (Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE L ...)
NOT-FOR-US: obs-service-tar_scm
-CVE-2018-12475
- RESERVED
+CVE-2018-12475 (A Externally Controlled Reference to a Resource in Another Sphere vuln ...)
+ NOT-FOR-US: obs-service-download_files
CVE-2018-12474 (Improper input validation in obs-service-tar_scm of Open Build Service ...)
NOT-FOR-US: obs-service-tar_scm of Open Build Service
CVE-2018-12473 (A path traversal traversal vulnerability in obs-service-tar_scm of Ope ...)
@@ -23199,8 +23436,6 @@ CVE-2018-12439 (MatrixSSL through 3.9.5 Open allows a memory-cache side-channel
- matrixssl <removed>
CVE-2018-12438 (The Elliptic Curve Cryptography library (aka sunec or libsunec) allows ...)
- openjdk-7 <not-affected> (Didn't include/build sunec, see #750400)
- - openjdk-8 <undetermined>
- - openjdk-11 <undetermined>
CVE-2018-12437 (LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack o ...)
- libtomcrypt 1.18.2-1 (low; bug #901626)
[stretch] - libtomcrypt <no-dsa> (Minor issue)
@@ -23286,7 +23521,7 @@ CVE-2018-12405 (Mozilla developers and community members reported memory safety
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-12405
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-12405
CVE-2018-12404 (A cached side channel attack during handshakes using RSA encryption co ...)
- {DLA-1704-1}
+ {DLA-2388-1 DLA-1704-1}
- nss 2:3.41-1
NOTE: http://cat.eyalro.net/
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1485864 (not public)
@@ -23462,8 +23697,7 @@ CVE-2018-12372 (Decrypted S/MIME parts, when included in HTML crafted for an att
{DSA-4244-1 DLA-1425-1}
- thunderbird 1:52.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372
-CVE-2018-12371
- RESERVED
+CVE-2018-12371 (An integer overflow vulnerability in the Skia library when allocating ...)
{DSA-4295-1 DLA-1575-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
@@ -23566,7 +23800,7 @@ CVE-2018-12356 (An issue was discovered in password-store.sh in pass in Simple P
NOTE: Introduced in: https://git.zx2c4.com/password-store/commit/?id=ff62f87f41557ab7267defab662324927301485a
NOTE: Fixed by: https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d
NOTE: https://neopg.io/blog/pass-signature-spoof/
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/14/3
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/14/3
CVE-2018-12355 (Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or descriptio ...)
NOT-FOR-US: Knowage / SpagoBI
CVE-2018-12354 (Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demons ...)
@@ -24221,26 +24455,30 @@ CVE-2018-12098 (** DISPUTED ** The liblnk_data_block_read function in liblnk_dat
NOTE: https://github.com/libyal/liblnk/issues/33
NOTE: Questionable/negligabe security impact
CVE-2018-12097 (** DISPUTED ** The liblnk_location_information_read_data function in l ...)
- - liblnk <unfixed> (unimportant; bug #901962)
+ - liblnk 20180626-1 (unimportant; bug #901962)
NOTE: http://seclists.org/fulldisclosure/2018/Jun/33
NOTE: https://github.com/libyal/liblnk/commit/cb7fe0c66a5a01c19f1953fc7814c4fedfdc5785
NOTE: https://github.com/libyal/liblnk/issues/32
NOTE: https://github.com/libyal/liblnk/issues/33
NOTE: Questionable/negligabe security impact
CVE-2018-12096 (** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in ...)
- - liblnk <unfixed> (unimportant; bug #901962)
+ - liblnk 20180626-1 (unimportant; bug #901962)
NOTE: http://seclists.org/fulldisclosure/2018/Jun/33
NOTE: https://github.com/libyal/liblnk/issues/32
NOTE: https://github.com/libyal/liblnk/issues/33
+ NOTE: https://github.com/libyal/libuna/commit/aca678aa7e49ca628f1b27a53fdea883fa8764bb
+ NOTE: https://github.com/libyal/libuna/commit/f22aca8b649afe5cef529d9268186bfe591b7f89
NOTE: Questionable/negligabe security impact
CVE-2018-12095 (A Reflected Cross-Site Scripting web vulnerability has been discovered ...)
NOT-FOR-US: OEcms
CVE-2018-12094 (Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS V ...)
NOT-FOR-US: Dimofinf CMS
CVE-2018-12093 (tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr ...)
- NOT-FOR-US: tinyexr
+ - tinyexr <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/syoyo/tinyexr/issues/79
CVE-2018-12092 (tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixe ...)
- NOT-FOR-US: tinyexr
+ - tinyexr <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/syoyo/tinyexr/issues/78
CVE-2018-12091
RESERVED
CVE-2018-12090 (There is unauthenticated reflected cross-site scripting (XSS) in LAMS ...)
@@ -24311,7 +24549,8 @@ CVE-2018-12067 (The sell function of a smart contract implementation for Substra
CVE-2018-12065 (A Local File Inclusion vulnerability in /system/WCore/WHelper.php in C ...)
NOT-FOR-US: wityCMS
CVE-2018-12064 (tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChann ...)
- NOT-FOR-US: tinyexr
+ - tinyexr <undetermined>
+ NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_7953aea
CVE-2018-12063 (The sell function of a smart contract implementation for Internet Node ...)
NOT-FOR-US: Internet Node Token
CVE-2018-12062 (The sell function of a smart contract implementation for SwftCoin (SWF ...)
@@ -24341,12 +24580,12 @@ CVE-2018-12051 (Arbitrary File Upload and Remote Code Execution exist in PHP Scr
CVE-2018-12050
RESERVED
CVE-2018-13346 (The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorr ...)
- {DLA-1414-1}
+ {DLA-2293-1 DLA-1414-1}
- mercurial 4.6.1-1 (bug #901050)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/faa924469635
CVE-2018-13347 (mpatch.c in Mercurial before 4.6.1 mishandles integer addition and sub ...)
- {DLA-1414-1}
+ {DLA-2293-1 DLA-1414-1}
- mercurial 4.6.1-1 (bug #901050)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
@@ -24355,7 +24594,7 @@ CVE-2018-13347 (mpatch.c in Mercurial before 4.6.1 mishandles integer addition a
NOTE: upstream proposes we use OVE-20180430-0002 to cover all undefined behavior
NOTE: cases which the 6 patches fix
CVE-2018-13348 (The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 misha ...)
- {DLA-1414-1}
+ {DLA-2293-1 DLA-1414-1}
- mercurial 4.6.1-1 (bug #901050)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
@@ -24449,7 +24688,7 @@ CVE-2018-12021 (Singularity 2.3.0 through 2.5.1 is affected by an incorrect acce
- singularity-container 2.5.2-1
NOTE: https://github.com/singularityware/singularity/releases/tag/2.5.2
CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filename duri ...)
- {DSA-4224-1 DSA-4223-1 DSA-4222-1}
+ {DSA-4224-1 DSA-4223-1 DSA-4222-1 DLA-2862-1}
- enigmail 2:2.0.7-1
[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
- gnupg2 2.2.8-1
@@ -24459,15 +24698,15 @@ CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filenam
NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=210e402acd3e284b32db1901e43bf1470e659e49 (STABLE-BRANCH-2-2)
NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2326851c60793653069494379b16d84e4c10a0ac (STABLE-BRANCH-1-4)
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/13/10
NOTE: https://neopg.io/blog/gpg-signature-spoof/
CVE-2018-12019 (The signature verification routine in Enigmail before 2.0.7 interprets ...)
- enigmail 2:2.0.7-1
[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/13/10
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/13/10
NOTE: https://neopg.io/blog/enigmail-signature-spoof/
CVE-2018-12018 (The GetBlockHeadersMsg handler in the LES protocol implementation in G ...)
- NOT-FOR-US: Go Ethereum
+ - golang-github-go-ethereum <itp> (bug #890541)
CVE-2018-12017
RESERVED
CVE-2018-12016 (libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows rem ...)
@@ -24484,11 +24723,11 @@ CVE-2018-12011 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
CVE-2018-12010 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
CVE-2018-12009
- RESERVED
+ REJECTED
CVE-2018-12008
- RESERVED
+ REJECTED
CVE-2018-12007
- RESERVED
+ REJECTED
CVE-2018-12006 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
CVE-2018-12005 (An unprivileged user can issue a binder call and cause a system halt i ...)
@@ -24496,19 +24735,19 @@ CVE-2018-12005 (An unprivileged user can issue a binder call and cause a system
CVE-2018-12004 (Secure keypad is unlocked with secure display still intact in Snapdrag ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-12003
- RESERVED
+ REJECTED
CVE-2018-12002
- RESERVED
+ REJECTED
CVE-2018-12001
- RESERVED
+ REJECTED
CVE-2018-12000
- RESERVED
+ REJECTED
CVE-2018-11999 (Improper input validation in trustzone can lead to denial of service i ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11998 (While processing a packet decode request in MQTT, Race condition can o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11997
- RESERVED
+ REJECTED
CVE-2018-11996 (When a malformed command is sent to the device programmer, an out-of-b ...)
NOT-FOR-US: Snapdragon
CVE-2018-11995 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
@@ -24518,11 +24757,11 @@ CVE-2018-11994 (SMMU secure camera logic allows secure camera controllers to acc
CVE-2018-11993 (Improper check while accessing the local memory stack on MQTT connecti ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11992
- RESERVED
+ REJECTED
CVE-2018-11991
- RESERVED
+ REJECTED
CVE-2018-11990
- RESERVED
+ REJECTED
CVE-2018-11989
REJECTED
CVE-2018-11988 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
@@ -24547,7 +24786,7 @@ CVE-2018-11981
CVE-2018-11980 (When a fake broadcast/multicast 11w rmf without mmie received, since n ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11979
- RESERVED
+ REJECTED
CVE-2018-11978
REJECTED
CVE-2018-11977
@@ -24591,13 +24830,13 @@ CVE-2018-11959
CVE-2018-11958 (Insufficient protection of keys in keypad can lead HLOS to gain access ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11957
- RESERVED
+ REJECTED
CVE-2018-11956 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: Android
CVE-2018-11955 (Lack of check on length of reason-code fetched from payload may lead d ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11954
- RESERVED
+ REJECTED
CVE-2018-11953 (While processing ssid IE length from remote AP, possible out-of-bounds ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11952
@@ -24618,7 +24857,7 @@ CVE-2018-11946 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
CVE-2018-11945 (Improper input validation in wireless service messaging module for dat ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11944
- RESERVED
+ REJECTED
CVE-2018-11943 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11942 (Failure to initialize the reserved memory which is sent to the firmwar ...)
@@ -24654,7 +24893,7 @@ CVE-2018-11928 (Lack of check on length parameter may cause buffer overflow whil
CVE-2018-11927 (Improper input validation on input which is used as an array index wil ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11926
- RESERVED
+ REJECTED
CVE-2018-11925 (Data length received from firmware is not validated against the max al ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11924 (Improper buffer length validation in WLAN function can lead to a poten ...)
@@ -24676,7 +24915,7 @@ CVE-2018-11917
CVE-2018-11916
RESERVED
CVE-2018-11915
- RESERVED
+ REJECTED
CVE-2018-11914 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11913 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
@@ -24704,9 +24943,9 @@ CVE-2018-11903 (In all android releases (Android for MSM, Firefox OS for MSM, QR
CVE-2018-11902 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11901
- RESERVED
+ REJECTED
CVE-2018-11900
- RESERVED
+ REJECTED
CVE-2018-11899 (While processing radio connection status change events, Radio index is ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11898 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
@@ -24714,7 +24953,7 @@ CVE-2018-11898 (In all android releases (Android for MSM, Firefox OS for MSM, QR
CVE-2018-11897 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11896
- RESERVED
+ REJECTED
CVE-2018-11895 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11894 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
@@ -24726,17 +24965,17 @@ CVE-2018-11892
CVE-2018-11891 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11890
- RESERVED
+ REJECTED
CVE-2018-11889 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11888 (Unauthorized access may be allowed by the SCP11 Crypto Services TA wil ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11887
- RESERVED
+ REJECTED
CVE-2018-11886 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11885
- RESERVED
+ REJECTED
CVE-2018-11884 (Improper input validation leads to buffer overflow while processing ne ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11883 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
@@ -24810,7 +25049,7 @@ CVE-2018-11850 (Lack of check on remaining length parameter When processing scan
CVE-2018-11849 (Lack of check on out of range of bssid parameter When processing scan ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11848
- RESERVED
+ REJECTED
CVE-2018-11847 (Malicious TA can tag QSEE kernel memory and map to EL0, there by corru ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11846 (The use of a non-time-constant memory comparison operation can lead to ...)
@@ -24818,37 +25057,37 @@ CVE-2018-11846 (The use of a non-time-constant memory comparison operation can l
CVE-2018-11845 (Usage of non-time-constant comparison functions can lead to informatio ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11844
- RESERVED
+ REJECTED
CVE-2018-11843 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11842 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11841
- RESERVED
+ REJECTED
CVE-2018-11840 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11839
- RESERVED
+ REJECTED
CVE-2018-11838 (Possible double free issue in WLAN due to lack of checking memory free ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11837
- RESERVED
+ REJECTED
CVE-2018-11836 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11835
- RESERVED
+ REJECTED
CVE-2018-11834
- RESERVED
+ REJECTED
CVE-2018-11833
- RESERVED
+ REJECTED
CVE-2018-11832 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Android kernel, code not in mainline
CVE-2018-11831
- RESERVED
+ REJECTED
CVE-2018-11830 (Improper input validation in QCPE create function may lead to integer ...)
NOT-FOR-US: Snapdragon
CVE-2018-11829
- RESERVED
+ REJECTED
CVE-2018-11828 (When FW tries to get random mac address generated from new SW RNG and ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11827 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
@@ -24911,7 +25150,10 @@ CVE-2018-1000203 (Soar Labs Soar Coin version up to and including git commit 4a2
CVE-2018-11814
RESERVED
CVE-2018-11813 (libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles ...)
- - libjpeg9 1:9d-1 (low; bug #904719)
+ - libjpeg9 1:9d-1 (unimportant; bug #904719)
+ - libjpeg-turbo 1:2.0.5-1 (unimportant)
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/909a8cfc7bca9b2e6707425bdb74da997e8fa499
+ NOTE: Infinite loop in CLI tool, no security impact
CVE-2018-11812
RESERVED
CVE-2018-11811
@@ -24938,11 +25180,11 @@ CVE-2018-1000197 (An improper authorization vulnerability exists in Jenkins Blac
CVE-2018-1000196 (A exposure of sensitive information vulnerability exists in Jenkins Gi ...)
NOT-FOR-US: Jenkins plugin
CVE-2018-1000195 (A server-side request forgery vulnerability exists in Jenkins 2.120 an ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000194 (A path traversal vulnerability exists in Jenkins 2.120 and older, LTS ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-1000193 (A improper neutralization of control sequences vulnerability exists in ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2018-12015 (In Perl through 5.26.2, the Archive::Tar module allows remote attacker ...)
{DSA-4226-1}
- perl 5.26.2-6 (bug #900834)
@@ -24977,7 +25219,7 @@ CVE-2018-11805 (In Apache SpamAssassin before 3.4.3, nefarious CF files can be c
NOTE: https://markmail.org/message/pyp425yrulfxyhrn
NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648 (not public)
CVE-2018-11804 (Spark's Apache Maven-based build includes a convenience script, 'build ...)
- NOT-FOR-US: Apache Spark
+ - apache-spark <itp> (bug #802194)
CVE-2018-11803 (Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10. ...)
- subversion 1.10.4-1
[stretch] - subversion <not-affected> (Vulnerable code introduced in 1.10.0)
@@ -25078,8 +25320,8 @@ CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer fr
- libstruts1.2-java <not-affected> (Specific to 2.x)
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-057
CVE-2018-11775 (TLS hostname verification when using the Apache ActiveMQ Client before ...)
+ {DLA-2583-1}
- activemq 5.15.6-1 (low; bug #908950)
- [stretch] - activemq <no-dsa> (Minor issue)
[jessie] - activemq <no-dsa> (Minor issue)
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt
NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d
@@ -25095,22 +25337,22 @@ CVE-2018-11771 (When reading a specially crafted ZIP archive, the read method of
- libcommons-compress-java 1.18-1 (bug #906301)
[stretch] - libcommons-compress-java <no-dsa> (Minor issue)
[jessie] - libcommons-compress-java <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/16/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/16/2
CVE-2018-11770 (From version 1.3.0 onward, Apache Spark's standalone master exposes a ...)
- NOT-FOR-US: Apache Spark
+ - apache-spark <itp> (bug #802194)
CVE-2018-11769 (CouchDB administrative users before 2.2.0 can configure the database s ...)
- couchdb <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/08/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/08/2
CVE-2018-11768 (In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1 ...)
- hadoop <itp> (bug #793644)
CVE-2018-11767 (In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS b ...)
- hadoop <itp> (bug #793644)
CVE-2018-11766 (In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is ...)
- hadoop <itp> (bug #793644)
-CVE-2018-11765
- RESERVED
-CVE-2018-11764
- RESERVED
+CVE-2018-11765 (In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 ...)
+ - hadoop <itp> (bug #793644)
+CVE-2018-11764 (Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alp ...)
+ - hadoop <itp> (bug #793644)
CVE-2018-11763 (In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large S ...)
- apache2 2.4.35-1 (bug #909591)
[stretch] - apache2 2.4.25-3+deb9u6
@@ -25128,7 +25370,7 @@ CVE-2018-11761 (In Apache Tika 0.1 to 1.18, the XML parsers were not configured
NOTE: When fixing this issue the fix needs to be made complete to not open
NOTE: CVE-2018-11796. The full fix is only in 1.19.1 onwards.
CVE-2018-11760 (When using PySpark , it's possible for a different local user to conne ...)
- NOT-FOR-US: Apache Spark
+ - apache-spark <itp> (bug #802194)
CVE-2018-11759 (The Apache Web Server (httpd) specific code that normalised the reques ...)
{DSA-4357-1 DLA-1609-1}
- libapache-mod-jk 1:1.2.46-1
@@ -25149,10 +25391,7 @@ CVE-2018-11753
CVE-2018-11752 (Previous releases of the Puppet cisco_ios module output SSH session de ...)
NOT-FOR-US: cisco_ios Puppet module
CVE-2018-11751 (Previous versions of Puppet Agent didn't verify the peer in the SSL co ...)
- - puppet <unfixed> (bug #952925)
- [buster] - puppet <no-dsa> (Minor issue)
- [stretch] - puppet <no-dsa> (Minor issue)
- [jessie] - puppet <ignored> (Patch too invasive to backport, minor issue)
+ - puppet <not-affected> (Only affects 6.x, see #952925)
NOTE: https://puppet.com/security/cve/CVE-2018-11751/
NOTE: https://tickets.puppetlabs.com/browse/PUP-9459
NOTE: https://github.com/puppetlabs/puppet/commit/b49c11b6425738441d6f33285d2630fa434a123e
@@ -25182,25 +25421,29 @@ CVE-2018-11741 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Sess
NOT-FOR-US: NEC Univerge Sv9100 WebPro devices
CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from r ...)
- sleuthkit <unfixed> (low; bug #902187)
- [buster] - sleuthkit <no-dsa> (Minor issue)
+ [bullseye] - sleuthkit <ignored> (Minor issue)
+ [buster] - sleuthkit <ignored> (Minor issue)
[stretch] - sleuthkit <no-dsa> (Minor issue)
[jessie] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1264
CVE-2018-11739 (An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from re ...)
- sleuthkit <unfixed> (low; bug #902187)
- [buster] - sleuthkit <no-dsa> (Minor issue)
+ [bullseye] - sleuthkit <ignored> (Minor issue)
+ [buster] - sleuthkit <ignored> (Minor issue)
[stretch] - sleuthkit <no-dsa> (Minor issue)
[jessie] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1267
CVE-2018-11738 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from rel ...)
- sleuthkit <unfixed> (low; bug #902187)
- [buster] - sleuthkit <no-dsa> (Minor issue)
+ [bullseye] - sleuthkit <ignored> (Minor issue)
+ [buster] - sleuthkit <ignored> (Minor issue)
[stretch] - sleuthkit <no-dsa> (Minor issue)
[jessie] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1265
CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from rel ...)
- sleuthkit <unfixed> (low; bug #902187)
- [buster] - sleuthkit <no-dsa> (Minor issue)
+ [bullseye] - sleuthkit <ignored> (Minor issue)
+ [buster] - sleuthkit <ignored> (Minor issue)
[stretch] - sleuthkit <no-dsa> (Minor issue)
[jessie] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266
@@ -25252,11 +25495,17 @@ CVE-2018-11727 (** DISPUTED ** The libfsntfs_attribute_read_from_mft function in
NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad
NOTE: Negligable/questionable security impact
CVE-2018-11726 (The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/6904ebc247f01b5fe27d58c5dbb27e38af8449fb (v0.4)
CVE-2018-11725 (The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows r ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/c625698e297ac877eb4bc0d35cd0e605253c33e5 (v0.4)
CVE-2018-11724 (The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows re ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/b5657d7e2357782147a80a4d63a4b5fb7c05305f (v0.4)
CVE-2018-11723 (** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff ...)
- libpff 20180714-1 (low; bug #901967)
[stretch] - libpff <no-dsa> (Minor issue)
@@ -25327,12 +25576,13 @@ CVE-2018-11700
CVE-2018-11699
RESERVED
CVE-2018-11698 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...)
- - libsass <unfixed>
+ - libsass 3.6.3-1
[buster] - libsass <no-dsa> (Minor issue)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2662
+ NOTE: https://github.com/sass/libsass/commit/8f40dc03e5ab5a8b2ebeb72b31f8d1adbb2fd6ae
CVE-2018-11697 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...)
- - libsass <unfixed>
+ - libsass 3.6.3-1
[buster] - libsass <no-dsa> (Minor issue)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2656
@@ -25342,14 +25592,14 @@ CVE-2018-11696 (An issue was discovered in LibSass through 3.5.4. A NULL pointer
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2665
NOTE: https://github.com/sass/libsass/commit/38f4c3699d06b64128bebc7cf1e8b3125be74dc4
-CVE-2018-11695 (An issue was discovered in LibSass through 3.5.2. A NULL pointer deref ...)
+CVE-2018-11695 (An issue was discovered in LibSass &lt;3.5.3. A NULL pointer dereferen ...)
- libsass 3.5.4-1 (low)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2664
NOTE: https://github.com/sass/libsass/commit/0bc35e3d26922229d5a3e3308860cf0fcee5d1cf (master)
NOTE: https://github.com/sass/libsass/commit/e3512120403dc7863a38bf2f122e7523593718ad (3.5.3)
CVE-2018-11694 (An issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...)
- - libsass <unfixed> (low)
+ - libsass 3.6.3-1 (low)
[buster] - libsass <no-dsa> (Minor issue)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2663
@@ -25367,7 +25617,7 @@ CVE-2018-11691 (Emerson DeltaV Smart Switch Command Center application, availabl
NOT-FOR-US: Emerson devices
CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous versions for ...)
NOT-FOR-US: Balbooa Gridbox extension for Joomla!
-CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable to cr ...)
+CVE-2018-11689 (Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer ...)
NOT-FOR-US: Smart Viewer in Samsung Web Viewer for Samsung DVR
CVE-2018-11688 (Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scri ...)
NOT-FOR-US: Ignite Realtime Openfire
@@ -25421,27 +25671,27 @@ CVE-2018-11671 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF v
CVE-2018-11670 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnera ...)
NOT-FOR-US: GreenCMS
CVE-2018-11669
- RESERVED
+ REJECTED
CVE-2018-11668
- RESERVED
+ REJECTED
CVE-2018-11667
RESERVED
CVE-2018-11666
- RESERVED
+ REJECTED
CVE-2018-11665
- RESERVED
+ REJECTED
CVE-2018-11664
- RESERVED
+ REJECTED
CVE-2018-11663
- RESERVED
+ REJECTED
CVE-2018-11662
- RESERVED
+ REJECTED
CVE-2018-11661
- RESERVED
+ REJECTED
CVE-2018-11660
RESERVED
CVE-2018-11659
- RESERVED
+ REJECTED
CVE-2018-11658
RESERVED
CVE-2018-11657 (ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg ...)
@@ -25485,7 +25735,7 @@ CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the st
{DSA-4336-1 DLA-1504-1}
- ghostscript 9.21~dfsg-1 (low)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1)
CVE-2018-11644
RESERVED
CVE-2018-11643 (SQL injection vulnerability in the administrative console in Dialogic ...)
@@ -25648,7 +25898,7 @@ CVE-2018-11574 (Improper input validation together with an integer overflow in t
[stretch] - ppp <not-affected> (Vulnerable code introduced later)
[jessie] - ppp <not-affected> (Vulnerable code introduced later)
[wheezy] - ppp <not-affected> (Vulnerable code introduced later)
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/11/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/11/1
NOTE: https://www.nikhef.nl/~janjust/ppp/ppp-2.4.7-eaptls-mppe-1.101.patch
CVE-2018-11573
RESERVED
@@ -25674,7 +25924,7 @@ CVE-2018-11564 (Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user
CVE-2018-11563 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ...)
{DLA-1877-1}
- otrs2 6.0.8-1
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/
NOTE: https://github.com/OTRS/otrs/commit/50861a2a1183a07daf99cc2e71395e79f022338f
CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in app/View/El ...)
@@ -25689,9 +25939,9 @@ CVE-2018-11558 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.
NOT-FOR-US: DomainMod
CVE-2018-11557 (YIBAN Easy class education platform 2.0 has XSS via the articlelist.ph ...)
NOT-FOR-US: YIBAN Easy
-CVE-2018-11556 (tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipeline ...)
+CVE-2018-11556 (** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in ...)
NOT-FOR-US: Little CMS
-CVE-2018-11555 (tificc in Little CMS 2.9 has an out-of-bounds write in the Precalculat ...)
+CVE-2018-11555 (** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in ...)
NOT-FOR-US: Little CMS
CVE-2018-11554 (The forgotten-password feature in index.php/member/reset/reset_email.h ...)
NOT-FOR-US: YzmCMS
@@ -25812,7 +26062,7 @@ CVE-2018-11516 (The vlc_demux_chained_Delete function in input/demux_chained.c i
- vlc 3.0.2-1
[stretch] - vlc 3.0.2-0+deb9u1
[jessie] - vlc <not-affected> (Only affects 3.x)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=33dcfcf41340c27b6f8183fdb35b129282a79bd8
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=33dcfcf41340c27b6f8183fdb35b129282a79bd8
NOTE: http://www.videolan.org/security/sa1801.html
CVE-2018-11515 (The wpForo plugin through 2018-02-05 for WordPress has SQL Injection v ...)
NOT-FOR-US: wpForo plugin for WordPress
@@ -25873,8 +26123,8 @@ CVE-2018-11498 (In Lizard v1.0 and LZ5 v2.0 (the prior release, before the produ
CVE-2018-11497
RESERVED
CVE-2018-11496 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read ...)
+ {DLA-2725-1}
- lrzip 0.631+git180528-1
- [stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/96
NOTE: https://github.com/ckolivas/lrzip/commit/907b66b8cb4ba7384abf8d82f09204b127d328bd
@@ -25901,6 +26151,7 @@ CVE-2018-11490 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibl
NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from giflib.
CVE-2018-11489 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly vers ...)
- giflib <unfixed> (bug #904113)
+ [bullseye] - giflib <no-dsa> (Minor issue)
[buster] - giflib <no-dsa> (Minor issue)
[stretch] - giflib <no-dsa> (Minor issue)
[jessie] - giflib <no-dsa> (Minor issue)
@@ -26017,27 +26268,33 @@ CVE-2018-11440 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function
NOTE: https://github.com/liblouis/liblouis/issues/575
NOTE: https://github.com/liblouis/liblouis/commit/4417bad83df4481ed58419b28c5c91b9649e2a86
CVE-2018-11439 (The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLi ...)
- {DLA-1430-1}
+ {DLA-2772-1 DLA-1430-1}
- taglib 1.11.1+dfsg.1-0.3 (bug #903847)
- [stretch] - taglib <no-dsa> (Minor issue)
NOTE: PoC: http://seclists.org/fulldisclosure/2018/May/49
NOTE: Upstream issue: https://github.com/taglib/taglib/issues/868
NOTE: Pull request: https://github.com/taglib/taglib/pull/869
NOTE: Upstream fix: https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45
CVE-2018-11438 (The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allo ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11437 (The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 al ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11436 (The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote at ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11435 (The mobi_decompress_huffman_internal function in compression.c in Libm ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11434 (The buffer_fill64 function in compression.c in Libmobi 0.3 allows remo ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11433 (The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 a ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11432 (The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows rem ...)
- NOT-FOR-US: Libmobi
+ - libmobi <not-affected> (Fixed before/with initial upload to Debian)
+ NOTE: https://seclists.org/fulldisclosure/2018/May/48
CVE-2018-11431
RESERVED
CVE-2018-11430 (An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB ...)
@@ -26063,9 +26320,15 @@ CVE-2018-11421 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and pri
CVE-2018-11420 (There is Memory corruption in the web interface of Moxa OnCell G3100-H ...)
NOT-FOR-US: Moxa
CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
- NOT-FOR-US: JerryScript
+ - iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/2230
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/2352
CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
- NOT-FOR-US: JerryScript
+ - iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/2237
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/2352
CVE-2018-11417
RESERVED
CVE-2018-11416 (jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of ...)
@@ -26407,13 +26670,13 @@ CVE-2018-11307 (An issue was discovered in FasterXML jackson-databind 2.0.0 thro
NOTE: https://github.com/FasterXML/jackson-databind/issues/2032
NOTE: https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb737
CVE-2018-11306
- RESERVED
+ REJECTED
CVE-2018-11305 (When a series of FDAL messages are sent to the modem, a Use After Free ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11304 (Possible buffer overflow in msm_adsp_stream_callback_put due to lack o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11303
- RESERVED
+ REJECTED
CVE-2018-11302 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11301 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
@@ -26515,14 +26778,13 @@ CVE-2018-11256 (An issue was discovered in PoDoFo 0.9.5. The function PdfDocumen
NOTE: https://sourceforge.net/p/podofo/tickets/21
NOTE: https://sourceforge.net/p/podofo/code/1938
CVE-2018-11255 (An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPage ...)
- - libpodofo <unfixed> (low; bug #916584)
+ - libpodofo 0.9.7+dfsg-2 (low; bug #916584)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
[wheezy] - libpodofo <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575502
NOTE: https://sourceforge.net/p/podofo/tickets/20
- NOTE: https://sourceforge.net/p/podofo/code/1952 (this commit doesn't fix the crash)
CVE-2018-11254 (An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursi ...)
- libpodofo 0.9.6+dfsg-4 (low; bug #916585)
[stretch] - libpodofo <no-dsa> (Minor issue)
@@ -26548,8 +26810,8 @@ CVE-2018-11248 (util/FileDownloadUtils.java in FileDownloader 1.7.3 does not che
NOT-FOR-US: FileDownloader
CVE-2018-11247 (The JMX/RMI interface in Nasdaq BWise 5.0 does not require authenticat ...)
NOT-FOR-US: SAP
-CVE-2018-11246
- RESERVED
+CVE-2018-11246 (K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-11245 (app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex ...)
NOT-FOR-US: MISP
CVE-2018-11244 (The BBE theme before 1.53 for WordPress allows a direct launch of an H ...)
@@ -26654,7 +26916,7 @@ CVE-2018-11213 (An issue was discovered in libjpeg 9a. The get_text_gray_row fun
- libjpeg9 1:9c-1 (low; bug #902176)
- libjpeg-turbo 1:1.4.2-1
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2)
-CVE-2018-11212 (An issue was discovered in libjpeg 9a. The alloc_sarray function in jm ...)
+CVE-2018-11212 (An issue was discovered in libjpeg 9a and 9d. The alloc_sarray functio ...)
{DLA-1638-1}
- libjpeg9 1:9c-1 (low; bug #902176)
- libjpeg-turbo 1:1.4.2-1
@@ -27053,15 +27315,22 @@ CVE-2018-11042
CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 excep ...)
NOT-FOR-US: Cloud Foundry
CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3 ...)
+ {DLA-2635-1}
- libspring-java 4.3.19-1
- [stretch] - libspring-java <no-dsa> (Minor issue)
- [jessie] - libspring-java <no-dsa> (unable to find relevant commits)
+ [jessie] - libspring-java <not-affected> (Vulnerable code introduced later)
NOTE: https://pivotal.io/security/cve-2018-11040
+ NOTE: https://github.com/spring-projects/spring-framework/issues/21338
+ NOTE: https://github.com/spring-projects/spring-framework/commit/874859493bbda59739c38c7e52eb3625f247b93a (v4.3.18)
+ NOTE: Introduced by https://github.com/spring-projects/spring-framework/commit/5dc27ee134d28c7b25d0f6d3e9059f80c95d4402 (v4.1)
CVE-2018-11039 (Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior ...)
+ {DLA-2635-1}
- libspring-java 4.3.19-1
- [stretch] - libspring-java <no-dsa> (Minor issue)
[jessie] - libspring-java <no-dsa> (Minor issue)
NOTE: https://pivotal.io/security/cve-2018-11039
+ NOTE: https://jira.spring.io/si/jira.issueviews:issue-html/SPR-16836/SPR-16836.html
+ NOTE: https://github.com/spring-projects/spring-framework/commit/f64fa3dea10af125d612d3a997aece93d21bc875 (v5.1)
+ NOTE: https://github.com/spring-projects/spring-framework/commit/a5cd01a4c857aaaba7ccc51545fc73dd25b5cba5 (v5.1)
+ NOTE: https://github.com/spring-projects/spring-framework/commit/323ccf99e575343f63d56e229c25c35c170b7ec1 (v4.3.18)
CVE-2018-11038
RESERVED
CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimag ...)
@@ -27123,18 +27392,18 @@ CVE-2018-11012 (ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd
NOT-FOR-US: ruibaby Halo
CVE-2018-11011 (ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to Front ...)
NOT-FOR-US: ruibaby Halo
-CVE-2018-11010
- RESERVED
-CVE-2018-11009
- RESERVED
-CVE-2018-11008
- RESERVED
-CVE-2018-11007
- RESERVED
-CVE-2018-11006
- RESERVED
-CVE-2018-11005
- RESERVED
+CVE-2018-11010 (A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Prem ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
+CVE-2018-11009 (A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Prem ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
+CVE-2018-11008 (An Incorrect Access Control issue was discovered in K7Computing K7Anti ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
+CVE-2018-11007 (A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
+CVE-2018-11006 (An Incorrect Access Control issue was discovered in K7Computing K7Anti ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
+CVE-2018-11005 (A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-11004 (An issue was discovered in SDcms v1.5. Cross-site request forgery (CSR ...)
NOT-FOR-US: SDcms
CVE-2018-11003 (An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CS ...)
@@ -27308,7 +27577,7 @@ CVE-2018-10938 (A flaw was found in the Linux kernel present since v4.0-rc1 and
- linux 4.13.4-1 (unimportant)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/40413955ee265a5e42f710940ec78f5450d49149 (4.13-rc5)
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/27/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/27/1
CVE-2018-10937 (A cross site scripting flaw exists in the tetonic-console component of ...)
NOT-FOR-US: OpenShift
CVE-2018-10936 (A weakness was found in postgresql-jdbc before version 42.2.5. It was ...)
@@ -27346,39 +27615,34 @@ CVE-2018-10932 (lldptool version 1.0.1 and older can print a raw, unsanitized at
NOTE: Terminal emulators need to perform proper escaping
CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its Cobbler ...)
- cobbler <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/9
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/09/9
CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ser ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ser ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by glus ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143
NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
@@ -27387,7 +27651,6 @@ CVE-2018-10925 (It was discovered that PostgreSQL versions before 10.5, 9.6.10,
- postgresql-10 10.5-1
- postgresql-9.6 <removed>
- postgresql-9.5 <removed>
- - postgresql-9.5 <not-affected> (Only affects PostgreSQL 9.5 onwards)
- postgresql-9.4 <not-affected> (Only affects PostgreSQL 9.5 onwards)
- postgresql-9.1 <not-affected> (Only affects PostgreSQL 9.5 onwards)
NOTE: Fixed in 9.5.14, 9.6.10, 10.5
@@ -27400,9 +27663,8 @@ CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client
NOTE: Introduced by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=51dfc9c789b8405f595a337eade938aedcb449c4
NOTE: https://review.gluster.org/20723
CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create fi ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659
NOTE: https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e
CVE-2018-10922 (An input validation flaw exists in ttembed. With a crafted input file, ...)
@@ -27412,7 +27674,7 @@ CVE-2018-10921 (Certain input files may trigger an integer overflow in ttembed i
CVE-2018-10920 (Improper input validation bug in DNS resolver component of Knot Resolv ...)
- knot-resolver 2.4.1-1 (bug #905325)
NOTE: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/09/2 (including patch)
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/09/2 (including patch)
CVE-2018-10919 (The Samba Active Directory LDAP server was vulnerable to an informatio ...)
{DSA-4271-1 DLA-1539-1}
- samba 2:4.8.4+dfsg-1
@@ -27441,27 +27703,24 @@ CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL clien
NOTE: Fixed in 9.3.24, 9.4.19, 9.5.14, 9.6.10, 10.5
NOTE: https://www.postgresql.org/about/news/1878/
CVE-2018-10914 (It was found that an attacker could issue a xattr request via glusterf ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617
NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs se ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618
NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop i ...)
NOT-FOR-US: Keycloak
CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d
CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state being se ...)
- - bluez <unfixed> (low; bug #925369)
+ - bluez 5.54-1 (low; bug #925369)
[buster] - bluez <ignored> (Minor issue)
[stretch] - bluez <ignored> (Minor issue, does not affected Gnome Bluetooth in stretch)
[jessie] - bluez <no-dsa> (Minor issue because in gnome-bluetooth <= 3.26 the D-Bus calls were synchronous and thus the issue in bluez will have no actual affect)
@@ -27471,13 +27730,12 @@ CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state be
NOTE: gnome-bluetooth: https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89
NOTE: workaround in gnome-bluetooth landed in 3.28.2, BlueZ fixed in 5.51
CVE-2018-10909
- RESERVED
+ REJECTED
CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on untr ...)
- vdsm <itp> (bug #668538)
CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack bas ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642
NOTE: https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7
CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vuln ...)
@@ -27489,9 +27747,8 @@ CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount i
CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper secur ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file pat ...)
- {DLA-1510-1}
+ {DLA-2806-1 DLA-1510-1}
- glusterfs 4.1.4-1 (bug #909215)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298
NOTE: https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd
CVE-2018-10903 (A flaw was found in python-cryptography versions between &gt;=1.9.0 an ...)
@@ -27510,7 +27767,7 @@ CVE-2018-10901 (A flaw was found in Linux kernel's KVM virtualization subsystem.
CVE-2018-10900 (Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1 ...)
{DSA-4253-1 DLA-1454-1}
- network-manager-vpnc 1.2.6-1 (bug #904255)
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/20/3
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/20/3
NOTE: https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4e361a27ef48ac757d36cbb46e8e12
CVE-2018-10899 (A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affecte ...)
NOT-FOR-US: Jolokia
@@ -27528,19 +27785,21 @@ CVE-2018-10896 (The default cloud-init configuration, in cloud-init 0.6.2 and ne
NOT-FOR-US: Red Hat-specific packaging flaw of cloud-init default config
CVE-2018-10895 (qutebrowser before version 1.4.1 is vulnerable to a cross-site request ...)
- qutebrowser 1.4.1-1
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/11/7
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/11/7
NOTE: https://github.com/qutebrowser/qutebrowser/issues/4060
NOTE: Introduced in: https://github.com/qutebrowser/qutebrowser/commit/ffc29ee (v1.0.0)
NOTE: Fixed in: https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660 (v1.4.1)
CVE-2018-10894 (It was found that SAML authentication in Keycloak 3.4.3.Final incorrec ...)
NOT-FOR-US: Keycloak
CVE-2018-10893 (Multiple integer overflow and buffer overflow issues were discovered i ...)
- - spice-gtk <unfixed> (bug #904161)
+ - spice-gtk 0.37-1 (bug #904161)
[buster] - spice-gtk <no-dsa> (Minor issue)
[stretch] - spice-gtk <no-dsa> (Minor issue)
[jessie] - spice-gtk <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1598234
NOTE: Ongoing patch review: https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html
+ NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/3050b4e1f6f39c1a9f8a286791d06705fce1ecb7
+ NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/5173ff871a7df11e230124b4d1724653ebaa7134
CVE-2018-10892 (The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby f ...)
[experimental] - docker.io 18.06.0+dfsg1-1
- docker.io 18.06.1+dfsg1-1 (bug #908057)
@@ -27581,8 +27840,10 @@ CVE-2018-10886
NOTE: https://github.com/apache/ant/commit/f72406d53cfb3b3425cc9d000eea421a0e05d8fe
NOTE: https://github.com/apache/ant/commit/857095da5153fd18504b46f276d84f1e76a66970
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1584407
- NOTE: The CVE will be rejected, as it was assigned by Red Hat's CNA but is out of
- NOTE: scope of the assigning CNA.
+ NOTE: The CVE was rejected, as it was assigned by Red Hat's CNA but is out of
+ NOTE: scope of the assigning CNA. The rejection was not due to technical invalid
+ NOTE: issue but because it was assigned by a CNA which did not cover the scope
+ NOTE: for ant. Would fall under Apache CNA instead.
CVE-2018-10885 (In atomic-openshift before version 3.10.9 a malicious network-policy c ...)
NOT-FOR-US: atomic-openshift
CVE-2018-10884 (Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-s ...)
@@ -27644,7 +27905,7 @@ CVE-2018-10873 (A vulnerability was discovered in SPICE before version 0.14.1 wh
{DSA-4319-1 DLA-1489-1 DLA-1486-1}
- spice 0.14.0-1.1 (bug #906315)
- spice-gtk 0.35-1 (bug #906316)
- [stretch] - spice-gtk <no-dsa> (Minor issue)
+ [stretch] - spice-gtk 0.33-3.3+deb9u1
NOTE: https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
CVE-2018-10872 (A flaw was found in the way the Linux kernel handled exceptions delive ...)
- linux <not-affected> (Red Hat specific CVE-2018-8897 regression in RHEL 6.10)
@@ -27659,22 +27920,17 @@ CVE-2018-10870 (redhat-certification does not properly sanitize paths in rhcertS
NOT-FOR-US: Red Hat Certification
CVE-2018-10869 (redhat-certification does not properly restrict files that can be down ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10868
- RESERVED
+CVE-2018-10868 (It has been discovered that redhat-certification does not properly lim ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10867
- RESERVED
+CVE-2018-10867 (It has been discovered that redhat-certification does not restrict fil ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10866
- RESERVED
+CVE-2018-10866 (It has been discovered that redhat-certification does not perform an a ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10865
- RESERVED
+CVE-2018-10865 (It has been discovered that redhat-certification does not perform an a ...)
NOT-FOR-US: Red Hat Certification
CVE-2018-10864 (An uncontrolled resource consumption flaw has been discovered in redha ...)
NOT-FOR-US: Red Hat Certification
-CVE-2018-10863
- RESERVED
+CVE-2018-10863 (It has been discovered that redhat-certification is not properly confi ...)
NOT-FOR-US: Red Hat Certification
CVE-2018-10862 (WildFly Core before version 6.0.0.Alpha3 does not properly validate fi ...)
- wildfly <itp> (bug #752018)
@@ -27693,7 +27949,7 @@ CVE-2018-10859 (git-annex is vulnerable to an Information Exposure when decrypti
{DLA-1495-1}
- git-annex 6.20180626-1
[stretch] - git-annex 6.20170101-1+deb9u2
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/26/4
NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
CVE-2018-10858 (A heap-buffer overflow was found in the way samba clients processed ex ...)
{DSA-4271-1 DLA-1539-1}
@@ -27703,7 +27959,7 @@ CVE-2018-10857 (git-annex is vulnerable to a private data exposure and exfiltrat
{DLA-1495-1}
- git-annex 6.20180626-1
[stretch] - git-annex 6.20170101-1+deb9u2
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/26/4
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/26/4
NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
CVE-2018-10856 (It has been discovered that podman before version 0.6.1 does not drop ...)
- libpod <not-affected> (Fixed before initial upload)
@@ -27795,8 +28051,8 @@ CVE-2018-10843 (source-to-image component of Openshift Container Platform before
CVE-2018-10842
REJECTED
CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...)
+ {DLA-2806-1}
- glusterfs 4.1.2-1 (bug #901968)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://review.gluster.org/#/c/20328/
NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2
@@ -27944,8 +28200,8 @@ CVE-2018-10792
RESERVED
CVE-2018-10791
RESERVED
-CVE-2018-10790
- RESERVED
+CVE-2018-10790 (The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allow ...)
+ NOT-FOR-US: Bento4
CVE-2018-10789
RESERVED
CVE-2018-10788
@@ -27981,22 +28237,24 @@ CVE-2018-10779 (TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-bas
NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although
NOTE: technically still present in the source package
CVE-2018-10778 (Read access violation in the III_dequantize_sample function in mpglibD ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-1
[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
CVE-2018-10777 (Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3g ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-2 (bug #973932)
[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
+ NOTE: Fixed according to https://sourceforge.net/p/mp3gain/bugs/43/ but still causes crash with ASAN
+ NOTE: According to the CVE this is caught by FORTIFY_SOURCE, so no real vulnerability.
CVE-2018-10776 (The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-1
[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
CVE-2018-10775 (NULL pointer dereference in the _fields_add function in fields.c in li ...)
- - bibutils <unfixed> (unimportant; bug #898135)
+ - bibutils 6.10-2 (unimportant; bug #898135)
NOTE: Crash in CLI tool, no security impact
CVE-2018-10774 (Read access violation in the isiin_keyword function in isiin.c in libb ...)
- - bibutils <unfixed> (unimportant; bug #898135)
+ - bibutils 6.10-2 (unimportant; bug #898135)
NOTE: Crash in CLI tool, no security impact
CVE-2018-10773 (NULL pointer deference in the addsn function in serialno.c in libbibco ...)
- - bibutils <unfixed> (unimportant; bug #898135)
+ - bibutils 6.10-2 (unimportant; bug #898135)
NOTE: Crash in CLI tool, no security impact
CVE-2018-10772 (The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allow ...)
[experimental] - exiv2 <unfixed>
@@ -28049,8 +28307,9 @@ CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete a
CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authe ...)
NOT-FOR-US: CSP MySQL User Manager
CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission before 3.0 ...)
- {DLA-2218-1}
+ {DLA-2305-1 DLA-2218-1}
- transmission 3.00-1 (bug #961461)
+ [buster] - transmission 2.94-2+deb10u1
NOTE: https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e (3.00)
NOTE: https://tomrichards.net/2020/05/cve-2018-10756-transmission/
CVE-2018-10755
@@ -28208,8 +28467,8 @@ CVE-2018-10687
CVE-2018-10686 (An issue was discovered in Vesta Control Panel 0.9.8-20. There is Refl ...)
NOT-FOR-US: Vesta Control Panel
CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (low; bug #897645)
- [stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <ignored> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/95
@@ -28417,8 +28676,8 @@ CVE-2018-10587 (NetGain Enterprise Manager (EM) is affected by OS Command Inject
NOT-FOR-US: NetGain Enterprise Manager
CVE-2018-10586 (NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-S ...)
NOT-FOR-US: NetGain Enterprise Manager
-CVE-2018-10585
- RESERVED
+CVE-2018-10585 (Pexip Infinity before 18 allows remote Denial of Service (XML parsing) ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2018-10584
RESERVED
CVE-2018-10583 (An information disclosure vulnerability occurs when LibreOffice 6.0.3 ...)
@@ -28610,14 +28869,14 @@ CVE-2018-10530
RESERVED
CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds re ...)
- libraw 0.18.11-1 (low; bug #897186)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a stack-based buffe ...)
- libraw 0.18.11-1 (low; bug #897185)
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
[jessie] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564
@@ -28818,8 +29077,8 @@ CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM g
- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
[wheezy] - xen <not-affected> (No QMP support in wheezy)
NOTE: https://xenbits.xen.org/xsa/advisory-258.html
-CVE-2018-10432
- RESERVED
+CVE-2018-10432 (Pexip Infinity before 18 allows Remote Denial of Service (TLS handshak ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2018-10431 (D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell me ...)
NOT-FOR-US: D-Link
CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a ...)
@@ -28897,17 +29156,15 @@ CVE-2018-10395
CVE-2018-10394
RESERVED
CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...)
- {DLA-2013-1}
+ {DLA-2828-1 DLA-2013-1}
- libvorbis 1.3.6-2 (bug #876780)
- [stretch] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <ignored> (Minor issue)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334
NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
NOTE: Same patch as for CVE-2017-14160
CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...)
- {DLA-2013-1}
+ {DLA-2828-1 DLA-2013-1}
- libvorbis 1.3.6-2 (bug #876780)
- [stretch] - libvorbis <no-dsa> (Minor issue)
[wheezy] - libvorbis <ignored> (Minor issue)
NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
@@ -28976,14 +29233,14 @@ CVE-2018-1000178 (A heap corruption of type CWE-120 exists in quassel version 0.
- quassel 1:0.12.5-1 (bug #896914)
NOTE: https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f (master)
NOTE: https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b (0.12)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/27/1
CVE-2018-1000179 (A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 ...)
{DSA-4189-1}
- quassel 1:0.12.5-1 (bug #896915)
[wheezy] - quassel <no-dsa> (Minor issue)
NOTE: https://github.com/quassel/quassel/commit/e17fca767d60c06ca02bc5898ced04f06d3670bd (master)
NOTE: https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e (0.12)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/27/1
CVE-2018-10370
RESERVED
CVE-2018-10369 (A Cross-site scripting (XSS) vulnerability was discovered on Intelbras ...)
@@ -29026,49 +29283,49 @@ CVE-2018-10351 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 coul
CVE-2018-10350 (A SQL injection remote code execution vulnerability in Trend Micro Sma ...)
NOT-FOR-US: Trend Micro
CVE-2018-10349
- RESERVED
+ REJECTED
CVE-2018-10348
- RESERVED
+ REJECTED
CVE-2018-10347
- RESERVED
+ REJECTED
CVE-2018-10346
- RESERVED
+ REJECTED
CVE-2018-10345
- RESERVED
+ REJECTED
CVE-2018-10344
- RESERVED
+ REJECTED
CVE-2018-10343
- RESERVED
+ REJECTED
CVE-2018-10342
- RESERVED
+ REJECTED
CVE-2018-10341
- RESERVED
+ REJECTED
CVE-2018-10340
- RESERVED
+ REJECTED
CVE-2018-10339
- RESERVED
+ REJECTED
CVE-2018-10338
- RESERVED
+ REJECTED
CVE-2018-10337
- RESERVED
+ REJECTED
CVE-2018-10336
- RESERVED
+ REJECTED
CVE-2018-10335
- RESERVED
+ REJECTED
CVE-2018-10334
- RESERVED
+ REJECTED
CVE-2018-10333
- RESERVED
+ REJECTED
CVE-2018-10332
- RESERVED
+ REJECTED
CVE-2018-10331
- RESERVED
+ REJECTED
CVE-2018-10330
- RESERVED
+ REJECTED
CVE-2018-10361 (An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure ...)
- ktexteditor 5.47.0-1 (bug #896836)
[stretch] - ktexteditor <not-affected> (Introduced in 5.34.0)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/24/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/24/1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1033055
NOTE: https://phabricator.kde.org/R39:c81af5aa1d4f6e0f8c44b2e85ca007ba2a1e4590
CVE-2018-10329 (app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on / ...)
@@ -29093,7 +29350,7 @@ CVE-2018-10322 (The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c
- linux 4.16.5-1
[jessie] - linux <ignored> (dinode verifier not implemented)
[wheezy] - linux <ignored> (dinode verifier not implemented)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199377
CVE-2018-10321 (Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Ad ...)
NOT-FOR-US: Frog CMS
@@ -29167,11 +29424,12 @@ CVE-2018-10291
CVE-2018-10290
RESERVED
CVE-2018-10289 (In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space functi ...)
+ {DLA-2765-1}
- mupdf 1.13.0+ds1-3 (unimportant; bug #896545)
[jessie] - mupdf <not-affected> (Vulnerable code introduced later)
[wheezy] - mupdf <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699271
- NOTE: Introduced in http://git.ghostscript.com/?p=mupdf.git;a=commit;h=1acaaf2b40614401378aa697de47093be9f390fe (1.8)
+ NOTE: Introduced in https://git.ghostscript.com/?p=mupdf.git;a=commit;h=1acaaf2b40614401378aa697de47093be9f390fe (1.8)
CVE-2018-10288
RESERVED
CVE-2018-10287
@@ -29317,8 +29575,8 @@ CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.
NOT-FOR-US: Zend Server
CVE-2018-10229 (A hardware vulnerability in GPU memory modules allows attackers to acc ...)
NOT-FOR-US: GPU memory hardware issue
-CVE-2018-10228
- RESERVED
+CVE-2018-10228 (Cross-site scripting (XSS) vulnerability in /application/controller/ad ...)
+ - limesurvey <itp> (bug #472802)
CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. ...)
NOT-FOR-US: MiniCMS
CVE-2018-10226
@@ -29384,16 +29642,15 @@ CVE-2018-10198 (An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker
CVE-2018-10197 (There is a time-based blind SQL injection vulnerability in the Access ...)
NOT-FOR-US: ELO
CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists function ...)
+ {DLA-2659-1}
- graphviz 2.40.1-6 (low; bug #898841)
- [stretch] - graphviz <no-dsa> (Minor issue)
[jessie] - graphviz <no-dsa> (Minor issue)
[wheezy] - graphviz <no-dsa> (Minor issue)
NOTE: https://gitlab.com/graphviz/graphviz/issues/1367
NOTE: https://issuetracker.google.com/issues/77810342
-CVE-2018-10195 [rzsz: sz can leak data to receiving side]
- RESERVED
+CVE-2018-10195 (lrzsz before version 0.12.21~rc can leak information to the receiving ...)
+ {DLA-2900-1}
- lrzsz 0.12.21-10 (low; bug #897010)
- [stretch] - lrzsz <no-dsa> (Minor issue)
[jessie] - lrzsz <no-dsa> (Minor issue)
[wheezy] - lrzsz <no-dsa> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1090051
@@ -29403,7 +29660,7 @@ CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in t
- ghostscript 9.22~dfsg-2.1 (bug #896069)
[stretch] - ghostscript 9.20~dfsg-3.2+deb9u2
[jessie] - ghostscript 9.06~dfsg-2+deb8u7
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699255 (not yet public)
CVE-2018-1000200 (The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dere ...)
- linux 4.16.12-1
@@ -29491,9 +29748,9 @@ CVE-2018-10179
CVE-2018-10178 (The FromDocToPDF extension before 13.611.13.2303 for Chrome allows rem ...)
NOT-FOR-US: FromDocToPDF extension for Ghrome
CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGIm ...)
+ {DLA-2333-1}
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick 8:6.9.10.2+dfsg-2 (bug #896018)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1095
@@ -29659,6 +29916,7 @@ CVE-2018-10113 (An issue was discovered in GEGL through 0.3.32. The process func
NOTE: https://gitlab.gnome.org/GNOME/gegl/commit/c83b05d565a1e3392c9606a4ecaa560eb9a4ee29
CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_ ...)
- gegl <unfixed> (low)
+ [bullseye] - gegl <ignored> (Minor issue, architectual limitation)
[buster] - gegl <ignored> (Minor issue, architectual limitation)
[stretch] - gegl <ignored> (Minor issue, architectual limitation)
[jessie] - gegl <no-dsa> (Minor issue)
@@ -29668,6 +29926,7 @@ CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The gegl_tile_ba
NOTE: https://github.com/xiaoqx/pocs/tree/master/gegl#4-gegl-outbound-write-2
CVE-2018-10111 (An issue was discovered in GEGL through 0.3.32. The render_rectangle f ...)
- gegl <unfixed> (low)
+ [bullseye] - gegl <ignored> (Minor issue, architectual limitation)
[buster] - gegl <ignored> (Minor issue, architectual limitation)
[stretch] - gegl <ignored> (Minor issue, architectual limitation)
[jessie] - gegl <no-dsa> (Minor issue)
@@ -29819,7 +30078,7 @@ CVE-2018-10058 (The remote management interface of cgminer 4.10.0 and bfgminer 5
[jessie] - cgminer <no-dsa> (Minor issue)
- bfgminer <removed> (bug #900930)
[jessie] - bfgminer <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/03/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/03/1
NOTE: Mitigated by toolchain hardening to plain crash
CVE-2018-10057 (The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 a ...)
- cgminer <unfixed> (bug #900929)
@@ -29827,7 +30086,7 @@ CVE-2018-10057 (The remote management interface of cgminer 4.10.0 and bfgminer 5
[jessie] - cgminer <no-dsa> (Minor issue)
- bfgminer <removed> (bug #900930)
[jessie] - bfgminer <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/03/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/03/1
CVE-2018-10056
RESERVED
CVE-2018-10055 (Invalid memory access and/or a heap buffer overflow in the TensorFlow ...)
@@ -29976,25 +30235,23 @@ CVE-2018-10002
CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
{DSA-4249-1}
- ffmpeg 7:3.4.3-1 (low)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
- libav <removed>
[jessie] - libav <not-affected> (Vulnerable code not present)
NOTE: Fixed in 3.2.11
CVE-2018-10000 (The Video Downloader professional extension before 2018-04-05 for Chro ...)
NOT-FOR-US: The Video Downloader professional extension for Chrome
CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ...)
- {DLA-1518-1}
+ {DLA-2826-1 DLA-1518-1}
- mbedtls 2.8.0-1
- [stretch] - mbedtls <no-dsa> (Minor issue)
- polarssl <removed>
[wheezy] - polarssl <no-dsa> (Minor issue)
NOTE: https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e
NOTE: https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e
NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
CVE-2018-9988 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ...)
- {DLA-1518-1}
+ {DLA-2826-1 DLA-1518-1}
- mbedtls 2.8.0-1
- [stretch] - mbedtls <no-dsa> (Minor issue)
- polarssl <removed>
[wheezy] - polarssl <no-dsa> (Minor issue)
NOTE: https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1
@@ -30266,12 +30523,12 @@ CVE-2018-9860 (An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0
CVE-2018-9859 (The path of Whale update service was unquoted in NAVER Whale before 1. ...)
NOT-FOR-US: Whale
CVE-2018-1000168 (nghttp2 version &gt;= 1.10.0 and nghttp2 &lt;= v1.31.0 contains an Imp ...)
+ {DLA-2786-1}
- nghttp2 1.31.1-1 (low; bug #895566)
- [stretch] - nghttp2 <no-dsa> (Minor issue)
[jessie] - nghttp2 <not-affected> (Issue introduced in 1.10.0)
NOTE: Affected versions: nghttp2 >= 1.10.0 and nghttp2 <= v1.31.0
NOTE: Fixed by: https://github.com/nghttp2/nghttp2/commit/b1bd6035e884b3d83748914a3b5f2a8e52a78a2f
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/12/4
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/12/4
CVE-2018-9858
RESERVED
CVE-2018-9857 (PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field ...)
@@ -30318,7 +30575,7 @@ CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg throu
- ffmpeg 7:3.4.3-1 (low)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
- libav <not-affected> (Vulnerable code not present)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows physically pr ...)
NOT-FOR-US: Open Whisper Signal app for iOS
CVE-2018-9839 (An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a ...)
@@ -31026,6 +31283,7 @@ CVE-2018-9518 (In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possib
NOTE: Fixed by: https://git.kernel.org/linus/fe9c842695e26d8116b61b80bfb905356f07834b (4.16-rc3)
CVE-2018-9517 (In pppol2tp_connect, there is possible memory corruption due to a use ...)
- linux 4.14.2-1
+ [stretch] - linux 4.9.228-1
[jessie] - linux 3.16.51-1
NOTE: https://git.kernel.org/linus/f026bc29a8e093edfbb2a77700454b285c97e8ad
NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
@@ -31465,10 +31723,10 @@ CVE-2018-9335 (The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7
NOT-FOR-US: PAN-OS
CVE-2018-9334 (The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, ...)
NOT-FOR-US: PAN-OS
-CVE-2018-9333
- RESERVED
-CVE-2018-9332
- RESERVED
+CVE-2018-9333 (K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buff ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
+CVE-2018-9332 (K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: In ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-9331 (An issue was discovered in zzcms 8.2. user/adv.php allows remote attac ...)
NOT-FOR-US: zzcms
CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by t ...)
@@ -31633,7 +31891,7 @@ CVE-2018-9275 (In check_user_token in util.c in the Yubico PAM module (aka pam_y
NOTE: https://github.com/Yubico/yubico-pam/issues/136
CVE-2018-1002150 (Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access con ...)
- koji <not-affected> (Issue introduced in 1.12.0, cf. #894832)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/04/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/04/1
NOTE: https://docs.pagure.org/koji/CVE-2018-1002150/
NOTE: https://pagure.io/koji/issue/850
NOTE: Fixed by: https://pagure.io/koji/c/ab1ade7
@@ -32058,9 +32316,9 @@ CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-re
CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename acti ...)
NOT-FOR-US: DedeCMS
CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...)
+ {DLA-2333-1}
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick 8:6.9.10.2+dfsg-2 (low; bug #894848)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1072
@@ -32445,8 +32703,8 @@ CVE-2018-8961 (In libming 0.4.8, the decompilePUSHPARAM function of decompile.c
[wheezy] - ming 1:0.4.4-1.1+deb7u8
NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8960 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q1 ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.9.39+dfsg-1 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1020
@@ -32459,13 +32717,14 @@ CVE-2018-8958
CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related ...)
NOT-FOR-US: CoverCMS
CVE-2018-8956 (ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ...)
- - ntp <unfixed> (low)
- [buster] - ntp <no-dsa> (Minor issue)
+ - ntp 1:4.2.8p14+dfsg-1 (low)
+ [buster] - ntp <ignored> (Minor issue)
[stretch] - ntp <no-dsa> (Minor issue)
+ [jessie] - ntp <postponed> (Minor issue, requires being part of same broadcast network, no patch)
+ - ntpsec <not-affected> (Broadcast mode not present, see #961748)
NOTE: https://arxiv.org/abs/2005.01783
NOTE: https://nikhiltripathi.in/NTP_attack.pdf
NOTE: https://tools.ietf.org/html/rfc5905
- TODO: check ntpsec
CVE-2018-8955 (The installer for BitDefender GravityZone relies on an encoded string ...)
NOT-FOR-US: BitDefender GravityZone
CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote attackers to ...)
@@ -32619,7 +32878,7 @@ CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and I
NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
NOTE: https://xenbits.xen.org/xsa/advisory-260.html
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/08/4
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/08/4
CVE-2018-8896 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...)
NOT-FOR-US: 2345 Security Guard
CVE-2018-8895 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...)
@@ -32668,7 +32927,7 @@ CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-
[jessie] - nasm <no-dsa> (Minor issue)
[wheezy] - nasm <ignored> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392446
- NOTE: http://repo.or.cz/nasm.git/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 (nasm-2.13.02rc3)
+ NOTE: https://github.com/netwide-assembler/nasm/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 (nasm-2.13.02rc3)
CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check ...)
NOT-FOR-US: Lutron Quantum BACnet Integration
CVE-2018-8879 (Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS device ...)
@@ -32768,9 +33027,7 @@ CVE-2018-8833 (Heap-based buffer overflow vulnerabilities in Advantech WebAccess
CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable JavaScr ...)
NOT-FOR-US: enhavo
CVE-2018-8831 (A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through ...)
- - kodi <unfixed> (low)
- [buster] - kodi <ignored> (Minor issue)
- [stretch] - kodi <ignored> (Minor issue)
+ - kodi <not-affected> (Chorus not included in Kodi as shipped in Debian)
- xbmc <removed>
[jessie] - xbmc <no-dsa> (Minor issue)
[wheezy] - xbmc <no-dsa> (Minor issue)
@@ -32861,8 +33118,8 @@ CVE-2018-8806 (In libming 0.4.8, there is a use-after-free in the decompileArith
CVE-2018-8805 (Yxcms building system (compatible cell phone) v1.4.7 has XSS via the c ...)
NOT-FOR-US: Yxcms
CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remot ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.9.39+dfsg-1 (low)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f55d3a622d234e940fb99325b92c6d3df578fa9b
@@ -33095,14 +33352,14 @@ CVE-2018-8743
CVE-2018-8742
RESERVED
CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook file c ...)
+ {DLA-2432-1}
- jupyter-notebook 5.4.1-1 (bug #893436)
- [stretch] - jupyter-notebook <no-dsa> (Minor issue)
- ipython 5.1.0-2
[jessie] - ipython <no-dsa> (Minor issue)
[wheezy] - ipython <ignored> (Too invasive to fix)
NOTE: After the reupload of ipython to Debian as 4.1.2-1 via experimental
NOTE: src:ipython does not provide anymore the Notebook
- NOTE: http://www.openwall.com/lists/oss-security/2018/03/15/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/03/15/2
NOTE: Fixed by: https://github.com/jupyter/notebook/commit/4e79ebb49acac722b37b03f1fe811e67590d3831
NOTE: Ipython in Wheezy lacks sanitization of untrusted HTML completely
NOTE: which means in theory this CVE does not apply. However due to the absence of
@@ -33113,13 +33370,12 @@ CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook f
CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an authentica ...)
{DSA-4168-1 DLA-1344-1}
- squirrelmail <removed> (bug #893202)
- NOTE: http://www.openwall.com/lists/oss-security/2018/03/17/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/03/17/2
NOTE: https://sourceforge.net/p/squirrelmail/bugs/2846/
NOTE: https://sourceforge.net/p/squirrelmail/code/14751/
CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted using a ...)
- {DLA-1633-1}
+ {DLA-2340-1 DLA-1633-1}
- sqlite3 3.22.0-2 (bug #893195)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
[wheezy] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
NOTE: https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b
@@ -33154,12 +33410,12 @@ CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 allows
NOT-FOR-US: Kontena
CVE-2018-8727 (Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earli ...)
NOT-FOR-US: Path Traversal in Gateway in Mirasys DVMS Workstation
-CVE-2018-8726
- RESERVED
-CVE-2018-8725
- RESERVED
-CVE-2018-8724
- RESERVED
+CVE-2018-8726 (K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buff ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
+CVE-2018-8725 (K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Bu ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
+CVE-2018-8724 (K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Inco ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-8723
RESERVED
CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multip ...)
@@ -34390,7 +34646,7 @@ CVE-2018-8111 (A remote code execution vulnerability exists when Microsoft Edge
CVE-2018-8110 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
NOT-FOR-US: Microsoft
CVE-2018-1000132 (Mercurial version 4.5 and earlier contains a Incorrect Access Control ...)
- {DLA-1414-1 DLA-1331-1}
+ {DLA-2293-1 DLA-1414-1 DLA-1331-1}
- mercurial 4.5.2-1 (bug #892964)
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/2ecb0fc535b1 (4.5.2)
@@ -34564,8 +34820,8 @@ CVE-2018-8064
RESERVED
CVE-2018-8063
RESERVED
-CVE-2018-8062
- RESERVED
+CVE-2018-8062 (A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devic ...)
+ NOT-FOR-US: Comtrend
CVE-2018-8061 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileg ...)
NOT-FOR-US: HWiNFO AMD64 Kernel driver
CVE-2018-8060 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileg ...)
@@ -34606,10 +34862,10 @@ CVE-2018-8046 (The getTip() method of Action Columns of Sencha Ext JS 4 to 6 bef
NOT-FOR-US: Sencha
CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable ...)
NOT-FOR-US: Joomla!
-CVE-2018-8044
- RESERVED
+CVE-2018-8044 (K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Inco ...)
+ NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-8043 (The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in ...)
- - linux <unfixed> (unimportant)
+ - linux 4.16.5-1 (unimportant)
[jessie] - linux <not-affected> (Vulnerable code not present)
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5
@@ -34621,7 +34877,7 @@ CVE-2018-8041 (Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1
CVE-2018-8040 (Pages that are rendered using the ESI plugin can have access to the co ...)
{DSA-4282-1}
- trafficserver 7.1.4+ds-1
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/2
NOTE: https://github.com/apache/trafficserver/pull/3926
NOTE: https://github.com/apache/trafficserver/commit/cea07c03274807c1588dbdf03baa1537d958c92f
CVE-2018-8039 (It is possible to configure Apache CXF to use the com.sun.net.ssl impl ...)
@@ -34638,10 +34894,10 @@ CVE-2018-8037 (If an async request was completed by the application at the same
NOTE: https://svn.apache.org/r1833907 (8.5.x)
CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully c ...)
- libpdfbox-java 1:1.8.15-1 (low; bug #902776)
- - libpdfbox2-java 2.0.11-1 (low)
[stretch] - libpdfbox-java <no-dsa> (Minor issue)
[jessie] - libpdfbox-java <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/29/2
+ - libpdfbox2-java 2.0.11-1 (low)
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/29/2
CVE-2018-8035 (This vulnerability relates to the user's browser processing of DUCC we ...)
NOT-FOR-US: UIMA DUCC (subproject of Apache UIMA)
NOTE: https://uima.apache.org/security_report#CVE-2018-8035
@@ -34660,8 +34916,8 @@ CVE-2018-8034 (The host name verification when using TLS with the WebSocket clie
CVE-2018-8033 (In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apach ...)
NOT-FOR-US: Apache OFBiz
CVE-2018-8032 (Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site ...)
+ {DLA-2821-1}
- axis 1.4-28 (bug #905328)
- [stretch] - axis <no-dsa> (Minor issue)
[jessie] - axis <no-dsa> (Minor issue)
NOTE: https://issues.apache.org/jira/browse/AXIS-2924
NOTE: https://svn.apache.org/r1831943
@@ -34683,12 +34939,12 @@ CVE-2018-8026 (This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3
CVE-2018-8025 (CVE-2018-8025 describes an issue in Apache HBase that affects the opti ...)
NOT-FOR-US: Apache HBase
CVE-2018-8024 (In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possib ...)
- NOT-FOR-US: Apache Spark
+ - apache-spark <itp> (bug #802194)
CVE-2018-8023 (Apache Mesos can be configured to require authentication to call the E ...)
- apache-mesos <itp> (bug #760315)
CVE-2018-8022 (A carefully crafted invalid TLS handshake can cause Apache Traffic Ser ...)
- trafficserver 7.0.0-1
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/1
NOTE: Only affects 6.x, marking 7.0 as the fixed version
NOTE: https://github.com/apache/trafficserver/pull/2147
CVE-2018-8021 (Versions of Superset prior to 0.23 used an unsafe load method from the ...)
@@ -34739,14 +34995,14 @@ CVE-2018-8012 (No authentication/authorization is enforced when a server attempt
- zookeeper 3.4.10-2 (bug #899332)
[wheezy] - zookeeper <ignored> (changes are too intrusive to backport)
NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/21/6
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/21/6
NOTE: https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication
NOTE: https://issues.apache.org/jira/secure/attachment/12840904/ZOOKEEPER-1045-br-3-4.patch
CVE-2018-8011 (By specially crafting HTTP requests, the mod_md challenge handler woul ...)
- apache2 2.4.34-1 (bug #904107)
[stretch] - apache2 <not-affected> (Vulnerable code not present; mod_md module)
[jessie] - apache2 <not-affected> (Vulnerable code not present; mod_md module)
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/2
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011
CVE-2018-8010 (This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relat ...)
- lucene-solr <not-affected> (Do not allow to upload configsets via the API)
@@ -34770,14 +35026,14 @@ CVE-2018-8006 (An instance of a cross-site scripting vulnerability was identifie
CVE-2018-8005 (When there are multiple ranges in a range request, Apache Traffic Serv ...)
{DSA-4282-1}
- trafficserver 7.1.4+ds-1
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/4
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/4
NOTE: https://github.com/apache/trafficserver/pull/3106
NOTE: https://github.com/apache/trafficserver/pull/3124
NOTE: https://github.com/apache/trafficserver/commit/bbcbb7cf7f25ebfe3a97d792e889de618e41a6a4
CVE-2018-8004 (There are multiple HTTP smuggling and cache poisoning issues when clie ...)
{DSA-4282-1}
- trafficserver 7.1.4+ds-1
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/5
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/5
NOTE: https://github.com/apache/trafficserver/pull/3192
NOTE: https://github.com/apache/trafficserver/pull/3201
NOTE: https://github.com/apache/trafficserver/pull/3231
@@ -34790,6 +35046,7 @@ CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a direc
NOT-FOR-US: Apache Ambari
CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfPar ...)
- libpodofo <unfixed> (low; bug #892557)
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
@@ -35367,7 +35624,7 @@ CVE-2018-7756 (RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devi
CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in drivers/blo ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.18.10-1
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://lkml.org/lkml/2018/5/29/495
CVE-2018-7754 (The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the ...)
- linux 4.15.4-1
@@ -35380,9 +35637,8 @@ CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg through
- libav <not-affected> (Vulnerable code not present)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f
CVE-2018-7750 (transport.py in the SSH server implementation of Paramiko before 1.17. ...)
- {DLA-1556-1}
+ {DLA-2860-1 DLA-1556-1}
- paramiko 2.4.2-0.1 (bug #892859)
- [stretch] - paramiko <no-dsa> (Minor issue)
[wheezy] - paramiko <no-dsa> (Minor issue)
NOTE: https://github.com/paramiko/paramiko/issues/1175
NOTE: https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
@@ -35479,9 +35735,9 @@ CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory lea
NOTE: https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4 (v0.13.69)
NOTE: unzzipcat-mem and unzzipdir-mem not installed into binary packages.
CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error cause ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (low; bug #913165)
[stretch] - zziplib 0.13.62-3.2~deb9u1
- [jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/27
NOTE: https://github.com/gdraheim/zziplib/issues/41
@@ -35489,9 +35745,9 @@ CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error
NOTE: https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be (v0.13.69)
NOTE: https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b (v0.13.69)
CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory address ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (low; bug #913165)
[stretch] - zziplib 0.13.62-3.2~deb9u1
- [jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/39
NOTE: https://github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06 (v0.13.69)
@@ -35753,37 +36009,32 @@ CVE-2018-7642 (The swap_std_reloc_in function in aoutx.h in the Binary File Desc
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22887
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25
CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
- [stretch] - cimg <no-dsa> (Minor issue)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/185
NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7640 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
- [stretch] - cimg <no-dsa> (Minor issue)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/185
NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7639 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
- [stretch] - cimg <no-dsa> (Minor issue)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/185
NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7638 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
- [stretch] - cimg <no-dsa> (Minor issue)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/185
NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7637 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
- [stretch] - cimg <no-dsa> (Minor issue)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/185
NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
@@ -35884,21 +36135,20 @@ CVE-2018-7591
CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in acco ...)
NOT-FOR-US: Hoosk
CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in load_bmp in CI ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
- [stretch] - cimg <no-dsa> (Minor issue)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/184
NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1 (low; bug #892780)
- [stretch] - cimg <no-dsa> (Minor issue)
[wheezy] - cimg <no-dsa> (Minor issue)
NOTE: https://github.com/dtschump/CImg/issues/183
NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
CVE-2018-7587 (An issue was discovered in CImg v.220. DoS occurs when loading a craft ...)
- cimg <unfixed> (low; bug #892780; bug #940951)
+ [bullseye] - cimg <no-dsa> (Minor issue)
[buster] - cimg <no-dsa> (Minor issue)
[stretch] - cimg <no-dsa> (Minor issue)
[jessie] - cimg <no-dsa> (Minor issue)
@@ -35922,16 +36172,15 @@ CVE-2018-7582 (WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of S
NOT-FOR-US: WebLog Expert Web Server Enterprise
CVE-2018-7581 (\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert We ...)
NOT-FOR-US: WebLog Expert Web Server Enterprise
-CVE-2018-7580
- RESERVED
+CVE-2018-7580 (Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN ...)
+ NOT-FOR-US: Philips Hue
CVE-2018-7579 (\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has ...)
NOT-FOR-US: YzmCMS
CVE-2018-7578
RESERVED
CVE-2018-7577 (Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Go ...)
- - snappy <undetermined>
+ - tensorflow <itp> (bug #804612)
NOTE: https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md
- NOTE: There are no useful details, could just as well be a misuse of snappy by Tensorflow
CVE-2018-7576 (Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Deref ...)
- tensorflow <itp> (bug #804612)
CVE-2018-7575 (Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow v ...)
@@ -36019,7 +36268,7 @@ CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample
NOT-FOR-US: OPC UA .NET
CVE-2018-7558
RESERVED
-CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
+CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 thro ...)
{DSA-4249-1 DLA-1630-1}
- ffmpeg 7:3.4.3-1
- libav <removed>
@@ -36255,13 +36504,14 @@ CVE-2018-1000098 (Teluu PJSIP version 2.7.1 and earlier contains a Integer Overf
NOTE: http://downloads.asterisk.org/pub/security/AST-2018-002.html
NOTE: https://trac.pjsip.org/repos/ticket/2093
NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN)
-CVE-2018-1000101 (Mingw-w64 version 5.0.3 and earlier contains an Improper Null Terminat ...)
- - mingw-w64 <unfixed> (low; bug #897196)
+CVE-2018-1000101 (Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains a ...)
+ - mingw-w64 8.0.0-1 (low; bug #897196)
[buster] - mingw-w64 <ignored> (Minor issue)
[stretch] - mingw-w64 <ignored> (Minor issue)
[jessie] - mingw-w64 <ignored> (Minor issue)
[wheezy] - mingw-w64 <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/mingw-w64/bugs/709/
+ NOTE: https://sourceforge.net/p/mingw-w64/mingw-w64/ci/dc3b2e2bfa9b5a4fcee6f0123047ecc5a6a35d1f (v8.0.0)
CVE-2018-7481
RESERVED
CVE-2018-7480 (The blkcg_init_queue function in block/blk-cgroup.c in the Linux kerne ...)
@@ -36364,9 +36614,8 @@ CVE-2018-7445 (A buffer overflow was found in the MikroTik RouterOS SMB service
CVE-2018-7444
RESERVED
CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q1 ...)
- {DLA-1293-1}
+ {DLA-2333-1 DLA-1293-1}
- imagemagick 8:6.9.9.39+dfsg-1 (low; bug #891291)
- [stretch] - imagemagick <ignored> (Minor issue)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/999
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1f7c6b153882896e7a569a6e8a362ce2a11a8b1f
@@ -36775,11 +37024,11 @@ CVE-2018-7306
CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitra ...)
NOT-FOR-US: MyBB
CVE-2018-7304 (Tiki 17.1 does not validate user input for special characters; consequ ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content, ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port witho ...)
NOT-FOR-US: eQ-3 AG HomeMatic CCU2 2.29.22 devices
CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code Execution in ...)
@@ -36803,7 +37052,7 @@ CVE-2018-7292
CVE-2018-7291
RESERVED
CVE-2018-7290 (Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, an ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communication.c ...)
NOT-FOR-US: Armadito
CVE-2018-7288
@@ -36853,9 +37102,11 @@ CVE-2018-1000089 (Anymail django-anymail version version 0.2 through 1.3 contain
NOTE: https://github.com/anymail/django-anymail/commit/1a6086f2b58478d71f89bf27eb034ed81aefe5ef
CVE-2018-1000088 (Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting ...)
- ruby-doorkeeper 4.3.1-1 (bug #891069)
- [stretch] - ruby-doorkeeper <no-dsa> (Minor issue)
+ [stretch] - ruby-doorkeeper <ignored> (Minor issue, no reverse dependencies, requires changes in calling code)
NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/969
- NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/970
+ NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/7b1a8373ecd69768c896000c7971dbf48948c1b5 (v4.2.6)
+ NOTE: https://blog.justinbull.ca/cve-2018-1000088-stored-xss-in-doorkeeper/
+ NOTE: Most reverse dependencies need to manual update their templates
CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Script ...)
NOT-FOR-US: WolfCMS
CVE-2018-1000086 (NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a ...)
@@ -36865,7 +37116,7 @@ CVE-2018-1000085 (ClamAV version version 0.99.3 contains a Out of bounds heap me
- clamav 0.99.3~beta1+dfsg-1
[stretch] - clamav 0.99.4+dfsg-1+deb9u1
NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
- NOTE: http://www.openwall.com/lists/oss-security/2017/09/29/4
+ NOTE: https://www.openwall.com/lists/oss-security/2017/09/29/4
CVE-2018-1000084 (WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site S ...)
NOT-FOR-US: WolfCMS
CVE-2018-1000083 (Ajenti version version 2 contains a Improper Error Handling vulnerabil ...)
@@ -36883,7 +37134,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
[wheezy] - rubygems <not-affected> (Vulnerable code not present)
- jruby 9.1.17.0-1 (bug #895778)
[jessie] - jruby <not-affected> (Vulnerable code not present)
@@ -36897,7 +37148,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -36907,7 +37158,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -36917,7 +37168,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -36927,7 +37178,7 @@ CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -36938,7 +37189,7 @@ CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
[wheezy] - rubygems <no-dsa> (Minor issue)
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d
@@ -36950,7 +37201,7 @@ CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code not present)
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
[wheezy] - rubygems <not-affected> (Vulnerable code not present)
- jruby 9.1.17.0-2.1 (bug #895778; bug #925986)
[jessie] - jruby <not-affected> (Vulnerable code not present)
@@ -36993,7 +37244,7 @@ CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals the
[stretch] - linux <ignored> (Minor issue)
[jessie] - linux <ignored> (Minor issue)
[wheezy] - linux <ignored> (Minor issue)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://lkml.org/lkml/2018/2/20/669
CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as par ...)
NOT-FOR-US: ForgeRock AM
@@ -37033,7 +37284,7 @@ CVE-2018-7261 (There are multiple Persistent XSS vulnerabilities in Radiant CMS
NOT-FOR-US: Radiant CMS
CVE-2018-7260 (Cross-site scripting (XSS) vulnerability in db_central_columns.php in ...)
- phpmyadmin 4:4.9.1+dfsg1-2 (bug #893539)
- [stretch] - phpmyadmin <no-dsa> (Minor issue)
+ [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3e8745e8845633ae8a0054b5ee4d8babd5
@@ -37215,7 +37466,7 @@ CVE-2018-7190
CVE-2018-7189
RESERVED
CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an au ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -insecure command-li ...)
{DSA-4380-1 DSA-4379-1 DLA-1294-1}
- golang-1.10 1.10.1-1
@@ -37364,69 +37615,69 @@ CVE-2018-7159 (The HTTP parser in all current versions of Node.js ignores spaces
CVE-2018-7158 (The `'path'` module in the Node.js 4.x release line contains a potenti ...)
- nodejs 6.0.0~dfsg-1 (unimportant)
CVE-2018-7157
- RESERVED
+ REJECTED
CVE-2018-7156
- RESERVED
+ REJECTED
CVE-2018-7155
- RESERVED
+ REJECTED
CVE-2018-7154
- RESERVED
+ REJECTED
CVE-2018-7153
- RESERVED
+ REJECTED
CVE-2018-7152
- RESERVED
+ REJECTED
CVE-2018-7151
- RESERVED
+ REJECTED
CVE-2018-7150
- RESERVED
+ REJECTED
CVE-2018-7149
- RESERVED
+ REJECTED
CVE-2018-7148
- RESERVED
+ REJECTED
CVE-2018-7147
- RESERVED
+ REJECTED
CVE-2018-7146
- RESERVED
+ REJECTED
CVE-2018-7145
- RESERVED
+ REJECTED
CVE-2018-7144
- RESERVED
+ REJECTED
CVE-2018-7143
- RESERVED
+ REJECTED
CVE-2018-7142
- RESERVED
+ REJECTED
CVE-2018-7141
- RESERVED
+ REJECTED
CVE-2018-7140
- RESERVED
+ REJECTED
CVE-2018-7139
- RESERVED
+ REJECTED
CVE-2018-7138
- RESERVED
+ REJECTED
CVE-2018-7137
- RESERVED
+ REJECTED
CVE-2018-7136
- RESERVED
+ REJECTED
CVE-2018-7135
- RESERVED
+ REJECTED
CVE-2018-7134
- RESERVED
+ REJECTED
CVE-2018-7133
- RESERVED
+ REJECTED
CVE-2018-7132
- RESERVED
+ REJECTED
CVE-2018-7131
- RESERVED
+ REJECTED
CVE-2018-7130
- RESERVED
+ REJECTED
CVE-2018-7129
- RESERVED
+ REJECTED
CVE-2018-7128
- RESERVED
+ REJECTED
CVE-2018-7127
- RESERVED
+ REJECTED
CVE-2018-7126
- RESERVED
+ REJECTED
CVE-2018-7125 (A remote code execution vulnerability was identified in HPE Intelligen ...)
NOT-FOR-US: HPE
CVE-2018-7124 (A remote code execution vulnerability was identified in HPE Intelligen ...)
@@ -37500,15 +37751,15 @@ CVE-2018-7091 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has op
CVE-2018-7090 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has local a ...)
NOT-FOR-US: HPE
CVE-2018-7089
- RESERVED
+ REJECTED
CVE-2018-7088
- RESERVED
+ REJECTED
CVE-2018-7087
- RESERVED
+ REJECTED
CVE-2018-7086
- RESERVED
+ REJECTED
CVE-2018-7085
- RESERVED
+ REJECTED
CVE-2018-7084 (A command injection vulnerability is present that permits an unauthent ...)
NOT-FOR-US: Aruba
CVE-2018-7083 (If a process running within Aruba Instant crashes, it may leave behind ...)
@@ -37554,9 +37805,9 @@ CVE-2018-7064 (A reflected cross-site scripting (XSS) vulnerability is present i
CVE-2018-7063 (In Aruba ClearPass, disabled API admins can still perform read/write o ...)
NOT-FOR-US: Aruba
CVE-2018-7062
- RESERVED
+ REJECTED
CVE-2018-7061
- RESERVED
+ REJECTED
CVE-2018-7060 (Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulne ...)
NOT-FOR-US: Aruba ClearPass
CVE-2018-7059 (Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that hel ...)
@@ -38064,10 +38315,9 @@ CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attac
CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 v ...)
NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a c ...)
- {DLA-1287-1}
+ {DLA-2258-1 DLA-1287-1}
- zziplib 0.13.62-3.2 (bug #889089)
[stretch] - zziplib 0.13.62-3.2~deb9u1
- [jessie] - zziplib <no-dsa> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/22
NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / Dea ...)
@@ -38272,12 +38522,12 @@ CVE-2018-6790 (An issue was discovered in KDE Plasma Workspace before 5.12.0. da
- plasma-workspace 4:5.12.0-2
[stretch] - plasma-workspace <ignored> (Minor issue, too intrusive to backport)
NOTE: https://phabricator.kde.org/D10188
- NOTE: https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c
- NOTE: https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938
+ NOTE: https://github.com/KDE/plasma-workspace/commit/5bc696b5abcdb460c1017592e80b2d7f6ed3107c
+ NOTE: https://github.com/KDE/plasma-workspace/commit/8164beac15ea34ec0d1564f0557fe3e742bdd938
CVE-2018-6789 (An issue was discovered in the base64d function in the SMTP listener i ...)
{DSA-4110-1 DLA-1274-1}
- exim4 4.90.1-1 (bug #890000)
- NOTE: http://www.openwall.com/lists/oss-security/2018/02/07/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/02/07/2
NOTE: https://exim.org/static/doc/security/CVE-2018-6789.txt
NOTE: https://bugs.exim.org/show_bug.cgi?id=2235
NOTE: https://git.exim.org/exim.git/commit/062990cc1b2f9e5d82a413b53c8f0569075de700
@@ -38791,25 +39041,27 @@ CVE-2018-1000040 (In MuPDF 1.12.0 and earlier, multiple use of uninitialized val
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5603
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5609
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5610
- NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=83d4dae44c71816c084a635550acc1a51529b881;hp=f597300439e62f5e921f0d7b1e880b5c1a1f1607
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=83d4dae44c71816c084a635550acc1a51529b881;hp=f597300439e62f5e921f0d7b1e880b5c1a1f1607
CVE-2018-1000039 (In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the ...)
- mupdf 1.13.0+ds1-1
+ [stretch] - mupdf <not-affected> (vulnerable code not present)
[jessie] - mupdf <not-affected> (vulnerable code not present)
[wheezy] - mupdf <not-affected> (vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5492
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5513
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5521
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5604
- NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e
- NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
- NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
CVE-2018-1000038 (In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_l ...)
- mupdf 1.13.0+ds1-1
+ [stretch] - mupdf <not-affected> (vulnerable code not present)
[jessie] - mupdf <not-affected> (vulnerable code not present)
[wheezy] - mupdf <not-affected> (vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5494
- NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
- NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF ...)
{DSA-4334-1}
- mupdf 1.13.0+ds1-1
@@ -38820,14 +39072,15 @@ CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564
- NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
- NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb
- NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c
CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser a ...)
+ {DLA-2765-1}
- mupdf 1.14.0+ds1-1 (unimportant; bug #900129)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699695
- NOTE: http://git.ghostscript.com/?p=mupdf.git;h=985fdcfc117a3bd4bc097cdcae8347b3787fbab2
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;h=985fdcfc117a3bd4bc097cdcae8347b3787fbab2
NOTE: negligible security impact, memory leak in CLI tool
CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version &lt;= 6. ...)
{DLA-2082-1}
@@ -38876,13 +39129,14 @@ CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases
- golang-1.9 1.9.4-1
- golang-1.8 <removed>
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue)
+ [stretch] - golang-1.7 <ignored> (Minor issue, may break packages compilation, ignored for 1.7 by package maintainers)
- golang <removed>
[jessie] - golang <ignored> (Minor issue)
[wheezy] - golang <ignored> (Minor issue)
NOTE: https://github.com/golang/go/issues/23672
- NOTE: https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6
- NOTE: https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a
+ NOTE: https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6 (1.8.x)
+ NOTE: https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a (1.9.x)
+ NOTE: https://github.com/golang/go/issues/23749 (regressions)
CVE-2018-6573
RESERVED
CVE-2018-6572
@@ -38936,11 +39190,11 @@ CVE-2018-6556 (lxc-user-nic when asked to delete a network interface will uncond
CVE-2018-6555 (The irda_setsockopt function in net/irda/af_irda.c and later in driver ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.3-1
- NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/09/04/2
CVE-2018-6554 (Memory leak in the irda_bind function in net/irda/af_irda.c and later ...)
{DSA-4308-1 DLA-1715-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.3-1
- NOTE: http://www.openwall.com/lists/oss-security/2018/09/04/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/09/04/2
CVE-2018-6553 (The CUPS AppArmor profile incorrectly confined the dnssd backend due t ...)
{DSA-4243-1 DLA-1426-1}
- cups 2.2.8-5 (bug #903605)
@@ -38973,9 +39227,9 @@ CVE-2018-6544 (pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could
{DSA-4152-1}
- mupdf 1.12.0+ds1-1 (bug #891245)
[wheezy] - mupdf <ignored> (Most likely not affected, minor issue)
- NOTE: http://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d
NOTE: above patch is not needed in Jessie, as there is no fz_try() used in this version
- NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698830
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698965
NOTE: https://lists.debian.org/debian-lts/2018/03/msg00043.html
@@ -38992,16 +39246,16 @@ CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_
NOTE: https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e (v0.13.68)
NOTE: Negligible impact and unzzipcat utility not installed into binary packages
CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a misali ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #889089)
[stretch] - zziplib 0.13.62-3.2~deb9u1
- [jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/16
NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a misali ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #923659)
[stretch] - zziplib 0.13.62-3.2~deb9u1
- [jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/15
NOTE: https://github.com/gdraheim/zziplib/commit/72ec933663f738d8e166979aa7fd5590b2104a07 (v0.13.68)
@@ -39022,13 +39276,13 @@ CVE-2018-6535 (An issue was discovered in Icinga 2.x through 2.8.1. The lack of
[jessie] - icinga2 <no-dsa> (Minor issue)
NOTE: https://github.com/Icinga/icinga2/issues/4920
NOTE: https://github.com/Icinga/icinga2/pull/5715
- NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3
+ NOTE: https://www.openwall.com/lists/oss-security/2018/03/22/3
CVE-2018-6534 (An issue was discovered in Icinga 2.x through 2.8.1. By sending specia ...)
- icinga2 2.8.4-1 (low; bug #897301)
[stretch] - icinga2 <no-dsa> (Minor issue)
[jessie] - icinga2 <no-dsa> (Minor issue)
NOTE: https://github.com/Icinga/icinga2/pull/6104
- NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3
+ NOTE: https://www.openwall.com/lists/oss-security/2018/03/22/3
CVE-2018-6533 (An issue was discovered in Icinga 2.x through 2.8.1. By editing the in ...)
- icinga2 2.8.4-1 (low; bug #897301)
[stretch] - icinga2 <no-dsa> (Minor issue)
@@ -39042,7 +39296,7 @@ CVE-2018-6532 (An issue was discovered in Icinga 2.x through 2.8.1. By sending s
[stretch] - icinga2 <no-dsa> (Minor issue)
[jessie] - icinga2 <no-dsa> (Minor issue)
NOTE: https://github.com/Icinga/icinga2/pull/6103
- NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3
+ NOTE: https://www.openwall.com/lists/oss-security/2018/03/22/3
CVE-2018-6531
RESERVED
CVE-2018-6530 (OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin ...)
@@ -39174,9 +39428,9 @@ CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign i
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22343
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory alignment error and bus error in ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #889089)
[stretch] - zziplib 0.13.62-3.2~deb9u1
- [jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/14
NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
@@ -39252,14 +39506,14 @@ CVE-2018-6451
RESERVED
CVE-2018-6450
RESERVED
-CVE-2018-6449
- RESERVED
-CVE-2018-6448
- RESERVED
-CVE-2018-6447
- RESERVED
-CVE-2018-6446
- RESERVED
+CVE-2018-6449 (Host Header Injection vulnerability in the http management interface i ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2018-6448 (A vulnerability in the management interface in Brocade Fabric OS Versi ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2018-6447 (A Reflective XSS Vulnerability in HTTP Management Interface in Brocade ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2018-6446 (A vulnerability in Brocade Network Advisor Version Before 14.3.1 could ...)
+ NOT-FOR-US: Brocade
CVE-2018-6445 (A Vulnerability in Brocade Network Advisor versions before 14.0.3 coul ...)
NOT-FOR-US: Brocade
CVE-2018-6444 (A Vulnerability in Brocade Network Advisor versions before 14.1.0 coul ...)
@@ -39416,10 +39670,10 @@ CVE-2018-6382 (** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL
- mantis <removed>
[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
NOTE: https://mantisbt.org/bugs/view.php?id=23908
-CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid me ...)
+CVE-2018-6381 (In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13. ...)
+ {DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #889096)
[stretch] - zziplib 0.13.62-3.2~deb9u1
- [jessie] - zziplib <no-dsa> (Minor issue)
[wheezy] - zziplib <ignored> (Minor issue)
NOTE: https://github.com/gdraheim/zziplib/issues/12
NOTE: https://github.com/gdraheim/zziplib/commit/a803559fa9194be895422ba3684cf6309b6bb598 (v0.13.68)
@@ -39460,7 +39714,7 @@ CVE-2018-1000026 (Linux Linux kernel version at least v4.8 onwards, probably wel
- linux 4.16.5-1
[stretch] - linux 4.9.161-1
[jessie] - linux <ignored> (Minor issue, requires core networking changes)
- [jessie] - linux-4.9 <unfixed>
+ - linux-4.9 <removed>
NOTE: https://patchwork.ozlabs.org/patch/859410/
NOTE: http://lists.openwall.net/netdev/2018/01/16/40
NOTE: http://lists.openwall.net/netdev/2018/01/18/96
@@ -39531,7 +39785,7 @@ CVE-2018-6355 (/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep
CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS ...)
NOT-FOR-US: Formspree
CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 sup ...)
- - electrum <unfixed> (bug #890003; unimportant)
+ - electrum 3.2.3-1 (bug #890003; unimportant)
NOTE: https://github.com/spesmilo/electrum/issues/3678
NOTE: https://github.com/spesmilo/electrum/pull/3700
CVE-2018-6352 (In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::Rea ...)
@@ -39591,7 +39845,7 @@ CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of i
CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized obje ...)
NOT-FOR-US: Buck parser-cache
CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php ...)
- NOT-FOR-US: Laravel Framework
+ - php-laravel-framework <undetermined>
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpex ...)
NOT-FOR-US: Unitrends Backup
CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user in ...)
@@ -39754,8 +40008,8 @@ CVE-2018-6260 (NVIDIA graphics driver contains a vulnerability that may allow ac
- nvidia-graphics-drivers-legacy-390xx 390.116-1
[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
@@ -39780,7 +40034,7 @@ CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in the DirectX
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
@@ -39798,7 +40052,7 @@ CVE-2018-6249 (NVIDIA GPU Display Driver contains a vulnerability in kernel mode
[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed>
[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
- [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
@@ -39916,7 +40170,9 @@ CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pd
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?5e411a99604ff6be5db9e273ee84737204113299
CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has a ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=25821e6d74fab5fcc200fe5e818362e03e114428
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698920
CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description field on ...)
NOT-FOR-US: Netis WF2419 V3.2.41381 devices
CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when the ~/ ...)
@@ -40209,8 +40465,7 @@ CVE-2018-6126 (A precision error in Skia in Google Chrome prior to 67.0.3396.62
- firefox-esr 52.8.1esr-1
- skia <itp> (bug #818180)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/
-CVE-2018-6125
- RESERVED
+CVE-2018-6125 (Insufficient policy enforcement in USB in Google Chrome on Windows pri ...)
{DSA-4237-1}
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -40225,8 +40480,7 @@ CVE-2018-6123 (A use after free in Blink in Google Chrome prior to 67.0.3396.62
- chromium-browser 67.0.3396.62-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
-CVE-2018-6122
- RESERVED
+CVE-2018-6122 (Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 ...)
{DSA-4237-1}
- chromium-browser 66.0.3359.181-1
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
@@ -40541,11 +40795,9 @@ CVE-2018-6060 (Use after free in WebAudio in Google Chrome prior to 65.0.3325.14
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6059
- RESERVED
- - chromium-browser <not-affected> (Chromium doesn't bundle Flash)
+ REJECTED
CVE-2018-6058
- RESERVED
- - chromium-browser <not-affected> (Chromium doesn't bundle Flash)
+ REJECTED
CVE-2018-6057 (Lack of special casing of Android ashmem in Google Chrome prior to 65. ...)
{DSA-4182-1}
- chromium-browser 65.0.3325.146-1
@@ -40614,10 +40866,7 @@ CVE-2018-6045 (Insufficient policy enforcement in DevTools in Google Chrome prio
[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6044
- RESERVED
- {DSA-4256-1}
- - chromium-browser 68.0.3440.75-1
- [jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
+ REJECTED
CVE-2018-6043 (Insufficient data validation in External Protocol Handler in Google Ch ...)
{DSA-4103-1}
- chromium-browser 64.0.3282.119-1
@@ -41155,21 +41404,18 @@ CVE-2018-5821 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android
CVE-2018-5820 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-5819 (An error within the "parse_sinar_ia()" function (internal/dcraw_common ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.19.1-1
- [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5818 (An error within the "parse_rollei()" function (internal/dcraw_common.c ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.19.1-1
- [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5817 (A type confusion error within the "unpacked_load_raw()" function withi ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.19.1-1
- [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5816 (An integer overflow error within the "identify()" function (internal/d ...)
@@ -41179,8 +41425,8 @@ CVE-2018-5816 (An integer overflow error within the "identify()" function (inter
NOTE: http://seclists.org/bugtraq/2018/Jul/58
NOTE: Issue caused by an incomplete fix for CVE-2018-5804
CVE-2018-5815 (An integer overflow error within the "parse_qt()" function (internal/d ...)
+ {DLA-2903-1}
- libraw 0.18.13-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: http://seclists.org/bugtraq/2018/Jul/58
CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4. ...)
@@ -41190,55 +41436,54 @@ CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and
NOTE: https://git.kernel.org/linus/22076557b07c12086eeb16b8ce2b0b735f7a27e7
NOTE: https://git.kernel.org/linus/c171654caa875919be3c533d3518da8be5be966e
CVE-2018-5813 (An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibR ...)
+ {DLA-2903-1}
- libraw 0.18.11-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/
CVE-2018-5812 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...)
+ {DLA-2903-1}
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5811 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...)
+ {DLA-2903-1}
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5810 (An error within the "rollei_load_raw()" function (internal/dcraw_commo ...)
+ {DLA-2903-1}
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5809 (An error within the "LibRaw::parse_exif()" function (internal/dcraw_co ...)
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
[jessie] - libraw <not-affected> (Vulnerable code not present)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5808 (An error within the "find_green()" function (internal/dcraw_common.cpp ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5807 (An error within the "samsung_load_raw()" function (internal/dcraw_comm ...)
+ {DLA-2903-1}
- libraw 0.18.11-1
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5806 (An error within the "leaf_hdr_load_raw()" function (internal/dcraw_com ...)
+ {DLA-2903-1}
- libraw 0.18.8-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5805 (A boundary error within the "quicktake_100_load_raw()" function (inter ...)
+ {DLA-2903-1}
- libraw 0.18.8-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5804 (A type confusion error within the "identify()" function (internal/dcra ...)
+ {DLA-2903-1}
- libraw 0.18.8-1 (low)
- [stretch] - libraw <no-dsa> (Minor issue)
[jessie] - libraw <no-dsa> (Minor issue)
NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4 ...)
@@ -41246,23 +41491,20 @@ CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.1
- linux 4.15.11-1
NOTE: Fixed by: https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
CVE-2018-5802 (An error within the "kodak_radc_load_raw()" function (internal/dcraw_c ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.7-1
- [stretch] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5801 (An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) i ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.7-1
- [stretch] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5800 (An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" functi ...)
- {DLA-1734-1}
+ {DLA-2903-1 DLA-1734-1}
- libraw 0.18.7-1
- [stretch] - libraw <no-dsa> (Minor issue)
[wheezy] - libraw <ignored> (Minor issue)
NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
@@ -41298,8 +41540,8 @@ CVE-2018-5788 (An issue was discovered in Extreme Networks ExtremeWireless WiNG
CVE-2018-5787 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #888506)
- [stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/91
@@ -41376,9 +41618,8 @@ CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packe
CVE-2018-5765
RESERVED
CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync before 3. ...)
- {DLA-1725-1 DLA-1247-1}
+ {DLA-2833-1 DLA-1725-1 DLA-1247-1}
- rsync 3.1.2-2.2 (bug #887588)
- [stretch] - rsync <no-dsa> (Minor issue)
NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 ...)
NOT-FOR-US: OXID eShop Enterprise Edition
@@ -41389,7 +41630,9 @@ CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was f
CVE-2018-5760
RESERVED
CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=4d45a96e57fbabf00a7378b337d0ddcace6f38c1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698868
CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0. ...)
NOT-FOR-US: Aurea Jive Jive-n
CVE-2018-5757 (An issue was discovered on AudioCodes 450HD IP Phone devices with firm ...)
@@ -41420,8 +41663,8 @@ CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial
NOTE: https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276
CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #898451)
- [stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/90
@@ -41466,9 +41709,8 @@ CVE-2018-5741 (To provide fine-grained controls over the ability to use Dynamic
NOTE: No code fix provided; Incorrect documentation of krb5-subdomain and ms-subdomain update policies.
NOTE: Will be adressed in 9.11.5, 9.12.3
CVE-2018-5740 ("deny-answer-aliases" is a little-used feature intended to help recurs ...)
- {DLA-1485-1}
+ {DLA-2807-1 DLA-1485-1}
- bind9 1:9.11.4.P1+dfsg-1 (bug #905743)
- [stretch] - bind9 <postponed> (Can be fixed along in the next DSA)
NOTE: https://kb.isc.org/article/AA-01639/74/CVE-2018-5740
NOTE: https://gitlab.isc.org/isc-projects/bind9/merge_requests/607/commits
CVE-2018-5739 (An extension to hooks capabilities which debuted in Kea 1.4.0 introduc ...)
@@ -41505,15 +41747,15 @@ CVE-2018-5733 (A malicious client which is allowed to send very large amounts of
- isc-dhcp 4.3.5-3.1 (bug #891785)
NOTE: https://kb.isc.org/article/AA-01567/75/CVE-2018-5733
NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47140
- NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=197b26f25309f947b97a83b8fdfc414b767798f8 (4.4.1)
- NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
+ NOTE: https://gitlab.isc.org/isc-projects/dhcp/-/commit/197b26f25309f947b97a83b8fdfc414b767798f8 (4.4.1)
+ NOTE: Fixes for 4.3.6p1: https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2018-5732 (Failure to properly bounds-check a buffer used for processing DHCP opt ...)
{DSA-4133-1 DLA-1313-1}
- isc-dhcp 4.3.5-3.1 (bug #891786)
NOTE: https://kb.isc.org/article/AA-01565/75/CVE-2018-5732
NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47139
- NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=c5931725b48b121d232df4ba9e45bc41e0ba114d (4.4.1)
- NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
+ NOTE: https://gitlab.isc.org/isc-projects/dhcp/-/commit/c5931725b48b121d232df4ba9e45bc41e0ba114d (4.4.1)
+ NOTE: Fixes for 4.3.6p1: https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in ...)
- curl 7.58.0-1
[stretch] - curl 7.52.1-5+deb9u4
@@ -41526,15 +41768,13 @@ CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds
CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the scannin ...)
NOT-FOR-US: Heimdal PRO
CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...)
- {DLA-1643-1}
+ {DLA-2771-1 DLA-1643-1}
- krb5 1.16.1-1 (bug #891869)
- [stretch] - krb5 <no-dsa> (Minor issue)
[wheezy] - krb5 <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
CVE-2018-5729 (MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...)
- {DLA-1643-1}
+ {DLA-2771-1 DLA-1643-1}
- krb5 1.16.1-1 (bug #891869)
- [stretch] - krb5 <no-dsa> (Minor issue)
[wheezy] - krb5 <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to obta ...)
@@ -41680,7 +41920,7 @@ CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and appl
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860
NOTE: pdf_parse_array function in source/pdf/pdf-parse.c does not consider
NOTE: EOF.
- NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=b70eb93f6936c03d8af52040bbca4d4a7db39079
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=b70eb93f6936c03d8af52040bbca4d4a7db39079
CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and application ha ...)
{DSA-4321-1 DLA-1456-1 DLA-1245-1}
- graphicsmagick 1.3.27-4 (bug #887158)
@@ -41764,8 +42004,8 @@ CVE-2018-5652 (An issue was discovered in the dark-mode plugin 1.6 for WordPress
CVE-2018-5651 (An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS ...)
NOT-FOR-US: dark-mode plugin for WordPress
CVE-2018-5650 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...)
+ {DLA-2725-1}
- lrzip 0.631+git180517-1 (bug #887065)
- [stretch] - lrzip <no-dsa> (Minor issue)
[jessie] - lrzip <no-dsa> (Minor issue)
[wheezy] - lrzip <no-dsa> (Minor issue)
NOTE: https://github.com/ckolivas/lrzip/issues/88
@@ -42302,7 +42542,7 @@ CVE-2018-5394
CVE-2018-5393 (The TP-LINK EAP Controller is TP-LINK's software for remotely controll ...)
NOT-FOR-US: TP-LINK
CVE-2018-5392 (mingw-w64 version 5.0.4 by default produces executables that opt in to ...)
- - mingw-w64 <unfixed> (unimportant)
+ - mingw-w64 <unfixed> (unimportant; bug #968277)
NOTE: https://sourceforge.net/p/mingw-w64/mailman/message/31034877/
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17321
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19011
@@ -42350,7 +42590,7 @@ CVE-2018-5383 (Bluetooth firmware or operating system software drivers in macOS
- firmware-nonfree 20190114-1
[stretch] - firmware-nonfree 20161130-5
NOTE: http://www.cs.technion.ac.il/~biham/BT/
-CVE-2018-5382 (Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC that i ...)
+CVE-2018-5382 (The default BKS keystore use an HMAC that is only 16 bits long, which ...)
- bouncycastle 1.48+dfsg-2
[wheezy] - bouncycastle <ignored> (this only affects the integrity verification and not the content of the BKS keystore)
NOTE: https://insights.sei.cmu.edu/cert/2018/03/the-curious-case-of-the-bouncy-castle-bks-passwords.html
@@ -42388,7 +42628,7 @@ CVE-2018-5375 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_spac
CVE-2018-5702 (Transmission through 2.92 relies on X-Transmission-Session-Id (which i ...)
{DSA-4087-1 DLA-1246-1}
- transmission 2.92-3 (bug #886990)
- NOTE: http://www.openwall.com/lists/oss-security/2018/01/12/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/01/12/1
NOTE: https://github.com/transmission/transmission/pull/468
NOTE: Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
@@ -42447,10 +42687,10 @@ CVE-2018-5356
RESERVED
CVE-2018-5355
RESERVED
-CVE-2018-5354
- RESERVED
-CVE-2018-5353
- RESERVED
+CVE-2018-5354 (The custom GINA/CP module in ANIXIS Password Reset Client before versi ...)
+ NOT-FOR-US: ANIXIS
+CVE-2018-5353 (The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus befo ...)
+ NOT-FOR-US: Zoho ManageEngine
CVE-2018-5352
RESERVED
CVE-2018-5351
@@ -42475,7 +42715,7 @@ CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of g
[jessie] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
- eglibc <removed>
[wheezy] - eglibc <postponed> (Minor issue, can be fixed along in next DSA)
- NOTE: http://www.openwall.com/lists/oss-security/2018/01/11/5
+ NOTE: https://www.openwall.com/lists/oss-security/2018/01/11/5
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22679
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94
CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be e ...)
@@ -42526,7 +42766,7 @@ CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic function
- linux 4.14.17-1
[stretch] - linux 4.9.80-1
NOTE: Fixed by: https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737
-CVE-2018-5332 (In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() funct ...)
+CVE-2018-5332 (In the Linux kernel through 3.2, the rds_message_alloc_sgs() function ...)
{DSA-4187-1 DLA-1369-1}
- linux 4.14.17-1
[stretch] - linux 4.9.80-1
@@ -42638,7 +42878,7 @@ CVE-2018-1000022 (Electrum Technologies GmbH Electrum Bitcoin Wallet version pri
- electrum 3.0.5-1 (bug #886683)
[jessie] - electrum <not-affected> (Only affects >= 2.6)
NOTE: https://github.com/spesmilo/electrum/issues/3374
- NOTE: http://www.openwall.com/lists/oss-security/2018/01/10/4
+ NOTE: https://www.openwall.com/lists/oss-security/2018/01/10/4
CVE-2018-5300
RESERVED
CVE-2018-5299 (A stack-based Buffer Overflow Vulnerability exists in the web server i ...)
@@ -42714,17 +42954,15 @@ CVE-2018-5271 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver fil
CVE-2018-5270 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
NOT-FOR-US: Malwarebytes Premium
CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setP ...)
- {DLA-1438-1 DLA-1354-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1354-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #886675)
- [stretch] - opencv <ignored> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10540
NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDec ...)
- {DLA-1438-1 DLA-1354-1}
+ {DLA-2799-1 DLA-1438-1 DLA-1354-1}
[experimental] - opencv 3.4.4+dfsg-1~exp1
- opencv 3.2.0+dfsg-6 (bug #886674)
- [stretch] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/opencv/opencv/issues/10541
NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypa ...)
@@ -42766,7 +43004,7 @@ CVE-2018-5251 (In libming 0.4.8, there is an integer signedness error vulnerabil
CVE-2018-5250
RESERVED
CVE-2018-5249 (Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0 ...)
- - shaarli <itp> (bug #864559)
+ - shaarli <not-affected> (Fixed before initial re-upload to the archive)
CVE-2018-5248 (In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in ...)
{DSA-4245-1 DSA-4204-1}
- imagemagick 8:6.9.9.34+dfsg-3 (bug #886588)
@@ -43117,7 +43355,7 @@ CVE-2018-5146 (An out of bounds memory write while processing Vorbis audio data
- firefox-esr 52.7.2esr-1
- thunderbird 1:52.7.0-1
- libvorbis 1.3.5-4.2 (bug #893130)
- NOTE: https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
+ NOTE: https://github.com/xiph/vorbis/commit/667ceb4aab60c1f74060143bb24e5f427b3cce5f (v1.3.6)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5145 (Memory safety bugs were reported in Firefox ESR 52.6. These bugs showe ...)
@@ -43353,7 +43591,7 @@ CVE-2018-5092 (A use-after-free vulnerability can occur when the thread for a We
- firefox 58.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092
CVE-2018-5091 (A use-after-free vulnerability can occur during WebRTC connections whe ...)
- {DSA-4102-1 DSA-4096-1 DLA-1256-1}
+ {DSA-4096-1 DLA-1256-1}
- firefox 58.0-1
- firefox-esr 52.6.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091
@@ -43866,9 +44104,9 @@ CVE-2018-4842 (A vulnerability has been identified in SCALANCE X-200IRT switch f
NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions &lt; ...)
NOT-FOR-US: TIM
-CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...)
+CVE-2018-4840 (A vulnerability has been identified in DIGSI 4 (All versions &lt; V4.9 ...)
NOT-FOR-US: Siemens
-CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...)
+CVE-2018-4839 (A vulnerability has been identified in DIGSI 4 (All versions &lt; V4.9 ...)
NOT-FOR-US: Siemens
CVE-2018-4838 (A vulnerability has been identified in EN100 Ethernet module IEC 61850 ...)
NOT-FOR-US: Siemens
@@ -43880,7 +44118,7 @@ CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic &
NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers P ...)
NOT-FOR-US: Desigo
-CVE-2018-4833 (A vulnerability has been identified in RFID 181-EIP (All versions), RU ...)
+CVE-2018-4833 (A vulnerability has been identified in RFID 181EIP (All versions), RUG ...)
NOT-FOR-US: Siemens
CVE-2018-4832 (A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All ...)
NOT-FOR-US: Siemens
@@ -44590,16 +44828,16 @@ CVE-2018-4480
RESERVED
CVE-2018-4479
RESERVED
-CVE-2018-4478
- RESERVED
+CVE-2018-4478 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
CVE-2018-4477
RESERVED
CVE-2018-4476
RESERVED
CVE-2018-4475
RESERVED
-CVE-2018-4474
- RESERVED
+CVE-2018-4474 (A memory consumption issue was addressed with improved memory handling ...)
+ NOT-FOR-US: Apple
CVE-2018-4473
RESERVED
CVE-2018-4472
@@ -44610,10 +44848,10 @@ CVE-2018-4470 (A privacy issue in the handling of Open Directory records was add
NOT-FOR-US: Apple
CVE-2018-4469
RESERVED
-CVE-2018-4468
- RESERVED
-CVE-2018-4467
- RESERVED
+CVE-2018-4468 (This issue was addressed by removing additional entitlements. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2018-4467 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
CVE-2018-4466
RESERVED
CVE-2018-4465 (A memory corruption issue was addressed with improved memory handling. ...)
@@ -44644,24 +44882,24 @@ CVE-2018-4454
RESERVED
CVE-2018-4453
RESERVED
-CVE-2018-4452
- RESERVED
-CVE-2018-4451
- RESERVED
+CVE-2018-4452 (A memory consumption issue was addressed with improved memory handling ...)
+ NOT-FOR-US: Apple
+CVE-2018-4451 (This issue is fixed in macOS Mojave 10.14. A memory corruption issue w ...)
+ NOT-FOR-US: Apple
CVE-2018-4450 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2018-4449 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
-CVE-2018-4448
- RESERVED
+CVE-2018-4448 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
CVE-2018-4447 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
CVE-2018-4446 (This issue was addressed with improved entitlements. This issue affect ...)
NOT-FOR-US: Apple
CVE-2018-4445 ("Clear History and Website Data" did not clear the history. The issue ...)
NOT-FOR-US: Apple
-CVE-2018-4444
- RESERVED
+CVE-2018-4444 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
CVE-2018-4443 (A memory corruption issue was addressed with improved memory handling. ...)
- webkit2gtk 2.22.3-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
@@ -44692,8 +44930,8 @@ CVE-2018-4435 (A logic issue was addressed with improved restrictions. This issu
NOT-FOR-US: Apple
CVE-2018-4434 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
-CVE-2018-4433
- RESERVED
+CVE-2018-4433 (A configuration issue was addressed with additional restrictions. This ...)
+ NOT-FOR-US: Apple
CVE-2018-4432
RESERVED
CVE-2018-4431 (A memory initialization issue was addressed with improved memory handl ...)
@@ -44702,8 +44940,8 @@ CVE-2018-4430 (A lock screen issue allowed access to contacts on a locked device
NOT-FOR-US: Apple
CVE-2018-4429 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
NOT-FOR-US: Apple
-CVE-2018-4428
- RESERVED
+CVE-2018-4428 (A lock screen issue allowed access to the share function on a locked d ...)
+ NOT-FOR-US: Apple
CVE-2018-4427 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2018-4426 (A memory corruption issue was addressed with improved memory handling. ...)
@@ -44780,10 +45018,10 @@ CVE-2018-4392 (Multiple memory corruption issues were addressed with improved me
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
-CVE-2018-4391
- RESERVED
-CVE-2018-4390
- RESERVED
+CVE-2018-4391 (An inconsistent user interface issue was addressed with improved state ...)
+ NOT-FOR-US: Apple
+CVE-2018-4390 (An inconsistent user interface issue was addressed with improved state ...)
+ NOT-FOR-US: Apple
CVE-2018-4389 (An inconsistent user interface issue was addressed with improved state ...)
NOT-FOR-US: Apple
CVE-2018-4388 (A lock screen issue allowed access to the share function on a locked d ...)
@@ -44804,8 +45042,8 @@ CVE-2018-4382 (Multiple memory corruption issues were addressed with improved me
- webkit2gtk 2.22.1-1 (unimportant)
NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
NOTE: Not covered by security support
-CVE-2018-4381
- RESERVED
+CVE-2018-4381 (A resource exhaustion issue was addressed with improved input validati ...)
+ NOT-FOR-US: Apple
CVE-2018-4380 (A lock screen issue allowed access to photos and contacts on a locked ...)
NOT-FOR-US: Apple
CVE-2018-4379 (A lock screen issue allowed access to the share function on a locked d ...)
@@ -44906,8 +45144,8 @@ CVE-2018-4341 (A memory corruption issue was addressed with improved memory hand
NOT-FOR-US: Apple
CVE-2018-4340 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
-CVE-2018-4339
- RESERVED
+CVE-2018-4339 (This issue was addressed with a new entitlement. This issue is fixed i ...)
+ NOT-FOR-US: Apple
CVE-2018-4338 (A validation issue was addressed with improved input sanitization. Thi ...)
NOT-FOR-US: Apple
CVE-2018-4337 (A memory corruption issue was addressed with improved memory handling. ...)
@@ -45004,8 +45242,8 @@ CVE-2018-4304 (A denial of service issue was addressed with improved validation.
NOT-FOR-US: Apple
CVE-2018-4303 (An input validation issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
-CVE-2018-4302
- RESERVED
+CVE-2018-4302 (A null pointer dereference was addressed with improved validation. Thi ...)
+ NOT-FOR-US: Apple
CVE-2018-4301
RESERVED
NOT-FOR-US: Apple
@@ -45024,8 +45262,8 @@ CVE-2018-4298 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sie
NOT-FOR-US: Apple
CVE-2018-4297
RESERVED
-CVE-2018-4296
- RESERVED
+CVE-2018-4296 (This issue is fixed in macOS Mojave 10.14. A permissions issue existed ...)
+ NOT-FOR-US: Apple
CVE-2018-4295 (An input validation issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2018-4294
@@ -45794,6 +46032,7 @@ CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing fun
NOT-FOR-US: Canvas Draw
CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the Nouveau ...)
- xserver-xorg-video-nouveau <unfixed> (low)
+ [bullseye] - xserver-xorg-video-nouveau <ignored> (Minor issue)
[buster] - xserver-xorg-video-nouveau <ignored> (Minor issue)
[stretch] - xserver-xorg-video-nouveau <ignored> (Minor issue)
[jessie] - xserver-xorg-video-nouveau <ignored> (Minor issue)
@@ -46269,7 +46508,7 @@ CVE-2018-3775 (Improper Authentication in Nextcloud Server prior to version 12.0
- nextcloud <itp> (bug #835086)
CVE-2018-3774 (Incorrect parsing in url-parse &lt;1.4.3 returns wrong hostname which ...)
- node-url-parse 1.2.0-2 (bug #906058)
- [stretch] - node-url-parse <ignored> (Nodejs in stretch not covered by security support)
+ [stretch] - node-url-parse 1.0.5-2+deb9u1
NOTE: https://hackerone.com/reports/384029
NOTE: https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a
NOTE: https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de
@@ -46306,7 +46545,7 @@ CVE-2018-3761 (Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper au
CVE-2018-3760 (There is an information leak vulnerability in Sprockets. Versions Affe ...)
{DSA-4242-1 DLA-1419-1}
- ruby-sprockets 3.7.0-1.1 (bug #901913)
- NOTE: http://www.openwall.com/lists/oss-security/2018/06/19/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/06/19/2
NOTE: https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5f (master)
NOTE: https://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441 (3.x)
NOTE: https://github.com/rails/sprockets/commit/18b8a7f07a50c245e9aee7854ecdbe606bbd8bb5 (2.x)
@@ -46481,7 +46720,8 @@ CVE-2018-3695
CVE-2018-3694
RESERVED
CVE-2018-3693 (Systems with microprocessors utilizing speculative execution and branc ...)
- - linux <unfixed>
+ - linux 4.15.11-1
+ [stretch] - linux 4.9.88-1
NOTE: https://access.redhat.com/solutions/3523601
NOTE: https://01.org/security/advisories/intel-oss-10002
NOTE: Speculative Bounds Checks Bypass with Store (BCBS)
@@ -46645,7 +46885,7 @@ CVE-2018-3635 (Insufficient input validation in installer in Intel Rapid Store T
CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online Connect Acc ...)
NOT-FOR-US: Intel
CVE-2018-3633
- RESERVED
+ REJECTED
CVE-2018-3632 (Memory corruption in Intel Active Management Technology in Intel Conve ...)
NOT-FOR-US: Intel
CVE-2018-3631
@@ -48740,7 +48980,7 @@ CVE-2018-2767 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
- mysql-5.7 5.7.23-1 (bug #904121)
- mysql-5.5 <removed>
[wheezy] - mysql-5.5 <postponed> (Wait for next upstream security/bugfix release)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/08/2
NOTE: Result from an incomplete fix for CVE-2015-3152 and related CVE for
NOTE: Oracle products.
NOTE: For MariaDB: if one connects to the remote server using the embedded library
@@ -49093,9 +49333,9 @@ CVE-2018-2642 (Vulnerability in the Oracle Argus Safety component of Oracle Heal
NOT-FOR-US: Oracle
CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
{DSA-4166-1 DSA-4144-1 DLA-1339-1}
- [experimental] - openjdk-7 7u171-2.6.13-1
- openjdk-9 9.0.4+12-1
- openjdk-8 8u162-b12-1
+ [experimental] - openjdk-7 7u171-2.6.13-1
- openjdk-7 <removed>
- openjdk-6 <removed>
[wheezy] - openjdk-6 <end-of-life>
@@ -50520,8 +50760,8 @@ CVE-2018-1987 (IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1
NOT-FOR-US: IBM
CVE-2018-1986
RESERVED
-CVE-2018-1985
- RESERVED
+CVE-2018-1985 (IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver ...)
+ NOT-FOR-US: IBM
CVE-2018-1984 (IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-sit ...)
NOT-FOR-US: IBM
CVE-2018-1983 (IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-sit ...)
@@ -51040,8 +51280,8 @@ CVE-2018-1727 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vu
NOT-FOR-US: IBM
CVE-2018-1726
RESERVED
-CVE-2018-1725
- RESERVED
+CVE-2018-1725 (IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vu ...)
+ NOT-FOR-US: IBM
CVE-2018-1724 (IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user ...)
NOT-FOR-US: IBM
CVE-2018-1723 (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0 ...)
@@ -51488,8 +51728,8 @@ CVE-2018-1503 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authent
NOT-FOR-US: IBM
CVE-2018-1502 (IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 ...)
NOT-FOR-US: IBM
-CVE-2018-1501
- RESERVED
+CVE-2018-1501 (IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized ...)
+ NOT-FOR-US: IBM
CVE-2018-1500
RESERVED
CVE-2018-1499
@@ -51822,11 +52062,11 @@ CVE-2018-1340 (Prior to 1.0.0, Apache Guacamole used a cookie for client-side st
CVE-2018-1339 (A carefully crafted (or fuzzed) file can trigger an infinite loop in A ...)
- tika 1.18-1 (low; bug #900000)
[jessie] - tika <ignored> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/7
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/25/7
CVE-2018-1338 (A carefully crafted (or fuzzed) file can trigger an infinite loop in A ...)
- tika 1.18-1
[jessie] - tika <not-affected> (BGP parser introduced in 1.7)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/6
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/25/6
CVE-2018-1337 (In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Fi ...)
NOT-FOR-US: Apache LDAP API
CVE-2018-1336 (An improper handing of overflow in the UTF-8 decoder with supplementar ...)
@@ -51845,16 +52085,16 @@ CVE-2018-1336 (An improper handing of overflow in the UTF-8 decoder with supplem
CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, clients could send carefully cr ...)
- tika 1.18-1
[jessie] - tika <not-affected> (Server functionality not present)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/8
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/25/8
CVE-2018-1334 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using ...)
- NOT-FOR-US: Apache Spark
+ - apache-spark <itp> (bug #802194)
CVE-2018-1333 (By specially crafting HTTP/2 requests, workers would be allocated 60 s ...)
- apache2 2.4.34-1 (bug #904106)
[stretch] - apache2 2.4.25-3+deb9u6
[jessie] - apache2 <not-affected> (Vulnerable code not present)
NOTE: Affects 2.4.18-2.4.33
NOTE: HTTP/2 support introduced in 2.4.17
- NOTE: http://www.openwall.com/lists/oss-security/2018/07/18/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333
CVE-2018-1332 (Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version ...)
NOT-FOR-US: Apache Storm
@@ -51899,7 +52139,7 @@ CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that ca
CVE-2018-1318 (Adding method ACLs in remap.config can cause a segfault when the user ...)
{DSA-4282-1}
- trafficserver 7.1.4+ds-1
- NOTE: http://www.openwall.com/lists/oss-security/2018/08/29/3
+ NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/3
NOTE: https://github.com/apache/trafficserver/pull/3195
NOTE: https://github.com/apache/trafficserver/commit/e6dfda305acf85250861ecfa14a7bd6bb2fad5c3
CVE-2018-1317 (In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by de ...)
@@ -51914,13 +52154,15 @@ CVE-2018-1313 (In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted networ
- derby 10.14.2.0-1
[jessie] - derby <no-dsa> (Minor issue)
[stretch] - derby <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/05/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/05/1
CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authen ...)
{DSA-4164-1 DLA-1389-1}
- apache2 2.4.33-1
- NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/7
-CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-fre ...)
- - xerces-c <unfixed> (bug #947431)
+ NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/7
+CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-fre ...)
+ {DSA-4814-1}
+ - xerces-c 3.2.3+debian-2 (bug #947431)
+ [stretch] - xerces-c <postponed> (Minor issue, revisit when fixed upstream)
[jessie] - xerces-c <postponed> (slow upstream interest, proper fix likely to break ABI compatibility)
NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2018-1311.txt
NOTE: https://issues.apache.org/jira/browse/XERCESC-2188
@@ -51933,7 +52175,7 @@ CVE-2018-1309 (Apache NiFi External XML Entity issue in SplitXML processor. Mali
CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 rela ...)
{DSA-4194-1 DLA-1360-1}
- lucene-solr 3.6.2+dfsg-12 (bug #896604)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/3
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/08/3
NOTE: https://issues.apache.org/jira/browse/SOLR-11971
NOTE: master: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/02c693f3
NOTE: branch_7x: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/739a7933
@@ -51972,18 +52214,18 @@ CVE-2018-1303 (A specially crafted HTTP request header could have crashed the Ap
{DSA-4164-1}
- apache2 2.4.33-1
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/3
+ NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/3
CVE-2018-1302 (When an HTTP/2 stream was destroyed after being handled, the Apache HT ...)
- apache2 2.4.33-1
[stretch] - apache2 2.4.25-3+deb9u5
[jessie] - apache2 <not-affected> (Vulnerable code not present)
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
NOTE: HTTP/2 support introduced in 2.4.17
- NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/5
+ NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/5
CVE-2018-1301 (A specially crafted request could have crashed the Apache HTTP Server ...)
{DSA-4164-1 DLA-1389-1}
- apache2 2.4.33-1
- NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/2
CVE-2018-1300
REJECTED
CVE-2018-1299 (In Apache Allura before 1.8.0, unauthenticated attackers may retrieve ...)
@@ -51996,11 +52238,12 @@ CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid Broker
NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x and 3. ...)
- jakarta-jmeter <unfixed> (low; bug #897259)
+ [bullseye] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
[buster] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
[stretch] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
[jessie] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/02/11/1
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
CVE-2018-1296 (In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5 ...)
- hadoop <itp> (bug #793644)
@@ -52024,17 +52267,20 @@ CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.
- kafka <itp> (bug #786460)
CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ba ...)
- jakarta-jmeter <unfixed> (low)
+ [bullseye] - jakarta-jmeter <no-dsa> (Minor issue)
[buster] - jakarta-jmeter <no-dsa> (Minor issue)
[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/02/11/2
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged us ...)
NOT-FOR-US: Apache OpenMeetings
-CVE-2018-1285 (Apache log4net before 2.0.8 does not disable XML external entities whe ...)
+CVE-2018-1285 (Apache log4net versions before 2.0.10 do not disable XML external enti ...)
{DLA-2211-1}
- - log4net <unfixed>
+ - log4net 1.2.10+dfsg-8 (low; bug #977468)
+ [buster] - log4net <no-dsa> (Minor issue)
+ [stretch] - log4net <no-dsa> (Minor issue; requires application to accept arbitrary configuration files)
NOTE: https://issues.apache.org/jira/browse/LOG4NET-575
NOTE: https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7
CVE-2018-1284 (In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs ...)
@@ -52043,7 +52289,7 @@ CVE-2018-1283 (In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured t
{DSA-4164-1}
- apache2 2.4.33-1
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
- NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/4
+ NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/4
CVE-2018-1282 (This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows ca ...)
NOT-FOR-US: Apache Hive
CVE-2018-1281 (The clustered setup of Apache MXNet allows users to specify which IP a ...)
@@ -52051,7 +52297,10 @@ CVE-2018-1281 (The clustered setup of Apache MXNet allows users to specify which
CVE-2018-1280 (Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains ...)
NOT-FOR-US: Pivotal
CVE-2018-1279 (Pivotal RabbitMQ for PCF, all versions, uses a deterministically gener ...)
- - rabbitmq-server <not-affected> (Specific to RabbitMQ setup in Pivotal, see bug #924768)
+ - rabbitmq-server 3.9.8-5 (bug #924768)
+ [bullseye] - rabbitmq-server <no-dsa> (Minor issue)
+ [buster] - rabbitmq-server <no-dsa> (Minor issue)
+ [stretch] - rabbitmq-server <postponed> (Minor issue; documentation-only fix)
NOTE: https://pivotal.io/security/cve-2018-1279
CVE-2018-1278 (Apps Manager included in Pivotal Application Service, versions 1.12.x ...)
NOT-FOR-US: Pivotal
@@ -52068,18 +52317,20 @@ CVE-2018-1273 (Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.
NOT-FOR-US: Spring Data Commons
CVE-2018-1272 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
- libspring-java 4.3.19-1 (bug #895114)
- [stretch] - libspring-java <no-dsa> (Minor issue)
- [jessie] - libspring-java <not-affected> (vulnerable code not found)
- [wheezy] - libspring-java <not-affected> (Vulnerable broker code introduced in various commits re. https://github.com/spring-projects/spring-framework/blame/0009806debb578e884f6dc98bd1f2dc668020021/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java)
+ [stretch] - libspring-java <ignored> (Minor issue, no known patch)
+ [jessie] - libspring-java <no-dsa> (Minor issue)
+ [wheezy] - libspring-java <no-dsa> (Minor issue)
NOTE: https://pivotal.io/security/cve-2018-1272
+ NOTE: https://github.com/spring-projects/spring-framework/issues/26821 (patch unidentifiable)
CVE-2018-1271 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
- libspring-java <not-affected> (Issue specific when served from a file system on Windows)
NOTE: https://pivotal.io/security/cve-2018-1271
CVE-2018-1270 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
+ {DLA-2635-1}
- libspring-java 4.3.19-1 (bug #895114)
- [stretch] - libspring-java <no-dsa> (Minor issue)
- [jessie] - libspring-java <not-affected> (vulnerable code not found)
- [wheezy] - libspring-java <not-affected> (Vulnerable broker code introduced in various commits re. https://github.com/spring-projects/spring-framework/blame/0009806debb578e884f6dc98bd1f2dc668020021/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java)
+ [jessie] - libspring-java <not-affected> (Vulnerable code not present)
+ [wheezy] - libspring-java <not-affected> (Vulnerable code not present)
+ NOTE: Introduced by https://github.com/spring-projects/spring-framework/commit/b6327acec825aefadead62bd7825425b048b214c (v4.2.0)
NOTE: https://pivotal.io/security/cve-2018-1270
NOTE: when addressing this issue make sure to not only apply a partial fix but
NOTE: make it complete, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1565307
@@ -52111,9 +52362,11 @@ CVE-2018-1258 (Spring Framework version 5.0.5 when used in combination with any
NOTE: https://pivotal.io/security/cve-2018-1258
CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ...)
- libspring-java 4.3.19-1
- [stretch] - libspring-java <no-dsa> (Minor issue)
- [jessie] - libspring-java <no-dsa> (hard to find upstream commits regarding this)
+ [stretch] - libspring-java <ignored> (Minor issue, no known patch)
+ [jessie] - libspring-java <not-affected> (Vulnerable code introduced later)
NOTE: https://pivotal.io/security/cve-2018-1257
+ NOTE: websocket introduced in v4 https://github.com/spring-projects/spring-framework/commit/4e67f809fbc1957e40fc787686b63254eaa8d7fa
+ NOTE: https://github.com/spring-projects/spring-framework/issues/26821 (patch unidentifiable)
CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...)
NOT-FOR-US: Spring Cloud SSO Connector
CVE-2018-1255 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 ...)
@@ -52230,11 +52483,14 @@ CVE-2018-1200 (Apps Manager for PCF (Pivotal Application Service 1.11.x before 1
NOT-FOR-US: Pivotal
CVE-2018-1199 (Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2. ...)
- libspring-java 4.3.14-1 (bug #890001)
- [stretch] - libspring-java <no-dsa> (Minor issue)
- [wheezy] - libspring-java <ignored> (Too intrusive to fix by upgrade)
+ [stretch] - libspring-java <ignored> (Minor issue, no known patch for spring-framework)
[jessie] - libspring-java <no-dsa> (fix for spring-security available but not for springframework)
+ [wheezy] - libspring-java <ignored> (Too intrusive to fix by upgrade)
+ - libspring-security-2.0-java <removed>
- libspring-security-java <itp> (bug #582181)
NOTE: https://pivotal.io/security/cve-2018-1199
+ NOTE: https://github.com/spring-projects/spring-security/commit/65da28e4bf62f58fb130ba727cbbd621b44a36d1 (spring-security 4.1.5)
+ NOTE: https://github.com/spring-projects/spring-framework/issues/26821 (spring-framework patch unidentifiable)
CVE-2018-1198 (Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser passw ...)
NOT-FOR-US: Pivotal Cloud Cache
CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running inside co ...)
@@ -52337,11 +52593,9 @@ CVE-2018-1154 (In SecurityCenter versions prior to 5.7.0, a username enumeration
CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the se ...)
NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerabilit ...)
- {DLA-1638-1}
- [experimental] - libjpeg-turbo 1:2.0.2-1~exp1
- - libjpeg-turbo <unfixed> (low; bug #902950)
- [buster] - libjpeg-turbo <no-dsa> (Minor issue)
- [stretch] - libjpeg-turbo <no-dsa> (Minor issue)
+ {DLA-2302-1 DLA-1638-1}
+ - libjpeg-turbo 1:2.0.5-1 (low; bug #902950)
+ [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
CVE-2018-1151 (The web server on Western Digital TV Media Player 1.03.07 and TV Live ...)
NOT-FOR-US: web server on Western Digital TV Media Player and TV Live Hub
@@ -52376,7 +52630,7 @@ CVE-2018-1139 (A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed
[jessie] - samba <not-affected> (Issue introduced in 4.7.0)
NOTE: https://www.samba.org/samba/security/CVE-2018-1139.html
CVE-2018-1138
- RESERVED
+ REJECTED
CVE-2018-1137 (An issue was discovered in Moodle 3.x. By substituting URLs in portfol ...)
- moodle <removed>
CVE-2018-1136 (An issue was discovered in Moodle 3.x. An authenticated user is allowe ...)
@@ -52421,48 +52675,48 @@ CVE-2018-1127 (Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immed
CVE-2018-1126 (procps-ng before version 3.3.15 is vulnerable to an incorrect integer ...)
{DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/f1077b7a558a5545837aae068422e58f1f9b1d33
CVE-2018-1125 (procps-ng before version 3.3.15 is vulnerable to a stack buffer overfl ...)
{DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/b51ca2a1f8ca779f7632ade6a0a259ed882fa584
CVE-2018-1124 (procps-ng before version 3.3.15 is vulnerable to multiple integer over ...)
{DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0074-proc-readproc.c-Fix-bugs-and-overflows-in-file2strve.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20
CVE-2018-1123 (procps-ng before version 3.3.15 is vulnerable to a denial of service i ...)
{DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0054-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/136e3724952827bbae8887a42d9d2b6f658a48ab
CVE-2018-1122 (procps-ng before version 3.3.15 is vulnerable to a local privilege esc ...)
{DSA-4208-1 DLA-1390-1}
- procps 2:3.3.15-1 (bug #899170)
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Patch: 0097-top-Do-not-default-to-the-cwd-in-configs_read.patch
NOTE: https://gitlab.com/procps-ng/procps/commit/b45c4803dd176f4e3f9d3d47421ddec9bbbe66cd
CVE-2018-1121 (procps-ng, procps is vulnerable to a process hiding through race condi ...)
- linux <unfixed> (unimportant)
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
CVE-2018-1120 (A flaw was found affecting the Linux kernel before version 4.17. By mm ...)
{DLA-1423-1}
- linux 4.16.12-1
[stretch] - linux 4.9.107-1
[jessie] - linux <ignored> (Too risky to backport)
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
NOTE: Fixed by: https://git.kernel.org/linus/7f7ccc2ccc2e70c6054685f5e3522efa81556830
CVE-2018-1119
@@ -52507,12 +52761,10 @@ CVE-2018-1112 (glusterfs server before versions 3.10.12, 4.0.2 is vulnerable whe
CVE-2018-1111 (DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earl ...)
NOT-FOR-US: Red Hat Specific script
NOTE: https://access.redhat.com/security/vulnerabilities/3442151
-CVE-2018-1110 [Improper Input Validation]
- RESERVED
+CVE-2018-1110 (A flaw was found in knot-resolver before version 2.3.0. Malformed DNS ...)
- knot-resolver 2.3.0-1 (bug #896681)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/23/2
-CVE-2018-1109
- RESERVED
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/23/2
+CVE-2018-1109 (A vulnerability was found in Braces versions prior to 2.3.1. Affected ...)
- node-braces <not-affected> (Vulnerable code introduced in 2.2.0)
NOTE: https://snyk.io/vuln/npm:braces:20180219
NOTE: Introduced by: https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113 (2.2.0)
@@ -52525,20 +52777,19 @@ CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a weakne
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/43838a23a05fbd13e47d750d3dfd77001536dd33
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1559
-CVE-2018-1107
- RESERVED
+CVE-2018-1107 (It was discovered that the is-my-json-valid JavaScript library used an ...)
NOT-FOR-US: is-my-json-valid package for Node.js
CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before 1.1. ...)
{DSA-4207-1}
- packagekit 1.1.10-1 (bug #896703)
[jessie] - packagekit <not-affected> (Issue introduced later)
[wheezy] - packagekit <not-affected> (Issue introduced later)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/23/3
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/23/3
NOTE: Fixed by: https://github.com/hughsie/PackageKit/commit/7e8a7905ea9abbd1f384f05f36a4458682cd4697 (PACKAGEKIT_1_1_10)
NOTE: Introduced by: https://github.com/hughsie/PackageKit/commit/f176976e24e8c17b80eff222572275517c16bdad
NOTE: Resulting affected (upstream) versions: >= 1.0.10 up until current 1.1.9
CVE-2018-1105
- RESERVED
+ REJECTED
CVE-2018-1104 (Ansible Tower through version 3.2.3 has a vulnerability that allows us ...)
NOT-FOR-US: Ansible Tower
CVE-2018-1103 (Openshift Enterprise source-to-image before version 1.1.10 is vulnerab ...)
@@ -52548,21 +52799,25 @@ CVE-2018-1102 (A flaw was found in source-to-image function as shipped with Open
CVE-2018-1101 (Ansible Tower before version 3.2.4 has a flaw in the management of sys ...)
NOT-FOR-US: Ansible Tower
CVE-2018-1100 (zsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...)
+ {DLA-2470-1}
- zsh 5.5-1 (bug #895225)
- [stretch] - zsh <no-dsa> (Minor issue)
[jessie] - zsh <no-dsa> (Minor issue)
[wheezy] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/cgi-bin/mla/redirect?WORKERNUMBER=42607
NOTE: https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
CVE-2018-1099 (DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attack ...)
- etcd <unfixed> (low; bug #921156)
+ [bullseye] - etcd <no-dsa> (Minor issue)
[buster] - etcd <no-dsa> (Minor issue)
NOTE: https://github.com/coreos/etcd/issues/9353
+ NOTE: https://github.com/etcd-io/etcd/pull/9372
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552717
CVE-2018-1098 (A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. ...)
- etcd <unfixed> (low; bug #921156)
+ [bullseye] - etcd <no-dsa> (Minor issue)
[buster] - etcd <no-dsa> (Minor issue)
NOTE: https://github.com/coreos/etcd/issues/9353
+ NOTE: https://github.com/etcd-io/etcd/pull/9372
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552714
CVE-2018-1097 (A flaw was found in foreman before 1.16.1. The issue allows users with ...)
- foreman <itp> (bug #663101)
@@ -52605,10 +52860,10 @@ CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not pr
{DLA-1428-1}
- 389-ds-base 1.3.8.2-1 (bug #898138)
[stretch] - 389-ds-base <no-dsa> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/07/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/07/2
CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot schedule ...)
+ {DLA-2806-1}
- glusterfs 4.0.2-1 (bug #896128)
- [stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
[jessie] - glusterfs <not-affected> (vulnerable code not present)
[wheezy] - glusterfs <not-affected> (vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1558721
@@ -52623,11 +52878,11 @@ CVE-2018-1087 (kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4
- linux 4.15.17-1
[wheezy] - linux <not-affected> (Issue introduced in 3.16)
NOTE: Fixed by: https://git.kernel.org/linus/32d43cd391bacb5f0814c2624399a5dad3501d09 (4.16-rc7)
- NOTE: http://www.openwall.com/lists/oss-security/2018/05/08/5
+ NOTE: https://www.openwall.com/lists/oss-security/2018/05/08/5
CVE-2018-1086 (pcs before versions 0.9.164 and 0.10 is vulnerable to a debug paramete ...)
{DSA-4169-1}
- pcs 0.9.164-1 (bug #895313)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/09/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/09/2
CVE-2018-1085 (openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigur ...)
NOT-FOR-US: openshift-ansible
CVE-2018-1084 (corosync before version 2.4.4 is vulnerable to an integer overflow in ...)
@@ -52635,14 +52890,13 @@ CVE-2018-1084 (corosync before version 2.4.4 is vulnerable to an integer overflo
- corosync 2.4.4-1 (bug #895653)
[jessie] - corosync <not-affected> (Vulnerable code introduced later)
[wheezy] - corosync <not-affected> (Vulnerable code introduced later)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/12/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/12/2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552830
NOTE: Fixed by: https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4
NOTE: https://oss.clusterlabs.org/pipermail/users/2018-April/014856.html
CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in ...)
- {DLA-1335-1}
+ {DLA-2470-1 DLA-1335-1}
- zsh 5.4.2-4 (low; bug #894043)
- [stretch] - zsh <no-dsa> (Minor issue)
[jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
CVE-2018-1082 (A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user a ...)
@@ -52658,11 +52912,11 @@ CVE-2018-1080 (Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAu
CVE-2018-1079 (pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escal ...)
- pcs 0.9.164-1 (bug #895314)
[stretch] - pcs <not-affected> (Vulnerable code introduced in 0.9.157)
- NOTE: http://www.openwall.com/lists/oss-security/2018/04/09/2
+ NOTE: https://www.openwall.com/lists/oss-security/2018/04/09/2
CVE-2018-1078 (OpenDayLight version Carbon SR3 and earlier contain a vulnerability du ...)
NOT-FOR-US: OpenDayLight
CVE-2018-1077 (Spacewalk 2.6 contains an API which has an XXE flaw allowing for the d ...)
- NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
+ NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2018-1076
RESERVED
CVE-2018-1075 (ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered passwo ...)
@@ -52674,9 +52928,8 @@ CVE-2018-1073 (The web console login form in ovirt-engine before version 4.2.3 r
CVE-2018-1072 (ovirt-engine before version ovirt 4.2.2 is vulnerable to an informatio ...)
NOT-FOR-US: ovirt-engine
CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...)
- {DLA-1335-1}
+ {DLA-2470-1 DLA-1335-1}
- zsh 5.4.2-4 (low; bug #894044)
- [stretch] - zsh <no-dsa> (Minor issue)
[jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553531
@@ -52768,7 +53021,7 @@ CVE-2018-1058 (A flaw was found in the way Postgresql allowed a user to modify t
- postgresql-9.6 <removed>
[stretch] - postgresql-9.6 9.6.8-0+deb9u1
- postgresql-9.4 <removed>
- [jessie] - postgresql-9.4 <no-dsa> (Minor issue; documentation update for recommendations)
+ [jessie] - postgresql-9.4 9.4.17-0+deb8u1
- postgresql-9.1 <removed>
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only)
[wheezy] - postgresql-9.1 <no-dsa> (Minor issue)
@@ -52782,9 +53035,8 @@ CVE-2018-1057 (On a Samba 4 AD DC the LDAP server in all versions of Samba from
NOTE: https://www.samba.org/samba/security/CVE-2018-1057.html
NOTE: https://wiki.samba.org/index.php/CVE-2018-1057
CVE-2018-1056 (An out-of-bounds heap buffer read flaw was found in the way advancecom ...)
- {DLA-1702-1 DLA-1281-1}
+ {DLA-2868-1 DLA-1702-1 DLA-1281-1}
- advancecomp 2.1-1 (bug #889270)
- [stretch] - advancecomp <no-dsa> (Minor issue, can be fixed via point release)
NOTE: https://sourceforge.net/p/advancemame/bugs/259/
NOTE: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5
CVE-2018-1055
@@ -52802,7 +53054,7 @@ CVE-2018-1053 (In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x bef
- postgresql-9.6 <removed>
[stretch] - postgresql-9.6 9.6.7-0+deb9u1
- postgresql-9.4 <removed>
- [jessie] - postgresql-9.4 <no-dsa> (Minor issue)
+ [jessie] - postgresql-9.4 9.4.16-0+deb8u1
- postgresql-9.1 <removed>
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only)
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=6ba52aeb24e62586b51e77723d87627c18a844ca
@@ -52824,7 +53076,7 @@ CVE-2018-1049 (In systemd prior to 234 a race condition exists between .mount an
{DLA-1580-1}
- systemd 234-1
[stretch] - systemd 232-25+deb9u10
- [wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA)
+ [wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA)
NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649
NOTE: https://github.com/systemd/systemd/pull/5916
NOTE: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318
@@ -53997,8 +54249,8 @@ CVE-2018-0503 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
NOTE: https://phabricator.wikimedia.org/T169545
CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a #! scrip ...)
+ {DLA-2470-1}
- zsh 5.6-1 (bug #908000)
- [stretch] - zsh <no-dsa> (Minor issue)
[jessie] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/mla/zsh-announce/136
NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index e3cff0ff1a..5458ea22b4 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,19 +1,567 @@
-CVE-2019-20809
- RESERVED
-CVE-2019-20808 [out-of-bounds read in ati_cursor_define() function in hw/display/ati.c leads to DoS]
- RESERVED
+CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be modified vi ...)
+ NOT-FOR-US: Corda
+CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...)
+ NOT-FOR-US: Bromite
+CVE-2019-25055 (An issue was discovered in the libpulse-binding crate before 2.6.0 for ...)
+ NOT-FOR-US: Rust crate libpulse-binding
+CVE-2019-25054 (An issue was discovered in the pnet crate before 0.27.2 for Rust. Ther ...)
+ NOT-FOR-US: Rust crate pnet
+CVE-2019-25053
+ RESERVED
+CVE-2019-25052 (In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data ...)
+ NOT-FOR-US: Linaro/OP-TEE OP-TEE
+CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acom ...)
+ {DSA-4948-1 DLA-2720-1}
+ - aspell 0.60.8-3 (bug #991307)
+ NOTE: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462
+CVE-2019-25050 (netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow i ...)
+ - gdal 3.1.0+dfsg-1
+ [buster] - gdal <no-dsa> (Minor issue)
+ [stretch] - gdal <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-420.yaml
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-392.yaml
+ NOTE: https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a (v3.1.0RC1)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156
+CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_pr ...)
+ - libressl <itp> (bug #754513)
+CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_p ...)
+ - libressl <itp> (bug #754513)
+CVE-2019-25047 (Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) ...)
+ NOT-FOR-US: Greenbone Security Assistant
+CVE-2019-25046 (The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11 ...)
+ NOT-FOR-US: Cerberus FTP Server Enterprise
+CVE-2019-25045 (An issue was discovered in the Linux kernel before 5.0.19. The XFRM su ...)
+ - linux 5.2.6-1
+ [buster] - linux 4.19.67-1
+ [stretch] - linux 4.9.210-1
+ NOTE: https://git.kernel.org/linus/dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399
+CVE-2019-25044 (The block subsystem in the Linux kernel before 5.2 has a use-after-fre ...)
+ - linux <not-affected> (Vulnerable code only between 5.2-rc3 and 5.2-rc4)
+CVE-2019-25043 (ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as dem ...)
+ - modsecurity 3.0.4-1
+ [buster] - modsecurity <no-dsa> (Minor issue)
+ NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2566
+ NOTE: https://github.com/SpiderLabs/ModSecurity/commit/9cac167fafd180902c2aa5dc6141aae874127199
+CVE-2019-25042 (** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via ...)
+ {DLA-2652-1}
+ - unbound 1.9.6-1 (unimportant)
+ [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ NOTE: https://github.com/NLnetLabs/unbound/commit/6c3a0b54ed8ace93d5b5ca7b8078dc87e75cd640
+ NOTE: Not deemed an exploitable vulnerability by upstream
+CVE-2019-25041 (** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a ...)
+ {DLA-2652-1}
+ - unbound 1.9.6-1 (unimportant)
+ [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe
+ NOTE: Not deemed an exploitable vulnerability by upstream
+CVE-2019-25040 (** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a comp ...)
+ {DLA-2652-1}
+ - unbound 1.9.6-1 (unimportant)
+ [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe
+ NOTE: Not deemed an exploitable vulnerability by upstream
+CVE-2019-25039 (** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a si ...)
+ {DLA-2652-1}
+ - unbound 1.9.6-1 (unimportant)
+ [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f
+ NOTE: Not deemed an exploitable vulnerability by upstream
+CVE-2019-25038 (** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a si ...)
+ {DLA-2652-1}
+ - unbound 1.9.6-1 (unimportant)
+ [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f
+ NOTE: Not deemed an exploitable vulnerability by upstream
+CVE-2019-25037 (** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and de ...)
+ {DLA-2652-1}
+ - unbound 1.9.6-1 (unimportant)
+ [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ NOTE: https://github.com/NLnetLabs/unbound/commit/d2eb78e871153f22332d30c6647f3815148f21e5
+ NOTE: Not deemed an exploitable vulnerability by upstream
+CVE-2019-25036 (** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and de ...)
+ {DLA-2652-1}
+ - unbound 1.9.6-1 (unimportant)
+ [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ NOTE: https://github.com/NLnetLabs/unbound/commit/f5e06689d193619c57c33270c83f5e40781a261d
+ NOTE: Not deemed an exploitable vulnerability by upstream
+CVE-2019-25035 (** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in s ...)
+ {DLA-2652-1}
+ - unbound 1.9.6-1 (unimportant)
+ [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ NOTE: https://github.com/NLnetLabs/unbound/commit/fa23ee8f31ba9a018c720ea822faaee639dc7a9c
+ NOTE: Not deemed an exploitable vulnerability by upstream
+CVE-2019-25034 (** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldn ...)
+ {DLA-2652-1}
+ - unbound 1.9.6-1 (unimportant)
+ [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ NOTE: https://github.com/NLnetLabs/unbound/commit/a3545867fcdec50307c776ce0af28d07046a52dd
+ NOTE: Not deemed an exploitable vulnerability by upstream
+CVE-2019-25033 (** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the ...)
+ {DLA-2652-1}
+ - unbound 1.9.6-1 (unimportant)
+ [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8
+ NOTE: Not deemed an exploitable vulnerability by upstream
+CVE-2019-25032 (** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the ...)
+ {DLA-2652-1}
+ - unbound 1.9.6-1 (unimportant)
+ [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8
+ NOTE: Not deemed an exploitable vulnerability by upstream
+CVE-2019-25031 (** DISPUTED ** Unbound before 1.9.5 allows configuration injection in ...)
+ {DLA-2652-1}
+ - unbound 1.9.6-1 (unimportant)
+ [stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ NOTE: https://github.com/NLnetLabs/unbound/commit/f887552763477a606a9608b0f6b498685e0f6587
+ NOTE: Not deemed an exploitable vulnerability by upstream
+CVE-2019-25030 (In Versa Director, Versa Analytics and VOS, Passwords are not hashed u ...)
+ NOT-FOR-US: Versa
+CVE-2019-25029 (In Versa Director, the command injection is an attack in which the goa ...)
+ NOT-FOR-US: Versa
+CVE-2019-25028 (Missing variable sanitization in Grid component in com.vaadin:vaadin-s ...)
+ NOT-FOR-US: Vaadin
+CVE-2019-25027 (Missing output sanitization in default RouteNotFoundError view in com. ...)
+ NOT-FOR-US: Vaadin
+CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...)
+ {DLA-2658-1}
+ - redmine 4.0.6-1
+CVE-2019-25025 (The activerecord-session_store (aka Active Record Session Store) compo ...)
+ - ruby-activerecord-session-store <removed>
+ [stretch] - ruby-activerecord-session-store <ignored> (No reverse dependencies)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1935724
+ NOTE: https://github.com/rails/activerecord-session_store/pull/151
+CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...)
+ NOT-FOR-US: JetBrains Ktor
+CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command injection ...)
+ NOT-FOR-US: OpenRepeater (ORP)
+CVE-2019-25023 (An issue was discovered in Scytl sVote 2.1. Because the IP address fro ...)
+ NOT-FOR-US: Scytl sVote
+CVE-2019-25022 (An issue was discovered in Scytl sVote 2.1. An attacker can inject cod ...)
+ NOT-FOR-US: Scytl sVote
+CVE-2019-25021 (An issue was discovered in Scytl sVote 2.1. Due to the implementation ...)
+ NOT-FOR-US: Scytl sVote
+CVE-2019-25020 (An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest AP ...)
+ NOT-FOR-US: Scytl sVote
+CVE-2019-25019 (LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant m ...)
+ - limesurvey <itp> (bug #472802)
+CVE-2019-25018 (In the rcp client in MIT krb5-appl through 1.0.3, malicious servers co ...)
+ - krb5-appl <removed>
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1131109
+CVE-2019-25017 (An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to ...)
+ - krb5-appl <removed>
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1131109
+CVE-2019-25016 (In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly in ...)
+ - doas <not-affected> (Fixed with initial upload to Debian)
+ NOTE: Introduced in: https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168 (v6.6)
+ NOTE: Fixed by: https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d (v6.8.1)
+ NOTE: https://github.com/Duncaen/OpenDoas/issues/45
+CVE-2019-25015 (LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafte ...)
+ NOT-FOR-US: LuCI in OpenWrt
+CVE-2019-25014 (A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go ge ...)
+ NOT-FOR-US: Istio
+CVE-2019-25013 (The iconv feature in the GNU C Library (aka glibc or libc6) through 2. ...)
+ - glibc 2.31-9 (bug #979273)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24973
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b
+CVE-2019-25012 (The Webform Report project 7.x-1.x-dev for Drupal allows remote attack ...)
+ NOT-FOR-US: Webform Report project for Drupal
+CVE-2019-25011 (NetBox through 2.6.2 allows an Authenticated User to conduct an XSS at ...)
+ NOT-FOR-US: NetBox
+CVE-2019-25010 (An issue was discovered in the failure crate through 2019-11-13 for Ru ...)
+ - rust-failure <unfixed>
+ [bullseye] - rust-failure <no-dsa> (Minor issue, unmaintained/deprecated upstream)
+ [buster] - rust-failure <no-dsa> (Minor issue, unmaintained/deprecated upstream)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0036.html
+CVE-2019-25009 (An issue was discovered in the http crate before 0.1.20 for Rust. The ...)
+ - rust-http <unfixed> (bug #988945)
+ [buster] - rust-http <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0034.html
+ NOTE: https://github.com/hyperium/http/commit/82d53dbdfdb1ffbeb0323200a0bbd30b5f895fa7
+ NOTE: https://github.com/hyperium/http/commit/8ffe094df1431321d450860cc56a22dd53175f5e
+CVE-2019-25008
+ REJECTED
+CVE-2019-25007 (An issue was discovered in the streebog crate before 0.8.0 for Rust. T ...)
+ NOT-FOR-US: streebog rust crate
+CVE-2019-25006 (An issue was discovered in the streebog crate before 0.8.0 for Rust. T ...)
+ NOT-FOR-US: streebog rust crate
+CVE-2019-25005 (An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ...)
+ NOT-FOR-US: Rust chacha20
+CVE-2019-25004 (An issue was discovered in the flatbuffers crate before 0.6.1 for Rust ...)
+ NOT-FOR-US: flatbuffers rust crate
+CVE-2019-25003 (An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rus ...)
+ NOT-FOR-US: libsecp256k1 rust crate
+CVE-2019-25002 (An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust ...)
+ NOT-FOR-US: sodiumoxide rust crate
+CVE-2019-25001 (An issue was discovered in the serde_cbor crate before 0.10.2 for Rust ...)
+ - rust-serde-cbor <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0025.html
+CVE-2019-20934 (An issue was discovered in the Linux kernel before 5.2.6. On NUMA syst ...)
+ - linux 5.2.6-1
+ [buster] - linux 4.19.67-1
+ [stretch] - linux 4.9.189-1
+ NOTE: https://git.kernel.org/linus/16d51a590a8ce3befb1308e0e7ab77f3b661af33
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1913
+CVE-2019-20933 (InfluxDB before 1.7.6 has an authentication bypass vulnerability in th ...)
+ {DSA-4823-1 DLA-2501-1}
+ - influxdb 1.6.7~rc0-1 (bug #978087)
+ NOTE: https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0
+ NOTE: https://github.com/influxdata/influxdb/issues/12927
+CVE-2019-20932
+ RESERVED
+CVE-2019-20931
+ RESERVED
+CVE-2019-20930
+ RESERVED
+CVE-2019-20929
+ RESERVED
+CVE-2019-20928
+ RESERVED
+CVE-2019-20927
+ RESERVED
+CVE-2019-20926
+ RESERVED
+CVE-2019-20925 (An unauthenticated client can trigger denial of service by issuing spe ...)
+ - mongodb <removed>
+ [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jira.mongodb.org/browse/SERVER-43751
+ NOTE: https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8 (3.4.24, AGPL)
+ NOTE: Introduced by: https://github.com/mongodb/mongo/commit/91800fc61913358350b658406065c5d893d2ba2c (v3.3.11)
+CVE-2019-20924 (A user authorized to perform database queries may trigger denial of se ...)
+ - mongodb <removed>
+ [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jira.mongodb.org/browse/SERVER-44377
+ NOTE: https://github.com/mongodb/mongo/commit/e4338fa6e876e61e47f68e7f573ead7bcfbd06fc (v4.2.2, SSPL)
+ NOTE: Introduced by: https://github.com/mongodb/mongo/commit/34a1ce6a681e2637d3c29a49a9412efe63821178 (v4.1.9)
+CVE-2019-20923 (A user authorized to perform database queries may trigger denial of se ...)
+ - mongodb <removed>
+ [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jira.mongodb.org/browse/SERVER-39481
+ NOTE: https://github.com/mongodb/mongo/commit/c9dd94ca1a571f9d145eaa9029d8ce905a86f933 (v4.0.7, SSPL)
+ NOTE: Introduced by: https://github.com/mongodb/mongo/commit/1c629fb3e0cfdf218a6cdb20882806e3b7dd9e9c (v3.7.1)
+CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ...)
+ - node-handlebars <not-affected> (Introduced in 4.4.4 and fixed in 4.4.5, no vulnerable version uploaded)
+ - libjs-handlebars <not-affected> (Introduced in 4.4.4 and fixed in 4.4.5, no vulnerable version uploaded)
+ NOTE: https://github.com/handlebars-lang/handlebars.js/issues/1579
+ NOTE: https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b
+ NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388
+ NOTE: https://www.npmjs.com/advisories/1300
+CVE-2019-20921 (bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It d ...)
+ NOT-FOR-US: bootstrap-select
+CVE-2019-20920 (Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrar ...)
+ - node-handlebars 3:4.5.3-1
+ [buster] - node-handlebars 3:4.1.0-1+deb10u3
+ - libjs-handlebars <removed>
+ [stretch] - libjs-handlebars <ignored> (Only reverse depends was diaspora which not in stretch and too intrusive to backport)
+ NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
+ NOTE: https://www.npmjs.com/advisories/1316
+ NOTE: https://www.npmjs.com/advisories/1324
+CVE-2019-20919 (An issue was discovered in the DBI module before 1.643 for Perl. The h ...)
+ {DLA-2386-1}
+ - libdbi-perl 1.643-1
+ [buster] - libdbi-perl 1.642-1+deb10u1
+ NOTE: https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
+CVE-2019-20918 (An issue was discovered in InspIRCd 3 before 3.1.0. The silence module ...)
+ - inspircd <not-affected> (Only affected 3.0.0 and 3.0.1)
+ NOTE: https://docs.inspircd.org/security/2019-01/
+ NOTE: Introduced by: https://github.com/inspircd/inspircd/commit/bcd65de1ec4bb71591ae417fee649d7ecd37cd57 (v3.0.0)
+ NOTE: Fixed by: https://github.com/inspircd/inspircd/commit/7b47de3c194f239c5fea09a0e49696c9af017d51 (v3.1.0)
+CVE-2019-20917 (An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0 ...)
+ {DSA-4764-1 DLA-2375-1}
+ - inspircd 3.3.0-1
+ NOTE: https://docs.inspircd.org/security/2019-02/
+ NOTE: https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 (v2)
+ NOTE: https://github.com/inspircd/inspircd/commit/8745660fcdac7c1b80c94cfc0ff60928cd4dd4b7 (v3)
+CVE-2019-20916 (The pip package before 19.2 for Python allows Directory Traversal when ...)
+ {DLA-2370-1}
+ - python-pip 20.0.2-1
+ [buster] - python-pip <no-dsa> (Minor issue)
+ NOTE: https://github.com/pypa/pip/issues/6413
+ NOTE: https://github.com/pypa/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace (19.2)
+CVE-2019-20915 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
+ - libredwg <itp> (bug #595191)
+CVE-2019-20914 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...)
+ - libredwg <itp> (bug #595191)
+CVE-2019-20913 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
+ - libredwg <itp> (bug #595191)
+CVE-2019-20912 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
+ - libredwg <itp> (bug #595191)
+CVE-2019-20911 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
+ - libredwg <itp> (bug #595191)
+CVE-2019-20910 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
+ - libredwg <itp> (bug #595191)
+CVE-2019-20909 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...)
+ - libredwg <itp> (bug #595191)
+CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the Linux ker ...)
+ - linux 5.2.6-1
+ [buster] - linux 4.19.132-1
+ [stretch] - linux <ignored> (securelevel included but not supported)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/14/1
+ NOTE: Fixed by: https://git.kernel.org/linus/1957a85b0032a81e6482ca4aab883643b8dae06e
+CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ...)
+ {DLA-2456-1 DLA-2337-1}
+ - python3.9 3.9.0~b5-1 (low)
+ - python3.8 3.8.5-1 (low)
+ - python3.7 <removed> (low)
+ [buster] - python3.7 3.7.3-2+deb10u2
+ - python3.5 <removed> (low)
+ - python2.7 2.7.18-2 (low; bug #970099)
+ [buster] - python2.7 <no-dsa> (Minor issue)
+ [stretch] - python2.7 <postponed> (Minor issue, can be fixed in next DLA)
+ NOTE: https://bugs.python.org/issue39017
+ NOTE: https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 (master)
+ NOTE: https://github.com/python/cpython/commit/f3232294ee695492f43d424cc6969d018d49861d (3.9-branch)
+ NOTE: https://github.com/python/cpython/commit/c55479556db015f48fc8bbca17f64d3e65598559 (3.8-branch)
+ NOTE: https://github.com/python/cpython/commit/79c6b602efc9a906c8496f3d5f4d54c54b48fa06 (3.7-branch)
+ NOTE: https://github.com/python/cpython/commit/47a2955589bdb1a114d271496ff803ad73f954b8 (3.6-branch)
+ NOTE: https://github.com/python/cpython/pull/21454
+CVE-2019-20906
+ RESERVED
+CVE-2019-20905
+ RESERVED
+CVE-2019-20904
+ RESERVED
+CVE-2019-20903 (The hyperlinks functionality in atlaskit/editor-core in before version ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20902 (Upgrading Crowd via XML Data Transfer can reactivate a disabled user f ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20901 (The login.jsp resource in Jira before version 8.5.2, and from version ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20900 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20899 (The Gadget API in Atlassian Jira Server and Data Center in affected ve ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20898 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20897 (The avatar upload feature in affected versions of Atlassian Jira Serve ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20896 (WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponen ...)
+ NOT-FOR-US: WebChess
+CVE-2019-20895
+ RESERVED
+CVE-2019-20894 (Traefik 2.x, in certain configurations, allows HTTPS sessions to proce ...)
+ NOT-FOR-US: Traefik
+CVE-2019-20893 (An issue was discovered in Activision Infinity Ward Call of Duty Moder ...)
+ NOT-FOR-US: Activision
+CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateRefer ...)
+ - net-snmp 5.8+dfsg-3 (bug #963713)
+ [buster] - net-snmp <not-affected> (Vulnerable code introduced later)
+ [stretch] - net-snmp <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/4
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027
+ NOTE: https://github.com/net-snmp/net-snmp/commit/92ccd5a82a019fbfa835cc8ab2294cf0ca48c8f2
+ NOTE: https://github.com/net-snmp/net-snmp/commit/adc9b71aba9168ec64149345ea37a1acc11875c6
+ NOTE: https://github.com/net-snmp/net-snmp/commit/7384a8b550d4ed4a00e41b72229cfcc124926b06
+ NOTE: https://github.com/net-snmp/net-snmp/commit/39381c4d20dd8042870c28ae3b0c16291e50b705
+ NOTE: https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9
+ NOTE: https://github.com/net-snmp/net-snmp/commit/87bd90d04f20dd3f73e3e7e631a442ccd419b9d3
+ NOTE: Extra patches to address memory leaks:
+ NOTE: https://salsa.debian.org/debian/net-snmp/-/merge_requests/3
+ NOTE: Introduced in https://github.com/net-snmp/net-snmp/compare/1a0dbe19bf2787bb5bea913f210a9a5eb4c0c80c...e207b8113260fd7d84df0ebdb66925ab70da29b2 (5.8-dev)
+CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of products, has ...)
+ NOT-FOR-US: WooCommerce
+CVE-2019-20890 (An issue was discovered in Mattermost Server before 5.7. It allows a b ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20889 (An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20888 (An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20887 (An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20886 (An issue was discovered in Mattermost Server before 5.8.0. The first u ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20885 (An issue was discovered in Mattermost Server before 5.8.0. It does not ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20884 (An issue was discovered in Mattermost Server before 5.8.0. It allows a ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20883 (An issue was discovered in Mattermost Server before 5.8.0, when Town S ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20882 (An issue was discovered in Mattermost Server before 5.8.0. It does not ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20881 (An issue was discovered in Mattermost Server before 5.8.0. It mishandl ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20880 (An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20879 (An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20878 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20877 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20876 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20875 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20874 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20873 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20872 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20871 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20870 (An issue was discovered in Mattermost Server before 5.10.0. An attacke ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20869 (An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8 ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20868 (An issue was discovered in Mattermost Server before 5.11.0. Invite IDs ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20867 (An issue was discovered in Mattermost Server before 5.11.0. An attacke ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20866 (An issue was discovered in Mattermost Server before 5.12.0. Use of a P ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20865 (An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20864 (An issue was discovered in Mattermost Plugins before 5.13.0. The GitHu ...)
+ NOT-FOR-US: Mattermost
+CVE-2019-20863 (An issue was discovered in Mattermost Server before 5.13.0. Incoming w ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20862 (An issue was discovered in Mattermost Server before 5.13.0. Non-member ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20861 (An issue was discovered in Mattermost Desktop App before 4.2.2. It all ...)
+ - mattermost-desktop <itp> (bug #831861)
+CVE-2019-20860 (An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20859 (An issue was discovered in Mattermost Server before 5.15.0. Login acce ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20858 (An issue was discovered in Mattermost Server before 5.15.0. It allows ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20857 (An issue was discovered in Mattermost Server before 5.16.0. It allows ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20856 (An issue was discovered in Mattermost Desktop App before 4.3.0 on macO ...)
+ - mattermost-desktop <itp> (bug #831861)
+CVE-2019-20855 (An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20854 (An issue was discovered in Mattermost Server before 5.17.0. It allows ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20853 (An issue was discovered in Mattermost Packages before 5.16.3. A Drople ...)
+ NOT-FOR-US: Mattermost
+CVE-2019-20852 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local ...)
+ NOT-FOR-US: Mattermost
+CVE-2019-20851 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. An at ...)
+ NOT-FOR-US: Mattermost
+CVE-2019-20850 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. A vie ...)
+ NOT-FOR-US: Mattermost
+CVE-2019-20849 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cooki ...)
+ NOT-FOR-US: Mattermost
+CVE-2019-20848 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Q ...)
+ NOT-FOR-US: Mattermost
+CVE-2019-20847 (An issue was discovered in Mattermost Server before 5.18.0. An attacke ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20846 (An issue was discovered in Mattermost Server before 5.18.0. It has wea ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20845 (An issue was discovered in Mattermost Server before 5.18.0. It allows ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20844 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20843 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20842 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20841 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2019-20840 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws ...)
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver <not-affected> (Vulnerable code not present)
+ [stretch] - libvncserver <not-affected> (Vulnerable code not present)
+ [jessie] - libvncserver <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76
+ NOTE: Vulnerable code is introduced with the fix for CVE-2017-18922.
+CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer over ...)
+ {DLA-2347-1 DLA-2264-1}
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
+ NOTE: https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1
+CVE-2019-20838 (libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT w ...)
+ - pcre3 <unfixed> (unimportant)
+ NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1740 (8.43)
+ NOTE: Only an issue when UTF support disabled
+CVE-2019-20837 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20836 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20835 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20834 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows s ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2019-20833 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mish ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2019-20832 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homo ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2019-20831 (An issue was discovered in the 3D Plugin Beta for Foxit Reader and Pha ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20830 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20829 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20828 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20827 (An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader f ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20826 (An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader f ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20825 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2019-20824 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NU ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2019-20823 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a bu ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2019-20822 (An issue was discovered in the 3D Plugin Beta for Foxit Reader and Pha ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20821 (An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a N ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2019-20820 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20819 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20818 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20817 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2019-20816 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NU ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2019-20815 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows s ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2019-20814 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows m ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2019-20813 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NU ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2019-20812 (An issue was discovered in the Linux kernel before 5.4.7. The prb_calc ...)
+ - linux 5.4.8-1
+ [buster] - linux 4.19.98-1
+ [stretch] - linux 4.9.210-1
+ NOTE: https://git.kernel.org/linus/b43d1f9f7067c6759b1051e8ecb84e82cef569fe
+CVE-2019-20811 (An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_ ...)
+ {DSA-4698-1 DLA-2242-1}
+ - linux 4.19.37-1
+ [jessie] - linux 3.16.72-1
+ NOTE: https://git.kernel.org/linus/a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e
+CVE-2019-20810 (go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux ...)
+ {DLA-2323-1}
+ - linux 5.6.7-1
+ [buster] - linux 4.19.131-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://git.kernel.org/linus/9453264ef58638ce8976121ac44c07a3ef375983
+CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound Price ...)
+ NOT-FOR-US: Compound Finance Compound Price Oracle
+CVE-2019-20808 (In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA imp ...)
- qemu 1:4.2-1
[buster] - qemu <not-affected> (Vulnerable code introduced later)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13 (v4.2.0-rc0)
CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim restricted mode ...)
+ {DLA-2876-1}
- vim 2:8.1.2136-1
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
[jessie] - vim <no-dsa> (Minor issue)
NOTE: https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075
CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...)
+ {DSA-4698-1 DLA-2242-1}
- linux 5.2.6-1
[buster] - linux 4.19.118-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -37,7 +585,7 @@ CVE-2019-20799 (In Cherokee through 1.2.104, multiple memory corruption errors m
CVE-2019-20798 (An XSS issue was discovered in handler_server_info.c in Cherokee throu ...)
- cherokee <removed>
CVE-2019-20797 (An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer ...)
- - prboom-plus <unfixed> (bug #961031)
+ - prboom-plus 2:2.5.1.7um+git82-1 (bug #961031)
[buster] - prboom-plus <no-dsa> (Minor issue)
[stretch] - prboom-plus <no-dsa> (Minor issue)
[jessie] - prboom-plus <end-of-life> (games are not supported)
@@ -55,33 +603,41 @@ CVE-2019-20795 (iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_n
NOTE: Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0)
CVE-2019-20794 (An issue was discovered in the Linux kernel 4.18 through 5.6.11 when u ...)
- linux <unfixed>
+ [bullseye] - linux <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - linux <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://sourceforge.net/p/fuse/mailman/message/36598753/
CVE-2019-20793
RESERVED
CVE-2019-20792 (OpenSC before 0.20.0 has a double free in coolkey_free_private_data be ...)
- - opensc 0.20.0-1
+ - opensc 0.20.0-1 (low)
+ [buster] - opensc <no-dsa> (Minor issue)
+ [stretch] - opensc <not-affected> (Coolkey driver added in 0.17.0)
[jessie] - opensc <postponed> (Minor issue but can be worth fixing later)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208
NOTE: https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4
CVE-2019-20791 (OpenThread before 2019-12-13 has a stack-based buffer overflow in Mesh ...)
NOT-FOR-US: OpenThread
CVE-2019-20790 (OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, ...)
- - opendmarc <unfixed>
+ - opendmarc 1.4.0~beta1+dfsg-4 (bug #977766)
+ [buster] - opendmarc <no-dsa> (Minor issue)
+ [stretch] - opendmarc <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816
NOTE: https://sourceforge.net/p/opendmarc/tickets/235/
NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
+ NOTE: Issue is disputed upstream and considered "work as designed" (wontfix)
+ NOTE: https://github.com/trusteddomainproject/OpenDMARC/blob/develop/SECURITY/CVE-2019-20790
+ NOTE: Upstream reconsidering position:
+ NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/158
CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or a ...)
NOT-FOR-US: Croogo
CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...)
{DLA-2146-1}
- libvncserver 0.9.12+dfsg-9 (bug #954163)
[buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3
- [stretch] - libvncserver <no-dsa> (Minor issue)
+ [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4
NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed
CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...)
- - teeworlds <unfixed>
- [jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
- NOTE: https://www.teeworlds.com/forum/viewtopic.php?pid=123860
+ NOTE: Duplicate of CVE-2019-10877
CVE-2019-20786 (handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a chec ...)
NOT-FOR-US: Pion DTLS
CVE-2019-20785 (An issue was discovered on LG mobile devices with Android OS 8.0 and 8 ...)
@@ -391,6 +947,7 @@ CVE-2019-20637 (An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x
NOTE: Introduced in https://github.com/varnishcache/varnish-cache/commit/62932b422f311ed1224f14a216169bcdc1b77a2d (5.0)
NOTE: Case #3 implies labels introduced in https://github.com/varnishcache/varnish-cache/commit/34350d5e183ef4e04285729d1f63b784d1bc6454 (5.0)
CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...)
+ {DLA-2241-1}
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -403,35 +960,36 @@ CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Fr
- patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied)
NOTE: https://savannah.gnu.org/bugs/index.php?56683
CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- - gpac <unfixed>
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
NOTE: https://github.com/gpac/gpac/issues/1271
CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- - gpac <unfixed>
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
NOTE: https://github.com/gpac/gpac/issues/1270
CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- - gpac <unfixed>
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
NOTE: https://github.com/gpac/gpac/issues/1268
CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- - gpac <unfixed>
- [buster] - gpac <no-dsa> (Minor issue)
- [stretch] - gpac <no-dsa> (Minor issue)
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
[jessie] - gpac <ignored> (Minor issue)
- NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
NOTE: https://github.com/gpac/gpac/issues/1264
+ NOTE: Introduced by: https://github.com/gpac/gpac/commit/bb002ad4f92d216f8ab7c8466102279ef8af6f88 (v0.8.0)
+ NOTE: Fixed by: qhttps://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 (v0.9.0-preview)
CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- - gpac <unfixed>
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <ignored> (Minor issue)
@@ -740,10 +1298,10 @@ CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holdin
[stretch] - libvirt <no-dsa> (Minor issue)
[jessie] - libvirt <not-affected> (Vulnerable code not present)
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1)
-CVE-2019-20484
- RESERVED
-CVE-2019-20483
- RESERVED
+CVE-2019-20484 (An issue was discovered in Viki Vera 4.9.1.26180. A user without acces ...)
+ NOT-FOR-US: Viki Vera
+CVE-2019-20483 (An issue was discovered in Viki Vera 4.9.1.26180. An attacker could se ...)
+ NOT-FOR-US: Viki Vera
CVE-2019-20482
RESERVED
CVE-2019-20481 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Fun ...)
@@ -751,8 +1309,9 @@ CVE-2019-20481 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Chan
CVE-2019-20480 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website vis ...)
NOT-FOR-US: MIELE XGW 3000 ZigBee Gateway
CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...)
- {DLA-2130-1}
+ {DLA-2298-1 DLA-2130-1}
- libapache2-mod-auth-openidc 2.4.1-1
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7
NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453
CVE-2019-20478 (In ruamel.yaml through 0.16.7, the load method allows remote code exec ...)
@@ -772,28 +1331,28 @@ CVE-2019-20475
RESERVED
CVE-2019-20474 (An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.4 ...)
NOT-FOR-US: Zoho ManageEngine Remote Access Plus
-CVE-2019-20473
- RESERVED
+CVE-2019-20473 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...)
+ NOT-FOR-US: TK-Star Q90 Junior GPS horloge
CVE-2019-20472
RESERVED
-CVE-2019-20471
- RESERVED
-CVE-2019-20470
- RESERVED
+CVE-2019-20471 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...)
+ NOT-FOR-US: TK-Star Q90 Junior GPS horloge
+CVE-2019-20470 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...)
+ NOT-FOR-US: TK-Star Q90 Junior GPS horloge
CVE-2019-20469
RESERVED
-CVE-2019-20468
- RESERVED
-CVE-2019-20467
- RESERVED
-CVE-2019-20466
- RESERVED
-CVE-2019-20465
- RESERVED
-CVE-2019-20464
- RESERVED
-CVE-2019-20463
- RESERVED
+CVE-2019-20468 (An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horlo ...)
+ NOT-FOR-US: TK-Star Q90 Junior GPS horloge
+CVE-2019-20467 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...)
+ NOT-FOR-US: Sannce
+CVE-2019-20466 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...)
+ NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices
+CVE-2019-20465 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...)
+ NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices
+CVE-2019-20464 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...)
+ NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices
+CVE-2019-20463 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...)
+ NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices
CVE-2019-20462
RESERVED
CVE-2019-20461
@@ -833,12 +1392,14 @@ CVE-2019-20448
CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...)
NOT-FOR-US: Jobberbase CMS
CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nest ...)
+ {DLA-2285-1}
- librsvg 2.46.4-1
+ [buster] - librsvg <no-dsa> (Will be fixed via spu)
[jessie] - librsvg <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/librsvg/issues/515
NOTE: https://gitlab.gnome.org/GNOME/librsvg/commit/572f95f739529b865e2717664d6fefcef9493135
CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length ...)
- {DLA-2110-1 DLA-2109-1}
+ {DSA-4885-1 DLA-2365-1 DLA-2364-1 DLA-2110-1 DLA-2109-1}
- netty 1:4.1.45-1 (bug #950967)
- netty-3.9 <removed>
NOTE: https://github.com/netty/netty/issues/9861
@@ -846,7 +1407,7 @@ CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-L
NOTE: https://github.com/netty/netty/commit/629034624626b722128e0fcc6b3ec9d406cb3706 (4.1)
NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests)
CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...)
- {DLA-2110-1 DLA-2109-1}
+ {DSA-4885-1 DLA-2365-1 DLA-2364-1 DLA-2110-1 DLA-2109-1}
- netty 1:4.1.45-1 (bug #950966)
- netty-3.9 <removed>
NOTE: https://github.com/netty/netty/issues/9866
@@ -903,38 +1464,37 @@ CVE-2019-20422 (In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/i
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/7b09c2d052db4b4ad0b27b97918b46a7746966fa
CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input ...)
+ {DSA-4958-1 DLA-2750-1}
- exiv2 0.27.2-8 (low; bug #950183)
- [buster] - exiv2 <ignored> (Minor issue)
- [stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8
NOTE: https://github.com/Exiv2/exiv2/issues/1011
CVE-2019-20420
RESERVED
-CVE-2019-20419
- RESERVED
-CVE-2019-20418
- RESERVED
-CVE-2019-20417
- RESERVED
-CVE-2019-20416
- RESERVED
-CVE-2019-20415
- RESERVED
-CVE-2019-20414
- RESERVED
-CVE-2019-20413
- RESERVED
-CVE-2019-20412
- RESERVED
-CVE-2019-20411
- RESERVED
-CVE-2019-20410
- RESERVED
-CVE-2019-20409
- RESERVED
-CVE-2019-20408
- RESERVED
+CVE-2019-20419 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20417 (NOTE: This candidate is a duplicate of CVE-2019-15011. All CVE users s ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions allows remo ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20414 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20413 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20412 (The Convert Sub-Task to Issue page in affected versions of Atlassian J ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20411 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20410 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20409 (The way in which velocity templates were used in Atlassian Jira Server ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20408 (The /plugins/servlet/gadgets/makeRequest resource in Jira before versi ...)
+ NOT-FOR-US: Atlassian
CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira Software ...)
NOT-FOR-US: Atlassian Jira
CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...)
@@ -954,48 +1514,56 @@ CVE-2019-20400 (The usage of Tomcat in Jira before version 8.5.2 allows local at
CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...)
NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1)
CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...)
- - libyang <unfixed>
+ [experimental] - libyang 1.0.167-1
+ - libyang 1.0.176-1
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793935
NOTE: https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08
NOTE: https://github.com/CESNET/libyang/issues/773
CVE-2019-20397 (A double-free is present in libyang before v1.0-r1 in the function yyp ...)
- - libyang <unfixed>
+ [experimental] - libyang 1.0.167-1
+ - libyang 1.0.176-1
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793928
NOTE: https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4
NOTE: https://github.com/CESNET/libyang/issues/739
CVE-2019-20396 (A segmentation fault is present in yyparse in libyang before v1.0-r1 d ...)
- - libyang <unfixed>
+ [experimental] - libyang 1.0.167-1
+ - libyang 1.0.176-1
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8
NOTE: https://github.com/CESNET/libyang/issues/740
CVE-2019-20395 (A stack consumption issue is present in libyang before v1.0-r1 due to ...)
- - libyang <unfixed>
+ [experimental] - libyang 1.0.167-1
+ - libyang 1.0.176-1
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793924
NOTE: https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237
NOTE: https://github.com/CESNET/libyang/issues/724
CVE-2019-20394 (A double-free is present in libyang before v1.0-r3 in the function yyp ...)
- - libyang <unfixed>
+ [experimental] - libyang 1.0.167-1
+ - libyang 1.0.176-1
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793932
NOTE: https://github.com/CESNET/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6
NOTE: https://github.com/CESNET/libyang/issues/769
CVE-2019-20393 (A double-free is present in libyang before v1.0-r1 in the function yyp ...)
- - libyang <unfixed>
+ [experimental] - libyang 1.0.167-1
+ - libyang 1.0.176-1
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793930
NOTE: https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed
NOTE: https://github.com/CESNET/libyang/issues/742
CVE-2019-20392 (An invalid memory access flaw is present in libyang before v1.0-r1 in ...)
- - libyang <unfixed>
+ [experimental] - libyang 1.0.167-1
+ - libyang 1.0.176-1
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793922
NOTE: https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5
NOTE: https://github.com/CESNET/libyang/issues/723
CVE-2019-20391 (An invalid memory access flaw is present in libyang before v1.0-r3 in ...)
- - libyang <unfixed>
+ [experimental] - libyang 1.0.167-1
+ - libyang 1.0.176-1
[buster] - libyang <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793934
NOTE: https://github.com/CESNET/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8
@@ -1005,9 +1573,9 @@ CVE-2019-20390 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered
CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configurat ...)
NOT-FOR-US: Subrion CMS
CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...)
+ {DLA-2369-1}
- libxml2 2.9.10+dfsg-2.1 (bug #949583)
- [buster] - libxml2 <no-dsa> (Minor issue)
- [stretch] - libxml2 <no-dsa> (Minor issue)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
[jessie] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a
CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-ba ...)
@@ -1025,12 +1593,11 @@ CVE-2019-20385 (The CSV upload feature in /supervisor/procesa_carga.php on Logar
NOT-FOR-US: Logaritmo Aware CallManager 2012 devices
CVE-2019-20384 (Gentoo Portage through 2.3.84 allows local users to place a Trojan hor ...)
NOT-FOR-US: Portage
-CVE-2019-20383
- RESERVED
+CVE-2019-20383 (ABBYY network license server in ABBYY FineReader 15 before Release 4 ( ...)
+ NOT-FOR-US: ABBYY
CVE-2019-20382 (QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle. ...)
- {DSA-4665-1}
+ {DSA-4665-1 DLA-2288-1}
- qemu 1:4.2-1
- [stretch] - qemu <postponed> (Minor, can be fixed along in future DSA)
[jessie] - qemu <postponed> (Minor, can be fixed along in future DLA)
- qemu-kvm <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/03/05/1
@@ -1057,8 +1624,8 @@ CVE-2019-20374 (A mutation cross-site scripting (XSS) issue in Typora through 0.
NOT-FOR-US: Typora
CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations, allows HT ...)
- nginx 1.16.1-3 (low; bug #948579)
- [buster] - nginx <no-dsa> (Minor issue)
- [stretch] - nginx <no-dsa> (Minor issue)
+ [buster] - nginx 1.14.2-2+deb10u2
+ [stretch] - nginx 1.10.3-1+deb9u4
[jessie] - nginx <no-dsa> (Minor issue)
NOTE: https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
NOTE: https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e
@@ -1076,9 +1643,9 @@ CVE-2019-20369
CVE-2019-20368
RESERVED
CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...)
+ {DLA-2566-1}
- libbsd 0.10.0-1
- [buster] - libbsd <no-dsa> (Minor issue)
- [stretch] - libbsd <no-dsa> (Minor issue)
+ [buster] - libbsd 0.9.1-2+deb10u1
[jessie] - libbsd <no-dsa> (Minor issue)
NOTE: https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
NOTE: https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b (0.10.0)
@@ -1111,9 +1678,10 @@ CVE-2019-20354 (The web application component of piSignage before 2.6.4 allows a
CVE-2019-20353
RESERVED
CVE-2019-20352 (In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occ ...)
- - nasm <unfixed> (unimportant)
+ - nasm 2.15.04-1 (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392636
NOTE: Crash in CLI tool, no security impact
+ NOTE: https://github.com/netwide-assembler/nasm/commit/7c88289e222dc5ef9f53f9e86ecaab1924744b88 (nasm-2.15.04rc6)
CVE-2019-20351
RESERVED
CVE-2019-20350
@@ -1162,8 +1730,8 @@ CVE-2019-20331
CVE-2019-20330 (FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.eh ...)
{DLA-2111-1}
- jackson-databind 2.10.1-1
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2526
NOTE: https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e
CVE-2019-20329 (OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL serv ...)
@@ -1373,10 +1941,9 @@ CVE-2019-20227
CVE-2019-20226
REJECTED
CVE-2019-20326 (A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg( ...)
- {DLA-2066-1}
- - gthumb <unfixed> (bug #948197)
- [buster] - gthumb <no-dsa> (Minor issue)
- [stretch] - gthumb <no-dsa> (Minor issue)
+ {DLA-2749-1 DLA-2066-1}
+ - gthumb 3:3.8.3-0.1 (bug #948197)
+ [buster] - gthumb 3:3.6.2-4+deb10u1
NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3)
NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master)
CVE-2019-20225 (MyBB before 1.8.22 allows an open redirect on login. ...)
@@ -1394,9 +1961,9 @@ CVE-2019-20220 (In Support Incident Tracker (SiT!) 3.67, the search_id parameter
CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor i ...)
NOT-FOR-US: ngiflib
CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u ...)
+ {DLA-2340-2}
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
CVE-2019-20217 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...)
@@ -1419,9 +1986,12 @@ CVE-2019-20209 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and E
NOT-FOR-US: themes for WordPress
CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based ...)
{DLA-2072-1}
- - gpac <unfixed>
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1348
NOTE: https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e (chunk #1)
CVE-2019-20207
@@ -1440,15 +2010,90 @@ CVE-2019-20204 (The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrat
CVE-2019-20203 (The Authorized Addresses feature in the Postie plugin 1.9.40 for WordP ...)
NOT-FOR-US: Authorized Addresses feature in the Postie plugin for WordPress
CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
- NOT-FOR-US: ezXML
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/17/
CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ...)
- NOT-FOR-US: ezXML
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/16/
CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
- NOT-FOR-US: ezXML
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/19/
CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
- NOT-FOR-US: ezXML
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/18/
CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
- NOT-FOR-US: ezXML
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/20/
CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...)
NOT-FOR-US: Nagios XI
CVE-2019-20196
@@ -1515,17 +2160,23 @@ CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does
NOT-FOR-US: SerenityOS
CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed> (low)
+ - gpac 1.0.1+dfsg1-2 (low)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1337
NOTE: https://github.com/gpac/gpac/commit/72cdc5048dead86bb1df7d21e0b9975e49cf2d97
NOTE: https://github.com/gpac/gpac/commit/2bcca3f1d4605100bb27d3ed7be25b53cddbc75c
CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed> (low)
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1328
NOTE: https://github.com/gpac/gpac/commit/16856430287cc10f495eb241910b4dc45b193e03
CVE-2019-20169 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
@@ -1549,30 +2200,41 @@ CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2)
CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed> (low)
- [buster] - gpac <no-dsa> (Minor issue)
- [stretch] - gpac <no-dsa> (Minor issue)
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
NOTE: https://github.com/gpac/gpac/issues/1338
NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #1)
+ NOTE: Introduced by https://github.com/gpac/gpac/commit/86d072b6a13baa1a4a90168098a0f8354c24d8cf
CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
- gpac <not-affected> (Vulnerable code introduced in 0.7.0)
NOTE: https://github.com/gpac/gpac/issues/1332
NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2)
CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed> (low)
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1335
NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #4)
CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed>
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1327
NOTE: https://github.com/gpac/gpac/commit/3c0ba42546c8148c51169c3908e845c308746c77
CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed>
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1320
NOTE: https://github.com/gpac/gpac/commit/7a09732d4978586e6284e84caa9c301b2fa5e956
CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
@@ -1597,12 +2259,12 @@ CVE-2019-20154 (An issue was discovered in Determine (formerly Selectica) Contra
NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
CVE-2019-20153 (An issue was discovered in Determine (formerly Selectica) Contract Lif ...)
NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management
-CVE-2019-20152
- RESERVED
-CVE-2019-20151
- RESERVED
-CVE-2019-20150
- RESERVED
+CVE-2019-20152 (An XSS issue was discovered in TreasuryXpress 19191105. Due to the lac ...)
+ NOT-FOR-US: TreasuryXpress
+CVE-2019-20151 (An XSS issue was discovered in TreasuryXpress 19191105. Due to the lac ...)
+ NOT-FOR-US: TreasuryXpress
+CVE-2019-20150 (In TreasuryXpress 19191105, a logged-in user can discover saved creden ...)
+ NOT-FOR-US: TreasuryXpress
CVE-2019-20149 (ctorName in index.js in kind-of v6.0.2 allows external user input to o ...)
- node-kind-of 6.0.3+dfsg-1 (bug #948095)
[buster] - node-kind-of 6.0.2+dfsg-1+deb10u1
@@ -1720,8 +2382,8 @@ CVE-2019-20103
RESERVED
CVE-2019-20102 (The attachment-uploading feature in Atlassian Confluence Server from v ...)
NOT-FOR-US: Atlassian
-CVE-2019-20101
- RESERVED
+CVE-2019-20101 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
CVE-2019-20100 (The Atlassian Application Links plugin is vulnerable to cross-site req ...)
NOT-FOR-US: Atlassian Application Links plugin
CVE-2019-20099 (The VerifyPopServerConnection!add.jspa component in Atlassian Jira Ser ...)
@@ -1751,8 +2413,9 @@ CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based
NOTE: https://github.com/saitoha/libsixel/issues/125
NOTE: https://github.com/saitoha/libsixel/commit/a18b3789cfd147028403c17fe79a43b169d8f034
CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
- - libpodofo <unfixed>
- [buster] - libpodofo <no-dsa> (Minor issue)
+ - libpodofo <unfixed> (bug #977302)
+ [bullseye] - libpodofo <ignored> (Minor issue)
+ [buster] - libpodofo <ignored> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/tickets/75/
@@ -1776,19 +2439,20 @@ CVE-2019-20084
RESERVED
CVE-2019-20083
RESERVED
-CVE-2019-20082
- RESERVED
+CVE-2019-20082 (ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long ...)
+ NOT-FOR-US: ASUS
CVE-2019-20081
RESERVED
CVE-2019-20080
RESERVED
CVE-2019-20079 (The autocmd feature in window.c in Vim before 8.1.2136 accesses freed ...)
- vim 2:8.1.2136-1
- [buster] - vim <no-dsa> (Minor issue)
+ [buster] - vim <not-affected> (Vulnerable code introduced later)
[stretch] - vim <not-affected> (Vulnerable code introduced later)
[jessie] - vim <not-affected> (vulnerable code was introduced later)
NOTE: https://github.com/vim/vim/issues/5041
- NOTE: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421
+ NOTE: Introduced with: https://github.com/vim/vim/commit/a27e1dcddc9e3914ab34b164f71c51b72903b00b (v8.1.2121)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 (v8.1.2136)
CVE-2019-20078
RESERVED
CVE-2019-20077 (The Typesetter CMS 5.1 logout functionality is affected by a CSRF vuln ...)
@@ -1842,10 +2506,12 @@ CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
- libstb <unfixed> (low)
+ [bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: libsixel PR: https://github.com/saitoha/libsixel/issues/126
NOTE: libsixel patch: https://github.com/saitoha/libsixel/commit/814f831555ea2492d442e784ab5d594f6a8e2e8d
NOTE: libstb PR: https://github.com/nothings/stb/issues/886
+ NOTE: libstb patch: https://github.com/nothings/stb/commit/bfaccab17a648b315543d366c63aee575a0756b7
CVE-2019-20055 (LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substri ...)
NOT-FOR-US: LuquidPixels LiquiFire OS
CVE-2019-20053 (An invalid memory address dereference was discovered in the canUnpack ...)
@@ -1853,9 +2519,7 @@ CVE-2019-20053 (An invalid memory address dereference was discovered in the canU
NOTE: https://github.com/upx/upx/issues/314
NOTE: https://github.com/upx/upx/commit/819c33fee2b2c33b96bef27a13cb20f2589819aa
CVE-2019-20052 (A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 ...)
- - libmatio <unfixed>
- [buster] - libmatio <no-dsa> (Minor issue)
- [stretch] - libmatio <no-dsa> (Minor issue)
+ - libmatio <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/tbeu/matio/issues/131
CVE-2019-20051 (A floating-point exception was discovered in PackLinuxElf::elf_hash in ...)
- upx-ucl 3.96-1 (unimportant)
@@ -1880,10 +2544,9 @@ CVE-2019-20046 (The Synergy Systems &amp; Solutions PLC &amp; RTU system has a v
CVE-2019-20045 (The Synergy Systems &amp; Solutions PLC &amp; RTU system has a vulnera ...)
NOT-FOR-US: Synergy Systems & Solutions PLC & RTU system
CVE-2019-20044 (In Zsh before 5.8, attackers able to execute commands can regain privi ...)
- {DLA-2117-1}
+ {DLA-2470-1 DLA-2117-1}
- zsh 5.8-1 (bug #951458)
[buster] - zsh <no-dsa> (Minor issue)
- [stretch] - zsh <no-dsa> (Minor issue)
NOTE: https://www.zsh.org/mla/zsh-announce/141
NOTE: https://sourceforge.net/p/zsh/code/ci/24e993db62cf146fb76ebcf677a4a7aa3766fc74/
NOTE: https://sourceforge.net/p/zsh/code/ci/8250c5c168f07549ed646e6848e6dda118271e23/
@@ -1904,24 +2567,24 @@ CVE-2019-20035
RESERVED
CVE-2019-20034
RESERVED
-CVE-2019-20033
- RESERVED
-CVE-2019-20032
- RESERVED
-CVE-2019-20031
- RESERVED
-CVE-2019-20030
- RESERVED
-CVE-2019-20029
- RESERVED
-CVE-2019-20028
- RESERVED
-CVE-2019-20027
- RESERVED
-CVE-2019-20026
- RESERVED
-CVE-2019-20025
- RESERVED
+CVE-2019-20033 (On Aspire-derived NEC PBXes, including all versions of SV8100 devices, ...)
+ NOT-FOR-US: NEC devices
+CVE-2019-20032 (An attacker with access to an InMail voicemail box equipped with the f ...)
+ NOT-FOR-US: NEC devices
+CVE-2019-20031 (NEC UM8000, UM4730 and prior non-InMail voicemail systems with all kno ...)
+ NOT-FOR-US: NEC devices
+CVE-2019-20030 (An attacker with knowledge of the modem access number on a NEC UM8000 ...)
+ NOT-FOR-US: NEC devices
+CVE-2019-20029 (An exploitable privilege escalation vulnerability exists in the WebPro ...)
+ NOT-FOR-US: NEC devices
+CVE-2019-20028 (Aspire-derived NEC PBXes operating InMail software, including all vers ...)
+ NOT-FOR-US: NEC devices
+CVE-2019-20027 (Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2 ...)
+ NOT-FOR-US: NEC devices
+CVE-2019-20026 (The WebPro interface in NEC SV9100 software releases 7.0 or higher all ...)
+ NOT-FOR-US: NEC devices
+CVE-2019-20025 (Certain builds of NEC SV9100 software could allow an unauthenticated, ...)
+ NOT-FOR-US: NEC devices
CVE-2019-20024 (A heap-based buffer overflow was discovered in image_buffer_resize in ...)
- libsixel 1.8.6-1 (low; bug #948103)
[buster] - libsixel <no-dsa> (Minor issue)
@@ -1948,24 +2611,32 @@ CVE-2019-20021 (A heap-based buffer over-read was discovered in canUnpack in p_m
NOTE: https://github.com/upx/upx/issues/315
NOTE: https://github.com/upx/upx/commit/819c33fee2b2c33b96bef27a13cb20f2589819aa
CVE-2019-20020 (A stack-based buffer over-read was discovered in ReadNextStructField i ...)
- - libmatio <unfixed>
+ [experimental] - libmatio 1.5.18-1
+ - libmatio 1.5.19-2
[buster] - libmatio <no-dsa> (Minor issue)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue)
NOTE: https://github.com/tbeu/matio/issues/128
CVE-2019-20019 (An attempted excessive memory allocation was discovered in Mat_VarRead ...)
- libmatio <unfixed>
+ [bullseye] - libmatio <no-dsa> (Minor issue)
[buster] - libmatio <no-dsa> (Minor issue)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue)
NOTE: https://github.com/tbeu/matio/issues/130
CVE-2019-20018 (A stack-based buffer over-read was discovered in ReadNextCell in mat5. ...)
- - libmatio <unfixed>
+ [experimental] - libmatio 1.5.18-1
+ - libmatio 1.5.19-2
[buster] - libmatio <no-dsa> (Minor issue)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue)
NOTE: https://github.com/tbeu/matio/issues/129
CVE-2019-20017 (A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 ...)
- - libmatio <unfixed>
+ [experimental] - libmatio 1.5.18-1
+ - libmatio 1.5.19-2
[buster] - libmatio <no-dsa> (Minor issue)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue)
NOTE: https://github.com/tbeu/matio/issues/127
CVE-2019-20016 (libmysofa before 2019-11-24 does not properly restrict recursive funct ...)
- libmysofa 0.9~dfsg0-1
@@ -1990,19 +2661,64 @@ CVE-2019-20009 (An issue was discovered in GNU LibreDWG before 0.93. Crafted inp
CVE-2019-20008 (In Archery before 1.3, inserting an XSS payload into a project name (e ...)
NOT-FOR-US: Archery
CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezx ...)
- NOT-FOR-US: ezXML
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/13/
CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
- NOT-FOR-US: ezXML
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/15/
CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...)
- NOT-FOR-US: ezXML
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/14/
CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the ...)
NOT-FOR-US: Intelbras
CVE-2019-20003 (Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored ...)
NOT-FOR-US: Feldtech easescreen Crystal 9.0 Web-Services
CVE-2019-20002 (Formula Injection exists in the export feature in SolarWinds WebHelpDe ...)
NOT-FOR-US: SolarWinds WebHelpDesk
-CVE-2019-20001
- RESERVED
+CVE-2019-20001 (An issue was discovered in RICOH Streamline NX Client Tool and RICOH S ...)
+ NOT-FOR-US: RICOH
CVE-2019-20000 (The malware scan function in BullGuard Premium Protection 20.0.371.8 h ...)
NOT-FOR-US: BullGuard Premium Protection
CVE-2019-19999 (Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) ...)
@@ -2100,7 +2816,7 @@ CVE-2019-19960 (In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resi
NOTE: https://github.com/wolfSSL/wolfssl/commit/5ee9f9c7a23f8ed093fe1e42bc540727e96cebb8 (v4.3.0-stable)
CVE-2019-19959 (ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT ...)
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec
@@ -2110,11 +2826,10 @@ CVE-2019-19958 (In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in comm
CVE-2019-19957 (In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_ac ...)
NOT-FOR-US: libIEC61850
CVE-2019-19956 (xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.1 ...)
- {DLA-2048-1}
+ {DLA-2369-1 DLA-2048-1}
[experimental] - libxml2 2.9.10+dfsg-1
- libxml2 2.9.10+dfsg-2
- [buster] - libxml2 <no-dsa> (Minor issue)
- [stretch] - libxml2 <no-dsa> (Minor issue)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/82
NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 (v2.9.10-rc1)
CVE-2019-19955
@@ -2142,17 +2857,14 @@ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/
CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
- {DLA-2049-1}
- - imagemagick <unfixed> (low; bug #947309)
- [buster] - imagemagick <no-dsa> (Minor issue)
- [stretch] - imagemagick <no-dsa> (Minor issue)
+ {DSA-4712-1 DLA-2333-1 DLA-2049-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #947309)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 (7.x)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce (6.x)
CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in ...)
- {DLA-2049-1}
- - imagemagick <unfixed> (low; bug #947308)
- [buster] - imagemagick <no-dsa> (Minor issue)
+ {DSA-4715-1 DSA-4712-1 DLA-2049-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #947308)
[stretch] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1562
NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c (7.x)
@@ -2185,8 +2897,8 @@ CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to restrict
NOT-FOR-US: JFrog Artifactory
CVE-2019-19936
RESERVED
-CVE-2019-19935
- RESERVED
+CVE-2019-19935 (Froala Editor before 3.2.3 allows XSS. ...)
+ NOT-FOR-US: Froala Editor
CVE-2019-19934
RESERVED
CVE-2019-19933
@@ -2215,7 +2927,7 @@ CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain erro
CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL ...)
{DSA-4638-1}
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
- chromium 80.0.3987.106-1
@@ -2223,14 +2935,14 @@ CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles
NOTE: https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618
CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related to exp ...)
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <ignored> (Minor issue)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3
CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses o ...)
{DSA-4638-1}
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
- chromium 80.0.3987.106-1
@@ -2250,16 +2962,16 @@ CVE-2019-19921 (runc through 1.0.0-rc9 has Incorrect Access Control leading to E
NOTE: https://github.com/opencontainers/runc/pull/2190
CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...)
- node-handlebars 3:4.5.3-1
- [buster] - node-handlebars <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - node-handlebars 3:4.1.0-1+deb10u1
NOTE: https://www.npmjs.com/advisories/1164
CVE-2019-19918 (Lout 3.40 has a heap-based buffer overflow in the srcnext() function i ...)
- - lout <unfixed> (bug #947113)
+ - lout <removed> (bug #947113)
[buster] - lout <no-dsa> (Minor issue)
[stretch] - lout <no-dsa> (Minor issue)
[jessie] - lout <ignored> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/lout-users/2019-12/msg00001.html
CVE-2019-19917 (Lout 3.40 has a buffer overflow in the StringQuotedWord() function in ...)
- - lout <unfixed> (bug #947113)
+ - lout <removed> (bug #947113)
[buster] - lout <no-dsa> (Minor issue)
[stretch] - lout <no-dsa> (Minor issue)
[jessie] - lout <ignored> (Minor issue)
@@ -2342,8 +3054,8 @@ CVE-2019-19886 (Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to
[buster] - modsecurity 3.0.3-1+deb10u1
NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2202
NOTE: https://github.com/SpiderLabs/ModSecurity/commit/7ba77631f9a37e0680d23ee57c455c6a35c65cb9
-CVE-2019-19885
- RESERVED
+CVE-2019-19885 (In Bender COMTRAXX, user authorization is validated for most, but not ...)
+ NOT-FOR-US: Bender COMTRAXX
CVE-2019-19884
RESERVED
CVE-2019-19883
@@ -2372,26 +3084,26 @@ CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers
NOTE: to not open CVE-2019-19926.
CVE-2019-19879 (HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain ...)
NOT-FOR-US: HashiCorp Sentinel (different from Redis Sentinel)
-CVE-2019-19878
- RESERVED
-CVE-2019-19877
- RESERVED
-CVE-2019-19876
- RESERVED
-CVE-2019-19875
- RESERVED
-CVE-2019-19874
- RESERVED
-CVE-2019-19873
- RESERVED
-CVE-2019-19872
- RESERVED
+CVE-2019-19878 (An issue was discovered in B&amp;R Industrial Automation APROL before ...)
+ NOT-FOR-US: B&R Industrial Automation APROL
+CVE-2019-19877 (An issue was discovered in B&amp;R Industrial Automation APROL before ...)
+ NOT-FOR-US: B&R Industrial Automation APROL
+CVE-2019-19876 (An issue was discovered in B&amp;R Industrial Automation APROL before ...)
+ NOT-FOR-US: B&R Industrial Automation APROL
+CVE-2019-19875 (An issue was discovered in B&amp;R Industrial Automation APROL before ...)
+ NOT-FOR-US: B&R Industrial Automation APROL
+CVE-2019-19874 (An issue was discovered in B&amp;R Industrial Automation APROL before ...)
+ NOT-FOR-US: B&R Industrial Automation APROL
+CVE-2019-19873 (An issue was discovered in B&amp;R Industrial Automation APROL before ...)
+ NOT-FOR-US: B&R Industrial Automation APROL
+CVE-2019-19872 (An issue was discovered in B&amp;R Industrial Automation APROL before ...)
+ NOT-FOR-US: B&R Industrial Automation APROL
CVE-2019-19871
RESERVED
CVE-2019-19870
RESERVED
-CVE-2019-19869
- RESERVED
+CVE-2019-19869 (An issue was discovered in B&amp;R Industrial Automation APROL before ...)
+ NOT-FOR-US: B&R Industrial Automation APROL
CVE-2019-19868
RESERVED
CVE-2019-19867
@@ -2544,19 +3256,29 @@ CVE-2019-19818 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.
CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...)
NOT-FOR-US: JBIG2Globals library in npdf.dll in Nitro Free PDF Reader
CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...)
- - linux <unfixed>
+ {DLA-2586-1 DLA-2483-1 DLA-2385-1}
+ - linux 5.2.6-1
+ [buster] - linux 4.19.160-1
+ NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592
CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
- linux 5.3.7-1
+ [buster] - linux 4.19.67-1
+ [stretch] - linux 4.9.184-1
CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
- linux <unfixed>
+ [bullseye] - linux <no-dsa> (Minor issue)
+ [buster] - linux <no-dsa> (Minor issue)
CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...)
- - linux <unfixed>
+ {DLA-2586-1 DLA-2385-1}
+ - linux 5.2.6-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592
CVE-2019-19812
RESERVED
CVE-2019-19811
RESERVED
-CVE-2019-19810
- RESERVED
+CVE-2019-19810 (Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserializ ...)
+ NOT-FOR-US: Zoom
CVE-2019-19809
RESERVED
CVE-2019-3467 (Debian-edu-config all versions &lt; 2.11.10, a set of configuration fi ...)
@@ -2586,9 +3308,9 @@ CVE-2019-19799 (Zoho ManageEngine Applications Manager before 14600 allows a rem
CVE-2019-19798
RESERVED
CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds wr ...)
+ {DLA-2778-1}
- fig2dev 1:3.2.7b-3 (bug #946866)
[buster] - fig2dev 1:3.2.7a-5+deb10u3
- [stretch] - fig2dev <no-dsa> (Minor issue)
- transfig <removed>
[jessie] - transfig <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/67/
@@ -2608,6 +3330,7 @@ CVE-2019-19795 (samurai 0.7 has a heap-based buffer overflow in canonpath in uti
CVE-2019-19794 (The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6. ...)
- golang-github-miekg-dns 1.1.26-1 (bug #947403)
[buster] - golang-github-miekg-dns <no-dsa> (Minor issue)
+ [stretch] - golang-github-miekg-dns <no-dsa> (Minor issue)
NOTE: https://github.com/coredns/coredns/issues/3519
NOTE: https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33
NOTE: https://github.com/miekg/dns/issues/1043
@@ -2680,7 +3403,10 @@ CVE-2019-19830 (_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote a
[stretch] - spip <not-affected> (Vulnerable code not present)
[jessie] - spip <not-affected> (Vulnerable code not present)
CVE-2019-19770 (** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free ...)
- - linux <unfixed>
+ {DLA-2483-1}
+ - linux 5.7.17-1
+ [buster] - linux 4.19.160-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205713
CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read) in the pe ...)
- linux 5.5.13-1
@@ -2690,6 +3416,7 @@ CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read) in
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205705
NOTE: https://git.kernel.org/linus/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da
CVE-2019-19768 (In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205711
@@ -2780,13 +3507,16 @@ CVE-2019-19730
CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...)
NOT-FOR-US: bsjon-objectid node module
CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --u ...)
+ {DSA-4841-1}
- slurm-llnl 19.05.5-1
- [buster] - slurm-llnl <no-dsa> (Minor issue)
- [stretch] - slurm-llnl <no-dsa> (Minor issue)
+ [stretch] - slurm-llnl <ignored> (Minor issue, fix introduces regression, upstream refuses access to bug tracker)
[jessie] - slurm-llnl <ignored> (Minor issue, fix introduces regression, upstream refuses access to bug tracker)
NOTE: https://github.com/SchedMD/slurm/commit/5ac031b2ef5462f6e8e47dad0247bd474614c118
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1159692
+ NOTE: https://bugs.schedmd.com/show_bug.cgi?id=8084
NOTE: Fixed upstream in 18.08.9, 19.05.5
+ NOTE: regression: running 'srun --uid ...' can lock the node 'alloc' state, requiring manually reset
+ NOTE: (with 'nobody' in stretch, with all users in jessie)
CVE-2019-19727 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd ...)
- slurm-llnl 19.05.5-1 (unimportant)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1155784
@@ -2855,8 +3585,8 @@ CVE-2019-19706
RESERVED
CVE-2019-19705
RESERVED
-CVE-2019-19704
- RESERVED
+CVE-2019-19704 (In JetBrains Upsource before 2020.1, information disclosure is possibl ...)
+ NOT-FOR-US: JetBrains Upsource
CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP Authoriza ...)
NOT-FOR-US: Ktor
CVE-2019-19702 (The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML Ext ...)
@@ -2973,11 +3703,9 @@ CVE-2019-19650 (Zoho ManageEngine Applications Manager before 13640 allows a rem
CVE-2019-19649 (Zoho ManageEngine Applications Manager before 13620 allows a remote un ...)
NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, ...)
- - yara <unfixed>
- [buster] - yara <no-dsa> (Minor issue)
- [stretch] - yara <no-dsa> (Minor issue)
- [jessie] - yara <no-dsa> (Minor issue)
+ - yara <unfixed> (unimportant)
NOTE: https://github.com/VirusTotal/yara/issues/1178
+ NOTE: Negligible security impact
CVE-2019-19647 (radare2 through 4.0.0 lacks validation of the content variable in the ...)
- radare2 4.2.1+dfsg-1 (bug #947402)
[jessie] - radare2 <no-dsa> (Minor issue)
@@ -2989,14 +3717,14 @@ CVE-2019-19646 (pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an inte
NOTE: https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger infinite ...)
- sqlite3 3.30.1+fossil191229-1 (bug #946612)
- [buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <ignored> (Minor issue, too intrusive to backport)
+ [stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
CVE-2019-19644
RESERVED
-CVE-2019-19643
- RESERVED
+CVE-2019-19643 (ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. ...)
+ NOT-FOR-US: ise smart connect KNX Vaillant
CVE-2019-19642 (On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02 ...)
NOT-FOR-US: SuperMicro
CVE-2019-19641
@@ -3038,12 +3766,12 @@ CVE-2019-19632 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2
CVE-2019-19631 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2 throug ...)
NOT-FOR-US: Big Switch Networks
CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() ...)
- {DLA-2026-1}
- - htmldoc 1.9.7-1 (low)
- [buster] - htmldoc <no-dsa> (Minor issue)
- [stretch] - htmldoc <no-dsa> (Minor issue)
+ {DLA-2700-1 DLA-2026-1}
+ - htmldoc 1.9.7-1 (unimportant; bug #988289)
+ [buster] - htmldoc 1.9.3-1+deb10u1
NOTE: https://github.com/michaelrsweet/htmldoc/issues/370
NOTE: https://github.com/michaelrsweet/htmldoc/commit/8a129c520e90fc967351f3e165f967128a88f09c
+ NOTE: Crash in CLI tool, no security impact
CVE-2019-19629 (In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferrin ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/
@@ -3076,9 +3804,8 @@ CVE-2019-19619 (domain/section/markdown/markdown.go in Documize before 3.5.1 mis
CVE-2019-19618
RESERVED
CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git information, relat ...)
- {DLA-2024-1}
+ {DLA-2413-1 DLA-2024-1}
- phpmyadmin 4:4.9.2+dfsg1-1
- [stretch] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9
CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia ...)
NOT-FOR-US: Microsoft Dynamics NAV
@@ -3086,13 +3813,13 @@ CVE-2019-19615 (Multiple XSS vulnerabilities exist in the Backup &amp; Restore m
NOT-FOR-US: FreePBX
CVE-2019-19614 (An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login p ...)
NOT-FOR-US: Halvotec RAQuest
-CVE-2019-19613 (** DISPUTED ** An issue was discovered in Halvotec RaQuest 10.23.10801 ...)
+CVE-2019-19613 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login p ...)
NOT-FOR-US: Halvotec RaQuest
-CVE-2019-19612 (** DISPUTED ** An issue was discovered in Halvotec RaQuest 10.23.10801 ...)
+CVE-2019-19612 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. Several fea ...)
NOT-FOR-US: Halvotec RaQuest
CVE-2019-19611 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the ...)
NOT-FOR-US: Halvotec RaQuest
-CVE-2019-19610 (** DISPUTED ** An issue was discovered in Halvotec RaQuest 10.23.10801 ...)
+CVE-2019-19610 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. It allows s ...)
NOT-FOR-US: Halvotec RaQuest
CVE-2019-19609 (The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Co ...)
NOT-FOR-US: Strapi
@@ -3114,14 +3841,14 @@ CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2.
NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c1547450748fcbac21675f2681506d2d80351a19
NOTE: Upstream did backport fixes for CVE-2019-19604 to older versions as the introducing
NOTE: version for sake of robustness/hardening. In particular, the server-side protection
- NOTE: provided by the fsck is useful for protecting unpatched clients that are affected
+ NOTE: provided by the fsck is useful for protecting unpatched clients that are affected
NOTE: by the bug.
NOTE: https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent ...)
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <ignored> (Minor issue, too intrusive to backport)
+ [stretch] - sqlite3 <not-affected> (vulnerable code not present)
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of ...)
@@ -3159,7 +3886,7 @@ CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the var
[jessie] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radareorg/radare2/issues/15543
NOTE: https://github.com/radareorg/radare2/commit/9bbc63ffa0e93aa054e262cdfb973326935a2d70
-CVE-2019-19589 (The Lever PDF Embedder plugin 4.4 for WordPress does not block the dis ...)
+CVE-2019-19589 (** DISPUTED ** The Lever PDF Embedder plugin 4.4 for WordPress does no ...)
NOT-FOR-US: Lever PDF Embedder plugin for WordPress
CVE-2019-19588 (The validators package 0.12.2 through 0.12.5 for Python enters an infi ...)
NOT-FOR-US: validators Python package
@@ -3232,22 +3959,22 @@ CVE-2019-19565
RESERVED
CVE-2019-19564
RESERVED
-CVE-2019-19563
- RESERVED
-CVE-2019-19562
- RESERVED
-CVE-2019-19561
- RESERVED
-CVE-2019-19560
- RESERVED
+CVE-2019-19563 (A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 ...)
+ NOT-FOR-US: Mercedes-Benz HERMES
+CVE-2019-19562 (An authentication bypass in the debug interface in Mercedes-Benz HERME ...)
+ NOT-FOR-US: Mercedes-Benz HERMES
+CVE-2019-19561 (A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 ...)
+ NOT-FOR-US: Mercedes-Benz HERMES
+CVE-2019-19560 (An authentication bypass in the debug interface in Mercedes-Benz HERME ...)
+ NOT-FOR-US: Mercedes-Benz HERMES
CVE-2019-19559
RESERVED
CVE-2019-19558
RESERVED
-CVE-2019-19557
- RESERVED
-CVE-2019-19556
- RESERVED
+CVE-2019-19557 (A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 al ...)
+ NOT-FOR-US: Mercedes-Benz HERMES
+CVE-2019-19556 (An authentication bypass in the debug interface in Mercedes-Benz HERME ...)
+ NOT-FOR-US: Mercedes-Benz HERMES
CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buf ...)
{DLA-2073-1}
- fig2dev 1:3.2.7b-2 (unimportant; bug #946176)
@@ -3260,9 +3987,9 @@ CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-bas
CVE-2019-19554
RESERVED
CVE-2019-19553 (In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector cou ...)
+ {DLA-2547-1}
- wireshark 3.0.7-1 (low)
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
- [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <postponed> (Can be fixed along in next 1.12.x DLA)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=34d2e0d5318d0a7e9889498c721639e5cbf4ce45
@@ -3412,8 +4139,8 @@ CVE-2019-19515 (Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in w
NOT-FOR-US: Ayision
CVE-2019-19514 (Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic r ...)
NOT-FOR-US: Ayision
-CVE-2019-19513
- RESERVED
+CVE-2019-19513 (The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows ...)
+ NOT-FOR-US: BASS Audio Library
CVE-2019-19512
RESERVED
CVE-2019-19511
@@ -3426,10 +4153,10 @@ CVE-2019-19508
RESERVED
CVE-2019-19507 (In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can ...)
NOT-FOR-US: Json Pattern Validator
-CVE-2019-19506
- RESERVED
-CVE-2019-19505
- RESERVED
+CVE-2019-19506 (Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial ...)
+ NOT-FOR-US: Tenda PA6 Wi-Fi Powerline extender
+CVE-2019-19505 (Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-b ...)
+ NOT-FOR-US: Tenda PA6 Wi-Fi Powerline extender
CVE-2019-19504
RESERVED
CVE-2019-19503
@@ -3440,8 +4167,8 @@ CVE-2019-19501 (VeraCrypt 1.24 allows Local Privilege Escalation during executio
NOT-FOR-US: VeraCrypt
CVE-2019-19500 (Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS v ...)
NOT-FOR-US: Matrix42 Workspace Management
-CVE-2019-19499
- RESERVED
+CVE-2019-19499 (Grafana &lt;= 6.4.3 has an Arbitrary File Read vulnerability, which co ...)
+ - grafana <removed>
CVE-2019-19498
RESERVED
CVE-2019-19497 (MDaemon Email Server 17.5.1 allows XSS via the filename of an attachme ...)
@@ -3497,10 +4224,9 @@ CVE-2019-19480 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x thro
NOTE: fixes are not related "directly" to the CVE assignment for the incorrect
NOTE: free operation in sc_pkcs15_decode_prkdf_entry.
CVE-2019-19479 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...)
- {DLA-2046-1}
+ {DLA-2832-1 DLA-2046-1}
- opensc 0.20.0-1 (bug #947383)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693
NOTE: https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2
CVE-2019-19478
@@ -3534,9 +4260,10 @@ CVE-2019-19465
CVE-2019-19464 (The CBC Gem application before 9.24.1 for Android and before 9.26.0 fo ...)
NOT-FOR-US: CBC Gem application for Android
CVE-2019-19463 (The Anhui Huami Mi Fit application before 4.0.11 for Android has an Un ...)
- NOT-FOR-US: Anhui Huami Mi Fit application for Android
+ NOT-FOR-US: Anhui Huami Mi Fit application for Android
CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows ...)
- - linux <unfixed>
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1}
+ - linux 5.6.14-2
[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-19461 (Post-authentication Stored XSS in Team Password Manager through 7.93.2 ...)
NOT-FOR-US: Team Password Manager
@@ -3550,12 +4277,12 @@ CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...)
NOT-FOR-US: SALTO ProAccess SPACE
CVE-2019-19456 (A Reflected XSS was found in the server selection box inside the login ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2019-19455
- RESERVED
+CVE-2019-19455 (Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may ...)
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2019-19454 (An arbitrary file download was found in the "Download Log" functionali ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2019-19453
- RESERVED
+CVE-2019-19453 (Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An auth ...)
+ NOT-FOR-US: Wowza Streaming Engine
CVE-2019-19452 (A buffer overflow was found in Patriot Viper RGB through 1.1 when proc ...)
NOT-FOR-US: Patriot Viper RGB
CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename argument ...)
@@ -3568,12 +4295,16 @@ CVE-2019-19450
RESERVED
CVE-2019-19449 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
- linux <unfixed>
+ [bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
+ [buster] - linux <postponed> (Minor issue, revisit once fixed upstream)
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449
CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesy ...)
- - linux <unfixed>
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.7.17-1
+ [buster] - linux 4.19.146-1
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
CVE-2019-19447 (In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, ...)
- {DLA-2114-1}
+ {DLA-2241-1 DLA-2114-1}
- linux 5.4.6-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
@@ -3637,18 +4368,18 @@ CVE-2019-19419
RESERVED
CVE-2019-19418
RESERVED
-CVE-2019-19417
- RESERVED
-CVE-2019-19416
- RESERVED
-CVE-2019-19415
- RESERVED
+CVE-2019-19417 (The SIP module of some Huawei products have a denial of service (DoS) ...)
+ NOT-FOR-US: Huawei
+CVE-2019-19416 (The SIP module of some Huawei products have a denial of service (DoS) ...)
+ NOT-FOR-US: Huawei
+CVE-2019-19415 (The SIP module of some Huawei products have a denial of service (DoS) ...)
+ NOT-FOR-US: Huawei
CVE-2019-19414 (There is an integer overflow vulnerability in LDAP server of some Huaw ...)
NOT-FOR-US: Huawei
CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of some Huaw ...)
NOT-FOR-US: Huawei
-CVE-2019-19412
- RESERVED
+CVE-2019-19412 (Huawei smart phones have a Factory Reset Protection (FRP) bypass secur ...)
+ NOT-FOR-US: Huawei
CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...)
NOT-FOR-US: Huawei
CVE-2019-19410
@@ -3685,12 +4416,12 @@ CVE-2019-19395
RESERVED
CVE-2019-19394 (Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x bef ...)
NOT-FOR-US: CFEngine Enterprise
-CVE-2019-19393
- RESERVED
+CVE-2019-19393 (The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to ...)
+ NOT-FOR-US: Rittal
CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...)
NOT-FOR-US: forDNN.UsersExportImport module for DNN
CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...)
- - luajit <unfixed> (bug #946053; unimportant)
+ - luajit 2.1.0~beta3+git20210112+dfsg-2 (bug #946053; unimportant)
NOTE: https://github.com/LuaJIT/LuaJIT/pull/526
NOTE: Negligible security impact. The debug library is unsafe per se and one is
NOTE: not supposed to release an application with the debug library.
@@ -3720,8 +4451,12 @@ CVE-2019-19379 (In app/Controller/TagsController.php in MISP 2.4.118, users can
NOT-FOR-US: MISP
CVE-2019-19378 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...)
- linux <unfixed>
+ [bullseye] - linux <no-dsa> (Minor issue)
+ [buster] - linux <no-dsa> (Minor issue)
CVE-2019-19377 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...)
+ {DLA-2483-1}
- linux 5.6.7-1
+ [buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/b3ff8f1d380e65dddd772542aa9bff6c86bf715a
CVE-2019-19376 (In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdi ...)
NOT-FOR-US: Octopus Deploy
@@ -3767,22 +4502,17 @@ CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code Executio
NOT-FOR-US: Netis WF2419
CVE-2019-19355 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
-CVE-2019-19354
- RESERVED
+CVE-2019-19354 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
-CVE-2019-19353
- RESERVED
+CVE-2019-19353 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
-CVE-2019-19352
- RESERVED
+CVE-2019-19352 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
CVE-2019-19351 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
-CVE-2019-19350
- RESERVED
+CVE-2019-19350 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
-CVE-2019-19349
- RESERVED
+CVE-2019-19349 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
CVE-2019-19348 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
@@ -3798,8 +4528,7 @@ CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions befo
[stretch] - samba <not-affected> (Only affects Samba 4.9 onwards)
[jessie] - samba <not-affected> (Only affects Samba 4.9 onwards)
NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html
-CVE-2019-19343
- RESERVED
+CVE-2019-19343 (A flaw was found in Undertow when using Remoting as shipped in Red Hat ...)
- undertow <unfixed> (bug #948024; unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780445
NOTE: Issue affects both Undertow and rmeoting, but for adressing the immediate
@@ -3813,8 +4542,7 @@ CVE-2019-19340 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 a
NOT-FOR-US: Ansible Tower
CVE-2019-19339 (It was found that the Red Hat Enterprise Linux 8 kpatch update did not ...)
NOT-FOR-US: Red Hat specific kpatch update which was incomplete to address CVE-2018-12207
-CVE-2019-19338 [KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)]
- RESERVED
+CVE-2019-19338 (A flaw was found in the fix for CVE-2019-11135, in the Linux upstream ...)
- linux <not-affected> (Only affects specific distro kernels which do not include commit e1d38b63acd8)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/10/3
NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/1
@@ -3826,11 +4554,11 @@ CVE-2019-19335 (During installation of an OpenShift 4 cluster, the `openshift-in
NOT-FOR-US: OpenShift
CVE-2019-19334 (In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...)
- libyang 0.16.105-2 (bug #946217)
- [buster] - libyang <no-dsa> (Minor issue)
+ [buster] - libyang 0.16.105-1+deb10u1
NOTE: https://github.com/CESNET/libyang/commit/6980afae2ff9fcd6d67508b0a3f694d75fd059d6
CVE-2019-19333 (In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...)
- libyang 0.16.105-2 (bug #946217)
- [buster] - libyang <no-dsa> (Minor issue)
+ [buster] - libyang 0.16.105-1+deb10u1
NOTE: https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d
CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux Kernel, ver ...)
{DLA-2114-1 DLA-2068-1}
@@ -3840,6 +4568,7 @@ CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux Kerne
NOTE: https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e
CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of service ...)
- knot-resolver 5.0.1-1 (bug #946181)
+ [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/04/4
CVE-2019-19329 (In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-0 ...)
NOT-FOR-US: Wikibase Wikidata Query Service GUI
@@ -3847,8 +4576,8 @@ CVE-2019-19328 (ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI
NOT-FOR-US: Wikibase Wikidata Query Service GUI
CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-S ...)
NOT-FOR-US: Wikibase Wikidata Query Service GUI
-CVE-2019-19326
- RESERVED
+CVE-2019-19326 (Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache ...)
+ NOT-FOR-US: SilverStripe
CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows ...)
NOT-FOR-US: SilverStripe
CVE-2019-19324 (Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms ...)
@@ -3861,11 +4590,15 @@ CVE-2019-19321
RESERVED
CVE-2019-19320
RESERVED
-CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a mount of a c ...)
+CVE-2019-19319 (In the Linux kernel before 5.2, a setxattr operation, after a mount of ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.2.6-1
[buster] - linux 4.19.87-1
CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can c ...)
+ {DLA-2586-1}
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://git.kernel.org/linus/9f7fec0ba89108b9385f1b9fb167861224912a4a
CVE-2019-19317 (lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed b ...)
- sqlite3 <not-affected> (Generated column support was added with SQLite version 3.31.0)
NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8
@@ -3920,42 +4653,42 @@ CVE-2019-19302
RESERVED
CVE-2019-19301 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Siemens
-CVE-2019-19300 (A vulnerability has been identified in KTK ATE530S (All versions), SID ...)
+CVE-2019-19300 (A vulnerability has been identified in Development/Evaluation Kits for ...)
NOT-FOR-US: Siemens
-CVE-2019-19299 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-19299 (A vulnerability has been identified in SiNVR/SiVMS Video Server (All v ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
-CVE-2019-19298 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-19298 (A vulnerability has been identified in SiNVR/SiVMS Video Server (All v ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
-CVE-2019-19297 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-19297 (A vulnerability has been identified in SiNVR/SiVMS Video Server (All v ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
-CVE-2019-19296 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-19296 (A vulnerability has been identified in SiNVR/SiVMS Video Server (All v ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
-CVE-2019-19295 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-19295 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
-CVE-2019-19294 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-19294 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
-CVE-2019-19293 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-19293 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
-CVE-2019-19292 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-19292 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
-CVE-2019-19291 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-19291 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
-CVE-2019-19290 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-19290 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: SiNVR 3 Central Control Server (CCS)
-CVE-2019-19289
- RESERVED
-CVE-2019-19288
- RESERVED
-CVE-2019-19287
- RESERVED
-CVE-2019-19286
- RESERVED
-CVE-2019-19285
- RESERVED
-CVE-2019-19284
- RESERVED
-CVE-2019-19283
- RESERVED
+CVE-2019-19289 (A vulnerability has been identified in XHQ (All Versions &lt; 6.1). Th ...)
+ NOT-FOR-US: XHQ
+CVE-2019-19288 (A vulnerability has been identified in XHQ (All Versions &lt; 6.1). Th ...)
+ NOT-FOR-US: XHQ
+CVE-2019-19287 (A vulnerability has been identified in XHQ (All Versions &lt; 6.1). Th ...)
+ NOT-FOR-US: XHQ
+CVE-2019-19286 (A vulnerability has been identified in XHQ (All Versions &lt; 6.1). Th ...)
+ NOT-FOR-US: XHQ
+CVE-2019-19285 (A vulnerability has been identified in XHQ (All Versions &lt; 6.1). Th ...)
+ NOT-FOR-US: XHQ
+CVE-2019-19284 (A vulnerability has been identified in XHQ (All Versions &lt; 6.1). Th ...)
+ NOT-FOR-US: XHQ
+CVE-2019-19283 (A vulnerability has been identified in XHQ (All Versions &lt; 6.1). Th ...)
+ NOT-FOR-US: XHQ
CVE-2019-19282 (A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), ...)
NOT-FOR-US: Siemens
CVE-2019-19281 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
@@ -3968,8 +4701,8 @@ CVE-2019-19278 (A vulnerability has been identified in SINAMICS PERFECT HARMONY
NOT-FOR-US: SINAMICS
CVE-2019-19277 (A vulnerability has been identified in SIPORT MP (All versions &lt; 3. ...)
NOT-FOR-US: Siemens
-CVE-2019-19276
- RESERVED
+CVE-2019-19276 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st ...)
+ NOT-FOR-US: Siemens
CVE-2019-19275 (typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. ...)
- python3-typed-ast 1.4.0-1 (low)
[buster] - python3-typed-ast <no-dsa> (Minor issue)
@@ -4042,7 +4775,6 @@ CVE-2019-19260 (GitLab Community Edition (CE) and Enterprise Edition (EE) throug
[buster] - gitlab-workhorse <ignored> (Minor issue)
[stretch] - gitlab-workhorse <ignored> (Minor issue)
[experimental] - gitaly 1.65.2+dfsg-1
- - gitaly <unfixed>
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19259 (GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an I ...)
- gitlab <not-affected> (Only affects Gitlab EE)
@@ -4084,25 +4816,24 @@ CVE-2019-19248 (Electronic Arts Origin through 10.5.x allows Elevation of Privil
CVE-2019-19247 (Electronic Arts Origin through 10.5.x allows Elevation of Privilege (i ...)
NOT-FOR-US: Electronic Arts Origin
CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has ...)
- {DLA-2020-1}
+ {DLA-2431-1 DLA-2020-1}
- libonig 6.9.4-1 (low; bug #946344)
[buster] - libonig <no-dsa> (Minor issue)
- [stretch] - libonig <no-dsa> (Minor issue)
NOTE: https://bugs.php.net/bug.php?id=78559
NOTE: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b
CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication S ...)
NOT-FOR-US: NAPC Xinet Elegant 6 Asset Library
CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...)
- - sqlite3 3.30.1+fossil191229-1 (bug #946656)
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ - sqlite3 3.30.1+fossil191229-1 (unimportant; bug #946656)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code, i.e. window functions, not present)
NOTE: https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348
+ NOTE: Only triggerable with SQLITE_DEBUG, which Debian builds don't use
CVE-2019-19243
RESERVED
CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr-&gt;y.pTab, as demonstrated by the TK_C ...)
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <not-affected> (Vulnerable code not present)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
@@ -4181,9 +4912,9 @@ CVE-2019-19216 (BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy. ...)
CVE-2019-19215 (A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when ...)
NOT-FOR-US: BMC Control-M/Agent
CVE-2019-19214
- RESERVED
+ REJECTED
CVE-2019-19213
- RESERVED
+ REJECTED
CVE-2019-19212 (Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter t ...)
- dolibarr <removed>
CVE-2019-19211 (Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue tha ...)
@@ -4201,17 +4932,16 @@ CVE-2019-19206 (Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS du
CVE-2019-19205
RESERVED
CVE-2019-19204 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ...)
- {DLA-2020-1}
+ {DLA-2431-1 DLA-2020-1}
- libonig 6.9.4-1 (low; bug #945313)
[buster] - libonig <no-dsa> (Minor issue)
- [stretch] - libonig <no-dsa> (Minor issue)
NOTE: https://github.com/kkos/oniguruma/issues/162
NOTE: https://github.com/kkos/oniguruma/commit/6eb4aca6a7f2f60f473580576d86686ed6a6ebec (v6.9.4_rc2)
NOTE: Only exploitable with attacker-provided pattern
CVE-2019-19203 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ...)
+ {DLA-2431-1}
- libonig 6.9.4-1 (low; bug #945312)
[buster] - libonig <no-dsa> (Minor issue)
- [stretch] - libonig <no-dsa> (Minor issue)
[jessie] - libonig <ignored> (Minor issue, not reproducible, non-trivial backport)
NOTE: https://github.com/kkos/oniguruma/issues/163
NOTE: https://github.com/kkos/oniguruma/commit/aa0188eaedc056dca8374ac03d0177429b495515 (v6.9.4_rc2)
@@ -4220,10 +4950,10 @@ CVE-2019-19202 (In Vtiger 7.x before 7.2.0, the My Preferences saving functional
NOT-FOR-US: Vtiger CRM
CVE-2019-19201
RESERVED
-CVE-2019-19200
- RESERVED
-CVE-2019-19199
- RESERVED
+CVE-2019-19200 (REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access t ...)
+ NOT-FOR-US: REDDOXX MailDepot
+CVE-2019-19199 (REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiratio ...)
+ NOT-FOR-US: REDDOXX MailDepot
CVE-2019-19198 (The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. ...)
NOT-FOR-US: Scoutnet Kalender plugin for WordPress
CVE-2019-19197 (IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0. ...)
@@ -4258,19 +4988,19 @@ CVE-2019-19186
CVE-2019-19185
RESERVED
CVE-2019-19184
- RESERVED
+ REJECTED
CVE-2019-19183
- RESERVED
+ REJECTED
CVE-2019-19182
RESERVED
CVE-2019-19181
- RESERVED
+ REJECTED
CVE-2019-19180
RESERVED
CVE-2019-19179
- RESERVED
+ REJECTED
CVE-2019-19178
- RESERVED
+ REJECTED
CVE-2019-19177
RESERVED
CVE-2019-19176
@@ -4280,7 +5010,7 @@ CVE-2019-19175
CVE-2019-19174
RESERVED
CVE-2019-19173
- RESERVED
+ REJECTED
CVE-2019-19172
RESERVED
CVE-2019-19171
@@ -4299,14 +5029,14 @@ CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerab
NOT-FOR-US: Inogard Ebiz4u
CVE-2019-19164 (dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versio ...)
NOT-FOR-US: Dext5.ocx ActiveX
-CVE-2019-19163
- RESERVED
+CVE-2019-19163 (A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an ...)
+ NOT-FOR-US: COMMAX
CVE-2019-19162 (A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 ...)
NOT-FOR-US: TOBESOFT XPLATFORM
-CVE-2019-19161
- RESERVED
-CVE-2019-19160
- RESERVED
+CVE-2019-19161 (CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files require ...)
+ NOT-FOR-US: CyMiInstaller322
+CVE-2019-19160 (Reportexpress ProPlus contains a vulnerability that could allow an arb ...)
+ NOT-FOR-US: Reportexpress ProPlus
CVE-2019-19159
RESERVED
CVE-2019-19158
@@ -4349,8 +5079,8 @@ CVE-2019-19140
RESERVED
CVE-2019-19139
RESERVED
-CVE-2019-19138
- RESERVED
+CVE-2019-19138 (Ivanti Workspace Control before 10.4.50.0 allows attackers to degrade ...)
+ NOT-FOR-US: Ivanti
CVE-2019-19137
RESERVED
CVE-2019-19136
@@ -4386,13 +5116,13 @@ CVE-2019-19125
CVE-2019-19124
RESERVED
CVE-2019-19123
- RESERVED
+ REJECTED
CVE-2019-19122
RESERVED
CVE-2019-19121
- RESERVED
+ REJECTED
CVE-2019-19120
- RESERVED
+ REJECTED
CVE-2019-19119 (An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficie ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2019-19118 (Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model ...)
@@ -4410,20 +5140,20 @@ CVE-2019-19117 (/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2
NOT-FOR-US: PHICOMM K2(PSG1218) devices
CVE-2019-19116
RESERVED
-CVE-2019-19115
- RESERVED
+CVE-2019-19115 (An escalation of privilege vulnerability in Nahimic APO Software Compo ...)
+ NOT-FOR-US: Nahimic APO Software Component Driver
CVE-2019-19114
RESERVED
CVE-2019-19113 (main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka Ne ...)
NOT-FOR-US: newbee-mall
-CVE-2019-19112
- RESERVED
-CVE-2019-19111
- RESERVED
-CVE-2019-19110
- RESERVED
-CVE-2019-19109
- RESERVED
+CVE-2019-19112 (The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw- ...)
+ NOT-FOR-US: wpForo plugin for WordPress
+CVE-2019-19111 (The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admi ...)
+ NOT-FOR-US: wpForo plugin for WordPress
+CVE-2019-19110 (The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admi ...)
+ NOT-FOR-US: wpForo plugin for WordPress
+CVE-2019-19109 (The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=w ...)
+ NOT-FOR-US: wpForo plugin for WordPress
CVE-2019-19108 (An authentication weakness in the SNMP service in B&amp;R Automation R ...)
NOT-FOR-US: B&R Automation Runtime
CVE-2019-19107 (The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Ja ...)
@@ -4484,6 +5214,7 @@ CVE-2019-19083 (Memory leaks in *clock_source_create() functions under drivers/g
NOTE: https://git.kernel.org/linus/055e547478a11a6360c7ce05e2afc3e366968a12
CVE-2019-19082 (Memory leaks in *create_resource_pool() functions under drivers/gpu/dr ...)
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/104c307147ad379617472dd91a5bcb368d72bd6d
@@ -4527,13 +5258,18 @@ CVE-2019-19075 (A memory leak in the ca8210_probe() function in drivers/net/ieee
[buster] - linux 4.19.87-1
NOTE: https://git.kernel.org/linus/6402939ec86eaf226c8b8ae00ed983936b164908
CVE-2019-19074 (A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ ...)
+ {DLA-2420-1}
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/728c1e2a05e4b5fc52fab3421dce772a806612a2
CVE-2019-19073 (Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux ...)
+ {DLA-2420-1}
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/853acf7caf10b828102d92d05b5c101666a6142b
CVE-2019-19072 (A memory leak in the predicate_parse() function in kernel/trace/trace_ ...)
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/96c5c6e6a5b6db592acae039fed54b5c8844cd35
@@ -4558,6 +5294,7 @@ CVE-2019-19068 (A memory leak in the rtl8xxxu_submit_int_urb() function in drive
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19067 (** DISPUTED ** Four memory leaks in the acp_hw_init() function in driv ...)
- linux 5.3.9-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725
CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/ ...)
{DLA-2114-1 DLA-2068-1}
@@ -4583,6 +5320,7 @@ CVE-2019-19062 (A memory leak in the crypto_report() function in crypto/crypto_u
[stretch] - linux 4.9.210-1
CVE-2019-19061 (A memory leak in the adis_update_scan_mode_burst() function in drivers ...)
- linux 5.3.9-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/9c0530e898f384c5d279bfcebd8bb17af1105873
CVE-2019-19060 (A memory leak in the adis_update_scan_mode() function in drivers/iio/i ...)
- linux 5.3.9-1 (unimportant)
@@ -4617,7 +5355,8 @@ CVE-2019-19055 (** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_st
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/1399c59fa92984836db90538cf92397fe7caaa57
CVE-2019-19054 (A memory leak in the cx23888_ir_probe() function in drivers/media/pci/ ...)
- - linux <unfixed> (unimportant)
+ - linux 5.5.13-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: Memory leak on probe only.
CVE-2019-19053 (A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpm ...)
- linux 5.4.13-1
@@ -4687,7 +5426,10 @@ CVE-2019-19041 (An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61
CVE-2019-19040 (KairosDB through 1.2.2 has XSS in view.html because of showErrorMessag ...)
NOT-FOR-US: KairosDB
CVE-2019-19039 (** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Li ...)
- - linux <unfixed>
+ {DLA-2483-1}
+ - linux 5.6.7-1
+ [buster] - linux 4.19.160-1
+ NOTE: https://git.kernel.org/linus/b3ff8f1d380e65dddd772542aa9bff6c86bf715a
CVE-2019-19038
RESERVED
CVE-2019-19037 (ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 a ...)
@@ -4697,7 +5439,9 @@ CVE-2019-19037 (ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.
[stretch] - linux 4.9.210-1
[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-19036 (btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 ...)
- - linux <unfixed>
+ - linux 5.3.7-1
+ [buster] - linux 4.19.131-1
+ NOTE: https://git.kernel.org/linus/62fdaa52a3d00a875da771719b6dc537ca79fce1
CVE-2019-19035 (jhead 3.03 is affected by: heap-based buffer over-read. The impact is: ...)
- jhead 1:3.04-1 (unimportant; bug #944961)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765647
@@ -4747,10 +5491,9 @@ CVE-2019-19014 (An issue was discovered in TitanHQ WebTitan before 5.18. It has
CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an ...)
NOT-FOR-US: Pagekit CMS
CVE-2019-19012 (An integer overflow in the search_in_range function in regexec.c in On ...)
- {DLA-2020-1}
+ {DLA-2431-1 DLA-2020-1}
- libonig 6.9.4-1 (low; bug #944959)
[buster] - libonig <no-dsa> (Minor issue)
- [stretch] - libonig <no-dsa> (Minor issue)
NOTE: https://github.com/kkos/oniguruma/issues/164
NOTE: https://github.com/kkos/oniguruma/commit/0463e21432515631a9bc925ce5eb95b097c73719
NOTE: https://github.com/kkos/oniguruma/commit/778a43dd56925ed58bbe26e3a7bb8202d72c3f3f
@@ -4773,10 +5516,12 @@ CVE-2019-19007 (Intelbras IWR 3000N 1.8.7 devices allow disclosure of the admini
NOT-FOR-US: Intelbras IWR 3000N 1.8.7 devices
CVE-2019-19006 (Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197. ...)
NOT-FOR-US: FreePBX
-CVE-2019-19005
- RESERVED
-CVE-2019-19004
- RESERVED
+CVE-2019-19005 (A bitmap double free in main.c in autotrace 0.31.1 allows attackers to ...)
+ - autotrace <removed>
+ NOTE: https://github.com/autotrace/autotrace/pull/40
+CVE-2019-19004 (A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 ...)
+ - autotrace <removed>
+ NOTE: https://github.com/autotrace/autotrace/pull/40
CVE-2019-19003 (For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. Thi ...)
NOT-FOR-US: ABB eSOMS
CVE-2019-19002 (For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP respons ...)
@@ -4801,12 +5546,12 @@ CVE-2019-18993 (OpenWrt 18.06.4 allows XSS via the "New port forward" Name field
NOT-FOR-US: OpenWrt
CVE-2019-18992 (OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/a ...)
NOT-FOR-US: OpenWrt
-CVE-2019-18991
- RESERVED
-CVE-2019-18990
- RESERVED
-CVE-2019-18989
- RESERVED
+CVE-2019-18991 (A partial authentication bypass vulnerability exists on Atheros AR9132 ...)
+ NOT-FOR-US: Atheros devices
+CVE-2019-18990 (A partial authentication bypass vulnerability exists on Realtek RTL881 ...)
+ NOT-FOR-US: Realtek devices
+CVE-2019-18989 (A partial authentication bypass vulnerability exists on Mediatek MT762 ...)
+ NOT-FOR-US: Mediatek devices
CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login a ...)
NOT-FOR-US: TeamViewer
CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for ...)
@@ -4828,7 +5573,7 @@ CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9
CVE-2019-18979 (Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine fla ...)
NOT-FOR-US: Adaware
CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...)
- {DLA-2096-1}
+ {DSA-4918-1 DLA-2389-1 DLA-2096-1}
- ruby-rack-cors 1.1.1-1 (bug #944849)
NOTE: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d
NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4
@@ -4897,18 +5642,18 @@ CVE-2019-18949 (SnowHaze before 2.6.6 is sometimes too late to honor a per-site
NOT-FOR-US: SnowHaze
CVE-2019-18948 (An issue was found in Arista EOS. Specific malformed ARP packets can i ...)
NOT-FOR-US: Arista
-CVE-2019-18947
- RESERVED
-CVE-2019-18946
- RESERVED
-CVE-2019-18945
- RESERVED
-CVE-2019-18944
- RESERVED
-CVE-2019-18943
- RESERVED
-CVE-2019-18942
- RESERVED
+CVE-2019-18947 (Micro Focus Solutions Business Manager Application Repository versions ...)
+ NOT-FOR-US: Micro Focus
+CVE-2019-18946 (Micro Focus Solutions Business Manager Application Repository versions ...)
+ NOT-FOR-US: Micro Focus
+CVE-2019-18945 (Micro Focus Solutions Business Manager Application Repository versions ...)
+ NOT-FOR-US: Micro Focus
+CVE-2019-18944 (Micro Focus Solutions Business Manager Application Repository versions ...)
+ NOT-FOR-US: Micro Focus
+CVE-2019-18943 (Micro Focus Solutions Business Manager versions prior to 11.7.1 are vu ...)
+ NOT-FOR-US: Micro Focus
+CVE-2019-18942 (Micro Focus Solutions Business Manager versions prior to 11.7.1 are vu ...)
+ NOT-FOR-US: Micro Focus
CVE-2019-18941
RESERVED
CVE-2019-18940
@@ -4928,11 +5673,13 @@ CVE-2019-18936 (UniValue::read() in UniValue before 1.0.5 allow attackers to cau
CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .N ...)
NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...)
- - unbound <unfixed> (unimportant)
+ - unbound 1.9.6-1 (unimportant)
[stretch] - unbound <not-affected> (ipsecmod module introduced later)
[jessie] - unbound <not-affected> (ipsecmod module introduced later)
NOTE: Debian binary packages not built with --enable-ipsecmod
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt
+ NOTE: https://github.com/NLnetLabs/unbound/commit/09845779d5f2c96e3064ff398cad65c08357cfbf
+ NOTE: https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
CVE-2019-18933 (In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new ...)
- zulip-server <itp> (bug #800052)
CVE-2019-18932 (log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows ...)
@@ -4976,16 +5723,16 @@ CVE-2019-18918
RESERVED
CVE-2019-18917 (A potential security vulnerability has been identified for certain HP ...)
NOT-FOR-US: HP
-CVE-2019-18916
- RESERVED
+CVE-2019-18916 (A potential security vulnerability has been identified for HP LaserJet ...)
+ NOT-FOR-US: HP
CVE-2019-18915 (A potential security vulnerability has been identified with certain ve ...)
NOT-FOR-US: HP System Event Utility
-CVE-2019-18914
- RESERVED
+CVE-2019-18914 (A potential security vulnerability has been identified for certain HP ...)
+ NOT-FOR-US: HP
CVE-2019-18913 (A potential security vulnerability with pre-boot DMA may allow unautho ...)
NOT-FOR-US: Generic UEFI hardware/software issue
-CVE-2019-18912
- RESERVED
+CVE-2019-18912 (A potential security vulnerability has been identified for certain HP ...)
+ NOT-FOR-US: HP
CVE-2019-18911
RESERVED
CVE-2019-18910 (The Citrix Receiver wrapper function does not safely handle user suppl ...)
@@ -4996,8 +5743,8 @@ CVE-2019-18908
RESERVED
CVE-2019-18907
RESERVED
-CVE-2019-18906
- RESERVED
+CVE-2019-18906 (A Use of Password Hash Instead of Password for Authentication vulnerab ...)
+ NOT-FOR-US: SAP
CVE-2019-18905 (A Insufficient Verification of Data Authenticity vulnerability in auto ...)
NOT-FOR-US: autoyast2
CVE-2019-18904 (A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux ...)
@@ -5010,7 +5757,8 @@ CVE-2019-18901 (A UNIX Symbolic Link (Symlink) Following vulnerability in the my
NOT-FOR-US: SuSE-specific mysqld-systemd-helper
CVE-2019-18900 (: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS ...)
{DLA-2132-1}
- - libzypp <unfixed> (bug #953362)
+ [experimental] - libzypp 17.25.5-1
+ - libzypp 17.25.5-2 (bug #953362)
[buster] - libzypp <no-dsa> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1158763
NOTE: https://github.com/openSUSE/libzypp/pull/196
@@ -5070,7 +5818,9 @@ CVE-2019-18886 (An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to
NOTE: "loading the user" and thus are not affected.
NOTE: Fixed by: https://github.com/symfony/symfony/commit/7bd4a92fc9cc15d9a9fbb9eb1041e01b977f8332 (v4.2.12)
CVE-2019-18885 (fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verif ...)
+ {DLA-2323-1}
- linux 5.2.6-1
+ [buster] - linux 4.19.131-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/09ba3bc9dd150457c506e4661380a6183af651c1 (5.1-rc1)
@@ -5124,13 +5874,14 @@ CVE-2019-18864 (/server-info and /server-status in Blaauw Remote Kiln Control th
CVE-2019-18863 (A key length vulnerability in the implementation of the SRTP 128-bit k ...)
NOT-FOR-US: Mitel
CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allows loca ...)
- - mailutils <unfixed> (unimportant; bug #944265)
+ - mailutils 1:3.8-1 (unimportant; bug #944265)
+ [buster] - mailutils 1:3.5-4
NOTE: /usr/sbin/maidat not installed suid root on Debian
CVE-2019-18861
RESERVED
CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, mishandles HTML ...)
+ {DSA-4732-1 DLA-2278-1}
- squid 4.9-1 (low)
- [buster] - squid <no-dsa> (Minor issue)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/pull/504
NOTE: https://github.com/squid-cache/squid/commit/5cc4b155cee1a4968109737f6eba2ef29d51034d (SQUID_5_0_1)
@@ -5157,16 +5908,17 @@ CVE-2019-18851
CVE-2019-18850 (TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a dis ...)
NOT-FOR-US: TrevorC2
CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the victim' ...)
- {DLA-2005-1}
+ {DLA-2748-1 DLA-2005-1}
- tnef 1.4.18-1 (bug #944851)
- [buster] - tnef <no-dsa> (Minor issue; can be fixed via point release)
- [stretch] - tnef <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - tnef 1.4.12-1.2+deb10u1
NOTE: https://github.com/verdammelt/tnef/pull/40
CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby lacks an element count during ...)
+ {DLA-2390-1}
- ruby-json-jwt 1.11.0-1 (bug #944850)
+ [buster] - ruby-json-jwt <no-dsa> (Minor issue)
NOTE: https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a
-CVE-2019-18847
- RESERVED
+CVE-2019-18847 (Enterprise Access Client Auto-Updater allows for Remote Code Execution ...)
+ NOT-FOR-US: Akamai / Enterprise Access Client Auto-Updater
CVE-2019-18846 (OX App Suite through 7.10.2 allows SSRF. ...)
NOT-FOR-US: OX App Suite
CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 ...)
@@ -5196,8 +5948,8 @@ CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on som
- matrix-synapse 1.5.0-1 (bug #944355)
NOTE: https://github.com/matrix-org/synapse/pull/6262
NOTE: https://github.com/matrix-org/synapse/releases/tag/v1.5.0
-CVE-2019-18834
- RESERVED
+CVE-2019-18834 (Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 fo ...)
+ NOT-FOR-US: WooCommerce Subscriptions plugin for WordPress
CVE-2019-18833 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Informa ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18832 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrec ...)
@@ -5206,7 +5958,7 @@ CVE-2019-18831 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow I
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18830 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Comm ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
-CVE-2019-18829 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Missing ...)
+CVE-2019-18829 (Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Miss ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18828 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insuffic ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
@@ -5216,12 +5968,11 @@ CVE-2019-18826 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Im
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18825 (Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 device ...)
NOT-FOR-US: Barco ClickShare Huddle devices
-CVE-2019-18824 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Missing ...)
+CVE-2019-18824 (Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Miss ...)
NOT-FOR-US: Barco ClickShare Button R9861500D01 devices
CVE-2019-18823 (HTCondor up to and including stable series 8.8.6 and development serie ...)
- - condor <unfixed>
- NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0001.html
- NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0002.html
+ {DLA-2724-1}
+ - condor <unfixed> (bug #963777)
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html
NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html
NOTE: https://github.com/htcondor/htcondor/commit/95eaee86e7ad3852c17df46a1b8b193dabd1fd14
@@ -5246,7 +5997,9 @@ CVE-2019-18816 (po-admin/route.php?mod=post&amp;act=edit in PopojiCMS 2.0.1 allo
CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...)
NOT-FOR-US: PopojiCMS
CVE-2019-18814 (An issue was discovered in the Linux kernel through 5.3.9. There is a ...)
- - linux <unfixed>
+ {DLA-2323-1}
+ - linux 5.7.6-1
+ [buster] - linux 4.19.131-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://lore.kernel.org/patchwork/patch/1142523/
@@ -5282,7 +6035,8 @@ CVE-2019-18809 (A memory leak in the af9005_identify_state() function in drivers
[stretch] - linux 4.9.210-1
[jessie] - linux <not-affected> (Bug introduced later)
CVE-2019-18808 (A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ ...)
- - linux <unfixed> (unimportant)
+ - linux 5.5.13-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: Not a valid issue
CVE-2019-18807 (Two memory leaks in the sja1105_static_config_upload() function in dri ...)
- linux 5.3.7-1
@@ -5303,10 +6057,8 @@ CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Lin
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/19fad20d15a6494f47f85d869f00b11343ee5c78
CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...)
- {DLA-1985-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1985-1}
- djvulibre 3.5.27.1-14 (bug #945114)
- [buster] - djvulibre <no-dsa> (Minor issue)
- [stretch] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/309/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125/
CVE-2019-18803
@@ -5318,26 +6070,29 @@ CVE-2019-18801 (An issue was discovered in Envoy 1.12.0. An untrusted remote cli
CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can capture a vict ...)
NOT-FOR-US: Viber
CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...)
- - libsass <unfixed> (low)
+ - libsass 3.6.3-1 (low)
[buster] - libsass <no-dsa> (Minor issue)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/3001
+ NOTE: https://github.com/mgreter/libsass/commit/994695c669085058c4a500f295a0531893eff77a
CVE-2019-18798 (LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::wea ...)
- - libsass <unfixed> (low)
+ - libsass 3.6.3-1 (low)
[buster] - libsass <no-dsa> (Minor issue)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/2999
+ NOTE: https://github.com/mgreter/libsass/commit/0b721e0f37fc69ab197ec956a923e036e3b05ca6
CVE-2019-18797 (LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sas ...)
- - libsass <unfixed> (low)
+ - libsass <unfixed> (unimportant)
[buster] - libsass <no-dsa> (Minor issue)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/3000
-CVE-2019-18796
- RESERVED
-CVE-2019-18795
- RESERVED
-CVE-2019-18794
- RESERVED
+ NOTE: Not considered a security issue be upstream
+CVE-2019-18796 (The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamC ...)
+ NOT-FOR-US: BASS Audio Library
+CVE-2019-18795 (The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamC ...)
+ NOT-FOR-US: BASS Audio Library
+CVE-2019-18794 (The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamC ...)
+ NOT-FOR-US: BASS Audio Library
CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/inde ...)
NOT-FOR-US: Parallels Plesk Panel
CVE-2019-18792 (An issue was discovered in Suricata 5.0.0. It is possible to bypass/ev ...)
@@ -5355,7 +6110,7 @@ CVE-2019-18791 (Lexmark printer MS812 and multiple older generation Lexmark devi
CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13. ...)
{DLA-2017-1}
- asterisk 1:16.10.0~dfsg-1 (bug #947381)
- [buster] - asterisk <no-dsa> (Minor issue)
+ [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
[stretch] - asterisk <no-dsa> (Minor issue)
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28589
@@ -5585,26 +6340,26 @@ CVE-2019-18680 (An issue was discovered in the Linux kernel 4.4.x before 4.4.195
- linux <not-affected> (Vulnerable code not present)
NOTE: https://lkml.org/lkml/2019/9/18/337
CVE-2019-18679 (An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to ...)
- {DSA-4682-1 DLA-2028-1}
+ {DSA-4682-1 DLA-2278-1 DLA-2028-1}
- squid 4.9-1
- squid3 <removed>
- NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch
+ NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6f2841090dffbec1a2b2417e18bb3dc71d62dd2e.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
CVE-2019-18678 (An issue was discovered in Squid 3.x and 4.x through 4.8. It allows at ...)
- {DSA-4682-1 DLA-2028-1}
+ {DSA-4682-1 DLA-2278-1 DLA-2028-1}
- squid 4.9-1
- squid3 <removed>
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
CVE-2019-18677 (An issue was discovered in Squid 3.x and 4.x through 4.8 when the appe ...)
- {DSA-4682-1 DLA-2028-1}
+ {DSA-4682-1 DLA-2278-1 DLA-2028-1}
- squid 4.9-1
- squid3 <removed>
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch
NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_9.txt
CVE-2019-18676 (An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incor ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.9-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
@@ -5687,10 +6442,10 @@ CVE-2019-18645 (The quarantine restoration function in Total Defense Anti-virus
NOT-FOR-US: Total Defense Anti-virus
CVE-2019-18644 (The malware scan function in Total Defense Anti-virus 11.5.2.28 is vul ...)
NOT-FOR-US: Total Defense Anti-virus
-CVE-2019-18643
- RESERVED
-CVE-2019-18642
- RESERVED
+CVE-2019-18643 (Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to pr ...)
+ NOT-FOR-US: Rock RMS
+CVE-2019-18642 (Rock RMS version before 8.6 is vulnerable to account takeover by tampe ...)
+ NOT-FOR-US: Rock RMS
CVE-2019-18641 (Rock RMS before 1.8.6 mishandles vCard access control within the Peopl ...)
NOT-FOR-US: Rock RMS
CVE-2019-18640
@@ -5726,12 +6481,12 @@ CVE-2019-18632 (European Commission eIDAS-Node Integration Package before 2.3.1
NOT-FOR-US: European Commission eIDAS-Node Integration Package
CVE-2019-18631 (The Windows component of Centrify Authentication and Privilege Elevati ...)
NOT-FOR-US: Centrify Authentication and Privilege Elevation Services
-CVE-2019-18630
- RESERVED
-CVE-2019-18629
- RESERVED
-CVE-2019-18628
- RESERVED
+CVE-2019-18630 (On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/ ...)
+ NOT-FOR-US: Xerox
+CVE-2019-18629 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C80 ...)
+ NOT-FOR-US: Xerox
+CVE-2019-18628 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C80 ...)
+ NOT-FOR-US: Xerox
CVE-2019-18627
RESERVED
CVE-2019-18626 (Harris Ormed Self Service before 2019.1.4 allows an authenticated user ...)
@@ -5761,18 +6516,18 @@ CVE-2019-18621
RESERVED
CVE-2019-18620
RESERVED
-CVE-2019-18619
- RESERVED
-CVE-2019-18618
- RESERVED
+CVE-2019-18619 (Incorrect parameter validation in the synaTee component of Synaptics W ...)
+ NOT-FOR-US: Synaptics
+CVE-2019-18618 (Incorrect access control in the firmware of Synaptics VFS75xx family f ...)
+ NOT-FOR-US: firmware of Synaptics VFS75xx family fingerprint sensors
CVE-2019-18617
RESERVED
CVE-2019-18616
RESERVED
CVE-2019-18615 (In CloudVision Portal (CVP) for all releases in the 2018.2 Train, unde ...)
NOT-FOR-US: CloudVision Portal
-CVE-2019-18614
- RESERVED
+CVE-2019-18614 (On the Cypress CYW20735 evaluation board, any data that exceeds 384 by ...)
+ NOT-FOR-US: Cypress
CVE-2019-18613
RESERVED
CVE-2019-18612 (An issue was discovered in the AbuseFilter extension through 1.34 for ...)
@@ -5782,7 +6537,7 @@ CVE-2019-18611 (An issue was discovered in the CheckUser extension through 1.34
CVE-2019-18610 (An issue was discovered in manager.c in Sangoma Asterisk through 13.x, ...)
{DLA-2017-1}
- asterisk 1:16.10.0~dfsg-1 (bug #947377)
- [buster] - asterisk <no-dsa> (Minor issue)
+ [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
[stretch] - asterisk <no-dsa> (Minor issue)
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-007.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28580
@@ -6302,7 +7057,7 @@ CVE-2019-18394 (A Server Side Request Forgery (SSRF) vulnerability in FaviconSer
CVE-2019-18393 (PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ...)
NOT-FOR-US: Ignite Realtime Openfire
CVE-2019-18392
- RESERVED
+ REJECTED
CVE-2019-18391 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov ...)
- virglrenderer 0.8.1-1 (bug #946942)
[buster] - virglrenderer <no-dsa> (Minor issue)
@@ -6382,7 +7137,9 @@ CVE-2019-18361 (JetBrains IntelliJ IDEA before 2019.2 allows local user privileg
CVE-2019-18360 (In JetBrains Hub versions earlier than 2019.1.11738, username enumerat ...)
NOT-FOR-US: JetBrains
CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3G ...)
- - mp3gain <removed>
+ - mp3gain 1.6.2-2 (bug #973932)
+ NOTE: SuSE fix: https://build.opensuse.org/package/view_file/openSUSE:Maintenance:12304/mp3gain.openSUSE_Leap_15.1_Update/0001-fix-security-bugs.patch?rev=0db47562b2545871d0be3fc88083e0cd
+ NOTE: Caught by ASAN according to CVE. mp3gain is compiled with ASAN on: amd64 i386 armel armhf powerpc
CVE-2019-18358
RESERVED
CVE-2019-18357 (An XSS issue was discovered in Thycotic Secret Server before 10.7 (iss ...)
@@ -6398,20 +7155,22 @@ CVE-2019-18353
CVE-2019-18352 (Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices ...)
NOT-FOR-US: PHOENIX CONTACT FL NAT 2208 devices
CVE-2019-18351
- RESERVED
+ REJECTED
CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET ...)
NOT-FOR-US: Ant Design Pro
CVE-2019-18349 (HotkeyP through 4.9 r96 allows privilege escalation in the privilege f ...)
NOT-FOR-US: HotkeyP
CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...)
+ {DLA-2280-1}
- python3.8 3.8.3~rc1-1 (unimportant)
- - python3.7 <unfixed> (unimportant)
+ - python3.7 <removed> (unimportant)
- python3.5 <removed> (unimportant)
- python3.4 <removed> (unimportant)
- python2.7 2.7.18~rc1-1 (unimportant)
NOTE: https://github.com/python/cpython/commit/9165addc22d05e776a54319a8531ebd0b2fe01ef (master)
NOTE: https://github.com/python/cpython/commit/ff69c9d12c1b06af58e5eae5db4630cedd94740e (3.8 branch)
NOTE: https://github.com/python/cpython/commit/34f85af3229f86c004a954c3f261ceea1f5e9f95 (3.7 branch)
+ NOTE: https://github.com/python/cpython/commit/09d8172837b6985c4ad90ee025f6b5a554a9f0ac (3.5 branch)
NOTE: https://github.com/python/cpython/commit/e176e0c105786e9f476758eb5438c57223b65e7f (v2.7.18rc1)
NOTE: https://bugs.python.org/issue38576
NOTE: Issue only exploitable if CVE-2016-10739 is unfixed in src:glibc. This is
@@ -6439,17 +7198,17 @@ CVE-2019-18344 (Sourcecodester Online Grading System 1.0 is vulnerable to unauth
NOT-FOR-US: Sourcecodester Online Grading System
CVE-2019-18343
RESERVED
-CVE-2019-18342 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-18342 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: Siemens
-CVE-2019-18341 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-18341 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: Siemens
-CVE-2019-18340 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-18340 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: Siemens
-CVE-2019-18339 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-18339 (A vulnerability has been identified in SiNVR/SiVMS Video Server (All v ...)
NOT-FOR-US: Siemens
-CVE-2019-18338 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-18338 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: Siemens
-CVE-2019-18337 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-18337 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: Siemens
CVE-2019-18336 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...)
NOT-FOR-US: Siemens
@@ -6583,19 +7342,17 @@ CVE-2019-18278 (When executing VideoLAN VLC media player 3.0.8 with libqt on Win
NOT-FOR-US: VLC on Windows
CVE-2019-18277 (A flaw was found in HAProxy before 2.0.6. In legacy mode, messages fea ...)
- haproxy 2.0.6-1
- [buster] - haproxy <no-dsa> (Minor issue)
+ [buster] - haproxy 1.8.19-1+deb10u3
[stretch] - haproxy <no-dsa> (Minor issue)
[jessie] - haproxy <no-dsa> (Minor issue)
NOTE: https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581
NOTE: https://nathandavison.com/blog/haproxy-http-request-smuggling
CVE-2019-18276 (An issue was discovered in disable_priv_mode in shell.c in GNU Bash th ...)
- - bash <unfixed> (low)
- [buster] - bash <no-dsa> (Minor issue)
- [stretch] - bash <no-dsa> (minor issue)
- [jessie] - bash <no-dsa> (minor issue)
+ - bash 5.1~rc1-2 (unimportant)
NOTE: https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaad7a18cc0dc1036bba86b18b90874d39ff
NOTE: https://savannah.gnu.org/patch/?9822
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1158028
+ NOTE: Negligible security impact
CVE-2019-18275 (OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affect ...)
NOT-FOR-US: OSIsoft
CVE-2019-18274
@@ -6634,34 +7391,34 @@ CVE-2019-18258
RESERVED
CVE-2019-18257 (In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple ...)
NOT-FOR-US: Advantech
-CVE-2019-18256
- RESERVED
-CVE-2019-18255
- RESERVED
-CVE-2019-18254
- RESERVED
+CVE-2019-18256 (BIOTRONIK CardioMessenger II, The affected products use individual per ...)
+ NOT-FOR-US: BIOTRONIK CardioMessenge
+CVE-2019-18255 (HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated u ...)
+ NOT-FOR-US: HMI/SCADA iFIX
+CVE-2019-18254 (BIOTRONIK CardioMessenger II, The affected products do not encrypt sen ...)
+ NOT-FOR-US: BIOTRONIK CardioMessenge
CVE-2019-18253 (An attacker could use specially crafted paths in a specific request to ...)
NOT-FOR-US: Relion
-CVE-2019-18252
- RESERVED
+CVE-2019-18252 (BIOTRONIK CardioMessenger II, The affected products allow credential r ...)
+ NOT-FOR-US: BIOTRONIK CardioMessenge
CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervis ...)
NOT-FOR-US: Omron
CVE-2019-18250 (In all versions of ABB Power Generation Information Manager (PGIM) and ...)
NOT-FOR-US: ABB
CVE-2019-18249 (Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firm ...)
NOT-FOR-US: Reliable Controls
-CVE-2019-18248
- RESERVED
+CVE-2019-18248 (BIOTRONIK CardioMessenger II, The affected products transmit credentia ...)
+ NOT-FOR-US: BIOTRONIK CardioMessenge
CVE-2019-18247 (An attacker may use a specially crafted message to force Relion 650 se ...)
NOT-FOR-US: Relion
-CVE-2019-18246
- RESERVED
+CVE-2019-18246 (BIOTRONIK CardioMessenger II, The affected products do not properly en ...)
+ NOT-FOR-US: BIOTRONIK CardioMessenge
CVE-2019-18245 (Reliable Controls LicenseManager versions 3.4 and prior may allow an a ...)
NOT-FOR-US: Reliable Controls LicenseManager
-CVE-2019-18244 (OSIsoft PI Vision, PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision ...)
+CVE-2019-18244 (In OSIsoft PI System multiple products and versions, a local attacker ...)
NOT-FOR-US: OSIsoft
-CVE-2019-18243
- RESERVED
+CVE-2019-18243 (HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated u ...)
+ NOT-FOR-US: HMI/SCADA iFIX
CVE-2019-18242 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...)
NOT-FOR-US: Moxa
CVE-2019-18241 (In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all ver ...)
@@ -6676,16 +7433,16 @@ CVE-2019-18237
RESERVED
CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC Editor Ver ...)
NOT-FOR-US: PLC Editor
-CVE-2019-18235
- RESERVED
+CVE-2019-18235 (Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient ...)
+ NOT-FOR-US: Advantech Spectre RT ERT351
CVE-2019-18234 (Equinox Control Expert all versions, is vulnerable to an SQL injection ...)
NOT-FOR-US: Equinox Control Expert
-CVE-2019-18233
- RESERVED
+CVE-2019-18233 (In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the ...)
+ NOT-FOR-US: Advantech Spectre RT Industrial Routers ERT351
CVE-2019-18232 (SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only ...)
NOT-FOR-US: SafeNet Sentinel LDK License Manager
-CVE-2019-18231
- RESERVED
+CVE-2019-18231 (Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwo ...)
+ NOT-FOR-US: Advantech Spectre RT ERT351
CVE-2019-18230 (Honeywell equIP and Performance series IP cameras, multiple versions, ...)
NOT-FOR-US: Honeywell
CVE-2019-18229 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitizati ...)
@@ -6708,6 +7465,8 @@ CVE-2019-18223 (ZOOM International Call Recording 6.3.1 suffers from multiple au
NOT-FOR-US: ZOOM International Call Recording
CVE-2019-18222 (The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 a ...)
- mbedtls 2.16.4-1
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
NOTE: Fixed upstream in 2.20.0, 2.16.4 and 2.7.13
CVE-2019-18221 (CoreHR Core Portal before 27.0.7 allows stored XSS. ...)
@@ -6717,10 +7476,12 @@ CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery
CVE-2019-18219 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulner ...)
NOT-FOR-US: Sitemagic CMS
CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...)
- {DSA-4550-1 DLA-1969-1}
+ {DSA-4550-1 DLA-2708-1 DLA-1969-1}
- file 1:5.37-6 (bug #942830)
+ - php7.0 <removed>
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
NOTE: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
+ NOTE: https://github.com/php/php-src/commit/469820048df558040f6dec7c39471ad11e2a7cfb (php-7.2.25RC1)
CVE-2019-18217 (ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauth ...)
{DSA-4559-1 DLA-1974-1}
- proftpd-dfsg 1.3.6a-2 (bug #942831)
@@ -6784,8 +7545,9 @@ CVE-2019-18194 (TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege
CVE-2019-18193 (In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, ...)
NOT-FOR-US: Unisys Stealth
CVE-2019-18192 (GNU Guix 1.0.1 allows local users to gain access to an arbitrary user' ...)
- - guix <itp> (bug #850644)
+ - guix <not-affected> (Fixed before initial upload to Debian)
NOTE: https://issues.guix.gnu.org/issue/37744
+ NOTE: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=81c580c8664bfeeb767e2c47ea343004e88223c7 (v1.1.0rc1)
CVE-2019-18191 (A privilege escalation vulnerability in the Trend Micro Deep Security ...)
NOT-FOR-US: Trend Micro
CVE-2019-18190 (Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerab ...)
@@ -6810,15 +7572,15 @@ CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code
NOT-FOR-US: CloudVision Portal
CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...)
- otrs2 6.0.24-1 (bug #945251)
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (vulnerable code not present)
NOTE: https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
CVE-2019-18179 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-2053-1}
- otrs2 6.0.24-1 (bug #945251)
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
CVE-2019-18178 (Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The fun ...)
NOT-FOR-US: FreeRTOS+FAT
@@ -7854,10 +8616,10 @@ CVE-2019-17658 (An unquoted service path vulnerability in the FortiClient FortiT
NOT-FOR-US: Fortiguard
CVE-2019-17657 (An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSw ...)
NOT-FOR-US: Fortiguard
-CVE-2019-17656
- RESERVED
-CVE-2019-17655
- RESERVED
+CVE-2019-17656 (A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of For ...)
+ NOT-FOR-US: Fortiguard
+CVE-2019-17655 (A cleartext storage in a file or on disk (CWE-313) vulnerability in Fo ...)
+ NOT-FOR-US: Fortiguard
CVE-2019-17654 (An Insufficient Verification of Data Authenticity vulnerability in For ...)
NOT-FOR-US: Fortiguard
CVE-2019-17653 (A Cross-Site Request Forgery (CSRF) vulnerability in the user interfac ...)
@@ -7886,14 +8648,23 @@ CVE-2019-17642 (An issue was discovered in Centreon before 18.10.8, 19.10.1, and
- centreon-web <itp> (bug #913903)
CVE-2019-17641
RESERVED
-CVE-2019-17640
- RESERVED
-CVE-2019-17639
- RESERVED
-CVE-2019-17638
- RESERVED
-CVE-2019-17637
- RESERVED
+CVE-2019-17640 (In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone ...)
+ NOT-FOR-US: Eclipse Vert.x
+CVE-2019-17639 (In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling th ...)
+ NOT-FOR-US: IBM JDK specific issue on on AIX and Linux on the Power platform
+CVE-2019-17638 (In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in ca ...)
+ - jetty9 9.4.31-1
+ [buster] - jetty9 <not-affected> (vulnerable code was introduced in 9.4.27)
+ [stretch] - jetty9 <not-affected> (vulnerable code was introduced in 9.4.27)
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984
+ NOTE: https://github.com/eclipse/jetty.project/issues/4936
+CVE-2019-17637 (In all versions of Eclipse Web Tools Platform through release 3.18 (20 ...)
+ {DLA-2404-1}
+ - eclipse-wtp 3.18-1
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571
+ NOTE: http://git.eclipse.org/c/sourceediting/webtools.sourceediting.git/commit/?id=9644d4217cd6e3be367d654a8320104d88ddfd6b
+ NOTE: Issue fixed along when packaging 3.18 upstream version as in the Debian
+ NOTE: source (re)packaging the DTDParser.java and DTDValidator.java were removed.
CVE-2019-17636 (In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre ...)
NOT-FOR-US: Eclipse Theia
CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a dese ...)
@@ -7903,14 +8674,16 @@ CVE-2019-17634 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to
CVE-2019-17633 (For Eclipse Che versions 6.16 to 7.3.0, with both authentication and T ...)
NOT-FOR-US: Eclipse Che
CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4. ...)
- - jetty9 <unfixed>
- [buster] - jetty9 <no-dsa> (Minor issue)
- [stretch] - jetty9 <no-dsa> (Minor issue)
+ - jetty9 9.4.26-1
+ [buster] - jetty9 <not-affected> (vulnerable code introduced later)
+ [stretch] - jetty9 <not-affected> (vulnerable code introduced later)
- jetty8 <removed>
[jessie] - jetty8 <not-affected> (vulnerable code introduced later)
- jetty <removed>
[jessie] - jetty <not-affected> (vulnerable code introduced later)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443
+ NOTE: https://github.com/eclipse/jetty.project/issues/4334
+ NOTE: Introduced by https://github.com/eclipse/jetty.project/commit/bde86467f4e5df595773ab11ed5e80c615b741f3 (jetty-9.4.21.v20190926)
CVE-2019-17631 (From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such ...)
NOT-FOR-US: Eclipse OpenJ9
CVE-2019-17630 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a cra ...)
@@ -7979,10 +8752,9 @@ CVE-2019-17671 (In WordPress before 5.2.4, unauthenticated viewing of certain co
NOTE: https://core.trac.wordpress.org/changeset/46474
NOTE: https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
CVE-2019-17670 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...)
- {DLA-1980-1}
+ {DLA-2371-1 DLA-1980-1}
- wordpress 5.2.4+dfsg1-1 (bug #942459)
[buster] - wordpress <no-dsa> (Minor issue)
- [stretch] - wordpress <no-dsa> (Minor issue)
NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
NOTE: https://core.trac.wordpress.org/changeset/46472
NOTE: https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
@@ -8031,8 +8803,8 @@ CVE-2019-17605 (A mass assignment vulnerability in eyecomms eyeCMS through 2019-
NOT-FOR-US: eyeCMS
CVE-2019-17604 (An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms e ...)
NOT-FOR-US: eyeCMS
-CVE-2019-17603
- RESERVED
+CVE-2019-17603 (Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate i ...)
+ NOT-FOR-US: Asus
CVE-2019-17602 (An issue was discovered in Zoho ManageEngine OpManager before 12.4 bui ...)
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2019-17601 (In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP ...)
@@ -8046,14 +8818,12 @@ CVE-2019-17598 (An issue was discovered in Lightbend Play Framework 2.5.x throug
CVE-2019-17597
RESERVED
CVE-2019-17596 (Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to ...)
- {DSA-4551-1}
+ {DSA-4551-1 DLA-2592-1 DLA-2591-1}
- golang-1.13 1.13.3-1 (bug #942628)
- golang-1.12 1.12.12-1 (bug #942629)
- golang-1.11 <removed>
- golang-1.8 <removed>
- [stretch] - golang-1.8 <ignored> (Minor issue)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
[jessie] - golang <ignored> (Minor issue)
NOTE: https://golang.org/issue/34960
@@ -8096,8 +8866,12 @@ CVE-2019-17584 (The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys whi
NOT-FOR-US: Meinberg SyncBox/PTP/PTPv2 devices
CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of se ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2019-17582
- RESERVED
+CVE-2019-17582 (A use-after-free in the _zip_dirent_read function of zip_dirent.c in l ...)
+ - libzip <not-affected> (Vulnerable code introduced later; and never in a released version in Debian)
+ NOTE: Introduced after: https://github.com/nih-at/libzip/commit/796c5968ad679220db3fb65ec6f48c66e554e5d5 (rel-1-2-0)
+ NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 (rel-1-3-0)
+ NOTE: Same fixing commit as CVE-2017-12858 apparently, but CVE assignment for
+ NOTE: two different use-after-free issues.
CVE-2019-17581 (tonyy dormsystem through 1.3 allows DOM XSS. ...)
NOT-FOR-US: tonyy dormsystem
CVE-2019-17580 (tonyy dormsystem through 1.3 allows SQL Injection in admin.php. ...)
@@ -8138,15 +8912,26 @@ CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.4
- tomcat8 <removed>
[jessie] - tomcat8 <not-affected> (vulnerable code introduced in later version)
- tomcat7 <removed>
+ [stretch] - tomcat7 <ignored> (No components in libservlet3.0-java binary package are affected)
NOTE: https://github.com/apache/tomcat/commit/060ecc5eb839208687b7fcc9e35287ac8eb46998 (9.0.31)
NOTE: https://github.com/apache/tomcat/commit/959f1dfd767bf3cb64776b44f7395d1d8d8f7ab3 (8.5.51)
NOTE: https://github.com/apache/tomcat/commit/b191a0d9cf06f4e04257c221bfe41d2b108a9cc8 (7.0.100)
CVE-2019-17568
REJECTED
-CVE-2019-17567
- RESERVED
-CVE-2019-17566
- RESERVED
+CVE-2019-17567 (Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configu ...)
+ [experimental] - apache2 2.4.48-1
+ - apache2 2.4.48-2
+ [buster] - apache2 <ignored> (Intrusive and risky backport)
+ [stretch] - apache2 <ignored> (Intrusive and risky backport)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-17567
+ NOTE: https://svn.apache.org/r1885605
+CVE-2019-17566 (Apache Batik is vulnerable to server-side request forgery, caused by i ...)
+ - batik 1.12-1.1 (bug #964510)
+ [buster] - batik 1.10-2+deb10u1
+ [stretch] - batik 1.8-4+deb9u2
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/2
+ NOTE: patch: http://svn.apache.org/viewvc?view=revision&revision=1871084
+ NOTE: corresponding bug: https://issues.apache.org/jira/browse/BATIK-1276
CVE-2019-17565 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
{DSA-4672-1}
- trafficserver 8.0.6+ds-1
@@ -8159,17 +8944,18 @@ CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.
- tomcat9 9.0.31-1
- tomcat8 <removed>
- tomcat7 <removed>
+ [stretch] - tomcat7 <ignored> (No components in libservlet3.0-java binary package are affected)
NOTE: https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652 (9.0.30)
NOTE: https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c (8.5.50)
NOTE: https://github.com/apache/tomcat/commit/ab72a106fe5d992abddda954e30849d7cf8cc583 (7.0.99)
CVE-2019-17562 (A buffer overflow vulnerability has been found in the baremetal compon ...)
NOT-FOR-US: Apache CloudStack
CVE-2019-17561 (The "Apache NetBeans" autoupdate system does not fully validate code s ...)
- - netbeans <unfixed> (unimportant)
- NOTE: Debian packages updated via apt
+ - netbeans 12.1-1 (unimportant)
+ NOTE: Debian packages updated via apt, starting with 12.1 only some classes are shipped
CVE-2019-17560 (The "Apache NetBeans" autoupdate system does not validate SSL certific ...)
- - netbeans <unfixed> (unimportant)
- NOTE: Debian packages updated via apt
+ - netbeans 12.1-1 (unimportant)
+ NOTE: Debian packages updated via apt, starting with 12.1 only some classes are shipped
CVE-2019-17559 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
{DSA-4672-1}
- trafficserver 8.0.6+ds-1
@@ -8179,7 +8965,6 @@ CVE-2019-17558 (Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remot
NOTE: https://www.openwall.com/lists/oss-security/2019/12/30/1
NOTE: https://issues.apache.org/jira/browse/SOLR-13971
NOTE: https://issues.apache.org/jira/browse/SOLR-14025
- TODO: check, whilst the advisory claims 5.0.0 upwards only the SolrParamResourceLoader might be of issue already earlier?
CVE-2019-17557 (It was found that the Apache Syncope EndUser UI login page prio to 2.0 ...)
NOT-FOR-US: Apache Syncope
CVE-2019-17556 (Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService clas ...)
@@ -8213,17 +8998,14 @@ CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL throug
NOTE: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
NOTE: gdal uses system libtiff libraries since 2.0.1+dfsg-1~exp1 (#684233)
CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ...)
- {DLA-1984-1}
+ {DLA-2877-1 DLA-1984-1}
- gdal 2.4.2+dfsg-2 (low)
[buster] - gdal <no-dsa> (Minor issue)
- [stretch] - gdal <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178
NOTE: https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb
CVE-2019-17544 (libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over- ...)
- {DLA-1966-1}
+ {DSA-4948-1 DLA-2720-1 DLA-1966-1}
- aspell 0.60.8-1 (low)
- [buster] - aspell <no-dsa> (Minor issue)
- [stretch] - aspell <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109
NOTE: https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e
CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (rela ...)
@@ -8235,10 +9017,8 @@ CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32
NOTE: https://github.com/lz4/lz4/pull/756
NOTE: https://github.com/lz4/lz4/pull/760
CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk ...)
- {DLA-2021-1}
+ {DSA-4722-1 DLA-2291-1 DLA-2021-1}
- ffmpeg 7:4.2.1-1
- [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
- [stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
- libav <removed>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2
CVE-2019-17541 (ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo ...)
@@ -8264,9 +9044,8 @@ CVE-2019-17540 (ImageMagick before 7.0.8-54 has a heap-based buffer overflow in
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/41399a3414069870071e47680b0bbbe0a283db5d
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc
CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NUL ...)
+ {DSA-4722-1 DLA-2537-1}
- ffmpeg 7:4.2.1-1 (low)
- [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
- [stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
- libav <removed> (low)
[jessie] - libav <not-affected> (Vulnerable code introduced in v12.x)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c
@@ -8284,7 +9063,8 @@ CVE-2019-17534 (vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips
NOTE: Introduced by: https://github.com/libvips/libvips/commit/https://github.com/libvips/libvips/commit/25e457736173369dcb0f7c09d07af68aedbdc175
NOTE: Fixed by: https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d
CVE-2019-17533 (Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' ch ...)
- - libmatio <unfixed> (bug #942255)
+ {DLA-2267-1}
+ - libmatio 1.5.17-4 (bug #942255)
[buster] - libmatio <no-dsa> (Minor issue)
[stretch] - libmatio <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16856
@@ -8294,8 +9074,8 @@ CVE-2019-17532 (An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.
CVE-2019-17531 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
{DLA-2030-1}
- jackson-databind 2.10.1-1
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2498
NOTE: https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -8365,12 +9145,11 @@ CVE-2019-17500
CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on Compal CH7 ...)
NOT-FOR-US: Compal CH7465LG devices
CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic i ...)
- {DLA-1991-1}
- - libssh2 <unfixed> (low; bug #943562)
+ {DLA-2848-1 DLA-1991-1}
+ - libssh2 1.9.0-1 (low; bug #943562)
[buster] - libssh2 <no-dsa> (Minor issue)
- [stretch] - libssh2 <no-dsa> (Minor issue)
NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c
- NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
+ NOTE: https://securitylab.github.com/research/libssh2-integer-overflow-CVE-2019-17498/
NOTE: Backported SUSE patch for versions <= 1.8.0 (including struct string_buf,
NOTE: and the functions _libssh2_check_length(), _libssh2_get_u32() and
NOTE: libssh2_get_string(), forming part of the fix):
@@ -8462,10 +9241,9 @@ CVE-2019-17457
CVE-2019-17456
RESERVED
CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequ ...)
- {DLA-2207-1}
+ {DLA-2831-1 DLA-2207-1}
- libntlm 1.6-1 (bug #942145)
- [buster] - libntlm <no-dsa> (Minor issue)
- [stretch] - libntlm <no-dsa> (Minor issue)
+ [buster] - libntlm 1.5-1+deb10u1
NOTE: https://gitlab.com/jas/libntlm/issues/2
NOTE: https://gitlab.com/jas/libntlm/-/commit/b967886873fcf19f816b9c0868465f2d9e5df85e
CVE-2019-17454 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTa ...)
@@ -8475,12 +9253,12 @@ CVE-2019-17453 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorL
CVE-2019-17452 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListIns ...)
NOT-FOR-US: Bento4
CVE-2019-17451 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.34-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25070
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1
NOTE: binutils not covered by security support
CVE-2019-17450 (find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) ...)
- - binutils <unfixed> (unimportant)
+ - binutils 2.34-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25078
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79281f33fd33f0964541a73511b9e2b
NOTE: binutils not covered by security support
@@ -8494,8 +9272,8 @@ CVE-2019-17446 (An issue was discovered in Eracent EPA Agent through 10.2.26. Th
NOT-FOR-US: Eracent EPA Agent
CVE-2019-17445 (An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Ag ...)
NOT-FOR-US: Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent
-CVE-2019-17444
- RESERVED
+CVE-2019-17444 (Jfrog Artifactory uses default passwords (such as "password") for admi ...)
+ NOT-FOR-US: JFrog Artifactory
CVE-2019-17443
RESERVED
CVE-2019-17442
@@ -8590,7 +9368,7 @@ CVE-2019-17403 (Nokia IMPACT &lt; 18A: An unrestricted File Upload vulnerability
NOT-FOR-US: Nokia
CVE-2019-17402 (Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in ...)
{DLA-2019-1}
- - exiv2 <unfixed> (bug #946341)
+ - exiv2 0.27.3-1 (bug #946341)
[buster] - exiv2 <no-dsa> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/1019
@@ -8642,9 +9420,9 @@ CVE-2019-17384 (The animate-it plugin before 2.3.4 for WordPress has XSS. ...)
CVE-2019-17383 (The netaddr gem before 2.0.4 for Ruby has misconfigured file permissio ...)
- ruby-netaddr <not-affected> (Upstream packaging issue)
CVE-2019-17382 (An issue was discovered in zabbix.php?action=dashboard.view&amp;dashbo ...)
- - zabbix <unfixed>
+ - zabbix 1:5.0.0+dfsg-1
[buster] - zabbix <no-dsa> (Minor issue)
- [stretch] - zabbix <no-dsa> (Minor issue)
+ [stretch] - zabbix <ignored> (Minor issue, no patch, guest accounts can be disabled)
[jessie] - zabbix <no-dsa> (Minor issue, guest accounts can be disabled)
NOTE: https://support.zabbix.com/browse/ZBX-16789
NOTE: Disputed by upstream, closed as not a security bug.
@@ -8732,8 +9510,8 @@ CVE-2019-17353 (An issue discovered on D-Link DIR-615 devices with firmware vers
NOT-FOR-US: D-Link
CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vul ...)
NOT-FOR-US: JFinal
-CVE-2019-17339
- RESERVED
+CVE-2019-17339 (The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabr ...)
+ NOT-FOR-US: TIBCO
CVE-2019-17338 (The user interface component of TIBCO Software Inc.'s TIBCO Patterns - ...)
NOT-FOR-US: TIBCO
CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
@@ -8879,8 +9657,8 @@ CVE-2019-17268 (The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on
CVE-2019-17267 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
{DLA-2030-1}
- jackson-databind 2.10.0-1
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2460
NOTE: https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb
CVE-2019-17266 (libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer ove ...)
@@ -8985,7 +9763,7 @@ CVE-2019-17223 (There is HTML Injection in the Note field in Dolibarr ERP/CRM 10
CVE-2019-17222 (An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is ...)
NOT-FOR-US: Intelbras WRN 150 devices
CVE-2019-17221 (PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as d ...)
- - phantomjs <unfixed> (unimportant)
+ - phantomjs <removed> (unimportant)
NOTE: https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/
NOTE: qtwebkit not covered by security support
CVE-2019-17220 (Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. ...)
@@ -9077,7 +9855,15 @@ CVE-2019-17180 (Valve Steam Client before 2019-09-12 allows placing or appending
CVE-2019-17179 (4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5 ...)
NOT-FOR-US: OpenEMR
CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-0 ...)
- TODO: check
+ - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2
+ [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1
+ - freerdp <removed>
+ [stretch] - freerdp <postponed> (Minor issue, can be fixed along with next DLA)
+ NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645
+ NOTE: https://github.com/akallabeth/FreeRDP/commit/fc80ab45621bd966f70594c0b7393ec005a94007
+ NOTE: Multiple source packages embed a copy of lodepng (openscad, tbb, mame, passage,
+ NOTE: quakespasm, simbody, paraview, dart, drumgizmo, doxygen, love, libtcod, f
+ NOTE: cubicsdr, nestopia, refind, zopfli, montage), but don't seem security-relevant
CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0 ...)
- freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2 (low)
[buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1
@@ -9218,6 +10004,7 @@ CVE-2019-17115 (Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA
CVE-2019-17114 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...)
NOT-FOR-US: WiKID 2FA Enterprise Server
CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_Instrument ...)
+ {DSA-4729-1 DLA-2308-1}
- libopenmpt 0.4.9-1
NOTE: https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe
NOTE: https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision&rev=12127&peg=12127
@@ -9252,8 +10039,8 @@ CVE-2019-17100 (An Untrusted Search Path vulnerability in bdserviceshost.exe as
NOT-FOR-US: Bitdefender Total Security
CVE-2019-17099 (An Untrusted Search Path vulnerability in EPSecurityService.exe as use ...)
NOT-FOR-US: Bitdefender Endpoint Security Tools
-CVE-2019-17098
- RESERVED
+CVE-2019-17098 (Use of hard-coded cryptographic key vulnerability in August Connect Wi ...)
+ NOT-FOR-US: August Connect Wi-Fi Bridge App
CVE-2019-17097
RESERVED
CVE-2019-17096 (A OS Command Injection vulnerability in the bootstrap stage of Bitdefe ...)
@@ -9400,16 +10187,14 @@ CVE-2019-17044 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execut
CVE-2019-17043 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution pe ...)
NOT-FOR-US: BMC Patrol Agent
CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmc ...)
- {DLA-1952-1}
+ {DLA-2835-1 DLA-1952-1}
- rsyslog 8.1910.0-1 (bug #942065)
[buster] - rsyslog <no-dsa> (Minor issue, pmcisconames module not loaded by default)
- [stretch] - rsyslog <no-dsa> (Minor issue, pmcisconames module not loaded by default)
NOTE: https://github.com/rsyslog/rsyslog/pull/3883
CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfr ...)
- {DLA-1952-1}
+ {DLA-2835-1 DLA-1952-1}
- rsyslog 8.1910.0-1 (bug #942067)
[buster] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not loaded by default)
- [stretch] - rsyslog <no-dsa> (Minor issue, pmaixforwardedfrom module not loaded by default)
NOTE: https://github.com/rsyslog/rsyslog/pull/3884
CVE-2019-17040 (contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bound ...)
- rsyslog 8.1910.0-1 (unimportant)
@@ -9463,8 +10248,10 @@ CVE-2019-17024 (Mozilla developers reported memory safety bugs present in Firefo
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17024
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17024
CVE-2019-17023 (After a HelloRetryRequest has been sent, the client may negotiate a lo ...)
+ {DSA-4726-1}
- firefox 72.0-1
- nss 2:3.49-1
+ [stretch] - nss <not-affected> (Vulnerable code was introduced later)
[jessie] - nss <not-affected> (Vulnerable code was introduced later)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023
NOTE: https://hg.mozilla.org/projects/nss/rev/d64102b76a437f24d98a20480dcc9f1655143e7c
@@ -9561,18 +10348,16 @@ CVE-2019-17008 (When using nested workers, a use-after-free could occur during w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17008
-CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS]
- RESERVED
- {DSA-4579-1 DLA-2015-1}
+CVE-2019-17007 (In Network Security Services before 3.44, a malformed Netscape Certifi ...)
+ {DSA-4579-1 DLA-2388-1 DLA-2015-1}
- nss 2:3.45-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1798
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1533216
NOTE: https://hg.mozilla.org/projects/nss/rev/1473dd7efe2ce4f8722a33ebb03a3425e09887de
NOTE: Fixed in 3.44 upstream (and there was an upload of 3.44 to unstable
NOTE: but then reverted until the 2:3.45-1 upload).
-CVE-2019-17006 [Check length of inputs for cryptographic primitives]
- RESERVED
- {DLA-2058-1}
+CVE-2019-17006 (In Network Security Services (NSS) before 3.46, several cryptographic ...)
+ {DSA-4726-1 DLA-2388-1 DLA-2058-1}
- nss 2:3.47-1
NOTE: Fixed upstream in NSS 3.46.
NOTE: Upstream bug (currently non-public): https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
@@ -9677,24 +10462,24 @@ CVE-2019-16964 (app/call_centers/cmd.php in the Call Center Queue Module in Fusi
NOT-FOR-US: FusionPBX
CVE-2019-16963
RESERVED
-CVE-2019-16962
- RESERVED
-CVE-2019-16961
- RESERVED
-CVE-2019-16960
- RESERVED
-CVE-2019-16959
- RESERVED
-CVE-2019-16958
- RESERVED
-CVE-2019-16957
- RESERVED
-CVE-2019-16956
- RESERVED
-CVE-2019-16955
- RESERVED
-CVE-2019-16954
- RESERVED
+CVE-2019-16962 (Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a ...)
+ NOT-FOR-US: Zoho ManageEngine Desktop Central
+CVE-2019-16961 (SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. ...)
+ NOT-FOR-US: SolarWinds
+CVE-2019-16960 (SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file wit ...)
+ NOT-FOR-US: SolarWinds
+CVE-2019-16959 (SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Fo ...)
+ NOT-FOR-US: SolarWinds
+CVE-2019-16958 (Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 1 ...)
+ NOT-FOR-US: SolarWinds Web Help Desk
+CVE-2019-16957 (SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of ...)
+ NOT-FOR-US: SolarWinds
+CVE-2019-16956 (SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parame ...)
+ NOT-FOR-US: SolarWinds
+CVE-2019-16955 (SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG documen ...)
+ NOT-FOR-US: SolarWinds
+CVE-2019-16954 (SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in ...)
+ NOT-FOR-US: SolarWinds
CVE-2019-16953
RESERVED
CVE-2019-16952
@@ -9736,6 +10521,7 @@ CVE-2019-16937
CVE-2019-16936
RESERVED
CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x through ...)
+ {DLA-2628-1 DLA-2280-1}
- python3.8 3.8.0~rc1-1
- python3.7 3.7.5~rc1-1
[buster] - python3.7 3.7.3-2+deb10u1
@@ -9744,16 +10530,16 @@ CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x t
[jessie] - python3.4 <ignored> (Minor Issue, XSS in an unlikely use-case)
- python2.7 2.7.17~rc1-1
[buster] - python2.7 2.7.16-2+deb10u1
- [stretch] - python2.7 <no-dsa> (Minor issue)
[jessie] - python2.7 <ignored> (Minor Issue, XSS in an unlikely use-case)
- jython <unfixed>
+ [bullseye] - jython <ignored> (Minor Issue)
[buster] - jython <ignored> (Minor Issue)
[stretch] - jython <ignored> (Minor Issue)
[jessie] - jython <ignored> (Minor Issue, XSS in an unlikely use-case)
- - pypy <unfixed> (low)
- [buster] - pypy <no-dsa> (Minor issue)
+ - pypy 7.3.2+dfsg-1 (low)
+ [buster] - pypy <ignored> (Minor issue)
[stretch] - pypy <no-dsa> (Minor issue)
- [jessie] - pypy <ignored> (Minor Issue, XSS in an unlikely use-case)
+ [jessie] - pypy <postponed> (Minor Issue, XSS in an unlikely use-case)
NOTE: https://bugs.python.org/issue38243
NOTE: https://github.com/python/cpython/pull/16373
NOTE: https://github.com/python/cpython/commit/e8650a4f8c7fb76f570d4ca9c1fbe44e91c8dfaa (master)
@@ -9890,6 +10676,7 @@ CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and
[buster] - runc <no-dsa> (Minor issue)
[stretch] - runc <no-dsa> (Minor issue)
- golang-github-opencontainers-selinux 1.3.0-2 (bug #942027)
+ [buster] - golang-github-opencontainers-selinux <no-dsa> (Minor issue)
NOTE: https://github.com/opencontainers/runc/issues/2128
CVE-2019-16883
RESERVED
@@ -9920,7 +10707,7 @@ CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff
CVE-2019-16870
RESERVED
CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the colon in HT ...)
- {DSA-4597-1 DLA-2110-1 DLA-1941-1}
+ {DSA-4597-1 DLA-2365-1 DLA-2110-1 DLA-1941-1}
- netty 1:4.1.33-2 (bug #941266)
- netty-3.9 <removed>
NOTE: https://github.com/netty/netty/issues/9571
@@ -9936,6 +10723,8 @@ CVE-2019-16866 (Unbound before 1.9.4 accesses uninitialized memory, which allows
[jessie] - unbound <not-affected> (Vulnerable code introduced in 1.7.1)
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt
NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff
+ NOTE: https://github.com/NLnetLabs/unbound/commit/b60c4a472c856f0a98120b7259e991b3a6507eb5
+ NOTE: https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading specially ...)
- pillow 6.2.0-1 (low)
[buster] - pillow 5.4.1-2+deb10u1
@@ -9946,8 +10735,8 @@ CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading spe
NOTE: https://github.com/python-pillow/Pillow/commit/f228d0ccbf6bf9392d7fcd51356ef2cfda80c75a
NOTE: https://github.com/python-pillow/Pillow/commit/b9693a51c99c260bd66d1affeeab4a226cf7e5a5
NOTE: https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc
-CVE-2019-16864
- RESERVED
+CVE-2019-16864 (CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP befor ...)
+ NOT-FOR-US: EnterpriseDT CompleteFTP
CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow a ...)
NOT-FOR-US: STMicroelectronics
CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...)
@@ -10184,6 +10973,8 @@ CVE-2019-16770 (In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved clien
[stretch] - puma <no-dsa> (Minor issue)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
NOTE: https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e
+ NOTE: This is an incomplete fix. When fixing this issue make sure to also apply
+ NOTE: the fix for CVE-2021-29509 to not open that CVE.
CVE-2019-16769 (The serialize-javascript npm package before version 2.1.1 is vulnerabl ...)
NOT-FOR-US: serialize-javascript Node package
CVE-2019-16768 (In affected versions of Sylius, exception messages from internal excep ...)
@@ -10230,8 +11021,9 @@ CVE-2019-16749
CVE-2019-16748 (In wolfSSL through 4.1.0, there is a missing sanity check of memory ac ...)
- wolfssl 4.2.0+dfsg-1
NOTE: https://github.com/wolfSSL/wolfssl/issues/2459
-CVE-2019-16747
- RESERVED
+CVE-2019-16747 (In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an inval ...)
+ - matrixssl <removed>
+ NOTE: https://github.com/matrixssl/matrixssl/issues/33
CVE-2019-16745 (eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. ...)
NOT-FOR-US: eBrigade
CVE-2019-16744 (eBrigade before 5.0 has evenements.php cid SQL Injection. ...)
@@ -10267,8 +11059,8 @@ CVE-2019-16731 (The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 an
CVE-2019-16730 (processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.2 ...)
NOT-FOR-US: Petwant PF-103 and Petalk AI
CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (m ...)
+ {DLA-2419-1}
- dompurify.js <removed>
- [stretch] - dompurify.js <ignored> (Minor issue)
NOTE: https://research.securitum.com/dompurify-bypass-using-mxss/
CVE-2019-16746 (An issue was discovered in net/wireless/nl80211.c in the Linux kernel ...)
{DLA-2114-1 DLA-2068-1}
@@ -10321,26 +11113,37 @@ CVE-2019-16716 (OX App Suite through 7.10.2 has Incorrect Access Control. ...)
CVE-2019-16715
RESERVED
CVE-2019-16713 (ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrate ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1558
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/6954a3f7f1bf1dad417260c5965f2c30a64fa25e
CVE-2019-16712 (ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in code ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1557
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/451d0e4aadb17f16d15006aed379b71714d04a5d
CVE-2019-16711 (ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in code ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1542
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/448f301a781405a45717bb53578475de06df973a
CVE-2019-16710 (ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrate ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1528
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/80deac0626d2d69e1da836d7d893db1e022b10fc
CVE-2019-16709 (ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ...)
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
- graphicsmagick 1.4+really1.3.33+hg16117-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/13801f5d0bd7a6fdb119682d34946636afdb2629
CVE-2019-16708 (ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/13801f5d0bd7a6fdb119682d34946636afdb2629
CVE-2019-16707 (Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommon ...)
- - hunspell <unfixed> (unimportant; bug #941185)
+ - hunspell 1.7.0-3 (unimportant; bug #941185)
NOTE: Negligible security impact
NOTE: https://github.com/butterflyhack/hunspell-crash
NOTE: https://github.com/hunspell/hunspell/issues/624
@@ -10472,8 +11275,8 @@ CVE-2019-16653 (An application plugin in Genius Bytes Genius Server (Genius CDDS
NOT-FOR-US: Genius Bytes Genius Server (Genius CDDS)
CVE-2019-16652 (The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 al ...)
NOT-FOR-US: Genius Bytes Genius Server (Genius CDDS)
-CVE-2019-16651
- RESERVED
+CVE-2019-16651 (An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG ...)
+ NOT-FOR-US: Virgin Media Super Hub
CVE-2019-16650 (On Supermicro X10 and X11 products, a client's access privileges may b ...)
NOT-FOR-US: Supermicro
CVE-2019-16649 (On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination ...)
@@ -10994,19 +11797,21 @@ CVE-2019-16398 (On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execut
CVE-2019-16397
RESERVED
CVE-2019-16396 (GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() f ...)
- - gnucobol <unfixed> (low; bug #940950)
+ - gnucobol 4.0~early~20200606-1 (low; bug #940950)
[buster] - gnucobol <ignored> (Minor issue)
- open-cobol <removed>
[stretch] - open-cobol <ignored> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
- NOTE: https://sourceforge.net/p/open-cobol/bugs/587/
+ NOTE: https://sourceforge.net/p/gnucobol/bugs/587/
+ NOTE: Fixed by: https://sourceforge.net/p/open-cobol/code/3347/
CVE-2019-16395 (GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() functi ...)
- - gnucobol <unfixed> (low; bug #940949)
+ - gnucobol 4.0~early~20200606-1 (low; bug #940949)
[buster] - gnucobol <ignored> (Minor issue)
- open-cobol <removed>
[stretch] - open-cobol <ignored> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
- NOTE: https://sourceforge.net/p/open-cobol/bugs/586/
+ NOTE: https://sourceforge.net/p/gnucobol/bugs/586/
+ NOTE: Fixed by: https://sourceforge.net/p/open-cobol/code/3346/
CVE-2019-16390
RESERVED
CVE-2019-16389
@@ -11017,10 +11822,10 @@ CVE-2019-16387 (** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to a direct prw
NOT-FOR-US: PEGA Platform
CVE-2019-16386 (** DISPUTED ** PEGA Platform 7.x and 8.x is vulnerable to Information ...)
NOT-FOR-US: PEGA Platform
-CVE-2019-16385
- RESERVED
-CVE-2019-16384
- RESERVED
+CVE-2019-16385 (Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting vi ...)
+ NOT-FOR-US: Cybele Thinfinity VirtualUI
+CVE-2019-16384 (Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that ca ...)
+ NOT-FOR-US: Cybele Thinfinity VirtualUI
CVE-2019-16383 (MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2 ...)
NOT-FOR-US: Progress MOVEit Transfer
CVE-2019-16382 (An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is ...)
@@ -11037,8 +11842,8 @@ CVE-2019-16376
RESERVED
CVE-2019-16375 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
- otrs2 6.0.23-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (Minor issue)
NOTE: https://community.otrs.com/security-advisory-2019-13-security-update-for-otrs-framework/
NOTE: https://github.com/OTRS/otrs/commit/aeb33d800716e2a6653597aa86314c4cbdadb678 (6.x)
@@ -11063,8 +11868,8 @@ CVE-2019-16391 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated vis
- spip 3.2.5-1
NOTE: https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79
NOTE: https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66
-CVE-2019-16374
- RESERVED
+CVE-2019-16374 (Pega Platform 8.2.1 allows LDAP injection because a username can conta ...)
+ NOT-FOR-US: Pega Platform
CVE-2019-16373
RESERVED
CVE-2019-16372
@@ -11073,7 +11878,8 @@ CVE-2019-16371 (LogMeIn LastPass before 4.33.0 allows attackers to construct a c
NOT-FOR-US: LogMeIn LastPass
CVE-2019-16370 (The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algori ...)
- gradle <unfixed> (low; bug #941186)
- [buster] - gradle <no-dsa> (Minor issue)
+ [bullseye] - gradle <ignored> (Minor issue)
+ [buster] - gradle <ignored> (Minor issue)
[stretch] - gradle <no-dsa> (Minor issue)
[jessie] - gradle <postponed> (Minor issue, old gradle mainly used for building Debian packages with apt signatures)
NOTE: https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f
@@ -11156,8 +11962,7 @@ CVE-2019-16333 (GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS)
NOT-FOR-US: GetSimple CMS
CVE-2019-16332 (In the api-bearer-auth plugin before 20190907 for WordPress, the serve ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-12412 [Remotely exploitable null pointer dereference bug]
- RESERVED
+CVE-2019-12412 (A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference ...)
{DSA-4541-1 DLA-1944-1}
- libapreq2 2.13-6 (bug #939937)
NOTE: https://svn.apache.org/r1866760
@@ -11168,7 +11973,9 @@ CVE-2019-16330 (In NCH Express Accounts Accounting v7.02, persistent cross site
CVE-2019-16329
RESERVED
CVE-2019-16328 (In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify ...)
- - rpyc <removed>
+ - rpyc <not-affected> (Vulnerable code newer in a released Debian version)
+ NOTE: Issue only affected 4.1.0 and 4.1.1 upstream and fixed in 4.1.2
+ NOTE: https://rpyc.readthedocs.io/en/latest/docs/security.html#security
CVE-2019-16327 (D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypa ...)
NOT-FOR-US: D-Link
CVE-2019-16326 (D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token ...)
@@ -11259,8 +12066,8 @@ CVE-2019-16283
RESERVED
CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...)
NOT-FOR-US: NCH Express Invoice
-CVE-2019-16281
- RESERVED
+CVE-2019-16281 (Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token ...)
+ NOT-FOR-US: Ptarmigan
CVE-2019-16280
RESERVED
CVE-2019-16279 (A memory error in the function SSL_accept in nostromo nhttpd through 1 ...)
@@ -11270,24 +12077,22 @@ CVE-2019-16278 (Directory Traversal in the function http_verify in nostromo nhtt
CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/ ...)
NOT-FOR-US: PicoC
CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector ...)
+ {DLA-2547-1}
- wireshark 3.0.4-1 (low)
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
- [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x DSA)
+ [buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-21.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16020
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=02ddd49885c6a09e936a76aceb726ed06539704a
CVE-2019-16276 (Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smugglin ...)
- {DSA-4534-1}
+ {DSA-4534-1 DLA-2592-1 DLA-2591-1}
- golang-1.13 1.13.1-1
- golang-1.12 1.12.10-1 (bug #941173)
- golang-1.11 <removed>
- golang-1.8 <removed>
- [stretch] - golang-1.8 <ignored> (Minor issue)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
- [jessie] - golang <ignored> (does not makes sense to fix in jessie if not in later dists)
+ [jessie] - golang <ignored> (Minor issue)
NOTE: https://groups.google.com/forum/m/#!topic/golang-announce/cszieYyuL9Q
NOTE: https://golang.org/issue/34540
NOTE: https://github.com/golang/go/commit/5a6ab1ec3e678640befebeb3318b746a64ad986c (golang-1.13)
@@ -11304,8 +12109,8 @@ CVE-2019-16270
RESERVED
CVE-2019-16269
RESERVED
-CVE-2019-16268
- RESERVED
+CVE-2019-16268 (Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection vi ...)
+ NOT-FOR-US: Zoho ManageEngine Remote Access Plus
CVE-2019-16267
RESERVED
CVE-2019-16266
@@ -11331,26 +12136,28 @@ CVE-2019-16257 (Some Motorola devices include the SIMalliance Toolbox Browser (a
CVE-2019-16256 (Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T ...)
NOT-FOR-US: SIMalliance Toolbox Browser
CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
- {DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed>
+ - jruby <unfixed> (bug #972230)
+ [buster] - jruby <no-dsa> (Minor issue)
NOTE: https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
NOTE: ruby2.5: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
- {DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed>
+ - jruby <unfixed> (bug #972230)
+ [buster] - jruby <no-dsa> (Minor issue)
NOTE: https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc
NOTE: https://hackerone.com/reports/331984
NOTE: https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/
CVE-2019-16253 (The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 ...)
NOT-FOR-US: Samsung
-CVE-2019-16252
- RESERVED
+CVE-2019-16252 (Missing SSL Certificate Validation in the Nutfind.com application thro ...)
+ NOT-FOR-US: Nutfind
CVE-2019-16251 (plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework thro ...)
NOT-FOR-US: YIT Plugin Framework
CVE-2019-16250 (includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for ...)
@@ -11367,18 +12174,18 @@ CVE-2019-16247 (Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!
NOT-FOR-US: Delta DCISoft
CVE-2019-16246 (Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a differen ...)
NOT-FOR-US: Intesync Solismed
-CVE-2019-16245
- RESERVED
-CVE-2019-16244
- RESERVED
+CVE-2019-16245 (OMERO before 5.6.1 makes the details of each user available to all use ...)
+ NOT-FOR-US: OMERO
+CVE-2019-16244 (OMERO.server before 5.6.1 allows attackers to bypass the security filt ...)
+ NOT-FOR-US: OMERO
CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocument ...)
NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineerin ...)
NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
CVE-2019-16241 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can ...)
NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices
-CVE-2019-16240
- RESERVED
+CVE-2019-16240 (A Buffer Overflow and Information Disclosure issue exists in HP Office ...)
+ NOT-FOR-US: HP
CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer Overflow ...)
{DSA-4607-1 DLA-1945-1}
- openconnect 8.02-1.1 (bug #940871)
@@ -11391,7 +12198,7 @@ CVE-2019-16378 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone t
CVE-2019-16275 (hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect ...)
{DSA-4538-1 DLA-1922-1}
- wpa 2:2.9-2 (bug #940080)
- [stretch] - wpa <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - wpa 2:2.4-1+deb9u6
NOTE: https://www.openwall.com/lists/oss-security/2019/09/11/7
NOTE: https://w1.fi/security/2019-7/
CVE-2019-16238 (Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged ...)
@@ -11505,12 +12312,12 @@ CVE-2019-16215 (The Markdown parser in Zulip server before 2.0.5 used a regular
- zulip-server <itp> (bug #800052)
CVE-2019-16214 (Libra Core before 2019-09-03 has an erroneous regular expression for i ...)
NOT-FOR-US: Libra
-CVE-2019-16213
- RESERVED
-CVE-2019-16212
- RESERVED
-CVE-2019-16211
- RESERVED
+CVE-2019-16213 (Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authe ...)
+ NOT-FOR-US: Tenda PA6 Wi-Fi Powerline extender
+CVE-2019-16212 (A vulnerability in Brocade SANnav versions before v2.1.0 could allow a ...)
+ NOT-FOR-US: Brocade SANnav
+CVE-2019-16211 (Brocade SANnav versions before v2.1.0, contain a Plaintext Password St ...)
+ NOT-FOR-US: Brocade SANnav
CVE-2019-16210 (Brocade SANnav versions before v2.0, logs plain text database connecti ...)
NOT-FOR-US: Brocade
CVE-2019-16209 (A vulnerability, in The ReportsTrustManager class of Brocade SANnav ve ...)
@@ -11530,11 +12337,12 @@ CVE-2019-16203 (Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expo
CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...)
NOT-FOR-US: MISP
CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ...)
- {DSA-4587-1 DSA-4586-1 DLA-2027-1 DLA-2007-1}
+ {DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed>
+ - jruby <unfixed> (bug #972230)
+ [buster] - jruby <no-dsa> (Minor issue)
NOTE: https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03
NOTE: https://hackerone.com/reports/661722
NOTE: https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
@@ -11613,28 +12421,29 @@ CVE-2019-16167 (sysstat before 12.1.6 has memory corruption due to an Integer Ov
NOTE: Introduced after: https://github.com/sysstat/sysstat/commit/65ac30359e49ee717397e39950d7c24a6610d57c (v11.7.1)
NOTE: Fixed by: https://github.com/sysstat/sysstat/commit/edbf507678bf10914e9804ff8a06737fdcb2e781
CVE-2019-16166 (GNU cflow through 1.6 has a heap-based buffer over-read in the nexttok ...)
- - cflow <unfixed> (unimportant; bug #939916)
+ - cflow 1:1.6-6 (unimportant; bug #939916)
NOTE: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00000.html
+ NOTE: https://git.savannah.gnu.org/cgit/cflow.git/commit/?id=b9a7cd5e9d4efb54141dd0d11c319bb97a4600c6
NOTE: Crash in CLI tool, no security impact
CVE-2019-16165 (GNU cflow through 1.6 has a use-after-free in the reference function i ...)
- - cflow <unfixed> (unimportant; bug #939915)
+ - cflow 1:1.6-6 (unimportant; bug #939915)
NOTE: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html
+ NOTE: https://git.savannah.gnu.org/cgit/cflow.git/commit/?id=b9a7cd5e9d4efb54141dd0d11c319bb97a4600c6
NOTE: Crash in CLI tool, no security impact
CVE-2019-16164 (MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_nod ...)
NOT-FOR-US: MyHTML
CVE-2019-16163 (Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of ...)
- {DLA-1918-1}
+ {DLA-2431-1 DLA-1918-1}
- libonig 6.9.4-1 (low; bug #939988)
[buster] - libonig <no-dsa> (Minor issue)
- [stretch] - libonig <no-dsa> (Minor issue)
NOTE: https://github.com/kkos/oniguruma/issues/147
NOTE: https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180
CVE-2019-16162 (Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class bec ...)
NOT-FOR-US: Onigmo (fork of Oniguruma)
CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code ...)
NOT-FOR-US: Onigmo (fork of Oniguruma)
-CVE-2019-16160
- RESERVED
+CVE-2019-16160 (An integer underflow in the SMB server of MikroTik RouterOS before 6.4 ...)
+ NOT-FOR-US: MikroTik RouterOS
CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 ...)
- bird 1.6.8-1 (bug #939990)
[buster] - bird 1.6.6-1+deb10u1
@@ -11659,19 +12468,20 @@ CVE-2019-16152 (A Denial of service (DoS) vulnerability in FortiClient for Linux
NOT-FOR-US: Fortiguard FortiClient
CVE-2019-16151
RESERVED
-CVE-2019-16150
- RESERVED
+CVE-2019-16150 (Use of a hard-coded cryptographic key to encrypt security sensitive da ...)
+ NOT-FOR-US: Fortiguard
CVE-2019-16149
RESERVED
CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...)
+ {DLA-2340-1}
- sqlite3 3.29.0-2
- [buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 3.27.2-3+deb10u1
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html
NOTE: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6
NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0
+ NOTE: https://github.com/sqlite/sqlite/commit/725dd72400872da94dcfb6af48128905b93d57fe
CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...)
NOT-FOR-US: Sakai
CVE-2019-16147 (Liferay Portal through 7.2.0 GA1 allows XSS via a journal article titl ...)
@@ -11714,12 +12524,12 @@ CVE-2019-16131 (framework/admin/modulec_control.php in OKLite v1.2.25 has an Arb
NOT-FOR-US: OKLite
CVE-2019-16130 (YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.ph ...)
NOT-FOR-US: YII2-CMS
-CVE-2019-16129
- RESERVED
-CVE-2019-16128
- RESERVED
-CVE-2019-16127
- RESERVED
+CVE-2019-16129 (Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 ...)
+ NOT-FOR-US: Microchip CryptoAuthentication Library CryptoAuthLib
+CVE-2019-16128 (Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 ...)
+ NOT-FOR-US: Microchip CryptoAuthentication Library CryptoAuthLib
+CVE-2019-16127 (Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. ...)
+ NOT-FOR-US: Atmel Advanced Software Framework (ASF) 4
CVE-2019-16126 (Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaSc ...)
NOT-FOR-US: Grav CMS
CVE-2019-16125 (In Jobberbase 2.0, the parameter category is not sanitized in public/p ...)
@@ -11857,6 +12667,8 @@ CVE-2019-16061 (A number of files on the NETSAS Enigma NMS server 65.0.0 and pri
NOT-FOR-US: NETSAS Enigma NMS
CVE-2019-16089 (An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_s ...)
- linux <unfixed>
+ [bullseye] - linux <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - linux <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-16060 (The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist ...)
@@ -11873,7 +12685,7 @@ CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0
CVE-2019-16057 (The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnera ...)
NOT-FOR-US: D-Link
CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3 ...)
- {DLA-1925-1 DLA-1924-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1925-1 DLA-1924-1}
- python3.8 3.8.0~b4-1
- python3.7 3.7.4-4
[buster] - python3.7 3.7.3-2+deb10u1
@@ -11881,7 +12693,6 @@ CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.
- python3.4 <removed>
- python2.7 2.7.17~rc1-1 (bug #940901)
[buster] - python2.7 2.7.16-2+deb10u1
- [stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue34155
NOTE: https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 (master)
NOTE: https://github.com/python/cpython/commit/217077440a6938a0b428f67cfef6e053c4f8673c (v3.8.0b4)
@@ -11943,30 +12754,30 @@ CVE-2019-16030
RESERVED
CVE-2019-16029 (A vulnerability in the application programming interface (API) of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2019-16028
- RESERVED
+CVE-2019-16028 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ NOT-FOR-US: Cisco
CVE-2019-16027 (A vulnerability in the implementation of the Intermediate System&amp;n ...)
NOT-FOR-US: Cisco
CVE-2019-16026 (A vulnerability in the implementation of the Stream Control Transmissi ...)
NOT-FOR-US: Cisco
-CVE-2019-16025
- RESERVED
+CVE-2019-16025 (A vulnerability in the web framework of Cisco Emergency Responder coul ...)
+ NOT-FOR-US: Cisco
CVE-2019-16024 (A vulnerability in the web-based management interface of Cisco Crosswo ...)
NOT-FOR-US: Cisco
-CVE-2019-16023
- RESERVED
+CVE-2019-16023 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...)
+ NOT-FOR-US: Cisco
CVE-2019-16022 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...)
NOT-FOR-US: Cisco
-CVE-2019-16021
- RESERVED
+CVE-2019-16021 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...)
+ NOT-FOR-US: Cisco
CVE-2019-16020 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...)
NOT-FOR-US: Cisco
-CVE-2019-16019
- RESERVED
+CVE-2019-16019 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...)
+ NOT-FOR-US: Cisco
CVE-2019-16018 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
NOT-FOR-US: Cisco
-CVE-2019-16017
- RESERVED
+CVE-2019-16017 (A vulnerability in the Operations, Administration, Maintenance and Pro ...)
+ NOT-FOR-US: Cisco
CVE-2019-16016
RESERVED
CVE-2019-16015 (A vulnerability in the web-based management interface of the Cisco Dat ...)
@@ -11981,26 +12792,26 @@ CVE-2019-16011 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could
NOT-FOR-US: Cisco
CVE-2019-16010 (A vulnerability in the web UI of the Cisco SD-WAN vManage software cou ...)
NOT-FOR-US: Cisco
-CVE-2019-16009
- RESERVED
+CVE-2019-16009 (A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software c ...)
+ NOT-FOR-US: Cisco
CVE-2019-16008 (A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and ...)
NOT-FOR-US: Cisco
-CVE-2019-16007
- RESERVED
+CVE-2019-16007 (A vulnerability in the inter-service communication of Cisco AnyConnect ...)
+ NOT-FOR-US: Cisco
CVE-2019-16006
RESERVED
CVE-2019-16005 (A vulnerability in the web-based management interface of Cisco Webex V ...)
NOT-FOR-US: Cisco
-CVE-2019-16004
- RESERVED
+CVE-2019-16004 (A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signa ...)
+ NOT-FOR-US: Cisco
CVE-2019-16003 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
NOT-FOR-US: Cisco
CVE-2019-16002 (A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-W ...)
NOT-FOR-US: Cisco
CVE-2019-16001 (A vulnerability in the loading mechanism of specific dynamic link libr ...)
NOT-FOR-US: Cisco
-CVE-2019-16000
- RESERVED
+CVE-2019-16000 (A vulnerability in the automatic update process of Cisco Umbrella Roam ...)
+ NOT-FOR-US: Cisco
CVE-2019-15999 (A vulnerability in the application environment of Cisco Data Center Ne ...)
NOT-FOR-US: Cisco
CVE-2019-15998 (A vulnerability in the access-control logic of the NETCONF over Secure ...)
@@ -12013,10 +12824,10 @@ CVE-2019-15995 (A vulnerability in the web UI of Cisco DNA Spaces: Connector cou
NOT-FOR-US: Cisco
CVE-2019-15994 (A vulnerability in the web-based management interface of Cisco Stealth ...)
NOT-FOR-US: Cisco
-CVE-2019-15993
- RESERVED
-CVE-2019-15992
- RESERVED
+CVE-2019-15993 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
+ NOT-FOR-US: Cisco
+CVE-2019-15992 (A vulnerability in the implementation of the Lua interpreter integrate ...)
+ NOT-FOR-US: Cisco
CVE-2019-15991
RESERVED
CVE-2019-15990 (A vulnerability in the web-based management interface of certain Cisco ...)
@@ -12051,8 +12862,8 @@ CVE-2019-15976 (Multiple vulnerabilities in the authentication mechanisms of Cis
NOT-FOR-US: Cisco
CVE-2019-15975 (Multiple vulnerabilities in the authentication mechanisms of Cisco Dat ...)
NOT-FOR-US: Cisco
-CVE-2019-15974
- RESERVED
+CVE-2019-15974 (A vulnerability in the web interface of Cisco Managed Services Acceler ...)
+ NOT-FOR-US: Cisco
CVE-2019-15973 (A vulnerability in the web-based management interface of Cisco Industr ...)
NOT-FOR-US: Cisco
CVE-2019-15972 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -12061,8 +12872,8 @@ CVE-2019-15971 (A vulnerability in the MP3 detection engine of Cisco AsyncOS Sof
NOT-FOR-US: Cisco
CVE-2019-15970
RESERVED
-CVE-2019-15969
- RESERVED
+CVE-2019-15969 (A vulnerability in the web-based management interface of Cisco Web Sec ...)
+ NOT-FOR-US: Cisco
CVE-2019-15968 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2019-15967 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
@@ -12073,8 +12884,8 @@ CVE-2019-15965
RESERVED
CVE-2019-15964
RESERVED
-CVE-2019-15963
- RESERVED
+CVE-2019-15963 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
CVE-2019-15962 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
NOT-FOR-US: Cisco
CVE-2019-15961 (A vulnerability in the email parsing module Clam AntiVirus (ClamAV) So ...)
@@ -12085,12 +12896,12 @@ CVE-2019-15961 (A vulnerability in the email parsing module Clam AntiVirus (Clam
NOTE: https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
CVE-2019-15960 (A vulnerability in the Webex Network Recording Admin page of Cisco Web ...)
NOT-FOR-US: Cisco
-CVE-2019-15959
- RESERVED
+CVE-2019-15959 (A vulnerability in Cisco Small Business SPA500 Series IP Phones could ...)
+ NOT-FOR-US: Cisco
CVE-2019-15958 (A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and ...)
NOT-FOR-US: Cisco
-CVE-2019-15957
- RESERVED
+CVE-2019-15957 (A vulnerability in the web-based management interface of certain Cisco ...)
+ NOT-FOR-US: Cisco
CVE-2019-15956 (A vulnerability in the web management interface of Cisco AsyncOS Softw ...)
NOT-FOR-US: Cisco
CVE-2019-15955 (An issue was discovered in Total.js CMS 12.0.0. A low privilege user c ...)
@@ -12110,18 +12921,16 @@ CVE-2019-15949 (Nagios XI before 5.6.6 allows remote command execution as root.
CVE-2019-15948 (Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller dev ...)
NOT-FOR-US: Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices
CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted ...)
- - bitcoin <unfixed> (bug #939608)
+ - bitcoin 0.20.1~dfsg-1 (bug #939608)
CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet ...)
- {DLA-1916-1}
+ {DLA-2832-1 DLA-1916-1}
- opensc 0.20.0-1 (bug #939669)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740
CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...)
- {DLA-1916-1}
+ {DLA-2832-1 DLA-1916-1}
- opensc 0.20.0-1 (bug #939668)
[buster] - opensc <no-dsa> (Minor issue)
- [stretch] - opensc <no-dsa> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
CVE-2019-15944 (In Counter-Strike: Global Offensive before 8/29/2019, community game s ...)
NOT-FOR-US: Counter-Strike: Global Offensive
@@ -12129,7 +12938,7 @@ CVE-2019-15943 (vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1
NOT-FOR-US: Counter-Strike: Global Offensive
CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on uninitia ...)
- ffmpeg <not-affected> (Only affects 4.2)
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71
CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an ...)
{DSA-4533-1}
- lemonldap-ng 2.0.6+ds-1
@@ -12141,9 +12950,9 @@ CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may all
CVE-2019-15940 (Victure PC530 devices allow unauthenticated TELNET access as root. ...)
NOT-FOR-US: Victure PC530 devices
CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...)
+ {DLA-2799-1}
- opencv 4.1.2+dfsg-3
[buster] - opencv <no-dsa> (Minor issue)
- [stretch] - opencv <no-dsa> (Minor issue)
[jessie] - opencv <no-dsa> (Minor issue)
NOTE: https://github.com/OpenCV/opencv/issues/15287
NOTE: https://github.com/opencv/opencv/pull/15382
@@ -12305,24 +13114,25 @@ CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in i
NOTE: https://www.openwall.com/lists/oss-security/2019/09/06/3
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/c59279437eda91841b9d26079c70b8a540d41204
NOTE: 1:4.1-2 switched to system libslirp, marking that version as fixed
+ NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-jx98-2j5v-w265
CVE-2019-15889 (The download-manager plugin before 2.9.94 for WordPress has XSS via th ...)
NOT-FOR-US: download-manager plugin for WordPress
CVE-2019-15888
- RESERVED
+ REJECTED
CVE-2019-15887
- RESERVED
+ REJECTED
CVE-2019-15886
- RESERVED
+ REJECTED
CVE-2019-15885
- RESERVED
+ REJECTED
CVE-2019-15884
- RESERVED
+ REJECTED
CVE-2019-15883
- RESERVED
+ REJECTED
CVE-2019-15882
- RESERVED
+ REJECTED
CVE-2019-15881
- RESERVED
+ REJECTED
CVE-2019-15880 (In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, ins ...)
NOT-FOR-US: FreeBSD
CVE-2019-15879 (In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-ST ...)
@@ -12407,9 +13217,9 @@ CVE-2019-15849 (eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An
CVE-2019-15848 (JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XS ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2019-15847 (The POWER9 backend in GNU Compiler Collection (GCC) before version 10 ...)
- - gcc-7 <unfixed>
+ - gcc-7 7.4.0-12
[buster] - gcc-7 <ignored> (minor issue, affects only POWER9 binaries)
- - gcc-8 <unfixed>
+ - gcc-8 8.3.0-22
[buster] - gcc-8 <ignored> (minor issue, affects only POWER9 binaries)
- gcc-9 9.2.1-7 (low)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481
@@ -12423,8 +13233,7 @@ CVE-2019-15845 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed>
- [jessie] - jruby <not-affected> (vulnerable code is not present)
+ - jruby <not-affected> (Dir.java in JRuby does not have this C string handling bug from dir.c in Ruby)
NOTE: https://github.com/ruby/ruby/commit/a0a2640b398cffd351f87d3f6243103add66575b
NOTE: https://hackerone.com/reports/449617
NOTE: https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/
@@ -12600,7 +13409,7 @@ CVE-2019-15769 (The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF
CVE-2019-15768
RESERVED
CVE-2019-15767 (In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_ ...)
- - gnuchess <unfixed> (unimportant; bug #936023)
+ - gnuchess 6.2.7-1 (unimportant; bug #936023)
NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00004.html
NOTE: Neutralised by toolchain hardening, no security impact
CVE-2019-15766 (The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android al ...)
@@ -12841,7 +13650,7 @@ CVE-2019-15690
{DLA-2146-1}
- libvncserver 0.9.12+dfsg-9 (bug #954163)
[buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3
- [stretch] - libvncserver <no-dsa> (Minor issue)
+ [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4
NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2
NOTE: https://github.com/LibVNC/libvncserver/issues/381
NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed
@@ -13054,6 +13863,7 @@ CVE-2019-15609 (The kill-port-process package version &lt; 2.2.0 is vulnerable t
NOT-FOR-US: Node kill-port-process
CVE-2019-15608 (The package integrity validation in yarn &lt; 1.19.0 contains a TOCTOU ...)
- node-yarnpkg 1.19.1-1
+ [buster] - node-yarnpkg <no-dsa> (Minor issue)
NOTE: https://hackerone.com/reports/703138
CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version: &lt;= ...)
NOT-FOR-US: node-red
@@ -13069,8 +13879,9 @@ CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes maliciou
- nodejs 10.19.0~dfsg-1
[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
- [experimental] - http-parser 2.9.3-1
- - http-parser <unfixed>
+ - http-parser 2.9.4-2 (bug #977467)
+ [buster] - http-parser 2.8.1-1+deb10u1
+ [stretch] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI)
[jessie] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI)
NOTE: https://hackerone.com/reports/735748
NOTE: https://github.com/nodejs/http-parser/commit/7d5c99d09f6743b055d53fc3f642746d9801479b (http-parser)
@@ -13194,7 +14005,7 @@ CVE-2019-15564 (The Compassion Switzerland addons 10.01.4 for Odoo allow SQL inj
NOT-FOR-US: Compassion Switzerland addons for Odoo
CVE-2019-15563 (Observational Health Data Sciences and Informatics (OHDSI) WebAPI befo ...)
NOT-FOR-US: Observational Health Data Sciences and Informatics
-CVE-2019-15562 (GORM before 1.9.10 allows SQL injection via incomplete parentheses. ...)
+CVE-2019-15562 (** DISPUTED ** GORM before 1.9.10 allows SQL injection via incomplete ...)
NOT-FOR-US: GORM
CVE-2019-15561 (FlashLingo before 2019-06-12 allows SQL injection, related to flashlin ...)
NOT-FOR-US: FlashLingo
@@ -13212,22 +14023,22 @@ CVE-2019-15555 (FredReinink Wellness-app before 2019-06-19 allows SQL injection,
NOT-FOR-US: FredReinink Wellness-app
CVE-2019-15554 (An issue was discovered in the smallvec crate before 0.6.10 for Rust. ...)
- rust-smallvec 0.6.10-1
- [buster] - rust-smallvec <no-dsa> (Minor issue)
+ [buster] - rust-smallvec <ignored> (Minor issue)
NOTE: https://github.com/servo/rust-smallvec/issues/149
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0012.html
CVE-2019-15553 (An issue was discovered in the memoffset crate before 0.5.0 for Rust. ...)
- rust-memoffset 0.5.1-1 (bug #936025)
- [buster] - rust-memoffset <no-dsa> (Minor issue)
+ [buster] - rust-memoffset <ignored> (Minor issue)
NOTE: https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0011.html
CVE-2019-15552 (An issue was discovered in the libflate crate before 0.1.25 for Rust. ...)
- - rust-libflate 0.1.25-1
+ - rust-libflate 0.1.25-1 (bug #969899)
[buster] - rust-libflate <no-dsa> (Minor issue)
NOTE: https://github.com/sile/libflate/issues/35
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0010.html
CVE-2019-15551 (An issue was discovered in the smallvec crate before 0.6.10 for Rust. ...)
- rust-smallvec 0.6.10-1
- [buster] - rust-smallvec <no-dsa> (Minor issue)
+ [buster] - rust-smallvec <ignored> (Minor issue)
NOTE: https://github.com/servo/rust-smallvec/issues/148
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0009.html
CVE-2019-15550 (An issue was discovered in the simd-json crate before 0.1.15 for Rust. ...)
@@ -13235,9 +14046,11 @@ CVE-2019-15550 (An issue was discovered in the simd-json crate before 0.1.15 for
CVE-2019-15549 (An issue was discovered in the asn1_der crate before 0.6.2 for Rust. A ...)
NOT-FOR-US: Rust crate asn1_der
CVE-2019-15548 (An issue was discovered in the ncurses crate through 5.99.0 for Rust. ...)
- NOT-FOR-US: Rust crate ncurses
+ - rust-ncurses <unfixed> (bug #972100)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0006.html
CVE-2019-15547 (An issue was discovered in the ncurses crate through 5.99.0 for Rust. ...)
- NOT-FOR-US: Rust crate ncurses
+ - rust-ncurses <unfixed> (bug #972100)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0006.html
CVE-2019-15546 (An issue was discovered in the pancurses crate through 0.16.1 for Rust ...)
NOT-FOR-US: Rust crate pancurses
CVE-2019-15545 (An issue was discovered in the libp2p-core crate before 0.8.1 for Rust ...)
@@ -13247,7 +14060,7 @@ CVE-2019-15544 (An issue was discovered in the protobuf crate before 2.6.0 for R
CVE-2019-15543 (An issue was discovered in the slice-deque crate before 0.2.0 for Rust ...)
NOT-FOR-US: Rust crate slice-deque
CVE-2019-15542 (An issue was discovered in the ammonia crate before 2.1.0 for Rust. Th ...)
- NOT-FOR-US: Rust crate ammonia
+ - rust-ammonia <not-affected> (Fixed before initial upload)
CVE-2019-15541 (rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for ...)
NOT-FOR-US: Rust crate rustls
CVE-2019-15540 (filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2. ...)
@@ -13274,10 +14087,9 @@ CVE-2019-15533 (XENFCoreSharp before 2019-07-16 allows SQL injection in web/veri
CVE-2019-15532 (CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBrut ...)
NOT-FOR-US: CyberChef
CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read in the ...)
- {DLA-1904-1}
+ {DLA-2851-1 DLA-1904-1}
- libextractor 1:1.9-2 (bug #935553)
[buster] - libextractor <no-dsa> (Minor issue)
- [stretch] - libextractor <no-dsa> (Minor issue)
NOTE: https://bugs.gnunet.org/view.php?id=5846
NOTE: https://git.gnunet.org/libextractor.git/commit/?id=d2b032452241708bee68d02aa02092cfbfba951a
CVE-2019-15530 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...)
@@ -13294,12 +14106,15 @@ CVE-2019-15525 (There is Missing SSL Certificate Validation in the pw3270 termin
NOT-FOR-US: pw3270 terminal emulator
CVE-2019-15524 (CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php ...)
NOT-FOR-US: CSZ CMS
-CVE-2019-15523
- RESERVED
+CVE-2019-15523 (An issue was discovered in LINBIT csync2 through 2.0. It does not corr ...)
+ {DLA-2515-1}
+ - csync2 2.0-25-gc0faaf9-1
+ [buster] - csync2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2
CVE-2019-15522 (An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_ses ...)
- csync2 2.0-25-gc0faaf9-1 (bug #955445)
[buster] - csync2 2.0-22-gce67c55-1+deb10u1
- [stretch] - csync2 <no-dsa> (Minor issue)
+ [stretch] - csync2 2.0-8-g175a01c-4+deb9u1
[jessie] - csync2 <no-dsa> (Minor issue)
NOTE: https://github.com/LINBIT/csync2/pull/13/commits/0ecfc333da51575f188dd7cf6ac4974d13a800b1
CVE-2019-15521 (Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and ...)
@@ -13728,12 +14543,12 @@ CVE-2019-15314 (tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers t
- tikiwiki <removed>
CVE-2019-15313 (In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persiste ...)
NOT-FOR-US: Zimbra Collaboration
-CVE-2019-15312
- RESERVED
-CVE-2019-15311
- RESERVED
-CVE-2019-15310
- RESERVED
+CVE-2019-15312 (An issue was discovered on Zolo Halo devices via the Linkplay firmware ...)
+ NOT-FOR-US: Zolo Halo devices
+CVE-2019-15311 (An issue was discovered on Zolo Halo devices via the Linkplay firmware ...)
+ NOT-FOR-US: Zolo Halo devices
+CVE-2019-15310 (An issue was discovered on various devices via the Linkplay firmware. ...)
+ NOT-FOR-US: Linkplay
CVE-2019-15309
RESERVED
CVE-2019-15308
@@ -13760,7 +14575,7 @@ CVE-2019-15298 (A problem was found in Centreon Web through 19.04.3. An authenti
- centreon-web <itp> (bug #913903)
CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allo ...)
- asterisk 1:16.10.0~dfsg-1 (low; bug #940060)
- [buster] - asterisk <no-dsa> (Minor issue)
+ [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
[stretch] - asterisk <no-dsa> (Minor issue)
[jessie] - asterisk <not-affected> (The vulnerable code is not present)
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-004.html
@@ -13775,20 +14590,20 @@ CVE-2019-15294 (An issue was discovered in Gallagher Command Centre 8.10 before
NOT-FOR-US: Gallagher Command Centre
CVE-2019-15293 (An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 115 ...)
NOT-FOR-US: ACDSee
-CVE-2019-15289
- RESERVED
+CVE-2019-15289 (Multiple vulnerabilities in the video service of Cisco TelePresence Co ...)
+ NOT-FOR-US: Cisco
CVE-2019-15288 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
NOT-FOR-US: Cisco
-CVE-2019-15287
- RESERVED
+CVE-2019-15287 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
+ NOT-FOR-US: Cisco
CVE-2019-15286 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
NOT-FOR-US: Cisco
-CVE-2019-15285
- RESERVED
+CVE-2019-15285 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
+ NOT-FOR-US: Cisco
CVE-2019-15284 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
NOT-FOR-US: Cisco
-CVE-2019-15283
- RESERVED
+CVE-2019-15283 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
+ NOT-FOR-US: Cisco
CVE-2019-15282 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2019-15281 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -13896,8 +14711,10 @@ CVE-2019-15239 (In the Linux kernel, a certain net/ipv4/tcp_output.c change, whi
CVE-2019-15238 (The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-15237 (Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, ...)
- - roundcube <unfixed> (low; bug #949629)
- [buster] - roundcube <no-dsa> (Minor issue)
+ [experimental] - roundcube 1.5~rc+dfsg.1-1
+ - roundcube 1.5.0+dfsg.1-1 (low; bug #949629)
+ [bullseye] - roundcube <ignored> (Minor issue)
+ [buster] - roundcube <ignored> (Minor issue)
[stretch] - roundcube <no-dsa> (Minor issue)
NOTE: https://github.com/roundcube/roundcubemail/issues/6891
CVE-2019-15236
@@ -13985,6 +14802,7 @@ CVE-2019-15214 (An issue was discovered in the Linux kernel before 5.0.10. There
[stretch] - linux 4.9.184-1
CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3. There is a u ...)
- linux <unfixed>
+ [bullseye] - linux <postponed> (Revisit when correctly fixed upstream)
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
CVE-2019-15212 (An issue was discovered in the Linux kernel before 5.1.8. There is a d ...)
@@ -14092,10 +14910,9 @@ CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4
CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...)
- {DLA-1967-1}
+ {DLA-2850-1 DLA-1967-1}
- libpcap 1.9.1-1 (low; bug #941697)
- [buster] - libpcap <no-dsa> (Minor issue)
- [stretch] - libpcap <no-dsa> (Minor issue)
+ [buster] - libpcap <ignored> (Minor issue)
NOTE: https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab
NOTE: https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6
CVE-2019-15164 (rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may ...)
@@ -14145,7 +14962,8 @@ CVE-2019-15153
CVE-2019-15152
RESERVED
CVE-2019-15151 (AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. ...)
- - adplug <unfixed> (bug #946340)
+ [experimental] - adplug 2.3.3+dfsg-1
+ - adplug 2.3.3+dfsg-2 (bug #946340)
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
@@ -14161,31 +14979,23 @@ CVE-2019-15147 (GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GP
CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in ...)
NOT-FOR-US: gpmf-parser
CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack ...)
- {DLA-1902-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
- [buster] - djvulibre <no-dsa> (Minor issue)
- [stretch] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/298/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate&lt; ...)
- {DLA-1902-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
- [buster] - djvulibre <no-dsa> (Minor issue)
- [stretch] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/299/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...)
- {DLA-1902-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
- [buster] - djvulibre <no-dsa> (Minor issue)
- [stretch] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/297/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...)
- {DLA-1902-1}
+ {DSA-5032-1 DLA-2667-1 DLA-1902-1}
- djvulibre 3.5.27.1-11 (low)
- [buster] - djvulibre <no-dsa> (Minor issue)
- [stretch] - djvulibre <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/djvu/bugs/296/
NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows att ...)
@@ -14193,18 +15003,16 @@ CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allo
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1560
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112
CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to ca ...)
- {DLA-1968-1}
- - imagemagick <unfixed> (bug #941671)
+ {DSA-4715-1 DSA-4712-1 DLA-1968-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #941671)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010
NOTE: followup, previous patch introduced compiler warnings
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1554
CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component ...)
- {DLA-1968-1}
- - imagemagick <unfixed> (bug #941670)
- [buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
+ {DSA-4712-1 DLA-2366-1 DLA-1968-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #941670)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6d46f0a046a58e7c4567a86ba1b9cb847d5b1968
NOTE: ImageMagick6: followup, partly reverts previous patch:
@@ -14230,11 +15038,13 @@ CVE-2019-15133 (In GIFLIB before 2019-02-16, a malformed GIF file triggers a div
NOTE: https://sourceforge.net/p/giflib/code/ci/799eb6a3af8a3dd81e2429bf11a72a57e541f908/
NOTE: https://sourceforge.net/p/giflib/bugs/119/
CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User Enumeration. With login request ...)
- - zabbix <unfixed> (bug #935027)
+ {DLA-2631-1}
+ - zabbix 1:5.0.7+dfsg-1 (bug #935027)
[buster] - zabbix <no-dsa> (Minor issue)
- [stretch] - zabbix <no-dsa> (Minor issue)
[jessie] - zabbix <postponed> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-16532
+ NOTE: https://support.zabbix.com/browse/ZBX-5842
+ NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/b5a110e4d1c21d865cd03e3ef8dbc6f37221b60f (4.0.27rc1)
CVE-2019-15131 (In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 ...)
NOT-FOR-US: Code42
CVE-2019-15130 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 ...)
@@ -14251,8 +15061,8 @@ CVE-2019-15125
RESERVED
CVE-2019-15124 (In the MobileFrontend extension for MediaWiki, XSS exists within the e ...)
NOT-FOR-US: MobileFrontend extension for MediaWiki
-CVE-2019-15123
- RESERVED
+CVE-2019-15123 (The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated u ...)
+ NOT-FOR-US: Viki Vera
CVE-2019-15122
RESERVED
CVE-2019-15121
@@ -14353,12 +15163,12 @@ CVE-2019-15082 (The 360-product-rotation plugin before 1.4.8 for WordPress has r
NOT-FOR-US: Wordpress plugin
CVE-2019-15081 (OpenCart 3.x, when the attacker has login access to the admin panel, a ...)
NOT-FOR-US: OpenCart
-CVE-2019-15080
- RESERVED
-CVE-2019-15079
- RESERVED
-CVE-2019-15078
- RESERVED
+CVE-2019-15080 (An issue was discovered in a smart contract implementation for MORPH T ...)
+ NOT-FOR-US: MORPH Token Ethereum token
+CVE-2019-15079 (A typo exists in the constructor of a smart contract implementation fo ...)
+ NOT-FOR-US: EAI Ethereum token
+CVE-2019-15078 (An issue was discovered in a smart contract implementation for AIRDROP ...)
+ NOT-FOR-US: AIRDROPX BORN Ethereum token
CVE-2019-15077
RESERVED
CVE-2019-15076
@@ -14398,13 +15208,15 @@ CVE-2019-15061
RESERVED
CVE-2019-15060 (The traceroute function on the TP-Link TL-WR840N v4 router with firmwa ...)
NOT-FOR-US: TP-Link
-CVE-2019-15059
- RESERVED
+CVE-2019-15059 (In Liberty lisPBX 2.0-4, configuration backup files can be retrieved r ...)
+ NOT-FOR-US: Liberty lisPBX
CVE-2019-15058 (stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer ov ...)
- - libstb <unfixed> (bug #934973)
+ - libstb 0.0~git20210910.af1a5bc+ds-1 (bug #934973)
+ [bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/790
NOTE: Potentially also affects libsixel, mame, libsfml, love, zynaddsubfx, yquake2, ccextractor, zam-plugins, osgearth, catimg, darknet, gem, retroarch, renderdoc, goxel
+ NOTE: https://github.com/nothings/stb/commit/bfaccab17a648b315543d366c63aee575a0756b7
CVE-2019-15057
RESERVED
CVE-2019-15056
@@ -14417,6 +15229,7 @@ CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for Con
NOT-FOR-US: "HTML Include and replace macro" plugin for Confluence Server
CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication credentials ...)
- gradle <unfixed> (low; bug #941187)
+ [bullseye] - gradle <no-dsa> (Minor issue)
[buster] - gradle <no-dsa> (Minor issue)
[stretch] - gradle <no-dsa> (Minor issue)
[jessie] - gradle <postponed> (Minor issue, old gradle mainly used for building Debian packages with system libraries)
@@ -14585,10 +15398,8 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerabil
NOTE: https://github.com/Exiv2/exiv2/issues/960
NOTE: https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62
CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is ...)
- {DLA-1968-1}
- - imagemagick <unfixed> (bug #955025)
- [buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
+ {DSA-4712-1 DLA-2333-1 DLA-1968-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #955025)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is ...)
@@ -14607,8 +15418,8 @@ CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords par
CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_ch ...)
- mupdf <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701292
- NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=abcb3e68670ebc2e5127953462a026fe1a5dd321 (1.16.0-rc1)
- NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=97096297d409ec6f206298444ba00719607e8ba8 (1.16.0)
+ NOTE: Introduced by: https://git.ghostscript.com/?p=mupdf.git;a=commit;h=abcb3e68670ebc2e5127953462a026fe1a5dd321 (1.16.0-rc1)
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commit;h=97096297d409ec6f206298444ba00719607e8ba8 (1.16.0)
CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.h ...)
NOT-FOR-US: SugarCRM
CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...)
@@ -14695,7 +15506,7 @@ CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a us
NOT-FOR-US: Storage Performance Development Kit
CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for N ...)
- node-mysql 2.18.0-1 (bug #934712)
- [buster] - node-mysql <no-dsa> (Minor issue)
+ [buster] - node-mysql 2.16.0-1+deb10u1
[stretch] - node-mysql <end-of-life> (Nodejs in stretch not covered by security support)
[jessie] - node-mysql <end-of-life> (Nodejs in jessie not covered by security support)
NOTE: https://github.com/mysqljs/mysql/issues/2257
@@ -14708,9 +15519,9 @@ CVE-2019-14936 (Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive In
CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA% ...)
NOT-FOR-US: 3CX Phone 15 on Windows
CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_ki ...)
+ {DLA-2475-1}
- pdfresurrect 0.18-1
[buster] - pdfresurrect <no-dsa> (Minor issue)
- [stretch] - pdfresurrect <no-dsa> (Minor issue)
[jessie] - pdfresurrect <no-dsa> (Minor issue)
NOTE: https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6
NOTE: https://github.com/enferex/pdfresurrect/issues/6
@@ -14766,11 +15577,11 @@ CVE-2019-14910 (A vulnerability was found in keycloak 7.x, when keycloak is conf
CVE-2019-14909 (A vulnerability was found in Keycloak 7.x where the user federation LD ...)
NOT-FOR-US: Keycloak
CVE-2019-14908
- RESERVED
+ REJECTED
CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11 ...)
+ {DLA-2668-1}
- samba 2:4.11.5+dfsg-1
[buster] - samba <no-dsa> (Minor issue)
- [stretch] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html
CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did not fix ...)
@@ -14783,34 +15594,36 @@ CVE-2019-14905 (A vulnerability was found in Ansible Engine versions 2.9.x befor
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776943
NOTE: https://github.com/ansible/ansible/pull/65423
NOTE: https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md
-CVE-2019-14904 [vulnerability in solaris_zone module via crafted solaris zone]
- RESERVED
+CVE-2019-14904 (A flaw was found in the solaris_zone module from the Ansible Community ...)
+ {DSA-4950-1 DLA-2535-1}
- ansible 2.9.4+dfsg-1 (low)
- [buster] - ansible <no-dsa> (Minor issue)
- [stretch] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable module first bundled in 2.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776944
NOTE: https://github.com/ansible/ansible/pull/65686
NOTE: https://github.com/ansible/ansible/blob/stable-2.0/CHANGELOG.md
CVE-2019-14903
- RESERVED
+ REJECTED
CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5, all samb ...)
+ {DLA-2668-1}
- samba 2:4.11.5+dfsg-1
[buster] - samba <no-dsa> (Minor issue)
- [stretch] - samba <no-dsa> (Minor issue)
- [jessie] - samba <no-dsa> (Minor issue)
+ [jessie] - samba <ignored> (difficult and risky backport to 4.2 in jessie)
NOTE: https://www.samba.org/samba/security/CVE-2019-14902.html
+ NOTE: Workaround: Use of 'samba-tool drs replicate $DC1 $DC2 $NC --full-sync' will
+ NOTE: cause all ACLs to be syncronised from DC2 to DC1, for the given NC (naming
+ NOTE: context).
CVE-2019-14901 (A heap overflow flaw was found in the Linux kernel, all versions 3.x.x ...)
{DLA-2114-1 DLA-2068-1}
- linux 5.4.13-1
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/2
-CVE-2019-14900
- RESERVED
- - libhibernate-validator-java <undetermined>
+CVE-2019-14900 (A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 an ...)
+ - libhibernate3-java <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1666499
- TODO: check with Red Hat, unspecific information apart the it affecting 4.3 to 5.4 inclusive
+ NOTE: https://github.com/hibernate/hibernate-orm/commit/b658e903d71e34a5be5690a33e6faa21b1db628b
+ NOTE: https://github.com/hibernate/hibernate-orm/commit/7dfb0fdf24fb4a1f757be14ce5806b5a81f20ab8
+ NOTE: https://github.com/hibernate/hibernate-orm/commit/50a5da07c1e6cb1da630b01c67bce9f7fe49dd8e
CVE-2019-14899 (A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, ...)
NOTE: https://www.openwall.com/lists/oss-security/2019/12/05/1
CVE-2019-14898 (The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 w ...)
@@ -14833,8 +15646,7 @@ CVE-2019-14895 (A heap-based buffer overflow was discovered in the Linux kernel,
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1
-CVE-2019-14894
- RESERVED
+CVE-2019-14894 (A flaw was found in the CloudForms management engine version 5.10 and ...)
NOT-FOR-US: Red Hat CloudForm
CVE-2019-14893 (A flaw was discovered in FasterXML jackson-databind in all versions be ...)
- jackson-databind 2.10.0-1
@@ -14866,8 +15678,12 @@ CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in v
NOTE: https://bugs.debian.org/947129
NOTE: https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d163a943737fe4160f7233925df2eee1f9a
CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in versions befo ...)
- - undertow <undetermined>
+ - undertow 2.0.30-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464
+ NOTE: https://issues.redhat.com/browse/UNDERTOW-1623
+ NOTE: https://github.com/undertow-io/undertow/commit/846c50ead09f7d0b38965b4726ba0b6c5582bf7f (and followups)
+ NOTE: https://github.com/undertow-io/undertow/pull/828
+ NOTE: https://github.com/undertow-io/undertow/pull/852
CVE-2019-14887 (A flaw was found when an OpenSSL security provider is used with Wildfl ...)
- wildfly <itp> (bug #752018)
CVE-2019-14886 (A vulnerability was found in business-central, as shipped in rhdm-7.5. ...)
@@ -14891,15 +15707,17 @@ CVE-2019-14878 (In the __d2b function of the newlib libc library, all versions p
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
[jessie] - newlib <ignored> (Minor issue)
+ - picolibc 1.4.3-1
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
- TODO: picolibc might be affected, not yet in the archive
+ NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14877 (In the __mdiff function of the newlib libc library, all versions prior ...)
- newlib 3.3.0-1
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
[jessie] - newlib <ignored> (Minor issue)
+ - picolibc 1.4.3-1
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
- TODO: picolibc might be affected
+ NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14876 (In the __lshift function of the newlib libc library, all versions prio ...)
- newlib 3.3.0-1
[buster] - newlib <no-dsa> (Minor issue)
@@ -14919,33 +15737,37 @@ CVE-2019-14874 (In the __i2b function of the newlib libc library, all versions p
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
[jessie] - newlib <ignored> (Minor issue)
- - picolibc <unfixed> (unimportant)
+ - picolibc 1.4.3-1
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
+ NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14873 (In the __multadd function of the newlib libc library, prior to version ...)
- newlib 3.3.0-1
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
[jessie] - newlib <ignored> (Minor issue)
+ - picolibc 1.4.3-1
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
- TODO: picolibc might be affected
+ NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14872 (The _dtoa_r function of the newlib libc library, prior to version 3.3. ...)
- newlib 3.3.0-1
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
[jessie] - newlib <ignored> (Minor issue)
+ - picolibc 1.4.3-1
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
- TODO: picolibc might be affected
+ NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14871 (The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by ...)
- newlib 3.3.0-1
[buster] - newlib <no-dsa> (Minor issue)
[stretch] - newlib <no-dsa> (Minor issue)
[jessie] - newlib <ignored> (Minor issue)
+ - picolibc 1.4.3-1
NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
- TODO: picolibc might be affected
+ NOTE: https://keithp.com/blogs/picolibc-string-float/
CVE-2019-14870 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11 ...)
+ {DLA-2668-1}
- samba 2:4.11.3+dfsg-1
[buster] - samba <no-dsa> (Minor issue)
- [stretch] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
- heimdal 7.7.0+dfsg-1 (bug #946786)
[buster] - heimdal <no-dsa> (Minor issue)
@@ -14961,11 +15783,14 @@ CVE-2019-14869 (A flaw was found in all versions of ghostscript 9.x before 9.50,
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701841
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1768911
NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
- NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
+ NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
NOTE: which changed the access to file permissions.
CVE-2019-14868 (In ksh version 20120801, a flaw was found in the way it evaluates cert ...)
+ {DLA-2284-1}
- ksh 2020.0.0-2.1 (bug #948989)
+ [buster] - ksh 93u+20120801-3.4+deb10u1
[jessie] - ksh <ignored> (Minor issue)
+ - ksh93 <removed> (bug #964034)
NOTE: https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
CVE-2019-14867 (A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...)
- freeipa 4.8.3-1
@@ -14984,9 +15809,9 @@ CVE-2019-14865 (A flaw was found in the grub2-set-bootflag utility of grub2. A l
NOTE: https://seclists.org/oss-sec/2019/q4/101
NOTE: Red Hat-specific patch, get added as 0131-Add-grub-set-bootflag-utility.patch in their SRPM
CVE-2019-14864 (Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible v ...)
+ {DSA-4950-1}
- ansible 2.9.2+dfsg-1 (low; bug #943768)
- [buster] - ansible <no-dsa> (Minor issue)
- [stretch] - ansible <no-dsa> (Minor issue)
+ [stretch] - ansible <not-affected> (Vulnerable code was introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/ansible/ansible/issues/63522
NOTE: https://github.com/ansible/ansible/pull/63527
@@ -15005,9 +15830,9 @@ CVE-2019-14862 (There is a vulnerability in knockout before version 3.5.0-beta,
NOTE: https://github.com/knockout/knockout/commit/7e280b2b8a04cc19176b5171263a5c68bda98efb
NOTE: Only impacts browsers which are totally insecure and EOLed anyway
CVE-2019-14861 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11 ...)
+ {DLA-2668-1}
- samba 2:4.11.3+dfsg-1
[buster] - samba <no-dsa> (Minor issue)
- [stretch] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14861.html
CVE-2019-14860 (It was found that the Syndesis configuration for Cross-Origin Resource ...)
@@ -15023,27 +15848,27 @@ CVE-2019-14859 (A flaw was found in all python-ecdsa versions before 0.13.3, whe
CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible ...)
- ansible 2.8.6+dfsg-1 (bug #942332)
[buster] - ansible <no-dsa> (Minor issue)
- [stretch] - ansible <no-dsa> (Minor issue)
+ [stretch] - ansible <not-affected> (Vulnerable code was introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593
NOTE: https://github.com/ansible/ansible/pull/63405
NOTE: Sub-options/sub-specs/sub-parameters introduced in https://github.com/ansible/ansible/commit/25de905c6e05bd6df91f4299628ee6d386d3da50 (2.4)
CVE-2019-14857 (A flaw was found in mod_auth_openidc before version 2.4.0.1. An open r ...)
- {DLA-1996-1}
+ {DLA-2298-1 DLA-1996-1}
- libapache2-mod-auth-openidc 2.4.0.3-1 (bug #942165)
[buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
- [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/5c15dfb08106c2451c2c44ce7ace6813c216ba75
NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/ce37080c6aea30aabae8b4a9b4eea7808445cc8e
NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/451
NOTE: https://groups.google.com/forum/#!topic/mod_auth_openidc/boy1Ba3Gdk4
CVE-2019-14855 (A flaw was found in the way certificate signatures could be forged usi ...)
- gnupg2 2.2.19-1 (low; bug #945859)
- [buster] - gnupg2 <no-dsa> (Minor issue)
+ [buster] - gnupg2 <ignored> (Minor issue)
[stretch] - gnupg2 <no-dsa> (Minor issue)
[jessie] - gnupg2 <ignored> (No backport to version << 2.2.x, low impact, danger of breaking things)
- gnupg1 <unfixed> (low)
- [buster] - gnupg1 <no-dsa> (Minor issue)
+ [bullseye] - gnupg1 <ignored> (Minor issue)
+ [buster] - gnupg1 <ignored> (Minor issue)
[stretch] - gnupg1 <no-dsa> (Minor issue)
- gnupg <removed> (low)
[jessie] - gnupg <ignored> (No backport to version << 2.2.x, low impact, danger of breaking things)
@@ -15062,10 +15887,9 @@ CVE-2019-14853 (An error-handling flaw was found in python-ecdsa before version
NOTE: https://github.com/warner/python-ecdsa/pull/115
NOTE: https://github.com/warner/python-ecdsa/pull/124
NOTE: Fix for CVE-2019-14853 fixes as well CVE-2019-14859.
-CVE-2019-14852
- RESERVED
-CVE-2019-14851 [assertion failure by issuing commands in the wrong order]
- RESERVED
+CVE-2019-14852 (A flaw was found in 3scale&#8217;s APIcast gateway that enabled the TL ...)
+ NOT-FOR-US: Red Hat 3scale API gateway
+CVE-2019-14851 (A denial of service vulnerability was discovered in nbdkit. A client i ...)
- nbdkit 1.14.2-1
[buster] - nbdkit <not-affected> (Issue introduced by the fix for CVE-2019-14850)
[stretch] - nbdkit <not-affected> (Issue introduced by the fix for CVE-2019-14850)
@@ -15077,8 +15901,7 @@ CVE-2019-14851 [assertion failure by issuing commands in the wrong order]
NOTE: https://github.com/libguestfs/nbdkit/commit/bf0d61883a2f02f4388ec10dc92d4c61c093679e
NOTE: 1.12:
NOTE: https://github.com/libguestfs/nbdkit/commit/b2bc6683ea3cd1f6be694e8a681dfa411b7d15f3
-CVE-2019-14850 [denial of service due to premature opening of back-end connection]
- RESERVED
+CVE-2019-14850 (A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.1 ...)
- nbdkit 1.14.1-1
[buster] - nbdkit <no-dsa> (Minor issue)
[stretch] - nbdkit <no-dsa> (Minor issue)
@@ -15096,18 +15919,16 @@ CVE-2019-14850 [denial of service due to premature opening of back-end connectio
CVE-2019-14849 (A vulnerability was found in 3scale before version 2.6, did not set th ...)
NOT-FOR-US: Red Hat 3scale
CVE-2019-14848
- RESERVED
+ REJECTED
CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x b ...)
+ {DLA-2668-1}
- samba 2:4.11.0+dfsg-6
[buster] - samba <no-dsa> (Minor issue)
- [stretch] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html
-CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ...)
- {DLA-2202-1}
+CVE-2019-14846 (In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, an ...)
+ {DSA-4950-1 DLA-2535-1 DLA-2202-1}
- ansible 2.8.6+dfsg-1 (low; bug #942188)
- [buster] - ansible <no-dsa> (Minor issue)
- [stretch] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373
NOTE: https://github.com/ansible/ansible/pull/63366
NOTE: https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4
@@ -15122,16 +15943,18 @@ CVE-2019-14843 (A flaw was found in Wildfly Security Manager, running under JDK
- wildfly <itp> (bug #752018)
CVE-2019-14841
RESERVED
+ NOT-FOR-US: Red Hat Decision Manager
CVE-2019-14840
RESERVED
CVE-2019-14839
RESERVED
+ NOT-FOR-US: Red Hat / JBoss BPMS Business-central console
CVE-2019-14838 (A flaw was found in wildfly-core before 7.2.5.GA. The Management users ...)
- wildfly <itp> (bug #752018)
CVE-2019-14837 (A flaw was found in keycloack before version 8.0.0. The owner of 'plac ...)
NOT-FOR-US: Keycloak
-CVE-2019-14836
- RESERVED
+CVE-2019-14836 (A vulnerability was found that the 3scale dev portal does not employ m ...)
+ NOT-FOR-US: 3scale
CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...)
{DSA-4531-1 DLA-1940-1 DLA-1930-1}
- linux 5.2.17-1
@@ -15142,32 +15965,33 @@ CVE-2019-14834 (A vulnerability was found in dnsmasq before version 2.81, where
[buster] - dnsmasq <no-dsa> (Minor issue)
[stretch] - dnsmasq <no-dsa> (Minor issue)
[jessie] - dnsmasq <no-dsa> (Minor issue)
- NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1764425
CVE-2019-14833 (A flaw was found in Samba, all versions starting samba 4.5.0 before sa ...)
+ {DLA-2668-1}
- samba 2:4.11.1+dfsg-2
[buster] - samba <no-dsa> (Minor issue)
- [stretch] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-14833.html
CVE-2019-14832 (A flaw was found in the Keycloak REST API before version 8.0.0 where i ...)
NOT-FOR-US: Keycloak
-CVE-2019-14831
- RESERVED
-CVE-2019-14830
- RESERVED
-CVE-2019-14829
- RESERVED
-CVE-2019-14828
- RESERVED
-CVE-2019-14827
- RESERVED
+CVE-2019-14831 (A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to ...)
+ - moodle <removed>
+CVE-2019-14830 (A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to ...)
+ - moodle <removed>
+CVE-2019-14829 (A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6 ...)
+ - moodle <removed>
+CVE-2019-14828 (A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6 ...)
+ - moodle <removed>
+CVE-2019-14827 (A vulnerability was found in Moodle where javaScript injection was pos ...)
+ - moodle <removed>
CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ...)
- - freeipa <unfixed> (bug #940913)
- [buster] - freeipa <no-dsa> (Minor issue)
+ - freeipa <unfixed> (unimportant; bug #940913)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944
NOTE: Introduced by https://pagure.io/freeipa/c/b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c
NOTE: due to fix for https://fedorahosted.org/freeipa/ticket/6682.
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944#c12
+ NOTE: Negligible security impact
CVE-2019-14825 (A cleartext password storage issue was discovered in Katello, versions ...)
NOT-FOR-US: Katello
CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...)
@@ -15185,7 +16009,7 @@ CVE-2019-14823 (A flaw was found in the "Leaf and Chain" OCSP policy implementat
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747435
NOTE: https://github.com/dogtagpki/jss/pull/284
NOTE: https://github.com/dogtagpki/jss/commit/be37ff4738b4696d529a13b6ed33c7ac56d97ba4
-CVE-2019-14822 (A flaw was discovered in ibus that allows any unprivileged user to mon ...)
+CVE-2019-14822 (A flaw was discovered in ibus in versions before 1.5.22 that allows an ...)
{DSA-4525-1}
- ibus 1.5.21-1 (bug #940267)
[jessie] - ibus <ignored> (Hard to exploit, regression risk)
@@ -15214,10 +16038,10 @@ CVE-2019-14817 (A flaw was found in, ghostscript versions prior to 9.50, in the
{DSA-4518-1 DLA-1915-1}
- ghostscript 9.28~~rc2~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701450
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2
NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
- NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
+ NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
NOTE: which changed the access to file permissions.
CVE-2019-14816 (There is heap-based buffer overflow in kernel, all versions up to, exc ...)
{DLA-2114-1 DLA-1930-1}
@@ -15239,28 +16063,28 @@ CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.50, in th
{DSA-4518-1 DLA-1915-1}
- ghostscript 9.28~~rc2~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701443
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2
NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
- NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
+ NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
NOTE: which changed the access to file permissions.
CVE-2019-14812 (A flaw was found in all ghostscript versions 9.x before 9.50, in the . ...)
{DSA-4518-1 DLA-1915-1}
- ghostscript 9.28~~rc2~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701444
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2
NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
- NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
+ NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
NOTE: which changed the access to file permissions.
CVE-2019-14811 (A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_h ...)
{DSA-4518-1 DLA-1915-1}
- ghostscript 9.28~~rc2~dfsg-1
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701445
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2
NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting
- NOTE: from http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
+ NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff
NOTE: which changed the access to file permissions.
CVE-2019-14810 (A vulnerability has been found in the implementation of the Label Dist ...)
NOT-FOR-US: EOS
@@ -15270,9 +16094,9 @@ CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles
- golang-1.12 1.12.8-1
- golang-1.11 1.11.13-1
- golang-1.8 <removed>
- [stretch] - golang-1.8 <ignored> (Minor issue)
+ [stretch] - golang-1.8 <ignored> (Minor issue, affects poor validation practice, introduce regressions, requires rebuilding affected go-based packages)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue)
+ [stretch] - golang-1.7 <ignored> (Minor issue, affects poor validation practice, introduce regressions, requires rebuilding affected go-based packages)
- golang <removed>
[jessie] - golang <ignored> (Fix too invasive to backport, url.go file in jessie too far behind upstream)
NOTE: Issue: https://github.com/golang/go/issues/29098
@@ -15396,18 +16220,18 @@ CVE-2019-14763 (In the Linux kernel before 4.16.4, a double-locking error in dri
[jessie] - linux <not-affected> (Vulnerability introduced later)
CVE-2019-14762
RESERVED
-CVE-2019-14761
- RESERVED
-CVE-2019-14760
- RESERVED
-CVE-2019-14759
- RESERVED
-CVE-2019-14758
- RESERVED
-CVE-2019-14757
- RESERVED
-CVE-2019-14756
- RESERVED
+CVE-2019-14761 (An issue was discovered in KaiOS 2.5. The pre-installed Note applicati ...)
+ NOT-FOR-US: KaiOS
+CVE-2019-14760 (An issue was discovered in KaiOS 2.5. The pre-installed Recorder appli ...)
+ NOT-FOR-US: KaiOS
+CVE-2019-14759 (An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installe ...)
+ NOT-FOR-US: KaiOS
+CVE-2019-14758 (An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File ...)
+ NOT-FOR-US: KaiOS
+CVE-2019-14757 (An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Cont ...)
+ NOT-FOR-US: KaiOS
+CVE-2019-14756 (An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-insta ...)
+ NOT-FOR-US: KaiOS
CVE-2019-14755 (The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows U ...)
NOT-FOR-US: Leaf Admin
CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL Injection via t ...)
@@ -15445,12 +16269,12 @@ CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files
{DSA-4494-1 DLA-1890-1}
- kconfig 5.54.0-2 (bug #934267)
- kde4libs 4:4.14.38-4 (bug #934268)
- [buster] - kde4libs <no-dsa> (Minor issue)
+ [buster] - kde4libs <ignored> (Minor issue)
[stretch] - kde4libs <no-dsa> (Minor issue)
NOTE: https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt
NOTE: https://kde.org/info/security/advisory-20190807-1.txt
- NOTE: kconfig: https://cgit.kde.org/kconfig.git/commit/?id=5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22
- NOTE: kdelibs: https://cgit.kde.org/kdelibs.git/commit/?id=2c3762feddf7e66cf6b64d9058f625a715694a00
+ NOTE: kconfig: https://github.com/KDE/kconfig/commit/5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22
+ NOTE: kdelibs: https://github.com/KDE/kdelibs/commit/2c3762feddf7e66cf6b64d9058f625a715694a00
CVE-2019-14743 (In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wo ...)
NOT-FOR-US: Valve Steam Client for Windows
CVE-2019-14742
@@ -15470,23 +16294,26 @@ CVE-2019-14736
CVE-2019-14735
RESERVED
CVE-2019-14734 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::l ...)
- - adplug <unfixed>
+ - adplug 2.3.3+dfsg-2
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/90
+ NOTE: https://github.com/adplug/adplug/commit/8342139c09178823dba3f3bbd8b53d0ea0c72de9
CVE-2019-14733 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::l ...)
- - adplug <unfixed>
+ - adplug 2.3.3+dfsg-2
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/89
+ NOTE: https://github.com/adplug/adplug/commit/cb715174f95187bf544c11ca2a2ecd091b7fbb8a (eventually got replaced by rad2.cpp rewrite)
CVE-2019-14732 (AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::l ...)
- - adplug <unfixed>
+ - adplug 2.3.3+dfsg-2
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/88
+ NOTE: https://github.com/adplug/adplug/commit/30ddcfe9bd1cce3e02f8135961bceb411419dbdb
CVE-2019-14731 (An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vul ...)
NOT-FOR-US: ZenTao CMS
CVE-2019-14730 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
@@ -15511,24 +16338,24 @@ CVE-2019-14721 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an
NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14720
RESERVED
-CVE-2019-14719
- RESERVED
-CVE-2019-14718
- RESERVED
-CVE-2019-14717
- RESERVED
-CVE-2019-14716
- RESERVED
-CVE-2019-14715
- RESERVED
+CVE-2019-14719 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow ...)
+ NOT-FOR-US: Verifone MX900 series Pinpad Payment Terminals
+CVE-2019-14718 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have I ...)
+ NOT-FOR-US: Verifone MX900 series Pinpad Payment Terminals
+CVE-2019-14717 (Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 hav ...)
+ NOT-FOR-US: Verifone Verix OS on VerixV Pinpad Payment Terminals
+CVE-2019-14716 (Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocum ...)
+ NOT-FOR-US: Verifone VerixV Pinpad Payment Terminals
+CVE-2019-14715 (Verifone Pinpad Payment Terminals allow undocumented physical access t ...)
+ NOT-FOR-US: Verifone Pinpad Payment Terminals
CVE-2019-14714
RESERVED
-CVE-2019-14713
- RESERVED
-CVE-2019-14712
- RESERVED
-CVE-2019-14711
- RESERVED
+CVE-2019-14713 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow ...)
+ NOT-FOR-US: Verifone MX900 series Pinpad Payment Terminals
+CVE-2019-14712 (Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of ...)
+ NOT-FOR-US: Verifone VerixV Pinpad Payment Terminals
+CVE-2019-14711 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a ...)
+ NOT-FOR-US: Verifone MX900 series Pinpad Payment Terminals
CVE-2019-14710
RESERVED
CVE-2019-14709 (A cleartext password storage issue was discovered on MicroDigital N-se ...)
@@ -15564,19 +16391,22 @@ CVE-2019-14694 (A use-after-free flaw in the sandbox container implemented in cm
CVE-2019-14693 (Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External ...)
NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in ...)
- - adplug <unfixed> (bug #943927)
+ [experimental] - adplug 2.3.3+dfsg-1
+ - adplug 2.3.3+dfsg-2 (bug #943927)
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/87
CVE-2019-14691 (AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in ...)
- - adplug <unfixed> (bug #943928)
+ [experimental] - adplug 2.3.3+dfsg-1
+ - adplug 2.3.3+dfsg-2 (bug #943928)
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/86
CVE-2019-14690 (AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_ ...)
- - adplug <unfixed> (bug #943929)
+ [experimental] - adplug 2.3.3+dfsg-1
+ - adplug 2.3.3+dfsg-2 (bug #943929)
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
@@ -15640,21 +16470,19 @@ CVE-2019-14666 (GLPI through 9.4.3 is prone to account takeover by abusing the a
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-47hq-pfrr-jh5q
NOTE: Only supported behind an authenticated HTTP zone
CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...)
- - brandy <unfixed> (unimportant; bug #933996)
+ - brandy 1.22.13-1 (unimportant; bug #933996)
NOTE: https://sourceforge.net/p/brandy/bugs/8/
NOTE: Negligible security impact
CVE-2019-14664 (In Enigmail below 2.1, an attacker in possession of PGP encrypted emai ...)
- - enigmail <unfixed>
- [buster] - enigmail <ignored> (Minor issue and too intrusive to backport)
- [stretch] - enigmail <ignored> (Minor issue and too intrusive to backport)
+ - enigmail 2:2.1.3+ds1-1
[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
NOTE: https://sourceforge.net/p/enigmail/bugs/984/
CVE-2019-14663 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fi ...)
- - brandy <unfixed> (unimportant; bug #933996)
+ - brandy 1.22.13-1 (unimportant; bug #933996)
NOTE: https://sourceforge.net/p/brandy/bugs/6/
NOTE: Negligible security impact
CVE-2019-14662 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in f ...)
- - brandy <unfixed> (unimportant; bug #933996)
+ - brandy 1.22.13-1 (unimportant; bug #933996)
NOTE: https://sourceforge.net/p/brandy/bugs/7/
NOTE: Negligible security impact
CVE-2019-14661
@@ -15722,8 +16550,8 @@ CVE-2019-14632
RESERVED
CVE-2019-14631
RESERVED
-CVE-2019-14630
- RESERVED
+CVE-2019-14630 (Reliance on untrusted inputs in a security decision in some Intel(R) T ...)
+ NOT-FOR-US: Intel
CVE-2019-14629 (Improper permissions in Intel(R) DAAL before version 2020 Gold may all ...)
NOT-FOR-US: Intel
CVE-2019-14628
@@ -15742,8 +16570,8 @@ CVE-2019-14622
RESERVED
CVE-2019-14621
RESERVED
-CVE-2019-14620
- RESERVED
+CVE-2019-14620 (Insufficient control flow management for some Intel(R) Wireless Blueto ...)
+ NOT-FOR-US: Intel
CVE-2019-14619
RESERVED
CVE-2019-14618
@@ -15815,22 +16643,24 @@ CVE-2019-14589
RESERVED
CVE-2019-14588
RESERVED
-CVE-2019-14587
- RESERVED
+CVE-2019-14587 (Logic issue EDK II may allow an unauthenticated user to potentially en ...)
+ {DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
- [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
-CVE-2019-14586
- RESERVED
+CVE-2019-14586 (Use after free vulnerability in EDK II may allow an authenticated user ...)
+ {DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
- [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
CVE-2019-14585
RESERVED
-CVE-2019-14584
- RESERVED
+CVE-2019-14584 (Null pointer dereference in Tianocore EDK2 may allow an authenticated ...)
+ {DLA-2645-1}
+ - edk2 2020.11-1 (bug #977300)
+ [buster] - edk2 0~20181115.85588389-3+deb10u3
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1914
+ NOTE: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10
CVE-2019-14583
RESERVED
CVE-2019-14582
@@ -15847,11 +16677,10 @@ CVE-2019-14577
RESERVED
CVE-2019-14576
RESERVED
-CVE-2019-14575 [DxeImageVerificationHandler() fails open in case of dbx signature check]
- RESERVED
+CVE-2019-14575 (Logic issue in DxeImageVerificationHandler() for EDK II may allow an a ...)
+ {DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1 (low; bug #952935)
[buster] - edk2 0~20181115.85588389-3+deb10u1
- [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1608
CVE-2019-14574 (Out of bounds read in a subsystem for Intel(R) Graphics Driver version ...)
@@ -15876,44 +16705,52 @@ CVE-2019-14565 (Insufficient initialization in Intel(R) SGX SDK Windows versions
NOT-FOR-US: Intel
CVE-2019-14564
RESERVED
-CVE-2019-14563 [numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib]
- RESERVED
+CVE-2019-14563 (Integer truncation in EDK II may allow an authenticated user to potent ...)
+ {DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1 (low; bug #952934)
[buster] - edk2 0~20181115.85588389-3+deb10u1
- [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2001
-CVE-2019-14562
- RESERVED
+CVE-2019-14562 (Integer overflow in DxeImageVerificationHandler() EDK II may allow an ...)
+ {DLA-2645-1}
+ - edk2 2020.05-4 (bug #968819)
+ [buster] - edk2 0~20181115.85588389-3+deb10u2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869245
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2215
CVE-2019-14561
RESERVED
-CVE-2019-14560
- RESERVED
-CVE-2019-14559 [memory leak in ArpOnFrameRcvdDpc]
+CVE-2019-14560 [GetEfiGlobalVariable2() return value not checked]
RESERVED
+ - edk2 <unfixed> (bug #967994)
+ [bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2167
+CVE-2019-14559 (Uncontrolled resource consumption in EDK II may allow an unauthenticat ...)
+ {DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1 (bug #952926; low)
[buster] - edk2 0~20181115.85588389-3+deb10u1
- [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2550
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2031
-CVE-2019-14558
- RESERVED
+CVE-2019-14558 (Insufficient control flow management in BIOS firmware for 8th, 9th, 10 ...)
+ {DLA-2645-1}
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
- [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
-CVE-2019-14557
- RESERVED
-CVE-2019-14556
- RESERVED
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1611
+ NOTE: https://github.com/tianocore/edk2/commit/764e8ba1389a617639d79d2c4f0d53f4ea4a7387
+ NOTE: https://github.com/tianocore/edk2/commit/f1d78c489a39971b5aac5d2fc8a39bfa925c3c5d
+CVE-2019-14557 (Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R ...)
+ NOT-FOR-US: Intel
+CVE-2019-14556 (Improper initialization in BIOS firmware for 8th, 9th, 10th Generation ...)
+ NOT-FOR-US: Intel
CVE-2019-14555
RESERVED
CVE-2019-14554
RESERVED
-CVE-2019-14553 [invalid server certificate accepted in HTTPS-over-IPv6 boot]
- RESERVED
+CVE-2019-14553 (Improper authentication in EDK II may allow a privileged user to poten ...)
- edk2 0~20190828.37eef910-4 (unimportant; bug #941775)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1758518
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=960
@@ -15947,7 +16784,7 @@ CVE-2019-14541 (GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_prog
- open-cobol <removed>
[stretch] - open-cobol <ignored> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
- NOTE: https://sourceforge.net/p/open-cobol/bugs/584/
+ NOTE: https://sourceforge.net/p/gnucobol/bugs/584/
CVE-2019-14540 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
{DSA-4542-1 DLA-1943-1}
- jackson-databind 2.10.0-1 (bug #940498)
@@ -15995,7 +16832,7 @@ CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in
- open-cobol <removed>
[stretch] - open-cobol <ignored> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
- NOTE: https://sourceforge.net/p/open-cobol/bugs/583/
+ NOTE: https://sourceforge.net/p/gnucobol/bugs/583/
CVE-2019-14527 (An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices befor ...)
NOT-FOR-US: NETGEAR
CVE-2019-14526 (An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices befor ...)
@@ -16038,11 +16875,11 @@ CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attack
[buster] - dnsmasq <no-dsa> (Minor issue)
[stretch] - dnsmasq <no-dsa> (Minor issue)
NOTE: https://github.com/Slovejoy/dnsmasq-pre2.76
- NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=d3a8b39c7df2f0debf3b5f274a1c37a9e261f94e
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=d3a8b39c7df2f0debf3b5f274a1c37a9e261f94e
CVE-2019-14512 (LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/P ...)
- limesurvey <itp> (bug #472802)
CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no authentication and ...)
- - sphinxsearch <unfixed> (unimportant; bug #939762)
+ - sphinxsearch 2.2.11-4 (unimportant; bug #939762)
NOTE: Issue is just with the default configuration, but can be easily reconfigured
NOTE: to listen on localhost only. sphinxsearch will not be started automatically
NOTE: and an admin needs first to create anyway a /etc/sphinxsearch/sphinx.conf
@@ -16080,41 +16917,38 @@ CVE-2019-14498 (A divide-by-zero error exists in the Control function of demux/c
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTr ...)
- {DLA-1961-1}
+ {DLA-2292-1 DLA-1961-1}
- milkytracker 1.02.00+dfsg-2 (bug #933964)
- [buster] - milkytracker <no-dsa> (Minor issue)
- [stretch] - milkytracker <no-dsa> (Minor issue)
+ [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
NOTE: https://github.com/milkytracker/MilkyTracker/issues/182
NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 ha ...)
- {DLA-1961-1}
+ {DLA-2292-1 DLA-1961-1}
- milkytracker 1.02.00+dfsg-2 (bug #933964)
- [buster] - milkytracker <no-dsa> (Minor issue)
- [stretch] - milkytracker <no-dsa> (Minor issue)
+ [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
NOTE: https://github.com/milkytracker/MilkyTracker/issues/183
NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
CVE-2019-14495 (webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the a ...)
- 3proxy <itp> (bug #718219)
CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a divide-b ...)
+ {DLA-2440-1}
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (bug #933812)
+ - poppler 0.85.0-2 (bug #933812)
[buster] - poppler <ignored> (Minor issue)
- [stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/802
NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/b224e2f5739fe61de9fa69955d016725b2a4b78d
CVE-2019-14493 (An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...)
+ {DLA-2799-1}
[experimental] - opencv 4.1.1+dfsg-1
- opencv 4.1.2+dfsg-3
[buster] - opencv <no-dsa> (Minor issue)
- [stretch] - opencv <no-dsa> (Minor issue)
[jessie] - opencv <postponed> (Minor issue, DoS, PoC not crashing)
NOTE: https://github.com/opencv/opencv/issues/15127
NOTE: https://github.com/opencv/opencv/commit/5691d998ead1d9b0542bcfced36c2dceb3a59023
NOTE: In older versions of opencv missing NULL pointer check(s) are in
NOTE: modules/core/src/persistence.cpp (before refactoring).
- TODO: check if the old code though is really affected, might been introduced with the refactoring
CVE-2019-14492 (An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...)
[experimental] - opencv 4.1.1+dfsg-1
- opencv 4.1.2+dfsg-3
@@ -16145,27 +16979,27 @@ CVE-2019-14486 (GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/f
- open-cobol <removed>
[stretch] - open-cobol <ignored> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
- NOTE: https://sourceforge.net/p/open-cobol/bugs/582/
+ NOTE: https://sourceforge.net/p/gnucobol/bugs/582/
CVE-2019-14485
RESERVED
CVE-2019-14484
RESERVED
-CVE-2019-14483
- RESERVED
-CVE-2019-14482
- RESERVED
-CVE-2019-14481
- RESERVED
-CVE-2019-14480
- RESERVED
-CVE-2019-14479
- RESERVED
-CVE-2019-14478
- RESERVED
-CVE-2019-14477
- RESERVED
-CVE-2019-14476
- RESERVED
+CVE-2019-14483 (AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user ...)
+ NOT-FOR-US: AdRem NetCrunch
+CVE-2019-14482 (AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerabil ...)
+ NOT-FOR-US: AdRem NetCrunch
+CVE-2019-14481 (AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vu ...)
+ NOT-FOR-US: AdRem NetCrunch
+CVE-2019-14480 (AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerabi ...)
+ NOT-FOR-US: AdRem NetCrunch
+CVE-2019-14479 (AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCr ...)
+ NOT-FOR-US: AdRem NetCrunch
+CVE-2019-14478 (AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vu ...)
+ NOT-FOR-US: AdRem NetCrunch
+CVE-2019-14477 (AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the ...)
+ NOT-FOR-US: AdRem NetCrunch
+CVE-2019-14476 (AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) v ...)
+ NOT-FOR-US: AdRem NetCrunch
CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use s ...)
NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3
CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in ...)
@@ -16186,13 +17020,14 @@ CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c
- open-cobol <removed>
[stretch] - open-cobol <ignored> (Minor issue)
[jessie] - open-cobol <no-dsa> (Minor issue)
- NOTE: https://sourceforge.net/p/open-cobol/bugs/581/
+ NOTE: https://sourceforge.net/p/gnucobol/bugs/581/
CVE-2019-14467 (The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code E ...)
NOT-FOR-US: Social Photo Gallery plugin for WordPress
CVE-2019-14466 (The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable ...)
{DLA-1905-1}
- gosa 2.7.4+reloaded3-10
[buster] - gosa 2.7.4+reloaded3-8+deb10u2
+ [stretch] - gosa 2.7.4+reloaded2-13+deb9u3
NOTE: https://github.com/gosa-project/gosa-core/commit/e1504e9765db2adde8b4685b5c93fbba57df868b (fix)
NOTE: https://github.com/gosa-project/gosa-core/commit/90b674960335d888c76ca5e99027df8e7fa66f3a (fixing the prev commit)
NOTE: https://github.com/gosa-project/gosa-core/pull/30#issuecomment-521975100
@@ -16204,25 +17039,24 @@ CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a
NOTE: https://github.com/schismtracker/schismtracker/issues/198
NOTE: https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42
CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a ...)
- {DLA-1961-1}
+ {DLA-2292-1 DLA-1961-1}
- milkytracker 1.02.00+dfsg-2 (bug #933964)
- [buster] - milkytracker <no-dsa> (Minor issue)
- [stretch] - milkytracker <no-dsa> (Minor issue)
+ [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
NOTE: https://github.com/milkytracker/MilkyTracker/issues/184
NOTE: https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34
CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
+ {DLA-2825-1}
- libmodbus 3.1.6-1 (bug #933805)
[buster] - libmodbus <no-dsa> (Minor issue)
- [stretch] - libmodbus <no-dsa> (Minor issue)
[jessie] - libmodbus <no-dsa> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc (3.1.5)
NOTE: https://github.com/stephane/libmodbus/commit/6f915d4215c06be3c719761423d9b5e8aa3cb820 (3.1.5)
NOTE: https://github.com/stephane/libmodbus/commit/2b5cb5896120d7564f4c34fdc5aaa4f22a97e45c (3.0.7)
NOTE: https://github.com/stephane/libmodbus/commit/64cd092bcc421a70431fe1fb6b7f1e6f491f7cf8 (3.0.8)
CVE-2019-14462 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
+ {DLA-2825-1}
- libmodbus 3.1.6-1 (bug #933805)
[buster] - libmodbus <no-dsa> (Minor issue)
- [stretch] - libmodbus <no-dsa> (Minor issue)
[jessie] - libmodbus <no-dsa> (Minor issue)
NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc (3.1.5)
NOTE: https://github.com/stephane/libmodbus/commit/6f915d4215c06be3c719761423d9b5e8aa3cb820 (3.1.5)
@@ -16233,9 +17067,9 @@ CVE-2019-14461
CVE-2019-14460
RESERVED
CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in the fu ...)
+ {DLA-2383-1}
- nfdump 1.6.18-1 (bug #933740)
[buster] - nfdump <no-dsa> (Minor issue)
- [stretch] - nfdump <no-dsa> (Minor issue)
NOTE: https://github.com/phaag/nfdump/issues/171
NOTE: https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b
CVE-2019-14458 (VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of ...)
@@ -16248,8 +17082,8 @@ CVE-2019-14455
RESERVED
CVE-2019-14454 (SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to ...)
NOT-FOR-US: SuiteCRM
-CVE-2019-14453
- RESERVED
+CVE-2019-14453 (An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It ...)
+ NOT-FOR-US: Comelit "App lejos de casa (web)"
CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...)
- sigil 0.9.16+dfsg-1 (bug #933797)
[buster] - sigil <no-dsa> (Minor issue)
@@ -16432,8 +17266,8 @@ CVE-2019-14381 (libopenmpt before 0.4.3 allows a crash due to a NULL pointer der
[stretch] - libopenmpt <not-affected> (Vulnerable code not present in 0.2.x series)
NOTE: https://lib.openmpt.org/libopenmpt/2019/02/11/security-update-0.4.3/
CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to an out-o ...)
+ {DSA-4729-1}
- libopenmpt 0.4.5-1 (low)
- [buster] - libopenmpt <no-dsa> (Minor issue)
[stretch] - libopenmpt <not-affected> (Vulnerable code not present in 0.2 branch)
NOTE: https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/
CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mis ...)
@@ -16448,6 +17282,7 @@ CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer
- slirp4netns 0.3.2-1 (bug #933742)
[buster] - slirp4netns 0.2.3-1
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210
+ NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-gjwp-vf65-3jqf
CVE-2019-14377
RESERVED
CVE-2019-14376
@@ -16704,7 +17539,8 @@ CVE-2019-1020015 (graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3
NOT-FOR-US: graphql-engine (aka Hasura GraphQL Engine)
CVE-2019-1020014 (docker-credential-helpers before 0.6.3 has a double free in the List f ...)
- golang-github-docker-docker-credential-helpers 0.6.1-3 (bug #933801)
- [buster] - golang-github-docker-docker-credential-helpers <no-dsa> (Minor issue, can be fixed in point release)
+ [buster] - golang-github-docker-docker-credential-helpers 0.6.1-2+deb10u1
+ [stretch] - golang-github-docker-docker-credential-helpers <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a
CVE-2019-1020013 (parse-server before 3.6.0 allows account enumeration. ...)
NOT-FOR-US: parse-server
@@ -16831,8 +17667,9 @@ CVE-2019-14249 (dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows at
NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba
NOTE: Introduced in: https://sourceforge.net/p/libdwarf/code/ci/4709f63c8b7488241b5b522267a796834a66db3a
CVE-2019-14248 (In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows ...)
- - nasm <unfixed> (unimportant; bug #932907)
+ - nasm 2.15.02-1 (unimportant; bug #932907)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392576
+ NOTE: https://github.com/netwide-assembler/nasm/commit/93d41d82963b2cfd0b24c906f5a8daf53281b559
NOTE: Crash in CLI tool, no security impact
CVE-2019-14247 (The scan() function in mad.c in mpg321 0.3.2 allows remote attackers t ...)
- mpg321 0.3.2-2
@@ -16945,249 +17782,249 @@ CVE-2019-14205 (A Local File Inclusion vulnerability in the Nevma Adaptive Image
NOT-FOR-US: Nevma Adaptive Images plugin for WordPress
CVE-2019-14204 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14203 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14202 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14201 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14200 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14199 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725
CVE-2019-14198 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/aa207cf3a6d68f39d64cd29057a4fb63943e9078
CVE-2019-14197 (An issue was discovered in Das U-Boot through 2019.07. There is a read ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21
CVE-2019-14196 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96
CVE-2019-14195 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/cf3a4f1e86ecdd24f87b615051b49d8e1968c230
CVE-2019-14194 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/aa207cf3a6d68f39d64cd29057a4fb63943e9078
CVE-2019-14193 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725
CVE-2019-14192 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...)
- u-boot 2020.01+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725
CVE-2019-14191
- RESERVED
+ REJECTED
CVE-2019-14190
- RESERVED
+ REJECTED
CVE-2019-14189
- RESERVED
+ REJECTED
CVE-2019-14188
- RESERVED
+ REJECTED
CVE-2019-14187
- RESERVED
+ REJECTED
CVE-2019-14186
- RESERVED
+ REJECTED
CVE-2019-14185
- RESERVED
+ REJECTED
CVE-2019-14184
- RESERVED
+ REJECTED
CVE-2019-14183
- RESERVED
+ REJECTED
CVE-2019-14182
- RESERVED
+ REJECTED
CVE-2019-14181
- RESERVED
+ REJECTED
CVE-2019-14180
- RESERVED
+ REJECTED
CVE-2019-14179
- RESERVED
+ REJECTED
CVE-2019-14178
- RESERVED
+ REJECTED
CVE-2019-14177
- RESERVED
+ REJECTED
CVE-2019-14176
- RESERVED
+ REJECTED
CVE-2019-14175
- RESERVED
+ REJECTED
CVE-2019-14174
- RESERVED
+ REJECTED
CVE-2019-14173
- RESERVED
+ REJECTED
CVE-2019-14172
- RESERVED
+ REJECTED
CVE-2019-14171
- RESERVED
+ REJECTED
CVE-2019-14170
- RESERVED
+ REJECTED
CVE-2019-14169
- RESERVED
+ REJECTED
CVE-2019-14168
- RESERVED
+ REJECTED
CVE-2019-14167
- RESERVED
+ REJECTED
CVE-2019-14166
- RESERVED
+ REJECTED
CVE-2019-14165
- RESERVED
+ REJECTED
CVE-2019-14164
- RESERVED
+ REJECTED
CVE-2019-14163
- RESERVED
+ REJECTED
CVE-2019-14162
- RESERVED
+ REJECTED
CVE-2019-14161
- RESERVED
+ REJECTED
CVE-2019-14160
- RESERVED
+ REJECTED
CVE-2019-14159
- RESERVED
+ REJECTED
CVE-2019-14158
- RESERVED
+ REJECTED
CVE-2019-14157
- RESERVED
+ REJECTED
CVE-2019-14156
- RESERVED
+ REJECTED
CVE-2019-14155
- RESERVED
+ REJECTED
CVE-2019-14154
- RESERVED
+ REJECTED
CVE-2019-14153
- RESERVED
+ REJECTED
CVE-2019-14152
- RESERVED
+ REJECTED
CVE-2019-14151
- RESERVED
+ REJECTED
CVE-2019-14150
- RESERVED
+ REJECTED
CVE-2019-14149
- RESERVED
+ REJECTED
CVE-2019-14148
- RESERVED
+ REJECTED
CVE-2019-14147
- RESERVED
+ REJECTED
CVE-2019-14146
- RESERVED
+ REJECTED
CVE-2019-14145
- RESERVED
+ REJECTED
CVE-2019-14144
- RESERVED
+ REJECTED
CVE-2019-14143
- RESERVED
+ REJECTED
CVE-2019-14142
- RESERVED
+ REJECTED
CVE-2019-14141
- RESERVED
+ REJECTED
CVE-2019-14140
- RESERVED
+ REJECTED
CVE-2019-14139
- RESERVED
+ REJECTED
CVE-2019-14138
- RESERVED
+ REJECTED
CVE-2019-14137
- RESERVED
+ REJECTED
CVE-2019-14136
- RESERVED
+ REJECTED
CVE-2019-14135 (Possible integer overflow to buffer overflow in WLAN while parsing non ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14134 (Possible out of bound access in WLAN handler when the received value o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14133
- RESERVED
+ REJECTED
CVE-2019-14132 (Buffer over-write when this 0-byte buffer is typecasted to some other ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14131 (Out of bound write can occur in radio measurement request if STA recei ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14130
- RESERVED
+CVE-2019-14130 (Memory corruption can occurs in trusted application if offset size fro ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14129
RESERVED
CVE-2019-14128
- RESERVED
+ REJECTED
CVE-2019-14127 (Possible buffer overflow while playing mkv clip due to lack of validat ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14126
- RESERVED
+ REJECTED
CVE-2019-14125
- RESERVED
-CVE-2019-14124
- RESERVED
-CVE-2019-14123
- RESERVED
+ REJECTED
+CVE-2019-14124 (Memory failure in content protection module due to not having pointer ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2019-14123 (Possible buffer overflow and over read possible due to missing bounds ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14122 (Memory failure in SKB if it fails to to add the requested padding to t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14121
RESERVED
CVE-2019-14120
RESERVED
-CVE-2019-14119
- RESERVED
+CVE-2019-14119 (u'While processing SMCInvoke asynchronous message header, message coun ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14118
- RESERVED
-CVE-2019-14117
- RESERVED
+ REJECTED
+CVE-2019-14117 (u'Whenever the page list is updated via privileged user, the previous ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-14116 (Privilege escalation by using an altered debug policy image can occur ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14115
- RESERVED
+CVE-2019-14115 (u'Information disclosure issue occurs as in current logic as secure to ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14114 (Buffer overflow in WLAN firmware while parsing GTK IE containing GTK k ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14113 (Buffer overflow can occur in In WLAN firmware while unwraping data usi ...)
@@ -17199,82 +18036,79 @@ CVE-2019-14111 (Possible buffer overflow while handling NAN reception of NMF in
CVE-2019-14110 (Buffer overflow can occur in function wlan firmware while copying asso ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14109
- RESERVED
+ REJECTED
CVE-2019-14108
RESERVED
CVE-2019-14107
- RESERVED
+ REJECTED
CVE-2019-14106
- RESERVED
+ REJECTED
CVE-2019-14105 (Kernel was reading the CSL defined reserved field as uint16 instead of ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14104 (Slab-out-of-bounds access can occur if the context pointer is invalid ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14103
- RESERVED
+ REJECTED
CVE-2019-14102
- RESERVED
-CVE-2019-14101
- RESERVED
-CVE-2019-14100
- RESERVED
-CVE-2019-14099
- RESERVED
+ REJECTED
+CVE-2019-14101 (Out of bounds read can happen in diag event set mask command handler w ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2019-14100 (Register write via debugfs is disabled by default to prevent register ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2019-14099 (Device misbehavior may be observed when incorrect offset, length or nu ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-14098 (Possible buffer overflow in data offload handler due to lack of check ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14097 (Possible buffer overflow in WLAN Parser due to lack of length check wh ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14096
- RESERVED
+ REJECTED
CVE-2019-14095 (Buffer overflow occurs while processing LMP packet in which name lengt ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14094
- RESERVED
-CVE-2019-14093
- RESERVED
-CVE-2019-14092
- RESERVED
-CVE-2019-14091
- RESERVED
+CVE-2019-14094 (Integer overflow in diag command handler when user inputs a large valu ...)
+ NOT-FOR-US: Snapdragon
+CVE-2019-14093 (Array out of bound access can occur in display module due to lack of b ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2019-14092 (System Services exports services without permission protect and can le ...)
+ NOT-FOR-US: Snapdragon
+CVE-2019-14091 (Double free issue in NPU due to lack of resource locking mechanism to ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-14090
RESERVED
-CVE-2019-14089
- RESERVED
+CVE-2019-14089 (u'Keymaster attestation key and device IDs provisioning which is a one ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14088 (Possible use after free issue while CRM is accessing the link pointer ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14087
- RESERVED
+CVE-2019-14087 (Failure in buffer management while accessing handle for HDR blit when ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14086 (Possible integer overflow while checking the length of frame which is ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14085 (Possible Integer underflow in WLAN function due to lack of check of da ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14084
- RESERVED
+ REJECTED
CVE-2019-14083 (While parsing Service Descriptor Extended Attribute received as part o ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14082 (Potential buffer over-read due to lack of bound check of memory offset ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14081 (Buffer Over-read when WLAN module gets a WMI message for SAR limits wi ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14080
- RESERVED
+CVE-2019-14080 (Out of bound write can happen due to lack of check of array index valu ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-14079 (Access to the uninitialized variable when the driver tries to unmap th ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14078
- RESERVED
+CVE-2019-14078 (Out of bound memory access while processing qpay due to not validating ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14077
- RESERVED
+CVE-2019-14077 (Out of bound memory access while processing ese transmit command due t ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14076
- RESERVED
+CVE-2019-14076 (Buffer overflow occurs while processing an subsample data length out o ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-14075 (Null pointer dereference issue in radio interface layer due to lack of ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14074
- RESERVED
-CVE-2019-14073
- RESERVED
+CVE-2019-14074 (u'Heap overflow in diag command handler due to lack of check of packet ...)
+ NOT-FOR-US: Snapdragon
+CVE-2019-14073 (Copying RTCP messages into the output buffer without checking the dest ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-14072 (Unhandled paging request is observed due to dereferencing an already f ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14071 (Compromised reset handler may bypass access control due to AC config i ...)
@@ -17285,20 +18119,18 @@ CVE-2019-14069
RESERVED
CVE-2019-14068 (Out of bound access in msm routing due to lack of check of size before ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14067
- RESERVED
+CVE-2019-14067 (Using non-time-constant functions like memcmp to compare sensitive dat ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14066
- RESERVED
+CVE-2019-14066 (Integer overflow in calculating estimated output buffer size when gett ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2019-14065 (u'Pointer double free in HavenSvc due to not setting the pointer to NU ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14065
- RESERVED
CVE-2019-14064
- RESERVED
+ REJECTED
CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14062
- RESERVED
+CVE-2019-14062 (Buffer overflows while decoding setup message from Network due to lack ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-14061 (Null-pointer dereference can occur while accessing the segment element ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...)
@@ -17306,21 +18138,19 @@ CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated fo
CVE-2019-14059
RESERVED
CVE-2019-14058
- RESERVED
+ REJECTED
CVE-2019-14057 (Buffer Over read of codec private data while parsing an mkv file due t ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14056
- RESERVED
+CVE-2019-14056 (u'Possible integer overflow in API due to lack of check on large oid r ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14055 (Possibility of use-after-free and double free because of not marking b ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14054
- RESERVED
+CVE-2019-14054 (Improper permissions in XBL_SEC region enable user to update XBL_SEC c ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14053
- RESERVED
+CVE-2019-14053 (When attempting to create a new XFRM policy, a stack out-of-bounds rea ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2019-14052 (u'Accessing an uninitialized data structure could result in partially ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14052
- RESERVED
CVE-2019-14051 (Subsequent additions performed during Module loading while allocating ...)
NOT-FOR-US: Snapdragon
CVE-2019-14050 (Out-of-bound writes occurs due to lack of check of buffer size will ca ...)
@@ -17329,32 +18159,28 @@ CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocati
NOT-FOR-US: Snapdragon
CVE-2019-14048 (Possible out of bound memory access while playing a crafted clip in me ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14047
- RESERVED
+CVE-2019-14047 (While IPA driver processes route add rule IOCTL, there is no input val ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...)
NOT-FOR-US: Snapdragon
CVE-2019-14045 (Possible buffer overflow while processing clientlog and serverlog due ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14044 (Out of bound access due to access of uninitialized memory segment in a ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14043
- RESERVED
+CVE-2019-14043 (Out of bound read in Fingerprint application due to requested data is ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14042
- RESERVED
+CVE-2019-14042 (Out of bound read in in fingerprint application due to requested data ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14041 (During listener modified response processing, a buffer overrun occurs ...)
NOT-FOR-US: Snapdragon
CVE-2019-14040 (Using memory after being freed in qsee due to wrong implementation can ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14039
- RESERVED
+CVE-2019-14039 (Out of bound read in adm call back function due to incorrect boundary ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14038
- RESERVED
+CVE-2019-14038 (Buffer over-read in ADSP parse function due to lack of check for avail ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2019-14037 (Close and bind operations done on a socket can lead to a Use-After-Fre ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14037
- RESERVED
CVE-2019-14036 (Possible buffer overflow issue in error processing due to improper val ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14035
@@ -17377,8 +18203,8 @@ CVE-2019-14027 (Buffer overflow due to lack of upper bound check on channel leng
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14026 (Possible buffer overflow in WLAN WMI handler due to lack of ssid lengt ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14025
- RESERVED
+CVE-2019-14025 (u'When a new session is created, Object is returned that contains TZ a ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-14024 (Possible stack-use-after-scope issue in NFC usecase for card emulation ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14023 (String format issue will occur while processing HLOS data as there is ...)
@@ -17429,30 +18255,30 @@ CVE-2019-14001 (Wrong public key usage from existing oem_keystore for hash gener
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14000 (Lack of check that the RX FIFO write index that is read from shared RA ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-13999
- RESERVED
-CVE-2019-13998
- RESERVED
+CVE-2019-13999 (u'Lack of check for integer overflow for round up and addition operati ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2019-13998 (u'Lack of check that the TX FIFO write and read indices that are read ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-13997
- RESERVED
+ REJECTED
CVE-2019-13996
- RESERVED
-CVE-2019-13995
- RESERVED
-CVE-2019-13994
- RESERVED
+ REJECTED
+CVE-2019-13995 (u'Lack of integer overflow check for addition of fragment size and rem ...)
+ NOT-FOR-US: Snapdragon
+CVE-2019-13994 (u'Lack of check that the current received data fragment size of a part ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-13993
- RESERVED
-CVE-2019-13992
- RESERVED
+ REJECTED
+CVE-2019-13992 (u'Out of bound memory access if stack push and pop operation are perfo ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-13991 (Embedded systems based on Arduino before Rev3 allow remote attackers t ...)
NOT-FOR-US: Issue on embedded systems based on Arduino before Rev3
CVE-2019-13990 (initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracott ...)
- - libquartz-java <unfixed> (bug #933169)
+ - libquartz-java 2.3.0-3 (bug #933169)
[buster] - libquartz-java <no-dsa> (Minor issue)
[stretch] - libquartz-java <no-dsa> (Minor issue)
[jessie] - libquartz-java <no-dsa> (Minor issue)
- - libquartz2-java <unfixed> (bug #933170)
+ - libquartz2-java 2.3.0-3 (bug #933170)
[buster] - libquartz2-java <no-dsa> (Minor issue)
[stretch] - libquartz2-java <no-dsa> (Minor issue)
NOTE: https://github.com/quartz-scheduler/quartz/issues/467
@@ -17517,7 +18343,7 @@ CVE-2019-13962 (lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VL
{DSA-4504-1}
- vlc 3.0.8-1 (low)
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
- NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509
+ NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509
NOTE: https://trac.videolan.org/vlc/ticket/22240
NOTE: https://www.videolan.org/security/sb-vlc308.html
CVE-2019-13961 (A CSRF vulnerability was found in flatCore before 1.5, leading to the ...)
@@ -17539,7 +18365,8 @@ CVE-2019-13954 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vuln
CVE-2019-13953 (An exploitable authentication bypass vulnerability exists in the Bluet ...)
NOT-FOR-US: YI M1 Mirrorless Camera
CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and ...)
- - gdnsd <unfixed> (unimportant; bug #932407)
+ - gdnsd 3.5.0-1 (unimportant; bug #932407)
+ [buster] - gdnsd 2.4.3-1
NOTE: https://github.com/gdnsd/gdnsd/issues/185
NOTE: No security impact, data is under administrative control
NOTE: Patches: https://github.com/gdnsd/gdnsd/issues/185#issuecomment-513288786
@@ -17555,7 +18382,7 @@ CVE-2019-13949 (SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as
NOT-FOR-US: SyGuestBook A5
CVE-2019-13948 (SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData f ...)
NOT-FOR-US: SyGuestBook A5
-CVE-2019-13947 (A vulnerability has been identified in SiNVR 3 Central Control Server ...)
+CVE-2019-13947 (A vulnerability has been identified in Control Center Server (CCS) (Al ...)
NOT-FOR-US: Siemens
CVE-2019-13946 (A vulnerability has been identified in Development/Evaluation Kits for ...)
NOT-FOR-US: Siemens
@@ -17571,7 +18398,7 @@ CVE-2019-13941 (A vulnerability has been identified in OZW672 (All versions &lt;
NOT-FOR-US: Siemens
CVE-2019-13940 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...)
NOT-FOR-US: Siemens
-CVE-2019-13939 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+CVE-2019-13939 (A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All ve ...)
NOT-FOR-US: Nucleus
CVE-2019-13938
RESERVED
@@ -17583,7 +18410,7 @@ CVE-2019-13935 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: Siemens
CVE-2019-13934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: Siemens
-CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-200RNA switch family ...)
+CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...)
NOT-FOR-US: Siemens
CVE-2019-13932 (A vulnerability has been identified in XHQ (All versions &lt; V6.0.0.2 ...)
NOT-FOR-US: Siemens
@@ -17601,7 +18428,7 @@ CVE-2019-13926 (A vulnerability has been identified in SCALANCE S602 (All versio
NOT-FOR-US: Siemens
CVE-2019-13925 (A vulnerability has been identified in SCALANCE S602 (All versions &gt ...)
NOT-FOR-US: Siemens
-CVE-2019-13924 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+CVE-2019-13924 (A vulnerability has been identified in SCALANCE S602 (All versions &lt ...)
NOT-FOR-US: Siemens
CVE-2019-13923 (A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gat ...)
NOT-FOR-US: Siemens
@@ -17903,7 +18730,7 @@ CVE-2019-13778
CVE-2019-13777
RESERVED
CVE-2019-13776
- RESERVED
+ REJECTED
CVE-2019-13775
RESERVED
CVE-2019-13774
@@ -18059,6 +18886,7 @@ CVE-2019-13733
CVE-2019-13732 (Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allo ...)
{DSA-4606-1}
- chromium 79.0.3945.79-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13731
RESERVED
CVE-2019-13730 (Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 al ...)
@@ -18175,9 +19003,7 @@ CVE-2019-13703 (Insufficient policy enforcement in the Omnibox in Google Chrome
- chromium 78.0.3904.87-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13702 (Inappropriate implementation in installer in Google Chrome on Windows ...)
- {DSA-4562-1}
- - chromium 78.0.3904.87-1
- [stretch] - chromium <end-of-life> (see DSA 4562)
+ - chromium <not-affected> (debian package disables the installer)
CVE-2019-13701 (Incorrect implementation in navigation in Google Chrome prior to 78.0. ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
@@ -18261,6 +19087,7 @@ CVE-2019-13681 (Insufficient data validation in downloads in Google Chrome prior
CVE-2019-13680 (Inappropriate implementation in TLS in Google Chrome prior to 77.0.386 ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-13679 (Insufficient policy enforcement in PDFium in Google Chrome prior to 77 ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
@@ -18369,13 +19196,13 @@ CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, when
{DSA-4497-1 DSA-4495-1 DLA-1885-1}
- linux 5.2.6-1
NOTE: https://patchwork.ozlabs.org/patch/1133904/
-CVE-2019-13647 (Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of ...)
+CVE-2019-13647 (** DISPUTED ** Firefly III before 4.7.17.3 is vulnerable to stored XSS ...)
NOT-FOR-US: Firefly
-CVE-2019-13646 (Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack ...)
+CVE-2019-13646 (** DISPUTED ** Firefly III before 4.7.17.3 is vulnerable to reflected ...)
NOT-FOR-US: Firefly
-CVE-2019-13645 (Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of ...)
+CVE-2019-13645 (** DISPUTED ** Firefly III before 4.7.17.3 is vulnerable to stored XSS ...)
NOT-FOR-US: Firefly
-CVE-2019-13644 (Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of ...)
+CVE-2019-13644 (** DISPUTED ** Firefly III before 4.7.17.1 is vulnerable to stored XSS ...)
NOT-FOR-US: Firefly
CVE-2019-13643 (Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute ...)
NOT-FOR-US: EspoCRM
@@ -18404,8 +19231,8 @@ CVE-2019-13635 (The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows
NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2019-13634
RESERVED
-CVE-2019-13633
- RESERVED
+CVE-2019-13633 (Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attack ...)
+ NOT-FOR-US: Blinger.io
CVE-2019-13632
RESERVED
CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the L ...)
@@ -18450,30 +19277,32 @@ CVE-2019-13621
CVE-2019-13620
RESERVED
CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ...)
+ {DLA-2547-1}
- wireshark 2.6.10-1 (low)
- [buster] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
- [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
+ [buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <not-affected> (vulnerable code not present, binary encoding not yet supported)
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-20.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7e90aed666e809c0db5de9d1816802a7dcea28d9
CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-bas ...)
{DLA-2072-1}
- - gpac <unfixed> (low; bug #932242)
+ - gpac 1.0.1+dfsg1-2 (low; bug #932242)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1250
NOTE: https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b
CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...)
NOT-FOR-US: njs
CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
+ {DLA-2804-1 DLA-2536-1}
- libsdl2 2.0.10+dfsg1-1
[buster] - libsdl2 <no-dsa> (Minor issue)
- [stretch] - libsdl2 <no-dsa> (Minor issue)
[jessie] - libsdl2 <postponed> (can be fixed along with more important patches)
- libsdl1.2 1.2.15+dfsg2-5
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
[jessie] - libsdl1.2 <postponed> (can be fixed along with more important patches)
- libsdl2-image 2.0.5+dfsg1-2 (bug #940934)
[buster] - libsdl2-image <no-dsa> (Minor issue)
@@ -18503,7 +19332,7 @@ CVE-2019-13614 (CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in T
NOT-FOR-US: TP-Link
CVE-2019-13613 (CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wirel ...)
NOT-FOR-US: TP-Link
-CVE-2019-13612 (MDaemon Email Server 19 skips SpamAssassin checks by default for e-mai ...)
+CVE-2019-13612 (MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by de ...)
NOT-FOR-US: MDaemon Email Server
CVE-2019-13611 (An issue was discovered in python-engineio through 3.8.2. There is a C ...)
- python-engineio 3.11.1-1 (bug #932538)
@@ -18878,8 +19707,8 @@ CVE-2019-13459
CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-1877-1}
- otrs2 6.0.20-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/
NOTE: OTRS 6.0: https://github.com/OTRS/otrs/commit/69430f260d52e5a7afc185048da0cfc2eef2659a
NOTE: OTRS 5.0: https://github.com/OTRS/otrs/commit/0e26066dfff8efff0039da13e29609ca7f00d9a2
@@ -18901,15 +19730,14 @@ CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerabi
[stretch] - xymon 4.3.28-2+deb9u1
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLay ...)
- - imagemagick <unfixed> (low; bug #931740)
- [buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
+ {DSA-4712-1 DLA-2333-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931740)
[jessie] - imagemagick <ignored> (low impact issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4
CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed zip arc ...)
- zipios++ 0.1.5.9+cvs.2007.04.28-11 (low; bug #932556)
- [buster] - zipios++ <no-dsa> (Minor issue)
+ [buster] - zipios++ 0.1.5.9+cvs.2007.04.28-10+deb10u1
[stretch] - zipios++ <no-dsa> (Minor issue)
[jessie] - zipios++ <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/
@@ -19054,20 +19882,22 @@ CVE-2019-13393 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses th
CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette Na ...)
NOT-FOR-US: MindPalette NateMail
CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...)
- - imagemagick <unfixed> (bug #931633)
+ {DSA-4712-1 DLA-2366-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931633)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1588
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984
NOTE: Patch is insufficient, partly reverted by the CVE-2019-13308 patch
NOTE: which seems to be the actual patch for this issue.
CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in l ...)
+ {DSA-4722-1 DLA-2291-1}
- ffmpeg 7:4.2.1-1 (low; bug #932535)
- [buster] - ffmpeg <postponed> (Minor issue, wait until fixed in 4.1.x branch)
- [stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch)
NOTE: https://trac.ffmpeg.org/ticket/7979
NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3
CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as ...)
- NOT-FOR-US: RainLoop Webmail
+ - rainloop 1.14.0-1
+ [buster] - rainloop <no-dsa> (Minor issue)
+ NOTE: https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693
CVE-2019-13388
RESERVED
CVE-2019-13387 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected ...)
@@ -19160,7 +19990,7 @@ CVE-2019-13353
CVE-2019-13352 (WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic ...)
NOT-FOR-US: WolfVision Cynap
CVE-2019-13351 (posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as dist ...)
- - jackd2 <unfixed> (low; bug #931488)
+ - jackd2 1.9.14~dfsg-0.1 (low; bug #931488)
[buster] - jackd2 <no-dsa> (Minor issue)
[stretch] - jackd2 <no-dsa> (Minor issue)
[jessie] - jackd2 <postponed> (Minor issue, hard to reproduce crash with theoretically possible file corruption, no sensitive data to leak)
@@ -19177,7 +20007,7 @@ CVE-2019-13347 (An issue was discovered in the SAML Single Sign On (SSO) plugin
CVE-2019-13346 (In MyT 1.5.1, the User[username] parameter has XSS. ...)
NOT-FOR-US: MyT
CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_ ...)
- {DSA-4507-1 DLA-1847-1}
+ {DSA-4507-1 DLA-2278-1 DLA-1847-1}
- squid 4.8-1 (bug #931478)
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_6.txt
@@ -19256,28 +20086,30 @@ CVE-2019-13313 (libosinfo 1.5.0 allows local users to discover credentials by li
CVE-2019-13312 (block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based b ...)
- ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/7980
- NOTE: Introduced in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4
+ NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4
CVE-2019-13311 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1623
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91
CVE-2019-13310 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...)
- - imagemagick <unfixed> (unimportant)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...)
- - imagemagick <unfixed> (bug #931447)
- [buster] - imagemagick <postponed> (Needs further clarification on patch)
- [stretch] - imagemagick <postponed> (Needs further clarification on patch)
+ {DSA-4712-1 DLA-2366-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931447)
[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
- - imagemagick <unfixed> (bug #931448)
+ {DSA-4715-1 DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #931448)
[jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1615
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/91e58d967a92250439ede038ccfb0913a81e59fe
@@ -19285,21 +20117,21 @@ CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6d26d4e2f07375ddbf46a857d309d51eeff7ee1
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/643921ca69a20b203faebd0b287d8b7012dc749d
CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
- {DLA-1888-1}
- - imagemagick <unfixed> (bug #931449)
+ {DSA-4715-1 DSA-4712-1 DLA-1888-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #931449)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1612
NOTE: initial fix:
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/cb5ec7d98195aa74d5ed299b38eff2a68122f3fa
NOTE: later reverted by the CVE-2019-13305 fix which is the right one:
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13305 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
- {DLA-1888-1}
- - imagemagick <unfixed> (bug #931452)
+ {DSA-4715-1 DSA-4712-1 DLA-1888-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #931452)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1613
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d
CVE-2019-13304 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...)
- {DLA-1888-1}
- - imagemagick <unfixed> (bug #931453)
+ {DSA-4715-1 DSA-4712-1 DLA-1888-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #931453)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1614
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a2f84f23d064e98f423aa0d050ff98838cf0a1b1
@@ -19312,10 +20144,12 @@ CVE-2019-13302 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in Ma
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d5089971bd792311aaab5cb73460326d7ef7f32d
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1597
CVE-2019-13301 (ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory becau ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/0b7d3675438cbcde824e751895847a0794406e08
CVE-2019-13300 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...)
- - imagemagick <unfixed> (bug #931454)
+ {DSA-4715-1 DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #931454)
[jessie] - imagemagick <ignored> (minor issue, patch fairly intrusive)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1586
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450
@@ -19328,8 +20162,8 @@ CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1611
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3
CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
- {DLA-1888-1}
- - imagemagick <unfixed> (bug #931455)
+ {DSA-4712-1 DLA-2333-1 DLA-1888-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931455)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
NOTE: Some older version before the fixing commit did as well not check for
@@ -19339,8 +20173,8 @@ CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagic
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce08a3691a8ac29125e29fc41967b3737fa3f425
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1604
CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
- {DLA-1888-1}
- - imagemagick <unfixed> (bug #931457)
+ {DSA-4712-1 DLA-2333-1 DLA-1888-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931457)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
CVE-2019-13294 (AROX School-ERP Pro has a command execution vulnerability. import_stud ...)
@@ -19352,12 +20186,13 @@ CVE-2019-13292 (A SQL Injection issue was discovered in webERP 4.15. Payments.ph
CVE-2019-13291 (In Xpdf 4.01.01, there is a heap-based buffer over-read in the functio ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13290 (Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_dis ...)
+ {DSA-4753-1 DLA-2289-1}
- mupdf 1.15.0+ds1-1 (bug #931475)
[jessie] - mupdf <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701118
- NOTE: http://git.ghostscript.com/?p=mupdf.git;h=aaf794439e40a2ef544f15b50c20e657414dec7a
- NOTE: http://git.ghostscript.com/?p=mupdf.git;h=ed19bc806809ad10c4ddce515d375581b86ede85
- NOTE: Introduced in 1.6 / http://git.ghostscript.com/?p=mupdf.git;a=commit;f=source/fitz/list-device.c;h=e9411aba2b71b67b8521f55917ab26585c464b88
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;h=aaf794439e40a2ef544f15b50c20e657414dec7a
+ NOTE: https://git.ghostscript.com/?p=mupdf.git;h=ed19bc806809ad10c4ddce515d375581b86ede85
+ NOTE: Introduced in 1.6 / https://git.ghostscript.com/?p=mupdf.git;a=commit;f=source/fitz/list-device.c;h=e9411aba2b71b67b8521f55917ab26585c464b88
CVE-2019-13289 (In Xpdf 4.01.01, there is a use-after-free vulnerability in the functi ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
CVE-2019-13288 (In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause ...)
@@ -19524,14 +20359,14 @@ CVE-2019-13233 (In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, th
CVE-2019-13225 (A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9 ...)
- libonig 6.9.2-1 (low; bug #931878)
[buster] - libonig <no-dsa> (Minor issue)
- [stretch] - libonig <no-dsa> (Minor issue)
+ [stretch] - libonig <not-affected> (vulnerable code was introduced later)
[jessie] - libonig <not-affected> (vulnerable code was introduced later)
NOTE: https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c
CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ...)
- {DLA-1854-1}
+ {DSA-4529-1 DSA-4527-1 DLA-2431-1 DLA-1854-1}
- libonig 6.9.2-1 (low; bug #931878)
[buster] - libonig <no-dsa> (Minor issue)
- [stretch] - libonig <no-dsa> (Minor issue)
+ - php7.0 <removed>
NOTE: https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
CVE-2019-13223 (A reachable assertion in the lookup1_values function in stb_vorbis thr ...)
- libstb 0.0~git20190817.1.052dce1-1 (bug #934966)
@@ -19588,7 +20423,7 @@ CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation beca
NOT-FOR-US: Waves MAXX Audio
CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflo ...)
- nsd 4.2.4-1 (low; bug #931476)
- [buster] - nsd <no-dsa> (Minor issue)
+ [buster] - nsd <ignored> (Minor issue)
[stretch] - nsd <no-dsa> (Minor issue)
[jessie] - nsd <postponed> (Minor issue, crash on malformed admin-controlled disk configuration)
- nsd3 <removed>
@@ -19696,7 +20531,7 @@ CVE-2019-13166 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did
NOT-FOR-US: Xerox
CVE-2019-13165 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...)
NOT-FOR-US: Xerox
-CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network inte ...)
+CVE-2019-13164 (qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a netw ...)
{DSA-4512-1 DSA-4506-1 DLA-1927-1}
- qemu 1:4.1-1 (bug #931351)
- qemu-kvm <removed>
@@ -19741,7 +20576,8 @@ CVE-2019-13148 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2
NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one NULL poi ...)
- audiofile <unfixed> (low; bug #931343)
- [buster] - audiofile <no-dsa> (Minor issue)
+ [bullseye] - audiofile <ignored> (Minor issue)
+ [buster] - audiofile <ignored> (Minor issue)
[stretch] - audiofile <no-dsa> (Minor issue)
[jessie] - audiofile <postponed> (Minor issue, local DoS)
NOTE: https://github.com/mpruett/audiofile/issues/54
@@ -19768,7 +20604,8 @@ CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of supplyin
CVE-2019-13138
RESERVED
CVE-2019-13137 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...)
- - imagemagick <unfixed> (unimportant; bug #931342)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant; bug #931342)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1601
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7d11230060fa9c8f67e53c85224daf6648805c7b
CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow vulnerability in t ...)
@@ -19776,10 +20613,8 @@ CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow vulnerabilit
NOTE: https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1602
CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnera ...)
- {DLA-1888-1}
- - imagemagick <unfixed> (bug #932079)
- [buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
+ {DSA-4712-1 DLA-2366-1 DLA-1888-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #932079)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1599
NOTE: https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d (7.x)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d (6.x)
@@ -19842,12 +20677,12 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain forma
CVE-2019-13116 (The MuleSoft Mule Community Edition runtime engine before 3.8 allows r ...)
NOT-FOR-US: MuleSoft Mule
CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha2 ...)
- {DLA-1730-3}
- - libssh2 <unfixed> (bug #932329)
+ {DLA-2848-1 DLA-1730-3}
+ - libssh2 1.9.0-1 (bug #932329)
[buster] - libssh2 <no-dsa> (Minor issue)
- [stretch] - libssh2 <no-dsa> (Minor issue)
- NOTE: https://blog.semmle.com/libssh2-integer-overflow/
+ NOTE: https://securitylab.github.com/research/libssh2-integer-overflow/
NOTE: https://github.com/libssh2/libssh2/pull/350
+ NOTE: https://github.com/libssh2/libssh2/commit/ff1b155731ff8f790f12d980911d9fd84d0e1598
CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to cause ...)
- exiv2 0.27.2-6 (low)
[buster] - exiv2 <ignored> (Minor issue)
@@ -19878,6 +20713,7 @@ CVE-2019-13110 (A CiffDirectory::readDirectory integer overflow and out-of-bound
[stretch] - exiv2 <ignored> (Minor issue)
[jessie] - exiv2 <ignored> (Minor issue, read segfault)
NOTE: https://github.com/Exiv2/exiv2/issues/843
+ NOTE: https://github.com/Exiv2/exiv2/pull/844
NOTE: https://github.com/Exiv2/exiv2/commit/9628f82084ed30d494ddd4f7360d233801e22967
CVE-2019-13109 (An integer overflow in Exiv2 through 0.27.1 allows an attacker to caus ...)
- exiv2 0.27.2-6 (low)
@@ -19898,31 +20734,32 @@ CVE-2019-13107 (Multiple integer overflows exist in MATIO before 1.5.16, related
- libmatio 1.5.17-3 (bug #931323)
[buster] - libmatio <no-dsa> (Minor issue)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: Several commits between 1.5.15..1.5.16: https://github.com/tbeu/matio/compare/f8cd397...fabac6c
CVE-2019-13106 (Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much ...)
- u-boot 2020.01+dfsg-1 (low)
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375516.html
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/e205896c5383c938274262524adceb2775fb03ba
CVE-2019-13105 (Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a ...)
- u-boot 2020.01+dfsg-1 (low)
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375513.html
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/6e5a79de658cb1c8012c86e0837379aa6eabd024
CVE-2019-13104 (In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow c ...)
- u-boot 2020.01+dfsg-1 (low)
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375514.html
NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/878269dbe74229005dd7f27aca66c554e31dad8e
CVE-2019-13103 (A crafted self-referential DOS partition table will cause all Das U-Bo ...)
- u-boot 2020.01+dfsg-1 (low)
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <no-dsa> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375512.html
@@ -20079,15 +20916,21 @@ CVE-2019-13034
RESERVED
CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when S ...)
- irssi 1.2.1-1 (low; bug #931264)
- [buster] - irssi <no-dsa> (Minor issue)
+ [buster] - irssi 1.2.0-2+deb10u1
[stretch] - irssi <no-dsa> (Minor issue)
[jessie] - irssi <not-affected> (vulnerable sasl code is not present)
NOTE: https://irssi.org/security/irssi_sa_2019_06.txt
NOTE: https://github.com/irssi/irssi/pull/1058
NOTE: https://github.com/irssi/irssi/commit/5a67b983dc97caeb5df1139aabd0bc4f260a47d8
NOTE: Fixed in 1.0.8, 1.1.3, 1.2.1
-CVE-2019-13033
- RESERVED
+CVE-2019-13033 (In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by ...)
+ {DLA-2253-1}
+ - lynis 3.0.0-1 (unimportant; bug #963161)
+ NOTE: https://cisofy.com/security/cve/cve-2019-13033/
+ NOTE: https://github.com/CISOfy/lynis/commit/3b9eda53cc20e851c4456618f027bc9ea794ad30
+ NOTE: Enabling license system in the packaged version is possible, but enabling it
+ NOTE: makes little sense as users will end-up quitting on all the extra tests that
+ NOTE: are not opensourced (and only present in the enterprise version).
CVE-2019-13032 (An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL point ...)
- flightcrew 0.7.2+dfsg-14 (unimportant; bug #931246)
[buster] - flightcrew 0.7.2+dfsg-13+deb10u1
@@ -20221,47 +21064,47 @@ CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow (cause
- ming <removed>
NOTE: https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe
CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- - imagemagick <unfixed> (bug #931189)
- [buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
+ {DSA-4712-1 DLA-2333-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #931189)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805
CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- - imagemagick <unfixed> (low; bug #931190)
- [buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
+ {DSA-4712-1 DLA-2333-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931190)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- - imagemagick <unfixed> (low; bug #931191)
- [buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
+ {DSA-4712-1 DLA-2333-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931191)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504
CVE-2019-12976 (ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in ...)
- - imagemagick <unfixed> (unimportant; bug #931192)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant; bug #931192)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1520
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ff840181f631b1b7f29160cae24d792fcd176bae
CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXIm ...)
- - imagemagick <unfixed> (unimportant; bug #931193)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant; bug #931193)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1517
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c01d8b02f3fa912a320ddad07a03212822f267ec
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b9c3aa197020ca091a21145cf46855afd4ddcb07
CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...)
- {DLA-1888-1}
- - imagemagick <unfixed> (low; bug #931196)
- [buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
+ {DSA-4712-1 DLA-2333-1 DLA-1888-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931196)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...)
- - openjpeg2 <unfixed> (bug #931292)
- [buster] - openjpeg2 <no-dsa> (Minor issue)
- [stretch] - openjpeg2 <no-dsa> (Minor issue)
+ {DLA-2277-1}
+ - openjpeg2 2.4.0-1 (bug #931292)
+ [buster] - openjpeg2 <ignored> (Minor issue)
[jessie] - openjpeg2 <not-affected> (vulnerable code is not present)
NOTE: https://github.com/uclouvain/openjpeg/pull/1185
- NOTE: https://github.com/uclouvain/openjpeg/commit/21399f6b7d318fcdf4406d5e88723c4922202aa3
- NOTE: https://github.com/uclouvain/openjpeg/commit/3aef207f90e937d4931daf6d411e092f76d82e66
+ NOTE: https://github.com/uclouvain/openjpeg/commit/21399f6b7d318fcdf4406d5e88723c4922202aa3 (v2.4.0)
+ NOTE: https://github.com/uclouvain/openjpeg/commit/3aef207f90e937d4931daf6d411e092f76d82e66 (v2.4.0)
NOTE: Issue is similar to CVE-2018-6616.
CVE-2019-12972 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
- binutils 2.32.51.20190707-1 (unimportant)
@@ -20319,8 +21162,11 @@ CVE-2019-12955
RESERVED
CVE-2019-12954 (SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, ...)
NOT-FOR-US: SolarWinds
-CVE-2019-12953
- RESERVED
+CVE-2019-12953 (Dropbear 2011.54 through 2018.76 has an inconsistent failure delay tha ...)
+ - dropbear 2019.78-1
+ [buster] - dropbear <no-dsa> (Minor issue)
+ [stretch] - dropbear <postponed> (Minor issue but fixed along next DLA)
+ NOTE: https://hg.ucc.asn.au/dropbear/rev/228b086794b7
CVE-2019-12952
RESERVED
CVE-2019-12951 (An issue was discovered in Mongoose before 6.15. The parse_mqtt() func ...)
@@ -20433,15 +21279,8 @@ CVE-2019-12906
RESERVED
CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman& ...)
NOT-FOR-US: FileRun
-CVE-2019-12904 (In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flu ...)
- - libgcrypt20 <unfixed> (bug #930885)
- [buster] - libgcrypt20 <no-dsa> (Minor issue)
- [stretch] - libgcrypt20 <no-dsa> (Minor issue)
- [jessie] - libgcrypt20 <not-affected> (Vulnerable code introduced later in version 1.7.0)
- - libgcrypt11 <removed>
- NOTE: https://dev.gnupg.org/T4541
- NOTE: https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
- NOTE: https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
+CVE-2019-12904 (** DISPUTED ** In Libgcrypt 1.8.4, the C implementation of AES is vuln ...)
+ NOTE: Issue disputed by libgcrypt upstream, see https://dev.gnupg.org/T4541
CVE-2019-12903 (Pydio Cells before 1.5.0, when supplied with a Name field in an unexpe ...)
NOT-FOR-US: Pydio Cells (relates to Pydio product)
CVE-2019-12902 (Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon ...)
@@ -20501,8 +21340,10 @@ CVE-2019-12883
CVE-2019-12882
REJECTED
CVE-2019-12881 (i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c ...)
- - linux <undetermined>
+ - linux 4.18.6-1
+ [stretch] - linux 4.9.130-1
NOTE: https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520
+ NOTE: https://git.kernel.org/linus/c11c7bfd213495784b22ef82a69b6489f8d0092f
CVE-2019-12880 (BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking ...)
NOT-FOR-US: BCN Quark Quarking Password Manager
CVE-2019-12879
@@ -20519,7 +21360,7 @@ CVE-2019-12874 (An issue was discovered in zlib_decompress_extra in modules/demu
{DSA-4459-1}
- vlc 3.0.7-1
[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
- NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102
+ NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102
CVE-2019-12873
RESERVED
CVE-2019-12872 (dotCMS before 5.1.6 is vulnerable to a SQL injection that can be explo ...)
@@ -20603,9 +21444,8 @@ CVE-2019-12840 (In Webmin through 1.910, any user authorized to the "Package Upd
CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation error with ...)
NOT-FOR-US: OrangeHRM
CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...)
- {DSA-4572-1 DLA-2143-1}
+ {DSA-4572-1 DLA-2886-1 DLA-2143-1}
- slurm-llnl 19.05.3.2-1 (bug #931880)
- [stretch] - slurm-llnl <no-dsa> (Too intrusive to backport)
NOTE: https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html
CVE-2019-12837 (The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attack ...)
@@ -20644,7 +21484,7 @@ CVE-2019-12825 (Unauthorized Access to the Container Registry of other groups wa
- gitlab <not-affected> (Only affects Gitlab EE)
CVE-2019-12824
RESERVED
-CVE-2019-12823 (Craft CMS 3.1.30 has XSS. ...)
+CVE-2019-12823 (Craft CMS before 3.1.31 does not properly filter XML feeds and thus al ...)
NOT-FOR-US: Craft CMS
CVE-2019-12822 (In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a he ...)
NOT-FOR-US: Embedthis GoAhead
@@ -20717,7 +21557,8 @@ CVE-2019-12818 (An issue was discovered in the Linux kernel before 4.20.15. The
CVE-2019-12799 (In createInstanceFromNamedArguments in Shopware through 5.6.x, a craft ...)
NOT-FOR-US: Shopware
CVE-2019-12798 (An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c do ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed with initial upload to Debian)
+ NOTE: http://git.ghostscript.com/?p=mujs.git;h=7f50591861525f76e3ec7a63392656ff8c030af9 (1.0.6)
CVE-2019-12797 (A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN ...)
NOT-FOR-US: ELM327 OBD2 Bluetooth device
CVE-2019-12796
@@ -20756,10 +21597,10 @@ CVE-2019-12786 (An issue was discovered on D-Link DIR-818LW devices from 2.05.B0
NOT-FOR-US: D-Link
CVE-2019-12785
RESERVED
-CVE-2019-12784
- RESERVED
-CVE-2019-12783
- RESERVED
+CVE-2019-12784 (An issue was discovered in Verint Impact 360 15.1. At wfo/control/sign ...)
+ NOT-FOR-US: Verint Impact
+CVE-2019-12783 (An issue was discovered in Verint Impact 360 15.1. At wfo/control/sign ...)
+ NOT-FOR-US: Verint Impact
CVE-2019-12782 (An authorization bypass vulnerability in pinboard updates in ThoughtSp ...)
NOT-FOR-US: ThoughtSpot
CVE-2019-12781 (An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1. ...)
@@ -20796,8 +21637,8 @@ CVE-2019-12775 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pi
NOT-FOR-US: ENTTEC
CVE-2019-12774 (A number of stored XSS vulnerabilities have been identified in the web ...)
NOT-FOR-US: ENTTEC
-CVE-2019-12773
- RESERVED
+CVE-2019-12773 (An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_po ...)
+ NOT-FOR-US: Verint Impact
CVE-2019-12772
RESERVED
CVE-2019-12771 (Command injection is possible in ThinStation through 6.1.1 via shell m ...)
@@ -20806,8 +21647,8 @@ CVE-2019-12770
RESERVED
CVE-2019-12769 (SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 ...)
NOT-FOR-US: SolarWinds
-CVE-2019-12768
- RESERVED
+CVE-2019-12768 (An issue was discovered on D-Link DAP-1650 devices through v1.03b07 be ...)
+ NOT-FOR-US: D-Link
CVE-2019-12767 (An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H ...)
NOT-FOR-US: D-Link
CVE-2019-12766 (An issue was discovered in Joomla! before 3.9.7. The subform fieldtype ...)
@@ -20821,11 +21662,11 @@ CVE-2019-12763 (The Security Camera CZ application through 1.6.8 for Android sto
CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anoma ...)
NOT-FOR-US: Xiaomi Mi 5s Plus devices
CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via crafted ...)
- {DLA-1819-1}
- - pyxdg <unfixed> (low; bug #930099)
+ {DLA-2727-1 DLA-1819-1}
+ - pyxdg 0.26-1 (low; bug #930099)
[buster] - pyxdg <no-dsa> (Minor issue)
- [stretch] - pyxdg <no-dsa> (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562
+ NOTE: https://gitlab.freedesktop.org/xdg/pyxdg/-/commit/aa4ce1bbc59def6975c9dd1598aafb3ef3fea681 (rel-0.26)
NOTE: https://gitlab.freedesktop.org/xdg/pyxdg/issues/14
CVE-2019-12760 (** DISPUTED ** A deserialization vulnerability exists in the way parso ...)
- parso 0.5.1-0.1 (unimportant; bug #930356)
@@ -20865,8 +21706,8 @@ CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserializ
CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) Community ...)
{DLA-1877-1}
- otrs2 6.0.20-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/fab16a8e54aaf033f460e5f98c673248f29ea49c
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/cc08cb7df9f6dde05de2f8c6cbd59cd5d0952627
@@ -21139,7 +21980,7 @@ CVE-2019-12617 (In SilverStripe through 4.3.3, there is access escalation for CM
CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...)
{DLA-1821-1}
- phpmyadmin 4:4.9.1+dfsg1-2 (bug #930017)
- [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
NOTE: https://www.phpmyadmin.net/security/PMASA-2019-4/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec
CVE-2019-12613
@@ -21170,14 +22011,14 @@ CVE-2019-12615 (An issue was discovered in get_vdev_port_node_info in arch/sparc
- linux 5.2.6-1 (unimportant)
NOTE: https://git.kernel.org/linus/80caf43549e7e41a695c6d1e11066286538b336f
NOTE: This is a potential null pointer dereference that looks like it can
- NOTE: only be invoked by root or the hypervisor. Probably no security impact.
+ NOTE: only be invoked by root or the hypervisor. Probably no security impact.
CVE-2019-12614 (An issue was discovered in dlpar_parse_cc_property in arch/powerpc/pla ...)
- linux 5.3.7-1 (unimportant)
[buster] - linux 4.19.98-1
[stretch] - linux 4.9.210-1
NOTE: https://lkml.org/lkml/2019/6/3/526
NOTE: This is a potential null pointer dereference that looks like it can
- NOTE: only be invoked by root or the hypervisor. Probably no security impact.
+ NOTE: only be invoked by root or the hypervisor. Probably no security impact.
CVE-2019-12601 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
NOT-FOR-US: SuiteCRM
CVE-2019-12600 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...)
@@ -21326,13 +22167,13 @@ CVE-2019-12531
CVE-2019-12530 (Incorrect access control was discovered in the stdonato Dashboard plug ...)
NOT-FOR-US: Dashboard plugin for GLPI
CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through ...)
- {DSA-4507-1 DLA-1858-1}
+ {DSA-4507-1 DLA-2278-1 DLA-1858-1}
- squid 4.8-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_2.txt
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch
CVE-2019-12528 (An issue was discovered in Squid before 4.10. It allows a crafted FTP ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.10-1 (bug #950925)
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_2.txt
@@ -21348,46 +22189,52 @@ CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checki
NOTE: than the length of the target buffer, whilst in 4.x the entire input is decoded
NOTE: without regard for the size of the target buffer.
CVE-2019-12526 (An issue was discovered in Squid before 4.9. URN response handling in ...)
- {DSA-4682-1 DLA-2028-1}
+ {DSA-4682-1 DLA-2278-1 DLA-2028-1}
- squid 4.9-1
- squid3 <removed>
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7aa0184a720fd216191474e079f4fe87de7c4f5a.patch
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_7.txt
CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through ...)
- {DSA-4507-1 DLA-1858-1}
+ {DSA-4507-1 DLA-2278-1 DLA-1858-1}
- squid 4.8-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_3.txt
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-409956536647b3a05ee1e367424a24ae6b8f13fd.patch
NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-ec0d0f39cf28da14eead0ba5e777e95855bc2f67.patch
CVE-2019-12524 (An issue was discovered in Squid through 4.7. When handling requests f ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.8-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_4.txt
NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2019_4.patch
CVE-2019-12523 (An issue was discovered in Squid before 4.9. When handling a URN reque ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.9-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch
CVE-2019-12522 (An issue was discovered in Squid through 4.7. When Squid is run as roo ...)
- TODO: check
+ - squid <unfixed> (unimportant)
+ - squid3 <removed> (unimportant)
+ NOTE: Only causes problems if some other vulnerability is used to compromise the proxy.
+ NOTE: There is no upstream plan to fix the issue. The issue here is that some child
+ NOTE: processes run as low-privilege but stay in a state where they can resume root
+ NOTE: privileges. That is needed for reconfigure still. Architectural changes are needed
+ NOTE: to resolve it without breaking some installations.
CVE-2019-12521 (An issue was discovered in Squid through 4.7. When Squid is parsing ES ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.11-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fdd4123629320aa1ee4c3481bb392437c90d188d.patch
CVE-2019-12520 (An issue was discovered in Squid through 4.7 and 5. When receiving a r ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.8-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_4.txt
NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2019_4.patch
CVE-2019-12519 (An issue was discovered in Squid through 4.7. When handling the tag es ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.11-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
@@ -21436,15 +22283,15 @@ CVE-2019-12498 (The WP Live Chat Support plugin before 8.0.33 for WordPress acce
CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-1816-1}
- otrs2 6.0.19-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/f8bcf08dfc5f06915c1352c07e5f626f9b5ecfc2
NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4cc3f0e24937fa53870132003aec6af460b9b57
CVE-2019-12496 (An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt ...)
NOT-FOR-US: Hybrid Group Gobot
CVE-2019-12495 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
- - tcc <unfixed> (bug #929872)
+ - tcc 0.9.27+git20200814.62c30a4a-1 (bug #929872)
[buster] - tcc <ignored> (Minor issue)
[stretch] - tcc <ignored> (Minor issue)
[jessie] - tcc <no-dsa> (Minor issue)
@@ -21477,23 +22324,32 @@ CVE-2019-12484
RESERVED
CVE-2019-12483 (An issue was discovered in GPAC 0.7.1. There is a heap-based buffer ov ...)
{DLA-1841-1}
- - gpac <unfixed> (bug #931088)
+ - gpac 1.0.1+dfsg1-2 (bug #931088)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...)
{DLA-1841-1}
- - gpac <unfixed> (bug #931088)
+ - gpac 1.0.1+dfsg1-2 (bug #931088)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...)
{DLA-1841-1}
- - gpac <unfixed> (bug #931088)
+ - gpac 1.0.1+dfsg1-2 (bug #931088)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1249
NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1
CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault leading t ...)
@@ -21573,12 +22429,12 @@ CVE-2019-12457 (FileRun 2019.05.21 allows images/extjs Directory Listing. This i
NOT-FOR-US: FileRun
CVE-2019-12499 (Firejail before 0.9.60 allows truncation (resizing to length 0) of the ...)
- firejail 0.9.58.2-2 (bug #929733)
- [stretch] - firejail <no-dsa> (Minor issue)
+ [stretch] - firejail <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/netblue30/firejail/issues/2401
NOTE: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
CVE-2019-12589 (In Firejail before 0.9.60, seccomp filters are writable inside the jai ...)
- firejail 0.9.58.2-2 (bug #929732)
- [stretch] - firejail <no-dsa> (Minor issue)
+ [stretch] - firejail <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/netblue30/firejail/issues/2718
NOTE: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
CVE-2019-12456 (** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl ...)
@@ -21702,6 +22558,7 @@ CVE-2019-12423 (Apache CXF ships with a OpenId Connect JWK Keys service, which a
NOT-FOR-US: Apache CFX
CVE-2019-12422 (Apache Shiro before 1.4.2, when using the default "remember me" config ...)
- shiro <unfixed> (low; bug #947945)
+ [bullseye] - shiro <no-dsa> (Minor issue)
[buster] - shiro <no-dsa> (Minor issue)
[stretch] - shiro <no-dsa> (Minor issue)
[jessie] - shiro <no-dsa> (Minor issue)
@@ -21722,6 +22579,7 @@ CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 an
- tomcat9 9.0.31-1
- tomcat8 <removed>
- tomcat7 <removed>
+ [stretch] - tomcat7 <ignored> (No components in libservlet3.0-java binary package are affected)
NOTE: https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3 (9.0.29)
NOTE: https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00 (8.5.48)
NOTE: https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b (7.0.98)
@@ -21730,17 +22588,15 @@ CVE-2019-12417 (A malicious admin user could edit the state of objects in the Ai
CVE-2019-12416 (we got reports for 2 injection attacks against the DeltaSpike windowha ...)
NOT-FOR-US: DeltaSpike
CVE-2019-12415 (In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to conv ...)
- - libapache-poi-java <unfixed> (bug #943565)
- [buster] - libapache-poi-java <no-dsa> (Minor issue)
- [stretch] - libapache-poi-java <no-dsa> (Minor issue)
- [jessie] - libapache-poi-java <no-dsa> (Minor issue)
+ - libapache-poi-java <unfixed> (unimportant; bug #943565)
NOTE: https://www.openwall.com/lists/oss-security/2019/10/23/1
+ NOTE: Vulnerable tool not shipped in binary package
CVE-2019-12414 (In Apache Incubator Superset before 0.32, a user can view database nam ...)
NOT-FOR-US: Apache Superset
CVE-2019-12413 (In Apache Incubator Superset before 0.31 user could query database met ...)
NOT-FOR-US: Apache Superset
CVE-2019-12411
- RESERVED
+ REJECTED
CVE-2019-12410 (While investigating UBSAN errors in https://github.com/apache/arrow/pu ...)
NOT-FOR-US: Apache Arrow
CVE-2019-12409 (The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure settin ...)
@@ -21760,7 +22616,7 @@ CVE-2019-12403
REJECTED
CVE-2019-12402 (The file name encoding algorithm used internally in Apache Commons Com ...)
- libcommons-compress-java 1.18-3 (low; bug #939610)
- [buster] - libcommons-compress-java <no-dsa> (Minor issue)
+ [buster] - libcommons-compress-java 1.18-2+deb10u1
[stretch] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
[jessie] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/27/1
@@ -21775,10 +22631,13 @@ CVE-2019-12401 (Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4
NOTE: disabling coalescing by default which can trigger large memory consumption
NOTE: when parsing specially crafted XML data.
CVE-2019-12400 (In version 2.0.3 Apache Santuario XML Security for Java, a caching mec ...)
- - libxml-security-java <unfixed> (bug #935548)
+ - libxml-security-java 2.1.7-1 (bug #935548)
+ [bullseye] - libxml-security-java <no-dsa> (Minor issue)
+ [buster] - libxml-security-java <no-dsa> (Minor issue)
[stretch] - libxml-security-java <not-affected> (Vulnerable code introduced in 2.0.3)
[jessie] - libxml-security-java <not-affected> (Vulnerable code introduced in 2.0.3)
NOTE: http://santuario.apache.org/secadv.data/CVE-2019-12400.asc
+ NOTE: https://github.com/apache/santuario-xml-security-java/commit/8c88bbe449d073d5bc0626c1719e81e81c2ad9b4 (likely fix)
CVE-2019-12399 (When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0 ...)
- kafka <itp> (bug #786460)
CVE-2019-12398 (In Apache Airflow before 1.10.5 when running with the "classic" UI, a ...)
@@ -21912,8 +22771,8 @@ CVE-2019-12350
RESERVED
CVE-2019-12349
RESERVED
-CVE-2019-12348
- RESERVED
+CVE-2019-12348 (An issue was discovered in zzcms 2019. SQL Injection exists in user/zt ...)
+ NOT-FOR-US: zzcms
CVE-2019-12347 (In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers ...)
NOT-FOR-US: pfSense
CVE-2019-12346 (In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for Word ...)
@@ -22006,8 +22865,8 @@ CVE-2019-12307
RESERVED
CVE-2019-12306
RESERVED
-CVE-2019-12305
- RESERVED
+CVE-2019-12305 (In EZCast Pro II, the administrator password md5 hash is provided upon ...)
+ NOT-FOR-US: EZCast Pro II
CVE-2019-12304
RESERVED
CVE-2019-12303 (In Rancher 2 through 2.2.3, Project owners can inject additional fluen ...)
@@ -22030,8 +22889,8 @@ CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 an
CVE-2019-12296
RESERVED
CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the ...)
+ {DLA-2547-1 DLA-2423-1}
- wireshark 2.6.8-1.1 (low; bug #929446)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <postponed> (Minor, can be fixed along in a future update)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
@@ -22039,7 +22898,7 @@ CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14
CVE-2019-12294
RESERVED
CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-read in J ...)
- {DLA-1815-1}
+ {DLA-2287-1 DLA-1815-1}
- poppler 0.71.0-5 (bug #929423)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/768
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/89a5367d49b2556a2635dbb6d48d6a6b182a2c6c
@@ -22097,7 +22956,6 @@ CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 co
CVE-2019-12269 (Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PG ...)
- enigmail 2:2.0.11+ds1-1 (bug #929363)
[buster] - enigmail 2:2.0.12+ds1-1~deb10u1
- [stretch] - enigmail <no-dsa> (Issue can be fixed via point release)
[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
NOTE: https://sourceforge.net/p/enigmail/bugs/983/
CVE-2019-12268
@@ -22143,8 +23001,8 @@ CVE-2019-12249
CVE-2019-12248 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-1816-1}
- otrs2 6.0.19-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/4e06ef439c33e7d90af16451719415c780e0c29c
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/0713999042e3ce7fa60067d3cd165206899224bf
@@ -22278,6 +23136,7 @@ CVE-2019-12215 (** DISPUTED ** A full path disclosure vulnerability was discover
- matomo <itp> (bug #448532)
CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of mishand ...)
- freeimage <unfixed> (bug #947478)
+ [bullseye] - freeimage <postponed> (Revisit when upstream fixes are available)
[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
[jessie] - freeimage <postponed> (Revisit when upstream fixes are available)
@@ -22294,6 +23153,7 @@ CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDir
NOTE: https://sourceforge.net/p/freeimage/svn/1825/
CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize ...)
- freeimage <unfixed> (bug #947477)
+ [bullseye] - freeimage <postponed> (Revisit when upstream fixes are available)
[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
[jessie] - freeimage <postponed> (Revisit when upstream fixes are available)
@@ -22421,11 +23281,11 @@ CVE-2019-12159 (GoHTTP through 2017-07-25 has a stack-based buffer over-read in
NOT-FOR-US: GoHTTP
CVE-2019-12158 (GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflo ...)
NOT-FOR-US: GoHTTP
-CVE-2019-12157 (In JetBrains TeamCity versions before 2018.2.5 and UpSource versions b ...)
+CVE-2019-12157 (In JetBrains UpSource versions before 2018.2 build 1293, there is cred ...)
NOT-FOR-US: JetBrains TeamCity
CVE-2019-12156 (Server metadata could be exposed because one of the error messages ref ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NUL ...)
+CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4 ...)
{DSA-4454-1 DLA-1927-1}
- qemu 1:3.1+dfsg-8 (bug #929353)
[buster] - qemu 1:3.1+dfsg-8~deb10u1
@@ -22547,7 +23407,6 @@ CVE-2019-12107 (The upnp_event_prepare function in upnpevents.c in MiniUPnP Mini
- miniupnpd 2.1-6 (bug #930050)
[stretch] - miniupnpd 1.8.20140523-4.1+deb9u2
NOTE: https://github.com/miniupnp/miniupnp/commit/bec6ccec63cadc95655721bc0e1dd49dac759d94
- TODO: check, might affect minidlna
CVE-2019-12106 (The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and ...)
{DLA-1805-1}
- minissdpd 1.5.20190210-1 (bug #929297)
@@ -22583,21 +23442,18 @@ CVE-2019-12096
RESERVED
CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ...)
{DLA-2033-1}
- - php-horde-trean <unfixed>
- [buster] - php-horde-trean <no-dsa> (Minor issue)
- [stretch] - php-horde-trean <no-dsa> (Minor issue)
- [jessie] - php-horde-trean <no-dsa> (Minor issue)
+ - php-horde-trean <unfixed> (unimportant)
- php-horde 5.2.21+debian0-1
[buster] - php-horde 5.2.20+debian0-1+deb10u1
[stretch] - php-horde 5.2.13+debian0-1+deb9u1
NOTE: https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75
NOTE: https://bugs.horde.org/ticket/14926 (for the stored XSS)
+ NOTE: Negligible impact for php-horde-trean, and unlikely that upstream will address
CVE-2019-12094 (Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin ...)
- - php-horde <removed>
- [buster] - php-horde <no-dsa> (Minor issue)
- [stretch] - php-horde <no-dsa> (Minor issue)
- [jessie] - php-horde <no-dsa> (Minor issue)
+ - php-horde <unfixed> (unimportant)
NOTE: https://bugs.horde.org/ticket/14926 (for the reflected XSS)
+ NOTE: Negligible impact and unlikely that upstream will address after fixes
+ NOTE: for CVE-2019-12095
CVE-2019-12093
RESERVED
CVE-2019-12092
@@ -22653,23 +23509,23 @@ CVE-2019-12070
CVE-2019-12069
RESERVED
CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg ...)
- {DSA-4665-1 DLA-1927-1}
+ {DSA-4665-1 DLA-2288-1 DLA-1927-1}
- qemu 1:4.1-2 (low)
- [stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08
-CVE-2019-12067 [ide: ahci: add check to avoid null dereference]
- RESERVED
- - qemu <unfixed> (low)
- [buster] - qemu <postponed> (Minor issue, can be fixed along in future update)
+CVE-2019-12067 (The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to ...)
+ - qemu <unfixed> (low; bug #972099)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
[jessie] - qemu <postponed> (Minor issue, can be fixed along in future update)
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html
- NOTE: patch not sanctioned as of 20190909
+ NOTE: patch not sanctioned as of 20210202
NOTE: patched function introduced in 2014/2.1.50 but affected code pre-existed
NOTE: https://github.com/qemu/qemu/commit/659142ecf71a0da240ab0ff7cf929ee25c32b9bc
+ NOTE: No upstream patch as of 2022-01-28
CVE-2019-12066
RESERVED
CVE-2019-12065
@@ -22800,8 +23656,8 @@ CVE-2019-12002 (A remote session reuse vulnerability leading to access restricti
NOT-FOR-US: HPE
CVE-2019-12001 (A remote session reuse vulnerability leading to access restriction byp ...)
NOT-FOR-US: HPE
-CVE-2019-12000
- RESERVED
+CVE-2019-12000 (HPE has found a potential Remote Access Restriction Bypass in HPE MSE ...)
+ NOT-FOR-US: HPE
CVE-2019-11999 (Potential security vulnerabilities have been identified in HPE OpenCal ...)
NOT-FOR-US: HPE
CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote vulnerabili ...)
@@ -22923,10 +23779,12 @@ CVE-2019-11941 (A remote code execution vulnerability was identified in HPE Inte
CVE-2019-11940 (In the course of decompressing HPACK inside the HTTP2 protocol, an une ...)
NOT-FOR-US: Facebook Proxygen
CVE-2019-11939 (Golang Facebook Thrift servers would not error upon receiving messages ...)
- - thrift <unfixed>
+ - thrift <unfixed> (bug #988948)
+ [bullseye] - thrift <no-dsa> (Minor issue)
+ [buster] - thrift <no-dsa> (Minor issue)
NOTE: https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757
CVE-2019-11938 (Java Facebook Thrift servers would not error upon receiving messages d ...)
- TODO: check
+ NOT-FOR-US: Facebook Java Thrift (Debian packages Apache Thrift)
CVE-2019-11937 (In Mcrouter prior to v0.41.0, a large struct input provided to the Car ...)
NOT-FOR-US: mcrouter
NOTE: https://github.com/facebook/mcrouter/releases
@@ -22946,8 +23804,8 @@ CVE-2019-11930 (An invalid free in mb_detect_order can cause the application to
- hhvm <removed>
CVE-2019-11929 (Insufficient boundary checks when formatting numbers in number_format ...)
- hhvm <removed>
-CVE-2019-11928
- RESERVED
+CVE-2019-11928 (An input validation issue in WhatsApp Desktop versions prior to v0.3.4 ...)
+ NOT-FOR-US: WhatsApp
CVE-2019-11927 (An integer overflow in WhatsApp media parsing libraries allows a remot ...)
NOT-FOR-US: WhatsApp
CVE-2019-11926 (Insufficient boundary checks when processing M_SOFx markers from JPEG ...)
@@ -23089,55 +23947,56 @@ CVE-2019-11864
RESERVED
CVE-2019-11863
RESERVED
-CVE-2019-11862
- RESERVED
+CVE-2019-11862 (The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic pr ...)
+ NOT-FOR-US: ALEOS
CVE-2019-11861
RESERVED
CVE-2019-11860
RESERVED
-CVE-2019-11859
- RESERVED
-CVE-2019-11858
- RESERVED
-CVE-2019-11857
- RESERVED
-CVE-2019-11856
- RESERVED
-CVE-2019-11855
- RESERVED
+CVE-2019-11859 (A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0 ...)
+ NOT-FOR-US: ALEOS
+CVE-2019-11858 (Multiple buffer overflow vulnerabilities exist in the AceManager Web A ...)
+ NOT-FOR-US: ALEOS
+CVE-2019-11857 (Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 ...)
+ NOT-FOR-US: ALEOS
+CVE-2019-11856 (A nonce reuse vulnerability exists in the ACEView service of ALEOS bef ...)
+ NOT-FOR-US: ALEOS
+CVE-2019-11855 (An RPC server is enabled by default on the gateway's LAN of ALEOS befo ...)
+ NOT-FOR-US: ALEOS
CVE-2019-11854
RESERVED
-CVE-2019-11853
- RESERVED
-CVE-2019-11852
- RESERVED
+CVE-2019-11853 (Several potential command injections vulnerabilities exist in the AT c ...)
+ NOT-FOR-US: ALEOS
+CVE-2019-11852 (An out-of-bounds reads vulnerability exists in the ACEView Service of ...)
+ NOT-FOR-US: ALEOS
CVE-2019-11851
RESERVED
-CVE-2019-11850
- RESERVED
-CVE-2019-11849
- RESERVED
-CVE-2019-11848
- RESERVED
-CVE-2019-11847
- RESERVED
+CVE-2019-11850 (A stack overflow vulnerabiltity exist in the AT command interface of A ...)
+ NOT-FOR-US: ALEOS
+CVE-2019-11849 (A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS ...)
+ NOT-FOR-US: ALEOS
+CVE-2019-11848 (An API abuse vulnerability exists in the AT command API of ALEOS befor ...)
+ NOT-FOR-US: ALEOS
+CVE-2019-11847 (An improper privilege management vulnerabitlity exists in ALEOS before ...)
+ NOT-FOR-US: ALEOS
CVE-2019-11846 (/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XS ...)
NOT-FOR-US: dotCMS
CVE-2019-11845 (An HTML Injection vulnerability has been discovered on the RICOH SP 45 ...)
NOT-FOR-US: RICOH
CVE-2019-11844 (An HTML Injection vulnerability has been discovered on the RICOH SP 45 ...)
NOT-FOR-US: RICOH
-CVE-2019-11843
- RESERVED
+CVE-2019-11843 (The MailPoet plugin before 3.23.2 for WordPress allows remote attacker ...)
+ NOT-FOR-US: MailPoet plugin for WordPress
CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ...)
- {DLA-1920-1}
+ {DLA-2402-1 DLA-1920-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1
NOTE: https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
NOTE: Patch fixes the second part of the CVE ("prepend arbitrary text")
NOTE: but not the first ("ignores the value of [the Hash] header"), as hinted at reporter's 2019-05-09 note:
NOTE: https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
+ NOTE: Upstream feels that this is not a security issue. See https://github.com/golang/go/issues/41200.
CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...)
- {DLA-1840-1}
+ {DLA-2527-1 DLA-2454-1 DLA-2442-1 DLA-2402-1 DLA-1840-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1
NOTE: https://github.com/golang/go/issues/30965
NOTE: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
@@ -23266,20 +24125,27 @@ CVE-2019-11788
RESERVED
CVE-2019-11787
RESERVED
-CVE-2019-11786
- RESERVED
-CVE-2019-11785
- RESERVED
-CVE-2019-11784
- RESERVED
-CVE-2019-11783
- RESERVED
-CVE-2019-11782
- RESERVED
-CVE-2019-11781
- RESERVED
+CVE-2019-11786 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...)
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/63711
+CVE-2019-11785 (Improper access control in mail module (followers) in Odoo Community 1 ...)
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/63710
+CVE-2019-11784 (Improper access control in mail module (notifications) in Odoo Communi ...)
+ - odoo 14.0.0+dfsg.2-1
+ NOTE: https://github.com/odoo/odoo/issues/63709
+CVE-2019-11783 (Improper access control in mail module (channel partners) in Odoo Comm ...)
+ - odoo 14.0.0+dfsg.2-1
+ NOTE: https://github.com/odoo/odoo/issues/63708
+CVE-2019-11782 (Improper access control in Odoo Community 14.0 and earlier and Odoo En ...)
+ - odoo 14.0.0+dfsg.2-1
+ NOTE: https://github.com/odoo/odoo/issues/63707
+CVE-2019-11781 (Improper input validation in portal component in Odoo Community 12.0 a ...)
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/63706
CVE-2019-11780 (Improper access control in the computed fields system of the framework ...)
- NOT-FOR-US: Odoo
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/42196
CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT cli ...)
{DSA-4570-1 DLA-1972-1}
- mosquitto 1.6.6-1 (bug #940654)
@@ -23324,7 +24190,7 @@ CVE-2019-11769 (An issue was discovered in TeamViewer 14.2.2558. Updating the pr
NOT-FOR-US: TeamViewer
CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability ...)
- phpmyadmin 4:4.9.1+dfsg1-2 (bug #930048)
- [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
[jessie] - phpmyadmin <not-affected> (vulnerable code is not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2019-3/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86
@@ -23477,7 +24343,7 @@ CVE-2019-11746 (A use-after-free vulnerability can occur while manipulating vide
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746
CVE-2019-11745 (When encrypting with a block cipher, if a call to NSC_EncryptUpdate wa ...)
- {DSA-4579-1 DLA-2008-1}
+ {DSA-4579-1 DLA-2388-1 DLA-2008-1}
- nss 2:3.47.1-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public)
NOTE: https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda
@@ -23567,7 +24433,7 @@ CVE-2019-11730 (A vulnerability exists where if a user opens a locally saved HTM
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11730
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11730
CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a segmentation fa ...)
- {DLA-1857-1}
+ {DLA-2388-1 DLA-1857-1}
- firefox 68.0-1 (unimportant)
- firefox-esr 60.8.0esr-1 (unimportant)
[buster] - firefox-esr 60.8.0esr-1~deb10u1
@@ -23577,7 +24443,6 @@ CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a segmentat
[stretch] - thunderbird 1:60.8.0-1~deb9u1
- nss 2:3.45-1
[buster] - nss 2:3.42.1-1+deb10u1
- [stretch] - nss <no-dsa> (Minor issue)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11729
@@ -23593,7 +24458,7 @@ CVE-2019-11727 (A vulnerability exists where it possible to force Network Securi
- firefox 68.0-1 (unimportant)
- nss 2:3.45-1
[buster] - nss 2:3.42.1-1+deb10u1
- [stretch] - nss <no-dsa> (Minor issue)
+ [stretch] - nss <ignored> (Issue is specific to TLS 1.3 and support was not really complete in 3.26; code has diverged significantly since and applying the fix would be very disruptive)
[jessie] - nss <ignored> (Issue is specific to TLS 1.3 and support was not really complete in 3.26; code has diverged significantly since and applying the fix would be very disruptive)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727
NOTE: https://hg.mozilla.org/projects/nss/rev/0a4e8b72a92e144663c2f35d3836f7828cfc97f2
@@ -23620,7 +24485,7 @@ CVE-2019-11720 (Some unicode characters are incorrectly treated as whitespace du
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11720
CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with leading 0 ...)
- {DLA-1857-1}
+ {DLA-2388-1 DLA-1857-1}
- firefox 68.0-1 (unimportant)
- firefox-esr 60.8.0esr-1 (unimportant)
[buster] - firefox-esr 60.8.0esr-1~deb10u1
@@ -23630,7 +24495,6 @@ CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with lea
[stretch] - thunderbird 1:60.8.0-1~deb9u1
- nss 2:3.45-1
[buster] - nss 2:3.42.1-1+deb10u1
- [stretch] - nss <no-dsa> (Minor issue)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11719
@@ -23820,8 +24684,8 @@ CVE-2019-11686 (Western Digital SanDisk X300, X300s, X400, and X600 devices: A v
NOT-FOR-US: Western Digital
CVE-2019-11685
RESERVED
-CVE-2019-11684
- RESERVED
+CVE-2019-11684 (Improper Access Control in the RCP+ server of the Bosch Video Recordin ...)
+ NOT-FOR-US: Bosch
CVE-2019-11683 (udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel ...)
- linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/4dd2b82d5adfbe0b1587ccad7a8f76d826120f37
@@ -24007,18 +24871,16 @@ CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 do
NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790
CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...)
- {DLA-1785-1}
- - imagemagick <unfixed> (bug #928206)
- [stretch] - imagemagick <postponed> (Fix along in next DSA)
+ {DSA-4712-1 DLA-2366-1 DLA-1785-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #928206)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e2a21735e3a3f3930bd431585ec36334c4c2eb77
NOTE: patch introduces new (potentially security relevant) bugs, see:
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540#issuecomment-491504100
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dd8efbac0b7fa9dd2da527ea3f629f39bf1c02cb
CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
- {DLA-1785-1}
- - imagemagick <unfixed> (bug #928207)
- [stretch] - imagemagick <postponed> (Fix along in next DSA)
+ {DSA-4712-1 DLA-2333-1 DLA-1785-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (bug #928207)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1555
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1d6c036f0388d7857c725342f7212b60e39a14c1
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c979b348d64a25a04f12ea7fe7888b2b23f230a7
@@ -24121,8 +24983,8 @@ CVE-2019-11558
RESERVED
CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress ...)
NOT-FOR-US: WebDorado Contact Form Builder plugi for WordPress
-CVE-2019-11556
- RESERVED
+CVE-2019-11556 (Pagure before 5.6 allows XSS via the templates/blame.html blame view. ...)
+ - pagure <not-affected> (Fixed before initial release)
CVE-2019-11554 (The Audible application through 2.34.0 for Android has Missing SSL Cer ...)
NOT-FOR-US: Audible application for Android
CVE-2019-11553 (In Code42 for Enterprise through 6.8.4, an administrator without web r ...)
@@ -24265,8 +25127,8 @@ CVE-2019-11499 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submiss
[jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115758.html
CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack t ...)
+ {DLA-2525-1}
- wavpack 5.1.0-6 (low; bug #927903)
- [stretch] - wavpack <no-dsa> (Minor issue)
[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
NOTE: https://github.com/dbry/WavPack/issues/67
NOTE: https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4
@@ -24347,9 +25209,8 @@ CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad
CVE-2019-11472 (ReadXWDImage in coders/xwd.c in the XWD image parsing component of Ima ...)
- - imagemagick <unfixed> (low; bug #927828)
- [buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
+ {DSA-4712-1 DLA-2333-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927828)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1546
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4
@@ -24359,10 +25220,8 @@ CVE-2019-11471 (libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::
NOTE: https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014
NOTE: https://github.com/strukturag/libheif/issues/123
CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attack ...)
- {DLA-1968-1}
- - imagemagick <unfixed> (low; bug #927830)
- [buster] - imagemagick <ignored> (Minor issue)
- [stretch] - imagemagick <ignored> (Minor issue)
+ {DSA-4712-1 DLA-2333-1 DLA-1968-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927830)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a0473b29add9521ffd4c74f6f623b418811762b0
CVE-2019-11469 (Zoho ManageEngine Applications Manager 12 through 14 allows FaultTempl ...)
@@ -24400,6 +25259,7 @@ CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail() fun
{DSA-4624-1 DLA-1882-1 DLA-1881-1}
- atril 1.22.3-1 (unimportant; bug #927821)
[buster] - atril 1.20.3-1+deb10u1
+ [stretch] - atril 1.16.1-2+deb9u2
- evince 3.32.0-3 (unimportant; bug #927820)
[buster] - evince 3.30.2-3+deb10u1
NOTE: https://gitlab.gnome.org/GNOME/evince/issues/1129
@@ -24414,14 +25274,12 @@ CVE-2019-11457 (Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via
CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. ...)
NOT-FOR-US: Gila CMS
CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit bef ...)
- {DLA-1767-1}
+ {DLA-2855-1 DLA-1767-1}
- monit 1:5.25.3-1 (bug #927775)
- [stretch] - monit <no-dsa> (Minor issue)
NOTE: https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
CVE-2019-11454 (Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash ...)
- {DLA-1767-1}
+ {DLA-2855-1 DLA-1767-1}
- monit 1:5.25.3-1 (bug #927775)
- [stretch] - monit <no-dsa> (Minor issue)
NOTE: https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
NOTE: https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
CVE-2019-11453
@@ -24505,11 +25363,17 @@ CVE-2019-11415 (An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A
CVE-2019-11414 (An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the ...)
NOT-FOR-US: Intelbras IWR 3000N 1.5.0 devices
CVE-2019-11413 (An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recurs ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700937
+ NOTE: https://github.com/ccxvii/mujs/commit/00d4606c3baf813b7b1c176823b2729bf51002a2
CVE-2019-11412 (An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700947
+ NOTE: https://github.com/ccxvii/mujs/commit/1e5479084bc9852854feb1ba9bf68b52cd127e02
CVE-2019-11411 (An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() an ...)
- NOT-FOR-US: MuJS
+ - mujs <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700938
+ NOTE: https://github.com/ccxvii/mujs/commit/da632ca08f240590d2dec786722ed08486ce1be6
CVE-2019-11410 (app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers f ...)
NOT-FOR-US: FreePBX
CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in FusionPBX ...)
@@ -24600,16 +25464,16 @@ CVE-2019-11375 (Msvod v10 has a CSRF vulnerability to change user information vi
CVE-2019-11374 (74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the ...)
NOT-FOR-US: 74CMS
CVE-2019-11373 (An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer ...)
+ {DLA-2603-1}
[experimental] - libmediainfo 19.04+dfsg-1
- libmediainfo 18.12-2 (low; bug #927672)
- [stretch] - libmediainfo <no-dsa> (Minor issue)
[jessie] - libmediainfo <no-dsa> (Minor issue)
NOTE: https://github.com/MediaArea/MediaInfoLib/pull/1111
NOTE: https://sourceforge.net/p/mediainfo/bugs/1101/
CVE-2019-11372 (An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test ...)
+ {DLA-2603-1}
[experimental] - libmediainfo 19.04+dfsg-1
- libmediainfo 18.12-2 (low; bug #927672)
- [stretch] - libmediainfo <no-dsa> (Minor issue)
[jessie] - libmediainfo <no-dsa> (Minor issue)
NOTE: https://github.com/MediaArea/MediaInfoLib/pull/1111
NOTE: https://sourceforge.net/p/mediainfo/bugs/1101/
@@ -24700,7 +25564,7 @@ CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmp
- libav <not-affected> (Vulnerable code not present)
NOTE: https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb
NOTE: https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a
-CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 4.1.2 mishandles detection of duplicate ...)
+CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of d ...)
{DSA-4449-1 DLA-1809-1}
- ffmpeg 7:4.1.3-1
- libav <removed>
@@ -24742,9 +25606,9 @@ CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, whic
NOTE: Introduced in: https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2
NOTE: Fixed by: https://git.haproxy.org/?p=haproxy.git;a=commit;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d
CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles certain cases ...)
+ {DLA-2686-1}
- python-urllib3 1.25.6-4 (bug #927412)
[buster] - python-urllib3 <no-dsa> (Minor issue)
- [stretch] - python-urllib3 <no-dsa> (Minor issue)
[jessie] - python-urllib3 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1
NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/3
@@ -24759,51 +25623,51 @@ CVE-2019-11319 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. There
CVE-2019-11318 (Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. ...)
NOT-FOR-US: Zimbra Collaboration
CVE-2019-11317
- RESERVED
+ REJECTED
CVE-2019-11316
- RESERVED
+ REJECTED
CVE-2019-11315
- RESERVED
+ REJECTED
CVE-2019-11314
- RESERVED
+ REJECTED
CVE-2019-11313
- RESERVED
+ REJECTED
CVE-2019-11312
- RESERVED
+ REJECTED
CVE-2019-11311
- RESERVED
+ REJECTED
CVE-2019-11310
- RESERVED
+ REJECTED
CVE-2019-11309
- RESERVED
+ REJECTED
CVE-2019-11308
- RESERVED
+ REJECTED
CVE-2019-11307
- RESERVED
+ REJECTED
CVE-2019-11306
- RESERVED
+ REJECTED
CVE-2019-11305
- RESERVED
+ REJECTED
CVE-2019-11304
- RESERVED
+ REJECTED
CVE-2019-11303
- RESERVED
+ REJECTED
CVE-2019-11302
- RESERVED
+ REJECTED
CVE-2019-11301
- RESERVED
+ REJECTED
CVE-2019-11300
- RESERVED
+ REJECTED
CVE-2019-11299
- RESERVED
+ REJECTED
CVE-2019-11298
- RESERVED
+ REJECTED
CVE-2019-11297
- RESERVED
+ REJECTED
CVE-2019-11296
- RESERVED
+ REJECTED
CVE-2019-11295
- RESERVED
+ REJECTED
CVE-2019-11294 (Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows spac ...)
NOT-FOR-US: Cloud Foundry
CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set to log ...)
@@ -24811,10 +25675,12 @@ CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set
CVE-2019-11292 (Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2. ...)
NOT-FOR-US: Pivotal
CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior ...)
- - rabbitmq-server <unfixed> (bug #945601)
+ - rabbitmq-server 3.8.3-1 (bug #945601)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
+ [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
[jessie] - rabbitmq-server <postponed> (Minor issue)
+ NOTE: https://github.com/rabbitmq/rabbitmq-shovel-management/commit/c22992b289dddadba866ac2b7fc697bc66847e4f
+ NOTE: https://github.com/rabbitmq/rabbitmq-federation-management/commit/52bf0ffbb8695060b1ae909266b9b62717e7ba2d
NOTE: https://pivotal.io/security/cve-2019-11291
CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query p ...)
NOT-FOR-US: Cloud Foundry
@@ -24823,13 +25689,13 @@ CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not pro
CVE-2019-11288 (In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions pr ...)
NOT-FOR-US: Pivotal
CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3. ...)
- - rabbitmq-server <unfixed> (bug #945600)
+ {DLA-2710-1}
+ - rabbitmq-server 3.8.3-1 (bug #945600)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <postponed> (Minor issue)
NOTE: https://pivotal.io/security/cve-2019-11287
-CVE-2019-11286
- RESERVED
+CVE-2019-11286 (VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and ...)
+ NOT-FOR-US: VMware
CVE-2019-11285
REJECTED
CVE-2019-11284 (Pivotal Reactor Netty, versions prior to 0.8.11, passes headers throug ...)
@@ -24839,15 +25705,16 @@ CVE-2019-11283 (Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally
CVE-2019-11282 (Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint tha ...)
NOT-FOR-US: Cloud Foundry
CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, ver ...)
+ {DLA-2710-1}
- rabbitmq-server 3.7.18-1 (low)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
- [stretch] - rabbitmq-server <no-dsa> (Minor issue)
[jessie] - rabbitmq-server <no-dsa> (Minor issue; one plugin not vulnerable, the other only exploitable by malicious admin)
NOTE: https://pivotal.io/security/cve-2019-11281
NOTE: fix for vhost limit feature: https://github.com/rabbitmq/rabbitmq-management/commit/42def1b51243397c1cb9192d6d064351e358bacc
NOTE: which was only introduced in 3.7.0-beta.19
NOTE: federation management plugin: exploitable only by a remote authenticated malicious user
- NOTE: with administrative access
+ NOTE: with administrative access
+ NOTE: https://github.com/rabbitmq/rabbitmq-federation-management/commit/d4d4cb2d3ecd7b6c8a51e50c3565c9a431c086b3
CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
NOT-FOR-US: Pivotal
CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a client that s ...)
@@ -24884,8 +25751,8 @@ CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other
- node-jquery 2.2.4+dfsg-4 (bug #927466)
- mediawiki 1:1.31.2-1
- otrs2 6.0.26-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://www.drupal.org/sa-core-2019-006
NOTE: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
NOTE: https://github.com/DanielRuf/snyk-js-jquery-174006?files=1
@@ -24925,8 +25792,9 @@ CVE-2019-11254 (The Kubernetes API Server component in versions 1.1-1.14, and ve
CVE-2019-11253 (Improper input validation in the Kubernetes API server in versions v1. ...)
- kubernetes 1.17.4-1
NOTE: https://github.com/kubernetes/kubernetes/issues/83253
-CVE-2019-11252
- RESERVED
+CVE-2019-11252 (The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulne ...)
+ - kubernetes 1.18.0-1
+ NOTE: https://github.com/kubernetes/kubernetes/pull/88684
CVE-2019-11251 (The Kubernetes kubectl cp command in versions 1.1-1.12, and versions p ...)
- kubernetes <not-affected> (Vulnerable code not present)
CVE-2019-11250 (The Kubernetes client-go library logs request headers at verbosity lev ...)
@@ -24968,11 +25836,10 @@ CVE-2019-11238
CVE-2019-11237
RESERVED
CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...)
- {DLA-1828-1}
+ {DLA-2686-1 DLA-1828-1}
[experimental] - python-urllib3 1.25.6-1
- python-urllib3 1.25.6-4 (bug #927172)
[buster] - python-urllib3 <no-dsa> (Minor issue)
- [stretch] - python-urllib3 <no-dsa> (Minor issue)
NOTE: https://github.com/urllib3/urllib3/issues/1553
NOTE: https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d
NOTE: https://github.com/urllib3/urllib3/commit/efddd7e7bad26188c3b692d1090cba768afa9162
@@ -25100,7 +25967,7 @@ CVE-2019-11187 (Incorrect Access Control in the LDAP class of GONICUS GOsa throu
[stretch] - fusiondirectory 1.0.19-1+deb9u1
- gosa 2.7.4+reloaded3-9
[buster] - gosa 2.7.4+reloaded3-8+deb10u1
- [stretch] - gosa <no-dsa> (Minor issue)
+ [stretch] - gosa 2.7.4+reloaded2-13+deb9u2
CVE-2019-11186
RESERVED
CVE-2019-11185 (The WP Live Chat Support Pro plugin through 8.0.26 for WordPress conta ...)
@@ -25243,8 +26110,8 @@ CVE-2019-11123 (Insufficient session validation in system firmware for Intel(R)
NOT-FOR-US: Intel
CVE-2019-11122
RESERVED
-CVE-2019-11121
- RESERVED
+CVE-2019-11121 (Improper file permissions in the installer for the Intel(R) Media SDK ...)
+ NOT-FOR-US: Intel
CVE-2019-11120 (Insufficient path checking in the installer for Intel(R) Active System ...)
NOT-FOR-US: Intel
CVE-2019-11119 (Insufficient session validation in the service API for Intel(R) RWC3 v ...)
@@ -25289,8 +26156,15 @@ CVE-2019-11100 (Insufficient input validation in the subsystem for Intel(R) AMT
NOT-FOR-US: Intel
CVE-2019-11099
RESERVED
-CVE-2019-11098
- RESERVED
+CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may allow an un ...)
+ [experimental] - edk2 2021.02-1
+ - edk2 2020.11-5 (bug #991495)
+ [bullseye] - edk2 2020.11-2+deb11u1
+ [buster] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <no-dsa> (Minor issue)
+ NOTE: https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1614
+ NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=316
CVE-2019-11097 (Improper directory permissions in the installer for Intel(R) Managemen ...)
NOT-FOR-US: Intel
CVE-2019-11096 (Insufficient memory protection for Intel(R) Ethernet I218 Adapter driv ...)
@@ -25380,9 +26254,9 @@ CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism b
CVE-2019-11067
RESERVED
CVE-2019-1003050 (The f:validateButton form control for the Jenkins UI did not properly ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was updated t ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-11066 (openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted Open ...)
NOT-FOR-US: LightOpenID
CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...)
@@ -25436,15 +26310,16 @@ CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an imag
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.1, 7.3.13
- NOTE: PHP Bug: http://bugs.php.net/78793
+ NOTE: PHP Bug: https://bugs.php.net/78793
CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ...)
- php7.3 <not-affected> (Windows specific issue)
- php7.0 <not-affected> (Windows specific issue)
- php5 <not-affected> (Windows specific issue)
NOTE: Fixed in PHP 7.4.1, 7.3.13
- NOTE: PHP Bug: http://bugs.php.net/78943
+ NOTE: PHP Bug: https://bugs.php.net/78943
CVE-2019-11048 (In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ...)
- - php7.4 <unfixed>
+ {DSA-4719-1 DSA-4717-1 DLA-2261-1}
+ - php7.4 7.4.9-1
- php7.3 <removed>
- php7.0 <removed>
- php5 <removed>
@@ -25463,29 +26338,29 @@ CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an imag
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.1, 7.3.13
- NOTE: PHP Bug: http://bugs.php.net/78910
+ NOTE: PHP Bug: https://bugs.php.net/78910
CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...)
{DSA-4628-1 DSA-4626-1 DLA-2050-1}
- php7.3 7.3.15-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.1, 7.3.13
- NOTE: PHP Bug: http://bugs.php.net/78878
- NOTE: http://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196
+ NOTE: PHP Bug: https://bugs.php.net/78878
+ NOTE: https://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196
CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...)
{DSA-4628-1 DSA-4626-1 DLA-2050-1}
- php7.3 7.3.15-1
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.1, 7.3.13
- NOTE: PHP Bug: http://bugs.php.net/78863
- NOTE: http://git.php.net/?p=php-src.git;a=patch;h=d74907b8575e6edb83b728c2a94df434c23e1f79
+ NOTE: PHP Bug: https://bugs.php.net/78863
+ NOTE: https://git.php.net/?p=php-src.git;a=patch;h=d74907b8575e6edb83b728c2a94df434c23e1f79
CVE-2019-11044 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Wi ...)
- php7.3 <not-affected> (Windows specific issue)
- php7.0 <not-affected> (Windows specific issue)
- php5 <not-affected> (Windows specific issue)
NOTE: Fixed in PHP 7.4.1, 7.3.13
- NOTE: PHP Bug: http://bugs.php.net/78862
+ NOTE: PHP Bug: https://bugs.php.net/78862
CVE-2019-11043 (In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below ...)
{DSA-4553-1 DSA-4552-1 DLA-1970-1}
- php7.3 7.3.11-1~deb10u1 (bug #943468; bug #943764)
@@ -25494,7 +26369,7 @@ CVE-2019-11043 (In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x
NOTE: Fixed in PHP 7.3.11, 7.2.24
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78599
NOTE: https://www.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=ab061f95ca966731b1c84cf5b7b20155c0a1c06a
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=ab061f95ca966731b1c84cf5b7b20155c0a1c06a
CVE-2019-11042 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...)
{DSA-4529-1 DSA-4527-1 DLA-1878-1}
- php7.3 7.3.8-1
@@ -25586,7 +26461,7 @@ CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely explo
NOTE: https://github.com/openid/ruby-openid/commit/f526132c6cb5d9195351c16ed36dced4ca3db496
CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...)
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #926721)
+ - poppler 0.85.0-2 (low; bug #926721)
[buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <ignored> (Minor issue)
@@ -25792,10 +26667,10 @@ CVE-2019-10944
RESERVED
CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
NOT-FOR-US: Siemens
-CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 (All versions), ...)
+CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+ NOT-FOR-US: Siemens
+CVE-2019-10941 (A vulnerability has been identified in SINEMA Server (All versions &lt ...)
NOT-FOR-US: Siemens
-CVE-2019-10941
- RESERVED
CVE-2019-10940 (A vulnerability has been identified in SINEMA Server (All versions &lt ...)
NOT-FOR-US: Siemens
CVE-2019-10939 (A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET var ...)
@@ -25824,21 +26699,21 @@ CVE-2019-10928 (A vulnerability has been identified in SCALANCE SC-600 (V2.0). A
NOT-FOR-US: Siemens
CVE-2019-10927 (A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANC ...)
NOT-FOR-US: Siemens
-CVE-2019-10926 (A vulnerability has been identified in SIMATIC Ident MV420 family (All ...)
+CVE-2019-10926 (A vulnerability has been identified in SIMATIC MV400 family (All Versi ...)
NOT-FOR-US: Siemens
-CVE-2019-10925 (A vulnerability has been identified in SIMATIC Ident MV420 family (All ...)
+CVE-2019-10925 (A vulnerability has been identified in SIMATIC MV400 family (All Versi ...)
NOT-FOR-US: Siemens
CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
NOT-FOR-US: Siemens
-CVE-2019-10923 (A vulnerability has been identified in CP1604 (All versions &lt; V2.8) ...)
+CVE-2019-10923 (A vulnerability has been identified in Development/Evaluation Kits for ...)
NOT-FOR-US: Siemens
CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
-CVE-2019-10921 (A vulnerability has been identified in LOGO!8 BM (All versions). Unenc ...)
+CVE-2019-10921 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: Siemens
-CVE-2019-10920 (A vulnerability has been identified in LOGO!8 BM (All versions). Proje ...)
+CVE-2019-10920 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: Siemens
-CVE-2019-10919 (A vulnerability has been identified in LOGO!8 BM (All versions). Attac ...)
+CVE-2019-10919 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
NOT-FOR-US: Siemens
CVE-2019-10918 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...)
NOT-FOR-US: Siemens
@@ -25898,23 +26773,21 @@ CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi
NOTE: https://issues.roundup-tracker.org/issue2551035
NOTE: https://bitbucket.org/python/roundup/commits/51682dc2cd7e28421d749117c25bec58f632ee5f
CVE-2019-10903 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SP ...)
- {DLA-1802-1}
+ {DLA-2423-1 DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
- [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eafdcfa4b6d5187a5326442a82608ab03d9dddcb
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-18.html
CVE-2019-10902 (In Wireshark 3.0.0, the TSDNS dissector could crash. This was addresse ...)
- - wireshark 2.6.8-1 (low; bug #926718)
- [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
- [jessie] - wireshark <not-affected> (vulnerable code is not present)
+ - wireshark <not-affected> (Vulnerable code never present in the archive in released version)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15619
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=95571f17d5e2de39735e62e5251583f930c06d51
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-16.html
+ NOTE: bug was never in Debian apart experimental released versions:
+ NOTE: Dissector introduced in 3.0.0 and CVE fixed in 3.0.1
CVE-2019-10901 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS diss ...)
- {DLA-1802-1}
+ {DLA-2423-1 DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
- [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cf801a25074f76dc3ae62d8ec53ace75f56ce2cd
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-17.html
@@ -25924,9 +26797,8 @@ CVE-2019-10900 (In Wireshark 3.0.0, the Rbm dissector could go into an infinite
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=26eee01f57f0a86fb375892c7937eac24ede4610
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-13.html
CVE-2019-10899 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC di ...)
- {DLA-1802-1}
+ {DLA-2423-1 DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
- [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b16fea2f175a3297edac118c8844c7987d31c1cb
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-10.html
@@ -25941,16 +26813,15 @@ CVE-2019-10897 (In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an i
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=00d5e9e9fb377f52ab7696f25c1dbc011ef0244d
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-11.html
CVE-2019-10896 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF disse ...)
+ {DLA-2423-1}
- wireshark 2.6.8-1 (low; bug #926718)
- [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
[jessie] - wireshark <not-affected> (vulnerable code is not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=441b6d9071d6341e58dfe10719375489c5b8e3f0
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-15.html
CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler ...)
- {DLA-1802-1}
+ {DLA-2423-1 DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
- [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2fbbde780e5d5d82e31dca656217daf278cf62bb
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=38680c4c69f9f4e0f39e29b66fe2b02d88eb629d
@@ -25958,9 +26829,8 @@ CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the Net
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cab0cff6abdd7a5b5b0bfa4ee204eea951e129e9
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-09.html
CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API d ...)
- {DLA-1802-1}
+ {DLA-2423-1 DLA-1802-1}
- wireshark 2.6.8-1 (low; bug #926718)
- [stretch] - wireshark <postponed> (Can be fixed along in next 2.6.x release)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa
NOTE: https://www.wireshark.org/security/wnpa-sec-2019-14.html
@@ -25988,8 +26858,8 @@ CVE-2019-10883 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN C
NOT-FOR-US: Citrix
CVE-2019-10882 (The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2 ...)
NOT-FOR-US: Netskope
-CVE-2019-10881
- RESERVED
+CVE-2019-10881 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C80 ...)
+ NOT-FOR-US: Xerox
CVE-2019-10880 (Within multiple XEROX products a vulnerability allows remote command e ...)
NOT-FOR-US: XEROX
CVE-2019-10879 (In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::O ...)
@@ -26026,20 +26896,20 @@ CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL point
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/748
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8dbe2e6c480405dab9347075cf4be626f90f1d05
CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
- {DLA-1815-1}
+ {DLA-2287-1 DLA-1815-1}
- poppler 0.71.0-5 (low; bug #926530)
- [stretch] - poppler <postponed> (Revisit when fixed upstream)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6a1580e84f492b5671d23be98192267bb73de250
CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...)
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #926529)
- [buster] - poppler <postponed> (Revisit when fixed upstream)
+ - poppler 0.85.0-2 (low; bug #926529)
+ [buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <postponed> (Revisit when fixed upstream)
[jessie] - poppler <postponed> (Revisit when fixed upstream)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/751
NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/266 (rejected in favor of always enabling SPLASH_CMYK)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/341 (always enable SPLASH_CMYK)
+ NOTE: Enabling SPLASH_CMYK in older releases causes regressions, see https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1905741
CVE-2019-10870
RESERVED
CVE-2019-10869 (Path Traversal and Unrestricted File Upload exists in the Ninja Forms ...)
@@ -26213,12 +27083,13 @@ CVE-2019-10786 (network-manager through 1.0.2 allows remote attackers to execute
CVE-2019-10785 (dojox is vulnerable to Cross-site Scripting in all versions before ver ...)
{DLA-2127-1}
- dojo 1.15.2+dfsg1-1 (bug #952771)
- [buster] - dojo 1.15.0+dfsg1-1+deb10u1
+ [buster] - dojo 1.14.2+dfsg1-1+deb10u1
NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr
NOTE: https://snyk.io/vuln/SNYK-JS-DOJOX-548257
NOTE: https://github.com/dojo/dojox/pull/315
CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be performed wit ...)
- phppgadmin <unfixed> (bug #953945)
+ [bullseye] - phppgadmin <no-dsa> (Minor issue)
[buster] - phppgadmin <no-dsa> (Minor issue)
[stretch] - phppgadmin <no-dsa> (Minor issue)
[jessie] - phppgadmin <no-dsa> (Minor issue)
@@ -26247,6 +27118,7 @@ CVE-2019-10774 (php-shellcommand versions before 1.6.1 have a command injection
NOTE: https://github.com/mikehaertl/php-shellcommand/issues/44
CVE-2019-10773 (In Yarn before 1.21.1, the package install functionality can be abused ...)
- node-yarnpkg 1.21.1-1
+ [buster] - node-yarnpkg <no-dsa> (Minor issue)
NOTE: https://github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023
NOTE: https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/
NOTE: https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7
@@ -26295,7 +27167,8 @@ CVE-2019-10755 (The SAML identifier generated within SAML2Utils.java was found t
CVE-2019-10754 (Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes ...)
NOT-FOR-US: Apereo Central Authentication Service
CVE-2019-10753 (In all versions prior to version 3.9.6 for eclipse-wtp, all versions p ...)
- NOT-FOR-US: eclipse-wtp
+ - eclipse-wtp <not-affected> (Does not affect the Debian build/package)
+ NOTE: https://snyk.io/vuln/SNYK-JAVA-COMDIFFPLUGSPOTLESS-460377
CVE-2019-10752 (Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnera ...)
NOT-FOR-US: sequelize Node module
CVE-2019-10751 (All versions of the HTTPie package prior to version 1.0.3 are vulnerab ...)
@@ -26360,6 +27233,7 @@ CVE-2019-10736
RESERVED
CVE-2019-10735 (In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encry ...)
- claws-mail <unfixed> (low; bug #926705)
+ [bullseye] - claws-mail <no-dsa> (Minor issue)
[buster] - claws-mail <postponed> (Revisit when fixed upstream)
[stretch] - claws-mail <postponed> (Revisit when fixed upstream)
[jessie] - claws-mail <postponed> (Revisit when fixed upstream)
@@ -26377,7 +27251,7 @@ CVE-2019-10732 (In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP e
- kdepim <removed>
[stretch] - kdepim <no-dsa> (Minor issue)
NOTE: https://bugs.kde.org/show_bug.cgi?id=404698
- NOTE: https://cgit.kde.org/messagelib.git/commit/?id=8f9b85b664be0987014c5d2485e706ab5a198e1b (v19.04.2)
+ NOTE: https://github.com/KDE/messagelib/commit/8f9b85b664be0987014c5d2485e706ab5a198e1b (v19.04.2)
CVE-2019-10731
RESERVED
CVE-2019-10730
@@ -26396,7 +27270,8 @@ CVE-2019-10724 (There is a vulnerability with the Dolby DAX2 API system services
NOT-FOR-US: Dolby
CVE-2019-10723 (An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class i ...)
- libpodofo <unfixed> (low; bug #926667)
- [buster] - libpodofo <no-dsa> (Minor issue)
+ [bullseye] - libpodofo <ignored> (Minor issue)
+ [buster] - libpodofo <ignored> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <postponed> (clean exception quit/DoS, low popcon)
NOTE: https://sourceforge.net/p/podofo/tickets/46/
@@ -26597,8 +27472,8 @@ CVE-2019-10681
RESERVED
CVE-2019-10680
RESERVED
-CVE-2019-10679
- RESERVED
+CVE-2019-10679 (Thomson Reuters Eikon 4.0.42144 allows all local users to modify the s ...)
+ NOT-FOR-US: Thomson Reuters Eikon
CVE-2019-10678 (Domoticz before 4.10579 neglects to categorize \n and \r as insecure a ...)
- domoticz <itp> (bug #899058)
CVE-2019-10677 (Multiple Cross-Site Scripting (XSS) issues in the web interface on DAS ...)
@@ -26665,7 +27540,8 @@ CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-r
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4800ae0dabdb3012f82820af946060c3ca9fdb87
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/d8d844c6f23f4d90d8fe893fe9225dd78fc1e6ef
CVE-2019-10649 (In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SV ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1533
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3ae9c19125c8704b4866381f7a064ca2cbdc006
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e3417aebe17cbe274b7361aa92c83226ca5b646b
@@ -26716,14 +27592,14 @@ CVE-2019-10631 (Shell Metacharacter Injection in the package installer on Zyxel
NOT-FOR-US: Zyxel
CVE-2019-10630 (A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 a ...)
NOT-FOR-US: Zyxel
-CVE-2019-10629
- RESERVED
-CVE-2019-10628
- RESERVED
+CVE-2019-10629 (u'User Process can potentially corrupt kernel virtual page by passing ...)
+ NOT-FOR-US: Snapdragon
+CVE-2019-10628 (u'Memory can be potentially corrupted if random index is allowed to ma ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-10627 (Integer overflow to buffer overflow vulnerability in PostScript image ...)
NOT-FOR-US: Qualcomm
-CVE-2019-10626
- RESERVED
+CVE-2019-10626 (Payload size is not validated before reading memory that may cause iss ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-10625 (Out of bound access in diag services when DCI command buffer reallocat ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10624 (While handling the vendor command there is an integer truncation issue ...)
@@ -26737,19 +27613,19 @@ CVE-2019-10621 (Use after free issue when MAP and UNMAP calls at same time as da
CVE-2019-10620 (Kernel memory error in debug module due to improper check of user data ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10619
- RESERVED
+ REJECTED
CVE-2019-10618 (Driver may access an invalid address while processing IO control due t ...)
NOT-FOR-US: Snapdragon
CVE-2019-10617 (Low privilege users can access service configuration which contains re ...)
NOT-FOR-US: Qualcomm
CVE-2019-10616 (Possibility of null pointer access if the SPDM commands are executed i ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10615
- RESERVED
+CVE-2019-10615 (u'Possibility of integer overflow in keymaster 4 while allocating memo ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10614 (Out of boundary access is possible as there is no validation of data a ...)
NOT-FOR-US: Snapdragon
CVE-2019-10613
- RESERVED
+ REJECTED
CVE-2019-10612 (UTCB object has a function pointer called by the reaper to deallocate ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10611 (Buffer overflow can occur while processing clip due to lack of check o ...)
@@ -26777,13 +27653,13 @@ CVE-2019-10601 (Out of bound access can occur while processing firmware event du
CVE-2019-10600 (Use of local variable as argument to netlink CB callback goes out of i ...)
NOT-FOR-US: Snapdragon
CVE-2019-10599
- RESERVED
+ REJECTED
CVE-2019-10598 (Out of bound access can occur while processing peer info in IBSS conne ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10597
- RESERVED
-CVE-2019-10596
- RESERVED
+CVE-2019-10597 (kernel writes to user passed address without any checks can lead to ar ...)
+ NOT-FOR-US: Snapdragon
+CVE-2019-10596 (u'Improper access control can lead signed process to guess pid of othe ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-10595 (Possible buffer overwrite in message handler due to lack of validation ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10594 (Stack overflow can occur when SDP is received with multiple payload ty ...)
@@ -26814,8 +27690,8 @@ CVE-2019-10582 (Use after free issue due to using of invalidated iterator to del
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10581 (NULL is assigned to local instance of audio device pointer after free ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10580
- RESERVED
+CVE-2019-10580 (When kernel thread unregistered listener, Use after free issue happene ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10579 (Buffer over-read can occur while playing the video clip which is not s ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10578 (Null pointer dereference can occur while parsing the clip which is non ...)
@@ -26829,7 +27705,7 @@ CVE-2019-10575 (Wlan binary which is not signed with OEMs RoT is working on secu
CVE-2019-10574 (Lack of boundary checks for data offsets received from HLOS can lead t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10573
- RESERVED
+ REJECTED
CVE-2019-10572 (Improper check in video driver while processing data from video firmwa ...)
NOT-FOR-US: Snapdragon
CVE-2019-10571 (Snapshot of IB can lead to invalid address access due to missing check ...)
@@ -26839,7 +27715,7 @@ CVE-2019-10570
CVE-2019-10569 (Stack buffer overflow due to instance id is misplaced inside definitio ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10568
- RESERVED
+ REJECTED
CVE-2019-10567 (There is a way to deceive the GPU kernel driver into thinking there is ...)
NOT-FOR-US: Snapdragon
CVE-2019-10566 (Buffer overflow can occur in wlan module if supported rates or extende ...)
@@ -26850,12 +27726,12 @@ CVE-2019-10564 (Possible OOB issue in EEPROM due to lack of check while accessin
NOT-FOR-US: Snapdragon
CVE-2019-10563 (Buffer over-read can occur in fast message handler due to improper inp ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10562
- RESERVED
+CVE-2019-10562 (u'Improper authentication and signature verification of debug polices ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2019-10561 (Improper initialization of local variables which are parameters to sfs ...)
NOT-FOR-US: Snapdragon
CVE-2019-10560
- RESERVED
+ REJECTED
CVE-2019-10559 (Accessing data buffer beyond the available data while parsing ogg clip ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10558 (While transferring data from APPS to DSP, Out of bound in FastRPC HLOS ...)
@@ -26920,8 +27796,8 @@ CVE-2019-10529 (Possible use after free issue due to race condition while attemp
NOT-FOR-US: Snapdragon
CVE-2019-10528 (Use after free issue in kernel while accessing freed mdlog session inf ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10527
- RESERVED
+CVE-2019-10527 (u'SMEM partition can be manipulated in case of any compromise on HLOS, ...)
+ NOT-FOR-US: Snapdragon
CVE-2019-10526 (Out of bound write in WLAN driver due to NULL character not properly p ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10525 (Buffer overflow during SIB read when network configures complete sib l ...)
@@ -27163,17 +28039,17 @@ CVE-2019-10408 (A cross-site request forgery vulnerability in Jenkins Project In
CVE-2019-10407 (Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10406 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10405 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value o ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10404 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10403 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10402 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10401 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandabl ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10400 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10399 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 ...)
@@ -27207,9 +28083,9 @@ CVE-2019-10386 (A cross-site request forgery vulnerability in Jenkins XL TestVie
CVE-2019-10385 (Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10384 (Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to ob ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10383 (A stored cross-site scripting vulnerability in Jenkins 2.191 and earli ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10382 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SS ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10381 (Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS ...)
@@ -27267,11 +28143,11 @@ CVE-2019-10356 (A sandbox bypass vulnerability in Jenkins Script Security Plugin
CVE-2019-10355 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 ...)
NOT-FOR-US: Jenkins Script Security Plugin
CVE-2019-10354 (A vulnerability in the Stapler web framework used in Jenkins 2.185 and ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10353 (CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10352 (A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176 ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-10351 (Jenkins Caliper CI Plugin stores credentials unencrypted in job config ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10350 (Jenkins Port Allocator Plugin stores credentials unencrypted in job co ...)
@@ -27481,6 +28357,8 @@ CVE-2019-10256 (An authentication bypass vulnerability in VIVOTEK IPCam versions
NOT-FOR-US: VIVOTEK IPCam
CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...)
- jupyter-notebook 5.7.8-1 (bug #925939)
+ [stretch] - jupyter-notebook <no-dsa> (Intrusive to backport)
+ - jupyterhub <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb
NOTE: https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b
NOTE: When adressing this issue make sure to not open CVE-2019-10856 and apply the
@@ -27520,10 +28398,9 @@ CVE-2019-10249 (All Xtext &amp; Xtend versions prior to 2.18.0 were built using
CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts fo ...)
NOT-FOR-US: Eclipse Vorto
CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, ...)
+ {DSA-4949-1 DLA-2661-1}
[experimental] - jetty9 9.4.18-1
- - jetty9 <unfixed> (bug #928444)
- [buster] - jetty9 <no-dsa> (Minor issue)
- [stretch] - jetty9 <no-dsa> (Minor issue)
+ - jetty9 9.4.18-2 (bug #928444)
- jetty8 <removed>
[jessie] - jetty8 <no-dsa> (Minor issue)
- jetty <removed>
@@ -27545,15 +28422,15 @@ CVE-2019-10243 (In Eclipse Kura versions up to 4.0.0, Kura exposes the underlyin
CVE-2019-10242 (In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked ...)
NOT-FOR-US: Eclipse Kura
CVE-2019-10241 (In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.1 ...)
+ {DSA-4949-1 DLA-2661-1}
[experimental] - jetty9 9.4.18-1
- - jetty9 <unfixed> (bug #928444)
- [buster] - jetty9 <no-dsa> (Minor issue)
- [stretch] - jetty9 <no-dsa> (Minor issue)
+ - jetty9 9.4.18-2 (bug #928444)
- jetty8 <removed>
[jessie] - jetty8 <no-dsa> (Minor issue)
- jetty <removed>
- [jessie] - jetty <no-dsa> (Minor issue)
+ [jessie] - jetty <not-affected> (Test case reproducers properly HTML-escaped)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121
+ NOTE: https://github.com/eclipse/jetty.project/issues/3319#issuecomment-567918620
CVE-2019-10240 (Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifac ...)
NOT-FOR-US: Eclipse hawkBit
CVE-2019-10239 (Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently ...)
@@ -27590,8 +28467,7 @@ CVE-2019-10227 (openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-foun
NOT-FOR-US: openITCOCKPIT
CVE-2019-10226 (HTML Injection has been discovered in the v0.19.0 version of the Fat F ...)
NOT-FOR-US: Fat Free CRM
-CVE-2019-10225
- RESERVED
+CVE-2019-10225 (A flaw was found in atomic-openshift of openshift-4.2 where the basic- ...)
NOT-FOR-US: OpenShift
CVE-2019-10224 (A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. ...)
- 389-ds-base 1.4.1.5-1
@@ -27616,8 +28492,9 @@ CVE-2019-10222 (A flaw was found in the Ceph RGW configuration with Beast as the
NOTE: 12.2.x installations only affected by the vulnerability if experimental
NOTE: features are enabled.
CVE-2019-10221 (A Reflected Cross Site Scripting vulnerability was found in all pki-co ...)
- - dogtag-pki <unfixed>
+ - dogtag-pki 10.9.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1732565
+ NOTE: https://github.com/dogtagpki/pki/pull/452
CVE-2019-10220 (Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a rel ...)
{DLA-2114-1 DLA-2068-1}
- linux 5.3.9-1
@@ -27625,16 +28502,18 @@ CVE-2019-10220 (Linux kernel CIFS implementation, version 4.9.0 is vulnerable to
[stretch] - linux 4.9.210-1
CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml validat ...)
- libhibernate-validator-java <unfixed> (bug #948235)
- [buster] - libhibernate-validator-java <not-affected> (Vulnerable code was introduced later.)
- [stretch] - libhibernate-validator-java <not-affected> (Vulnerable code was introduced later.)
- [jessie] - libhibernate-validator-java <not-affected> (Vulnerable code was introduced later.)
+ [bullseye] - libhibernate-validator-java <no-dsa> (Minor issue)
+ [buster] - libhibernate-validator-java <not-affected> (Vulnerable code was introduced later)
+ [stretch] - libhibernate-validator-java <not-affected> (Vulnerable code was introduced later)
+ [jessie] - libhibernate-validator-java <not-affected> (Vulnerable code was introduced later)
+ - libhibernate-validator4-java <not-affected> (Vulnerable code was introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1738673
NOTE: https://hibernate.atlassian.net/browse/HV-1739
NOTE: Fixed by https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee
CVE-2019-10218 (A flaw was found in the samba client, all samba versions before samba ...)
+ {DLA-2668-1}
- samba 2:4.11.1+dfsg-2
[buster] - samba <no-dsa> (Minor issue)
- [stretch] - samba <no-dsa> (Minor issue)
[jessie] - samba <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2019-10218.html
CVE-2019-10217 (A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensit ...)
@@ -27651,7 +28530,7 @@ CVE-2019-10216 (In ghostscript before version 9.50, the .buildfont1 procedure di
- ghostscript 9.27~dfsg-3.1 (bug #934638)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/12/4
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701394
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19
CVE-2019-10215 (Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-sit ...)
NOT-FOR-US: Bootstrap-3-Typeahead
CVE-2019-10214 (The containers/image library used by the container tools Podman, Build ...)
@@ -27692,9 +28571,8 @@ CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a
NOTE: https://github.com/ansible/ansible/pull/63351
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829
CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...)
+ {DSA-4950-1}
- ansible 2.8.6+dfsg-1 (bug #933005)
- [buster] - ansible <no-dsa> (Minor issue)
- [stretch] - ansible <no-dsa> (Minor issue)
[jessie] - ansible <not-affected> (Vulnerable code introduced later, password templating code introduced with 2.0 refactoring, '{{' supported in passwords)
NOTE: https://github.com/ansible/ansible/pull/59246
NOTE: 2.8.x https://github.com/ansible/ansible/pull/59552
@@ -27708,8 +28586,8 @@ CVE-2019-10205 (A flaw was found in the way Red Hat Quay stores robot account to
CVE-2019-10204
RESERVED
CVE-2019-10203 (PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1. ...)
- - pdns 4.2.0-1 (low)
- [buster] - pdns <no-dsa> (Minor issue)
+ - pdns 4.2.0-1 (low; bug #970729)
+ [buster] - pdns 4.1.6-3+deb10u1
[stretch] - pdns <no-dsa> (Minor issue)
[jessie] - pdns <no-dsa> (Minor issue)
NOTE: Fixed in 4.2.0, 4.1.11, 4.0.9, for existing installations a manual schema update
@@ -27719,8 +28597,7 @@ CVE-2019-10202 (A series of deserialization vulnerabilities have been discovered
NOT-FOR-US: Codehaus
CVE-2019-10201 (It was found that Keycloak's SAML broker, versions up to 6.0.1, did no ...)
NOT-FOR-US: Keycloak
-CVE-2019-10200
- RESERVED
+CVE-2019-10200 (A flaw was discovered in OpenShift Container Platform 4 where, by defa ...)
NOT-FOR-US: OpenShift
CVE-2019-10199 (It was found that Keycloak's account console, up to 6.0.1, did not per ...)
NOT-FOR-US: Keycloak
@@ -27732,8 +28609,7 @@ CVE-2019-10197 (A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.1
[stretch] - samba <not-affected> (Issue introduced in 4.9.0 upstream)
[jessie] - samba <not-affected> (Issue introduced in 4.9.0 upstream)
NOTE: https://www.samba.org/samba/security/CVE-2019-10197.html
-CVE-2019-10196
- RESERVED
+CVE-2019-10196 (A flaw was found in http-proxy-agent, prior to version 2.1.0. It was d ...)
NOT-FOR-US: nodejs-http-proxy-agent
CVE-2019-10195 (A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...)
- freeipa 4.8.3-1
@@ -27761,11 +28637,13 @@ CVE-2019-10192 (A heap-buffer overflow vulnerability was found in the Redis hype
NOTE: https://github.com/antirez/redis/commit/7f79849caa006f0d760b6c7e17f7796e3be92b4f (5.0.4)
CVE-2019-10191 (A vulnerability was discovered in DNS resolver of knot resolver before ...)
- knot-resolver 5.0.1-1 (bug #932048)
+ [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html
NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/839
NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1
CVE-2019-10190 (A vulnerability was discovered in DNS resolver component of knot resol ...)
- knot-resolver 5.0.1-1 (bug #932048)
+ [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html
NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/827
NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1
@@ -27810,12 +28688,16 @@ CVE-2019-10181 (It was found that in icedtea-web up to and including 1.7.2 and 1
NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/528cb8163b7053576a658b9602b5694b21957b0e (1.8)
CVE-2019-10180 (A vulnerability was found in all pki-core 10.x.x version, where the To ...)
- dogtag-pki <unfixed>
+ [bullseye] - dogtag-pki <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1721137
CVE-2019-10179 (A vulnerability was found in all pki-core 10.x.x versions, where the K ...)
- - dogtag-pki <unfixed>
+ - dogtag-pki 10.9.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1695901
+ NOTE: https://github.com/dogtagpki/pki/commit/8884b4344225bd6656876d9e2a58b3268e9a899b (v10.9.0-b3)
+ NOTE: https://github.com/dogtagpki/pki/commit/a93a65be0b1bcf94e004ba59c6a0c8a2c086936f (v10.9.0)
CVE-2019-10178 (It was found that the Token Processing Service (TPS) did not properly ...)
- dogtag-pki <unfixed>
+ [bullseye] - dogtag-pki <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1719042
CVE-2019-10177 (A stored cross-site scripting (XSS) vulnerability was found in the PDF ...)
NOT-FOR-US: Red Hat CloudForms
@@ -27832,10 +28714,12 @@ CVE-2019-10173 (It was found that xstream API version 1.4.10 before 1.4.11 intro
NOTE: http://x-stream.github.io/changes.html#1.4.11
NOTE: Regression introduced and present only in 1.4.10.
CVE-2019-10172 (A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libr ...)
- {DLA-2091-1}
- - libjackson-json-java <unfixed>
+ {DLA-2342-1 DLA-2091-1}
+ - libjackson-json-java 1.9.13-2
+ [buster] - libjackson-json-java <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1715075
NOTE: https://stackoverflow.com/questions/38017676/small-fix-for-cve-2016-3720-with-older-versions-of-jackson-all-1-9-11-and-in-ja/38017721
+ NOTE: https://github.com/FasterXML/jackson-1/pull/1
CVE-2019-10171 (It was found that the fix for CVE-2018-14648 in 389-ds-base, versions ...)
- 389-ds-base <not-affected> (Incomplete RHEL backport)
CVE-2019-10170 (A flaw was found in the Keycloak admin console, where the realm manage ...)
@@ -27886,11 +28770,12 @@ CVE-2019-10161 (It was discovered that libvirtd before versions 4.10.1 and 5.4.1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720115
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580
CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python since ...)
+ {DLA-2280-1}
- python3.7 3.7.4~rc2-2
[buster] - python3.7 3.7.3-2+deb10u1
- - python3.6 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
- - python3.5 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
- - python3.4 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
+ - python3.6 <not-affected> (Fix for CVE-2019-9636 not applied)
+ - python3.5 <removed>
+ - python3.4 <not-affected> (Vulnerable fix to regression introduced by fix for CVE-2019-9636 not applied)
- python2.7 2.7.16-3
[buster] - python2.7 2.7.16-2+deb10u1
[stretch] - python2.7 <not-affected> (Incomplete fix for CVE-2019-9636 not applied)
@@ -27910,10 +28795,8 @@ CVE-2019-10158 (A flaw was found in Infinispan through version 9.4.14.Final. An
CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.3 did ...)
NOT-FOR-US: Keycloak
CVE-2019-10156 (A flaw was discovered in the way Ansible templating was implemented in ...)
- {DLA-1923-1}
+ {DSA-4950-1 DLA-2535-1 DLA-1923-1}
- ansible 2.8.3+dfsg-1 (low; bug #930065)
- [buster] - ansible <no-dsa> (Minor issue)
- [stretch] - ansible <no-dsa> (Minor issue)
NOTE: https://github.com/ansible/ansible/pull/57188
CVE-2019-10155 (The Libreswan Project has found a vulnerability in the processing of I ...)
- libreswan 3.27-6 (bug #930338)
@@ -27934,7 +28817,7 @@ CVE-2019-10153 (A flaw was discovered in fence-agents, prior to version 4.3.4, w
CVE-2019-10152 (A path traversal vulnerability has been discovered in podman before ve ...)
- libpod <not-affected> (Fixed before initial upload)
CVE-2019-10151
- RESERVED
+ REJECTED
CVE-2019-10150 (It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 ...)
NOT-FOR-US: OpenShift
CVE-2019-10149 (A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper v ...)
@@ -27949,18 +28832,19 @@ CVE-2019-10149 (A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Impr
CVE-2019-10148
REJECTED
CVE-2019-10147 (rkt through version 1.30.0 does not isolate processes in containers th ...)
- - rkt <unfixed> (bug #929781)
+ - rkt <removed> (bug #929781)
NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
NOTE: https://github.com/rkt/rkt/issues/3998
CVE-2019-10146 (A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x ...)
- - dogtag-pki <unfixed>
+ - dogtag-pki 10.9.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1710171
+ NOTE: https://github.com/dogtagpki/pki/commit/b235c0f3c6c249dbba692410b525d8d6fb7409f4 (10.9.0-b1)
CVE-2019-10145 (rkt through version 1.30.0 does not isolate processes in containers th ...)
- - rkt <unfixed> (bug #929781)
+ - rkt <removed> (bug #929781)
NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
NOTE: https://github.com/rkt/rkt/issues/3998
CVE-2019-10144 (rkt through version 1.30.0 does not isolate processes in containers th ...)
- - rkt <unfixed> (bug #929781)
+ - rkt <removed> (bug #929781)
NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
NOTE: https://github.com/rkt/rkt/issues/3998
CVE-2019-10143 (** DISPUTED ** It was discovered freeradius up to and including versio ...)
@@ -28002,9 +28886,9 @@ CVE-2019-10132 (A vulnerability was found in libvirt &gt;= 4.1.0 in the virtlock
[jessie] - libvirt <not-affected> (Vulnerable code introduced in 4.1.0-rc1)
NOTE: https://security.libvirt.org/2019/0003.html
CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick before ...)
+ {DLA-2333-1}
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick 8:6.9.10.2+dfsg-2
- [stretch] - imagemagick <no-dsa> (Minor issue)
[jessie] - imagemagick <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1704762
NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e
@@ -28019,12 +28903,10 @@ CVE-2019-10130 (A vulnerability was found in PostgreSQL versions 11.x up to excl
CVE-2019-10129 (A vulnerability was found in postgresql versions 11.x prior to 11.3. U ...)
- postgresql-11 11.3-1
NOTE: https://www.postgresql.org/about/news/1939/
-CVE-2019-10128
- RESERVED
+CVE-2019-10128 (A vulnerability was found in postgresql versions 11.x prior to 11.3. T ...)
- postgresql-11 <not-affected> (Windows-specific)
NOTE: https://www.postgresql.org/about/news/1939/
-CVE-2019-10127
- RESERVED
+CVE-2019-10127 (A vulnerability was found in postgresql versions 11.x prior to 11.3. T ...)
- postgresql-11 <not-affected> (Windows-specific)
NOTE: https://www.postgresql.org/about/news/1939/
CVE-2019-10126 (A flaw was found in the Linux kernel. A heap based buffer overflow in ...)
@@ -28091,16 +28973,15 @@ CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Applica
- intellij-idea <itp> (bug #747616)
CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ...)
- intellij-idea <itp> (bug #747616)
-CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...)
- NOT-FOR-US: JetBrains
+ - intellij-community-idea <undetermined>
CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving artifacts using ...)
- NOT-FOR-US: JetBrains
+ - kotlin <not-affected> (Fixed before initial upload to Debian)
CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it wa ...)
NOT-FOR-US: JetBrains YouTrack Confluence plugin
CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...)
NOT-FOR-US: article2pdf Wordpress plugin
CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write user dat ...)
- NOT-FOR-US: Apache Spark
+ - apache-spark <itp> (bug #802194)
CVE-2019-10098 (In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_r ...)
{DSA-4509-1 DLA-1900-1}
- apache2 2.4.41-1
@@ -28117,9 +28998,9 @@ CVE-2019-10097 (In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was confi
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10097
NOTE: https://svn.apache.org/r1864613
CVE-2019-10096
- RESERVED
-CVE-2019-10095
- RESERVED
+ REJECTED
+CVE-2019-10095 (bash command injection vulnerability in Apache Zeppelin allows an atta ...)
+ NOT-FOR-US: Apache Zeppelin
CVE-2019-10094 (A carefully crafted package/compressed file that, when unzipped/uncomp ...)
- tika 1.22-1 (bug #933746)
[buster] - tika <no-dsa> (Minor issue)
@@ -28213,13 +29094,17 @@ CVE-2019-10071 (The code which checks HMAC in form submissions used String.equal
CVE-2019-10070 (Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored ...)
NOT-FOR-US: Apache Atlas
CVE-2019-10069 (In Godot through 3.1, remote code execution is possible due to the des ...)
- NOT-FOR-US: Godot
+ - godot 3.2-stable-1
+ [buster] - godot <no-dsa> (Minor issue)
+ NOTE: https://github.com/godotengine/godot/pull/27398
+ NOTE: https://github.com/godotengine/godot/commit/e3bd84fa571661d76fc8458d65bb053988e934a6 (3.2-stable)
+ NOTE: For 3.0: https://github.com/godotengine/godot/commit/0c4881f1dbfe4feab879b4f0fe031b735ddc1f9f
CVE-2019-10068 (An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x befor ...)
NOT-FOR-US: Kentico
CVE-2019-10067 (An issue was discovered in Open Ticket Request System (OTRS) 7.x throu ...)
- otrs2 6.0.18-1
[buster] - otrs2 6.0.16-2
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (vulnerable code is not present)
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8a489236336ddc82e745c27abb32dfa1ceefb0f4
NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/67158d8b08309859572c795982ecc7c52484ab0e
@@ -28235,9 +29120,8 @@ CVE-2019-10065 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
- otrs2 <not-affected> (Only affects 7.x series)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2019-07/
CVE-2019-10064 (hostapd before 2.6, in EAP mode, makes calls to the rand() and random( ...)
- {DLA-2138-1}
+ {DLA-2318-1 DLA-2138-1}
- wpa 2:2.6-7
- [stretch] - wpa <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/27/1
NOTE: Comment from upstream: https://www.openwall.com/lists/oss-security/2020/02/27/2
NOTE: Issue fixed in conjunction with CVE-2016-10743.
@@ -28249,8 +29133,8 @@ CVE-2019-10063 (Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x be
[stretch] - flatpak 0.8.9-0+deb9u3
NOTE: https://github.com/flatpak/flatpak/issues/2782
NOTE: https://github.com/flatpak/flatpak/commit/a9107feeb4b8275b78965b36bf21b92d5724699e
-CVE-2019-10062
- RESERVED
+CVE-2019-10062 (The HTMLSanitizer class in html-sanitizer.ts in all released versions ...)
+ NOT-FOR-US: Aurelia
CVE-2019-10061 (utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) ...)
- node-opencv 6.0.0+git20180416.cfc96ba0-3 (unimportant; bug #925571)
NOTE: https://www.npmjs.com/advisories/789
@@ -28376,8 +29260,8 @@ CVE-2019-10020 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the
CVE-2019-10019 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2019-10018 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...)
+ {DLA-2440-1}
- poppler 0.57.0-2 (low; bug #926133)
- [stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <ignored> (Minor issue)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 (PostScriptFunction::exec@Function.cc:1374-42___FPE PoC)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101500
@@ -28423,7 +29307,7 @@ CVE-2019-9985
CVE-2019-9984
RESERVED
CVE-2019-9983
- RESERVED
+ REJECTED
CVE-2019-9982
RESERVED
CVE-2019-9981
@@ -28499,11 +29383,10 @@ CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view in c
CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.php i ...)
- limesurvey <itp> (bug #472802)
CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...)
- {DLA-1963-1}
+ {DLA-2440-1 DLA-1963-1}
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #941776)
+ - poppler 0.85.0-2 (low; bug #941776)
[buster] - poppler <ignored> (Minor issue)
- [stretch] - poppler <ignored> (Minor issue)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/805
NOTE: Patch: https://gitlab.freedesktop.org/poppler/poppler/commit/68ef84e5968a4249c2162b839ca6d7975048a557 (poppler-0.79.0)
NOTE: Reproducer: https://gitlab.freedesktop.org/poppler/poppler/uploads/3f22837ebd503f87e730b51221b89742/raiter_issue5465.pdf
@@ -28532,14 +29415,13 @@ CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultr
CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100 ...)
NOT-FOR-US: Western Digital
CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...)
- {DLA-1852-1 DLA-1834-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1852-1 DLA-1834-1}
- python3.7 3.7.4~rc2-2
[buster] - python3.7 3.7.3-2+deb10u1
- python3.6 <removed>
- python3.5 <removed>
- python3.4 <removed>
- python2.7 2.7.16-2
- [stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue35907
NOTE: https://github.com/python/cpython/pull/11842
NOTE: https://github.com/python/cpython/commit/34bab215596671d0dec2066ae7d7450cd73f638b (3.7)
@@ -28547,7 +29429,7 @@ CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: sche
NOTE: https://github.com/python/cpython/commit/b15bde8058e821b383d81fcae68b335a752083ca (2.7)
NOTE: https://github.com/python/cpython/commit/942c31dffbe886ff02e25a319cc3891220b8c641 (2.7)
CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...)
- {DLA-1835-1 DLA-1834-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1835-1 DLA-1834-1}
- python3.7 3.7.4~rc2-2
[buster] - python3.7 3.7.3-2+deb10u1
- python3.6 <removed>
@@ -28555,21 +29437,22 @@ CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 a
- python3.4 <removed>
- python2.7 2.7.16-3
[buster] - python2.7 2.7.16-2+deb10u1
- [stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue35906
NOTE: Introduced by: https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352ed2262
NOTE: CVE-2019-9947 issue fixed with same fix as for CVE-2019-9740
NOTE: Patch 2.7: https://github.com/python/cpython/commit/bb8071a4cae5ab3fe321481dd3d73662ffb26052
CVE-2019-9946 (Cloud Native Computing Foundation (CNCF) CNI (Container Networking Int ...)
- - kubernetes <undetermined>
+ - kubernetes 1.17.4-1
+ - golang-github-containernetworking-plugins <not-affected> (Fixed before initial upload)
+ - singularity-container 3.5.0+ds1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1692712
- TODO: singularity-container seems to embed as well a copy of cni
+ NOTE: singularity-container embeds a copy, but switched to packaged one in 3.5.0+ds1-1, marking as fixed
CVE-2019-9945 (SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGI ...)
NOT-FOR-US: SoftNAS Cloud
-CVE-2019-9944
- RESERVED
-CVE-2019-9943
- RESERVED
+CVE-2019-9944 (In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the r ...)
+ NOT-FOR-US: Open Microscopy Environment OMERO.server
+CVE-2019-9943 (In ome.services.graphs.GraphTraversal.findObjectDetails in Open Micros ...)
+ NOT-FOR-US: Open Microscopy Environment OMERO.server
CVE-2019-9942 (A sandbox information disclosure exists in Twig before 1.38.0 and 2.x ...)
{DSA-4419-1}
[experimental] - twig 2.7.1-1
@@ -28586,13 +29469,13 @@ CVE-2019-9939 (The SHAREit application before 4.0.36 for Android allows a remote
CVE-2019-9938 (The SHAREit application before 4.0.42 for Android allows a remote atta ...)
NOT-FOR-US: SHAREit
CVE-2019-9937 (In SQLite 3.27.2, interleaving reads and writes in a single transactio ...)
+ {DLA-2340-1}
- sqlite3 3.27.2-2 (low; bug #925290)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
[jessie] - sqlite3 <not-affected> (fts5 introducded later, function not available for fts3)
NOTE: https://sqlite.org/src/info/45c73deb440496e8
CVE-2019-9936 (In SQLite 3.27.2, running fts5 prefix queries inside a transaction cou ...)
+ {DLA-2340-1}
- sqlite3 3.27.2-2 (low; bug #925289)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
[jessie] - sqlite3 <not-affected> (fts5 introducded later, function not available for fts3)
NOTE: https://sqlite.org/src/info/b3fa58dd7403dbd4
CVE-2019-9935 (Various Lexmark products have Incorrect Access Control (issue 2 of 2). ...)
@@ -28630,7 +29513,7 @@ CVE-2019-9924 (rbash in Bash before 4.4-beta2 did not prevent the shell user fro
- bash 4.4-1 (low)
NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441
CVE-2019-9923 (pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ...)
- - tar <unfixed> (unimportant; bug #925286)
+ - tar 1.32+dfsg-1 (unimportant; bug #925286)
NOTE: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
NOTE: http://savannah.gnu.org/bugs/?55369 (private)
NOTE: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
@@ -28679,13 +29562,14 @@ CVE-2019-9905
RESERVED
CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2. ...)
- graphviz <unfixed> (low; bug #925284)
- [buster] - graphviz <no-dsa> (Minor issue)
- [stretch] - graphviz <no-dsa> (Minor issue)
+ [bullseye] - graphviz <ignored> (Minor issue)
+ [buster] - graphviz <ignored> (Minor issue)
+ [stretch] - graphviz <ignored> (Minor issue)
[jessie] - graphviz <no-dsa> (Minor issue)
NOTE: https://gitlab.com/graphviz/graphviz/issues/1512
CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict mark ...)
[experimental] - poppler 0.81.0-1
- - poppler <unfixed> (low; bug #925264)
+ - poppler 0.85.0-2 (low; bug #925264)
[buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <not-affected> (Vulnerable code not present)
@@ -28730,7 +29614,7 @@ CVE-2019-9892 (An issue was discovered in Open Ticket Request System (OTRS) 5.x
{DLA-1774-1}
- otrs2 6.0.18-1
[buster] - otrs2 6.0.16-2
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/3617488c6c28e06203e4127c7b031140f775a685
NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/c3b9342a85c6f2c9382e074ad9cc440ce80a6f34
NOTE: https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/
@@ -28745,27 +29629,24 @@ CVE-2019-9889 (In Vanilla before 2.6.4, a flaw exists within the getSingleIndex
CVE-2019-9888
RESERVED
CVE-2019-1010319 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...)
+ {DLA-2525-1}
- wavpack 5.1.0-7 (low; bug #932061)
[buster] - wavpack <no-dsa> (Minor issue)
- [stretch] - wavpack <no-dsa> (Minor issue)
- [jessie] - wavpack <no-dsa> (Minor issue)
NOTE: https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe
NOTE: https://github.com/dbry/WavPack/issues/68
CVE-2019-1010318
REJECTED
CVE-2019-1010317 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...)
+ {DLA-2525-1}
- wavpack 5.1.0-7 (low; bug #932060)
[buster] - wavpack <no-dsa> (Minor issue)
- [stretch] - wavpack <no-dsa> (Minor issue)
- [jessie] - wavpack <no-dsa> (Minor issue)
NOTE: https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b
NOTE: https://github.com/dbry/WavPack/issues/66
CVE-2019-1010316 (pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. Th ...)
NOT-FOR-US: pyxtrlock
CVE-2019-1010315 (WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The i ...)
+ {DLA-2525-1}
- wavpack 5.1.0-6 (low)
- [stretch] - wavpack <no-dsa> (Minor issue)
- [jessie] - wavpack <no-dsa> (Minor issue)
NOTE: https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc
NOTE: https://github.com/dbry/WavPack/issues/65
CVE-2019-1010314 (Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The imp ...)
@@ -28790,9 +29671,8 @@ CVE-2019-1010307 (GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (
CVE-2019-1010306 (Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact ...)
NOT-FOR-US: Slanger
CVE-2019-1010305 (libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: I ...)
- {DLA-1895-1}
+ {DLA-2805-1 DLA-1895-1}
- libmspack 0.10.1-1
- [stretch] - libmspack <no-dsa> (Minor issue)
NOTE: https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d
NOTE: https://github.com/kyz/libmspack/issues/27
CVE-2019-1010304 (Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f ...)
@@ -28908,6 +29788,7 @@ CVE-2019-1010260 (Using ktlint to download and execute custom rulesets can resul
NOT-FOR-US: ktlint
CVE-2019-1010259 (SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impac ...)
- salt 2018.3.4~git20180207+dfsg1-1
+ [stretch] - salt <not-affected> (vulnerable MySQL queries are not present)
[jessie] - salt <not-affected> (vulnerable MySQL queries are not present)
NOTE: https://github.com/saltstack/salt/pull/51462
CVE-2019-1010258 (nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf4 ...)
@@ -28939,7 +29820,7 @@ CVE-2019-1010249 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: In
CVE-2019-1010248 (Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. T ...)
NOT-FOR-US: ONOS
CVE-2019-1010247 (ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cr ...)
- {DLA-1894-1}
+ {DLA-2298-1 DLA-1894-1}
- libapache2-mod-auth-openidc 2.3.10.2-1
NOTE: Fixed by: https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b (v2.3.10.2)
NOTE: https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-001_mod_auth_openidc_reflected_xss.txt
@@ -29107,11 +29988,14 @@ CVE-2019-1010178 (Fred MODX Revolution &lt; 1.0.0-beta5 is affected by: Incorrec
CVE-2019-1010177 (Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: deni ...)
NOT-FOR-US: Jsish
CVE-2019-1010176 (JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affecte ...)
- NOT-FOR-US: JerryScript
+ - iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/2476
+ NOTE: https://github.com/jerryscript-project/jerryscript/commit/505dace719aebb3308a3af223cfaa985159efae0
CVE-2019-1010175
RESERVED
CVE-2019-1010174 (CImg The CImg Library v.2.3.3 and earlier is affected by: command inje ...)
- {DLA-1934-1}
+ {DLA-2421-1 DLA-1934-1}
- cimg 2.3.6+dfsg-1
NOTE: https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146 (v.2.3.4)
CVE-2019-1010173 (Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is ...)
@@ -29294,10 +30178,11 @@ CVE-2019-1010093
CVE-2019-1010092
RESERVED
CVE-2019-1010091 (tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...)
- - tinymce <undetermined>
+ - tinymce <removed> (bug #970256)
+ [buster] - tinymce <no-dsa> (Minor issue)
+ [stretch] - tinymce <ignored> (Minor issue, can't reproduce)
[jessie] - tinymce <ignored> (Minor issue, requires manually copy/pasting javascript to execute it, can't reproduce on Jessie)
NOTE: https://github.com/tinymce/tinymce/issues/4394
- TODO: check
CVE-2019-1010090
RESERVED
CVE-2019-1010089
@@ -29387,8 +30272,8 @@ CVE-2019-1010059
CVE-2019-1010058
RESERVED
CVE-2019-1010057 (nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact ...)
+ {DLA-2383-1}
- nfdump 1.6.17-1
- [stretch] - nfdump <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://github.com/phaag/nfdump/issues/104
NOTE: https://github.com/phaag/nfdump/commit/9f0fe9563366f62a71d34c92229da3432ec5cf0e
CVE-2019-1010056
@@ -29460,15 +30345,15 @@ CVE-2019-1010025 (** DISPUTED ** GNU Libc current is affected by: Mitigation byp
- glibc <unfixed> (unimportant)
NOTE: Not treated as a security issue by upstream
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22853
-CVE-2019-1010024 (GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...)
+CVE-2019-1010024 (** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The ...)
- glibc <unfixed> (unimportant)
NOTE: Not treated as a security issue by upstream
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22852
-CVE-2019-1010023 (GNU Libc current is affected by: Re-mapping current loaded libray with ...)
+CVE-2019-1010023 (** DISPUTED ** GNU Libc current is affected by: Re-mapping current loa ...)
- glibc <unfixed> (unimportant)
NOTE: Not treated as a security issue by upstream
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22851
-CVE-2019-1010022 (GNU Libc current is affected by: Mitigation bypass. The impact is: Att ...)
+CVE-2019-1010022 (** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The ...)
- glibc <unfixed> (unimportant)
NOTE: Not treated as a security issue by upstream
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22850
@@ -29481,9 +30366,10 @@ CVE-2019-1010019
CVE-2019-1010018 (Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Script ...)
- zammad <itp> (bug #841355)
CVE-2019-1010017 (libnmap &lt; v0.6.3 is affected by: XML Injection. The impact is: Deni ...)
- - python-libnmap <unfixed> (low)
+ - python-libnmap 0.7.2-1 (low)
[buster] - python-libnmap <no-dsa> (Minor issue)
NOTE: https://github.com/savon-noir/python-libnmap/issues/87
+ NOTE: https://github.com/savon-noir/python-libnmap/pull/109
CVE-2019-1010016 (Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact ...)
- dolibarr <removed>
NOTE: https://github.com/Dolibarr/dolibarr/issues/7962
@@ -29509,6 +30395,7 @@ CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: D
{DSA-4624-1 DLA-1882-1 DLA-1881-1}
- atril 1.22.2-1
[buster] - atril 1.20.3-1+deb10u1
+ [stretch] - atril 1.16.1-2+deb9u2
- evince 3.27.92-1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=788980
NOTE: https://gitlab.gnome.org/GNOME/evince/commit/e6ed0d4cdb6326e329c8f61f9cc19ff9331cb0ce (3.27.91)
@@ -29703,6 +30590,7 @@ CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html
NOTE: https://www.openwall.com/lists/oss-security/2019/03/18/1
NOTE: https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113
+ NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vp7q-v36g-7vq7
CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote run confi ...)
- intellij-idea <itp> (bug #747616)
CVE-2019-9822
@@ -29989,7 +30877,7 @@ CVE-2019-9755 (An integer underflow issue exists in ntfs-3g 2017.3.23. A local a
- ntfs-3g 1:2017.3.23AR.3-3 (bug #925255)
NOTE: https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/
CVE-2019-9754 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
- - tcc <unfixed> (low; bug #925127)
+ - tcc 0.9.27+git20200814.62c30a4a-1 (low; bug #925127)
[buster] - tcc <ignored> (Minor issue)
[stretch] - tcc <ignored> (Minor issue)
[jessie] - tcc <no-dsa> (Minor issue)
@@ -30000,14 +30888,14 @@ CVE-2019-9753 (An issue was discovered in Open Ticket Request System (OTRS) 7.x
CVE-2019-9752 (An issue was discovered in Open Ticket Request System (OTRS) 5.x befor ...)
{DLA-1721-1}
- otrs2 6.0.16-1
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/341c4096222819a108feb02256aba878943bf810
NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4e3dfbaa054762b29df54705aa412685dd37e15
CVE-2019-9751 (An issue was discovered in Open Ticket Request System (OTRS) 6.x befor ...)
- otrs2 6.0.17-1
[buster] - otrs2 6.0.16-2
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (Vulnerable code not present)
NOTE: https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/1afb2b995e59551b927c2105e234e8b87efcc37a
@@ -30031,19 +30919,17 @@ CVE-2019-9743 (An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-8
CVE-2019-9742 (gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attac ...)
NOT-FOR-US: G Data Total Security
CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection is po ...)
- {DLA-1749-1}
+ {DLA-2592-1 DLA-2591-1 DLA-1749-1}
- golang-1.12 1.12-1
- golang-1.11 1.11.6-1 (bug #924630)
- golang-1.8 <removed>
- [stretch] - golang-1.8 <ignored> (Minor issue)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue)
- golang <removed>
NOTE: https://github.com/golang/go/issues/30794
NOTE: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9
NOTE: https://github.com/golang/go/commit/f1d662f34788f4a5f087581d0951cdf4e0f6e708#diff-b97af51863ce82bf2a13003b52034aa9
CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...)
- {DLA-1835-1 DLA-1834-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1835-1 DLA-1834-1}
- python3.7 3.7.4~rc2-2
[buster] - python3.7 3.7.3-2+deb10u1
- python3.6 <removed>
@@ -30051,9 +30937,10 @@ CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 a
- python3.4 <removed>
- python2.7 2.7.16-3
[buster] - python2.7 2.7.16-2+deb10u1
- [stretch] - python2.7 <no-dsa> (Minor issue)
- NOTE: https://bugs.python.org/issue36276
NOTE: https://bugs.python.org/issue30458
+ NOTE: https://bugs.python.org/issue36276 (duplicate)
+ NOTE: https://bugs.python.org/issue36274 (common regression fix)
+ NOTE: https://bugs.python.org/issue38216 (common regression fix)
NOTE: CVE-2019-9947 issue fixed with same fix as for CVE-2019-9740
NOTE: Patch 2.7: https://github.com/python/cpython/commit/bb8071a4cae5ab3fe321481dd3d73662ffb26052
CVE-2019-9739
@@ -30097,7 +30984,7 @@ CVE-2019-9723 (LogicalDOC Community Edition 8.x before 8.2.1 has a path traversa
NOT-FOR-US: LogicalDOC
CVE-2019-9722
RESERVED
-CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 4.1 allows attac ...)
+CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allo ...)
- ffmpeg 7:4.1.3-1 (bug #926666)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65
@@ -30111,7 +30998,7 @@ CVE-2019-9720 (A stack-based buffer overflow in the subtitle decoder in Libav 12
CVE-2019-9719 (** DISPUTED ** A stack-based buffer overflow in the subtitle decoder i ...)
- libav <unfixed> (unimportant)
NOTE: Generic low-certainty warning about snprintf usage without rationale
-CVE-2019-9718 (In FFmpeg 4.1, a denial of service in the subtitle decoder allows atta ...)
+CVE-2019-9718 (In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder all ...)
{DSA-4449-1}
- ffmpeg 7:4.1.3-1 (low; bug #926666)
NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982
@@ -30141,19 +31028,16 @@ CVE-2019-9708 (An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 bef
CVE-2019-9707
RESERVED
CVE-2019-9705 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...)
- {DLA-1723-1}
+ {DLA-2801-1 DLA-1723-1}
- cron 3.0pl1-133 (low)
- [stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/26814a26
CVE-2019-9706 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...)
- {DLA-1723-1}
+ {DLA-2801-1 DLA-1723-1}
- cron 3.0pl1-133 (bug #809167)
- [stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/40791b93
CVE-2019-9704 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...)
- {DLA-1723-1}
+ {DLA-2801-1 DLA-1723-1}
- cron 3.0pl1-133 (low)
- [stretch] - cron <no-dsa> (Minor issue, will be fixed via point update)
NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/f2525567
CVE-2019-9703 (Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible ...)
NOT-FOR-US: Symantec
@@ -30222,8 +31106,8 @@ CVE-2019-9675 (** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 a
NOTE: Fixed in 7.1.27, 7.3.3
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77586
CVE-2019-9674 (Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...)
- - python3.8 <unfixed> (unimportant)
- - python3.7 <unfixed> (unimportant)
+ - python3.8 <removed> (unimportant)
+ - python3.7 <removed> (unimportant)
- python3.5 <removed> (unimportant)
- python3.4 <removed> (unimportant)
- python2.7 <unfixed> (unimportant)
@@ -30272,7 +31156,7 @@ CVE-2019-9658 (Checkstyle before 8.18 loads external DTDs by default. ...)
{DLA-1768-1}
- checkstyle 8.26-1 (low; bug #924598)
[buster] - checkstyle 8.15-1+deb10u1
- [stretch] - checkstyle <no-dsa> (Minor issue)
+ [stretch] - checkstyle 6.15-1+deb9u1
NOTE: https://github.com/checkstyle/checkstyle/issues/6474
NOTE: https://github.com/checkstyle/checkstyle/issues/6478
NOTE: https://github.com/checkstyle/checkstyle/pull/6476
@@ -30312,6 +31196,7 @@ CVE-2019-9646 (The Contact Form Email plugin before 1.2.66 for WordPress allows
NOT-FOR-US: WordPress plugin contact-form-to-email
CVE-2019-9644 (An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook befor ...)
- jupyter-notebook 5.7.8-1 (bug #924515)
+ [stretch] - jupyter-notebook <no-dsa> (Intrusive to backport)
NOTE: https://github.com/jupyter/notebook/commit/cfc335b76466ccf1538ce545b654b29b5ab0097c
NOTE: https://github.com/jupyter/notebook/commit/b5105814fc41c6d789b317fa59f786bad7f9d798
NOTE: https://github.com/jupyter/notebook/commit/bfaa61385729ed4fb453863053f9a79141f01119
@@ -30320,13 +31205,12 @@ CVE-2019-9643
CVE-2019-9642 (An issue was discovered in proxy.php in pydio-core in Pydio through 8. ...)
- extplorer <removed>
CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Impr ...)
- {DLA-1835-1 DLA-1834-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1835-1 DLA-1834-1}
- python3.7 3.7.3~rc1-1 (bug #924072)
- python3.6 <removed>
- python3.5 <removed>
- python3.4 <removed>
- python2.7 2.7.16-2 (bug #924073)
- [stretch] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue36216
NOTE: https://github.com/python/cpython/pull/12201
NOTE: https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html
@@ -30405,7 +31289,7 @@ CVE-2019-9633 (gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a p
CVE-2019-9632 (ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability vi ...)
NOT-FOR-US: ESAFENET CDG
CVE-2019-9631 (Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBo ...)
- {DLA-1752-1}
+ {DLA-2287-1 DLA-1752-1}
- poppler 0.71.0-4 (bug #926673)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/736
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8122f6d6d409b53151a20c5578fc525ee97315e8
@@ -30427,7 +31311,7 @@ CVE-2019-9625 (JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI
NOT-FOR-US: JBMC DirectAdmin
CVE-2019-XXXX [high memory usage with some long running sessions]
- proftpd-dfsg 1.3.5d-1 (bug #923926)
- [stretch] - proftpd-dfsg <ignored> (Minor issue)
+ [stretch] - proftpd-dfsg 1.3.5e+r1.3.5b-4+deb9u1
[jessie] - proftpd-dfsg 1.3.5e-0+deb8u1
NOTE: https://github.com/proftpd/proftpd/issues/330#issuecomment-276891713
NOTE: https://forum.armbian.com/topic/9692-nanopi-neo-2-memory-leak-in-proftpd-even-worse-if-ssl-encrypted/?do=findComment&comment=73069
@@ -30656,6 +31540,7 @@ CVE-2019-9546 (SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege
NOT-FOR-US: SolarWinds Orion Platform
CVE-2019-9545 (An issue was discovered in Poppler 0.74.0. A recursive function call, ...)
- poppler <unfixed> (low; bug #923552)
+ [bullseye] - poppler <ignored> (Minor issue)
[buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <ignored> (Minor issue)
@@ -30664,6 +31549,7 @@ CVE-2019-9544 (An issue was discovered in Bento4 1.5.1-628. An out of bounds wri
NOT-FOR-US: Bento4
CVE-2019-9543 (An issue was discovered in Poppler 0.74.0. A recursive function call, ...)
- poppler <unfixed> (low; bug #923553)
+ [bullseye] - poppler <ignored> (Minor issue)
[buster] - poppler <ignored> (Minor issue)
[stretch] - poppler <ignored> (Minor issue)
[jessie] - poppler <postponed> (Minor issue; revisit when fixed upstream)
@@ -30747,14 +31633,14 @@ CVE-2019-9515 (Some HTTP/2 implementations are vulnerable to a settings flood, p
NOTE: https://github.com/h2o/h2o/issues/2090
NOTE: https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f
CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, potential ...)
- {DSA-4669-1 DSA-4520-1 DSA-4508-1 DSA-4503-1}
+ {DSA-4669-1 DSA-4520-1 DSA-4508-1 DSA-4503-1 DLA-2485-1}
- golang-1.13 1.13~beta1-3 (bug #934955)
- golang-1.12 1.12.8-1
- golang-1.11 1.11.13-1
- golang-1.8 <removed>
- [stretch] - golang-1.8 <ignored> (Minor issue)
+ [stretch] - golang-1.8 <ignored> (Minor issue, DoS, invasive, net/http server-side, requires rebuilding reverse-dependencies)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue)
+ [stretch] - golang-1.7 <ignored> (Minor issue, DoS, invasive, net/http server-side, requires rebuilding reverse-dependencies)
- golang <removed>
[jessie] - golang <not-affected> (No HTTP2 support yet)
- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
@@ -30787,14 +31673,14 @@ CVE-2019-9513 (Some HTTP/2 implementations are vulnerable to resource loops, pot
NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potentially ...)
- {DSA-4520-1 DSA-4508-1 DSA-4503-1}
+ {DSA-4520-1 DSA-4508-1 DSA-4503-1 DLA-2485-1}
- golang-1.13 1.13~beta1-3 (bug #934955)
- golang-1.12 1.12.8-1
- golang-1.11 1.11.13-1
- golang-1.8 <removed>
- [stretch] - golang-1.8 <ignored> (Minor issue)
+ [stretch] - golang-1.8 <ignored> (Minor issue, DoS, invasive, net/http server-side, requires rebuilding reverse-dependencies)
- golang-1.7 <removed>
- [stretch] - golang-1.7 <ignored> (Minor issue)
+ [stretch] - golang-1.7 <ignored> (Minor issue, DoS, invasive, net/http server-side, requires rebuilding reverse-dependencies)
- golang <removed>
[jessie] - golang <not-affected> (No HTTP2 support yet)
- golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1
@@ -30929,8 +31815,8 @@ CVE-2019-9477
RESERVED
CVE-2019-9476
RESERVED
-CVE-2019-9475
- RESERVED
+CVE-2019-9475 (In /proc/net of the kernel filesystem, there is a possible information ...)
+ NOT-FOR-US: Android
CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
NOT-FOR-US: Android
CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
@@ -30989,6 +31875,7 @@ CVE-2019-9454 (In the Android kernel in i2c driver there is a possible out of bo
CVE-2019-9453 (In the Android kernel in F2FS touch driver there is a possible out of ...)
- linux 5.2.6-1
[buster] - linux 4.19.67-1
+ [stretch] - linux <ignored> (f2fs is not supportable)
[jessie] - linux <ignored> (f2fs is not supportable)
NOTE: https://git.kernel.org/linus/2777e654371dd4207a3a7f4fb5fa39550053a080
CVE-2019-9452 (In the Android kernel in SEC_TS touch driver there is a possible out o ...)
@@ -31006,6 +31893,7 @@ CVE-2019-9447 (In the Android kernel in the FingerTipS touchscreen driver there
CVE-2019-9446 (In the Android kernel in the FingerTipS touchscreen driver there is a ...)
NOT-FOR-US: Android kernel
CVE-2019-9445 (In the Android kernel in F2FS driver there is a possible out of bounds ...)
+ {DLA-2420-1}
- linux 5.2.6-1
[buster] - linux 4.19.98-1
[jessie] - linux <ignored> (f2fs is not supportable)
@@ -31152,7 +32040,7 @@ CVE-2019-9378 (In the Activity Manager service, there is a possible permission b
NOT-FOR-US: Android
CVE-2019-9377 (In FingerprintService, there is a possible bypass for operating system ...)
NOT-FOR-US: Android
-CVE-2019-9376 (In the Accounts package, there is a possible crash due to improper inp ...)
+CVE-2019-9376 (In Account of Account.java, there is a possible boot loop due to impro ...)
NOT-FOR-US: Android
CVE-2019-9375 (In hostapd, there is a possible out of bounds write due to a race cond ...)
NOT-FOR-US: Android
@@ -31432,6 +32320,7 @@ CVE-2019-9246 (In NFC, there is a possible out of bounds read due to a missing b
NOT-FOR-US: Android
CVE-2019-9245 (In the Android kernel in the f2fs driver there is a possible out of bo ...)
- linux 4.19.16-1
+ [stretch] - linux <ignored> (f2fs is not supportable)
[jessie] - linux <ignored> (f2fs is not supportable)
NOTE: https://git.kernel.org/linus/64beba0558fce7b59e9a8a7afd77290e82a22163
CVE-2019-9244 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
@@ -31537,9 +32426,8 @@ CVE-2019-9211 (There is a reachable assertion abort in the function write_long_s
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1683499
NOTE: Crash in CLI tool, no security impact
CVE-2019-9210 (In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer ...)
- {DLA-1702-1}
+ {DLA-2868-1 DLA-1702-1}
- advancecomp 2.1-2 (low; bug #923416)
- [stretch] - advancecomp <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/advancemame/bugs/277/
NOTE: Fixed by https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02
CVE-2019-9209 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and rel ...)
@@ -31570,7 +32458,7 @@ CVE-2019-9202 (Nagios IM (component of Nagios XI) before 2.2.7 allows authentica
CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/ ...)
NOT-FOR-US: Phoenix Contact ILC
CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() locate ...)
- {DLA-1706-1}
+ {DLA-2287-1 DLA-1706-1}
- poppler 0.71.0-4 (bug #923414)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/728
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/f4136a6353162db249f63ddb0f20611622ab61b4
@@ -31715,19 +32603,15 @@ CVE-2019-9154 (Improper Verification of a Cryptographic Signature in OpenPGP.js
CVE-2019-9153 (Improper Verification of a Cryptographic Signature in OpenPGP.js &lt;= ...)
- node-openpgp <itp> (bug #787774)
CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
- - hdf5 <unfixed>
- [buster] - hdf5 <no-dsa> (Minor issue)
- [stretch] - hdf5 <no-dsa> (Minor issue)
- [jessie] - hdf5 <ignored> (Minor issue)
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul8
NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10719
+ NOTE: Negligible security impact
CVE-2019-9151 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
- - hdf5 <unfixed>
- [buster] - hdf5 <no-dsa> (Minor issue)
- [stretch] - hdf5 <no-dsa> (Minor issue)
- [jessie] - hdf5 <ignored> (Minor issue)
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul7
NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10718
+ NOTE: Negligible security impact
CVE-2019-9150 (Mailvelope prior to 3.3.0 does not require user interaction to import ...)
NOT-FOR-US: Mailvelope
CVE-2019-9149 (Mailvelope prior to 3.3.0 allows private key operations without user i ...)
@@ -31885,9 +32769,9 @@ CVE-2019-9083 (SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitem
CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other pro ...)
NOT-FOR-US: ThinkPHP
CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...)
- NOT-FOR-US: Laravel Framework
-CVE-2019-9080
- RESERVED
+ - php-laravel-framework <undetermined>
+CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...)
+ NOT-FOR-US: DomainMOD
CVE-2019-9079
RESERVED
CVE-2019-9078 (zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter b ...)
@@ -31948,8 +32832,8 @@ CVE-2019-9062 (PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site R
NOT-FOR-US: PHP Scripts Mall Online Food Ordering Script
CVE-2019-9061 (An issue was discovered in CMS Made Simple 2.2.8. In the module Module ...)
NOT-FOR-US: CMS Made Simple
-CVE-2019-9060
- RESERVED
+CVE-2019-9060 (An issue was discovered in CMS Made Simple 2.2.8. It is possible to ac ...)
+ NOT-FOR-US: CMS Made Simple
CVE-2019-9059 (An issue was discovered in CMS Made Simple 2.2.8. It is possible, with ...)
NOT-FOR-US: CMS Made Simple
CVE-2019-9058 (An issue was discovered in CMS Made Simple 2.2.8. In the administrator ...)
@@ -31995,18 +32879,21 @@ CVE-2019-9039 (In Couchbase Sync Gateway 2.1.2, an attacker with access to the S
CVE-2019-9038 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9037 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9036 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
@@ -32015,60 +32902,70 @@ CVE-2019-9036 (An issue was discovered in libmatio.a in matio (aka MAT File I/O
CVE-2019-9035 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9034 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9033 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9032 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9031 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9030 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9029 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9028 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9027 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
CVE-2019-9026 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...)
- libmatio 1.5.13-2 (low; bug #924185)
[stretch] - libmatio <no-dsa> (Minor issue)
+ [jessie] - libmatio <no-dsa> (Minor issue, hard to backport)
NOTE: https://github.com/tbeu/matio/issues/103
NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775
NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb
@@ -32293,15 +33190,15 @@ CVE-2019-8952 (A Path Traversal vulnerability located in the webserver affects s
CVE-2019-8951 (An Open Redirect vulnerability located in the webserver affects severa ...)
NOT-FOR-US: Bosch
CVE-2019-1003028 (A server-side request forgery vulnerability exists in Jenkins JMS Mess ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003027 (A server-side request forgery vulnerability exists in Jenkins OctopusD ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003026 (A server-side request forgery vulnerability exists in Jenkins Mattermo ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003025 (A exposure of sensitive information vulnerability exists in Jenkins Cl ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003024 (A sandbox bypass vulnerability exists in Jenkins Script Security Plugi ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-8950 (The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices w ...)
NOT-FOR-US: DASAN
CVE-2019-8949
@@ -32317,7 +33214,7 @@ CVE-2019-8945 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. ..
CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step in Octo ...)
NOT-FOR-US: Terraform
CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...)
- - wordpress <unfixed> (bug #923583)
+ - wordpress <undetermined> (bug #923583)
[jessie] - wordpress <postponed> (requires privileged account, not directly exploitable as CVE-2019-8942 is fixed, no official patch)
NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
NOTE: This CVE is explicitly for the mentioned Path Traversal in wp_crop_image().
@@ -32384,10 +33281,18 @@ CVE-2019-8924 (XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or
NOT-FOR-US: XAMPP
CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf ...)
NOT-FOR-US: XAMPP
-CVE-2019-8922
- RESERVED
-CVE-2019-8921
- RESERVED
+CVE-2019-8922 (A heap-based buffer overflow was discovered in bluetoothd in BlueZ thr ...)
+ {DLA-2827-1}
+ - bluez 5.54-1
+ [buster] - bluez <no-dsa> (Minor issue)
+ NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
+ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6c7243fb6ab90b7b855cead98c66394fedea135f (5.51)
+CVE-2019-8921 (An issue was discovered in bluetoothd in BlueZ through 5.48. The vulne ...)
+ {DLA-2827-1}
+ - bluez 5.54-1
+ [buster] - bluez <no-dsa> (Minor issue)
+ NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/
+ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7bf67b32709d828fafa26256b4c78331760c6e93 (5.51)
CVE-2019-8920 (iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. ...)
NOT-FOR-US: XAMPP
CVE-2019-8919 (The seadroid (aka Seafile Android Client) application through 2.2.13 f ...)
@@ -32446,14 +33351,14 @@ CVE-2019-8903 (index.js in Total.js Platform before 3.2.3 allows path traversal.
NOT-FOR-US: Total.js Platform
CVE-2019-8902 (An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vuln ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2019-8901
- RESERVED
+CVE-2019-8901 (This issue was addressed by verifying host keys when connecting to a p ...)
+ NOT-FOR-US: Apple
CVE-2019-8900
RESERVED
CVE-2019-8899
RESERVED
-CVE-2019-8898
- RESERVED
+CVE-2019-8898 (An information disclosure issue existed in the handling of the Storage ...)
+ NOT-FOR-US: Apple
CVE-2019-8897
RESERVED
CVE-2019-8896
@@ -32532,32 +33437,31 @@ CVE-2019-8860
RESERVED
CVE-2019-8859
RESERVED
-CVE-2019-8858
- RESERVED
-CVE-2019-8857
- RESERVED
-CVE-2019-8856
- RESERVED
-CVE-2019-8855
- RESERVED
-CVE-2019-8854
- RESERVED
-CVE-2019-8853
- RESERVED
-CVE-2019-8852
- RESERVED
-CVE-2019-8851
- RESERVED
-CVE-2019-8850
- RESERVED
+CVE-2019-8858 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2019-8857 (The issue was addressed with improved validation when an iCloud Link i ...)
+ NOT-FOR-US: Apple
+CVE-2019-8856 (An API issue existed in the handling of outgoing phone calls initiated ...)
+ NOT-FOR-US: Apple
+CVE-2019-8855 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ NOT-FOR-US: Apple
+CVE-2019-8854 (A user privacy issue was addressed by removing the broadcast MAC addre ...)
+ NOT-FOR-US: Apple
+CVE-2019-8853 (A validation issue was addressed with improved input sanitization. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2019-8852 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2019-8851 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2019-8850 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
CVE-2019-8849 (The issue was addressed by signaling that an executable stack is not r ...)
NOT-FOR-US: Apple
-CVE-2019-8848
- RESERVED
-CVE-2019-8847
- RESERVED
-CVE-2019-8846
- RESERVED
+CVE-2019-8848 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2019-8847 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2019-8846 (A use after free issue was addressed with improved memory management. ...)
{DSA-4610-1}
- webkit2gtk 2.26.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -32565,8 +33469,7 @@ CVE-2019-8846
NOTE: https://webkitgtk.org/security/WSA-2020-0001.html
CVE-2019-8845
RESERVED
-CVE-2019-8844
- RESERVED
+CVE-2019-8844 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4610-1}
- webkit2gtk 2.26.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -32574,54 +33477,52 @@ CVE-2019-8844
NOTE: https://webkitgtk.org/security/WSA-2020-0001.html
CVE-2019-8843
RESERVED
-CVE-2019-8842 [he `ippReadIO` function may under-read an extension field]
- RESERVED
+CVE-2019-8842 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ {DLA-2237-1}
- cups 2.3.1-12
[buster] - cups 2.2.10-6+deb10u3
- [stretch] - cups <no-dsa> (Minor issue)
- [jessie] - cups <no-dsa> (Minor issue)
+ [stretch] - cups 2.2.1-8+deb9u6
NOTE: https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444 (cups/ipp.c: ippReadIO)
-CVE-2019-8841
- RESERVED
-CVE-2019-8840
- RESERVED
-CVE-2019-8839
- RESERVED
-CVE-2019-8838
- RESERVED
-CVE-2019-8837
- RESERVED
-CVE-2019-8836
- RESERVED
-CVE-2019-8835
- RESERVED
+CVE-2019-8841 (An information disclosure issue was addressed by removing the vulnerab ...)
+ NOT-FOR-US: Apple
+CVE-2019-8840 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2019-8839 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2019-8838 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2019-8837 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2019-8836 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2019-8835 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4610-1}
- webkit2gtk 2.26.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2020-0001.html
-CVE-2019-8834
- RESERVED
-CVE-2019-8833
- RESERVED
-CVE-2019-8832
- RESERVED
-CVE-2019-8831
- RESERVED
-CVE-2019-8830
- RESERVED
-CVE-2019-8829
- RESERVED
-CVE-2019-8828
- RESERVED
-CVE-2019-8827
- RESERVED
-CVE-2019-8826
- RESERVED
-CVE-2019-8825
- RESERVED
-CVE-2019-8824
- RESERVED
+CVE-2019-8834 (A configuration issue was addressed with additional restrictions. This ...)
+ NOT-FOR-US: Apple
+CVE-2019-8833 (A memory corruption issue was addressed by removing the vulnerable cod ...)
+ NOT-FOR-US: Apple
+CVE-2019-8832 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2019-8831 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2019-8830 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2019-8829 (A memory corruption vulnerability was addressed with improved locking. ...)
+ NOT-FOR-US: Apple
+CVE-2019-8828 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2019-8827 (The HTTP referrer header may be used to leak browsing history. The iss ...)
+ NOT-FOR-US: Apple
+CVE-2019-8826 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2019-8825 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2019-8824 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
CVE-2019-8823 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4558-1}
- webkit2gtk 2.26.1-1
@@ -32694,8 +33595,8 @@ CVE-2019-8811 (Multiple memory corruption issues were addressed with improved me
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8810
RESERVED
-CVE-2019-8809
- RESERVED
+CVE-2019-8809 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
CVE-2019-8808 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4558-1}
- webkit2gtk 2.26.0-1
@@ -32718,14 +33619,14 @@ CVE-2019-8801 (A dynamic library loading issue existed in iTunes setup. This was
NOT-FOR-US: Apple
CVE-2019-8800 (A memory corruption issue was addressed with improved validation. This ...)
NOT-FOR-US: Apple
-CVE-2019-8799
- RESERVED
+CVE-2019-8799 (This issue was resolved by replacing device names with a random identi ...)
+ NOT-FOR-US: Apple
CVE-2019-8798 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2019-8797 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
-CVE-2019-8796
- RESERVED
+CVE-2019-8796 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
CVE-2019-8795 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2019-8794 (A validation issue was addressed with improved input sanitization. Thi ...)
@@ -32736,8 +33637,8 @@ CVE-2019-8792 (An injection issue was addressed with improved validation. This i
NOT-FOR-US: Shazam Android App
CVE-2019-8791 (An issue existed in the parsing of URL schemes. This issue was address ...)
NOT-FOR-US: Shazam Android App
-CVE-2019-8790
- RESERVED
+CVE-2019-8790 (This issue was addresses by updating incorrect URLSession file descrip ...)
+ NOT-FOR-US: Apple
CVE-2019-8789 (A validation issue existed in the handling of symlinks. This issue was ...)
NOT-FOR-US: Apple
CVE-2019-8788 (An issue existed in the parsing of URLs. This issue was addressed with ...)
@@ -32764,26 +33665,25 @@ CVE-2019-8782 (Multiple memory corruption issues were addressed with improved me
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
CVE-2019-8781 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
-CVE-2019-8780
- RESERVED
+CVE-2019-8780 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
CVE-2019-8779 (A logic issue applied the incorrect restrictions. This issue was addre ...)
NOT-FOR-US: Apple
CVE-2019-8778
RESERVED
-CVE-2019-8777
- RESERVED
-CVE-2019-8776
- RESERVED
+CVE-2019-8777 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2019-8776 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
CVE-2019-8775 (The issue was addressed by restricting options offered on a locked dev ...)
NOT-FOR-US: Apple
-CVE-2019-8774
- RESERVED
-CVE-2019-8773
- RESERVED
+CVE-2019-8774 (A resource exhaustion issue was addressed with improved input validati ...)
+ NOT-FOR-US: Apple
+CVE-2019-8773 (Multiple memory corruption issues were addressed with improved memory ...)
+ NOT-FOR-US: Apple
CVE-2019-8772 (An issue existed in the handling of links in encrypted PDFs. This issu ...)
NOT-FOR-US: Apple
-CVE-2019-8771
- RESERVED
+CVE-2019-8771 (This issue was addressed with improved iframe sandbox enforcement. Thi ...)
{DSA-4558-1}
- webkit2gtk 2.26.0-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -32802,8 +33702,8 @@ CVE-2019-8768 ("Clear History and Website Data" did not clear the history. The i
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
-CVE-2019-8767
- RESERVED
+CVE-2019-8767 (A memory consumption issue was addressed with improved memory handling ...)
+ NOT-FOR-US: Apple
CVE-2019-8766 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4558-1}
- webkit2gtk 2.26.0-1
@@ -32828,44 +33728,44 @@ CVE-2019-8763 (Multiple memory corruption issues were addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
-CVE-2019-8762
- RESERVED
-CVE-2019-8761
- RESERVED
+CVE-2019-8762 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2019-8761 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
CVE-2019-8760 (This issue was addressed by improving Face ID machine learning models. ...)
NOT-FOR-US: Apple
-CVE-2019-8759
- RESERVED
+CVE-2019-8759 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
CVE-2019-8758 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2019-8757 (A race condition existed when reading and writing user preferences. Th ...)
NOT-FOR-US: Apple
-CVE-2019-8756
- RESERVED
+CVE-2019-8756 (Multiple memory corruption issues were addressed with improved input v ...)
+ NOT-FOR-US: Apple
CVE-2019-8755 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
-CVE-2019-8754
- RESERVED
-CVE-2019-8753
- RESERVED
-CVE-2019-8752
- RESERVED
-CVE-2019-8751
- RESERVED
+CVE-2019-8754 (A cross-origin issue existed with "iframe" elements. This was addresse ...)
+ NOT-FOR-US: Apple
+CVE-2019-8753 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2019-8752 (Multiple memory corruption issues were addressed with improved memory ...)
+ NOT-FOR-US: Apple
+CVE-2019-8751 (Multiple memory corruption issues were addressed with improved memory ...)
+ NOT-FOR-US: Apple
CVE-2019-8750 (Multiple memory corruption issues were addressed with improved input v ...)
NOT-FOR-US: Apple
-CVE-2019-8749
- RESERVED
+CVE-2019-8749 (Multiple memory corruption issues were addressed with improved input v ...)
+ NOT-FOR-US: Apple
CVE-2019-8748 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2019-8747 (A memory corruption vulnerability was addressed with improved locking. ...)
NOT-FOR-US: Apple
-CVE-2019-8746
- RESERVED
+CVE-2019-8746 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
CVE-2019-8745 (A buffer overflow was addressed with improved bounds checking. This is ...)
NOT-FOR-US: Apple
-CVE-2019-8744
- RESERVED
+CVE-2019-8744 (A memory corruption issue existed in the handling of IPv6 packets. Thi ...)
+ NOT-FOR-US: Apple
CVE-2019-8743 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4558-1}
- webkit2gtk 2.26.0-1
@@ -32876,39 +33776,39 @@ CVE-2019-8742 (The issue was addressed by restricting options offered on a locke
NOT-FOR-US: Apple
CVE-2019-8741 (A denial of service issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
-CVE-2019-8740
- RESERVED
+CVE-2019-8740 (A memory corruption vulnerability was addressed with improved locking. ...)
+ NOT-FOR-US: Apple
CVE-2019-8739 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
CVE-2019-8738 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
-CVE-2019-8737
- RESERVED
-CVE-2019-8736
- RESERVED
+CVE-2019-8737 (A denial of service issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2019-8736 (An input validation issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
CVE-2019-8735 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.2-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
-CVE-2019-8734
- RESERVED
+CVE-2019-8734 (Multiple memory corruption issues were addressed with improved memory ...)
+ NOT-FOR-US: Apple
CVE-2019-8733 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4515-1}
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
-CVE-2019-8732
- RESERVED
+CVE-2019-8732 (The issue was addressed with improved data deletion. This issue is fix ...)
+ NOT-FOR-US: Apple
CVE-2019-8731 (A permissions issue existed in which execute permission was incorrectl ...)
NOT-FOR-US: Apple
CVE-2019-8730 (The contents of locked notes sometimes appeared in search results. Thi ...)
NOT-FOR-US: Apple
CVE-2019-8729
RESERVED
-CVE-2019-8728
- RESERVED
+CVE-2019-8728 (Multiple memory corruption issues were addressed with improved memory ...)
+ NOT-FOR-US: Apple
CVE-2019-8727 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2019-8726 (Multiple memory corruption issues were addressed with improved memory ...)
@@ -32939,20 +33839,20 @@ CVE-2019-8719 (A logic issue was addressed with improved state management. This
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
-CVE-2019-8718
- RESERVED
+CVE-2019-8718 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
CVE-2019-8717 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
-CVE-2019-8716
- RESERVED
-CVE-2019-8715
- RESERVED
+CVE-2019-8716 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2019-8715 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
CVE-2019-8714
RESERVED
CVE-2019-8713
RESERVED
-CVE-2019-8712
- RESERVED
+CVE-2019-8712 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
CVE-2019-8711 (A logic issue existed with the display of notification previews. This ...)
NOT-FOR-US: Apple
CVE-2019-8710 (Multiple memory corruption issues were addressed with improved memory ...)
@@ -32961,26 +33861,26 @@ CVE-2019-8710 (Multiple memory corruption issues were addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0006.html
-CVE-2019-8709
- RESERVED
-CVE-2019-8708
- RESERVED
+CVE-2019-8709 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2019-8708 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
CVE-2019-8707 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4515-1}
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
-CVE-2019-8706
- RESERVED
+CVE-2019-8706 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
CVE-2019-8705 (A memory corruption issue was addressed with improved validation. This ...)
NOT-FOR-US: Apple
CVE-2019-8704 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
-CVE-2019-8703
- RESERVED
-CVE-2019-8702
- RESERVED
+CVE-2019-8703 (This issue was addressed with improved entitlements. This issue is fix ...)
+ NOT-FOR-US: Apple
+CVE-2019-8702 (This issue was addressed with a new entitlement. This issue is fixed i ...)
+ NOT-FOR-US: Apple
CVE-2019-8701 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2019-8700
@@ -32991,8 +33891,7 @@ CVE-2019-8698 (A validation issue existed in the entitlement verification. This
NOT-FOR-US: Apple
CVE-2019-8697 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
-CVE-2019-8696 [stack-buffer-overflow in libcups's asn1_get_packed function]
- RESERVED
+CVE-2019-8696 (A buffer overflow issue was addressed with improved memory handling. T ...)
{DLA-1893-1}
- cups 2.2.12-1 (bug #934957)
[buster] - cups 2.2.10-6+deb10u1
@@ -33090,8 +33989,7 @@ CVE-2019-8676 (Multiple memory corruption issues were addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
-CVE-2019-8675 [stack-buffer-overflow in libcups's asn1_get_type function]
- RESERVED
+CVE-2019-8675 (A buffer overflow issue was addressed with improved memory handling. T ...)
{DLA-1893-1}
- cups 2.2.12-1 (bug #934957)
[buster] - cups 2.2.10-6+deb10u1
@@ -33129,8 +34027,8 @@ CVE-2019-8669 (Multiple memory corruption issues were addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
-CVE-2019-8668
- RESERVED
+CVE-2019-8668 (A denial of service issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
CVE-2019-8667 (An inconsistent user interface issue was addressed with improved state ...)
NOT-FOR-US: Apple
CVE-2019-8666 (Multiple memory corruption issues were addressed with improved memory ...)
@@ -33141,8 +34039,8 @@ CVE-2019-8666 (Multiple memory corruption issues were addressed with improved me
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8665 (A denial of service issue was addressed with improved validation. This ...)
NOT-FOR-US: Apple
-CVE-2019-8664
- RESERVED
+CVE-2019-8664 (An input validation issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
CVE-2019-8663 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2019-8662 (This issue was addressed with improved checks. This issue is fixed in ...)
@@ -33161,8 +34059,8 @@ CVE-2019-8658 (A logic issue was addressed with improved state management. This
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
CVE-2019-8657 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
-CVE-2019-8656
- RESERVED
+CVE-2019-8656 (This was addressed with additional checks by Gatekeeper on files mount ...)
+ NOT-FOR-US: Apple
CVE-2019-8655
RESERVED
CVE-2019-8654 (An inconsistent user interface issue was addressed with improved state ...)
@@ -33187,26 +34085,26 @@ CVE-2019-8647 (A use after free issue was addressed with improved memory managem
NOT-FOR-US: Apple
CVE-2019-8646 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
-CVE-2019-8645
- RESERVED
+CVE-2019-8645 (An issue existed in the handling of encrypted Mail. This issue was add ...)
+ NOT-FOR-US: Apple
CVE-2019-8644 (Multiple memory corruption issues were addressed with improved memory ...)
{DSA-4515-1}
- webkit2gtk 2.24.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0004.html
-CVE-2019-8643
- RESERVED
-CVE-2019-8642
- RESERVED
+CVE-2019-8643 (CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Moja ...)
+ NOT-FOR-US: Apple
+CVE-2019-8642 (An issue existed in the handling of S-MIME certificates. This issue wa ...)
+ NOT-FOR-US: Apple
CVE-2019-8641 (An out-of-bounds read was addressed with improved input validation. ...)
NOT-FOR-US: Apple
-CVE-2019-8640
- RESERVED
-CVE-2019-8639
- RESERVED
-CVE-2019-8638
- RESERVED
+CVE-2019-8640 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2019-8639 (Multiple memory corruption issues were addressed with improved memory ...)
+ NOT-FOR-US: Apple
+CVE-2019-8638 (Multiple memory corruption issues were addressed with improved memory ...)
+ NOT-FOR-US: Apple
CVE-2019-8637 (An input validation issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2019-8636
@@ -33215,12 +34113,12 @@ CVE-2019-8635 (A memory corruption issue was addressed with improved memory hand
NOT-FOR-US: Apple
CVE-2019-8634 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
-CVE-2019-8633
- RESERVED
+CVE-2019-8633 (A validation issue was addressed with improved input sanitization. Thi ...)
+ NOT-FOR-US: Apple
CVE-2019-8632 (Some analytics data was sent using HTTP rather than HTTPS. This was ad ...)
NOT-FOR-US: Apple
-CVE-2019-8631
- RESERVED
+CVE-2019-8631 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
CVE-2019-8630 (The issue was addressed with improved UI handling. This issue is fixed ...)
NOT-FOR-US: Apple
CVE-2019-8629 (A memory initialization issue was addressed with improved memory handl ...)
@@ -33258,8 +34156,8 @@ CVE-2019-8619 (Multiple memory corruption issues were addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
-CVE-2019-8618
- RESERVED
+CVE-2019-8618 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
CVE-2019-8617 (An access issue was addressed with additional sandbox restrictions. Th ...)
NOT-FOR-US: Apple
CVE-2019-8616 (A memory corruption issue was addressed with improved memory handling. ...)
@@ -33272,8 +34170,8 @@ CVE-2019-8614
RESERVED
CVE-2019-8613 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
-CVE-2019-8612
- RESERVED
+CVE-2019-8612 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
CVE-2019-8611 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -33340,16 +34238,16 @@ CVE-2019-8594 (Multiple memory corruption issues were addressed with improved me
NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
CVE-2019-8593 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
-CVE-2019-8592
- RESERVED
+CVE-2019-8592 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
CVE-2019-8591 (A type confusion issue was addressed with improved memory handling. Th ...)
NOT-FOR-US: Apple
CVE-2019-8590 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
CVE-2019-8589 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2019-8588
- RESERVED
+CVE-2019-8588 (A null pointer dereference was addressed with improved input validatio ...)
+ NOT-FOR-US: Apple
CVE-2019-8587 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -33372,37 +34270,37 @@ CVE-2019-8583 (Multiple memory corruption issues were addressed with improved me
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
-CVE-2019-8582
- RESERVED
-CVE-2019-8581
- RESERVED
-CVE-2019-8580
- RESERVED
-CVE-2019-8579
- RESERVED
-CVE-2019-8578
- RESERVED
+CVE-2019-8582 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2019-8581 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2019-8580 (Source-routed IPv4 packets were disabled by default. This issue is fix ...)
+ NOT-FOR-US: Apple
+CVE-2019-8579 (An input validation issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2019-8578 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
CVE-2019-8577 (An input validation issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2019-8576 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
-CVE-2019-8575
- RESERVED
+CVE-2019-8575 (The issue was addressed with improved data deletion. This issue is fix ...)
+ NOT-FOR-US: Apple
CVE-2019-8574 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
-CVE-2019-8573
- RESERVED
-CVE-2019-8572
- RESERVED
+CVE-2019-8573 (An input validation issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2019-8572 (A null pointer dereference was addressed with improved input validatio ...)
+ NOT-FOR-US: Apple
CVE-2019-8571 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0003.html
-CVE-2019-8570
- RESERVED
-CVE-2019-8569
- RESERVED
+CVE-2019-8570 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2019-8569 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
CVE-2019-8568 (A validation issue existed in the handling of symlinks. This issue was ...)
NOT-FOR-US: Apple
CVE-2019-8567 (A user privacy issue was addressed by removing the broadcast MAC addre ...)
@@ -33411,8 +34309,8 @@ CVE-2019-8566 (An API issue existed in the handling of microphone data. This iss
NOT-FOR-US: Apple
CVE-2019-8565 (A race condition was addressed with additional validation. This issue ...)
NOT-FOR-US: Apple
-CVE-2019-8564
- RESERVED
+CVE-2019-8564 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
CVE-2019-8563 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -33457,8 +34355,8 @@ CVE-2019-8549 (Multiple input validation issues existed in MIG generated code. T
NOT-FOR-US: Apple
CVE-2019-8548 (An issue existed where partially entered passcodes may not clear when ...)
NOT-FOR-US: Apple
-CVE-2019-8547
- RESERVED
+CVE-2019-8547 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
+ NOT-FOR-US: Apple
CVE-2019-8546 (An access issue was addressed with additional sandbox restrictions. Th ...)
NOT-FOR-US: Apple
CVE-2019-8545 (A memory corruption issue was addressed with improved state management ...)
@@ -33476,10 +34374,10 @@ CVE-2019-8541 (A privacy issue existed in motion sensor calibration. This issue
NOT-FOR-US: Apple
CVE-2019-8540 (A memory initialization issue was addressed with improved memory handl ...)
NOT-FOR-US: Apple
-CVE-2019-8539
- RESERVED
-CVE-2019-8538
- RESERVED
+CVE-2019-8539 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
+CVE-2019-8538 (A denial of service issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
CVE-2019-8537 (An access issue was addressed with improved memory management. This is ...)
NOT-FOR-US: Apple
CVE-2019-8536 (A memory corruption issue was addressed with improved memory handling. ...)
@@ -33492,26 +34390,26 @@ CVE-2019-8535 (A memory corruption issue was addressed with improved state manag
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
-CVE-2019-8534
- RESERVED
+CVE-2019-8534 (A logic issue existed resulting in memory corruption. This was address ...)
+ NOT-FOR-US: Apple
CVE-2019-8533 (A lock handling issue was addressed with improved lock handling. This ...)
NOT-FOR-US: Apple
-CVE-2019-8532
- RESERVED
-CVE-2019-8531
- RESERVED
+CVE-2019-8532 (A permissions issue was addressed by removing vulnerable code and addi ...)
+ NOT-FOR-US: Apple
+CVE-2019-8531 (A validation issue existed in Trust Anchor Management. This issue was ...)
+ NOT-FOR-US: Apple
CVE-2019-8530 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2019-8529 (A memory corruption issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
-CVE-2019-8528
- RESERVED
+CVE-2019-8528 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
CVE-2019-8527 (A buffer overflow was addressed with improved size validation. This is ...)
NOT-FOR-US: Apple
CVE-2019-8526 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
-CVE-2019-8525
- RESERVED
+CVE-2019-8525 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
CVE-2019-8524 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -33554,8 +34452,8 @@ CVE-2019-8511 (A buffer overflow issue was addressed with improved memory handli
NOT-FOR-US: Apple
CVE-2019-8510 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
NOT-FOR-US: Apple
-CVE-2019-8509
- RESERVED
+CVE-2019-8509 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ NOT-FOR-US: Apple
CVE-2019-8508 (A buffer overflow was addressed with improved bounds checking. This is ...)
NOT-FOR-US: Apple
CVE-2019-8507 (Multiple memory corruption issues were addressed with improved input v ...)
@@ -33730,19 +34628,32 @@ CVE-2019-8431
CVE-2019-8430
RESERVED
CVE-2019-8429 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php fil ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder <unfixed> (unimportant; bug #922724)
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-8428 (ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
+ NOTE: https://github.com/ZoneMinder/zoneminder/pull/2422
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/c0a6e54d60d3a8f297cc5f2ef6a862f6f00d746e
CVE-2019-8427 (daemonControl in includes/functions.php in ZoneMinder before 1.32.3 al ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder <unfixed> (unimportant; bug #922724)
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-8426 (skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/34e2e4799364639483f93cff70204618b834f7a2
+ NOTE: https://github.com/ZoneMinder/zoneminder/pull/2423
CVE-2019-8425 (includes/database.php in ZoneMinder before 1.32.3 has XSS in the const ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder <unfixed> (unimportant; bug #922724)
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-8424 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sor ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/02fd1e79b3bfa5b2e2087cb1255f9dbd921ccae8
+ NOTE: https://github.com/ZoneMinder/zoneminder/pull/2421
CVE-2019-8423 (ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/view ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder <unfixed> (unimportant; bug #922724)
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-8422 (A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the descri ...)
NOT-FOR-US: PbootCMS
CVE-2019-8421 (upload/protected/modules/admini/views/post/index.php in BageCMS throug ...)
@@ -33796,16 +34707,19 @@ CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There is
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul6
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10710
CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
- - hdf5 <unfixed>
+ - hdf5 <unfixed> (unimportant)
[buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <ignored> (Minor issue)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul5
NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10711
+ NOTE: Negligible security impact, malicous scientific data has more issues than a crash
CVE-2019-8396 (A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ...)
- hdf5 <undetermined>
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul4
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10712
+ NOTE: HDFFV-10712 is marked to be closed in a future 1.10.8 upstream release.
+ NOTE: Upstream fix was made in May 2021 after the 1.12.0 release (Mar 2020)
CVE-2019-8395 (An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoh ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2019-8394 (Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allow ...)
@@ -33831,8 +34745,8 @@ CVE-2019-8385 (An issue was discovered in Thomson Reuters Desktop Extensions 1.9
CVE-2019-8384
RESERVED
CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid memory ...)
+ {DLA-2868-1}
- advancecomp 2.1-2.1 (bug #928730)
- [stretch] - advancecomp <no-dsa> (Minor issue)
[jessie] - advancecomp <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/advancemame/bugs/272/
NOTE: https://github.com/amadvance/advancecomp/commit/78a56b21340157775be2462a19276b4d31d2bd01
@@ -33845,8 +34759,8 @@ CVE-2019-8381 (An issue was discovered in Tcpreplay 4.3.1. An invalid memory acc
CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereferenc ...)
NOT-FOR-US: Bento4
CVE-2019-8379 (An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer der ...)
+ {DLA-2868-1}
- advancecomp 2.1-2.1 (bug #928729)
- [stretch] - advancecomp <no-dsa> (Minor issue)
[jessie] - advancecomp <ignored> (Minor issue)
NOTE: https://sourceforge.net/p/advancemame/bugs/271/
NOTE: https://github.com/amadvance/advancecomp/commit/7894a6e684ce68ddff9f4f4919ab8e3911ac8040
@@ -33991,62 +34905,62 @@ CVE-2019-8327
CVE-2019-8326
RESERVED
CVE-2019-8325 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...)
- {DSA-4433-1 DLA-1796-1 DLA-1735-1}
+ {DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8324 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ...)
- {DSA-4433-1 DLA-1796-1 DLA-1735-1}
+ {DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8323 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem:: ...)
- {DSA-4433-1 DLA-1796-1 DLA-1735-1}
+ {DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8322 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. The g ...)
- {DSA-4433-1 DLA-1796-1 DLA-1735-1}
+ {DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8321 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...)
- {DSA-4433-1 DLA-1796-1}
+ {DSA-4433-1 DLA-2330-1 DLA-1796-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
[jessie] - ruby2.1 <not-affected> (Vulnerable code introduced later)
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b
CVE-2019-8320 (A Directory Traversal issue was discovered in RubyGems 2.7.6 and later ...)
- {DSA-4433-1 DLA-1735-1}
+ {DSA-4433-1 DLA-2330-1 DLA-1735-1}
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems 3.2.0~rc.1-1
- jruby 9.1.17.0-3 (bug #925987)
[jessie] - jruby <not-affected> (Vulnerable code introduced later)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
@@ -34190,7 +35104,7 @@ CVE-2019-8259 (UltraVNC revision 1198 contains multiple memory leaks (CWE-655) i
NOT-FOR-US: UltraVNC
CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC ...)
NOT-FOR-US: UltraVNC
-CVE-2019-8257 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8257 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure inherited pe ...)
NOT-FOR-US: ColdFusion
@@ -34200,14 +35114,14 @@ CVE-2019-8254 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.
NOT-FOR-US: Adobe
CVE-2019-8253 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 hav ...)
NOT-FOR-US: Adobe
-CVE-2019-8252
- RESERVED
-CVE-2019-8251
- RESERVED
-CVE-2019-8250
- RESERVED
-CVE-2019-8249
- RESERVED
+CVE-2019-8252 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
+ NOT-FOR-US: Adobe
+CVE-2019-8251 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
+ NOT-FOR-US: Adobe
+CVE-2019-8250 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
+ NOT-FOR-US: Adobe
+CVE-2019-8249 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
+ NOT-FOR-US: Adobe
CVE-2019-8248 (Adobe Illustrator CC versions 23.1 and earlier have a memory corruptio ...)
NOT-FOR-US: Adobe
CVE-2019-8247 (Adobe Illustrator CC versions 23.1 and earlier have a memory corruptio ...)
@@ -34230,7 +35144,7 @@ CVE-2019-8239 (Adobe Bridge CC versions 9.1 and earlier have a memory corruption
NOT-FOR-US: Adobe
CVE-2019-8238 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010 ...)
NOT-FOR-US: Adobe
-CVE-2019-8237 (Adobe Acrobat and Reader versions 2019.012.20034 and earlier; 2019.012 ...)
+CVE-2019-8237 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
CVE-2019-8236 (Creative Cloud Desktop Application version 4.6.1 and earlier versions ...)
NOT-FOR-US: Adobe
@@ -34492,31 +35406,31 @@ CVE-2019-8108 (Insecure authentication and session management vulnerability exis
NOT-FOR-US: Magento
CVE-2019-8107 (An arbitrary file deletion vulnerability exists in Magento 2.2 prior t ...)
NOT-FOR-US: Magento
-CVE-2019-8106 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8106 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8105 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8105 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8104 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8104 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8103 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8103 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8102 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8102 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8101 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8101 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8100 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8100 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8099 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8099 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8098 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8098 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8097 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8097 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8096 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8096 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8095 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8095 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8094 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8094 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
CVE-2019-8093 (An arbitrary file access vulnerability exists in Magento 2.2 prior to ...)
NOT-FOR-US: Magento
@@ -34550,7 +35464,7 @@ CVE-2019-8079 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 hav
NOT-FOR-US: Adobe
CVE-2019-8078 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cr ...)
NOT-FOR-US: Adobe
-CVE-2019-8077 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8077 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
CVE-2019-8076 (Adobe application manager installer version 10.0 have an Insecure Libr ...)
NOT-FOR-US: Adobe
@@ -34572,8 +35486,8 @@ CVE-2019-8068
RESERVED
CVE-2019-8067
RESERVED
-CVE-2019-8066
- RESERVED
+CVE-2019-8066 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
+ NOT-FOR-US: Adobe
CVE-2019-8065
RESERVED
CVE-2019-8064 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...)
@@ -34582,125 +35496,125 @@ CVE-2019-8063 (Creative Cloud Desktop Application 4.6.1 and earlier versions hav
NOT-FOR-US: Creative Cloud Desktop Application
CVE-2019-8062 (Adobe After Effects versions 16 and earlier have an insecure library l ...)
NOT-FOR-US: Adobe
-CVE-2019-8061 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8061 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8060 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8060 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8059 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8059 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8058 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8058 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8057 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8057 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8056 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8056 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8055 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8055 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8054 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8054 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8053 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8053 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8052 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8052 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8051 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8051 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8050 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8050 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8049 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8049 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8048 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8048 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8047 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8047 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8046 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8046 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8045 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8045 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8044 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8044 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8043 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8043 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8042 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8042 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8041 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8041 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8040 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8040 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8039 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8039 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8038 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8038 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8037 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8037 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8036 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8036 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8035 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8035 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8034 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8034 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8033 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8033 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8032 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8032 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8031 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8031 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8030 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8030 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8029 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8029 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8028 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8028 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8027 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8027 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8026 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8026 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8025 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8025 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8024 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8024 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8023 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8023 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8022 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8022 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8021 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8021 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8020 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8020 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8019 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8019 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8018 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8018 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8017 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8017 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8016 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8016 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8015 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8015 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8014 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8014 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8013 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8013 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8012 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8012 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8011 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8011 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8010 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8010 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8009 (Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.01 ...)
+CVE-2019-8009 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8008 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8008 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8007 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8007 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8006 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8006 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8005 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8005 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8004 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8004 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8003 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8003 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
-CVE-2019-8002 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-8002 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
CVE-2019-8001 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...)
NOT-FOR-US: Adobe
@@ -34774,7 +35688,7 @@ CVE-2019-7967
RESERVED
CVE-2019-7966
RESERVED
-CVE-2019-7965 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...)
+CVE-2019-7965 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...)
NOT-FOR-US: Adobe
CVE-2019-7964 (Adobe Experience Manager versions 6.5, and 6.4 have an authentication ...)
NOT-FOR-US: Adobe Experience Manager
@@ -35247,7 +36161,7 @@ CVE-2019-7733 (In Live555 0.95, there is a buffer overflow via a large integer i
NOTE: https://github.com/rgaufman/live555/issues/21
NOTE: fixed in 2019.05.12: http://www.live555.com/liveMedia/public/changelog.txt
CVE-2019-7732 (In Live555 0.95, a setup packet can cause a memory leak leading to DoS ...)
- - liblivemedia <unfixed> (unimportant)
+ - liblivemedia <removed> (unimportant)
[stretch] - liblivemedia <no-dsa> (Minor issue)
[jessie] - liblivemedia <no-dsa> (Minor issue, unlikely to be exploited in practice)
NOTE: https://github.com/rgaufman/live555/issues/20
@@ -35262,10 +36176,10 @@ CVE-2019-7728 (An issue was discovered in the Bosch Smart Camera App before 1.3.
NOT-FOR-US: Bosch Smart Camera App
CVE-2019-7727 (In NICE Engage through 6.5, the default configuration binds an unauthe ...)
NOT-FOR-US: NICE Engage
-CVE-2019-7726
- RESERVED
-CVE-2019-7725
- RESERVED
+CVE-2019-7726 (modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL IN ...)
+ NOT-FOR-US: NukeViet
+CVE-2019-7725 (includes/core/is_user.php in NukeViet before 4.3.04 deserializes the u ...)
+ NOT-FOR-US: NukeViet
CVE-2019-7724
RESERVED
CVE-2019-7723
@@ -35394,15 +36308,14 @@ CVE-2019-7667 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application
CVE-2019-7666 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application allo ...)
NOT-FOR-US: Prima Systems FlexAir devices
CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...)
- {DLA-1689-1}
+ {DLA-2802-1 DLA-1689-1}
- elfutils 0.176-1 (low; bug #921880)
- [stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24089
NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=de01cc6f9446187d69b9748bb3636361c79e77a4
CVE-2019-7664 (In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_not ...)
- elfutils 0.176-1 (low; bug #921881)
- [stretch] - elfutils <no-dsa> (Minor issue)
+ [stretch] - elfutils <not-affected> (Vulnerable code introduced later)
[jessie] - elfutils <not-affected> (Vulnerable code introduced later)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24084
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=e65d91d21cb09d83b001fef9435e576ba447db32
@@ -35432,11 +36345,11 @@ CVE-2019-7658
RESERVED
CVE-2019-7657
RESERVED
-CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 a ...)
+CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 a ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2019-7655 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authentic ...)
+CVE-2019-7655 (Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated X ...)
NOT-FOR-US: Wowza Streaming Engine
-CVE-2019-7654 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vuln ...)
+CVE-2019-7654 (Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vu ...)
NOT-FOR-US: Wowza Streaming Engine
CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in Cortex- ...)
NOT-FOR-US: TheHive Project UnshortenLink analyzer
@@ -35445,9 +36358,8 @@ CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows
CVE-2019-7650
RESERVED
CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CL ...)
- {DLA-1717-1}
+ {DLA-2861-1 DLA-1717-1}
- rdflib 4.2.2-2 (low; bug #921751)
- [stretch] - rdflib <no-dsa> (Minor issue)
NOTE: Debian specific issue as respective scripts are overwritten in Debian
NOTE: packaging as wrappers invoking python -m.
CVE-2019-7649 (global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies ...)
@@ -35473,23 +36385,19 @@ CVE-2019-7640
CVE-2019-7639 (An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If P ...)
NOT-FOR-US: gsi-openssh-server (OpenSSH patched with openssh-7.9p1-gsissh.patch)
CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
[buster] - libsdl2 <no-dsa> (Minor issue)
- [stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4500
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2803-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.6+dfsg1-4 (bug #924610)
- [stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4497
NOTE: https://hg.libsdl.org/SDL/rev/9b0e5c555c0f (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/32075e9e2135 (SDL-1.2)
@@ -35498,24 +36406,20 @@ CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0 (SDL-2)
NOTE: For SDL-2 the fix for CVE-2017-2888 fixes as well CVE-2019-7637.
CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
[buster] - libsdl2 <no-dsa> (Minor issue)
- [stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4499
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2)
CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2536-1 DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
[buster] - libsdl2 <no-dsa> (Minor issue)
- [stretch] - libsdl2 <no-dsa> (Minor issue)
- sdl-image1.2 1.2.12-11 (bug #932755)
[buster] - sdl-image1.2 1.2.12-10+deb10u1
[stretch] - sdl-image1.2 1.2.12-5+deb9u2
@@ -35648,34 +36552,29 @@ CVE-2019-7580 (ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary
CVE-2019-7579 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ...)
NOT-FOR-US: Linksys
CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
[buster] - libsdl2 <no-dsa> (Minor issue)
- [stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4494
NOTE: https://hg.libsdl.org/SDL/rev/388987dff7bf (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/f9a9d6c76b21 (SDL-2)
CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
[buster] - libsdl2 <no-dsa> (Minor issue)
- [stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4492
NOTE: https://hg.libsdl.org/SDL/rev/faf9abbcfb5f (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/416136310b88 (SDL-1.2)
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
[buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
@@ -35683,22 +36582,19 @@ CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: Proposed patch: https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff
NOTE: very similar bug to CVE-2019-7573, fix for CVE-2019-7573 is applicable to this
CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
[buster] - libsdl2 <no-dsa> (Minor issue)
- [stretch] - libsdl2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4493
NOTE: https://hg.libsdl.org/SDL/rev/a936f9bd3e38 (SDL-1.2)
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
[buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
@@ -35707,10 +36603,9 @@ CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
[buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
@@ -35720,10 +36615,9 @@ CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0
NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available:
NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2)
CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...)
- {DLA-1714-1 DLA-1713-1}
+ {DLA-2804-1 DLA-1714-1 DLA-1713-1}
- libsdl1.2 1.2.15+dfsg2-5 (bug #924609)
[buster] - libsdl1.2 <no-dsa> (Minor issue)
- [stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 2.0.10+dfsg1-1 (bug #924610)
[buster] - libsdl2 <no-dsa> (Minor issue)
[stretch] - libsdl2 <no-dsa> (Minor issue)
@@ -35783,10 +36677,9 @@ CVE-2019-7549 (An issue was discovered in GitLab Community and Enterprise Editio
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-7548 (SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be ...)
- {DLA-1718-1}
+ {DLA-2811-1 DLA-1718-1}
[experimental] - sqlalchemy 1.3.0~b3+ds1-1
- sqlalchemy 1.2.18+ds1-2 (bug #922669)
- [stretch] - sqlalchemy <no-dsa> (Minor issue)
NOTE: https://github.com/sqlalchemy/sqlalchemy/issues/4481
NOTE: https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414
CVE-2019-7547 (An issue was discovered in SIDU 6.0. Because the database name is not ...)
@@ -36052,7 +36945,7 @@ CVE-2019-7443 (KDE KAuth before 5.55 allows the passing of parameters with arbit
[stretch] - kde4libs <ignored> (Minor issue)
[jessie] - kde4libs <no-dsa> (Minor issue)
NOTE: https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html
- NOTE: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
+ NOTE: https://github.com/KDE/kauth/commit/fc70fb0161c1b9144d26389434d34dd135cd3f4a
CVE-2019-7442 (An XML external entity (XXE) vulnerability in the Password Vault Web A ...)
NOT-FOR-US: CyberArk Enterprise Password Vault
CVE-2019-7441 (** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Chec ...)
@@ -36117,8 +37010,8 @@ CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandle
NOT-FOR-US: Wordpress plugin
CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher ...)
NOT-FOR-US: MyThemeShop Launcher plugin for WordPress
-CVE-2019-7410
- RESERVED
+CVE-2019-7410 (There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remo ...)
+ NOT-FOR-US: Galileo CMS
CVE-2019-7409 (Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign C ...)
NOT-FOR-US: ProfileDesign CMS
CVE-2019-7408
@@ -36142,19 +37035,24 @@ CVE-2019-7400 (Rukovoditel before 2.4.1 allows XSS. ...)
CVE-2019-7399 (Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack agains ...)
NOT-FOR-US: Amazon Fire OS
CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1453
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/20c360e14cd5d70b5bbd0b54afa241eae4aec45d
CVE-2019-7397 (In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, seve ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
- graphicsmagick 1.4~hg15896-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1454
CVE-2019-7396 (In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de2f4b1b89ce
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1452
CVE-2019-7395 (In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChanne ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1451
CVE-2019-7394 (A privilege escalation vulnerability in the administrative user interf ...)
@@ -36231,10 +37129,10 @@ CVE-2019-7359 (An exploitable heap overflow vulnerability in the AcCellMargin ha
NOT-FOR-US: Autodesk
CVE-2019-7358 (An exploitable heap overflow vulnerability in the DXF-parsing function ...)
NOT-FOR-US: Autodesk
-CVE-2019-7357
- RESERVED
-CVE-2019-7356
- RESERVED
+CVE-2019-7357 (Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can ...)
+ NOT-FOR-US: Subrion CMS
+CVE-2019-7356 (Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter. ...)
+ NOT-FOR-US: Subrion CMS
CVE-2019-1000024 (OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cro ...)
NOT-FOR-US: OPT/NET BV
CVE-2019-1000023 (OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) versio ...)
@@ -36258,7 +37156,7 @@ CVE-2019-1000019 (libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a7
NOTE: https://github.com/libarchive/libarchive/pull/1120
NOTE: https://github.com/libarchive/libarchive/commit/65a23f5dbee4497064e9bb467f81138a62b0dae1
CVE-2019-1000017 (Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect A ...)
- NOT-FOR-US: Chamilo Chamilo-lms
+ NOT-FOR-US: Chamilo LMS
CVE-2019-1000016 (FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array In ...)
- ffmpeg 7:4.1.1-1 (low; bug #922066)
[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -36266,9 +37164,10 @@ CVE-2019-1000016 (FFMPEG version 4.1 contains a CWE-129: Improper Validation of
- libav <removed>
[jessie] - libav <not-affected> (Vulnerable code not present)
CVE-2019-1000015 (Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site S ...)
- NOT-FOR-US: Chamilo Chamilo-lms
+ NOT-FOR-US: Chamilo LMS
CVE-2019-1000014 (Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracl ...)
- rebar <not-affected> (vulnerable code is not present)
+ - rebar3 <not-affected> (Fixed before initial upload to Debian)
NOTE: https://github.com/erlang/rebar3/pull/1986
CVE-2019-1000013 (Hex package manager hex_core version 0.3.0 and earlier contains a Sign ...)
NOT-FOR-US: Hex package manager
@@ -36306,89 +37205,143 @@ CVE-2019-7353 (An Incorrect Access Control issue was discovered in GitLab Commun
- gitlab <not-affected> (Only affects 11.7)
NOTE: https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/
CVE-2019-7352 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2475
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/effd609ff736e7853e9d39eed81ed029b9525159
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7351 (Log Injection exists in ZoneMinder through 1.32.3, as an attacker can ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder <unfixed> (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2466
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7350 (Session fixation exists in ZoneMinder through 1.32.3, as an attacker c ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder <unfixed> (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2471
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7349 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2465
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/cef54feaf9bf1374f0404bf525cdd322300882b5
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7348 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2467
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/9ce05a9a09de47868398a09e6c5259645b9ee73e
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7347 (A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMind ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2476
+ NOTE: https://github.com/ZoneMinder/zoneminder/pull/2487
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7346 (A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a C ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2469
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/dbc1c7b72f8cab5094a4a498a66ca2c0d3f29872
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7345 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2468
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/6af2c4ad0e288fae5702e96391657d173bba2297
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7344 (Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacke ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2455
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/70e59ed546474bf18b9af2040d0ed732dce835bc
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7343 (Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1. ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2464
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/9705edfe24ca429fb8c7c6cac9ef947e8410219a
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7342 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2461
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/dd37808ef790a77100845c2c3c3bb28d9038950f
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7341 (Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1. ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2463
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/ef0e5f453a4e60a5bdd6bc347e517a87182b6cad
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7340 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2462
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/bb75dad091bfa35af49467fede06adb972ed0545
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7339 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2460
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/c9d597dced27f7a826bac1c6fccd1003d8643064
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7338 (Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an att ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2454
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/7b0ee8a6a22576b66c341ee6f09668852769cbb6
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7337 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2456
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/fcbc22b6a27b2375327327c3d75995fe6a3cafd9
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7336 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2457
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/d7ede4643df3efd21d3cb8a758cfabf244f38b16
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7335 (Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an att ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2453
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/255806bd549392114af4306422cd23445e843259
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7334 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2443
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/02f09aad7f4ff50f1dd113c964f10d8e675da916
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7333 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2441
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/0b38e72f882aea7006dac01d3348f2465bcc8c09
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7332 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2442
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/61f6a92cc050f3db831f04c3c19f8f2d52cbe08e
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7331 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2451
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/254b7286b4d2654b95080a175c44195667e42ea8
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7330 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2448
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/b2a97ee190c6dc3e30b9c36b9c33c33348dde4d6
CVE-2019-7329 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2446
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/a97711de89d808edcec1b422b5c97645dbd9f501
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7328 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2449
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/b2a97ee190c6dc3e30b9c36b9c33c33348dde4d6
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7327 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2447
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/b2a97ee190c6dc3e30b9c36b9c33c33348dde4d6
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7326 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2452
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/fa6716a64b7481677b0d8d73d460200e60429410
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7325 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...)
- - zoneminder <unfixed> (bug #922724)
+ - zoneminder 1.34.6-1 (unimportant; bug #922724)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2450
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/99f1e23c5b115b46265ab78d57fd6548490c6802
+ NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone
CVE-2019-7324 (app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination ...)
- kanboard <itp> (bug #790814)
CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0 does not ...)
@@ -36398,8 +37351,8 @@ CVE-2019-7322
CVE-2019-7321 (Usage of an uninitialized variable in the function fz_load_jpeg in Art ...)
- mupdf <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700560
- NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;h=7d52765c5b8a5c76e459d148cd94dbaf51e562ec (1.15.0-rc1)
- NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=2be83b57e77938fddbb06bdffb11979ad89a9c7d (1.15.0-rc1)
+ NOTE: Introduced by: https://git.ghostscript.com/?p=mupdf.git;h=7d52765c5b8a5c76e459d148cd94dbaf51e562ec (1.15.0-rc1)
+ NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=2be83b57e77938fddbb06bdffb11979ad89a9c7d (1.15.0-rc1)
CVE-2019-7320
RESERVED
CVE-2019-7319 (An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When usin ...)
@@ -36441,9 +37394,8 @@ CVE-2019-7312 (Limited plaintext disclosure exists in PRIMX Zed Entreprise for W
CVE-2019-7311 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A ...)
NOT-FOR-US: Linksys
CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer si ...)
- {DLA-1706-1}
+ {DLA-2440-1 DLA-1706-1}
- poppler 0.71.0-4 (bug #921215)
- [stretch] - poppler <ignored> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/717
NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/172
@@ -36504,14 +37456,14 @@ CVE-2019-7292 (A validation issue was addressed with improved logic. This issue
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
NOTE: https://webkitgtk.org/security/WSA-2019-0002.html
-CVE-2019-7291
- RESERVED
+CVE-2019-7291 (A denial of service issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
CVE-2019-7290 (An access issue was addressed with additional sandbox restrictions. Th ...)
NOT-FOR-US: Shortcuts for iOS
CVE-2019-7289 (A parsing issue in the handling of directory paths was addressed with ...)
NOT-FOR-US: Shortcuts for iOS
-CVE-2019-7288
- RESERVED
+CVE-2019-7288 (The issue was addressed with improved validation on the FaceTime serve ...)
+ NOT-FOR-US: Apple
CVE-2019-7287 (A memory corruption issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2019-7286 (A memory corruption issue was addressed with improved input validation ...)
@@ -36593,12 +37545,12 @@ CVE-2019-7250 (An issue was discovered in the Cross Reference Add-on 36 for Goog
CVE-2019-7249 (In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susc ...)
NOT-FOR-US: Keybase on MacOS
CVE-2019-7283 (An issue was discovered in rcp in NetKit through 0.17. For an rcp oper ...)
+ {DLA-2822-1}
- netkit-rsh 0.17-20 (bug #920486)
- [stretch] - netkit-rsh <no-dsa> (Minor issue)
[jessie] - netkit-rsh <no-dsa> (Minor issue)
CVE-2019-7282 (In NetKit through 0.17, rcp.c in the rcp client allows remote rsh serv ...)
+ {DLA-2822-1}
- netkit-rsh 0.17-20 (bug #920486)
- [stretch] - netkit-rsh <no-dsa> (Minor issue)
[jessie] - netkit-rsh <no-dsa> (Minor issue)
CVE-2019-7248
RESERVED
@@ -36710,8 +37662,8 @@ CVE-2019-7200
RESERVED
CVE-2019-7199
RESERVED
-CVE-2019-7198
- RESERVED
+CVE-2019-7198 (This command injection vulnerability allows attackers to execute arbit ...)
+ NOT-FOR-US: QNAP
CVE-2019-7197 (A stored cross-site scripting (XSS) vulnerability has been reported to ...)
NOT-FOR-US: QNAP
CVE-2019-7196
@@ -36750,15 +37702,16 @@ CVE-2019-7180
RESERVED
CVE-2019-7179
RESERVED
-CVE-2019-7178
- RESERVED
-CVE-2019-7177
- RESERVED
+CVE-2019-7178 (Pexip Infinity before 20.1 allows privilege escalation by restoring a ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2019-7177 (Pexip Infinity before 20.1 allows Code Injection onto nodes via an adm ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2019-7176 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
CVE-2019-7175 (In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage ...)
- - imagemagick <unfixed> (unimportant)
+ {DSA-4712-1}
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1450
CVE-2019-7174 (Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Ren ...)
@@ -36786,10 +37739,9 @@ CVE-2019-7165 (A buffer overflow in DOSBox 0.74-2 allows attackers to execute ar
NOTE: Upstream clarification https://sourceforge.net/p/dosbox/bugs/508/
NOTE: Fixed by https://sourceforge.net/p/dosbox/code-0/3925/
CVE-2019-7164 (SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injecti ...)
- {DLA-1718-1}
+ {DLA-2811-1 DLA-1718-1}
[experimental] - sqlalchemy 1.3.0~b3+ds1-1
- sqlalchemy 1.2.18+ds1-2 (bug #922669)
- [stretch] - sqlalchemy <no-dsa> (Minor issue)
NOTE: https://github.com/sqlalchemy/sqlalchemy/issues/4481
NOTE: https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414
CVE-2019-7163 (The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 dev ...)
@@ -36837,9 +37789,8 @@ CVE-2019-7151 (A NULL pointer dereference was discovered in wasm::Module::getFun
NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b
NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e
CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault can oc ...)
- {DLA-1689-1}
+ {DLA-2802-1 DLA-1689-1}
- elfutils 0.176-1 (low; bug #920909)
- [stretch] - elfutils <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103
NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=da5c5336a1eaf519de246f7d9f0f5585e1d4ac59
@@ -36850,7 +37801,7 @@ CVE-2019-7149 (A heap-based buffer over-read was discovered in the function read
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24102
NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2562759d6fe5b364fe224852e64e8bda39eb2e35
-CVE-2019-7148 (**DISPUTED** An attempted excessive memory allocation was discovered i ...)
+CVE-2019-7148 (An attempted excessive memory allocation was discovered in the functio ...)
- elfutils 0.176-1 (unimportant)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24085
NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=e32380ecefbb23448541367283d3b94930762986
@@ -37147,14 +38098,14 @@ CVE-2019-7007 (A directory traversal vulnerability has been found in the Avaya E
NOT-FOR-US: Avaya
CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in the cli ...)
NOT-FOR-US: Avaya
-CVE-2019-7005
- RESERVED
+CVE-2019-7005 (A vulnerability was discovered in the web interface component of IP Of ...)
+ NOT-FOR-US: IP Office
CVE-2019-7004 (A Cross-Site Scripting (XSS) vulnerability in the WebUI component of I ...)
NOT-FOR-US: Avaya
CVE-2019-7003 (A SQL injection vulnerability in the reporting component of Avaya Cont ...)
NOT-FOR-US: Avaya
CVE-2019-7002
- RESERVED
+ REJECTED
CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP Office Cont ...)
NOT-FOR-US: IP Office Contact Center
CVE-2019-7000 (A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura ...)
@@ -37196,6 +38147,7 @@ CVE-2019-6989 (TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow,
NOT-FOR-US: TP-Link
CVE-2019-6988 (An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers ...)
- openjpeg2 <unfixed> (low; bug #922648)
+ [bullseye] - openjpeg2 <ignored> (Minor issue)
[buster] - openjpeg2 <ignored> (Minor issue)
[stretch] - openjpeg2 <ignored> (Minor issue)
[jessie] - openjpeg2 <ignored> (Minor issue)
@@ -37231,14 +38183,14 @@ CVE-2019-1000029 [DoS due to changing # of allowed users in root channel]
NOTE: Introduced in: https://github.com/mumble-voip/mumble/commit/84b1bcecef790a84d10b2d1f2060c1681a2bb836
NOTE: Fixed by: https://github.com/mumble-voip/mumble/commit/3edc46ff7308691d342f8c08ce1afaaefce35a5c
CVE-2019-6977 (gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka ...)
- {DSA-4384-1 DLA-1651-1}
+ {DSA-4384-1 DLA-1679-1 DLA-1651-1}
- libgd2 2.2.5-5.1 (bug #920645)
- php7.3 7.3.1-1 (unimportant)
- php7.0 <removed> (unimportant)
- php5 <removed> (unimportant)
NOTE: Fixed in 5.6.40, 7.1.26, 7.2.14, 7.3.1
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77270
- NOTE: Proposed patch: https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
+ NOTE: https://github.com/php/php-src/commit/7a12dad4dd6c370835b13afae214b240082c7538
CVE-2019-6976 (libvips before 8.7.4 generates output images from uninitialized memory ...)
- vips 8.7.4-1 (low)
[stretch] - vips 8.4.5-1+deb9u1
@@ -37292,10 +38244,9 @@ CVE-2019-6958 (A recently discovered security vulnerability affects all Bosch Vi
CVE-2019-6957 (A recently discovered security vulnerability affects all Bosch Video M ...)
NOT-FOR-US: Bosch
CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
- {DLA-1899-1}
+ {DLA-2792-1 DLA-1899-1}
- faad2 2.8.8-3.1 (bug #914641)
[buster] - faad2 <no-dsa> (Minor issue)
- [stretch] - faad2 <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/faac/bugs/240/
NOTE: https://github.com/knik0/faad2/issues/39
NOTE: https://github.com/knik0/faad2/commit/6823e6610c9af1b0080cb22b9da03efb208d7d57
@@ -37499,9 +38450,9 @@ CVE-2019-6857 (A CWE-754: Improper Check for Unusual or Exceptional Conditions v
NOT-FOR-US: Modicon
CVE-2019-6856 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: Modicon
-CVE-2019-6855 (An Improper Authorization - CWE-285 vulnerability exists in EcoStruxur ...)
+CVE-2019-6855 (Incorrect Authorization vulnerability exists in EcoStruxure Control Ex ...)
NOT-FOR-US: EcoStruxure Control Expert
-CVE-2019-6854 (A CWE-264 Permissions, Privileges, and Access Controls vulnerability e ...)
+CVE-2019-6854 (A CWE-287: Improper Authentication vulnerability exists in a folder wi ...)
NOT-FOR-US: EcoStruxure Geo SCADA Expert
CVE-2019-6853 (A CWE-79: Failure to Preserve Web Page Structure vulnerability exists ...)
NOT-FOR-US: Andover Continuum
@@ -37513,31 +38464,31 @@ CVE-2019-6850 (A CWE-200: Information Exposure vulnerability exists in Modicon M
NOT-FOR-US: Modicon
CVE-2019-6849 (A CWE-200: Information Exposure vulnerability exists in Modicon M580, ...)
NOT-FOR-US: Modicon
-CVE-2019-6848 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
+CVE-2019-6848 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...)
NOT-FOR-US: Modicon
-CVE-2019-6847 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
+CVE-2019-6847 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...)
NOT-FOR-US: Modicon
CVE-2019-6846 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...)
NOT-FOR-US: Modicon
CVE-2019-6845 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...)
NOT-FOR-US: Modicon
-CVE-2019-6844 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
+CVE-2019-6844 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...)
NOT-FOR-US: Modicon
-CVE-2019-6843 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
+CVE-2019-6843 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...)
NOT-FOR-US: Modicon
-CVE-2019-6842 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
+CVE-2019-6842 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...)
NOT-FOR-US: Modicon
-CVE-2019-6841 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580, Mo ...)
+CVE-2019-6841 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...)
NOT-FOR-US: Modicon
CVE-2019-6840 (A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6 ...)
NOT-FOR-US: Schneider
-CVE-2019-6839 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
+CVE-2019-6839 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
NOT-FOR-US: Schneider
-CVE-2019-6838 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
+CVE-2019-6838 (A CWE-863: Incorrect Authorization vulnerability exists in U.motion Se ...)
NOT-FOR-US: Schneider
CVE-2019-6837 (A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in ...)
NOT-FOR-US: Schneider
-CVE-2019-6836 (An Improper Access Control: CWE-284 vulnerability exists in U.motion S ...)
+CVE-2019-6836 (A CWE-863: Incorrect Authorization vulnerability exists in U.motion Se ...)
NOT-FOR-US: Schneider
CVE-2019-6835 (A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion S ...)
NOT-FOR-US: Schneider
@@ -37581,7 +38532,7 @@ CVE-2019-6816 (In Modicon Quantum all firmware versions, a CWE-94: Code Injectio
NOT-FOR-US: Schneider Electric
CVE-2019-6815 (In Modicon Quantum all firmware versions, CWE-264: Permissions, Privil ...)
NOT-FOR-US: Schneider Electric
-CVE-2019-6814 (An Improper Access Control: CWE-284 vulnerability exists in the NET55X ...)
+CVE-2019-6814 (A CWE-287: Improper Authentication vulnerability exists in the NET55XX ...)
NOT-FOR-US: Schneider Electric
CVE-2019-6813 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
NOT-FOR-US: Schneider
@@ -37614,13 +38565,13 @@ CVE-2019-6800 (In TitanHQ SpamTitan through 7.03, a vulnerability exists in the
CVE-2019-6799 (An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbi ...)
{DLA-1692-1}
- phpmyadmin 4:4.9.1+dfsg1-2 (bug #920823)
- [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
NOTE: https://www.phpmyadmin.net/security/PMASA-2019-1/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aeac90623e525057a7672ab3d98154b5c57c15ec
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c5e01f84ad48c5c626001cb92d7a95500920a900
CVE-2019-6798 (An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability wa ...)
- phpmyadmin 4:4.9.1+dfsg1-2 (bug #920822)
- [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
[jessie] - phpmyadmin <not-affected> (Vulnerable code introduced later >= 4.5.0)
NOTE: https://www.phpmyadmin.net/security/PMASA-2019-2/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/469934cf7d3bd19a839eb78670590f7511399435
@@ -37686,6 +38637,7 @@ CVE-2019-6778 (In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffe
- slirp4netns 0.2.1-1
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=a7104eda7dab99d0cdbd3595c211864cba415905
+ NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-j2r5-xwp8-m8m9
CVE-2019-6777 (An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in ...)
- zoneminder 1.32.3-2 (bug #920375)
NOTE: https://github.com/ZoneMinder/zoneminder/issues/2436
@@ -37831,7 +38783,8 @@ CVE-2019-6708 (PHPSHE 1.7 has SQL injection via the admin.php?mod=order state pa
CVE-2019-6707 (PHPSHE 1.7 has SQL injection via the admin.php?mod=product&amp;act=sta ...)
NOT-FOR-US: PHPSHE
CVE-2019-6706 (Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For examp ...)
- - lua5.3 <unfixed> (bug #920321)
+ - lua5.3 5.3.6-1 (bug #920321)
+ [bullseye] - lua5.3 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - lua5.3 <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - lua5.3 <postponed> (Minor issue, revisit when fixed upstream)
- lua5.2 <not-affected> (Vulnerable code introduced later)
@@ -37871,9 +38824,8 @@ CVE-2019-6692 (A malicious DLL preload vulnerability in Fortinet FortiClient for
CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=bac ...)
NOT-FOR-US: phpwind
CVE-2019-6690 (python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg t ...)
- {DLA-1675-1}
+ {DLA-2862-1 DLA-1675-1}
- python-gnupg 0.4.4-1
- [stretch] - python-gnupg <no-dsa> (Minor issue)
NOTE: https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
NOTE: https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112
NOTE: https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112
@@ -38013,7 +38965,7 @@ CVE-2019-6623 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and
NOT-FOR-US: F5 BIG-IP
CVE-2019-6622 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12 ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2019-6621 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12 ...)
+CVE-2019-6621 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...)
NOT-FOR-US: F5 BIG-IP
CVE-2019-6620 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12 ...)
NOT-FOR-US: F5 BIG-IP
@@ -38117,9 +39069,9 @@ CVE-2019-6571 (A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xy
NOT-FOR-US: Siemens
CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
NOT-FOR-US: Siemens
-CVE-2019-6569 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+CVE-2019-6569 (The monitor barrier of the affected products insufficiently blocks dat ...)
NOT-FOR-US: Scalance
-CVE-2019-6568 (A vulnerability has been identified in CP1604, CP1616, CP343-1 Advance ...)
+CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC CP 1604, S ...)
NOT-FOR-US: Siemens
CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
NOT-FOR-US: Siemens
@@ -38257,9 +39209,9 @@ CVE-2019-6502 (sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a me
NOTE: https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9 (0.20.0-rc1)
NOTE: Negligible security impact, assigning a CVE seems out of proportion...
CVE-2019-1003004 (An improper authorization vulnerability exists in Jenkins 2.158 and ea ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003003 (An improper authorization vulnerability exists in Jenkins 2.158 and ea ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2019-1003002 (A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-1003001 (A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 ...)
@@ -38406,13 +39358,15 @@ CVE-2019-6463
RESERVED
CVE-2019-6462 (An issue was discovered in cairo 1.16.0. There is an infinite loop in ...)
- cairo <unfixed> (low; bug #929945)
- [buster] - cairo <no-dsa> (Minor issue)
+ [bullseye] - cairo <ignored> (Minor issue)
+ [buster] - cairo <ignored> (Minor issue)
[stretch] - cairo <no-dsa> (Minor issue)
[jessie] - cairo <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/353
CVE-2019-6461 (An issue was discovered in cairo 1.16.0. There is an assertion problem ...)
- cairo <unfixed> (low; bug #929944)
- [buster] - cairo <no-dsa> (Minor issue)
+ [bullseye] - cairo <ignored> (Minor issue)
+ [buster] - cairo <ignored> (Minor issue)
[stretch] - cairo <no-dsa> (Minor issue)
[jessie] - cairo <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/352
@@ -38775,11 +39729,9 @@ CVE-2019-6295 (Cleanto 5.0 has SQL Injection via the assets/lib/service_method_a
CVE-2019-6294 (An issue was discovered in EasyCMS 1.5. There is CSRF via the index.ph ...)
NOT-FOR-US: EasyCMS
CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal in nf ...)
- - flex <unfixed> (low; bug #919428)
- [buster] - flex <no-dsa> (Minor issue)
- [stretch] - flex <no-dsa> (Minor issue)
- [jessie] - flex <no-dsa> (Minor issue)
+ - flex <unfixed> (unimportant; bug #919428)
NOTE: https://github.com/westes/flex/issues/414
+ NOTE: Negligible security impact
CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYam ...)
- yaml-cpp 0.6.3-1 (low; bug #919430)
[buster] - yaml-cpp <no-dsa> (Minor issue)
@@ -38799,8 +39751,8 @@ CVE-2019-6290 (An infinite recursion issue was discovered in eval.c in Netwide A
NOTE: Crash in CLI tool, no security impact
CVE-2019-6289 (uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows ...)
NOT-FOR-US: DedeCMS
-CVE-2019-6288
- RESERVED
+CVE-2019-6288 (Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Comman ...)
+ NOT-FOR-US: Edgecore ECS2020 Firmware
CVE-2019-6287 (In Rancher 2.0.0 through 2.1.5, project members have continued access ...)
NOT-FOR-US: Rancher
CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...)
@@ -38872,8 +39824,8 @@ CVE-2019-6260 (The ASPEED ast2400 and ast2500 Baseband Management Controller (BM
NOT-FOR-US: ASPEED
CVE-2019-6259 (An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injec ...)
NOT-FOR-US: idreamsoft iCMS
-CVE-2019-6258
- RESERVED
+CVE-2019-6258 (D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow ...)
+ NOT-FOR-US: D-Link
CVE-2019-6257 (A Server Side Request Forgery (SSRF) vulnerability in elFinder before ...)
NOT-FOR-US: elFinder
CVE-2019-6256 (A Denial of Service issue was discovered in the LIVE555 Streaming Medi ...)
@@ -38914,9 +39866,8 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling
- svgpp 1.2.3+dfsg1-5 (bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...)
- {DLA-1656-1}
+ {DLA-2872-1 DLA-1656-1}
- agg 1:2.4-r127+dfsg1-1 (low; bug #919322)
- [stretch] - agg <no-dsa> (Minor issue)
- svgpp <unfixed> (unimportant; bug #919321)
NOTE: https://github.com/svgpp/svgpp/issues/70
NOTE: Fixed in src:agg with: https://sourceforge.net/p/agg/svn/119/
@@ -38936,8 +39887,8 @@ CVE-2019-6240 (An issue was discovered in GitLab Community and Enterprise Editio
NOTE: https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/
CVE-2019-6239 (This issue was addressed with improved handling of file metadata. This ...)
NOT-FOR-US: Apple
-CVE-2019-6238
- RESERVED
+CVE-2019-6238 (A validation issue existed in the handling of symlinks. This issue was ...)
+ NOT-FOR-US: Apple
CVE-2019-6237 (Multiple memory corruption issues were addressed with improved memory ...)
- webkit2gtk 2.24.1-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -39035,8 +39986,8 @@ CVE-2019-6198
RESERVED
CVE-2019-6197
RESERVED
-CVE-2019-6196
- RESERVED
+CVE-2019-6196 (A symbolic link vulnerability in some Lenovo installation packages, pr ...)
+ NOT-FOR-US: Lenovo
CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...)
NOT-FOR-US: Lenovo
CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was reported in ...)
@@ -39081,13 +40032,13 @@ CVE-2019-6175 (A denial of service vulnerability was reported in Lenovo System U
NOT-FOR-US: Lenovo
CVE-2019-6174
RESERVED
-CVE-2019-6173
- RESERVED
-CVE-2019-6172 (A potential vulnerability in the SMI callback function in some Lenovo ...)
+CVE-2019-6173 (A DLL search path vulnerability could allow privilege escalation in so ...)
+ NOT-FOR-US: Lenovo
+CVE-2019-6172 (A potential vulnerability in the SMI callback function used in Legacy ...)
NOT-FOR-US: Lenovo
CVE-2019-6171 (A vulnerability was reported in various BIOS versions of older ThinkPa ...)
NOT-FOR-US: Lenovo
-CVE-2019-6170 (A potential vulnerability in some Lenovo ThinkPads may allow an attack ...)
+CVE-2019-6170 (A potential vulnerability in the SMI callback function used in the Leg ...)
NOT-FOR-US: Lenovo
CVE-2019-6169 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...)
NOT-FOR-US: Lenovo Service Bridge
@@ -39176,14 +40127,13 @@ CVE-2019-6132 (An issue was discovered in Bento4 v1.5.1-627. There is a memory l
NOT-FOR-US: Bento4
CVE-2019-6131 (svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack co ...)
- mupdf 1.14.0+ds1-3 (bug #918970)
- [stretch] - mupdf <no-dsa> (Minor issue)
+ [stretch] - mupdf <not-affected> (vulnerable code not present)
[jessie] - mupdf <not-affected> (vulnerable code not present)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700442
NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?c8f7e48ff74720a5e984ae19d978a5ab4d5dde5b
CVE-2019-6130 (Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fi ...)
- {DLA-1838-1}
+ {DLA-2289-1 DLA-1838-1}
- mupdf 1.14.0+ds1-3 (bug #918971)
- [stretch] - mupdf <no-dsa> (Minor issue)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700446
NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?faf47b94e24314d74907f3f6bc874105f2c962ed
CVE-2019-6129 (** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a ...)
@@ -39223,12 +40173,12 @@ CVE-2019-6116 (In Artifex Ghostscript through 9.26, ephemeral or transient proce
{DSA-4372-1 DLA-1670-1}
- ghostscript 9.26a~dfsg-1
NOTE: https://www.openwall.com/lists/oss-security/2019/01/23/5
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1729
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700317
CVE-2019-6115
@@ -39237,8 +40187,8 @@ CVE-2019-6114 (An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. A
NOT-FOR-US: Corel PaintShop Pro
CVE-2019-6113 (Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-001 ...)
NOT-FOR-US: ONKYO
-CVE-2019-6112
- RESERVED
+CVE-2019-6112 (A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in ...)
+ NOT-FOR-US: Sell Media plugin for WordPress
CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp implementation ...)
{DSA-4387-2 DSA-4387-1 DLA-1728-1}
- openssh 1:7.9p1-9 (bug #923486)
@@ -39723,199 +40673,258 @@ CVE-2019-5883 (An Incorrect Access Control issue was discovered in GitLab Commun
NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2019-5881 (Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865. ...)
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5880 (Insufficient policy enforcement in Blink in Google Chrome prior to 77. ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5879 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5878 (Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5877 (Out of bounds memory access in JavaScript in Google Chrome prior to 77 ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5876 (Use after free in media in Google Chrome on Android prior to 77.0.3865 ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5875 (Insufficient data validation in downloads in Google Chrome prior to 77 ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5874 (Insufficient filtering in URI schemes in Google Chrome on Windows prio ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5873 (Insufficient policy validation in navigation in Google Chrome on iOS p ...)
- chromium <not-affected> (iOS specific issue)
CVE-2019-5872 (Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5871 (Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 al ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5870 (Use after free in media in Google Chrome prior to 77.0.3865.75 allowed ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5869 (Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowe ...)
{DSA-4562-1}
- chromium 78.0.3904.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5868 (Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allow ...)
{DSA-4500-1}
- chromium 76.0.3809.100-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5867 (Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.1 ...)
{DSA-4500-1}
- chromium 76.0.3809.100-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5866 (Out of bounds memory access in JavaScript in Google Chrome prior to 75 ...)
- chromium 76.0.3809.71-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5865 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5864 (Insufficient data validation in CORS in Google Chrome prior to 76.0.38 ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5863
- RESERVED
- - chromium <not-affected> (Windows-specific)
+ REJECTED
CVE-2019-5862 (Insufficient data validation in AppCache in Google Chrome prior to 76. ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5861 (Insufficient data validation in Blink in Google Chrome prior to 76.0.3 ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5860 (Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowe ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5859 (Insufficient filtering in URI schemes in Google Chrome on Windows prio ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5858 (Incorrect security UI in MacOS services integration in Google Chrome o ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5857 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5856 (Insufficient policy enforcement in storage in Google Chrome prior to 7 ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5855 (Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allo ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5854 (Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allo ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5853 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5852 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5851 (Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allo ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5850 (Use after free in offline mode in Google Chrome prior to 76.0.3809.87 ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5849 (Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allo ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
- firefox 69.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-5849
CVE-2019-5848 (Incorrect font handling in autofill in Google Chrome prior to 75.0.377 ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5847 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...)
{DSA-4500-1}
- chromium 76.0.3809.87-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5846 (Out of bounds access in SwiftShader in Google Chrome prior to 73.0.368 ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5845 (Out of bounds access in SwiftShader in Google Chrome prior to 73.0.368 ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5844 (Out of bounds access in SwiftShader in Google Chrome prior to 73.0.368 ...)
{DSA-4421-1}
- chromium 73.0.3683.75-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5843 (Out of bounds memory access in JavaScript in Google Chrome prior to 74 ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5842 (Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed ...)
{DSA-4500-1}
- chromium 75.0.3770.90-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5841 (Out of bounds memory access in JavaScript in Google Chrome prior to 75 ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5840 (Incorrect security UI in popup blocker in Google Chrome on iOS prior t ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5839 (Excessive data validation in URL parser in Google Chrome prior to 75.0 ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5838 (Insufficient policy enforcement in extensions API in Google Chrome pri ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5837 (Resource size information leakage in Blink in Google Chrome prior to 7 ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5836 (Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 a ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5835 (Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3 ...)
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5834 (Insufficient data validation in Blink in Google Chrome prior to 75.0.3 ...)
{DSA-4500-1}
- chromium <not-affected> (iOS-specific)
CVE-2019-5833 (Incorrect dialog box scoping in browser in Google Chrome on Android pr ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5832 (Insufficient policy enforcement in XMLHttpRequest in Google Chrome pri ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5831 (Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 al ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5830 (Insufficient policy enforcement in CORS in Google Chrome prior to 75.0 ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5829 (Integer overflow in download manager in Google Chrome prior to 75.0.37 ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5828 (Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0 ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5827 (Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3 ...)
- {DSA-4500-1}
+ {DSA-4500-1 DLA-2340-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
- sqlite3 3.27.2-3
- [stretch] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in chromium)
[jessie] - sqlite3 <no-dsa> (Minor issue; mainly with inpact in chromium)
NOTE: https://www.sqlite.org/src/info/07ee06fd390bfebe
NOTE: https://www.sqlite.org/src/info/0b6ae032c28e7fe3
CVE-2019-5826 (Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 all ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5825 (Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683. ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5824 (Parameter passing error in media in Google Chrome prior to 74.0.3729.1 ...)
{DSA-4500-1}
- chromium 75.0.3770.80-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5823 (Insufficient policy enforcement in service workers in Google Chrome pr ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5822 (Inappropriate implementation in Blink in Google Chrome prior to 74.0.3 ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5821 (Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 all ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5820 (Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 all ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5819 (Insufficient data validation in developer tools in Google Chrome on OS ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5818 (Uninitialized data in media in Google Chrome prior to 74.0.3729.108 al ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5817 (Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74. ...)
- chromium <not-affected> (Windows-specific)
CVE-2019-5816 (Process lifetime issue in Chrome in Google Chrome on Android prior to ...)
@@ -39923,35 +40932,45 @@ CVE-2019-5816 (Process lifetime issue in Chrome in Google Chrome on Android prio
CVE-2019-5815 (Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1. ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5814 (Insufficient policy enforcement in Blink in Google Chrome prior to 74. ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5813 (Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5812 (Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.1 ...)
- chromium <not-affected> (iOS specific)
CVE-2019-5811 (Incorrect handling of CORS in ServiceWorker in Google Chrome prior to ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5810 (Information leak in autofill in Google Chrome prior to 74.0.3729.108 a ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5809 (Use after free in file chooser in Google Chrome prior to 74.0.3729.108 ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5808 (Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowe ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5807 (Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 al ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5806 (Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.37 ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5805 (Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allow ...)
{DSA-4500-1}
- chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2019-5804 (Incorrect command line processing in Chrome in Google Chrome prior to ...)
- chromium <not-affected> (Windows-specific)
CVE-2019-5803 (Insufficient policy enforcement in Content Security Policy in Google C ...)
@@ -40175,15 +41194,15 @@ CVE-2019-5736 (runc through 1.0-rc6, as used in Docker before 18.09.2 and other
NOTE: lxc: Fixed by: https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
NOTE: Not considered a security issue by LXC upstream
CVE-2019-5735
- RESERVED
+ REJECTED
CVE-2019-5734
RESERVED
CVE-2019-5733
RESERVED
CVE-2019-5732
- RESERVED
+ REJECTED
CVE-2019-5731
- RESERVED
+ REJECTED
CVE-2019-5730
RESERVED
CVE-2019-5729 (Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS ...)
@@ -40379,8 +41398,8 @@ CVE-2019-5647 (The Chrome Plugin for Rapid7 AppSpider can incorrectly keep brows
NOT-FOR-US: Chrome Plugin for Rapid7 AppSpider
CVE-2019-5646
RESERVED
-CVE-2019-5645
- RESERVED
+CVE-2019-5645 (By sending a specially crafted HTTP GET request to a listening Rapid7 ...)
+ NOT-FOR-US: Rapid7 Metasploit
CVE-2019-5644 (Computing For Good's Basic Laboratory Information System (also known a ...)
NOT-FOR-US: Computing For Good's Basic Laboratory Information System
CVE-2019-5643 (Computing For Good's Basic Laboratory Information System (also known a ...)
@@ -40389,8 +41408,8 @@ CVE-2019-5642 (Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers
NOT-FOR-US: Rapid7 Metasploit Pro
CVE-2019-5641
RESERVED
-CVE-2019-5640
- RESERVED
+CVE-2019-5640 (Rapid7 Nexpose versions prior to 6.6.114 suffer from an information ex ...)
+ NOT-FOR-US: Rapid7 Nexpose
CVE-2019-5639
RESERVED
CVE-2019-5638 (Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient sess ...)
@@ -40507,8 +41526,8 @@ CVE-2019-5593 (Improper permission or value checking in the CLI console may allo
NOT-FOR-US: FortiOS
CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, ...)
NOT-FOR-US: Fortinet
-CVE-2019-5591
- RESERVED
+CVE-2019-5591 (A Default Configuration vulnerability in FortiOS may allow an unauthen ...)
+ NOT-FOR-US: Fortinet
CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet FortiWeb ...)
NOT-FOR-US: Fortinet
CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...)
@@ -40675,7 +41694,7 @@ CVE-2019-5510
RESERVED
CVE-2019-5509 (ONTAP Select Deploy administration utility versions 2.11.2 through 2.1 ...)
NOT-FOR-US: ONTAP Select Deploy administration utility
-CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vul ...)
+CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vul ...)
NOT-FOR-US: Clustered Data ONTAP
CVE-2019-5507 (SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a v ...)
NOT-FOR-US: SnapManager for Oracle
@@ -40911,6 +41930,7 @@ CVE-2019-5428
REJECTED
CVE-2019-5427 (c3p0 version &lt; 0.9.5.4 may be exploited by a billion laughs attack ...)
- c3p0 <unfixed> (low; bug #927936)
+ [bullseye] - c3p0 <no-dsa> (Minor issue)
[buster] - c3p0 <no-dsa> (Minor issue)
[stretch] - c3p0 <no-dsa> (Minor issue)
[jessie] - c3p0 <no-dsa> (Minor issue)
@@ -41139,16 +42159,16 @@ CVE-2019-5323 (There are command injection vulnerabilities present in the AirWav
NOT-FOR-US: Aruba Airwave
CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is present ...)
NOT-FOR-US: Edge Switch models
-CVE-2019-5321
- RESERVED
-CVE-2019-5320
- RESERVED
-CVE-2019-5319
- RESERVED
-CVE-2019-5318
- RESERVED
-CVE-2019-5317
- RESERVED
+CVE-2019-5321 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5 ...)
+ NOT-FOR-US: Aruba Intelligent Edge Switch Series
+CVE-2019-5320 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5 ...)
+ NOT-FOR-US: Aruba Intelligent Edge Switch Series
+CVE-2019-5319 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
+ NOT-FOR-US: Aruba
+CVE-2019-5318 (A remote cross-site request forgery (csrf) vulnerability was discovere ...)
+ NOT-FOR-US: Aruba
+CVE-2019-5317 (A local authentication bypass vulnerability was discovered in some Aru ...)
+ NOT-FOR-US: Aruba
CVE-2019-5316
RESERVED
CVE-2019-5315 (A command injection vulnerability is present in the web management int ...)
@@ -41406,10 +42426,9 @@ CVE-2019-5190
CVE-2019-5189
RESERVED
CVE-2019-5188 (A code execution vulnerability exists in the directory rehashing funct ...)
- {DLA-2156-1}
+ {DLA-2290-1 DLA-2156-1}
- e2fsprogs 1.45.5-1 (bug #948508)
[buster] - e2fsprogs 1.44.5-1+deb10u3
- [stretch] - e2fsprogs <no-dsa> (Minor issue)
NOTE: Fixed by: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff
NOTE: Further hardening: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba137571ba13755337e19c9a826dfc874562a36e1b24d3
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
@@ -41587,6 +42606,7 @@ CVE-2019-5110 (Exploitable SQL injection vulnerabilities exist in the authentica
CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the authenticated ...)
NOT-FOR-US: Forma LMS
CVE-2019-5108 (An exploitable denial-of-service vulnerability exists in the Linux ker ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.3.7-1
[buster] - linux 4.19.98-1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900
@@ -41635,11 +42655,15 @@ CVE-2019-5089 (An exploitable memory corruption vulnerability exists in Investin
CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investintech ...)
NOT-FOR-US: Investintech
CVE-2019-5087 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
- - xcftools <unfixed> (bug #945317)
+ {DLA-2553-1}
+ - xcftools 1.0.7-6.1 (bug #945317)
+ [buster] - xcftools 1.0.7-6+deb10u1
NOTE: https://github.com/j-jorge/xcftools/issues/13
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879
CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flattenInc ...)
- - xcftools <unfixed> (bug #945317)
+ {DLA-2553-1}
+ - xcftools 1.0.7-6.1 (bug #945317)
+ [buster] - xcftools 1.0.7-6+deb10u1
NOTE: https://github.com/j-jorge/xcftools/issues/12
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
CVE-2019-5085 (An exploitable code execution vulnerability exists in the DICOM packet ...)
@@ -41680,7 +42704,7 @@ CVE-2019-5068 (An exploitable shared memory permissions vulnerability exists in
{DLA-1993-1}
- mesa 19.2.6-1 (low; bug #944298)
[buster] - mesa 18.3.6-2+deb10u1
- [stretch] - mesa <no-dsa> (Minor issue)
+ [stretch] - mesa <ignored> (Affected code is not built in stretch)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
NOTE: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
NOTE: https://cgit.freedesktop.org/mesa/mesa/commit/?id=02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
@@ -41692,7 +42716,7 @@ CVE-2019-5065 (An exploitable information disclosure vulnerability exists in the
NOT-FOR-US: Blynk
CVE-2019-5064 (An exploitable heap buffer overflow vulnerability exists in the data s ...)
[experimental] - opencv 4.2.0+dfsg-1
- - opencv <unfixed> (bug #948180)
+ - opencv 4.2.0+dfsg-3 (bug #948180)
[buster] - opencv <not-affected> (Vulnerable code introduced later)
[stretch] - opencv <not-affected> (Vulnerable code introduced later)
[jessie] - opencv <not-affected> (The vulnerable code was introduced later)
@@ -41702,7 +42726,7 @@ CVE-2019-5064 (An exploitable heap buffer overflow vulnerability exists in the d
NOTE: Persistence implementation refactored in: https://github.com/opencv/opencv/pull/13011
CVE-2019-5063 (An exploitable heap buffer overflow vulnerability exists in the data s ...)
[experimental] - opencv 4.2.0+dfsg-1
- - opencv <unfixed> (bug #948180)
+ - opencv 4.2.0+dfsg-3 (bug #948180)
[buster] - opencv <not-affected> (Vulnerable code introduced later)
[stretch] - opencv <not-affected> (Vulnerable code introduced later)
[jessie] - opencv <not-affected> (The vulnerable code was introduced later)
@@ -41847,7 +42871,7 @@ CVE-2019-5026
REJECTED
CVE-2019-5025
REJECTED
-CVE-2019-5024 (A restricted environment escape vulnerability exists in the "kiosk mod ...)
+CVE-2019-5024 (A restricted environment escape vulnerability exists in the &#8220;kio ...)
NOT-FOR-US: Capsule Technologies SmartLinx Neuron
CVE-2019-5023 (An exploitable vulnerability exists in the grsecurity PaX patch for th ...)
- linux-grsec <removed>
@@ -41885,14 +42909,12 @@ CVE-2019-5012 (An exploitable privilege escalation vulnerability exists in the W
CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the helper ...)
NOT-FOR-US: CleanMyMac
CVE-2019-5010 (An exploitable denial-of-service vulnerability exists in the X509 cert ...)
- {DLA-1834-1 DLA-1663-1}
+ {DLA-2337-1 DLA-2280-1 DLA-1834-1 DLA-1663-1}
- python3.7 3.7.2-2 (bug #921064)
- python3.6 <removed> (bug #921063)
- python3.5 <removed>
- [stretch] - python3.5 <postponed> (Minor issue, can be fixed along in a future DSA)
- python3.4 <removed>
- python2.7 2.7.15-6 (bug #921040)
- [stretch] - python2.7 <postponed> (Minor issue, can be fixed along in a future DSA)
NOTE: https://bugs.python.org/issue35746
NOTE: https://github.com/python/cpython/pull/11569
NOTE: https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031 (3.7.x)
@@ -41903,11 +42925,12 @@ CVE-2019-5009 (Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the e
CVE-2019-5008 (hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dere ...)
- qemu 1:3.1+dfsg-8 (low; bug #927439)
[buster] - qemu 1:3.1+dfsg-8~deb10u1
- [stretch] - qemu <ignored> (Minor issue)
+ [stretch] - qemu <not-affected> (Vulnerable code not present)
[jessie] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
NOTE: https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=ad280559c68360c9f1cd7be063857853759e6a73 (4.0.0-rc0)
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=25c5d5acfbaa148b2da64b1f2c1401f87ebb0bb4 (MemoryRegionOps introduced in 2.12)
CVE-2019-5007 (An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on W ...)
NOT-FOR-US: Foxit Reader and PhantomPDF
CVE-2019-5006 (An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on W ...)
@@ -42426,10 +43449,10 @@ CVE-2019-4750 (IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to c
NOT-FOR-US: IBM
CVE-2019-4749 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
NOT-FOR-US: IBM
-CVE-2019-4748
- RESERVED
-CVE-2019-4747
- RESERVED
+CVE-2019-4748 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
+ NOT-FOR-US: IBM
+CVE-2019-4747 (IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vul ...)
+ NOT-FOR-US: IBM
CVE-2019-4746 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...)
NOT-FOR-US: IBM
CVE-2019-4745 (IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to d ...)
@@ -42446,8 +43469,8 @@ CVE-2019-4740 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is v
NOT-FOR-US: IBM
CVE-2019-4739
RESERVED
-CVE-2019-4738
- RESERVED
+CVE-2019-4738 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 a ...)
+ NOT-FOR-US: IBM
CVE-2019-4737 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...)
NOT-FOR-US: IBM
CVE-2019-4736 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site requ ...)
@@ -42460,26 +43483,26 @@ CVE-2019-4733
RESERVED
CVE-2019-4732 (IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7. ...)
NOT-FOR-US: IBM
-CVE-2019-4731
- RESERVED
-CVE-2019-4730
- RESERVED
+CVE-2019-4731 (IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highl ...)
+ NOT-FOR-US: IBM
+CVE-2019-4730 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External En ...)
+ NOT-FOR-US: IBM
CVE-2019-4729 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
NOT-FOR-US: IBM
-CVE-2019-4728
- RESERVED
+CVE-2019-4728 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2 ...)
+ NOT-FOR-US: IBM
CVE-2019-4727
RESERVED
CVE-2019-4726 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
NOT-FOR-US: IBM
-CVE-2019-4725
- RESERVED
-CVE-2019-4724
- RESERVED
-CVE-2019-4723
- RESERVED
-CVE-2019-4722
- RESERVED
+CVE-2019-4725 (IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site ...)
+ NOT-FOR-US: IBM
+CVE-2019-4724 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
+ NOT-FOR-US: IBM
+CVE-2019-4723 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
+ NOT-FOR-US: IBM
+CVE-2019-4722 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
+ NOT-FOR-US: IBM
CVE-2019-4721
RESERVED
CVE-2019-4720 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
@@ -42496,8 +43519,8 @@ CVE-2019-4715 (IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated
NOT-FOR-US: IBM
CVE-2019-4714
RESERVED
-CVE-2019-4713
- RESERVED
+CVE-2019-4713 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remo ...)
+ NOT-FOR-US: IBM
CVE-2019-4712
RESERVED
CVE-2019-4711
@@ -42510,48 +43533,48 @@ CVE-2019-4708
RESERVED
CVE-2019-4707 (IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML ...)
NOT-FOR-US: IBM
-CVE-2019-4706
- RESERVED
-CVE-2019-4705
- RESERVED
-CVE-2019-4704
- RESERVED
+CVE-2019-4706 (IBM Security Identity Manager Virtual Appliance 7.0.2 writes informati ...)
+ NOT-FOR-US: IBM
+CVE-2019-4705 (IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensit ...)
+ NOT-FOR-US: IBM
+CVE-2019-4704 (IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the ...)
+ NOT-FOR-US: IBM
CVE-2019-4703 (IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft ...)
NOT-FOR-US: IBM
-CVE-2019-4702
- RESERVED
-CVE-2019-4701
- RESERVED
+CVE-2019-4702 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissi ...)
+ NOT-FOR-US: IBM
+CVE-2019-4701 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with a ...)
+ NOT-FOR-US: IBM
CVE-2019-4700
RESERVED
-CVE-2019-4699
- RESERVED
-CVE-2019-4698
- RESERVED
-CVE-2019-4697
- RESERVED
+CVE-2019-4699 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error ...)
+ NOT-FOR-US: IBM
+CVE-2019-4698 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require t ...)
+ NOT-FOR-US: IBM
+CVE-2019-4697 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user creden ...)
+ NOT-FOR-US: IBM
CVE-2019-4696
RESERVED
-CVE-2019-4695
- RESERVED
-CVE-2019-4694
- RESERVED
-CVE-2019-4693
- RESERVED
-CVE-2019-4692
- RESERVED
-CVE-2019-4691
- RESERVED
+CVE-2019-4695 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages t ...)
+ NOT-FOR-US: IBM
+CVE-2019-4694 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-code ...)
+ NOT-FOR-US: IBM
+CVE-2019-4693 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user creden ...)
+ NOT-FOR-US: IBM
+CVE-2019-4692 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitiv ...)
+ NOT-FOR-US: IBM
+CVE-2019-4691 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to c ...)
+ NOT-FOR-US: IBM
CVE-2019-4690
RESERVED
-CVE-2019-4689
- RESERVED
-CVE-2019-4688
- RESERVED
-CVE-2019-4687
- RESERVED
-CVE-2019-4686
- RESERVED
+CVE-2019-4689 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remo ...)
+ NOT-FOR-US: IBM
+CVE-2019-4688 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the s ...)
+ NOT-FOR-US: IBM
+CVE-2019-4687 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive i ...)
+ NOT-FOR-US: IBM
+CVE-2019-4686 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the s ...)
+ NOT-FOR-US: IBM
CVE-2019-4685
RESERVED
CVE-2019-4684
@@ -42562,16 +43585,16 @@ CVE-2019-4682
RESERVED
CVE-2019-4681 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
NOT-FOR-US: IBM
-CVE-2019-4680
- RESERVED
+CVE-2019-4680 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 i ...)
+ NOT-FOR-US: IBM
CVE-2019-4679 (IBM Content Navigator 3.0CD could allow an authenticated user to gain ...)
NOT-FOR-US: IBM
CVE-2019-4678
RESERVED
CVE-2019-4677
RESERVED
-CVE-2019-4676
- RESERVED
+CVE-2019-4676 (IBM Security Identity Manager Virtual Appliance 7.0.2 stores user cred ...)
+ NOT-FOR-US: IBM
CVE-2019-4675 (IBM Security Identity Manager 7.0.1 contains hard-coded credentials, s ...)
NOT-FOR-US: IBM
CVE-2019-4674 (IBM Security Identity Manager 7.0.1 could allow a remote attacker to t ...)
@@ -42580,8 +43603,8 @@ CVE-2019-4673
RESERVED
CVE-2019-4672 (IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacke ...)
NOT-FOR-US: IBM
-CVE-2019-4671
- RESERVED
+CVE-2019-4671 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injec ...)
+ NOT-FOR-US: IBM
CVE-2019-4670 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
NOT-FOR-US: IBM
CVE-2019-4669 (IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 ...)
@@ -42616,14 +43639,14 @@ CVE-2019-4655 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.
NOT-FOR-US: IBM
CVE-2019-4654 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly va ...)
NOT-FOR-US: IBM
-CVE-2019-4653
- RESERVED
+CVE-2019-4653 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file per ...)
NOT-FOR-US: IBM Spectrum Protect Plus
CVE-2019-4651 (IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injectio ...)
NOT-FOR-US: IBM
-CVE-2019-4650
- RESERVED
+CVE-2019-4650 (IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A ...)
+ NOT-FOR-US: IBM
CVE-2019-4649
RESERVED
CVE-2019-4648
@@ -42740,14 +43763,14 @@ CVE-2019-4593 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that
NOT-FOR-US: IBM
CVE-2019-4592 (IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow ...)
NOT-FOR-US: IBM
-CVE-2019-4591
- RESERVED
+CVE-2019-4591 (IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate sessio ...)
+ NOT-FOR-US: IBM
CVE-2019-4590
RESERVED
-CVE-2019-4589
- RESERVED
-CVE-2019-4588
- RESERVED
+CVE-2019-4589 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalatio ...)
+ NOT-FOR-US: IBM
+CVE-2019-4588 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
CVE-2019-4587
RESERVED
CVE-2019-4586
@@ -42758,20 +43781,20 @@ CVE-2019-4584
RESERVED
CVE-2019-4583 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authen ...)
NOT-FOR-US: IBM
-CVE-2019-4582
- RESERVED
+CVE-2019-4582 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attac ...)
+ NOT-FOR-US: IBM
CVE-2019-4581 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
NOT-FOR-US: IBM
CVE-2019-4580
RESERVED
-CVE-2019-4579
- RESERVED
+CVE-2019-4579 (IBM Resilient SOAR 38 uses incomplete blacklisting for input validatio ...)
+ NOT-FOR-US: IBM
CVE-2019-4578
RESERVED
CVE-2019-4577
RESERVED
-CVE-2019-4576
- RESERVED
+CVE-2019-4576 (IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA d ...)
+ NOT-FOR-US: IBM
CVE-2019-4575
RESERVED
CVE-2019-4574
@@ -42796,8 +43819,8 @@ CVE-2019-4565 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require
NOT-FOR-US: IBM
CVE-2019-4564 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnera ...)
NOT-FOR-US: IBM
-CVE-2019-4563
- RESERVED
+CVE-2019-4563 (IBM Security Directory Server 6.4.0 does not set the secure attribute ...)
+ NOT-FOR-US: IBM
CVE-2019-4562 (IBM Security Directory Server 6.4.0 stores sensitive information in UR ...)
NOT-FOR-US: IBM
CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote attacker to e ...)
@@ -42818,8 +43841,8 @@ CVE-2019-4554
RESERVED
CVE-2019-4553 (IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expecte ...)
NOT-FOR-US: IBM
-CVE-2019-4552
- RESERVED
+CVE-2019-4552 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
+ NOT-FOR-US: IBM
CVE-2019-4551 (IBM Security Directory Server 6.4.0 does not perform an authentication ...)
NOT-FOR-US: IBM
CVE-2019-4550 (IBM Security Directory Server 6.4.0 is deployed with active debugging ...)
@@ -42828,12 +43851,12 @@ CVE-2019-4549 (IBM Security Directory Server 6.4.0 discloses sensitive informati
NOT-FOR-US: IBM
CVE-2019-4548 (IBM Security Directory Server 6.4.0 could allow a remote attacker to h ...)
NOT-FOR-US: IBM
-CVE-2019-4547
- RESERVED
+CVE-2019-4547 (IBM Security Directory Server 6.4.0 generates an error message that in ...)
+ NOT-FOR-US: IBM
CVE-2019-4546 (After installing the IBM Maximo Health- Safety and Environment Manager ...)
NOT-FOR-US: IBM
-CVE-2019-4545
- RESERVED
+CVE-2019-4545 (IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Au ...)
+ NOT-FOR-US: IBM
CVE-2019-4544
RESERVED
CVE-2019-4543
@@ -42856,8 +43879,8 @@ CVE-2019-4535
RESERVED
CVE-2019-4534
RESERVED
-CVE-2019-4533
- RESERVED
+CVE-2019-4533 (IBM Resilient SOAR V38.0 users may experience a denial of service of t ...)
+ NOT-FOR-US: IBM
CVE-2019-4532
RESERVED
CVE-2019-4531
@@ -42980,8 +44003,8 @@ CVE-2019-4473 (Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and
NOT-FOR-US: IBM
CVE-2019-4472
RESERVED
-CVE-2019-4471
- RESERVED
+CVE-2019-4471 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...)
+ NOT-FOR-US: IBM
CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
NOT-FOR-US: IBM
CVE-2019-4469
@@ -43184,14 +44207,14 @@ CVE-2019-4371
RESERVED
CVE-2019-4370
RESERVED
-CVE-2019-4369 (IBM BigFix Inventory v9 (SUA v9 / ILMT v9) discloses sensitive informa ...)
- NOT-FOR-US: IBM
+CVE-2019-4369
+ REJECTED
CVE-2019-4368
RESERVED
CVE-2019-4367
RESERVED
-CVE-2019-4366
- RESERVED
+CVE-2019-4366 (IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information di ...)
+ NOT-FOR-US: IBM
CVE-2019-4365
RESERVED
CVE-2019-4364 (IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which ...)
@@ -43218,14 +44241,14 @@ CVE-2019-4354
RESERVED
CVE-2019-4353
RESERVED
-CVE-2019-4352
- RESERVED
-CVE-2019-4351
- RESERVED
+CVE-2019-4352 (IBM Maximo Anywhere 7.6.4.0 applications could allow obfuscation of th ...)
+ NOT-FOR-US: IBM
+CVE-2019-4351 (IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive info ...)
+ NOT-FOR-US: IBM
CVE-2019-4350
RESERVED
-CVE-2019-4349
- RESERVED
+CVE-2019-4349 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 application ...)
+ NOT-FOR-US: IBM
CVE-2019-4348
RESERVED
CVE-2019-4347
@@ -43270,14 +44293,14 @@ CVE-2019-4328
RESERVED
CVE-2019-4327 ("HCL AppScan Enterprise uses hard-coded credentials which can be explo ...)
NOT-FOR-US: HCL AppScan Enterprise
-CVE-2019-4326
- RESERVED
-CVE-2019-4325
- RESERVED
-CVE-2019-4324
- RESERVED
-CVE-2019-4323
- RESERVED
+CVE-2019-4326 ("HCL AppScan Enterprise security rules update administration section o ...)
+ NOT-FOR-US: HCL
+CVE-2019-4325 ("HCL AppScan Enterprise makes use of broken or risky cryptographic alg ...)
+ NOT-FOR-US: HCL
+CVE-2019-4324 ("HCL AppScan Enterprise is susceptible to Cross-Site Scripting while i ...)
+ NOT-FOR-US: HCL
+CVE-2019-4323 ("HCL AppScan Enterprise advisory API documentation is susceptible to c ...)
+ NOT-FOR-US: HCL
CVE-2019-4322 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2019-4321 (IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Ope ...)
@@ -43340,8 +44363,8 @@ CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an
NOT-FOR-US: IBM
CVE-2019-4292 (IBM Security Guardium 10.5 could allow a remote attacker to upload arb ...)
NOT-FOR-US: IBM
-CVE-2019-4291
- RESERVED
+CVE-2019-4291 (IBM Maximo Anywhere 7.6.4.0 could allow an attacker to reverse enginee ...)
+ NOT-FOR-US: IBM
CVE-2019-4290
RESERVED
CVE-2019-4289
@@ -43602,8 +44625,8 @@ CVE-2019-4162 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is
NOT-FOR-US: IBM
CVE-2019-4161 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 disclose ...)
NOT-FOR-US: IBM
-CVE-2019-4160
- RESERVED
+CVE-2019-4160 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than e ...)
+ NOT-FOR-US: IBM
CVE-2019-4159
REJECTED
CVE-2019-4158 (IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a ...)
@@ -43740,10 +44763,10 @@ CVE-2019-4093 (IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could all
NOT-FOR-US: IBM
CVE-2019-4092 (IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to ...)
NOT-FOR-US: IBM
-CVE-2019-4091
- RESERVED
-CVE-2019-4090
- RESERVED
+CVE-2019-4091 ("HCL Marketing Platform is vulnerable to cross-site scripting during a ...)
+ NOT-FOR-US: HCL Marketing Platform
+CVE-2019-4090 ("HCL Campaign is vulnerable to cross-site scripting when a user provid ...)
+ NOT-FOR-US: HCL Campaign
CVE-2019-4089
RESERVED
CVE-2019-4088 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allo ...)
@@ -44117,9 +45140,9 @@ CVE-2019-3905 (Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SS
CVE-2019-3904
RESERVED
CVE-2019-3903
- RESERVED
+ REJECTED
CVE-2019-3902 (A flaw was found in Mercurial before 4.9. It was possible to use symli ...)
- {DLA-1764-1}
+ {DLA-2293-1 DLA-1764-1}
- mercurial 4.9-1 (bug #927674)
[buster] - mercurial 4.8.2-1+deb10u1
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29
@@ -44138,9 +45161,8 @@ CVE-2019-3900 (An infinite loop issue was found in the vhost_net kernel module i
CVE-2019-3899 (It was found that default configuration of Heketi does not require any ...)
- heketi <itp> (bug #903384)
CVE-2019-3898
- RESERVED
-CVE-2019-3897
- RESERVED
+ REJECTED
+CVE-2019-3897 (It has been discovered in redhat-certification that any unauthorized u ...)
NOT-FOR-US: redhat-certification
CVE-2019-3896 (A double-free can happen in idr_remove_all() in lib/idr.c in the Linux ...)
- linux 3.2.41-1
@@ -44222,8 +45244,7 @@ CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface implementat
NOTE: https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1689426
NOTE: Fixed by: https://git.kernel.org/linus/492855939bdb59c6f947b0b5b44af9ad82b7e38c
-CVE-2019-3881 [tmp_home_path insecure]
- RESERVED
+CVE-2019-3881 (Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with ...)
- bundler 1.16.1-2 (bug #881749; bug #796383)
[stretch] - bundler <no-dsa> (Minor issue)
[jessie] - bundler <not-affected> (This version just uses mktmpdir which creates temporary directories with 0700 permissions by default.)
@@ -44253,7 +45274,9 @@ CVE-2019-3876 (A flaw was found in the /oauth/token/request custom endpoint of t
CVE-2019-3875 (A vulnerability was found in keycloak before 6.0.2. The X.509 authenti ...)
NOT-FOR-US: Keycloak
CVE-2019-3874 (The SCTP socket buffer used by a userspace application is not accounte ...)
+ {DLA-2385-1}
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <ignored> (Minor issue)
[jessie] - linux <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686373
@@ -44276,8 +45299,7 @@ CVE-2019-3869 (When running Tower before 3.4.3 on OpenShift or Kubernetes, appli
NOT-FOR-US: Ansible Tower
CVE-2019-3868 (Keycloak up to version 6.0.0 allows the end user token (access or id t ...)
NOT-FOR-US: Keycloak
-CVE-2019-3867
- RESERVED
+CVE-2019-3867 (A vulnerability was found in the Quay web application. Sessions in the ...)
NOT-FOR-US: OpenShift (web-cosnole issue specific to OpenShift only)
CVE-2019-3866 (An information-exposure vulnerability was discovered where openstack-m ...)
- python-oslo.utils 3.41.3-1 (low; bug #946060)
@@ -44296,8 +45318,7 @@ CVE-2019-3866 (An information-exposure vulnerability was discovered where openst
NOTE: https://opendev.org/openstack/oslo.utils/commit/b41268417cecb12d1d5955ee3107067edf050221
NOTE: Patch for Pike and newer: https://launchpadlibrarian.net/449473654/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch
NOTE: Patch for Pike and newer: https://launchpadlibrarian.net/449472809/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch
-CVE-2019-3865
- RESERVED
+CVE-2019-3865 (A vulnerability was found in quay-2, where a stored XSS vulnerability ...)
NOT-FOR-US: Quay
CVE-2019-3864 (A vulnerability was discovered in all quay-2 versions before quay-3.0. ...)
NOT-FOR-US: Quay
@@ -44358,7 +45379,7 @@ CVE-2019-3855 (An integer overflow flaw which could lead to an out of bounds wri
CVE-2019-3854
REJECTED
CVE-2019-3853
- RESERVED
+ REJECTED
CVE-2019-3852 (A vulnerability was found in moodle before version 3.6.3. The get_with ...)
- moodle <removed>
CVE-2019-3851 (A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. T ...)
@@ -44420,9 +45441,9 @@ CVE-2019-3840 (A NULL pointer dereference flaw was discovered in libvirt before
CVE-2019-3839 (It was found that in ghostscript some privileged operators remained ac ...)
{DSA-4442-1 DLA-1792-1}
- ghostscript 9.27~dfsg-1
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
NOTE: To prevent pdf2dsc regression additionally:
- NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=db24f253409d5d085c2760c814c3e1d3fa2dac59
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=db24f253409d5d085c2760c814c3e1d3fa2dac59
CVE-2019-3838 (It was found that the forceput operator could be extracted from the De ...)
{DSA-4432-1 DLA-1761-1}
[experimental] - ghostscript 9.27~~dc1~dfsg-1
@@ -44438,11 +45459,13 @@ CVE-2019-3837 (It was found that the net_dma code in tcp_recvmsg() in the 2.6.32
CVE-2019-3836 (It was discovered in gnutls before version 3.6.7 upstream that there i ...)
[experimental] - gnutls28 3.6.7-1
- gnutls28 3.6.7-2
+ [stretch] - gnutls28 <not-affected> (Vulnerable code introduced later in 3.6.4)
[jessie] - gnutls28 <not-affected> (vulnerable code was introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1678411
NOTE: https://gitlab.com/gnutls/gnutls/issues/704
+ NOTE: https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
- NOTE: Upstream versions affected are 3.6.3 and later before 3.6.7
+ NOTE: Upstream versions affected are 3.6.4 and later before 3.6.7
CVE-2019-3835 (It was found that the superexec operator was available in the internal ...)
{DSA-4432-1 DLA-1761-1}
[experimental] - ghostscript 9.27~~dc1~dfsg-1
@@ -44456,9 +45479,8 @@ CVE-2019-3834 (It was found that the fix for CVE-2014-0114 had been reverted in
CVE-2019-3833 (Openwsman, versions up to and including 2.6.9, are vulnerable to infin ...)
- openwsman <itp> (bug #754501)
CVE-2019-3832 (It was discovered the fix for CVE-2018-19758 (libsndfile) was not comp ...)
- {DLA-1712-1}
+ {DLA-2418-1 DLA-1712-1}
- libsndfile 1.0.28-6 (bug #922372)
- [stretch] - libsndfile <not-affected> (Incomplete fix for CVE-2018-19758 not applied)
NOTE: https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436
NOTE: https://github.com/erikd/libsndfile/pull/460
NOTE: https://github.com/erikd/libsndfile/commit/6d7ce94c020cc720a6b28719d1a7879181790008
@@ -44474,9 +45496,14 @@ CVE-2019-3830 (A vulnerability was found in ceilometer before version 12.0.0.0rc
CVE-2019-3829 (A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. ...)
[experimental] - gnutls28 3.6.7-1
- gnutls28 3.6.7-2
+ [stretch] - gnutls28 3.5.8-5+deb9u5
[jessie] - gnutls28 <not-affected> (vulnerable code was introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1677048
NOTE: https://gitlab.com/gnutls/gnutls/issues/694
+ NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/commit/d39778e43d1674cb3ab3685157fd299816d535c0
+ NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/commit/372821c883a3d36ed3ed683844ad9d90818f6392
+ NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/commit/6b5cbc9ea5bdca704bdbe2f8fb551f720d634bc6
+ NOTE: Test: https://gitlab.com/gnutls/gnutls/commit/ad27713bef613e6c4600a0fb83ae48c6d390ff5b
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27
NOTE: Upstream versions affected are from 3.5.8 and before 3.6.7.
CVE-2019-3828 (Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path ...)
@@ -44708,8 +45735,8 @@ CVE-2019-3754 (Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.
NOT-FOR-US: EMC
CVE-2019-3753 (Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K runn ...)
NOT-FOR-US: EMC
-CVE-2019-3752
- RESERVED
+CVE-2019-3752 (Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and ...)
+ NOT-FOR-US: EMC Avamar Server
CVE-2019-3751 (Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0 ...)
NOT-FOR-US: EMC
CVE-2019-3750 (Dell Command Update versions prior to 3.1 contain an Arbitrary File De ...)
@@ -44841,8 +45868,8 @@ CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks bef
CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before and in ...)
{DLA-1965-1}
- nfs-utils 1:1.3.4-3 (bug #940848)
- [buster] - nfs-utils <no-dsa> (Minor issue)
- [stretch] - nfs-utils <no-dsa> (Minor issue)
+ [buster] - nfs-utils 1:1.3.4-2.5+deb10u1
+ [stretch] - nfs-utils 1:1.3.4-2.1+deb9u1
NOTE: https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e
CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterpri ...)
- squid <not-affected> (/usr/lib/squid/pinger permissions are root:root)
@@ -44850,7 +45877,8 @@ CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Ent
CVE-2019-3687 (The permission package in SUSE Linux Enterprise Server allowed all loc ...)
NOT-FOR-US: SuSE
CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vuln ...)
- - openqa <itp> (bug #840253)
+ - openqa <not-affected> (Fixed before initial upload to Debian)
+ NOTE: Fixed by: https://github.com/os-autoinst/openQA/commit/c172e8883d8f32fced5e02f9b6faaacc913df27b
CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS certifi ...)
- osc <not-affected> (Affects 0.165.x only, bug #941667)
CVE-2019-3684 (SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a71 ...)
@@ -44859,8 +45887,12 @@ CVE-2019-3683 (The keystone-json-assignment package in SUSE Openstack Cloud 8 be
NOT-FOR-US: SuSE Openstack Cloud
CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7 ...)
NOT-FOR-US: SuSE
-CVE-2019-3681
- RESERVED
+CVE-2019-3681 (A External Control of File Name or Path vulnerability in osc of SUSE L ...)
+ - osc 0.169.1-1 (bug #969999)
+ [buster] - osc <no-dsa> (Minor issue)
+ [stretch] - osc <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1122675
+ NOTE: https://github.com/openSUSE/osc/commit/a79c54418baf9b9785123bd07f350f12bd729ed3 (0.169.0)
CVE-2019-3680
RESERVED
CVE-2019-3679
@@ -44987,18 +46019,18 @@ CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in McAf
NOT-FOR-US: McAfee
CVE-2019-3618
RESERVED
-CVE-2019-3617
- RESERVED
+CVE-2019-3617 (Privilege escalation vulnerability in McAfee Total Protection (ToPS) f ...)
+ NOT-FOR-US: McAfee
CVE-2019-3616
RESERVED
CVE-2019-3615 (Data Leakage Attacks vulnerability in the web interface in McAfee Data ...)
NOT-FOR-US: McAfee
CVE-2019-3614
RESERVED
-CVE-2019-3613
- RESERVED
+CVE-2019-3613 (DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to ...)
+ NOT-FOR-US: McAfee
CVE-2019-3612 (Information Disclosure vulnerability in McAfee DXL Platform and TIE Se ...)
- NOT-FOR-US: McAFee
+ NOT-FOR-US: McAfee
CVE-2019-3611
RESERVED
CVE-2019-3610 (Data Leakage Attacks vulnerability in Microsoft Windows client in McAf ...)
@@ -45045,14 +46077,14 @@ CVE-2019-3590
RESERVED
CVE-2019-3589
RESERVED
-CVE-2019-3588
- RESERVED
+CVE-2019-3588 (Privilege Escalation vulnerability in Microsoft Windows client (McTray ...)
+ NOT-FOR-US: McAfee
CVE-2019-3587 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...)
NOT-FOR-US: McAfee
CVE-2019-3586 (Protection Mechanism Failure in the Firewall in McAfee Endpoint Securi ...)
NOT-FOR-US: McAfee
-CVE-2019-3585
- RESERVED
+CVE-2019-3585 (Privilege Escalation vulnerability in Microsoft Windows client (McTray ...)
+ NOT-FOR-US: McAfee
CVE-2019-3584 (Exploitation of Authentication vulnerability in MVision Endpoint in Mc ...)
NOT-FOR-US: McAfee
CVE-2019-3583
@@ -45115,13 +46147,13 @@ CVE-2019-3561 (Insufficient boundary checks for the strrpos and strripos functio
CVE-2019-3560 (An improperly performed length calculation on a buffer in PlaintextRec ...)
NOT-FOR-US: Fizz
CVE-2019-3559 (Java Facebook Thrift servers would not error upon receiving messages w ...)
- NOT-FOR-US: Thrift servers
+ NOT-FOR-US: Facebook Java Thrift (Debian packages Apache Thrift)
CVE-2019-3558 (Python Facebook Thrift servers would not error upon receiving messages ...)
NOT-FOR-US: Thrift servers
CVE-2019-3557 (The implementations of streams for bz2 and php://output improperly imp ...)
- hhvm <removed>
-CVE-2019-3556
- RESERVED
+CVE-2019-3556 (HHVM supports the use of an "admin" server which accepts administrativ ...)
+ - hhvm <removed>
CVE-2019-3555
RESERVED
CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when acceptin ...)
@@ -45233,9 +46265,8 @@ CVE-2019-3502
CVE-2019-3501 (The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted ...)
NOT-FOR-US: OUGC Awards plugin for MyBB
CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Au ...)
- {DLA-1636-1}
+ {DLA-2873-1 DLA-1636-1}
- aria2 1.34.0-4 (low; bug #918058)
- [stretch] - aria2 <no-dsa> (Minor issue)
NOTE: https://github.com/aria2/aria2/issues/1329
NOTE: Masking of all authorization and cookie header fields (but not userinfo in URL):
NOTE: https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a
@@ -45449,8 +46480,8 @@ CVE-2019-3407
RESERVED
CVE-2019-3406
RESERVED
-CVE-2019-3405
- RESERVED
+CVE-2019-3405 (In the 3.1.3.64296 and lower version of 360F5, the third party can tri ...)
+ NOT-FOR-US: 360F5
CVE-2019-3404 (By adding some special fields to the uri ofrouter app function, the us ...)
NOT-FOR-US: ofrouter
CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before version 7.13. ...)
@@ -46235,6 +47266,7 @@ CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu
- virtualbox 6.0.14-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3016 (In a Linux KVM guest that has PV TLB enabled, a process in the guest k ...)
+ {DSA-4699-1}
- linux 5.4.19-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -46288,7 +47320,7 @@ CVE-2019-2995 (Vulnerability in the Oracle Marketing product of Oracle E-Busines
CVE-2019-2994 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
NOT-FOR-US: Oracle
CVE-2019-2993 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2992 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
{DSA-4548-1 DSA-4546-1 DLA-2023-1}
@@ -46355,7 +47387,7 @@ CVE-2019-2974 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
[buster] - mariadb-10.3 1:10.3.22-0+deb10u1
- mariadb-10.1 <removed>
[stretch] - mariadb-10.1 10.1.44-0+deb9u1
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
NOTE: MySQL: https://github.com/mysql/mysql-server/commit/52d9daf06478851548251ec2103cdc22178c48c4
NOTE: MariaDB: https://github.com/MariaDB/server/commit/719ac0ad4af0dd1e20dbc94eff8f8c9f786b3393
@@ -46372,7 +47404,7 @@ CVE-2019-2971 (Vulnerability in the Oracle Outside In Technology product of Orac
CVE-2019-2970 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
NOT-FOR-US: Oracle
CVE-2019-2969 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2968 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
@@ -46397,7 +47429,7 @@ CVE-2019-2962 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
CVE-2019-2961 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2019-2960 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2959 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...)
NOT-FOR-US: Oracle
@@ -46428,12 +47460,12 @@ CVE-2019-2949 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
- openjdk-8 8u232-b09-1
- openjdk-7 <removed>
CVE-2019-2948 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2947 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
NOT-FOR-US: Oracle
CVE-2019-2946 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2945 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
{DSA-4548-1 DSA-4546-1 DLA-2023-1}
@@ -46454,7 +47486,7 @@ CVE-2019-2940 (Vulnerability in the Core RDBMS component of Oracle Database Serv
CVE-2019-2939 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
NOT-FOR-US: Oracle
CVE-2019-2938 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
- mariadb-10.3 1:10.3.19-1
[buster] - mariadb-10.3 1:10.3.22-0+deb10u1
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
@@ -46489,18 +47521,18 @@ CVE-2019-2926 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu
CVE-2019-2925 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
NOT-FOR-US: Oracle
CVE-2019-2924 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2923 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2922 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2921
RESERVED
CVE-2019-2920 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2919
RESERVED
@@ -46513,17 +47545,17 @@ CVE-2019-2916
CVE-2019-2915 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2019-2914 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2913 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
NOT-FOR-US: Oracle
CVE-2019-2912
RESERVED
CVE-2019-2911 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2910 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #942443)
+ - mysql-5.7 <removed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2909 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
NOT-FOR-US: Oracle
@@ -46725,7 +47757,7 @@ CVE-2019-2821 (Vulnerability in the Java SE component of Oracle Java SE (subcomp
CVE-2019-2820 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
NOT-FOR-US: Oracle
CVE-2019-2819 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2818 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
{DSA-4486-1}
@@ -46764,7 +47796,7 @@ CVE-2019-2805 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
[buster] - mariadb-10.3 1:10.3.17-0+deb10u1
- mariadb-10.1 <removed>
[stretch] - mariadb-10.1 10.1.41-0+deb9u1
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: Fixed in MariaDB: 10.3.17, 10.1.41
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2804 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...)
@@ -46782,7 +47814,7 @@ CVE-2019-2799 (Vulnerability in the Oracle ODBC Driver component of Oracle Datab
CVE-2019-2798 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2019-2797 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2796 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
@@ -46795,7 +47827,7 @@ CVE-2019-2793 (Vulnerability in the Oracle FLEXCUBE Universal Banking component
CVE-2019-2792 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2019-2791 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2790 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
NOT-FOR-US: Oracle
@@ -46825,7 +47857,7 @@ CVE-2019-2780 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
CVE-2019-2779 (Vulnerability in the Siebel Core - Common Components component of Orac ...)
NOT-FOR-US: Oracle
CVE-2019-2778 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2777 (Vulnerability in the Siebel Core - Server Framework component of Oracl ...)
NOT-FOR-US: Oracle
@@ -46834,7 +47866,7 @@ CVE-2019-2776 (Vulnerability in the Core RDBMS component of Oracle Database Serv
CVE-2019-2775 (Vulnerability in the Oracle Payments component of Oracle E-Business Su ...)
NOT-FOR-US: Oracle
CVE-2019-2774 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2773 (Vulnerability in the Oracle Payments component of Oracle E-Business Su ...)
NOT-FOR-US: Oracle
@@ -46880,11 +47912,11 @@ CVE-2019-2759 (Vulnerability in the Oracle Outside In Technology component of Or
CVE-2019-2758 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mariadb-10.3 1:10.3.17-1
[buster] - mariadb-10.3 1:10.3.17-0+deb10u1
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: Fixed in MariaDB: 10.3.17
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2757 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2756 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
NOT-FOR-US: Oracle
@@ -46920,14 +47952,14 @@ CVE-2019-2743 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
CVE-2019-2742 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion Mi ...)
NOT-FOR-US: Oracle
CVE-2019-2741 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2740 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mariadb-10.3 1:10.3.17-1
[buster] - mariadb-10.3 1:10.3.17-0+deb10u1
- mariadb-10.1 <removed>
[stretch] - mariadb-10.1 10.1.41-0+deb9u1
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: Fixed in MariaDB: 10.3.17, 10.1.41
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2739 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
@@ -46935,18 +47967,18 @@ CVE-2019-2739 (Vulnerability in the MySQL Server component of Oracle MySQL (subc
[buster] - mariadb-10.3 1:10.3.17-0+deb10u1
- mariadb-10.1 <removed>
[stretch] - mariadb-10.1 10.1.41-0+deb9u1
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: Fixed in MariaDB: 10.3.17, 10.1.41
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2738 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2737 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
- mariadb-10.3 1:10.3.17-1
[buster] - mariadb-10.3 1:10.3.17-0+deb10u1
- mariadb-10.1 <removed>
[stretch] - mariadb-10.1 10.1.41-0+deb9u1
- - mysql-5.7 <unfixed> (bug #932340)
+ - mysql-5.7 <removed> (bug #932340)
NOTE: Fixed in MariaDB: 10.3.17, 10.1.41
NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL
CVE-2019-2736 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
@@ -47732,10 +48764,16 @@ CVE-2019-2395 (Vulnerability in the Oracle WebLogic Server component of Oracle F
NOT-FOR-US: Oracle
CVE-2019-2394
RESERVED
-CVE-2019-2393
- RESERVED
-CVE-2019-2392
- RESERVED
+CVE-2019-2393 (A user authorized to perform database queries may trigger denial of se ...)
+ - mongodb <removed>
+ [stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
+ NOTE: https://jira.mongodb.org/browse/SERVER-43350
+ NOTE: https://github.com/mongodb/mongo/commit/785b41740a216429573a89a5df82f96064965559 (v3.6.15, SSPL)
+CVE-2019-2392 (A user authorized to perform database queries may trigger denial of se ...)
+ - mongodb <removed>
+ [stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
+ NOTE: https://jira.mongodb.org/browse/SERVER-43699
+ NOTE: https://github.com/mongodb/mongo/commit/b5ff43f92c0e562121477e8253a56b2d83825571 (v3.4.24, AGPL)
CVE-2019-2391 (Incorrect parsing of certain JSON input may result in js-bson not corr ...)
[experimental] - node-mongodb 3.5.5+~cs11.12.19-1
- node-mongodb 3.5.6+~cs11.12.19-1
@@ -47760,95 +48798,95 @@ CVE-2019-2386 (After user deletion in MongoDB Server the improper invalidation o
CVE-2019-2385
RESERVED
CVE-2019-2384
- RESERVED
+ REJECTED
CVE-2019-2383
- RESERVED
+ REJECTED
CVE-2019-2382
- RESERVED
+ REJECTED
CVE-2019-2381
- RESERVED
+ REJECTED
CVE-2019-2380
- RESERVED
+ REJECTED
CVE-2019-2379
- RESERVED
+ REJECTED
CVE-2019-2378
- RESERVED
+ REJECTED
CVE-2019-2377
- RESERVED
+ REJECTED
CVE-2019-2376
- RESERVED
+ REJECTED
CVE-2019-2375
- RESERVED
+ REJECTED
CVE-2019-2374
- RESERVED
+ REJECTED
CVE-2019-2373
- RESERVED
+ REJECTED
CVE-2019-2372
- RESERVED
+ REJECTED
CVE-2019-2371
- RESERVED
+ REJECTED
CVE-2019-2370
- RESERVED
+ REJECTED
CVE-2019-2369
- RESERVED
+ REJECTED
CVE-2019-2368
- RESERVED
+ REJECTED
CVE-2019-2367
- RESERVED
+ REJECTED
CVE-2019-2366
- RESERVED
+ REJECTED
CVE-2019-2365
- RESERVED
+ REJECTED
CVE-2019-2364
- RESERVED
+ REJECTED
CVE-2019-2363
- RESERVED
+ REJECTED
CVE-2019-2362
- RESERVED
+ REJECTED
CVE-2019-2361
- RESERVED
+ REJECTED
CVE-2019-2360
- RESERVED
+ REJECTED
CVE-2019-2359
- RESERVED
+ REJECTED
CVE-2019-2358
- RESERVED
+ REJECTED
CVE-2019-2357
- RESERVED
+ REJECTED
CVE-2019-2356
- RESERVED
+ REJECTED
CVE-2019-2355
- RESERVED
+ REJECTED
CVE-2019-2354
- RESERVED
+ REJECTED
CVE-2019-2353
- RESERVED
+ REJECTED
CVE-2019-2352
- RESERVED
+ REJECTED
CVE-2019-2351
- RESERVED
+ REJECTED
CVE-2019-2350
- RESERVED
+ REJECTED
CVE-2019-2349
- RESERVED
+ REJECTED
CVE-2019-2348
- RESERVED
+ REJECTED
CVE-2019-2347
- RESERVED
+ REJECTED
CVE-2019-2346 (Firmware is getting into loop of overwriting memory when scan command ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-2345 (Race condition while accessing DMA buffer in jpeg driver in Snapdragon ...)
NOT-FOR-US: Snapdragon
CVE-2019-2344
- RESERVED
+ REJECTED
CVE-2019-2343 (Out of bound read and information disclosure in firmware due to insuff ...)
NOT-FOR-US: Snapdragon
CVE-2019-2342
- RESERVED
+ REJECTED
CVE-2019-2341 (Buffer overflow when the audio buffer size provided by user is larger ...)
NOT-FOR-US: Snapdragon
CVE-2019-2340
- RESERVED
+ REJECTED
CVE-2019-2339 (Out of bound access due to lack of check of whiltelist array size whil ...)
NOT-FOR-US: Snapdragon
CVE-2019-2338 (Crafted image that has a valid signature from a non-QC entity can be l ...)
@@ -47956,7 +48994,7 @@ CVE-2019-2288 (Out of bound write in TZ while copying the secure dump structure
CVE-2019-2287 (Improper validation for inputs received from firmware can lead to an o ...)
NOT-FOR-US: Snapdragon
CVE-2019-2286
- RESERVED
+ REJECTED
CVE-2019-2285 (Out of bound write issue is observed while giving information about pr ...)
NOT-FOR-US: Snapdragon
CVE-2019-2284 (Possible use-after-free issue due to a race condition while calling ca ...)
@@ -47964,11 +49002,11 @@ CVE-2019-2284 (Possible use-after-free issue due to a race condition while calli
CVE-2019-2283 (Improper validation of read and write index of tx and rx fifo`s before ...)
NOT-FOR-US: Snapdragon
CVE-2019-2282
- RESERVED
+ REJECTED
CVE-2019-2281 (An unauthenticated bitmap image can be loaded in to memory and subsequ ...)
NOT-FOR-US: Snapdragon
CVE-2019-2280
- RESERVED
+ REJECTED
CVE-2019-2279 (Shared memory gets updated with invalid data and may lead to access be ...)
NOT-FOR-US: Snapdragon
CVE-2019-2278 (User keystore signature is ignored in boot and can lead to bypass boot ...)
@@ -48094,7 +49132,7 @@ CVE-2019-2221 (In hasActivityInVisibleTask of WindowProcessController.java there
NOT-FOR-US: Android
CVE-2019-2220 (In checkOperation of AppOpsService.java, there is a possible bypass of ...)
NOT-FOR-US: Android
-CVE-2019-2219 (In System UI, there is a possible bypass of user's consent for access ...)
+CVE-2019-2219 (In several functions of NotificationManagerService.java and related fi ...)
NOT-FOR-US: Android
CVE-2019-2218 (In createSessionInternal of PackageInstallerService.java, there is a p ...)
NOT-FOR-US: Android
@@ -48123,10 +49161,10 @@ CVE-2019-2212 (In poisson_distribution of random, there is an out of bounds read
- libc++ <removed>
[stretch] - libc++ <no-dsa> (Minor issue)
[jessie] - libc++ <no-dsa> (Minor issue, Jessie versions of software that uses poisson distribution have low popcon)
- - llvm-toolchain-6.0 <unfixed>
- [buster] - llvm-toolchain-6.0 <no-dsa> (Minor issue)
+ - llvm-toolchain-6.0 <removed>
+ [buster] - llvm-toolchain-6.0 <ignored> (Minor issue)
[jessie] - llvm-toolchain-6.0 <no-dsa> (Minor issue, Jessie versions of software that uses poisson distribution have low popcon)
- - llvm-toolchain-8 <unfixed>
+ - llvm-toolchain-8 <removed>
NOTE: https://android.googlesource.com/platform/external/libcxx/+/4cebe6f1f01a34546b3b843b5267619a61bd7d39
NOTE: https://android.googlesource.com/platform/external/libcxx/+/8260b5d56f6880a29b57f73b7f4866e47e9e4818
NOTE: https://android.googlesource.com/platform/external/libcxx/+/a16cd9df50f22ccf65cf27eddc0403791116c75a
@@ -48152,16 +49190,17 @@ CVE-2019-2203 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible
CVE-2019-2202 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...)
NOT-FOR-US: Android media framework
CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is ...)
- [experimental] - libjpeg-turbo 1:2.0.3-1~exp1
- - libjpeg-turbo <unfixed> (low)
- [buster] - libjpeg-turbo <no-dsa> (Minor issue)
+ - libjpeg-turbo 1:2.0.5-1 (low)
+ [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
[stretch] - libjpeg-turbo <no-dsa> (Minor issue)
[jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API)
NOTE: https://source.android.com/security/bulletin/2019-11-01
NOTE: https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884
- NOTE: https://github.com/clearlinux-pkgs/libjpeg-turbo/commit/0a5d06c3dd4a64754d7e6ffa081fd9132714f74c
+ NOTE: The description text is wrong, this CVE is about gigapixel images not ARM NEON SIMD code.
+ NOTE: See https://bugs.gentoo.org/show_bug.cgi?id=699830#c12
+ NOTE: Followup fix for tjbench: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c30b1e72dac76343ef9029833d1561de07d29bad
CVE-2019-2200 (In updatePermissions of PermissionManagerService.java, it may be possi ...)
NOT-FOR-US: Android
CVE-2019-2199 (In createSessionInternal of PackageInstallerService.java, there is a p ...)
@@ -48174,8 +49213,7 @@ CVE-2019-2196 (In Download Provider, there is possible SQL injection. This could
NOT-FOR-US: Android
CVE-2019-2195 (In tokenize of sqlite3_android.cpp, there is a possible attacker contr ...)
NOT-FOR-US: Android
-CVE-2019-2194
- RESERVED
+CVE-2019-2194 (In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possi ...)
NOT-FOR-US: Android
CVE-2019-2193 (In WelcomeActivity.java and related files, there is a possible permiss ...)
NOT-FOR-US: Android
@@ -48200,6 +49238,7 @@ CVE-2019-2184 (In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a
CVE-2019-2183 (In generateServicesMap of RegisteredServicesCache.java, there is a pos ...)
NOT-FOR-US: Android
CVE-2019-2182 (In the Android kernel in the kernel MMU code there is a possible execu ...)
+ {DSA-4698-1 DLA-2242-1}
- linux 4.16.5-1
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://git.kernel.org/linus/15122ee2c515a253b0c66a3e618bc7ebe35105eb
@@ -48623,8 +49662,8 @@ CVE-2019-1985 (In findAvailSpellCheckerLocked of TextServicesManagerService.java
NOT-FOR-US: Android
CVE-2019-1984 (A vulnerability in Cisco Enterprise Network Functions Virtualization I ...)
NOT-FOR-US: Cisco
-CVE-2019-1983
- RESERVED
+CVE-2019-1983 (A vulnerability in the email message filtering feature of Cisco AsyncO ...)
+ NOT-FOR-US: Cisco
CVE-2019-1982 (A vulnerability in the HTTP traffic filtering component of Cisco Firep ...)
NOT-FOR-US: Cisco
CVE-2019-1981 (A vulnerability in the normalization functionality of Cisco Firepower ...)
@@ -48695,8 +49734,8 @@ CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco Fi
NOT-FOR-US: Cisco
CVE-2019-1948 (A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an un ...)
NOT-FOR-US: Cisco
-CVE-2019-1947
- RESERVED
+CVE-2019-1947 (A vulnerability in the email message filtering feature of Cisco AsyncO ...)
+ NOT-FOR-US: Cisco
CVE-2019-1946 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
NOT-FOR-US: Cisco
CVE-2019-1945 (Multiple vulnerabilities in the smart tunnel functionality of Cisco Ad ...)
@@ -48813,8 +49852,8 @@ CVE-2019-1890 (A vulnerability in the fabric infrastructure VLAN connection esta
NOT-FOR-US: Cisco
CVE-2019-1889 (A vulnerability in the REST API for software device management in Cisc ...)
NOT-FOR-US: Cisco
-CVE-2019-1888
- RESERVED
+CVE-2019-1888 (A vulnerability in the Administration Web Interface of Cisco Unified C ...)
+ NOT-FOR-US: Cisco
CVE-2019-1887 (A vulnerability in the Session Initiation Protocol (SIP) protocol impl ...)
NOT-FOR-US: Cisco
CVE-2019-1886 (A vulnerability in the HTTPS decryption feature of Cisco Web Security ...)
@@ -49141,8 +50180,8 @@ CVE-2019-1738 (A vulnerability in the Network-Based Application Recognition (NBA
NOT-FOR-US: Cisco
CVE-2019-1737 (A vulnerability in the processing of IP Service Level Agreement (SLA) ...)
NOT-FOR-US: Cisco
-CVE-2019-1736
- RESERVED
+CVE-2019-1736 (A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers ...)
+ NOT-FOR-US: Cisco
CVE-2019-1735 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
NOT-FOR-US: Cisco
CVE-2019-1734 (A vulnerability in the implementation of a CLI diagnostic command in C ...)
@@ -49486,7 +50525,7 @@ CVE-2019-1566 (The PAN-OS management web interface in PAN-OS 7.1.21 and earlier,
CVE-2019-1565 (The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-O ...)
NOT-FOR-US: PAN-OS
CVE-2019-1564
- RESERVED
+ REJECTED
CVE-2019-1563 (In situations where an attacker receives automated notification of the ...)
{DSA-4540-1 DSA-4539-1 DLA-1932-1}
- openssl 1.1.1d-1
@@ -49496,11 +50535,11 @@ CVE-2019-1563 (In situations where an attacker receives automated notification o
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f (OpenSSL_1_0_2t)
NOTE: https://www.openssl.org/news/secadv/20190910.txt
CVE-2019-1562
- RESERVED
+ REJECTED
CVE-2019-1561
- RESERVED
+ REJECTED
CVE-2019-1560
- RESERVED
+ REJECTED
CVE-2019-1559 (If an application encounters a fatal protocol error and then calls SSL ...)
{DSA-4400-1 DLA-1701-1}
- openssl1.0 <unfixed>
@@ -49513,25 +50552,24 @@ CVE-2019-1559 (If an application encounters a fatal protocol error and then call
NOTE: to this issue, marking first 1.1 upload of src:openssl as fixed
NOTE: https://www.openssl.org/news/secadv/20190226.txt
CVE-2019-1558
- RESERVED
+ REJECTED
CVE-2019-1557
- RESERVED
+ REJECTED
CVE-2019-1556
- RESERVED
+ REJECTED
CVE-2019-1555
- RESERVED
+ REJECTED
CVE-2019-1554
- RESERVED
+ REJECTED
CVE-2019-1553
- RESERVED
+ REJECTED
CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can find a ...)
- openssl <not-affected> (Windows-specific)
- openssl1.0 <not-affected> (Windows-specific)
NOTE: https://www.openssl.org/news/secadv/20190730.txt
CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring procedure u ...)
- {DSA-4594-1}
+ {DSA-4855-1 DSA-4594-1}
- openssl 1.1.1e-1 (low; bug #947949)
- [buster] - openssl <postponed> (Wait until next upstream security release)
[stretch] - openssl <postponed> (Wait until next upstream security release)
[jessie] - openssl <not-affected> (Affected modules are not present in Jessie)
- openssl1.0 <removed> (low)
@@ -49539,7 +50577,7 @@ CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring proced
NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f
NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98
CVE-2019-1550
- RESERVED
+ REJECTED
CVE-2019-1549 (OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). Th ...)
- openssl 1.1.1d-1
[buster] - openssl 1.1.1d-0+deb10u1
@@ -49549,7 +50587,7 @@ CVE-2019-1549 (OpenSSL 1.1.1 introduced a rewritten random number generator (RNG
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be
NOTE: https://www.openssl.org/news/secadv/20190910.txt
CVE-2019-1548
- RESERVED
+ REJECTED
CVE-2019-1547 (Normally in OpenSSL EC groups always have a co-factor present and this ...)
{DSA-4540-1 DSA-4539-1 DLA-1932-1}
- openssl 1.1.1d-1
@@ -49559,11 +50597,11 @@ CVE-2019-1547 (Normally in OpenSSL EC groups always have a co-factor present and
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8 (OpenSSL_1_1_1d)
NOTE: https://www.openssl.org/news/secadv/20190910.txt
CVE-2019-1546
- RESERVED
+ REJECTED
CVE-2019-1545
- RESERVED
+ REJECTED
CVE-2019-1544
- RESERVED
+ REJECTED
CVE-2019-1543 (ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input ...)
{DSA-4475-1}
- openssl 1.1.1c-1 (low)
@@ -49573,21 +50611,21 @@ CVE-2019-1543 (ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce
NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=f426625b6ae9a7831010750490a5f0ad689c5ba3 (OpenSSL_1_1_1c)
NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ee22257b1418438ebaf54df98af4e24f494d1809 (OpenSSL_1_1_0k)
CVE-2019-1542
- RESERVED
+ REJECTED
CVE-2019-1541
- RESERVED
+ REJECTED
CVE-2019-1540
- RESERVED
+ REJECTED
CVE-2019-1539
- RESERVED
+ REJECTED
CVE-2019-1538
- RESERVED
+ REJECTED
CVE-2019-1537
- RESERVED
+ REJECTED
CVE-2019-1536
- RESERVED
+ REJECTED
CVE-2019-1535
- RESERVED
+ REJECTED
CVE-2019-1534
REJECTED
CVE-2019-1533
@@ -52231,16 +53269,16 @@ CVE-2019-0235 (Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks. ...)
NOT-FOR-US: Apache OFBiz
CVE-2019-0234 (A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache ...)
NOT-FOR-US: Apache Roller
-CVE-2019-0233
- RESERVED
+CVE-2019-0233 (An access permission override in Apache Struts 2.0.0 to 2.5.20 may cau ...)
+ - libstruts1.2-java <removed>
CVE-2019-0232 (When running on Windows with enableCmdLineArguments enabled, the CGI S ...)
- tomcat9 <not-affected> (Windows-specific)
- tomcat8 <not-affected> (Windows-specific)
NOTE: https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html
CVE-2019-0231 (Handling of the close_notify SSL/TLS message does not lead to a connec ...)
NOT-FOR-US: Apache MINA
-CVE-2019-0230
- RESERVED
+CVE-2019-0230 (Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when eval ...)
+ - libstruts1.2-java <removed>
CVE-2019-0229 (A number of HTTP endpoints in the Airflow webserver (both RBAC and cla ...)
- airflow <itp> (bug #819700)
CVE-2019-0228 (Apache PDFBox 2.0.14 does not properly initialize the XML parser, whic ...)
@@ -52280,16 +53318,21 @@ CVE-2019-0223 (While investigating bug PROTON-2014, we discovered that under som
NOTE: not present in the jessie version. That part do not seem to be essential for
NOTE: the package to be vulnerable.
CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ...)
- - activemq 5.15.9-1 (bug #925964)
- [buster] - activemq <no-dsa> (Minor issue)
- [stretch] - activemq <no-dsa> (Minor issue)
+ {DLA-2583-1 DLA-2582-1}
+ - activemq 5.15.9-1 (bug #925964; unimportant)
[jessie] - activemq <not-affected> (MQTT support not enabled)
+ - mqtt-client 1.16-1 (bug #988109)
+ [buster] - mqtt-client 1.14-1+deb10u1
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
+ NOTE: activemq disabled MQTT transport in 5.6.0+dfsg-1 (d/patches/exclude_mqtt.diff)
+ NOTE: but enabled activemq-mqtt in 5.13.2+dfsg-2 using the external mqtt-client.
+ NOTE: https://github.com/fusesource/mqtt-client/commit/2898f10be758decdc85ba6c523cb5be6b9092855 (mqtt-client-project-1.15)
CVE-2019-0221 (The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 ...)
{DSA-4596-1 DLA-1883-1 DLA-1810-1}
- tomcat9 9.0.16-4 (bug #929895)
- tomcat8 <removed>
- tomcat7 <removed>
+ [stretch] - tomcat7 <ignored> (No components in libservlet3.0-java binary package are affected)
NOTE: affects debug channel, unlikely to be present in production websites:
NOTE: https://mail-archives.apache.org/mod_mbox/www-announce/201905.mbox/%3Cb1905aa6-f340-8d0b-58c4-8ac3ebcbfa54@apache.org%3E
NOTE: https://github.com/apache/tomcat/commit/15fcd16 (9.0.19)
@@ -52332,7 +53375,9 @@ CVE-2019-0211 (In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM eve
CVE-2019-0210 (In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJS ...)
[experimental] - thrift 0.13.0-1
- thrift 0.13.0-2
+ [buster] - thrift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/2
+ NOTE: https://github.com/apache/thrift/commit/264a3f318ed3e9e51573f67f963c8509786bcec2
CVE-2019-0209
REJECTED
CVE-2019-0208
@@ -52344,6 +53389,7 @@ CVE-2019-0206
CVE-2019-0205 (In Apache Thrift all versions up to and including 0.12.0, a server or ...)
[experimental] - thrift 0.13.0-1
- thrift 0.13.0-2
+ [buster] - thrift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/1
CVE-2019-0204 (A specifically crafted Docker image running under the root user can ov ...)
- apache-mesos <itp> (bug #760315)
@@ -52386,8 +53432,9 @@ CVE-2019-0195 (Manipulating classpath asset file URLs, an attacker could guess t
CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 ...)
NOT-FOR-US: Apache Camel
CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular module ...)
- {DLA-1954-1}
+ {DLA-2327-1 DLA-1954-1}
- lucene-solr 3.6.2+dfsg-22 (low)
+ [buster] - lucene-solr 3.6.2+dfsg-20+deb10u2
NOTE: https://issues.apache.org/jira/browse/SOLR-13669
NOTE: upstream recommends everybody upgrade or rework their configuration
NOTE: consider backporting enable.dih.dataConfigParam instead:
@@ -52408,6 +53455,7 @@ CVE-2019-0188 (Apache Camel prior to 2.24.0 contains an XML external entity inje
NOT-FOR-US: Apache Camel
CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...)
- jakarta-jmeter <unfixed>
+ [bullseye] - jakarta-jmeter <no-dsa> (Minor issue)
[buster] - jakarta-jmeter <no-dsa> (Minor issue)
[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
@@ -52464,14 +53512,14 @@ CVE-2019-0163 (Insufficient input validation in system firmware for Intel(R) Bro
CVE-2019-0162 (Memory access in virtual memory mapping for some microprocessors may a ...)
NOT-FOR-US: F5
CVE-2019-0161 (Stack overflow in XHCI for EDK II may allow an unauthenticated user to ...)
+ {DLA-2645-1}
- edk2 0~20180803.dd4cae4d-1 (low)
- [stretch] - edk2 <ignored> (Minor issue)
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://github.com/tianocore/edk2/commit/acebdf14c985c5c9f50b37ece0b15ada87767359
NOTE: https://github.com/tianocore/edk2/commit/72750e3bf9174f15c17e78f0f117b5e7311bb49f
CVE-2019-0160 (Buffer overflow in system firmware for EDK II may allow unauthenticate ...)
- edk2 0~20181115.85588389-1 (low)
- [stretch] - edk2 <ignored> (Minor issue)
+ [stretch] - edk2 <not-affected> (vulnerable code is not present)
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://github.com/tianocore/edk2/commit/4df8f5bfa28b8b881e506437e8f08d92c1a00370
NOTE: https://github.com/tianocore/edk2/commit/b9ae1705adfdd43668027a25a2b03c2e81960219
@@ -52502,15 +53550,25 @@ CVE-2019-0151 (Insufficient memory protection in Intel(R) TXT for certain Intel(
CVE-2019-0150 (Insufficient access control in firmware Intel(R) Ethernet 700 Series C ...)
NOT-FOR-US: Intel firmware for Ethernet 700 Series
CVE-2019-0149 (Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...)
- TODO: check
+ - linux 5.2.6-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0148 (Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...)
- TODO: check
+ - linux 5.2.6-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0147 (Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...)
- TODO: check
+ - linux 5.2.6-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0146 (Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...)
- TODO: check
+ - linux 5.2.6-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0145 (Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Contro ...)
- TODO: check
+ - linux 5.2.6-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0144 (Unhandled exception in firmware for Intel(R) Ethernet 700 Series Contr ...)
NOT-FOR-US: Intel firmware for Ethernet 700 Series
CVE-2019-0143 (Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 S ...)
@@ -52710,6 +53768,9 @@ CVE-2019-0053 (Insufficient validation of environment variables in the telnet cl
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc
NOTE: https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt
NOTE: https://www.openwall.com/lists/oss-security/2018/12/14/8
+ NOTE: Additional patch to fix infinite loop causing stack exhaustion (but not
+ NOTE: directly covered by this CVE applied in inetutils/2:2.2-2):
+ NOTE: https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/diff/?id=0d246b17e51060daac8a26848a8d9e5722fcca24
CVE-2019-0052 (The srxpfe process may crash on SRX Series services gateways when the ...)
NOT-FOR-US: Juniper
CVE-2019-0051 (SSL-Proxy feature on SRX devices fails to handle a hardware resource l ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index ff005779cd..654068a6d0 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,1051 +1,41464 @@
-CVE-2020-13758 (modules/security/classes/general.post_filter.php/post_filter.php in th ...)
- NOT-FOR-US: Bitrix24
-CVE-2020-13757 (Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphert ...)
- - python-rsa <unfixed>
- NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146
-CVE-2020-13756
+CVE-2020-22592
RESERVED
-CVE-2020-13755
+CVE-2020-36515
RESERVED
-CVE-2020-13753
+CVE-2020-36514 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
+ NOT-FOR-US: Rust crate acc_reader
+CVE-2020-36513 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...)
+ NOT-FOR-US: Rust crate acc_reader
+CVE-2020-36512 (An issue was discovered in the buffoon crate through 2020-12-31 for Ru ...)
+ NOT-FOR-US: Rust crate buffoon
+CVE-2020-36511 (An issue was discovered in the bite crate through 2020-12-31 for Rust. ...)
+ NOT-FOR-US: Rust crate bite
+CVE-2020-36510
RESERVED
-CVE-2020-13752
+CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2020-36502 (Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-si ...)
+ NOT-FOR-US: Swift File Transfer Mobile
+CVE-2020-36501 (Multiple cross-site scripting (XSS) vulnerabilities in the Support mod ...)
+ NOT-FOR-US: SugarCRM
+CVE-2020-36500
+ RESERVED
+CVE-2020-36499 (TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to cont ...)
+ NOT-FOR-US: TAO Open Source Assessment Platform
+CVE-2020-36498 (Macrob7 Macs Framework Content Management System - 1.14f contains a cr ...)
+ NOT-FOR-US: Macrob7 Macs Framework Content Management System
+CVE-2020-36497 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-36496 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-36495 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-36494 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-36493 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-36492 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-36491 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-36490 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-36489 (Dropouts Technologies LLP Air Share v1.2 was discovered to contain a c ...)
+ NOT-FOR-US: Dropouts Technologies LLP Air Share
+CVE-2020-36488 (An issue in the FTP server of Sky File v2.1.0 allows attackers to perf ...)
+ NOT-FOR-US: Sky File
+CVE-2020-36487
+ RESERVED
+CVE-2020-36486 (Swift File Transfer Mobile v1.1.2 and below was discovered to contain ...)
+ NOT-FOR-US: Swift File Transfer Mobile
+CVE-2020-36485 (Portable Ltd Playable v9.18 was discovered to contain an arbitrary fil ...)
+ NOT-FOR-US: Portable Ltd Playable
+CVE-2020-36484
+ RESERVED
+CVE-2020-36483
+ RESERVED
+CVE-2020-36482
+ RESERVED
+CVE-2020-36481
+ RESERVED
+CVE-2020-36480
+ RESERVED
+CVE-2020-36479
+ RESERVED
+CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...)
+ {DLA-2826-1}
+ - mbedtls 2.16.9-0.1
+ NOTE: https://github.com/ARMmbed/mbedtls/issues/3629
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8 (development)
+CVE-2020-36477 (An issue was discovered in Mbed TLS before 2.24.0. The verification of ...)
+ [experimental] - mbedtls 2.28.0-0.1
+ - mbedtls 2.28.0-0.3
+ [stretch] - mbedtls <not-affected> (2.4 not affected)
+ NOTE: https://github.com/ARMmbed/mbedtls/issues/3498
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/f3e4bd8632b71dc491e52e6df87dc3e409d2b869 (development)
+CVE-2020-36476 (An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 L ...)
+ {DLA-2826-1}
+ - mbedtls 2.16.9-0.1
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/a321413807927d6e295cec8677733bbde6aeec34 (development)
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/ef73875913c66767e7a954aa0b68f42f0756d9b2 (mbedtls-2.7)
+CVE-2020-36475 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...)
+ {DLA-2826-1}
+ - mbedtls 2.16.9-0.1
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/9246d041500b96fb0694cbda1d833e420696827e
+CVE-2020-36474 (SafeCurl before 0.9.2 has a DNS rebinding vulnerability. ...)
+ NOT-FOR-US: SafeCurl
+CVE-2020-36473 (UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and th ...)
+ NOT-FOR-US: UCWeb UC
+CVE-2020-36472 (An issue was discovered in the max7301 crate before 0.2.0 for Rust. Th ...)
+ NOT-FOR-US: Rust crate max7301
+CVE-2020-36471 (An issue was discovered in the generator crate before 0.7.0 for Rust. ...)
+ - rust-generator <unfixed> (bug #992047)
+ [bullseye] - rust-generator <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0151.html
+CVE-2020-36470 (An issue was discovered in the disrustor crate through 2020-12-17 for ...)
+ NOT-FOR-US: Rust crate disrustor
+CVE-2020-36469 (An issue was discovered in the appendix crate through 2020-11-15 for R ...)
+ NOT-FOR-US: Rust crate appendix
+CVE-2020-36468 (An issue was discovered in the cgc crate through 2020-12-10 for Rust. ...)
+ NOT-FOR-US: Rust crate cgc
+CVE-2020-36467 (An issue was discovered in the cgc crate through 2020-12-10 for Rust. ...)
+ NOT-FOR-US: Rust crate cgc
+CVE-2020-36466 (An issue was discovered in the cgc crate through 2020-12-10 for Rust. ...)
+ NOT-FOR-US: Rust crate cgc
+CVE-2020-36465 (An issue was discovered in the generic-array crate before 0.13.3 for R ...)
+ - rust-generic-array 0.14.4-1
+ [buster] - rust-generic-array <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0146.html
+CVE-2020-36464 (An issue was discovered in the heapless crate before 0.6.1 for Rust. T ...)
+ NOT-FOR-US: Rust crate heapless
+CVE-2020-36463 (An issue was discovered in the multiqueue crate through 2020-12-25 for ...)
+ NOT-FOR-US: Rust crate multiqueue
+CVE-2020-36462 (An issue was discovered in the syncpool crate before 0.1.6 for Rust. T ...)
+ NOT-FOR-US: Rust crate syncpool
+CVE-2020-36461 (An issue was discovered in the noise_search crate through 2020-12-10 f ...)
+ NOT-FOR-US: Rust crate noise_search
+CVE-2020-36460 (An issue was discovered in the model crate through 2020-11-10 for Rust ...)
+ NOT-FOR-US: Rust crate model
+CVE-2020-36459 (An issue was discovered in the dces crate through 2020-12-09 for Rust. ...)
+ NOT-FOR-US: Rust crate dces
+CVE-2020-36458 (An issue was discovered in the lexer crate through 2020-11-10 for Rust ...)
+ NOT-FOR-US: Rust crate lexer
+CVE-2020-36457 (An issue was discovered in the lever crate before 0.1.1 for Rust. Atom ...)
+ NOT-FOR-US: Rust crate lever
+CVE-2020-36456 (An issue was discovered in the toolshed crate through 2020-11-15 for R ...)
+ NOT-FOR-US: Rust crate toolshed
+CVE-2020-36455 (An issue was discovered in the slock crate through 2020-11-17 for Rust ...)
+ NOT-FOR-US: Rust crate slock
+CVE-2020-36454 (An issue was discovered in the parc crate through 2020-11-14 for Rust. ...)
+ NOT-FOR-US: Rust crate parc
+CVE-2020-36453 (An issue was discovered in the scottqueue crate through 2020-11-15 for ...)
+ NOT-FOR-US: Rust crate scottqueue
+CVE-2020-36452 (An issue was discovered in the array-tools crate before 0.3.2 for Rust ...)
+ NOT-FOR-US: Rust crate array-tools
+CVE-2020-36451 (An issue was discovered in the rcu_cell crate through 2020-11-14 for R ...)
+ NOT-FOR-US: Rust crate rcu_cell
+CVE-2020-36450 (An issue was discovered in the bunch crate through 2020-11-12 for Rust ...)
+ NOT-FOR-US: Rust crate bunch
+CVE-2020-36449 (An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ...)
+ NOT-FOR-US: Rust crate kekbit
+CVE-2020-36448 (An issue was discovered in the cache crate through 2020-11-24 for Rust ...)
+ NOT-FOR-US: Rust crate cache
+CVE-2020-36447 (An issue was discovered in the v9 crate through 2020-12-18 for Rust. T ...)
+ NOT-FOR-US: Rust crate v9
+CVE-2020-36446 (An issue was discovered in the signal-simple crate through 2020-11-15 ...)
+ NOT-FOR-US: Rust crate signal-simple
+CVE-2020-36445 (An issue was discovered in the convec crate through 2020-11-24 for Rus ...)
+ NOT-FOR-US: Rust crate convec
+CVE-2020-36444 (An issue was discovered in the async-coap crate through 2020-12-08 for ...)
+ NOT-FOR-US: Rust crate async-coap
+CVE-2020-36443 (An issue was discovered in the libp2p-deflate crate before 0.27.1 for ...)
+ NOT-FOR-US: Rust crate libp2p-deflate
+CVE-2020-36442 (An issue was discovered in the beef crate before 0.5.0 for Rust. beef: ...)
+ NOT-FOR-US: Rust crate beef
+CVE-2020-36441 (An issue was discovered in the abox crate before 0.4.1 for Rust. It im ...)
+ NOT-FOR-US: Rust crate abox
+CVE-2020-36440 (An issue was discovered in the libsbc crate before 0.1.5 for Rust. For ...)
+ NOT-FOR-US: Rust crate libsbc
+CVE-2020-36439 (An issue was discovered in the ticketed_lock crate before 0.3.0 for Ru ...)
+ NOT-FOR-US: Rust crate ticketed_lock
+CVE-2020-36438 (An issue was discovered in the tiny_future crate before 0.4.0 for Rust ...)
+ NOT-FOR-US: Rust crate tiny_future
+CVE-2020-36437 (An issue was discovered in the conqueue crate before 0.4.0 for Rust. T ...)
+ NOT-FOR-US: Rust crate conqueue
+CVE-2020-36436 (An issue was discovered in the unicycle crate before 0.7.1 for Rust. P ...)
+ NOT-FOR-US: Rust crate unicycle
+CVE-2020-36435 (An issue was discovered in the ruspiro-singleton crate before 0.4.1 fo ...)
+ NOT-FOR-US: Rust crate ruspiro-singleton
+CVE-2020-36434 (An issue was discovered in the sys-info crate before 0.8.0 for Rust. s ...)
+ NOT-FOR-US: Rust crate sys-info
+CVE-2020-36433 (An issue was discovered in the chunky crate through 2020-08-25 for Rus ...)
+ NOT-FOR-US: Rust crate chunky
+CVE-2020-36432 (An issue was discovered in the alg_ds crate through 2020-08-25 for Rus ...)
+ NOT-FOR-US: Rust crate alg_ds
+CVE-2020-36431 (Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm. ...)
+ NOT-FOR-US: Unicorn Engine
+CVE-2020-36430 (libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode ...)
+ - libass 1:0.15.0-2
+ [buster] - libass <not-affected> (Vulnerable code not present)
+ [stretch] - libass <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml
+ NOTE: Introduced by: https://github.com/libass/libass/commit/910211f1c0078e37546f73e95306724358b89be2 (0.15.0)
+ NOTE: Fixed by: https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632 (0.15.1)
+CVE-2020-36429 (Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds ...)
+ NOT-FOR-US: open62541
+CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-base ...)
+ - libmatio <unfixed> (bug #991370)
+ [bullseye] - libmatio <no-dsa> (Minor issue)
+ [buster] - libmatio <not-affected> (Vulnerable code not present, introduced in 1.5.18)
+ [stretch] - libmatio <not-affected> (Vulnerable code not present, introduced in 1.5.18)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml
+CVE-2020-36427 (GNOME gThumb before 3.10.1 allows an application crash via a malformed ...)
+ - gthumb 3:3.11.1-0.1 (unimportant)
+ NOTE: https://mail.gnome.org/archives/gthumb-list/2020-September/msg00001.html
+ NOTE: https://github.com/GNOME/gthumb/commit/e79b4519cc6e27388ddd3f095e97d1559cb47616
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-36426 (An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_cr ...)
+ - mbedtls 2.16.9-0.1
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
+CVE-2020-36425 (An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly ...)
+ - mbedtls 2.16.9-0.1
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
+ NOTE: https://github.com/ARMmbed/mbedtls/issues/3340
+ NOTE: https://github.com/ARMmbed/mbedtls/pull/3433
+CVE-2020-36424 (An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can ...)
+ - mbedtls 2.16.9-0.1
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
+ NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2
+CVE-2020-36423 (An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attack ...)
+ - mbedtls 2.16.9-0.1
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
+CVE-2020-36422 (An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel ...)
+ - mbedtls 2.16.9-0.1
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
+CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a si ...)
+ - mbedtls 2.16.9-0.1
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
+ NOTE: https://github.com/ARMmbed/mbedtls/issues/3394
+CVE-2020-36420 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is o ...)
+ - polipo <removed>
+ [buster] - polipo <ignored> (Minor issue)
+ [stretch] - polipo <ignored> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/18/1
+CVE-2020-36419
+ RESERVED
+CVE-2020-36418
+ RESERVED
+CVE-2020-36417
+ RESERVED
+CVE-2020-36416 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-36415 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-36414 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-36413 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-36412 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-36411 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-36410 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-36409 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-36408 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-36407 (libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataF ...)
+ - libavif 0.8.2-1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24811
+ NOTE: https://github.com/AOMediaCodec/libavif/commit/0a8e7244d494ae98e9756355dfbfb6697ded2ff9
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libavif/OSV-2020-1597.yaml
+CVE-2020-36406 (** DISPUTED ** uWebSockets 18.11.0 and 18.12.0 has a stack-based buffe ...)
+ NOT-FOR-US: uWebSockets
+CVE-2020-36405 (Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::get ...)
+ NOT-FOR-US: keystone engine
+CVE-2020-36404 (Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl& ...)
+ NOT-FOR-US: keystone engine
+CVE-2020-36403 (HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in vcf_pa ...)
+ - htslib 1.11-1
+ [buster] - htslib <no-dsa> (Minor issue)
+ [stretch] - htslib <not-affected> (Vulnerable code added later)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24097
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/htslib/OSV-2020-955.yaml
+ NOTE: https://github.com/samtools/htslib/commit/dcd4b7304941a8832fba2d0fc4c1e716e7a4e72c
+CVE-2020-36402 (Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLi ...)
+ NOT-FOR-US: Solidity
+CVE-2020-36401 (mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_f ...)
+ - mruby 2.1.2-3 (bug #990540)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml
+ NOTE: https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503
+CVE-2020-36400 (ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, ...)
+ - zeromq3 <not-affected> (Never affected a released version)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26042
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libzmq/OSV-2020-1887.yaml
+ NOTE: Introduced by: https://github.com/zeromq/libzmq/commit/b56195e995e0875afabf405826d97b1dd9817bb0 (v4.3.3)
+ NOTE: Fixed by: https://github.com/zeromq/libzmq/commit/397ac80850bf8d010fae23dd215db0ee2c677306 (v4.3.3)
+CVE-2020-36399 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-36398 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-36397 (A stored cross site scripting (XSS) vulnerability in the /admin/contac ...)
+ NOT-FOR-US: LavaLite
+CVE-2020-36396 (A stored cross site scripting (XSS) vulnerability in the /admin/roles/ ...)
+ NOT-FOR-US: LavaLite
+CVE-2020-36395 (A stored cross site scripting (XSS) vulnerability in the /admin/user/t ...)
+ NOT-FOR-US: LavaLite
+CVE-2020-36394 (pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux- ...)
+ - pam <not-affected> (Vulnerable code introduced and fixed in v1.4.0)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171721
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/5
+ NOTE: https://github.com/linux-pam/linux-pam/commit/27ded8954a1235bb65ffc9c730ae5a50b1dfed61
+CVE-2020-36393
+ RESERVED
+CVE-2020-36392
+ RESERVED
+CVE-2020-36391
+ RESERVED
+CVE-2020-36390
+ RESERVED
+CVE-2020-36389 (In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEdit ...)
+ - civicrm 5.28.4+dfsg1-1
+ NOTE: https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form
+CVE-2020-36388 (In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, user ...)
+ - civicrm 5.24.5+dfsg1-1
+ NOTE: https://civicrm.org/advisory/civi-sa-2020-03
+CVE-2020-36387 (An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring. ...)
+ - linux 5.7.17-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/6d816e088c359866f9867057e04f244c608c42fe
+CVE-2020-36386 (An issue was discovered in the Linux kernel before 5.8.1. net/bluetoot ...)
+ - linux 5.7.17-1
+ [buster] - linux 4.19.146-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/51c19bf3d5cfaa66571e4b88ba2a6f6295311101
+CVE-2020-36384 (PageLayer before 1.3.5 allows reflected XSS via color settings. ...)
+ NOT-FOR-US: PageLayer
+CVE-2020-36383 (PageLayer before 1.3.5 allows reflected XSS via the font-size paramete ...)
+ NOT-FOR-US: PageLayer
+CVE-2020-36385 (An issue was discovered in the Linux kernel before 5.10. drivers/infin ...)
+ - linux 5.10.4-1
+ NOTE: https://git.kernel.org/linus/f5449e74802c1112dea984aec8af7a33c4516af1
+CVE-2020-36382 (OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigge ...)
+ NOT-FOR-US: OpenVPN Access Server (security impact for src:openvpn covered by CVE-2020-15078)
+CVE-2020-36381 (An issue was discovered in the singleCrunch function in shenzhim aaptj ...)
+ NOT-FOR-US: aaptjs
+CVE-2020-36380 (An issue was discovered in the crunch function in shenzhim aaptjs 1.3. ...)
+ NOT-FOR-US: aaptjs
+CVE-2020-36379 (An issue was discovered in the remove function in shenzhim aaptjs 1.3. ...)
+ NOT-FOR-US: aaptjs
+CVE-2020-36378 (An issue was discovered in the packageCmd function in shenzhim aaptjs ...)
+ NOT-FOR-US: aaptjs
+CVE-2020-36377 (An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, ...)
+ NOT-FOR-US: aaptjs
+CVE-2020-36376 (An issue was discovered in the list function in shenzhim aaptjs 1.3.1, ...)
+ NOT-FOR-US: aaptjs
+CVE-2020-36375 (Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, all ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2020-36374 (Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, a ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2020-36373 (Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allow ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2020-36372 (Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, a ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2020-36371 (Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2020-36370 (Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2020-36369 (Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20. ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2020-36368 (Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, al ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2020-36367 (Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2020-36366 (Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2020-36365 (Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.Cl ...)
+ NOT-FOR-US: Smartstore (aka SmartStoreNET)
+CVE-2020-36364 (An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0 ...)
+ NOT-FOR-US: Smartstore (aka SmartStoreNET)
+CVE-2020-36363 (Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_C ...)
+ NOT-FOR-US: Amazon AWS CloudFront
+CVE-2020-36362
+ RESERVED
+CVE-2020-36361
+ RESERVED
+CVE-2020-36360
+ RESERVED
+CVE-2020-36359
+ RESERVED
+CVE-2020-36358
+ RESERVED
+CVE-2020-36357
+ RESERVED
+CVE-2020-36356
+ RESERVED
+CVE-2020-36355
+ RESERVED
+CVE-2020-36354
+ RESERVED
+CVE-2020-36353
+ RESERVED
+CVE-2020-36352
+ RESERVED
+CVE-2020-36351
+ RESERVED
+CVE-2020-36350
+ RESERVED
+CVE-2020-36349
+ RESERVED
+CVE-2020-36348
+ RESERVED
+CVE-2020-36347
+ RESERVED
+CVE-2020-36346
+ RESERVED
+CVE-2020-36345
+ RESERVED
+CVE-2020-36344
+ RESERVED
+CVE-2020-36343
+ RESERVED
+CVE-2020-36342
+ RESERVED
+CVE-2020-36341
+ RESERVED
+CVE-2020-36340
+ RESERVED
+CVE-2020-36339
+ RESERVED
+CVE-2020-36338
+ RESERVED
+CVE-2020-36337
+ RESERVED
+CVE-2020-36336
+ RESERVED
+CVE-2020-36335
+ RESERVED
+CVE-2020-36332 (A flaw was found in libwebp in versions before 1.0.1. When reading a f ...)
+ {DSA-4930-1}
+ - libwebp 0.6.1-2.1
+ [stretch] - libwebp <ignored> (Patch is too destructive to implement it; Minor issue)
+ NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=391
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/39cb9aad85ca7bb1d193013460db1f8cc6bff109
+CVE-2020-36331 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+ {DSA-4930-1 DLA-2677-1}
+ - libwebp 0.6.1-2.1
+ NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=388
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/be738c6d396fa5a272c1b209be4379a7532debfe
+CVE-2020-36330 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...)
+ {DSA-4930-1 DLA-2677-1}
+ - libwebp 0.6.1-2.1
+ NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=386
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01
+CVE-2020-36329 (A flaw was found in libwebp in versions before 1.0.1. A use-after-free ...)
+ {DSA-4930-1 DLA-2677-1}
+ - libwebp 0.6.1-2.1
+ NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=385
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/569001f19fc81fcb5ab358f587a54c62e7c4665c
+CVE-2020-36328 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...)
+ {DSA-4930-1 DLA-2677-1}
+ - libwebp 0.6.1-2.1
+ NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=383
+ NOTE: https://chromium.googlesource.com/webm/libwebp/+/71ed73cf86132394ea25ae9c7ed431e0d71043f5
+CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ...)
+ - bundler <removed>
+ [buster] - bundler <no-dsa> (Minor issue)
+ [stretch] - bundler <no-dsa> (Invasive change, hard to backport; chances of regression)
+ - rubygems <unfixed>
+ [bullseye] - rubygems <no-dsa> (Minor issue)
+ NOTE: https://github.com/rubygems/rubygems/issues/3982
+CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Des ...)
+ - libphp-phpmailer 6.2.0-2 (bug #988732)
+ [buster] - libphp-phpmailer <not-affected> (Regression introduced in 6.1.8)
+ [stretch] - libphp-phpmailer <not-affected> (Regression introduced in 6.1.8)
+ NOTE: Introduced by: https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9 (6.1.8)
+ NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/26f2848d3bbb57add5f34a467a1e3b2f9ce5cd2a (v6.4.1)
+ NOTE: Also backport: https://github.com/PHPMailer/PHPMailer/commit/7f267fb4aadfcf62e3ddc50494c469c6b9c4405a (v6.4.1)
+CVE-2020-36325 (** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due ...)
+ - jansson <unfixed> (unimportant)
+ NOTE: https://github.com/akheron/jansson/issues/548
+ NOTE: Disputed security impact (only if programmer fails to follow API specifications)
+CVE-2020-13672 (Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization ...)
+ {DLA-2637-1}
+ - drupal7 <removed>
+ NOTE: https://www.drupal.org/sa-core-2021-002
+CVE-2020-36324 (Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflect ...)
+ NOT-FOR-US: Wikimedia Quarry
+CVE-2020-36323 (In the standard library in Rust before 1.52.0, there is an optimizatio ...)
+ - rustc 1.53.0+dfsg1-1
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/80335
+ NOTE: https://github.com/rust-lang/rust/pull/81728
+CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation in the L ...)
+ {DLA-2689-1}
+ - linux 5.10.9-1
+ NOTE: https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454
+CVE-2020-36334 (themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by ...)
+ NOT-FOR-US: WordPress plugin themegrill-demo-importer
+CVE-2020-36333 (themegrill-demo-importer before 1.6.2 does not require authentication ...)
+ NOT-FOR-US: WordPress plugin themegrill-demo-importer
+CVE-2020-36321 (Improper URL validation in development mode handler in com.vaadin:flow ...)
+ NOT-FOR-US: Vaadin
+CVE-2020-36320 (Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-s ...)
+ NOT-FOR-US: Vaadin
+CVE-2020-36319 (Insecure configuration of default ObjectMapper in com.vaadin:flow-serv ...)
+ NOT-FOR-US: Vaadin
+CVE-2020-36318 (In the standard library in Rust before 1.49.0, VecDeque::make_contiguo ...)
+ - rustc 1.53.0+dfsg1-1 (bug #986803)
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/79808
+ NOTE: https://github.com/rust-lang/rust/pull/79814
+CVE-2020-36317 (In the standard library in Rust before 1.49.0, String::retain() functi ...)
+ - rustc 1.53.0+dfsg1-1 (bug #986803)
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/78498
+ NOTE: https://github.com/rust-lang/rust/pull/78499
+CVE-2020-36316 (In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 ...)
+ NOT-FOR-US: RELIC
+CVE-2020-36315 (In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occu ...)
+ NOT-FOR-US: RELIC
+CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used b ...)
+ - file-roller 3.38.1-1
+ [buster] - file-roller <no-dsa> (Minor issue)
+ [stretch] - file-roller <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683ae
+ NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/issues/108
+CVE-2020-36313 (An issue was discovered in the Linux kernel before 5.7. The KVM subsys ...)
+ - linux <not-affected> (No released version affected by the vulnerability)
+ NOTE: Fixed by: https://git.kernel.org/linus/0774a964ef561b7170d8d1b1bfe6f88002b6d219
+CVE-2020-36312 (An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kv ...)
+ - linux 5.8.10-1
+ [buster] - linux 4.19.152-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/f65886606c2d3b562716de030706dfe1bea4ed5e
+CVE-2020-36311 (An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/s ...)
+ {DSA-4941-1 DLA-2714-1}
+ - linux 5.9.1-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7be74942f184fdfba34ddd19a0d995deb34d4a03
+CVE-2020-36310 (An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/s ...)
+ - linux 5.8.7-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e
+CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...)
+ - nginx <unfixed> (bug #986787)
+ [bullseye] - nginx <ignored> (Minor issue, too intrusive to backport, see #986787)
+ [buster] - nginx <ignored> (Minor issue, too intrusive to backport, see #986787)
+ [stretch] - nginx <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/openresty/lua-nginx-module/pull/1654
+CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...)
+ {DLA-2658-1}
+ - redmine 4.0.7-1
+CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...)
+ {DLA-2658-1}
+ - redmine 4.0.7-1
+CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...)
+ {DLA-2658-1}
+ - redmine 4.0.7-1
+CVE-2020-36305
RESERVED
-CVE-2020-13751
+CVE-2020-36304
RESERVED
-CVE-2020-13750
+CVE-2020-36303
RESERVED
-CVE-2020-13749
+CVE-2020-36302
RESERVED
-CVE-2020-13748
+CVE-2020-36301
RESERVED
-CVE-2020-13747
+CVE-2020-36300
RESERVED
-CVE-2020-13746
+CVE-2020-36299
RESERVED
-CVE-2020-13745
+CVE-2020-36298
RESERVED
-CVE-2020-13744
+CVE-2020-36297
RESERVED
-CVE-2020-13743
+CVE-2020-36296
RESERVED
-CVE-2020-13742
+CVE-2020-36295
RESERVED
-CVE-2020-13741
+CVE-2020-36294
RESERVED
-CVE-2020-13740
+CVE-2020-36293
RESERVED
-CVE-2020-13739
+CVE-2020-36292
RESERVED
-CVE-2020-13738
+CVE-2020-36291
RESERVED
-CVE-2020-13737
+CVE-2020-36290
RESERVED
-CVE-2020-13736
+CVE-2020-36289 (Affected versions of Atlassian Jira Server and Data Center allow an un ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36288 (The issue navigation and search view in Jira Server and Data Center be ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36287 (The dashboard gadgets preference resource of the Atlassian gadgets plu ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36286 (The membersOf JQL search function in Jira Server and Data Center befor ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36285 (Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Impro ...)
+ NOT-FOR-US: Union Pay
+CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper ...)
+ NOT-FOR-US: Union Pay
+CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when ...)
+ NOT-FOR-US: HID OMNIKEY 5427 and OMNIKEY 5127 readers
+CVE-2020-36282 (JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vuln ...)
+ NOT-FOR-US: JMS Client for RabbitMQ
+CVE-2020-36281 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFew ...)
+ {DLA-2612-1}
+ - leptonlib 1.79.0-1.1 (bug #985089)
+ [buster] - leptonlib <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140
+ NOTE: https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5
+CVE-2020-36280 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixRea ...)
+ - leptonlib 1.79.0-1.1 (bug #985089)
+ [buster] - leptonlib <no-dsa> (Minor issue)
+ [stretch] - leptonlib <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654
+ NOTE: https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c
+CVE-2020-36279 (Leptonica before 1.80.0 allows a heap-based buffer over-read in raster ...)
+ {DLA-2612-1}
+ - leptonlib 1.79.0-1.1 (bug #985089)
+ [buster] - leptonlib <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512
+ NOTE: https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4
+CVE-2020-36278 (Leptonica before 1.80.0 allows a heap-based buffer over-read in findNe ...)
+ {DLA-2612-1}
+ - leptonlib 1.79.0-1.1 (bug #985089)
+ [buster] - leptonlib <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433
+ NOTE: https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842
+CVE-2020-36277 (Leptonica before 1.80.0 allows a denial of service (application crash) ...)
+ {DLA-2612-1}
+ - leptonlib 1.79.0-1.1 (bug #985089)
+ [buster] - leptonlib <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997
+ NOTE: https://github.com/DanBloomberg/leptonica/pull/499
+CVE-2020-36276
RESERVED
-CVE-2020-13735
+CVE-2020-36275
RESERVED
-CVE-2020-13734
+CVE-2020-36274
RESERVED
-CVE-2020-13733
+CVE-2020-36273
RESERVED
-CVE-2020-13732
+CVE-2020-36272
RESERVED
-CVE-2020-13731
+CVE-2020-36271
RESERVED
-CVE-2020-13730
+CVE-2020-36270
RESERVED
-CVE-2020-13729
+CVE-2020-36269
RESERVED
-CVE-2020-13728
+CVE-2020-36268
RESERVED
-CVE-2020-13727
+CVE-2020-36267
RESERVED
-CVE-2020-13726
+CVE-2020-36266
RESERVED
-CVE-2020-13725
+CVE-2020-36265
RESERVED
-CVE-2020-13724
+CVE-2020-36264
RESERVED
-CVE-2020-13723
+CVE-2020-36263
RESERVED
-CVE-2020-13722
+CVE-2020-36262
RESERVED
-CVE-2020-13721
+CVE-2020-36261
RESERVED
-CVE-2020-13720
+CVE-2020-36260
RESERVED
-CVE-2020-13719
+CVE-2020-36259
RESERVED
-CVE-2020-13718
+CVE-2020-36258
RESERVED
-CVE-2020-13717
+CVE-2020-36257
RESERVED
-CVE-2020-13716
+CVE-2020-36256
RESERVED
-CVE-2020-13715
+CVE-2020-36255 (An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel ...)
+ NOT-FOR-US: ScottBrady.IdentityModel
+CVE-2020-35358 (DomainMOD domainmod-v4.15.0 is affected by an insufficient session exp ...)
+ NOT-FOR-US: DomainMOD
+CVE-2020-36254 (scp.c in Dropbear before 2020.79 mishandles the filename of . or an em ...)
+ - dropbear 2020.79-1
+ [buster] - dropbear <no-dsa> (Minor issue)
+ [stretch] - dropbear <postponed> (Minor issue)
+ NOTE: https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff
+CVE-2020-36253
+ RESERVED
+CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has one out ...)
+ - owncloud <removed>
+CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has received non ...)
+ - owncloud <removed>
+CVE-2020-36250 (In the ownCloud application before 2.15 for Android, the lock protecti ...)
+ NOT-FOR-US: ownCloud app for Android
+CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not properly e ...)
+ NOT-FOR-US: ownCloud addon
+CVE-2020-36248 (The ownCloud application before 2.15 for Android allows attackers to u ...)
+ NOT-FOR-US: ownCloud app for Android
+CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. ...)
+ NOT-FOR-US: Open OnDemand
+CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain root privil ...)
+ NOT-FOR-US: Amaze File Manager
+CVE-2020-36245 (GramAddict through 1.2.3 allows remote attackers to execute arbitrary ...)
+ NOT-FOR-US: GramAddict
+CVE-2020-36244 (The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to ...)
+ - dlt-daemon 2.18.6-1
+ [buster] - dlt-daemon <no-dsa> (Minor issue)
+ NOTE: https://github.com/GENIVI/dlt-daemon/issues/265
+ NOTE: https://github.com/GENIVI/dlt-daemon/pull/269
+ NOTE: https://github.com/GENIVI/dlt-daemon/commit/af734fe097ed379b0aa5fcf551886b1ce5098052 (v2.18.6)
+CVE-2020-36243 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injecti ...)
+ NOT-FOR-US: OpenEMR
+CVE-2020-36242 (In the cryptography package before 3.3.2 for Python, certain sequences ...)
+ - python-cryptography 3.3.2-1
+ [buster] - python-cryptography <no-dsa> (Minor issue)
+ [stretch] - python-cryptography <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/pyca/cryptography/issues/5615
+CVE-2020-36241 (autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNO ...)
+ - gnome-autoar 0.2.4-3 (bug #982737)
+ [buster] - gnome-autoar <no-dsa> (Minor issue)
+ [stretch] - gnome-autoar <no-dsa> (Minor issue)
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7
+ NOTE: Regression fix: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/cc4e8b7ccc973ac69d75a7423fbe1bcdc51e2cb3
+ NOTE: When fixing the issue make sure to apply as well the followup fix:
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4
+ NOTE: to not open CVE-2021-28650.
+CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, a ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36239 (Jira Data Center, Jira Core Data Center, Jira Software Data Center fro ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36238 (The /rest/api/1.0/render resource in Jira Server and Data Center befor ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36237 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36236 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36235 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36234 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36233 (The Microsoft Windows Installer for Atlassian Bitbucket Server and Dat ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36232 (The MessageBundleWhiteList class of atlassian-gadgets before version 4 ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-36230 (A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertio ...)
+ {DSA-4845-1 DLA-2544-1}
+ - openldap 2.4.57+dfsg-1
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9423
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793 (OPENLDAP_REL_ENG_2_4_57)
+CVE-2020-36229 (A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 lead ...)
+ {DSA-4845-1 DLA-2544-1}
+ - openldap 2.4.57+dfsg-1
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9425
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0 (OPENLDAP_REL_ENG_2_4_57)
+CVE-2020-36228 (An integer underflow was discovered in OpenLDAP before 2.4.57 leading ...)
+ {DSA-4845-1 DLA-2544-1}
+ - openldap 2.4.57+dfsg-1
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9427
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad (OPENLDAP_REL_ENG_2_4_57)
+CVE-2020-36227 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite ...)
+ {DSA-4845-1 DLA-2544-1}
+ - openldap 2.4.57+dfsg-1
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9428
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5 (OPENLDAP_REL_ENG_2_4_57)
+CVE-2020-36226 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch-&gt ...)
+ {DSA-4845-1 DLA-2544-1}
+ - openldap 2.4.57+dfsg-1
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9413
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but differend ids
+CVE-2020-36225 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a double fr ...)
+ {DSA-4845-1 DLA-2544-1}
+ - openldap 2.4.57+dfsg-1
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9412
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but differend ids
+CVE-2020-36224 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid ...)
+ {DSA-4845-1 DLA-2544-1}
+ - openldap 2.4.57+dfsg-1
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9409
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but differend ids
+CVE-2020-36223 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd cra ...)
+ {DSA-4845-1 DLA-2544-1}
+ - openldap 2.4.57+dfsg-1
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9408
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/21981053a1195ae1555e23df4d9ac68d34ede9dd (OPENLDAP_REL_ENG_2_4_57)
+CVE-2020-36222 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertio ...)
+ {DSA-4845-1 DLA-2544-1}
+ - openldap 2.4.57+dfsg-1
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9406
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9407
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed (OPENLDAP_REL_ENG_2_4_57)
+CVE-2020-36221 (An integer underflow was discovered in OpenLDAP before 2.4.57 leading ...)
+ {DSA-4845-1 DLA-2544-1}
+ - openldap 2.4.57+dfsg-1
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9404
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31 (OPENLDAP_REL_ENG_2_4_57)
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9424
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4d1d82b47e842 (OPENLDAP_REL_ENG_2_4_57)
+CVE-2020-36220 (An issue was discovered in the va-ts crate before 0.0.4 for Rust. Beca ...)
+ NOT-FOR-US: Rust crate va-ts
+CVE-2020-36219 (An issue was discovered in the atomic-option crate through 2020-10-31 ...)
+ NOT-FOR-US: Rust crate atomic-option
+CVE-2020-36218 (An issue was discovered in the buttplug crate before 1.0.4 for Rust. B ...)
+ NOT-FOR-US: Rust crate buttplug
+CVE-2020-36217 (An issue was discovered in the may_queue crate through 2020-11-10 for ...)
+ NOT-FOR-US: Rust crate may_queue
+CVE-2020-36216 (An issue was discovered in Input&lt;R&gt; in the eventio crate before ...)
+ NOT-FOR-US: Rust crate eventio
+CVE-2020-36215 (An issue was discovered in the hashconsing crate before 1.1.0 for Rust ...)
+ NOT-FOR-US: Rust crate hashconsing
+CVE-2020-36214 (An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust ...)
+ NOT-FOR-US: Rust crate multiqueue2
+CVE-2020-36213 (An issue was discovered in the abi_stable crate before 0.9.1 for Rust. ...)
+ NOT-FOR-US: Rust crate abi_stable
+CVE-2020-36212 (An issue was discovered in the abi_stable crate before 0.9.1 for Rust. ...)
+ NOT-FOR-US: Rust crate abi_stable
+CVE-2020-36211 (An issue was discovered in the gfwx crate before 0.3.0 for Rust. Becau ...)
+ NOT-FOR-US: Rust crate gfwx
+CVE-2020-36210 (An issue was discovered in the autorand crate before 0.2.3 for Rust. B ...)
+ NOT-FOR-US: Rust crate autorand
+CVE-2020-36209 (An issue was discovered in the late-static crate before 0.4.0 for Rust ...)
+ NOT-FOR-US: Rust crate late-static
+CVE-2020-36208 (An issue was discovered in the conquer-once crate before 0.3.2 for Rus ...)
+ NOT-FOR-US: Rust crate conquer-once
+CVE-2020-36207 (An issue was discovered in the aovec crate through 2020-12-10 for Rust ...)
+ NOT-FOR-US: Rust crate aovec
+CVE-2020-36206 (An issue was discovered in the rusb crate before 0.7.0 for Rust. Becau ...)
+ NOT-FOR-US: Rust crate rusb
+CVE-2020-36205 (An issue was discovered in the xcb crate through 2020-12-10 for Rust. ...)
+ - rust-xcb <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0097.html
+CVE-2020-36204 (An issue was discovered in the im crate through 2020-11-09 for Rust. B ...)
+ NOT-FOR-US: Rust crate im
+CVE-2020-36203 (An issue was discovered in the reffers crate through 2020-12-01 for Ru ...)
+ NOT-FOR-US: Rust crate reffers
+CVE-2020-36202 (An issue was discovered in the async-h1 crate before 2.3.0 for Rust. R ...)
+ NOT-FOR-US: Rust crate async-h1
+CVE-2020-36201 (An issue was discovered in certain Xerox WorkCentre products. They do ...)
+ NOT-FOR-US: Xerox
+CVE-2020-36200 (TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated ...)
+ NOT-FOR-US: TinyCheck
+CVE-2020-36199 (TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command ...)
+ NOT-FOR-US: TinyCheck
+CVE-2020-36198 (A command injection vulnerability has been reported to affect certain ...)
+ NOT-FOR-US: QNAP
+CVE-2020-36197 (An improper access control vulnerability has been reported to affect e ...)
+ NOT-FOR-US: QNAP
+CVE-2020-36196 (A stored XSS vulnerability has been reported to affect QNAP NAS runnin ...)
+ NOT-FOR-US: QNAP
+CVE-2020-36195 (An SQL injection vulnerability has been reported to affect QNAP NAS ru ...)
+ NOT-FOR-US: QNAP
+CVE-2020-36194 (An XSS vulnerability has been reported to affect QNAP NAS running QTS ...)
+ NOT-FOR-US: QNAP
+CVE-2020-36192 (An issue was discovered in the Source Integration plugin before 2.4.1 ...)
+ NOT-FOR-US: Source Integration plugin for MantisBT
+CVE-2020-36191 (JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lac ...)
+ - jupyterhub <unfixed>
+ NOTE: https://github.com/jupyterhub/jupyterhub/issues/3304
+CVE-2020-36190 (RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows ...)
+ NOT-FOR-US: RailsAdmin
+CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2996
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
+CVE-2020-36188 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2996
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4
+CVE-2020-36187 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2997
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
+CVE-2020-36186 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2997
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1
+CVE-2020-36185 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2998
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
+CVE-2020-36184 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2998
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a
+CVE-2020-36183 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/3003
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/1cddeaf9524e903d08a91fdd9f3dde46d2a68536
+CVE-2020-36182 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
+CVE-2020-36181 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
+CVE-2020-36180 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
+CVE-2020-36179 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/3004
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b
+CVE-2020-36178 (oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 d ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-36177 (RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-o ...)
+ - wolfssl 4.6.0-1 (bug #979534)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567
+ NOTE: https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f
+ NOTE: https://github.com/wolfSSL/wolfssl/pull/3426
+CVE-2020-36176 (The iThemes Security (formerly Better WP Security) plugin before 7.7.0 ...)
+ NOT-FOR-US: iThemes Security (formerly Better WP Security) plugin for WordPress
+CVE-2020-36175 (The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers ...)
+ NOT-FOR-US: Ninja Forms plugin for WordPress
+CVE-2020-36174 (The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via s ...)
+ NOT-FOR-US: Ninja Forms plugin for WordPress
+CVE-2020-36173 (The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for ...)
+ NOT-FOR-US: Ninja Forms plugin for WordPress
+CVE-2020-36172 (The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandl ...)
+ NOT-FOR-US: Advanced Custom Fields plugin for WordPress
+CVE-2020-36171 (The Elementor Website Builder plugin before 3.0.14 for WordPress does ...)
+ NOT-FOR-US: Elementor Website Builder plugin for WordPress
+CVE-2020-36170 (The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidd ...)
+ NOT-FOR-US: Ultimate Member plugin for WordPress
+CVE-2020-36169 (An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCe ...)
+ NOT-FOR-US: Veritas
+CVE-2020-36168 (An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It ...)
+ NOT-FOR-US: Veritas
+CVE-2020-36167 (An issue was discovered in the server in Veritas Backup Exec through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2020-36166 (An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Wind ...)
+ NOT-FOR-US: Veritas
+CVE-2020-36165 (An issue was discovered in Veritas Desktop and Laptop Option (DLO) bef ...)
+ NOT-FOR-US: Veritas
+CVE-2020-36164 (An issue was discovered in Veritas Enterprise Vault through 14.0. On s ...)
+ NOT-FOR-US: Veritas
+CVE-2020-36163 (An issue was discovered in Veritas NetBackup and OpsCenter through 8.3 ...)
+ NOT-FOR-US: Veritas
+CVE-2020-36162 (An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. T ...)
+ NOT-FOR-US: Veritas
+CVE-2020-36161 (An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 ...)
+ NOT-FOR-US: Veritas
+CVE-2020-36160 (An issue was discovered in Veritas System Recovery before 21.2. On sta ...)
+ NOT-FOR-US: Veritas
+CVE-2020-36159 (Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operation ...)
+ NOT-FOR-US: Veritas
+CVE-2020-36158 (mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifie ...)
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
+ - linux 5.10.5-1
+ NOTE: https://git.kernel.org/linus/5c455c5ab332773464d02ba17015acdca198f03d (5.11-rc1)
+CVE-2020-36157 (An issue was discovered in the Ultimate Member plugin before 2.1.12 fo ...)
+ NOT-FOR-US: Ultimate Member plugin for WordPress
+CVE-2020-36156 (An issue was discovered in the Ultimate Member plugin before 2.1.12 fo ...)
+ NOT-FOR-US: Ultimate Member plugin for WordPress
+CVE-2020-36155 (An issue was discovered in the Ultimate Member plugin before 2.1.12 fo ...)
+ NOT-FOR-US: Ultimate Member plugin for WordPress
+CVE-2020-36154 (The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full ...)
+ NOT-FOR-US: Pearson VUE VTS Installer
+CVE-2020-36153
RESERVED
-CVE-2020-13714
+CVE-2020-36152 (Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmyso ...)
+ - libmysofa 1.2~dfsg0-1
+ [buster] - libmysofa <no-dsa> (Minor issue)
+ NOTE: https://github.com/hoene/libmysofa/issues/136
+ NOTE: https://github.com/hoene/libmysofa/pull/146
+CVE-2020-36151 (Incorrect handling of input data in mysofa_resampler_reset_mem functio ...)
+ - libmysofa 1.2~dfsg0-1
+ [buster] - libmysofa <no-dsa> (Minor issue)
+ NOTE: https://github.com/hoene/libmysofa/issues/134
+ NOTE: https://github.com/hoene/libmysofa/pull/146
+CVE-2020-36150 (Incorrect handling of input data in loudness function in the libmysofa ...)
+ - libmysofa 1.2~dfsg0-1
+ [buster] - libmysofa <no-dsa> (Minor issue)
+ NOTE: https://github.com/hoene/libmysofa/issues/135
+ NOTE: https://github.com/hoene/libmysofa/pull/146
+CVE-2020-36149 (Incorrect handling of input data in changeAttribute function in the li ...)
+ - libmysofa 1.2~dfsg0-1
+ [buster] - libmysofa <no-dsa> (Minor issue)
+ NOTE: https://github.com/hoene/libmysofa/issues/137
+ NOTE: https://github.com/hoene/libmysofa/pull/146
+CVE-2020-36148 (Incorrect handling of input data in verifyAttribute function in the li ...)
+ - libmysofa 1.2~dfsg0-1
+ [buster] - libmysofa <no-dsa> (Minor issue)
+ NOTE: https://github.com/hoene/libmysofa/issues/138
+ NOTE: https://github.com/hoene/libmysofa/pull/145
+CVE-2020-36147
+ RESERVED
+CVE-2020-36146
+ RESERVED
+CVE-2020-36145
+ RESERVED
+CVE-2020-36144 (Redash 8.0.0 is affected by LDAP Injection. There is an information le ...)
+ NOT-FOR-US: Redash
+CVE-2020-36143
+ RESERVED
+CVE-2020-36142 (BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserti ...)
+ NOT-FOR-US: BloofoxCMS
+CVE-2020-36141 (BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via b ...)
+ NOT-FOR-US: BloofoxCMS
+CVE-2020-36140 (BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode= ...)
+ NOT-FOR-US: BloofoxCMS
+CVE-2020-36139 (BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnera ...)
+ NOT-FOR-US: BloofoxCMS
+CVE-2020-36138
+ RESERVED
+CVE-2020-36137
+ RESERVED
+CVE-2020-36136
+ RESERVED
+CVE-2020-36135 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...)
+ - aom 3.2.0-1
+ [bullseye] - aom <no-dsa> (Minor issue)
+ [buster] - aom <no-dsa> (Minor issue)
+ NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.1.0-rc1)
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911
+CVE-2020-36134 (AOM v2.0.1 was discovered to contain a segmentation violation via the ...)
+ - aom <not-affected> (Vulnerable code never in a Debian released version)
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2914
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2940
+ NOTE: Introduced by: https://aomedia.googlesource.com/aom/+/4567c355bf55a7430819e9d30df259bcb83cfe0d (v2.1.0-rc1)
+ NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/5a1b33b710050b69557d26cf53d4943325481beb (v2.1.0-rc1)
+CVE-2020-36133 (AOM v2.0.1 was discovered to contain a global buffer overflow via the ...)
+ - aom 3.2.0-1
+ [bullseye] - aom <no-dsa> (Minor issue)
+ [buster] - aom <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1
+ NOTE: https://aomedia.googlesource.com/aom/+/5c9bc4181071684d157fc47c736acf6c69a85d85 (v3.2.0-rc1)
+CVE-2020-36132
+ RESERVED
+CVE-2020-36131 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...)
+ - aom 3.2.0-1
+ [bullseye] - aom <no-dsa> (Minor issue)
+ [buster] - aom <no-dsa> (Minor issue)
+ NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.1.0-rc1)
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1
+CVE-2020-36130 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...)
+ - aom 3.2.0-1
+ [bullseye] - aom <no-dsa> (Minor issue)
+ [buster] - aom <no-dsa> (Minor issue)
+ NOTE: https://aomedia.googlesource.com/aom/+/be4ee75fd762d361d0679cc892e4c74af8140093%5E%21/#F0 (v2.1.0-rc1)
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1
+CVE-2020-36129 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...)
+ - aom 3.2.0-1
+ [bullseye] - aom <not-affected> (Vulnerable code introduced later)
+ [buster] - aom <not-affected> (Vulnerable code introduced later)
+ NOTE: https://aomedia.googlesource.com/aom/+/7a20d10027fd91fbe11e38182a1d45238e102c4a%5E%21/#F0 (v3.2.0-rc1)
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1
+CVE-2020-36128 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
+ NOT-FOR-US: Pax Technology PAXSTORE
+CVE-2020-36127 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
+ NOT-FOR-US: Pax Technology PAXSTORE
+CVE-2020-36126 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
+ NOT-FOR-US: Pax Technology PAXSTORE
+CVE-2020-36125 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
+ NOT-FOR-US: Pax Technology PAXSTORE
+CVE-2020-36124 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...)
+ NOT-FOR-US: Pax Technology PAXSTORE
+CVE-2020-36123
+ RESERVED
+CVE-2020-36122
+ RESERVED
+CVE-2020-36121
+ RESERVED
+CVE-2020-36120 (Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsix ...)
+ - libsixel <unfixed> (bug #988159)
+ [bullseye] - libsixel <no-dsa> (Minor issue)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/saitoha/libsixel/issues/143
+CVE-2020-36119
RESERVED
-CVE-2020-13713
+CVE-2020-36118
RESERVED
-CVE-2020-13712
+CVE-2020-36117
RESERVED
-CVE-2020-13711
+CVE-2020-36116
RESERVED
-CVE-2020-13710
+CVE-2020-36115 (Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD ...)
+ NOT-FOR-US: EGavilan
+CVE-2020-36114
RESERVED
-CVE-2020-13709
+CVE-2020-36113
RESERVED
-CVE-2020-13708
+CVE-2020-36112 (CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-b ...)
+ NOT-FOR-US: CSE Bookstore
+CVE-2020-36111
RESERVED
-CVE-2020-13707
+CVE-2020-36110
RESERVED
-CVE-2020-13706
+CVE-2020-36109 (ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a bu ...)
+ NOT-FOR-US: ASUS RT-AX86U router firmware
+CVE-2020-36108
RESERVED
-CVE-2020-13705
+CVE-2020-36107
RESERVED
-CVE-2020-13704
+CVE-2020-36106
RESERVED
-CVE-2020-13703
+CVE-2020-36105
RESERVED
-CVE-2020-13754 [msix: OOB access during mmio operations may lead to DoS]
+CVE-2020-36104
RESERVED
- - qemu <unfixed>
- NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html
-CVE-2020-13702
+CVE-2020-36103
RESERVED
-CVE-2020-13701
+CVE-2020-36102
RESERVED
-CVE-2020-13700
+CVE-2020-36101
RESERVED
-CVE-2020-13699
+CVE-2020-36100
RESERVED
-CVE-2020-13698
+CVE-2020-36099
RESERVED
-CVE-2020-13697
+CVE-2020-36098
RESERVED
-CVE-2020-13696
+CVE-2020-36097
RESERVED
-CVE-2020-13695 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...)
- NOT-FOR-US: QuickBox
-CVE-2020-13694 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...)
- NOT-FOR-US: QuickBox
-CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...)
- NOT-FOR-US: bbPress plugin for WordPress
-CVE-2020-13692
+CVE-2020-36096
RESERVED
-CVE-2020-13691
+CVE-2020-36095
RESERVED
-CVE-2020-13690
+CVE-2020-36094
RESERVED
-CVE-2020-13689
+CVE-2020-36093
RESERVED
-CVE-2020-13688
+CVE-2020-36092
RESERVED
-CVE-2020-13687
+CVE-2020-36091
RESERVED
-CVE-2020-13686
+CVE-2020-36090
RESERVED
-CVE-2020-13685
+CVE-2020-36089
RESERVED
-CVE-2020-13684
+CVE-2020-36088
RESERVED
-CVE-2020-13683
+CVE-2020-36087
RESERVED
-CVE-2020-13682
+CVE-2020-36086
RESERVED
-CVE-2020-13681
+CVE-2020-36085
RESERVED
-CVE-2020-13680
+CVE-2020-36084
RESERVED
-CVE-2020-13679
+CVE-2020-36083
RESERVED
-CVE-2020-13678
+CVE-2020-36082
RESERVED
-CVE-2020-13677
+CVE-2020-36081
RESERVED
-CVE-2020-13676
+CVE-2020-36080
RESERVED
-CVE-2020-13675
+CVE-2020-36079 (** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arb ...)
+ NOT-FOR-US: Zenphoto
+CVE-2020-36078
RESERVED
-CVE-2020-13674
+CVE-2020-36077
RESERVED
-CVE-2020-13673
+CVE-2020-36076
RESERVED
-CVE-2020-13672
+CVE-2020-36075
RESERVED
-CVE-2020-13671
+CVE-2020-36074
RESERVED
-CVE-2020-13670
+CVE-2020-36073
RESERVED
-CVE-2020-13669
+CVE-2020-36072
RESERVED
-CVE-2020-13668
+CVE-2020-36071
RESERVED
-CVE-2020-13667
+CVE-2020-36070
RESERVED
-CVE-2020-13666
+CVE-2020-36069
RESERVED
-CVE-2020-13665
+CVE-2020-36068
RESERVED
-CVE-2020-13664
+CVE-2020-36067 (GJSON &lt;=v1.6.5 allows attackers to cause a denial of service (panic ...)
+ - golang-github-tidwall-gjson 1.6.7-1
+ [buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue)
+ NOTE: https://github.com/tidwall/gjson/issues/196
+ NOTE: https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b
+CVE-2020-36066 (GJSON &lt;1.6.5 allows attackers to cause a denial of service (remote) ...)
+ - golang-github-tidwall-gjson 1.6.7-1
+ [buster] - golang-github-tidwall-gjson <no-dsa> (Minor issue)
+ NOTE: https://github.com/tidwall/gjson/issues/195
+ NOTE: https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc
+ NOTE: fix in golang-github-tidwall-gjson is dependency on golang-github-tidwall-match v1.0.3
+CVE-2020-36065
RESERVED
-CVE-2020-13663
+CVE-2020-36064 (Online Course Registration v1.0 was discovered to contain hardcoded cr ...)
+ NOT-FOR-US: Online Course Registration
+CVE-2020-36063
RESERVED
-CVE-2020-13661
+CVE-2020-36062 (Dairy Farm Shop Management System v1.0 was discovered to contain hardc ...)
+ NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System
+CVE-2020-36061
RESERVED
-CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...)
- NOT-FOR-US: CMS Made Simple
-CVE-2020-13659 [exec: address_space_map returns NULL without setting length to zero may lead to DoS]
+CVE-2020-36060
RESERVED
- - qemu <unfixed>
- NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
- NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html
-CVE-2020-13658
+CVE-2020-36059
RESERVED
-CVE-2020-13657
+CVE-2020-36058
RESERVED
-CVE-2020-13656
+CVE-2020-36057
RESERVED
-CVE-2020-13655
+CVE-2020-36056 (Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_ ...)
+ NOT-FOR-US: Beetel
+CVE-2020-36055
RESERVED
-CVE-2020-13654
+CVE-2020-36054
RESERVED
-CVE-2020-13653
+CVE-2020-36053
RESERVED
-CVE-2020-13652
+CVE-2020-36052 (Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 al ...)
+ NOT-FOR-US: MiniCMS
+CVE-2020-36051 (Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 al ...)
+ NOT-FOR-US: MiniCMS
+CVE-2020-36050
RESERVED
-CVE-2020-13651
+CVE-2020-36049 (socket.io-parser before 3.4.1 allows attackers to cause a denial of se ...)
+ - node-socket.io-parser 3.4.1-1
+ [buster] - node-socket.io-parser <no-dsa> (Minor issue)
+ NOTE: https://blog.caller.xyz/socketio-engineio-dos/
+ NOTE: https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55
+CVE-2020-36048 (Engine.IO before 4.0.0 allows attackers to cause a denial of service ( ...)
+ NOT-FOR-US: Engine.IO
+CVE-2020-36047
RESERVED
-CVE-2020-13650
+CVE-2020-36046
RESERVED
-CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during c ...)
- NOT-FOR-US: JerryScript
-CVE-2020-13648
+CVE-2020-36045
RESERVED
-CVE-2020-13647
+CVE-2020-36044
RESERVED
-CVE-2020-13646
+CVE-2020-36043
RESERVED
-CVE-2020-13645 (In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...)
- - glib-networking <unfixed> (bug #961756)
- NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135
- NOTE: Updating glib-networking to address CVE-2020-13645 will need a compatibility
- NOTE: update as well for balsa (cf. https://bugs.debian.org/961792)
-CVE-2020-13644 (An issue was discovered in the Accordion plugin before 2.2.9 for WordP ...)
- NOT-FOR-US: Accordion plugin for WordPress
-CVE-2020-13643 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...)
- NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress
-CVE-2020-13642 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...)
- NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress
-CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace plugin befor ...)
- NOT-FOR-US: Real-Time Find and Replace plugin for WordPress
-CVE-2020-13640
+CVE-2020-36042
RESERVED
-CVE-2020-13639
+CVE-2020-36041
RESERVED
-CVE-2020-13638
+CVE-2020-36040
RESERVED
-CVE-2020-13637
+CVE-2020-36039
RESERVED
-CVE-2020-13636
+CVE-2020-36038
RESERVED
-CVE-2020-13635
+CVE-2020-36037
RESERVED
-CVE-2020-13634 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
- NOT-FOR-US: Windows Master (aka Windows Optimization Master)
-CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...)
- NOT-FOR-US: Fork CMS
-CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...)
- - sqlite3 3.32.0-1
- NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
- NOTE: https://sqlite.org/src/info/a4dd148928ea65bd
-CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name ...)
- - sqlite3 3.32.0-1
- NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
- NOTE: https://sqlite.org/src/info/eca0ba2cf4c0fdf7
-CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...)
- - sqlite3 3.32.0-1
- NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
- NOTE: https://sqlite.org/src/info/0d69f76f0865f962
-CVE-2020-13629
+CVE-2020-36036
RESERVED
-CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
- TODO: check
-CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
- TODO: check
-CVE-2020-13626
+CVE-2020-36035
RESERVED
-CVE-2020-13625
+CVE-2020-36034
RESERVED
-CVE-2020-13624
+CVE-2020-36033 (SQL injection vulnerability in SourceCodester Water Billing System 1.0 ...)
+ NOT-FOR-US: SourceCodester
+CVE-2020-36032
RESERVED
-CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...)
- NOT-FOR-US: JerryScript
-CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service (asser ...)
- NOT-FOR-US: JerryScript
-CVE-2020-13621
+CVE-2020-36031
RESERVED
-CVE-2020-13620
+CVE-2020-36030
RESERVED
-CVE-2020-13619
+CVE-2020-36029
RESERVED
-CVE-2020-13618
+CVE-2020-36028
RESERVED
-CVE-2020-13617
+CVE-2020-36027
RESERVED
-CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...)
- NOT-FOR-US: pichi
-CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification ...)
- NOT-FOR-US: Qore
-CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implem ...)
- - axel 2.17.8-1
- [buster] - axel <no-dsa> (Minor issue)
- [stretch] - axel <no-dsa> (Minor issue)
- [jessie] - axel <not-affected> (SSL/TLS implemented from v2.10. But without ssl support is a major drawback)
- NOTE: https://github.com/axel-download-accelerator/axel/issues/262
-CVE-2020-13613
+CVE-2020-36026
RESERVED
-CVE-2020-13612
+CVE-2020-36025
RESERVED
-CVE-2020-13611
+CVE-2020-36024
RESERVED
-CVE-2020-13610
+CVE-2020-36023
RESERVED
-CVE-2020-13609
+CVE-2020-36022
RESERVED
-CVE-2020-13608
+CVE-2020-36021
RESERVED
-CVE-2020-13607
+CVE-2020-36020
RESERVED
-CVE-2020-13606
+CVE-2020-36019
RESERVED
-CVE-2020-13605
+CVE-2020-36018
RESERVED
-CVE-2020-13604
+CVE-2020-36017
+ RESERVED
+CVE-2020-36016
+ RESERVED
+CVE-2020-36015
+ RESERVED
+CVE-2020-36014
+ RESERVED
+CVE-2020-36013
+ RESERVED
+CVE-2020-36012 (Stored XSS vulnerability in BDTASK Multi-Store Inventory Management Sy ...)
+ NOT-FOR-US: BDTASK Multi-Store Inventory Management System
+CVE-2020-36011 (A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart ...)
+ NOT-FOR-US: QDOCS Smart Hospital Management System
+CVE-2020-36010
+ RESERVED
+CVE-2020-36009 (OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerabil ...)
+ NOT-FOR-US: OBottle
+CVE-2020-36008 (OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability ...)
+ NOT-FOR-US: OBottle
+CVE-2020-36007 (AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripti ...)
+ NOT-FOR-US: AppCMS
+CVE-2020-36006 (AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulne ...)
+ NOT-FOR-US: AppCMS
+CVE-2020-36005 (AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulner ...)
+ NOT-FOR-US: AppCMS
+CVE-2020-36004 (AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulner ...)
+ NOT-FOR-US: AppCMS
+CVE-2020-36003 (The id parameter in detail.php of Online Book Store v1.0 is vulnerable ...)
+ NOT-FOR-US: Online Book Store
+CVE-2020-36002 (Seat-Reservation-System 1.0 has a SQL injection vulnerability in index ...)
+ NOT-FOR-US: Seat-Reservation-System
+CVE-2020-36001
+ RESERVED
+CVE-2020-36000
+ RESERVED
+CVE-2020-35999
+ RESERVED
+CVE-2020-35998
+ RESERVED
+CVE-2020-35997
+ RESERVED
+CVE-2020-35996
+ RESERVED
+CVE-2020-35995
+ RESERVED
+CVE-2020-35994
+ RESERVED
+CVE-2020-35993
+ RESERVED
+CVE-2020-35992
+ RESERVED
+CVE-2020-35991
+ RESERVED
+CVE-2020-35990
+ RESERVED
+CVE-2020-35989
+ RESERVED
+CVE-2020-35988
+ RESERVED
+CVE-2020-35987 (A stored cross site scripting (XSS) vulnerability in the 'Entities Lis ...)
+ NOT-FOR-US: Rukovoditel
+CVE-2020-35986 (A stored cross site scripting (XSS) vulnerability in the 'Users Access ...)
+ NOT-FOR-US: Rukovoditel
+CVE-2020-35985 (A stored cross site scripting (XSS) vulnerability in the 'Global Lists ...)
+ NOT-FOR-US: Rukovoditel
+CVE-2020-35984 (A stored cross site scripting (XSS) vulnerability in the 'Users Alerts ...)
+ NOT-FOR-US: Rukovoditel
+CVE-2020-35983
+ RESERVED
+CVE-2020-35982 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an i ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987374)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/a4eb327049132359cae54b59faec9e2f14c5a619
+ NOTE: https://github.com/gpac/gpac/issues/1660
+CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an i ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987374)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b
+ NOTE: https://github.com/gpac/gpac/issues/1659
+CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...)
+ - gpac <unfixed> (bug #987374; bug #990691)
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
+ [buster] - ccextractor <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a
+ NOTE: https://github.com/gpac/gpac/issues/1661
+CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987374)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/b15020f54aff24aaeb64b80771472be8e64a7adc
+ NOTE: https://github.com/gpac/gpac/issues/1662
+CVE-2020-35978
+ RESERVED
+CVE-2020-35977
+ RESERVED
+CVE-2020-35976
+ RESERVED
+CVE-2020-35975
+ RESERVED
+CVE-2020-35974
RESERVED
-CVE-2020-13603
+CVE-2020-35973 (An issue was discovered in zzcms2020. There is a XSS vulnerability tha ...)
+ NOT-FOR-US: zzcms
+CVE-2020-35972 (An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability ...)
+ NOT-FOR-US: YzmCMS
+CVE-2020-35971 (A storage XSS vulnerability is found in YzmCMS v5.8, which can be used ...)
+ NOT-FOR-US: YzmCMS
+CVE-2020-35970 (An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability i ...)
+ NOT-FOR-US: YzmCMS
+CVE-2020-35969
RESERVED
-CVE-2020-13602
+CVE-2020-35968
RESERVED
-CVE-2020-13601
+CVE-2020-35967
RESERVED
-CVE-2020-13600
+CVE-2020-35966
RESERVED
-CVE-2020-13599
+CVE-2020-35965 (decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds ...)
+ {DSA-4990-1 DLA-2537-1}
+ - ffmpeg 7:4.3.1-6 (bug #979999)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3
+CVE-2020-35964 (track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bo ...)
+ - ffmpeg 7:4.3.1-6 (bug #980000)
+ [buster] - ffmpeg <not-affected> (Vulnerable code not present)
+ [stretch] - ffmpeg <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26622
+CVE-2020-35963 (flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out- ...)
+ NOT-FOR-US: Fluent Bit
+CVE-2020-35962 (The sellTokenForLRC function in the vault protocol in the smart contra ...)
+ NOT-FOR-US: Loopring (LRC) Ethereum token
+CVE-2020-35961
RESERVED
-CVE-2020-13598
+CVE-2020-35960
RESERVED
-CVE-2020-13597
+CVE-2020-35959
RESERVED
-CVE-2020-13596
+CVE-2020-35958
RESERVED
-CVE-2020-13595
+CVE-2020-35957
RESERVED
-CVE-2020-13594
+CVE-2020-35956
RESERVED
-CVE-2020-13593
+CVE-2020-35955
RESERVED
-CVE-2020-13662 [Drupal SA 2020-003]
+CVE-2020-35954
RESERVED
- {DSA-4693-1}
+CVE-2020-35953
+ RESERVED
+CVE-2020-35952 (login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-3 ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-35951 (An issue was discovered in the Quiz and Survey Master plugin before 7. ...)
+ NOT-FOR-US: Quiz and Survey Master plugin for WordPress
+CVE-2020-35950 (An issue was discovered in the XCloner Backup and Restore plugin befor ...)
+ NOT-FOR-US: XCloner Backup and Restore plugin for WordPress
+CVE-2020-35949 (An issue was discovered in the Quiz and Survey Master plugin before 7. ...)
+ NOT-FOR-US: Quiz and Survey Master plugin for WordPress
+CVE-2020-35948 (An issue was discovered in the XCloner Backup and Restore plugin befor ...)
+ NOT-FOR-US: XCloner Backup and Restore plugin for WordPress
+CVE-2020-35947 (An issue was discovered in the PageLayer plugin before 1.1.2 for WordP ...)
+ NOT-FOR-US: PageLayer plugin for WordPress
+CVE-2020-35946 (An issue was discovered in the All in One SEO Pack plugin before 3.6.2 ...)
+ NOT-FOR-US: All in One SEO Pack plugin for WordPress
+CVE-2020-35945 (An issue was discovered in the Divi Builder plugin, Divi theme, and Di ...)
+ NOT-FOR-US: Divi Builder plugin, Divi theme, and Divi Extra theme for WordPress
+CVE-2020-35944 (An issue was discovered in the PageLayer plugin before 1.1.2 for WordP ...)
+ NOT-FOR-US: PageLayer plugin for WordPress
+CVE-2020-35943 (A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugi ...)
+ NOT-FOR-US: NextGEN Gallery plugin for WordPress
+CVE-2020-35942 (A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugi ...)
+ NOT-FOR-US: NextGEN Gallery plugin for WordPress
+CVE-2020-35941
+ RESERVED
+CVE-2020-35940
+ RESERVED
+CVE-2020-35939 (PHP Object injection vulnerabilities in the Team Showcase plugin befor ...)
+ NOT-FOR-US: Team Showcase plugin for WordPress
+CVE-2020-35938 (PHP Object injection vulnerabilities in the Post Grid plugin before 2. ...)
+ NOT-FOR-US: Post Grid plugin for WordPress
+CVE-2020-35937 (Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase ...)
+ NOT-FOR-US: Team Showcase plugin for WordPress
+CVE-2020-35936 (Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plu ...)
+ NOT-FOR-US: Post Grid plugin for WordPress
+CVE-2020-35935 (The Advanced Access Manager plugin before 6.6.2 for WordPress allows p ...)
+ NOT-FOR-US: Advanced Access Manager plugin for WordPress
+CVE-2020-35934 (The Advanced Access Manager plugin before 6.6.2 for WordPress displays ...)
+ NOT-FOR-US: Advanced Access Manager plugin for WordPress
+CVE-2020-35933 (A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in ...)
+ NOT-FOR-US: Newsletter plugin for WordPress
+CVE-2020-35932 (Insecure Deserialization in the Newsletter plugin before 6.8.2 for Wor ...)
+ NOT-FOR-US: Newsletter plugin for WordPress
+CVE-2020-35931 (An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-35930 (Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url ...)
+ NOT-FOR-US: Seo Panel
+CVE-2020-35929 (In TinyCheck before commits 9fd360d and ea53de8, the installation scri ...)
+ NOT-FOR-US: TinyCheck
+CVE-2020-35928 (An issue was discovered in the concread crate before 0.2.6 for Rust. A ...)
+ NOT-FOR-US: concread rust crate
+CVE-2020-35927 (An issue was discovered in the thex crate through 2020-12-08 for Rust. ...)
+ NOT-FOR-US: thex rust crate
+CVE-2020-35926 (An issue was discovered in the nanorand crate before 0.5.1 for Rust. I ...)
+ NOT-FOR-US: nanorand rust crate
+CVE-2020-35925 (An issue was discovered in the magnetic crate before 2.0.1 for Rust. M ...)
+ NOT-FOR-US: magnetic rust crate
+CVE-2020-35924 (An issue was discovered in the try-mutex crate before 0.3.0 for Rust. ...)
+ NOT-FOR-US: try-mutex rust crate
+CVE-2020-35923 (An issue was discovered in the ordered-float crate before 1.1.1 and 2. ...)
+ NOT-FOR-US: ordered-float rust crate
+CVE-2020-35922 (An issue was discovered in the mio crate before 0.7.6 for Rust. It has ...)
+ - rust-mio <not-affected> (Vulnerable code introduced later)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0081.html
+ NOTE: https://github.com/tokio-rs/mio/issues/1386
+CVE-2020-35920 (An issue was discovered in the socket2 crate before 0.3.16 for Rust. I ...)
+ - rust-socket2 0.3.19-1
+ [buster] - rust-socket2 <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0079.html
+ NOTE: https://github.com/rust-lang/socket2-rs/issues/119
+CVE-2020-35918 (An issue was discovered in the branca crate before 0.10.0 for Rust. De ...)
+ NOT-FOR-US: branca rust crate
+CVE-2020-35917 (An issue was discovered in the pyo3 crate before 0.12.4 for Rust. Ther ...)
+ NOT-FOR-US: pyo3 rust crate
+CVE-2020-35915 (An issue was discovered in the futures-intrusive crate before 0.4.0 fo ...)
+ NOT-FOR-US: futures-intrusive rust crate
+CVE-2020-35909 (An issue was discovered in the multihash crate before 0.11.3 for Rust. ...)
+ NOT-FOR-US: multihash rust crate
+CVE-2020-35908 (An issue was discovered in the futures-util crate before 0.3.2 for Rus ...)
+ NOT-FOR-US: futures-util rust crate
+CVE-2020-35907 (An issue was discovered in the futures-task crate before 0.3.5 for Rus ...)
+ - rust-futures-task <not-affected> (Fixed before the initial upload to Debian)
+ NOTE: https://github.com/rust-lang/futures-rs/issues/2091
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0061.html
+CVE-2020-35906 (An issue was discovered in the futures-task crate before 0.3.6 for Rus ...)
+ - rust-futures-task <not-affected> (Fixed before the initial upload to Debian)
+ NOTE: https://github.com/rust-lang/futures-rs/pull/2206
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0060.html
+CVE-2020-35905 (An issue was discovered in the futures-util crate before 0.3.7 for Rus ...)
+ NOT-FOR-US: futures-util rust crate
+CVE-2020-35904 (An issue was discovered in the crossbeam-channel crate before 0.4.4 fo ...)
+ - rust-crossbeam-channel 0.4.4-1
+ [buster] - rust-crossbeam-channel <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0052.html
+ NOTE: https://github.com/crossbeam-rs/crossbeam/pull/533
+CVE-2020-35903 (An issue was discovered in the dync crate before 0.5.0 for Rust. VecCo ...)
+ NOT-FOR-US: dync rust create
+CVE-2020-35902 (An issue was discovered in the actix-codec crate before 0.3.0-beta.1 f ...)
+ NOT-FOR-US: actix-codec rust crate
+CVE-2020-35901 (An issue was discovered in the actix-http crate before 2.0.0-alpha.1 f ...)
+ NOT-FOR-US: actix-http rust crate
+CVE-2020-35900 (An issue was discovered in the array-queue crate through 2020-09-26 fo ...)
+ NOT-FOR-US: array-queue rust crate
+CVE-2020-35899 (An issue was discovered in the actix-service crate before 1.0.6 for Ru ...)
+ NOT-FOR-US: actix-service rust crate
+CVE-2020-35898 (An issue was discovered in the actix-utils crate before 2.0.0 for Rust ...)
+ NOT-FOR-US: actix-utils rust crate
+CVE-2020-35897 (An issue was discovered in the atom crate before 0.3.6 for Rust. An un ...)
+ NOT-FOR-US: atom rust crate
+CVE-2020-35896 (An issue was discovered in the ws crate through 2020-09-25 for Rust. T ...)
+ NOT-FOR-US: ws rust crate
+CVE-2020-35895 (An issue was discovered in the stack crate before 0.3.1 for Rust. Arra ...)
+ NOT-FOR-US: stack rust crate
+CVE-2020-35894 (An issue was discovered in the obstack crate before 0.1.4 for Rust. Un ...)
+ NOT-FOR-US: obstack rust crate
+CVE-2020-35893 (An issue was discovered in the simple-slab crate before 0.3.3 for Rust ...)
+ NOT-FOR-US: simple-slab rust crate
+CVE-2020-35892 (An issue was discovered in the simple-slab crate before 0.3.3 for Rust ...)
+ NOT-FOR-US: simple-slab rust crate
+CVE-2020-35891 (An issue was discovered in the ordnung crate through 2020-09-03 for Ru ...)
+ NOT-FOR-US: ordnung rust crate
+CVE-2020-35890 (An issue was discovered in the ordnung crate through 2020-09-03 for Ru ...)
+ NOT-FOR-US: ordnung rust crate
+CVE-2020-35889 (An issue was discovered in the crayon crate through 2020-08-31 for Rus ...)
+ NOT-FOR-US: crayon rust crate
+CVE-2020-35888 (An issue was discovered in the arr crate through 2020-08-25 for Rust. ...)
+ NOT-FOR-US: arr rust crate
+CVE-2020-35887 (An issue was discovered in the arr crate through 2020-08-25 for Rust. ...)
+ NOT-FOR-US: arr rust crate
+CVE-2020-35886 (An issue was discovered in the arr crate through 2020-08-25 for Rust. ...)
+ NOT-FOR-US: arr rust crate
+CVE-2020-35885 (An issue was discovered in the alpm-rs crate through 2020-08-20 for Ru ...)
+ NOT-FOR-US: alpm-rs rust crate
+CVE-2020-35884 (An issue was discovered in the tiny_http crate through 2020-06-16 for ...)
+ NOT-FOR-US: tiny_http rust crate
+CVE-2020-35883 (An issue was discovered in the mozwire crate through 2020-08-18 for Ru ...)
+ NOT-FOR-US: mozwire rust crate
+CVE-2020-35882 (An issue was discovered in the rocket crate before 0.4.5 for Rust. Loc ...)
+ NOT-FOR-US: rocket rust crate
+CVE-2020-35881 (An issue was discovered in the traitobject crate through 2020-06-01 fo ...)
+ NOT-FOR-US: traitobject rust crate
+CVE-2020-35880 (An issue was discovered in the bigint crate through 2020-05-07 for Rus ...)
+ NOT-FOR-US: bigint rust create (different from rust-num-bigint)
+CVE-2020-35879 (An issue was discovered in the rulinalg crate through 2020-02-11 for R ...)
+ NOT-FOR-US: rulinalg rust crate
+CVE-2020-35878 (An issue was discovered in the ozone crate through 2020-07-04 for Rust ...)
+ NOT-FOR-US: ozone rust crate
+CVE-2020-35877 (An issue was discovered in the ozone crate through 2020-07-04 for Rust ...)
+ NOT-FOR-US: ozone rust crate
+CVE-2020-35876 (An issue was discovered in the rio crate through 2020-05-11 for Rust. ...)
+ NOT-FOR-US: rio rust crate
+CVE-2020-35875 (An issue was discovered in the tokio-rustls crate before 0.13.1 for Ru ...)
+ NOT-FOR-US: Rust crate tokio-rustls
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0019.html
+CVE-2020-35874 (An issue was discovered in the internment crate through 2020-05-28 for ...)
+ NOT-FOR-US: internment rust crate
+CVE-2020-35873 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ NOT-FOR-US: rusqlite rust crate
+CVE-2020-35872 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ NOT-FOR-US: rusqlite rust crate
+CVE-2020-35871 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ NOT-FOR-US: rusqlite rust crate
+CVE-2020-35870 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ NOT-FOR-US: rusqlite rust crate
+CVE-2020-35869 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ NOT-FOR-US: rusqlite rust crate
+CVE-2020-35868 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ NOT-FOR-US: rusqlite rust crate
+CVE-2020-35867 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ NOT-FOR-US: rusqlite rust crate
+CVE-2020-35866 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...)
+ NOT-FOR-US: rusqlite rust crate
+CVE-2020-35865 (An issue was discovered in the os_str_bytes crate before 2.0.0 for Rus ...)
+ NOT-FOR-US: Rust os_str_bytes
+CVE-2020-35864 (An issue was discovered in the flatbuffers crate through 2020-04-11 fo ...)
+ NOT-FOR-US: flatbuffers rust crate
+CVE-2020-35863 (An issue was discovered in the hyper crate before 0.12.34 for Rust. HT ...)
+ - rust-hyper 0.12.35-1
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0008.html
+ NOTE: https://github.com/hyperium/hyper/issues/1925
+CVE-2020-35862 (An issue was discovered in the bitvec crate before 0.17.4 for Rust. Bi ...)
+ NOT-FOR-US: bitvec rust crate
+CVE-2020-35860 (An issue was discovered in the cbox crate through 2020-03-19 for Rust. ...)
+ NOT-FOR-US: cbox rust crate
+CVE-2020-35859 (An issue was discovered in the lucet-runtime-internals crate before 0. ...)
+ NOT-FOR-US: lucet-runtime-internals rust crate
+CVE-2020-35858 (An issue was discovered in the prost crate before 0.6.1 for Rust. Ther ...)
+ NOT-FOR-US: prost rust crate
+CVE-2020-35857 (An issue was discovered in the trust-dns-server crate before 0.18.1 fo ...)
+ NOT-FOR-US: Rust trust-dns-server
+CVE-2020-35856 (SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-35855
+ RESERVED
+CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Bod ...)
+ NOT-FOR-US: Textpattern CMS
+CVE-2020-35853 (4images Image Gallery Management System 1.7.11 is affected by cross-si ...)
+ NOT-FOR-US: 4images Image Gallery Management System
+CVE-2020-35852 (Chatbox is affected by cross-site scripting (XSS). An attacker has to ...)
+ NOT-FOR-US: Chatbox
+CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters properly. Att ...)
+ NOT-FOR-US: HGiga MailSherlock
+CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...)
+ NOTE: Bug disputed by upstream
+ NOTE: https://github.com/cockpit-project/cockpit/issues/15077
+CVE-2020-35849 (An issue was discovered in MantisBT before 2.24.4. An incorrect access ...)
+ - mantis <removed>
+CVE-2020-35848 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...)
+ NOT-FOR-US: Agentejo Cockpit
+CVE-2020-35847 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...)
+ NOT-FOR-US: Agentejo Cockpit
+CVE-2020-35846 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...)
+ NOT-FOR-US: Agentejo Cockpit
+CVE-2020-35845 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2020-35844 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2020-35843 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2020-35842 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35841 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35840 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35839 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35838 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35837 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35836 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35835 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35834 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35833 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35832 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35831 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35830 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35829 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35828 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35827 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35826 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35825 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35824 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35823 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35822 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35821 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35820 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35819 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35818 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35817 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35816 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35815 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35814 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35813 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35812 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35811 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35810 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35809 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35808 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35807 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35806 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35805 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35804 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35803 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35802 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35801 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35800 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35799 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35798 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35797 (NETGEAR NMS300 devices before 1.6.0.27 are affected by command injecti ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35796 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35795 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35794 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35793 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35792 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35791 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35790 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35789 (NETGEAR NMS300 devices before 1.6.0.27 are affected by command injecti ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35788 (NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overfl ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35787 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35786 (NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflo ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35785 (NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authenticat ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35784 (Certain NETGEAR devices are affected by lack of access control at the ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35783 (Certain NETGEAR devices are affected by lack of access control at the ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35782 (Certain NETGEAR devices are affected by lack of access control at the ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35781 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of servi ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35780 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of servi ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35779 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of servi ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35778 (Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 be ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command inj ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35776 (A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk version ...)
+ - asterisk 1:16.16.1~dfsg-1 (bug #983158)
+ [buster] - asterisk <postponed> (Minor issue)
+ [stretch] - asterisk <no-dsa> (Minor issue)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-001.html
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29227
+CVE-2020-35775 (CITSmart before 9.1.2.23 allows LDAP Injection. ...)
+ NOT-FOR-US: CITSmart
+CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (a ...)
+ NOT-FOR-US: Twitter TwitterServer
+CVE-2020-35773 (The site-offline plugin before 1.4.4 for WordPress lacks certain wp_cr ...)
+ NOT-FOR-US: site-offline plugin for WordPress
+CVE-2020-35772
+ RESERVED
+CVE-2020-35771
+ RESERVED
+CVE-2020-35770
+ RESERVED
+CVE-2020-35769 (miniserv.pl in Webmin 1.962 on Windows mishandles special characters i ...)
+ - webmin <removed>
+CVE-2020-35768
+ RESERVED
+CVE-2020-35767
+ RESERVED
+CVE-2020-35766 (The test suite in libopendkim in OpenDKIM through 2.10.3 allows local ...)
+ - opendkim <unfixed> (unimportant)
+ NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/113
+CVE-2020-35765 (doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho Manag ...)
+ NOT-FOR-US: Zoho ManageEngine Applications Manager
+CVE-2020-35764
+ RESERVED
+CVE-2020-35763
+ RESERVED
+CVE-2020-35762 (bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' pa ...)
+ NOT-FOR-US: bloofoxCMS
+CVE-2020-35761 (bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers t ...)
+ NOT-FOR-US: bloofoxCMS
+CVE-2020-35760 (bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allo ...)
+ NOT-FOR-US: bloofoxCMS
+CVE-2020-35759 (bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an att ...)
+ NOT-FOR-US: bloofoxCMS
+CVE-2020-35758 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...)
+ NOT-FOR-US: Libre Wireless LS9 LS1.5/p7040 devices
+CVE-2020-35757 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...)
+ NOT-FOR-US: Libre Wireless LS9 LS1.5/p7040 devices
+CVE-2020-35756 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...)
+ NOT-FOR-US: Libre Wireless LS9 LS1.5/p7040 devices
+CVE-2020-35755 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...)
+ NOT-FOR-US: Libre Wireless LS9 LS1.5/p7040 devices
+CVE-2020-35754 (OpenSolution Quick.CMS &lt; 6.7 and Quick.Cart &lt; 6.7 allow an authe ...)
+ NOT-FOR-US: OpenSolution Quick.CMS
+CVE-2020-35753 (The job posting recommendation form in Persis Human Resource Managemen ...)
+ NOT-FOR-US: Persis Human Resource Management Portal
+CVE-2020-35752 (Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulne ...)
+ NOT-FOR-US: Baby Care System
+CVE-2020-35751
+ RESERVED
+CVE-2020-35750
+ RESERVED
+CVE-2020-35749 (Directory traversal vulnerability in class-simple_job_board_resume_dow ...)
+ NOT-FOR-US: Simple Board Job plugin for WordPress
+CVE-2020-35748 (Cross-site scripting (XSS) vulnerability in models/list-table.php in t ...)
+ NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress
+CVE-2020-35747
+ RESERVED
+CVE-2020-35746
+ RESERVED
+CVE-2020-35745 (PHPGURUKUL Hospital Management System V 4.0 does not properly restrict ...)
+ NOT-FOR-US: PHPGURUKUL Hospital Management System
+CVE-2020-35744
+ RESERVED
+CVE-2020-35743 (HGiga MailSherlock contains a SQL injection flaw. Attackers can inject ...)
+ NOT-FOR-US: HGiga MailSherlock
+CVE-2020-35742 (HGiga MailSherlock contains a vulnerability of SQL Injection. Attacker ...)
+ NOT-FOR-US: HGiga MailSherlock
+CVE-2020-35741 (HGiga MailSherlock does not validate user parameters on multiple login ...)
+ NOT-FOR-US: HGiga MailSherlock
+CVE-2020-35740 (HGiga MailSherlock does not validate specific URL parameters properly ...)
+ NOT-FOR-US: HGiga MailSherlock
+CVE-2020-35739
+ RESERVED
+CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack ...)
+ {DLA-2525-1}
+ - wavpack 5.3.0-2 (bug #978548)
+ [buster] - wavpack <no-dsa> (Minor issue)
+ NOTE: https://github.com/dbry/WavPack/issues/91
+ NOTE: https://github.com/dbry/WavPack/commit/63f3ec70129843dd64e11aa4c21c4a1cf00c9f1c
+ NOTE: https://github.com/dbry/WavPack/commit/89df160596132e3bd666322e1c20b2ebd4b92cd0
+CVE-2020-35737 (In Correspondence Management System (corms) in Newgen eGov 12.0, an at ...)
+ NOT-FOR-US: Correspondence Management System (corms) in Newgen eGov
+CVE-2020-35736 (GateOne 1.1 allows arbitrary file download without authentication via ...)
+ NOT-FOR-US: GateOne
+CVE-2020-35735 (Vidyo 02-09-/D allows clickjacking via the portal/ URI. ...)
+ NOT-FOR-US: Vidyo
+CVE-2020-35734 (** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an aut ...)
+ NOT-FOR-US: Batflat
+CVE-2020-35733 (An issue was discovered in Erlang/OTP before 23.2.2. The ssl applicati ...)
+ - erlang 1:23.2.2+dfsg-1 (bug #980199)
+ [buster] - erlang <not-affected> (Vulnerable code introduced later)
+ [stretch] - erlang <not-affected> (Vulnerable code introduced later)
+ NOTE: https://erlang.org/pipermail/erlang-questions/2021-January/100357.html
+ NOTE: Introduced in: https://github.com/erlang/otp/commit/d24a220c3b867caef83026ba31d2656366da4322 (OTP-23.2)
+ NOTE: Fixed by: https://github.com/erlang/otp/commit/a59f3c4d2be19343f43c46241d0f4e30dd5563de (OTP-23.2.2)
+ NOTE: Fixed by: https://github.com/erlang/otp/commit/c515e8d74fb92430c619eaa2dd00c89d94c6770a (OTP-23.2.2)
+ NOTE: Fixed by: https://github.com/erlang/otp/commit/11a098cb0bcc30d7c424f01c60bfefd1deece287 (OTP-23.2.2)
+ NOTE: Fixed by: https://github.com/erlang/otp/commit/95222bb877515345d6716f3bc36139ab52211af0 (OTP-23.2.2)
+CVE-2020-35732
+ RESERVED
+CVE-2020-35731
+ RESERVED
+CVE-2020-35730 (An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x ...)
+ {DSA-4821-1 DLA-2508-1}
+ - roundcube 1.4.10+dfsg.1-1 (bug #978491)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d (1.4.10)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/a06ec1dcf9c972d302b16e1ac6aa079a4f6a1c3e (1.3.16)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/47e4d44f62ea16f923761d57f1773a66d51afad4 (1.2.13)
+CVE-2020-35729 (KLog Server 2.4.1 allows OS command injection via shell metacharacters ...)
+ NOT-FOR-US: KLog Server
+CVE-2020-35728 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2999
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84
+CVE-2020-35727 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35726 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35725 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35724 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35723 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35722 (** UNSUPPORTED WHEN ASSIGNED ** CSRF in Web Compliance Manager in Ques ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35721 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35720 (** UNSUPPORTED WHEN ASSIGNED ** Stored XSS in Quest Policy Authority 8 ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35719 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35718
+ RESERVED
+CVE-2020-35717 (zonote through 0.4.0 allows XSS via a crafted note, with resultant Rem ...)
+ NOT-FOR-US: zonote
+CVE-2020-35716 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attacker ...)
+ NOT-FOR-US: Belkin LINKSYS RE6500 devices
+CVE-2020-35715 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenti ...)
+ NOT-FOR-US: Belkin LINKSYS RE6500 devices
+CVE-2020-35714 (Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authentic ...)
+ NOT-FOR-US: Belkin LINKSYS RE6500 devices
+CVE-2020-35713 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attacker ...)
+ NOT-FOR-US: Belkin LINKSYS RE6500 devices
+CVE-2020-35712 (Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configura ...)
+ NOT-FOR-US: Esri ArcGIS Server
+CVE-2020-35710 (Parallels Remote Application Server (RAS) 18 allows remote attackers t ...)
+ NOT-FOR-US: Parallels Remote Application Server (RAS)
+CVE-2020-35709 (bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with ...)
+ NOT-FOR-US: bloofoxCMS
+CVE-2020-35711 (An issue has been discovered in the arc-swap crate before 0.4.8 (and 1 ...)
+ - rust-arc-swap 0.4.8-1 (bug #985090)
+ [buster] - rust-arc-swap <no-dsa> (Minor issue)
+ NOTE: https://github.com/vorner/arc-swap/issues/45
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0091.html
+CVE-2020-35708 (phpList 3.5.9 allows SQL injection by admins who provide a crafted fou ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-35707 (Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the ...)
+ NOT-FOR-US: Daybyday
+CVE-2020-35706 (Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Pr ...)
+ NOT-FOR-US: Daybyday
+CVE-2020-35705 (Daybyday 2.1.0 allows stored XSS via the Name parameter to the New Use ...)
+ NOT-FOR-US: Daybyday
+CVE-2020-35704 (Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Le ...)
+ NOT-FOR-US: Daybyday
+CVE-2020-35703
+ RESERVED
+CVE-2020-35702 (** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 ...)
+ - poppler <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011
+ NOTE: Introduced by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1c3ded779582aef5f2cbaf29bc5da7a8eae6f69
+ NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639
+CVE-2020-35701 (An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection ...)
+ - cacti 1.2.16+ds1-2 (bug #979998)
+ [buster] - cacti 1.2.2+ds1-2+deb10u4
+ [stretch] - cacti <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/Cacti/cacti/issues/4022
+ NOTE: https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/
+ NOTE: Introduced in: https://github.com/Cacti/cacti/commit/6e1b8431b77efe55ba5115e35fe045e101dd619b (1.2.0)
+ NOTE: Fixed by: https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82
+CVE-2020-35700 (A second-order SQL injection issue in Widgets/TopDevicesController.php ...)
+ NOT-FOR-US: LibreNMS
+CVE-2020-35699
+ RESERVED
+CVE-2020-35698
+ RESERVED
+CVE-2020-35697
+ RESERVED
+CVE-2020-35696
+ RESERVED
+CVE-2020-35695
+ RESERVED
+CVE-2020-35694
+ RESERVED
+CVE-2020-35693 (On some Samsung phones and tablets running Android through 7.1.1, it i ...)
+ NOT-FOR-US: Samsung
+CVE-2020-35692
+ RESERVED
+CVE-2020-35691
+ RESERVED
+CVE-2020-35690
+ RESERVED
+CVE-2020-35689
+ RESERVED
+CVE-2020-35688
+ RESERVED
+CVE-2020-35687 (PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-35686 (The SECOMN service in Sound Research DCHU model software component mod ...)
+ NOT-FOR-US: Sound Research
+CVE-2020-35685 (An issue was discovered in HCC Nichestack 3.0. The code that generates ...)
+ NOT-FOR-US: HCC Nichestack
+CVE-2020-35684 (An issue was discovered in HCC Nichestack 3.0. The code that parses TC ...)
+ NOT-FOR-US: HCC Nichestack
+CVE-2020-35683 (An issue was discovered in HCC Nichestack 3.0. The code that parses IC ...)
+ NOT-FOR-US: HCC Nichestack
+CVE-2020-35682 (Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authenticati ...)
+ NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
+CVE-2020-35681 (Django Channels 3.x before 3.0.3 allows remote attackers to obtain sen ...)
+ - python-django-channels 3.0.3-1 (bug #979376)
+ [buster] - python-django-channels <no-dsa> (Minor issue)
+ NOTE: https://channels.readthedocs.io/en/latest/releases/3.0.3.html
+ NOTE: https://github.com/django/channels/commit/e85874d9630474986a6937430eac52db79a2a022 (3.0.3)
+CVE-2020-35680 (smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurati ...)
+ - opensmtpd 6.8.0p2-1 (bug #978039)
+ [buster] - opensmtpd <no-dsa> (Minor issue)
+ [stretch] - opensmtpd <not-affected> (new filter grammar support added in ec69ed85b6c)
+ NOTE: https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1
+ NOTE: https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html
+CVE-2020-35679 (smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, whi ...)
+ - opensmtpd 6.8.0p2-1 (bug #978038)
+ [buster] - opensmtpd <no-dsa> (Minor issue)
+ [stretch] - opensmtpd <not-affected> (regex table supported added > 6.4.0 according to CHANGES.md)
+ NOTE: https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043
+ NOTE: https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html
+CVE-2020-35678 (Autobahn|Python before 20.12.3 allows redirect header injection. ...)
+ - python-autobahn 17.10.1+dfsg1-7 (bug #978416)
+ [buster] - python-autobahn <no-dsa> (Minor issue)
+ [stretch] - python-autobahn <ignored> (Need a package which is not in this suite)
+ NOTE: https://github.com/crossbario/autobahn-python/pull/1439
+ NOTE: https://github.com/crossbario/autobahn-python/commit/f7b7ad5c1066bdcc551775b73da15dca5c111623 (v20.12.3)
+CVE-2020-35677 (BigProf Online Invoicing System before 4.0 fails to adequately sanitiz ...)
+ NOT-FOR-US: BigProf Online Invoicing System
+CVE-2020-35676 (BigProf Online Invoicing System before 3.1 fails to correctly sanitize ...)
+ NOT-FOR-US: BigProf Online Invoicing System
+CVE-2020-35675 (BigProf Online Invoicing System before 3.0 offers a functionality that ...)
+ NOT-FOR-US: BigProf Online Invoicing System
+CVE-2020-35674 (BigProf Online Invoicing System before 2.9 suffers from an unauthentic ...)
+ NOT-FOR-US: BigProf Online Invoicing System
+CVE-2020-35673
+ RESERVED
+CVE-2020-35672
+ RESERVED
+CVE-2020-35671
+ RESERVED
+CVE-2020-35670
+ RESERVED
+CVE-2020-35669 (An issue was discovered in the http package through 0.12.2 for Dart. I ...)
+ NOT-FOR-US: Dart http
+CVE-2020-35668 (RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that lead ...)
+ NOT-FOR-US: RedisGraph
+CVE-2020-35667 (JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2020-35666 (Steedos Platform through 1.21.24 allows NoSQL injection because the /a ...)
+ NOT-FOR-US: Steedos Platform
+CVE-2020-35665 (An unauthenticated command-execution vulnerability exists in TerraMast ...)
+ NOT-FOR-US: TerraMaster TOS
+CVE-2020-35664 (An issue was discovered in Acronis Cyber Protect before 15 Update 1 bu ...)
+ NOT-FOR-US: Acronis
+CVE-2020-35663
+ RESERVED
+CVE-2020-35662 (In SaltStack Salt before 3002.5, when authenticating to services using ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+CVE-2020-35661
+ RESERVED
+CVE-2020-35660 (Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal pag ...)
+ NOT-FOR-US: Monica
+CVE-2020-35659 (The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. ...)
+ NOT-FOR-US: Pi-hole
+CVE-2020-35658 (SpamTitan before 7.09 allows attackers to tamper with backups, because ...)
+ NOT-FOR-US: SpamTitan
+CVE-2020-35657 (Jaws through 1.8.0 allows remote authenticated administrators to execu ...)
+ NOT-FOR-US: Jaws
+CVE-2020-35656 (Jaws through 1.8.0 allows remote authenticated administrators to execu ...)
+ NOT-FOR-US: Jaws
+CVE-2020-35655 (In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...)
+ - pillow 8.1.0-1
+ [buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
+ NOTE: https://github.com/python-pillow/Pillow/pull/5173
+ NOTE: https://github.com/python-pillow/Pillow/commit/120eea2e4547a7d1826afdf01563035844f0b7d5
+ NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8 (4.3.0)
+CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...)
+ - pillow 8.1.0-1
+ [buster] - pillow <not-affected> (Vulnerable code not present)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
+ NOTE: https://github.com/python-pillow/Pillow/pull/5175
+ NOTE: https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c
+ NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0)
+CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...)
+ {DLA-2716-1}
+ - pillow 8.1.0-1
+ [buster] - pillow <no-dsa> (Minor issue)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security
+ NOTE: https://github.com/python-pillow/Pillow/pull/5174
+ NOTE: https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf
+CVE-2020-35652 (An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk b ...)
+ - asterisk 1:16.15.1~dfsg-1 (bug #979372)
+ [buster] - asterisk <no-dsa> (Minor issue)
+ [stretch] - asterisk <no-dsa> (Minor issue)
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29191
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29219
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2020-003.html
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2020-003-13.diff (Asterisk 13.x)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2020-003-16.diff (Asterisk 16.x)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2020-004.html
+CVE-2020-35651
+ RESERVED
+CVE-2020-35650 (Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups ...)
+ NOT-FOR-US: Uncanny Groups for LearnDash
+CVE-2020-35649
+ RESERVED
+CVE-2020-35648
+ RESERVED
+CVE-2020-35647
+ RESERVED
+CVE-2020-35646
+ RESERVED
+CVE-2020-35645
+ RESERVED
+CVE-2020-35644
+ RESERVED
+CVE-2020-35643
+ RESERVED
+CVE-2020-35642
+ RESERVED
+CVE-2020-35641
+ RESERVED
+CVE-2020-35640
+ RESERVED
+CVE-2020-35639
+ RESERVED
+CVE-2020-35638
+ RESERVED
+CVE-2020-35637
+ RESERVED
+CVE-2020-35636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ {DLA-2649-1}
+ - cgal 5.2-3 (bug #985671)
+ [buster] - cgal <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
+CVE-2020-35635 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ {DLA-2649-1}
+ - cgal 5.2-3 (bug #985671)
+ [buster] - cgal <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
+CVE-2020-35634 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ {DLA-2649-1}
+ - cgal 5.2-3 (bug #985671)
+ [buster] - cgal <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
+CVE-2020-35633 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ {DLA-2649-1}
+ - cgal 5.2-3 (bug #985671)
+ [buster] - cgal <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
+CVE-2020-35632
+ RESERVED
+CVE-2020-35631
+ RESERVED
+CVE-2020-35630
+ RESERVED
+CVE-2020-35629
+ RESERVED
+CVE-2020-35628 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ {DLA-2649-1}
+ - cgal 5.2-3 (bug #985671)
+ [buster] - cgal <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
+CVE-2020-35627 (Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vul ...)
+ NOT-FOR-US: Ultimate WooCommerce Gift Cards
+CVE-2020-35626 (An issue was discovered in the PushToWatch extension for MediaWiki thr ...)
+ NOT-FOR-US: PushToWatch MediaWiki extension
+CVE-2020-35625 (An issue was discovered in the Widgets extension for MediaWiki through ...)
+ NOT-FOR-US: Widgets MediaWiki extension
+CVE-2020-35624 (An issue was discovered in the SecurePoll extension for MediaWiki thro ...)
+ NOT-FOR-US: SecurePoll MediaWiki extension
+CVE-2020-35623 (An issue was discovered in the CasAuth extension for MediaWiki through ...)
+ NOT-FOR-US: CasAuth MediaWiki extension
+CVE-2020-35622 (An issue was discovered in the GlobalUsage extension for MediaWiki thr ...)
+ NOT-FOR-US: GlobalUsage MediaWiki extension
+CVE-2020-35621
+ REJECTED
+CVE-2020-35620
+ REJECTED
+CVE-2020-35619
+ REJECTED
+CVE-2020-35618
+ REJECTED
+CVE-2020-35617
+ REJECTED
+CVE-2020-35616 (An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-35615 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing tok ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-35614 (An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper hand ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-35613 (An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filt ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-35612 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder pa ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-35611 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal c ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-35610 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosugge ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-35609 (A denial-of-service vulnerability exists in the asynchronous ioctl fun ...)
+ NOT-FOR-US: Microsoft Azure Sphere
+CVE-2020-35608 (A code execution vulnerability exists in the normal world&#8217;s sign ...)
+ NOT-FOR-US: Microsoft Azure Sphere
+CVE-2020-35607
+ RESERVED
+CVE-2020-35606 (Arbitrary command execution can occur in Webmin through 1.962. Any use ...)
+ - webmin <removed>
+CVE-2020-35605 (The Graphics Protocol feature in graphics.c in kitty before 0.19.3 all ...)
+ {DSA-4819-1}
+ - kitty 0.19.3-1
+ NOTE: https://github.com/kovidgoyal/kitty/commit/82c137878c2b99100a3cdc1c0f0efea069313901 (v0.19.3)
+ NOTE: https://github.com/kovidgoyal/kitty/issues/3128
+CVE-2020-35604 (An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. ...)
+ NOT-FOR-US: Kronos WebTA
+CVE-2020-35603
+ RESERVED
+CVE-2020-35602
+ RESERVED
+CVE-2020-35601
+ RESERVED
+CVE-2020-35600
+ RESERVED
+CVE-2020-35599
+ RESERVED
+CVE-2020-35598 (ACS Advanced Comment System 1.0 is affected by Directory Traversal via ...)
+ NOT-FOR-US: ACS Advanced Comment System
+CVE-2020-35597
+ RESERVED
+CVE-2020-35596
+ RESERVED
+CVE-2020-35595
+ RESERVED
+CVE-2020-35594 (Zoho ManageEngine ADManager Plus before 7066 allows XSS. ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2020-35593
+ RESERVED
+CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the a ...)
+ NOT-FOR-US: Pi-hole
+CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application d ...)
+ NOT-FOR-US: Pi-hole
+CVE-2020-35590 (LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin bef ...)
+ NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress
+CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress a ...)
+ NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress
+CVE-2020-35588
+ RESERVED
+CVE-2020-35587 (** DISPUTED ** In Solstice Pod before 3.0.3, the firmware can easily b ...)
+ NOT-FOR-US: Solstice Pod
+CVE-2020-35586 (In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password ...)
+ NOT-FOR-US: Solstice Pod
+CVE-2020-35585 (In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enume ...)
+ NOT-FOR-US: Solstice Pod
+CVE-2020-35584 (In Solstice Pod before 3.0.3, the web services allow users to connect ...)
+ NOT-FOR-US: Solstice Pod
+CVE-2020-35583
+ RESERVED
+CVE-2020-35582 (A stored cross-site scripting (XSS) issue in Envira Gallery Lite befor ...)
+ NOT-FOR-US: Envira Gallery Lite
+CVE-2020-35581 (A stored cross-site scripting (XSS) issue in Envira Gallery Lite befor ...)
+ NOT-FOR-US: Envira Gallery Lite
+CVE-2020-35580 (A local file inclusion vulnerability in the FileServlet in all SearchB ...)
+ NOT-FOR-US: searchblox
+CVE-2020-35579 (tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&amp;url=%URL%& ...)
+ NOT-FOR-US: tindy2013
+CVE-2020-35578 (An issue was discovered in the Manage Plugins page in Nagios XI before ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-35577 (In Endalia Selection Portal before 4.205.0, an Insecure Direct Object ...)
+ NOT-FOR-US: Endalia Selection Portal
+CVE-2020-35576 (A Command Injection issue in the traceroute feature on TP-Link TL-WR84 ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-35575 (A password-disclosure issue in the web interface on certain TP-Link de ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-35574
+ RESERVED
+CVE-2020-35572 (Adminer through 4.7.8 allows XSS via the history parameter to the defa ...)
+ - adminer 4.7.9-1
+ [buster] - adminer <no-dsa> (Minor issue)
+ [stretch] - adminer <not-affected> (Vulnerable code introduced in v4.7.0)
+ NOTE: https://sourceforge.net/p/adminer/bugs-and-features/775/
+ NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-9pgx-gcph-mpqr
+ NOTE: https://github.com/vrana/adminer/commit/5c395afc098e501be3417017c6421968aac477bd (v4.7.9)
+CVE-2020-35571 (An issue was discovered in MantisBT through 2.24.3. In the helper_ensu ...)
+ - mantis <removed>
+CVE-2020-35573 (srs2.c in PostSRSd before 1.10 allows remote attackers to cause a deni ...)
+ {DLA-2502-1}
+ - postsrsd 1.10-1
+ [buster] - postsrsd 1.5-2+deb10u1
+ NOTE: https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac (1.10)
+CVE-2020-35570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35568 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35567 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35566 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35565 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35564 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35563 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35562
+ RESERVED
+CVE-2020-35561 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35560 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35559 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35558 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35557 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT
+CVE-2020-35556 (An issue was discovered in Acronis Cyber Protect before 15 Update 1 bu ...)
+ NOT-FOR-US: Acronis
+CVE-2020-35555 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-35554 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-35553 (An issue was discovered on Samsung mobile devices with Q(10.0) and R(1 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-35552 (An issue was discovered in the GPS daemon on Samsung mobile devices wi ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-35551 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-35550 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-35549 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-35548 (An issue was discovered in Finder on Samsung mobile devices with Q(10. ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-35547 (A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 ...)
+ NOT-FOR-US: Mitel
+CVE-2020-35546
+ RESERVED
+CVE-2020-35545 (Time-based SQL injection exists in Spotweb 1.4.9 via the query string. ...)
+ - spotweb <removed> (bug #977719)
+ [buster] - spotweb <no-dsa> (Minor issue)
+ [stretch] - spotweb <no-dsa> (Minor issue)
+ NOTE: https://github.com/spotweb/spotweb/issues/629
+ NOTE: https://github.com/spotweb/spotweb/commit/fefb39ad143caad021ad496427617db79c42aff2
+ NOTE: https://github.com/spotweb/spotweb/commit/25c1f89f0202af5d5d224b906ff9d9313f017aa6
+ NOTE: When fixing the issue make sure to apply the complete fix for CVE-2020-35545
+ NOTE: and not open CVE-2021-3286. Cf.
+ NOTE: https://github.com/spotweb/spotweb/issues/653
+CVE-2020-35544
+ RESERVED
+CVE-2020-35543
+ RESERVED
+CVE-2020-35542 (Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize ...)
+ NOT-FOR-US: Unisys
+CVE-2020-35541
+ REJECTED
+CVE-2020-35540
+ REJECTED
+CVE-2020-35539
+ RESERVED
+CVE-2020-35538
+ RESERVED
+CVE-2020-35537
+ RESERVED
+CVE-2020-35536
+ RESERVED
+CVE-2020-35535
+ RESERVED
+CVE-2020-35534
+ RESERVED
+CVE-2020-35533
+ RESERVED
+CVE-2020-35532
+ RESERVED
+CVE-2020-35531
+ RESERVED
+CVE-2020-35530
+ RESERVED
+CVE-2020-35529
+ RESERVED
+CVE-2020-35528
+ RESERVED
+CVE-2020-35527
+ RESERVED
+CVE-2020-35526
+ RESERVED
+CVE-2020-35525
+ RESERVED
+CVE-2020-35524 (A heap-based buffer overflow flaw was found in libtiff in the handling ...)
+ {DSA-4869-1 DLA-2694-1}
+ - tiff 4.1.0+git201212-1
+ NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22
+ NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159
+CVE-2020-35523 (An integer overflow flaw was found in libtiff that exists in the tif_g ...)
+ {DSA-4869-1 DLA-2694-1}
+ - tiff 4.1.0+git201212-1
+ NOTE: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2
+ NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/160
+CVE-2020-35522 (In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A craf ...)
+ - tiff 4.1.0+git201212-1 (unimportant)
+ NOTE: https://gitlab.com/libtiff/libtiff/-/commit/98a254f5b92cea22f5436555ff7fceb12afee84d
+ NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-35521 (A flaw was found in libtiff. Due to a memory allocation failure in tif ...)
+ - tiff 4.1.0+git201212-1 (unimportant)
+ NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b5a935d96b21cda0f434230cdf8ca958cd8b4eef
+ NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-35520
+ RESERVED
+CVE-2020-35519 (An out-of-bounds (OOB) memory access flaw was found in x25_bind in net ...)
+ - linux 5.9.15-1
+ [buster] - linux 4.19.171-1
+ [stretch] - linux 4.9.258-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/17
+CVE-2020-35518 (When binding against a DN during authentication, the reply from 389-ds ...)
+ - 389-ds-base 1.4.4.10-1
+ [buster] - 389-ds-base <not-affected> (Vulnerable code introduced later)
+ [stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1905565
+ NOTE: https://github.com/389ds/389-ds-base/issues/4480
+ NOTE: https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc (master)
+ NOTE: https://github.com/389ds/389-ds-base/commit/38b97faef8a6421a7a638ecdbf0b341e2b3f9ab3 (1.4.4.10)
+ NOTE: Introduced as side-effect of https://github.com/389ds/389-ds-base/issues/2535
+CVE-2020-35517 (A flaw was found in qemu. A host privilege escalation issue was found ...)
+ - qemu 1:5.2+dfsg-5 (bug #980814)
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/22/1
+CVE-2020-35516
+ RESERVED
+CVE-2020-35515
+ RESERVED
+CVE-2020-35514 (An insecure modification flaw in the /etc/kubernetes/kubeconfig file w ...)
+ NOT-FOR-US: OpenShift
+CVE-2020-35513 (A flaw incorrect umask during file or directory modification in the Li ...)
+ - linux 4.16.5-1
+ [stretch] - linux <not-affected> (Vulnerable code introduce later)
+ NOTE: https://git.kernel.org/linus/880a3a5325489a143269a8e172e7563ebf9897bc
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1911309
+CVE-2020-35512 (A use-after-free flaw was found in D-Bus Development branch &lt;= 1.13 ...)
+ - dbus 1.12.20-1
+ [buster] - dbus 1.12.20-0+deb10u1
+ [stretch] - dbus 1.10.32-0+deb9u1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909101
+ NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/305
+ NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/2b7948ef907669e844b52c4fa2268d6e3162a70c (dbus-1.13.18)
+ NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20)
+ NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32)
+CVE-2020-35511
+ RESERVED
+CVE-2020-35510 (A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redha ...)
+ - libjboss-remoting-java <removed>
+CVE-2020-35509
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2020-35508 (A flaw possibility of race condition and incorrect initialization of t ...)
+ - linux 5.9.9-1
+ [buster] - linux 4.19.160-1
+ [stretch] - linux 4.9.246-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902724
+CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutil ...)
+ - binutils 2.33.50.20200107-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25308
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a0fb7be96e0ce79e1ae429bc1ba913e5244d537
+ NOTE: binutils not covered by security support
+CVE-2020-35506 (A use-after-free vulnerability was found in the am53c974 SCSI host bus ...)
+ [experimental] - qemu 1:6.0+dfsg-1~exp0
+ - qemu 1:6.0+dfsg-3 (bug #984454)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - qemu <not-affected> (Vulnerable code not present, FIFO support added later)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909996
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1909247
+CVE-2020-35505 (A NULL pointer dereference flaw was found in the am53c974 SCSI host bu ...)
+ [experimental] - qemu 1:6.0+dfsg-1~exp0
+ - qemu 1:6.0+dfsg-3 (bug #984455)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - qemu <postponed> (Fix along in future DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909769
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer)
+CVE-2020-35504 (A NULL pointer dereference flaw was found in the SCSI emulation suppor ...)
+ [experimental] - qemu 1:6.0+dfsg-1~exp0
+ - qemu 1:6.0+dfsg-3 (bug #979679)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - qemu <postponed> (Fix along in future DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909766
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=0db895361b8a82e1114372ff9f48
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e392255766071c8cac480da3a9ae
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e5455b8c1c6170c788f3c0fd577c
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=c5fef9112b15c4b5494791cdf8bb
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=7b320a8e67a534925048cbabfa51
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=99545751734035b76bd372c4e721
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=fa7505c154d4d00ad89a747be2ed
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=fbc6510e3379fa8f8370bf71198f
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=0ebb5fd80589835153a0c2baa1b8
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=324c8809897c8c53ad05c3a7147d
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=607206948cacda4a80be5b976dba
+CVE-2020-35503 (A NULL pointer dereference flaw was found in the megasas-gen2 SCSI hos ...)
+ - qemu <unfixed> (bug #979678)
+ [bullseye] - qemu <postponed> (Minor issue)
+ [buster] - qemu <postponed> (Fix along in future DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910346
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2020-35502 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks wh ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=bbd53f1010b3d6a7b55d0094b2370c3a49322ddb (3.0.29)
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=4490d451f9b61baada414233897a83ec8d9908aa (3.0.29)
+CVE-2020-35501
+ RESERVED
+ - linux <unfixed> (unimportant)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/18/1
+ NOTE: https://lore.kernel.org/linux-audit/7230785.EvYhyI6sBW@x2/
+ NOTE: Negligible security impact
+CVE-2020-35500
+ REJECTED
+CVE-2020-35499 (A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 ...)
+ - linux 5.10.4-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910048
+ NOTE: https://git.kernel.org/linus/f6b8c6b5543983e9de29dc14716bfa4eb3f157c4
+CVE-2020-35498 (A vulnerability was found in openvswitch. A limitation in the implemen ...)
+ {DSA-4852-1 DLA-2571-1}
+ - openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-5 (bug #982493)
+ NOTE: master: https://github.com/openvswitch/ovs/commit/79349cbab0b2a755140eedb91833ad2760520a83
+ NOTE: 2.15: https://github.com/openvswitch/ovs/commit/0625dc79aec73b966f206e55655a2816696246d0
+ NOTE: 2.10: https://github.com/openvswitch/ovs/commit/79cec1a736b91548ec882d840986a11affda1068
+ NOTE: 2.6: https://github.com/openvswitch/ovs/commit/673c08eee8c8d4f2999ddd31524de7ff0f72b559
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/10/4
+CVE-2020-35497 (A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authent ...)
+ NOT-FOR-US: ovirt-engine
+CVE-2020-35496 (There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutil ...)
+ - binutils 2.33.50.20200107-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25308
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a0fb7be96e0ce79e1ae429bc1ba913e5244d537
+ NOTE: binutils not covered by security support
+CVE-2020-35495 (There's a flaw in binutils /bfd/pef.c. An attacker who is able to subm ...)
+ - binutils 2.33.50.20200107-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25306
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a0fb7be96e0ce79e1ae429bc1ba913e5244d537
+CVE-2020-35494 (There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is ab ...)
+ - binutils 2.33.50.20200107-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25319
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2c5b6e1a1c406cbe06e2d6f77861764ebd01b9ce
+CVE-2020-35493 (A flaw exists in binutils in bfd/pef.c. An attacker who is able to sub ...)
+ - binutils 2.33.50.20200107-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25307
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2a3559d54602cecfec6d90f792be4a70ad918ab
+ NOTE: NOTE: binutils not covered by security support
+CVE-2020-35492 (A flaw was found in cairo's image-compositor.c in all versions prior t ...)
+ {DLA-2518-1}
+ - cairo 1.16.0-5 (bug #978658)
+ [buster] - cairo 1.16.0-4+deb10u1
+ NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/issues/437
+ NOTE: Introduced by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/c986a7310bb06582b7d8a566d5f007ba4e5e75bf (1.12.12)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/03a820b173ed1fdef6ff14b4468f5dbc02ff59be
+ NOTE: Minor cleanup for test: https://gitlab.freedesktop.org/cairo/cairo/-/commit/8bc14a6bba3bc8a64ff0749c74d9b96305bf6429
+ NOTE: Additional meson support (test): https://gitlab.freedesktop.org/cairo/cairo/-/commit/0677e0a94968447e132c69f58cb04e5377e0c828
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1898396
+CVE-2020-35491 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2986
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
+CVE-2020-35490 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2986
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d
+CVE-2020-35489 (The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPr ...)
+ NOT-FOR-US: contact-form-7 (aka Contact Form 7) plugin for WordPress
+CVE-2020-35488 (The fileop module of the NXLog service in NXLog Community Edition 2.10 ...)
+ NOT-FOR-US: NXLog
+CVE-2020-35487
+ RESERVED
+CVE-2020-35486
+ RESERVED
+CVE-2020-35485
+ RESERVED
+CVE-2020-35484
+ RESERVED
+CVE-2020-35483 (AnyDesk before 6.1.0 on Windows, when run in portable mode on a system ...)
+ NOT-FOR-US: AnyDesk
+CVE-2020-35482 (SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-35481 (SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-35480 (An issue was discovered in MediaWiki before 1.35.1. Missing users (acc ...)
+ {DSA-4816-1 DLA-2504-1}
+ - mediawiki 1:1.35.1-1
+ NOTE: https://phabricator.wikimedia.org/T120883
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
+CVE-2020-35479 (MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language ...)
+ {DSA-4816-1 DLA-2504-1}
+ - mediawiki 1:1.35.1-1
+ NOTE: https://phabricator.wikimedia.org/T268938
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
+CVE-2020-35478 (MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWik ...)
+ - mediawiki 1:1.35.1-1
+ [buster] - mediawiki <not-affected> (Introduced in 1.33)
+ [stretch] - mediawiki <not-affected> (Introduced in 1.33)
+ NOTE: https://phabricator.wikimedia.org/T268938
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
+CVE-2020-35477 (MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries ...)
+ {DSA-4816-1 DLA-2504-1}
+ - mediawiki 1:1.35.1-1
+ NOTE: https://phabricator.wikimedia.org/T205908
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
+CVE-2020-35476 (A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 ...)
+ NOT-FOR-US: OpenTSDB
+CVE-2020-35475 (In MediaWiki before 1.35.1, the messages userrights-expiry-current and ...)
+ {DSA-4816-1}
+ - mediawiki 1:1.35.1-1
+ [stretch] - mediawiki <not-affected> (Introduced in 1.29)
+ NOTE: https://phabricator.wikimedia.org/T268917
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
+CVE-2020-35474 (In MediaWiki before 1.35.1, the combination of Html::rawElement and Me ...)
+ - mediawiki 1:1.35.1-1
+ [buster] - mediawiki <not-affected> (Introduced in 1.35)
+ [stretch] - mediawiki <not-affected> (Introduced in 1.35)
+ NOTE: https://phabricator.wikimedia.org/T268894
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
+CVE-2020-35473
+ RESERVED
+CVE-2020-35472
+ RESERVED
+CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and truncated datagrams, as dem ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2020-35470 (Envoy before 1.16.1 logs an incorrect downstream address because it co ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2020-35469 (The Software AG Terracotta Server OSS Docker image 5.4.1 contains a bl ...)
+ NOT-FOR-US: Software AG Terracotta Server OSS Docker image
+CVE-2020-35468 (The Appbase streams Docker image 2.1.2 contains a blank password for t ...)
+ NOT-FOR-US: Appbase streams Docker image
+CVE-2020-35467 (The Docker Docs Docker image through 2020-12-14 contains a blank passw ...)
+ NOT-FOR-US: Docker Docs Docker image
+CVE-2020-35466 (The Blackfire Docker image through 2020-12-14 contains a blank passwor ...)
+ NOT-FOR-US: Blackfire Docker image
+CVE-2020-35465 (The FullArmor HAPI File Share Mount Docker image through 2020-12-14 co ...)
+ NOT-FOR-US: FullArmor HAPI File Share Mount Docker image
+CVE-2020-35464 (Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank p ...)
+ NOT-FOR-US: Weave Cloud Agent Docker image
+CVE-2020-35463 (Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank ...)
+ NOT-FOR-US: Instana Dynamic APM Docker image
+CVE-2020-35462 (Version 3.16.0 of the CoScale agent Docker image contains a blank pass ...)
+ NOT-FOR-US: CoScale agent Docker image
+CVE-2020-35461
+ RESERVED
+CVE-2020-35460 (common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows dir ...)
+ NOT-FOR-US: Packwood MPXJ
+CVE-2020-35459 (An issue was discovered in ClusterLabs crmsh through 4.2.1. Local atta ...)
+ {DLA-2533-1}
+ - crmsh 4.2.1-2 (bug #985376)
+ [buster] - crmsh 4.0.0~git20190108.3d56538-3+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/3
+CVE-2020-35458 (An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There ...)
+ - hawk <itp> (bug #634344)
+CVE-2020-35457 (** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that ...)
+ - glib2.0 2.66.0-1 (unimportant)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2197
+ NOTE: Upstream position is that it is not realistically a security issue.
+CVE-2020-35456 (The Taidii Diibear Android application 2.4.0 and all its derivatives a ...)
+ NOT-FOR-US: Taidii Diibear Android application
+CVE-2020-35455 (The Taidii Diibear Android application 2.4.0 and all its derivatives a ...)
+ NOT-FOR-US: Taidii Diibear Android application
+CVE-2020-35454 (The Taidii Diibear Android application 2.4.0 and all its derivatives a ...)
+ NOT-FOR-US: Taidii Diibear Android application
+CVE-2020-35453 (HashiCorp Vault Enterprise&#8217;s Sentinel EGP policy feature incorre ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2020-35452 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest ...)
+ {DSA-4937-1 DLA-2706-1}
+ [experimental] - apache2 2.4.48-1
+ - apache2 2.4.46-6
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452
+ NOTE: https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b
+CVE-2020-35451 (There is a race condition in OozieSharelibCLI in Apache Oozie before v ...)
+ NOT-FOR-US: Apache Oozie
+CVE-2020-35450 (Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler fo ...)
+ - gobby 0.6.0~20201227~b98f4d2-1 (bug #978446)
+ [buster] - gobby <no-dsa> (Minor issue)
+ [stretch] - gobby <no-dsa> (Minor issue)
+ NOTE: https://github.com/gobby/gobby/issues/183
+ NOTE: https://github.com/gobby/gobby/pull/184
+ NOTE: https://github.com/gobby/gobby/commit/6f34307bff645eb2935d82deee0119ec89866118
+CVE-2020-35449
+ RESERVED
+CVE-2020-35448 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
+ - binutils <unfixed> (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26574
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8642dafaef21aa6747cec01df1977e9c52eb4679
+ NOTE: binutils not covered by security support
+CVE-2020-35447
+ RESERVED
+CVE-2020-35446
+ RESERVED
+CVE-2020-35445
+ RESERVED
+CVE-2020-35444
+ RESERVED
+CVE-2020-35443
+ RESERVED
+CVE-2020-35442 (FDCMS (also known as Fangfa Content Management System) 4.0 allows remo ...)
+ NOT-FOR-US: FDCMS (Fangfa Content Management System)
+CVE-2020-35441 (FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end ...)
+ NOT-FOR-US: FDCMS (Fangfa Content Management System)
+CVE-2020-35440
+ RESERVED
+CVE-2020-35439
+ RESERVED
+CVE-2020-35438 (Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin ...)
+ NOT-FOR-US: kk-star-ratings
+CVE-2020-35437 (Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through t ...)
+ NOT-FOR-US: Subrion CMS
+CVE-2020-35436
+ RESERVED
+CVE-2020-35435
+ RESERVED
+CVE-2020-35434
+ RESERVED
+CVE-2020-35433
+ RESERVED
+CVE-2020-35432
+ RESERVED
+CVE-2020-35431
+ RESERVED
+CVE-2020-35430 (SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemCon ...)
+ NOT-FOR-US: Inxedu
+CVE-2020-35429
+ RESERVED
+CVE-2020-35428
+ RESERVED
+CVE-2020-35427 (SQL injection vulnerability in PHPGurukul Employee Record Management S ...)
+ NOT-FOR-US: PHPGurukul Employee Record Management
+CVE-2020-35426
+ RESERVED
+CVE-2020-35425
+ RESERVED
+CVE-2020-35424
+ RESERVED
+CVE-2020-35423
+ RESERVED
+CVE-2020-35422
+ RESERVED
+CVE-2020-35421
+ RESERVED
+CVE-2020-35420
+ RESERVED
+CVE-2020-35419 (Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LAN ...)
+ NOT-FOR-US: Group Office CRM
+CVE-2020-35418 (Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4 ...)
+ NOT-FOR-US: Group Office CRM
+CVE-2020-35417
+ RESERVED
+CVE-2020-35416 (Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabber ...)
+ NOT-FOR-US: PHPJabbers Appointment Scheduler
+CVE-2020-35415
+ RESERVED
+CVE-2020-35414
+ RESERVED
+CVE-2020-35413
+ RESERVED
+CVE-2020-35412
+ RESERVED
+CVE-2020-35411
+ RESERVED
+CVE-2020-35410
+ RESERVED
+CVE-2020-35409
+ RESERVED
+CVE-2020-35408
+ RESERVED
+CVE-2020-35407
+ RESERVED
+CVE-2020-35406
+ RESERVED
+CVE-2020-35405
+ RESERVED
+CVE-2020-35404
+ RESERVED
+CVE-2020-35403
+ RESERVED
+CVE-2020-35402
+ RESERVED
+CVE-2020-35401
+ RESERVED
+CVE-2020-35400
+ RESERVED
+CVE-2020-35399
+ RESERVED
+CVE-2020-35398 (An issue was discovered in UTI Mutual fund Android application 5.4.18 ...)
+ NOT-FOR-US: UTI Mutual fund Android application
+CVE-2020-35397
+ RESERVED
+CVE-2020-35396 (EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting ( ...)
+ NOT-FOR-US: EGavilan Barcodes generator
+CVE-2020-35395 (XSS in the Add Expense Component of EGavilan Media Expense Management ...)
+ NOT-FOR-US: EGavilan Media Expense Management System
+CVE-2020-35394
+ RESERVED
+CVE-2020-35393
+ RESERVED
+CVE-2020-35392
+ RESERVED
+CVE-2020-35391 (Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sen ...)
+ NOT-FOR-US: Tenda
+CVE-2020-35390
+ RESERVED
+CVE-2020-35389
+ RESERVED
+CVE-2020-35388 (rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive info ...)
+ NOT-FOR-US: rainrocka xinhu
+CVE-2020-35387
+ RESERVED
+CVE-2020-35386
+ RESERVED
+CVE-2020-35385
+ RESERVED
+CVE-2020-35384
+ RESERVED
+CVE-2020-35383
+ RESERVED
+CVE-2020-35382 (SQL Injection in Classbooking before 2.4.1 via the username field of a ...)
+ NOT-FOR-US: Classbooking
+CVE-2020-35381 (jsonparser 1.0.0 allows attackers to cause a denial of service (panic: ...)
+ - golang-github-buger-jsonparser 1.1.1-1 (bug #978445)
+ [buster] - golang-github-buger-jsonparser <no-dsa> (Minor issue)
+ NOTE: https://github.com/buger/jsonparser/issues/219
+CVE-2020-35380 (GJSON before 1.6.4 allows attackers to cause a denial of service via c ...)
+ - golang-github-tidwall-gjson 1.6.7-1 (bug #977622)
+ NOTE: https://github.com/tidwall/gjson/issues/192
+ NOTE: https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc (v1.6.4)
+CVE-2020-35379
+ RESERVED
+CVE-2020-35378 (SQL Injection in the login page in Online Bus Ticket Reservation 1.0 a ...)
+ NOT-FOR-US: Online Bus Ticket Reservation
+CVE-2020-35377
+ RESERVED
+CVE-2020-35376 (Xpdf 4.02 allows stack consumption because of an incorrect subroutine ...)
+ - xpdf <not-affected> (Debian uses poppler, which is not affected)
+ NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42066
+CVE-2020-35375
+ RESERVED
+CVE-2020-35374
+ RESERVED
+CVE-2020-35373 (In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated ...)
+ NOT-FOR-US: Fiyo CMS
+CVE-2020-35372
+ RESERVED
+CVE-2020-35371
+ RESERVED
+CVE-2020-35370 (A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticate ...)
+ NOT-FOR-US: Raysync
+CVE-2020-35369
+ RESERVED
+CVE-2020-35368
+ RESERVED
+CVE-2020-35367
+ RESERVED
+CVE-2020-35366
+ RESERVED
+CVE-2020-35365
+ RESERVED
+CVE-2020-35364 (Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to ...)
+ NOT-FOR-US: Beijing Huorong Internet Security
+CVE-2020-35363
+ RESERVED
+CVE-2020-35362 (DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal ...)
+ NOT-FOR-US: DEXT5Upload
+CVE-2020-35361
+ RESERVED
+CVE-2020-35360
+ RESERVED
+CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server ...)
+ NOTE: Bogus issue, can be configured using MaxClientsPerIP in pure-ftpd.conf configuration file
+CVE-2020-35357
+ RESERVED
+CVE-2020-35356
+ RESERVED
+CVE-2020-35355
+ RESERVED
+CVE-2020-35354
+ RESERVED
+CVE-2020-35353
+ RESERVED
+CVE-2020-35352
+ RESERVED
+CVE-2020-35351
+ RESERVED
+CVE-2020-35350
+ RESERVED
+CVE-2020-35349 (Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_ti ...)
+ NOT-FOR-US: Savsoft Quiz
+CVE-2020-35348
+ RESERVED
+CVE-2020-35347 (CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator ...)
+ NOT-FOR-US: CXUUCMS
+CVE-2020-35346 (CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allow ...)
+ NOT-FOR-US: CXUUCMS
+CVE-2020-35345
+ RESERVED
+CVE-2020-35344
+ RESERVED
+CVE-2020-35343
+ RESERVED
+CVE-2020-35342
+ RESERVED
+CVE-2020-35341
+ RESERVED
+CVE-2020-35340 (A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 ...)
+ NOT-FOR-US: ExpertPDF
+CVE-2020-35339 (In 74cms version 5.0.1, there is a remote code execution vulnerability ...)
+ NOT-FOR-US: 74cms
+CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless Multiple ...)
+ NOT-FOR-US: Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server
+CVE-2020-35337 (ThinkSAAS before 3.38 contains a SQL injection vulnerability through a ...)
+ NOT-FOR-US: ThinkSAAS
+CVE-2020-35336
+ RESERVED
+CVE-2020-35335
+ RESERVED
+CVE-2020-35334
+ RESERVED
+CVE-2020-35333
+ RESERVED
+CVE-2020-35332
+ RESERVED
+CVE-2020-35331
+ RESERVED
+CVE-2020-35330
+ RESERVED
+CVE-2020-35329 (Courier Management System 1.0 1.0 is affected by SQL Injection via 'MU ...)
+ NOT-FOR-US: Courier Management System
+CVE-2020-35328 (Courier Management System 1.0 - 'First Name' Stored XSS ...)
+ NOT-FOR-US: Courier Management System
+CVE-2020-35327 (SQL injection vulnerability was discovered in Courier Management Syste ...)
+ NOT-FOR-US: Courier Management System
+CVE-2020-35326
+ RESERVED
+CVE-2020-35325
+ RESERVED
+CVE-2020-35324
+ RESERVED
+CVE-2020-35323
+ RESERVED
+CVE-2020-35322
+ RESERVED
+CVE-2020-35321
+ RESERVED
+CVE-2020-35320
+ RESERVED
+CVE-2020-35319
+ RESERVED
+CVE-2020-35318
+ RESERVED
+CVE-2020-35317
+ RESERVED
+CVE-2020-35316
+ RESERVED
+CVE-2020-35315
+ RESERVED
+CVE-2020-35314 (A remote code execution vulnerability in the installUpdateThemePluginA ...)
+ NOT-FOR-US: WonderCMS
+CVE-2020-35313 (A server-side request forgery (SSRF) vulnerability in the addCustomThe ...)
+ NOT-FOR-US: WonderCMS
+CVE-2020-35312
+ RESERVED
+CVE-2020-35311
+ RESERVED
+CVE-2020-35310
+ REJECTED
+CVE-2020-35309 (Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross ...)
+ NOT-FOR-US: Bakeshop Online Ordering System in PHP/MySQLi
+CVE-2020-35308 (CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability ...)
+ NOT-FOR-US: CONQUEST DICOM SERVER
+CVE-2020-35307
+ RESERVED
+CVE-2020-35306
+ RESERVED
+CVE-2020-35305
+ RESERVED
+CVE-2020-35304
+ RESERVED
+CVE-2020-35303
+ RESERVED
+CVE-2020-35302
+ RESERVED
+CVE-2020-35301
+ RESERVED
+CVE-2020-35300
+ RESERVED
+CVE-2020-35299
+ RESERVED
+CVE-2020-35298
+ RESERVED
+CVE-2020-35297
+ RESERVED
+CVE-2020-35296 (ThinkAdmin v6 has default administrator credentials, which allows atta ...)
+ NOT-FOR-US: ThinkAdmin
+CVE-2020-35295
+ RESERVED
+CVE-2020-35294
+ RESERVED
+CVE-2020-35293
+ RESERVED
+CVE-2020-35292
+ RESERVED
+CVE-2020-35291
+ RESERVED
+CVE-2020-35290
+ RESERVED
+CVE-2020-35289
+ RESERVED
+CVE-2020-35288
+ RESERVED
+CVE-2020-35287
+ RESERVED
+CVE-2020-35286
+ RESERVED
+CVE-2020-35285
+ RESERVED
+CVE-2020-35284 (Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory trav ...)
+ NOT-FOR-US: Flamingo (aka FlamingoIM)
+CVE-2020-35283
+ RESERVED
+CVE-2020-35282
+ RESERVED
+CVE-2020-35281
+ RESERVED
+CVE-2020-35280
+ RESERVED
+CVE-2020-35279
+ RESERVED
+CVE-2020-35278
+ RESERVED
+CVE-2020-35277
+ RESERVED
+CVE-2020-35276 (EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An at ...)
+ NOT-FOR-US: EgavilanMedia ECM Address Book
+CVE-2020-35275 (Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user c ...)
+ NOT-FOR-US: Coastercms
+CVE-2020-35274 (DotCMS Add Template with admin panel 20.11 is affected by cross-site S ...)
+ NOT-FOR-US: DotCMS
+CVE-2020-35273 (EgavilanMedia User Registration &amp; Login System with Admin Panel 1. ...)
+ NOT-FOR-US: EgavilanMedia User Registration & Login System with Admin Panel
+CVE-2020-35272 (Employee Performance Evaluation System in PHP/MySQLi with Source Code ...)
+ NOT-FOR-US: Employee Performance Evaluation System in PHP/MySQLi with Source Code
+CVE-2020-35271 (Employee Performance Evaluation System in PHP/MySQLi with Source Code ...)
+ NOT-FOR-US: Employee Performance Evaluation System in PHP/MySQLi with Source Code
+CVE-2020-35270 (Student Result Management System In PHP With Source Code is affected b ...)
+ NOT-FOR-US: Student Result Management System In PHP With Source Code
+CVE-2020-35269 (Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross ...)
+ - nagios4 <unfixed> (unimportant)
+ NOTE: https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc
+ NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/809
+ NOTE: Negligible security impact, only affects inherently insecure setups
+CVE-2020-35268
+ RESERVED
+CVE-2020-35267
+ RESERVED
+CVE-2020-35266
+ RESERVED
+CVE-2020-35265
+ RESERVED
+CVE-2020-35264
+ RESERVED
+CVE-2020-35263 (EgavilanMedia User Registration &amp; Login System 1.0 is affected by ...)
+ NOT-FOR-US: EgavilanMedia User Registration & Login System
+CVE-2020-35262 (Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be e ...)
+ NOT-FOR-US: Digisol
+CVE-2020-35261
+ RESERVED
+CVE-2020-35260
+ RESERVED
+CVE-2020-35259
+ RESERVED
+CVE-2020-35258
+ RESERVED
+CVE-2020-35257
+ RESERVED
+CVE-2020-35256
+ RESERVED
+CVE-2020-35255
+ RESERVED
+CVE-2020-35254
+ RESERVED
+CVE-2020-35253
+ RESERVED
+CVE-2020-35252 (Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter ...)
+ NOT-FOR-US: User Registration & Login System
+CVE-2020-35251
+ RESERVED
+CVE-2020-35250
+ RESERVED
+CVE-2020-35249 (Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows ...)
+ NOT-FOR-US: ElkarBackup
+CVE-2020-35248
+ RESERVED
+CVE-2020-35247
+ RESERVED
+CVE-2020-35246
+ RESERVED
+CVE-2020-35245 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
+ NOT-FOR-US: Flamingo (aka FlamingoIM)
+CVE-2020-35244 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
+ NOT-FOR-US: Flamingo (aka FlamingoIM)
+CVE-2020-35243 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
+ NOT-FOR-US: Flamingo (aka FlamingoIM)
+CVE-2020-35242 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...)
+ NOT-FOR-US: Flamingo (aka FlamingoIM)
+CVE-2020-35241 (FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog ...)
+ NOT-FOR-US: FlatPress
+CVE-2020-35240 (** DISPUTED ** FluxBB 1.5.11 is affected by cross-site scripting (XSS ...)
+ NOT-FOR-US: FluxBB
+CVE-2020-35239 (A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The Cs ...)
+ - cakephp <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed by: https://github.com/cakephp/cakephp/commit/d2da5346a6cddab284f8cf94e38f90d897595fe8 (4.0.10)
+ NOTE: Introduced after: https://github.com/cakephp/cakephp/commit/45474a4a9ca10e7c16db40180d086e4144006a9b (3.5.0-RC1)
+CVE-2020-35238
+ RESERVED
+CVE-2020-35237
+ RESERVED
+CVE-2020-35236 (The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incor ...)
+ NOT-FOR-US: amazee.io Lagoon
+CVE-2020-35235 (** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.minimal. ...)
+ NOT-FOR-US: WordPress plugin secure-file-manager
+CVE-2020-35234 (The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrato ...)
+ NOT-FOR-US: WordPress plugin easy-wp-smtp
+CVE-2020-35233 (The TFTP server fails to handle multiple connections on NETGEAR JGS516 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35232
+ REJECTED
+CVE-2020-35231 (The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.4 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35230 (Multiple integer overflow parameters were found in the web administrat ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35229 (The authentication token required to execute NSDP write requests on NE ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35228 (A cross-site scripting (XSS) vulnerability in the administration web p ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35227 (A buffer overflow vulnerability in the access control section on NETGE ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35226 (NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated user ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35225 (The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.4 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35224 (A buffer overflow vulnerability in the NSDP protocol authentication me ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35223 (The CSRF protection mechanism implemented in the web administration pa ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35222
+ REJECTED
+CVE-2020-35221 (The hashing algorithm implemented for NSDP password authentication on ...)
+ NOT-FOR-US: Netgear
+CVE-2020-35220
+ REJECTED
+CVE-2020-35219 (The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to acce ...)
+ NOT-FOR-US: ASUS
+CVE-2020-35218
+ RESERVED
+CVE-2020-35217 (Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSR ...)
+ NOT-FOR-US: Vert.x-Web framework
+CVE-2020-35216 (An issue in Atomix v3.1.5 allows attackers to cause a denial of servic ...)
+ NOT-FOR-US: Atomix
+CVE-2020-35215 (An issue in Atomix v3.1.5 allows attackers to access sensitive informa ...)
+ NOT-FOR-US: Atomix
+CVE-2020-35214 (An issue in Atomix v3.1.5 allows a malicious Atomix node to remove sta ...)
+ NOT-FOR-US: Atomix
+CVE-2020-35213 (An issue in Atomix v3.1.5 allows attackers to cause a denial of servic ...)
+ NOT-FOR-US: Atomix
+CVE-2020-35212
+ RESERVED
+CVE-2020-35211 (An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become t ...)
+ NOT-FOR-US: Atomix
+CVE-2020-35210 (A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of ...)
+ NOT-FOR-US: Atomix
+CVE-2020-35209 (An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a t ...)
+ NOT-FOR-US: Atomix
+CVE-2020-35208 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...)
+ NOT-FOR-US: LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app for iOS
+CVE-2020-35207 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...)
+ NOT-FOR-US: LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app for iOS
+CVE-2020-35206 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manage ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35205 (** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35204 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35203 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manage ...)
+ NOT-FOR-US: Quest Policy Authority
+CVE-2020-35202 (Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql ...)
+ NOT-FOR-US: Ignite Realtime Openfire
+CVE-2020-35201 (Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XS ...)
+ NOT-FOR-US: Ignite Realtime Openfire
+CVE-2020-35200 (Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.js ...)
+ NOT-FOR-US: Ignite Realtime Openfire
+CVE-2020-35199 (Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID St ...)
+ NOT-FOR-US: Ignite Realtime Openfire
+CVE-2020-35198 (An issue was discovered in Wind River VxWorks 7. The memory allocator ...)
+ NOT-FOR-US: Wind River VxWorks 7
+CVE-2020-35197 (The official memcached docker images before 1.5.11-alpine (Alpine spec ...)
+ NOT-FOR-US: memcached docker images before 1.5.11-alpine (Alpine specific)
+CVE-2020-35196 (The official rabbitmq docker images before 3.7.13-beta.1-management-al ...)
+ NOT-FOR-US: rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific)
+CVE-2020-35195 (The official haproxy docker images before 1.8.18-alpine (Alpine specif ...)
+ NOT-FOR-US: haproxy docker images before 1.8.18-alpine (Alpine specific)
+CVE-2020-35194
+ REJECTED
+CVE-2020-35193 (The official sonarqube docker images before alpine (Alpine specific) c ...)
+ NOT-FOR-US: sonarqube docker images before alpine (Alpine specific)
+CVE-2020-35192 (The official vault docker images before 0.11.6 contain a blank passwor ...)
+ NOT-FOR-US: vault docker images
+CVE-2020-35191 (The official drupal docker images before 8.5.10-fpm-alpine (Alpine spe ...)
+ NOT-FOR-US: drupal docker images
+CVE-2020-35190 (The official plone Docker images before version of 4.3.18-alpine (Alpi ...)
+ NOT-FOR-US: plone Docker images
+CVE-2020-35189 (The official kong docker images before 1.0.2-alpine (Alpine specific) ...)
+ NOT-FOR-US: kong docker images before 1.0.2-alpine (Alpine specific)
+CVE-2020-35188
+ REJECTED
+CVE-2020-35187 (The official telegraf docker images before 1.9.4-alpine (Alpine specif ...)
+ NOT-FOR-US: telegraf docker images before 1.9.4-alpine (Alpine specific)
+CVE-2020-35186 (The official adminer docker images before 4.7.0-fastcgi contain a blan ...)
+ NOT-FOR-US: adminer docker images
+CVE-2020-35185 (The official ghost docker images before 2.16.1-alpine (Alpine specific ...)
+ NOT-FOR-US: ghost docker images (Alpine specific)
+CVE-2020-35184 (The official composer docker images before 1.8.3 contain a blank passw ...)
+ NOT-FOR-US: composer docker images
+CVE-2020-35183
+ RESERVED
+CVE-2020-35182
+ RESERVED
+CVE-2020-35181
+ RESERVED
+CVE-2020-35180
+ RESERVED
+CVE-2020-35179
+ RESERVED
+CVE-2020-35178
+ RESERVED
+CVE-2020-35177 (HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enume ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2020-35176 (In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial a ...)
+ {DLA-2506-1}
+ - awstats 7.8-2 (bug #977190)
+ [buster] - awstats 7.6+dfsg-2+deb10u1
+ NOTE: https://github.com/eldy/awstats/issues/195
+ NOTE: https://github.com/eldy/AWStats/commit/96756d7f40e002cc1e6ba72c633fb66b92e54f49
+CVE-2020-35175 (Frappe Framework 12 and 13 does not properly validate the HTTP method ...)
+ NOT-FOR-US: Frappe Framework
+CVE-2020-35174
+ RESERVED
+CVE-2020-35173 (The Amaze File Manager application before 3.4.2 for Android does not p ...)
+ NOT-FOR-US: Amaze File Manager application for Android
+CVE-2020-35172
+ RESERVED
+CVE-2020-35171
+ RESERVED
+CVE-2020-35170 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Un ...)
+ NOT-FOR-US: Dell EMC Unisphere for PowerMax
+CVE-2020-35169
+ RESERVED
+CVE-2020-35168
+ RESERVED
+CVE-2020-35167
+ RESERVED
+CVE-2020-35166
+ RESERVED
+CVE-2020-35165
+ RESERVED
+CVE-2020-35164
+ RESERVED
+CVE-2020-35163
+ RESERVED
+CVE-2020-35162
+ RESERVED
+CVE-2020-35161
+ RESERVED
+CVE-2020-35160
+ RESERVED
+CVE-2020-35159
+ RESERVED
+CVE-2020-35158
+ RESERVED
+CVE-2020-35157
+ RESERVED
+CVE-2020-35156
+ RESERVED
+CVE-2020-35155
+ RESERVED
+CVE-2020-35154
+ RESERVED
+CVE-2020-35153
+ RESERVED
+CVE-2020-35152 (Cloudflare WARP for Windows allows privilege escalation due to an unqu ...)
+ NOT-FOR-US: Cloudflare WARP for Windows
+CVE-2020-35151 (The Online Marriage Registration System 1.0 post parameter "searchdata ...)
+ NOT-FOR-US: Online Marriage Registration System
+CVE-2020-35150
+ RESERVED
+CVE-2020-35149 (lib/utils.js in mquery before 3.2.3 allows a pollution attack because ...)
+ NOT-FOR-US: Node mquery
+CVE-2020-35148
+ RESERVED
+CVE-2020-35147
+ RESERVED
+CVE-2020-35146
+ RESERVED
+CVE-2020-35145 (Acronis True Image for Windows prior to 2021 Update 3 allowed local pr ...)
+ NOT-FOR-US: Acronis
+CVE-2020-35144
+ REJECTED
+CVE-2020-35143
+ RESERVED
+CVE-2020-35142
+ RESERVED
+CVE-2020-35141
+ RESERVED
+CVE-2020-35140
+ RESERVED
+CVE-2020-35139
+ RESERVED
+CVE-2020-35138 (** DISPUTED ** The MobileIron agents through 2021-03-22 for Android an ...)
+ NOT-FOR-US: MobileIron
+CVE-2020-35137
+ REJECTED
+CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. ...)
+ - dolibarr <removed>
+CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress allows ...)
+ NOT-FOR-US: ultimate-category-excluder plugin for WordPress
+CVE-2020-35134
+ RESERVED
+CVE-2020-35133 (irfanView 4.56 contains an error processing parsing files of type .pcx ...)
+ NOT-FOR-US: irfanView
+CVE-2020-35132 (An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that a ...)
+ - phpldapadmin <unfixed> (bug #987355)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474
+ NOTE: https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2
+ NOTE: https://github.com/leenooks/phpLDAPadmin/issues/130
+ NOTE: Fix is incomplete: https://github.com/leenooks/phpLDAPadmin/issues/130#issuecomment-745152260
+ NOTE: https://github.com/leenooks/phpLDAPadmin/issues/137
+CVE-2020-35131 (Cockpit before 0.6.1 allows an attacker to inject custom PHP code and ...)
+ NOT-FOR-US: Agentejo Cockpit
+CVE-2020-35130
+ RESERVED
+CVE-2020-35129 (Mautic before 3.2.4 is affected by stored XSS. An attacker with access ...)
+ NOT-FOR-US: Mautic
+CVE-2020-35128 (Mautic before 3.2.4 is affected by stored XSS. An attacker with permis ...)
+ NOT-FOR-US: Mautic
+CVE-2020-35127 (Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.j ...)
+ NOT-FOR-US: Ignite Realtime Openfire
+CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct ...)
+ NOT-FOR-US: Typesetter CMS
+CVE-2020-35125 (A cross-site scripting (XSS) vulnerability in the forms component of M ...)
+ NOT-FOR-US: Mautic
+CVE-2020-35124 (A cross-site scripting (XSS) vulnerability in the assets component of ...)
+ NOT-FOR-US: Mautic
+CVE-2020-35123 (In Zimbra Collaboration Suite Network Edition versions &lt; 9.0.0 P10 ...)
+ NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
+CVE-2020-35122 (An issue was discovered in the Keysight Database Connector plugin befo ...)
+ NOT-FOR-US: Keysight Database Connector plugin for Confluence
+CVE-2020-35121 (An issue was discovered in the Keysight Database Connector plugin befo ...)
+ NOT-FOR-US: Keysight Database Connector plugin for Confluence
+CVE-2020-35120
+ RESERVED
+CVE-2020-35119
+ RESERVED
+CVE-2020-35118
+ RESERVED
+CVE-2020-35117
+ RESERVED
+CVE-2020-35116
+ RESERVED
+CVE-2020-35115
+ RESERVED
+CVE-2020-35114 (Mozilla developers reported memory safety bugs present in Firefox 83. ...)
+ - firefox 84.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35114
+CVE-2020-35113 (Mozilla developers reported memory safety bugs present in Firefox 83 a ...)
+ {DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
+ - firefox 84.0-1
+ - firefox-esr 78.6.0esr-1
+ - thunderbird 1:78.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35113
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-35113
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35113
+CVE-2020-35112 (If a user downloaded a file lacking an extension on Windows, and then ...)
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35112
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-35112
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112
+CVE-2020-35111 (When an extension with the proxy permission registered to receive &lt; ...)
+ {DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
+ - firefox 84.0-1
+ - firefox-esr 78.6.0esr-1
+ - thunderbird 1:78.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35111
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-35111
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35111
+CVE-2020-35110
+ REJECTED
+CVE-2020-35109
+ RESERVED
+CVE-2020-35108
+ RESERVED
+CVE-2020-35107
+ RESERVED
+CVE-2020-35106
+ RESERVED
+CVE-2020-35096
+ RESERVED
+CVE-2020-35090
+ REJECTED
+CVE-2020-35076
+ REJECTED
+CVE-2020-35061
+ RESERVED
+CVE-2020-35037 (The Events Manager WordPress plugin before 5.9.8 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin events-manager
+CVE-2020-35030
+ RESERVED
+CVE-2020-35017
+ RESERVED
+CVE-2020-35012 (The Events Manager WordPress plugin before 5.9.8 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin events-manager
+CVE-2020-35001
+ RESERVED
+CVE-2020-29670
+ RESERVED
+CVE-2020-29669 (In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Gue ...)
+ NOT-FOR-US: Macally WIFISD2-2A82 Media and Travel Router
+CVE-2020-29668 (Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API ...)
+ {DSA-4818-1 DLA-2499-1}
+ - sympa 6.2.58~dfsg-2 (bug #976020)
+ NOTE: https://github.com/sympa-community/sympa/issues/1041
+ NOTE: https://github.com/sympa-community/sympa/pull/1044
+CVE-2020-29667 (In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker ab ...)
+ NOT-FOR-US: Lan ATMService M3 ATM Monitoring System
+CVE-2020-29666 (In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-l ...)
+ NOT-FOR-US: Lan ATMService M3 ATM Monitoring System
+CVE-2020-29665
+ RESERVED
+CVE-2020-29664 (A command injection issue in dji_sys in DJI Mavic 2 Remote Controller ...)
+ NOT-FOR-US: DJI Mavic 2 Remote Controller firmware
+CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked ...)
+ - icinga2 2.12.3-1
+ [buster] - icinga2 <no-dsa> (Minor issue)
+ [stretch] - icinga2 <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-pcmr-2p2f-r7j6
+ NOTE: https://github.com/Icinga/icinga2/commit/abbd7d5494369af8bbf8fc12f5dc1a0f05a1f817
+ NOTE: https://github.com/Icinga/icinga2/commit/cae22a89da9e6a381904c3b207e5a3f93f6ed838
+CVE-2020-29662 (In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog&#8217;s ...)
+ NOT-FOR-US: Harbor
+CVE-2020-29661 (A locking issue was discovered in the tty subsystem of the Linux kerne ...)
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
+ - linux 5.9.15-1
+ NOTE: https://git.kernel.org/linus/54ffccbf053b5b6ca4f6e45094b942fab92a25fc
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2125
+ NOTE: https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html
+CVE-2020-29660 (A locking inconsistency issue was discovered in the tty subsystem of t ...)
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
+ - linux 5.9.15-1
+ NOTE: https://git.kernel.org/linus/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2125
+ NOTE: https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html
+CVE-2020-29659 (A buffer overflow in the web server of Flexense DupScout Enterprise 10 ...)
+ NOT-FOR-US: Flexense DupScout Enterprise
+CVE-2020-29658 (Zoho ManageEngine Application Control Plus before 100523 has an insecu ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2020-29657 (In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unh ...)
+ - iotjs <unfixed> (bug #977736; unimportant)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4244
+ NOTE: Does not affect code built in into the library
+CVE-2020-29656 (An information disclosure vulnerability exists in RT-AC88U Download Ma ...)
+ NOT-FOR-US: RT-AC88U Download Master
+CVE-2020-29655 (An injection vulnerability exists in RT-AC88U Download Master before 3 ...)
+ NOT-FOR-US: RT-AC88U Download Master
+CVE-2020-29654 (Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that lea ...)
+ NOT-FOR-US: Western Digital Dashboard
+CVE-2020-29653
+ RESERVED
+CVE-2020-29652 (A nil pointer dereference in the golang.org/x/crypto/ssh component thr ...)
+ - golang-go.crypto 1:0.0~git20201221.eec23a3-1
+ [buster] - golang-go.crypto <not-affected> (Vulnerable code not present)
+ [stretch] - golang-go.crypto <not-affected> (Vulnerable code not present)
+ NOTE: https://go-review.googlesource.com/c/crypto/+/278852
+ NOTE: https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1
+ NOTE: Introduced in: https://github.com/golang/crypto/commit/cbcb750295291b33242907a04be40e80801d0cfc (2019-05-10)
+CVE-2020-29651 (A denial of service via regular expression in the py.path.svnwc compon ...)
+ - python-py 1.10.0-1
+ [buster] - python-py <no-dsa> (Minor issue)
+ [stretch] - python-py <postponed> (Minor issue)
+ - pypy <unfixed> (unimportant)
+ - pypy3 <unfixed> (unimportant)
+ NOTE: https://github.com/pytest-dev/py/issues/256
+ NOTE: https://github.com/pytest-dev/py/pull/257
+ NOTE: https://github.com/pytest-dev/py/commit/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144
+CVE-2020-29650
+ RESERVED
+CVE-2020-29649
+ RESERVED
+CVE-2020-29648
+ RESERVED
+CVE-2020-29647
+ RESERVED
+CVE-2020-29646
+ RESERVED
+CVE-2020-29645
+ RESERVED
+CVE-2020-29644
+ RESERVED
+CVE-2020-29643
+ RESERVED
+CVE-2020-29642
+ RESERVED
+CVE-2020-29641
+ RESERVED
+CVE-2020-29640
+ RESERVED
+CVE-2020-29639 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-29638
+ RESERVED
+CVE-2020-29637
+ RESERVED
+CVE-2020-29636
+ RESERVED
+CVE-2020-29635
+ RESERVED
+CVE-2020-29634
+ RESERVED
+CVE-2020-29633 (An authentication issue was addressed with improved state management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-29632
+ RESERVED
+CVE-2020-29631
+ RESERVED
+CVE-2020-29630
+ RESERVED
+CVE-2020-29629 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-29628
+ RESERVED
+CVE-2020-29627
+ RESERVED
+CVE-2020-29626
+ RESERVED
+CVE-2020-29625 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-29624 (A memory corruption issue existed in the processing of font files. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-29623 ("Clear History and Website Data" did not clear the history. The issue ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2020-29622 (A race condition was addressed with additional validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-29621 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-29620 (This issue was addressed with improved entitlements. This issue is fix ...)
+ NOT-FOR-US: Apple
+CVE-2020-29619 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-29618 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-29617 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-29616 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-29615 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-29614 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-29613 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-29612 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-29611 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-29610 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-29609
+ RESERVED
+CVE-2020-29608 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-29607 (A file upload restriction bypass vulnerability in Pluck CMS before 4.7 ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2020-35921 (An issue was discovered in the miow crate before 0.3.6 for Rust. It ha ...)
+ - rust-miow 0.3.6-1 (bug #976871)
+ [buster] - rust-miow <ignored> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0080.html
+ NOTE: https://github.com/yoshuawuyts/miow/issues/38
+CVE-2020-35919 (An issue was discovered in the net2 crate before 0.2.36 for Rust. It h ...)
+ - rust-net2 0.2.37-1 (bug #976870)
+ [buster] - rust-net2 <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0078.html
+ NOTE: https://github.com/deprecrated/net2-rs/issues/105
+CVE-2020-35916 (An issue was discovered in the image crate before 0.23.12 for Rust. A ...)
+ - rust-image <unfixed> (bug #976869)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0073.html
+ NOTE: https://github.com/image-rs/image/issues/1357
+CVE-2020-29606
+ REJECTED
+CVE-2020-29605 (An issue was discovered in MantisBT before 2.24.4. Due to insufficient ...)
+ - mantis <removed>
+CVE-2020-29604 (An issue was discovered in MantisBT before 2.24.4. A missing access ch ...)
+ - mantis <removed>
+CVE-2020-29603 (In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileg ...)
+ - mantis <removed>
+CVE-2020-29602 (The official irssi docker images before 1.1-alpine (Alpine specific) c ...)
+ NOT-FOR-US: irssi Docker images
+CVE-2020-29601 (The official notary docker images before signer-0.6.1-1 contain a blan ...)
+ NOT-FOR-US: notary Docker images
+CVE-2020-29600 (In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute ...)
+ {DLA-2506-1}
+ - awstats 7.8-1 (bug #891469)
+ [buster] - awstats 7.6+dfsg-2+deb10u1
+ NOTE: https://github.com/eldy/awstats/issues/90
+ NOTE: https://github.com/eldy/awstats/commit/d4d815d0caae3dbae83ac70a1ae4581bd57cf376
+CVE-2020-29599 (ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the - ...)
+ {DLA-2523-1}
+ - imagemagick 8:6.9.11.57+dfsg-1 (bug #977205)
+ [buster] - imagemagick <no-dsa> (Minor issue, 200-disable-ghostscript-formats.patch addresses this)
+ NOTE: https://github.com/ImageMagick/ImageMagick/discussions/2851
+ NOTE: https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a9e63436aa04c805fe3f9e2ed242dfa4621df823
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/68154c05cf40a80b6f2e2dd9fdc4428570f875f0
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/89a1c73ee2693ded91a72d00bdf3aba410f349f1
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a7b2d8328c539da6e79a118a0b8e97462c7daa77
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/2eead004825d31e8f49022f0bc4ca0d3457b0bb1
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/20f520ed5c8541ae6646bc38d9d3b480785be6c3
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a2b3dd8455da2f17849b55e6b6ddcce587e4a323
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7b0cce080345e5b7ef26d122f18809c93a19a80e
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/875fdf773d6e822364f876bed14c1785a01b45a7
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ab2e97d2f7520d1d9ff36ef421caf2a899e14ce4
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/869e38717fa91325da87c2a4cedc148a770a07ec
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/226804980651bb4eb5f3ba3b9d7e992f2eda4710
+ NOTE: ImageMagick6 (bugfix): https://github.com/ImageMagick/ImageMagick6/commit/83ec5b5b8ee7cae891fff59340be207b513a030d (6.9.11-41)
+ NOTE: Issue mitigated by disabling ghostscript handled formats based on -SAFER insecurity,
+ NOTE: cf 200-disable-ghostscript-formats.patch in 8:6.9.10.23+dfsg-2.1+deb10u1, but opens
+ NOTE: #964090.
+ NOTE: 2 vectors for IM6:
+ NOTE: - stealth (ps:* delegates, hard-coded options)
+ NOTE: broken between 78c7532f3ff5424de06e5d807cbb35c041bd2990 (6.9.4-2) and 8787fc6de99078fde055bd400b14e1ce3a2971f9 (6.9.8-1)
+ NOTE: '-authenticate' replaced by '-define authenticate=' between 8787fc6de99078fde055bd400b14e1ce3a2971f9 (6.9.8-1) and 83ec5b above
+ NOTE: - bimodal ('-define delegate:bimodal=true' + pdf->(e)ps delegates, %a expansion) after 78c7532f3ff5424de06e5d807cbb35c041bd2990 (6.9.4-2)
+CVE-2020-29598
+ REJECTED
+CVE-2020-29597 (IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file ...)
+ NOT-FOR-US: IncomCMS
+CVE-2020-29596 (MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial o ...)
+ NOT-FOR-US: MiniWeb HTTP server
+CVE-2020-29595 (PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 ...)
+ NOT-FOR-US: ACDSee Photo Studio Studio Professional
+CVE-2020-29594 (Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x be ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2020-29593 (An issue was discovered in Orchard before 1.10. The Media Settings All ...)
+ NOT-FOR-US: Orchard CMS
+CVE-2020-29592 (An issue was discovered in Orchard before 1.10. A broken access contro ...)
+ NOT-FOR-US: Orchard CMS
+CVE-2020-29591 (Versions of the Official registry Docker images through 2.7.0 contain ...)
+ NOT-FOR-US: registry Docker image
+CVE-2020-29590
+ REJECTED
+CVE-2020-29589
+ REJECTED
+CVE-2020-29588
+ RESERVED
+CVE-2020-29587 (SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creat ...)
+ NOT-FOR-US: SimplCommerce
+CVE-2020-29586
+ RESERVED
+CVE-2020-29585
+ RESERVED
+CVE-2020-29584
+ RESERVED
+CVE-2020-29583 (Firmware version 4.60 of Zyxel USG devices contains an undocumented ac ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-29582 (In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for ...)
+ - kotlin <unfixed> (bug #1001037)
+ NOTE: https://youtrack.jetbrains.com/issue/KT-42181 (not public)
+CVE-2020-29581 (The official spiped docker images before 1.5-alpine contain a blank pa ...)
+ NOT-FOR-US: spiped Docker images
+CVE-2020-29580 (The official storm Docker images before 1.2.1 contain a blank password ...)
+ NOT-FOR-US: storm Docker images
+CVE-2020-29579 (The official Express Gateway Docker images before 1.14.0 contain a bla ...)
+ NOT-FOR-US: Express Gateway Docker images
+CVE-2020-29578 (The official piwik Docker images before fpm-alpine (Alpine specific) c ...)
+ NOT-FOR-US: piwik Docker images
+CVE-2020-29577 (The official znc docker images before 1.7.1-slim contain a blank passw ...)
+ NOT-FOR-US: znc Docker images
+CVE-2020-29576 (The official eggdrop Docker images before 1.8.4rc2 contain a blank pas ...)
+ NOT-FOR-US: eggdrop Docker images
+CVE-2020-29575 (The official elixir Docker images before 1.8.0-alpine (Alpine specific ...)
+ NOT-FOR-US: elixir Docker images
+CVE-2020-29574 (An SQL injection vulnerability in the WebAdmin of Cyberoam OS through ...)
+ NOT-FOR-US: WebAdmin of Cyberoam OS
+CVE-2020-29573 (sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) befo ...)
+ - glibc 2.23-1
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26649
+ NOTE: https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1905213#c5
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;h=d81f90ccd0109de9ed78aeeb8d86e2c6d4600690 (glibc-2.22)
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;h=8df4e219e43a4a257d0759b54fef8c488e2f282e (glibc-2.23)
+CVE-2020-29572 (app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp ...)
+ NOT-FOR-US: MISP
+CVE-2020-29571 (An issue was discovered in Xen through 4.14.x. A bounds check common t ...)
+ {DSA-4812-1}
+ - xen 4.14.0+88-g1d1d1f5391-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-359.html
+CVE-2020-29570 (An issue was discovered in Xen through 4.14.x. Recording of the per-vC ...)
+ {DSA-4812-1}
+ - xen 4.14.0+88-g1d1d1f5391-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-358.html
+CVE-2020-29569 (An issue was discovered in the Linux kernel through 5.10.1, as used wi ...)
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
+ - linux 5.9.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-350.html
+CVE-2020-29568 (An issue was discovered in Xen through 4.14.x. Some OSes (such as Linu ...)
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
+ - linux 5.9.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-349.html
+CVE-2020-29567 (An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs t ...)
+ - xen 4.14.0+88-g1d1d1f5391-1
+ [buster] - xen <not-affected> (Only affects 4.14)
+ [stretch] - xen <not-affected> (Only affects 4.14)
+ NOTE: https://xenbits.xen.org/xsa/advisory-356.html
+CVE-2020-29566 (An issue was discovered in Xen through 4.14.x. When they require assis ...)
+ {DSA-4812-1}
+ - xen 4.14.0+88-g1d1d1f5391-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-348.html
+CVE-2020-29565 (An issue was discovered in OpenStack Horizon before 15.3.2, 16.x befor ...)
+ {DSA-4820-1}
+ - horizon 3:18.6.1-1 (bug #976872)
+ [stretch] - horizon <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/horizon/+bug/1865026
+ NOTE: https://review.opendev.org/c/openstack/horizon/+/758841/
+ NOTE: https://review.opendev.org/c/openstack/horizon/+/758843/
+ NOTE: https://opendev.org/openstack/horizon/commit/252467100f75587e18df9c43ed5802ee8f0017fa
+CVE-2020-29564 (The official Consul Docker images 0.7.1 through 1.4.2 contain a blank ...)
+ NOT-FOR-US: Consul Docker images
+CVE-2020-29563 (An issue was discovered on Western Digital My Cloud OS 5 devices befor ...)
+ NOT-FOR-US: Western Digital My Cloud OS
+CVE-2020-29562 (The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2 ...)
+ - glibc 2.31-7 (bug #976391)
+ [buster] - glibc <not-affected> (Vulnerability introduced later in 2.30)
+ [stretch] - glibc <not-affected> (Vulnerability introduced later in 2.30)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26923
+ NOTE: https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=228edd356f03bf62dcf2b1335f25d43c602ee68d
+CVE-2020-29561 (An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does ...)
+ NOT-FOR-US: SonicBOOM riscv-boom
+CVE-2020-29560
+ RESERVED
+CVE-2020-29559
+ RESERVED
+CVE-2020-29558
+ RESERVED
+CVE-2020-29557 (An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 bef ...)
+ NOT-FOR-US: D-Link
+CVE-2020-29556 (The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an aut ...)
+ NOT-FOR-US: Grav CMS
+CVE-2020-29555 (The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows ...)
+ NOT-FOR-US: Grav CMS
+CVE-2020-29554
+ RESERVED
+CVE-2020-29553 (The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to ex ...)
+ NOT-FOR-US: Grav CMS
+CVE-2020-29552 (An issue was discovered in URVE Build 24.03.2020. By using the _intern ...)
+ NOT-FOR-US: URVE
+CVE-2020-29551 (An issue was discovered in URVE Build 24.03.2020. Using the _internal/ ...)
+ NOT-FOR-US: URVE
+CVE-2020-29550 (An issue was discovered in URVE Build 24.03.2020. The password of an i ...)
+ NOT-FOR-US: URVE
+CVE-2020-29549
+ RESERVED
+CVE-2020-29548 (An issue was discovered in SmarterTools SmarterMail through 100.0.7537 ...)
+ NOT-FOR-US: SmarterTools
+CVE-2020-29547
+ RESERVED
+ - citadel <removed>
+ [buster] - citadel <ignored> (Minor issue)
+ [stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259
+ NOTE: https://nostarttls.secvuln.info/
+ NOTE: CVE-2020-29547 and CVE-2021-37845 seem like dupes
+CVE-2020-29546
+ RESERVED
+CVE-2020-29545
+ RESERVED
+CVE-2020-29544
+ RESERVED
+CVE-2020-29543
+ RESERVED
+CVE-2020-29542
+ RESERVED
+CVE-2020-29541
+ RESERVED
+CVE-2020-29540 (API calls in the Translation API feature in Systran Pure Neural Server ...)
+ NOT-FOR-US: Systran Pure Neural Server
+CVE-2020-29539 (A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pur ...)
+ NOT-FOR-US: Systran Pure Neural Server
+CVE-2020-29538 (Archer before 6.9 P1 (6.9.0.1) contains an improper access control vul ...)
+ NOT-FOR-US: Archer
+CVE-2020-29537 (Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnera ...)
+ NOT-FOR-US: Archer
+CVE-2020-29536 (Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerab ...)
+ NOT-FOR-US: Archer
+CVE-2020-29535 (Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A ...)
+ NOT-FOR-US: Archer
+CVE-2020-29533
+ RESERVED
+CVE-2020-29532
+ RESERVED
+CVE-2020-29531
+ RESERVED
+CVE-2020-29530
+ RESERVED
+CVE-2020-29534 (An issue was discovered in the Linux kernel before 5.9.3. io_uring tak ...)
+ - linux 5.9.6-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2089
+ NOTE: https://git.kernel.org/linus/0f2122045b946241a9e549c2a76cea54fa58a7ff
+CVE-2020-29529 (HashiCorp go-slug up to 0.4.3 did not fully protect against directory ...)
+ - golang-github-hashicorp-go-slug 0.5.0-1 (bug #976873)
+ NOTE: https://github.com/hashicorp/go-slug/pull/12
+CVE-2020-29528
+ RESERVED
+CVE-2020-29527
+ RESERVED
+CVE-2020-29526
+ RESERVED
+CVE-2020-29525
+ RESERVED
+CVE-2020-29524
+ RESERVED
+CVE-2020-29523
+ RESERVED
+CVE-2020-29522
+ RESERVED
+CVE-2020-29521
+ RESERVED
+CVE-2020-29520
+ RESERVED
+CVE-2020-29519
+ RESERVED
+CVE-2020-29518
+ RESERVED
+CVE-2020-29517
+ RESERVED
+CVE-2020-29516
+ RESERVED
+CVE-2020-29515
+ RESERVED
+CVE-2020-29514
+ RESERVED
+CVE-2020-29513
+ RESERVED
+CVE-2020-29512
+ RESERVED
+CVE-2020-29511 (The encoding/xml package in Go (all versions) does not correctly prese ...)
+ - golang-1.15 <unfixed> (unimportant)
+ - golang-1.11 <removed> (unimportant)
+ - golang-1.8 <removed> (unimportant)
+ [stretch] - golang-1.8 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship)
+ - golang-1.7 <removed> (unimportant)
+ [stretch] - golang-1.7 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship)
+ NOTE: https://github.com/golang/go/issues/43168
+ NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
+ NOTE: Upstream considers this WONTFIX and requires validation/updates in potentially affected SAML libs
+CVE-2020-29510 (The encoding/xml package in Go versions 1.15 and earlier does not corr ...)
+ - golang-1.15 <unfixed> (unimportant)
+ - golang-1.11 <removed> (unimportant)
+ - golang-1.8 <removed> (unimportant)
+ [stretch] - golang-1.8 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship)
+ - golang-1.7 <removed> (unimportant)
+ [stretch] - golang-1.7 <ignored> (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship)
+ NOTE: https://github.com/golang/go/issues/43168
+ NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
+ NOTE: Upstream considers this WONTFIX and requires validation/updates in potentially affected SAML libs
+CVE-2020-29509 (The encoding/xml package in Go (all versions) does not correctly prese ...)
+ - golang-github-russellhaering-gosaml2 <itp> (bug #948190)
+ - golang-1.15 <unfixed> (unimportant)
+ - golang-1.11 <removed> (unimportant)
+ - golang-1.8 <removed> (unimportant)
+ - golang-1.7 <removed> (unimportant)
+ NOTE: Golang upstream does not consider the issue to be fixable in Go, instead
+ NOTE: shifts responsibility to saml packages.
+ NOTE: https://github.com/golang/go/issues/43168
+ NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
+ NOTE: https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg
+CVE-2020-29508
+ RESERVED
+CVE-2020-29507
+ RESERVED
+CVE-2020-29506
+ RESERVED
+CVE-2020-29505
+ RESERVED
+CVE-2020-29504
+ RESERVED
+CVE-2020-29503 (Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file per ...)
+ NOT-FOR-US: EMC PowerStore
+CVE-2020-29502 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...)
+ NOT-FOR-US: EMC PowerStore
+CVE-2020-29501 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...)
+ NOT-FOR-US: EMC PowerStore
+CVE-2020-29500 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...)
+ NOT-FOR-US: EMC PowerStore
+CVE-2020-29499 (Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Comm ...)
+ NOT-FOR-US: EMC PowerStore
+CVE-2020-29498 (Dell Wyse Management Suite versions prior to 3.1 contain an open redir ...)
+ NOT-FOR-US: Dell Wyse Management Suite
+CVE-2020-29497 (Dell Wyse Management Suite versions prior to 3.1 contain a stored cros ...)
+ NOT-FOR-US: Dell Wyse Management Suite
+CVE-2020-29496 (Dell Wyse Management Suite versions prior to 3.1 contain a stored cros ...)
+ NOT-FOR-US: Dell Wyse Management Suite
+CVE-2020-29495 (DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Comma ...)
+ NOT-FOR-US: Dell EMC Avamar Server
+CVE-2020-29494 (Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Trav ...)
+ NOT-FOR-US: Dell EMC Avamar Server
+CVE-2020-29493 (DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injec ...)
+ NOT-FOR-US: Dell EMC Avamar Server
+CVE-2020-29492 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure default co ...)
+ NOT-FOR-US: Dell Wyse ThinOS
+CVE-2020-29491 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure default co ...)
+ NOT-FOR-US: Dell Wyse ThinOS
+CVE-2020-29490 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...)
+ NOT-FOR-US: EMC
+CVE-2020-29489 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...)
+ NOT-FOR-US: EMC
+CVE-2020-29488
+ RESERVED
+CVE-2020-29487 (An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstor ...)
+ NOT-FOR-US: xapi
+CVE-2020-29486 (An issue was discovered in Xen through 4.14.x. Nodes in xenstore have ...)
+ {DSA-4812-1}
+ - xen 4.14.0+88-g1d1d1f5391-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-352.html
+CVE-2020-29485 (An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a ...)
+ {DSA-4812-1}
+ - xen 4.14.0+88-g1d1d1f5391-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-330.html
+CVE-2020-29484 (An issue was discovered in Xen through 4.14.x. When a Xenstore watch f ...)
+ {DSA-4812-1}
+ - xen 4.14.0+88-g1d1d1f5391-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-324.html
+CVE-2020-29483 (An issue was discovered in Xen through 4.14.x. Xenstored and guests co ...)
+ {DSA-4812-1}
+ - xen 4.14.0+88-g1d1d1f5391-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-325.html
+CVE-2020-29482 (An issue was discovered in Xen through 4.14.x. A guest may access xens ...)
+ {DSA-4812-1}
+ - xen 4.14.0+88-g1d1d1f5391-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-323.html
+CVE-2020-29481 (An issue was discovered in Xen through 4.14.x. Access rights of Xensto ...)
+ {DSA-4812-1}
+ - xen 4.14.0+88-g1d1d1f5391-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-322.html
+CVE-2020-29480 (An issue was discovered in Xen through 4.14.x. Neither xenstore implem ...)
+ {DSA-4812-1}
+ - xen 4.14.0+88-g1d1d1f5391-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-115.html
+CVE-2020-29479 (An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored ...)
+ {DSA-4812-1}
+ - xen 4.14.0+88-g1d1d1f5391-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-353.html
+CVE-2020-29478 (CA Service Catalog 17.2 and 17.3 contain a vulnerability in the defaul ...)
+ NOT-FOR-US: CA Service Catalog
+CVE-2020-29477 (Invision Community 4.5.4 is affected by cross-site scripting (XSS) in ...)
+ NOT-FOR-US: Invision Community
+CVE-2020-29476
+ RESERVED
+CVE-2020-29475 (nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in th ...)
+ NOT-FOR-US: nopCommerce Store
+CVE-2020-29474 (EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerabi ...)
+ NOT-FOR-US: EGavilan Media EGM Address Book
+CVE-2020-29473
+ RESERVED
+CVE-2020-29472 (EGavilan Media Under Construction page with cPanel 1.0 contains a SQL ...)
+ NOT-FOR-US: cPanel
+CVE-2020-29471 (OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Prof ...)
+ NOT-FOR-US: OpenCart
+CVE-2020-29470 (OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subj ...)
+ NOT-FOR-US: OpenCart
+CVE-2020-29469 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu ...)
+ NOT-FOR-US: WonderCMS
+CVE-2020-29468
+ RESERVED
+CVE-2020-29467
+ RESERVED
+CVE-2020-29466
+ RESERVED
+CVE-2020-29465
+ RESERVED
+CVE-2020-29464
+ RESERVED
+CVE-2020-29463
+ RESERVED
+CVE-2020-29462
+ RESERVED
+CVE-2020-29461
+ RESERVED
+CVE-2020-29460
+ RESERVED
+CVE-2020-29459
+ RESERVED
+CVE-2020-29458 (Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. ...)
+ NOT-FOR-US: Textpattern CMS
+CVE-2020-29457 (A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4. ...)
+ NOT-FOR-US: OPC UA .NET
+CVE-2020-29456 (Multiple cross-site scripting (XSS) vulnerabilities in Papermerge befo ...)
+ NOT-FOR-US: Papermerge
+CVE-2020-29455 (A cross-Site Scripting (XSS) vulnerability in this.showInvalid and thi ...)
+ NOT-FOR-US: SmartyStreets liveAddressPlugin.js
+CVE-2020-29454 (Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user ...)
+ NOT-FOR-US: Umbraco CMS
+CVE-2020-29453 (The CachingResourceDownloadRewriteRule class in Jira Server and Jira D ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-29452
+ RESERVED
+CVE-2020-29451 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-29450 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-29449
+ RESERVED
+CVE-2020-29448 (The ConfluenceResourceDownloadRewriteRule class in Confluence Server a ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-29447 (Affected versions of Atlassian Crucible allow remote attackers to impa ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-29446 (Affected versions of Atlassian Fisheye &amp; Crucible allow remote att ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-29445 (Affected versions of Confluence Server before 7.4.8, and versions from ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-29444 (Affected versions of Team Calendar in Confluence Server before 7.11.0 ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-29443 (ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of- ...)
+ {DLA-2560-1}
+ - qemu 1:5.2+dfsg-11 (bug #983575)
+ [buster] - qemu <postponed> (Fix along in future DSA)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04255.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=813212288970c39b1800f63e83ac6e96588095c6
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b8d7f1bc59276fec85e4d09f1567613a3e14d31e
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/18/2
+CVE-2020-29442
+ RESERVED
+CVE-2020-29441 (An issue was discovered in the Upload Widget in OutSystems Platform 10 ...)
+ NOT-FOR-US: Upload Widget in OutSystems Platform 10
+CVE-2020-29440 (Tesla Model X vehicles before 2020-11-23 do not perform certificate va ...)
+ NOT-FOR-US: Tesla Model X vehicles
+CVE-2020-29439 (Tesla Model X vehicles before 2020-11-23 have key fobs that rely on fi ...)
+ NOT-FOR-US: Tesla Model X vehicles
+CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that accept fir ...)
+ NOT-FOR-US: Tesla Model X vehicles
+CVE-2020-29437 (SQL injection in the Buzz module of OrangeHRM through 4.6 allows remot ...)
+ NOT-FOR-US: OrangeHRM
+CVE-2020-29436 (Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager
+CVE-2020-29435
+ RESERVED
+CVE-2020-29434
+ RESERVED
+CVE-2020-29433
+ RESERVED
+CVE-2020-29432
+ RESERVED
+CVE-2020-29431
+ RESERVED
+CVE-2020-29430
+ RESERVED
+CVE-2020-29429
+ RESERVED
+CVE-2020-29428
+ RESERVED
+CVE-2020-29427
+ RESERVED
+CVE-2020-29426
+ RESERVED
+CVE-2020-29425
+ RESERVED
+CVE-2020-29424
+ RESERVED
+CVE-2020-29423
+ RESERVED
+CVE-2020-29422
+ RESERVED
+CVE-2020-29421
+ RESERVED
+CVE-2020-29420
+ RESERVED
+CVE-2020-29419
+ RESERVED
+CVE-2020-29418
+ RESERVED
+CVE-2020-29417
+ RESERVED
+CVE-2020-29416
+ RESERVED
+CVE-2020-29415
+ RESERVED
+CVE-2020-29414
+ RESERVED
+CVE-2020-29413
+ RESERVED
+CVE-2020-29412
+ RESERVED
+CVE-2020-29411
+ RESERVED
+CVE-2020-29410
+ RESERVED
+CVE-2020-29409
+ RESERVED
+CVE-2020-29408
+ RESERVED
+CVE-2020-29407
+ RESERVED
+CVE-2020-29406
+ RESERVED
+CVE-2020-29405
+ RESERVED
+CVE-2020-29404
+ RESERVED
+CVE-2020-29403
+ RESERVED
+CVE-2020-29402
+ RESERVED
+CVE-2020-29401
+ RESERVED
+CVE-2020-29400
+ RESERVED
+CVE-2020-29399
+ RESERVED
+CVE-2020-29398
+ RESERVED
+CVE-2020-29397
+ RESERVED
+CVE-2020-29396 (A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterp ...)
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/63712
+CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS v ...)
+ NOT-FOR-US: EventON plugin for WordPress
+CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in dlt_common.c from ...)
+ - dlt-daemon 2.18.5-0.3 (bug #976228)
+ [buster] - dlt-daemon <no-dsa> (Minor issue)
+ NOTE: https://github.com/GENIVI/dlt-daemon/issues/274
+ NOTE: https://github.com/GENIVI/dlt-daemon/pull/275
+ NOTE: https://github.com/GENIVI/dlt-daemon/commit/ff4f44c159df6f44b48bd38c9d2f104eb360be11
+CVE-2020-29393
+ RESERVED
+CVE-2020-29392 (The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* ...)
+ NOT-FOR-US: Estil Hill Lock Password Manager Safe app for iOS
+CVE-2020-29391
+ RESERVED
+CVE-2020-29390 (Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi ...)
+ NOT-FOR-US: Zeroshell
+CVE-2020-29389 (The official Crux Linux Docker images 3.0 through 3.4 contain a blank ...)
+ NOT-FOR-US: Crux Linux Docker images
+CVE-2020-29388
+ RESERVED
+CVE-2020-29387
+ RESERVED
+CVE-2020-29386
+ RESERVED
+CVE-2020-29385 (GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of serv ...)
+ - gdk-pixbuf 2.42.2+dfsg-1 (bug #977166)
+ [buster] - gdk-pixbuf <not-affected> (Vulnerable code not present)
+ [stretch] - gdk-pixbuf <not-affected> (Vulnerable code not present)
+ NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bdd3acbd48a575d418ba6bf1b32d7bda2fae1c81
+ NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164
+CVE-2020-29384 (An issue was discovered in PNGOUT 2020-01-15. When compressing a craft ...)
+ NOT-FOR-US: PNGOUT
+CVE-2020-29383 (An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1. ...)
+ NOT-FOR-US: V-SOL devices
+CVE-2020-29382 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 ...)
+ NOT-FOR-US: V-SOL devices
+CVE-2020-29381 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4 ...)
+ NOT-FOR-US: V-SOL devices
+CVE-2020-29380 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4 ...)
+ NOT-FOR-US: V-SOL devices
+CVE-2020-29379 (An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1. ...)
+ NOT-FOR-US: V-SOL devices
+CVE-2020-29378 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4 ...)
+ NOT-FOR-US: V-SOL devices
+CVE-2020-29377 (An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The stri ...)
+ NOT-FOR-US: V-SOL devices
+CVE-2020-29376 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4 ...)
+ NOT-FOR-US: V-SOL devices
+CVE-2020-29375 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4 ...)
+ NOT-FOR-US: V-SOL devices
+CVE-2020-29374 (An issue was discovered in the Linux kernel before 5.7.3, related to m ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.7.6-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/17839856fd588f4ab6b789f482ed3ffd7c403e1f
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2045
+CVE-2020-29373 (An issue was discovered in fs/io_uring.c in the Linux kernel before 5. ...)
+ - linux 5.6.7-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ff002b30181d30cdfbca316dadd099c3ca0d739c
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2011
+CVE-2020-29372 (An issue was discovered in do_madvise in mm/madvise.c in the Linux ker ...)
+ - linux 5.6.14-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/bc0c4d1e176eeb614dc8734fc3ace34292771f11
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2029
+CVE-2020-29371 (An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the ...)
+ - linux 5.8.7-1
+ [buster] - linux 4.19.146-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/bcf85fcedfdd17911982a3e3564fcfec7b01eebd
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2077
+CVE-2020-29370 (An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the L ...)
+ - linux 5.5.13-1
+ [buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://git.kernel.org/linus/fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2022
+CVE-2020-29369 (An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11 ...)
+ - linux 5.7.17-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2056
+CVE-2020-29368 (An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the ...)
+ - linux 5.7.6-1
+ [buster] - linux 4.19.131-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://git.kernel.org/linus/c444eb564fb16645c172d550359cb3d75fe8a040
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2045
+CVE-2020-29367 (blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffe ...)
+ NOT-FOR-US: C-Blosc2
+CVE-2020-29366
+ RESERVED
+CVE-2020-29365
+ RESERVED
+CVE-2020-29364 (In NetArt News Lister 1.0.0, the news headlines vulnerable to stored x ...)
+ NOT-FOR-US: NetArt News Lister
+CVE-2020-29363 (An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-base ...)
+ {DSA-4822-1}
+ - p11-kit 0.23.22-1
+ [stretch] - p11-kit <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
+ NOTE: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x
+ NOTE: https://github.com/p11-glue/p11-kit/commit/2617f3ef888e103324a28811886b99ed0a56346d (0.23.22)
+ NOTE: Introduced in https://github.com/p11-glue/p11-kit/commit/ba49b85ecf280e7fb6eec96c3ef33c50122e75a6 (0.23.6)
+CVE-2020-29362 (An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-base ...)
+ {DSA-4822-1 DLA-2513-1}
+ - p11-kit 0.23.22-1
+ NOTE: https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
+ NOTE: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc
+ NOTE: https://github.com/p11-glue/p11-kit/commit/bda2f543ff8e0195c90e849379ef1585d00677bc (0.23.22)
+ NOTE: Introduced in https://github.com/p11-glue/p11-kit/commit/c785ab66890ad7b73c556d6afdf2bb8a32dd50e2 (0.21.1)
+CVE-2020-29361 (An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple in ...)
+ {DSA-4822-1 DLA-2513-1}
+ - p11-kit 0.23.22-1
+ NOTE: https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
+ NOTE: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2
+ NOTE: https://github.com/p11-glue/p11-kit/commit/5307a1d21a50cacd06f471a873a018d23ba4b963 (0.23.22)
+ NOTE: https://github.com/p11-glue/p11-kit/commit/bd670b1d4984b27d6a397b9ddafaf89ab26e4e7f (0.23.22)
+CVE-2020-29360
+ RESERVED
+CVE-2020-29359
+ RESERVED
+CVE-2020-29358
+ RESERVED
+CVE-2020-29357
+ RESERVED
+CVE-2020-29356
+ RESERVED
+CVE-2020-29355
+ RESERVED
+CVE-2020-29354
+ RESERVED
+CVE-2020-29353
+ RESERVED
+CVE-2020-29352
+ RESERVED
+CVE-2020-29351
+ RESERVED
+CVE-2020-29350
+ RESERVED
+CVE-2020-29349
+ RESERVED
+CVE-2020-29348
+ RESERVED
+CVE-2020-29347
+ RESERVED
+CVE-2020-29346
+ RESERVED
+CVE-2020-29345
+ RESERVED
+CVE-2020-29344
+ RESERVED
+CVE-2020-29343
+ RESERVED
+CVE-2020-29342
+ RESERVED
+CVE-2020-29341
+ RESERVED
+CVE-2020-29340
+ RESERVED
+CVE-2020-29339
+ RESERVED
+CVE-2020-29338
+ RESERVED
+CVE-2020-29337
+ RESERVED
+CVE-2020-29336
+ RESERVED
+CVE-2020-29335
+ RESERVED
+CVE-2020-29334
+ RESERVED
+CVE-2020-29333
+ RESERVED
+CVE-2020-29332
+ RESERVED
+CVE-2020-29331
+ RESERVED
+CVE-2020-29330
+ RESERVED
+CVE-2020-29329
+ RESERVED
+CVE-2020-29328
+ RESERVED
+CVE-2020-29327
+ RESERVED
+CVE-2020-29326
+ RESERVED
+CVE-2020-29325
+ RESERVED
+CVE-2020-29324 (The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials di ...)
+ NOT-FOR-US: D-Link
+CVE-2020-29323 (The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to cred ...)
+ NOT-FOR-US: D-Link
+CVE-2020-29322 (The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosur ...)
+ NOT-FOR-US: D-Link
+CVE-2020-29321 (The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosur ...)
+ NOT-FOR-US: D-Link
+CVE-2020-29320
+ RESERVED
+CVE-2020-29319
+ RESERVED
+CVE-2020-29318
+ RESERVED
+CVE-2020-29317
+ RESERVED
+CVE-2020-29316
+ RESERVED
+CVE-2020-29315 (ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows r ...)
+ NOT-FOR-US: ThinkAdmin
+CVE-2020-29314
+ RESERVED
+CVE-2020-29313
+ RESERVED
+CVE-2020-29312
+ RESERVED
+CVE-2020-29311 (Ubilling v1.0.9 allows Remote Command Execution as Root user by execut ...)
+ NOT-FOR-US: Ubilling
+CVE-2020-29310
+ RESERVED
+CVE-2020-29309
+ RESERVED
+CVE-2020-29308
+ RESERVED
+CVE-2020-29307
+ RESERVED
+CVE-2020-29306
+ RESERVED
+CVE-2020-29305
+ RESERVED
+CVE-2020-29304 (A cross-site scripting (XSS) vulnerability exists in the SabaiApps Wor ...)
+ NOT-FOR-US: SabaiApps WordPress Directories Pro plugin
+CVE-2020-29303 (A cross-site scripting (XSS) vulnerability in the SabaiApp Directories ...)
+ NOT-FOR-US: SabaiApp Directories Pro plugin for WordPress
+CVE-2020-29302
+ RESERVED
+CVE-2020-29301
+ RESERVED
+CVE-2020-29300
+ RESERVED
+CVE-2020-29299 (Certain Zyxel products allow command injection by an admin via an inpu ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-29298
+ RESERVED
+CVE-2020-29297
+ RESERVED
+CVE-2020-29296
+ RESERVED
+CVE-2020-29295
+ RESERVED
+CVE-2020-29294
+ RESERVED
+CVE-2020-29293
+ RESERVED
+CVE-2020-29292 (iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) at ...)
+ NOT-FOR-US: iBall WRD12EN
+CVE-2020-29291
+ RESERVED
+CVE-2020-29290
+ RESERVED
+CVE-2020-29289
+ RESERVED
+CVE-2020-29288 (An SQL injection vulnerability was discovered in Gym Management System ...)
+ NOT-FOR-US: Gym Management System
+CVE-2020-29287 (An SQL injection vulnerability was discovered in Car Rental Management ...)
+ NOT-FOR-US: Car Rental Management System
+CVE-2020-29286
+ RESERVED
+CVE-2020-29285 (SQL injection vulnerability was discovered in Point of Sales in PHP/PD ...)
+ NOT-FOR-US: Point of Sales in PHP/PDO
+CVE-2020-29284 (The file view-chair-list.php in Multi Restaurant Table Reservation Sys ...)
+ NOT-FOR-US: Multi Restaurant Table Reservation System
+CVE-2020-29283 (An SQL injection vulnerability was discovered in Online Doctor Appoint ...)
+ NOT-FOR-US: Online Doctor Appointment Booking System
+CVE-2020-29282 (SQL injection vulnerability in BloodX 1.0 allows attackers to bypass a ...)
+ NOT-FOR-US: BloodX
+CVE-2020-29281
+ RESERVED
+CVE-2020-29280 (The Victor CMS v1.0 application is vulnerable to SQL injection via the ...)
+ NOT-FOR-US: Victor CMS
+CVE-2020-29279 (PHP remote file inclusion in the assign_resume_tpl method in Applicati ...)
+ NOT-FOR-US: 74CMS
+CVE-2020-29278
+ RESERVED
+CVE-2020-29277
+ RESERVED
+CVE-2020-29276
+ RESERVED
+CVE-2020-29275
+ RESERVED
+CVE-2020-29274
+ RESERVED
+CVE-2020-29273
+ RESERVED
+CVE-2020-29272
+ RESERVED
+CVE-2020-29271
+ RESERVED
+CVE-2020-29270
+ RESERVED
+CVE-2020-29269
+ RESERVED
+CVE-2020-29268
+ RESERVED
+CVE-2020-29267
+ RESERVED
+CVE-2020-29266
+ RESERVED
+CVE-2020-29265
+ RESERVED
+CVE-2020-29264
+ RESERVED
+CVE-2020-29263
+ RESERVED
+CVE-2020-29262
+ RESERVED
+CVE-2020-29261
+ RESERVED
+CVE-2020-29260
+ RESERVED
+CVE-2020-29259 (Cross-site scripting (XSS) vulnerability in Online Examination System ...)
+ NOT-FOR-US: Online Examination System
+CVE-2020-29258 (Cross-site scripting (XSS) vulnerability in Online Examination System ...)
+ NOT-FOR-US: Online Examination System
+CVE-2020-29257 (Cross-site scripting (XSS) vulnerability in Online Examination System ...)
+ NOT-FOR-US: Online Examination System
+CVE-2020-29256
+ RESERVED
+CVE-2020-29255
+ RESERVED
+CVE-2020-29254 (TikiWiki 21.2 allows templates to be edited without CSRF protection. T ...)
+ - tikiwiki <removed>
+CVE-2020-29253
+ RESERVED
+CVE-2020-29252
+ RESERVED
+CVE-2020-29251
+ RESERVED
+CVE-2020-29250 (CXUUCMS V3 allows XSS via the first and third input fields to /public/ ...)
+ NOT-FOR-US: CXUUCMS
+CVE-2020-29249 (CXUUCMS V3 allows class="layui-input" XSS. ...)
+ NOT-FOR-US: CXUUCMS
+CVE-2020-29248
+ RESERVED
+CVE-2020-29247 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin ...)
+ NOT-FOR-US: WonderCMS
+CVE-2020-29246
+ RESERVED
+CVE-2020-29245 (dhowden tag before 2020-11-19 allows "panic: runtime error: slice boun ...)
+ NOT-FOR-US: dhowden tag
+CVE-2020-29244 (dhowden tag before 2020-11-19 allows "panic: runtime error: slice boun ...)
+ NOT-FOR-US: dhowden tag
+CVE-2020-29243 (dhowden tag before 2020-11-19 allows "panic: runtime error: index out ...)
+ NOT-FOR-US: dhowden tag
+CVE-2020-29242 (dhowden tag before 2020-11-19 allows "panic: runtime error: index out ...)
+ NOT-FOR-US: dhowden tag
+CVE-2020-29241 (Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scri ...)
+ NOT-FOR-US: Online News Portal using PHP/MySQLi
+CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacke ...)
+ NOT-FOR-US: Lepton-CMS
+CVE-2020-29239 (Online Birth Certificate System Project V 1.0 is affected by cross-sit ...)
+ NOT-FOR-US: Online Birth Certificate System Project
+CVE-2020-29238 (An integer buffer overflow in the Nginx webserver of ExpressVPN Router ...)
+ NOT-FOR-US: ExpressVPN
+CVE-2020-29237
+ RESERVED
+CVE-2020-29236
+ RESERVED
+CVE-2020-29235
+ RESERVED
+CVE-2020-29234
+ RESERVED
+CVE-2020-29233 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page ...)
+ NOT-FOR-US: WonderCMS
+CVE-2020-29232
+ RESERVED
+CVE-2020-29231 (EGavilanMedia User Registration and Login System With Admin Panel 1.0 ...)
+ NOT-FOR-US: EGavilanMedia User Registration and Login System With Admin Panel
+CVE-2020-29230 (EGavilanMedia User Registration and Login System With Admin Panel 1.0 ...)
+ NOT-FOR-US: EGavilanMedia User Registration and Login System With Admin Panel
+CVE-2020-29229
+ RESERVED
+CVE-2020-29228 (EGavilanMedia User Registration and Login System With Admin Panel 1.0 ...)
+ NOT-FOR-US: EGavilanMedia User Registration and Login System With Admin Panel
+CVE-2020-29227 (An issue was discovered in Car Rental Management System 1.0. An unauth ...)
+ NOT-FOR-US: Car Rental Management System
+CVE-2020-29226
+ RESERVED
+CVE-2020-29225
+ RESERVED
+CVE-2020-29224
+ RESERVED
+CVE-2020-29223
+ RESERVED
+CVE-2020-29222
+ RESERVED
+CVE-2020-29221
+ RESERVED
+CVE-2020-29220
+ RESERVED
+CVE-2020-29219
+ RESERVED
+CVE-2020-29218
+ RESERVED
+CVE-2020-29217
+ RESERVED
+CVE-2020-29216
+ RESERVED
+CVE-2020-29215 (A Cross Site Scripting in SourceCodester Employee Management System 1. ...)
+ NOT-FOR-US: SourceCodester
+CVE-2020-29214 (SQL injection vulnerability in SourceCodester Alumni Management System ...)
+ NOT-FOR-US: SourceCodester
+CVE-2020-29213
+ RESERVED
+CVE-2020-29212
+ RESERVED
+CVE-2020-29211
+ RESERVED
+CVE-2020-29210
+ RESERVED
+CVE-2020-29209
+ RESERVED
+CVE-2020-29208
+ RESERVED
+CVE-2020-29207
+ RESERVED
+CVE-2020-29206
+ RESERVED
+CVE-2020-29205 (XSS in signup form in Project Worlds Online Examination System 1.0 all ...)
+ NOT-FOR-US: Project Worlds Online Examination System
+CVE-2020-29204 (XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-charact ...)
+ NOT-FOR-US: XXL-JOB
+CVE-2020-29203 (struct2json before 2020-11-18 is affected by a Buffer Overflow because ...)
+ NOT-FOR-US: struct2json
+CVE-2020-29202
+ RESERVED
+CVE-2020-29201
+ RESERVED
+CVE-2020-29200
+ RESERVED
+CVE-2020-29199
+ RESERVED
+CVE-2020-29198
+ RESERVED
+CVE-2020-29197
+ RESERVED
+CVE-2020-29196
+ RESERVED
+CVE-2020-29195
+ RESERVED
+CVE-2020-29194 (Panasonic Security System WV-S2231L 4.25 allows a denial of service of ...)
+ NOT-FOR-US: Panasonic
+CVE-2020-29193 (Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded pa ...)
+ NOT-FOR-US: Panasonic
+CVE-2020-29192
+ RESERVED
+CVE-2020-29191
+ RESERVED
+CVE-2020-29190
+ RESERVED
+CVE-2020-29189 (Incorrect Access Control vulnerability in TerraMaster TOS &lt;= 4.2.06 ...)
+ NOT-FOR-US: TerraMaster TOS
+CVE-2020-29188
+ RESERVED
+CVE-2020-29187
+ RESERVED
+CVE-2020-29186
+ RESERVED
+CVE-2020-29185
+ RESERVED
+CVE-2020-29184
+ RESERVED
+CVE-2020-29183
+ RESERVED
+CVE-2020-29182
+ RESERVED
+CVE-2020-29181
+ RESERVED
+CVE-2020-29180
+ RESERVED
+CVE-2020-29179
+ RESERVED
+CVE-2020-29178
+ RESERVED
+CVE-2020-29177 (Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file dele ...)
+ NOT-FOR-US: Z-BlogPHP
+CVE-2020-29176 (An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows ...)
+ NOT-FOR-US: Z-BlogPHP
+CVE-2020-29175
+ RESERVED
+CVE-2020-29174
+ RESERVED
+CVE-2020-29173
+ RESERVED
+CVE-2020-29172 (A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plug ...)
+ NOT-FOR-US: LiteSpeed Cache plugin for WordPress
+CVE-2020-29171 (Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklis ...)
+ NOT-FOR-US: Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin for WordPress
+CVE-2020-29170
+ RESERVED
+CVE-2020-29169
+ RESERVED
+CVE-2020-29168
+ RESERVED
+CVE-2020-29167
+ RESERVED
+CVE-2020-29166 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by fil ...)
+ NOT-FOR-US: PacsOne Server (PACS Server In One Box)
+CVE-2020-29165 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by inc ...)
+ NOT-FOR-US: PacsOne Server (PACS Server In One Box)
+CVE-2020-29164 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cro ...)
+ NOT-FOR-US: PacsOne Server (PACS Server In One Box)
+CVE-2020-29163 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL ...)
+ NOT-FOR-US: PacsOne Server (PACS Server In One Box)
+CVE-2020-29162
+ RESERVED
+CVE-2020-29161
+ RESERVED
+CVE-2020-29160 (An issue was discovered in Zammad before 3.5.1. A REST API call allows ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-29159 (An issue was discovered in Zammad before 3.5.1. The default signup Rol ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-29158 (An issue was discovered in Zammad before 3.5.1. An Agent with Customer ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-29157 (An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform ...)
+ NOT-FOR-US: RAONWIZ K Editor
+CVE-2020-29156 (The WooCommerce plugin before 4.7.0 for WordPress allows remote attack ...)
+ NOT-FOR-US: WooCommerce plugin for WordPress
+CVE-2020-29155
+ RESERVED
+CVE-2020-29154
+ RESERVED
+CVE-2020-29153
+ RESERVED
+CVE-2020-29152
+ RESERVED
+CVE-2020-29151
+ RESERVED
+CVE-2020-29150
+ RESERVED
+CVE-2020-29149
+ RESERVED
+CVE-2020-29148
+ RESERVED
+CVE-2020-29147 (A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of W ...)
+ NOT-FOR-US: Wayang-CMS
+CVE-2020-29146 (A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS ...)
+ NOT-FOR-US: Wayang-CMS
+CVE-2020-29145 (In Ericsson BSCS iX R18 Billing &amp; Rating iX R18, ADMX is a web bas ...)
+ NOT-FOR-US: Ericsson
+CVE-2020-29144 (In Ericsson BSCS iX R18 Billing &amp; Rating iX R18, MX is a web base ...)
+ NOT-FOR-US: Ericsson
+CVE-2020-29143 (A SQL injection vulnerability in interface/reports/non_reported.php in ...)
+ NOT-FOR-US: OpenEMR
+CVE-2020-29142 (A SQL injection vulnerability in interface/usergroup/usergroup_admin.p ...)
+ NOT-FOR-US: OpenEMR
+CVE-2020-29141
+ RESERVED
+CVE-2020-29140 (A SQL injection vulnerability in interface/reports/immunization_report ...)
+ NOT-FOR-US: OpenEMR
+CVE-2020-29139 (A SQL injection vulnerability in interface/main/finder/patient_select. ...)
+ NOT-FOR-US: OpenEMR
+CVE-2020-29138 (Incorrect Access Control in the configuration backup path in SAGEMCOM ...)
+ NOT-FOR-US: SAGEMCOM
+CVE-2020-29137 (cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interf ...)
+ NOT-FOR-US: cPanel
+CVE-2020-29136 (In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approa ...)
+ NOT-FOR-US: cPanel
+CVE-2020-29135 (cPanel before 90.0.17 has multiple instances of URL parameter injectio ...)
+ NOT-FOR-US: cPanel
+CVE-2020-29134 (The TOTVS Fluig platform allows path traversal through the parameter " ...)
+ NOT-FOR-US: TOTVS Fluig Luke
+CVE-2020-29133 (jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal ...)
+ NOT-FOR-US: Coremail XT
+CVE-2020-29132
+ RESERVED
+CVE-2020-29131
+ RESERVED
+CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read because it tr ...)
+ {DLA-2560-1}
+ - libslirp 4.4.0-1
+ - qemu 1:4.1-2
+ [buster] - qemu <postponed> (Fix along in future DSA)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f (v4.4.0)
+ NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+ NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-2j37-w439-87q3
+CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tri ...)
+ - libslirp 4.4.0-1
+ - qemu 1:4.1-2
+ [buster] - qemu <postponed> (Fix along in future DSA)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f (v4.4.0)
+ NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+ NOTE: NC-SI introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=47bb83cad45eb7ce194a8ffd18f73c98edb46aec (QEMU v2.10)
+ NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-2j37-w439-87q3
+CVE-2020-29128 (petl before 1.68, in some configurations, allows resolution of entitie ...)
+ NOT-FOR-US: petl
+CVE-2020-29127 (An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices th ...)
+ NOT-FOR-US: Fujitsu
+CVE-2020-29126
+ RESERVED
+CVE-2020-29125
+ RESERVED
+CVE-2020-29124
+ RESERVED
+CVE-2020-29123
+ RESERVED
+CVE-2020-29122
+ RESERVED
+CVE-2020-29121
+ RESERVED
+CVE-2020-29120
+ RESERVED
+CVE-2020-29119
+ RESERVED
+CVE-2020-29118
+ RESERVED
+CVE-2020-29117
+ RESERVED
+CVE-2020-29116
+ RESERVED
+CVE-2020-29115
+ RESERVED
+CVE-2020-29114
+ RESERVED
+CVE-2020-29113
+ RESERVED
+CVE-2020-29112
+ RESERVED
+CVE-2020-29111
+ RESERVED
+CVE-2020-29110
+ RESERVED
+CVE-2020-29109
+ RESERVED
+CVE-2020-29108
+ RESERVED
+CVE-2020-29107
+ RESERVED
+CVE-2020-29106
+ RESERVED
+CVE-2020-29105
+ RESERVED
+CVE-2020-29104
+ RESERVED
+CVE-2020-29103
+ RESERVED
+CVE-2020-29102
+ RESERVED
+CVE-2020-29101
+ RESERVED
+CVE-2020-29100
+ RESERVED
+CVE-2020-29099
+ RESERVED
+CVE-2020-29098
+ RESERVED
+CVE-2020-29097
+ RESERVED
+CVE-2020-29096
+ RESERVED
+CVE-2020-29095
+ RESERVED
+CVE-2020-29094
+ RESERVED
+CVE-2020-29093
+ RESERVED
+CVE-2020-29092
+ RESERVED
+CVE-2020-29091
+ RESERVED
+CVE-2020-29090
+ RESERVED
+CVE-2020-29089
+ RESERVED
+CVE-2020-29088
+ RESERVED
+CVE-2020-29087
+ RESERVED
+CVE-2020-29086
+ RESERVED
+CVE-2020-29085
+ RESERVED
+CVE-2020-29084
+ RESERVED
+CVE-2020-29083
+ RESERVED
+CVE-2020-29082
+ RESERVED
+CVE-2020-29081
+ RESERVED
+CVE-2020-29080
+ RESERVED
+CVE-2020-29079
+ RESERVED
+CVE-2020-29078
+ RESERVED
+CVE-2020-29077
+ RESERVED
+CVE-2020-29076
+ RESERVED
+CVE-2020-29075 (Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.3001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which all ...)
+ {DSA-4799-1 DLA-2490-1}
+ - x11vnc 0.9.16-5 (bug #975875)
+ NOTE: https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a
+CVE-2020-29073
+ RESERVED
+CVE-2020-29072 (A Cross-Site Script Inclusion vulnerability was found on LiquidFiles b ...)
+ NOT-FOR-US: LiquidFiles
+CVE-2020-29071 (An XSS issue was found in the Shares feature of LiquidFiles before 3.3 ...)
+ NOT-FOR-US: LiquidFiles
+CVE-2020-29070 (osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user en ...)
+ NOT-FOR-US: osCommerce
+CVE-2020-29069 (_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network ...)
+ NOT-FOR-US: Modern Honey Network
+CVE-2020-29068
+ RESERVED
+CVE-2020-29067
+ RESERVED
+CVE-2020-29066
+ RESERVED
+CVE-2020-29065
+ REJECTED
+CVE-2020-29064
+ RESERVED
+CVE-2020-29063 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...)
+ NOT-FOR-US: CDATA
+CVE-2020-29062 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...)
+ NOT-FOR-US: CDATA
+CVE-2020-29061 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...)
+ NOT-FOR-US: CDATA
+CVE-2020-29060 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...)
+ NOT-FOR-US: CDATA
+CVE-2020-29059 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...)
+ NOT-FOR-US: CDATA
+CVE-2020-29058 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...)
+ NOT-FOR-US: CDATA
+CVE-2020-29057 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...)
+ NOT-FOR-US: CDATA
+CVE-2020-29056 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...)
+ NOT-FOR-US: CDATA
+CVE-2020-29055 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...)
+ NOT-FOR-US: CDATA
+CVE-2020-29054 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...)
+ NOT-FOR-US: CDATA
+CVE-2020-29053 (HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_da ...)
+ NOT-FOR-US: HRSALE
+CVE-2020-29052
+ RESERVED
+CVE-2020-29051
+ RESERVED
+CVE-2020-29050 (SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows direct ...)
+ {DSA-5036-1 DLA-2882-1}
+ - sphinxsearch 2.2.11-3
+ NOTE: Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035
+ NOTE: and https://github.com/manticoresoftware/manticoresearch/commit/6e597ff61e1e910559f6ed541ff32520085af6aa
+ NOTE: Backported patch: https://salsa.debian.org/debian/sphinxsearch/-/blob/4d6fe40644130308604845db43d3588e715ec85d/debian/patches/06-CVE-2020-29050.patch
+CVE-2020-29049
+ RESERVED
+CVE-2020-29048
+ RESERVED
+CVE-2020-29047 (The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote ...)
+ NOT-FOR-US: wp-hotel-booking plugin for WordPress
+CVE-2020-29046
+ RESERVED
+CVE-2020-29045 (The food-and-drink-menu plugin through 2.2.0 for WordPress allows remo ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2020-29044
+ RESERVED
+CVE-2020-29043 (An issue was discovered in BigBlueButton through 2.2.29. When at attac ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-29042 (An issue was discovered in BigBlueButton through 2.2.29. A brute-force ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-29041 (A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticat ...)
+ NOT-FOR-US: Web-Sesame
+CVE-2020-29040 (An issue was discovered in Xen through 4.14.x allowing x86 HVM guest O ...)
+ - xen 4.14.0+88-g1d1d1f5391-1 (bug #976109)
+ [buster] - xen <not-affected> (Patches for XSA-346 not applied)
+ [stretch] - xen <not-affected> (Patches for XSA-346 not applied)
+ NOTE: https://xenbits.xen.org/xsa/advisory-355.html
+ NOTE: Issue introduced by changes for XSA-346.
+CVE-2020-29039
+ RESERVED
+CVE-2020-29038
+ RESERVED
+CVE-2020-29037
+ RESERVED
+CVE-2020-29036
+ RESERVED
+CVE-2020-29035
+ RESERVED
+CVE-2020-29034
+ RESERVED
+CVE-2020-29033
+ RESERVED
+CVE-2020-29032 (Upload of Code Without Integrity Check vulnerability in firmware archi ...)
+ NOT-FOR-US: Secomea GateManager
+CVE-2020-29031 (An Insecure Direct Object Reference vulnerability exists in the web UI ...)
+ NOT-FOR-US: GateManager
+CVE-2020-29030 (Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea ...)
+ NOT-FOR-US: Secomea GateManager
+CVE-2020-29029 (Improper Input Validation, Cross-site Scripting (XSS) vulnerability in ...)
+ NOT-FOR-US: Secomea GateManager
+CVE-2020-29028 (Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateMan ...)
+ NOT-FOR-US: Secomea GateManager
+CVE-2020-29027 (Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager ...)
+ NOT-FOR-US: Secomea
+CVE-2020-29026 (A directory traversal vulnerability exists in the file upload function ...)
+ NOT-FOR-US: GateManager
+CVE-2020-29025 (A vulnerability in SiteManager-Embedded (SM-E) Web server which may al ...)
+ NOT-FOR-US: Secomea
+CVE-2020-29024 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerabi ...)
+ NOT-FOR-US: Secomea
+CVE-2020-29023 (Improper Encoding or Escaping of Output from CSV Report Generator of S ...)
+ NOT-FOR-US: Secomea
+CVE-2020-29022 (Failure to Sanitize host header value on output in the GateManager Web ...)
+ NOT-FOR-US: Secomea
+CVE-2020-29021 (A vulnerability in web UI input field of GateManager allows authentica ...)
+ NOT-FOR-US: GateManager
+CVE-2020-29020 (Improper Access Control vulnerability in web service of Secomea SiteMa ...)
+ NOT-FOR-US: Secomea
+CVE-2020-29019 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through ...)
+ NOT-FOR-US: Fortiguard
+CVE-2020-29018 (A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allo ...)
+ NOT-FOR-US: Fortiguard
+CVE-2020-29017 (An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3 ...)
+ NOT-FOR-US: Fortiguard
+CVE-2020-29016 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through ...)
+ NOT-FOR-US: Fortiguard
+CVE-2020-29015 (A blind SQL injection in the user interface of FortiWeb 6.3.0 through ...)
+ NOT-FOR-US: Fortiguard
+CVE-2020-29014 (A concurrent execution using shared resource with improper synchroniza ...)
+ NOT-FOR-US: Fortiguard
+CVE-2020-29013
+ RESERVED
+CVE-2020-29012 (An insufficient session expiration vulnerability in FortiSandbox versi ...)
+ NOT-FOR-US: FortiGuard
+CVE-2020-29011 (Instances of SQL Injection vulnerabilities in the checksum search and ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2020-29010
+ RESERVED
+CVE-2020-29009
+ RESERVED
+CVE-2020-29008
+ RESERVED
+CVE-2020-29007
+ RESERVED
+ NOT-FOR-US: Score MediaWiki extension
+ NOTE: https://seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/
+ NOTE: https://phabricator.wikimedia.org/T257062
+ NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
+CVE-2020-29006 (MISP before 2.4.135 lacks an ACL check, related to app/Controller/Gala ...)
+ NOT-FOR-US: MISP
+CVE-2020-29005 (The API in the Push extension for MediaWiki through 1.35 used cleartex ...)
+ NOT-FOR-US: Push extension for MediaWiki
+CVE-2020-29004 (The API in the Push extension for MediaWiki through 1.35 did not requi ...)
+ NOT-FOR-US: Push extension for MediaWiki
+CVE-2020-29003 (The PollNY extension for MediaWiki through 1.35 allows XSS via an answ ...)
+ NOT-FOR-US: PollNY MediaWiki extension
+CVE-2020-29002 (includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki ...)
+ NOT-FOR-US: CologneBlue MediaWiki skin
+CVE-2020-29001 (An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW0 ...)
+ NOT-FOR-US: Geeni
+CVE-2020-29000 (An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A v ...)
+ NOT-FOR-US: Geeni
+CVE-2020-28999 (An issue was discovered in Apexis Streaming Video Web Application on G ...)
+ NOT-FOR-US: Geeni
+CVE-2020-28998 (An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A v ...)
+ NOT-FOR-US: Geeni
+CVE-2020-28997
+ RESERVED
+CVE-2020-28996
+ RESERVED
+CVE-2020-28995
+ RESERVED
+CVE-2020-28994 (A SQL injection vulnerability was discovered in Karenderia Multiple Re ...)
+ NOT-FOR-US: Karenderia Multiple Restaurant System
+CVE-2020-28993 (A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadba ...)
+ NOT-FOR-US: ATX miniCMTS200a Broadband Gateway
+CVE-2020-28992
+ RESERVED
+CVE-2020-28991 (Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git proto ...)
+ - gitea <removed>
+CVE-2020-28990
+ RESERVED
+CVE-2020-28989
+ RESERVED
+CVE-2020-28988
+ RESERVED
+CVE-2020-28987
+ RESERVED
+CVE-2020-28986
+ RESERVED
+CVE-2020-28985
+ RESERVED
+CVE-2020-28983
+ RESERVED
+CVE-2020-28982
+ RESERVED
+CVE-2020-28981
+ RESERVED
+CVE-2020-28980
+ RESERVED
+CVE-2020-28979
+ RESERVED
+CVE-2020-28978 (The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability ...)
+ NOT-FOR-US: Canto plugin for WordPress
+CVE-2020-28977 (The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability ...)
+ NOT-FOR-US: Canto plugin for WordPress
+CVE-2020-28976 (The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerabili ...)
+ NOT-FOR-US: Canto plugin for WordPress
+CVE-2020-28984 (prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does ...)
+ {DSA-4798-1 DLA-2505-1}
+ - spip 3.2.8-1
+ NOTE: https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8
+CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used i ...)
+ NOTE: disputed libsvm non issue
+CVE-2020-28973 (The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to p ...)
+ NOT-FOR-US: ABUS Secvest wireless alarm system FUAA50000
+CVE-2020-28972 (In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsp ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+CVE-2020-26235 (In Rust time crate from version 0.2.7 and before version 0.2.23, unix- ...)
+ - rust-time <not-affected> (Vulnerable methods introduced in v0.2.7)
+ NOTE: https://github.com/time-rs/time/security/advisories/GHSA-wcg3-cvx6-7396
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0071.html
+ NOTE: https://github.com/time-rs/time/issues/293
+ NOTE: Introduced by: https://github.com/time-rs/time/commit/5f1c4927124fefbd8d2886f83a574beb381411e9 (v0.2.7)
+ NOTE: Deprecated in: https://github.com/time-rs/time/commit/f153a1ca5fdfec979f16c49619e6034cc67e186d (v0.2.23)
+CVE-2020-35914 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
+ - rust-lock-api <unfixed> (bug #975319)
+ [bullseye] - rust-lock-api <no-dsa> (Minor issue)
+ [buster] - rust-lock-api <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
+ NOTE: https://github.com/Amanieu/parking_lot/pull/262
+CVE-2020-35913 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
+ - rust-lock-api <unfixed> (bug #975319)
+ [bullseye] - rust-lock-api <no-dsa> (Minor issue)
+ [buster] - rust-lock-api <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
+ NOTE: https://github.com/Amanieu/parking_lot/pull/262
+CVE-2020-35912 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
+ - rust-lock-api <unfixed> (bug #975319)
+ [bullseye] - rust-lock-api <no-dsa> (Minor issue)
+ [buster] - rust-lock-api <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
+ NOTE: https://github.com/Amanieu/parking_lot/pull/262
+CVE-2020-35911 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
+ - rust-lock-api <unfixed> (bug #975319)
+ [bullseye] - rust-lock-api <no-dsa> (Minor issue)
+ [buster] - rust-lock-api <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
+ NOTE: https://github.com/Amanieu/parking_lot/pull/262
+CVE-2020-35910 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...)
+ - rust-lock-api <unfixed> (bug #975319)
+ [bullseye] - rust-lock-api <no-dsa> (Minor issue)
+ [buster] - rust-lock-api <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html
+ NOTE: https://github.com/Amanieu/parking_lot/pull/262
+CVE-2020-28971 (An issue was discovered on Western Digital My Cloud OS 5 devices befor ...)
+ NOT-FOR-US: Western Digital My Cloud OS 5 devices
+CVE-2020-28970 (An issue was discovered on Western Digital My Cloud OS 5 devices befor ...)
+ NOT-FOR-US: Western Digital My Cloud OS 5 devices
+CVE-2020-28969 (Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allo ...)
+ NOT-FOR-US: Aplioxio PDF ShapingUp
+CVE-2020-28968 (Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vul ...)
+ NOT-FOR-US: Draytek VigorAP 1000C
+CVE-2020-28967 (FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'cu ...)
+ NOT-FOR-US: FlashGet
+CVE-2020-28966
+ RESERVED
+CVE-2020-28965
+ RESERVED
+CVE-2020-28964 (Internet Download Manager 6.37.11.1 was discovered to contain a stack ...)
+ NOT-FOR-US: Internet Download Manager
+CVE-2020-28963 (Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to ...)
+ NOT-FOR-US: Passcovery Co. Ltd ZIP Password Recovery
+CVE-2020-28962
+ RESERVED
+CVE-2020-28961 (Perfex CRM v2.4.4 was discovered to contain a stored cross-site script ...)
+ NOT-FOR-US: Perfex CRM
+CVE-2020-28960 (Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection ...)
+ NOT-FOR-US: Chichen Tech CMS
+CVE-2020-28959
+ RESERVED
+CVE-2020-28958
+ RESERVED
+CVE-2020-28957 (Multiple cross-site scripting (XSS) vulnerabilities in the Customer Ad ...)
+ NOT-FOR-US: Foxlor
+CVE-2020-28956 (Multiple cross-site scripting (XSS) vulnerabilities in the Sales modul ...)
+ NOT-FOR-US: SugarCRM
+CVE-2020-28955 (SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS ...)
+ NOT-FOR-US: SugarCRM
+CVE-2020-28954 (web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 la ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-28953 (In BigBlueButton before 2.2.29, a user can vote more than once in a si ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-28952 (An issue was discovered on Athom Homey and Homey Pro devices before 5. ...)
+ NOT-FOR-US: Athom Homey
+CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter ...)
+ NOT-FOR-US: libuci in OpenWrt
+CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...)
+ NOT-FOR-US: installer of Kaspersky Anti-Ransomware Tool (KART)
+CVE-2020-36193 (Tar.php in Archive_Tar through 1.4.11 allows write operations with Dir ...)
+ {DSA-4894-1 DLA-2621-1 DLA-2530-1}
- drupal7 <removed>
- NOTE: https://www.drupal.org/sa-core-2020-003
-CVE-2020-13592
+ - php-pear 1:1.10.12+submodules+notgz+20210212-1 (bug #980428)
+ NOTE: https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
+ NOTE: https://github.com/pear/Archive_Tar/commit/dc721bd8616e05ea89b7abcff4cf1e3e96963183
+ NOTE: https://github.com/pear/Archive_Tar/commit/b6da5c32254162fa0752616479fb3d3c5297c1cf
+ NOTE: https://github.com/pear/Archive_Tar/commit/7d8782d95f74b5889bfaaad43e74086f1918ec2b
+ NOTE: https://www.drupal.org/sa-core-2021-001
+CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only to addre ...)
+ {DSA-4817-1 DLA-2466-1 DLA-2465-1}
+ - drupal7 <removed>
+ - php-pear 1:1.10.9+submodules+notgz-1.1 (bug #976108)
+ NOTE: https://github.com/pear/Archive_Tar/issues/33
+ NOTE: https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
+ NOTE: https://www.drupal.org/sa-core-2020-013
+CVE-2020-28948 (Archive_Tar through 1.4.10 allows an unserialization attack because ph ...)
+ {DSA-4817-1 DLA-2466-1 DLA-2465-1}
+ - drupal7 <removed>
+ - php-pear 1:1.10.9+submodules+notgz-1.1 (bug #976108)
+ NOTE: https://github.com/pear/Archive_Tar/issues/33
+ NOTE: https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
+ NOTE: https://www.drupal.org/sa-core-2020-013
+CVE-2020-28947 (In MISP 2.4.134, XSS exists in the template element index view because ...)
+ NOT-FOR-US: MISP
+CVE-2020-28946 (An improper webserver configuration on Plum IK-401 devices with firmwa ...)
+ NOT-FOR-US: Plum IK-401 devices
+CVE-2020-28945 (OX App Suite 7.10.4 and earlier allows XSS via crafted content to reac ...)
+ NOT-FOR-US: OX App Suite
+CVE-2020-28944 (OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS serve ...)
+ NOT-FOR-US: OX Guard
+CVE-2020-28943 (OX App Suite 7.10.4 and earlier allows SSRF via a snippet. ...)
+ NOT-FOR-US: OX App Suite
+CVE-2020-28942 (An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST ...)
+ NOT-FOR-US: PrimeKey EJBCA
+CVE-2020-28941 (An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c i ...)
+ {DLA-2483-1}
+ - linux 5.9.11-1
+ [buster] - linux 4.19.160-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/19/3
+CVE-2020-28940 (On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admi ...)
+ NOT-FOR-US: Western Digital My Cloud OS 5 devices
+CVE-2020-28939 (OpenClinic version 0.8.2 is affected by a medical/test_new.php insecur ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-28938 (OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-28937 (OpenClinic version 0.8.2 is affected by a missing authentication vulne ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-28936
+ RESERVED
+CVE-2020-28935 (NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs ...)
+ {DLA-2556-1}
+ - nsd 4.3.4-1
+ [buster] - nsd <no-dsa> (Minor issue)
+ [stretch] - nsd <no-dsa> (Minor issue)
+ - unbound 1.13.0-1 (bug #977165)
+ [buster] - unbound <no-dsa> (Minor issue)
+ [stretch] - unbound <end-of-life> (DSA 4694-1)
+ NOTE: https://www.nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt
+ NOTE: https://github.com/NLnetLabs/nsd/commit/a4caec3137a1bc9eca05d38d66e2bce572ca9bd3 (NSD_4_3_4_RC1)
+ NOTE: https://github.com/NLnetLabs/unbound/issues/303
+ NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/ad387832979b6ce4c93f64fe706301cd7d034e87 (release-1.13.0rc1)
+CVE-2020-28934
+ RESERVED
+CVE-2020-28933
+ RESERVED
+CVE-2020-28932
+ RESERVED
+CVE-2020-28931 (Lack of an anti-CSRF token in the entire administrative interface in E ...)
+ NOT-FOR-US: EPSON
+CVE-2020-28930 (A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete us ...)
+ NOT-FOR-US: Epson
+CVE-2020-28929 (Unrestricted access to the log downloader functionality in EPSON EPS T ...)
+ NOT-FOR-US: Epson
+CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...)
+ {DLA-2474-1}
+ - musl 1.2.2-1 (bug #975365)
+ [buster] - musl <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4
+CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User Registration sectio ...)
+ NOT-FOR-US: Magicpin
+CVE-2020-28926 (ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code exe ...)
+ {DSA-4806-1 DLA-2489-1}
+ - minidlna 1.2.1+dfsg-3 (bug #976595)
+ NOTE: https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/
+ NOTE: https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a (v1_3_0)
+CVE-2020-28925 (Bolt before 3.7.2 does not restrict filter options in a Request in the ...)
+ NOT-FOR-US: Bolt CMS
+CVE-2020-28924 (An issue was discovered in Rclone before 1.53.3. Due to the use of a w ...)
+ - rclone 1.53.3-1 (bug #975324)
+ [buster] - rclone <not-affected> (Vulnerable code introduced later)
+ [stretch] - rclone <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/rclone/rclone/issues/4783
+ NOTE: Introduced by: https://github.com/rclone/rclone/commit/193c30d57038017370594d5bc8ee9bc32580ddf2 (v1.49.0)
+ NOTE: Fixed by: https://github.com/rclone/rclone/commit/7985df37681f54d013816a4641da4f9b085b3aa5 (master)
+ NOTE: Fixed by: https://github.com/rclone/rclone/commit/f0905499e340f9e73e2552cf0c8b79cbf14ecbc4 (master)
+ NOTE: Fixed by: https://github.com/rclone/rclone/commit/4c215cc81ec6143ae3c64633700cb341ca28df2d (v1.53.3)
+ NOTE: Fixed by: https://github.com/rclone/rclone/commit/c8b11d27e1fe261fdfba6b8910fda69356c9c777 (v1.53.3)
+CVE-2020-28923 (An issue was discovered in Play Framework 2.8.0 through 2.8.4. Careful ...)
+ NOT-FOR-US: Play Framework
+CVE-2020-28922 (An issue was discovered in Devid Espenschied PC Analyser through 4.10. ...)
+ NOT-FOR-US: Devid Espenschied PC Analyser
+CVE-2020-28921 (An issue was discovered in Devid Espenschied PC Analyser through 4.10. ...)
+ NOT-FOR-US: Devid Espenschied PC Analyser
+CVE-2020-28920
+ RESERVED
+CVE-2020-28919 (A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x pr ...)
+ - check-mk <removed>
+CVE-2020-28918 (DualShield 5.9.8.0821 allows username enumeration on its login form. A ...)
+ NOT-FOR-US: DualShield
+CVE-2020-28917 (An issue was discovered in the view_statistics (aka View frontend stat ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2020-28916 (hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX desc ...)
+ {DLA-2560-1}
+ - qemu 1:5.2+dfsg-1 (bug #976388; bug #974687)
+ [buster] - qemu <postponed> (Fix along in future DSA)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/12/01/2
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893895 (duplicate)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03552.html (duplicate)
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a (v5.2.0-rc3)
+CVE-2020-28915 (A buffer over-read (at the framebuffer layer) in the fbcon code in the ...)
+ - linux 5.9.1-1
+ [buster] - linux 4.19.152-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/5af08640795b2b9a940c9266c0260455377ae262
+CVE-2020-28914 (An improper file permissions vulnerability affects Kata Containers pri ...)
+ NOT-FOR-US: Kata Containers
+CVE-2020-28913
+ RESERVED
+CVE-2020-28912 (With MariaDB running on Windows, when local clients connect to the ser ...)
+ - mariadb-10.5 <not-affected> (Only affects MariaDB on Windows)
+ - mariadb-10.3 <not-affected> (Only affects MariaDB on Windows)
+ - mariadb-10.1 <not-affected> (Only affects MariaDB on Windows)
+ NOTE: https://jira.mariadb.org/browse/MDEV-24040
+ NOTE: https://github.com/MariaDB/server/commit/3829b408d6
+CVE-2020-28911 (Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low ...)
+ NOT-FOR-US: Nagios Fusion
+CVE-2020-28910 (Creation of a Temporary Directory with Insecure Permissions in Nagios ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-28909 (Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows f ...)
+ NOT-FOR-US: Nagios Fusion
+CVE-2020-28908 (Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privil ...)
+ NOT-FOR-US: Nagios Fusion
+CVE-2020-28907 (Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlie ...)
+ NOT-FOR-US: Nagios Fusion
+CVE-2020-28906 (Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios F ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-28905 (Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an ...)
+ NOT-FOR-US: Nagios Fusion
+CVE-2020-28904 (Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earli ...)
+ NOT-FOR-US: Nagios Fusion
+CVE-2020-28903 (Improper input validation in Nagios Fusion 4.1.8 and earlier allows a ...)
+ NOT-FOR-US: Nagios Fusion
+CVE-2020-28902 (Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege ...)
+ NOT-FOR-US: Nagios Fusion
+CVE-2020-28901 (Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privil ...)
+ NOT-FOR-US: Nagios Fusion
+CVE-2020-28900 (Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 ...)
+ NOT-FOR-US: Nagios Fusion
+CVE-2020-28899 (The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does ...)
+ NOT-FOR-US: ZyXEL
+CVE-2020-28898 (In QED ResourceXpress through 4.9k, a large numeric or alphanumeric va ...)
+ NOT-FOR-US: QED ResourceXpress
+CVE-2020-28897
RESERVED
-CVE-2020-13591
+CVE-2020-28896 (Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $s ...)
+ {DLA-2472-1}
+ - mutt 2.0.2-1
+ [buster] - mutt 1.10.1-2.1+deb10u4
+ - neomutt 20201120+dfsg.1-1
+ [buster] - neomutt 20180716+dfsg.1-1+deb10u2
+ NOTE: https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
+ NOTE: https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06
+CVE-2020-28895 (In Wind River VxWorks, memory allocator has a possible overflow in cal ...)
+ NOT-FOR-US: Wind River VxWorks
+CVE-2020-28894
RESERVED
-CVE-2020-13590
+CVE-2020-28893
RESERVED
-CVE-2020-13589
+CVE-2020-28892
RESERVED
-CVE-2020-13588
+CVE-2020-28891
RESERVED
-CVE-2020-13587
+CVE-2020-28890
RESERVED
-CVE-2020-13586
+CVE-2020-28889
RESERVED
-CVE-2020-13585
+CVE-2020-28888
RESERVED
-CVE-2020-13584
+CVE-2020-28887
RESERVED
-CVE-2020-13583
+CVE-2020-28886
RESERVED
-CVE-2020-13582
+CVE-2020-28885 (** DISPUTED ** Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is ...)
+ NOT-FOR-US: Liferay
+CVE-2020-28884 (Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS ...)
+ NOT-FOR-US: Liferay
+CVE-2020-28883
RESERVED
-CVE-2020-13581
+CVE-2020-28882
RESERVED
-CVE-2020-13580
+CVE-2020-28881
RESERVED
-CVE-2020-13579
+CVE-2020-28880
RESERVED
-CVE-2020-13578
+CVE-2020-28879
RESERVED
-CVE-2020-13577
+CVE-2020-28878
RESERVED
-CVE-2020-13576
+CVE-2020-28877 (Buffer overflow in in the copy_msg_element function for the devDiscove ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-28876
RESERVED
-CVE-2020-13575
+CVE-2020-28875
RESERVED
-CVE-2020-13574
+CVE-2020-28874 (reset-password.php in ProjectSend before r1295 allows remote attackers ...)
+ NOT-FOR-US: ProjectSend
+CVE-2020-28873 (Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability b ...)
+ NOT-FOR-US: Fluxbb
+CVE-2020-28872 (An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/ ...)
+ NOT-FOR-US: Monitorr
+CVE-2020-28871 (Remote code execution in Monitorr v1.7.6m in upload.php allows an unau ...)
+ NOT-FOR-US: Monitorr
+CVE-2020-28870 (In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code o ...)
+ NOT-FOR-US: InoERP
+CVE-2020-28869
RESERVED
-CVE-2020-13573
+CVE-2020-28868
RESERVED
-CVE-2020-13572
+CVE-2020-28867
RESERVED
-CVE-2020-13571
+CVE-2020-28866
RESERVED
-CVE-2020-13570
+CVE-2020-28865
RESERVED
-CVE-2020-13569
+CVE-2020-28864 (Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to caus ...)
+ NOT-FOR-US: WinSCP
+CVE-2020-28863
RESERVED
-CVE-2020-13568
+CVE-2020-28862
RESERVED
-CVE-2020-13567
+CVE-2020-28861 (OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to ...)
+ NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
+CVE-2020-28860 (OpenAssetDigital Asset Management (DAM) through 12.0.19 does not corre ...)
+ NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
+CVE-2020-28859 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
+ NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
+CVE-2020-28858 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
+ NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
+CVE-2020-28857 (OpenAsset Digital Asset Management (DAM) through 12.0.19, does not cor ...)
+ NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
+CVE-2020-28856 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
+ NOT-FOR-US: OpenAsset Digital Asset Management (DAM)
+CVE-2020-28855
RESERVED
-CVE-2020-13566
+CVE-2020-28854
RESERVED
-CVE-2020-13565
+CVE-2020-28853
RESERVED
-CVE-2020-13564
+CVE-2020-28852 (In x/text in Go before v0.3.5, a "slice bounds out of range" panic occ ...)
+ - golang-golang-x-text 0.3.5-1 (bug #980002)
+ - golang-x-text <removed>
+ [buster] - golang-x-text <no-dsa> (Minor issue)
+ [stretch] - golang-x-text <no-dsa> (Minor issue. Golang has limited support in stretch.)
+ NOTE: https://github.com/golang/go/issues/42536
+ NOTE: https://github.com/golang/text/commit/4482a914f52311356f6f4b7a695d4075ca22c0c6 (v0.3.5)
+CVE-2020-28851 (In x/text in Go 1.15.4, an "index out of range" panic occurs in langua ...)
+ - golang-golang-x-text 0.3.6-1 (bug #980001)
+ - golang-x-text <removed>
+ [buster] - golang-x-text <no-dsa> (Minor issue)
+ [stretch] - golang-x-text <no-dsa> (Minor issue. Golang has limited support in stretch.)
+ NOTE: https://github.com/golang/go/issues/42535
+CVE-2020-28850
RESERVED
-CVE-2020-13563
+CVE-2020-28849
RESERVED
-CVE-2020-13562
+CVE-2020-28848
RESERVED
-CVE-2020-13561
+CVE-2020-28847
RESERVED
-CVE-2020-13560
+CVE-2020-28846 (Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 ...)
+ NOT-FOR-US: SeaCMS
+CVE-2020-28845 (A CSV injection vulnerability in the Admin portal for Netskope 75.0 al ...)
+ NOT-FOR-US: Admin portal for Netskope
+CVE-2020-28844
RESERVED
-CVE-2020-13559
+CVE-2020-28843
RESERVED
-CVE-2020-13558
+CVE-2020-28842
RESERVED
-CVE-2020-13557
+CVE-2020-28841 (MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cau ...)
+ NOT-FOR-US: DriverGenius
+CVE-2020-28840
RESERVED
-CVE-2020-13556
+CVE-2020-28839
RESERVED
-CVE-2020-13555
+CVE-2020-28838 (Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Open ...)
+ NOT-FOR-US: OpenCart
+CVE-2020-28837
RESERVED
-CVE-2020-13554
+CVE-2020-28836
RESERVED
-CVE-2020-13553
+CVE-2020-28835
RESERVED
-CVE-2020-13552
+CVE-2020-28834
RESERVED
-CVE-2020-13551
+CVE-2020-28833
RESERVED
-CVE-2020-13550
+CVE-2020-28832
RESERVED
-CVE-2020-13549
+CVE-2020-28831
RESERVED
-CVE-2020-13548
+CVE-2020-28830
RESERVED
-CVE-2020-13547
+CVE-2020-28829
RESERVED
-CVE-2020-13546
+CVE-2020-28828
RESERVED
-CVE-2020-13545
+CVE-2020-28827
RESERVED
-CVE-2020-13544
+CVE-2020-28826
RESERVED
-CVE-2020-13543
+CVE-2020-28825
RESERVED
-CVE-2020-13542
+CVE-2020-28824
RESERVED
-CVE-2020-13541
+CVE-2020-28823
RESERVED
-CVE-2020-13540
+CVE-2020-28822
RESERVED
-CVE-2020-13539
+CVE-2020-28821
RESERVED
-CVE-2020-13538
+CVE-2020-28820
RESERVED
-CVE-2020-13537
+CVE-2020-28819
RESERVED
-CVE-2020-13536
+CVE-2020-28818
RESERVED
-CVE-2020-13535
+CVE-2020-28817
RESERVED
-CVE-2020-13534
+CVE-2020-28816
RESERVED
-CVE-2020-13533
+CVE-2020-28815
RESERVED
-CVE-2020-13532
+CVE-2020-28814
RESERVED
-CVE-2020-13531
+CVE-2020-28813
RESERVED
-CVE-2020-13530
+CVE-2020-28812
RESERVED
-CVE-2020-13529
+CVE-2020-28811
RESERVED
-CVE-2020-13528
+CVE-2020-28810
RESERVED
-CVE-2020-13527
+CVE-2020-28809
RESERVED
-CVE-2020-13526
+CVE-2020-28808
RESERVED
-CVE-2020-13525
+CVE-2020-28807
RESERVED
-CVE-2020-13524
+CVE-2020-28806
RESERVED
-CVE-2020-13523
+CVE-2020-28805
RESERVED
-CVE-2020-13522
+CVE-2020-28804
RESERVED
-CVE-2020-13521
+CVE-2020-28803
RESERVED
-CVE-2020-13520
+CVE-2020-28802
RESERVED
-CVE-2020-13519
+CVE-2020-28801
RESERVED
-CVE-2020-13518
+CVE-2020-28800
RESERVED
-CVE-2020-13517
+CVE-2020-28799
RESERVED
-CVE-2020-13516
+CVE-2020-28798
RESERVED
-CVE-2020-13515
+CVE-2020-28797
RESERVED
-CVE-2020-13514
+CVE-2020-28796
RESERVED
-CVE-2020-13513
+CVE-2020-28795
RESERVED
-CVE-2020-13512
+CVE-2020-28794
RESERVED
-CVE-2020-13511
+CVE-2020-28793
RESERVED
-CVE-2020-13510
+CVE-2020-28792
RESERVED
-CVE-2020-13509
+CVE-2020-28791
RESERVED
-CVE-2020-13508
+CVE-2020-28790
RESERVED
-CVE-2020-13507
+CVE-2020-28789
RESERVED
-CVE-2020-13506
+CVE-2020-28788
RESERVED
-CVE-2020-13505
+CVE-2020-28787
RESERVED
-CVE-2020-13504
+CVE-2020-28786
RESERVED
-CVE-2020-13503
+CVE-2020-28785
RESERVED
-CVE-2020-13502
+CVE-2020-28784
RESERVED
-CVE-2020-13501
+CVE-2020-28783
RESERVED
-CVE-2020-13500
+CVE-2020-28782
RESERVED
-CVE-2020-13499
+CVE-2020-28781
RESERVED
-CVE-2020-13498
+CVE-2020-28780
RESERVED
-CVE-2020-13497
+CVE-2020-28779
RESERVED
-CVE-2020-13496
+CVE-2020-28778
RESERVED
-CVE-2020-13495
+CVE-2020-28777
RESERVED
-CVE-2020-13494
+CVE-2020-28776
RESERVED
-CVE-2020-13493
+CVE-2020-28775
RESERVED
-CVE-2020-13492
+CVE-2020-28774
RESERVED
-CVE-2020-13491
+CVE-2020-28773
RESERVED
-CVE-2020-13490
+CVE-2020-28772
RESERVED
-CVE-2020-13489
+CVE-2020-28771
RESERVED
-CVE-2020-13488
+CVE-2020-28770
RESERVED
-CVE-2020-13487 (The bbPress plugin through 2.6.4 for WordPress has stored XSS in the F ...)
+CVE-2020-28769
+ RESERVED
+CVE-2020-28768
+ RESERVED
+CVE-2020-28767
+ RESERVED
+CVE-2020-28766
+ RESERVED
+CVE-2020-28765
+ RESERVED
+CVE-2020-28764
+ RESERVED
+CVE-2020-28763
+ RESERVED
+CVE-2020-28762
+ RESERVED
+CVE-2020-28761
+ RESERVED
+CVE-2020-28760
+ RESERVED
+CVE-2020-28759 (** DISPUTED ** The serializer module in OAID Tengine lite-v1.0 has a B ...)
+ NOT-FOR-US: OAID Tengine
+CVE-2020-28758
+ RESERVED
+CVE-2020-28757
+ RESERVED
+CVE-2020-28756
+ RESERVED
+CVE-2020-28755
+ RESERVED
+CVE-2020-28754
+ RESERVED
+CVE-2020-28753
+ RESERVED
+CVE-2020-28752
+ RESERVED
+CVE-2020-28751
+ RESERVED
+CVE-2020-28750
+ RESERVED
+CVE-2020-28749
+ RESERVED
+CVE-2020-28748
+ RESERVED
+CVE-2020-28747
+ RESERVED
+CVE-2020-28746
+ RESERVED
+CVE-2020-28745
+ RESERVED
+CVE-2020-28744
+ RESERVED
+CVE-2020-28743
+ RESERVED
+CVE-2020-28742
+ RESERVED
+CVE-2020-28741
+ RESERVED
+CVE-2020-28740
+ RESERVED
+CVE-2020-28739
+ RESERVED
+CVE-2020-28738
+ RESERVED
+CVE-2020-28737
+ RESERVED
+CVE-2020-28736 (Plone before 5.2.3 allows XXE attacks via a feature that is protected ...)
+ NOT-FOR-US: Plone
+CVE-2020-28735 (Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (onl ...)
+ NOT-FOR-US: Plone
+CVE-2020-28734 (Plone before 5.2.3 allows XXE attacks via a feature that is explicitly ...)
+ NOT-FOR-US: Plone
+CVE-2020-28733
+ RESERVED
+CVE-2020-28732
+ RESERVED
+CVE-2020-28731
+ RESERVED
+CVE-2020-28730
+ RESERVED
+CVE-2020-28729
+ RESERVED
+CVE-2020-28728
+ RESERVED
+CVE-2020-28727 (Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid p ...)
+ NOT-FOR-US: SeedDMS
+CVE-2020-28726 (Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter ...)
+ NOT-FOR-US: SeedDMS
+CVE-2020-28725
+ RESERVED
+CVE-2020-28724 (Open redirect vulnerability in werkzeug before 0.11.6 via a double sla ...)
+ - python-werkzeug 0.11.9+dfsg1-1
+ NOTE: https://github.com/pallets/werkzeug/issues/822
+ NOTE: https://github.com/pallets/werkzeug/pull/890
+CVE-2020-28723 (Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. ...)
+ NOT-FOR-US: CloudAvid
+CVE-2020-28722 (Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 c ...)
+ NOT-FOR-US: Deskpro Cloud Platform
+CVE-2020-28721
+ RESERVED
+CVE-2020-28720
+ RESERVED
+CVE-2020-28719
+ RESERVED
+CVE-2020-28718
+ RESERVED
+CVE-2020-28717
+ RESERVED
+CVE-2020-28716
+ RESERVED
+CVE-2020-28715
+ RESERVED
+CVE-2020-28714
+ RESERVED
+CVE-2020-28713 (Incorrect access control in push notification service in Night Owl Sma ...)
+ NOT-FOR-US: Night Owl Smart Doorbell
+CVE-2020-28712
+ RESERVED
+CVE-2020-28711
+ RESERVED
+CVE-2020-28710
+ RESERVED
+CVE-2020-28709
+ RESERVED
+CVE-2020-28708
+ RESERVED
+CVE-2020-28707 (The Stockdio Historical Chart plugin before 2.8.1 for WordPress is aff ...)
+ NOT-FOR-US: Stockdio Historical Chart plugin for WordPress
+CVE-2020-28706
+ RESERVED
+CVE-2020-28705 (FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerabi ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2020-28704
+ RESERVED
+CVE-2020-28703
+ RESERVED
+CVE-2020-28702 (A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 al ...)
+ NOT-FOR-US: PybbsCMS
+CVE-2020-28701
+ RESERVED
+CVE-2020-28700
+ RESERVED
+CVE-2020-28699
+ RESERVED
+CVE-2020-28698
+ RESERVED
+CVE-2020-28697
+ RESERVED
+CVE-2020-28696
+ RESERVED
+CVE-2020-28695 (Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices ...)
+ NOT-FOR-US: Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices
+CVE-2020-28694
+ RESERVED
+CVE-2020-28693 (An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an ...)
+ NOT-FOR-US: HorizontCMS
+CVE-2020-28692 (In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and ...)
+ NOT-FOR-US: Gila CMS
+CVE-2020-28691
+ RESERVED
+CVE-2020-28690
+ RESERVED
+CVE-2020-28689
+ RESERVED
+CVE-2020-28688 (The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCR ...)
+ NOT-FOR-US: Artworks Gallery
+CVE-2020-28687 (The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASC ...)
+ NOT-FOR-US: Artworks Gallery
+CVE-2020-28686
+ RESERVED
+CVE-2020-28685
+ RESERVED
+CVE-2020-28684
+ RESERVED
+CVE-2020-28683
+ RESERVED
+CVE-2020-28682
+ RESERVED
+CVE-2020-28681
+ RESERVED
+CVE-2020-28680
+ RESERVED
+CVE-2020-28679 (A vulnerability in the showReports module of Zoho ManageEngine Applica ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2020-28678
+ RESERVED
+CVE-2020-28677
+ RESERVED
+CVE-2020-28676
+ RESERVED
+CVE-2020-28675
+ RESERVED
+CVE-2020-28674
+ RESERVED
+CVE-2020-28673
+ RESERVED
+CVE-2020-28672 (MonoCMS Blog 1.0 is affected by incorrect access control that can lead ...)
+ NOT-FOR-US: MonoCMS Blog
+CVE-2020-28671
+ RESERVED
+CVE-2020-28670
+ RESERVED
+CVE-2020-28669
+ RESERVED
+CVE-2020-28668
+ RESERVED
+CVE-2020-28667
+ RESERVED
+CVE-2020-28666
+ RESERVED
+CVE-2020-28665
+ RESERVED
+CVE-2020-28664
+ RESERVED
+CVE-2020-28663
+ RESERVED
+CVE-2020-28662
+ RESERVED
+CVE-2020-28661
+ RESERVED
+CVE-2020-28660
+ RESERVED
+CVE-2020-28659
+ RESERVED
+CVE-2020-28658
+ RESERVED
+CVE-2020-28657 (In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) a ...)
+ NOT-FOR-US: bPanel
+CVE-2020-28656 (The update functionality of the Discover Media infotainment system in ...)
+ NOT-FOR-US: 3Discover Media infotainment system in Volkswagen Polo 2019 vehicles
+CVE-2020-28655
+ RESERVED
+CVE-2020-28654
+ RESERVED
+CVE-2020-28653 (Zoho ManageEngine OpManager Stable build before 125203 (and Released b ...)
+ NOT-FOR-US: Zoho ManageEngine OpManager Stable
+CVE-2020-28652
+ RESERVED
+CVE-2020-28651
+ RESERVED
+CVE-2020-28650 (The WPBakery plugin before 6.4.1 for WordPress allows XSS because it c ...)
+ NOT-FOR-US: WPBakery plugin for WordPress
+CVE-2020-28649 (The orbisius-child-theme-creator plugin before 1.5.2 for WordPress all ...)
+ NOT-FOR-US: orbisius-child-theme-creator plugin for WordPress
+CVE-2020-28648 (Improper input validation in the Auto-Discovery component of Nagios XI ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-28647 (In Progress MOVEit Transfer before 2020.1, a malicious user could craf ...)
+ NOT-FOR-US: Progress MOVEit Transfer
+CVE-2020-28646 (ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop ...)
+ - owncloud <removed>
+CVE-2020-28645 (Deleting users with certain names caused system files to be deleted. R ...)
+ - owncloud <removed>
+CVE-2020-28644 (The CSRF (Cross Site Request Forgery) token check was improperly imple ...)
+ - owncloud <removed>
+CVE-2020-28643
+ RESERVED
+CVE-2020-28642 (In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail gener ...)
+ NOT-FOR-US: InfiniteWP Admin Panel
+CVE-2020-28641 (In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an a ...)
+ NOT-FOR-US: Malwarebytes Free
+CVE-2020-28640
+ RESERVED
+CVE-2020-28639
+ RESERVED
+CVE-2020-28638 (ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-c ...)
+ - tomb 2.8+dfsg1-1 (bug #974719; bug #975084)
+ [buster] - tomb <not-affected> (Vulnerability introduced later)
+ NOTE: https://github.com/dyne/Tomb/issues/385
+ NOTE: Introduced by: https://github.com/dyne/Tomb/commit/477ab204439ddb88d7293d3c35a29e29751feda9 (v2.6)
+ NOTE: https://github.com/dyne/Tomb/pull/386
+ NOTE: Attempted to be fixed via: https://github.com/dyne/Tomb/commit/15c894dfb41db3ea3290bdf8f958fd9e3503c4bb
+ NOTE: which only hides the problem.
+ NOTE: https://github.com/dyne/Tomb/issues/392
+CVE-2020-28637
+ RESERVED
+CVE-2020-28636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ {DLA-2649-1}
+ - cgal 5.2-3 (bug #985671)
+ [buster] - cgal <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
+CVE-2020-28635
+ RESERVED
+CVE-2020-28634
+ RESERVED
+CVE-2020-28633
+ RESERVED
+CVE-2020-28632
+ RESERVED
+CVE-2020-28631
+ RESERVED
+CVE-2020-28630
+ RESERVED
+CVE-2020-28629
+ RESERVED
+CVE-2020-28628
+ RESERVED
+CVE-2020-28627
+ RESERVED
+CVE-2020-28626
+ RESERVED
+CVE-2020-28625
+ RESERVED
+CVE-2020-28624
+ RESERVED
+CVE-2020-28623
+ RESERVED
+CVE-2020-28622
+ RESERVED
+CVE-2020-28621
+ RESERVED
+CVE-2020-28620
+ RESERVED
+CVE-2020-28619
+ RESERVED
+CVE-2020-28618
+ RESERVED
+CVE-2020-28617
+ RESERVED
+CVE-2020-28616
+ RESERVED
+CVE-2020-28615
+ RESERVED
+CVE-2020-28614
+ RESERVED
+CVE-2020-28613
+ RESERVED
+CVE-2020-28612
+ RESERVED
+CVE-2020-28611
+ RESERVED
+CVE-2020-28610
+ RESERVED
+CVE-2020-28609
+ RESERVED
+CVE-2020-28608
+ RESERVED
+CVE-2020-28607
+ RESERVED
+CVE-2020-28606
+ RESERVED
+CVE-2020-28605
+ RESERVED
+CVE-2020-28604
+ RESERVED
+CVE-2020-28603
+ RESERVED
+CVE-2020-28602
+ RESERVED
+CVE-2020-28601 (A code execution vulnerability exists in the Nef polygon-parsing funct ...)
+ {DLA-2649-1}
+ - cgal 5.2-3 (bug #985671)
+ [buster] - cgal <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
+CVE-2020-28600 (An out-of-bounds write vulnerability exists in the import_stl.cc:impor ...)
+ - openscad 2021.01-1 (bug #996020)
+ [buster] - openscad <no-dsa> (Minor issue)
+ [stretch] - openscad <not-affected> (Vulnerable code introduced later)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1224
+ NOTE: introduced at https://github.com/openscad/openscad/commit/25ec72ce0770115ad62c17fe10ee7464ac256391
+ NOTE: vulnerable code removed at https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874
+CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import_stl.c ...)
+ - openscad 2021.01-1 (bug #996020)
+ [buster] - openscad <no-dsa> (Minor issue)
+ [stretch] - openscad <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1223
+ NOTE: https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874
+CVE-2020-28598 (An out-of-bounds write vulnerability exists in the Admesh stl_fix_norm ...)
+ NOT-FOR-US: Prusa Research PrusaSlicer
+CVE-2020-28597 (A predictable seed vulnerability exists in the password reset function ...)
+ NOT-FOR-US: Epignosis EfrontPro
+CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objparser::o ...)
+ NOT-FOR-US: PrusaSlicer
+CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() ...)
+ NOT-FOR-US: PrusaSlicer
+CVE-2020-28594 (A use-after-free vulnerability exists in the _3MF_Importer::_handle_en ...)
+ NOT-FOR-US: PrusaSlicer
+CVE-2020-28593 (A unauthenticated backdoor exists in the configuration server function ...)
+ NOT-FOR-US: Cosori Smart 5.8-Quart Air Fryer CS158-AF
+CVE-2020-28592 (A heap-based buffer overflow vulnerability exists in the configuration ...)
+ NOT-FOR-US: Cosori Smart 5.8-Quart Air Fryer CS158-AF
+CVE-2020-28591 (An out-of-bounds read vulnerability exists in the AMF File AMFParserCo ...)
+ - slic3r 1.3.0+dfsg1-4 (unimportant; bug #985620)
+ [stretch] - slic3r <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1215
+ NOTE: https://github.com/slic3r/Slic3r/issues/5061
+ NOTE: https://github.com/slic3r/Slic3r/pull/5063
+ NOTE: Crash in enduser application, no security impact
+CVE-2020-28590 (An out-of-bounds read vulnerability exists in the Obj File TriangleMes ...)
+ - slic3r <unfixed> (unimportant)
+ [stretch] - slic3r <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1213
+ NOTE: https://github.com/slic3r/Slic3r/issues/5074
+ NOTE: Crash in enduser application, no security impact
+CVE-2020-28589 (An improper array index validation vulnerability exists in the LoadObj ...)
+ - tinyobjloader <undetermined>
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1212
+CVE-2020-28588 (An information disclosure vulnerability exists in the /proc/pid/syscal ...)
+ - linux 5.9.15-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/4f134b89a24b965991e7c345b9a4591821f7c2a6
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211
+CVE-2020-28587 (A specially crafted document can cause the document parser to copy dat ...)
+ NOT-FOR-US: SoftMaker
+CVE-2020-28586
+ RESERVED
+CVE-2020-28585
+ RESERVED
+CVE-2020-28584
+ RESERVED
+CVE-2020-28583 (An improper access control information disclosure vulnerability in Tre ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-28582 (An improper access control information disclosure vulnerability in Tre ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-28581 (A command injection vulnerability in ModifyVLANItem of Trend Micro Int ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-28580 (A command injection vulnerability in AddVLANItem of Trend Micro InterS ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-28579 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-28578 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-28577 (An improper access control information disclosure vulnerability in Tre ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-28576 (An improper access control information disclosure vulnerability in Tre ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-28575 (A heap-based buffer overflow privilege escalation vulnerability in Tre ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-28574 (A unauthenticated path traversal arbitrary remote file deletion vulner ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-28573 (An improper access control information disclosure vulnerability in Tre ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-28572 (A vulnerability in Trend Micro Apex One could allow an unprivileged us ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-28571
+ RESERVED
+CVE-2020-28570
+ RESERVED
+CVE-2020-28569
+ RESERVED
+CVE-2020-28568
+ RESERVED
+CVE-2020-28567
+ RESERVED
+CVE-2020-28566
+ RESERVED
+CVE-2020-28565
+ RESERVED
+CVE-2020-28564
+ RESERVED
+CVE-2020-28563
+ RESERVED
+CVE-2020-28562
+ RESERVED
+CVE-2020-28561
+ RESERVED
+CVE-2020-28560
+ RESERVED
+CVE-2020-28559
+ RESERVED
+CVE-2020-28558
+ RESERVED
+CVE-2020-28557
+ RESERVED
+CVE-2020-28556
+ RESERVED
+CVE-2020-28555
+ RESERVED
+CVE-2020-28554
+ RESERVED
+CVE-2020-28553
+ RESERVED
+CVE-2020-28552
+ RESERVED
+CVE-2020-28551
+ RESERVED
+CVE-2020-28550
+ RESERVED
+CVE-2020-28549
+ RESERVED
+CVE-2020-28548
+ RESERVED
+CVE-2020-28547
+ RESERVED
+CVE-2020-28546
+ RESERVED
+CVE-2020-28545
+ RESERVED
+CVE-2020-28544
+ RESERVED
+CVE-2020-28543
+ RESERVED
+CVE-2020-28542
+ RESERVED
+CVE-2020-28541
+ RESERVED
+CVE-2020-28540
+ RESERVED
+CVE-2020-28539
+ RESERVED
+CVE-2020-28538
+ RESERVED
+CVE-2020-28537
+ RESERVED
+CVE-2020-28536
+ RESERVED
+CVE-2020-28535
+ RESERVED
+CVE-2020-28534
+ RESERVED
+CVE-2020-28533
+ RESERVED
+CVE-2020-28532
+ RESERVED
+CVE-2020-28531
+ RESERVED
+CVE-2020-28530
+ RESERVED
+CVE-2020-28529
+ RESERVED
+CVE-2020-28528
+ RESERVED
+CVE-2020-28527
+ RESERVED
+CVE-2020-28526
+ RESERVED
+CVE-2020-28525
+ RESERVED
+CVE-2020-28524
+ RESERVED
+CVE-2020-28523
+ RESERVED
+CVE-2020-28522
+ RESERVED
+CVE-2020-28521
+ RESERVED
+CVE-2020-28520
+ RESERVED
+CVE-2020-28519
+ RESERVED
+CVE-2020-28518
+ RESERVED
+CVE-2020-28517
+ RESERVED
+CVE-2020-28516
+ RESERVED
+CVE-2020-28515
+ RESERVED
+CVE-2020-28514
+ RESERVED
+CVE-2020-28513
+ RESERVED
+CVE-2020-28512
+ RESERVED
+CVE-2020-28511
+ RESERVED
+CVE-2020-28510
+ RESERVED
+CVE-2020-28509
+ RESERVED
+CVE-2020-28508
+ RESERVED
+CVE-2020-28507
+ RESERVED
+CVE-2020-28506
+ RESERVED
+CVE-2020-28505
+ RESERVED
+CVE-2020-28504
+ RESERVED
+CVE-2020-28503 (The package copy-props before 2.0.5 are vulnerable to Prototype Pollut ...)
+ NOT-FOR-US: Node copy-props
+CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all versions of ...)
+ - node-xmlhttprequest 1.8.0-1
+ [stretch] - node-xmlhttprequest <end-of-life> (Nodejs in stretch not covered by security support)
+ - node-xmlhttprequest-ssl <unfixed>
+ [buster] - node-xmlhttprequest-ssl <ignored> (Minor issue, should possibly be removed from stable as well)
+ [stretch] - node-xmlhttprequest-ssl <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935
+ NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
+CVE-2020-28501 (This affects the package es6-crawler-detect before 3.1.3. No limitatio ...)
+ NOT-FOR-US: Node es6-crawler-detect
+CVE-2020-28500 (Lodash versions prior to 4.17.21 are vulnerable to Regular Expression ...)
+ - node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086)
+ [buster] - node-lodash <no-dsa> (Minor issue)
+ [stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1018905
+CVE-2020-28499 (All versions of package merge are vulnerable to Prototype Pollution vi ...)
+ NOTE: Only bogus references listed, unclear what this is about
+CVE-2020-28498 (The package elliptic before 6.5.4 are vulnerable to Cryptographic Issu ...)
+ - node-elliptic 6.5.4~dfsg-1
+ [buster] - node-elliptic <no-dsa> (Minor issue)
+ NOTE: https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f
+ NOTE: https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md
+CVE-2020-28497
+ RESERVED
+CVE-2020-28496 (This affects the package three before 0.125.0. This can happen when ha ...)
+ - three.js <not-affected> (Vulnerable code introduced later, #988726)
+ NOTE: https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e
+ NOTE: https://github.com/mrdoob/three.js/issues/21132
+CVE-2020-28495 (This affects the package total.js before 3.4.7. The set function can b ...)
+ NOT-FOR-US: Node total.js
+CVE-2020-28494 (This affects the package total.js before 3.4.7. The issue occurs in th ...)
+ NOT-FOR-US: Node total.js
+CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDo ...)
+ - jinja2 2.11.3-1 (bug #982736)
+ [buster] - jinja2 <no-dsa> (Minor issue)
+ [stretch] - jinja2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/pallets/jinja/pull/1343
+ NOTE: https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
+CVE-2020-28492
+ REJECTED
+CVE-2020-28491 (This affects the package com.fasterxml.jackson.dataformat:jackson-data ...)
+ - jackson-dataformat-cbor <unfixed> (bug #983664)
+ [bullseye] - jackson-dataformat-cbor <no-dsa> (Minor issue)
+ [buster] - jackson-dataformat-cbor <no-dsa> (Minor issue)
+ [stretch] - jackson-dataformat-cbor <no-dsa> (Minor issue; https://people.debian.org/~abhijith/CVE-2020-28491.txt)
+ NOTE: https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6
+ NOTE: https://github.com/FasterXML/jackson-dataformats-binary/issues/186
+CVE-2020-28490 (The package async-git before 1.13.2 are vulnerable to Command Injectio ...)
+ NOT-FOR-US: Node async-git
+CVE-2020-28489
+ RESERVED
+CVE-2020-28488
+ REJECTED
+CVE-2020-28487 (This affects the package vis-timeline before 7.4.4. An attacker with t ...)
+ NOT-FOR-US: vis-timeline
+CVE-2020-28486
+ RESERVED
+CVE-2020-28485
+ RESERVED
+CVE-2020-28484
+ RESERVED
+CVE-2020-28483 (This affects all versions of package github.com/gin-gonic/gin. When gi ...)
+ - golang-github-gin-gonic-gin <unfixed> (bug #988943)
+ [bullseye] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
+ [buster] - golang-github-gin-gonic-gin <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736
+ NOTE: https://github.com/gin-gonic/gin/pull/2474
+ NOTE: https://github.com/gin-gonic/gin/commit/c9ea8ece4a3881028f7f715f008414346a7f4b88
+CVE-2020-28482 (This affects the package fastify-csrf before 3.0.0. 1. The generated c ...)
+ NOT-FOR-US: Node fastify-csrf
+CVE-2020-28481 (The package socket.io before 2.4.0 are vulnerable to Insecure Defaults ...)
+ NOT-FOR-US: Node socket.io
+CVE-2020-28480 (The package jointjs before 3.3.0 are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node jointjs
+CVE-2020-28479 (The package jointjs before 3.3.0 are vulnerable to Denial of Service ( ...)
+ NOT-FOR-US: Node jointjs
+CVE-2020-28478 (This affects the package gsap before 3.6.0. ...)
+ NOT-FOR-US: Node gsap
+CVE-2020-28477 (This affects all versions of package immer. ...)
+ NOT-FOR-US: Node immer
+CVE-2020-28476
+ REJECTED
+CVE-2020-28475
+ RESERVED
+CVE-2020-28474
+ RESERVED
+CVE-2020-28473 (The package bottle from 0 and before 0.12.19 are vulnerable to Web Cac ...)
+ {DLA-2531-1}
+ - python-bottle 0.12.19-1
+ [buster] - python-bottle 0.12.15-2+deb10u1
+ NOTE: https://snyk.io/vuln/SNYK-PYTHON-BOTTLE-1017108
+ NOTE: Fixed by: https://github.com/bottlepy/bottle/commit/57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b (0.12.19)
+CVE-2020-28472 (This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0- ...)
+ NOT-FOR-US: aws-sdk-js
+CVE-2020-28471
+ RESERVED
+CVE-2020-28470 (This affects the package @scullyio/scully before 1.0.9. The transfer s ...)
+ NOT-FOR-US: scully
+CVE-2020-28469 (This affects the package glob-parent before 5.1.2. The enclosure regex ...)
+ - node-glob-parent 5.1.1+~5.1.0-2
+ [buster] - node-glob-parent 3.1.0-1+deb10u1
+ [stretch] - node-glob-parent <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
+ NOTE: https://github.com/gulpjs/glob-parent/commit/f9231168b0041fea3f8f954b3cceb56269fc6366
+CVE-2020-28468 (This affects the package pwntools before 4.3.1. The shellcraft generat ...)
+ NOT-FOR-US: pwntools
+CVE-2020-28467
+ RESERVED
+CVE-2020-28466 (This affects all versions of package github.com/nats-io/nats-server/se ...)
+ NOT-FOR-US: nats-server
+CVE-2020-28465
+ RESERVED
+CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the schema f ...)
+ NOT-FOR-US: Node djv
+CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side Reques ...)
+ - python-reportlab <unfixed>
+ [bullseye] - python-reportlab <no-dsa> (Minor issue)
+ [buster] - python-reportlab <no-dsa> (Minor issue)
+ [stretch] - python-reportlab <postponed> (Can be fixed in next DLA)
+ NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145
+CVE-2020-28462
+ RESERVED
+CVE-2020-28461
+ RESERVED
+CVE-2020-28460 (This affects the package multi-ini before 2.1.2. It is possible to pol ...)
+ NOT-FOR-US: Node multi-ini
+CVE-2020-28459
+ RESERVED
+CVE-2020-28458 (All versions of package datatables.net are vulnerable to Prototype Pol ...)
+ NOT-FOR-US: Node datatables.net
+CVE-2020-28457 (This affects the package s-cart/core before 4.4. The search functional ...)
+ NOT-FOR-US: s-cart/core
+CVE-2020-28456 (The package s-cart/core before 4.4 are vulnerable to Cross-site Script ...)
+ NOT-FOR-US: s-cart/core
+CVE-2020-28455
+ RESERVED
+CVE-2020-28454
+ RESERVED
+CVE-2020-28453
+ RESERVED
+CVE-2020-28452 (This affects the package com.softwaremill.akka-http-session:core_2.12 ...)
+ NOT-FOR-US: akka-http-session
+CVE-2020-28451
+ RESERVED
+CVE-2020-28450 (This affects all versions of package decal. The vulnerability is in th ...)
+ NOT-FOR-US: Node decal
+CVE-2020-28449 (This affects all versions of package decal. The vulnerability is in th ...)
+ NOT-FOR-US: Node decal
+CVE-2020-28448 (This affects the package multi-ini before 2.1.1. It is possible to pol ...)
+ NOT-FOR-US: Node multi-ini
+CVE-2020-28447
+ RESERVED
+CVE-2020-28446
+ RESERVED
+CVE-2020-28445
+ RESERVED
+CVE-2020-28444
+ RESERVED
+CVE-2020-28443
+ RESERVED
+CVE-2020-28442 (All versions of package js-data are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node js-data
+CVE-2020-28441
+ RESERVED
+CVE-2020-28440 (All versions of package corenlp-js-interface are vulnerable to Command ...)
+ NOT-FOR-US: corenlp-js-interface
+CVE-2020-28439 (This affects all versions of package corenlp-js-prefab. The injection ...)
+ NOT-FOR-US: corenlp-js-prefab
+CVE-2020-28438
+ RESERVED
+CVE-2020-28437
+ RESERVED
+CVE-2020-28436
+ RESERVED
+CVE-2020-28435
+ RESERVED
+CVE-2020-28434
+ RESERVED
+CVE-2020-28433
+ RESERVED
+CVE-2020-28432
+ REJECTED
+CVE-2020-28431
+ REJECTED
+CVE-2020-28430
+ REJECTED
+CVE-2020-28429 (All versions of package geojson2kml are vulnerable to Command Injectio ...)
+ NOT-FOR-US: Node geojson2kml
+CVE-2020-28428
+ RESERVED
+CVE-2020-28427
+ RESERVED
+CVE-2020-28426 (All versions of package kill-process-on-port are vulnerable to Command ...)
+ NOT-FOR-US: Node kill-process-on-port
+CVE-2020-28425
+ RESERVED
+CVE-2020-28424
+ RESERVED
+CVE-2020-28423
+ RESERVED
+CVE-2020-28422
+ RESERVED
+CVE-2020-28421 (CA Unified Infrastructure Management 20.1 and earlier contains a vulne ...)
+ NOT-FOR-US: CA Unified Infrastructure Management
+CVE-2020-28420
+ RESERVED
+CVE-2020-28419 (During installation with certain driver software or application packag ...)
+ NOT-FOR-US: HP
+CVE-2020-28418
+ RESERVED
+CVE-2020-28417
+ RESERVED
+CVE-2020-28416 (HP has identified a security vulnerability with the I.R.I.S. OCR (Opti ...)
+ NOT-FOR-US: HP
+CVE-2020-25710 (A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allo ...)
+ {DSA-4792-1 DLA-2481-1}
+ - openldap 2.4.56+dfsg-1
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9384
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2 (OPENLDAP_REL_ENG_2_4_56)
+CVE-2020-25709 (A flaw was found in OpenLDAP. This flaw allows an attacker who can sen ...)
+ {DSA-4792-1 DLA-2481-1}
+ - openldap 2.4.56+dfsg-1
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65 (OPENLDAP_REL_ENG_2_4_56)
+CVE-2020-28415 (A reflected cross-site scripting (XSS) vulnerability exists in the Tra ...)
+ NOT-FOR-US: TranzWare Payment Gateway
+CVE-2020-28414 (A reflected cross-site scripting (XSS) vulnerability exists in the Tra ...)
+ NOT-FOR-US: TranzWare Payment Gateway
+CVE-2020-28413 (In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" ...)
+ - mantis <removed>
+CVE-2020-28412
+ RESERVED
+CVE-2020-28411
+ RESERVED
+CVE-2020-28410
+ RESERVED
+CVE-2020-28409 (The server in Dundas BI through 8.0.0.1001 allows XSS via addition of ...)
+ NOT-FOR-US: Dundas BI
+CVE-2020-28408 (The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML labe ...)
+ NOT-FOR-US: Dundas BI
+CVE-2020-28407
+ RESERVED
+ - swtpm <not-affected> (Fixed before initial upload to the archive)
+CVE-2020-28406 (An improper authorization vulnerability exists in Star Practice Manage ...)
+ NOT-FOR-US: Star Practice Management Web
+CVE-2020-28405 (An improper authorization vulnerability exists in Star Practice Manage ...)
+ NOT-FOR-US: Star Practice Management Web
+CVE-2020-28404 (An improper authorization vulnerability exists in Star Practice Manage ...)
+ NOT-FOR-US: Star Practice Management Web
+CVE-2020-28403 (A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Pract ...)
+ NOT-FOR-US: Star Practice Management Web
+CVE-2020-28402 (An improper authorization vulnerability exists in Star Practice Manage ...)
+ NOT-FOR-US: Star Practice Management Web
+CVE-2020-28401 (An improper authorization vulnerability exists in Star Practice Manage ...)
+ NOT-FOR-US: Star Practice Management Web
+CVE-2020-28400 (A vulnerability has been identified in Development/Evaluation Kits for ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28399
+ RESERVED
+CVE-2020-28398
+ RESERVED
+CVE-2020-28397 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28394 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28393 (An unauthenticated remote attacker could create a permanent denial-of- ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28392 (A vulnerability has been identified in SIMARIS configuration (All vers ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28391 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core (V8.2), ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28389
+ RESERVED
+CVE-2020-28388 (A vulnerability has been identified in Capital VSTAR (All versions), N ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28387 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28386 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28385 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28384 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28383 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28382 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28381 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
+ NOT-FOR-US: Siemens
+CVE-2020-28380
+ RESERVED
+CVE-2020-28379
+ RESERVED
+CVE-2020-28378
+ RESERVED
+CVE-2020-28377
+ RESERVED
+CVE-2020-28376
+ RESERVED
+CVE-2020-28375
+ RESERVED
+CVE-2020-28374 (In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10. ...)
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
+ - linux 5.10.9-1
+ NOTE: https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12
+CVE-2020-28373 (upnpd on certain NETGEAR devices allows remote (LAN) attackers to exec ...)
+ NOT-FOR-US: Netgear
+CVE-2020-28372
+ RESERVED
+CVE-2020-28371 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...)
+ NOT-FOR-US: ReadyTalk Avian
+CVE-2020-28370
+ RESERVED
+CVE-2020-28369
+ RESERVED
+CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain sensitive ...)
+ {DSA-4804-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-351.html
+CVE-2020-28367 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. ...)
+ {DLA-2460-1}
+ - golang-1.15 1.15.5-1
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <ignored> (validation of cgo flags first introduced in golang-1.8 / CVE-2018-6574)
+ NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
+ NOTE: https://github.com/golang/go/issues/42556
+CVE-2020-28366 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. ...)
+ - golang-1.15 1.15.5-1
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <ignored> (Minor issue, too intrusive to backport)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <ignored> (Minor issue, too intrusive to backport)
+ NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
+ NOTE: https://github.com/golang/go/issues/42559
+CVE-2020-28365 (** UNSUPPORTED WHEN ASSIGNED ** Sentrifugo 3.2 allows Stored Cross-Sit ...)
+ NOT-FOR-US: Sentrifugo
+CVE-2020-28364 (A stored cross-site scripting (XSS) vulnerability affects the Web UI i ...)
+ NOT-FOR-US: Locust
+CVE-2020-28363
+ RESERVED
+CVE-2020-28362 (Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. ...)
+ - golang-1.15 1.15.5-1
+ - golang-1.11 <not-affected> (Vulnerable code introduced later)
+ - golang-1.8 <not-affected> (Vulnerable code introduced later)
+ - golang-1.7 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
+ NOTE: https://github.com/golang/go/issues/42552
+ NOTE: Introduced in: https://github.com/golang/go/commit/194ae3236d81cf16dc39b955efc1b9202b59d067 (go1.14beta1)
+ NOTE: Fixed by: https://github.com/golang/go/commit/1e1fa5903b760c6714ba17e50bf850b01f49135c
+CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 co ...)
+ {DLA-2494-1 DLA-2483-1}
+ - linux 5.9.9-1
+ [buster] - linux 4.19.160-1
+ NOTE: https://git.kernel.org/linus/3c4e0dff2095c579b142d5a0693257f1c58b4804
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/2
+CVE-2020-28361 (Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy So ...)
+ - kamailio 5.4.0-1
+ [buster] - kamailio <no-dsa> (Minor issue)
+ [stretch] - kamailio <no-dsa> (Minor issue)
+ NOTE: https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html
+CVE-2020-28360 (Insufficient RegEx in private-ip npm package v1.0.5 and below insuffic ...)
+ NOT-FOR-US: Node private-ip
+CVE-2020-28359
+ RESERVED
+CVE-2020-28358
+ RESERVED
+CVE-2020-28357
+ RESERVED
+CVE-2020-28356
+ RESERVED
+CVE-2020-28355
+ RESERVED
+CVE-2020-28354
+ RESERVED
+CVE-2020-28353
+ RESERVED
+CVE-2020-28352
+ RESERVED
+CVE-2020-28351 (The conferencing component on Mitel ShoreTel 19.46.1802.0 devices coul ...)
+ NOT-FOR-US: Mitel
+CVE-2020-28350 (A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates ...)
+ NOT-FOR-US: SOWA SowaSQL
+CVE-2020-28349 (** DISPUTED ** An inaccurate frame deduplication process in ChirpStack ...)
+ NOT-FOR-US: ChirpStack Network Server
+CVE-2020-28348 (HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker ...)
+ - nomad 0.10.9+dfsg1-1 (bug #976593)
+ NOTE: https://github.com/hashicorp/nomad/issues/9303
+CVE-2020-28347 (tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows rem ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-28346 (ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer ...)
+ NOT-FOR-US: ACRN
+CVE-2020-28345 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-28344 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-28343 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-28342 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-28341 (An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-28340 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-28339 (The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 fo ...)
+ NOT-FOR-US: usc-e-shop (aka Collne Welcart e-Commerce) plugin for WordPress
+CVE-2020-28338
+ RESERVED
+CVE-2020-28337 (A directory traversal issue in the Utils/Unzip module in Microweber th ...)
+ NOT-FOR-US: Microweber
+CVE-2020-28336
+ RESERVED
+CVE-2020-28335
+ RESERVED
+CVE-2020-28334 (Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 ...)
+ NOT-FOR-US: Barco wePresent WiPG-1600W devices
+CVE-2020-28333 (Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affect ...)
+ NOT-FOR-US: Barco wePresent WiPG-1600W devices
+CVE-2020-28332 (Barco wePresent WiPG-1600W devices download code without an Integrity ...)
+ NOT-FOR-US: Barco wePresent WiPG-1600W devices
+CVE-2020-28331 (Barco wePresent WiPG-1600W devices have Improper Access Control. Affec ...)
+ NOT-FOR-US: Barco wePresent WiPG-1600W devices
+CVE-2020-28330 (Barco wePresent WiPG-1600W devices have Unprotected Transport of Crede ...)
+ NOT-FOR-US: Barco wePresent WiPG-1600W devices
+CVE-2020-28329 (Barco wePresent WiPG-1600W firmware includes a hardcoded API account a ...)
+ NOT-FOR-US: Barco wePresent WiPG-1600W devices
+CVE-2020-28328 (SuiteCRM before 7.11.17 is vulnerable to remote code execution via the ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2020-28327 (A res_pjsip_session crash was discovered in Asterisk Open Source 13.x ...)
+ - asterisk 1:16.15.0~dfsg-1 (bug #974712)
+ [buster] - asterisk <no-dsa> (Minor issue)
+ [stretch] - asterisk <no-dsa> (Minor issue)
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29057
+ NOTE: http://downloads.asterisk.org/pub/security/AST-2020-001.html
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/06/1
+CVE-2020-28326
+ REJECTED
+CVE-2020-28325
+ REJECTED
+CVE-2020-28324
+ REJECTED
+CVE-2020-28323
+ REJECTED
+CVE-2020-28322
+ REJECTED
+CVE-2020-28321
+ REJECTED
+CVE-2020-28320
+ REJECTED
+CVE-2020-28319
+ REJECTED
+CVE-2020-28318
+ REJECTED
+CVE-2020-28317
+ REJECTED
+CVE-2020-28316
+ REJECTED
+CVE-2020-28315
+ REJECTED
+CVE-2020-28314
+ REJECTED
+CVE-2020-28313
+ REJECTED
+CVE-2020-28312
+ REJECTED
+CVE-2020-28311
+ REJECTED
+CVE-2020-28310
+ REJECTED
+CVE-2020-28309
+ REJECTED
+CVE-2020-28308
+ REJECTED
+CVE-2020-28307
+ REJECTED
+CVE-2020-28306
+ REJECTED
+CVE-2020-28305
+ REJECTED
+CVE-2020-28304
+ REJECTED
+CVE-2020-28303
+ REJECTED
+CVE-2020-28302
+ REJECTED
+CVE-2020-28301
+ REJECTED
+CVE-2020-28300
+ REJECTED
+CVE-2020-28299
+ REJECTED
+CVE-2020-28298
+ REJECTED
+CVE-2020-28297
+ REJECTED
+CVE-2020-28296
+ REJECTED
+CVE-2020-28295
+ REJECTED
+CVE-2020-28294
+ REJECTED
+CVE-2020-28293
+ REJECTED
+CVE-2020-28292
+ REJECTED
+CVE-2020-28291
+ REJECTED
+CVE-2020-28290
+ REJECTED
+CVE-2020-28289
+ REJECTED
+CVE-2020-28288
+ REJECTED
+CVE-2020-28287
+ REJECTED
+CVE-2020-28286
+ REJECTED
+CVE-2020-28285
+ REJECTED
+CVE-2020-28284
+ REJECTED
+CVE-2020-28283 (Prototype pollution vulnerability in 'libnested' versions 0.0.0 throug ...)
+ NOT-FOR-US: libnested
+CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0 allows ...)
+ - node-getobject 1.0.2-1
+ [bullseye] - node-getobject 0.1.0-2+deb11u1
+ [buster] - node-getobject <no-dsa> (Minor issue)
+ [stretch] - node-getobject <no-dsa> (Minor issue)
+ NOTE: https://github.com/cowboy/node-getobject/commit/84071748fa407caa8f824e0d0b9c1cde9ec56633 (v1.0.0)
+CVE-2020-28281 (Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 ...)
+ NOT-FOR-US: react-atomic-organism
+CVE-2020-28280 (Prototype pollution vulnerability in 'predefine' versions 0.0.0 throug ...)
+ NOT-FOR-US: Node predefine
+CVE-2020-28279 (Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 thro ...)
+ NOT-FOR-US: flattenizer
+CVE-2020-28278 (Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0 ...)
+ NOT-FOR-US: Node shvl
+CVE-2020-28277 (Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0 ...)
+ NOT-FOR-US: Node dset
+CVE-2020-28276 (Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through ...)
+ NOT-FOR-US: Node deep-set
+CVE-2020-28275
+ REJECTED
+CVE-2020-28274 (Prototype pollution vulnerability in 'deepref' versions 1.1.1 through ...)
+ NOT-FOR-US: Node deepref
+CVE-2020-28273 (Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2 ...)
+ NOT-FOR-US: Node set-in
+CVE-2020-28272 (Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2 ...)
+ NOT-FOR-US: Node keyget
+CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0 through ...)
+ NOT-FOR-US: Node deephas
+CVE-2020-28270 (Prototype pollution vulnerability in 'object-hierarchy-access' version ...)
+ NOT-FOR-US: Node object-hierarchy-access
+CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1 through 1. ...)
+ NOT-FOR-US: Node field
+CVE-2020-28268 (Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 ...)
+ NOT-FOR-US: Node controlled-merge
+CVE-2020-28267 (Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 ...)
+ NOT-FOR-US: Node strikeentco/set
+CVE-2020-28266
+ RESERVED
+CVE-2020-28265
+ RESERVED
+CVE-2020-28264
+ RESERVED
+CVE-2020-28263
+ RESERVED
+CVE-2020-28262
+ RESERVED
+CVE-2020-28261
+ RESERVED
+CVE-2020-28260
+ RESERVED
+CVE-2020-28259
+ RESERVED
+CVE-2020-28258
+ RESERVED
+CVE-2020-28257
+ RESERVED
+CVE-2020-28256
+ RESERVED
+CVE-2020-28255
+ RESERVED
+CVE-2020-28254
+ RESERVED
+CVE-2020-28253
+ RESERVED
+CVE-2020-28252
+ RESERVED
+CVE-2020-28251 (NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sen ...)
+ NOT-FOR-US: NETSCOUT AirMagnet Enterprise
+CVE-2020-28250 (Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user ...)
+ NOT-FOR-US: Cellinx NVT Web Server
+CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. ...)
+ NOT-FOR-US: Joplin
+CVE-2020-28248 (An integer overflow in the PngImg::InitStorage_() function of png-img ...)
+ NOT-FOR-US: png-img
+CVE-2020-28247 (The lettre library through 0.10.0-alpha for Rust allows arbitrary send ...)
+ NOT-FOR-US: Node lettre
+CVE-2020-28246
+ RESERVED
+CVE-2020-28245
+ RESERVED
+CVE-2020-28244
+ RESERVED
+CVE-2020-28243 (An issue was discovered in SaltStack Salt before 3002.5. The minion's ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: Introduced by: https://github.com/saltstack/salt/commit/e02df6fd3ceb605a58e4ac75c06077f52963187a (v2016.3)
+ NOTE: Fixed by: https://github.com/saltstack/salt/commit/61dd6d178b1dae0a1bf884bcd1149003281f8194 (v3002.3)
+ NOTE: Follow-up: https://github.com/saltstack/salt/commit/777ffe612e612fb443018c1d7983d4abe4632bb2 (v3002.6)
+ NOTE: Follow-up doc: https://github.com/saltstack/salt/commit/903cfdcf6863b288fa41549bd991da6049962f54 (next commit)
+CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...)
+ - asterisk 1:16.15.0~dfsg-1 (bug #974713)
+ [buster] - asterisk <no-dsa> (Minor issue)
+ [stretch] - asterisk <no-dsa> (Minor issue)
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29013
+ NOTE: http://downloads.asterisk.org/pub/security/AST-2020-002.html
+CVE-2020-28241 (libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_en ...)
+ {DLA-2445-1}
+ - libmaxminddb 1.4.3-1 (bug #973878)
+ [buster] - libmaxminddb 1.3.2-1+deb10u1
+ NOTE: https://github.com/maxmind/libmaxminddb/issues/236
+ NOTE: https://github.com/maxmind/libmaxminddb/pull/237
+CVE-2020-28240
+ RESERVED
+CVE-2020-28239
+ RESERVED
+CVE-2020-28238
+ RESERVED
+CVE-2020-28237
+ RESERVED
+CVE-2020-28236
+ RESERVED
+CVE-2020-28235
+ RESERVED
+CVE-2020-28234
+ RESERVED
+CVE-2020-28233
+ RESERVED
+CVE-2020-28232
+ RESERVED
+CVE-2020-28231
+ RESERVED
+CVE-2020-28230
+ RESERVED
+CVE-2020-28229
+ RESERVED
+CVE-2020-28228
+ RESERVED
+CVE-2020-28227
+ RESERVED
+CVE-2020-28226
+ RESERVED
+CVE-2020-28225
+ RESERVED
+CVE-2020-28224
+ RESERVED
+CVE-2020-28223
+ RESERVED
+CVE-2020-28222
+ RESERVED
+CVE-2020-28221 (A CWE-20: Improper Input Validation vulnerability exists in EcoStruxur ...)
+ NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
+CVE-2020-28220 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
+ NOT-FOR-US: Modicon
+CVE-2020-28219 (A CWE-522: Insufficiently Protected Credentials vulnerability exists i ...)
+ NOT-FOR-US: EcoStruxure Geo SCADA Expert
+CVE-2020-28218 (A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulne ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-28217 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists i ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-28216 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists i ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-28215 (A CWE-862: Missing Authorization vulnerability exists in Easergy T300 ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-28214 (A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability ...)
+ NOT-FOR-US: Modicon
+CVE-2020-28213 (A CWE-494: Download of Code Without Integrity Check vulnerability exis ...)
+ NOT-FOR-US: EcoStruxure Control Expert
+CVE-2020-28212 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...)
+ NOT-FOR-US: EcoStruxure Control Expert
+CVE-2020-28211 (A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulat ...)
+ NOT-FOR-US: EcoStruxure Control Expert
+CVE-2020-28210 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...)
+ NOT-FOR-US: EcoStruxure Building Operation WebStation
+CVE-2020-28209 (A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStru ...)
+ NOT-FOR-US: EcoStruxure Building Operation Enterprise Server installer
+CVE-2020-28208 (An email address enumeration vulnerability exists in the password rese ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2020-28207
+ RESERVED
+CVE-2020-28206 (An issue was discovered in Bitrix24 Bitrix Framework (1c site manageme ...)
+ NOT-FOR-US: Bitrix24 Bitrix Framework
+CVE-2020-28205
+ RESERVED
+CVE-2020-28204
+ RESERVED
+CVE-2020-28203 (An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 an ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-28202
+ RESERVED
+CVE-2020-28201
+ RESERVED
+CVE-2020-28200 (The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource ...)
+ - dovecot 1:2.3.16+dfsg1-1 (bug #990566; bug #991323)
+ [bullseye] - dovecot <postponed> (Minor issue, fix along with next update)
+ [buster] - dovecot <postponed> (Minor issue, fix along with next update)
+ [stretch] - dovecot <no-dsa> (Minor issue)
+ NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/3
+CVE-2020-28199 (best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive ...)
+ NOT-FOR-US: Amazon Pay Plugin for Shopware
+CVE-2020-28198 (** UNSUPPORTED WHEN ASSIGNED ** The 'id' parameter of IBM Tivoli Stora ...)
+ NOT-FOR-US: IBM
+CVE-2020-28197
+ RESERVED
+CVE-2020-28196 (MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow ...)
+ {DSA-4795-1 DLA-2437-1}
+ [experimental] - krb5 1.18.2-1
+ - krb5 1.18.3-1 (bug #973880)
+ NOTE: https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd
+CVE-2020-28195
+ RESERVED
+CVE-2020-28194 (Variable underflow exists in accel-ppp radius/packet.c when receiving ...)
+ NOT-FOR-US: ACCEL-PPP
+CVE-2020-28193
+ RESERVED
+CVE-2020-28192
+ RESERVED
+CVE-2020-28191
+ RESERVED
+CVE-2020-28190 (TerraMaster TOS &lt;= 4.2.06 was found to check for updates (of both s ...)
+ NOT-FOR-US: TerraMaster TOS
+CVE-2020-28189
+ REJECTED
+CVE-2020-28188 (Remote Command Execution (RCE) vulnerability in TerraMaster TOS &lt;= ...)
+ NOT-FOR-US: TerraMaster TOS
+CVE-2020-28187 (Multiple directory traversal vulnerabilities in TerraMaster TOS &lt;= ...)
+ NOT-FOR-US: TerraMaster TOS
+CVE-2020-28186 (Email Injection in TerraMaster TOS &lt;= 4.2.06 allows remote unauthen ...)
+ NOT-FOR-US: TerraMaster TOS
+CVE-2020-28185 (User Enumeration vulnerability in TerraMaster TOS &lt;= 4.2.06 allows ...)
+ NOT-FOR-US: TerraMaster TOS
+CVE-2020-28184 (Cross-site scripting (XSS) vulnerability in TerraMaster TOS &lt;= 4.2. ...)
+ NOT-FOR-US: TerraMaster TOS
+CVE-2020-28183 (SQL injection vulnerability in SourceCodester Water Billing System 1.0 ...)
+ NOT-FOR-US: SourceCodester Water Billing System
+CVE-2020-28182
+ RESERVED
+CVE-2020-28181
+ RESERVED
+CVE-2020-28180
+ RESERVED
+CVE-2020-28179
+ RESERVED
+CVE-2020-28178
+ RESERVED
+CVE-2020-28177
+ RESERVED
+CVE-2020-28176
+ RESERVED
+CVE-2020-28175 (There is a local privilege escalation vulnerability in Alfredo Milani ...)
+ NOT-FOR-US: Alfredo Milani Comparetti SpeedFan
+CVE-2020-28174
+ RESERVED
+CVE-2020-28173 (Simple College Website 1.0 allows a user to conduct remote code execut ...)
+ NOT-FOR-US: Simple College Website
+CVE-2020-28172 (A SQL injection vulnerability in Simple College Website 1.0 allows rem ...)
+ NOT-FOR-US: Simple College Website
+CVE-2020-28171
+ RESERVED
+CVE-2020-28170
+ RESERVED
+CVE-2020-28169 (The td-agent-builder plugin before 2020-12-18 for Fluentd allows attac ...)
+ NOT-FOR-US: Fluentd plugin
+CVE-2020-28168 (Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) ...)
+ - node-axios 0.21.1+dfsg-1 (bug #975305)
+ [buster] - node-axios <no-dsa> (Minor issue)
+ NOTE: https://github.com/axios/axios/issues/3369
+CVE-2020-28167
+ RESERVED
+CVE-2020-28166
+ RESERVED
+CVE-2020-28165 (The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary f ...)
+ NOT-FOR-US: EasyCorp ZenTao PMS
+CVE-2020-28164
+ RESERVED
+CVE-2020-28163
+ RESERVED
+ - dwarfutils 20201201-1
+ [buster] - dwarfutils <ignored> (Minor issue)
+ [stretch] - dwarfutils <ignored> (Minor issue)
+ NOTE: https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3
+ NOTE: https://www.prevanders.net/dwarfbug.html#DW202010-003
+CVE-2020-28162
+ RESERVED
+CVE-2020-28161
+ RESERVED
+CVE-2020-28160
+ RESERVED
+CVE-2020-28159
+ RESERVED
+CVE-2020-28158
+ RESERVED
+CVE-2020-28157
+ RESERVED
+CVE-2020-28156
+ RESERVED
+CVE-2020-28155
+ RESERVED
+CVE-2020-28154
+ RESERVED
+CVE-2020-28153
+ RESERVED
+CVE-2020-28152
+ RESERVED
+CVE-2020-28151
+ RESERVED
+CVE-2020-28150 (I-Net Software Clear Reports 20.10.136 web application accepts a user- ...)
+ NOT-FOR-US: I-Net Software Clear Reports
+CVE-2020-28149 (myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impac ...)
+ NOT-FOR-US: myDBR
+CVE-2020-28148
+ RESERVED
+CVE-2020-28147
+ RESERVED
+CVE-2020-28146 (Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and ...)
+ NOT-FOR-US: Eyoucms
+CVE-2020-28145 (Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0 ...)
+ NOT-FOR-US: wuzhicms
+CVE-2020-28144 (Certain Moxa Inc products are affected by an improper restriction of o ...)
+ NOT-FOR-US: Moxa
+CVE-2020-28143
+ RESERVED
+CVE-2020-28142
+ RESERVED
+CVE-2020-28141 (The messaging subsystem in the Online Discussion Forum 1.0 is vulnerab ...)
+ NOT-FOR-US: Online Discussion Forum
+CVE-2020-28140 (SourceCodester Online Clothing Store 1.0 is affected by an arbitrary f ...)
+ NOT-FOR-US: SourceCodester Online Clothing Store
+CVE-2020-28139 (SourceCodester Online Clothing Store 1.0 is affected by a cross-site s ...)
+ NOT-FOR-US: SourceCodester Online Clothing Store
+CVE-2020-28138 (SourceCodester Online Clothing Store 1.0 is affected by a SQL Injectio ...)
+ NOT-FOR-US: SourceCodester Online Clothing Store
+CVE-2020-28137 (Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, al ...)
+ NOT-FOR-US: Genexis Platinum
+CVE-2020-28136 (An Arbitrary File Upload is discovered in SourceCodester Tourism Manag ...)
+ NOT-FOR-US: SourceCodester Tourism Management System
+CVE-2020-28135
+ RESERVED
+CVE-2020-28134
+ RESERVED
+CVE-2020-28133 (An issue was discovered in SourceCodester Simple Grocery Store Sales A ...)
+ NOT-FOR-US: SourceCodester Simple Grocery Store Sales And Inventory System
+CVE-2020-28132
+ RESERVED
+CVE-2020-28131
+ RESERVED
+CVE-2020-28130 (An Arbitrary File Upload in the Upload Image component in SourceCodest ...)
+ NOT-FOR-US: SourceCodester Online Library Management System
+CVE-2020-28129 (Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym ...)
+ NOT-FOR-US: SourceCodester Gym Management System
+CVE-2020-28128
+ RESERVED
+CVE-2020-28127
+ RESERVED
+CVE-2020-28126
+ RESERVED
+CVE-2020-28125
+ RESERVED
+CVE-2020-28124 (Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. ...)
+ NOT-FOR-US: LavaLite
+CVE-2020-28123
+ RESERVED
+CVE-2020-28122
+ RESERVED
+CVE-2020-28121
+ RESERVED
+CVE-2020-28120
+ RESERVED
+CVE-2020-28119 (Cross site scripting vulnerability in 53KF &lt; 2.0.0.2 that allows fo ...)
+ NOT-FOR-US: 53KF
+CVE-2020-28118
+ RESERVED
+CVE-2020-28117
+ RESERVED
+CVE-2020-28116
+ RESERVED
+CVE-2020-28115 (SQL Injection vulnerability in "Documents component" found in AudimexE ...)
+ NOT-FOR-US: AudimexEE
+CVE-2020-28114
+ RESERVED
+CVE-2020-28113
+ RESERVED
+CVE-2020-28112
+ RESERVED
+CVE-2020-28111
+ RESERVED
+CVE-2020-28110
+ RESERVED
+CVE-2020-28109
+ RESERVED
+CVE-2020-28108
+ RESERVED
+CVE-2020-28107
+ RESERVED
+CVE-2020-28106
+ RESERVED
+CVE-2020-28105
+ RESERVED
+CVE-2020-28104
+ RESERVED
+CVE-2020-28103 (cscms v4.1 allows for SQL injection via the "page_del" function. ...)
+ NOT-FOR-US: cscms
+CVE-2020-28102 (cscms v4.1 allows for SQL injection via the "js_del" function. ...)
+ NOT-FOR-US: cscms
+CVE-2020-28101
+ RESERVED
+CVE-2020-28100
+ RESERVED
+CVE-2020-28099
+ RESERVED
+CVE-2020-28098
+ RESERVED
+CVE-2020-28097 (The vgacon subsystem in the Linux kernel before 5.8.10 mishandles soft ...)
+ - linux 5.8.10-1
+ [buster] - linux 4.19.146-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/1
+CVE-2020-28096 (FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART acc ...)
+ NOT-FOR-US: FOSCAM FHD
+CVE-2020-28095 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP PO ...)
+ NOT-FOR-US: Tenda
+CVE-2020-28094 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default set ...)
+ NOT-FOR-US: Tenda
+CVE-2020-28093 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, ...)
+ NOT-FOR-US: Tenda
+CVE-2020-28092 (PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=T ...)
+ NOT-FOR-US: PESCMS Team
+CVE-2020-28091 (cxuucms v3 has a SQL injection vulnerability, which can lead to the le ...)
+ NOT-FOR-US: cxuucms
+CVE-2020-28090
+ RESERVED
+CVE-2020-28089
+ RESERVED
+CVE-2020-28088 (An arbitrary file upload vulnerability in /jeecg-boot/sys/common/uploa ...)
+ NOT-FOR-US: jeecg-boot CMS
+CVE-2020-28087 (A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of ...)
+ NOT-FOR-US: jeecg-boot CMS
+CVE-2020-28086 (pass through 1.7.3 has a possibility of using a password for an uninte ...)
+ - password-store <unfixed> (unimportant)
+ NOTE: https://lists.zx2c4.com/pipermail/password-store/2014-March/000498.html
+ NOTE: Negligible security impact, where needed signing commits can be a solution, and
+ NOTE: possible since https://git.zx2c4.com/password-store/commit/?id=9ef311d868248682a11c8cb8c0177bc9949be7b9
+CVE-2020-28085
+ RESERVED
+CVE-2020-28084
+ RESERVED
+CVE-2020-28083
+ RESERVED
+CVE-2020-28082
+ RESERVED
+CVE-2020-28081
+ RESERVED
+CVE-2020-28080
+ RESERVED
+CVE-2020-28079
+ RESERVED
+CVE-2020-28078
+ RESERVED
+CVE-2020-28077
+ RESERVED
+CVE-2020-28076
+ RESERVED
+CVE-2020-28075
+ RESERVED
+CVE-2020-28074 (SourceCodester Online Health Care System 1.0 is affected by SQL Inject ...)
+ NOT-FOR-US: SourceCodester Online Health Care System
+CVE-2020-28073 (SourceCodester Library Management System 1.0 is affected by SQL Inject ...)
+ NOT-FOR-US: SourceCodester Library Management System
+CVE-2020-28072 (A Remote Code Execution vulnerability exists in DourceCodester Alumni ...)
+ NOT-FOR-US: DourceCodester Alumni Management System
+CVE-2020-28071 (SourceCodester Alumni Management System 1.0 is affected by cross-site ...)
+ NOT-FOR-US: SourceCodester Alumni Management System
+CVE-2020-28070 (SourceCodester Alumni Management System 1.0 is affected by SQL injecti ...)
+ NOT-FOR-US: SourceCodester Alumni Management System
+CVE-2020-28069
+ RESERVED
+CVE-2020-28068
+ RESERVED
+CVE-2020-28067
+ RESERVED
+CVE-2020-28066
+ RESERVED
+CVE-2020-28065
+ RESERVED
+CVE-2020-28064
+ RESERVED
+CVE-2020-28063 (A file upload issue exists in all versions of ArticleCMS which allows ...)
+ NOT-FOR-US: ArticleCMS
+CVE-2020-28062
+ RESERVED
+CVE-2020-28061
+ RESERVED
+CVE-2020-28060
+ RESERVED
+CVE-2020-28059
+ RESERVED
+CVE-2020-28058
+ RESERVED
+CVE-2020-28057
+ RESERVED
+CVE-2020-28056
+ RESERVED
+CVE-2020-28055 (A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 ...)
+ NOT-FOR-US: TCL Android Smart TV series
+CVE-2020-28054 (JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to a ...)
+ NOT-FOR-US: JamoDat TSMManager Collector
+CVE-2020-28053 (HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed opera ...)
+ - consul 1.8.6+dfsg1-1 (bug #975584)
+ [buster] - consul <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/hashicorp/consul/issues/9240
+ NOTE: https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020
+CVE-2020-28052 (An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 an ...)
+ - bouncycastle 1.65-2 (bug #977683)
+ [buster] - bouncycastle <not-affected> (Vulnerability introduced later)
+ [stretch] - bouncycastle <not-affected> (Vulnerability introduced later)
+ NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2020-28052
+ NOTE: https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/
+ NOTE: Introduced in: https://github.com/bcgit/bc-java/commit/00dfe74aeb4f6300dd56b34b5e6986ce6658617e (r1rv65)
+ NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219 (r1rv67)
+CVE-2020-28051
+ RESERVED
+CVE-2020-28050 (Zoho ManageEngine Desktop Central before build 10.0.647 allows a singl ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2020-28049 (An issue was discovered in SDDM before 0.19.0. It incorrectly starts t ...)
+ {DSA-4783-1 DLA-2436-1}
+ - sddm 0.19.0-1 (bug #973748)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/2
+ NOTE: https://github.com/sddm/sddm/commit/be202f533ab98a684c6a007e8d5b4357846bc222
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1177201
+CVE-2020-28048
+ RESERVED
+CVE-2020-28047 (AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scr ...)
+ NOT-FOR-US: AudimexEE
+CVE-2020-27347 (In tmux before version 3.1c the function input_csi_dispatch_sgr_colon( ...)
+ - tmux 3.1c-1
+ [buster] - tmux <not-affected> (Vulnerable code introduced later)
+ [stretch] - tmux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openbsd.org/errata68.html (003: SECURITY FIX: October 29, 2020)
+ NOTE: Introduced by: https://github.com/tmux/tmux/commit/4e3d6612845e190a490f40cce79c858dadaee74b (2.9)
+ NOTE: Fixed by: https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/05/3
+CVE-2020-28046 (An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker ...)
+ NOT-FOR-US: ProlinOS
+CVE-2020-28045 (An unsigned-library issue was discovered in ProlinOS through 2.4.161.8 ...)
+ NOT-FOR-US: ProlinOS
+CVE-2020-28044 (An attacker with physical access to a PAX Point Of Sale device with Pr ...)
+ NOT-FOR-US: ProlinOS
+CVE-2020-28043 (MISP through 2.4.133 allows SSRF in the REST client via the use_full_p ...)
+ NOT-FOR-US: MISP
+CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT signature verification unless ...)
+ NOT-FOR-US: ServiceStack
+CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a theme's backg ...)
+ {DSA-4784-1 DLA-2429-1}
+ - wordpress 5.5.3+dfsg1-1 (bug #973562)
+ NOTE: https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html
+ NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+CVE-2020-28039 (is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 al ...)
+ {DSA-4784-1 DLA-2429-1}
+ - wordpress 5.5.3+dfsg1-1 (bug #973562)
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad
+ NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+ NOTE: https://wpscan.com/vulnerability/10452
+CVE-2020-28038 (WordPress before 5.5.2 allows stored XSS via post slugs. ...)
+ {DSA-4784-1 DLA-2429-1}
+ - wordpress 5.5.3+dfsg1-1 (bug #973562)
+ NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+CVE-2020-28037 (is_blog_installed in wp-includes/functions.php in WordPress before 5.5 ...)
+ {DSA-4784-1 DLA-2429-1}
+ - wordpress 5.5.3+dfsg1-1 (bug #973562)
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c
+ NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+ NOTE: https://wpscan.com/vulnerability/10450
+CVE-2020-28036 (wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allow ...)
+ {DSA-4784-1 DLA-2429-1}
+ - wordpress 5.5.3+dfsg1-1 (bug #973562)
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32
+ NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+ NOTE: https://wpscan.com/vulnerability/10449
+CVE-2020-28035 (WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC ...)
+ {DSA-4784-1 DLA-2429-1}
+ - wordpress 5.5.3+dfsg1-1 (bug #973562)
+ NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+CVE-2020-28034 (WordPress before 5.5.2 allows XSS associated with global variables. ...)
+ {DSA-4784-1 DLA-2429-1}
+ - wordpress 5.5.3+dfsg1-1 (bug #973562)
+ NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+CVE-2020-28033 (WordPress before 5.5.2 mishandles embeds from disabled sites on a mult ...)
+ {DSA-4784-1 DLA-2429-1}
+ - wordpress 5.5.3+dfsg1-1 (bug #973562)
+ NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+CVE-2020-28032 (WordPress before 5.5.2 mishandles deserialization requests in wp-inclu ...)
+ {DSA-4784-1 DLA-2429-1}
+ - wordpress 5.5.3+dfsg1-1 (bug #973562)
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3
+ NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+ NOTE: https://wpscan.com/vulnerability/10446
+CVE-2020-28031 (eramba through c2.8.1 allows HTTP Host header injection with (for exam ...)
+ NOT-FOR-US: eramba
+CVE-2020-28030 (In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was ...)
+ {DLA-2547-1}
+ - wireshark 3.2.8-0.1 (bug #974689)
+ [buster] - wireshark 2.6.20-0+deb10u1
+ NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c257c5d87d16b9b
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16887
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-15.html
+CVE-2020-28029
+ RESERVED
+CVE-2020-28028
+ RESERVED
+CVE-2020-28027
+ RESERVED
+CVE-2020-28026 (Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, r ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28025 (Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bo ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: Introduced by: https://git.exim.org/exim.git/commit/80a47a2c9633437d4ceebd214cd44abfbd4f4543 (exim-4_70_RC3)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28024 (Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unaut ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28023 (Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may dis ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: Introduced by: https://git.exim.org/exim.git/commit/18481de384caecff421f23f715be916403f5d0ee (exim-4_88_RC1)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28022 (Exim 4 before 4.94.2 has Improper Restriction of Write Operations with ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: Introduced by: https://git.exim.org/exim.git/commit/d7a2c8337f7b615763d4429ab27653862756b6fb (exim-4_89_RC1)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28021 (Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. A ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28020 (Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in whic ...)
+ {DLA-2650-1}
+ - exim4 4.92~RC5-1
+ NOTE: Fixed by: https://git.exim.org/exim.git/commit/56ac062a3ff94fc4e1bbfc2293119c079a4e980b (exim-4.92-RC5)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28019 (Exim 4 before 4.94.2 has Improper Initialization that can lead to recu ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: Introduced by: https://git.exim.org/exim.git/commit/7e3ce68e68ab9b8906a637d352993abf361554e2 (exim-4_88_RC1)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28018 (Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain si ...)
+ - exim4 4.94.2-1 (unimportant)
+ [buster] - exim4 4.92-8+deb10u6
+ [stretch] - exim4 <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://git.exim.org/exim.git/commit/a5ffa9b475a426bc73366db01f7cc92a3811bc3a (exim-4_90_RC1)
+ NOTE: Debian Exim is built with GnuTLS, not OpenSSL.
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28017 (Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in rec ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28016 (Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because ...)
+ - exim4 4.94.2-1
+ [buster] - exim4 <not-affected> (Vulnerable code introduced later)
+ [stretch] - exim4 <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://git.exim.org/exim.git/commit/3c90bbcdc7cf73298156f7bcd5f5e750e7814e72
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28015 (Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. L ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28014 (Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28013 (Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mish ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28012 (Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28011 (Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run vi ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28010 (Exim 4 before 4.94.2 allows Out-of-bounds Write because the main funct ...)
+ {DSA-4912-1}
+ - exim4 4.94.2-1
+ [stretch] - exim4 <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://git.exim.org/exim.git/commit/805fd869d551c36d1d77ab2b292a7008d643ca79 (exim-4.92-RC1)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28009 (Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow becaus ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28008 (Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Bec ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-28007 (Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Bec ...)
+ {DSA-4912-1 DLA-2650-1}
+ - exim4 4.94.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2020-25692 (A NULL pointer dereference was found in OpenLDAP server and was fixed ...)
+ {DSA-4782-1 DLA-2425-1}
+ - openldap 2.4.55+dfsg-1
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9370
+ NOTE: https://git.openldap.org/openldap/openldap/-/commit/4c774220a752bf8e3284984890dc0931fe73165d
+CVE-2020-28006
+ RESERVED
+CVE-2020-28005 (httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) al ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-28004
+ RESERVED
+CVE-2020-28003
+ RESERVED
+CVE-2020-28002 (In SonarQube 8.4.2.36762, an external attacker can achieve authenticat ...)
+ NOT-FOR-US: SonarQube
+CVE-2020-28001 (SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-28000
+ RESERVED
+CVE-2020-27999
+ RESERVED
+CVE-2020-27998 (An issue was discovered in FastReport before 2020.4.0. It lacks a Scri ...)
+ NOT-FOR-US: FastReport
+CVE-2020-27997 (An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross S ...)
+ NOT-FOR-US: SmartStoreNET
+CVE-2020-27996 (An issue was discovered in SmartStoreNET before 4.0.1. It does not pro ...)
+ NOT-FOR-US: SmartStoreNET
+CVE-2020-27995 (SQL Injection in Zoho ManageEngine Applications Manager 14 before 1456 ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2020-27994 (SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Travers ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-27993 (Hrsale 2.0.0 allows download?type=files&amp;filename=../ directory tra ...)
+ NOT-FOR-US: Hrsale
+CVE-2020-27992 (Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse ...)
+ NOT-FOR-US: Dr.Fone
+CVE-2020-27991 (Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Em ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-27990 (Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (ad ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-27989 (Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit D ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-27988 (Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-27987
+ RESERVED
+CVE-2020-27986 (** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discov ...)
+ NOT-FOR-US: SonarQube
+CVE-2020-27985 (Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, ...)
+ NOT-FOR-US: Security Onion
+CVE-2020-27984
+ RESERVED
+CVE-2020-27983
+ RESERVED
+CVE-2020-27982 (IceWarp 11.4.5.0 allows XSS via the language parameter. ...)
+ NOT-FOR-US: IceWarp Webmail Server
+CVE-2020-27981
+ REJECTED
+CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WL ...)
+ NOT-FOR-US: Genexis Platinum-4410 P4410-V2-1.28 devices
+CVE-2020-27979
+ RESERVED
+CVE-2020-27978 (Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service ...)
+ NOT-FOR-US: Shibboleth Identify Provider (Debian only packages the SP)
+CVE-2020-27977 (CapaSystems CapaInstaller before 6.0.101 does not properly assign, mod ...)
+ NOT-FOR-US: CapaSystems CapaInstaller
+CVE-2020-27976 (osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remot ...)
+ NOT-FOR-US: osCommerce Phoenix CE
+CVE-2020-27975 (osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php ...)
+ NOT-FOR-US: osCommerce Phoenix CE
+CVE-2020-27974 (NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_B ...)
+ NOT-FOR-US: NeoPost Mail Accounting Software Pro
+CVE-2020-27973
+ RESERVED
+CVE-2020-27972
+ RESERVED
+CVE-2020-27971
+ RESERVED
+CVE-2020-27970 (Yandex Browser before 20.10.0 allows remote attackers to spoof the add ...)
+ NOT-FOR-US: Yandex Browser
+CVE-2020-27969 (Yandex Browser for Android 20.8.4 allows remote attackers to perform S ...)
+ NOT-FOR-US: Yandex Browser
+CVE-2020-27968
+ RESERVED
+CVE-2020-27967
+ RESERVED
+CVE-2020-27966
+ RESERVED
+CVE-2020-27965
+ RESERVED
+CVE-2020-27964
+ RESERVED
+CVE-2020-27963
+ RESERVED
+CVE-2020-27962
+ RESERVED
+CVE-2020-27961
+ RESERVED
+CVE-2020-27960
+ RESERVED
+CVE-2020-27959
+ RESERVED
+CVE-2020-27958
+ RESERVED
+CVE-2020-27957 (The RandomGameUnit extension for MediaWiki through 1.35 was not proper ...)
+ NOT-FOR-US: MediaWiki extension
+CVE-2020-27956 (An Arbitrary File Upload in the Upload Image component in SourceCodest ...)
+ NOT-FOR-US: SourceCodester Car Rental Management System
+CVE-2020-27955 (Git LFS 2.12.0 allows Remote Code Execution. ...)
+ - git-lfs <not-affected> (Windows-specific)
+ NOTE: https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html
+CVE-2020-27954
+ RESERVED
+CVE-2020-27953
+ RESERVED
+CVE-2020-27952 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-27951 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-27950 (A memory initialization issue was addressed. This issue is fixed in ma ...)
+ NOT-FOR-US: Apple
+CVE-2020-27949 (This issue was addressed with improved checks to prevent unauthorized ...)
+ NOT-FOR-US: Apple
+CVE-2020-27948 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-27947 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-27946 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2020-27945 (An integer overflow was addressed with improved input validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2020-27944 (A memory corruption issue existed in the processing of font files. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-27943 (A memory corruption issue existed in the processing of font files. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-27942 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-27941 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2020-27940 (This issue was addressed with improved file handling. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2020-27939 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-27938 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-27937 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-27936 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
+ NOT-FOR-US: Apple
+CVE-2020-27935 (Multiple issues were addressed with improved logic. This issue is fixe ...)
+ NOT-FOR-US: Apple
+CVE-2020-27934
+ RESERVED
+CVE-2020-27933 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-27932 (A type confusion issue was addressed with improved state handling. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-27931 (A memory corruption issue existed in the processing of font files. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-27930 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-27929 (A logic issue existed in the handling of Group FaceTime calls. The iss ...)
+ NOT-FOR-US: Apple
+CVE-2020-27928
+ RESERVED
+CVE-2020-27927 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-27926 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-27925 (An issue existed in the handling of incoming calls. The issue was addr ...)
+ NOT-FOR-US: Apple
+CVE-2020-27924 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-27923 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-27922 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-27921 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2020-27920 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-27919 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-27918 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2020-27917 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-27916 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-27915 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-27914 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-27913
+ RESERVED
+CVE-2020-27912 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-27911 (An integer overflow was addressed through improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-27910 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-27909 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-27908 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-27907 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2020-27906 (Multiple integer overflows were addressed with improved input validati ...)
+ NOT-FOR-US: Apple
+CVE-2020-27905 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2020-27904 (A logic issue existed resulting in memory corruption. This was address ...)
+ NOT-FOR-US: Apple
+CVE-2020-27903 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ NOT-FOR-US: Apple
+CVE-2020-27902 (An authentication issue was addressed with improved state management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-27901 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-27900 (An issue existed in the handling of snapshots. The issue was resolved ...)
+ NOT-FOR-US: Apple
+CVE-2020-27899 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-27898 (A denial of service issue was addressed with improved state handling. ...)
+ NOT-FOR-US: Apple
+CVE-2020-27897 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-27896 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2020-27895 (An information disclosure issue existed in the transition of program s ...)
+ NOT-FOR-US: Apple
+CVE-2020-27894 (The issue was addressed with additional user controls. This issue is f ...)
+ NOT-FOR-US: Apple
+CVE-2020-27893 (An issue existed in screen sharing. This issue was addressed with impr ...)
+ NOT-FOR-US: Apple
+CVE-2020-27892 (The Zigbee protocol implementation on Texas Instruments CC2538 devices ...)
+ NOT-FOR-US: Texas Instruments CC2538 devices
+CVE-2020-27891 (The Zigbee protocol implementation on Texas Instruments CC2538 devices ...)
+ NOT-FOR-US: Texas Instruments CC2538 devices
+CVE-2020-27890 (The Zigbee protocol implementation on Texas Instruments CC2538 devices ...)
+ NOT-FOR-US: Texas Instruments CC2538 devices
+CVE-2020-27889
+ RESERVED
+CVE-2020-27888 (An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC- ...)
+ NOT-FOR-US: Ubiquiti
+CVE-2020-27887 (An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authent ...)
+ NOT-FOR-US: EyesOfNetwork (EON)
+CVE-2020-27886 (An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. T ...)
+ NOT-FOR-US: EyesOfNetwork (EON)
+CVE-2020-27885 (Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By ...)
+ NOT-FOR-US: WSO2 API Manager
+CVE-2020-27884
+ RESERVED
+CVE-2020-27883
+ RESERVED
+CVE-2020-27882
+ RESERVED
+CVE-2020-27881
+ RESERVED
+CVE-2020-27880
+ RESERVED
+CVE-2020-27879
+ RESERVED
+CVE-2020-27878
+ RESERVED
+CVE-2020-27877
+ RESERVED
+CVE-2020-27876
+ RESERVED
+CVE-2020-27875
+ RESERVED
+CVE-2020-27874 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: WeChat
+CVE-2020-27873 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ NOT-FOR-US: Netgear
+CVE-2020-27872 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
+CVE-2020-27871 (This vulnerability allows remote attackers to create arbitrary files o ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-27870 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-27869 (This vulnerability allows remote attackers to escalate privileges on a ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-27868 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Qognify
+CVE-2020-27867 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2020-27866 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
+CVE-2020-27865 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2020-27864 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2020-27863 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ NOT-FOR-US: D-Link
+CVE-2020-27862 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2020-27861 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2020-27860 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-27859 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: NEC ESMPRO Manager
+CVE-2020-27858 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CA Arcserve
+CVE-2020-27857 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-27856 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-27855 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-27854
+ RESERVED
+CVE-2020-27853 (Wire before 2020-10-16 allows remote attackers to cause a denial of se ...)
+ NOT-FOR-US: Wire app
+CVE-2020-27852 (A stored Cross-Site Scripting (XSS) vulnerability in the survey featur ...)
+ NOT-FOR-US: Rocketgenius Gravity Forms
+CVE-2020-27851 (Multiple stored HTML injection vulnerabilities in the "poll" and "quiz ...)
+ NOT-FOR-US: Rocketgenius Gravity Forms
+CVE-2020-27850 (A stored Cross-Site Scripting (XSS) vulnerability in forms import feat ...)
+ NOT-FOR-US: Rocketgenius Gravity Forms
+CVE-2020-27849
+ RESERVED
+CVE-2020-27848 (dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /ap ...)
+ NOT-FOR-US: dotCMS
+CVE-2020-27847 (A vulnerability exists in the SAML connector of the github.com/dexidp/ ...)
+ NOT-FOR-US: github.com/dexidp/dex
+CVE-2020-27846 (A signature verification vulnerability exists in crewjam/saml. This fl ...)
+ NOT-FOR-US: github.com/crewjam/saml
+CVE-2020-27845 (There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior t ...)
+ {DSA-4882-1 DLA-2550-1}
+ - openjpeg2 2.4.0-1
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1302
+ NOTE: https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63 (v2.4.0)
+CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior ...)
+ - openjpeg2 <not-affected> (Vulnerable code introduced and fixed in 2.4.0)
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1299
+ NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296 (v2.4.0)
+ NOTE: Introduced by: https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5
+CVE-2020-27843 (A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw all ...)
+ {DSA-4882-1}
+ - openjpeg2 2.4.0-1 (bug #983663)
+ [stretch] - openjpeg2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1297
+ NOTE: Partial fix (preventing the out of bounds access): https://github.com/uclouvain/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121 (2.4.0)
+CVE-2020-27842 (There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An ...)
+ {DSA-4882-1}
+ - openjpeg2 2.4.0-1
+ [stretch] - openjpeg2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1294
+CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openj ...)
+ {DSA-4882-1 DLA-2550-1}
+ - openjpeg2 2.4.0-1
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1293
+ NOTE: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce (v2.4.0)
+CVE-2020-27840 (A flaw was found in samba. Spaces used in a string around a domain nam ...)
+ {DSA-4884-1 DLA-2611-1}
+ - ldb 2:2.2.0-3.1 (bug #985936)
+ - samba <unfixed> (unimportant)
+ NOTE: https://www.samba.org/samba/security/CVE-2020-27840.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14595
+ NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=1996b79f376b459bb964a6344ca5f264e7d6e2ec
+ NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=dbb3e65f7e382adf5fa6a6afb3d8684aca3f201a
+ NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9532c44baea130db74f866e1472cb871936cd3dd
+ NOTE: Samba uses the System ldb library
+CVE-2020-27839 (A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for ...)
+ - ceph 14.2.18-1 (bug #985670)
+ [buster] - ceph <no-dsa> (Minor issue)
+ [stretch] - ceph <not-affected> (dashboard introduced in 12.1.0)
+ NOTE: https://tracker.ceph.com/issues/44591
+ NOTE: https://github.com/ceph/ceph/pull/38259
+ NOTE: https://github.com/ceph/ceph/commit/23f2604d6f9ac16779b4ac43aab6e4e434f2e8ec
+ NOTE: https://github.com/ceph/ceph/commit/843b2e9cd4cb996165d1818ebff125f1414f90c5 (nautilus)
+CVE-2020-27838 (A flaw was found in keycloak in versions prior to 13.0.0. The client r ...)
+ NOT-FOR-US: Keycloak
+CVE-2020-27837 (A flaw was found in GDM in versions prior to 3.38.2.1. A race conditio ...)
+ - gdm3 3.38.2.1-1
+ [buster] - gdm3 <no-dsa> (Minor issue)
+ [stretch] - gdm3 <no-dsa> (Minor issue)
+ NOTE: https://gitlab.gnome.org/GNOME/gdm/-/issues/660
+ NOTE: https://gitlab.gnome.org/GNOME/gdm/-/commit/dcdbaaa04012541ad2813cf83559d91d52f208b9 (master)
+ NOTE: https://gitlab.gnome.org/GNOME/gdm/-/commit/9b6d9b24a5f69674447c7bc9aacfab0988b914bd (3.38.2.1)
+CVE-2020-27836
+ RESERVED
+ NOT-FOR-US: OpenShift
+CVE-2020-27835 (A use after free in the Linux kernel infiniband hfi1 driver in version ...)
+ - linux 5.9.15-1
+ NOTE: https://git.kernel.org/linus/3d2a9d642512c21a12d19b9250e7a835dcb41a79
+CVE-2020-27834 [attacker can send the same request over and over again without changing the CSRF token]
+ RESERVED
+ NOTE: Bogus report for Zabbix, no actionable information:
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1907497
+ NOTE: http://almorabea.net/cves/zabbix.txt
+CVE-2020-27833 (A Zip Slip vulnerability was found in the oc binary in openshift-clien ...)
+ NOT-FOR-US: OpenShift
+CVE-2020-27832 (A flaw was found in Red Hat Quay, where it has a persistent Cross-site ...)
+ NOT-FOR-US: Quay
+CVE-2020-27831 (A flaw was found in Red Hat Quay, where it does not properly protect t ...)
+ NOT-FOR-US: Quay
+CVE-2020-27830 (A vulnerability was found in Linux Kernel where in the spk_ttyio_recei ...)
+ {DSA-4843-1 DLA-2557-1}
+ - linux 5.9.15-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/1
+ NOTE: https://git.kernel.org/linus/f0992098cadb4c9c6a00703b66cafe604e178fea
+CVE-2020-27829 (A heap based buffer overflow in coders/tiff.c may result in program cr ...)
+ - imagemagick 8:6.9.11.57+dfsg-1
+ [buster] - imagemagick <not-affected> (Vulnerable code not present)
+ [stretch] - imagemagick <not-affected> (vulnerable code was introduced later)
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ee5059cd3ac8d82714a1ab1321399b88539abf0
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e30be60bd97313b80e2701239728a3f47c570817
+ NOTE: Introduced in https://github.com/ImageMagick/ImageMagick6/commit/b874d50070557eb98bdc6a3095ef4769af583dd2
+CVE-2020-27828 (There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Cr ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/252
+ NOTE: https://github.com/jasper-software/jasper/pull/253
+CVE-2020-27827 (A flaw was found in multiple versions of OpenvSwitch. Specially crafte ...)
+ {DSA-4836-1 DLA-2571-1}
+ - lldpd 1.0.8-1
+ [buster] - lldpd <no-dsa> (Minor issue)
+ [stretch] - lldpd <no-dsa> (Minor issue)
+ - openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-4 (bug #980132)
+ NOTE: https://github.com/openvswitch/ovs/pull/337
+ NOTE: https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
+ NOTE: https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
+ NOTE: https://github.com/openvswitch/ovs/commit/78e712c0b1dacc2f12d2a03d98f083d8672867f0
+CVE-2020-27826 (A flaw was found in Keycloak before version 12.0.0 where it is possibl ...)
+ NOT-FOR-US: Keycloak
+CVE-2020-27825 (A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux ...)
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
+ - linux 5.9.6-1
+ NOTE: https://git.kernel.org/linus/bbeb97464eefc65f506084fd9f18f21653e01137
+CVE-2020-27824 (A flaw was found in OpenJPEG&#8217;s encoder in the opj_dwt_calc_expli ...)
+ {DSA-4882-1 DLA-2550-1}
+ - openjpeg2 2.4.0-1
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1286
+ NOTE: https://github.com/uclouvain/openjpeg/commit/6daf5f3e1ec6eff03b7982889874a3de6617db8d (v2.4.0)
+CVE-2020-27823 (A flaw was found in OpenJPEG&#8217;s encoder. This flaw allows an atta ...)
+ {DSA-4882-1 DLA-2550-1}
+ - openjpeg2 2.4.0-1
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1284
+ NOTE: https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919 (v2.4.0)
+CVE-2020-27822 (A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Fi ...)
+ - wildfly <itp> (bug #752018)
+CVE-2020-27821 (A flaw was found in the memory management API of QEMU during the initi ...)
+ - qemu 1:5.2+dfsg-3 (bug #977616)
+ [buster] - qemu <postponed> (Fix along in future update)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902651
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442
+ NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=48564041a73adbbff52834f9edbe3806fceefab7 (v3.0)
+CVE-2020-27820 (A vulnerability was found in Linux kernel, where a use-after-frees in ...)
+ - linux 5.15.5-1 (unimportant)
+ [bullseye] - linux 5.10.84-1
+ NOTE: No security impact, requires physical access to the computer
+CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1 when read ...)
+ - r-cran-readxl <not-affected> (Embeds libxls, but not affected)
+ NOTE: https://github.com/libxls/libxls/issues/84
+CVE-2020-27818 (A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. ...)
+ - pngcheck 2.3.0-13 (bug #976350)
+ [buster] - pngcheck 2.3.0-7+deb10u1
+ [stretch] - pngcheck <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011
+ NOTE: Patch applied in Fedora: https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch
+CVE-2020-27817
+ REJECTED
+CVE-2020-27816 (The elasticsearch-operator does not validate the namespace where kiban ...)
+ NOT-FOR-US: OpenShift Elasticsearch operator
+CVE-2020-27815 (A flaw was found in the JFS filesystem code in the Linux Kernel which ...)
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
+ - linux 5.10.4-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/30/5
+CVE-2020-27814 (A heap-buffer overflow was found in the way openjpeg2 handled certain ...)
+ {DSA-4882-1 DLA-2550-1}
+ - openjpeg2 2.4.0-1
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1283
+ NOTE: https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc (v2.4.0)
+ NOTE: https://github.com/uclouvain/openjpeg/commit/15cf3d95814dc931ca0ecb132f81cb152e051bae (v2.4.0)
+ NOTE: https://github.com/uclouvain/openjpeg/commit/649298dcf84b2f20cfe458d887c1591db47372a6
+ NOTE: https://github.com/uclouvain/openjpeg/commit/4ce7d285a55d29b79880d0566d4b010fe1907aa9
+CVE-2020-27813 (An integer overflow vulnerability exists with the length of websocket ...)
+ {DLA-2520-1}
+ - golang-github-gorilla-websocket <not-affected> (Fixed with first upload to Debian with renamed source package)
+ - golang-websocket <removed>
+ NOTE: https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh
+ NOTE: https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37 (v1.4.1)
+CVE-2020-27812
+ RESERVED
+CVE-2020-27811
+ RESERVED
+CVE-2020-27810
+ RESERVED
+CVE-2020-27809
+ RESERVED
+CVE-2020-27808
+ RESERVED
+CVE-2020-27807
+ RESERVED
+CVE-2020-27806
+ RESERVED
+CVE-2020-27805
+ RESERVED
+CVE-2020-27804
+ RESERVED
+CVE-2020-27803
+ RESERVED
+CVE-2020-27802
+ RESERVED
+CVE-2020-27801
+ RESERVED
+CVE-2020-27800
+ RESERVED
+CVE-2020-27799
+ RESERVED
+CVE-2020-27798
+ RESERVED
+CVE-2020-27797
+ RESERVED
+CVE-2020-27796
+ RESERVED
+CVE-2020-27795
+ RESERVED
+CVE-2020-27794
+ RESERVED
+CVE-2020-27793
+ RESERVED
+CVE-2020-27792
+ RESERVED
+CVE-2020-27791
+ RESERVED
+CVE-2020-27790
+ RESERVED
+CVE-2020-27789
+ RESERVED
+CVE-2020-27788
+ RESERVED
+CVE-2020-27787
+ RESERVED
+CVE-2020-27786 (A flaw was found in the Linux kernel&#8217;s implementation of MIDI, w ...)
+ - linux 5.6.14-1
+ [buster] - linux 4.19.131-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://git.kernel.org/linus/c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d
+CVE-2020-27785
+ REJECTED
+CVE-2020-27784
+ RESERVED
+CVE-2020-27783 (A XSS vulnerability was discovered in python-lxml's clean module. The ...)
+ {DSA-4810-1 DLA-2467-1}
+ - lxml 4.6.2-1
+ NOTE: https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e (lxml-4.6.1)
+ NOTE: https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7 (lxml-4.6.2)
+CVE-2020-27782 (A flaw was found in the Undertow AJP connector. Malicious requests and ...)
+ - undertow 2.2.4-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1901304
+ NOTE: https://issues.redhat.com/browse/UNDERTOW-1824
+ NOTE: https://github.com/undertow-io/undertow/commit/fdac349cbcd1da41fe8b9d4e7ebbab6879990c2a (2.2.4.Final)
+CVE-2020-27781 (User credentials can be manipulated and stolen by Native CephFS consum ...)
+ - ceph 14.2.16-1 (bug #985670)
+ [buster] - ceph <no-dsa> (Minor issue)
+ [stretch] - ceph <postponed> (Minor issue)
+ NOTE: https://bugs.launchpad.net/manila/+bug/1904015
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1900109
+ NOTE: https://github.com/ceph/ceph/commit/1b8a634fdcd94dfb3ba650793fb1b6d09af65e05 (octopus)
+ NOTE: https://github.com/ceph/ceph/commit/7e3e4e73783a98bb07ab399438eb3aab41a6fc8b (nautilus)
+ NOTE: https://github.com/ceph/ceph/commit/956ceb853a58f6b6847b31fac34f2f0228a70579 (luminous)
+CVE-2020-27780 (A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it ...)
+ - pam <not-affected> (Only affects 1.5.0)
+ NOTE: https://github.com/linux-pam/linux-pam/issues/284
+ NOTE: Introduced by: https://github.com/linux-pam/linux-pam/commit/af0faf666c5008e54dfe43684f210e3581ff1bca (v1.5.0)
+ NOTE: Fixed by: https://github.com/linux-pam/linux-pam/commit/30fdfb90d9864bcc254a62760aaa149d373fd4eb
+CVE-2020-27779 (A flaw was found in grub2 in versions prior to 2.06. The cutmem comman ...)
+ {DSA-4867-1}
+ - grub2 2.04-16
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...)
+ - poppler 0.85.0-2
+ [buster] - poppler <postponed> (Minor issue)
+ [stretch] - poppler <postponed> (Minor issue; maybe worth fixing later)
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742
+ NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a (poppler-0.76.0)
+CVE-2020-27777 (A flaw was found in the way RTAS handled memory accesses in userspace ...)
+ {DLA-2483-1}
+ - linux 5.9.6-1
+ [buster] - linux 4.19.160-1
+ [stretch] - linux <ignored> (Only an issue when Secure Boot is implemented)
+ NOTE: https://git.kernel.org/linus/bd59380c5ba4147dcbaad3e582b55ccfd120b764
+CVE-2020-27776 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1736
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/0c92913ec5705300943703f1795f34c0cc25164e
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5
+CVE-2020-27775 (A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker w ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1737
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a2166bfb1049bac4c0f7b8b5d3ef86a1f48470b2
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/78d9987ae80a95865c9f139afde0dcf3fd832ddc
+CVE-2020-27774 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1743
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/29cee9152d1b5487cfd19443ca48935eea0cabe2
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/052175e4b190598141fbcc64641cd5ee4db3602d
+CVE-2020-27773 (A flaw was found in ImageMagick in MagickCore/gem-private.h. An attack ...)
+ {DLA-2523-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1739
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/3d71aa8265ffaaf686021a6fbd54c037f71ee3a2
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/be6ffd9f283c2681d74469db8b000701665cf034
+CVE-2020-27772 (A flaw was found in ImageMagick in coders/bmp.c. An attacker who submi ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1749
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a1142af44f61c038ad3eccc099c5b9548b507846
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7f819ef8855608d9cb1ded5e4f30cdfff1da7c11
+CVE-2020-27771 (In RestoreMSCWarning() of /coders/pdf.c there are several areas where ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1753
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/872ffe6d0131beec8b47568a4874ffaca91a872e
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9dd1c7e1f8f6c137bfd3293be2554f59456c7b62
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a07ecde4c1c3a3efaa628434adc903295f6bb2b3
+CVE-2020-27770 (Due to a missing check for 0 value of `replace_extent`, it is possible ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1721
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/be90a5395695f0d19479a5d46b06c678be7f7927
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c01495f91ac71c5205f52713430b68e80d851149
+CVE-2020-27769 (In ImageMagick versions before 7.0.9-0, there are outside the range of ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1740
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7b058696133c6d36e0b48a454e357482db71982e
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7661113a654c9c822c23a8fb8aa1b021fc7fbe9d
+CVE-2020-27768 (In ImageMagick, there is an outside the range of representable values ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1751
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/95d4e94e0353e503b71a53f5e6fad173c7c70c90
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/8c6e86f81968fab1710317d87b00c608108e6a2a
+CVE-2020-27767 (A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker w ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1741
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/564f2a35e523e2b6cce9485018157f03ec05a947
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c2f66e7fc9189a652f77a021bd047c4146d634d1
+CVE-2020-27766 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1734
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/29cee9152d1b5487cfd19443ca48935eea0cabe2
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/052175e4b190598141fbcc64641cd5ee4db3602d
+ NOTE: Same fix as CVE-2020-27774
+CVE-2020-27765 (A flaw was found in ImageMagick in MagickCore/segment.c. An attacker w ...)
+ {DLA-2523-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1730
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a4c89f2a61069ad7637bc7749cc1a839de442526
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4321934be544bc2888c6799fd6b50d8188a3d832
+CVE-2020-27764 (In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOp ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1735
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5
+CVE-2020-27763 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...)
+ {DLA-2523-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1718
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/43539e67a47d2f8de832d33a5b26dc2a7a12294f
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/cc0944d57f846c839905d573503ab055b34090e4
+CVE-2020-27762 (A flaw was found in ImageMagick in coders/hdr.c. An attacker who submi ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1713
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7db3fa20893d557259da6e99e111954de83d2495
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e10f7c3c9f0394dfd6ebd372bc34a172dabc8ff
+CVE-2020-27761 (WritePALMImage() in /coders/palm.c used size_t casts in several areas ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1726
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/db5e12e24f1378ce8c93a5c35991dcdd23a67bb0
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/14c90fb315eb3666a4cf6d784cbde74c69c934ec
+CVE-2020-27760 (In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` v ...)
+ {DLA-2523-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1717
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/c5fcdea6a6ae27cf3db20c28b176e87b1a584e06
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/83cd04f580ccf4cc194813777c1fcfba78e602aa
+CVE-2020-27759 (In IntensityCompare() of /MagickCore/quantize.c, a double value was be ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1720
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/d44f8a35558951a21367d306a42e5a097f3a43fe
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/460dea07066e2001bc4671fcd8d53233f0fc29b3
+CVE-2020-27758 (A flaw was found in ImageMagick in coders/txt.c. An attacker who submi ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1719
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f0a8d407b2801174fd8923941a9e7822f7f9a506
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e5e15b4456c825f78554e2ef1cc6344fa1218448
+CVE-2020-27757 (A floating point math calculation in ScaleAnyToQuantum() of /MagickCor ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1712
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/e88532bd4418e95b70cbc415fe911d22ab27a5fd
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ded073520c133421f842160d3a9e207788f55a90
+CVE-2020-27756 (In ParseMetaGeometry() of MagickCore/geometry.c, image height and widt ...)
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ [stretch] - imagemagick <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1725
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f35eca82b0c294ff9d0ccad104a881c3ae2ba913
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/d3d96f05950275b916207bf9df03640ef3e9fd6e
+ NOTE: Introduced in https://github.com/ImageMagick/ImageMagick6/commit/7dd318e6f7f86eb41e474e3131c59ea26af6c1b2 (6.9.9-34)
+CVE-2020-27755 (in SetImageExtent() of /MagickCore/image.c, an incorrect image depth s ...)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1756
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f28e9e56e1b56d4e1f09d2a56d70892ae295d6a4
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f9191f9e388330c8e22661b42092cc78a29a5d6f
+CVE-2020-27754 (In IntensityCompare() of /magick/quantize.c, there are calls to PixelP ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1754
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick6/commit/d5df600d43c8706df513a3273d09aee6f54a9233
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/d5df600d43c8706df513a3273d09aee6f54a9233
+CVE-2020-27753 (There are several memory leaks in the MIFF coder in /coders/miff.c due ...)
+ - imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1757
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/bb3acad195de95db86c7509d8072db01890470e0
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6f5d3d2cd94eb8361e07546c4bf72cb60681b984
+CVE-2020-27752 (A flaw was found in ImageMagick in MagickCore/quantum-private.h. An at ...)
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ [stretch] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1752
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a9d563d3d73874312080d30dc4ba07cecad56192
+ NOTE: CVE-2020-27752 and CVE-2020-25664 were not reproducible by upstream.
+ NOTE: Previous patch was reverted. Original POC no longer available. It is
+ NOTE: impossible to determine whether there was a possible security vulnerability
+ NOTE: in the first place.
+CVE-2020-27751 (A flaw was found in ImageMagick in MagickCore/quantum-export.c. An att ...)
+ {DLA-2672-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1727
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f60d59cc3a7e3402d403361e0985ffa56f746a82
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/879bb6a13ece5508cd983bc3d64ced23900b60ee
+CVE-2020-27750 (A flaw was found in ImageMagick in MagickCore/colorspace-private.h and ...)
+ {DLA-2523-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1711
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a81ca9a1b46a96be83682af3389f0a6f3d0d389d
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c7038e710ad0204d6cb37a0229fc55f6f8a8662f
+CVE-2020-27749 (A flaw was found in grub2 in versions prior to 2.06. Variable names pr ...)
+ {DSA-4867-1}
+ - grub2 2.04-16
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+CVE-2020-27748 (A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and ...)
+ - xdg-utils <unfixed> (bug #975370)
+ [bullseye] - xdg-utils <postponed> (Minor issue; regression potential; revisit when fixed upstream)
+ [buster] - xdg-utils <postponed> (Minor issue; regression potential; revisit when fixed upstream)
+ [stretch] - xdg-utils <postponed> (Minor issue; regression potential; revisit when fixed upstream)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899769
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1613425
+ NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177
+ NOTE: Introduced by: https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/53bd27e8d0ab37f64638d27a8ddd328a297351fe
+ NOTE: Proposed change: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/28
+CVE-2020-27747 (An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973 ...)
+ NOT-FOR-US: Click Studios Passwordstate
+CVE-2020-27746 (Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Informa ...)
+ {DSA-4841-1}
+ - slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
+ - slurm-llnl <removed> (bug #974722)
+ [stretch] - slurm-llnl <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.schedmd.com/news.php?id=240
+ NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html
+ NOTE: https://github.com/SchedMD/slurm/commit/07309deb45c33e735e191faf9dd31cca1054a15c
+ NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix
+ NOTE: Introduced by: https://github.com/SchedMD/slurm/commit/e3140b7f8d96ced9dc85089caa65dd7c6be396fd (slurm-17-11-0-0rc1)
+CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflo ...)
+ {DSA-4841-1 DLA-2886-1}
+ - slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
+ - slurm-llnl <removed> (bug #974721)
+ NOTE: https://www.schedmd.com/news.php?id=240
+ NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html
+ NOTE: https://github.com/SchedMD/slurm/commit/c3142dd87e06621ff148791c3d2f298b5c0b3a81
+ NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix
+CVE-2020-27744 (An issue was discovered on Western Digital My Cloud NAS devices before ...)
+ NOT-FOR-US: Western Digital My Cloud NAS devices
+CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAN ...)
+ - libpam-tacplus <not-affected> (Vulnerable code added later)
+ NOTE: https://github.com/kravietz/pam_tacplus/pull/163
+ NOTE: https://github.com/kravietz/pam_tacplus/security/advisories/GHSA-rp3p-jm35-jv76
+ NOTE: Introduced with: https://github.com/kravietz/pam_tacplus/commit/6fac2504657b8d98fcd627d60ebdbffcf0253b81 (v1.5.0-beta.1)
+ NOTE: Fixed by: https://github.com/kravietz/pam_tacplus/commit/c9bed7496e81e550ee22746f23bbb11be2e046ed (v1.6.1)
+ NOTE: Fixed by: https://github.com/kravietz/pam_tacplus/commit/bceaab0cd51a09b88f40f19da799ac7390264bf8 (v1.6.1)
+CVE-2020-27742 (An Insecure Direct Object Reference vulnerability in Citadel WebCit th ...)
+ - webcit <removed> (bug #973385)
+ [buster] - webcit <ignored> (Minor issue)
+ [stretch] - webcit <ignored> (Minor issue)
+CVE-2020-27741 (Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit ...)
+ - webcit <removed> (bug #973385)
+ [buster] - webcit <ignored> (Minor issue)
+ [stretch] - webcit <ignored> (Minor issue)
+CVE-2020-27740 (Citadel WebCit through 926 allows unauthenticated remote attackers to ...)
+ - webcit <removed> (bug #973385)
+ [buster] - webcit <ignored> (Minor issue)
+ [stretch] - webcit <ignored> (Minor issue)
+CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit through 926 ...)
+ - webcit <removed> (bug #973385)
+ [buster] - webcit <ignored> (Minor issue)
+ [stretch] - webcit <ignored> (Minor issue)
+CVE-2020-27738 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2020-27737 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2020-27736 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME ele ...)
+ NOT-FOR-US: Wing FTP
+CVE-2020-27734
+ RESERVED
+CVE-2020-27733 (Zoho ManageEngine Applications Manager before 14 build 14880 allows an ...)
+ NOT-FOR-US: Zoho ManageEngine Applications Manager
+CVE-2020-27732
+ RESERVED
+CVE-2020-27731
+ RESERVED
+CVE-2020-27730 (In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2020-27729 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27728 (On BIG-IP ASM &amp; Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27727 (On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27726 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27725 (In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27724 (In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27723 (In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual se ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27722 (In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27721 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27720 (On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27719 (On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27718 (When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27717 (On BIG-IP DNS 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0- ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27716 (On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27715 (On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to th ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27714 (On the BIG-IP AFM version 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27713 (In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-27712
+ RESERVED
+CVE-2020-27711
+ RESERVED
+CVE-2020-27710
+ RESERVED
+CVE-2020-27709
+ RESERVED
+CVE-2020-27708 (A vulnerability exists in the Origin Client that could allow a non-Adm ...)
+ NOT-FOR-US: Electronic Arts
+CVE-2020-27707
+ RESERVED
+CVE-2020-27706
+ RESERVED
+CVE-2020-27705
+ RESERVED
+CVE-2020-27704
+ RESERVED
+CVE-2020-27703
+ RESERVED
+CVE-2020-27702
+ RESERVED
+CVE-2020-27701
+ RESERVED
+CVE-2020-27700
+ RESERVED
+CVE-2020-27699
+ RESERVED
+CVE-2020-27698
+ RESERVED
+CVE-2020-27697 (Trend Micro Security 2020 (Consumer) contains a vulnerability in the i ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27696 (Trend Micro Security 2020 (Consumer) contains a vulnerability in the i ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27695 (Trend Micro Security 2020 (Consumer) contains a vulnerability in the i ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27694 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27693 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27692 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...)
+ NOT-FOR-US: Relish (Verve Connect) VH510 device
+CVE-2020-27691 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...)
+ NOT-FOR-US: Relish (Verve Connect) VH510 device
+CVE-2020-27690 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...)
+ NOT-FOR-US: Relish (Verve Connect) VH510 device
+CVE-2020-27689 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...)
+ NOT-FOR-US: Relish (Verve Connect) VH510 device
+CVE-2020-27688 (RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt ...)
+ NOT-FOR-US: RVTools
+CVE-2020-27687 (ThingsBoard before v3.2 is vulnerable to Host header injection in pass ...)
+ NOT-FOR-US: ThingsBoard
+CVE-2020-27686
+ RESERVED
+CVE-2020-27685
+ RESERVED
+CVE-2020-27684
+ RESERVED
+CVE-2020-27683
+ RESERVED
+CVE-2020-27682
+ RESERVED
+CVE-2020-27681
+ RESERVED
+CVE-2020-27680
+ RESERVED
+CVE-2020-27679
+ RESERVED
+CVE-2020-27678 (An issue was discovered in illumos before 2020-10-22, as used in OmniO ...)
+ NOT-FOR-US: illumos
+CVE-2020-27677
+ RESERVED
+CVE-2020-27676
+ RESERVED
+CVE-2020-27669
+ RESERVED
+CVE-2020-27668
+ RESERVED
+CVE-2020-27667
+ RESERVED
+CVE-2020-27666 (Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview fea ...)
+ NOT-FOR-US: Strapi
+CVE-2020-27665 (In Strapi before 3.2.5, there is no admin::hasPermissions restriction ...)
+ NOT-FOR-US: Strapi
+CVE-2020-27664 (admin/src/containers/InputModalStepperProvider/index.js in Strapi befo ...)
+ NOT-FOR-US: Strapi
+CVE-2020-27663 (In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct ...)
+ - glpi <removed>
+CVE-2020-27662 (In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object ...)
+ - glpi <removed>
+CVE-2020-27661 (A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-d ...)
+ - qemu 1:5.2+dfsg-1 (bug #972864)
+ [buster] - qemu <not-affected> (Vulnerable code not present)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html
+ NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03 (v5.2.0-rc0)
+ NOTE: Introduced in v5.1.0-rc0
+CVE-2020-27660 (SQL injection vulnerability in request.cgi in Synology SafeAccess befo ...)
+ NOT-FOR-US: Synology
+CVE-2020-27659 (Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAc ...)
+ NOT-FOR-US: Synology
+CVE-2020-27658 (Synology Router Manager (SRM) before 1.2.4-8081 does not include the H ...)
+ NOT-FOR-US: Synology Router Manager (SRM)
+CVE-2020-27657 (Cleartext transmission of sensitive information vulnerability in DDNS ...)
+ NOT-FOR-US: Synology Router Manager (SRM)
+CVE-2020-27656 (Cleartext transmission of sensitive information vulnerability in DDNS ...)
+ NOT-FOR-US: Synology
+CVE-2020-27655 (Improper access control vulnerability in Synology Router Manager (SRM) ...)
+ NOT-FOR-US: Synology
+CVE-2020-27654 (Improper access control vulnerability in lbd in Synology Router Manage ...)
+ NOT-FOR-US: Synology
+CVE-2020-27653 (Algorithm downgrade vulnerability in QuickConnect in Synology Router M ...)
+ NOT-FOR-US: Synology
+CVE-2020-27652 (Algorithm downgrade vulnerability in QuickConnect in Synology DiskStat ...)
+ NOT-FOR-US: Synology
+CVE-2020-27651 (Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secur ...)
+ NOT-FOR-US: Synology
+CVE-2020-27650 (Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set t ...)
+ NOT-FOR-US: Synology
+CVE-2020-27649 (Improper certificate validation vulnerability in OpenVPN client in Syn ...)
+ NOT-FOR-US: Synology
+CVE-2020-27648 (Improper certificate validation vulnerability in OpenVPN client in Syn ...)
+ NOT-FOR-US: Synology
+CVE-2020-27647
+ RESERVED
+CVE-2020-27646 (Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1 ...)
+ NOT-FOR-US: Biscom Secure File Transfer (SFT)
+CVE-2020-27645 (The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unqu ...)
+ NOT-FOR-US: 1E Client
+CVE-2020-27644 (The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unqu ...)
+ NOT-FOR-US: 1E Client
+CVE-2020-27643 (The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0 ...)
+ NOT-FOR-US: 1E Client
+CVE-2020-27642 (A cross-site scripting (XSS) vulnerability exists in the 'merge accoun ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27641
+ REJECTED
+CVE-2020-27640 (The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with ...)
+ NOT-FOR-US: Mitel
+CVE-2020-27639 (The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phone ...)
+ NOT-FOR-US: Mitel
+CVE-2020-27637 (The R programming language&#8217;s default package manager CRAN is aff ...)
+ - r-base 4.0.3-1
+ [buster] - r-base <no-dsa> (Minor issue)
+ [stretch] - r-base <no-dsa> (Minor issue)
+ NOTE: https://labs.bishopfox.com/advisories/cran-version-4.0.2
+CVE-2020-27636
+ RESERVED
+CVE-2020-27635
+ RESERVED
+CVE-2020-27634
+ RESERVED
+CVE-2020-27633
+ RESERVED
+CVE-2020-27632 (In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is ...)
+ NOT-FOR-US: Siemens SIMATIC MV400
+CVE-2020-27631
+ RESERVED
+CVE-2020-27630
+ RESERVED
+CVE-2020-27629 (In JetBrains TeamCity before 2020.1.5, secure dependency parameters co ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2020-27628 (In JetBrains TeamCity before 2020.1.5, the Guest user had access to au ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2020-27627 (JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2020-27626 (JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. ...)
+ NOT-FOR-US: JetBrains
+CVE-2020-27625 (In JetBrains YouTrack before 2020.3.888, notifications might have ment ...)
+ NOT-FOR-US: JetBrains
+CVE-2020-27624 (JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. ...)
+ NOT-FOR-US: JetBrains
+CVE-2020-27623 (JetBrains IdeaVim before version 0.58 might have caused an information ...)
+ NOT-FOR-US: JetBrains
+CVE-2020-27622 (In JetBrains IntelliJ IDEA before 2020.2, the built-in web server coul ...)
+ - intellij-idea <itp> (bug #747616)
+CVE-2020-27621 (The FileImporter extension in MediaWiki through 1.35.0 was not properl ...)
+ NOT-FOR-US: MediaWiki extension
+CVE-2020-27620 (The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because Me ...)
+ NOT-FOR-US: MediaWiki extension
+CVE-2020-27619 (In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK ...)
+ - python3.9 <unfixed> (unimportant)
+ - python3.8 <removed> (unimportant)
+ - python3.7 <removed> (unimportant)
+ NOTE: https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html
+ NOTE: https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8 (master)
+ NOTE: https://github.com/python/cpython/commit/a8bf44d04915f7366d9f8dfbf84822ac37a4bab3 (master)
+ NOTE: https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794 (3.9)
+ NOTE: https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33 (3.8)
+ NOTE: https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9 (3.7)
+ NOTE: https://bugs.python.org/issue41944
+ NOTE: Only affects the testsuite
+CVE-2020-27618 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...)
+ - glibc 2.31-5 (bug #973914)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26224
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=9a99c682144bdbd40792ebf822fe9264e0376fb5
+CVE-2020-27617 (eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to t ...)
+ {DLA-2469-1}
+ - qemu 1:5.2+dfsg-1 (bug #973324)
+ [buster] - qemu <postponed> (Fix along in future DSA)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html
+ NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=7564bf7701f00214cdc8a678a9f7df765244def1 (v5.2.0-rc2)
+CVE-2020-27616 (ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outsi ...)
+ - qemu 1:5.2+dfsg-1 (bug #975265)
+ [buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06080.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=ca1f9cbfdce4d63b10d57de80fef89a89d92a540 (v5.2.0-rc1)
+CVE-2020-27615 (The Loginizer plugin before 1.6.4 for WordPress allows SQL injection ( ...)
+ NOT-FOR-US: Loginizer plugin for WordPress
+CVE-2020-27614 (AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the ...)
+ NOT-FOR-US: AnyDesk for macOS
+CVE-2020-27638 (receive.c in fastd before v21 allows denial of service (assertion fail ...)
+ {DLA-2414-1}
+ - fastd 21-1 (bug #972521)
+ [buster] - fastd 18-3+deb10u1
+ NOTE: https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea
+CVE-2020-27613 (The installation procedure in BigBlueButton before 2.2.17 uses ClueCon ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27612 (Greenlight in BigBlueButton through 2.2.28 places usernames in room UR ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27611 (BigBlueButton through 2.2.28 uses STUN/TURN resources from a third par ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27610 (The installation procedure in BigBlueButton before 2.2.28 (or earlier) ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27609 (BigBlueButton through 2.2.28 records a video meeting despite the deact ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27608 (In BigBlueButton before 2.2.6, uploaded presentations are sent to clie ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27607 (In BigBlueButton before 2.2.28 (or earlier), the client-side Mute butt ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27606 (BigBlueButton before 2.2.28 (or earlier) does not set the secure flag ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27605 (BigBlueButton through 2.2.28 uses Ghostscript for processing of upload ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27604 (BigBlueButton before 2.3 does not implement LibreOffice sandboxing. Th ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27603 (BigBlueButton before 2.2.27 has an unsafe JODConverter setting in whic ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27602 (BigBlueButton before 2.2.7 does not have a protection mechanism for se ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27601 (In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat do ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27673 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...)
+ {DLA-2494-1 DLA-2483-1}
+ - linux 5.9.6-1
+ [buster] - linux 4.19.160-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-332.html
+CVE-2020-27675 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...)
+ {DLA-2494-1 DLA-2483-1}
+ - linux 5.9.6-1
+ [buster] - linux 4.19.160-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-331.html
+CVE-2020-27674 (An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS ...)
+ {DSA-4804-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-286.html
+CVE-2020-27672 (An issue was discovered in Xen through 4.14.x allowing x86 guest OS us ...)
+ {DSA-4804-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-345.html
+CVE-2020-27671 (An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH ...)
+ {DSA-4804-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-346.html
+CVE-2020-27670 (An issue was discovered in Xen through 4.14.x allowing x86 guest OS us ...)
+ {DSA-4804-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-347.html
+CVE-2020-27600 (HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-84 ...)
+ NOT-FOR-US: D-Link
+CVE-2020-27599
+ RESERVED
+CVE-2020-27598
+ RESERVED
+CVE-2020-27597
+ RESERVED
+CVE-2020-27596
+ RESERVED
+CVE-2020-27595
+ RESERVED
+CVE-2020-27594
+ RESERVED
+CVE-2020-27593
+ RESERVED
+CVE-2020-27592
+ RESERVED
+CVE-2020-27591
+ RESERVED
+CVE-2020-27590
+ RESERVED
+CVE-2020-27589 (Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - ...)
+ NOT-FOR-US: hub-rest-api-python
+CVE-2020-27588
+ RESERVED
+CVE-2020-27587 (Quick Heal Total Security before 19.0 allows attackers with local admi ...)
+ NOT-FOR-US: Quick Heal Total Security
+CVE-2020-27586 (Quick Heal Total Security before version 19.0 transmits quarantine and ...)
+ NOT-FOR-US: Quick Heal Total Security
+CVE-2020-27585 (Quick Heal Total Security before 19.0 allows attackers with local admi ...)
+ NOT-FOR-US: Quick Heal Total Security
+CVE-2020-27584
+ RESERVED
+CVE-2020-27583 (** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5. ...)
+ NOT-FOR-US: IBM
+CVE-2020-27582
+ RESERVED
+CVE-2020-27581
+ RESERVED
+CVE-2020-27580
+ RESERVED
+CVE-2020-27579
+ RESERVED
+CVE-2020-27578
+ RESERVED
+CVE-2020-27577
+ RESERVED
+CVE-2020-27576 (Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XS ...)
+ NOT-FOR-US: Maxum Rumpus
+CVE-2020-27575 (Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vuln ...)
+ NOT-FOR-US: Maxum Rumpus
+CVE-2020-27574 (Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forge ...)
+ NOT-FOR-US: Maxum Rumpus
+CVE-2020-27573
+ RESERVED
+CVE-2020-27572
+ RESERVED
+CVE-2020-27571
+ RESERVED
+CVE-2020-27570
+ RESERVED
+CVE-2020-27569 (Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. ...)
+ NOT-FOR-US: Aviatrix VPN Client
+CVE-2020-27568 (Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Sever ...)
+ NOT-FOR-US: Aviatrix Controller
+CVE-2020-27567
+ RESERVED
+CVE-2020-27566
+ RESERVED
+CVE-2020-27565
+ RESERVED
+CVE-2020-27564
+ RESERVED
+CVE-2020-27563
+ RESERVED
+CVE-2020-27562
+ RESERVED
+CVE-2020-27561
+ RESERVED
+CVE-2020-27560 (ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames i ...)
+ {DLA-2523-1}
+ - imagemagick 8:6.9.11.57+dfsg-1 (bug #972797)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ef59bd764f88d893f1219fee8ba696a5d3f8c1c4
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6e3b13c7ef94d72b40fba91987897c4326717a46
+CVE-2020-27559
+ RESERVED
+CVE-2020-27558 (Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 201 ...)
+ NOT-FOR-US: BASETech
+CVE-2020-27557 (Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT ...)
+ NOT-FOR-US: BASETech
+CVE-2020-27556 (A predictable device ID in BASETech GE-131 BT-1837836 firmware 2018092 ...)
+ NOT-FOR-US: BASETech
+CVE-2020-27555 (Use of default credentials for the telnet server in BASETech GE-131 BT ...)
+ NOT-FOR-US: BASETech
+CVE-2020-27554 (Cleartext Transmission of Sensitive Information vulnerability in BASET ...)
+ NOT-FOR-US: BASETech
+CVE-2020-27553 (In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the ...)
+ NOT-FOR-US: BASETech
+CVE-2020-27552
+ RESERVED
+CVE-2020-27551
+ RESERVED
+CVE-2020-27550
+ RESERVED
+CVE-2020-27549
+ RESERVED
+CVE-2020-27548
+ RESERVED
+CVE-2020-27547
+ RESERVED
+CVE-2020-27546
+ RESERVED
+CVE-2020-27545
+ RESERVED
+ - dwarfutils 20201201-1
+ [buster] - dwarfutils <ignored> (Minor issue)
+ [stretch] - dwarfutils <ignored> (Minor issue)
+ NOTE: https://www.prevanders.net/dwarfbug.html#DW202010-001
+ NOTE: https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea
+CVE-2020-27544
+ RESERVED
+CVE-2020-27543 (The restify-paginate package 0.0.5 for Node.js allows remote attackers ...)
+ NOT-FOR-US: Node restify-paginate
+CVE-2020-27542 (Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. ...)
+ NOT-FOR-US: Rostelecom CS-C2SHW
+CVE-2020-27541 (Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. Agen ...)
+ NOT-FOR-US: Rostelecom CS-C2SHW
+CVE-2020-27540 (Bash injection vulnerability and bypass of signature verification in R ...)
+ NOT-FOR-US: Rostelecom CS-C2SHW
+CVE-2020-27539 (Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW ...)
+ NOT-FOR-US: Rostelecom CS-C2SHW
+CVE-2020-27538
+ RESERVED
+CVE-2020-27537
+ RESERVED
+CVE-2020-27536
+ RESERVED
+CVE-2020-27535
+ RESERVED
+CVE-2020-27534 (util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 c ...)
+ - docker.io <not-affected> (Windows-specific)
+CVE-2020-27533 (A Cross Site Scripting (XSS) issue was discovered in the search featur ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-27532
+ RESERVED
+CVE-2020-27531
+ RESERVED
+CVE-2020-27530
+ RESERVED
+CVE-2020-27529
+ RESERVED
+CVE-2020-27528
+ RESERVED
+CVE-2020-27527
+ RESERVED
+CVE-2020-27526
+ RESERVED
+CVE-2020-27525
+ RESERVED
+CVE-2020-27524 (On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multi ...)
+ NOT-FOR-US: Audi
+CVE-2020-27523 (Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string sp ...)
+ NOT-FOR-US: Solstice-Pod
+CVE-2020-27522
+ RESERVED
+CVE-2020-27521
+ RESERVED
+CVE-2020-27520
+ RESERVED
+CVE-2020-27519 (Pritunl Client v1.2.2550.20 contains a local privilege escalation vuln ...)
+ NOT-FOR-US: Pritunl Client
+CVE-2020-27518 (All versions of Windscribe VPN for Mac and Windows &lt;= v2.02.10 cont ...)
+ NOT-FOR-US: Windscribe VPN
+CVE-2020-27517
+ RESERVED
+CVE-2020-27516
+ RESERVED
+CVE-2020-27515 (A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows ...)
+ NOT-FOR-US: Savsoft Quiz
+CVE-2020-27514
+ RESERVED
+CVE-2020-27513
+ RESERVED
+CVE-2020-27512
+ RESERVED
+CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML components i ...)
+ - prototypejs <unfixed> (bug #991898)
+ [bullseye] - prototypejs <no-dsa> (Minor issue)
+ [buster] - prototypejs <no-dsa> (Minor issue)
+ [stretch] - prototypejs <no-dsa> (Minor issue)
+ NOTE: https://github.com/prototypejs/prototype/blame/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283
+ NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2020-27511/Prototype.md
+ NOTE: CVE mentions newer version but vulnerable code exists in older versions too
+ NOTE: https://sources.debian.org/src/prototypejs/1.7.1-3/prototype-1.7.1.js/#L617
+CVE-2020-27510
+ RESERVED
+CVE-2020-27509
+ RESERVED
+CVE-2020-27508 (In two-factor authentication, the system also sending 2fa secret key i ...)
+ NOT-FOR-US: Frappe Framework
+CVE-2020-27507
+ RESERVED
+CVE-2020-27506
+ RESERVED
+CVE-2020-27505
+ RESERVED
+CVE-2020-27504
+ RESERVED
+CVE-2020-27503
+ RESERVED
+CVE-2020-27502
+ RESERVED
+CVE-2020-27501
+ RESERVED
+CVE-2020-27500
+ RESERVED
+CVE-2020-27499
+ RESERVED
+CVE-2020-27498
+ RESERVED
+CVE-2020-27497
+ RESERVED
+CVE-2020-27496
+ RESERVED
+CVE-2020-27495
+ RESERVED
+CVE-2020-27494
+ RESERVED
+CVE-2020-27493
+ RESERVED
+CVE-2020-27492
+ RESERVED
+CVE-2020-27491
+ RESERVED
+CVE-2020-27490
+ RESERVED
+CVE-2020-27489
+ RESERVED
+CVE-2020-27488 (Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are ...)
+ NOT-FOR-US: Loxone Miniserver devices
+CVE-2020-27487
+ RESERVED
+CVE-2020-27486 (Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The ...)
+ NOT-FOR-US: Garmin
+CVE-2020-27485 (Garmin Forerunner 235 before 8.20 is affected by: Array index error. T ...)
+ NOT-FOR-US: Garmin
+CVE-2020-27484 (Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. Th ...)
+ NOT-FOR-US: Garmin
+CVE-2020-27483 (Garmin Forerunner 235 before 8.20 is affected by: Array index error. T ...)
+ NOT-FOR-US: Garmin
+CVE-2020-27482
+ RESERVED
+CVE-2020-27481 (An unauthenticated SQL Injection vulnerability in Good Layers LMS Plug ...)
+ NOT-FOR-US: Good Layers LMS Plugin for WordPress
+CVE-2020-27480
+ RESERVED
+CVE-2020-27479
+ RESERVED
+CVE-2020-27478
+ RESERVED
+CVE-2020-27477
+ RESERVED
+CVE-2020-27476
+ RESERVED
+CVE-2020-27475
+ RESERVED
+CVE-2020-27474
+ RESERVED
+CVE-2020-27473
+ RESERVED
+CVE-2020-27472
+ RESERVED
+CVE-2020-27471
+ RESERVED
+CVE-2020-27470
+ RESERVED
+CVE-2020-27469
+ RESERVED
+CVE-2020-27468
+ RESERVED
+CVE-2020-27467
+ RESERVED
+CVE-2020-27466 (An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemp ...)
+ NOT-FOR-US: rConfig
+CVE-2020-27465
+ RESERVED
+CVE-2020-27464 (An insecure update feature in the /updater.php component of rConfig 3. ...)
+ NOT-FOR-US: rConfig
+CVE-2020-27463
+ RESERVED
+CVE-2020-27462
+ RESERVED
+CVE-2020-27461 (A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed ...)
+ NOT-FOR-US: SEOPanel
+CVE-2020-27460
+ RESERVED
+CVE-2020-27459 (Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a ...)
+ NOT-FOR-US: Chronoforeum
+CVE-2020-27458
+ RESERVED
+CVE-2020-27457
+ RESERVED
+CVE-2020-27456
+ RESERVED
+CVE-2020-27455
+ RESERVED
+CVE-2020-27454
+ RESERVED
+CVE-2020-27453
+ RESERVED
+CVE-2020-27452
+ RESERVED
+CVE-2020-27451
+ RESERVED
+CVE-2020-27450
+ RESERVED
+CVE-2020-27449
+ RESERVED
+CVE-2020-27448
+ RESERVED
+CVE-2020-27447
+ RESERVED
+CVE-2020-27446
+ RESERVED
+CVE-2020-27445
+ RESERVED
+CVE-2020-27444
+ RESERVED
+CVE-2020-27443
+ RESERVED
+CVE-2020-27442
+ RESERVED
+CVE-2020-27441
+ RESERVED
+CVE-2020-27440
+ RESERVED
+CVE-2020-27439
+ RESERVED
+CVE-2020-27438
+ RESERVED
+CVE-2020-27437
+ RESERVED
+CVE-2020-27436
+ RESERVED
+CVE-2020-27435
+ RESERVED
+CVE-2020-27434
+ RESERVED
+CVE-2020-27433
+ RESERVED
+CVE-2020-27432
+ RESERVED
+CVE-2020-27431
+ RESERVED
+CVE-2020-27430
+ RESERVED
+CVE-2020-27429
+ RESERVED
+CVE-2020-27428 (A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Re ...)
+ NOT-FOR-US: Scratch-Svg-Renderer
+CVE-2020-27427
+ RESERVED
+CVE-2020-27426
+ RESERVED
+CVE-2020-27425
+ RESERVED
+CVE-2020-27424
+ RESERVED
+CVE-2020-27423 (Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password rese ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2020-27422 (In Anuko Time Tracker v1.19.23.5311, the password reset link emailed t ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2020-27421
+ RESERVED
+CVE-2020-27420
+ RESERVED
+CVE-2020-27419
+ RESERVED
+CVE-2020-27418
+ RESERVED
+CVE-2020-27417
+ RESERVED
+CVE-2020-27416 (Mahavitaran android application 7.50 and prior are affected by account ...)
+ NOT-FOR-US: Mahavitaran android application
+CVE-2020-27415
+ RESERVED
+CVE-2020-27414 (Mahavitaran android application 7.50 and prior transmit sensitive info ...)
+ NOT-FOR-US: Mahavitaran android application
+CVE-2020-27413 (An issue was discovered in Mahavitaran android application 7.50 and be ...)
+ NOT-FOR-US: Mahavitaran android application
+CVE-2020-27412
+ RESERVED
+CVE-2020-27411
+ RESERVED
+CVE-2020-27410
+ RESERVED
+CVE-2020-27409 (OpenSIS Community Edition before 7.5 is affected by a cross-site scrip ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-27408 (OpenSIS Community Edition through 7.6 is affected by incorrect access ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-27407
+ RESERVED
+CVE-2020-27406 (Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authen ...)
+ NOT-FOR-US: DynPG
+CVE-2020-27405
+ RESERVED
+CVE-2020-27404
+ RESERVED
+CVE-2020-27403 (A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 ...)
+ NOT-FOR-US: TCL Android Smart TV series
+CVE-2020-27402 (The HK1 Box S905X3 TV Box contains a vulnerability that allows a local ...)
+ NOT-FOR-US: HK1 Box S905X3 TV Box
+CVE-2020-27401
+ RESERVED
+CVE-2020-27400
+ RESERVED
+CVE-2020-27399
+ RESERVED
+CVE-2020-27398
+ RESERVED
+CVE-2020-27397 (Marital - Online Matrimonial Project In PHP version 1.0 suffers from a ...)
+ NOT-FOR-US: Marital - Online Matrimonial Project
+CVE-2020-27396
+ RESERVED
+CVE-2020-27395
+ RESERVED
+CVE-2020-27394
+ RESERVED
+CVE-2020-27393
+ RESERVED
+CVE-2020-27392
+ RESERVED
+CVE-2020-27391
+ RESERVED
+CVE-2020-27390
+ RESERVED
+CVE-2020-27389
+ RESERVED
+CVE-2020-27388 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in th ...)
+ NOT-FOR-US: YOURLS Admin Panel
+CVE-2020-27387 (An unrestricted file upload issue in HorizontCMS through 1.0.0-beta al ...)
+ NOT-FOR-US: HorizontCMS
+CVE-2020-27386 (An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allow ...)
+ NOT-FOR-US: FlexDotnetCMS
+CVE-2020-27385 (Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) ...)
+ NOT-FOR-US: FlexDotnetCMS
+CVE-2020-27384 (The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an ...)
+ NOT-FOR-US: Guild Wars 2 launcher
+CVE-2020-27383 (Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of ...)
+ NOT-FOR-US: Battle.Net
+CVE-2020-27382
+ RESERVED
+CVE-2020-27381
+ RESERVED
+CVE-2020-27380
+ RESERVED
+CVE-2020-27379 (Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ulti ...)
+ NOT-FOR-US: Booking Core - Ultimate Booking System Booking Core
+CVE-2020-27378
+ RESERVED
+CVE-2020-27377 (A cross-site scripting (XSS) vulnerability was discovered in the Admin ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-27376
+ RESERVED
+CVE-2020-27375
+ RESERVED
+CVE-2020-27374
+ RESERVED
+CVE-2020-27373
+ RESERVED
+CVE-2020-27372 (A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1 ...)
+ - brandy <unfixed> (unimportant)
+ NOTE: https://sourceforge.net/p/brandy/bugs/10/
+ NOTE: Negligible security impact
+CVE-2020-27371
+ RESERVED
+CVE-2020-27370
+ RESERVED
+CVE-2020-27369
+ RESERVED
+CVE-2020-27368 (Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2020-27367
+ RESERVED
+CVE-2020-27366
+ RESERVED
+CVE-2020-27365
+ RESERVED
+CVE-2020-27364
+ RESERVED
+CVE-2020-27363
+ RESERVED
+CVE-2020-27362 (An issue exists within the SSH console of Akkadian Provisioning Manage ...)
+ NOT-FOR-US: Akkadian
+CVE-2020-27361 (An issue exists within Akkadian Provisioning Manager 4.50.02 which all ...)
+ NOT-FOR-US: Akkadian
+CVE-2020-27360
+ RESERVED
+CVE-2020-27359 (A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before ...)
+ NOT-FOR-US: REDCap
+CVE-2020-27358 (An issue was discovered in REDCap 8.11.6 through 9.x before 10. The me ...)
+ NOT-FOR-US: REDCap
+CVE-2020-27357
+ RESERVED
+CVE-2020-27356 (The debug-meta-data plugin 1.1.2 for WordPress allows XSS. ...)
+ NOT-FOR-US: debug-meta-data plugin for WordPress
+CVE-2020-27355
+ RESERVED
+CVE-2020-27354
+ RESERVED
+CVE-2020-27353
+ RESERVED
+CVE-2020-27352
+ RESERVED
+ - snapd 2.49-1
+ [buster] - snapd <no-dsa> (Minor issue)
+ [stretch] - snapd <no-dsa> (Minor issue)
+ NOTE: https://ubuntu.com/security/notices/USN-4728-1
+ NOTE: https://github.com/docker-snap/docker-snap/security/advisories/GHSA-798c-v3jq-h646
+ NOTE: https://bugs.launchpad.net/snapd/+bug/1910456
+CVE-2020-27351 (Various memory and file descriptor leaks were found in apt-python file ...)
+ {DSA-4809-1 DLA-2488-1}
+ - python-apt 2.1.7
+ NOTE: https://bugs.launchpad.net/bugs/1899193
+CVE-2020-27350 (APT had several integer overflows and underflows while parsing .deb pa ...)
+ {DSA-4808-1 DLA-2487-1}
+ - apt 2.1.13
+ NOTE: https://bugs.launchpad.net/bugs/1899193
+CVE-2020-27349 (Aptdaemon performed policykit checks after interacting with potentiall ...)
+ - aptdaemon <removed>
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1899193
+CVE-2020-27348 (In some conditions, a snap package built by snapcraft includes the cur ...)
+ NOT-FOR-US: snapcraft
+CVE-2020-27346
+ REJECTED
+CVE-2020-27345
+ RESERVED
+CVE-2020-27344 (The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. ...)
+ NOT-FOR-US: cm-download-manager plugin for WordPress
+CVE-2020-27343
+ RESERVED
+CVE-2020-27342
+ RESERVED
+CVE-2020-27341
+ RESERVED
+CVE-2020-27340 (The online help portal of Mitel MiCollab before 9.2 could allow an att ...)
+ NOT-FOR-US: Mitel
+CVE-2020-27339 (In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not cor ...)
+ NOT-FOR-US: Insyde
+CVE-2020-27338 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input ...)
+ NOT-FOR-US: Treck
+CVE-2020-27337 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input ...)
+ NOT-FOR-US: Treck
+CVE-2020-27336 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input ...)
+ NOT-FOR-US: Treck
+CVE-2020-27335
+ RESERVED
+CVE-2020-27334
+ RESERVED
+CVE-2020-27333
+ RESERVED
+CVE-2020-27332
+ RESERVED
+CVE-2020-27331
+ RESERVED
+CVE-2020-27330
+ RESERVED
+CVE-2020-27329
+ RESERVED
+CVE-2020-27328
+ RESERVED
+CVE-2020-27327
+ RESERVED
+CVE-2020-27326
+ RESERVED
+CVE-2020-27325
+ RESERVED
+CVE-2020-27324
+ RESERVED
+CVE-2020-27323
+ RESERVED
+CVE-2020-27322
+ RESERVED
+CVE-2020-27321
+ RESERVED
+CVE-2020-27320
+ RESERVED
+CVE-2020-27319
+ RESERVED
+CVE-2020-27318
+ RESERVED
+CVE-2020-27317
+ RESERVED
+CVE-2020-27316
+ RESERVED
+CVE-2020-27315
+ RESERVED
+CVE-2020-27314
+ RESERVED
+CVE-2020-27313
+ RESERVED
+CVE-2020-27312
+ RESERVED
+CVE-2020-27311
+ RESERVED
+CVE-2020-27310
+ RESERVED
+CVE-2020-27309
+ RESERVED
+CVE-2020-27308
+ RESERVED
+CVE-2020-27307
+ RESERVED
+CVE-2020-27306
+ RESERVED
+CVE-2020-27305
+ RESERVED
+CVE-2020-27304 (The CivetWeb web library does not validate uploaded filepaths when run ...)
+ - civetweb 1.15+dfsg-1 (unimportant)
+ NOTE: vulnerable code is an example, not packaged by Debian but present in source package
+ NOTE: https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ
+ NOTE: https://github.com/civetweb/civetweb/commit/b2ed60c589172b37f3d705c69d84313eeb8348b1
+ NOTE: https://github.com/civetweb/civetweb/commit/e489ff4f05647126ffa62d3a54f50bf7b7380776#diff-da20af5c7c76edbce3228777f142173af544c0202af876e8d5618f839f9ab2ac
+CVE-2020-27303
+ RESERVED
+CVE-2020-27302 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...)
+ NOT-FOR-US: Realtek
+CVE-2020-27301 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...)
+ NOT-FOR-US: Realtek
+CVE-2020-27300
+ RESERVED
+CVE-2020-27299 (The affected product is vulnerable to an out-of-bounds read, which may ...)
+ NOT-FOR-US: OPC UA Tunneller
+CVE-2020-27298 (Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1 ...)
+ NOT-FOR-US: Philips
+CVE-2020-27297 (The affected product is vulnerable to a heap-based buffer overflow, wh ...)
+ NOT-FOR-US: OPC UA Tunneller
+CVE-2020-27296
+ RESERVED
+CVE-2020-27295 (The affected product has uncontrolled resource consumption issues, whi ...)
+ NOT-FOR-US: OPC UA Tunneller
+CVE-2020-27294
+ RESERVED
+CVE-2020-27293 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type conf ...)
+ NOT-FOR-US: Delta Electronics CNCSoft-B
+CVE-2020-27292
+ RESERVED
+CVE-2020-27291 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable t ...)
+ NOT-FOR-US: Delta Electronics CNCSoft-B
+CVE-2020-27290 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an inf ...)
+ NOT-FOR-US: Hamilton Medical
+CVE-2020-27289 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null poin ...)
+ NOT-FOR-US: Delta Electronics CNCSoft-B
+CVE-2020-27288 (An untrusted pointer dereference has been identified in the way TPEdit ...)
+ NOT-FOR-US: Delta Electronics (Delta)
+CVE-2020-27287 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable t ...)
+ NOT-FOR-US: Delta Electronics CNCSoft-B
+CVE-2020-27286
+ RESERVED
+CVE-2020-27285 (The default configuration of Crimson 3.1 (Build versions prior to 3119 ...)
+ NOT-FOR-US: Crimson
+CVE-2020-27284 (TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write in ...)
+ NOT-FOR-US: Delta Electronics (Delta)
+CVE-2020-27283 (An attacker could send a specially crafted message to Crimson 3.1 (Bui ...)
+ NOT-FOR-US: Crimson
+CVE-2020-27282 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML ...)
+ NOT-FOR-US: Hamilton Medical
+CVE-2020-27281 (A stack-based buffer overflow may exist in Delta Electronics CNCSoft S ...)
+ NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor
+CVE-2020-27280 (A use after free issue has been identified in the way ISPSoft(v3.12 an ...)
+ NOT-FOR-US: Delta Electronics (Delta)
+CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in the prot ...)
+ NOT-FOR-US: Crimson
+CVE-2020-27278 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-c ...)
+ NOT-FOR-US: Hamilton Medical
+CVE-2020-27277 (Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointe ...)
+ NOT-FOR-US: Delta Electronics DOPSoft
+CVE-2020-27276 (SOOIL Developments Co Ltd DiabecareRS,AnyDana-i &amp; AnyDana-A, the c ...)
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
+CVE-2020-27275 (Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics DOPSoft
+CVE-2020-27274 (Some parsing functions in the affected product do not check the return ...)
+ NOT-FOR-US: OPC UA Tunneller
+CVE-2020-27273
+ RESERVED
+CVE-2020-27272 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The commun ...)
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
+CVE-2020-27271
+ RESERVED
+CVE-2020-27270 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communicat ...)
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
+CVE-2020-27269 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...)
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
+CVE-2020-27268 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...)
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
+CVE-2020-27267 (KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, Thin ...)
+ NOT-FOR-US: KEPServerEX
+CVE-2020-27266 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...)
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
+CVE-2020-27265 (KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, Th ...)
+ NOT-FOR-US: KEPServerEX
+CVE-2020-27264 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...)
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
+CVE-2020-27263 (KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, Th ...)
+ NOT-FOR-US: KEPServerEX
+CVE-2020-27262 (Innokas Yhtym&#228; Oy Vital Signs Monitor VC150 prior to Version 1.7. ...)
+ NOT-FOR-US: Innokas Yhtyma Oy
+CVE-2020-27261 (The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based ...)
+ NOT-FOR-US: Omron CX-One
+CVE-2020-27260 (Innokas Yhtym&#228; Oy Vital Signs Monitor VC150 prior to Version 1.7. ...)
+ NOT-FOR-US: Innokas Yhtyma Oy
+CVE-2020-27259 (The Omron CX-One Version 4.60 and prior may allow an attacker to suppl ...)
+ NOT-FOR-US: Omron CX-One
+CVE-2020-27258 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...)
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
+CVE-2020-27257 (This vulnerability allows local attackers to execute arbitrary code du ...)
+ NOT-FOR-US: Omron CX-One
+CVE-2020-27256 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...)
+ NOT-FOR-US: SOOIL Developments Co., Ltd.
+CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
+ NOT-FOR-US: FactoryTalk
+CVE-2020-27254 (Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, X ...)
+ NOT-FOR-US: Emerson
+CVE-2020-27253 (A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx ...)
+ NOT-FOR-US: FactoryTalk
+CVE-2020-27252 (Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race ...)
+ NOT-FOR-US: Medtronic MyCareLink Smart 25000
+CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...)
+ NOT-FOR-US: FactoryTalk
+CVE-2020-27250 (In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1 ...)
+ NOT-FOR-US: SoftMaker
+CVE-2020-27249 (A specially crafted document can cause the document parser to copy dat ...)
+ NOT-FOR-US: SoftMaker
+CVE-2020-27248 (A specially crafted document can cause the document parser to copy dat ...)
+ NOT-FOR-US: SoftMaker
+CVE-2020-27247 (A specially crafted document can cause the document parser to copy dat ...)
+ NOT-FOR-US: SoftMaker
+CVE-2020-27246 (An exploitable SQL injection vulnerability exists in &#8216;listImmoLa ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27245 (An exploitable SQL injection vulnerability exists in &#8216;listImmoLa ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27244 (An exploitable SQL injection vulnerability exists in &#8216;listImmoLa ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27243 (An exploitable SQL injection vulnerability exists in &#8216;listImmoLa ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27242 (An exploitable SQL injection vulnerability exists in &#8216;listImmoLa ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27241 (An exploitable SQL injection vulnerability exists in &#8216;getAssets. ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27240 (An exploitable SQL injection vulnerability exists in &#8216;getAssets. ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27239 (An exploitable SQL injection vulnerability exists in &#8216;getAssets. ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27238 (An exploitable SQL injection vulnerability exists in &#8216;getAssets. ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27237 (An exploitable SQL injection vulnerability exists in &#8216;getAssets. ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27236 (An exploitable SQL injection vulnerability exists in &#8216;getAssets. ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27235 (An exploitable SQL injection vulnerability exists in &#8216;getAssets. ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27234 (An exploitable SQL injection vulnerability exists in &#8216;getAssets. ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27233 (An exploitable SQL injection vulnerability exists in &#8216;getAssets. ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27232 (An exploitable SQL injection vulnerability exists in &#8216;manageServ ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27231 (A number of exploitable SQL injection vulnerabilities exists in &#8216 ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27230 (A number of exploitable SQL injection vulnerabilities exists in &#8216 ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27229 (A number of exploitable SQL injection vulnerabilities exists in &#8216 ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27228 (An incorrect default permissions vulnerability exists in the installat ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27227 (An exploitable unatuhenticated command injection exists in the OpenCli ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27226 (An exploitable SQL injection vulnerability exists in &#8216;quickFile. ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-27225 (In versions 4.18 and earlier of the Eclipse Platform, the Help Subsyst ...)
+ - eclipse <removed>
+ [stretch] - eclipse <no-dsa> (Minor issue)
+CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the Markdown Prev ...)
+ NOT-FOR-US: Eclipse Theia
+CVE-2020-27223 (In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0 ...)
+ {DSA-4949-1}
+ - jetty9 9.4.38-1
+ [stretch] - jetty9 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7
+ NOTE: https://github.com/eclipse/jetty.project/issues/5963
+ NOTE: https://github.com/eclipse/jetty.project/commit/10e531756b972162eed402c44d0244f7f6b85131
+ NOTE: Introduced by https://github.com/eclipse/jetty.project/commit/cb84946467dc55826a8021ea2592ba58252863c9 (jetty-9.4.6.v20170531)
+CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...)
+ NOT-FOR-US: Eclipse Californium
+CVE-2020-27221 (In Eclipse OpenJ9 up to and including version 0.23, there is potential ...)
+ NOT-FOR-US: Eclipse OpenJ9
+CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check whether ...)
+ NOT-FOR-US: Eclipse Hono
+CVE-2020-27219 (In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not ...)
+ NOT-FOR-US: Eclipse Hawkbit
+CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 ...)
+ - jetty9 9.4.35-1 (bug #976211)
+ [buster] - jetty9 <ignored> (Minor issue, too intrusive to backport, patch introduces regressions, workarounds exist)
+ [stretch] - jetty9 <ignored> (Minor issue, request smuggling in specific conditions, invasive, patch introduces regressions, workarounds exist)
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8
+ NOTE: https://github.com/eclipse/jetty.project/issues/5605
+CVE-2020-27217 (In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does ...)
+ NOT-FOR-US: Eclipse Hono
+CVE-2020-27216 (In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thr ...)
+ {DSA-4949-1 DLA-2661-1}
+ - jetty9 9.4.33-1
+ - jetty8 <removed>
+ - jetty <removed>
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921
+ NOTE: https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb
+ NOTE: https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6
+CVE-2020-27215
+ RESERVED
+CVE-2020-27214
+ RESERVED
+CVE-2020-27213
+ RESERVED
+CVE-2020-27212 (STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect a ...)
+ NOT-FOR-US: STMicroelectronics STM32L4 devices
+CVE-2020-27211 (Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper ...)
+ NOT-FOR-US: Nordic Semiconductor nRF52840 devices
+CVE-2020-27210
+ RESERVED
+CVE-2020-27209 (The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simp ...)
+ NOT-FOR-US: micro-ecc
+CVE-2020-27208 (The flash read-out protection (RDP) level is not enforced during the d ...)
+ NOT-FOR-US: SoloKeys Solo
+CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sq ...)
+ NOT-FOR-US: Zetetic SQLCipher
+CVE-2020-27206
+ RESERVED
+CVE-2020-27205
+ RESERVED
+CVE-2020-27204
+ RESERVED
+CVE-2020-27203
+ RESERVED
+CVE-2020-27202
+ RESERVED
+CVE-2020-27201
+ RESERVED
+CVE-2020-27200
+ RESERVED
+CVE-2020-27199 (The Magic Home Pro application 1.5.1 for Android allows Authentication ...)
+ NOT-FOR-US: Magic Home Pro application for Android
+CVE-2020-27198
+ RESERVED
+CVE-2020-27197 (** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ O ...)
+ NOT-FOR-US: TAXII libtaxii
+CVE-2020-27196 (An issue was discovered in PlayJava in Play Framework 2.6.0 through 2. ...)
+ NOT-FOR-US: Play Framework
+CVE-2020-27195 (HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client ...)
+ - nomad 0.10.9+dfsg1-1 (bug #972795)
+ NOTE: https://github.com/hashicorp/nomad/issues/9129
+ NOTE: https://github.com/hashicorp/nomad/commit/a8ea7c5f421297db434b45046fca7a9deef6df85 (0.12.6)
+CVE-2020-27193 (A cross-site scripting (XSS) vulnerability in the Color Dialog plugin ...)
+ NOT-FOR-US: CKEditor plugin
+CVE-2020-27192 (BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs. ...)
+ NOT-FOR-US: BinaryNights ForkLift
+CVE-2020-27191 (LionWiki before 3.2.12 allows an unauthenticated user to read files as ...)
+ NOT-FOR-US: LionWiki
+CVE-2020-27194 (An issue was discovered in the Linux kernel before 5.8.15. scalar32_mi ...)
+ - linux 5.9.1-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5b9fbeb75b6a98955f628e205ac26689bcb1383e
+CVE-2020-27190
+ RESERVED
+CVE-2020-27189
+ RESERVED
+CVE-2020-27188
+ RESERVED
+CVE-2020-27187 (An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. T ...)
+ - kpmcore 4.2.0-1
+ [buster] - kpmcore <not-affected> (kpmcore_externalcommand not yet present)
+ [stretch] - kpmcore <not-affected> (kpmcore_externalcommand not yet present)
+ NOTE: https://kde.org/info/security/advisory-20201017-1.txt
+ NOTE: https://invent.kde.org/system/kpmcore/-/commit/c466c5db11b5cee546d1ec0594c2f1105a354fed (fix)
+ NOTE: https://invent.kde.org/system/kpmcore/-/commit/7ec4b611dcf822439b081613cca4184689266454 (removes KF5 5.73 dependency)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1890199
+CVE-2020-27186
+ RESERVED
+CVE-2020-27185 (Cleartext transmission of sensitive information via Moxa Service in NP ...)
+ NOT-FOR-US: Moxa Service in NPort IA5000A series serial devices
+CVE-2020-27184 (The NPort IA5000A Series devices use Telnet as one of the network devi ...)
+ NOT-FOR-US: NPort IA5000A Series devices
+CVE-2020-27183 (A RemoteFunctions endpoint with missing access control in konzept-ix p ...)
+ NOT-FOR-US: konzept-ix publiXone
+CVE-2020-27182 (Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publ ...)
+ NOT-FOR-US: konzept-ix publiXone
+CVE-2020-27181 (A hardcoded AES key in CipherUtils.java in the Java applet of konzept- ...)
+ NOT-FOR-US: konzept-ix publiXone
+CVE-2020-27180 (konzept-ix publiXone before 2020.015 allows attackers to download file ...)
+ NOT-FOR-US: konzept-ix publiXone
+CVE-2020-27179 (konzept-ix publiXone before 2020.015 allows attackers to take over arb ...)
+ NOT-FOR-US: konzept-ix publiXone
+CVE-2020-27178 (Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4 ...)
+ NOT-FOR-US: Apereo CAS
+CVE-2020-27177
+ RESERVED
+CVE-2020-27176 (Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote C ...)
+ NOT-FOR-US: Mark Text
+CVE-2020-27175
+ RESERVED
+CVE-2020-27174 (In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the ...)
+ NOT-FOR-US: Firecracker
+CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow to unlimi ...)
+ NOT-FOR-US: vm-superio
+CVE-2020-27172 (An issue was discovered in G-Data before 25.5.9.25 using Symbolic link ...)
+ NOT-FOR-US: G-Data
+CVE-2020-27171 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
+ {DLA-2610-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/3
+CVE-2020-27170 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...)
+ {DLA-2610-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/2
+CVE-2020-27169
+ RESERVED
+CVE-2020-27168
+ RESERVED
+CVE-2020-27167
+ RESERVED
+CVE-2020-27166
+ RESERVED
+CVE-2020-27165
+ REJECTED
+CVE-2020-27164
+ RESERVED
+CVE-2020-27163 (phpRedisAdmin before 1.13.2 allows XSS via the login.php username para ...)
+ NOT-FOR-US: phpRedisAdmin
+CVE-2020-27162
+ RESERVED
+CVE-2020-27161
+ RESERVED
+CVE-2020-27160 (Addressed remote code execution vulnerability in AvailableApps.php tha ...)
+ NOT-FOR-US: Western Digital My Cloud NAS devices
+CVE-2020-27159 (Addressed remote code execution vulnerability in DsdkProxy.php due to ...)
+ NOT-FOR-US: Western Digital My Cloud NAS devices
+CVE-2020-27158 (Addressed remote code execution vulnerability in cgi_api.php that allo ...)
+ NOT-FOR-US: Western Digital My Cloud NAS devices
+CVE-2020-27157 (Veritas APTARE versions prior to 10.5 included code that bypassed the ...)
+ NOT-FOR-US: Veritas
+CVE-2020-27156 (Veritas APTARE versions prior to 10.5 did not perform adequate authori ...)
+ NOT-FOR-US: Veritas
+CVE-2020-27155 (An issue was discovered in Octopus Deploy through 2020.4.4. If enabled ...)
+ NOT-FOR-US: Octopus Deploy
+CVE-2020-27154 (The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Win ...)
+ NOT-FOR-US: Mitel
+CVE-2020-27152 (An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioap ...)
+ - linux 5.9.6-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888886
+ NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=208767
+ NOTE: https://git.kernel.org/linus/77377064c3a94911339f13ce113b3abf265e06da
+CVE-2020-27151 (An issue was discovered in Kata Containers through 1.11.3 and 2.x thro ...)
+ NOT-FOR-US: Kata Containers
+CVE-2020-27153 (In BlueZ before 5.55, a double free was found in the gatttool disconne ...)
+ {DSA-4951-1 DLA-2410-1}
+ - bluez 5.55-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1884817
+ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1cd644db8c23a2f530ddb93cebed7dacc5f5721a
+CVE-2020-27150 (In multiple versions of NPort IA5000A Series, the result of exporting ...)
+ NOT-FOR-US: NPort IA5000A Series devices
+CVE-2020-27149 (By exploiting a vulnerability in NPort IA5150A/IA5250A Series before v ...)
+ NOT-FOR-US: NPort IA5150A/IA5250A Series devices
+CVE-2020-27148 (The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange ...)
+ NOT-FOR-US: TIBCO
+CVE-2020-27147 (The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress c ...)
+ NOT-FOR-US: TIBCO
+CVE-2020-27146 (The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace ( ...)
+ NOT-FOR-US: TIBCO
+CVE-2020-27145
+ RESERVED
+CVE-2020-27144
+ RESERVED
+CVE-2020-27143
+ RESERVED
+CVE-2020-27142
+ RESERVED
+CVE-2020-27141
+ RESERVED
+CVE-2020-27140
+ RESERVED
+CVE-2020-27139
+ RESERVED
+CVE-2020-27138
+ RESERVED
+CVE-2020-27137
+ RESERVED
+CVE-2020-27136
+ RESERVED
+CVE-2020-27135
+ RESERVED
+CVE-2020-27134 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27133 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27132 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27131 (Multiple vulnerabilities in the Java deserialization function that is ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27130 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27129 (A vulnerability in the remote management feature of Cisco SD-WAN vMana ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27128 (A vulnerability in the application data endpoints of Cisco SD-WAN vMan ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27127 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27126 (A vulnerability in an API of Cisco Webex Meetings could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27125 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27124
+ RESERVED
+CVE-2020-27123 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27122 (A vulnerability in the Microsoft Active Directory integration of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27121 (A vulnerability in Cisco Unified Communications Manager IM &amp;amp; P ...)
+ NOT-FOR-US: Cisco
+CVE-2020-27120
+ RESERVED
+CVE-2020-27119
+ RESERVED
+CVE-2020-27118
+ RESERVED
+CVE-2020-27117
+ RESERVED
+CVE-2020-27116
+ RESERVED
+CVE-2020-27115
+ RESERVED
+CVE-2020-27114
+ RESERVED
+CVE-2020-27113
+ RESERVED
+CVE-2020-27112
+ RESERVED
+CVE-2020-27111
+ RESERVED
+CVE-2020-27110
+ RESERVED
+CVE-2020-27109
+ RESERVED
+CVE-2020-27108
+ RESERVED
+CVE-2020-27107
+ RESERVED
+CVE-2020-27106
+ RESERVED
+CVE-2020-27105
+ RESERVED
+CVE-2020-27104
+ RESERVED
+CVE-2020-27103
+ RESERVED
+CVE-2020-27102
+ RESERVED
+CVE-2020-27101
+ RESERVED
+CVE-2020-27100
+ RESERVED
+CVE-2020-27099
+ RESERVED
+CVE-2020-27098 (In checkGrantUriPermission of UriGrantsManagerService.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2020-27097 (In checkGrantUriPermission of UriGrantsManagerService.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2020-27096
+ RESERVED
+CVE-2020-27095
+ RESERVED
+CVE-2020-27094
+ RESERVED
+CVE-2020-27093
+ RESERVED
+CVE-2020-27092
+ RESERVED
+CVE-2020-27091
+ RESERVED
+CVE-2020-27090
+ RESERVED
+CVE-2020-27089
+ RESERVED
+CVE-2020-27088
+ RESERVED
+CVE-2020-27087
+ RESERVED
+CVE-2020-27086
+ RESERVED
+CVE-2020-27085
+ RESERVED
+CVE-2020-27084
+ RESERVED
+CVE-2020-27083
+ RESERVED
+CVE-2020-27082
+ RESERVED
+CVE-2020-27081
+ RESERVED
+CVE-2020-27080
+ RESERVED
+CVE-2020-27079
+ RESERVED
+CVE-2020-27078
+ RESERVED
+CVE-2020-27077
+ RESERVED
+CVE-2020-27076
+ RESERVED
+CVE-2020-27075
+ RESERVED
+CVE-2020-27074
+ RESERVED
+CVE-2020-27073
+ RESERVED
+CVE-2020-27072
+ RESERVED
+CVE-2020-27071
+ RESERVED
+CVE-2020-27070
+ RESERVED
+CVE-2020-27069
+ RESERVED
+CVE-2020-27068 (In the nl80211_policy policy of nl80211.c, there is a possible out of ...)
+ - linux 5.5.13-1
+ [buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://git.kernel.org/linus/ea75080110a4c1fa011b0a73cb8f42227143ee3e
+CVE-2020-27067 (In the l2tp subsystem, there is a possible use after free due to a rac ...)
+ - linux 4.15.4-1
+ [stretch] - linux 4.9.228-1
+CVE-2020-27066 (In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possib ...)
+ - linux 5.5.17-1
+ [buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01
+CVE-2020-27065
+ RESERVED
+CVE-2020-27064
+ RESERVED
+CVE-2020-27063
+ RESERVED
+CVE-2020-27062
+ RESERVED
+CVE-2020-27061
+ RESERVED
+CVE-2020-27060
+ RESERVED
+CVE-2020-27059 (In onAuthenticated of AuthenticationClient.java, there is a possible t ...)
+ NOT-FOR-US: Android
+CVE-2020-27058
+ RESERVED
+CVE-2020-27057 (In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, the ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-27056 (In SELinux policies of mls, there is a missing permission check. This ...)
+ NOT-FOR-US: Android
+CVE-2020-27055 (In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigCon ...)
+ NOT-FOR-US: Android
+CVE-2020-27054 (In onFactoryReset of BluetoothManagerService.java, there is a missing ...)
+ NOT-FOR-US: Android
+CVE-2020-27053 (In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2020-27052 (In getLockTaskLaunchMode of ActivityRecord.java, there is a possible w ...)
+ NOT-FOR-US: Android
+CVE-2020-27051 (In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2020-27050 (In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2020-27049 (In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out of boun ...)
+ NOT-FOR-US: Android
+CVE-2020-27048 (In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds wr ...)
+ NOT-FOR-US: Android
+CVE-2020-27047 (In ce_t4t_update_binary of ce_t4t.cc, there is a possible out of bound ...)
+ NOT-FOR-US: Android
+CVE-2020-27046 (In nfc_ncif_proc_ee_action of nfc_ncif.cc, there is a possible out of ...)
+ NOT-FOR-US: Android
+CVE-2020-27045 (In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds wr ...)
+ NOT-FOR-US: Android
+CVE-2020-27044 (In restartWrite of Parcel.cpp, there is a possible memory corruption d ...)
+ NOT-FOR-US: Android
+CVE-2020-27043 (In nfc_enabled of nfc_main.cc, there is a possible out of bounds read ...)
+ NOT-FOR-US: Android
+CVE-2020-27042
+ RESERVED
+CVE-2020-27041 (In showProvisioningNotification of ConnectivityService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2020-27040 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2020-27039 (In postNotification of ServiceRecord.java, there is a possible permiss ...)
+ NOT-FOR-US: Android
+CVE-2020-27038 (In process of C2SoftVorbisDec.cpp, there is a possible resource exhaus ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-27037 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2020-27036 (In phNxpNciHal_send_ext_cmd of phNxpNciHal_ext.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2020-27035 (In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible us ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-27034 (In createSimSelectNotification of SimSelectNotification.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2020-27033 (In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out o ...)
+ NOT-FOR-US: Android
+CVE-2020-27032 (In getRadioAccessFamily of PhoneInterfaceManager.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2020-27031 (In nfc_data_event of nfc_ncif.cc, there is a possible out of bounds re ...)
+ NOT-FOR-US: Android
+CVE-2020-27030 (In onCreate of HandleApiCalls.java, there is a possible permission byp ...)
+ NOT-FOR-US: Android
+CVE-2020-27029 (In TextView of TextView.java, there is a possible app hang due to impr ...)
+ NOT-FOR-US: Android
+CVE-2020-27028 (In filter_incoming_event of hci_layer.cc, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2020-27027 (In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out o ...)
+ NOT-FOR-US: Android
+CVE-2020-27026 (During boot, the device unlock interface behaves differently depending ...)
+ NOT-FOR-US: Android
+CVE-2020-27025 (In EapFailureNotifier.java and SimRequiredNotifier.java, there is a po ...)
+ NOT-FOR-US: Android
+CVE-2020-27024 (In smp_br_state_machine_event of smp_br_main.cc, there is a possible o ...)
+ NOT-FOR-US: Android
+CVE-2020-27023 (In setErrorPlaybackState of BluetoothMediaBrowserService.java, there i ...)
+ NOT-FOR-US: Android
+CVE-2020-27022
+ RESERVED
+CVE-2020-27021 (In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible o ...)
+ NOT-FOR-US: Android
+CVE-2020-27020 (Password generator feature in Kaspersky Password Manager was not compl ...)
+ NOT-FOR-US: Kaspersky Password Manager
+CVE-2020-27019 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27018 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27017 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27016 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27015 (Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Messag ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27014 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a race conditio ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27013 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27012
+ RESERVED
+CVE-2020-27011
+ RESERVED
+CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27009 (A vulnerability has been identified in Nucleus NET (All versions &lt; ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-27007 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-27006 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-27005 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-27004 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-27003 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-27002 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-27001 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-27000 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26999 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26998 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26997 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
+ NOT-FOR-US: Solid Edge (Siemens)
+CVE-2020-26996 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26995 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26994 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26993 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26992 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26991 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26990 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26989 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26988 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26987 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26986 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26985 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26984 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26983 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26982 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26981 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26980 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: JT2Go
+CVE-2020-26979 (When a user typed a URL in the address bar or the search bar and quick ...)
+ - firefox 84.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26979
+CVE-2020-26978 (Using techniques that built on the slipstream research, a malicious we ...)
+ {DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
+ - firefox 84.0-1
+ - firefox-esr 78.6.0esr-1
+ - thunderbird 1:78.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26978
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26978
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26978
+CVE-2020-26977 (By attempting to connect a website using an unresponsive port, an atta ...)
+ - firefox <not-affected> (Android specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26977
+CVE-2020-26976 (When a HTTPS pages was embedded in a HTTP page, and there was a servic ...)
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
+ - firefox 84.0-1
+ - firefox-esr 78.7.0esr-1
+ - thunderbird 1:78.7.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2020-26976
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26976
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-26976
+CVE-2020-26975 (When a malicious application installed on the user's device broadcast ...)
+ - firefox <not-affected> (Android specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26975
+CVE-2020-26974 (When flex-basis was used on a table wrapper, a StyleGenericFlexBasis o ...)
+ {DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
+ - firefox 84.0-1
+ - firefox-esr 78.6.0esr-1
+ - thunderbird 1:78.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26974
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26974
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974
+CVE-2020-26973 (Certain input to the CSS Sanitizer confused it, resulting in incorrect ...)
+ {DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
+ - firefox 84.0-1
+ - firefox-esr 78.6.0esr-1
+ - thunderbird 1:78.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26973
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26973
+CVE-2020-26972 (The lifecycle of IPC Actors allows managed actors to outlive their man ...)
+ - firefox 84.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26972
+CVE-2020-26971 (Certain blit values provided by the user were not properly constrained ...)
+ {DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
+ - firefox 84.0-1
+ - firefox-esr 78.6.0esr-1
+ - thunderbird 1:78.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26971
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26971
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26971
+CVE-2020-26970 (When reading SMTP server status codes, Thunderbird writes an integer v ...)
+ {DSA-4802-1 DLA-2479-1}
+ - thunderbird 1:78.5.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970
+CVE-2020-26969 (Mozilla developers reported memory safety bugs present in Firefox 82. ...)
+ - firefox 83.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26969
+CVE-2020-26968 (Mozilla developers reported memory safety bugs present in Firefox 82 a ...)
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
+ - firefox 83.0-1
+ - firefox-esr 78.5.0esr-1
+ - thunderbird 1:78.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26968
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26968
+CVE-2020-26967 (When listening for page changes with a Mutation Observer, a malicious ...)
+ - firefox 83.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26967
+CVE-2020-26966 (Searching for a single word from the address bar caused an mDNS reques ...)
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26966
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26966
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26966
+CVE-2020-26965 (Some websites have a feature "Show Password" where clicking a button w ...)
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
+ - firefox 83.0-1
+ - firefox-esr 78.5.0esr-1
+ - thunderbird 1:78.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26965
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26965
+CVE-2020-26964 (If the Remote Debugging via USB feature was enabled in Firefox for And ...)
+ - firefox <not-affected> (Android specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26964
+CVE-2020-26963 (Repeated calls to the history and location interfaces could have been ...)
+ - firefox 83.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26963
+CVE-2020-26962 (Cross-origin iframes that contained a login form could have been recog ...)
+ - firefox 83.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26962
+CVE-2020-26961 (When DNS over HTTPS is in use, it intentionally filters RFC1918 and re ...)
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
+ - firefox 83.0-1
+ - firefox-esr 78.5.0esr-1
+ - thunderbird 1:78.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26961
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26961
+CVE-2020-26960 (If the Compact() method was called on an nsTArray, the array could hav ...)
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
+ - firefox 83.0-1
+ - firefox-esr 78.5.0esr-1
+ - thunderbird 1:78.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26960
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26960
+CVE-2020-26959 (During browser shutdown, reference decrementing could have occured on ...)
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
+ - firefox 83.0-1
+ - firefox-esr 78.5.0esr-1
+ - thunderbird 1:78.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26959
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26959
+CVE-2020-26958 (Firefox did not block execution of scripts with incorrect MIME types w ...)
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
+ - firefox 83.0-1
+ - firefox-esr 78.5.0esr-1
+ - thunderbird 1:78.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26958
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26958
+CVE-2020-26957 (OneCRL was non-functional in the new Firefox for Android due to a miss ...)
+ - firefox <not-affected> (Android specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26957
+CVE-2020-26956 (In some cases, removing HTML elements during sanitization would keep e ...)
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
+ - firefox 83.0-1
+ - firefox-esr 78.5.0esr-1
+ - thunderbird 1:78.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26956
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26956
+CVE-2020-26955 (When a user downloaded a file in Firefox for Android, if a cookie is s ...)
+ - firefox <not-affected> (Android specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26955
+CVE-2020-26954 (When accepting a malicious intent from other installed apps, Firefox f ...)
+ - firefox <not-affected> (Android specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26954
+CVE-2020-26953 (It was possible to cause the browser to enter fullscreen mode without ...)
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
+ - firefox 83.0-1
+ - firefox-esr 78.5.0esr-1
+ - thunderbird 1:78.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26953
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26953
+CVE-2020-26952 (Incorrect bookkeeping of functions inlined during JIT compilation coul ...)
+ - firefox 83.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952
+CVE-2020-26951 (A parsing and event loading mismatch in Firefox's SVG code could have ...)
+ {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
+ - firefox 83.0-1
+ - firefox-esr 78.5.0esr-1
+ - thunderbird 1:78.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26951
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26951
+CVE-2020-26950 (In certain circumstances, the MCallGetProperty opcode can be emitted w ...)
+ {DSA-4790-1 DSA-4788-1 DLA-2449-1 DLA-2448-1}
+ - firefox 82.0.3-1
+ - firefox-esr 78.4.1esr-1
+ - thunderbird 1:78.4.2-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950
+CVE-2020-26949
+ RESERVED
+CVE-2020-26948 (Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ...)
+ NOT-FOR-US: Emby Server
+CVE-2020-26947 (monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directo ...)
+ NOT-FOR-US: monero-wallet-gui
+CVE-2020-26946
+ RESERVED
+CVE-2020-26945 (MyBatis before 3.5.6 mishandles deserialization of object streams. ...)
+ NOT-FOR-US: MyBatis
+CVE-2020-26944 (An issue was discovered in Aptean Product Configurator 4.61.0000 on Wi ...)
+ NOT-FOR-US: Aptean
+CVE-2020-26943 (An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2. ...)
+ NOT-FOR-US: blazar-dashboard
+CVE-2020-26942
+ RESERVED
+CVE-2020-26941 (A local (authenticated) low-privileged user can exploit a behavior in ...)
+ NOT-FOR-US: IBM
+CVE-2020-26940
+ RESERVED
+CVE-2020-26939 (In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1. ...)
+ {DLA-2433-1}
+ - bouncycastle 1.61-1
+ [buster] - bouncycastle <no-dsa> (Minor issue)
+ NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2020-26939
+ NOTE: https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1 (r1rv61)
+CVE-2020-26938
+ RESERVED
+CVE-2020-26937
+ RESERVED
+CVE-2020-26936 (Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF at ...)
+ NOT-FOR-US: Cloudera Data Engineering (CDE)
+CVE-2020-26935 (An issue was discovered in SearchController in phpMyAdmin before 4.9.6 ...)
+ {DLA-2413-1}
+ - phpmyadmin 4:4.9.7+dfsg1-1 (bug #972000)
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2020-6/
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d09ab9bc9d634ad08b866d42bb8c4109869d38d2
+CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the tr ...)
+ {DLA-2413-1}
+ - phpmyadmin 4:4.9.7+dfsg1-1 (bug #971999)
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2020-5/
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/19df63b0365621427697edc185ff7c9c5707c523
+CVE-2020-26933 (Trusted Computing Group (TCG) Trusted Platform Module Library Family 2 ...)
+ NOT-FOR-US: Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification
+CVE-2020-26931 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26930 (NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect conf ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26929 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26928 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26927 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26926 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26925 (NETGEAR GS808E devices before 1.7.1.0 are affected by denial of servic ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26924 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26923 (Certain NETGEAR devices are affected by stored XSS. This affects WC750 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26922 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26921 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26920 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26919 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of acces ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26918 (Certain NETGEAR devices are affected by stored XSS. This affects EX700 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26917 (Certain NETGEAR devices are affected by stored XSS. This affects EX700 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26916 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26915 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26914 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26913 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26912 (Certain NETGEAR devices are affected by CSRF. This affects D6200 befor ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26911 (Certain NETGEAR devices are affected by lack of access control at the ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26910 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26909 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26908 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26907 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26906 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26905 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26904 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26903 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26902 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26901 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26900 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26899 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26898 (NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect config ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26897 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26896 (Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerabili ...)
+ - lnd <itp> (bug #886577)
+CVE-2020-26895 (Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accept ...)
+ - lnd <itp> (bug #886577)
+CVE-2020-26894 (LiveCode v9.6.1 on Windows allows local, low-privileged users to gain ...)
+ NOT-FOR-US: New Millennium
+CVE-2020-26893 (An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor c ...)
+ NOT-FOR-US: ClamXAV
+CVE-2020-26892 (The JWT library in NATS nats-server before 2.1.9 has Incorrect Access ...)
+ - golang-github-nats-io-jwt <unfixed> (bug #988950)
+ [buster] - golang-github-nats-io-jwt <no-dsa> (Minor issue)
+ NOTE: https://advisories.nats.io/CVE/CVE-2020-26892.txt
+CVE-2020-26891 (AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS d ...)
+ - matrix-synapse 1.21.1-1
+ NOTE: https://github.com/matrix-org/synapse/pull/8444
+CVE-2020-26890 (Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Inf ...)
+ - matrix-synapse 1.20.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f
+CVE-2020-26889
+ RESERVED
+CVE-2020-26888
+ RESERVED
+CVE-2020-26887 (FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Reb ...)
+ NOT-FOR-US: Fritz OS
+CVE-2020-26886 (Softaculous before 5.5.7 is affected by a code execution vulnerability ...)
+ NOT-FOR-US: Softaculous
+CVE-2020-26885 (An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability ...)
+ NOT-FOR-US: 2sxc
+CVE-2020-26884 (RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulner ...)
+ NOT-FOR-US: RSA Archer
+CVE-2020-26883 (In Play Framework 2.6.0 through 2.8.2, stack consumption can occur bec ...)
+ NOT-FOR-US: Play Framework
+CVE-2020-26882 (In Play Framework 2.6.0 through 2.8.2, data amplification can occur wh ...)
+ NOT-FOR-US: Play Framework
+CVE-2020-26881
+ RESERVED
+CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local privilege escalation from the s ...)
+ - sympa <unfixed> (bug #972114)
+ [bullseye] - sympa <postponed> (Revisit when fixed upstream; most setups mitigated)
+ [buster] - sympa <postponed> (Revisit when fixed upstream; most setups mitigated)
+ [stretch] - sympa <postponed> (Mitigated, revisit when fixed upstream)
+ NOTE: https://github.com/sympa-community/sympa/issues/1009
+ NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420
+ NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235
+ NOTE: Mitigation: https://salsa.debian.org/sympa-team/sympa/-/commit/b904d5257beb135127f663ad8f6865c1b59efd50
+ NOTE: Mitigation present in 6.2.58~dfsg-2, 6.2.40~dfsg-1+deb10u1 and 6.2.16~dfsg-3+deb9u4
+ NOTE: uploads.
+CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded ...)
+ NOT-FOR-US: Ruckus
+CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command injection. An ...)
+ NOT-FOR-US: Ruckus
+CVE-2020-26877
+ RESERVED
+CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows remote attac ...)
NOT-FOR-US: Wordpress plugin
-CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious red ...)
- NOT-FOR-US: Craft CMS plugin
-CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist ...)
- NOT-FOR-US: Craft CMS plugin
-CVE-2020-13484
+CVE-2020-26875
RESERVED
-CVE-2020-13483
+CVE-2020-26874
RESERVED
-CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way ...)
- NOT-FOR-US: EM-HTTP-Request
-CVE-2020-13481
+CVE-2020-26873
RESERVED
-CVE-2020-13480
+CVE-2020-26872
RESERVED
-CVE-2020-13479
+CVE-2020-26871
RESERVED
-CVE-2020-13478
+CVE-2020-26870 (Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs becaus ...)
+ {DLA-2419-1}
+ - dompurify.js <removed>
+ NOTE: https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/
+ NOTE: https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d
+CVE-2020-26869 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable to infor ...)
+ NOT-FOR-US: PcVue
+CVE-2020-26868 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a den ...)
+ NOT-FOR-US: PcVue
+CVE-2020-26867 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to t ...)
+ NOT-FOR-US: PcVue
+CVE-2020-26866
RESERVED
-CVE-2020-13477
+CVE-2020-26865
RESERVED
-CVE-2020-13476
+CVE-2020-26864
RESERVED
-CVE-2020-13475
+CVE-2020-26863
RESERVED
-CVE-2020-13474
+CVE-2020-26862
RESERVED
-CVE-2020-13473
+CVE-2020-26861
RESERVED
-CVE-2020-13472
+CVE-2020-26860
RESERVED
-CVE-2020-13471
+CVE-2020-26859
RESERVED
-CVE-2020-13470
+CVE-2020-26858
RESERVED
-CVE-2020-13469
+CVE-2020-26857
RESERVED
-CVE-2020-13468
+CVE-2020-26856
RESERVED
-CVE-2020-13467
+CVE-2020-26855
RESERVED
-CVE-2020-13466
+CVE-2020-26854
RESERVED
-CVE-2020-13465
+CVE-2020-26853
RESERVED
-CVE-2020-13464
+CVE-2020-26852
RESERVED
-CVE-2020-13463
+CVE-2020-26851
RESERVED
-CVE-2020-13462
+CVE-2020-26850
RESERVED
-CVE-2020-13461
+CVE-2020-26849
RESERVED
-CVE-2020-13460
+CVE-2020-26848
RESERVED
-CVE-2020-13459 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...)
- NOT-FOR-US: Image Resizer plugin for Craft CMS
-CVE-2020-13458 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...)
- NOT-FOR-US: Image Resizer plugin for Craft CMS
-CVE-2020-13457
+CVE-2020-26847
RESERVED
-CVE-2020-13456
+CVE-2020-26846
RESERVED
-CVE-2020-13455
+CVE-2020-26845
RESERVED
-CVE-2020-13454
+CVE-2020-26844
RESERVED
-CVE-2020-13453
+CVE-2020-26843
RESERVED
-CVE-2020-13452
+CVE-2020-26842
RESERVED
-CVE-2020-13451
+CVE-2020-26841
RESERVED
-CVE-2020-13450
+CVE-2020-26840
RESERVED
-CVE-2020-13449
+CVE-2020-26839
RESERVED
-CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 ...)
- NOT-FOR-US: QuickBox
-CVE-2020-13447
+CVE-2020-26838 (SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, ...)
+ NOT-FOR-US: SAP
+CVE-2020-26837 (SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, ...)
+ NOT-FOR-US: SAP
+CVE-2020-26836 (SAP Solution Manager (Trace Analysis), version - 720, allows for misus ...)
+ NOT-FOR-US: SAP
+CVE-2020-26835 (SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does ...)
+ NOT-FOR-US: SAP
+CVE-2020-26834 (SAP HANA Database, version - 2.0, does not correctly validate the user ...)
+ NOT-FOR-US: SAP
+CVE-2020-26833
RESERVED
-CVE-2020-13446
+CVE-2020-26832 (SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 201 ...)
+ NOT-FOR-US: SAP
+CVE-2020-26831 (SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, ...)
+ NOT-FOR-US: SAP
+CVE-2020-26830 (SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, ...)
+ NOT-FOR-US: SAP
+CVE-2020-26829 (SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2020-26828 (SAP Disclosure Management, version - 10.1, provides capabilities for a ...)
+ NOT-FOR-US: SAP
+CVE-2020-26827
RESERVED
-CVE-2020-13445
+CVE-2020-26826 (Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7. ...)
+ NOT-FOR-US: SAP
+CVE-2020-26825 (SAP Fiori Launchpad (News tile Application), versions - 750,751,752,75 ...)
+ NOT-FOR-US: SAP
+CVE-2020-26824 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
+ NOT-FOR-US: SAP
+CVE-2020-26823 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
+ NOT-FOR-US: SAP
+CVE-2020-26822 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
+ NOT-FOR-US: SAP
+CVE-2020-26821 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...)
+ NOT-FOR-US: SAP
+CVE-2020-26820 (SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows ...)
+ NOT-FOR-US: SAP
+CVE-2020-26819 (SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752 ...)
+ NOT-FOR-US: SAP
+CVE-2020-26818 (SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752 ...)
+ NOT-FOR-US: SAP
+CVE-2020-26817 (SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open m ...)
+ NOT-FOR-US: SAP
+CVE-2020-26816 (SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, ...)
+ NOT-FOR-US: SAP
+CVE-2020-26815 (SAP Fiori Launchpad (News tile Application), versions - 750,751,752,75 ...)
+ NOT-FOR-US: SAP
+CVE-2020-26814 (SAP Process Integration (PGP Module - Business-to-Business Add On), ve ...)
+ NOT-FOR-US: SAP
+CVE-2020-26813
RESERVED
-CVE-2020-13444
+CVE-2020-26812
RESERVED
-CVE-2020-13443
+CVE-2020-26811 (SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, ...)
+ NOT-FOR-US: SAP
+CVE-2020-26810 (SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, ...)
+ NOT-FOR-US: SAP
+CVE-2020-26809 (SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker ...)
+ NOT-FOR-US: SAP
+CVE-2020-26808 (SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011 ...)
+ NOT-FOR-US: SAP
+CVE-2020-26807 (SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrec ...)
+ NOT-FOR-US: SAP
+CVE-2020-26806 (admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted F ...)
+ NOT-FOR-US: ObjectPlanet Opinio
+CVE-2020-26805 (In Sentrifugo 3.2, admin can edit employee's informations via this end ...)
+ NOT-FOR-US: Sentrifugo
+CVE-2020-26804 (In Sentrifugo 3.2, users can share an announcement under "Organization ...)
+ NOT-FOR-US: Sentrifugo
+CVE-2020-26803 (In Sentrifugo 3.2, users can upload an image under "Assets -&gt; Add" ...)
+ NOT-FOR-US: Sentrifugo
+CVE-2020-26802 (forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in ...)
+ NOT-FOR-US: forma.lms
+CVE-2020-26801 (A stored cross-site scripting (XSS) vulnerability was discovered in /F ...)
+ NOT-FOR-US: TrippLite
+CVE-2020-26800 (A stack overflow vulnerability in Aleth Ethereum C++ client version &l ...)
+ NOT-FOR-US: Aleth Ethereum
+CVE-2020-26799
RESERVED
-CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 t ...)
- NOT-FOR-US: DEXT5
-CVE-2020-13441
+CVE-2020-26798
RESERVED
-CVE-2020-13440 (ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. ...)
- NOT-FOR-US: ffjpeg
-CVE-2020-13439 (ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_de ...)
- NOT-FOR-US: ffjpeg
-CVE-2020-13438 (ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c ...)
- NOT-FOR-US: ffjpeg
-CVE-2020-13437
+CVE-2020-26797 (Mediainfo before version 20.08 has a heap buffer overflow vulnerabilit ...)
+ {DLA-2603-1}
+ - libmediainfo 20.09+dfsg-2 (bug #985554)
+ [buster] - libmediainfo <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/mediainfo/bugs/1154/
+ NOTE: https://github.com/MediaArea/MediaInfoLib/commit/7bab1c3a043784be2c90f2e54a0e5a8d7263eead
+CVE-2020-26796
RESERVED
-CVE-2020-13436
+CVE-2020-26795
RESERVED
-CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarge ...)
- - sqlite3 3.32.1-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
- [jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
- NOTE: https://www.sqlite.org/src/info/7a5279a25c57adf1
- NOTE: https://www.sqlite.org/src/info/ad7bb70af9bb68d1
- NOTE: https://www.sqlite.org/src/info/572105de1d44bca4
-CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf ...)
- {DLA-2221-1}
- - sqlite3 3.32.1-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
- NOTE: https://www.sqlite.org/src/info/23439ea582241138
- NOTE: https://www.sqlite.org/src/info/d08d3405878d394e
-CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...)
- NOT-FOR-US: Jason2605 AdminPanel
-CVE-2020-13432
+CVE-2020-26794
RESERVED
-CVE-2020-13431
+CVE-2020-26793
RESERVED
-CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. ...)
- - grafana <removed>
- NOTE: https://github.com/grafana/grafana/pull/24539
-CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...)
- NOT-FOR-US: piechart-panel plugin for Grafana
-CVE-2020-13428
+CVE-2020-26792
RESERVED
-CVE-2020-13427
+CVE-2020-26791
RESERVED
-CVE-2020-13426
+CVE-2020-26790
RESERVED
-CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep ...)
- NOT-FOR-US: TrackR
-CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...)
- NOT-FOR-US: Joomla addon
-CVE-2020-13423
+CVE-2020-26789
RESERVED
-CVE-2020-13422
+CVE-2020-26788
RESERVED
-CVE-2020-13421
+CVE-2020-26787
RESERVED
-CVE-2020-13420
+CVE-2020-26786
RESERVED
-CVE-2020-13419
+CVE-2020-26785
RESERVED
-CVE-2020-13418
+CVE-2020-26784
RESERVED
-CVE-2020-13417 (An Elevation of Privilege issue was discovered in Aviatrix VPN Client ...)
+CVE-2020-26783
+ RESERVED
+CVE-2020-26782
+ RESERVED
+CVE-2020-26781
+ RESERVED
+CVE-2020-26780
+ RESERVED
+CVE-2020-26779
+ RESERVED
+CVE-2020-26778
+ RESERVED
+CVE-2020-26777
+ RESERVED
+CVE-2020-26776
+ RESERVED
+CVE-2020-26775
+ RESERVED
+CVE-2020-26774
+ RESERVED
+CVE-2020-26773 (Restaurant Reservation System 1.0 suffers from an authenticated SQL in ...)
+ NOT-FOR-US: Restaurant Reservation System
+CVE-2020-26772 (Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execu ...)
+ NOT-FOR-US: PPGo_Jobs
+CVE-2020-26771
+ RESERVED
+CVE-2020-26770
+ RESERVED
+CVE-2020-26769
+ RESERVED
+CVE-2020-26768 (Formstone &lt;=1.4.16 is vulnerable to a Reflected Cross-Site Scriptin ...)
+ NOT-FOR-US: Formstone
+CVE-2020-26767
+ RESERVED
+CVE-2020-26766 (A Cross Site Request Forgery (CSRF) vulnerability exists in the logins ...)
+ NOT-FOR-US: PHPGurukul User Registration & Login and User Management System
+CVE-2020-26765
+ RESERVED
+CVE-2020-26764
+ RESERVED
+CVE-2020-26763 (The Rocket.Chat desktop application 2.17.11 opens external links witho ...)
+ NOT-FOR-US: Rocket.Chat desktop application
+CVE-2020-26762 (A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3. ...)
+ NOT-FOR-US: Edimax IP-Camera
+CVE-2020-26761
+ RESERVED
+CVE-2020-26760
+ RESERVED
+CVE-2020-26759 (clickhouse-driver before 0.1.5 allows a malicious clickhouse server to ...)
+ - python-clickhouse-driver 0.2.0-1
+ NOTE: https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b
+ NOTE: https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598
+CVE-2020-26758
+ RESERVED
+CVE-2020-26757
+ RESERVED
+CVE-2020-26756
+ RESERVED
+CVE-2020-26755
+ RESERVED
+CVE-2020-26754
+ RESERVED
+CVE-2020-26753
+ RESERVED
+CVE-2020-26752
+ RESERVED
+CVE-2020-26751
+ RESERVED
+CVE-2020-26750
+ RESERVED
+CVE-2020-26749
+ RESERVED
+CVE-2020-26748
+ RESERVED
+CVE-2020-26747
+ RESERVED
+CVE-2020-26746
+ RESERVED
+CVE-2020-26745
+ RESERVED
+CVE-2020-26744
+ RESERVED
+CVE-2020-26743
+ RESERVED
+CVE-2020-26742
+ RESERVED
+CVE-2020-26741
+ RESERVED
+CVE-2020-26740
+ RESERVED
+CVE-2020-26739
+ RESERVED
+CVE-2020-26738
+ RESERVED
+CVE-2020-26737
+ RESERVED
+CVE-2020-26736
+ RESERVED
+CVE-2020-26735
+ RESERVED
+CVE-2020-26734
+ RESERVED
+CVE-2020-26733 (Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF H ...)
+ NOT-FOR-US: SKYWORTH GN542VF Hardware
+CVE-2020-26732 (Skyworth GN542VF Boa version 0.94.13 does not set the Secure flag for ...)
+ NOT-FOR-US: Skyworth GN542VF Boa
+CVE-2020-26731
+ RESERVED
+CVE-2020-26730
+ RESERVED
+CVE-2020-26729
+ RESERVED
+CVE-2020-26728 (A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi an ...)
+ NOT-FOR-US: Tenda AC9 Router
+CVE-2020-26727
+ RESERVED
+CVE-2020-26726
+ RESERVED
+CVE-2020-26725
+ RESERVED
+CVE-2020-26724
+ RESERVED
+CVE-2020-26723
+ RESERVED
+CVE-2020-26722
+ RESERVED
+CVE-2020-26721
+ RESERVED
+CVE-2020-26720
+ RESERVED
+CVE-2020-26719
+ RESERVED
+CVE-2020-26718
+ RESERVED
+CVE-2020-26717
+ RESERVED
+CVE-2020-26716
+ RESERVED
+CVE-2020-26715
+ RESERVED
+CVE-2020-26714
+ RESERVED
+CVE-2020-26713 (REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function wi ...)
+ NOT-FOR-US: REDCap
+CVE-2020-26712 (REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList f ...)
+ NOT-FOR-US: REDCap
+CVE-2020-26711
+ RESERVED
+CVE-2020-26710
+ RESERVED
+CVE-2020-26709
+ RESERVED
+CVE-2020-26708
+ RESERVED
+CVE-2020-26707 (An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 w ...)
+ NOT-FOR-US: aaptjs
+CVE-2020-26706
+ RESERVED
+CVE-2020-26705 (The parseXML function in Easy-XML 0.5.0 was discovered to have a XML E ...)
+ NOT-FOR-US: python-easy_xml
+CVE-2020-26704
+ RESERVED
+CVE-2020-26703
+ RESERVED
+CVE-2020-26702
+ RESERVED
+CVE-2020-26701 (Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa ...)
+ NOT-FOR-US: Kaa IoT Platform
+CVE-2020-26700
+ RESERVED
+CVE-2020-26699
+ RESERVED
+CVE-2020-26698
+ RESERVED
+CVE-2020-26697
+ RESERVED
+CVE-2020-26696
+ RESERVED
+CVE-2020-26695
+ RESERVED
+CVE-2020-26694
+ RESERVED
+CVE-2020-26693 (A stored cross-site scripting (XSS) vulnerability was discovered in pf ...)
+ NOT-FOR-US: pfSense
+CVE-2020-26692
+ RESERVED
+CVE-2020-26691
+ RESERVED
+CVE-2020-26690
+ RESERVED
+CVE-2020-26689
+ RESERVED
+CVE-2020-26688
+ RESERVED
+CVE-2020-26687
+ RESERVED
+CVE-2020-26686
+ RESERVED
+CVE-2020-26685
+ RESERVED
+CVE-2020-26684
+ RESERVED
+CVE-2020-26683
+ RESERVED
+CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s call to `outline_strok ...)
+ - libass 1:0.15.0-1 (bug #975108)
+ [buster] - libass <no-dsa> (Minor issue)
+ [stretch] - libass <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/libass/libass/issues/431
+ NOTE: https://github.com/libass/libass/pull/432
+CVE-2020-26681
+ RESERVED
+CVE-2020-26680 (In vFairs 3.3, any user logged in to a vFairs virtual conference or ev ...)
+ NOT-FOR-US: vFairs
+CVE-2020-26679 (vFairs 3.3 is affected by Insecure Permissions. Any user logged in to ...)
+ NOT-FOR-US: vFairs
+CVE-2020-26678 (vFairs 3.3 is affected by Remote Code Execution. Any user logged in to ...)
+ NOT-FOR-US: vFairs
+CVE-2020-26677 (Any user logged in to a vFairs 3.3 virtual conference or event can per ...)
+ NOT-FOR-US: vFairs
+CVE-2020-26676
+ RESERVED
+CVE-2020-26675
+ RESERVED
+CVE-2020-26674
+ RESERVED
+CVE-2020-26673
+ RESERVED
+CVE-2020-26672 (Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site S ...)
+ NOT-FOR-US: Testimonial Rotator Wordpress Plugin
+CVE-2020-26671
+ RESERVED
+CVE-2020-26670 (A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier ...)
+ NOT-FOR-US: BigTree CMS
+CVE-2020-26669 (A stored cross-site scripting (XSS) vulnerability was discovered in Bi ...)
+ NOT-FOR-US: BigTree CMS
+CVE-2020-26668 (A SQL injection vulnerability was discovered in /core/feeds/custom.php ...)
+ NOT-FOR-US: BigTree CMS
+CVE-2020-26667
+ RESERVED
+CVE-2020-26666
+ RESERVED
+CVE-2020-26665
+ RESERVED
+CVE-2020-26664 (A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media play ...)
+ {DSA-4834-1}
+ - vlc 3.0.12-1 (low; bug #979676)
+ [stretch] - vlc <postponed> (Minor issue, wait for next LTS release)
+ NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/ec1f55ee9ace5cc675395a1bc9700d99679e7e8c (3.0.12)
+ NOTE: https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt
+CVE-2020-26663
+ RESERVED
+CVE-2020-26662
+ RESERVED
+CVE-2020-26661
+ RESERVED
+CVE-2020-26660
+ RESERVED
+CVE-2020-26659
+ RESERVED
+CVE-2020-26658
+ RESERVED
+CVE-2020-26657
+ RESERVED
+CVE-2020-26656
+ RESERVED
+CVE-2020-26655
+ RESERVED
+CVE-2020-26654
+ RESERVED
+CVE-2020-26653
+ RESERVED
+CVE-2020-26652
+ RESERVED
+CVE-2020-26651
+ RESERVED
+CVE-2020-26650 (AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php ...)
+ NOT-FOR-US: AtomXCMS
+CVE-2020-26649 (AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.ph ...)
+ NOT-FOR-US: AtomXCMS
+CVE-2020-26648
+ RESERVED
+CVE-2020-26647
+ RESERVED
+CVE-2020-26646
+ RESERVED
+CVE-2020-26645
+ RESERVED
+CVE-2020-26644
+ RESERVED
+CVE-2020-26643
+ RESERVED
+CVE-2020-26642 (A cross-site scripting (XSS) vulnerability has been discovered in the ...)
+ NOT-FOR-US: SeaCMS
+CVE-2020-26641 (A Cross Site Request Forgery (CSRF) vulnerability was discovered in iC ...)
+ NOT-FOR-US: iCMS
+CVE-2020-26640
+ RESERVED
+CVE-2020-26639
+ RESERVED
+CVE-2020-26638
+ RESERVED
+CVE-2020-26637
+ RESERVED
+CVE-2020-26636
+ RESERVED
+CVE-2020-26635
+ RESERVED
+CVE-2020-26634
+ RESERVED
+CVE-2020-26633
+ RESERVED
+CVE-2020-26632
+ RESERVED
+CVE-2020-26631
+ RESERVED
+CVE-2020-26630
+ RESERVED
+CVE-2020-26629
+ RESERVED
+CVE-2020-26628
+ RESERVED
+CVE-2020-26627
+ RESERVED
+CVE-2020-26626
+ RESERVED
+CVE-2020-26625
+ RESERVED
+CVE-2020-26624
+ RESERVED
+CVE-2020-26623
+ RESERVED
+CVE-2020-26622
+ RESERVED
+CVE-2020-26621
+ RESERVED
+CVE-2020-26620
+ RESERVED
+CVE-2020-26619
+ RESERVED
+CVE-2020-26618
+ RESERVED
+CVE-2020-26617
+ RESERVED
+CVE-2020-26616
+ RESERVED
+CVE-2020-26615
+ RESERVED
+CVE-2020-26614
+ RESERVED
+CVE-2020-26613
+ RESERVED
+CVE-2020-26612
+ RESERVED
+CVE-2020-26611
+ RESERVED
+CVE-2020-26610
+ RESERVED
+CVE-2020-26609 (fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) v ...)
+ NOT-FOR-US: fastadmin
+CVE-2020-26608
+ RESERVED
+CVE-2020-26607 (An issue was discovered in TimaService on Samsung mobile devices with ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26606 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26605 (An issue was discovered on Samsung mobile devices with Q(10.0) and R(1 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26604 (An issue was discovered in SystemUI on Samsung mobile devices with O(8 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26603 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26602 (An issue was discovered in EthernetNetwork on Samsung mobile devices w ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26601 (An issue was discovered in DirEncryptService on Samsung mobile devices ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26599 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26598 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-26597 (An issue was discovered on LG mobile devices with Android OS 9.0 and 1 ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-26596 (The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2020-26595
+ RESERVED
+CVE-2020-26594
+ RESERVED
+CVE-2020-26593
+ RESERVED
+CVE-2020-26592
+ RESERVED
+CVE-2020-26591
+ RESERVED
+CVE-2020-26590
+ RESERVED
+CVE-2020-26589
+ RESERVED
+CVE-2020-26588
+ RESERVED
+CVE-2020-26587
+ RESERVED
+CVE-2020-26586
+ RESERVED
+CVE-2020-26585
+ RESERVED
+CVE-2020-26584 (An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The ...)
+ NOT-FOR-US: Sage
+CVE-2020-26583 (An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It a ...)
+ NOT-FOR-US: Sage
+CVE-2020-26582 (D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users ...)
+ NOT-FOR-US: D-Link
+CVE-2020-26581
+ RESERVED
+CVE-2020-26580
+ RESERVED
+CVE-2020-26579
+ RESERVED
+CVE-2020-26578
+ RESERVED
+CVE-2020-26577
+ RESERVED
+CVE-2020-26576
+ RESERVED
+CVE-2020-26575 (In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) di ...)
+ {DLA-2547-1}
+ - wireshark 3.2.8-0.1 (bug #974688)
+ [buster] - wireshark 2.6.20-0+deb10u1
+ NOTE: https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16887
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/467
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/471
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/472
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/473
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-14
+CVE-2020-26574 (** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is a ...)
+ NOT-FOR-US: Leostream
+CVE-2020-26573
+ RESERVED
+CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...)
+ {DLA-2832-1}
+ - opensc 0.21.0-1 (bug #972035)
+ [buster] - opensc <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
+ NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 (0.21.0-rc1)
+CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...)
+ {DLA-2832-1}
+ - opensc 0.21.0-1 (bug #972036)
+ [buster] - opensc <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612
+ NOTE: https://github.com/OpenSC/OpenSC/commit/ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43 (0.21.0-rc1)
+CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...)
+ {DLA-2832-1}
+ - opensc 0.21.0-1 (bug #972037)
+ [buster] - opensc <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
+ NOTE: https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e (0.21.0-rc1)
+CVE-2020-26569 (In EVPN VxLAN setups in Arista EOS, specific malformed packets can lea ...)
+ NOT-FOR-US: Arista
+CVE-2020-26568
+ RESERVED
+CVE-2020-26567 (An issue was discovered on D-Link DSR-250N before 3.17B devices. The C ...)
+ NOT-FOR-US: D-Link
+CVE-2020-26566 (A Denial of Service condition in Motion-Project Motion 3.2 through 4.3 ...)
+ - motion 4.3.2-1 (bug #972986)
+ [buster] - motion <not-affected> (Vulnerable code introduced in 4.2)
+ [stretch] - motion <not-affected> (Vulnerable code introduced in 4.2)
+ NOTE: https://github.com/Motion-Project/motion/security/advisories/GHSA-6f7x-grw7-fw24
+ NOTE: https://github.com/Motion-Project/motion/issues/1227#issuecomment-715927776
+ NOTE: https://github.com/Motion-Project/motion/pull/1232
+CVE-2020-26565 (ObjectPlanet Opinio before 7.14 allows Expression Language Injection v ...)
+ NOT-FOR-US: ObjectPlanet Opinio
+CVE-2020-26564 (ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: mo ...)
+ NOT-FOR-US: ObjectPlanet Opinio
+CVE-2020-26563 (ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/ad ...)
+ NOT-FOR-US: ObjectPlanet Opinio
+CVE-2020-26562
+ RESERVED
+CVE-2020-26561 (** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_ ...)
+ NOT-FOR-US: Belkin
+CVE-2020-26560 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0. ...)
+ - linux <unfixed>
+ NOTE: https://kb.cert.org/vuls/id/799380
+ NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-mesh/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959994
+CVE-2020-26559 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0. ...)
+ - linux <unfixed>
+ NOTE: https://kb.cert.org/vuls/id/799380
+ NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960011
+CVE-2020-26558 (Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification ...)
+ {DSA-4951-1 DLA-2692-1 DLA-2690-1 DLA-2689-1}
+ - bluez 5.55-3.1 (bug #989614)
+ - linux 5.10.40-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://kb.cert.org/vuls/id/799380
+ NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/passkey-entry/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1918602
+ NOTE: https://git.kernel.org/linus/6d19628f539fccf899298ff02ee4c73e4bf6df3f
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
+ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738
+CVE-2020-26557 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ...)
+ - linux <unfixed>
+ NOTE: https://kb.cert.org/vuls/id/799380
+ NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960009
+CVE-2020-26556 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ...)
+ - linux <unfixed>
+ NOTE: https://kb.cert.org/vuls/id/799380
+ NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960012
+CVE-2020-26555 (Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specificati ...)
+ - linux <unfixed>
+ NOTE: https://kb.cert.org/vuls/id/799380
+ NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-pin-pairing/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1918601
+CVE-2020-26554 (REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML ...)
+ NOT-FOR-US: REDDOXX MailDepot
+CVE-2020-26553 (An issue was discovered in Aviatrix Controller before R6.0.2483. Sever ...)
NOT-FOR-US: Aviatrix
-CVE-2020-13416 (An issue was discovered in Aviatrix Controller before 5.4.1066. A Cont ...)
+CVE-2020-26552 (An issue was discovered in Aviatrix Controller before R6.0.2483. Multi ...)
NOT-FOR-US: Aviatrix
-CVE-2020-13415 (An issue was discovered in Aviatrix Controller through 5.1. An attacke ...)
+CVE-2020-26551 (An issue was discovered in Aviatrix Controller before R5.3.1151. Encry ...)
NOT-FOR-US: Aviatrix
-CVE-2020-13414 (An issue was discovered in Aviatrix Controller before 5.4.1204. It con ...)
+CVE-2020-26550 (An issue was discovered in Aviatrix Controller before R5.3.1151. An en ...)
NOT-FOR-US: Aviatrix
-CVE-2020-13413 (An issue was discovered in Aviatrix Controller before 5.4.1204. There ...)
+CVE-2020-26549 (An issue was discovered in Aviatrix Controller before R5.4.1290. The h ...)
NOT-FOR-US: Aviatrix
-CVE-2020-13412 (An issue was discovered in Aviatrix Controller before 5.4.1204. An API ...)
+CVE-2020-26548 (An issue was discovered in Aviatrix Controller before R5.4.1290. There ...)
NOT-FOR-US: Aviatrix
-CVE-2020-13411
+CVE-2020-26547 (Monal before 4.9 does not implement proper sender verification on MAM ...)
+ NOT-FOR-US: Monal
+CVE-2020-26546 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in HelpDeskZ 1 ...)
+ NOT-FOR-US: HelpDeskZ
+CVE-2020-26545
+ RESERVED
+CVE-2020-26544
+ RESERVED
+CVE-2020-26543
+ RESERVED
+CVE-2020-26542 (An issue was discovered in the MongoDB Simple LDAP plugin through 2020 ...)
+ NOT-FOR-US: MongoDB plugin
+CVE-2020-26541 (The Linux kernel through 5.8.13 does not properly enforce the Secure B ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [stretch] - linux <not-affected> (Secure Boot key import not supported)
+ NOTE: https://lkml.org/lkml/2020/9/15/1871
+CVE-2020-26540 (An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on m ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26539 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Wh ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26538 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26537 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26536 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Th ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26535 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26534 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Th ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26533
+ RESERVED
+CVE-2020-26532
+ RESERVED
+CVE-2020-26531
+ RESERVED
+CVE-2020-26530
+ RESERVED
+CVE-2020-26529
+ RESERVED
+CVE-2020-26528
+ RESERVED
+CVE-2020-26527 (An issue was discovered in API/api/Version in Damstra Smart Asset 2020 ...)
+ NOT-FOR-US: Damstra Smart Asset
+CVE-2020-26526 (An issue was discovered in Damstra Smart Asset 2020.7. It is possible ...)
+ NOT-FOR-US: Damstra Smart Asset
+CVE-2020-26525 (Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset ori ...)
+ NOT-FOR-US: Damstra Smart Asset
+CVE-2020-26524 (CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. ...)
+ NOT-FOR-US: CodeLathe FileCloud
+CVE-2020-26523 (Froala Editor before 3.2.2 allows XSS via pasted content. ...)
+ NOT-FOR-US: Froala Editor
+CVE-2020-26522 (A cross-site request forgery (CSRF) vulnerability in mod/user/act_user ...)
+ NOT-FOR-US: Garfield Petshop
+CVE-2020-26521 (The JWT library in NATS nats-server before 2.1.9 allows a denial of se ...)
+ - golang-github-nats-io-jwt <unfixed> (bug #988950)
+ [buster] - golang-github-nats-io-jwt <no-dsa> (Minor issue)
+ NOTE: https://advisories.nats.io/CVE/CVE-2020-26521.txt
+CVE-2020-26520
+ RESERVED
+CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write when pa ...)
+ {DSA-4794-1 DLA-2589-1}
+ - mupdf 1.17.0+ds1-1.1 (bug #971595)
+ NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702937
+CVE-2020-26518 (Artica Pandora FMS before 743 allows unauthenticated attackers to cond ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2020-26517 (A cross-site scripting (XSS) issue was discovered in Intland codeBeame ...)
+ NOT-FOR-US: intland codeBeamer
+CVE-2020-26516 (A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10. ...)
+ NOT-FOR-US: intland codeBeamer
+CVE-2020-26515 (An insufficiently protected credentials issue was discovered in Intlan ...)
+ NOT-FOR-US: intland codeBeamer
+CVE-2020-26514
RESERVED
-CVE-2020-13410
+CVE-2020-26513 (An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP ...)
+ NOT-FOR-US: Intland codeBeamer ALM
+CVE-2020-26512
RESERVED
-CVE-2020-13409
+CVE-2020-26511 (The wpo365-login plugin before v11.7 for WordPress allows use of a sym ...)
+ NOT-FOR-US: wpo365-login plugin for WordPress
+CVE-2020-26510 (Airleader Master &lt;= 6.21 devices have default credentials that can ...)
+ NOT-FOR-US: Airleader Master
+CVE-2020-26509 (Airleader Master and Easy &lt;= 6.21 devices have default credentials ...)
+ NOT-FOR-US: Airleader Master and Easy
+CVE-2020-26508 (The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices all ...)
+ NOT-FOR-US: Canon devices
+CVE-2020-26507 (A CSV Injection (also known as Formula Injection) vulnerability in the ...)
+ NOT-FOR-US: Marmind web application
+CVE-2020-26506 (An Authorization Bypass vulnerability in the Marmind web application w ...)
+ NOT-FOR-US: Marmind web application
+CVE-2020-26505 (A Stored Cross-Site Scripting (XSS) vulnerability in the &#8220;Marmin ...)
+ NOT-FOR-US: Marmind web application
+CVE-2020-26504
RESERVED
-CVE-2020-13408
+CVE-2020-26503
RESERVED
-CVE-2020-13407
+CVE-2020-26502
RESERVED
-CVE-2020-13406
+CVE-2020-26501
RESERVED
-CVE-2020-13405
+CVE-2020-26500
RESERVED
-CVE-2020-13404
+CVE-2020-26499
RESERVED
-CVE-2020-13403
+CVE-2020-26498
RESERVED
-CVE-2020-13402
+CVE-2020-26497
RESERVED
-CVE-2020-13401
+CVE-2020-26496
RESERVED
-CVE-2020-13400
+CVE-2020-26495
RESERVED
-CVE-2020-13399
+CVE-2020-26494
RESERVED
-CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
- - freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- - freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
- NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
-CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
- - freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
- - freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
- NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
-CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
- - freerdp2 2.1.1+dfsg1-1
+CVE-2020-26493
+ RESERVED
+CVE-2020-26492
+ RESERVED
+CVE-2020-26491
+ RESERVED
+CVE-2020-26490
+ RESERVED
+CVE-2020-26489
+ RESERVED
+CVE-2020-26488
+ RESERVED
+CVE-2020-26487
+ RESERVED
+CVE-2020-26486
+ RESERVED
+CVE-2020-26485
+ RESERVED
+CVE-2020-26484
+ RESERVED
+CVE-2020-26483
+ RESERVED
+CVE-2020-26482
+ RESERVED
+CVE-2020-26481
+ RESERVED
+CVE-2020-26480
+ RESERVED
+CVE-2020-26479
+ RESERVED
+CVE-2020-26478
+ RESERVED
+CVE-2020-26477
+ RESERVED
+CVE-2020-26476
+ RESERVED
+CVE-2020-26475
+ RESERVED
+CVE-2020-26474
+ RESERVED
+CVE-2020-26473
+ RESERVED
+CVE-2020-26472
+ RESERVED
+CVE-2020-26471
+ RESERVED
+CVE-2020-26470
+ RESERVED
+CVE-2020-26469
+ RESERVED
+CVE-2020-26468
+ RESERVED
+CVE-2020-26467
+ RESERVED
+CVE-2020-26466
+ RESERVED
+CVE-2020-26465
+ RESERVED
+CVE-2020-26464
+ RESERVED
+CVE-2020-26463
+ RESERVED
+CVE-2020-26462
+ RESERVED
+CVE-2020-26461
+ RESERVED
+CVE-2020-26460
+ RESERVED
+CVE-2020-26459
+ RESERVED
+CVE-2020-26458
+ RESERVED
+CVE-2020-26457
+ RESERVED
+CVE-2020-26456
+ RESERVED
+CVE-2020-26455
+ RESERVED
+CVE-2020-26454
+ RESERVED
+CVE-2020-26453
+ RESERVED
+CVE-2020-26452
+ RESERVED
+CVE-2020-26451
+ RESERVED
+CVE-2020-26450
+ RESERVED
+CVE-2020-26449
+ RESERVED
+CVE-2020-26448
+ RESERVED
+CVE-2020-26447
+ RESERVED
+CVE-2020-26446
+ RESERVED
+CVE-2020-26445
+ RESERVED
+CVE-2020-26444
+ RESERVED
+CVE-2020-26443
+ RESERVED
+CVE-2020-26442
+ RESERVED
+CVE-2020-26441
+ RESERVED
+CVE-2020-26440
+ RESERVED
+CVE-2020-26439
+ RESERVED
+CVE-2020-26438
+ RESERVED
+CVE-2020-26437
+ RESERVED
+CVE-2020-26436
+ RESERVED
+CVE-2020-26435
+ RESERVED
+CVE-2020-26434
+ RESERVED
+CVE-2020-26433
+ RESERVED
+CVE-2020-26432
+ RESERVED
+CVE-2020-26431
+ RESERVED
+CVE-2020-26430
+ RESERVED
+CVE-2020-26429
+ RESERVED
+CVE-2020-26428
+ RESERVED
+CVE-2020-26427
+ RESERVED
+CVE-2020-26426
+ RESERVED
+CVE-2020-26425
+ RESERVED
+CVE-2020-26424
+ RESERVED
+CVE-2020-26423
+ RESERVED
+CVE-2020-26422 (Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows d ...)
+ - wireshark <not-affected> (Vulnerable code never present in a released version)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17073
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-20.html
+CVE-2020-26421 (Crash in USB HID protocol dissector and possibly other dissectors in W ...)
+ {DLA-2547-1}
+ - wireshark 3.4.1-1
+ [buster] - wireshark 2.6.20-0+deb10u1
+ NOTE: https://gitlab.com/wireshark/wireshark/-/commit/d5f2657825e63e4126ebd7d13a59f3c6e8a9e4e1
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16958
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-17.html
+CVE-2020-26420 (Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to ...)
+ - wireshark 3.4.1-1
+ [buster] - wireshark <not-affected> (Vulnerable code was introduced in 3.2.0)
+ [stretch] - wireshark <not-affected> (Vulnerable code was introduced in 3.2.0)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/commit/33e63d19e5496c151bad69f65cdbc7cba2b4c211
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16994
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-18.html
+CVE-2020-26419 (Memory leak in the dissection engine in Wireshark 3.4.0 allows denial ...)
+ - wireshark 3.4.1-1
+ [buster] - wireshark <not-affected> (Vulnerable code was introduced in 3.4.0)
+ [stretch] - wireshark <not-affected> (Vulnerable code was introduced in 3.4.0)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/commit/a9fc769d7bb4b491efb61c699d57c9f35269d871
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17032
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-19.html
+CVE-2020-26418 (Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 t ...)
+ {DLA-2547-1}
+ - wireshark 3.4.1-1
+ [buster] - wireshark 2.6.20-0+deb10u1
+ NOTE: https://gitlab.com/wireshark/wireshark/-/commit/f4374967bbf9c12746b8ec3cd54dddada9dd353e
+ NOTE: https://gitlab.com/wireshark/wireshark/-/commit/c7e6b798255e9d78d88abb84b951ca7815e0f880
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16739
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-16.html
+CVE-2020-26417 (Information disclosure via GraphQL in GitLab CE/EE 13.1 and later expo ...)
+ - gitlab 13.4.7-1
+CVE-2020-26416 (Information disclosure in Advanced Search component of GitLab EE start ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2020-26415 (Information about the starred projects for private user profiles was e ...)
+ - gitlab 13.4.7-1
+CVE-2020-26414 (An issue has been discovered in GitLab affecting all versions starting ...)
+ [experimental] - gitlab 13.5.6-1
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/
+CVE-2020-26413 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab 13.4.7-1
+CVE-2020-26412 (Removed group members were able to use the To-Do functionality to retr ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2020-26411 (A potential DOS vulnerability was discovered in all versions of Gitlab ...)
+ - gitlab 13.4.7-1
+ NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/
+CVE-2020-26410
+ RESERVED
+CVE-2020-26409 (A DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;= ...)
+ - gitlab 13.4.7-1
+ NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/
+CVE-2020-26408 (A limited information disclosure vulnerability exists in Gitlab CE/EE ...)
+ - gitlab 13.4.7-1
+ NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/
+CVE-2020-26407 (A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13 ...)
+ - gitlab 13.4.7-1
+ NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/
+CVE-2020-26406 (Certain SAST CiConfiguration information could be viewed by unauthoriz ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2020-26405 (Path traversal vulnerability in package upload functionality in GitLab ...)
+ - gitlab 13.3.9-1
+ NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
+CVE-2020-26404
+ RESERVED
+CVE-2020-26403
+ RESERVED
+CVE-2020-26402
+ RESERVED
+CVE-2020-26401
+ RESERVED
+CVE-2020-26400
+ RESERVED
+CVE-2020-26399
+ RESERVED
+CVE-2020-26398
+ RESERVED
+CVE-2020-26397
+ RESERVED
+CVE-2020-26396
+ RESERVED
+CVE-2020-26395
+ RESERVED
+CVE-2020-26394
+ RESERVED
+CVE-2020-26393
+ RESERVED
+CVE-2020-26392
+ RESERVED
+CVE-2020-26391
+ RESERVED
+CVE-2020-26390
+ RESERVED
+CVE-2020-26389
+ RESERVED
+CVE-2020-26388
+ RESERVED
+CVE-2020-26387
+ RESERVED
+CVE-2020-26386
+ RESERVED
+CVE-2020-26385
+ RESERVED
+CVE-2020-26384
+ RESERVED
+CVE-2020-26383
+ RESERVED
+CVE-2020-26382
+ RESERVED
+CVE-2020-26381
+ RESERVED
+CVE-2020-26380
+ RESERVED
+CVE-2020-26379
+ RESERVED
+CVE-2020-26378
+ RESERVED
+CVE-2020-26377
+ RESERVED
+CVE-2020-26376
+ RESERVED
+CVE-2020-26375
+ RESERVED
+CVE-2020-26374
+ RESERVED
+CVE-2020-26373
+ RESERVED
+CVE-2020-26372
+ RESERVED
+CVE-2020-26371
+ RESERVED
+CVE-2020-26370
+ RESERVED
+CVE-2020-26369
+ RESERVED
+CVE-2020-26368
+ RESERVED
+CVE-2020-26367
+ RESERVED
+CVE-2020-26366
+ RESERVED
+CVE-2020-26365
+ RESERVED
+CVE-2020-26364
+ RESERVED
+CVE-2020-26363
+ RESERVED
+CVE-2020-26362
+ RESERVED
+CVE-2020-26361
+ RESERVED
+CVE-2020-26360
+ RESERVED
+CVE-2020-26359
+ RESERVED
+CVE-2020-26358
+ RESERVED
+CVE-2020-26357
+ RESERVED
+CVE-2020-26356
+ RESERVED
+CVE-2020-26355
+ RESERVED
+CVE-2020-26354
+ RESERVED
+CVE-2020-26353
+ RESERVED
+CVE-2020-26352
+ RESERVED
+CVE-2020-26351
+ RESERVED
+CVE-2020-26350
+ RESERVED
+CVE-2020-26349
+ RESERVED
+CVE-2020-26348
+ RESERVED
+CVE-2020-26347
+ RESERVED
+CVE-2020-26346
+ RESERVED
+CVE-2020-26345
+ RESERVED
+CVE-2020-26344
+ RESERVED
+CVE-2020-26343
+ RESERVED
+CVE-2020-26342
+ RESERVED
+CVE-2020-26341
+ RESERVED
+CVE-2020-26340
+ RESERVED
+CVE-2020-26339
+ RESERVED
+CVE-2020-26338
+ RESERVED
+CVE-2020-26337
+ RESERVED
+CVE-2020-26336
+ RESERVED
+CVE-2020-26335
+ RESERVED
+CVE-2020-26334
+ RESERVED
+CVE-2020-26333
+ RESERVED
+CVE-2020-26332
+ RESERVED
+CVE-2020-26331
+ RESERVED
+CVE-2020-26330
+ RESERVED
+CVE-2020-26329
+ RESERVED
+CVE-2020-26328
+ RESERVED
+CVE-2020-26327
+ RESERVED
+CVE-2020-26326
+ RESERVED
+CVE-2020-26325
+ RESERVED
+CVE-2020-26324
+ RESERVED
+CVE-2020-26323
+ RESERVED
+CVE-2020-26322
+ RESERVED
+CVE-2020-26321
+ RESERVED
+CVE-2020-26320
+ RESERVED
+CVE-2020-26319
+ RESERVED
+CVE-2020-26318
+ RESERVED
+CVE-2020-26317
+ RESERVED
+CVE-2020-26316
+ RESERVED
+CVE-2020-26315
+ RESERVED
+CVE-2020-26314
+ RESERVED
+CVE-2020-26313
+ RESERVED
+CVE-2020-26312
+ RESERVED
+CVE-2020-26311
+ RESERVED
+CVE-2020-26310
+ RESERVED
+CVE-2020-26309
+ RESERVED
+CVE-2020-26308
+ RESERVED
+CVE-2020-26307
+ RESERVED
+CVE-2020-26306
+ RESERVED
+CVE-2020-26305
+ RESERVED
+CVE-2020-26304
+ RESERVED
+CVE-2020-26303
+ RESERVED
+CVE-2020-26302
+ RESERVED
+CVE-2020-26301 (ssh2 is client and server modules written in pure JavaScript for node. ...)
+ NOT-FOR-US: Node ssh2
+CVE-2020-26300 (systeminformation is an npm package that provides system and OS inform ...)
+ NOT-FOR-US: Node systeminformation
+CVE-2020-26299 (ftp-srv is an open-source FTP server designed to be simple yet configu ...)
+ NOT-FOR-US: Node ftp-srv
+CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In Redcarpet befo ...)
+ {DSA-4831-1 DLA-2526-1}
+ - ruby-redcarpet 3.5.1-1 (bug #980057)
+ NOTE: https://github.com/advisories/GHSA-q3wr-qw3g-3p4h
+ NOTE: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793
+CVE-2020-26297 (mdBook is a utility to create modern online books from Markdown files ...)
+ NOT-FOR-US: mdBook
+CVE-2020-26296 (Vega is a visualization grammar, a declarative format for creating, sa ...)
+ - kibana <itp> (bug #700337)
+ NOTE: https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915
+CVE-2020-26295 (OpenMage is a community-driven alternative to Magento CE. In OpenMage ...)
+ NOT-FOR-US: OpenMage
+CVE-2020-26294 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
+ NOT-FOR-US: Vela
+CVE-2020-26293 (HtmlSanitizer is a .NET library for cleaning HTML fragments and docume ...)
+ NOT-FOR-US: HtmlSanitizer
+CVE-2020-26292 (Creeper is an experimental dynamic, interpreted language. The binary r ...)
+ NOT-FOR-US: Creeper
+CVE-2020-26291 (URI.js is a javascript URL mutation library (npm package urijs). In UR ...)
+ NOT-FOR-US: Node urijs
+CVE-2020-26290 (Dex is a federated OpenID Connect provider written in Go. In Dex befor ...)
+ NOT-FOR-US: Dex OIDC provider (differnet from src:dex)
+CVE-2020-26289 (date-and-time is an npm package for manipulating date and time. In dat ...)
+ NOT-FOR-US: Node date-and-time (different from src:node-date-time)
+CVE-2020-26288 (Parse Server is an open source backend that can be deployed to any inf ...)
+ NOT-FOR-US: Node parse-server
+CVE-2020-26287 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...)
+ NOT-FOR-US: HedgeDoc
+CVE-2020-26286 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...)
+ NOT-FOR-US: HedgeDoc
+CVE-2020-26285 (OpenMage is a community-driven alternative to Magento CE. In OpenMage ...)
+ NOT-FOR-US: OpenMage
+CVE-2020-26284 (Hugo is a fast and Flexible Static Site Generator built in Go. Hugo de ...)
+ - hugo 0.79.1-1 (unimportant)
+ NOTE: https://github.com/gohugoio/hugo/security/advisories/GHSA-8j34-9876-pvfq
+CVE-2020-26283 (go-ipfs is an open-source golang implementation of IPFS which is a glo ...)
+ - ipfs <itp> (bug #779893)
+CVE-2020-26282 (BrowserUp Proxy allows you to manipulate HTTP requests and responses, ...)
+ NOT-FOR-US: BrowserUp Proxy
+CVE-2020-26281 (async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). Ther ...)
+ NOT-FOR-US: Rust async-h1
+CVE-2020-26280 (OpenSlides is a free, Web-based presentation and assembly system for m ...)
+ NOT-FOR-US: OpenSlides
+CVE-2020-26279 (go-ipfs is an open-source golang implementation of IPFS which is a glo ...)
+ - ipfs <itp> (bug #779893)
+CVE-2020-26278 (Weave Net is open source software which creates a virtual network that ...)
+ NOT-FOR-US: Weave Net
+CVE-2020-26277 (DBdeployer is a tool that deploys MySQL database servers easily. In DB ...)
+ NOT-FOR-US: DBdeployer
+CVE-2020-26276 (Fleet is an open source osquery manager. In Fleet before version 3.5.1 ...)
+ NOT-FOR-US: Fleet (osquery frontend)
+CVE-2020-26275 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...)
+ - jupyter-server 1.1.1-1
+ NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-9f66-54xg-pc2c
+CVE-2020-26274 (In systeminformation (npm package) before version 4.31.1 there is a co ...)
+ NOT-FOR-US: Node systeminformation
+CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, monitoring, ...)
+ - osquery <itp> (bug #803502)
+CVE-2020-26272 (The Electron framework lets you write cross-platform desktop applicati ...)
+ - electron <itp> (bug #842420)
+CVE-2020-26271 (In affected versions of TensorFlow under certain cases, loading a save ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-26270 (In affected versions of TensorFlow running an LSTM/GRU model where the ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-26269 (In TensorFlow release candidate versions 2.4.0rc*, the general impleme ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-26268 (In affected versions of TensorFlow the tf.raw_ops.ImmutableConst opera ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-26267 (In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-26266 (In affected versions of TensorFlow under certain cases a saved model c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-26265 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...)
+ - golang-github-go-ethereum <itp> (bug #890541)
+CVE-2020-26264 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...)
+ - golang-github-go-ethereum <itp> (bug #890541)
+CVE-2020-26263 (tlslite-ng is an open source python library that implements SSL and TL ...)
+ - tlslite-ng <removed>
+ [buster] - tlslite-ng <ignored> (Minor issue)
+ [stretch] - tlslite-ng <postponed> (Timing attack issue; can be fixed in next DLA)
+ NOTE: https://github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7
+ NOTE: https://github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368
+ NOTE: https://github.com/tlsfuzzer/tlslite-ng/pull/438
+ NOTE: https://github.com/tlsfuzzer/tlslite-ng/pull/439
+CVE-2020-26262 (Coturn is free open source implementation of TURN and STUN Server. Cot ...)
+ {DSA-4829-1 DLA-2522-1}
+ - coturn 4.5.2-1
+ NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p
+ NOTE: https://github.com/coturn/coturn/commit/ff5e5478a3e1b426bad053828099403cfc5c1f5f
+ NOTE: https://github.com/coturn/coturn/commit/af50d63a152cd9505d38f02bc552848748805e7b
+ NOTE: https://github.com/coturn/coturn/commit/6c774b9fb8d9d76576ece10a6429172ed3800466
+ NOTE: https://github.com/coturn/coturn/commit/560684c894498285f9e4271f3c924ebf01f36307
+ NOTE: https://github.com/coturn/coturn/commit/649cbf966181846ecdd7847e4543dd287a78d295
+ NOTE: https://github.com/coturn/coturn/commit/9c7deff4b8ed8c323c87b9ede75481bd6bc3154d
+ NOTE: https://github.com/coturn/coturn/commit/dd0ffdb51a4cddaf1d6662079fa91f6f32bd26a8
+ NOTE: https://github.com/coturn/coturn/commit/d84028b6dbc9eb7d3f8828ec37ae02a0963257b6
+CVE-2020-26261 (jupyterhub-systemdspawner enables JupyterHub to spawn single-user note ...)
+ NOT-FOR-US: jupyterhub-systemdspawner for JupyterHub
+CVE-2020-26260 (BookStack is a platform for storing and organising information and doc ...)
+ NOT-FOR-US: BookStack
+CVE-2020-26259 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DSA-4828-1 DLA-2507-1}
+ - libxstream-java 1.4.15-1 (bug #977624)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-jfvx-7wrx-43fh
+ NOTE: https://x-stream.github.io/CVE-2020-26259.html
+CVE-2020-26258 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DSA-4828-1 DLA-2507-1}
+ - libxstream-java 1.4.15-1 (bug #977625)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28
+ NOTE: https://x-stream.github.io/CVE-2020-26258.html
+CVE-2020-26257 (Matrix is an ecosystem for open federated Instant Messaging and VoIP. ...)
+ - matrix-synapse 1.24.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm
+ NOTE: https://github.com/matrix-org/synapse/pull/8776
+ NOTE: https://github.com/matrix-org/synapse/commit/3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b
+CVE-2020-26256 (Fast-csv is an npm package for parsing and formatting CSVs or any othe ...)
+ NOT-FOR-US: Node fast-csv
+CVE-2020-26255 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and ...)
+ NOT-FOR-US: Kirby CMS
+CVE-2020-26254 (omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (Ruby ...)
+ NOT-FOR-US: omniauth-apple
+CVE-2020-26253 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and ...)
+ NOT-FOR-US: Kirby CMS
+CVE-2020-26252 (OpenMage is a community-driven alternative to Magento CE. In OpenMage ...)
+ NOT-FOR-US: OpenMage
+CVE-2020-26251 (Open Zaak is a modern, open-source data- and services-layer to enable ...)
+ NOT-FOR-US: Open Zaak
+CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthent ...)
+ NOT-FOR-US: JupyterHub login mechanism
+CVE-2020-26249 (Red Discord Bot Dashboard is an easy-to-use interactive web dashboard ...)
+ NOT-FOR-US: Red Discord Bot Dashboard
+CVE-2020-26248 (In the PrestaShop module "productcomments" before version 4.2.1, an at ...)
+ NOT-FOR-US: PrestaShop module
+CVE-2020-26247 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...)
+ {DLA-2678-1}
+ - ruby-nokogiri 1.11.1+dfsg-1 (low; bug #978967)
+ [buster] - ruby-nokogiri <no-dsa> (Minor issue)
+ NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
+ NOTE: https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b (v1.11.0.rc4)
+CVE-2020-26246 (Pimcore is an open source digital experience platform. In Pimcore befo ...)
+ NOT-FOR-US: Pimcore
+CVE-2020-26245 (npm package systeminformation before version 4.30.5 is vulnerable to P ...)
+ NOT-FOR-US: Node systeminformation
+CVE-2020-26244 (Python oic is a Python OpenID Connect implementation. In Python oic be ...)
+ NOT-FOR-US: Python oic
+CVE-2020-26243 (Nanopb is a small code-size Protocol Buffers implementation. In Nanopb ...)
+ - nanopb 0.4.4-1 (bug #975838)
+ NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-85rr-4rh9-hhwh
+ NOTE: https://github.com/nanopb/nanopb/commit/edf6dcbffee4d614ac0c2c1b258ab95185bdb6e9 (0.4.4)
+ NOTE: https://github.com/nanopb/nanopb/issues/615
+CVE-2020-26242 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...)
+ - golang-github-go-ethereum <itp> (bug #890541)
+CVE-2020-26241 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...)
+ - golang-github-go-ethereum <itp> (bug #890541)
+CVE-2020-26240 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...)
+ - golang-github-go-ethereum <itp> (bug #890541)
+CVE-2020-26239 (Scratch Addons is a WebExtension that supports both Chrome and Firefox ...)
+ NOT-FOR-US: Scratch Addons
+CVE-2020-26238 (Cron-utils is a Java library to parse, validate, migrate crons as well ...)
+ NOT-FOR-US: cron-utils Java library
+CVE-2020-26237 (Highlight.js is a syntax highlighter written in JavaScript. Highlight. ...)
+ {DLA-2511-1}
+ - highlight.js 9.18.1+dfsg1-3 (bug #976446)
+ [buster] - highlight.js 9.12.0+dfsg1-4+deb10u1
+ NOTE: https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx
+ NOTE: https://github.com/highlightjs/highlight.js/pull/2636
+ NOTE: https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0
+CVE-2020-26236 (In ScratchVerifier before commit a603769, an attacker can hijack the v ...)
+ NOT-FOR-US: ScratchVerifier
+CVE-2020-26234 (Opencast before versions 8.9 and 7.9 disables HTTPS hostname verificat ...)
+ NOT-FOR-US: Opencast
+CVE-2020-26233 (Git Credential Manager Core (GCM Core) is a secure Git credential help ...)
+ NOT-FOR-US: Git Credential Manager
+CVE-2020-26232 (Jupyter Server before version 1.0.6 has an Open redirect vulnerability ...)
+ - jupyter-server 1.0.7-1
+ NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v
+ NOTE: https://github.com/jupyter-server/jupyter_server/commit/61ab548bf9186ab7323d8fa7bd0e12ae23555a28 (1.0.6)
+CVE-2020-26231 (October is a free, open-source, self-hosted CMS platform based on the ...)
+ NOT-FOR-US: October CMS
+CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app for Spa ...)
+ NOT-FOR-US: Radar COVID
+CVE-2020-26229 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2020-26228 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2020-26227 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2020-26226 (In the npm package semantic-release before version 17.2.3, secrets tha ...)
+ NOT-FOR-US: semantic-release nodejs module
+CVE-2020-26225 (In PrestaShop Product Comments before version 4.2.0, an attacker could ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-26224 (In PrestaShop before version 1.7.6.9 an attacker is able to list all t ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-26223 (Spree is a complete open source e-commerce solution built with Ruby on ...)
+ NOT-FOR-US: Spree
+CVE-2020-26222 (Dependabot is a set of packages for automated dependency management fo ...)
+ NOT-FOR-US: Dependabot
+CVE-2020-26221 (touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting ...)
+ NOT-FOR-US: touchbase.ai
+CVE-2020-26220 (toucbase.ai before version 2.0 leaks information by not stripping exif ...)
+ NOT-FOR-US: touchbase.ai
+CVE-2020-26219 (touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impact ...)
+ NOT-FOR-US: touchbase.ai
+CVE-2020-26218 (touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. ...)
+ NOT-FOR-US: touchbase.ai
+CVE-2020-26217 (XStream before version 1.4.14 is vulnerable to Remote Code Execution.T ...)
+ {DSA-4811-1 DLA-2471-1}
+ - libxstream-java 1.4.14-1
+ NOTE: https://x-stream.github.io/CVE-2020-26217.html
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
+ NOTE: https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a
+CVE-2020-26216 (TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 ...)
+ NOT-FOR-US: TYPO3 Fluid
+CVE-2020-26215 (Jupyter Notebook before version 6.1.5 has an Open redirect vulnerabili ...)
+ {DLA-2477-1}
+ - jupyter-notebook 6.1.5-1
+ [buster] - jupyter-notebook <no-dsa> (Minor issue)
+ NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh
+ NOTE: https://github.com/jupyter/notebook/commit/2e1c56b0c4a903606d4a2eb13e32409296b9799d
+CVE-2020-26214 (In Alerta before version 8.1.0, users may be able to bypass LDAP authe ...)
+ NOT-FOR-US: Alerta
+CVE-2020-26213 (In teler before version 0.0.1, if you run teler inside a Docker contai ...)
+ NOT-FOR-US: Alerta
+CVE-2020-26212 (GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Fr ...)
+ - glpi <removed>
+CVE-2020-26211 (In BookStack before version 0.30.4, a user with permissions to edit a ...)
+ NOT-FOR-US: BookStack app
+CVE-2020-26210 (In BookStack before version 0.30.4, a user with permissions to edit a ...)
+ NOT-FOR-US: BookStack app
+CVE-2020-26209
+ RESERVED
+CVE-2020-26208 (JHEAD is a simple command line tool for displaying and some manipulati ...)
+ - jhead 1:3.04-6 (bug #972617; unimportant)
+ NOTE: https://github.com/Matthias-Wandel/jhead/commit/5186ddcf9e35a7aa0ff0539489a930434a1325f4
+ NOTE: https://github.com/Matthias-Wandel/jhead/issues/7
+ NOTE: https://sources.debian.org/src/jhead/1%3A3.04-6/debian/patches/allocate-extra.patch/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-26207 (DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary ...)
+ NOT-FOR-US: DatabaseSchemaViewer
+CVE-2020-26206
+ RESERVED
+CVE-2020-26205 (Sal is a multi-tenanted reporting dashboard for Munki with the ability ...)
+ NOT-FOR-US: Sal
+CVE-2020-26204
+ RESERVED
+CVE-2020-26203
+ RESERVED
+CVE-2020-26202
+ RESERVED
+CVE-2020-26201 (Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak pass ...)
+ NOT-FOR-US: Askey
+CVE-2020-26200 (A component of Kaspersky custom boot loader allowed loading of untrust ...)
+ NOT-FOR-US: Kaspersky products
+CVE-2020-26199 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...)
+ NOT-FOR-US: EMC
+CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a ...)
+ NOT-FOR-US: EMC
+CVE-2020-26197 (Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inabilit ...)
+ NOT-FOR-US: Dell PowerScale OneFS
+CVE-2020-26196 (Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restor ...)
+ NOT-FOR-US: EMC
+CVE-2020-26195 (Dell EMC PowerScale OneFS versions 8.1.2 &#8211; 9.1.0 contain an issu ...)
+ NOT-FOR-US: EMC
+CVE-2020-26194 (Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrec ...)
+ NOT-FOR-US: EMC
+CVE-2020-26193 (Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper i ...)
+ NOT-FOR-US: EMC
+CVE-2020-26192 (Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege e ...)
+ NOT-FOR-US: EMC
+CVE-2020-26191 (Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege e ...)
+ NOT-FOR-US: EMC
+CVE-2020-26190
+ RESERVED
+CVE-2020-26189
+ RESERVED
+CVE-2020-26188
+ RESERVED
+CVE-2020-26187
+ RESERVED
+CVE-2020-26186 (Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS Ru ...)
+ NOT-FOR-US: Dell Inspiron 5675 BIOS
+CVE-2020-26185
+ RESERVED
+CVE-2020-26184
+ RESERVED
+CVE-2020-26183 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper auth ...)
+ NOT-FOR-US: EMC
+CVE-2020-26182 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect pri ...)
+ NOT-FOR-US: EMC
+CVE-2020-26181 (Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale O ...)
+ NOT-FOR-US: EMC
+CVE-2020-26180 (Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC Po ...)
+ NOT-FOR-US: EMC
+CVE-2020-26179
+ RESERVED
+CVE-2020-26178 (In tangro Business Workflow before 1.18.1, knowing an attachment ID, i ...)
+ NOT-FOR-US: tangro Business Workflow
+CVE-2020-26177 (In tangro Business Workflow before 1.18.1, a user's profile contains s ...)
+ NOT-FOR-US: tangro Business Workflow
+CVE-2020-26176 (An issue was discovered in tangro Business Workflow before 1.18.1. No ...)
+ NOT-FOR-US: tangro Business Workflow
+CVE-2020-26175 (In tangro Business Workflow before 1.18.1, an attacker can manipulate ...)
+ NOT-FOR-US: tangro Business Workflow
+CVE-2020-26174 (tangro Business Workflow before 1.18.1 requests a list of allowed file ...)
+ NOT-FOR-US: tangro Business Workflow
+CVE-2020-26173 (An incorrect access control implementation in Tangro Business Workflow ...)
+ NOT-FOR-US: tangro Business Workflow
+CVE-2020-26172 (Every login in tangro Business Workflow before 1.18.1 generates the sa ...)
+ NOT-FOR-US: tangro Business Workflow
+CVE-2020-26171 (In tangro Business Workflow before 1.18.1, the documentId of attachmen ...)
+ NOT-FOR-US: tangro Business Workflow
+CVE-2020-26170
+ RESERVED
+CVE-2020-26169
+ RESERVED
+CVE-2020-26168 (The LDAP authentication method in LdapLoginModule in Hazelcast IMDG En ...)
+ NOT-FOR-US: Hazelcast
+CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature allows an ano ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...)
+ NOT-FOR-US: qdPM
+CVE-2020-26165 (qdPM through 9.1 allows PHP Object Injection via timeReportActions::ex ...)
+ NOT-FOR-US: qdPM
+CVE-2020-26164 (In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the ...)
+ - kdeconnect 20.08.2-1 (bug #971736)
+ [buster] - kdeconnect <no-dsa> (Minor issue)
+ [stretch] - kdeconnect <no-dsa> (Minor issue)
+ NOTE: https://kde.org/info/security/advisory-20201002-1.txt
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/f183b5447bad47655c21af87214579f03bf3a163
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/b279c52101d3f7cc30a26086d58de0b5f1c547fa
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/d35b88c1b25fe13715f9170f18674d476ca9acdc
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/b496e66899e5bc9547b6537a7f44ab44dd0aaf38
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/5310eae85dbdf92fba30375238a2481f2e34943e
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/721ba9faafb79aac73973410ee1dd3624ded97a5
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/ae58b9dec49c809b85b5404cee17946116f8a706
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/66c768aa9e7fba30b119c8b801efd49ed1270b0a
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/85b691e40f525e22ca5cc4ebe79c361d71d7dc05
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/48180b46552d40729a36b7431e97bbe2b5379306
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/4
+CVE-2020-26163 (BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Ori ...)
+ NOT-FOR-US: BigBlueButton Greenlight
+CVE-2020-26162 (Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073 ...)
+ NOT-FOR-US: Xerox
+CVE-2020-26161 (In Octopus Deploy through 2020.4.2, an attacker could redirect users t ...)
+ NOT-FOR-US: Octopus Deploy
+CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended acces ...)
+ - golang-github-dgrijalva-jwt-go 3.2.0-3 (bug #971556)
+ [buster] - golang-github-dgrijalva-jwt-go <not-affected> (vulnerable code not present until version 3.0.0)
+ [stretch] - golang-github-dgrijalva-jwt-go <not-affected> (vulnerable code not present until version 3.0.0)
+ NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
+ NOTE: https://github.com/dgrijalva/jwt-go/issues/422
+ NOTE: https://github.com/dgrijalva/jwt-go/pull/286
+CVE-2020-26159
+ REJECTED
+CVE-2020-26158 (Leanote Desktop through 2.6.2 allows XSS because a note's title is mis ...)
+ NOT-FOR-US: Leanote Desktop
+CVE-2020-26157 (Leanote Desktop through 2.6.2 allows XSS because a note's title is mis ...)
+ NOT-FOR-US: Leanote Desktop
+CVE-2020-26156
+ REJECTED
+CVE-2020-26155 (Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31 ...)
+ NOT-FOR-US: Utimaco SecurityServer
+CVE-2020-26153 (A cross-site scripting (XSS) vulnerability in wp-content/plugins/event ...)
+ NOT-FOR-US: Event Espresso Core plugin for WordPress
+CVE-2020-26152
+ RESERVED
+CVE-2020-26151
+ RESERVED
+CVE-2020-26150 (info.php in Logaritmo Aware CallManager 2012 allows remote attackers t ...)
+ NOT-FOR-US: Logaritmo Aware CallManager 2012
+CVE-2020-26149 (NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno ...)
+ NOT-FOR-US: nats.js
+CVE-2020-26154 (url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when ...)
+ {DSA-4800-1 DLA-2450-1}
+ - libproxy 0.4.15-15 (bug #968366)
+ NOTE: https://github.com/libproxy/libproxy/pull/126
+ NOTE: https://github.com/libproxy/libproxy/commit/4411b523545b22022b4be7d0cac25aa170ae1d3e
+CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigge ...)
+ - md4c 0.4.5-2 (bug #971396)
+ NOTE: https://github.com/mity/md4c/issues/130
+ NOTE: https://github.com/mity/md4c/commit/22ca89a3008966c4316d6b0a158b1a49f9038df0
+CVE-2020-26147 (An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
+ NOTE: https://www.fragattacks.com/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.30c4394bb835.I5acfdb552cc1d20c339c262315950b3eac491397@changeid/
+CVE-2020-26146 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The ...)
+ NOT-FOR-US: Samsung
+CVE-2020-26145 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The ...)
+ - linux 5.10.46-1
+ NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
+ NOTE: https://www.fragattacks.com/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.5a0bd289bda8.Idd6ebea20038fb1cfee6de924aa595e5647c9eae@changeid/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.9ca6ca7945a9.I1e18b514590af17c155bda86699bc3a971a8dcf4@changeid/
+CVE-2020-26144 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The ...)
+ NOT-FOR-US: Samsung
+CVE-2020-26143 (An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for ...)
+ - linux <undetermined>
+ NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
+ NOTE: https://www.fragattacks.com/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+CVE-2020-26142 (An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WP ...)
+ - linux <undetermined>
+ NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
+ NOTE: https://www.fragattacks.com/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+CVE-2020-26141 (An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for ...)
+ - linux 5.10.46-1
+ NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
+ NOTE: https://www.fragattacks.com/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.c3f1d42c6746.I795593fcaae941c471425b8c7d5f7bb185d29142@changeid/
+CVE-2020-26140 (An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for ...)
+ - linux <undetermined>
+ NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
+ NOTE: https://www.fragattacks.com/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access Point ( ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
+ NOTE: https://www.fragattacks.com/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.cb327ed0cabe.Ib7dcffa2a31f0913d660de65ba3c8aca75b1d10f@changeid/
+CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square brackets in ...)
+ NOT-FOR-US: SilverStripe
+CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...)
+ {DLA-2686-1}
+ - python-urllib3 1.25.9-1
+ [buster] - python-urllib3 <no-dsa> (Minor issue)
+ NOTE: https://bugs.python.org/issue39603
+ NOTE: https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b (1.25.9)
+ NOTE: https://github.com/urllib3/urllib3/pull/1800
+CVE-2020-26136 (In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-f ...)
+ NOT-FOR-US: Silverstripe CMS
+CVE-2020-26135 (Live Helper Chat before 3.44v allows reflected XSS via the setsettinga ...)
+ NOT-FOR-US: Live Helper Chat
+CVE-2020-26134 (Live Helper Chat before 3.44v allows stored XSS in chat messages with ...)
+ NOT-FOR-US: Live Helper Chat
+CVE-2020-26133 (An issue was discovered in Dual DHCP DNS Server 7.40. Due to insuffici ...)
+ NOT-FOR-US: Dual DHCP DNS Server
+CVE-2020-26132 (An issue was discovered in Home DNS Server 0.10. Due to insufficient a ...)
+ NOT-FOR-US: Home DNS Server
+CVE-2020-26131 (Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHC ...)
+ NOT-FOR-US: Open DHCP Server
+CVE-2020-26130 (Issues were discovered in Open TFTP Server multithreaded 1.66 and Open ...)
+ NOT-FOR-US: Open TFTP Server
+CVE-2020-26129 (In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. ...)
+ NOT-FOR-US: JetBrains
+CVE-2020-26128
+ RESERVED
+CVE-2020-26127
+ RESERVED
+CVE-2020-26126
+ RESERVED
+CVE-2020-26125
+ RESERVED
+CVE-2020-26124 (openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticate ...)
+ NOT-FOR-US: openmediavault
+CVE-2020-26123
+ RESERVED
+CVE-2020-26122 (Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remot ...)
+ NOT-FOR-US: Inspur NF5266M5
+CVE-2020-26121 (An issue was discovered in the FileImporter extension for MediaWiki be ...)
+ NOT-FOR-US: FileImporter MediaWiki extension
+CVE-2020-26120 (XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 ...)
+ NOT-FOR-US: MobileFrontend MediaWiki extension
+CVE-2020-26119
+ RESERVED
+CVE-2020-26118 (In SmartBear Collaborator Server through 13.3.13302, use of the Google ...)
+ NOT-FOR-US: SmartBear Collaborator Server
+CVE-2020-26117 (In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1 ...)
+ {DLA-2396-1}
+ - tigervnc 1.10.1+dfsg-9 (bug #971272)
+ [buster] - tigervnc 1.9.0+dfsg-3+deb10u3
+ NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1176733
+ NOTE: https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb (v1.11.0)
+ NOTE: https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b (v1.11.0)
+ NOTE: https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba (master)
+ NOTE: https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e (master)
+CVE-2020-26116 (http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x be ...)
+ {DLA-2456-1}
+ - python3.9 3.9.0~b5-1
+ - python3.8 3.8.5-1
+ - python3.7 <removed>
+ [buster] - python3.7 3.7.3-2+deb10u3
+ - python3.5 <removed>
+ NOTE: https://bugs.python.org/issue39603
+ NOTE: https://python-security.readthedocs.io/vuln/http-header-injection-method.html
+ NOTE: https://github.com/python/cpython/commit/8ca8a2e8fb068863c1138f07e3098478ef8be12e (master)
+ NOTE: https://github.com/python/cpython/commit/27b811057ff5e93b68798e278c88358123efdc71 (v3.9.0b5)
+ NOTE: https://github.com/python/cpython/commit/668d321476d974c4f51476b33aaca870272523bf (v3.8.5)
+ NOTE: https://github.com/python/cpython/commit/ca75fec1ed358f7324272608ca952b2d8226d11a (v3.7.9)
+ NOTE: https://github.com/python/cpython/commit/f02de961b9f19a5db0ead56305fe0057a78787ae (v3.6.12)
+ NOTE: https://github.com/python/cpython/commit/524b8de630036a29ca340bc2ae6fd6dc7dda8f40 (v3.5.10)
+CVE-2020-26115 (cPanel before 90.0.10 allows self XSS via the Cron Editor interface (S ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26114 (cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26113 (cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interf ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26112 (The email quota cache in cPanel before 90.0.10 allows overwriting of f ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26111 (cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interf ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26110 (cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC inte ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26109 (cPanel before 88.0.13 allows bypass of a protection mechanism that att ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26108 (cPanel before 88.0.13 mishandles file-extension dispatching, leading t ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26107 (cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDN ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26106 (cPanel before 88.0.3 has weak permissions (world readable) for the pro ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26105 (In cPanel before 88.0.3, insecure chkservd test credentials are used o ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26104 (In cPanel before 88.0.3, an insecure SRS secret is used on a templated ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26103 (In cPanel before 88.0.3, an insecure site password is used for Mailman ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26102 (In cPanel before 88.0.3, an insecure auth policy API key is used by Do ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26101 (In cPanel before 88.0.3, insecure RNDC credentials are used for BIND o ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26100 (chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26099 (cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting p ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26098 (cPanel before 88.0.3 mishandles the Exim filter path, leading to remot ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26097 (** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology ...)
+ NOT-FOR-US: PLANET Technology Corp NVR-915 and NVR-1615
+CVE-2020-26096
+ RESERVED
+CVE-2020-26095
+ RESERVED
+CVE-2020-26094
+ RESERVED
+CVE-2020-26093
+ RESERVED
+CVE-2020-26092
+ RESERVED
+CVE-2020-26091
+ RESERVED
+CVE-2020-26090
+ RESERVED
+CVE-2020-26089
+ RESERVED
+CVE-2020-26087
+ RESERVED
+CVE-2020-26086 (A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26085 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26084 (A vulnerability in the REST API of Cisco Edge Fog Fabric could allow a ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26083 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26082
+ RESERVED
+CVE-2020-26081 (Multiple vulnerabilities in the web UI of Cisco IoT Field Network Dire ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26080 (A vulnerability in the user management functionality of Cisco IoT Fiel ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26079 (A vulnerability in the web UI of Cisco IoT Field Network Director (FND ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26078 (A vulnerability in the file system of Cisco IoT Field Network Director ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26077 (A vulnerability in the access control functionality of Cisco IoT Field ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26076 (A vulnerability in Cisco IoT Field Network Director (FND) could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26075 (A vulnerability in the REST API of Cisco IoT Field Network Director (F ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26074
+ RESERVED
+CVE-2020-26073
+ RESERVED
+CVE-2020-26072 (A vulnerability in the SOAP API of Cisco IoT Field Network Director (F ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26071
+ RESERVED
+CVE-2020-26070 (A vulnerability in the ingress packet processing function of Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26069
+ RESERVED
+CVE-2020-26068 (A vulnerability in the xAPI service of Cisco Telepresence CE Software ...)
+ NOT-FOR-US: Cisco
+CVE-2020-26067
+ RESERVED
+CVE-2020-26066
+ RESERVED
+CVE-2020-26065
+ RESERVED
+CVE-2020-26064
+ RESERVED
+CVE-2020-26063
+ RESERVED
+CVE-2020-26062
+ RESERVED
+CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock. ...)
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.7.17-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://git.kernel.org/linus/26896f01467a28651f7a536143fe5ac8449d4041
+CVE-2020-26061 (ClickStudios Passwordstate Password Reset Portal prior to build 8501 i ...)
+ NOT-FOR-US: ClickStudios Passwordstate Password Reset Portal
+CVE-2020-26060
+ RESERVED
+CVE-2020-26059
+ RESERVED
+CVE-2020-26058
+ RESERVED
+CVE-2020-26057
+ RESERVED
+CVE-2020-26056
+ RESERVED
+CVE-2020-26055
+ RESERVED
+CVE-2020-26054
+ RESERVED
+CVE-2020-26053
+ REJECTED
+CVE-2020-26052 (Online Marriage Registration System 1.0 is affected by stored cross-si ...)
+ NOT-FOR-US: Online Marriage Registration System
+CVE-2020-26051 (College Management System Php 1.0 suffers from SQL injection vulnerabi ...)
+ NOT-FOR-US: College Management System Php
+CVE-2020-26050 (SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local pr ...)
+ NOT-FOR-US: SaferVPN for Windows
+CVE-2020-26049 (Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is r ...)
+ NOT-FOR-US: Nifty-PM CPE
+CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows an authen ...)
+ NOT-FOR-US: CuppaCMS
+CVE-2020-26047
+ RESERVED
+CVE-2020-26046 (FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. Th ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2020-26045 (FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/per ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2020-26044
+ RESERVED
+CVE-2020-26043 (An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerabil ...)
+ NOT-FOR-US: Hoosk CMS
+CVE-2020-26042 (An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection ...)
+ NOT-FOR-US: Hoosk CMS
+CVE-2020-26041 (An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code E ...)
+ NOT-FOR-US: Hoosk CMS
+CVE-2020-26040
+ RESERVED
+CVE-2020-26039
+ RESERVED
+CVE-2020-26038
+ RESERVED
+CVE-2020-26037
+ RESERVED
+CVE-2020-26036
+ RESERVED
+CVE-2020-26035 (An issue was discovered in Zammad before 3.4.1. There is Stored XSS vi ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-26034 (An account-enumeration issue was discovered in Zammad before 3.4.1. Th ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-26033 (An issue was discovered in Zammad before 3.4.1. The Tag and Link REST ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-26032 (An SSRF issue was discovered in Zammad before 3.4.1. The SMS configura ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-26031 (An issue was discovered in Zammad before 3.4.1. The global-search feat ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-26030 (An issue was discovered in Zammad before 3.4.1. There is an authentica ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-26029 (An issue was discovered in Zammad before 3.4.1. There are wrong author ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-26028 (An issue was discovered in Zammad before 3.4.1. Admin Users without a ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-26027
+ RESERVED
+CVE-2020-26026
+ RESERVED
+CVE-2020-26025
+ RESERVED
+CVE-2020-26024
+ RESERVED
+CVE-2020-26023
+ RESERVED
+CVE-2020-26022
+ RESERVED
+CVE-2020-26021
+ RESERVED
+CVE-2020-26020
+ RESERVED
+CVE-2020-26019
+ RESERVED
+CVE-2020-26018
+ RESERVED
+CVE-2020-26017
+ RESERVED
+CVE-2020-26016
+ RESERVED
+CVE-2020-26015
+ RESERVED
+CVE-2020-26014
+ RESERVED
+CVE-2020-26013
+ RESERVED
+CVE-2020-26012
+ RESERVED
+CVE-2020-26011
+ RESERVED
+CVE-2020-26010
+ RESERVED
+CVE-2020-26009
+ RESERVED
+CVE-2020-26008
+ RESERVED
+CVE-2020-26007
+ RESERVED
+CVE-2020-26006 (Project Worlds Online Examination System 1.0 is affected by Cross Site ...)
+ NOT-FOR-US: Project Worlds Online Examination System
+CVE-2020-26005
+ RESERVED
+CVE-2020-26004
+ RESERVED
+CVE-2020-26003
+ RESERVED
+CVE-2020-26002
+ RESERVED
+CVE-2020-26001
+ RESERVED
+CVE-2020-26000
+ RESERVED
+CVE-2020-25999
+ RESERVED
+CVE-2020-25998
+ RESERVED
+CVE-2020-25997
+ RESERVED
+CVE-2020-25996
+ RESERVED
+CVE-2020-25995
+ RESERVED
+CVE-2020-25994
+ RESERVED
+CVE-2020-25993
+ RESERVED
+CVE-2020-25992
+ RESERVED
+CVE-2020-25991
+ RESERVED
+CVE-2020-25990 (WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' ...)
+ NOT-FOR-US: WebsiteBaker
+CVE-2020-25989 (Privilege escalation via arbitrary file write in pritunl electron clie ...)
+ NOT-FOR-US: pritunl-client
+CVE-2020-25988 (UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2 ...)
+ NOT-FOR-US: Genexis Platinum 4410 Router
+CVE-2020-25987 (MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in ...)
+ NOT-FOR-US: MonoCMS Blog
+CVE-2020-25986 (A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 ...)
+ NOT-FOR-US: MonoCMS Blog
+CVE-2020-25985 (MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenti ...)
+ NOT-FOR-US: MonoCMS Blog
+CVE-2020-25984
+ RESERVED
+CVE-2020-25983
+ RESERVED
+CVE-2020-25982
+ RESERVED
+CVE-2020-25981
+ RESERVED
+CVE-2020-25980
+ RESERVED
+CVE-2020-25979
+ RESERVED
+CVE-2020-25978
+ RESERVED
+CVE-2020-25977
+ RESERVED
+CVE-2020-25976
+ RESERVED
+CVE-2020-25975
+ RESERVED
+CVE-2020-25974
+ RESERVED
+CVE-2020-25973
+ RESERVED
+CVE-2020-25972
+ RESERVED
+CVE-2020-25971
+ RESERVED
+CVE-2020-25970
+ RESERVED
+CVE-2020-25969
+ RESERVED
+CVE-2020-25968
+ RESERVED
+CVE-2020-25967 (The member center function in fastadmin V1.0.0.20200506_beta is vulner ...)
+ NOT-FOR-US: fastadmin
+CVE-2020-25966 (** DISPUTED ** Sectona Spectra before 3.4.0 has a vulnerable SOAP API ...)
+ NOT-FOR-US: Sectona Spectra
+CVE-2020-25965
+ RESERVED
+CVE-2020-25964
+ RESERVED
+CVE-2020-25963
+ RESERVED
+CVE-2020-25962
+ RESERVED
+CVE-2020-25961
+ RESERVED
+CVE-2020-25960
+ RESERVED
+CVE-2020-25959
+ RESERVED
+CVE-2020-25958
+ RESERVED
+CVE-2020-25957
+ RESERVED
+CVE-2020-25956
+ RESERVED
+CVE-2020-25955 (SourceCodester Student Management System Project in PHP version 1.0 is ...)
+ NOT-FOR-US: SourceCodester Student Management System Project
+CVE-2020-25954
+ RESERVED
+CVE-2020-25953
+ RESERVED
+CVE-2020-25952 (SQL injection vulnerability in PHPGurukul User Registration &amp; Logi ...)
+ NOT-FOR-US: PHPGurukul
+CVE-2020-25951
+ RESERVED
+CVE-2020-25950 (Advanced Webhost Billing System 3.7.0 is affected by Cross Site Reques ...)
+ NOT-FOR-US: Advanced Webhost Billing System
+CVE-2020-25949
+ RESERVED
+CVE-2020-25948
+ RESERVED
+CVE-2020-25947
+ RESERVED
+CVE-2020-25946
+ RESERVED
+CVE-2020-25945
+ RESERVED
+CVE-2020-25944
+ RESERVED
+CVE-2020-25943
+ RESERVED
+CVE-2020-25942
+ RESERVED
+CVE-2020-25941
+ RESERVED
+CVE-2020-25940
+ RESERVED
+CVE-2020-25939
+ RESERVED
+CVE-2020-25938
+ RESERVED
+CVE-2020-25937
+ RESERVED
+CVE-2020-25936
+ RESERVED
+CVE-2020-25935
+ RESERVED
+CVE-2020-25934
+ RESERVED
+CVE-2020-25933
+ RESERVED
+CVE-2020-25932
+ RESERVED
+CVE-2020-25931
+ RESERVED
+CVE-2020-25930
+ RESERVED
+CVE-2020-25929
+ RESERVED
+CVE-2020-25928 (The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: ...)
+ NOT-FOR-US: InterNiche NicheStack TCP/IP
+CVE-2020-25927 (The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: ...)
+ NOT-FOR-US: InterNiche NicheStack TCP/IP
+CVE-2020-25926 (The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: I ...)
+ NOT-FOR-US: InterNiche NicheStack TCP/IP
+CVE-2020-25925 (Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10 ...)
+ NOT-FOR-US: IceWarp
+CVE-2020-25924
+ RESERVED
+CVE-2020-25923
+ RESERVED
+CVE-2020-25922
+ RESERVED
+CVE-2020-25921
+ RESERVED
+CVE-2020-25920
+ RESERVED
+CVE-2020-25919
+ RESERVED
+CVE-2020-25918
+ RESERVED
+CVE-2020-25917 (Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Acce ...)
+ NOT-FOR-US: Stratodesk NoTouch Center
+CVE-2020-25916
+ RESERVED
+CVE-2020-25915
+ RESERVED
+CVE-2020-25914
+ RESERVED
+CVE-2020-25913
+ RESERVED
+CVE-2020-25912 (A XML External Entity (XXE) vulnerability was discovered in symphony\l ...)
+ NOT-FOR-US: Symphony CMS
+CVE-2020-25911 (A XML External Entity (XXE) vulnerability was discovered in the modRes ...)
+ NOT-FOR-US: MODX CMS
+CVE-2020-25910
+ RESERVED
+CVE-2020-25909
+ RESERVED
+CVE-2020-25908
+ RESERVED
+CVE-2020-25907
+ RESERVED
+CVE-2020-25906
+ RESERVED
+CVE-2020-25905 (An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop Sys ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2020-25904
+ RESERVED
+CVE-2020-25903
+ RESERVED
+CVE-2020-25902 (** DISPUTED ** Blackboard Collaborate Ultra 20.02 is affected by a cro ...)
+ NOT-FOR-US: Blackboard Collaborate Ultra
+CVE-2020-25901 (Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to r ...)
+ NOT-FOR-US: Spiceworks
+CVE-2020-25900
+ RESERVED
+CVE-2020-25899
+ RESERVED
+CVE-2020-25898
+ RESERVED
+CVE-2020-25897
+ RESERVED
+CVE-2020-25896
+ RESERVED
+CVE-2020-25895
+ RESERVED
+CVE-2020-25894
+ RESERVED
+CVE-2020-25893
+ RESERVED
+CVE-2020-25892
+ RESERVED
+CVE-2020-25891
+ RESERVED
+CVE-2020-25890 (The web application of Kyocera printer (ECOSYS M2640IDW) is affected b ...)
+ NOT-FOR-US: Kyocera printer
+CVE-2020-25889 (Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL ...)
+ NOT-FOR-US: Online Bus Booking System Project Using PHP/MySQL
+CVE-2020-25888
+ RESERVED
+CVE-2020-25887
+ RESERVED
+CVE-2020-25886
+ RESERVED
+CVE-2020-25885
+ RESERVED
+CVE-2020-25884
+ RESERVED
+CVE-2020-25883
+ RESERVED
+CVE-2020-25882
+ RESERVED
+CVE-2020-25881 (A vulnerability was discovered in the filename parameter in pathindex. ...)
+ NOT-FOR-US: RKCMS
+CVE-2020-25880
+ RESERVED
+CVE-2020-25879 (A stored cross site scripting (XSS) vulnerability in the 'Manage Users ...)
+ NOT-FOR-US: Codoforum
+CVE-2020-25878 (A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' ...)
+ NOT-FOR-US: BlackCat CMS
+CVE-2020-25877 (A stored cross site scripting (XSS) vulnerability in the 'Add Page' fe ...)
+ NOT-FOR-US: BlackCat CMS
+CVE-2020-25876 (A stored cross site scripting (XSS) vulnerability in the 'Pages' featu ...)
+ NOT-FOR-US: Codoforum
+CVE-2020-25875 (A stored cross site scripting (XSS) vulnerability in the 'Smileys' fea ...)
+ NOT-FOR-US: Codoforum
+CVE-2020-25874
+ RESERVED
+CVE-2020-25873 (A directory traversal vulnerability in the component system/manager/cl ...)
+ NOT-FOR-US: Baijiacms
+CVE-2020-25872 (A vulnerability exists within the FileManagerController.php function i ...)
+ NOT-FOR-US: FrogCMS
+CVE-2020-25871
+ RESERVED
+CVE-2020-25870
+ RESERVED
+CVE-2020-25869 (An information leak was discovered in MediaWiki before 1.31.10 and 1.3 ...)
+ NOT-FOR-US: CentralAuth MediaWiki extension
+ NOTE: The extension requires some new infrastructure code which was added to the
+ NOTE: MediaWiki 1.31.9 / 1.34.3 security releases announced at
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T260485
+CVE-2020-25868 (Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Valida ...)
+ NOT-FOR-US: Pexip
+CVE-2020-25867 (SoPlanning before 1.47 doesn't correctly check the security key used t ...)
+ NOT-FOR-US: SoPlanning
+CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dis ...)
+ - wireshark 3.2.7-1
+ [buster] - wireshark <not-affected> (Vulnerable code not present)
+ [stretch] - wireshark <not-affected> (Vulnerable code not present)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-13.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16866
+CVE-2020-25865
+ RESERVED
+CVE-2020-25864 (HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value ( ...)
+ - consul 1.8.7+dfsg1-2 (bug #987351)
+ [buster] - consul <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950275
+ NOTE: https://github.com/hashicorp/consul/pull/10023
+CVE-2020-25863 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...)
+ {DLA-2547-1}
+ - wireshark 3.2.7-1
+ [buster] - wireshark 2.6.20-0+deb10u1
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-11.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16741
+CVE-2020-25862 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...)
+ {DLA-2547-1}
+ - wireshark 3.2.7-1
+ [buster] - wireshark 2.6.20-0+deb10u1
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-12.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16816
+CVE-2020-25861
+ RESERVED
+CVE-2020-25860 (The install.c module in the Pengutronix RAUC update client prior to ve ...)
+ - rauc 1.5-1
+ NOTE: https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv
+CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to ve ...)
+ NOT-FOR-US: Qualcomm QCMAP
+CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior ...)
+ NOT-FOR-US: Qualcomm QCMAP
+CVE-2020-25857 (The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Modul ...)
+ NOT-FOR-US: Realtek
+CVE-2020-25856 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module pri ...)
+ NOT-FOR-US: Realtek
+CVE-2020-25855 (The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior t ...)
+ NOT-FOR-US: Realtek
+CVE-2020-25854 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module pri ...)
+ NOT-FOR-US: Realtek
+CVE-2020-25853 (The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to ...)
+ NOT-FOR-US: Realtek
+CVE-2020-25852
+ RESERVED
+CVE-2020-25851
+ RESERVED
+CVE-2020-25850 (The function, view the source code, of HGiga MailSherlock does not val ...)
+ NOT-FOR-US: HGiga MailSherlock
+CVE-2020-25849 (MailGates and MailAudit products contain Command Injection flaw, which ...)
+ NOT-FOR-US: MailGates and MailAudit
+CVE-2020-25848 (HGiga MailSherlock contains weak authentication flaw that attackers gr ...)
+ NOT-FOR-US: HGiga MailSherlock
+CVE-2020-25847 (This command injection vulnerability allows attackers to execute arbit ...)
+ NOT-FOR-US: QNAP
+CVE-2020-25846 (The digest generation function of NHIServiSignAdapter has not been ver ...)
+ NOT-FOR-US: NHIServiSignAdapter
+CVE-2020-25845 (Multiple functions of NHIServiSignAdapter failed to verify the users&# ...)
+ NOT-FOR-US: NHIServiSignAdapter
+CVE-2020-25844 (The digest generation function of NHIServiSignAdapter has not been ver ...)
+ NOT-FOR-US: NHIServiSignAdapter
+CVE-2020-25843 (NHIServiSignAdapter fails to verify the length of digital credential f ...)
+ NOT-FOR-US: NHIServiSignAdapter
+CVE-2020-25842 (The encryption function of NHIServiSignAdapter fail to verify the file ...)
+ NOT-FOR-US: NHIServiSignAdapter
+CVE-2020-25841
+ RESERVED
+CVE-2020-25840 (Cross-Site scripting vulnerability in Micro Focus Access Manager produ ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-25839 (NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected b ...)
+ NOT-FOR-US: NetIQ Identity Manager
+CVE-2020-25838 (Unauthorized disclosure of sensitive information vulnerability in Micr ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-25837 (Sensitive information disclosure vulnerability in Micro Focus Self Ser ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-25836
+ RESERVED
+CVE-2020-25835
+ RESERVED
+CVE-2020-25834 (Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger prod ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-25833 (Persistent cross-Site Scripting vulnerability on Micro Focus IDOL prod ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-25832 (Reflected Cross Site scripting vulnerability on Micro Focus Filr produ ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-25831
+ RESERVED
+CVE-2020-25830 (An issue was discovered in MantisBT before 2.24.3. Improper escaping o ...)
+ - mantis <removed>
+CVE-2020-25829 (An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x befo ...)
+ - pdns-recursor 4.3.5-1 (bug #972159)
+ [buster] - pdns-recursor <no-dsa> (Minor issue)
+ NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
+CVE-2020-25828 (An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through ...)
+ {DSA-4767-1 DLA-2379-1}
+ - mediawiki 1:1.35.0-1
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T115888
+CVE-2020-25827 (An issue was discovered in the OATHAuth extension in MediaWiki before ...)
+ {DSA-4767-1 DLA-2379-1}
+ - mediawiki 1:1.35.0-1
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T251661
+CVE-2020-25826 (PingID Integration for Windows Login before 2.4.2 allows local users t ...)
+ NOT-FOR-US: PingID Integration for Windows Login
+CVE-2020-25825 (In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensit ...)
+ NOT-FOR-US: Octopus Deploy
+CVE-2020-25824 (Telegram Desktop through 2.4.3 does not require passcode entry upon pu ...)
+ NOTE: Nonsense CVE allocation for Telegram desktop client, with an desktop not protected
+ NOTE: by a screen lock anything can happen anyway
+CVE-2020-25823
+ RESERVED
+CVE-2020-25822
+ RESERVED
+CVE-2020-25821 (** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer ...)
+ NOT-FOR-US: peg-markdown
+CVE-2020-25820 (BigBlueButton before 2.2.27 allows remote authenticated users to read ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-25819
+ RESERVED
+CVE-2020-25818
+ RESERVED
+CVE-2020-25817 (SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentP ...)
+ NOT-FOR-US: Silverstripe CMS
+CVE-2020-25816 (HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed le ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2020-25815 (An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34 ...)
+ - mediawiki 1:1.35.0-1
+ [buster] - mediawiki <not-affected> (Vulnerable code introduced in 1.32)
+ [stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T256171
+CVE-2020-25814 (In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, X ...)
+ {DSA-4767-1 DLA-2379-1}
+ - mediawiki 1:1.35.0-1
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T86738
+CVE-2020-25813 (In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, S ...)
+ {DSA-4767-1 DLA-2379-1}
+ - mediawiki 1:1.35.0-1
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T232568
+CVE-2020-25812 (An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special: ...)
+ {DSA-4767-1}
+ - mediawiki 1:1.35.0-1
+ [stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T255918
+CVE-2020-25811
+ RESERVED
+CVE-2020-25810
+ RESERVED
+CVE-2020-25809
+ RESERVED
+CVE-2020-25808
+ RESERVED
+CVE-2020-25807
+ RESERVED
+CVE-2020-25806
+ RESERVED
+CVE-2020-25805
+ RESERVED
+CVE-2020-25804
+ RESERVED
+CVE-2020-25803 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
+ NOT-FOR-US: Crafter Studio of Crafter CMS
+CVE-2020-25802 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
+ NOT-FOR-US: Crafter Studio of Crafter CMS
+CVE-2020-25801
+ RESERVED
+CVE-2020-25800
+ RESERVED
+CVE-2020-25799 (LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quo ...)
+ - limesurvey <itp> (bug #472802)
+CVE-2020-25798 (A stored cross-site scripting (XSS) vulnerability in LimeSurvey before ...)
+ - limesurvey <itp> (bug #472802)
+CVE-2020-25797 (LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add ...)
+ - limesurvey <itp> (bug #472802)
+CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload ...)
+ NOT-FOR-US: Typesetter CMS
+CVE-2020-25789 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
+ - tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633)
+ [buster] - tt-rss <no-dsa> (Minor issue)
+ NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
+ NOTE: https://git.tt-rss.org/fox/tt-rss/commit/da5af2fae091041cca27b24b6f0e69e4a6d0dc60
+CVE-2020-25788 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
+ - tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633)
+ [buster] - tt-rss <no-dsa> (Minor issue)
+ NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
+ NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
+CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
+ - tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633)
+ [buster] - tt-rss <no-dsa> (Minor issue)
+ NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
+ NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
+CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L ...)
+ NOT-FOR-US: D-Link
+CVE-2020-25785 (An issue was discovered on Accfly Wireless Security IR Camera System 7 ...)
+ NOT-FOR-US: Accfly Wireless Security IR Camera System 720P
+CVE-2020-25784 (An issue was discovered on Accfly Wireless Security IR Camera System 7 ...)
+ NOT-FOR-US: Accfly Wireless Security IR Camera System 720P
+CVE-2020-25783 (An issue was discovered on Accfly Wireless Security IR Camera System 7 ...)
+ NOT-FOR-US: Accfly Wireless Security IR Camera System 720P
+CVE-2020-25782 (An issue was discovered on Accfly Wireless Security IR Camera 720P Sys ...)
+ NOT-FOR-US: Accfly Wireless Security IR Camera System 720P
+CVE-2020-25781 (An issue was discovered in file_download.php in MantisBT before 2.24.3 ...)
+ - mantis <removed>
+CVE-2020-25796 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
+ - rust-sized-chunks 0.6.5-1 (bug #970586)
+ [bullseye] - rust-sized-chunks <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+ NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25795 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
+ - rust-sized-chunks 0.6.5-1 (bug #970586)
+ [bullseye] - rust-sized-chunks <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+ NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25794 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
+ - rust-sized-chunks 0.6.5-1 (bug #970586)
+ [bullseye] - rust-sized-chunks <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+ NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25793 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
+ - rust-sized-chunks 0.6.5-1 (bug #970586)
+ [bullseye] - rust-sized-chunks <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+ NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25792 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
+ - rust-sized-chunks 0.6.5-1 (bug #970586)
+ [bullseye] - rust-sized-chunks <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+ NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25791 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
+ - rust-sized-chunks 0.6.5-1 (bug #970586)
+ [bullseye] - rust-sized-chunks <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+ NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25780 (In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before ...)
+ NOT-FOR-US: Commvault
+CVE-2020-25779 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in w ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25778 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25777 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a speci ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25776 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbo ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25775 (The Trend Micro Security 2020 (v16) consumer family of products is vul ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25774 (A vulnerability in the Trend Micro Apex One ServerMigrationTool compon ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25773 (A vulnerability in the Trend Micro Apex One ServerMigrationTool compon ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25772 (An out-of-bounds read information disclosure vulnerabilities in Trend ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25771 (An out-of-bounds read information disclosure vulnerabilities in Trend ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25770 (An out-of-bounds read information disclosure vulnerabilities in Trend ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25769
+ RESERVED
+CVE-2020-25768 (Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 hav ...)
+ NOT-FOR-US: Contao CMS
+CVE-2020-25767 (An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_c ...)
+ NOT-FOR-US: HCC Embedded NicheStack
+CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...)
+ NOT-FOR-US: MISP
+CVE-2020-25765 (Addressed remote code execution vulnerability in reg_device.php due to ...)
+ NOT-FOR-US: Western Digital My Cloud Devices
+CVE-2020-25764
+ RESERVED
+CVE-2020-25763 (Seat Reservation System version 1.0 suffers from an Unauthenticated Fi ...)
+ NOT-FOR-US: Seat Reservation System
+CVE-2020-25762 (An issue was discovered in SourceCodester Seat Reservation System 1.0. ...)
+ NOT-FOR-US: SourceCodester Seat Reservation System
+CVE-2020-25761 (Projectworlds Visitor Management System in PHP 1.0 allows XSS. The fil ...)
+ NOT-FOR-US: Projectworlds Visitor Management System in PHP
+CVE-2020-25760 (Projectworlds Visitor Management System in PHP 1.0 allows SQL Injectio ...)
+ NOT-FOR-US: Projectworlds Visitor Management System in PHP
+CVE-2020-25759 (An issue was discovered on D-Link DSR-250 3.17 devices. Certain functi ...)
+ NOT-FOR-US: D-Link
+CVE-2020-25758 (An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient v ...)
+ NOT-FOR-US: D-Link
+CVE-2020-25757 (A lack of input validation and access controls in Lua CGIs on D-Link D ...)
+ NOT-FOR-US: D-Link
+CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_ht ...)
+ NOT-FOR-US: Cesanta Mongoose
+ NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
+CVE-2020-25755 (An issue was discovered on Enphase Envoy R3.x and D4.x (and other curr ...)
+ NOT-FOR-US: Enphase Envoy
+CVE-2020-25754 (An issue was discovered on Enphase Envoy R3.x and D4.x devices. There ...)
+ NOT-FOR-US: Enphase Envoy
+CVE-2020-25753 (An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 ...)
+ NOT-FOR-US: Enphase Envoy
+CVE-2020-25752 (An issue was discovered on Enphase Envoy R3.x and D4.x devices. There ...)
+ NOT-FOR-US: Enphase Envoy
+CVE-2020-25751 (The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via ...)
+ NOT-FOR-US: paGO Commerce plugin for Joomla!
+CVE-2020-25750 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 b ...)
+ NOT-FOR-US: DotPlant2
+CVE-2020-25749 (The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 ca ...)
+ NOT-FOR-US: Rubetek
+CVE-2020-25748 (A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3 ...)
+ NOT-FOR-US: Rubetek
+CVE-2020-25747 (The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (f ...)
+ NOT-FOR-US: Rubetek
+CVE-2020-25746 (QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local att ...)
+ NOT-FOR-US: QED ResourceXpress Qubi3 devices
+CVE-2020-25745
+ RESERVED
+CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to ...)
+ NOT-FOR-US: SaferVPN
+CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereferen ...)
+ - qemu <unfixed> (bug #970940)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - qemu <postponed> (Fix along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
+ NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ...)
+ - qemu <unfixed> (bug #971390)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - qemu <postponed> (Fix along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html
+ NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer d ...)
+ - qemu <unfixed> (bug #970939)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - qemu <postponed> (Fix along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
+ NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2020-25740
+ RESERVED
+CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for Ruby. Mult ...)
+ {DLA-2380-1}
+ - ruby-gon 6.4.0-1 (bug #970938)
+ [buster] - ruby-gon <no-dsa> (Minor issue)
+ NOTE: https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7
+CVE-2020-25738 (CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers ...)
+ NOT-FOR-US: CyberArk Endpoint Privilege Manager (EPM)
+CVE-2020-25737 (An elevation of privilege vulnerability exists in Hackolade versions p ...)
+ NOT-FOR-US: Hackolade
+CVE-2020-25736 (Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows ...)
+ NOT-FOR-US: Acronis
+CVE-2020-25735 (webTareas through 2.1 allows XSS in clients/editclient.php, extensions ...)
+ NOT-FOR-US: webTareas
+CVE-2020-25734 (webTareas through 2.1 allows files/Default/ Directory Listing. ...)
+ NOT-FOR-US: webTareas
+CVE-2020-25733 (webTareas through 2.1 allows upload of the dangerous .exe and .shtml f ...)
+ NOT-FOR-US: webTareas
+CVE-2020-25732
+ RESERVED
+CVE-2020-25731
+ RESERVED
+CVE-2020-25730
+ RESERVED
+CVE-2020-25729 (ZoneMinder before 1.34.21 has XSS via the connkey parameter to downloa ...)
+ - zoneminder 1.34.21-1 (unimportant)
+ NOTE: https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413
+ NOTE: Only supported for trusted users/behind auth, see README.debian.security
+CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a broken algor ...)
+ NOT-FOR-US: Reset Password add-on for Alfresco
+CVE-2020-25727 (The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS- ...)
+ NOT-FOR-US: Reset Password add-on for Alfresco
+CVE-2020-25726
+ REJECTED
+CVE-2020-25725 (In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOut ...)
+ - xpdf <not-affected> (Debian uses poppler, which is not affected)
+ NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41915
+CVE-2020-25724 (A flaw was found in RESTEasy, where an incorrect response to an HTTP r ...)
+ - resteasy <unfixed>
+ - resteasy3.0 <unfixed>
+ [bullseye] - resteasy3.0 <no-dsa> (Minor issue)
+ [buster] - resteasy3.0 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks details ATM)
+CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation code o ...)
+ {DLA-2469-1}
+ - qemu 1:5.2+dfsg-1 (bug #975276)
+ [buster] - qemu <postponed> (Fix along in future DSA)
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 (v5.2.0-rc0)
+CVE-2020-25722 (Multiple flaws were found in the way samba AD DC implemented access an ...)
+ {DSA-5003-1}
+ - samba 2:4.13.14+dfsg-1
+ [buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14564
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
+ NOTE: https://www.samba.org/samba/security/CVE-2020-25722.html
+CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers (eg objectSid)]
+ RESERVED
+ {DSA-5003-1}
+ - samba 2:4.13.14+dfsg-1
+ [buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14557
+ NOTE: https://www.samba.org/samba/security/CVE-2020-25721.html
+CVE-2020-25720
+ RESERVED
+CVE-2020-25719 (A flaw was found in the way Samba, as an Active Directory Domain Contr ...)
+ {DSA-5003-1}
+ - samba 2:4.13.14+dfsg-1
+ [buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14561
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
+ NOTE: https://www.samba.org/samba/security/CVE-2020-25719.html
+CVE-2020-25718 (A flaw was found in the way samba, as an Active Directory Domain Contr ...)
+ {DSA-5003-1}
+ - samba 2:4.13.14+dfsg-1
+ [buster] - samba <ignored> (Intrusive backport; affects Samba as AD DC)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14558
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
+ NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html
+CVE-2020-25717 (A flaw was found in the way Samba maps domain users to local users. An ...)
+ {DSA-5015-1 DSA-5003-1}
+ - samba 2:4.13.14+dfsg-1
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
+ NOTE: https://www.samba.org/samba/security/CVE-2020-25717.html
+ NOTE: A new parameter "min domain uid" (defaults to 1000) has been added,
+ NOTE: which enforces that no UNIX uid below this value will be accepted.
+CVE-2020-25716 (A flaw was found in Cloudforms. A role-based privileges escalation fla ...)
+ NOT-FOR-US: Red Hat CloudForm
+CVE-2020-25715 (A flaw was found in pki-core 10.9.0. A specially crafted POST request ...)
+ - dogtag-pki 11.0.0-1 (bug #988153)
+ [bullseye] - dogtag-pki <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1891016
+ NOTE: https://github.com/dogtagpki/pki/commit/13f4c7fe7d71d42b46b25f3e8472ef7f35da5dd6
+CVE-2020-25714
+ RESERVED
+CVE-2020-25713 (A malformed input file can lead to a segfault due to an out of bounds ...)
+ {DLA-2846-1}
+ - raptor <removed>
+ - raptor2 2.0.14-1.2 (bug #974664)
+ [buster] - raptor2 <no-dsa> (Minor issue)
+ NOTE: https://bugs.librdf.org/mantis/view.php?id=650
+CVE-2020-25712 (A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer over ...)
+ {DSA-4803-1 DLA-2486-1}
+ - xorg-server 2:1.20.10-1 (bug #976216)
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
+CVE-2020-25711 (A flaw was found in infinispan 10 REST API, where authorization permis ...)
+ NOT-FOR-US: Infinispan
+CVE-2020-25708 (A divide by zero issue was found to occur in libvncserver-0.9.12. A ma ...)
+ {DLA-2451-1}
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver <no-dsa> (Minor issue)
+ NOTE: https://github.com/LibVNC/libvncserver/issues/409
+ NOTE: https://github.com/LibVNC/libvncserver/commit/673c07a75ed844d74676f3ccdcfdc706a7052dba
+CVE-2020-25707
+ REJECTED
+CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in templates_import. ...)
+ - cacti 1.2.14+ds1-1
+ [buster] - cacti <no-dsa> (Minor issue)
+ [stretch] - cacti <not-affected> (Vulnerable code introduced in 1.0.0)
+ NOTE: https://github.com/Cacti/cacti/issues/3723
+ NOTE: https://github.com/Cacti/cacti/commit/39458efcd5286d50e6b7f905fedcdc1059354e6e
+ NOTE: introduced by https://github.com/Cacti/cacti/commit/0ba5711f09338a7019ed5622701a7effd83ba701
+CVE-2020-25705 (A flaw in ICMP packets in the Linux kernel may allow an attacker to qu ...)
+ {DLA-2494-1 DLA-2483-1}
+ - linux 5.9.6-1
+ [buster] - linux 4.19.160-1
+ NOTE: https://git.kernel.org/linus/b38e7819cae946e2edf869e604af1e65a5d241c5
+ NOTE: https://www.saddns.net/
+CVE-2020-25704 (A flaw memory leak in the Linux kernel performance monitoring subsyste ...)
+ {DLA-2494-1 DLA-2483-1}
+ - linux 5.9.6-1
+ [buster] - linux 4.19.160-1
+ NOTE: https://git.kernel.org/linus/7bdb157cdebbf95a1cd94ed2e01b338714075d00
+CVE-2020-25703 (The participants table download in Moodle always included user emails, ...)
+ - moodle <removed>
+CVE-2020-25702 (In Moodle, it was possible to include JavaScript when re-naming conten ...)
+ - moodle <removed>
+CVE-2020-25701 (If the upload course tool in Moodle was used to delete an enrollment m ...)
+ - moodle <removed>
+CVE-2020-25700 (In moodle, some database module web services allowed students to add e ...)
+ - moodle <removed>
+CVE-2020-25699 (In moodle, insufficient capability checks could lead to users with the ...)
+ - moodle <removed>
+CVE-2020-25698 (Users' enrollment capabilities were not being sufficiently checked in ...)
+ - moodle <removed>
+CVE-2020-25697 (A privilege escalation flaw was found in the Xorg-x11-server due to a ...)
+ NOTE: Long-standing design limitation in X11, unlikely to get fixed until the world moves to Wayland
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/3
+CVE-2020-25696 (A flaw was found in the psql interactive terminal of PostgreSQL in ver ...)
+ {DLA-2478-1}
+ - postgresql-13 13.1-1
+ - postgresql-12 <removed>
+ - postgresql-11 <removed>
+ [buster] - postgresql-11 11.10-0+deb10u1
+ - postgresql-9.6 <removed>
+ NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=a54dfbee1f1bad431793968918bbb8541dc860a0 (REL9_5_STABLE)
+CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...)
+ {DLA-2478-1}
+ - postgresql-13 13.1-1
+ - postgresql-12 <removed>
+ - postgresql-11 <removed>
+ [buster] - postgresql-11 11.10-0+deb10u1
+ - postgresql-9.6 <removed>
+ NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=aefc625dedae52073e7d279feb43f6255f992ea7 (REL9_5_STABLE)
+CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...)
+ {DLA-2478-1}
+ - postgresql-13 13.1-1
+ - postgresql-12 <removed>
+ - postgresql-11 <removed>
+ [buster] - postgresql-11 11.10-0+deb10u1
+ - postgresql-9.6 <removed>
+ NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
+ NOTE: https://www.postgresql.org/message-id/flat/16604-933f4b8791227b15%40postgresql.org
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=56b46d3a1a620548b4728b48bd28cdf11d88e101 (REL9_5_STABLE)
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=da129a04a6dea8c30eec2477c08d17736c92d431 (REL9_5_STABLE)
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=6997da09a41f613695575fbfcb213f14784c92bb (REL9_5_STABLE)
+CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer overflows ...)
+ {DLA-2462-1}
+ - cimg 2.9.4+dfsg-2 (bug #973770)
+ [buster] - cimg <no-dsa> (Minor issue)
+ NOTE: https://github.com/dtschump/CImg/pull/295
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/cimg/+bug/1900983
+ NOTE: Fixed by: https://github.com/dtschump/CImg/commit/4f184f89f9ab6785a6c90fd238dbaa6d901d3505
+CVE-2020-25691
+ RESERVED
+ - darkhttpd <itp> (bug #775096)
+CVE-2020-25690 (An out-of-bounds write flaw was found in FontForge in versions before ...)
+ - fontforge <not-affected> (Insufficient patch for CVE-2020-5395 not applied)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893188
+CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to 21.0.0.F ...)
+ - wildfly <itp> (bug #752018)
+CVE-2020-25688 (A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two ...)
+ NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM)
+CVE-2020-25687 (A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...)
+ {DSA-4844-1 DLA-2604-1}
+ - dnsmasq 2.83-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
+CVE-2020-25686 (A flaw was found in dnsmasq before version 2.83. When receiving a quer ...)
+ {DSA-4844-1}
+ - dnsmasq 2.83-1
+ [stretch] - dnsmasq <ignored> (Minor issue, off-path DNS-non-sec cache poisoning, mitigated by CVE-2020-25684 fix, invasive, regressions)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=15b60ddf935a531269bb8c68198de012a4967156
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=6a6e06fbb0d4690507ceaf2bb6f0d8910f3d4914
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=04490bf622ac84891aad6f2dd2edf83725decdee (regression)
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=12af2b171de0d678d98583e2190789e544440e02 (regression)
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3f535da79e7a42104543ef5c7b5fa2bed819a78b (regression)
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=25e63f1e56f5acdcf91893a1b92ad1e0f2f552d8 (regression)
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=141a26f979b4bc959d8e866a295e24f8cf456920 (regression)
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=305cb79c5754d5554729b18a2c06fe7ce699687a (regression)
+CVE-2020-25685 (A flaw was found in dnsmasq before version 2.83. When getting a reply ...)
+ {DSA-4844-1}
+ - dnsmasq 2.83-1
+ [stretch] - dnsmasq <ignored> (Minor issue, off-path DNS-non-sec cache poisoning, mitigated by CVE-2020-25684 fix, stretch uses SHA-1 and not CRC32)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2d765867c597db18be9d876c9c17e2c0fe1953cd
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2024f9729713fd657d65e64c2e4e471baa0a3e5b
+CVE-2020-25684 (A flaw was found in dnsmasq before version 2.83. When getting a reply ...)
+ {DSA-4844-1 DLA-2604-1}
+ - dnsmasq 2.83-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=257ac0c5f7732cbc6aa96fdd3b06602234593aca
+CVE-2020-25683 (A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...)
+ {DSA-4844-1 DLA-2604-1}
+ - dnsmasq 2.83-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
+CVE-2020-25682 (A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerabili ...)
+ {DSA-4844-1 DLA-2604-1}
+ - dnsmasq 2.83-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
+CVE-2020-25681 (A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...)
+ {DSA-4844-1 DLA-2604-1}
+ - dnsmasq 2.83-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
+CVE-2020-25680 (A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a ...)
+ NOT-FOR-US: JBCS httpd
+CVE-2020-25679
+ RESERVED
+CVE-2020-25678 (A flaw was found in ceph in versions prior to 16.y.z where ceph stores ...)
+ - ceph 14.2.18-1
+ [buster] - ceph <no-dsa> (Minor issue)
+ [stretch] - ceph <no-dsa> (Minor issue)
+ NOTE: https://tracker.ceph.com/issues/37503
+ NOTE: https://github.com/ceph/ceph/pull/38614 (v14.2.17)
+CVE-2020-25677 (A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph ...)
+ NOT-FOR-US: ceph Ansible module
+CVE-2020-25676 (In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), Inte ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1732
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/406da3af9e09649cda152663c179902edf5ab3ac
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/94aeb3c40d25aee1051ba8eb3a31601558ef2506
+CVE-2020-25675 (In the CropImage() and CropImageToTiles() routines of MagickCore/trans ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1731
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/64dc80b2e1907f7f20bf34d4df9483f938b0de71
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6b169173585127299f4724f7880b575879c7f033
+CVE-2020-25674 (WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop wi ...)
+ {DLA-2523-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <no-dsa> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1715
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/67b871032183a29d3ca0553db6ce1ae80fddb9aa
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/2fdff8e040cd4401498d89f3c3d1f89cffd118b0
+CVE-2020-25673 (A vulnerability was found in Linux kernel where non-blocking socket in ...)
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
+CVE-2020-25672 (A memory leak vulnerability was found in Linux kernel in llcp_sock_con ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.38-1
+ [bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
+ [buster] - linux 4.19.194-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
+CVE-2020-25671 (A vulnerability was found in Linux Kernel, where a refcount leak in ll ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.38-1
+ [bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
+ [buster] - linux 4.19.194-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
+CVE-2020-25670 (A vulnerability was found in Linux Kernel where refcount leak in llcp_ ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.38-1
+ [bullseye] - linux <postponed> (Minor issue, revisit once fixed upstream)
+ [buster] - linux 4.19.194-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
+CVE-2020-25669 (A vulnerability was found in the Linux Kernel where the function sunkb ...)
+ {DLA-2494-1 DLA-2483-1}
+ - linux 5.9.11-1
+ [buster] - linux 4.19.160-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/05/2
+CVE-2020-25668 (A flaw was found in Linux Kernel because access to the global variable ...)
+ {DLA-2494-1 DLA-2483-1}
+ - linux 5.9.6-1
+ [buster] - linux 4.19.160-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/30/1
+ NOTE: https://git.kernel.org/linus/90bfdeef83f1d6c696039b6a917190dcbbad3220
+CVE-2020-25667 (TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a larg ...)
+ - imagemagick <not-affected> (Introduced in v6.9.10-63 and fixed in 6.9.10-69, no vulnerable version in archive)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1748
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/986b5dff173413fa712db27eb677cdef15f0bab6
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/14ba3e46a66c4799d643c7b959792e185c6599c7
+CVE-2020-25666 (There are 4 places in HistogramCompare() in MagickCore/histogram.c whe ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1750
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94691f00839dbdf43edb1508af945ab19b388573
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/91ae12c57f3b9b23f2072462c27a8378b59f395e
+CVE-2020-25665 (The PALM image coder at coders/palm.c makes an improper call to Acquir ...)
+ {DLA-2523-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1714
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/cfd829bd3581b092e0a267b3deba46fa90b9bc88
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ca80e93cc887fb8971ceba2eead2c74e2b927df4
+CVE-2020-25664 (In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper ca ...)
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ [stretch] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1716
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/1f450bb5ba53d275de6d1cd086c98a0b549ad393
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/27d3ddedb73f63fa984ff5b4d66e07eef654070f
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e16a98540228f707a718dd09ac0b8cacd2a25d49 (revert)
+ NOTE: possible incomplete/invalid fix, cf. CVE-2020-27752 that occurs after the fix
+CVE-2020-25663 (A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of ...)
+ - imagemagick <not-affected> (Vulnerable code introduced in 7.x)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1723
+ NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/0c69c477e65d2a2695278ca614ffb9a3385137bc (7.0.8-56)
+ NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/8ed707a93fc4c7b3193dd562f07c4a1cc63cc19d (7.0.8-57)
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a47e7a994766b92b10d4a87df8c1c890c8b170f3 (7.0.9-0)
+CVE-2020-25662 (A Red Hat only CVE-2020-12352 regression issue was found in the way th ...)
+ - linux <not-affected> (Red Hat-specific regression)
+CVE-2020-25661 (A Red Hat only CVE-2020-12351 regression issue was found in the way th ...)
+ - linux <not-affected> (Red Hat-specific regression)
+CVE-2020-25660 (A flaw was found in the Cephx authentication protocol in versions befo ...)
+ - ceph 14.2.15-1 (bug #975275)
+ [buster] - ceph <not-affected> (Vulnerable code introduced later)
+ [stretch] - ceph <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/17/4
+ NOTE: Proposed patches: https://www.openwall.com/lists/oss-security/2020/11/17/3
+ NOTE: Introduced by: https://github.com/ceph/ceph/commit/321548010578d6ff7bbf2e5ce8a550008b131423 (v15.1.0, backported to v14.2.5)
+ NOTE: Fixed by: https://github.com/ceph/ceph/commit/6c14c2fb5650426285428dfe6ca1597e5ea1d07d (15.2.6)
+ NOTE: Fixed by: https://github.com/ceph/ceph/commit/1316c82aae8c51b3fe10d8a8f0a87b60db54ee16 (15.2.6)
+ NOTE: Fixed by: https://github.com/ceph/ceph/commit/bafdfec8f974f1a3f7d404bcfd0a4cfad784937d (15.2.6)
+ NOTE: Fixed by: https://github.com/ceph/ceph/commit/2927fd91d41e505237cc73f9700e5c6a63e5cb4f (14.2.14)
+ NOTE: Fixed by: https://github.com/ceph/ceph/commit/4c11203122d729c832a645c9e3f5092db4963840 (14.2.14)
+ NOTE: Fixed by: https://github.com/ceph/ceph/commit/bb5d3d58bfcae96d2e5f796eaa74fc0987f79e77 (14.2.14)
+CVE-2020-25659 (python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks ...)
+ - python-cryptography 3.2.1-1 (bug #973247)
+ [buster] - python-cryptography <no-dsa> (Minor issue)
+ [stretch] - python-cryptography <no-dsa> (Minor issue; risk of regression & marginal benefit)
+ NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889988
+ NOTE: https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 (3.2)
+CVE-2020-25658 (It was found that python-rsa is vulnerable to Bleichenbacher timing at ...)
+ - python-rsa <unfixed> (bug #974685)
+ [bullseye] - python-rsa <no-dsa> (Minor issue)
+ [buster] - python-rsa <no-dsa> (Minor issue)
+ [stretch] - python-rsa <no-dsa> (Minor issue)
+ NOTE: https://github.com/sybrenstuvel/python-rsa/issues/165
+ NOTE: Presumed fix upstream in 4.7 does not address the issue:
+ NOTE: https://github.com/sybrenstuvel/python-rsa/issues/165#issuecomment-727580521
+CVE-2020-25657 (A flaw was found in all released versions of m2crypto, where they are ...)
+ - m2crypto <unfixed> (bug #975002)
+ [bullseye] - m2crypto <no-dsa> (Minor issue)
+ [buster] - m2crypto <no-dsa> (Minor issue)
+ [stretch] - m2crypto <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889823
+ NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/285
+ NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/282 (restricted)
+CVE-2020-25656 (A flaw was found in the Linux kernel. A use-after-free was found in th ...)
+ {DLA-2494-1 DLA-2483-1}
+ - linux 5.9.6-1
+ [buster] - linux 4.19.160-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/16/1
+CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could allow se ...)
+ NOT-FOR-US: Red Hat open-cluster-management
+CVE-2020-25654 (An ACL bypass flaw was found in pacemaker. An attacker having a local ...)
+ {DSA-4791-1 DLA-2519-1}
+ - pacemaker 2.0.5~rc2-1 (bug #973254)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191
+CVE-2020-25653 (A race condition vulnerability was found in the way the spice-vdagentd ...)
+ {DLA-2524-1}
+ - spice-vdagent 0.20.0-2 (bug #973769)
+ [buster] - spice-vdagent <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
+ NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/51c415df82a52e9ec033225783c77df95f387891
+ NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/5c50131797e985d0a5654c1fd7000ae945ed29a7
+CVE-2020-25652 (A flaw was found in the spice-vdagentd daemon, where it did not proper ...)
+ {DLA-2524-1}
+ - spice-vdagent 0.20.0-2 (bug #973769)
+ [buster] - spice-vdagent <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
+ NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/91caa9223857708475d29df1768208fed1675340
+ NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/812ca777469a377c84b9861d7d326bfc72563304
+CVE-2020-25651 (A flaw was found in the SPICE file transfer protocol. File data from t ...)
+ {DLA-2524-1}
+ - spice-vdagent 0.20.0-2 (bug #973769)
+ [buster] - spice-vdagent <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
+ NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332
+ NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/9d35d8a86fb310fc1f29d428c0a96995948d2357
+ NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/e4bfd1b632b6c14e8411dbe3565115a78cd3d256
+ NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/b7db1c20c9f80154fb54392eb44add3486d3e427
+CVE-2020-25650 (A flaw was found in the way the spice-vdagentd daemon handled file tra ...)
+ {DLA-2524-1}
+ - spice-vdagent 0.20.0-2 (bug #973769)
+ [buster] - spice-vdagent <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
+ NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332
+ NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/9d35d8a86fb310fc1f29d428c0a96995948d2357
+CVE-2020-25649 (A flaw was found in FasterXML Jackson Databind, where it did not have ...)
+ {DLA-2406-1}
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2589
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1)
+CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message ...)
+ - nss 2:3.58-1
+ [buster] - nss <no-dsa> (Minor issue)
+ [stretch] - nss <no-dsa> (Minor issue)
+ NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 (private)
+ NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
+CVE-2020-25647 (A flaw was found in grub2 in versions prior to 2.06. During USB device ...)
+ {DSA-4867-1}
+ - grub2 2.04-16
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+CVE-2020-25646 (A flaw was found in Ansible Collection community.crypto. openssl_priva ...)
+ TODO: check
+CVE-2020-25645 (A flaw was found in the Linux kernel in versions before 5.9-rc7. Traff ...)
+ {DSA-4774-1 DLA-2494-1 DLA-2417-1}
+ - linux 5.8.14-1
+ NOTE: https://git.kernel.org/linus/34beb21594519ce64a55a498c2fe7d567bc1ca20
+CVE-2020-25644 (A memory leak flaw was found in WildFly OpenSSL in versions prior to 1 ...)
+ - wildfly <itp> (bug #752018)
+CVE-2020-25643 (A flaw was found in the HDLC_PPP module of the Linux kernel in version ...)
+ {DSA-4774-1 DLA-2420-1 DLA-2417-1}
+ - linux 5.8.14-1
+ NOTE: https://git.kernel.org/linus/66d42ed8b25b64eb63111a2b8582c5afc8bf1105
+CVE-2020-25642
+ RESERVED
+CVE-2020-25641 (A flaw was found in the Linux kernel's implementation of biovecs in ve ...)
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.8.10-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124
+CVE-2020-25640 (A flaw was discovered in WildFly before 21.0.0.Final where, Resource a ...)
+ - wildfly <itp> (bug #752018)
+CVE-2020-25639 (A NULL pointer dereference flaw was found in the Linux kernel's GPU No ...)
+ - linux 5.10.19-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.freedesktop.org/archives/nouveau/2020-August/036682.html
+CVE-2020-25638 (A flaw was found in hibernate-core in versions prior to and including ...)
+ {DSA-4908-1 DLA-2512-1}
+ - libhibernate3-java 3.6.10.Final-11
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1881353
+ NOTE: Fixed by https://github.com/hibernate/hibernate-orm/commit/59fede7acaaa1579b561407aefa582311f7ebe78
+CVE-2020-25637 (A double free memory issue was found to occur in the libvirt API, in v ...)
+ {DLA-2395-1}
+ - libvirt 6.8.0-1 (bug #971555)
+ [buster] - libvirt <no-dsa> (Minor issue)
+ NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=0977b8aa071de550e1a013d35e2c72615e65d520 (v1.2.14-rc1)
+ NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=955029bd0ad7ef96000f529ac38204a8f4a96401 (v6.8.0)
+ NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=50864dcda191eb35732dbd80fb6ca251a6bba923 (v6.8.0)
+ NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=e4116eaa44cb366b59f7fe98f4b88d04c04970ad (v6.8.0)
+ NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=a63b48c5ecef077bf0f909a85f453a605600cf05 (v6.8.0)
+CVE-2020-25636 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...)
+ - ansible <not-affected> (Vulnerable connection/aws_ssm plugin not included)
+ NOTE: https://github.com/ansible-collections/community.aws/issues/221
+CVE-2020-25635 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...)
+ - ansible <not-affected> (Vulnerable connection/aws_ssm plugin not included)
+ NOTE: https://github.com/ansible-collections/community.aws/issues/222
+CVE-2020-25634 (A flaw was found in Red Hat 3scale&#8217;s API docs URL, where it is a ...)
+ NOT-FOR-US: 3scale
+CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to ...)
+ - resteasy <unfixed> (bug #970585)
+ - resteasy3.0 <unfixed>
+ [bullseye] - resteasy3.0 <ignored> (Minor issue)
+ [buster] - resteasy3.0 <ignored> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042
+CVE-2020-25632 (A flaw was found in grub2 in versions prior to 2.06. The rmmod impleme ...)
+ {DSA-4867-1}
+ - grub2 2.04-16
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+CVE-2020-25631 (A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 ...)
+ - moodle <removed>
+CVE-2020-25630 (A vulnerability was found in Moodle where the decompressed size of zip ...)
+ - moodle <removed>
+CVE-2020-25629 (A vulnerability was found in Moodle where users with "Log in as" capab ...)
+ - moodle <removed>
+CVE-2020-25628 (The filter in the tag manager required extra sanitizing to prevent a r ...)
+ - moodle <removed>
+CVE-2020-25627 (The moodlenetprofile user profile field required extra sanitizing to p ...)
+ - moodle <removed>
+CVE-2020-25626 (A flaw was found in Django REST Framework versions before 3.12.0 and b ...)
+ - djangorestframework 3.12.1-1 (bug #971554)
+ [buster] - djangorestframework <no-dsa> (Minor issue)
+ [stretch] - djangorestframework <no-dsa> (Minor issue)
+ NOTE: https://github.com/encode/django-rest-framework/commit/4121b01b912668c049b26194a9a107c27a332429
+ NOTE: Fixed upstream in 3.12.0 and 3.11.2
+CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list ha ...)
+ {DLA-2469-1}
+ - qemu 1:5.2+dfsg-1 (bug #970542)
+ [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
+ NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/1
+ NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f (v5.2.0-rc0)
+CVE-2020-25624 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via ...)
+ {DLA-2469-1}
+ - qemu 1:5.2+dfsg-1 (bug #970541)
+ [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
+ NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058 (v5.2.0-rc0)
+CVE-2020-25623 (Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Director ...)
+ - erlang 1:23.1+dfsg-1
+ [buster] - erlang <not-affected> (Vulnerable code introduced later)
+ [stretch] - erlang <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/erlang/otp/releases/tag/OTP-23.1
+CVE-2020-25622 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The Advanc ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-25621 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The local ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-25620 (An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-25619 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH co ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-25618 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo c ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-25617 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The Advanc ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-25616
+ RESERVED
+CVE-2020-25615
+ RESERVED
+CVE-2020-25614 (xmlquery before 1.3.1 lacks a check for whether a LoadURL response is ...)
+ - golang-github-antchfx-xmlquery 1.3.3-1
+ NOTE: https://github.com/antchfx/xmlquery/issues/39
+CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, an ...)
+ {DLA-2392-1 DLA-2391-1}
+ - ruby2.7 2.7.1-4
+ - ruby2.5 <removed>
+ [buster] - ruby2.5 2.5.5-3+deb10u3
+ - ruby2.3 <removed>
+ - jruby <unfixed> (bug #972230)
+ [buster] - jruby <no-dsa> (Minor issue)
+ NOTE: https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
+ NOTE: Fix in webrick: https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7
+CVE-2020-25612 (The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an atta ...)
+ NOT-FOR-US: Mitel
+CVE-2020-25611 (The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to ...)
+ NOT-FOR-US: Mitel
+CVE-2020-25610 (The AWV component of Mitel MiCollab before 9.2 could allow an attacker ...)
+ NOT-FOR-US: Mitel
+CVE-2020-25609 (The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow ...)
+ NOT-FOR-US: Mitel
+CVE-2020-25608 (The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to ...)
+ NOT-FOR-US: Mitel
+CVE-2020-25607
+ RESERVED
+CVE-2020-25606 (The AWV component of Mitel MiCollab before 9.2 could allow an attacker ...)
+ NOT-FOR-US: Mitel
+CVE-2020-25605 (Cleartext transmission of sensitive information in Agora Video SDK pri ...)
+ NOT-FOR-US: Agora Video SDK
+CVE-2020-25604 (An issue was discovered in Xen through 4.14.x. There is a race conditi ...)
+ {DSA-4769-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-336.html
+CVE-2020-25603 (An issue was discovered in Xen through 4.14.x. There are missing memor ...)
+ {DSA-4769-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-340.html
+CVE-2020-25602 (An issue was discovered in Xen through 4.14.x. An x86 PV guest can tri ...)
+ {DSA-4769-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-333.html
+CVE-2020-25601 (An issue was discovered in Xen through 4.14.x. There is a lack of pree ...)
+ {DSA-4769-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-344.html
+CVE-2020-25600 (An issue was discovered in Xen through 4.14.x. Out of bounds event cha ...)
+ {DSA-4769-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-342.html
+CVE-2020-25599 (An issue was discovered in Xen through 4.14.x. There are evtchn_reset( ...)
+ {DSA-4769-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-343.html
+CVE-2020-25598 (An issue was discovered in Xen 4.14.x. There is a missing unlock in th ...)
+ - xen <not-affected> (No affected version (only > 4.12) ever uploaded to unstable)
+ NOTE: https://xenbits.xen.org/xsa/advisory-334.html
+CVE-2020-25597 (An issue was discovered in Xen through 4.14.x. There is mishandling of ...)
+ {DSA-4769-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-338.html
+CVE-2020-25596 (An issue was discovered in Xen through 4.14.x. x86 PV guest kernels ca ...)
+ {DSA-4769-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-339.html
+CVE-2020-25595 (An issue was discovered in Xen through 4.14.x. The PCI passthrough cod ...)
+ {DSA-4769-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-337.html
+CVE-2020-25594 (HashiCorp Vault and Vault Enterprise allowed for enumeration of Secret ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2020-25593 (Acronis True Image through 2021 on macOS allows local privilege escala ...)
+ NOT-FOR-US: Acronis
+CVE-2020-25592 (In SaltStack Salt through 3002, salt-netapi improperly validates eauth ...)
+ {DSA-4837-1 DLA-2480-1}
+ - salt 3002.1+dfsg1-1
+ NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
+ NOTE: https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2020/09/25
+CVE-2020-25591
+ RESERVED
+CVE-2020-25590
+ RESERVED
+CVE-2020-25589
+ RESERVED
+CVE-2020-25588
+ RESERVED
+CVE-2020-25587
+ RESERVED
+CVE-2020-25586
+ RESERVED
+CVE-2020-25585
+ RESERVED
+CVE-2020-25584 (In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11. ...)
+ NOT-FOR-US: FreeBSD
+CVE-2020-25583 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12. ...)
+ NOT-FOR-US: FreeBSD
+CVE-2020-25582 (In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12. ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+CVE-2020-25581 (In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12. ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+CVE-2020-25580 (In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12. ...)
+ NOT-FOR-US: FreeBSD
+CVE-2020-25579 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+CVE-2020-25578 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+CVE-2020-25577 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12. ...)
+ NOT-FOR-US: FreeBSD
+CVE-2020-25572
+ RESERVED
+CVE-2020-25571
+ RESERVED
+CVE-2020-25570
+ RESERVED
+CVE-2020-25569
+ RESERVED
+CVE-2020-25568
+ RESERVED
+CVE-2020-25567
+ RESERVED
+CVE-2020-25566 (In SapphireIMS 5.0, it is possible to take over an account by sending ...)
+ NOT-FOR-US: SapphireIMS
+CVE-2020-25565 (In SapphireIMS 5.0, it is possible to use the hardcoded credential in ...)
+ NOT-FOR-US: SapphireIMS
+CVE-2020-25564 (In SapphireIMS 5.0, it is possible to create local administrator on an ...)
+ NOT-FOR-US: SapphireIMS
+CVE-2020-25563 (In SapphireIMS 5.0, it is possible to create local administrator on an ...)
+ NOT-FOR-US: SapphireIMS
+CVE-2020-25562 (In SapphireIMS 5.0, there is no CSRF token present in the entire appli ...)
+ NOT-FOR-US: SapphireIMS
+CVE-2020-25561 (SapphireIMS 5 utilized default sapphire:ims credentials to connect the ...)
+ NOT-FOR-US: SapphireIMS
+CVE-2020-25560 (In SapphireIMS 5.0, it is possible to use the hardcoded credential in ...)
+ NOT-FOR-US: SapphireIMS
+CVE-2020-25559 (gnuplot 5.5 is affected by double free when executing print_set_output ...)
+ - gnuplot <unfixed> (unimportant)
+ NOTE: https://sourceforge.net/p/gnuplot/bugs/2312/
+ NOTE: No security impact, gnuplot can execute arbitrary commands and need to
+ NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
+CVE-2020-25558
+ RESERVED
+CVE-2020-25557 (In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "usern ...)
+ NOT-FOR-US: CMSuno
+CVE-2020-25556
+ RESERVED
+CVE-2020-25555
+ RESERVED
+CVE-2020-25554
+ RESERVED
+CVE-2020-25553
+ RESERVED
+CVE-2020-25552
+ RESERVED
+CVE-2020-25551
+ RESERVED
+CVE-2020-25550
+ RESERVED
+CVE-2020-25549
+ RESERVED
+CVE-2020-25548
+ RESERVED
+CVE-2020-25547
+ RESERVED
+CVE-2020-25546
+ RESERVED
+CVE-2020-25545
+ RESERVED
+CVE-2020-25544
+ RESERVED
+CVE-2020-25543
+ RESERVED
+CVE-2020-25542
+ RESERVED
+CVE-2020-25541
+ RESERVED
+CVE-2020-25540 (ThinkAdmin v6 is affected by a directory traversal vulnerability. An u ...)
+ NOT-FOR-US: ThinkAdmin
+CVE-2020-25539
+ RESERVED
+CVE-2020-25538 (An authenticated attacker can inject malicious code into "lang" parame ...)
+ NOT-FOR-US: CMSuno
+CVE-2020-25537 (File upload vulnerability exists in UCMS 1.5.0, and the attacker can t ...)
+ NOT-FOR-US: UCMS
+CVE-2020-25536
+ RESERVED
+CVE-2020-25535
+ RESERVED
+CVE-2020-25534
+ RESERVED
+CVE-2020-25533 (An issue was discovered in Malwarebytes before 4.0 on macOS. A malicio ...)
+ NOT-FOR-US: Malwarebytes on macOS
+CVE-2020-25532
+ RESERVED
+CVE-2020-25531
+ RESERVED
+CVE-2020-25530
+ RESERVED
+CVE-2020-25529
+ RESERVED
+CVE-2020-25528
+ RESERVED
+CVE-2020-25527
+ RESERVED
+CVE-2020-25526
+ RESERVED
+CVE-2020-25525
+ RESERVED
+CVE-2020-25524
+ RESERVED
+CVE-2020-25523
+ RESERVED
+CVE-2020-25522
+ RESERVED
+CVE-2020-25521
+ RESERVED
+CVE-2020-25520
+ RESERVED
+CVE-2020-25519
+ RESERVED
+CVE-2020-25518
+ RESERVED
+CVE-2020-25517
+ RESERVED
+CVE-2020-25516 (WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-si ...)
+ NOT-FOR-US: WSO2 Enterprise Integrator
+CVE-2020-25515 (Sourcecodester Simple Library Management System 1.0 is affected by Ins ...)
+ NOT-FOR-US: Sourcecodester Simple Library Management System
+CVE-2020-25514 (Sourcecodester Simple Library Management System 1.0 is affected by Inc ...)
+ NOT-FOR-US: Sourcecodester Simple Library Management System
+CVE-2020-25513
+ RESERVED
+CVE-2020-25512
+ RESERVED
+CVE-2020-25511
+ RESERVED
+CVE-2020-25510
+ RESERVED
+CVE-2020-25509
+ RESERVED
+CVE-2020-25508
+ RESERVED
+CVE-2020-25507 (An incorrect permission assignment during the installation script of T ...)
+ NOT-FOR-US: No Magic TeamworkCloud
+CVE-2020-25506 (D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injectio ...)
+ NOT-FOR-US: D-Link
+CVE-2020-25505
+ RESERVED
+CVE-2020-25504
+ RESERVED
+CVE-2020-25503
+ RESERVED
+CVE-2020-25502
+ RESERVED
+CVE-2020-25501
+ RESERVED
+CVE-2020-25500
+ RESERVED
+CVE-2020-25499 (TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote use ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2020-25498 (Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can b ...)
+ NOT-FOR-US: Beetel
+CVE-2020-25497
+ RESERVED
+CVE-2020-25496
+ RESERVED
+CVE-2020-25495 (A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerl ...)
+ NOT-FOR-US: Xinuo SCO Openserver
+CVE-2020-25494 (Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute ...)
+ NOT-FOR-US: Xinuo SCO Openserver
+CVE-2020-25493 (Oclean Mobile Application 2.1.2 communicates with an external website ...)
+ NOT-FOR-US: Oclean Mobile Application
+CVE-2020-25492
+ RESERVED
+CVE-2020-25491
+ RESERVED
+CVE-2020-25490 (Lack of cryptographic signature verification in the Sqreen PHP agent d ...)
+ NOT-FOR-US: Sqreen
+CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0 ...)
+ NOT-FOR-US: Sqreen
+CVE-2020-25488
+ RESERVED
+CVE-2020-25487 (PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is af ...)
+ NOT-FOR-US: PHPGURUKUL Zoo Management System
+CVE-2020-25486
+ RESERVED
+CVE-2020-25485
+ RESERVED
+CVE-2020-25484
+ RESERVED
+CVE-2020-25483 (An arbitrary command execution vulnerability exists in the fopen() fun ...)
+ NOT-FOR-US: UCMS
+CVE-2020-25482
+ RESERVED
+CVE-2020-25481
+ RESERVED
+CVE-2020-25480
+ RESERVED
+CVE-2020-25479
+ RESERVED
+CVE-2020-25478
+ RESERVED
+CVE-2020-25477
+ RESERVED
+CVE-2020-25476 (Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cro ...)
+ NOT-FOR-US: Liferay CMS Portal
+CVE-2020-25475 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injectio ...)
+ NOT-FOR-US: SimplePHPscripts News Script PHP Pro
+CVE-2020-25474 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site S ...)
+ NOT-FOR-US: SimplePHPscripts News Script PHP Pro
+CVE-2020-25473 (SimplePHPscripts News Script PHP Pro 2.3 does not properly set the Htt ...)
+ NOT-FOR-US: SimplePHPscripts News Script PHP Pro
+CVE-2020-25472 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site R ...)
+ NOT-FOR-US: SimplePHPscripts News Script PHP Pro
+CVE-2020-25471
+ RESERVED
+CVE-2020-25470 (AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability i ...)
+ NOT-FOR-US: AntSword
+CVE-2020-25469
+ RESERVED
+CVE-2020-25468
+ RESERVED
+CVE-2020-25467 (A null pointer dereference was discovered lzo_decompress_buf in stream ...)
+ - lrzip <undetermined>
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641
+ NOTE: https://github.com/ckolivas/lrzip/issues/163
+ TODO: check fixing commit
+CVE-2020-25466 (A SSRF vulnerability exists in the downloadimage interface of CRMEB 3. ...)
+ NOT-FOR-US: CRMEB
+CVE-2020-25465 (Null Pointer Dereference. in xObjectBindingFromExpression at moddable/ ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2020-25464 (Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2020-25463 (Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon. ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2020-25462 (Heap buffer overflow in the fxCheckArrowFunction function at moddable/ ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2020-25461 (Invalid Memory Access in the fxProxyGetter function in moddable/xs/sou ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2020-25460
+ RESERVED
+CVE-2020-25459
+ RESERVED
+CVE-2020-25458
+ RESERVED
+CVE-2020-25457
+ RESERVED
+CVE-2020-25456
+ RESERVED
+CVE-2020-25455
+ RESERVED
+CVE-2020-25454 (Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add re ...)
+ - grocy <itp> (bug #969056)
+CVE-2020-25453 (An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vu ...)
+ NOT-FOR-US: BlackCat CMS
+CVE-2020-25452
+ RESERVED
+CVE-2020-25451
+ RESERVED
+CVE-2020-25450
+ RESERVED
+CVE-2020-25449 (Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can ...)
+ NOT-FOR-US: Arachnys Cabot
+CVE-2020-25448
+ RESERVED
+CVE-2020-25447
+ RESERVED
+CVE-2020-25446
+ RESERVED
+CVE-2020-25445 (The &#8220;Subscribe&#8221; feature in Ultimate Booking System Booking ...)
+ NOT-FOR-US: Ultimate Booking System Booking Core
+CVE-2020-25444 (Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Bo ...)
+ NOT-FOR-US: Booking Core - Ultimate Booking System Booking Core
+CVE-2020-25443
+ RESERVED
+CVE-2020-25442
+ RESERVED
+CVE-2020-25441
+ RESERVED
+CVE-2020-25440
+ RESERVED
+CVE-2020-25439
+ RESERVED
+CVE-2020-25438
+ RESERVED
+CVE-2020-25437
+ RESERVED
+CVE-2020-25436
+ RESERVED
+CVE-2020-25435
+ RESERVED
+CVE-2020-25434
+ RESERVED
+CVE-2020-25433
+ RESERVED
+CVE-2020-25432
+ RESERVED
+CVE-2020-25431
+ RESERVED
+CVE-2020-25430
+ RESERVED
+CVE-2020-25429
+ RESERVED
+CVE-2020-25428
+ RESERVED
+CVE-2020-25427 (A Null pointer dereference vulnerability exits in MP4Box - GPAC versio ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1406
+ NOTE: https://github.com/gpac/gpac/commit/8e585e623b1d666b4ef736ed609264639cb27701
+CVE-2020-25426
+ RESERVED
+CVE-2020-25425
+ RESERVED
+CVE-2020-25424
+ RESERVED
+CVE-2020-25423
+ RESERVED
+CVE-2020-25422 (A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS ...)
+ NOT-FOR-US: Mara CMS
+CVE-2020-25421
+ RESERVED
+CVE-2020-25420
+ RESERVED
+CVE-2020-25419
+ RESERVED
+CVE-2020-25418
+ RESERVED
+CVE-2020-25417
+ RESERVED
+CVE-2020-25416
+ RESERVED
+CVE-2020-25415
+ RESERVED
+CVE-2020-25414 (A local file inclusion vulnerability was discovered in the captcha fun ...)
+ NOT-FOR-US: Monstra CMS
+CVE-2020-25413
+ RESERVED
+CVE-2020-25412 (com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write ...)
+ - gnuplot <unfixed> (unimportant)
+ NOTE: https://sourceforge.net/p/gnuplot/bugs/2303/
+ NOTE: No security impact, gnuplot can execute arbitrary commands and need to
+ NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
+CVE-2020-25411 (Projectworlds Online Examination System 1.0 is vulnerable to CSRF, whi ...)
+ NOT-FOR-US: Projectworlds Online Examination System
+CVE-2020-25410
+ RESERVED
+CVE-2020-25409 (Projectsworlds College Management System Php 1.0 is vulnerable to SQL ...)
+ NOT-FOR-US: Projectsworlds College Management System Php
+CVE-2020-25408 (A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWor ...)
+ NOT-FOR-US: ProjectWorlds College Management System Php
+CVE-2020-25407
+ RESERVED
+CVE-2020-25406 (app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to ...)
+ NOT-FOR-US: lemocms
+CVE-2020-25405
+ RESERVED
+CVE-2020-25404
+ RESERVED
+CVE-2020-25403
+ RESERVED
+CVE-2020-25402
+ RESERVED
+CVE-2020-25401
+ RESERVED
+CVE-2020-25400 (Cross domain policies in Taskcafe Project Management tool before versi ...)
+ NOT-FOR-US: Taskcafe Project Management tool
+CVE-2020-25399 (Stored XSS in InterMind iMind Server through 3.13.65 allows any user t ...)
+ NOT-FOR-US: InterMind iMind Server
+CVE-2020-25398 (CSV Injection exists in InterMind iMind Server through 3.13.65 via the ...)
+ NOT-FOR-US: InterMind iMind Server
+CVE-2020-25397
+ RESERVED
+CVE-2020-25396
+ RESERVED
+CVE-2020-25395
+ RESERVED
+CVE-2020-25394 (A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 all ...)
+ NOT-FOR-US: moziloCMS
+CVE-2020-25393
+ RESERVED
+CVE-2020-25392 (A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows att ...)
+ NOT-FOR-US: CSZ CMS
+CVE-2020-25391 (A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers ...)
+ NOT-FOR-US: CSZ CMS
+CVE-2020-25390
+ RESERVED
+CVE-2020-25389
+ RESERVED
+CVE-2020-25388
+ RESERVED
+CVE-2020-25387
+ RESERVED
+CVE-2020-25386
+ RESERVED
+CVE-2020-25385 (Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerab ...)
+ NOT-FOR-US: Nagios Log Server
+CVE-2020-25384
+ RESERVED
+CVE-2020-25383
+ RESERVED
+CVE-2020-25382
+ RESERVED
+CVE-2020-25381
+ RESERVED
+CVE-2020-25380 (Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affe ...)
+ NOT-FOR-US: Wordpress Plugin Store / Mike Rooijackers Recall Products
+CVE-2020-25379 (Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails t ...)
+ NOT-FOR-US: Wordpress Plugin Store / Mike Rooijackers Recall Products
+CVE-2020-25378 (Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is ...)
+ NOT-FOR-US: Wordpress Plugin Store / AccessPress Themes WP Floating Menu
+CVE-2020-25377
+ RESERVED
+CVE-2020-25376
+ RESERVED
+CVE-2020-25375 (Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affect ...)
+ NOT-FOR-US: Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM
+CVE-2020-25374 (CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers t ...)
+ NOT-FOR-US: CyberArk Privileged Session Manager (PSM)
+CVE-2020-25373
+ RESERVED
+CVE-2020-25372
+ RESERVED
+CVE-2020-25371
+ RESERVED
+CVE-2020-25370
+ RESERVED
+CVE-2020-25369
+ RESERVED
+CVE-2020-25368 (A command injection vulnerability was discovered in the HNAP1 protocol ...)
+ NOT-FOR-US: D-Link
+CVE-2020-25367 (A command injection vulnerability was discovered in the HNAP1 protocol ...)
+ NOT-FOR-US: D-Link
+CVE-2020-25366 (An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-8 ...)
+ NOT-FOR-US: D-Link
+CVE-2020-25365
+ RESERVED
+CVE-2020-25364
+ RESERVED
+CVE-2020-25363
+ RESERVED
+CVE-2020-25362 (The id paramater in Online Shopping Alphaware 1.0 has been discovered ...)
+ NOT-FOR-US: Online Shopping Alphaware
+CVE-2020-25361
+ RESERVED
+CVE-2020-25360
+ RESERVED
+CVE-2020-25359 (An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fix ...)
+ NOT-FOR-US: rConfig
+CVE-2020-25358
+ RESERVED
+CVE-2020-25357
+ RESERVED
+CVE-2020-25356
+ RESERVED
+CVE-2020-25355
+ RESERVED
+CVE-2020-25354
+ RESERVED
+CVE-2020-25353 (A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 ha ...)
+ NOT-FOR-US: rConfig
+CVE-2020-25352 (A stored cross-site scripting (XSS) vulnerability in the /devices.php ...)
+ NOT-FOR-US: rConfig
+CVE-2020-25351 (An information disclosure vulnerability in rConfig 3.9.5 has been fixe ...)
+ NOT-FOR-US: rConfig
+CVE-2020-25350
+ RESERVED
+CVE-2020-25349
+ RESERVED
+CVE-2020-25348
+ RESERVED
+CVE-2020-25347
+ RESERVED
+CVE-2020-25346
+ RESERVED
+CVE-2020-25345
+ RESERVED
+CVE-2020-25344
+ RESERVED
+CVE-2020-25343 (Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow ...)
+ NOT-FOR-US: Symphony CMS
+CVE-2020-25342
+ RESERVED
+CVE-2020-25341
+ RESERVED
+CVE-2020-25340 (An issue was discovered in NFStream 5.2.0. Because some allocated modu ...)
+ NOT-FOR-US: NFStream (not src:ndpi)
+CVE-2020-25339
+ RESERVED
+CVE-2020-25338
+ RESERVED
+CVE-2020-25337
+ RESERVED
+CVE-2020-25336
+ RESERVED
+CVE-2020-25335
+ RESERVED
+CVE-2020-25334
+ RESERVED
+CVE-2020-25333
+ RESERVED
+CVE-2020-25332
+ RESERVED
+CVE-2020-25331
+ RESERVED
+CVE-2020-25330
+ RESERVED
+CVE-2020-25329
+ RESERVED
+CVE-2020-25328
+ RESERVED
+CVE-2020-25327
+ RESERVED
+CVE-2020-25326
+ RESERVED
+CVE-2020-25325
+ RESERVED
+CVE-2020-25324
+ RESERVED
+CVE-2020-25323
+ RESERVED
+CVE-2020-25322
+ RESERVED
+CVE-2020-25321
+ RESERVED
+CVE-2020-25320
+ RESERVED
+CVE-2020-25319
+ RESERVED
+CVE-2020-25318
+ RESERVED
+CVE-2020-25317
+ RESERVED
+CVE-2020-25316
+ RESERVED
+CVE-2020-25315
+ RESERVED
+CVE-2020-25314
+ RESERVED
+CVE-2020-25313
+ RESERVED
+CVE-2020-25312
+ RESERVED
+CVE-2020-25311
+ RESERVED
+CVE-2020-25310
+ RESERVED
+CVE-2020-25309
+ RESERVED
+CVE-2020-25308
+ RESERVED
+CVE-2020-25307
+ RESERVED
+CVE-2020-25306
+ RESERVED
+CVE-2020-25305
+ RESERVED
+CVE-2020-25304
+ RESERVED
+CVE-2020-25303
+ RESERVED
+CVE-2020-25302
+ RESERVED
+CVE-2020-25301
+ RESERVED
+CVE-2020-25300
+ RESERVED
+CVE-2020-25299
+ RESERVED
+CVE-2020-25298
+ RESERVED
+CVE-2020-25297
+ RESERVED
+CVE-2020-25296
+ RESERVED
+CVE-2020-25295
+ RESERVED
+CVE-2020-25294
+ RESERVED
+CVE-2020-25293
+ RESERVED
+CVE-2020-25292
+ RESERVED
+CVE-2020-25291 (GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows r ...)
+ NOT-FOR-US: Kingsoft WPS Office
+CVE-2020-25290
+ RESERVED
+CVE-2020-25289 (The VPN service in AVAST SecureLine before 5.6.4982.470 allows local u ...)
+ NOT-FOR-US: VPN service in AVAST SecureLine
+CVE-2020-25288 (An issue was discovered in MantisBT before 2.24.3. When editing an Iss ...)
+ - mantis <removed>
+CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute arbitrary com ...)
+ NOT-FOR-US: Pligg CMS
+CVE-2020-25285 (A race condition between hugetlb sysctl handlers in mm/hugetlb.c in th ...)
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.8.10-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://git.kernel.org/linus/17743798d81238ab13050e8e2833699b54e15467
+CVE-2020-25284 (The rbd block device driver in drivers/block/rbd.c in the Linux kernel ...)
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.8.10-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://git.kernel.org/linus/f44d04e696feaf13d192d942c4f14ad2e117065a
+CVE-2020-25283 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-25282 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-25281 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-25280 (An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25279 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25278 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25277
+ RESERVED
+CVE-2020-25276 (An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. Wh ...)
+ NOT-FOR-US: PrimeKey
+CVE-2020-25275 (Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and ...)
+ {DSA-4825-1 DLA-2517-1}
+ - dovecot 1:2.3.13+dfsg1-1 (bug #979363)
+ NOTE: https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html
+ NOTE: https://github.com/dovecot/core/commit/67f792cb98267ee74c425772e766e7a2525c0d8f
+ NOTE: https://github.com/dovecot/core/commit/6ae93c3936fc870c313a6fdf44a0999d4129d9b8
+CVE-2020-25274
+ RESERVED
+CVE-2020-25273 (In SourceCodester Online Bus Booking System 1.0, there is Authenticati ...)
+ NOT-FOR-US: SourceCodester Online Bus Booking System
+CVE-2020-25272 (In SourceCodester Online Bus Booking System 1.0, there is XSS through ...)
+ NOT-FOR-US: SourceCodester Online Bus Booking System
+CVE-2020-25271 (PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/ ...)
+ NOT-FOR-US: PHPGurukul hospital-management-system-in-php
+CVE-2020-25270 (PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, ...)
+ NOT-FOR-US: PHPGurukul hostel-management-system
+CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...)
+ {DSA-4764-1 DLA-2375-1}
+ - inspircd 3.8.0-1 (bug #960650)
+ NOTE: https://docs.inspircd.org/security/2020-01/
+ NOTE: https://github.com/inspircd/inspircd/commit/07d7dea334fc56642793aa5ae1e05ae3185c474b (v2)
+ NOTE: https://github.com/inspircd/inspircd/commit/a9e107c646ac6d7310b55d0c2e0b06a9cec0a874 (v2)
+ NOTE: https://github.com/inspircd/inspircd/commit/6f6fa13042f319bcd56ceed112c0a969337e4161 (v2)
+ NOTE: https://github.com/inspircd/inspircd/commit/b3f1db9d162455af4b31edf231ba749140d37219 (v3)
+ NOTE: https://github.com/inspircd/inspircd/commit/fbdd08043e97c2749ce2f03382559bba89abf47a (v3)
+ NOTE: https://github.com/inspircd/inspircd/commit/b24a91181f58c7f7141de8995ff212993bcc333b (v3)
+CVE-2020-25268 (Remote Code Execution can occur via the external news feed in ILIAS 6. ...)
+ NOT-FOR-US: ILIAS
+CVE-2020-25267 (An XSS issue exists in the question-pool file-upload preview feature i ...)
+ NOT-FOR-US: ILIAS
+CVE-2020-25266 (AppImage appimaged before 1.0.3 does not properly check whether a down ...)
+ NOT-FOR-US: AppImage appimaged
+CVE-2020-25265 (AppImage libappimage before 1.0.3 allows attackers to trigger an overw ...)
+ - libappimage <unfixed> (bug #977192)
+ [buster] - libappimage <no-dsa> (Minor issue)
+ NOTE: https://github.com/AppImage/libappimage/pull/146
+ NOTE: https://github.com/refi64/CVE-2020-25265-25266
+CVE-2020-25264
+ RESERVED
+CVE-2020-25263 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the ...)
+ NOT-FOR-US: PyroCMS
+CVE-2020-25262 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the ...)
+ NOT-FOR-US: PyroCMS
+CVE-2020-25261
+ RESERVED
+CVE-2020-25260 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25259 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25258 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25257 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25256 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25255 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25254 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25253 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25252 (An issue was discovered in Hyland OnBase through 16.0.2.83 and below, ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25251 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25250 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25249 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25248 (An issue was discovered in Hyland OnBase through 16.0.2.83 and below, ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25247 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
+ NOT-FOR-US: Hyland OnBase
+CVE-2020-25246
+ RESERVED
+CVE-2020-25245 (A vulnerability has been identified in DIGSI 4 (All versions &lt; V4.9 ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25244 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25243 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25242 (A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced ( ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25241 (A vulnerability has been identified in SIMATIC MV400 family (All Versi ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25240 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25239 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25238 (A vulnerability has been identified in PCS neo (Administration Console ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25237 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25236 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25234 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25233 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25232 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25231 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25230 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25229 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25228 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25227
+ RESERVED
+CVE-2020-25226 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+ NOT-FOR-US: Siemens
+CVE-2020-25225
+ RESERVED
+CVE-2020-25224
+ RESERVED
+CVE-2020-25223 (A remote code execution vulnerability exists in the WebAdmin of Sophos ...)
+ NOT-FOR-US: Sophos
+CVE-2020-25222
+ RESERVED
+CVE-2020-25221 (get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5 ...)
+ - linux 5.8.7-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2
+CVE-2020-25220 (The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.1 ...)
+ {DLA-2420-1}
+ - linux <not-affected> (Vulnerable code not present and no partial CVE-2020-14356 fix backported)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1868453
+ NOTE: https://www.spinics.net/lists/stable/msg405099.html
+CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a rem ...)
+ {DSA-4800-1 DLA-2372-1}
+ - libproxy 0.4.15-15 (bug #971394)
+ NOTE: https://github.com/libproxy/libproxy/issues/134
+ NOTE: https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0
+CVE-2020-25218 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...)
+ NOT-FOR-US: Grandstream GRP261x VoIP phone
+CVE-2020-25217 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...)
+ NOT-FOR-US: Grandstream GRP261x VoIP phone
+CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...)
+ NOT-FOR-US: yWorks yEd Desktop
+CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...)
+ NOT-FOR-US: yWorks yEd Desktop
+CVE-2020-25214 (In the client in Overwolf 0.149.2.30, a channel can be accessed or inf ...)
+ NOT-FOR-US: Overwolf
+CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...)
+ NOT-FOR-US: File Manager (wp-file-manager) plugin for WordPress
+CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel before 5. ...)
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.7.17-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21
+CVE-2020-25211 (In the Linux kernel through 5.8.7, local attackers able to inject conn ...)
+ {DSA-4774-1 DLA-2420-1 DLA-2417-1}
+ - linux 5.8.14-1
+ NOTE: https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
+CVE-2020-25210 (In JetBrains YouTrack before 2020.3.7955, an attacker could access wor ...)
+ NOT-FOR-US: JetBrains
+CVE-2020-25209 (In JetBrains YouTrack before 2020.3.6638, improper access control for ...)
+ NOT-FOR-US: JetBrains
+CVE-2020-25208 (In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate ...)
+ NOT-FOR-US: JetBrains
+CVE-2020-25207 (JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Exe ...)
+ NOT-FOR-US: JetBrains
+CVE-2020-25206 (The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 a ...)
+ NOT-FOR-US: F-Secure
+CVE-2020-25205 (The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 i ...)
+ NOT-FOR-US: F-Secure
+CVE-2020-25204 (The God Kings application 0.60.1 for Android exposes a broadcast recei ...)
+ NOT-FOR-US: God Kings application for Android
+CVE-2020-25203 (The Framer Preview application 12 for Android exposes com.framer.viewe ...)
+ NOT-FOR-US: Framer Preview application
+CVE-2020-25576 (An issue was discovered in the rand_core crate before 0.4.2 for Rust. ...)
+ - rust-rand-core 0.5.0-1 (bug #969911; low)
+ [buster] - rust-rand-core <ignored> (Minor issue)
+ - rust-rand-core-0.3 <removed> (bug #970186; low)
+ - rust-rand-core-0.2 <removed> (bug #970185; low)
+ [buster] - rust-rand-core-0.2 <ignored> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0035.html
+ NOTE: https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06
+CVE-2020-25574 (An issue was discovered in the http crate before 0.1.20 for Rust. An i ...)
+ - rust-http 0.1.19-2 (bug #969896; low)
+ [buster] - rust-http <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0033.html
+ NOTE: https://github.com/hyperium/http/issues/352
+CVE-2020-25575 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure ...)
+ - rust-failure <unfixed> (bug #969839; low)
+ [bullseye] - rust-failure <ignored> (Minor issue; unmaintained upstream)
+ [buster] - rust-failure <ignored> (Minor issue; unmaintained upstream)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0036.html
+ NOTE: https://github.com/rust-lang-nursery/failure/issues/336
+CVE-2020-25202
+ RESERVED
+CVE-2020-25201 (HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a names ...)
+ - consul 1.8.6+dfsg1-1 (bug #973892)
+ [buster] - consul <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/hashicorp/consul/pull/9024
+ NOTE: https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020
+CVE-2020-25200 (** DISPUTED ** Pritunl 1.29.2145.25 allows attackers to enumerate vali ...)
+ NOT-FOR-US: Pritunl
+CVE-2020-25199 (A heap-based buffer overflow vulnerability exists within the WECON Lev ...)
+ NOT-FOR-US: WECON LeviStudioU
+CVE-2020-25198 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
+ NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
+CVE-2020-25197
+ RESERVED
+CVE-2020-25196 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
+ NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
+CVE-2020-25195 (The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM ...)
+ NOT-FOR-US: Host Engineering
+CVE-2020-25194 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
+ NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
+CVE-2020-25193
+ RESERVED
+CVE-2020-25192 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
+ NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
+CVE-2020-25191 (Incorrect permissions are set by default for an API entry-point of a s ...)
+ NOT-FOR-US: National Instruments Corp. (NI)
+CVE-2020-25190 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...)
+ NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
+CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer overflo ...)
+ NOT-FOR-US: Paradox IP150
+CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...)
+ NOT-FOR-US: LAquis SCADA
+CVE-2020-25187 (Medtronic MyCareLink Smart 25000 all versions are vulnerable when an a ...)
+ NOT-FOR-US: Medtronic MyCareLink Smart 25000
+CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 2019-09-2 ...)
+ NOT-FOR-US: LeviStudioU Release
+CVE-2020-25185 (The affected product is vulnerable to five post-authentication buffer ...)
+ NOT-FOR-US: Paradox IP150
+CVE-2020-25184
+ RESERVED
+CVE-2020-25183 (Medtronic MyCareLink Smart 25000 all versions contain an authenticatio ...)
+ NOT-FOR-US: Medtronic MyCareLink Smart 25000
+CVE-2020-25182
+ RESERVED
+CVE-2020-25181 (WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer over ...)
+ NOT-FOR-US: WECON PLC Editor
+CVE-2020-25180
+ RESERVED
+CVE-2020-25179 (GE Healthcare Imaging and Ultrasound Products may allow specific crede ...)
+ NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
+CVE-2020-25178
+ RESERVED
+CVE-2020-25177 (WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer ove ...)
+ NOT-FOR-US: WECON PLC Editor
+CVE-2020-25176
+ RESERVED
+CVE-2020-25175 (GE Healthcare Imaging and Ultrasound Products may allow specific crede ...)
+ NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products
+CVE-2020-25174 (A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3 ...)
+ NOT-FOR-US: B. Braun OnlineSuite Version AP
+CVE-2020-25173 (An attacker with local network access can obtain a fixed cryptography ...)
+ NOT-FOR-US: Reolink P2P cameras
+CVE-2020-25172 (A relative path traversal attack in the B. Braun OnlineSuite Version A ...)
+ NOT-FOR-US: B. Braun OnlineSuite Version AP
+CVE-2020-25171 (The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 ar ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2020-25170 (An Excel Macro Injection vulnerability exists in the export feature in ...)
+ NOT-FOR-US: B. Braun OnlineSuite Version AP
+CVE-2020-25169 (The affected Reolink P2P products do not sufficiently protect data tra ...)
+ NOT-FOR-US: Reolink P2P products
+CVE-2020-25168
+ RESERVED
+CVE-2020-25167
+ RESERVED
+CVE-2020-25166
+ RESERVED
+CVE-2020-25165 (BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alar ...)
+ NOT-FOR-US: BD Alaris PC Unit
+CVE-2020-25164
+ RESERVED
+CVE-2020-25163
+ RESERVED
+CVE-2020-25162
+ RESERVED
+CVE-2020-25161 (The WADashboard component of WebAccess/SCADA Versions 9.0 and prior ma ...)
+ NOT-FOR-US: WebAccess/SCADA
+CVE-2020-25160
+ RESERVED
+CVE-2020-25159 (499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack- ...)
+ NOT-FOR-US: 499ES
+CVE-2020-25158
+ RESERVED
+CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection ...)
+ NOT-FOR-US: R-SeeNet
+CVE-2020-25156
+ RESERVED
+CVE-2020-25155 (The affected product transmits unencrypted sensitive information, whic ...)
+ NOT-FOR-US: NEXCOM
+CVE-2020-25154
+ RESERVED
+CVE-2020-25153 (The built-in web service for MOXA NPort IAW5000A-I/O firmware version ...)
+ NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
+CVE-2020-25152
+ RESERVED
+CVE-2020-25151 (The affected product does not properly validate input, which may allow ...)
+ NOT-FOR-US: NEXCOM
+CVE-2020-25150
+ RESERVED
+CVE-2020-25149 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25148 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25147 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25146 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25145 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25144 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25143 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25142 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25141 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25140 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25139 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25138 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25137 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25136 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25135 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25134 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25133 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25132 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25131 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25130 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25129
+ RESERVED
+CVE-2020-25128
+ RESERVED
+CVE-2020-25127
+ RESERVED
+CVE-2020-25126
+ RESERVED
+CVE-2020-25124 (The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.p ...)
+ NOT-FOR-US: vBulletin
+CVE-2020-25123 (The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smili ...)
+ NOT-FOR-US: vBulletin
+CVE-2020-25122 (The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Ran ...)
+ NOT-FOR-US: vBulletin
+CVE-2020-25121 (The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription E ...)
+ NOT-FOR-US: vBulletin
+CVE-2020-25120 (The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php? ...)
+ NOT-FOR-US: vBulletin
+CVE-2020-25119 (The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help ...)
+ NOT-FOR-US: vBulletin
+CVE-2020-25118 (The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Setting ...)
+ NOT-FOR-US: vBulletin
+CVE-2020-25117 (The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title t ...)
+ NOT-FOR-US: vBulletin
+CVE-2020-25116 (The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title t ...)
+ NOT-FOR-US: vBulletin
+CVE-2020-25115 (The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or ...)
+ NOT-FOR-US: vBulletin
+CVE-2020-25114
+ RESERVED
+CVE-2020-25113
+ RESERVED
+CVE-2020-25112 (An issue was discovered in the IPv6 stack in Contiki through 3.0. Ther ...)
+ NOT-FOR-US: Contiki
+CVE-2020-25111 (An issue was discovered in the IPv6 stack in Contiki through 3.0. Ther ...)
+ NOT-FOR-US: Contiki
+CVE-2020-25110 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
+ NOT-FOR-US: Nut/OS
+CVE-2020-25109 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
+ NOT-FOR-US: Nut/OS
+CVE-2020-25108 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
+ NOT-FOR-US: Nut/OS
+CVE-2020-25107 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...)
+ NOT-FOR-US: Nut/OS
+CVE-2020-25106 (Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem ...)
+ NOT-FOR-US: Nanosystems SupRemo
+CVE-2020-25105 (eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recove ...)
+ NOT-FOR-US: eramba
+CVE-2020-25104 (eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted f ...)
+ NOT-FOR-US: eramba
+CVE-2020-25103
+ RESERVED
+CVE-2020-25102 (silverstripe-advancedreports (aka the Advanced Reports module for Silv ...)
+ NOT-FOR-US: silverstripe-advancedreports
+CVE-2020-25101
+ RESERVED
+CVE-2020-25125 (GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, le ...)
+ - gnupg2 <not-affected> (Only affects versions 2.2.21 and 2.2.22)
+ NOTE: https://dev.gnupg.org/T5050
+ NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html
+CVE-2020-25100
+ RESERVED
+CVE-2020-25099
+ RESERVED
+CVE-2020-25098
+ RESERVED
+CVE-2020-25097 (An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. D ...)
+ {DSA-4873-1 DLA-2598-1}
+ - squid 4.13-8 (bug #985068)
+ - squid3 <removed>
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
+ NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch
+CVE-2020-25096 (LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Us ...)
+ NOT-FOR-US: LogRhythm Platform Manager (PM)
+CVE-2020-25095 (LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface i ...)
+ NOT-FOR-US: LogRhythm Platform Manager (PM)
+CVE-2020-25094 (LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit ...)
+ NOT-FOR-US: LogRhythm Platform Manager (PM)
+CVE-2020-25093 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.p ...)
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
+CVE-2020-25092 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts ...)
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
+CVE-2020-25091 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
+CVE-2020-25090 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
+CVE-2020-25089 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
+CVE-2020-25088 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
+CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
+CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
+CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue ...)
+ {DLA-2469-1}
+ - qemu 1:5.2+dfsg-1 (bug #970540)
+ [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html
+ NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/6
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1892960
+ NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fsdhci_oob_write1
+ NOTE: The second patch referenced appears not to be needed with the commited
+ NOTE: fix and relates to the CVE-2020-17380 assignment.
+ NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3 (v5.2.0-rc0)
+CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_p ...)
+ {DLA-2560-1}
+ - qemu 1:5.2+dfsg-1 (bug #970539)
+ [buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html
+ NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/5
+ NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fxhci_uaf_2
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=21bc31524e8ca487e976f713b878d7338ee00df2
+CVE-2020-25083
+ RESERVED
+CVE-2020-25082 (An attacker with physical access to Nuvoton Trusted Platform Module (N ...)
+ NOT-FOR-US: Nuvoton
+CVE-2020-25081
+ RESERVED
+CVE-2020-25080
+ RESERVED
+CVE-2020-25079 (An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and ...)
+ NOT-FOR-US: D-Link
+CVE-2020-25078 (An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and ...)
+ NOT-FOR-US: D-Link
+CVE-2020-25077
+ RESERVED
+CVE-2020-25076
+ RESERVED
+CVE-2020-25075
+ RESERVED
+CVE-2020-25074 (The cache action in action/cache.py in MoinMoin through 1.9.10 allows ...)
+ {DSA-4787-1 DLA-2446-1}
+ - moin <removed>
+ NOTE: https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq
+ NOTE: https://github.com/moinwiki/moin-1.9/commit/d1e5fc7d3708d877353ca64dd4aa7cfd1cde4cb4 (1.9.11)
+CVE-2020-25072
+ RESERVED
+CVE-2020-25071 (** DISPUTED ** Nifty Project Management Web Application 2020-08-26 all ...)
+ NOT-FOR-US: Nifty Project Management Web Application
+CVE-2020-25070 (USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the ...)
+ NOT-FOR-US: User-friendly SVN
+CVE-2020-25069 (USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute ...)
+ NOT-FOR-US: User-friendly SVN
+CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain sensitive i ...)
+ - plinth 20.14
+ [buster] - plinth 19.1+deb10u1
+ [stretch] - plinth <no-dsa> (Minor issue)
+ NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935
+ NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/822c322d20d12f81c6cfca47b66f900542a5aac2
+CVE-2020-25068 (Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vuln ...)
+ NOT-FOR-US: Setelsa Conacwin
+CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command injecti ...)
+ NOT-FOR-US: Netgear
+CVE-2020-25066 (A heap-based buffer overflow in the Treck HTTP Server component before ...)
+ NOT-FOR-US: Treck
+CVE-2020-25065 (An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-25064 (An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-25063 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-25062 (An issue was discovered on LG mobile devices with Android OS 9 and 10 ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-25061 (An issue was discovered on LG mobile devices with Android OS 9 and 10 ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-25060 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-25059 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-25058 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-25057 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-25056 (An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25055 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25054 (An issue was discovered on Samsung mobile devices with software throug ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25053 (An issue was discovered on Samsung mobile devices with Q(10.0) (exynos ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25052 (An issue was discovered on Samsung mobile devices with Q(10.0) (exynos ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25051 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25050 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25049 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25048 (An issue was discovered on Samsung mobile devices with Q(10.0) (with O ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25047 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25046 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-25045 (Installers of Kaspersky Security Center and Kaspersky Security Center ...)
+ NOT-FOR-US: Kaspersky
+CVE-2020-25044 (Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable ...)
+ NOT-FOR-US: Kaspersky
+CVE-2020-25043 (The installer of Kaspersky VPN Secure Connection prior to 5.0 was vuln ...)
+ NOT-FOR-US: Kaspersky
+CVE-2020-25042 (An arbitrary file upload issue exists in Mara CMS 7.5. In order to exp ...)
+ NOT-FOR-US: Mara CMS
+CVE-2020-25041
+ RESERVED
+CVE-2020-25040 (Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
+ - singularity-container <unfixed> (bug #970465)
+ NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762
+CVE-2020-25039 (Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on tem ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
+ - singularity-container <unfixed> (bug #970465)
+ NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7
+CVE-2020-25038
+ RESERVED
+CVE-2020-25037 (UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admi ...)
+ NOT-FOR-US: UCOPIA Wi-Fi appliances
+CVE-2020-25036 (UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to ...)
+ NOT-FOR-US: UCOPIA Wi-Fi appliances
+CVE-2020-25035 (UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root ...)
+ NOT-FOR-US: UCOPIA Wi-Fi appliances
+CVE-2020-25034 (eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authentic ...)
+ NOT-FOR-US: eMPS
+CVE-2020-25033 (The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for ...)
+ NOT-FOR-US: Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin for WordPress
+CVE-2020-25032 (An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) ...)
+ {DSA-4775-1}
+ - python-flask-cors 3.0.9-1 (bug #969362)
+ NOTE: https://github.com/corydolphin/flask-cors/commit/67c4b2cc98ae87cf1fa7df4f97fd81b40c79b895
+CVE-2020-25031 (checkinstall 1.6.2, when used to create a package that contains a syml ...)
+ - checkinstall <unfixed> (unimportant)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/checkinstall/+bug/1861281
+ NOTE: Does not cross any reasonable trust boundary, the packages to be installed need to be
+ NOTE: trusted to begin with, a rogue package can cause more harm than a 777 binary
+CVE-2020-25030
+ RESERVED
+CVE-2020-25029
+ RESERVED
+CVE-2020-25028
+ RESERVED
+CVE-2020-25027
+ RESERVED
+CVE-2020-25026 (The sf_event_mgt (aka Event management and registration) extension bef ...)
+ NOT-FOR-US: Typo extension
+CVE-2020-25025 (The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x bef ...)
+ NOT-FOR-US: Typo extension
+CVE-2020-25024
+ RESERVED
+CVE-2020-25023 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrC ...)
+ NOT-FOR-US: Noise-Java
+CVE-2020-25022 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallba ...)
+ NOT-FOR-US: Noise-Java
+CVE-2020-25021 (An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCi ...)
+ NOT-FOR-US: Noise-Java
+CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectRe ...)
+ NOT-FOR-US: MPXJ
+CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...)
+ NOT-FOR-US: jitsi-meet-electron
+CVE-2020-25018 (Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2020-25017 (Envoy through 1.15.0 only considers the first value when multiple head ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. Genexis ...)
+ NOT-FOR-US: Genexis Platinum 4410 V2-1.28
+CVE-2020-25014 (A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-25013 (JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Ser ...)
+ NOT-FOR-US: JetBrains
+CVE-2020-25012
+ RESERVED
+CVE-2020-25011 (A sensitive information disclosure vulnerability in Kyland KPS2204 6 P ...)
+ NOT-FOR-US: Kyland
+CVE-2020-25010 (An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Man ...)
+ NOT-FOR-US: Kyland
+CVE-2020-25009
+ RESERVED
+CVE-2020-25008
+ RESERVED
+CVE-2020-25007
+ RESERVED
+CVE-2020-25006 (Heybbs v1.2 has a SQL injection vulnerability in login.php file via th ...)
+ NOT-FOR-US: Heybbs
+CVE-2020-25005 (Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ...)
+ NOT-FOR-US: Heybbs
+CVE-2020-25004 (Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ...)
+ NOT-FOR-US: Heybbs
+CVE-2020-25003
+ RESERVED
+CVE-2020-25002
+ RESERVED
+CVE-2020-25001
+ RESERVED
+CVE-2020-25000
+ RESERVED
+CVE-2020-24999 (There is an invalid memory access in the function fprintf located in E ...)
+ - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
+ NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029
+CVE-2020-24998
+ RESERVED
+CVE-2020-24997
+ RESERVED
+CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...)
+ - xpdf <not-affected> (xpdf in Debian uses poppler, which is fixed)
+ NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028
+CVE-2020-24995 (Buffer overflow vulnerability in sniff_channel_order function in aacde ...)
+ - ffmpeg <not-affected> (Only affects 4.4 development branches)
+ NOTE: https://trac.ffmpeg.org/ticket/8845
+ NOTE: https://trac.ffmpeg.org/ticket/8859
+ NOTE: https://trac.ffmpeg.org/ticket/8860
+ NOTE: Support for 22.2 / channel_config 13 introduced in:
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
+ NOTE: Fixed by: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
+ NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
+CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c in liba ...)
+ - libass 1:0.15.0-1
+ [buster] - libass <no-dsa> (Minor issue)
+ [stretch] - libass <no-dsa> (Minor issue)
+ NOTE: https://github.com/libass/libass/issues/422
+ NOTE: https://github.com/libass/libass/issues/423
+ NOTE: https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e799 (0.15.0)
+CVE-2020-24993 (There is a cross site scripting vulnerability on CmsWing 1.3.7. This v ...)
+ NOT-FOR-US: CmsWing
+CVE-2020-24992 (There is a cross site scripting vulnerability on CmsWing 1.3.7. This v ...)
+ NOT-FOR-US: CmsWing
+CVE-2020-24991
+ RESERVED
+CVE-2020-24990 (An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing ...)
+ NOT-FOR-US: QSC Q-SYS Core Manager
+CVE-2020-24989
+ RESERVED
+CVE-2020-24988
+ RESERVED
+CVE-2020-24987 (Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(631 ...)
+ NOT-FOR-US: Tenda AC18 Router
+CVE-2020-24986 (Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File ...)
+ NOT-FOR-US: Concrete5
+CVE-2020-24985 (An issue was discovered in Quadbase EspressReports ES 7 Update 9. An a ...)
+ NOT-FOR-US: Quadbase EspressReports
+CVE-2020-24984 (An issue was discovered in Quadbase EspressReports ES 7 Update 9. It a ...)
+ NOT-FOR-US: Quadbase EspressReports
+CVE-2020-24983 (An issue was discovered in Quadbase EspressReports ES 7 Update 9. An u ...)
+ NOT-FOR-US: Quadbase EspressReports
+CVE-2020-24982 (An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9 ...)
+ NOT-FOR-US: Quadbase EspressDashboard
+CVE-2020-24981 (An Incorrect Access Control vulnerability exists in /ucms/chk.php in U ...)
+ NOT-FOR-US: UCMS
+CVE-2020-24980
+ REJECTED
+CVE-2020-24979
+ REJECTED
+CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...)
+ - nasm 2.15.04-1
+ [buster] - nasm <no-dsa> (Minor issue)
+ [stretch] - nasm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712
+ NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7
+CVE-2020-24977 (GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerabil ...)
+ {DLA-2369-1}
+ - libxml2 2.9.10+dfsg-6.2 (unimportant; bug #969529)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u2
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
+ NOTE: The issue is specific and restricted to xmllint:
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178#note_892545
+ NOTE: and present before the 0b19f236a263 ("Fixed ICU to set flush correctly and
+ NOTE: provide pivot buffer.") commit itself.
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-24976
+ RESERVED
+CVE-2020-24975
+ RESERVED
+CVE-2020-24974
+ RESERVED
+CVE-2020-24973
+ RESERVED
+CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG ...)
+ - kleopatra 4:20.08.2-2
+ [buster] - kleopatra <no-dsa> (Minor issue)
+ [stretch] - kleopatra <not-affected> (Vulnerable code added to Debian in version 4:18.07.90-1)
+ NOTE: Introduced via: https://dev.gnupg.org/rKLEOPATRAd1cd40bae47eb349e14750601223b6b5d9f71940 (v18.07.80+)
+ NOTE: Fixed by: https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b
+ NOTE: https://security.gentoo.org/glsa/202008-21
+CVE-2020-24971
+ RESERVED
+CVE-2020-24970
+ RESERVED
+CVE-2020-24969
+ RESERVED
+CVE-2020-24968
+ RESERVED
+CVE-2020-24967
+ RESERVED
+CVE-2020-24966
+ RESERVED
+CVE-2020-24965
+ RESERVED
+CVE-2020-24964
+ RESERVED
+CVE-2020-24963 (An Authenticated Persistent XSS vulnerability was discovered in the Be ...)
+ NOT-FOR-US: Best Support System
+CVE-2020-24962
+ RESERVED
+CVE-2020-24961
+ RESERVED
+CVE-2020-24960
+ RESERVED
+CVE-2020-24959
+ RESERVED
+CVE-2020-24958
+ RESERVED
+CVE-2020-24957
+ RESERVED
+CVE-2020-24956
+ RESERVED
+CVE-2020-24955 (SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local ...)
+ NOT-FOR-US: SUPERAntiSyware Professional
+CVE-2020-24954
+ RESERVED
+CVE-2020-24953
+ RESERVED
+CVE-2020-24952
+ RESERVED
+CVE-2020-24951
+ RESERVED
+CVE-2020-24950
+ RESERVED
+CVE-2020-24949 (Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php all ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-24948 (The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 doe ...)
+ NOT-FOR-US: Autoptimize Wordpress Plugin
+CVE-2020-24947
+ RESERVED
+CVE-2020-24946
+ RESERVED
+CVE-2020-24945
+ RESERVED
+CVE-2020-24944 (picoquic (before 3rd of July 2020) allows attackers to cause a denial ...)
+ NOT-FOR-US: picoquic
+CVE-2020-24943
+ RESERVED
+CVE-2020-24942
+ RESERVED
+CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24. ...)
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://blog.laravel.com/security-release-laravel-61835-7240
+CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...)
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://blog.laravel.com/security-release-laravel-61834-7232
+CVE-2020-24939 (Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to ...)
+ NOT-FOR-US: Stampit supermixer
+CVE-2020-24938
+ RESERVED
+CVE-2020-24937
+ RESERVED
+CVE-2020-24936
+ RESERVED
+CVE-2020-24935
+ RESERVED
+CVE-2020-24934
+ RESERVED
+CVE-2020-24933
+ RESERVED
+CVE-2020-24932 (An SQL Injection vulnerability exists in Sourcecodester Complaint Mana ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2020-24931
+ RESERVED
+CVE-2020-24930 (Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open ...)
+ NOT-FOR-US: Wuzhi CMS
+CVE-2020-24929
+ RESERVED
+CVE-2020-24928 (managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted ...)
+ NOT-FOR-US: PreMiD
+CVE-2020-24927
+ RESERVED
+CVE-2020-24926
+ RESERVED
+CVE-2020-24925 (A Sensitive Source Code Path Disclosure vulnerability is found in Elka ...)
+ - elkarbackup <itp> (bug #865046)
+CVE-2020-24924 (A Persistent Cross-site Scripting vulnerability is found in ElkarBacku ...)
+ - elkarbackup <itp> (bug #865046)
+CVE-2020-24923
+ RESERVED
+CVE-2020-24922
+ RESERVED
+CVE-2020-24921
+ RESERVED
+CVE-2020-24920
+ RESERVED
+CVE-2020-24919
+ RESERVED
+CVE-2020-24918 (A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Serve ...)
+ NOT-FOR-US: Ambarella
+CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxA ...)
+ NOT-FOR-US: osTicket
+CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulner ...)
+ {DSA-4773-1 DLA-2384-1}
+ - yaws 2.0.8+dfsg-1
+ NOTE: https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1
+ NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection
+CVE-2020-24915
+ RESERVED
+CVE-2020-24914 (A PHP object injection bug in profile.php in qcubed (all versions incl ...)
+ NOT-FOR-US: qcubed
+CVE-2020-24913 (A SQL injection vulnerability in qcubed (all versions including 3.1.1) ...)
+ NOT-FOR-US: qcubed
+CVE-2020-24912 (A reflected cross-site scripting (XSS) vulnerability in qcubed (all ve ...)
+ NOT-FOR-US: qcubed
+CVE-2020-24911
+ RESERVED
+CVE-2020-24910
+ RESERVED
+CVE-2020-24909
+ RESERVED
+CVE-2020-24908 (Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges ...)
+ - check-mk <removed>
+CVE-2020-24907
+ RESERVED
+CVE-2020-24906
+ RESERVED
+CVE-2020-24905
+ RESERVED
+CVE-2020-24904
+ RESERVED
+CVE-2020-24903 (Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scri ...)
+ NOT-FOR-US: Cute Editor for ASP.NET
+CVE-2020-24902 (Quixplorer &lt;=2.4.1 is vulnerable to reflected cross-site scripting ...)
+ NOT-FOR-US: Quixplorer
+CVE-2020-24901 (The default installation of Krpano Panorama Viewer version &lt;=1.20.8 ...)
+ NOT-FOR-US: Krpano Panorama Viewer
+CVE-2020-24900 (The default installation of Krpano Panorama Viewer version &lt;=1.20.8 ...)
+ NOT-FOR-US: Krpano Panorama Viewer
+CVE-2020-24899 (Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerabi ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-24898 (The Table Filter and Charts for Confluence Server app before 5.3.26 (f ...)
+ NOT-FOR-US: Confluence Server app for Atlassian Confluence
+CVE-2020-24897 (The Table Filter and Charts for Confluence Server app before 5.3.25 (f ...)
+ NOT-FOR-US: Confluence Server app for Atlassian Confluence
+CVE-2020-24896
+ RESERVED
+CVE-2020-24895
+ RESERVED
+CVE-2020-24894
+ RESERVED
+CVE-2020-24893
+ RESERVED
+CVE-2020-24892
+ RESERVED
+CVE-2020-24891
+ REJECTED
+CVE-2020-24890 (** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerabilit ...)
+ - libraw <unfixed> (unimportant)
+ NOTE: https://github.com/LibRaw/LibRaw/issues/335
+ NOTE: https://github.com/LibRaw/LibRaw/issues/335#issuecomment-677637276
+CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version &lt; 20.0 LibRaw::Ge ...)
+ - libraw 0.20.2-1
+ [buster] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/LibRaw/LibRaw/issues/334
+ NOTE: https://github.com/LibRaw/LibRaw/commit/78d323ecbe6a9752aee6e97118a76d40704d73ee
+CVE-2020-24888
+ RESERVED
+CVE-2020-24887
+ RESERVED
+CVE-2020-24886
+ RESERVED
+CVE-2020-24885
+ RESERVED
+CVE-2020-24884
+ RESERVED
+CVE-2020-24883
+ RESERVED
+CVE-2020-24882
+ RESERVED
+CVE-2020-24881 (SSRF exists in osTicket before 1.14.3, where an attacker can add malic ...)
+ NOT-FOR-US: osTicket
+CVE-2020-24880
+ RESERVED
+CVE-2020-24879
+ RESERVED
+CVE-2020-24878
+ RESERVED
+CVE-2020-24877 (A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php ...)
+ NOT-FOR-US: zzzphp
+CVE-2020-24876 (Use of a hard-coded cryptographic key in Pancake versions &lt; 4.13.29 ...)
+ NOT-FOR-US: Pancake
+CVE-2020-24875
+ RESERVED
+CVE-2020-24874
+ RESERVED
+CVE-2020-24873
+ RESERVED
+CVE-2020-24872
+ RESERVED
+CVE-2020-24871
+ RESERVED
+CVE-2020-24870 (Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_ ...)
+ - libraw 0.20.2-1
+ [buster] - libraw <not-affected> (Vulnerable code not present)
+ [stretch] - libraw <not-affected> (vulnerable code not present)
+ NOTE: https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d
+ NOTE: https://github.com/LibRaw/LibRaw/issues/330
+CVE-2020-24869
+ RESERVED
+CVE-2020-24868
+ RESERVED
+CVE-2020-24867
+ RESERVED
+CVE-2020-24866
+ RESERVED
+CVE-2020-24865
+ RESERVED
+CVE-2020-24864
+ RESERVED
+CVE-2020-24863 (A memory corruption vulnerability was found in the kernel function ker ...)
+ NOT-FOR-US: FreeBSD and MidnightBSD
+CVE-2020-24862 (The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has ...)
+ NOT-FOR-US: Pharmacy Medical Store and Sale Point
+CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20 for R ...)
+ - rust-rgb <unfixed> (bug #969213)
+ [bullseye] - rust-rgb <no-dsa> (Minor issue)
+ [buster] - rust-rgb <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0029.html
+ NOTE: https://github.com/kornelski/rust-rgb/issues/35
+CVE-2020-24861 (GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings p ...)
+ NOT-FOR-US: GetSimple CMS
+CVE-2020-24860 (CMS Made Simple 2.2.14 allows an authenticated user with access to the ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-24859
+ RESERVED
+CVE-2020-24858
+ RESERVED
+CVE-2020-24857
+ RESERVED
+CVE-2020-24856
+ RESERVED
+CVE-2020-24855
+ RESERVED
+CVE-2020-24854
+ RESERVED
+CVE-2020-24853
+ RESERVED
+CVE-2020-24852
+ RESERVED
+CVE-2020-24851
+ RESERVED
+CVE-2020-24850
+ RESERVED
+CVE-2020-24849 (A remote code execution vulnerability is identified in FruityWifi thro ...)
+ NOT-FOR-US: FruityWifi
+CVE-2020-24848 (FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) N ...)
+ NOT-FOR-US: FruityWifi
+CVE-2020-24847 (A Cross-Site Request Forgery (CSRF) vulnerability is identified in Fru ...)
+ NOT-FOR-US: FruityWifi
+CVE-2020-24846
+ RESERVED
+CVE-2020-24845
+ RESERVED
+CVE-2020-24844
+ RESERVED
+CVE-2020-24843
+ RESERVED
+CVE-2020-24842 (PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can e ...)
+ NOT-FOR-US: PNPSCADA
+CVE-2020-24841 (PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in ...)
+ NOT-FOR-US: PNPSCADA
+CVE-2020-24840
+ RESERVED
+CVE-2020-24839
+ RESERVED
+CVE-2020-24838 (An integer overflow has been found in the the latest version of Issuer ...)
+ NOT-FOR-US: Issuer
+CVE-2020-24837 (An integer underflow has been found in the latest version of ZCFees. T ...)
+ NOT-FOR-US: ZCFees
+CVE-2020-24836
+ RESERVED
+CVE-2020-24835
+ RESERVED
+CVE-2020-24834
+ RESERVED
+CVE-2020-24833
+ RESERVED
+CVE-2020-24832
+ RESERVED
+CVE-2020-24831
+ RESERVED
+CVE-2020-24830
+ RESERVED
+CVE-2020-24829 (An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It ...)
+ - gpac 1.0.1+dfsg1-2
+ NOTE: https://github.com/gpac/gpac/issues/1422
+ NOTE: https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+CVE-2020-24828
+ RESERVED
+CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
+ - libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
+ NOTE: https://github.com/aclements/libelfin/issues/47
+ NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc181
+CVE-2020-24826 (A vulnerability in the elf::section::as_strtab function of Libelfin v0 ...)
+ - libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
+ NOTE: https://github.com/aclements/libelfin/issues/49
+ NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-elfsectionas_strtab-at-elfelfcc284
+CVE-2020-24825 (A vulnerability in the line_table::line_table function of Libelfin v0. ...)
+ - libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
+ NOTE: https://github.com/aclements/libelfin/issues/46
+ NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-line_tableline_table-at-dwarflinecc104
+CVE-2020-24824 (A global buffer overflow issue in the dwarf::line_table::line_table fu ...)
+ - libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
+ NOTE: https://github.com/aclements/libelfin/issues/48
+ NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#global-buffer-overflow-in-function-dwarfline_tableline_table-at-dwarflinecc107
+CVE-2020-24823 (A vulnerability in the dwarf::to_string function of Libelfin v0.3 allo ...)
+ - libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
+ NOTE: https://github.com/aclements/libelfin/issues/51
+ NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfto_string-at-dwarfvaluecc300
+CVE-2020-24822 (A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 a ...)
+ - libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
+ NOTE: https://github.com/aclements/libelfin/issues/50
+ NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursoruleb128-at-dwarfinternalhh154
+CVE-2020-24821 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...)
+ - libelfin <unfixed>
+ [bullseye] - libelfin <no-dsa> (Minor issue)
+ [buster] - libelfin <no-dsa> (Minor issue)
+ [stretch] - libelfin <no-dsa> (Minor issue)
+ NOTE: https://github.com/aclements/libelfin/issues/52
+ NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc191
+CVE-2020-24820
+ RESERVED
+CVE-2020-24819
+ RESERVED
+CVE-2020-24818
+ RESERVED
+CVE-2020-24817
+ RESERVED
+CVE-2020-24816
+ RESERVED
+CVE-2020-24815 (A Server-Side Request Forgery (SSRF) affecting the PDF generation in M ...)
+ NOT-FOR-US: MicroStrategy
+CVE-2020-24814
+ RESERVED
+CVE-2020-24813
+ RESERVED
+CVE-2020-24812
+ RESERVED
+CVE-2020-24811
+ RESERVED
+CVE-2020-24810
+ RESERVED
+CVE-2020-24809
+ RESERVED
+CVE-2020-24808
+ RESERVED
+CVE-2020-24807 (** UNSUPPORTED WHEN ASSIGNED ** The socket.io-file package through 2.0 ...)
+ NOT-FOR-US: Node socket.io-file
+CVE-2020-24806
+ RESERVED
+CVE-2020-24805
+ RESERVED
+CVE-2020-24804
+ RESERVED
+CVE-2020-24803
+ RESERVED
+CVE-2020-24802
+ RESERVED
+CVE-2020-24801
+ RESERVED
+CVE-2020-24800
+ RESERVED
+CVE-2020-24799
+ RESERVED
+CVE-2020-24798
+ RESERVED
+CVE-2020-24797
+ RESERVED
+CVE-2020-24796
+ RESERVED
+CVE-2020-24795
+ RESERVED
+CVE-2020-24794 (Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. ...)
+ NOT-FOR-US: Kentico
+CVE-2020-24793
+ RESERVED
+CVE-2020-24792
+ RESERVED
+CVE-2020-24791 (FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' paramete ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2020-24790
+ RESERVED
+CVE-2020-24789
+ RESERVED
+CVE-2020-24788
+ RESERVED
+CVE-2020-24787
+ RESERVED
+CVE-2020-24786 (An issue was discovered in Zoho ManageEngine Exchange Reporter Plus be ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2020-24785
+ RESERVED
+CVE-2020-24784
+ RESERVED
+CVE-2020-24783
+ RESERVED
+CVE-2020-24782
+ RESERVED
+CVE-2020-24781
+ RESERVED
+CVE-2020-24780
+ RESERVED
+CVE-2020-24779
+ RESERVED
+CVE-2020-24778
+ RESERVED
+CVE-2020-24777
+ RESERVED
+CVE-2020-24776
+ RESERVED
+CVE-2020-24775
+ RESERVED
+CVE-2020-24774
+ RESERVED
+CVE-2020-24773
+ RESERVED
+CVE-2020-24772
+ RESERVED
+CVE-2020-24771
+ RESERVED
+CVE-2020-24770
+ RESERVED
+CVE-2020-24769
+ RESERVED
+CVE-2020-24768
+ RESERVED
+CVE-2020-24767
+ RESERVED
+CVE-2020-24766
+ RESERVED
+CVE-2020-24765 (InterMind iMind Server through 3.13.65 allows remote unauthenticated a ...)
+ NOT-FOR-US: InterMind iMind Server
+CVE-2020-24764
+ RESERVED
+CVE-2020-24763
+ RESERVED
+CVE-2020-24762
+ RESERVED
+CVE-2020-24761
+ RESERVED
+CVE-2020-24760
+ RESERVED
+CVE-2020-24759
+ RESERVED
+CVE-2020-24758
+ RESERVED
+CVE-2020-24757
+ RESERVED
+CVE-2020-24756
+ RESERVED
+CVE-2020-24755 (In Ubiquiti UniFi Video v3.10.13, when the executable starts, its firs ...)
+ NOT-FOR-US: Ubiquiti UniFi Video
+CVE-2020-24754
+ RESERVED
+CVE-2020-24753 (A memory corruption vulnerability in Objective Open CBOR Run-time (ooc ...)
+ NOT-FOR-US: Objective Open CBOR Run-time
+CVE-2020-24752
+ RESERVED
+CVE-2020-24751
+ RESERVED
+CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2798
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f
+CVE-2020-24749
+ RESERVED
+CVE-2020-24748
+ RESERVED
+CVE-2020-24747
+ RESERVED
+CVE-2020-24746
+ RESERVED
+CVE-2020-24745
+ RESERVED
+CVE-2020-24744
+ RESERVED
+CVE-2020-24743 (An issue was found in /showReports.do Zoho ManageEngine Applications M ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2020-24742 (An issue has been fixed in Qt versions 5.14.0 where QPluginLoader atte ...)
+ {DSA-4617-1}
+ - qtbase-opensource-src 5.12.5+dfsg-8
+ - qtbase-opensource-src-gles 5.14.2+dfsg-3
+ - qt4-x11 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/280730
+ NOTE: Introduced in https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=commitdiff;h=3146dadb42cb36aff83a62e831b8b4f4dc1562a7 (v5.6.0-alpha1)
+ NOTE: Fixed by: https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=commitdiff;h=bf131e8d2181b3404f5293546ed390999f760404 (v5.14.0-rc1)
+ NOTE: Same fix as CVE-2020-0569
+CVE-2020-24741
+ REJECTED
+CVE-2020-24740 (An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerab ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the background deleti ...)
+ NOT-FOR-US: idreamsoft iCMS
+CVE-2020-24738
+ RESERVED
+CVE-2020-24737
+ RESERVED
+CVE-2020-24736
+ RESERVED
+CVE-2020-24735
+ RESERVED
+CVE-2020-24734
+ RESERVED
+CVE-2020-24733
+ RESERVED
+CVE-2020-24732
+ RESERVED
+CVE-2020-24731
+ RESERVED
+CVE-2020-24730
+ RESERVED
+CVE-2020-24729
+ RESERVED
+CVE-2020-24728
+ RESERVED
+CVE-2020-24727
+ RESERVED
+CVE-2020-24726
+ RESERVED
+CVE-2020-24725
+ RESERVED
+CVE-2020-24724
+ RESERVED
+CVE-2020-24723 (Cross Site Scripting (XSS) vulnerability in the Registration page of t ...)
+ NOT-FOR-US: PHPGurukul
+CVE-2020-24722 (** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple E ...)
+ NOT-FOR-US: GAEN (Google Apple Encounter Notification) protocol
+CVE-2020-24721 (An issue was discovered in the GAEN (aka Google/Apple Exposure Notific ...)
+ NOT-FOR-US: GAEN (Google Apple Encounter Notification) protocol
+CVE-2020-24720
+ RESERVED
+CVE-2020-24719 (Exposed Erlang Cookie could lead to Remote Command Execution (RCE) att ...)
+ NOT-FOR-US: Couchbase
+CVE-2020-24718 (bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE th ...)
+ NOT-FOR-US: bhyve
+CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...)
+ NOT-FOR-US: OpenZFS
+CVE-2020-24716 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permiss ...)
+ NOT-FOR-US: OpenZFS
+CVE-2020-24715 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation ...)
+ NOT-FOR-US: Scalyr
+CVE-2020-24714 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation ...)
+ NOT-FOR-US: Scalyr
+CVE-2020-24713 (Gophish through 0.10.1 does not invalidate the gophish cookie upon log ...)
+ NOT-FOR-US: Gophish
+CVE-2020-24712 (Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via ...)
+ NOT-FOR-US: Gophish
+CVE-2020-24711 (The Reset button on the Account Settings page in Gophish before 0.11.0 ...)
+ NOT-FOR-US: Gophish
+CVE-2020-24710 (Gophish before 0.11.0 allows SSRF attacks. ...)
+ NOT-FOR-US: Gophish
+CVE-2020-24709 (Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via ...)
+ NOT-FOR-US: Gophish
+CVE-2020-24708 (Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via ...)
+ NOT-FOR-US: Gophish
+CVE-2020-24707 (Gophish before 0.11.0 allows the creation of CSV sheets that contain m ...)
+ NOT-FOR-US: Gophish
+CVE-2020-24706 (An issue was discovered in certain WSO2 products. The Try It tool allo ...)
+ NOT-FOR-US: WSO2
+CVE-2020-24705 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...)
+ NOT-FOR-US: WSO2
+CVE-2020-24704 (An issue was discovered in certain WSO2 products. The Try It tool allo ...)
+ NOT-FOR-US: WSO2
+CVE-2020-24703 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...)
+ NOT-FOR-US: WSO2
+CVE-2020-24702
+ RESERVED
+CVE-2020-24701 (OX App Suite through 7.10.4 allows XSS via the app loading mechanism ( ...)
+ NOT-FOR-US: OX App Suite
+CVE-2020-24700 (OX App Suite through 7.10.3 allows SSRF because GET requests are sent ...)
+ NOT-FOR-US: OX App Suite
+CVE-2020-24699 (The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress al ...)
+ NOT-FOR-US: Chamber Dashboard Business Directory plugin for WordPress
+CVE-2020-24698 (An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...)
+ - pdns <unfixed> (unimportant)
+ NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
+ NOTE: Debian packages not built with experimental GSS-TSIG support
+CVE-2020-24697 (An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...)
+ - pdns <unfixed> (unimportant)
+ NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
+ NOTE: Debian packages not built with experimental GSS-TSIG support
+CVE-2020-24696 (An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...)
+ - pdns <unfixed> (unimportant)
+ NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
+ NOTE: Debian packages not built with experimental GSS-TSIG support
+CVE-2020-24695
+ RESERVED
+CVE-2020-24694
+ RESERVED
+CVE-2020-24693 (The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 co ...)
+ NOT-FOR-US: Mitel
+CVE-2020-24692 (The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 co ...)
+ NOT-FOR-US: Mitel
+CVE-2020-24691
+ RESERVED
+CVE-2020-24690
+ RESERVED
+CVE-2020-24689
+ RESERVED
+CVE-2020-24688
+ RESERVED
+CVE-2020-24687
+ RESERVED
+CVE-2020-24686 (The vulnerabilities can be exploited to cause the web visualization co ...)
+ NOT-FOR-US: ABB AC500 V2 products
+CVE-2020-24685 (An unauthenticated specially crafted packet sent by an attacker over t ...)
+ NOT-FOR-US: ABB
+CVE-2020-24684
+ RESERVED
+CVE-2020-24683 (The affected versions of S+ Operations (version 2.1 SP1 and earlier) u ...)
+ NOT-FOR-US: ABB
+CVE-2020-24682
+ RESERVED
+CVE-2020-24681
+ RESERVED
+CVE-2020-24680 (In S+ Operations and S+ Historian, the passwords of internal users (no ...)
+ NOT-FOR-US: ABB
+CVE-2020-24679 (A S+ Operations and S+ Historian service is subject to a DoS by specia ...)
+ NOT-FOR-US: ABB
+CVE-2020-24678 (An authenticated user might execute malicious code under the user cont ...)
+ NOT-FOR-US: ABB
+CVE-2020-24677 (Vulnerabilities in the S+ Operations and S+ Historian web applications ...)
+ NOT-FOR-US: ABB
+CVE-2020-24676 (In Symphony Plus Operations and Symphony Plus Historian, some services ...)
+ NOT-FOR-US: ABB
+CVE-2020-24675 (In S+ Operations and S+ History, it is possible that an unauthenticate ...)
+ NOT-FOR-US: ABB
+CVE-2020-24674 (In S+ Operations and S+ Historian, not all client commands correctly c ...)
+ NOT-FOR-US: ABB
+CVE-2020-24673 (In S+ Operations and S+ Historian, a successful SQL injection exploit ...)
+ NOT-FOR-US: ABB
+CVE-2020-24672 (A vulnerability in Base Software for SoftControl allows an attacker to ...)
+ NOT-FOR-US: ABB
+CVE-2020-24671 (Trace Financial CRESTBridge &lt;6.3.0.02 contains an authenticated SQL ...)
+ NOT-FOR-US: Trace Financial CRESTBridge
+CVE-2020-24670 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
+ NOT-FOR-US: Hitachi
+CVE-2020-24669 (The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x c ...)
+ NOT-FOR-US: Hitachi
+CVE-2020-24668 (Trace Financial Crest Bridge &lt;6.3.0.02 contains a stored XSS vulner ...)
+ NOT-FOR-US: Trace Financial CRESTBridge
+CVE-2020-24667 (Trace Financial CRESTBridge &lt;6.3.0.02 contains an authenticated SQL ...)
+ NOT-FOR-US: Trace Financial CRESTBridge
+CVE-2020-24666 (The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x conta ...)
+ NOT-FOR-US: Hitachi
+CVE-2020-24665 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
+ NOT-FOR-US: Hitachi
+CVE-2020-24664 (The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...)
+ NOT-FOR-US: Hitachi
+CVE-2020-24663 (Trace Financial CRESTBridge &lt;6.3.0.02 contains a stored XSS vulnera ...)
+ NOT-FOR-US: Trace Financial CRESTBridge
+CVE-2020-24662 (SmartStream Transaction Lifecycle Management (TLM) Reconciliation Prem ...)
+ NOT-FOR-US: SmartStream Transaction Lifecycle Management
+CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate verificati ...)
+ - geary 3.38.0.1-1
+ [buster] - geary <no-dsa> (Minor issue)
+ [stretch] - geary <no-dsa> (Minor issue)
+ NOTE: https://gitlab.gnome.org/GNOME/geary/-/issues/866
+ NOTE: https://gitlab.gnome.org/GNOME/geary/commit/0d957559bbb4be81870c9fafba1c74f0926f59a3
+CVE-2020-24660 (An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is ...)
+ {DSA-4762-1 DLA-2367-1}
+ - lemonldap-ng 2.0.9+ds-1
+ NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290
+CVE-2020-24659 (An issue was discovered in GnuTLS before 3.6.15. A server can trigger ...)
+ - gnutls28 3.6.15-1 (bug #969547)
+ [buster] - gnutls28 3.6.7-4+deb10u7
+ [stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04
+ NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1071
+ NOTE: https://gitlab.com/gnutls/gnutls/-/commit/29ee67c205855e848a0a26e6d0e4f65b6b943e0a
+CVE-2020-24658 (Arm Compiler 5 through 5.06u6 has an error in a stack protection featu ...)
+ NOT-FOR-US: Arm Compiler
+CVE-2020-24657
+ RESERVED
+CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...)
+ NOT-FOR-US: Maltego
+CVE-2020-24655 (A race condition in the Twilio Authy 2-Factor Authentication applicati ...)
+ NOT-FOR-US: Twilio Authy 2-Factor Authentication app
+CVE-2020-24654 (In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can ins ...)
+ {DSA-4759-1}
+ - ark 4:20.08.1-1 (bug #969437)
+ [stretch] - ark <no-dsa> (Vulnerable even after upstream patch)
+ NOTE: https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd
+ NOTE: https://kde.org/info/security/advisory-20200827-1.txt
+CVE-2020-24653 (secure-store in Expo through 2.16.1 on iOS provides the insecure kSecA ...)
+ NOT-FOR-US: secure-store in Expo on iOS
+CVE-2020-24652 (A addvsiinterfaceinfo expression language injection remote code execut ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24651 (A syslogtempletselectwin expression language injection remote code exe ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24650 (A legend expression language injection remote code execution vulnerabi ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24649 (A remote bytemessageresource transformentity" input validation code ex ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24648 (A accessmgrservlet classname deserialization of untrusted data remote ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24647 (A remote accessmgrservlet classname input validation code execution vu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24646 (A tftpserver stack-based buffer overflow remote code execution vulnera ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24645
+ RESERVED
+CVE-2020-24644
+ RESERVED
+CVE-2020-24643
+ RESERVED
+CVE-2020-24642
+ RESERVED
+CVE-2020-24641 (In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Fo ...)
+ NOT-FOR-US: Aruba
+CVE-2020-24640 (There is a vulnerability caused by insufficient input validation that ...)
+ NOT-FOR-US: Aruba
+CVE-2020-24639 (There is a vulnerability caused by unsafe Java deserialization that al ...)
+ NOT-FOR-US: Aruba
+CVE-2020-24638 (Multiple authenticated remote command executions are possible in Airwa ...)
+ NOT-FOR-US: Aruba
+CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for an atta ...)
+ NOT-FOR-US: ArubaOS GRUB2 implementation (CVE specific to ArubaOS)
+CVE-2020-24636 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2020-24635 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by sending e ...)
+ NOT-FOR-US: Aruba
+CVE-2020-24633 (There are multiple buffer overflow vulnerabilities that could lead to ...)
+ NOT-FOR-US: Aruba
+CVE-2020-24632 (A remote execution of arbitrary commandss vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2020-24631 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2020-24630 (A remote operatoronlinelist_content privilege escalation vulnerability ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24629 (A remote urlaccesscontroller authentication bypass vulnerability was d ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24628 (A remote code injection vulnerability was discovered in HPE KVM IP Con ...)
+ NOT-FOR-US: HPE
+CVE-2020-24627 (A remote stored xss vulnerability was discovered in HPE KVM IP Console ...)
+ NOT-FOR-US: HPE
+CVE-2020-24626 (Unathenticated directory traversal in the ReceiverServlet class doPost ...)
+ NOT-FOR-US: HPE
+CVE-2020-24625 (Unathenticated directory traversal in the ReceiverServlet class doGet( ...)
+ NOT-FOR-US: HPE
+CVE-2020-24624 (Unathenticated directory traversal in the DownloadServlet class execut ...)
+ NOT-FOR-US: HPE
+CVE-2020-24623 (A potential security vulnerability has been identified in Hewlett Pack ...)
+ NOT-FOR-US: Hewlett Packard Enterprise Universal API Framework
+CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...)
+ NOT-FOR-US: Sonatype
+CVE-2020-24621 (A remote code execution (RCE) vulnerability was discovered in the html ...)
+ NOT-FOR-US: OpenMRS
+CVE-2020-24620 (Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable ...)
+ NOT-FOR-US: Unisys
+CVE-2020-24619 (In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuse ...)
+ NOT-FOR-US: Shotcut
+CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020. ...)
+ NOT-FOR-US: JetBrains
+CVE-2020-24617 (Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribe ...)
+ NOT-FOR-US: Mailtrain
+CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2814
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7
+CVE-2020-24615 (Pexip Infinity before 24.1 has Improper Input Validation, leading to t ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2020-24613 (wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_C ...)
+ - wolfssl 4.5.0+dfsg-1 (bug #969663)
+ NOTE: https://research.nccgroup.com/2020/08/24/technical-advisory-wolfssl-tls-1-3-client-man-in-the-middle-attack/
+CVE-2020-24612 (An issue was discovered in the selinux-policy (aka Reference Policy) p ...)
+ - refpolicy <not-affected> (Debian package doesn't ship pam-u2f config)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860888
+ NOTE: https://github.com/fedora-selinux/selinux-policy/commit/71e1989028802c7875d3436fd3966c587fa383fb
+CVE-2020-24611
+ RESERVED
+CVE-2020-24610
+ RESERVED
+CVE-2020-24609 (TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has X ...)
+ NOT-FOR-US: Savsoft Quiz 5
+CVE-2020-24608
+ RESERVED
+CVE-2020-24607
+ RESERVED
+CVE-2020-24605
+ RESERVED
+CVE-2020-24604 (A Reflected XSS vulnerability was discovered in Ignite Realtime Openfi ...)
+ NOT-FOR-US: Ignite Realtime Openfire
+CVE-2020-24603
+ RESERVED
+CVE-2020-24602 (Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vu ...)
+ NOT-FOR-US: Ignite Realtime Openfire
+CVE-2020-24601 (In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability al ...)
+ NOT-FOR-US: Ignite Realtime Openfire
+CVE-2020-24600
+ RESERVED
+CVE-2020-24599 (An issue was discovered in Joomla! before 3.9.21. Lack of escaping in ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-24598 (An issue was discovered in Joomla! before 3.9.21. Lack of input valida ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-24597
+ RESERVED
+CVE-2020-24596
+ RESERVED
+CVE-2020-24595 (Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker ...)
+ NOT-FOR-US: Mitel
+CVE-2020-24594 (Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthen ...)
+ NOT-FOR-US: Mitel
+CVE-2020-24593 (Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote at ...)
+ NOT-FOR-US: Mitel
+CVE-2020-24592 (Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker ...)
+ NOT-FOR-US: Mitel
+CVE-2020-24591 (The Management Console in certain WSO2 products allows XXE attacks dur ...)
+ NOT-FOR-US: WSO2
+CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...)
+ NOT-FOR-US: WSO2
+CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...)
+ NOT-FOR-US: WSO2
+CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ [experimental] - firmware-nonfree 20210716-1~exp1
+ - firmware-nonfree 20210818-1
+ [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+ [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
+ NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
+ NOTE: https://www.fragattacks.com/
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
+ NOTE: https://lore.kernel.org/linux-wireless/c4d8c2f040b368225b72a91e74ee282d9ceab4d5.camel@coelho.fi/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.25d93176ddaf.I9e265b597f2cd23eb44573f35b625947b386a9de@changeid/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.11968c725b5c.Idd166365ebea2771c0c0a38c78b5060750f90e17@changeid/
+ NOTE: Mitigation for similar attack to CVE-2020-24588:
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.0b2b886492f0.I23dd5d685fe16d3b0ec8106e8f01b59f499dffed@changeid/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.076543300172.I548e6e71f1ee9cad4b9a37bf212ae7db723587aa@changeid/
+ NOTE: firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware part of the CVE
+ NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb
+CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ [experimental] - firmware-nonfree 20210716-1~exp1
+ - firmware-nonfree 20210818-1
+ [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+ [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
+ NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
+ NOTE: https://www.fragattacks.com/
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
+ NOTE: https://lore.kernel.org/linux-wireless/c4d8c2f040b368225b72a91e74ee282d9ceab4d5.camel@coelho.fi/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/
+ NOTE: firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware part of the CVE
+ NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb
+CVE-2020-24586 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ [experimental] - firmware-nonfree 20210716-1~exp1
+ - firmware-nonfree 20210818-1
+ [bullseye] - firmware-nonfree <no-dsa> (Non-free not supported)
+ [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
+ NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf
+ NOTE: https://www.fragattacks.com/
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
+ NOTE: https://lore.kernel.org/linux-wireless/c4d8c2f040b368225b72a91e74ee282d9ceab4d5.camel@coelho.fi/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/
+ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/
+ NOTE: firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware part of the CVE
+ NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb
+CVE-2020-24585 (An issue was discovered in the DTLS handshake implementation in wolfSS ...)
+ - wolfssl 4.5.0+dfsg-1 (bug #969663)
+ NOTE: https://github.com/wolfSSL/wolfssl/pull/3219
+ NOTE: https://github.com/wolfSSL/wolfssl/commit/3be7f3ea3a56d178acf0f7f84ee4ae8cbfee8915 (v4.5.0-stable)
+CVE-2020-24584 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...)
+ - python-django 2:2.2.16-1 (bug #969367)
+ [buster] - python-django <postponed> (Fix along in future DSA)
+ [stretch] - python-django <not-affected> (Requires Python 3.7+)
+ NOTE: https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71 (master)
+ NOTE: https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b (3.1.1)
+ NOTE: https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554 (3.0.10)
+ NOTE: https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f (2.2.16)
+CVE-2020-24583 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...)
+ - python-django 2:2.2.16-1 (bug #969367)
+ [buster] - python-django <postponed> (Fix along in future DSA)
+ [stretch] - python-django <not-affected> (Requires Python 3.7+)
+ NOTE: https://github.com/django/django/commit/8d7271578d7b153435b40fe40236ebec43cbf1b9 (master)
+ NOTE: https://github.com/django/django/commit/934430d22aa5d90c2ba33495ff69a6a1d997d584 (3.1.1)
+ NOTE: https://github.com/django/django/commit/08892bffd275c79ee1f8f67639eb170aaaf1181e (3.0.10)
+ NOTE: https://github.com/django/django/commit/375657a71c889c588f723469bd868bd1d40c369f (2.2.16)
+CVE-2020-24582 (Zulip Desktop before 5.4.3 allows XSS because string escaping is misha ...)
+ NOT-FOR-US: Zulip Desktop
+CVE-2020-24581 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
+ NOT-FOR-US: D-Link
+CVE-2020-24580 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
+ NOT-FOR-US: D-Link
+CVE-2020-24579 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
+ NOT-FOR-US: D-Link
+CVE-2020-24578 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
+ NOT-FOR-US: D-Link
+CVE-2020-24577 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...)
+ NOT-FOR-US: D-Link
+CVE-2020-24576 (Netskope Client through 77 allows low-privileged users to elevate thei ...)
+ NOT-FOR-US: Netskope Client
+CVE-2020-24575
+ RESERVED
+CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 ...)
+ NOT-FOR-US: GOG Galaxy client
+CVE-2020-24573 (BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2020-24572 (An issue was discovered in includes/webconsole.php in RaspAP 2.5. With ...)
+ NOT-FOR-US: RaspAP
+CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via ../ dir ...)
+ NOT-FOR-US: NexusDB
+CVE-2020-24570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT LINE
+CVE-2020-24569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT LINE
+CVE-2020-24568 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT LINE
+CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08- ...)
+ NOT-FOR-US: voidtools
+CVE-2020-24566 (In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4. ...)
+ NOT-FOR-US: Octopus Deploy
+CVE-2020-24565 (An out-of-bounds read information disclosure vulnerabilities in Trend ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24564 (An out-of-bounds read information disclosure vulnerabilities in Trend ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24563 (A vulnerability in Trend Micro Apex One may allow a local attacker to ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24562 (A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24561 (A command injection vulnerability in Trend Micro ServerProtect for Lin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24560 (An incomplete SSL server certification validation vulnerability in the ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24559 (A vulnerability in Trend Micro Apex One, Worry-Free Business Security ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24558 (A vulnerability in an Trend Micro Apex One, Worry-Free Business Securi ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24557 (A vulnerability in Trend Micro Apex One and Worry-Free Business Securi ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24556 (A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24614 (Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 a ...)
+ - fossil 1:2.12.1-1
+ [buster] - fossil <no-dsa> (Minor issue)
+ [stretch] - fossil <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/20/1
+ NOTE: https://fossil-scm.org/forum/info/a05ae3ce7760daf6
+ NOTE: https://fossil-scm.org/fossil/vdiff?branch=sec2020-2.12-patch&diff=1&w
+CVE-2020-24555
+ RESERVED
+CVE-2020-24554 (The redirect module in Liferay Portal before 7.3.3 does not limit the ...)
+ NOT-FOR-US: Liferay
+CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html ...)
+ - golang-1.15 1.15.2-1 (bug #969661)
+ - golang-1.14 <removed> (bug #969662)
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <no-dsa> (Minor issue)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <no-dsa> (Minor issue)
+ NOTE: https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs
+ NOTE: https://github.com/golang/go/issues/40928
+ NOTE: https://github.com/golang/go/issues/41164 (1.14 backport)
+ NOTE: https://github.com/golang/go/issues/41165 (1.15 backport)
+ NOTE: https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting
+CVE-2020-24552 (Atop Technology industrial 3G/4G gateway contains Command Injection vu ...)
+ NOT-FOR-US: Atop Technology industrial 3G/4G gateway
+CVE-2020-24551 (IProom MMC+ Server login page does not validate specific parameters pr ...)
+ NOT-FOR-US: IProom MMC+ Server
+CVE-2020-24550 (An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows ...)
+ NOT-FOR-US: EpiServer Find
+CVE-2020-24549 (openMAINT before 1.1-2.4.2 allows remote authenticated users to run ar ...)
+ NOT-FOR-US: openMAINT
+CVE-2020-24548 (Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSR ...)
+ NOT-FOR-US: Ericom
+CVE-2020-24547
+ RESERVED
+CVE-2020-24546
+ RESERVED
+CVE-2020-24545
+ RESERVED
+CVE-2020-24544
+ RESERVED
+CVE-2020-24543
+ RESERVED
+CVE-2020-24542
+ RESERVED
+CVE-2020-24541
+ RESERVED
+CVE-2020-24540
+ RESERVED
+CVE-2020-24539
+ RESERVED
+CVE-2020-24538
+ RESERVED
+CVE-2020-24537
+ RESERVED
+CVE-2020-24536
+ RESERVED
+CVE-2020-24535
+ RESERVED
+CVE-2020-24534
+ RESERVED
+CVE-2020-24533
+ RESERVED
+CVE-2020-24532
+ RESERVED
+CVE-2020-24531
+ RESERVED
+CVE-2020-24530
+ RESERVED
+CVE-2020-24529
+ RESERVED
+CVE-2020-24528
+ RESERVED
+CVE-2020-24527
+ RESERVED
+CVE-2020-24526
+ RESERVED
+CVE-2020-24525 (Insecure inherited permissions in firmware update tool for some Intel( ...)
+ NOT-FOR-US: Intel
+CVE-2020-24524
+ RESERVED
+CVE-2020-24523
+ RESERVED
+CVE-2020-24522
+ RESERVED
+CVE-2020-24521
+ RESERVED
+CVE-2020-24520
+ RESERVED
+CVE-2020-24519
+ RESERVED
+CVE-2020-24518
+ RESERVED
+CVE-2020-24517
+ RESERVED
+CVE-2020-24516 (Modification of assumed-immutable data in subsystem in Intel(R) CSME v ...)
+ NOT-FOR-US: Intel
+CVE-2020-24515 (Protection mechanism failure in some Intel(R) RealSense(TM) IDs may al ...)
+ NOT-FOR-US: Intel
+CVE-2020-24514 (Improper authentication in some Intel(R) RealSense(TM) IDs may allow a ...)
+ NOT-FOR-US: Intel
+CVE-2020-24513 (Domain-bypass transient execution vulnerability in some Intel Atom(R) ...)
+ {DSA-4934-1 DLA-2718-1}
+ - intel-microcode 3.20210608.1 (bug #989615)
+ NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
+CVE-2020-24512 (Observable timing discrepancy in some Intel(R) Processors may allow an ...)
+ {DSA-4934-1 DLA-2718-1}
+ - intel-microcode 3.20210608.1 (bug #989615)
+ NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html
+CVE-2020-24511 (Improper isolation of shared resources in some Intel(R) Processors may ...)
+ {DSA-4934-1 DLA-2718-1}
+ - intel-microcode 3.20210608.1 (bug #989615)
+ NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html
+CVE-2020-24510
+ RESERVED
+CVE-2020-24509 (Insufficient control flow management in subsystem in Intel(R) SPS vers ...)
+ NOT-FOR-US: Intel
+CVE-2020-24508
+ RESERVED
+CVE-2020-24507 (Improper initialization in a subsystem in the Intel(R) CSME versions b ...)
+ NOT-FOR-US: Intel
+CVE-2020-24506 (Out of bound read in a subsystem in the Intel(R) CSME versions before ...)
+ NOT-FOR-US: Intel
+CVE-2020-24505 (Insufficient input validation in the firmware for the Intel(R) 700-ser ...)
+ NOT-FOR-US: Intel NIC firmware
+CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapt ...)
+ - linux 5.14.6-1
+ [bullseye] - linux <ignored> (Minor issue, too intrusive to backport)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html
+CVE-2020-24503 (Insufficient access control in some Intel(R) Ethernet E810 Adapter dri ...)
+ NOT-FOR-US: Proprietary out-of-tree driver for Intel E810
+CVE-2020-24502 (Improper input validation in some Intel(R) Ethernet E810 Adapter drive ...)
+ NOT-FOR-US: Proprietary out-of-tree driver for Intel E810
+CVE-2020-24501 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...)
+ NOT-FOR-US: Intel NIC firmware
+CVE-2020-24500 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...)
+ NOT-FOR-US: Intel NIC firmware
+CVE-2020-24499
+ RESERVED
+CVE-2020-24498 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...)
+ NOT-FOR-US: Intel NIC firmware
+CVE-2020-24497 (Insufficient Access Control in the firmware for Intel(R) E810 Ethernet ...)
+ NOT-FOR-US: Intel NIC firmware
+CVE-2020-24496 (Insufficient input validation in the firmware for Intel(R) 722 Etherne ...)
+ NOT-FOR-US: Intel NIC firmware
+CVE-2020-24495 (Insufficient access control in the firmware for the Intel(R) 700-serie ...)
+ NOT-FOR-US: Intel NIC firmware
+CVE-2020-24494 (Insufficient access control in the firmware for the Intel(R) 722 Ether ...)
+ NOT-FOR-US: Intel NIC firmware
+CVE-2020-24493 (Insufficient access control in the firmware for the Intel(R) 700-serie ...)
+ NOT-FOR-US: Intel NIC firmware
+CVE-2020-24492 (Insufficient access control in the firmware for the Intel(R) 722 Ether ...)
+ NOT-FOR-US: Intel NIC firmware
+CVE-2020-24491 (Debug message containing addresses of memory transactions in some Inte ...)
+ NOT-FOR-US: Intel
+CVE-2020-24490 (Improper buffer restrictions in BlueZ may allow an unauthenticated use ...)
+ {DLA-2420-1}
+ - linux 5.7.17-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
+ NOTE: https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649
+ NOTE: Fixed by: https://git.kernel.org/linus/a2ec905d1e160a33b2e210e45ad30445ef26ce0e (5.8)
+CVE-2020-24489 (Incomplete cleanup in some Intel(R) VT-d products may allow an authent ...)
+ {DSA-4934-1 DLA-2718-1}
+ - intel-microcode 3.20210608.1 (bug #989615)
+ NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
+CVE-2020-24488
+ RESERVED
+CVE-2020-24487
+ RESERVED
+CVE-2020-24486 (Improper input validation in the firmware for some Intel(R) Processors ...)
+ NOT-FOR-US: Intel
+CVE-2020-24485 (Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux b ...)
+ NOT-FOR-US: Intel
+CVE-2020-24484
+ RESERVED
+CVE-2020-24483
+ RESERVED
+CVE-2020-24482 (Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem ...)
+ NOT-FOR-US: Intel
+CVE-2020-24481 (Insecure inherited permissions for the Intel(R) Quartus Prime Pro and ...)
+ NOT-FOR-US: Intel
+CVE-2020-24480 (Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may al ...)
+ NOT-FOR-US: Intel
+CVE-2020-24479
+ RESERVED
+CVE-2020-24478
+ RESERVED
+CVE-2020-24477
+ RESERVED
+CVE-2020-24476
+ RESERVED
+CVE-2020-24475 (Improper initialization in the BMC firmware for some Intel(R) Server B ...)
+ NOT-FOR-US: Intel
+CVE-2020-24474 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...)
+ NOT-FOR-US: Intel
+CVE-2020-24473 (Out of bounds write in the BMC firmware for some Intel(R) Server Board ...)
+ NOT-FOR-US: Intel
+CVE-2020-24472
+ RESERVED
+CVE-2020-24471
+ RESERVED
+CVE-2020-24470
+ RESERVED
+CVE-2020-24469
+ RESERVED
+CVE-2020-24468
+ RESERVED
+CVE-2020-24467
+ RESERVED
+CVE-2020-24466
+ RESERVED
+CVE-2020-24465
+ RESERVED
+CVE-2020-24464
+ RESERVED
+CVE-2020-24463
+ RESERVED
+CVE-2020-24462 (Out of bounds write in the Intel(R) Graphics Driver before version 15. ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-24461
+ RESERVED
+CVE-2020-24460 (Incorrect default permissions in the Intel(R) DSA before version 20.8. ...)
+ NOT-FOR-US: Intel
+CVE-2020-24459
+ RESERVED
+CVE-2020-24458 (Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (T ...)
+ NOT-FOR-US: Intel
+CVE-2020-24457 (Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) ...)
+ NOT-FOR-US: Intel
+CVE-2020-24456 (Incorrect default permissions in the Intel(R) Board ID Tool version v. ...)
+ NOT-FOR-US: Intel
+CVE-2020-24455 (Missing initialization of a variable in the TPM2 source may allow a pr ...)
+ - tpm2-tss 3.0.1-1
+ [buster] - tpm2-tss <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/tpm2-software/tpm2-tss/commit/0cc5f0e12694f3780a8512fc37a7dbc542ea4330 (master)
+ NOTE: https://github.com/tpm2-software/tpm2-tss/commit/9536b79cd5a13884a7e4de7a571f72530180c20b (3.0.1)
+ NOTE: https://github.com/tpm2-software/tpm2-tss/commit/bf24b0ef0fa8de9300a323f70a097a1afd818439 (2.4.5)
+CVE-2020-24454 (Improper Restriction of XML External Entity Reference in subsystem for ...)
+ NOT-FOR-US: Intel
+CVE-2020-24453 (Improper input validation in the Intel(R) EPID SDK before version 8, m ...)
+ NOT-FOR-US: Intel
+CVE-2020-24452 (Improper input validation in the Intel(R) SGX Platform Software for Wi ...)
+ NOT-FOR-US: Intel
+CVE-2020-24451 (Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memo ...)
+ NOT-FOR-US: Intel
+CVE-2020-24450 (Improper conditions check in some Intel(R) Graphics Drivers before ver ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-24449
+ RESERVED
+CVE-2020-24448 (Uncaught exception in some Intel(R) Graphics Drivers before version 15 ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-24447 (Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affe ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24446
+ RESERVED
+CVE-2020-24445 (AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24444 (AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24443 (Adobe Connect version 11.0 (and earlier) is affected by a reflected Cr ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24442 (Adobe Connect version 11.0 (and earlier) is affected by a reflected Cr ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24441 (Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24440 (Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontroll ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24439 (Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 202 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24438 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24437 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24436 (Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 ( ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24435 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24434 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24433 (Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.00 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24432 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24431 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24430 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24429 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24428 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24427 (Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 ( ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24426 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24425 (Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24424 (Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncont ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24423 (Adobe Media Encoder version 14.4 (and earlier) for Windows is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24422 (Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24421 (Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL poin ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24420 (Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected b ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24419 (Adobe After Effects version 17.1.1 (and earlier) for Windows is affect ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24418 (Adobe After Effects version 17.1.1 (and earlier) is affected by an out ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24417
+ RESERVED
+CVE-2020-24416 (Marketo Sales Insight plugin version 1.4355 (and earlier) is affected ...)
+ NOT-FOR-US: Marketo Sales Insight plugin
+CVE-2020-24415 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24414 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24413 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24412 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24411 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24410 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24409 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24408 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a per ...)
+ NOT-FOR-US: Magento
+CVE-2020-24407 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an un ...)
+ NOT-FOR-US: Magento
+CVE-2020-24406 (When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier ...)
+ NOT-FOR-US: Magento
+CVE-2020-24405 (Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an inc ...)
+ NOT-FOR-US: Magento
+CVE-2020-24404 (Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an inc ...)
+ NOT-FOR-US: Magento
+CVE-2020-24403 (Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an inc ...)
+ NOT-FOR-US: Magento
+CVE-2020-24402 (Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an inc ...)
+ NOT-FOR-US: Magento
+CVE-2020-24401 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an in ...)
+ NOT-FOR-US: Magento
+CVE-2020-24400 (Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL ...)
+ NOT-FOR-US: Magento
+CVE-2020-24399
+ RESERVED
+CVE-2020-24398
+ RESERVED
+CVE-2020-24397 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...)
+ NOT-FOR-US: Zoho ManageEngine Desktop Central
+CVE-2020-24396 (homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH key ...)
+ NOT-FOR-US: homee Brain Cube
+CVE-2020-24395 (The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28 ...)
+ NOT-FOR-US: homee Brain Cube
+CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) ca ...)
+ - linux 5.7.6-1 (bug #962254)
+ [buster] - linux 4.19.131-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/22cf8419f1319ff87ec759d0ebdff4cbafaee832
+CVE-2020-24393 (TweetStream 2.6.1 uses the library eventmachine in an insecure way tha ...)
+ NOT-FOR-US: TweetStream
+CVE-2020-24392 (In voloko twitter-stream 0.1.10, missing TLS hostname validation allow ...)
+ - ruby-twitter-stream <unfixed> (bug #988733)
+ [bullseye] - ruby-twitter-stream <no-dsa> (Minor issue)
+ [buster] - ruby-twitter-stream <no-dsa> (Minor issue)
+ [stretch] - ruby-twitter-stream <no-dsa> (Minor issue)
+ NOTE: https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream
+CVE-2020-24391 (mongo-express before 1.0.0 offers support for certain advanced syntax ...)
+ NOT-FOR-US: mongo-express
+CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...)
+ NOT-FOR-US: EyesOfNetwork (EON)
+CVE-2020-24389
+ RESERVED
+CVE-2020-24388 (An issue was discovered in the _send_secure_msg() function of yubihsm- ...)
+ NOT-FOR-US: yubihsm-shell
+CVE-2020-24387 (An issue was discovered in the yh_create_session() function of yubihsm ...)
+ NOT-FOR-US: yubihsm-shell
+CVE-2020-24386 (An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, ...)
+ {DSA-4825-1 DLA-2517-1}
+ - dovecot 1:2.3.13+dfsg1-1 (bug #979363)
+ NOTE: https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html
+ NOTE: https://github.com/dovecot/core/commit/00df2308b0733e810824545183d73276c416cdd3
+ NOTE: https://github.com/dovecot/core/commit/b4a9872b833b7985c7d0e7615f1b7fc812dd4c55
+CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...)
+ NOT-FOR-US: FreeBSD and MidnightBSD
+CVE-2020-24384 (A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GU ...)
+ NOT-FOR-US: A10 Networks
+CVE-2020-24383 (An issue was discovered in FNET through 4.6.4. The code for processing ...)
+ NOT-FOR-US: FNET
+CVE-2020-24382
+ RESERVED
+CVE-2020-24381 (GUnet Open eClass Platform (aka openeclass) before 3.11 might allow re ...)
+ NOT-FOR-US: GUnet Open eClass Platform
+CVE-2020-24380
+ RESERVED
+CVE-2020-24379 (WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vul ...)
+ {DSA-4773-1 DLA-2384-1}
+ - yaws 2.0.8+dfsg-1
+ NOTE: https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c
+ NOTE: https://github.com/vulnbe/poc-yaws-dav-xxe
+CVE-2020-24378
+ RESERVED
+CVE-2020-24377 (A DNS rebinding vulnerability in the Freebox OS web interface in Freeb ...)
+ NOT-FOR-US: Freebox
+CVE-2020-24376 (A DNS rebinding vulnerability in the UPnP IGD implementations in Freeb ...)
+ NOT-FOR-US: Freebox
+CVE-2020-24375 (A DNS rebinding vulnerability in the UPnP MediaServer implementation i ...)
+ NOT-FOR-US: Freebox
+CVE-2020-24374 (A DNS rebinding vulnerability in Freebox v5 before 1.5.29. ...)
+ NOT-FOR-US: Freebox
+CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in Freebox ...)
+ NOT-FOR-US: Freebox
+CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...)
+ - luajit <unfixed> (unimportant)
+ NOTE: https://github.com/LuaJIT/LuaJIT/issues/603
+ NOTE: No security impact, only "exploitable" with untrusted Lua code
+CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the ...)
+ - lua5.4 5.4.1-1 (bug #971010)
+ - lua5.3 <not-affected> (Vulnerable code introduced in 5.4.0)
+ NOTE: https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110
+ NOTE: https://www.lua.org/bugs.html#5.4.0-10
+CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation faul ...)
+ {DLA-2381-1}
+ - lua5.4 5.4.1-1 (bug #971613)
+ - lua5.3 5.3.6-1 (bug #988734)
+ [bullseye] - lua5.3 <no-dsa> (Minor issue)
+ [buster] - lua5.3 <no-dsa> (Minor issue)
+ NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00324.html
+ NOTE: (lua5.4) https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b
+ NOTE: (lua5.3) https://github.com/lua/lua/commit/b5bc89846721375fe30772eb8c5ab2786f362bf9
+CVE-2020-24369 (ldebug.c in Lua 5.4.0 attempts to access debug information via the lin ...)
+ - lua5.4 5.4.1-1 (bug #971013)
+ NOTE: https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a
+ NOTE: https://www.lua.org/bugs.html#5.4.0-12
+CVE-2020-24368 (Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Director ...)
+ {DSA-4747-1 DLA-2343-1}
+ - icingaweb2 2.8.2-1 (bug #968833)
+ NOTE: https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2/
+ NOTE: https://github.com/Icinga/icingaweb2/issues/4226
+ NOTE: https://github.com/Icinga/icingaweb2/commit/5700caf5f2ebd8a20ce2bd9ca30cb471f8b7487e (support/2.6)
+ NOTE: https://github.com/Icinga/icingaweb2/commit/3035efac65ca2f7977916bd117056aa411776dfd (master)
+CVE-2020-24367 (Incorrect file permissions in BlueStacks 4 through 4.230 on Windows al ...)
+ NOT-FOR-US: BlueStacks
+CVE-2020-24366 (Sensitive information could be disclosed in the JetBrains YouTrack app ...)
+ NOT-FOR-US: JetBrains
+CVE-2020-24365 (An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-12 ...)
+ NOT-FOR-US: Gemtek devices
+CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via the note ...)
+ NOT-FOR-US: MineTime
+CVE-2020-24363 (TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticat ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-24362
+ RESERVED
+CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, P ...)
+ {DLA-2393-1}
+ - snmptt 1.4.2-1
+ [buster] - snmptt <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/snmptt/git/ci/f6aef5223bc9ed8126268a273ac9f5c341af835a
+CVE-2020-24360 (An issue with ARP packets in Arista&#8217;s EOS affecting the 7800R3, ...)
+ NOT-FOR-US: Arista
+CVE-2020-24359 (HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrect ...)
+ NOT-FOR-US: vault-ssh-helper
+CVE-2020-24358
+ RESERVED
+CVE-2020-24357
+ RESERVED
+CVE-2020-24356 (`cloudflared` versions prior to 2020.8.1 contain a local privilege esc ...)
+ NOT-FOR-US: cloudflared
+CVE-2020-24355 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-24353 (Pega Platform before 8.4.0 has a XSS issue via stream rule parameters ...)
+ NOT-FOR-US: Pega Platform
+CVE-2020-24352 (An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory ...)
+ - qemu <unfixed> (unimportant; bug #968820)
+ [buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1847584
+ NOTE: Feature isn't production-ready/experimental: https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg05528.html
+CVE-2020-24351
+ RESERVED
+CVE-2020-24350
+ RESERVED
+CVE-2020-24349 (njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_va ...)
+ NOT-FOR-US: njs
+CVE-2020-24348 (njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_jso ...)
+ NOT-FOR-US: njs
+CVE-2020-24347 (njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvl ...)
+ NOT-FOR-US: njs
+CVE-2020-24346 (njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_par ...)
+ NOT-FOR-US: njs
+CVE-2020-24345 (** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via ...)
+ NOTE: Disputed JerryScript issue
+CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const argumen ...)
+ - iotjs <unfixed> (bug #988213)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3976
+ NOTE: https://github.com/jerryscript-project/jerryscript/commit/841d536fce1ce29267cdf0ea12be4026e1c35d3a
+CVE-2020-24343 (Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of ...)
+ - mujs <not-affected> (Didn't affect any released version of mujs)
+ NOTE: https://github.com/ccxvii/mujs/issues/136
+CVE-2020-24342 (Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring be ...)
+ - lua5.4 5.4.1-1 (bug #971012)
+ NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00052.html
+ NOTE: https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27
+CVE-2020-24341 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The T ...)
+ NOT-FOR-US: picoTCP (and picoTCP-NG)
+CVE-2020-24340 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The c ...)
+ NOT-FOR-US: picoTCP (and picoTCP-NG)
+CVE-2020-24339 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The D ...)
+ NOT-FOR-US: picoTCP (and picoTCP-NG)
+CVE-2020-24338 (An issue was discovered in picoTCP through 1.7.0. The DNS domain name ...)
+ NOT-FOR-US: picoTCP
+CVE-2020-24337 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When ...)
+ NOT-FOR-US: picoTCP (and picoTCP-NG)
+CVE-2020-24336 (An issue was discovered in Contiki through 3.0 and Contiki-NG through ...)
+ NOT-FOR-US: Contiki
+CVE-2020-24335 (An issue was discovered in uIP through 1.0, as used in Contiki and Con ...)
+ NOT-FOR-US: Contiki
+CVE-2020-24334 (The code that processes DNS responses in uIP through 1.0, as used in C ...)
+ NOT-FOR-US: uIP
+CVE-2020-24333 (A vulnerability in Arista&#8217;s CloudVision Portal (CVP) prior to 20 ...)
+ NOT-FOR-US: Arista
+CVE-2020-24332 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
+ - trousers <unfixed> (unimportant)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
+ NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1
+ NOTE: In Debian, tcsd gets started under the tss user
+CVE-2020-24331 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
+ - trousers <unfixed> (unimportant)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
+ NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1
+ NOTE: In Debian, tcsd gets started under the tss user
+CVE-2020-24330 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
+ - trousers <unfixed> (unimportant)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
+ NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1
+ NOTE: In Debian, tcsd gets started under the tss user
+CVE-2020-24329
+ RESERVED
+CVE-2020-24328
+ RESERVED
+CVE-2020-24327 (Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2 ...)
+ NOT-FOR-US: Discourse
+CVE-2020-24326
+ RESERVED
+CVE-2020-24325
+ RESERVED
+CVE-2020-24324
+ RESERVED
+CVE-2020-24323
+ RESERVED
+CVE-2020-24322
+ RESERVED
+CVE-2020-24321
+ RESERVED
+CVE-2020-24320
+ RESERVED
+CVE-2020-24319
+ RESERVED
+CVE-2020-24318
+ RESERVED
+CVE-2020-24317
+ RESERVED
+CVE-2020-24316 (WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the va ...)
+ NOT-FOR-US: WP Plugin Rednumber Admin Menu
+CVE-2020-24315 (Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL stateme ...)
+ NOT-FOR-US: Vinoj Cardoza WordPress Poll Plugin
+CVE-2020-24314 (Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitiz ...)
+ NOT-FOR-US: Fahad Mahmood RSS Feed Widget Plugin
+CVE-2020-24313 (Etoile Web Design Ultimate Appointment Booking &amp; Scheduling WordPr ...)
+ NOT-FOR-US: Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin
+CVE-2020-24312 (mndpsingh287 WP File Manager v6.4 and lower fails to restrict external ...)
+ NOT-FOR-US: mndpsingh287 WP File Manager
+CVE-2020-24311
+ RESERVED
+CVE-2020-24310
+ RESERVED
+CVE-2020-24309
+ RESERVED
+CVE-2020-24308
+ RESERVED
+CVE-2020-24307
+ RESERVED
+CVE-2020-24306
+ RESERVED
+CVE-2020-24305
+ RESERVED
+CVE-2020-24304
+ RESERVED
+CVE-2020-24303 (Grafana before 7.1.0-beta 1 allows XSS via a query alias for the Elast ...)
+ - grafana <removed>
+CVE-2020-24302
+ RESERVED
+CVE-2020-24301 (Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a spec ...)
+ NOT-FOR-US: HAPI FHIR Testpage Overlay
+CVE-2020-24300
+ RESERVED
+CVE-2020-24299
+ RESERVED
+CVE-2020-24298
+ RESERVED
+CVE-2020-24297 (httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remo ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-24296
+ RESERVED
+CVE-2020-24295
+ RESERVED
+CVE-2020-24294
+ RESERVED
+CVE-2020-24293
+ RESERVED
+CVE-2020-24292
+ RESERVED
+CVE-2020-24291
+ RESERVED
+CVE-2020-24290
+ RESERVED
+CVE-2020-24289
+ RESERVED
+CVE-2020-24288
+ RESERVED
+CVE-2020-24287
+ RESERVED
+CVE-2020-24286
+ RESERVED
+CVE-2020-24285 (INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to ...)
+ NOT-FOR-US: intelbras
+CVE-2020-24284
+ RESERVED
+CVE-2020-24283
+ RESERVED
+CVE-2020-24282
+ RESERVED
+CVE-2020-24281
+ RESERVED
+CVE-2020-24280
+ RESERVED
+CVE-2020-24279
+ RESERVED
+CVE-2020-24278
+ RESERVED
+CVE-2020-24277
+ RESERVED
+CVE-2020-24276
+ RESERVED
+CVE-2020-24275
+ RESERVED
+CVE-2020-24274
+ RESERVED
+CVE-2020-24273
+ RESERVED
+CVE-2020-24272
+ RESERVED
+CVE-2020-24271 (A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an ad ...)
+ NOT-FOR-US: EasyCMS
+CVE-2020-24270
+ RESERVED
+CVE-2020-24269
+ RESERVED
+CVE-2020-24268
+ RESERVED
+CVE-2020-24267
+ RESERVED
+CVE-2020-24266 (An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap b ...)
+ - tcpreplay 4.3.4-1 (bug #972889; unimportant)
+ NOTE: https://github.com/appneta/tcpreplay/issues/617
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-24265 (An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap b ...)
+ - tcpreplay 4.3.4-1 (bug #972890; unimportant)
+ NOTE: https://github.com/appneta/tcpreplay/issues/616
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-24264 (Portainer 1.24.1 and earlier is affected by incorrect access control t ...)
+ NOT-FOR-US: Portainer
+CVE-2020-24263 (Portainer 1.24.1 and earlier is affected by an insecure permissions vu ...)
+ NOT-FOR-US: Portainer
+CVE-2020-24262
+ RESERVED
+CVE-2020-24261
+ RESERVED
+CVE-2020-24260
+ RESERVED
+CVE-2020-24259
+ RESERVED
+CVE-2020-24258
+ RESERVED
+CVE-2020-24257
+ RESERVED
+CVE-2020-24256
+ RESERVED
+CVE-2020-24255
+ RESERVED
+CVE-2020-24254
+ RESERVED
+CVE-2020-24253
+ RESERVED
+CVE-2020-24252
+ RESERVED
+CVE-2020-24251
+ RESERVED
+CVE-2020-24250
+ RESERVED
+CVE-2020-24249
+ RESERVED
+CVE-2020-24248
+ RESERVED
+CVE-2020-24247
+ RESERVED
+CVE-2020-24246 (Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to ...)
+ NOT-FOR-US: Peplink Balance
+CVE-2020-24245
+ RESERVED
+CVE-2020-24244
+ RESERVED
+CVE-2020-24243
+ RESERVED
+CVE-2020-24242 (In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_tex ...)
+ - nasm 2.15.04-1 (unimportant)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392708
+ NOTE: https://github.com/netwide-assembler/nasm/commit/6299a3114ce0f3acd55d07de201a8ca2f0a83059
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-24241 (In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in ...)
+ - nasm 2.15.04-1 (unimportant)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392707
+ NOTE: https://github.com/netwide-assembler/nasm/commit/6ac6ac57e3d01ea8ed4ea47706eb724b59176461
+ NOTE: https://github.com/netwide-assembler/nasm/commit/78df8828a0a5d8e2d8ff3dced562bf1778ce2e6c
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-24240 (GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/ob ...)
+ - bison 2:3.7.2+dfsg-1 (unimportant)
+ [buster] - bison <not-affected> (Vulnerable code introduced later)
+ [stretch] - bison <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/akimd/bison/commit/7346163840080f289f0adbadfbf5659c620d5fea (v3.5.91)
+ NOTE: Fixed by: https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d (v3.7.1)
+ NOTE: https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-24239
+ RESERVED
+CVE-2020-24238
+ RESERVED
+CVE-2020-24237
+ RESERVED
+CVE-2020-24236
+ RESERVED
+CVE-2020-24235
+ RESERVED
+CVE-2020-24234
+ RESERVED
+CVE-2020-24233
+ RESERVED
+CVE-2020-24232
+ RESERVED
+CVE-2020-24231 (Symmetric DS &lt;3.12.0 uses mx4j to provide access to JMX over HTTP. ...)
+ NOT-FOR-US: Symmetric DS
+CVE-2020-24230
+ RESERVED
+CVE-2020-24229
+ RESERVED
+CVE-2020-24228
+ RESERVED
+CVE-2020-24227 (Playground Sessions v2.5.582 (and earlier) for Windows, stores the use ...)
+ NOT-FOR-US: Playground Sessions for Windows
+CVE-2020-24226
+ RESERVED
+CVE-2020-24225
+ RESERVED
+CVE-2020-24224
+ RESERVED
+CVE-2020-24223 (Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the ...)
+ NOT-FOR-US: Mara CMS
+CVE-2020-24222
+ RESERVED
+CVE-2020-24221
+ RESERVED
+CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...)
+ NOT-FOR-US: ShopXO
+CVE-2020-24219 (An issue was discovered on URayTech IPTV/H.264/H.265 video encoders th ...)
+ NOT-FOR-US: URayTech IPTV/H.264/H.265 video encoders
+CVE-2020-24218 (An issue was discovered on URayTech IPTV/H.264/H.265 video encoders th ...)
+ NOT-FOR-US: URayTech IPTV/H.264/H.265 video encoders
+CVE-2020-24217 (An issue was discovered in the box application on HiSilicon based IPTV ...)
+ NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders
+CVE-2020-24216 (An issue was discovered in the box application on HiSilicon based IPTV ...)
+ NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders
+CVE-2020-24215 (An issue was discovered in the box application on HiSilicon based IPTV ...)
+ NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders
+CVE-2020-24214 (An issue was discovered in the box application on HiSilicon based IPTV ...)
+ NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders
+CVE-2020-24213 (An integer overflow was discovered in YGOPro ygocore v13.51. Attackers ...)
+ NOT-FOR-US: ygocore
+CVE-2020-24212
+ REJECTED
+CVE-2020-24211
+ RESERVED
+CVE-2020-24210
+ RESERVED
+CVE-2020-24209
+ RESERVED
+CVE-2020-24208 (A SQL injection vulnerability in SourceCodester Online Shopping Alphaw ...)
+ NOT-FOR-US: SourceCodester
+CVE-2020-24207
+ RESERVED
+CVE-2020-24206
+ RESERVED
+CVE-2020-24205
+ RESERVED
+CVE-2020-24204
+ RESERVED
+CVE-2020-24203 (Insecure File Permissions and Arbitrary File Upload in the upload pic ...)
+ NOT-FOR-US: Projects World Travel Management System
+CVE-2020-24202 (File Upload component in Projects World House Rental v1.0 suffers from ...)
+ NOT-FOR-US: Projects World House Rental
+CVE-2020-24201
+ RESERVED
+CVE-2020-24200
+ REJECTED
+CVE-2020-24199 (Arbitrary File Upload in the Vehicle Image Upload component in Project ...)
+ NOT-FOR-US: Vehicle Image Upload component in Project Worlds Car Rental Management System
+CVE-2020-24198 (A persistent cross-site scripting vulnerability in Sourcecodester Stoc ...)
+ NOT-FOR-US: Sourcecodester Stock Management System
+CVE-2020-24197 (A SQL injection vulnerability in the login component in Stock Manageme ...)
+ NOT-FOR-US: Stock Management System
+CVE-2020-24196 (An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental ...)
+ NOT-FOR-US: Online Bike Rental
+CVE-2020-24195 (An Arbitrary File Upload in the Upload Image component in Sourcecodest ...)
+ NOT-FOR-US: Sourcecodester Online Bike Rental
+CVE-2020-24194 (A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in So ...)
+ NOT-FOR-US: SourceCodester Daily Tracker System
+CVE-2020-24193 (A SQL injection vulnerability in login in Sourcecodetester Daily Track ...)
+ NOT-FOR-US: Sourcecodetester Daily Tracker System
+CVE-2020-24192
+ RESERVED
+CVE-2020-24191
+ RESERVED
+CVE-2020-24190
+ RESERVED
+CVE-2020-24189
+ RESERVED
+CVE-2020-24188 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
+ NOT-FOR-US: United Planet Intrexx Professional
+CVE-2020-24187
+ RESERVED
+CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors wpDiscuz ...)
+ NOT-FOR-US: gVectors wpDiscuz plugin for WordPress
+CVE-2020-24185
+ RESERVED
+CVE-2020-24184
+ RESERVED
+CVE-2020-24183
+ RESERVED
+CVE-2020-24182
+ RESERVED
+CVE-2020-24181
+ RESERVED
+CVE-2020-24180
+ RESERVED
+CVE-2020-24179
+ RESERVED
+CVE-2020-24178
+ RESERVED
+CVE-2020-24177
+ RESERVED
+CVE-2020-24176
+ RESERVED
+CVE-2020-24175 (Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius ...)
+ NOT-FOR-US: IZArc
+CVE-2020-24174
+ RESERVED
+CVE-2020-24173
+ RESERVED
+CVE-2020-24172
+ RESERVED
+CVE-2020-24171
+ RESERVED
+CVE-2020-24170
+ RESERVED
+CVE-2020-24169
+ RESERVED
+CVE-2020-24168
+ RESERVED
+CVE-2020-24167
+ RESERVED
+CVE-2020-24166
+ RESERVED
+CVE-2020-24165
+ RESERVED
+CVE-2020-24164 (A deserialization flaw is present in Taoensso Nippy before 2.14.2. In ...)
+ NOT-FOR-US: Taoensso Nippy
+CVE-2020-24163
+ RESERVED
+CVE-2020-24162 (The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App ...)
+ NOT-FOR-US: Shenzhen Tencent app
+CVE-2020-24161 (Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacki ...)
+ NOT-FOR-US: Guangzhou NetEase Mail Master
+CVE-2020-24160 (Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vu ...)
+ NOT-FOR-US: Shenzhen Tencent TIM Windows client
+CVE-2020-24159 (NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can ...)
+ NOT-FOR-US: NetEase Youdao Dictionary
+CVE-2020-24158 (360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which ...)
+ NOT-FOR-US: 360 Speed Browser
+CVE-2020-24157
+ RESERVED
+CVE-2020-24156
+ RESERVED
+CVE-2020-24155
+ RESERVED
+CVE-2020-24154
+ RESERVED
+CVE-2020-24153
+ RESERVED
+CVE-2020-24152
+ RESERVED
+CVE-2020-24151
+ RESERVED
+CVE-2020-24150
+ RESERVED
+CVE-2020-24149 (Server-side request forgery (SSRF) in the Podcast Importer SecondLine ...)
+ NOT-FOR-US: Podcast Importer SecondLine (podcast-importer-secondline) plugin for WordPress
+CVE-2020-24148 (Server-side request forgery (SSRF) in the Import XML and RSS Feeds (im ...)
+ NOT-FOR-US: Import XML and RSS Feeds (import-xml-feed) plugin for WordPress
+CVE-2020-24147 (Server-side request forgery (SSR) vulnerability in the WP Smart Import ...)
+ NOT-FOR-US: WP Smart Import (wp-smart-import) plugin for WordPress
+CVE-2020-24146 (Directory traversal in the CM Download Manager (aka cm-download-manage ...)
+ NOT-FOR-US: CM Download Manager (aka cm-download- manager) plugin for WordPress
+CVE-2020-24145 (Cross Site Scripting (XSS) vulnerability in the CM Download Manager (a ...)
+ NOT-FOR-US: CM Download Manager (aka cm-download-manager) plugin for WordPress
+CVE-2020-24144 (Directory traversal in the Media File Organizer (aka media-file-organi ...)
+ NOT-FOR-US: Media File Organizer (aka media-file- organizer) plugin for WordPress
+CVE-2020-24143 (Directory traversal in the Video Downloader for TikTok (aka downloader ...)
+ NOT-FOR-US: Video Downloader for TikTok (aka downloader-tiktok) plugin for WordPress
+CVE-2020-24142 (Server-side request forgery in the Video Downloader for TikTok (aka do ...)
+ NOT-FOR-US: Video Downloader for TikTok (aka downloader-tiktok) plugin for WordPress
+CVE-2020-24141 (Server-side request forgery in the WP-DownloadManager plugin 1.68.4 fo ...)
+ NOT-FOR-US: WP-DownloadManager plugin for WordPress
+CVE-2020-24140 (Server-side request forgery in Wcms 0.3.2 let an attacker send crafted ...)
+ NOT-FOR-US: wmcs
+CVE-2020-24139 (Server-side request forgery in Wcms 0.3.2 lets an attacker send crafte ...)
+ NOT-FOR-US: wmcs
+CVE-2020-24138 (Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote a ...)
+ NOT-FOR-US: wmcs
+CVE-2020-24137 (Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to ...)
+ NOT-FOR-US: wmcs
+CVE-2020-24136 (Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary ...)
+ NOT-FOR-US: wmcs
+CVE-2020-24135 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
+ NOT-FOR-US: wmcs
+CVE-2020-24134
+ RESERVED
+CVE-2020-24133 (A heap buffer overflow vulnerability in the r_asm_swf_disass function ...)
+ NOT-FOR-US: radare2 extras
+CVE-2020-24132
+ RESERVED
+CVE-2020-24131
+ RESERVED
+CVE-2020-24130 (A cross site request forgery (CSRF) vulnerability in the configure.htm ...)
+ NOT-FOR-US: Ponzu CMS
+CVE-2020-24129
+ RESERVED
+CVE-2020-24128
+ RESERVED
+CVE-2020-24127
+ RESERVED
+CVE-2020-24126
+ RESERVED
+CVE-2020-24125
+ RESERVED
+CVE-2020-24124
+ RESERVED
+CVE-2020-24123
+ RESERVED
+CVE-2020-24122
+ RESERVED
+CVE-2020-24121
+ RESERVED
+CVE-2020-24120
+ RESERVED
+CVE-2020-24119 (A heap buffer overflow read was discovered in upx 4.0.0, because the c ...)
+ - upx-ucl <unfixed> (unimportant)
+ NOTE: https://github.com/upx/upx/issues/388
+ NOTE: https://github.com/upx/upx/commit/87b73e5cfdc12da94c251b2cd83bb01c7d9f616c
+CVE-2020-24118
+ RESERVED
+CVE-2020-24117
+ RESERVED
+CVE-2020-24116
+ RESERVED
+CVE-2020-24115 (In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials i ...)
+ NOT-FOR-US: projectworlds Online Book Store
+CVE-2020-24114
+ RESERVED
+CVE-2020-24113
+ RESERVED
+CVE-2020-24112
+ RESERVED
+CVE-2020-24111
+ RESERVED
+CVE-2020-24110
+ RESERVED
+CVE-2020-24109
+ RESERVED
+CVE-2020-24108
+ RESERVED
+CVE-2020-24107
+ RESERVED
+CVE-2020-24106
+ RESERVED
+CVE-2020-24105
+ RESERVED
+CVE-2020-24104 (XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router. ...)
+ NOT-FOR-US: PIX-Link Repeater/Router LV-WR07
+CVE-2020-24103
+ RESERVED
+CVE-2020-24102
+ RESERVED
+CVE-2020-24101
+ RESERVED
+CVE-2020-24100
+ RESERVED
+CVE-2020-24099
+ RESERVED
+CVE-2020-24098
+ RESERVED
+CVE-2020-24097
+ RESERVED
+CVE-2020-24096
+ RESERVED
+CVE-2020-24095
+ RESERVED
+CVE-2020-24094
+ RESERVED
+CVE-2020-24093
+ RESERVED
+CVE-2020-24092
+ RESERVED
+CVE-2020-24091
+ RESERVED
+CVE-2020-24090
+ RESERVED
+CVE-2020-24089
+ RESERVED
+CVE-2020-24088
+ RESERVED
+CVE-2020-24087
+ RESERVED
+CVE-2020-24086
+ RESERVED
+CVE-2020-24085 (A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in ...)
+ NOT-FOR-US: MISP
+CVE-2020-24084
+ RESERVED
+CVE-2020-24083
+ RESERVED
+CVE-2020-24082
+ RESERVED
+CVE-2020-24081
+ RESERVED
+CVE-2020-24080
+ RESERVED
+CVE-2020-24079
+ RESERVED
+CVE-2020-24078
+ RESERVED
+CVE-2020-24077
+ RESERVED
+CVE-2020-24076
+ RESERVED
+CVE-2020-24075
+ RESERVED
+CVE-2020-24074 (The decode program in silk-v3-decoder Version:20160922 Build By kn007 ...)
+ NOT-FOR-US: silk-v3-decoder
+CVE-2020-24073
+ RESERVED
+CVE-2020-24072
+ RESERVED
+CVE-2020-24071
+ RESERVED
+CVE-2020-24070
+ RESERVED
+CVE-2020-24069
+ RESERVED
+CVE-2020-24068
+ RESERVED
+CVE-2020-24067
+ RESERVED
+CVE-2020-24066
+ RESERVED
+CVE-2020-24065
+ RESERVED
+CVE-2020-24064
+ RESERVED
+CVE-2020-24063 (The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php? ...)
+ NOT-FOR-US: Canto plugin for WordPress
+CVE-2020-24062
+ RESERVED
+CVE-2020-24061
+ RESERVED
+CVE-2020-24060
+ RESERVED
+CVE-2020-24059
+ RESERVED
+CVE-2020-24058
+ RESERVED
+CVE-2020-24057 (The management website of the Verint S5120FD Verint_FW_0_42 unit featu ...)
+ NOT-FOR-US: Verint
+CVE-2020-24056 (A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_ ...)
+ NOT-FOR-US: Verint
+CVE-2020-24055 (Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320 ...)
+ NOT-FOR-US: Verint
+CVE-2020-24054 (The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2 ...)
+ NOT-FOR-US: Moog
+CVE-2020-24053 (Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credenti ...)
+ NOT-FOR-US: Moog
+CVE-2020-24052 (Several XML External Entity (XXE) vulnerabilities in the Moog EXO Seri ...)
+ NOT-FOR-US: Moog
+CVE-2020-24051 (The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF int ...)
+ NOT-FOR-US: Moog
+CVE-2020-24050
+ RESERVED
+CVE-2020-24049
+ RESERVED
+CVE-2020-24048
+ RESERVED
+CVE-2020-24047
+ RESERVED
+CVE-2020-24046 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...)
+ NOT-FOR-US: TitanHQ
+CVE-2020-24045 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...)
+ NOT-FOR-US: TitanHQ
+CVE-2020-24044
+ RESERVED
+CVE-2020-24043
+ RESERVED
+CVE-2020-24042
+ RESERVED
+CVE-2020-24041
+ RESERVED
+CVE-2020-24040
+ RESERVED
+CVE-2020-24039
+ RESERVED
+CVE-2020-24038 (myFax version 229 logs sensitive information in the export log module ...)
+ NOT-FOR-US: myFax
+CVE-2020-24037
+ RESERVED
+CVE-2020-24036 (PHP object injection in the Ajax endpoint of the backend in ForkCMS be ...)
+ NOT-FOR-US: ForkCMS
+CVE-2020-24035
+ RESERVED
+CVE-2020-24034 (Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecu ...)
+ NOT-FOR-US: Sagemcom F@ST 5280 routers
+CVE-2020-24033 (An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The f ...)
+ NOT-FOR-US: fs.com S3900
+CVE-2020-24032 (tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cm ...)
+ NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD
+CVE-2020-24031
+ RESERVED
+CVE-2020-24030 (ForLogic Qualiex v1 and v3 has weak token expiration. This allows remo ...)
+ NOT-FOR-US: ForLogic Qualiex
+CVE-2020-24029 (Because of unauthenticated password changes in ForLogic Qualiex v1 and ...)
+ NOT-FOR-US: ForLogic Qualiex
+CVE-2020-24028 (ForLogic Qualiex v1 and v3 allows any authenticated customer to achiev ...)
+ NOT-FOR-US: ForLogic Qualiex
+CVE-2020-24027 (In Live Networks, Inc., liblivemedia version 20200625, there is a pote ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <no-dsa> (Minor issue)
+ [stretch] - liblivemedia <no-dsa> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2020-July/021662.html
+ NOTE: Fixed in 2020.07.09 upstream, cf.
+ NOTE: http://www.live555.com/liveMedia/public/changelog.txt
+CVE-2020-24026 (TinyShop, a free and open source mall based on RageFrame2, has a store ...)
+ NOT-FOR-US: TinyShop
+CVE-2020-24025 (Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when r ...)
+ - node-node-sass <unfixed>
+ [bullseye] - node-node-sass <ignored> (Minor issue)
+ NOTE: https://github.com/sass/node-sass/pull/567#issuecomment-656609236
+CVE-2020-24024
+ RESERVED
+CVE-2020-24023
+ RESERVED
+CVE-2020-24022
+ RESERVED
+CVE-2020-24021
+ RESERVED
+CVE-2020-24020 (Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad ...)
+ - ffmpeg 7:4.3.1-1
+ [bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
+ [buster] - ffmpeg <not-affected> (Vulnerable code not present)
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
+ NOTE: https://trac.ffmpeg.org/ticket/8718
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb
+CVE-2020-24019
+ RESERVED
+CVE-2020-24018
+ RESERVED
+CVE-2020-24017
+ RESERVED
+CVE-2020-24016
+ RESERVED
+CVE-2020-24015
+ RESERVED
+CVE-2020-24014
+ RESERVED
+CVE-2020-24013
+ RESERVED
+CVE-2020-24012
+ RESERVED
+CVE-2020-24011
+ RESERVED
+CVE-2020-24010
+ RESERVED
+CVE-2020-24009
+ RESERVED
+CVE-2020-24008 (Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs ...)
+ NOT-FOR-US: Umanni RH
+CVE-2020-24007 (Umanni RH 1.0 does not limit the number of authentication attempts. An ...)
+ NOT-FOR-US: Umanni RH
+CVE-2020-24006
+ RESERVED
+CVE-2020-24005
+ RESERVED
+CVE-2020-24004
+ RESERVED
+CVE-2020-24003 (Microsoft Skype through 8.59.0.77 on macOS has the disable-library-val ...)
+ NOT-FOR-US: Microsoft Skype on MacOS
+CVE-2020-24002
+ RESERVED
+CVE-2020-24001
+ RESERVED
+CVE-2020-24000 (SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to ...)
+ NOT-FOR-US: eyoucms cms
+CVE-2020-23999
+ RESERVED
+CVE-2020-23998
+ RESERVED
+CVE-2020-23997
+ RESERVED
+CVE-2020-23996 (A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 an ...)
+ NOT-FOR-US: ILIAS
+CVE-2020-23995 (An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 ...)
+ NOT-FOR-US: ILIAS
+CVE-2020-23994
+ RESERVED
+CVE-2020-23993
+ RESERVED
+CVE-2020-23992
+ RESERVED
+CVE-2020-23991
+ RESERVED
+CVE-2020-23990
+ RESERVED
+CVE-2020-23989 (NeDi 1.9C allows pwsec.php oid XSS. ...)
+ NOT-FOR-US: NeDi
+CVE-2020-23988
+ RESERVED
+CVE-2020-23987
+ RESERVED
+CVE-2020-23986 (Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 w ...)
+ NOT-FOR-US: Github Read Me Stats
+CVE-2020-23985
+ RESERVED
+CVE-2020-23984 (Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-s ...)
+ NOT-FOR-US: Online Hotel Booking System Pro PHP
+CVE-2020-23983 (Michael-design iChat Realtime PHP Live Support System 1.6 has persiste ...)
+ NOT-FOR-US: Michael-design iChat Realtime PHP Live Support System
+CVE-2020-23982 (DesignMasterEvents Conference management 1.0.0 has cross site scriptin ...)
+ NOT-FOR-US: DesignMasterEvents Conference management
+CVE-2020-23981 (13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id pa ...)
+ NOT-FOR-US: 13enforme CMS
+CVE-2020-23980 (DesignMasterEvents Conference management 1.0.0 allows SQL Injection vi ...)
+ NOT-FOR-US: DesignMasterEvents Conference management
+CVE-2020-23979 (13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter ...)
+ NOT-FOR-US: 13enforme CMS
+CVE-2020-23978 (SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the ...)
+ NOT-FOR-US: Soluzione Globale Ecommerce CMS
+CVE-2020-23977 (KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 't ...)
+ NOT-FOR-US: KandNconcepts Club CMS
+CVE-2020-23976 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection ...)
+ NOT-FOR-US: Webexcels Ecommerce CMS
+CVE-2020-23975 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scr ...)
+ NOT-FOR-US: Webexcels Ecommerce CMS
+CVE-2020-23974 (Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting ...)
+ NOT-FOR-US: Create-Project Manager
+CVE-2020-23973 (KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php ...)
+ NOT-FOR-US: KandNconcepts Club CMS
+CVE-2020-23972 (In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can ...)
+ NOT-FOR-US: Joomla Component GMapFP
+CVE-2020-23971 (gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Pe ...)
+ NOT-FOR-US: gmapfp.org Joomla Component GMapFP
+CVE-2020-23970
+ RESERVED
+CVE-2020-23969
+ RESERVED
+CVE-2020-23968 (Ilex International Sign&amp;go Workstation Security Suite 7.1 allows e ...)
+ NOT-FOR-US: Ilex International Sign&go Workstation Security Suite
+CVE-2020-23967 (Dr.Web Security Space versions 11 and 12 allow elevation of privilege ...)
+ NOT-FOR-US: Dr.Web Security Space
+CVE-2020-23966
+ RESERVED
+CVE-2020-23965
+ RESERVED
+CVE-2020-23964
+ RESERVED
+CVE-2020-23963
+ RESERVED
+CVE-2020-23962 (A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allow ...)
+ NOT-FOR-US: Catfish CMS
+CVE-2020-23961
+ RESERVED
+CVE-2020-23960 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Admi ...)
+ NOT-FOR-US: Fork CMS
+CVE-2020-23959
+ RESERVED
+CVE-2020-23958
+ RESERVED
+CVE-2020-23957 (Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) ...)
+ NOT-FOR-US: Pega Platform
+CVE-2020-23956
+ RESERVED
+CVE-2020-23955
+ RESERVED
+CVE-2020-23954
+ RESERVED
+CVE-2020-23953
+ RESERVED
+CVE-2020-23952
+ RESERVED
+CVE-2020-23951
+ RESERVED
+CVE-2020-23950
+ RESERVED
+CVE-2020-23949
+ RESERVED
+CVE-2020-23948
+ RESERVED
+CVE-2020-23947
+ RESERVED
+CVE-2020-23946
+ RESERVED
+CVE-2020-23945 (A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id ...)
+ NOT-FOR-US: Victor CMS
+CVE-2020-23944
+ RESERVED
+CVE-2020-23943
+ RESERVED
+CVE-2020-23942
+ RESERVED
+CVE-2020-23941
+ RESERVED
+CVE-2020-23940
+ RESERVED
+CVE-2020-23939
+ RESERVED
+CVE-2020-23938
+ REJECTED
+CVE-2020-23937
+ RESERVED
+CVE-2020-23936 (PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Auth ...)
+ NOT-FOR-US: PHPGurukul Vehicle Parking Management System
+CVE-2020-23935 (Kabir Alhasan Student Management System 1.0 is vulnerable to Authentic ...)
+ NOT-FOR-US: Kabir Alhasan Student Management System
+CVE-2020-23934 (An issue was discovered in RiteCMS 2.2.1. An authenticated user can di ...)
+ NOT-FOR-US: RiteCMS
+CVE-2020-23933
+ REJECTED
+CVE-2020-23932 (An issue was discovered in gpac before 1.0.1. A NULL pointer dereferen ...)
+ - gpac 1.0.1+dfsg1-2 (bug #987374)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/ce01bd15f711d4575b7424b54b3a395ec64c1784
+ NOTE: https://github.com/gpac/gpac/issues/1566
+CVE-2020-23931 (An issue was discovered in gpac before 1.0.1. The abst_box_read functi ...)
+ - gpac 1.0.1+dfsg1-2 (bug #987374)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/093283e727f396130651280609e687cd4778e0d1
+ NOTE: https://github.com/gpac/gpac/issues/1564
+ NOTE: https://github.com/gpac/gpac/issues/1567
+CVE-2020-23930 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...)
+ - gpac 1.0.1+dfsg1-2 (bug #987374)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/9eeac00b38348c664dfeae2525bba0cf1bc32349
+ NOTE: https://github.com/gpac/gpac/issues/1565
+CVE-2020-23929
+ RESERVED
+CVE-2020-23928 (An issue was discovered in gpac before 1.0.1. The abst_box_read functi ...)
+ - gpac 1.0.1+dfsg1-2 (bug #987374)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/8e05648d6b4459facbc783025c5c42d301fef5c3
+ NOTE: https://github.com/gpac/gpac/issues/1568
+ NOTE: https://github.com/gpac/gpac/issues/1569
+CVE-2020-23927
+ RESERVED
+CVE-2020-23926
+ RESERVED
+CVE-2020-23925
+ RESERVED
+CVE-2020-23924
+ RESERVED
+CVE-2020-23923
+ RESERVED
+CVE-2020-23922 (An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif ...)
+ - giflib <unfixed> (bug #988151)
+ [bullseye] - giflib <no-dsa> (Minor issue)
+ [buster] - giflib <no-dsa> (Minor issue)
+ [stretch] - giflib <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/giflib/bugs/151/
+CVE-2020-23921 (An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_c ...)
+ NOT-FOR-US: fast_ber
+CVE-2020-23920
+ RESERVED
+CVE-2020-23919
+ RESERVED
+CVE-2020-23918
+ RESERVED
+CVE-2020-23917
+ RESERVED
+CVE-2020-23916
+ RESERVED
+CVE-2020-23915 (An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_es ...)
+ TODO: retroarch and salmon embed peglib, check if it's actually a security issue
+ NOTE: https://github.com/yhirose/cpp-peglib/commit/b3b29ce8f3acf3a32733d930105a17d7b0ba347e
+ NOTE: https://github.com/yhirose/cpp-peglib/issues/122
+CVE-2020-23914 (An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer ...)
+ TODO: retroarch and salmon embed peglib, check if it's actually a security issue
+ NOTE: https://github.com/yhirose/cpp-peglib/commit/0061f393de54cf0326621c079dc2988336d1ebb3
+ NOTE: https://github.com/yhirose/cpp-peglib/issues/121
+CVE-2020-23913
+ RESERVED
+CVE-2020-23912 (An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer d ...)
+ NOT-FOR-US: Bento4
+CVE-2020-23911
+ RESERVED
+CVE-2020-23910
+ RESERVED
+CVE-2020-23909
+ RESERVED
+CVE-2020-23908
+ RESERVED
+CVE-2020-23907 (An issue was discovered in retdec v3.3. In function canSplitFunctionOn ...)
+ NOT-FOR-US: retdec
+CVE-2020-23906 (FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of servi ...)
+ - ffmpeg 7:4.3.1-1
+ [buster] - ffmpeg <not-affected> (Vulnerable code introduced later)
+ [stretch] - ffmpeg <not-affected> (Vulnerable code introduced later)
+ NOTE: Regressed since: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e045be92cdf5a2851900e8e85b815c29ae6f100a (n4.3)
+ NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ec59dc73f0cc8930bf5dae389cd76d049d537ca7 (n4.4)
+ NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be84216c53a4ed81573c82320e9c4a20e9b349d9 (n4.3.1)
+CVE-2020-23905
+ RESERVED
+CVE-2020-23904 (** DISPUTED ** A stack buffer overflow in speexenc.c of Speex v1.2 all ...)
+ - speex <unfixed>
+ [bullseye] - speex <no-dsa> (Minor issue)
+ [buster] - speex <no-dsa> (Minor issue)
+ [stretch] - speex <no-dsa> (Minor issue)
+ NOTE: https://github.com/xiph/speex/issues/14
+CVE-2020-23903 (A Divide by Zero vulnerability in the function static int read_samples ...)
+ - speex <unfixed>
+ [bullseye] - speex <no-dsa> (Minor issue)
+ [buster] - speex <no-dsa> (Minor issue)
+ [stretch] - speex <no-dsa> (Minor issue)
+ NOTE: https://github.com/xiph/speex/issues/13
+CVE-2020-23902 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23901 (A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows at ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23900 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23899 (A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows at ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23898 (A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows at ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23897 (A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23896 (A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows at ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23895 (A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows at ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23894 (A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23893 (A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23892
+ RESERVED
+CVE-2020-23891 (A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows at ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23890 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23889 (A User Mode Write AV starting at Editor!TMethodImplementationIntercept ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23888 (A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 ...)
+ NOT-FOR-US: WildBit Viewer
+CVE-2020-23887 (XnView MP v0.96.4 was discovered to contain a heap overflow which allo ...)
+ NOT-FOR-US: XnView MP
+CVE-2020-23886 (XnView MP v0.96.4 was discovered to contain a heap overflow which allo ...)
+ NOT-FOR-US: XnView MP
+CVE-2020-23885
+ RESERVED
+CVE-2020-23884 (A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial ...)
+ - nomacs <unfixed>
+ [buster] - nomacs <no-dsa> (Minor issue)
+ [stretch] - nomacs <no-dsa> (Minor issue)
+ NOTE: https://github.com/nomacs/nomacs/issues/516
+CVE-2020-23883
+ RESERVED
+CVE-2020-23882
+ RESERVED
+CVE-2020-23881
+ RESERVED
+CVE-2020-23880
+ RESERVED
+CVE-2020-23879 (pdf2json v0.71 was discovered to contain a NULL pointer dereference in ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-23878 (pdf2json v0.71 was discovered to contain a stack buffer overflow in th ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-23877 (pdf2xml v2.0 was discovered to contain a stack buffer overflow in the ...)
+ NOT-FOR-US: pdf2xml
+CVE-2020-23876 (pdf2xml v2.0 was discovered to contain a memory leak in the function T ...)
+ NOT-FOR-US: pdf2xml
+CVE-2020-23875
+ RESERVED
+CVE-2020-23874 (pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the f ...)
+ NOT-FOR-US: pdf2xml
+CVE-2020-23873 (pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the f ...)
+ NOT-FOR-US: pdf2xml
+CVE-2020-23872 (A NULL pointer dereference in the function TextPage::restoreState of p ...)
+ NOT-FOR-US: pdf2xml
+CVE-2020-23871
+ RESERVED
+CVE-2020-23870
+ RESERVED
+CVE-2020-23869
+ RESERVED
+CVE-2020-23868 (NeDi 1.9C allows inc/rt-popup.php d XSS. ...)
+ NOT-FOR-US: NeDi
+CVE-2020-23867
+ RESERVED
+CVE-2020-23866
+ RESERVED
+CVE-2020-23865
+ RESERVED
+CVE-2020-23864 (An issue exits in IOBit Malware Fighter version 8.0.2.547. Local escal ...)
+ NOT-FOR-US: IOBit Malware Fighter
+CVE-2020-23863
+ RESERVED
+CVE-2020-23862
+ RESERVED
+CVE-2020-23861 (A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 v ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-23860
+ RESERVED
+CVE-2020-23859
+ RESERVED
+CVE-2020-23858
+ RESERVED
+CVE-2020-23857
+ RESERVED
+CVE-2020-23856 (Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, ...)
+ - cflow 1:1.6-6 (unimportant; bug #988985)
+ NOTE: https://lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html
+ NOTE: https://git.savannah.gnu.org/cgit/cflow.git/commit/?id=b9a7cd5e9d4efb54141dd0d11c319bb97a4600c6
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-23855
+ RESERVED
+CVE-2020-23854
+ RESERVED
+CVE-2020-23853
+ RESERVED
+CVE-2020-23852 (A heap based buffer overflow vulnerability exists in ffjpeg through 20 ...)
+ NOT-FOR-US: ffjpeg
+CVE-2020-23851 (A stack-based buffer overflow vulnerability exists in ffjpeg through 2 ...)
+ NOT-FOR-US: ffjpeg
+CVE-2020-23850
+ RESERVED
+CVE-2020-23849 (Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 ...)
+ NOT-FOR-US: jsoneditor
+CVE-2020-23848
+ RESERVED
+CVE-2020-23847
+ RESERVED
+CVE-2020-23846
+ RESERVED
+CVE-2020-23845
+ RESERVED
+CVE-2020-23844
+ RESERVED
+CVE-2020-23843
+ RESERVED
+CVE-2020-23842
+ RESERVED
+CVE-2020-23841
+ RESERVED
+CVE-2020-23840
+ RESERVED
+CVE-2020-23839 (A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS ...)
+ NOT-FOR-US: GetSimple CMS
+CVE-2020-23838
+ RESERVED
+CVE-2020-23837 (A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User pl ...)
+ NOT-FOR-US: GetSimple CMS
+CVE-2020-23836 (A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in ...)
+ NOT-FOR-US: OSWAPP Warehouse Inventory System
+CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...)
+ NOT-FOR-US: SourceCodester Tailor Management System
+CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real Time Logic ...)
+ NOT-FOR-US: Real Time Logic BarracudaDrive
+CVE-2020-23833 (Projectworlds House Rental v1.0 suffers from an unauthenticated SQL In ...)
+ NOT-FOR-US: Projectworlds House Rental
+CVE-2020-23832 (A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin ...)
+ NOT-FOR-US: Projectworlds Car Rental Management System
+CVE-2020-23831 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...)
+ NOT-FOR-US: SourceCodester Stock Management System
+CVE-2020-23830 (A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.ph ...)
+ NOT-FOR-US: SourceCodester Stock Management System
+CVE-2020-23829 (interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suff ...)
+ NOT-FOR-US: LibreHealth EHR
+CVE-2020-23828 (A File Upload vulnerability in SourceCodester Online Course Registrati ...)
+ NOT-FOR-US: SourceCodester Online Course Registration
+CVE-2020-23827
+ RESERVED
+CVE-2020-23826 (** DISPUTED ** The Yale WIPC-303W 2.21 through 2.31 camera is vulnerab ...)
+ NOT-FOR-US: Yale WIPC-303W camera
+CVE-2020-23825
+ RESERVED
+CVE-2020-23824 (ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forger ...)
+ NOT-FOR-US: ArGo Soft Mail Server
+CVE-2020-23823
+ RESERVED
+CVE-2020-23822
+ RESERVED
+CVE-2020-23821
+ RESERVED
+CVE-2020-23820
+ RESERVED
+CVE-2020-23819
+ RESERVED
+CVE-2020-23818
+ RESERVED
+CVE-2020-23817
+ RESERVED
+CVE-2020-23816
+ RESERVED
+CVE-2020-23815
+ RESERVED
+CVE-2020-23814 (Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 ...)
+ NOT-FOR-US: xxl-job
+CVE-2020-23813
+ RESERVED
+CVE-2020-23812
+ RESERVED
+CVE-2020-23811 (xxl-job 2.2.0 allows Information Disclosure of username, model, and pa ...)
+ NOT-FOR-US: xxl-job
+CVE-2020-23810
+ RESERVED
+CVE-2020-23809
+ RESERVED
+CVE-2020-23808
+ RESERVED
+CVE-2020-23807
+ RESERVED
+CVE-2020-23806
+ RESERVED
+CVE-2020-23805
+ RESERVED
+CVE-2020-23804
+ RESERVED
+CVE-2020-23803
+ RESERVED
+CVE-2020-23802
+ RESERVED
+CVE-2020-23801
+ RESERVED
+CVE-2020-23800
+ RESERVED
+CVE-2020-23799
+ RESERVED
+CVE-2020-23798
+ RESERVED
+CVE-2020-23797
+ RESERVED
+CVE-2020-23796
+ RESERVED
+CVE-2020-23795
+ RESERVED
+CVE-2020-23794
+ RESERVED
+CVE-2020-23793
+ RESERVED
+CVE-2020-23792
+ RESERVED
+CVE-2020-23791
+ RESERVED
+CVE-2020-23790 (An Arbitrary File Upload vulnerability was discovered in the Golo Lara ...)
+ NOT-FOR-US: Golo Laravel theme
+CVE-2020-23789
+ RESERVED
+CVE-2020-23788
+ RESERVED
+CVE-2020-23787
+ RESERVED
+CVE-2020-23786
+ RESERVED
+CVE-2020-23785
+ RESERVED
+CVE-2020-23784
+ RESERVED
+CVE-2020-23783
+ RESERVED
+CVE-2020-23782
+ RESERVED
+CVE-2020-23781
+ RESERVED
+CVE-2020-23780
+ RESERVED
+CVE-2020-23779
+ RESERVED
+CVE-2020-23778
+ RESERVED
+CVE-2020-23777
+ RESERVED
+CVE-2020-23776 (A SSRF vulnerability exists in Winmail 6.5 in app.php in the key param ...)
+ NOT-FOR-US: Winmail
+CVE-2020-23775
+ RESERVED
+CVE-2020-23774 (A reflected XSS vulnerability exists in tohtml/convert.php of Winmail ...)
+ NOT-FOR-US: Winmail
+CVE-2020-23773
+ RESERVED
+CVE-2020-23772
+ RESERVED
+CVE-2020-23771
+ RESERVED
+CVE-2020-23770
+ RESERVED
+CVE-2020-23769
+ RESERVED
+CVE-2020-23768 (An information disclosure vulnerability was discovered in alipay_funct ...)
+ NOT-FOR-US: Alibaba payment interface on PHPPYUN
+CVE-2020-23767
+ RESERVED
+CVE-2020-23766 (An arbitrary file deletion vulnerability was discovered on htmly v2.7. ...)
+ NOT-FOR-US: htmly
+CVE-2020-23765 (A file upload vulnerability was discovered in the file path /bl-plugin ...)
+ NOT-FOR-US: Bludit
+CVE-2020-23764
+ RESERVED
+CVE-2020-23763 (SQL injection in admin.php in Online Book Store 1.0 allows remote atta ...)
+ NOT-FOR-US: Online Book Store
+CVE-2020-23762 (Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugi ...)
+ NOT-FOR-US: Larsens calendar
+CVE-2020-23761 (Cross Site Scripting (XSS) vulnerability in subrion CMS Version &lt;= ...)
+ NOT-FOR-US: subrion CMS
+CVE-2020-23760
+ RESERVED
+CVE-2020-23759
+ RESERVED
+CVE-2020-23758
+ RESERVED
+CVE-2020-23757
+ RESERVED
+CVE-2020-23756
+ RESERVED
+CVE-2020-23755
+ RESERVED
+CVE-2020-23754 (Cross Site Scripting (XSS) vulnerability in infusions/member_poll_pane ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-23753
+ RESERVED
+CVE-2020-23752
+ RESERVED
+CVE-2020-23751
+ RESERVED
+CVE-2020-23750
+ RESERVED
+CVE-2020-23749
+ RESERVED
+CVE-2020-23748
+ RESERVED
+CVE-2020-23747
+ RESERVED
+CVE-2020-23746
+ RESERVED
+CVE-2020-23745
+ RESERVED
+CVE-2020-23744
+ RESERVED
+CVE-2020-23743
+ RESERVED
+CVE-2020-23742
+ RESERVED
+CVE-2020-23741 (In AnyView (network police) network monitoring software 4.6.0.1, there ...)
+ NOT-FOR-US: AnyView (network police) network monitoring software
+CVE-2020-23740 (In DriverGenius 9.61.5480.28 there is a local privilege escalation vul ...)
+ NOT-FOR-US: DriverGenius
+CVE-2020-23739
+ RESERVED
+CVE-2020-23738 (There is a local denial of service vulnerability in Advanced SystemCar ...)
+ NOT-FOR-US: Advanced SystemCare
+CVE-2020-23737
+ RESERVED
+CVE-2020-23736 (There is a local denial of service vulnerability in DaDa accelerator 5 ...)
+ NOT-FOR-US: DaDa accelerator
+CVE-2020-23735 (In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escal ...)
+ NOT-FOR-US: Saibo Cyber Game Accelerator
+CVE-2020-23734
+ RESERVED
+CVE-2020-23733
+ RESERVED
+CVE-2020-23732
+ RESERVED
+CVE-2020-23731
+ RESERVED
+CVE-2020-23730
+ RESERVED
+CVE-2020-23729
+ RESERVED
+CVE-2020-23728
+ RESERVED
+CVE-2020-23727 (There is a local denial of service vulnerability in the Antiy Zhijia T ...)
+ NOT-FOR-US: Antiy Zhijia Terminal Defense System
+CVE-2020-23726 (There is a local denial of service vulnerability in Wise Care 365 5.5. ...)
+ NOT-FOR-US: Wise Care 365
+CVE-2020-23725
+ RESERVED
+CVE-2020-23724
+ RESERVED
+CVE-2020-23723
+ RESERVED
+CVE-2020-23722 (An issue was discovered in FUEL CMS 1.4.7. There is a escalation of pr ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2020-23721 (An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2020-23720
+ RESERVED
+CVE-2020-23719 (Cross site scripting (XSS) vulnerability in application/controllers/Ad ...)
+ NOT-FOR-US: xujinliang zibbs
+CVE-2020-23718 (Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allo ...)
+ NOT-FOR-US: xujinliang zibbs
+CVE-2020-23717
+ RESERVED
+CVE-2020-23716
+ RESERVED
+CVE-2020-23715 (Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the ...)
+ NOT-FOR-US: Webport
+CVE-2020-23714
+ RESERVED
+CVE-2020-23713
+ RESERVED
+CVE-2020-23712
+ RESERVED
+CVE-2020-23711 (SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2020-23710 (Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbo ...)
+ - limesurvey <itp> (bug #472802)
+CVE-2020-23709
+ RESERVED
+CVE-2020-23708
+ RESERVED
+CVE-2020-23707 (A heap-based buffer overflow vulnerability in the function ok_jpg_deco ...)
+ NOT-FOR-US: ok-file-formats
+CVE-2020-23706 (A heap-based buffer overflow vulnerability in the function ok_jpg_deco ...)
+ NOT-FOR-US: ok-file-formats
+CVE-2020-23705 (A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ...)
+ NOT-FOR-US: ffjpeg
+CVE-2020-23704
+ RESERVED
+CVE-2020-23703
+ RESERVED
+CVE-2020-23702 (Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'Ne ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-23701
+ RESERVED
+CVE-2020-23700 (Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the ...)
+ NOT-FOR-US: LavaLite-CMS
+CVE-2020-23699
+ RESERVED
+CVE-2020-23698
+ RESERVED
+CVE-2020-23697 (Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page fe ...)
+ NOT-FOR-US: Monstra CMS
+CVE-2020-23696
+ RESERVED
+CVE-2020-23695
+ RESERVED
+CVE-2020-23694
+ RESERVED
+CVE-2020-23693
+ RESERVED
+CVE-2020-23692
+ RESERVED
+CVE-2020-23691 (YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the ...)
+ NOT-FOR-US: YFCMF
+CVE-2020-23690
+ RESERVED
+CVE-2020-23689 (In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments s ...)
+ NOT-FOR-US: YFCMF
+CVE-2020-23688
+ RESERVED
+CVE-2020-23687
+ RESERVED
+CVE-2020-23686 (Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows ...)
+ NOT-FOR-US: AyaCMS
+CVE-2020-23685 (SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to ...)
+ NOT-FOR-US: 188Jianzhan
+CVE-2020-23684
+ RESERVED
+CVE-2020-23683
+ RESERVED
+CVE-2020-23682
+ RESERVED
+CVE-2020-23681
+ RESERVED
+CVE-2020-23680 (An issue was discovered in function StartPage in text2pdf.c in pdfcorn ...)
+ NOT-FOR-US: pdfcorner text2pdf
+CVE-2020-23679 (Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1 ...)
+ NOT-FOR-US: Renleilei1992 Linux_Network_Project
+CVE-2020-23678
+ RESERVED
+CVE-2020-23677
+ RESERVED
+CVE-2020-23676
+ RESERVED
+CVE-2020-23675
+ RESERVED
+CVE-2020-23674
+ RESERVED
+CVE-2020-23673
+ RESERVED
+CVE-2020-23672
+ RESERVED
+CVE-2020-23671
+ RESERVED
+CVE-2020-23670
+ RESERVED
+CVE-2020-23669
+ RESERVED
+CVE-2020-23668
+ RESERVED
+CVE-2020-23667
+ RESERVED
+CVE-2020-23666
+ RESERVED
+CVE-2020-23665
+ RESERVED
+CVE-2020-23664
+ RESERVED
+CVE-2020-23663
+ RESERVED
+CVE-2020-23662
+ RESERVED
+CVE-2020-23661
+ RESERVED
+CVE-2020-23660 (webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." ...)
+ NOT-FOR-US: webTareas
+CVE-2020-23659 (WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the " ...)
+ NOT-FOR-US: WebPort
+CVE-2020-23658 (PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infus ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-23657 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2020-23656 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2020-23655 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2020-23654 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the modu ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2020-23653 (An insecure unserialize vulnerability was discovered in ThinkAdmin ver ...)
+ NOT-FOR-US: ThinkAdmin
+CVE-2020-23652
+ RESERVED
+CVE-2020-23651
+ RESERVED
+CVE-2020-23650
+ RESERVED
+CVE-2020-23649
+ RESERVED
+CVE-2020-23648
+ RESERVED
+CVE-2020-23647
+ RESERVED
+CVE-2020-23646
+ RESERVED
+CVE-2020-23645
+ RESERVED
+CVE-2020-23644 (XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Ho ...)
+ NOT-FOR-US: JIZHICMS
+CVE-2020-23643 (XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signatur ...)
+ NOT-FOR-US: JIZHICMS
+CVE-2020-23642
+ RESERVED
+CVE-2020-23641
+ RESERVED
+CVE-2020-23640
+ RESERVED
+CVE-2020-23639 (A command injection vulnerability exists in Moxa Inc VPort 461 Series ...)
+ NOT-FOR-US: Moxa
+CVE-2020-23638
+ RESERVED
+CVE-2020-23637
+ RESERVED
+CVE-2020-23636
+ RESERVED
+CVE-2020-23635
+ RESERVED
+CVE-2020-23634
+ RESERVED
+CVE-2020-23633
+ RESERVED
+CVE-2020-23632
+ RESERVED
+CVE-2020-23631 (Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA C ...)
+ NOT-FOR-US: WDJA CMS
+CVE-2020-23630 (A blind SQL injection vulnerability exists in zzcms ver201910 based on ...)
+ NOT-FOR-US: zzcms
+CVE-2020-23629
+ RESERVED
+CVE-2020-23628
+ RESERVED
+CVE-2020-23627
+ RESERVED
+CVE-2020-23626
+ RESERVED
+CVE-2020-23625
+ RESERVED
+CVE-2020-23624
+ RESERVED
+CVE-2020-23623
+ RESERVED
+CVE-2020-23622
+ RESERVED
+CVE-2020-23621
+ RESERVED
+CVE-2020-23620
+ RESERVED
+CVE-2020-23619
+ RESERVED
+CVE-2020-23618
+ RESERVED
+CVE-2020-23617
+ RESERVED
+CVE-2020-23616
+ RESERVED
+CVE-2020-23615
+ RESERVED
+CVE-2020-23614
+ RESERVED
+CVE-2020-23613
+ RESERVED
+CVE-2020-23612
+ RESERVED
+CVE-2020-23611
+ RESERVED
+CVE-2020-23610
+ RESERVED
+CVE-2020-23609
+ RESERVED
+CVE-2020-23608
+ RESERVED
+CVE-2020-23607
+ RESERVED
+CVE-2020-23606
+ RESERVED
+CVE-2020-23605
+ RESERVED
+CVE-2020-23604
+ RESERVED
+CVE-2020-23603
+ RESERVED
+CVE-2020-23602
+ RESERVED
+CVE-2020-23601
+ RESERVED
+CVE-2020-23600
+ RESERVED
+CVE-2020-23599
+ RESERVED
+CVE-2020-23598
+ RESERVED
+CVE-2020-23597
+ RESERVED
+CVE-2020-23596
+ RESERVED
+CVE-2020-23595
+ RESERVED
+CVE-2020-23594
+ RESERVED
+CVE-2020-23593
+ RESERVED
+CVE-2020-23592
+ RESERVED
+CVE-2020-23591
+ RESERVED
+CVE-2020-23590
+ RESERVED
+CVE-2020-23589
+ RESERVED
+CVE-2020-23588
+ RESERVED
+CVE-2020-23587
+ RESERVED
+CVE-2020-23586
+ RESERVED
+CVE-2020-23585
+ RESERVED
+CVE-2020-23584
+ RESERVED
+CVE-2020-23583
+ RESERVED
+CVE-2020-23582
+ RESERVED
+CVE-2020-23581
+ RESERVED
+CVE-2020-23580 (Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message b ...)
+ NOT-FOR-US: PbootCMS
+CVE-2020-23579
+ RESERVED
+CVE-2020-23578
+ RESERVED
+CVE-2020-23577
+ RESERVED
+CVE-2020-23576 (Laborator Neon dashboard v3 is affected by stored Cross Site Scripting ...)
+ NOT-FOR-US: Laborator Neon dashboard
+CVE-2020-23575 (A directory traversal vulnerability exists in Kyocera Printer d-COPIA2 ...)
+ NOT-FOR-US: Kyocera
+CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...)
+ NOT-FOR-US: Sysax Multi Server
+CVE-2020-23573
+ RESERVED
+CVE-2020-23572 (BEESCMS v4.0 was discovered to contain an arbitrary file upload vulner ...)
+ NOT-FOR-US: BEESCMS
+CVE-2020-23571
+ RESERVED
+CVE-2020-23570
+ RESERVED
+CVE-2020-23569
+ RESERVED
+CVE-2020-23568
+ RESERVED
+CVE-2020-23567 (Irfanview v4.53 allows attackers to to cause a denial of service (DoS) ...)
+ NOT-FOR-US: Irfanview
+CVE-2020-23566 (Irfanview v4.53 was discovered to contain an infinity loop via JPEG200 ...)
+ NOT-FOR-US: Irfanview
+CVE-2020-23565 (Irfanview v4.53 allows attackers to execute arbitrary code via a craft ...)
+ NOT-FOR-US: Irfanview
+CVE-2020-23564
+ RESERVED
+CVE-2020-23563
+ RESERVED
+CVE-2020-23562
+ RESERVED
+CVE-2020-23561
+ RESERVED
+CVE-2020-23560
+ RESERVED
+CVE-2020-23559
+ RESERVED
+CVE-2020-23558
+ RESERVED
+CVE-2020-23557
+ RESERVED
+CVE-2020-23556
+ RESERVED
+CVE-2020-23555
+ RESERVED
+CVE-2020-23554
+ RESERVED
+CVE-2020-23553
+ RESERVED
+CVE-2020-23552
+ RESERVED
+CVE-2020-23551
+ RESERVED
+CVE-2020-23550
+ RESERVED
+CVE-2020-23549 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...)
+ NOT-FOR-US: IrfanView
+CVE-2020-23548
+ RESERVED
+CVE-2020-23547
+ RESERVED
+CVE-2020-23546 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...)
+ NOT-FOR-US: IrfanView
+CVE-2020-23545 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ NOT-FOR-US: IrfanView
+CVE-2020-23544
+ RESERVED
+CVE-2020-23543
+ RESERVED
+CVE-2020-23542
+ RESERVED
+CVE-2020-23541
+ RESERVED
+CVE-2020-23540
+ RESERVED
+CVE-2020-23539 (An issue was discovered in Realtek rtl8723de BLE Stack &lt;= 4.1 that ...)
+ NOT-FOR-US: Realtek
+CVE-2020-23538
+ RESERVED
+CVE-2020-23537
+ RESERVED
+CVE-2020-23536
+ RESERVED
+CVE-2020-23535
+ RESERVED
+CVE-2020-23534 (A server-side request forgery (SSRF) vulnerability in Upgrade.php of g ...)
+ NOT-FOR-US: gopeak masterlab
+CVE-2020-23533 (Union Pay up to 1.2.0, for web based versions contains a CWE-347: Impr ...)
+ NOT-FOR-US: Union Pay
+CVE-2020-23532
+ RESERVED
+CVE-2020-23531
+ RESERVED
+CVE-2020-23530
+ RESERVED
+CVE-2020-23529
+ RESERVED
+CVE-2020-23528
+ RESERVED
+CVE-2020-23527
+ RESERVED
+CVE-2020-23526
+ RESERVED
+CVE-2020-23525
+ RESERVED
+CVE-2020-23524
+ RESERVED
+CVE-2020-23523
+ RESERVED
+CVE-2020-23522 (Pixelimity 1.0 has cross-site request forgery via the admin/setting.ph ...)
+ NOT-FOR-US: Pixelimity
+CVE-2020-23521
+ RESERVED
+CVE-2020-23520 (imcat 5.2 allows an authenticated file upload and consequently remote ...)
+ NOT-FOR-US: imcat
+CVE-2020-23519
+ RESERVED
+CVE-2020-23518 (Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - ...)
+ NOT-FOR-US: UltimateKode Neo Billing - Accounting, Invoicing And CRM Software
+CVE-2020-23517 (Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS ...)
+ NOT-FOR-US: Aryanic HighMail (High CMS)
+CVE-2020-23516
+ RESERVED
+CVE-2020-23515
+ RESERVED
+CVE-2020-23514
+ RESERVED
+CVE-2020-23513
+ RESERVED
+CVE-2020-23512 (VR CAM P1 Model P1 v1 has an incorrect access control vulnerability wh ...)
+ NOT-FOR-US: VR CAM P1 Model P1
+CVE-2020-23511
+ RESERVED
+CVE-2020-23510
+ RESERVED
+CVE-2020-23509
+ RESERVED
+CVE-2020-23508
+ RESERVED
+CVE-2020-23507
+ RESERVED
+CVE-2020-23506
+ RESERVED
+CVE-2020-23505
+ RESERVED
+CVE-2020-23504
+ RESERVED
+CVE-2020-23503
+ RESERVED
+CVE-2020-23502
+ RESERVED
+CVE-2020-23501
+ RESERVED
+CVE-2020-23500
+ RESERVED
+CVE-2020-23499
+ RESERVED
+CVE-2020-23498
+ RESERVED
+CVE-2020-23497
+ RESERVED
+CVE-2020-23496
+ RESERVED
+CVE-2020-23495
+ RESERVED
+CVE-2020-23494
+ RESERVED
+CVE-2020-23493
+ RESERVED
+CVE-2020-23492
+ RESERVED
+CVE-2020-23491
+ RESERVED
+CVE-2020-23490 (There was a local file disclosure vulnerability in AVideo &lt; 8.9 via ...)
+ NOT-FOR-US: AVideo
+CVE-2020-23489 (The import.json.php file before 8.9 for Avideo is vulnerable to a File ...)
+ NOT-FOR-US: AVideo
+CVE-2020-23488
+ RESERVED
+CVE-2020-23487
+ RESERVED
+CVE-2020-23486
+ RESERVED
+CVE-2020-23485
+ RESERVED
+CVE-2020-23484
+ RESERVED
+CVE-2020-23483
+ RESERVED
+CVE-2020-23482
+ RESERVED
+CVE-2020-23481 (CMS Made Simple 2.2.14 was discovered to contain a cross-site scriptin ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-23480
+ RESERVED
+CVE-2020-23479
+ RESERVED
+CVE-2020-23478 (Leo Editor v6.2.1 was discovered to contain a regular expression denia ...)
+ NOT-FOR-US: Leo Editor
+CVE-2020-23477
+ RESERVED
+CVE-2020-23476
+ RESERVED
+CVE-2020-23475
+ RESERVED
+CVE-2020-23474
+ RESERVED
+CVE-2020-23473
+ RESERVED
+CVE-2020-23472
+ RESERVED
+CVE-2020-23471
+ RESERVED
+CVE-2020-23470
+ RESERVED
+CVE-2020-23469 (gmate v0.12+bionic contains a regular expression denial of service (Re ...)
+ NOT-FOR-US: gmate
+CVE-2020-23468
+ RESERVED
+CVE-2020-23467
+ RESERVED
+CVE-2020-23466
+ RESERVED
+CVE-2020-23465
+ RESERVED
+CVE-2020-23464
+ RESERVED
+CVE-2020-23463
+ RESERVED
+CVE-2020-23462
+ RESERVED
+CVE-2020-23461
+ RESERVED
+CVE-2020-23460
+ RESERVED
+CVE-2020-23459
+ RESERVED
+CVE-2020-23458
+ RESERVED
+CVE-2020-23457
+ RESERVED
+CVE-2020-23456
+ RESERVED
+CVE-2020-23455
+ RESERVED
+CVE-2020-23454
+ RESERVED
+CVE-2020-23453
+ RESERVED
+CVE-2020-23452
+ RESERVED
+CVE-2020-23451 (Spiceworks Version &lt;= 7.5.00107 is affected by CSRF which can lead ...)
+ NOT-FOR-US: Spiceworks
+CVE-2020-23450 (Spiceworks Version &lt;= 7.5.00107 is affected by XSS. Any name typed ...)
+ NOT-FOR-US: Spiceworks
+CVE-2020-23449 (newbee-mall all versions are affected by incorrect access control to r ...)
+ NOT-FOR-US: newbee-mall
+CVE-2020-23448 (newbee-mall all versions are affected by incorrect access control to r ...)
+ NOT-FOR-US: newbee-mall
+CVE-2020-23447 (newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settl ...)
+ NOT-FOR-US: newbee-mall
+CVE-2020-23446 (Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenti ...)
+ NOT-FOR-US: Verint Workforce Optimization suite
+CVE-2020-23445
+ RESERVED
+CVE-2020-23444
+ RESERVED
+CVE-2020-23443
+ RESERVED
+CVE-2020-23442
+ RESERVED
+CVE-2020-23441
+ RESERVED
+CVE-2020-23440
+ RESERVED
+CVE-2020-23439
+ RESERVED
+CVE-2020-23438
+ RESERVED
+CVE-2020-23437
+ RESERVED
+CVE-2020-23436
+ RESERVED
+CVE-2020-23435
+ RESERVED
+CVE-2020-23434
+ RESERVED
+CVE-2020-23433
+ RESERVED
+CVE-2020-23432
+ RESERVED
+CVE-2020-23431
+ RESERVED
+CVE-2020-23430
+ RESERVED
+CVE-2020-23429
+ RESERVED
+CVE-2020-23428
+ RESERVED
+CVE-2020-23427
+ RESERVED
+CVE-2020-23426 (zzcms 201910 contains an access control vulnerability through escalati ...)
+ NOT-FOR-US: zzcms
+CVE-2020-23425
+ RESERVED
+CVE-2020-23424
+ RESERVED
+CVE-2020-23423
+ RESERVED
+CVE-2020-23422
+ RESERVED
+CVE-2020-23421
+ RESERVED
+CVE-2020-23420
+ RESERVED
+CVE-2020-23419
+ RESERVED
+CVE-2020-23418
+ RESERVED
+CVE-2020-23417
+ RESERVED
+CVE-2020-23416
+ RESERVED
+CVE-2020-23415
+ RESERVED
+CVE-2020-23414
+ RESERVED
+CVE-2020-23413
+ RESERVED
+CVE-2020-23412
+ RESERVED
+CVE-2020-23411
+ RESERVED
+CVE-2020-23410
+ RESERVED
+CVE-2020-23409
+ RESERVED
+CVE-2020-23408
+ RESERVED
+CVE-2020-23407
+ RESERVED
+CVE-2020-23406
+ RESERVED
+CVE-2020-23405
+ RESERVED
+CVE-2020-23404
+ RESERVED
+CVE-2020-23403
+ RESERVED
+CVE-2020-23402
+ RESERVED
+CVE-2020-23401
+ RESERVED
+CVE-2020-23400
+ RESERVED
+CVE-2020-23399
+ RESERVED
+CVE-2020-23398
+ RESERVED
+CVE-2020-23397
+ RESERVED
+CVE-2020-23396
+ RESERVED
+CVE-2020-23395
+ RESERVED
+CVE-2020-23394
+ RESERVED
+CVE-2020-23393
+ RESERVED
+CVE-2020-23392
+ RESERVED
+CVE-2020-23391
+ RESERVED
+CVE-2020-23390
+ RESERVED
+CVE-2020-23389
+ RESERVED
+CVE-2020-23388
+ RESERVED
+CVE-2020-23387
+ RESERVED
+CVE-2020-23386
+ RESERVED
+CVE-2020-23385
+ RESERVED
+CVE-2020-23384
+ RESERVED
+CVE-2020-23383
+ RESERVED
+CVE-2020-23382
+ RESERVED
+CVE-2020-23381
+ RESERVED
+CVE-2020-23380
+ RESERVED
+CVE-2020-23379
+ RESERVED
+CVE-2020-23378
+ RESERVED
+CVE-2020-23377
+ RESERVED
+CVE-2020-23376 (NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/ad ...)
+ NOT-FOR-US: NoneCMS
+CVE-2020-23375
+ RESERVED
+CVE-2020-23374 (Cross-site scripting (XSS) vulnerability in admin/article/add.html in ...)
+ NOT-FOR-US: NoneCMS
+CVE-2020-23373 (Cross-site scripting (XSS) vulnerability in admin/nav/add.html in none ...)
+ NOT-FOR-US: NoneCMS
+CVE-2020-23372
+ RESERVED
+CVE-2020-23371 (Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor ...)
+ NOT-FOR-US: NoneCMS
+CVE-2020-23370 (In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/ ...)
+ NOT-FOR-US: YzmCMS
+CVE-2020-23369 (In YzmCMS 5.6, XSS was discovered in member/member_content/init.html v ...)
+ NOT-FOR-US: YzmCMS
+CVE-2020-23368
+ RESERVED
+CVE-2020-23367
+ RESERVED
+CVE-2020-23366
+ RESERVED
+CVE-2020-23365
+ RESERVED
+CVE-2020-23364
+ RESERVED
+CVE-2020-23363
+ RESERVED
+CVE-2020-23362
+ RESERVED
+CVE-2020-23361 (phpList 3.5.3 allows type juggling for login bypass because == is used ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-23360 (oscommerce v2.3.4.1 has a functional problem in user registration and ...)
+ NOT-FOR-US: oscommerce
+CVE-2020-23359 (WeBid 1.2.2 admin/newuser.php has an issue with password rechecking du ...)
+ NOT-FOR-US: WeBid
+CVE-2020-23358
+ RESERVED
+CVE-2020-23357
+ RESERVED
+CVE-2020-23356 (dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type ju ...)
+ NOT-FOR-US: nibbleblog
+CVE-2020-23355 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/use ...)
+ NOT-FOR-US: Codiad
+CVE-2020-23354
+ RESERVED
+CVE-2020-23353
+ RESERVED
+CVE-2020-23352 (Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP l ...)
+ NOT-FOR-US: Z-BlogPHP
+CVE-2020-23351
+ RESERVED
+CVE-2020-23350
+ RESERVED
+CVE-2020-23349
+ RESERVED
+CVE-2020-23348
+ RESERVED
+CVE-2020-23347
+ RESERVED
+CVE-2020-23346
+ RESERVED
+CVE-2020-23345
+ RESERVED
+CVE-2020-23344
+ RESERVED
+CVE-2020-23343
+ RESERVED
+CVE-2020-23342 (A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/ed ...)
+ NOT-FOR-US: Anchor CMS
+CVE-2020-23341 (A reflected cross site scripting (XSS) vulnerability in the /header.tm ...)
+ NOT-FOR-US: ATutor
+CVE-2020-23340
+ RESERVED
+CVE-2020-23339
+ RESERVED
+CVE-2020-23338
+ RESERVED
+CVE-2020-23337
+ RESERVED
+CVE-2020-23336
+ RESERVED
+CVE-2020-23335
+ RESERVED
+CVE-2020-23334 (A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTer ...)
+ NOT-FOR-US: Bento4
+CVE-2020-23333 (A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom ...)
+ NOT-FOR-US: Bento4
+CVE-2020-23332 (A heap-based buffer overflow exists in the AP4_StdcFileByteStream::Rea ...)
+ NOT-FOR-US: Bento4
+CVE-2020-23331 (An issue was discovered in Bento4 version 06c39d9. A NULL pointer dere ...)
+ NOT-FOR-US: Bento4
+CVE-2020-23330 (An issue was discovered in Bento4 version 06c39d9. A NULL pointer dere ...)
+ NOT-FOR-US: Bento4
+CVE-2020-23329
+ RESERVED
+CVE-2020-23328
+ RESERVED
+CVE-2020-23327
+ RESERVED
+CVE-2020-23326
+ RESERVED
+CVE-2020-23325
+ RESERVED
+CVE-2020-23324
+ RESERVED
+CVE-2020-23323 (There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3871
+CVE-2020-23322 (There is an Assertion in 'context_p-&gt;token.type == LEXER_RIGHT_BRAC ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3869
+CVE-2020-23321 (There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_ ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3870
+CVE-2020-23320 (There is an Assertion in 'context_p-&gt;next_scanner_info_p-&gt;type = ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3835
+CVE-2020-23319 (There is an Assertion in '(flags &gt;&gt; CBC_STACK_ADJUST_SHIFT) &gt; ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3834
+CVE-2020-23318
+ RESERVED
+CVE-2020-23317
+ RESERVED
+CVE-2020-23316
+ RESERVED
+CVE-2020-23315 (There is an ASSERTION (pFuncBody-&gt;GetYieldRegister() == oldYieldReg ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3825
+CVE-2020-23313 (There is an Assertion 'scope_stack_p &gt; context_p-&gt;scope_stack_p' ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3823
+CVE-2020-23312 (There is an Assertion 'context.status_flags &amp; PARSER_SCANNING_SUCC ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3824
+CVE-2020-23311 (There is an Assertion 'context_p-&gt;token.type == LEXER_RIGHT_BRACE | ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3822
+CVE-2020-23310 (There is an Assertion 'context_p-&gt;next_scanner_info_p-&gt;type == S ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3821
+CVE-2020-23309 (There is an Assertion 'context_p-&gt;stack_depth == context_p-&gt;cont ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3820
+CVE-2020-23308 (There is an Assertion 'context_p-&gt;stack_top_uint8 == LEXER_EXPRESSI ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3819
+CVE-2020-23307
+ RESERVED
+CVE-2020-23306 (There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_m ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3753
+CVE-2020-23305
+ RESERVED
+CVE-2020-23304
+ RESERVED
+CVE-2020-23303 (There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_co ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3749
+CVE-2020-23302 (There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_re ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3748
+CVE-2020-23301
+ RESERVED
+CVE-2020-23300
+ RESERVED
+CVE-2020-23299
+ RESERVED
+CVE-2020-23298
+ RESERVED
+CVE-2020-23297
+ RESERVED
+CVE-2020-23296
+ RESERVED
+CVE-2020-23295
+ RESERVED
+CVE-2020-23294
+ RESERVED
+CVE-2020-23293
+ RESERVED
+CVE-2020-23292
+ RESERVED
+CVE-2020-23291
+ RESERVED
+CVE-2020-23290
+ RESERVED
+CVE-2020-23289
+ RESERVED
+CVE-2020-23288
+ RESERVED
+CVE-2020-23287
+ RESERVED
+CVE-2020-23286
+ RESERVED
+CVE-2020-23285
+ RESERVED
+CVE-2020-23284 (Information disclosure in aspx pages in MV's IDCE application v1.0 all ...)
+ NOT-FOR-US: IDCE
+CVE-2020-23283 (Information disclosure in Logon Page in MV's mConnect application v02. ...)
+ NOT-FOR-US: mConnect
+CVE-2020-23282 (SQL injection in Logon Page in MV's mConnect application, v02.001.00, ...)
+ NOT-FOR-US: mConnect
+CVE-2020-23281
+ RESERVED
+CVE-2020-23280
+ RESERVED
+CVE-2020-23279
+ RESERVED
+CVE-2020-23278
+ RESERVED
+CVE-2020-23277
+ RESERVED
+CVE-2020-23276
+ RESERVED
+CVE-2020-23275
+ RESERVED
+CVE-2020-23274
+ RESERVED
+CVE-2020-23273 (Heap-buffer overflow in the randomize_iparp function in edit_packet.c. ...)
+ - tcpreplay 4.3.3-1 (unimportant)
+ NOTE: https://github.com/appneta/tcpreplay/issues/579
+ NOTE: Fixed in: https://github.com/appneta/tcpreplay/pull/588
+ NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/314ae7d70aa7630dc17dfdb06edacb131fa8fa99 (v4.3.3-beta1)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-23272
+ RESERVED
+CVE-2020-23271
+ RESERVED
+CVE-2020-23270
+ RESERVED
+CVE-2020-23269 (An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function ...)
+ - gpac 1.0.1+dfsg1-2
+ NOTE: https://github.com/gpac/gpac/issues/1482
+ NOTE: fixed by fixes for related bugs, no specific commit identified upstream
+ NOTE: poc tested with 1.0.1+dfsg1-4+deb11u1
+ NOTE: https://github.com/gpac/gpac/commit/e4ed32bf56fc02fb8a04b9e13f4d7bdae2b3ae12 (v0.9.0-preview)
+CVE-2020-23268
+ RESERVED
+CVE-2020-23267 (An issue was discovered in gpac 0.8.0. The gf_hinter_track_process fun ...)
+ - gpac 1.0.1+dfsg1-2
+ NOTE: https://github.com/gpac/gpac/issues/1479
+ NOTE: fixed by fixes for related bugs, no specific commit identified upstream
+ NOTE: poc tested with 1.0.1+dfsg1-4+deb11u1
+ NOTE: https://github.com/gpac/gpac/commit/b286aa0cdc0cb781e96430c8777d38f066a2c9f9 (v0.9.0, v0.8.1)
+CVE-2020-23266 (An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function ...)
+ - gpac 1.0.1+dfsg1-2
+ NOTE: https://github.com/gpac/gpac/commit/47d8bc5b3ddeed6d775197ebefae7c94a45d9bf2 (v0.9.0, v0.8.1)
+ NOTE: https://github.com/gpac/gpac/issues/1481
+CVE-2020-23265
+ RESERVED
+CVE-2020-23264 (Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remot ...)
+ NOT-FOR-US: Fork CMS
+CVE-2020-23263 (Persistent Cross-site scripting vulnerability on Fork CMS version 5.8. ...)
+ NOT-FOR-US: Fork CMS
+CVE-2020-23262 (An issue was discovered in ming-soft MCMS v5.0, where a malicious user ...)
+ NOT-FOR-US: ming-soft MCMS
+CVE-2020-23261
+ RESERVED
+CVE-2020-23260
+ RESERVED
+CVE-2020-23259
+ RESERVED
+CVE-2020-23258
+ RESERVED
+CVE-2020-23257
+ RESERVED
+CVE-2020-23256
+ RESERVED
+CVE-2020-23255
+ RESERVED
+CVE-2020-23254
+ RESERVED
+CVE-2020-23253
+ RESERVED
+CVE-2020-23252
+ RESERVED
+CVE-2020-23251
+ RESERVED
+CVE-2020-23250 (GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in ...)
+ NOT-FOR-US: GigaVUE-OS
+CVE-2020-23249 (GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaint ...)
+ NOT-FOR-US: GigaVUE-OS
+CVE-2020-23248
+ RESERVED
+CVE-2020-23247
+ RESERVED
+CVE-2020-23246
+ RESERVED
+CVE-2020-23245
+ RESERVED
+CVE-2020-23244
+ RESERVED
+CVE-2020-23243 (Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2. ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2020-23242 (Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when perfo ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2020-23241 (Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-23240 (Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-23239 (Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via ...)
+ NOT-FOR-US: Textpattern CMS
+CVE-2020-23238 (Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via th ...)
+ NOT-FOR-US: Evolution CMS
+CVE-2020-23237
+ RESERVED
+CVE-2020-23236
+ RESERVED
+CVE-2020-23235
+ RESERVED
+CVE-2020-23234 (Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 v ...)
+ NOT-FOR-US: LavaLite CMS
+CVE-2020-23233
+ RESERVED
+CVE-2020-23232
+ RESERVED
+CVE-2020-23231
+ RESERVED
+CVE-2020-23230
+ RESERVED
+CVE-2020-23229
+ RESERVED
+CVE-2020-23228
+ RESERVED
+CVE-2020-23227
+ RESERVED
+CVE-2020-23226 (Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1. ...)
+ - cacti 1.2.13+ds1-1
+ [buster] - cacti <no-dsa> (Minor issues)
+ [stretch] - cacti <no-dsa> (Minor issues; also requires semi-intrusive change to be backported)
+ NOTE: https://github.com/Cacti/cacti/issues/3549
+ NOTE: https://github.com/Cacti/cacti/commit/8d5fbc48debddc91a66b5aed877060566c6b6232 (1.2.13)
+ NOTE: https://github.com/Cacti/cacti/commit/74c011ba8635902713c530ded90bc0a045ca461d (1.2.13)
+ NOTE: https://github.com/Cacti/cacti/commit/5e4c77e908d6ff895a97fb29e1b582160f8d4165 (1.2.13)
+ NOTE: https://github.com/Cacti/cacti/commit/798f499eacc6b90e9e0e6a38db15edf564e3729f (1.2.13)
+ NOTE: https://github.com/Cacti/cacti/commit/dc35a79b15eeb68a46205c7b06d812953fbbf94d (1.2.13)
+ NOTE: https://github.com/Cacti/cacti/commit/72baf7b63bca7b1ee26f37f99be406ea20debf71 (1.2.13)
+ NOTE: https://github.com/Cacti/cacti/commit/de5e60c97b55b17d8d9e7d9782426ac6e941500d (1.2.13)
+ NOTE: https://github.com/Cacti/cacti/commit/a3233a1b3c3c25a325d334c69b4c94d56473cceb (1.2.13)
+ NOTE: https://github.com/Cacti/cacti/commit/80ec47b08a06dddc4f2135562d29f2c619cc264f (1.2.13)
+CVE-2020-23225
+ RESERVED
+CVE-2020-23224
+ RESERVED
+CVE-2020-23223
+ RESERVED
+CVE-2020-23222
+ RESERVED
+CVE-2020-23221
+ RESERVED
+CVE-2020-23220
+ RESERVED
+CVE-2020-23219 (Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a cra ...)
+ NOT-FOR-US: Monstra CMS
+CVE-2020-23218
+ RESERVED
+CVE-2020-23217 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 all ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-23216
+ RESERVED
+CVE-2020-23215
+ RESERVED
+CVE-2020-23214 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 all ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-23213
+ RESERVED
+CVE-2020-23212
+ RESERVED
+CVE-2020-23211
+ RESERVED
+CVE-2020-23210
+ RESERVED
+CVE-2020-23209 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 all ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-23208 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 all ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-23207 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 all ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-23206
+ RESERVED
+CVE-2020-23205 (A stored cross site scripting (XSS) vulnerability in Monstra CMS versi ...)
+ NOT-FOR-US: Monstra CMS
+CVE-2020-23204
+ RESERVED
+CVE-2020-23203
+ RESERVED
+CVE-2020-23202
+ RESERVED
+CVE-2020-23201
+ RESERVED
+CVE-2020-23200
+ RESERVED
+CVE-2020-23199
+ RESERVED
+CVE-2020-23198
+ RESERVED
+CVE-2020-23197
+ RESERVED
+CVE-2020-23196
+ RESERVED
+CVE-2020-23195
+ RESERVED
+CVE-2020-23194 (A stored cross site scripting (XSS) vulnerability in the "Import Subsc ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-23193
+ RESERVED
+CVE-2020-23192 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-23191
+ RESERVED
+CVE-2020-23190 (A stored cross site scripting (XSS) vulnerability in the "Import email ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-23189
+ RESERVED
+CVE-2020-23188
+ RESERVED
+CVE-2020-23187
+ RESERVED
+CVE-2020-23186
+ RESERVED
+CVE-2020-23185 (A stored cross site scripting (XSS) vulnerability in /administration/s ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-23184 (A stored cross site scripting (XSS) vulnerability in /administration/s ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-23183
+ RESERVED
+CVE-2020-23182 (The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.ph ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-23181 (A reflected cross site scripting (XSS) vulnerability in /administratio ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-23180
+ RESERVED
+CVE-2020-23179 (A stored cross site scripting (XSS) vulnerability in administration/se ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-23178 (An issue exists in PHP-Fusion 9.03.50 where session cookies are not de ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-23177
+ RESERVED
+CVE-2020-23176
+ RESERVED
+CVE-2020-23175
+ RESERVED
+CVE-2020-23174
+ RESERVED
+CVE-2020-23173
+ RESERVED
+CVE-2020-23172 (A vulnerability in all versions of Kuba allows attackers to overwrite ...)
+ NOT-FOR-US: Kuba
+CVE-2020-23171 (A vulnerability in all versions of Nim-lang allows unauthenticated att ...)
+ NOT-FOR-US: nim-lang zip
+ NOTE: The Nim compiler exists in Debian, nim-lang/zip is a ZIP wrapper written in Nim.
+CVE-2020-23170
+ RESERVED
+CVE-2020-23169
+ RESERVED
+CVE-2020-23168
+ RESERVED
+CVE-2020-23167
+ RESERVED
+CVE-2020-23166
+ RESERVED
+CVE-2020-23165
+ RESERVED
+CVE-2020-23164
+ RESERVED
+CVE-2020-23163
+ RESERVED
+CVE-2020-23162 (Sensitive information disclosure and weak encryption in Pyrescom Termo ...)
+ NOT-FOR-US: Pyrescom Termod4 time management devices
+CVE-2020-23161 (Local file inclusion in Pyrescom Termod4 time management devices befor ...)
+ NOT-FOR-US: Pyrescom Termod4 time management devices
+CVE-2020-23160 (Remote code execution in Pyrescom Termod4 time management devices befo ...)
+ NOT-FOR-US: Pyrescom Termod4 time management devices
+CVE-2020-23159
+ RESERVED
+CVE-2020-23158
+ RESERVED
+CVE-2020-23157
+ RESERVED
+CVE-2020-23156
+ RESERVED
+CVE-2020-23155
+ RESERVED
+CVE-2020-23154
+ RESERVED
+CVE-2020-23153
+ RESERVED
+CVE-2020-23152
+ RESERVED
+CVE-2020-23151 (rConfig 3.9.5 allows command injection by sending a crafted GET reques ...)
+ NOT-FOR-US: rConfig
+CVE-2020-23150 (A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allow ...)
+ NOT-FOR-US: rConfig
+CVE-2020-23149 (The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsaniti ...)
+ NOT-FOR-US: rConfig
+CVE-2020-23148 (The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsaniti ...)
+ NOT-FOR-US: rConfig
+CVE-2020-23147
+ RESERVED
+CVE-2020-23146
+ RESERVED
+CVE-2020-23145
+ RESERVED
+CVE-2020-23144
+ RESERVED
+CVE-2020-23143
+ RESERVED
+CVE-2020-23142
+ RESERVED
+CVE-2020-23141
+ RESERVED
+CVE-2020-23140 (Microweber 1.1.18 is affected by insufficient session expiration. When ...)
+ NOT-FOR-US: Microweber
+CVE-2020-23139 (Microweber 1.1.18 is affected by broken authentication and session man ...)
+ NOT-FOR-US: Microweber
+CVE-2020-23138 (An unrestricted file upload vulnerability was discovered in the Microw ...)
+ NOT-FOR-US: Microweber
+CVE-2020-23137
+ RESERVED
+CVE-2020-23136 (Microweber v1.1.18 is affected by no session expiry after log-out. ...)
+ NOT-FOR-US: Microweber
+CVE-2020-23135
+ RESERVED
+CVE-2020-23134
+ RESERVED
+CVE-2020-23133
+ RESERVED
+CVE-2020-23132
+ RESERVED
+CVE-2020-23131
+ RESERVED
+CVE-2020-23130
+ REJECTED
+CVE-2020-23129
+ REJECTED
+CVE-2020-23128 (Chamilo LMS 1.11.10 does not properly manage privileges which could al ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2020-23127 (Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) v ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2020-23126 (Chamilo LMS version 1.11.10 contains an XSS vulnerability in the perso ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2020-23125
+ RESERVED
+CVE-2020-23124
+ RESERVED
+CVE-2020-23123
+ RESERVED
+CVE-2020-23122
+ RESERVED
+CVE-2020-23121
+ RESERVED
+CVE-2020-23120
+ RESERVED
+CVE-2020-23119
+ RESERVED
+CVE-2020-23118
+ RESERVED
+CVE-2020-23117
+ RESERVED
+CVE-2020-23116
+ RESERVED
+CVE-2020-23115
+ RESERVED
+CVE-2020-23114
+ RESERVED
+CVE-2020-23113
+ RESERVED
+CVE-2020-23112
+ RESERVED
+CVE-2020-23111
+ RESERVED
+CVE-2020-23110
+ RESERVED
+CVE-2020-23109 (Buffer overflow vulnerability in function convert_colorspace in heif_c ...)
+ - libheif <unfixed>
+ [bullseye] - libheif <no-dsa> (Minor issue)
+ [buster] - libheif <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libheif/issues/207
+CVE-2020-23108
+ RESERVED
+CVE-2020-23107
+ RESERVED
+CVE-2020-23106
+ RESERVED
+CVE-2020-23105
+ RESERVED
+CVE-2020-23104
+ RESERVED
+CVE-2020-23103
+ RESERVED
+CVE-2020-23102
+ RESERVED
+CVE-2020-23101
+ RESERVED
+CVE-2020-23100
+ RESERVED
+CVE-2020-23099
+ RESERVED
+CVE-2020-23098
+ RESERVED
+CVE-2020-23097
+ RESERVED
+CVE-2020-23096
+ RESERVED
+CVE-2020-23095
+ RESERVED
+CVE-2020-23094
+ RESERVED
+CVE-2020-23093
+ RESERVED
+CVE-2020-23092
+ RESERVED
+CVE-2020-23091
+ RESERVED
+CVE-2020-23090
+ RESERVED
+CVE-2020-23089
+ RESERVED
+CVE-2020-23088
+ RESERVED
+CVE-2020-23087
+ RESERVED
+CVE-2020-23086
+ RESERVED
+CVE-2020-23085
+ RESERVED
+CVE-2020-23084
+ RESERVED
+CVE-2020-23083 (Unrestricted File Upload in JEECG v4.0 and earlier allows remote attac ...)
+ NOT-FOR-US: JEECG
+CVE-2020-23082
+ RESERVED
+CVE-2020-23081
+ RESERVED
+CVE-2020-23080
+ RESERVED
+CVE-2020-23079 (SSRF vulnerability in Halo &lt;=1.3.2 exists in the SMTP configuration ...)
+ NOT-FOR-US: Halo
+CVE-2020-23078
+ RESERVED
+CVE-2020-23077
+ RESERVED
+CVE-2020-23076
+ RESERVED
+CVE-2020-23075
+ RESERVED
+CVE-2020-23074
+ RESERVED
+CVE-2020-23073
+ RESERVED
+CVE-2020-23072
+ RESERVED
+CVE-2020-23071
+ RESERVED
+CVE-2020-23070
+ RESERVED
+CVE-2020-23069 (Path Traversal vulneraility exists in webTareas 2.0 via the extpath pa ...)
+ NOT-FOR-US: webTareas
+CVE-2020-23068
+ RESERVED
+CVE-2020-23067
+ RESERVED
+CVE-2020-23066
+ RESERVED
+CVE-2020-23065
+ RESERVED
+CVE-2020-23064
+ RESERVED
+CVE-2020-23063
+ RESERVED
+CVE-2020-23062
+ RESERVED
+CVE-2020-23061 (Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contai ...)
+ NOT-FOR-US: Dropouts Technologies LLP Super Backup
+CVE-2020-23060 (Internet Download Manager 6.37.11.1 was discovered to contain a stack ...)
+ NOT-FOR-US: Internet Download Manager
+CVE-2020-23059
+ RESERVED
+CVE-2020-23058 (An issue in the authentication mechanism in Nong Ge File Explorer v1.4 ...)
+ NOT-FOR-US: Nong Ge File Explorer
+CVE-2020-23057
+ RESERVED
+CVE-2020-23056
+ RESERVED
+CVE-2020-23055 (ANCOM WLAN Controller (Wireless Series &amp; Hotspot) WLC-1000 &amp; W ...)
+ NOT-FOR-US: ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006
+CVE-2020-23054 (A cross-site scripting (XSS) vulnerability in NSK User Agent String Sw ...)
+ NOT-FOR-US: NSK User Agent String Switcher Service
+CVE-2020-23053
+ RESERVED
+CVE-2020-23052 (Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple ...)
+ - mahara <removed>
+CVE-2020-23051 (Phpgurukul User Registration &amp; User Management System v2.0 was dis ...)
+ NOT-FOR-US: Phpgurukul User Registration & User Management System
+CVE-2020-23050 (TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to cont ...)
+ NOT-FOR-US: TAO Open Source Assessment Platform
+CVE-2020-23049 (Fork CMS Content Management System v5.8.0 was discovered to contain a ...)
+ NOT-FOR-US: Fork CMS
+CVE-2020-23048 (SeedDMS Content Management System v6.0.7 contains a persistent cross-s ...)
+ NOT-FOR-US: SeedDMS CMS
+CVE-2020-23047 (Macrob7 Macs Framework Content Management System - 1.14f was discovere ...)
+ NOT-FOR-US: Macrob7 Macs Framework Content Management System
+CVE-2020-23046 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-23045 (Macrob7 Macs Framework Content Management System - 1.14f was discovere ...)
+ NOT-FOR-US: Macrob7 Macs Framework Content Management System
+CVE-2020-23044 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-23043 (Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file ...)
+ NOT-FOR-US: Tran Tu Air Sender
+CVE-2020-23042 (Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contai ...)
+ NOT-FOR-US: Dropouts Technologies LLP Super Backup
+CVE-2020-23041 (Dropouts Technologies LLP Air Share v1.2 was discovered to contain a c ...)
+ NOT-FOR-US: Dropouts Technologies LLP Air Share
+CVE-2020-23040 (Sky File v2.1.0 contains a directory traversal vulnerability in the FT ...)
+ NOT-FOR-US: Sky File
+CVE-2020-23039 (Folder Lock v3.4.5 was discovered to contain a stored cross-site scrip ...)
+ NOT-FOR-US: Folder Lock
+CVE-2020-23038 (Swift File Transfer Mobile v1.1.2 and below was discovered to contain ...)
+ NOT-FOR-US: Swift File Transfer Mobile
+CVE-2020-23037 (Portable Ltd Playable v9.18 contains a code injection vulnerability in ...)
+ NOT-FOR-US: Portable Ltd Playable
+CVE-2020-23036 (MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure sessi ...)
+ NOT-FOR-US: MEDIA NAVI Inc SMACom
+CVE-2020-23035
+ RESERVED
+CVE-2020-23034
+ RESERVED
+CVE-2020-23033
+ RESERVED
+CVE-2020-23032
+ RESERVED
+CVE-2020-23031
+ RESERVED
+CVE-2020-23030
+ RESERVED
+CVE-2020-23029
+ RESERVED
+CVE-2020-23028
+ RESERVED
+CVE-2020-23027
+ RESERVED
+CVE-2020-23026 (A NULL pointer dereference in the main() function dhry_1.c of dhryston ...)
+ - dhrystone <itp> (bug #693342)
+ NOTE: https://github.com/sifive/benchmark-dhrystone
+CVE-2020-23025
+ RESERVED
+CVE-2020-23024
+ RESERVED
+CVE-2020-23023
+ RESERVED
+CVE-2020-23022
+ RESERVED
+CVE-2020-23021
+ RESERVED
+CVE-2020-23020
+ RESERVED
+CVE-2020-23019
+ RESERVED
+CVE-2020-23018
+ RESERVED
+CVE-2020-23017
+ RESERVED
+CVE-2020-23016
+ RESERVED
+CVE-2020-23015 (An open redirect issue was discovered in OPNsense through 20.1.5. The ...)
+ NOT-FOR-US: OPNsense
+CVE-2020-23014 (APfell 1.4 is vulnerable to authenticated reflected cross-site scripti ...)
+ NOT-FOR-US: APfell
+CVE-2020-23013
+ RESERVED
+CVE-2020-23012
+ RESERVED
+CVE-2020-23011
+ RESERVED
+CVE-2020-23010
+ RESERVED
+CVE-2020-23009
+ RESERVED
+CVE-2020-23008
+ RESERVED
+CVE-2020-23007
+ RESERVED
+CVE-2020-23006
+ RESERVED
+CVE-2020-23005
+ RESERVED
+CVE-2020-23004
+ RESERVED
+CVE-2020-23003
+ RESERVED
+CVE-2020-23002
+ RESERVED
+CVE-2020-23001
+ RESERVED
+CVE-2020-23000
+ RESERVED
+CVE-2020-22999
+ RESERVED
+CVE-2020-22998
+ RESERVED
+CVE-2020-22997
+ RESERVED
+CVE-2020-22996
+ RESERVED
+CVE-2020-22995
+ RESERVED
+CVE-2020-22994
+ RESERVED
+CVE-2020-22993
+ RESERVED
+CVE-2020-22992
+ RESERVED
+CVE-2020-22991
+ RESERVED
+CVE-2020-22990
+ RESERVED
+CVE-2020-22989
+ RESERVED
+CVE-2020-22988
+ RESERVED
+CVE-2020-22987
+ RESERVED
+CVE-2020-22986
+ RESERVED
+CVE-2020-22985
+ RESERVED
+CVE-2020-22984
+ RESERVED
+CVE-2020-22983
+ RESERVED
+CVE-2020-22982
+ RESERVED
+CVE-2020-22981
+ RESERVED
+CVE-2020-22980
+ RESERVED
+CVE-2020-22979
+ RESERVED
+CVE-2020-22978
+ RESERVED
+CVE-2020-22977
+ RESERVED
+CVE-2020-22976
+ RESERVED
+CVE-2020-22975
+ RESERVED
+CVE-2020-22974
+ RESERVED
+CVE-2020-22973
+ RESERVED
+CVE-2020-22972
+ RESERVED
+CVE-2020-22971
+ RESERVED
+CVE-2020-22970
+ RESERVED
+CVE-2020-22969
+ RESERVED
+CVE-2020-22968
+ RESERVED
+CVE-2020-22967
+ RESERVED
+CVE-2020-22966
+ RESERVED
+CVE-2020-22965
+ RESERVED
+CVE-2020-22964
+ RESERVED
+CVE-2020-22963
+ RESERVED
+CVE-2020-22962
+ RESERVED
+CVE-2020-22961
+ RESERVED
+CVE-2020-22960
+ RESERVED
+CVE-2020-22959
+ RESERVED
+CVE-2020-22958
+ RESERVED
+CVE-2020-22957
+ RESERVED
+CVE-2020-22956
+ RESERVED
+CVE-2020-22955
+ RESERVED
+CVE-2020-22954
+ RESERVED
+CVE-2020-22953
+ RESERVED
+CVE-2020-22952
+ RESERVED
+CVE-2020-22951
+ RESERVED
+CVE-2020-22950
+ RESERVED
+CVE-2020-22949
+ RESERVED
+CVE-2020-22948
+ RESERVED
+CVE-2020-22947
+ RESERVED
+CVE-2020-22946
+ RESERVED
+CVE-2020-22945
+ RESERVED
+CVE-2020-22944
+ RESERVED
+CVE-2020-22943
+ RESERVED
+CVE-2020-22942
+ RESERVED
+CVE-2020-22941
+ RESERVED
+CVE-2020-22940
+ RESERVED
+CVE-2020-22939
+ RESERVED
+CVE-2020-22938
+ RESERVED
+CVE-2020-22937 (A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 ...)
+ NOT-FOR-US: EmpireCMS
+CVE-2020-22936
+ RESERVED
+CVE-2020-22935
+ RESERVED
+CVE-2020-22934
+ RESERVED
+CVE-2020-22933
+ RESERVED
+CVE-2020-22932
+ RESERVED
+CVE-2020-22931
+ RESERVED
+CVE-2020-22930
+ RESERVED
+CVE-2020-22929
+ RESERVED
+CVE-2020-22928
+ RESERVED
+CVE-2020-22927
+ RESERVED
+CVE-2020-22926
+ RESERVED
+CVE-2020-22925
+ RESERVED
+CVE-2020-22924
+ RESERVED
+CVE-2020-22923
+ RESERVED
+CVE-2020-22922
+ RESERVED
+CVE-2020-22921
+ RESERVED
+CVE-2020-22920
+ RESERVED
+CVE-2020-22919
+ RESERVED
+CVE-2020-22918
+ RESERVED
+CVE-2020-22917
+ RESERVED
+CVE-2020-22916
+ RESERVED
+CVE-2020-22915
+ RESERVED
+CVE-2020-22914
+ RESERVED
+CVE-2020-22913
+ RESERVED
+CVE-2020-22912
+ RESERVED
+CVE-2020-22911
+ RESERVED
+CVE-2020-22910
+ RESERVED
+CVE-2020-22909
+ RESERVED
+CVE-2020-22908
+ RESERVED
+CVE-2020-22907 (Stack overflow vulnerability in function jsi_evalcode_sub in jsish bef ...)
+ NOT-FOR-US: jsish
+CVE-2020-22906
+ RESERVED
+CVE-2020-22905
+ RESERVED
+CVE-2020-22904
+ RESERVED
+CVE-2020-22903
+ RESERVED
+CVE-2020-22902
+ RESERVED
+CVE-2020-22901
+ RESERVED
+CVE-2020-22900
+ RESERVED
+CVE-2020-22899
+ RESERVED
+CVE-2020-22898
+ RESERVED
+CVE-2020-22897
+ RESERVED
+CVE-2020-22896
+ RESERVED
+CVE-2020-22895
+ RESERVED
+CVE-2020-22894
+ RESERVED
+CVE-2020-22893
+ RESERVED
+CVE-2020-22892
+ RESERVED
+CVE-2020-22891
+ RESERVED
+CVE-2020-22890
+ RESERVED
+CVE-2020-22889
+ RESERVED
+CVE-2020-22888
+ RESERVED
+CVE-2020-22887
+ RESERVED
+CVE-2020-22886 (Buffer overflow vulnerability in function jsG_markobject in jsgc.c in ...)
+ - mujs 1.0.9-1
+ NOTE: https://github.com/ccxvii/mujs/issues/134
+CVE-2020-22885 (Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in ...)
+ - mujs 1.0.9-1
+ NOTE: https://github.com/ccxvii/mujs/issues/133
+CVE-2020-22884 (Buffer overflow vulnerability in function jsvGetStringChars in Espruin ...)
+ NOT-FOR-US: Espruino
+CVE-2020-22883
+ RESERVED
+CVE-2020-22882 (Issue was discovered in the fxParserTree function in moddable, allows ...)
+ NOT-FOR-US: Moddable
+CVE-2020-22881
+ RESERVED
+CVE-2020-22880
+ RESERVED
+CVE-2020-22879
+ RESERVED
+CVE-2020-22878
+ RESERVED
+CVE-2020-22877
+ RESERVED
+CVE-2020-22876 (Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote a ...)
+ NOT-FOR-US: QuickJS
+CVE-2020-22875 (Integer overflow vulnerability in function Jsi_ObjSetLength in jsish b ...)
+ NOT-FOR-US: jsish
+CVE-2020-22874 (Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish ...)
+ NOT-FOR-US: jsish
+CVE-2020-22873 (Buffer overflow vulnerability in function NumberToPrecisionCmd in jsis ...)
+ NOT-FOR-US: jsish
+CVE-2020-22872
+ RESERVED
+CVE-2020-22871
+ RESERVED
+CVE-2020-22870
+ RESERVED
+CVE-2020-22869
+ RESERVED
+CVE-2020-22868
+ RESERVED
+CVE-2020-22867
+ RESERVED
+CVE-2020-22866
+ RESERVED
+CVE-2020-22865
+ RESERVED
+CVE-2020-22864 (A cross site scripting (XSS) vulnerability in the Insert Video functio ...)
+ NOT-FOR-US: Froala WYSIWYG Editor
+CVE-2020-22863
+ RESERVED
+CVE-2020-22862
+ RESERVED
+CVE-2020-22861
+ RESERVED
+CVE-2020-22860
+ RESERVED
+CVE-2020-22859
+ RESERVED
+CVE-2020-22858
+ RESERVED
+CVE-2020-22857
+ RESERVED
+CVE-2020-22856
+ RESERVED
+CVE-2020-22855
+ RESERVED
+CVE-2020-22854
+ RESERVED
+CVE-2020-22853
+ RESERVED
+CVE-2020-22852
+ RESERVED
+CVE-2020-22851
+ RESERVED
+CVE-2020-22850
+ RESERVED
+CVE-2020-22849
+ RESERVED
+CVE-2020-22848 (A remote code execution (RCE) vulnerability in the \Playsong.php compo ...)
+ NOT-FOR-US: cscms
+CVE-2020-22847
+ RESERVED
+CVE-2020-22846
+ RESERVED
+CVE-2020-22845
+ RESERVED
+CVE-2020-22844
+ RESERVED
+CVE-2020-22843
+ RESERVED
+CVE-2020-22842 (CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-22841 (Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attac ...)
+ NOT-FOR-US: b2evolution CMS
+CVE-2020-22840 (Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 ...)
+ NOT-FOR-US: b2evolution CMS
+CVE-2020-22839 (Reflected cross-site scripting vulnerability (XSS) in the evoadm.php f ...)
+ NOT-FOR-US: b2evolution CMS
+CVE-2020-22838
+ RESERVED
+CVE-2020-22837
+ RESERVED
+CVE-2020-22836
+ RESERVED
+CVE-2020-22835
+ RESERVED
+CVE-2020-22834
+ RESERVED
+CVE-2020-22833
+ RESERVED
+CVE-2020-22832
+ RESERVED
+CVE-2020-22831
+ RESERVED
+CVE-2020-22830
+ RESERVED
+CVE-2020-22829
+ RESERVED
+CVE-2020-22828
+ RESERVED
+CVE-2020-22827
+ RESERVED
+CVE-2020-22826
+ RESERVED
+CVE-2020-22825
+ RESERVED
+CVE-2020-22824
+ RESERVED
+CVE-2020-22823
+ RESERVED
+CVE-2020-22822
+ RESERVED
+CVE-2020-22821
+ RESERVED
+CVE-2020-22820
+ RESERVED
+CVE-2020-22819
+ RESERVED
+CVE-2020-22818
+ RESERVED
+CVE-2020-22817
+ RESERVED
+CVE-2020-22816
+ RESERVED
+CVE-2020-22815
+ RESERVED
+CVE-2020-22814
+ RESERVED
+CVE-2020-22813
+ RESERVED
+CVE-2020-22812
+ RESERVED
+CVE-2020-22811
+ RESERVED
+CVE-2020-22810
+ RESERVED
+CVE-2020-22809 (In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Serv ...)
+ NOT-FOR-US: Windscribe
+CVE-2020-22808 (An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulne ...)
+ NOT-FOR-US: yii2_fecshop
+CVE-2020-22807 (An issue was dicovered in vtiger crm 7.2. Union sql injection in the c ...)
+ NOT-FOR-US: VTiger CRM
+CVE-2020-22806
+ RESERVED
+CVE-2020-22805
+ RESERVED
+CVE-2020-22804
+ RESERVED
+CVE-2020-22803
+ RESERVED
+CVE-2020-22802
+ RESERVED
+CVE-2020-22801
+ RESERVED
+CVE-2020-22800
+ RESERVED
+CVE-2020-22799
+ RESERVED
+CVE-2020-22798
+ RESERVED
+CVE-2020-22797
+ RESERVED
+CVE-2020-22796
+ RESERVED
+CVE-2020-22795
+ RESERVED
+CVE-2020-22794
+ RESERVED
+CVE-2020-22793
+ RESERVED
+CVE-2020-22792
+ RESERVED
+CVE-2020-22791
+ RESERVED
+CVE-2020-22790 (Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta ...)
+ NOT-FOR-US: FME Server
+CVE-2020-22789 (Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Be ...)
+ NOT-FOR-US: FME Server
+CVE-2020-22788
+ RESERVED
+CVE-2020-22787
+ RESERVED
+CVE-2020-22786
+ RESERVED
+CVE-2020-22785 (Etherpad &lt; 1.8.3 is affected by a missing lock check which could ca ...)
+ - etherpad-lite <itp> (bug #576998)
+CVE-2020-22784 (In Etherpad UeberDB &lt; 0.4.4, due to MySQL omitting trailing spaces ...)
+ NOT-FOR-US: Etherpad UeberDB
+CVE-2020-22783 (Etherpad &lt;1.8.3 stored passwords used by users insecurely in the da ...)
+ - etherpad-lite <itp> (bug #576998)
+CVE-2020-22782 (Etherpad &lt; 1.8.3 is affected by a denial of service in the import f ...)
+ - etherpad-lite <itp> (bug #576998)
+CVE-2020-22781 (In Etherpad &lt; 1.8.3, a specially crafted URI would raise an unhandl ...)
+ - etherpad-lite <itp> (bug #576998)
+CVE-2020-22780
+ RESERVED
+CVE-2020-22779
+ RESERVED
+CVE-2020-22778
+ RESERVED
+CVE-2020-22777
+ RESERVED
+CVE-2020-22776
+ RESERVED
+CVE-2020-22775
+ RESERVED
+CVE-2020-22774
+ RESERVED
+CVE-2020-22773
+ RESERVED
+CVE-2020-22772
+ RESERVED
+CVE-2020-22771
+ RESERVED
+CVE-2020-22770
+ RESERVED
+CVE-2020-22769
+ RESERVED
+CVE-2020-22768
+ RESERVED
+CVE-2020-22767
+ RESERVED
+CVE-2020-22766
+ RESERVED
+CVE-2020-22765 (Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the ...)
+ NOT-FOR-US: NukeViet cms
+CVE-2020-22764
+ RESERVED
+CVE-2020-22763
+ RESERVED
+CVE-2020-22762
+ RESERVED
+CVE-2020-22761 (Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via t ...)
+ NOT-FOR-US: FlatPress
+CVE-2020-22760
+ RESERVED
+CVE-2020-22759
+ RESERVED
+CVE-2020-22758
+ RESERVED
+CVE-2020-22757
+ RESERVED
+CVE-2020-22756
+ RESERVED
+CVE-2020-22755
+ RESERVED
+CVE-2020-22754
+ RESERVED
+CVE-2020-22753
+ RESERVED
+CVE-2020-22752
+ RESERVED
+CVE-2020-22751
+ RESERVED
+CVE-2020-22750
+ RESERVED
+CVE-2020-22749
+ RESERVED
+CVE-2020-22748
+ RESERVED
+CVE-2020-22747
+ RESERVED
+CVE-2020-22746
+ RESERVED
+CVE-2020-22745
+ RESERVED
+CVE-2020-22744
+ RESERVED
+CVE-2020-22743
+ RESERVED
+CVE-2020-22742
+ RESERVED
+CVE-2020-22741 (An issue was discovered in Xuperchain 3.6.0 that allows for attackers ...)
+ NOT-FOR-US: Xuperchain
+CVE-2020-22740
+ RESERVED
+CVE-2020-22739
+ RESERVED
+CVE-2020-22738
+ RESERVED
+CVE-2020-22737
+ RESERVED
+CVE-2020-22736
+ RESERVED
+CVE-2020-22735
+ RESERVED
+CVE-2020-22734
+ RESERVED
+CVE-2020-22733
+ RESERVED
+CVE-2020-22732 (CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions &g ...)
+ NOT-FOR-US: CMS Made Simple (CMSMS)
+CVE-2020-22731
+ RESERVED
+CVE-2020-22730
+ RESERVED
+CVE-2020-22729
+ RESERVED
+CVE-2020-22728
+ RESERVED
+CVE-2020-22727
+ RESERVED
+CVE-2020-22726
+ RESERVED
+CVE-2020-22725
+ RESERVED
+CVE-2020-22724 (A remote command execution vulnerability exists in add_server_service ...)
+ NOT-FOR-US: Mercury Router MER1200
+CVE-2020-22723 (A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhiche ...)
+ NOT-FOR-US: Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop
+CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege ...)
+ NOT-FOR-US: Rapid Software LLC Rapid SCADA
+CVE-2020-22721 (A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8. ...)
+ NOT-FOR-US: PNotes - Andrey Gruber PNotes.NET
+CVE-2020-22720
+ REJECTED
+CVE-2020-22719 (Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerabil ...)
+ NOT-FOR-US: Shimo Document
+CVE-2020-22718
+ RESERVED
+CVE-2020-22717
+ RESERVED
+CVE-2020-22716
+ RESERVED
+CVE-2020-22715
+ RESERVED
+CVE-2020-22714
+ RESERVED
+CVE-2020-22713
+ RESERVED
+CVE-2020-22712
+ RESERVED
+CVE-2020-22711
+ RESERVED
+CVE-2020-22710
+ RESERVED
+CVE-2020-22709
+ RESERVED
+CVE-2020-22708
+ RESERVED
+CVE-2020-22707
+ RESERVED
+CVE-2020-22706
+ RESERVED
+CVE-2020-22705
+ RESERVED
+CVE-2020-22704
+ RESERVED
+CVE-2020-22703
+ RESERVED
+CVE-2020-22702
+ RESERVED
+CVE-2020-22701
+ RESERVED
+CVE-2020-22700
+ RESERVED
+CVE-2020-22699
+ RESERVED
+CVE-2020-22698
+ RESERVED
+CVE-2020-22697
+ RESERVED
+CVE-2020-22696
+ RESERVED
+CVE-2020-22695
+ RESERVED
+CVE-2020-22694
+ RESERVED
+CVE-2020-22693
+ RESERVED
+CVE-2020-22692
+ RESERVED
+CVE-2020-22691
+ RESERVED
+CVE-2020-22690
+ RESERVED
+CVE-2020-22689
+ RESERVED
+CVE-2020-22688
+ RESERVED
+CVE-2020-22687
+ RESERVED
+CVE-2020-22686
+ RESERVED
+CVE-2020-22685
+ RESERVED
+CVE-2020-22684
+ RESERVED
+CVE-2020-22683
+ RESERVED
+CVE-2020-22682
+ RESERVED
+CVE-2020-22681
+ RESERVED
+CVE-2020-22680
+ RESERVED
+CVE-2020-22679 (Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 a ...)
+ - gpac 1.0.1+dfsg1-2 (unimportant)
+ NOTE: https://github.com/gpac/gpac/issues/1345
+ NOTE: https://github.com/gpac/gpac/commit/6c1e7ddfae2ad4daeda7f7e544da34cb765d36c9
+ NOTE: Negligible security impact
+CVE-2020-22678 (An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulat ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1339
+ NOTE: https://github.com/gpac/gpac/commit/7644478ecfa25fd9505ee11ef12deb475cd97025
+CVE-2020-22677 (An issue was discovered in gpac 0.8.0. The dump_data_hex function in b ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1341
+ NOTE: https://github.com/gpac/gpac/commit/a0e6aa849002863a63e6f9e9daecca47042954c4
+CVE-2020-22676
+ RESERVED
+CVE-2020-22675 (An issue was discovered in gpac 0.8.0. The GetGhostNum function in stb ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1344
+ NOTE: https://github.com/gpac/gpac/commit/5aa8c4bbd970a3a77517b00528a596063efca1a9
+CVE-2020-22674 (An issue was discovered in gpac 0.8.0. An invalid memory dereference e ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.7.0)
+ NOTE: https://github.com/gpac/gpac/issues/1346
+ NOTE: https://github.com/gpac/gpac/commit/6040a5981a9f51410bd18af8820afbd2748c2d76
+CVE-2020-22673 (Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows ...)
+ - gpac 1.0.1+dfsg1-2 (unimportant)
+ NOTE: https://github.com/gpac/gpac/issues/1342
+ NOTE: https://github.com/gpac/gpac/commit/a0e6aa849002863a63e6f9e9daecca47042954c4
+ NOTE: Negligible security impact
+CVE-2020-22672
+ RESERVED
+CVE-2020-22671
+ RESERVED
+CVE-2020-22670
+ RESERVED
+CVE-2020-22669
+ RESERVED
+CVE-2020-22668
+ RESERVED
+CVE-2020-22667
+ RESERVED
+CVE-2020-22666
+ RESERVED
+CVE-2020-22665
+ RESERVED
+CVE-2020-22664
+ RESERVED
+CVE-2020-22663
+ RESERVED
+CVE-2020-22662
+ RESERVED
+CVE-2020-22661
+ RESERVED
+CVE-2020-22660
+ RESERVED
+CVE-2020-22659
+ RESERVED
+CVE-2020-22658
+ RESERVED
+CVE-2020-22657
+ RESERVED
+CVE-2020-22656
+ RESERVED
+CVE-2020-22655
+ RESERVED
+CVE-2020-22654
+ RESERVED
+CVE-2020-22653
+ RESERVED
+CVE-2020-22652
+ RESERVED
+CVE-2020-22651
+ RESERVED
+CVE-2020-22650 (A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 ...)
+ NOT-FOR-US: AlienVault Ossim
+CVE-2020-22649
+ RESERVED
+CVE-2020-22648
+ RESERVED
+CVE-2020-22647
+ RESERVED
+CVE-2020-22646
+ RESERVED
+CVE-2020-22645
+ RESERVED
+CVE-2020-22644
+ RESERVED
+CVE-2020-22643 (Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, ...)
+ NOT-FOR-US: Feehi CMS
+CVE-2020-22642
+ RESERVED
+CVE-2020-22641
+ RESERVED
+CVE-2020-22640
+ RESERVED
+CVE-2020-22639
+ RESERVED
+CVE-2020-22638
+ RESERVED
+CVE-2020-22637
+ RESERVED
+CVE-2020-22636
+ RESERVED
+CVE-2020-22635
+ RESERVED
+CVE-2020-22634
+ RESERVED
+CVE-2020-22633
+ RESERVED
+CVE-2020-22632
+ RESERVED
+CVE-2020-22631
+ RESERVED
+CVE-2020-22630
+ RESERVED
+CVE-2020-22629
+ RESERVED
+CVE-2020-22628
+ RESERVED
+CVE-2020-22627
+ RESERVED
+CVE-2020-22626
+ RESERVED
+CVE-2020-22625
+ RESERVED
+CVE-2020-22624
+ RESERVED
+CVE-2020-22623
+ RESERVED
+CVE-2020-22622
+ RESERVED
+CVE-2020-22621
+ RESERVED
+CVE-2020-22620
+ RESERVED
+CVE-2020-22619
+ RESERVED
+CVE-2020-22618
+ RESERVED
+CVE-2020-22617 (Ardour v5.12 contains a use-after-free vulnerability in the component ...)
+ - ardour 1:6.0.0~ds0-1
+ [buster] - ardour <no-dsa> (Minor issue)
+ [stretch] - ardour <no-dsa> (Minor issue)
+ NOTE: https://tracker.ardour.org/view.php?id=7926
+ NOTE: https://github.com/Ardour/ardour/commit/96daa4036a425ff3f23a7dfcba57bfb0f942bec6 (6.0-pre1)
+CVE-2020-22616
+ RESERVED
+CVE-2020-22615
+ RESERVED
+CVE-2020-22614
+ RESERVED
+CVE-2020-22613
+ RESERVED
+CVE-2020-22612
+ RESERVED
+CVE-2020-22611
+ RESERVED
+CVE-2020-22610
+ RESERVED
+CVE-2020-22609 (Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket befor ...)
+ NOT-FOR-US: osTicket
+CVE-2020-22608 (Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.1 ...)
+ NOT-FOR-US: osTicket
+CVE-2020-22607 (Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the ...)
+ - limesurvey <itp> (bug #472802)
+CVE-2020-22606
+ RESERVED
+CVE-2020-22605
+ RESERVED
+CVE-2020-22604
+ RESERVED
+CVE-2020-22603
+ RESERVED
+CVE-2020-22602
+ RESERVED
+CVE-2020-22601
+ RESERVED
+CVE-2020-22600
+ RESERVED
+CVE-2020-22599
+ RESERVED
+CVE-2020-22598
+ RESERVED
+CVE-2020-22597
+ RESERVED
+CVE-2020-22596
+ RESERVED
+CVE-2020-22595
+ RESERVED
+CVE-2020-22594
+ RESERVED
+CVE-2020-22593
+ RESERVED
+CVE-2020-22591
+ RESERVED
+CVE-2020-22590
+ RESERVED
+CVE-2020-22589
+ RESERVED
+CVE-2020-22588
+ RESERVED
+CVE-2020-22587
+ RESERVED
+CVE-2020-22586
+ RESERVED
+CVE-2020-22585
+ RESERVED
+CVE-2020-22584
+ RESERVED
+CVE-2020-22583
+ RESERVED
+CVE-2020-22582
+ RESERVED
+CVE-2020-22581
+ RESERVED
+CVE-2020-22580
+ RESERVED
+CVE-2020-22579
+ RESERVED
+CVE-2020-22578
+ RESERVED
+CVE-2020-22577
+ RESERVED
+CVE-2020-22576
+ RESERVED
+CVE-2020-22575
+ RESERVED
+CVE-2020-22574
+ RESERVED
+CVE-2020-22573
+ RESERVED
+CVE-2020-22572
+ RESERVED
+CVE-2020-22571
+ RESERVED
+CVE-2020-22570
+ RESERVED
+CVE-2020-22569
+ RESERVED
+CVE-2020-22568
+ RESERVED
+CVE-2020-22567
+ RESERVED
+CVE-2020-22566
+ RESERVED
+CVE-2020-22565
+ RESERVED
+CVE-2020-22564
+ RESERVED
+CVE-2020-22563
+ RESERVED
+CVE-2020-22562
+ RESERVED
+CVE-2020-22561
+ RESERVED
+CVE-2020-22560
+ RESERVED
+CVE-2020-22559
+ RESERVED
+CVE-2020-22558
+ RESERVED
+CVE-2020-22557
+ RESERVED
+CVE-2020-22556
+ RESERVED
+CVE-2020-22555
+ RESERVED
+CVE-2020-22554
+ RESERVED
+CVE-2020-22553
+ RESERVED
+CVE-2020-22552 (The Snap7 server component in version 1.4.1, when an attacker sends a ...)
+ NOT-FOR-US: Snap7
+CVE-2020-22551
+ RESERVED
+CVE-2020-22550 (Veno File Manager 3.5.6 is affected by a directory traversal vulnerabi ...)
+ NOT-FOR-US: Veno File Manager
+CVE-2020-22549
+ RESERVED
+CVE-2020-22548
+ RESERVED
+CVE-2020-22547
+ RESERVED
+CVE-2020-22546
+ RESERVED
+CVE-2020-22545
+ RESERVED
+CVE-2020-22544
+ RESERVED
+CVE-2020-22543
+ RESERVED
+CVE-2020-22542
+ RESERVED
+CVE-2020-22541
+ RESERVED
+CVE-2020-22540
+ RESERVED
+CVE-2020-22539
+ RESERVED
+CVE-2020-22538
+ RESERVED
+CVE-2020-22537
+ RESERVED
+CVE-2020-22536
+ RESERVED
+CVE-2020-22535 (Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list ...)
+ NOT-FOR-US: PbootCMS
+CVE-2020-22534
+ RESERVED
+CVE-2020-22533
+ RESERVED
+CVE-2020-22532
+ RESERVED
+CVE-2020-22531
+ RESERVED
+CVE-2020-22530
+ RESERVED
+CVE-2020-22529
+ RESERVED
+CVE-2020-22528
+ RESERVED
+CVE-2020-22527
+ RESERVED
+CVE-2020-22526
+ RESERVED
+CVE-2020-22525
+ RESERVED
+CVE-2020-22524
+ RESERVED
+CVE-2020-22523
+ RESERVED
+CVE-2020-22522
+ RESERVED
+CVE-2020-22521
+ RESERVED
+CVE-2020-22520
+ RESERVED
+CVE-2020-22519
+ RESERVED
+CVE-2020-22518
+ RESERVED
+CVE-2020-22517
+ RESERVED
+CVE-2020-22516
+ RESERVED
+CVE-2020-22515
+ RESERVED
+CVE-2020-22514
+ RESERVED
+CVE-2020-22513
+ RESERVED
+CVE-2020-22512
+ RESERVED
+CVE-2020-22511
+ RESERVED
+CVE-2020-22510
+ RESERVED
+CVE-2020-22509
+ RESERVED
+CVE-2020-22508
+ RESERVED
+CVE-2020-22507
+ RESERVED
+CVE-2020-22506
+ RESERVED
+CVE-2020-22505
+ RESERVED
+CVE-2020-22504
+ RESERVED
+CVE-2020-22503
+ RESERVED
+CVE-2020-22502
+ RESERVED
+CVE-2020-22501
+ RESERVED
+CVE-2020-22500
+ RESERVED
+CVE-2020-22499
+ RESERVED
+CVE-2020-22498
+ RESERVED
+CVE-2020-22497
+ RESERVED
+CVE-2020-22496
+ RESERVED
+CVE-2020-22495
+ RESERVED
+CVE-2020-22494
+ RESERVED
+CVE-2020-22493
+ RESERVED
+CVE-2020-22492
+ RESERVED
+CVE-2020-22491
+ RESERVED
+CVE-2020-22490
+ RESERVED
+CVE-2020-22489
+ RESERVED
+CVE-2020-22488
+ RESERVED
+CVE-2020-22487
+ RESERVED
+CVE-2020-22486
+ RESERVED
+CVE-2020-22485
+ RESERVED
+CVE-2020-22484
+ RESERVED
+CVE-2020-22483
+ RESERVED
+CVE-2020-22482
+ RESERVED
+CVE-2020-22481 (An issue was discovered in HFish 0.5.1. When a payload is inserted whe ...)
+ NOT-FOR-US: HFish
+CVE-2020-22480
+ RESERVED
+CVE-2020-22479
+ RESERVED
+CVE-2020-22478
+ RESERVED
+CVE-2020-22477
+ RESERVED
+CVE-2020-22476
+ RESERVED
+CVE-2020-22475 ("Tasks" application version before 9.7.3 is affected by insecure permi ...)
+ NOT-FOR-US: Tasks app
+CVE-2020-22474 (In webERP 4.15, the ManualContents.php file allows users to specify th ...)
+ NOT-FOR-US: webERP
+CVE-2020-22473
+ RESERVED
+CVE-2020-22472
+ RESERVED
+CVE-2020-22471
+ RESERVED
+CVE-2020-22470
+ RESERVED
+CVE-2020-22469
+ RESERVED
+CVE-2020-22468
+ RESERVED
+CVE-2020-22467
+ RESERVED
+CVE-2020-22466
+ RESERVED
+CVE-2020-22465
+ RESERVED
+CVE-2020-22464
+ RESERVED
+CVE-2020-22463
+ RESERVED
+CVE-2020-22462
+ RESERVED
+CVE-2020-22461
+ RESERVED
+CVE-2020-22460
+ RESERVED
+CVE-2020-22459
+ RESERVED
+CVE-2020-22458
+ RESERVED
+CVE-2020-22457
+ RESERVED
+CVE-2020-22456
+ RESERVED
+CVE-2020-22455
+ RESERVED
+CVE-2020-22454
+ RESERVED
+CVE-2020-22453 (Untis WebUntis before 2020.9.6 allows XSS in multiple functions that s ...)
+ NOT-FOR-US: Untis WebUntis
+CVE-2020-22452
+ RESERVED
+CVE-2020-22451
+ RESERVED
+CVE-2020-22450
+ RESERVED
+CVE-2020-22449
+ RESERVED
+CVE-2020-22448
+ RESERVED
+CVE-2020-22447
+ RESERVED
+CVE-2020-22446
+ RESERVED
+CVE-2020-22445
+ RESERVED
+CVE-2020-22444
+ RESERVED
+CVE-2020-22443
+ RESERVED
+CVE-2020-22442
+ RESERVED
+CVE-2020-22441
+ RESERVED
+CVE-2020-22440
+ RESERVED
+CVE-2020-22439
+ RESERVED
+CVE-2020-22438
+ RESERVED
+CVE-2020-22437
+ RESERVED
+CVE-2020-22436
+ RESERVED
+CVE-2020-22435
+ RESERVED
+CVE-2020-22434
+ RESERVED
+CVE-2020-22433
+ RESERVED
+CVE-2020-22432
+ RESERVED
+CVE-2020-22431
+ RESERVED
+CVE-2020-22430
+ RESERVED
+CVE-2020-22429
+ RESERVED
+CVE-2020-22428 (SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scr ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-22427 (** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-22426
+ RESERVED
+CVE-2020-22425 (Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, whe ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2020-22424
+ RESERVED
+CVE-2020-22423
+ RESERVED
+CVE-2020-22422
+ RESERVED
+CVE-2020-22421 (74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vu ...)
+ NOT-FOR-US: 74CMS
+CVE-2020-22420
+ RESERVED
+CVE-2020-22419
+ RESERVED
+CVE-2020-22418
+ RESERVED
+CVE-2020-22417
+ RESERVED
+CVE-2020-22416
+ RESERVED
+CVE-2020-22415
+ RESERVED
+CVE-2020-22414
+ RESERVED
+CVE-2020-22413
+ RESERVED
+CVE-2020-22412
+ RESERVED
+CVE-2020-22411
+ RESERVED
+CVE-2020-22410
+ RESERVED
+CVE-2020-22409
+ RESERVED
+CVE-2020-22408
+ RESERVED
+CVE-2020-22407
+ RESERVED
+CVE-2020-22406
+ RESERVED
+CVE-2020-22405
+ RESERVED
+CVE-2020-22404
+ RESERVED
+CVE-2020-22403 (The express-cart package through 1.1.10 for Node.js allows CSRF. ...)
+ NOT-FOR-US: Node express-cart
+CVE-2020-22402
+ RESERVED
+CVE-2020-22401
+ RESERVED
+CVE-2020-22400
+ RESERVED
+CVE-2020-22399
+ RESERVED
+CVE-2020-22398
+ RESERVED
+CVE-2020-22397
+ RESERVED
+CVE-2020-22396
+ RESERVED
+CVE-2020-22395
+ RESERVED
+CVE-2020-22394 (In YzmCMS v5.5 the member contribution function in the editor contains ...)
+ NOT-FOR-US: YzmCMS
+CVE-2020-22393
+ RESERVED
+CVE-2020-22392 (Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 w ...)
+ NOT-FOR-US: Subrion CMS
+CVE-2020-22391
+ RESERVED
+CVE-2020-22390 (Akaunting &lt;= 2.0.9 is vulnerable to CSV injection in the Item name ...)
+ NOT-FOR-US: Akaunting
+CVE-2020-22389
+ RESERVED
+CVE-2020-22388
+ RESERVED
+CVE-2020-22387
+ RESERVED
+CVE-2020-22386
+ RESERVED
+CVE-2020-22385
+ RESERVED
+CVE-2020-22384
+ RESERVED
+CVE-2020-22383
+ RESERVED
+CVE-2020-22382
+ RESERVED
+CVE-2020-22381
+ RESERVED
+CVE-2020-22380
+ RESERVED
+CVE-2020-22379
+ RESERVED
+CVE-2020-22378
+ RESERVED
+CVE-2020-22377
+ RESERVED
+CVE-2020-22376
+ RESERVED
+CVE-2020-22375
+ RESERVED
+CVE-2020-22374
+ RESERVED
+CVE-2020-22373
+ RESERVED
+CVE-2020-22372
+ RESERVED
+CVE-2020-22371
+ RESERVED
+CVE-2020-22370
+ RESERVED
+CVE-2020-22369
+ RESERVED
+CVE-2020-22368
+ RESERVED
+CVE-2020-22367
+ RESERVED
+CVE-2020-22366
+ RESERVED
+CVE-2020-22365
+ RESERVED
+CVE-2020-22364
+ RESERVED
+CVE-2020-22363
+ RESERVED
+CVE-2020-22362
+ RESERVED
+CVE-2020-22361
+ RESERVED
+CVE-2020-22360
+ RESERVED
+CVE-2020-22359
+ RESERVED
+CVE-2020-22358
+ RESERVED
+CVE-2020-22357
+ RESERVED
+CVE-2020-22356
+ RESERVED
+CVE-2020-22355
+ RESERVED
+CVE-2020-22354
+ RESERVED
+CVE-2020-22353
+ RESERVED
+CVE-2020-22352 (The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attacke ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <not-affected> (Vulnerable code added later)
+ [stretch] - gpac <not-affected> (Vulnerable code added later)
+ NOTE: https://github.com/gpac/gpac/issues/1423
+ NOTE: https://github.com/gpac/gpac/commit/e90526f3d2ec0dee4cddc5244eb115668f10341f
+ NOTE: Vulnerable code was subsequently removed upstream.
+CVE-2020-22351
+ RESERVED
+CVE-2020-22350
+ RESERVED
+CVE-2020-22349
+ RESERVED
+CVE-2020-22348
+ RESERVED
+CVE-2020-22347
+ RESERVED
+CVE-2020-22346
+ RESERVED
+CVE-2020-22345 (/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remot ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2020-22344
+ RESERVED
+CVE-2020-22343
+ RESERVED
+CVE-2020-22342
+ RESERVED
+CVE-2020-22341
+ RESERVED
+CVE-2020-22340
+ RESERVED
+CVE-2020-22339
+ RESERVED
+CVE-2020-22338
+ RESERVED
+CVE-2020-22337
+ RESERVED
+CVE-2020-22336
+ RESERVED
+CVE-2020-22335
+ RESERVED
+CVE-2020-22334
+ RESERVED
+CVE-2020-22333
+ RESERVED
+CVE-2020-22332
+ RESERVED
+CVE-2020-22331
+ RESERVED
+CVE-2020-22330 (Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the titl ...)
+ NOT-FOR-US: Subrion
+CVE-2020-22329
+ RESERVED
+CVE-2020-22328
+ RESERVED
+CVE-2020-22327
+ RESERVED
+CVE-2020-22326
+ RESERVED
+CVE-2020-22325
+ RESERVED
+CVE-2020-22324
+ RESERVED
+CVE-2020-22323
+ RESERVED
+CVE-2020-22322
+ RESERVED
+CVE-2020-22321
+ RESERVED
+CVE-2020-22320
+ RESERVED
+CVE-2020-22319
+ RESERVED
+CVE-2020-22318
+ RESERVED
+CVE-2020-22317
+ RESERVED
+CVE-2020-22316
+ RESERVED
+CVE-2020-22315
+ RESERVED
+CVE-2020-22314
+ RESERVED
+CVE-2020-22313
+ RESERVED
+CVE-2020-22312 (A cross-site scripting (XSS) vulnerability was discovered in the OJ/ad ...)
+ NOT-FOR-US: HZNUOJ
+CVE-2020-22311
+ RESERVED
+CVE-2020-22310
+ RESERVED
+CVE-2020-22309
+ RESERVED
+CVE-2020-22308
+ RESERVED
+CVE-2020-22307
+ RESERVED
+CVE-2020-22306
+ RESERVED
+CVE-2020-22305
+ RESERVED
+CVE-2020-22304
+ RESERVED
+CVE-2020-22303
+ RESERVED
+CVE-2020-22302
+ RESERVED
+CVE-2020-22301
+ RESERVED
+CVE-2020-22300
+ RESERVED
+CVE-2020-22299
+ RESERVED
+CVE-2020-22298
+ RESERVED
+CVE-2020-22297
+ RESERVED
+CVE-2020-22296
+ RESERVED
+CVE-2020-22295
+ RESERVED
+CVE-2020-22294
+ RESERVED
+CVE-2020-22293
+ RESERVED
+CVE-2020-22292
+ RESERVED
+CVE-2020-22291
+ RESERVED
+CVE-2020-22290
+ RESERVED
+CVE-2020-22289
+ RESERVED
+CVE-2020-22288
+ RESERVED
+CVE-2020-22287
+ RESERVED
+CVE-2020-22286
+ RESERVED
+CVE-2020-22285
+ RESERVED
+CVE-2020-22284 (A buffer overflow vulnerability in the zepif_linkoutput() function of ...)
+ - lwip <unfixed> (bug #991646)
+ [bullseye] - lwip <no-dsa> (Minor issue)
+ [buster] - lwip <no-dsa> (Minor issue)
+ NOTE: https://savannah.nongnu.org/bugs/index.php?58554
+ NOTE: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=8363c24e45a32728e385cfc2c3c36d88a8a9e70b
+CVE-2020-22283 (A buffer overflow vulnerability in the icmp6_send_response_with_addrs_ ...)
+ - lwip <unfixed> (bug #991645)
+ [bullseye] - lwip <no-dsa> (Minor issue)
+ [buster] - lwip <no-dsa> (Minor issue)
+ NOTE: https://savannah.nongnu.org/bugs/index.php?58553
+ NOTE: Pre-requisite: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=d843e47a1d65451bd7f7aaa5017b408bd108be88
+ NOTE: Fixed by: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=489405839ae0fea8b99c4896f632eb688dc8a19a
+ NOTE: Fixed by: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=488d4ad2460c3b41bef69724cad89c28a905eda9
+CVE-2020-22282
+ RESERVED
+CVE-2020-22281
+ RESERVED
+CVE-2020-22280
+ RESERVED
+CVE-2020-22279
+ RESERVED
+CVE-2020-22278 (** DISPUTED ** phpMyAdmin through 5.0.2 allows CSV injection via Expor ...)
+ NOTE: Disputed phpMyAdmin issue
+CVE-2020-22277 (Import and export users and customers WordPress Plugin through 1.15.5. ...)
+ NOT-FOR-US: Import and export users and customers WordPress Plugin
+CVE-2020-22276 (WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry ...)
+ NOT-FOR-US: WeForms Wordpress Plugin
+CVE-2020-22275 (Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an at ...)
+ NOT-FOR-US: Easy Registration Forms (ER Forms) Wordpress Plugin
+CVE-2020-22274 (JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection ...)
+ NOT-FOR-US: JomSocial (Joomla Social Network Extention)
+CVE-2020-22273 (Neoflex Video Subscription System Version 2.0 is affected by CSRF whic ...)
+ NOT-FOR-US: Neoflex Video Subscription System Version
+CVE-2020-22272
+ RESERVED
+CVE-2020-22271
+ RESERVED
+CVE-2020-22270
+ RESERVED
+CVE-2020-22269
+ RESERVED
+CVE-2020-22268
+ RESERVED
+CVE-2020-22267
+ RESERVED
+CVE-2020-22266
+ RESERVED
+CVE-2020-22265
+ RESERVED
+CVE-2020-22264
+ RESERVED
+CVE-2020-22263
+ RESERVED
+CVE-2020-22262
+ RESERVED
+CVE-2020-22261
+ RESERVED
+CVE-2020-22260
+ RESERVED
+CVE-2020-22259
+ RESERVED
+CVE-2020-22258
+ RESERVED
+CVE-2020-22257
+ RESERVED
+CVE-2020-22256
+ RESERVED
+CVE-2020-22255
+ RESERVED
+CVE-2020-22254
+ RESERVED
+CVE-2020-22253
+ RESERVED
+CVE-2020-22252
+ RESERVED
+CVE-2020-22251 (Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the logi ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-22250
+ RESERVED
+CVE-2020-22249 (Remote Code Execution vulnerability in phplist 3.5.1. The application ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-22248
+ RESERVED
+CVE-2020-22247
+ RESERVED
+CVE-2020-22246
+ RESERVED
+CVE-2020-22245
+ RESERVED
+CVE-2020-22244
+ RESERVED
+CVE-2020-22243
+ RESERVED
+CVE-2020-22242
+ RESERVED
+CVE-2020-22241
+ RESERVED
+CVE-2020-22240
+ RESERVED
+CVE-2020-22239
+ RESERVED
+CVE-2020-22238
+ RESERVED
+CVE-2020-22237
+ RESERVED
+CVE-2020-22236
+ RESERVED
+CVE-2020-22235
+ RESERVED
+CVE-2020-22234
+ RESERVED
+CVE-2020-22233
+ RESERVED
+CVE-2020-22232
+ RESERVED
+CVE-2020-22231
+ RESERVED
+CVE-2020-22230
+ RESERVED
+CVE-2020-22229
+ RESERVED
+CVE-2020-22228
+ RESERVED
+CVE-2020-22227
+ RESERVED
+CVE-2020-22226 (Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to conta ...)
+ NOT-FOR-US: Stivasoft (Phpjabbers) Fundraising Script
+CVE-2020-22225 (Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to conta ...)
+ NOT-FOR-US: Stivasoft (Phpjabbers) Fundraising Script
+CVE-2020-22224 (Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to conta ...)
+ NOT-FOR-US: Stivasoft (Phpjabbers) Fundraising Script
+CVE-2020-22223 (Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to conta ...)
+ NOT-FOR-US: Stivasoft (Phpjabbers) Fundraising Script
+CVE-2020-22222 (Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to conta ...)
+ NOT-FOR-US: Stivasoft (Phpjabbers) Fundraising Script
+CVE-2020-22221
+ RESERVED
+CVE-2020-22220
+ RESERVED
+CVE-2020-22219
+ RESERVED
+CVE-2020-22218
+ RESERVED
+CVE-2020-22217
+ RESERVED
+CVE-2020-22216
+ RESERVED
+CVE-2020-22215
+ RESERVED
+CVE-2020-22214
+ RESERVED
+CVE-2020-22213
+ RESERVED
+CVE-2020-22212 (SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-s ...)
+ NOT-FOR-US: 74cms
+CVE-2020-22211 (SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street ...)
+ NOT-FOR-US: 74cms
+CVE-2020-22210 (SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuildin ...)
+ NOT-FOR-US: 74cms
+CVE-2020-22209 (SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_comm ...)
+ NOT-FOR-US: 74cms
+CVE-2020-22208 (SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.p ...)
+ NOT-FOR-US: 74cms
+CVE-2020-22207
+ RESERVED
+CVE-2020-22206 (SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_c ...)
+ NOT-FOR-US: ECShop
+CVE-2020-22205 (SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php ...)
+ NOT-FOR-US: ECShop
+CVE-2020-22204 (SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.p ...)
+ NOT-FOR-US: ECShop
+CVE-2020-22203 (SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php ...)
+ NOT-FOR-US: phpCMS
+CVE-2020-22202
+ RESERVED
+CVE-2020-22201 (phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary ph ...)
+ NOT-FOR-US: phpCMS
+CVE-2020-22200 (Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter ...)
+ NOT-FOR-US: phpCMS
+CVE-2020-22199 (SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg ...)
+ NOT-FOR-US: phpCMS
+CVE-2020-22198 (SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-22197
+ RESERVED
+CVE-2020-22196
+ RESERVED
+CVE-2020-22195
+ RESERVED
+CVE-2020-22194
+ RESERVED
+CVE-2020-22193
+ RESERVED
+CVE-2020-22192
+ RESERVED
+CVE-2020-22191
+ RESERVED
+CVE-2020-22190
+ RESERVED
+CVE-2020-22189
+ RESERVED
+CVE-2020-22188
+ RESERVED
+CVE-2020-22187
+ RESERVED
+CVE-2020-22186
+ RESERVED
+CVE-2020-22185
+ RESERVED
+CVE-2020-22184
+ RESERVED
+CVE-2020-22183
+ RESERVED
+CVE-2020-22182
+ RESERVED
+CVE-2020-22181
+ RESERVED
+CVE-2020-22180
+ RESERVED
+CVE-2020-22179
+ RESERVED
+CVE-2020-22178
+ RESERVED
+CVE-2020-22177
+ RESERVED
+CVE-2020-22176 (PHPGurukul Hospital Management System in PHP v4.0 has a sensitive info ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22175 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22174 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22173 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22172 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22171 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22170 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22169 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22168 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22167 (PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cro ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22166 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22165 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22164 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System in PHP
+CVE-2020-22163
+ RESERVED
+CVE-2020-22162
+ RESERVED
+CVE-2020-22161
+ RESERVED
+CVE-2020-22160
+ RESERVED
+CVE-2020-22159
+ RESERVED
+CVE-2020-22158 (MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to ...)
+ NOT-FOR-US: Ericsson RX8200 5.13.3 devices
+CVE-2020-22157
+ RESERVED
+CVE-2020-22156
+ RESERVED
+CVE-2020-22155
+ RESERVED
+CVE-2020-22154
+ RESERVED
+CVE-2020-22153
+ RESERVED
+CVE-2020-22152
+ RESERVED
+CVE-2020-22151
+ RESERVED
+CVE-2020-22150 (A cross site scripting (XSS) vulnerability in /admin.php?page=permalin ...)
+ - piwigo <removed>
+CVE-2020-22149
+ RESERVED
+CVE-2020-22148 (A stored cross site scripting (XSS) vulnerability in /admin.php?page=t ...)
+ - piwigo <removed>
+CVE-2020-22147
+ RESERVED
+CVE-2020-22146
+ RESERVED
+CVE-2020-22145
+ RESERVED
+CVE-2020-22144
+ RESERVED
+CVE-2020-22143
+ RESERVED
+CVE-2020-22142
+ RESERVED
+CVE-2020-22141
+ RESERVED
+CVE-2020-22140
+ RESERVED
+CVE-2020-22139
+ RESERVED
+CVE-2020-22138
+ RESERVED
+CVE-2020-22137
+ RESERVED
+CVE-2020-22136
+ RESERVED
+CVE-2020-22135
+ RESERVED
+CVE-2020-22134
+ RESERVED
+CVE-2020-22133
+ RESERVED
+CVE-2020-22132
+ RESERVED
+CVE-2020-22131
+ RESERVED
+CVE-2020-22130
+ RESERVED
+CVE-2020-22129
+ RESERVED
+CVE-2020-22128
+ RESERVED
+CVE-2020-22127
+ RESERVED
+CVE-2020-22126
+ RESERVED
+CVE-2020-22125
+ RESERVED
+CVE-2020-22124 (A vulnerability in the \inc\config.php component of joyplus-cms v1.6 a ...)
+ NOT-FOR-US: joyplus-cms
+CVE-2020-22123
+ RESERVED
+CVE-2020-22122 (A SQL injection vulnerability in /oa.php?c=Staff&amp;a=read of Find a ...)
+ NOT-FOR-US: LJCMS
+CVE-2020-22121
+ RESERVED
+CVE-2020-22120 (A remote code execution (RCE) vulnerability in /root/run/adm.php?admin ...)
+ NOT-FOR-US: imcat
+CVE-2020-22119
+ RESERVED
+CVE-2020-22118
+ RESERVED
+CVE-2020-22117
+ RESERVED
+CVE-2020-22116
+ RESERVED
+CVE-2020-22115
+ RESERVED
+CVE-2020-22114
+ RESERVED
+CVE-2020-22113
+ RESERVED
+CVE-2020-22112
+ RESERVED
+CVE-2020-22111
+ RESERVED
+CVE-2020-22110
+ RESERVED
+CVE-2020-22109
+ RESERVED
+CVE-2020-22108
+ RESERVED
+CVE-2020-22107
+ RESERVED
+CVE-2020-22106
+ RESERVED
+CVE-2020-22105
+ RESERVED
+CVE-2020-22104
+ RESERVED
+CVE-2020-22103
+ RESERVED
+CVE-2020-22102
+ RESERVED
+CVE-2020-22101
+ RESERVED
+CVE-2020-22100
+ RESERVED
+CVE-2020-22099
+ RESERVED
+CVE-2020-22098
+ RESERVED
+CVE-2020-22097
+ RESERVED
+CVE-2020-22096
+ RESERVED
+CVE-2020-22095
+ RESERVED
+CVE-2020-22094
+ RESERVED
+CVE-2020-22093
+ RESERVED
+CVE-2020-22092
+ RESERVED
+CVE-2020-22091
+ RESERVED
+CVE-2020-22090
+ RESERVED
+CVE-2020-22089
+ RESERVED
+CVE-2020-22088
+ RESERVED
+CVE-2020-22087
+ RESERVED
+CVE-2020-22086
+ RESERVED
+CVE-2020-22085
+ RESERVED
+CVE-2020-22084
+ RESERVED
+CVE-2020-22083 (** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution d ...)
+ - jsonpickle <unfixed> (unimportant)
+ NOTE: CVE assigment seems bogus, jsonpickle clearly states "jsonpickle can execute arbitrary Python code.
+ NOTE: Do not load jsonpickles from untrusted unauthenticated sources", so this works as expected
+CVE-2020-22082
+ RESERVED
+CVE-2020-22081
+ RESERVED
+CVE-2020-22080
+ RESERVED
+CVE-2020-22079 (Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0 ...)
+ NOT-FOR-US: Tenda
+CVE-2020-22078
+ RESERVED
+CVE-2020-22077
+ RESERVED
+CVE-2020-22076
+ RESERVED
+CVE-2020-22075
+ RESERVED
+CVE-2020-22074
+ RESERVED
+CVE-2020-22073
+ RESERVED
+CVE-2020-22072
+ RESERVED
+CVE-2020-22071
+ RESERVED
+CVE-2020-22070
+ RESERVED
+CVE-2020-22069
+ RESERVED
+CVE-2020-22068
+ RESERVED
+CVE-2020-22067
+ RESERVED
+CVE-2020-22066
+ RESERVED
+CVE-2020-22065
+ RESERVED
+CVE-2020-22064
+ RESERVED
+CVE-2020-22063
+ RESERVED
+CVE-2020-22062
+ RESERVED
+CVE-2020-22061 (SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the ...)
+ NOT-FOR-US: SUPERAntispyware
+CVE-2020-22060
+ RESERVED
+CVE-2020-22059
+ RESERVED
+CVE-2020-22058
+ RESERVED
+CVE-2020-22057 (The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precisio ...)
+ NOT-FOR-US: EVGA Precision XOC
+CVE-2020-22056 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://trac.ffmpeg.org/ticket/8304
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=daf2bef98ded7f8431fd04bf3324669329a923c1
+ NOTE: Negligible security impact
+CVE-2020-22055
+ RESERVED
+CVE-2020-22054 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DSA-4990-1 DLA-2818-1}
+ - ffmpeg 7:4.3-2 (unimportant)
+ NOTE: https://trac.ffmpeg.org/ticket/8315
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6f2a3958cfac135c60b509a61a4fd39432d8f9a9
+ NOTE: Negligible security impact
+CVE-2020-22053
+ RESERVED
+CVE-2020-22052
+ RESERVED
+CVE-2020-22051 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://trac.ffmpeg.org/ticket/8313
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=673fce6d40d9a594fb7a0ea17d296b7d3d9ea856
+ NOTE: Negligible security impact
+CVE-2020-22050
+ RESERVED
+CVE-2020-22049 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DSA-4990-1 DLA-2818-1}
+ - ffmpeg 7:4.3-2 (unimportant)
+ NOTE: https://trac.ffmpeg.org/ticket/8314
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=373c1c9b691fd4c6831b3a114a006b639304c2af
+ NOTE: Negligible security impact
+CVE-2020-22048 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DLA-2818-1}
+ - ffmpeg 7:4.3-2 (unimportant)
+ NOTE: https://trac.ffmpeg.org/ticket/8303
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fddef964e8aa4a2c123e470db1436a082ff6bcf3
+ NOTE: Negligible security impact
+CVE-2020-22047
+ RESERVED
+CVE-2020-22046 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DLA-2818-1}
+ - ffmpeg 7:4.3-2 (unimportant)
+ NOTE: https://trac.ffmpeg.org/ticket/8294
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=097c917c147661f5378dae8fe3f7e46f43236426
+ NOTE: Negligible security impact
+CVE-2020-22045
+ RESERVED
+CVE-2020-22044 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DLA-2818-1}
+ - ffmpeg 7:4.3-2 (unimportant)
+ NOTE: https://trac.ffmpeg.org/ticket/8295
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1d479300cbe0522c233b7d51148aea2b29bd29ad
+ NOTE: Negligible security impact
+CVE-2020-22043 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <ignored> (Patch is too destructive to implement it; Minor issue)
+ NOTE: https://trac.ffmpeg.org/ticket/8284
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b288a7eb3d963a175e177b6219c8271076ee8590
+ NOTE: Negligible security impact
+CVE-2020-22042 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DSA-4998-1}
+ - ffmpeg 7:4.4-5 (unimportant)
+ [stretch] - ffmpeg <ignored> (Patch can not be applied cleanly; Minor issue)
+ NOTE: https://trac.ffmpeg.org/ticket/8267
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=426c16d61a9b5056a157a1a2a057a4e4d13eef84
+CVE-2020-22041 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DLA-2818-1}
+ - ffmpeg 7:4.3-2 (unimportant)
+ NOTE: https://trac.ffmpeg.org/ticket/8296
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3488e0977c671568731afa12b811adce9d4d807f
+CVE-2020-22040 (A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memor ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <ignored> (Patch can not be applied cleanly; Minor issue)
+ NOTE: https://trac.ffmpeg.org/ticket/8283
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1a0c584abc9709b1d11dbafef05d22e0937d7d19
+CVE-2020-22039 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <ignored> (Patch can not be applied cleanly; Minor issue)
+ NOTE: https://trac.ffmpeg.org/ticket/8302
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a581bb66ea5eb981e2e498ca301df7d1ef15a6a3
+CVE-2020-22038 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ - ffmpeg 7:4.4-5 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://trac.ffmpeg.org/ticket/8285
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013
+CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...)
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
+ - ffmpeg 7:4.4.1-1 (unimportant)
+ NOTE: https://trac.ffmpeg.org/ticket/8281
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7bba0dd6382e30d646cb406034a66199e071d713
+CVE-2020-22036 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...)
+ {DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.3-2
+ NOTE: https://trac.ffmpeg.org/ticket/8261
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606
+ NOTE: CVE-2020-22036 and CVE-2020-20899 are duplicates, reported to MITRE
+CVE-2020-22035 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get ...)
+ {DSA-4990-1}
+ - ffmpeg 7:4.3-2
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
+ NOTE: https://trac.ffmpeg.org/ticket/8262
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0749082eb93ea02fa4b770da86597450cec84054
+CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...)
+ {DSA-4990-1}
+ - ffmpeg 7:4.3-2
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
+ NOTE: https://trac.ffmpeg.org/ticket/8236
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac
+CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavf ...)
+ {DSA-4990-1}
+ - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
+ NOTE: https://trac.ffmpeg.org/ticket/8246
+ NOTE: https://trac.ffmpeg.org/ticket/8241
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02
+CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...)
+ {DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.3-2
+ NOTE: https://trac.ffmpeg.org/ticket/8275
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44
+CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
+ {DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.3-2
+ NOTE: https://trac.ffmpeg.org/ticket/8243
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8
+CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
+ {DSA-4990-1}
+ - ffmpeg 7:4.3-2
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
+ NOTE: https://trac.ffmpeg.org/ticket/8276
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1b89c76f66343d1b495165664647317c66764bb
+CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...)
+ {DSA-4990-1}
+ - ffmpeg 7:4.3-2
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae
+ NOTE: https://trac.ffmpeg.org/ticket/8250
+CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...)
+ {DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.3-2
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b
+ NOTE: https://trac.ffmpeg.org/ticket/8274
+CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in defl ...)
+ {DSA-4990-1}
+ - ffmpeg 7:4.3-2
+ [stretch] - ffmpeg <ignored> (Required change too invasive, original patch need to be completely rewritten)
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c
+ NOTE: https://trac.ffmpeg.org/ticket/8242
+CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...)
+ {DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.3-2
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144
+ NOTE: https://trac.ffmpeg.org/ticket/8317
+CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in gaussian_blur at ...)
+ {DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.3-2
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8
+ NOTE: https://trac.ffmpeg.org/ticket/8260
+CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...)
+ - ffmpeg 7:4.3-2
+ [buster] - ffmpeg <not-affected> (Introduced in 4.2)
+ [stretch] - ffmpeg <not-affected> (Introduced in 4.2)
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=723d69f99cd26db9687ed2d24d06afaff624daf3
+ NOTE: https://trac.ffmpeg.org/ticket/8310
+CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in fi ...)
+ {DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.3-2
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c
+ NOTE: https://trac.ffmpeg.org/ticket/8244
+CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...)
+ {DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.3-2
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba
+ NOTE: https://trac.ffmpeg.org/ticket/8264
+CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...)
+ {DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b
+ NOTE: https://trac.ffmpeg.org/ticket/8240
+CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...)
+ {DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.3-2
+ NOTE: https://trac.ffmpeg.org/ticket/8239
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765
+CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in ...)
+ {DSA-4990-1}
+ - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
+ NOTE: https://trac.ffmpeg.org/ticket/8246
+ NOTE: https://trac.ffmpeg.org/ticket/8241
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02
+CVE-2020-22018
+ RESERVED
+CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_ ...)
+ {DSA-4990-1}
+ - ffmpeg 7:4.3-2
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
+ NOTE: https://trac.ffmpeg.org/ticket/8309
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d
+CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec ...)
+ {DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.2.2-1
+ NOTE: https://trac.ffmpeg.org/ticket/8183
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145
+CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...)
+ {DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
+ NOTE: https://trac.ffmpeg.org/ticket/8190
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46
+CVE-2020-22014
+ RESERVED
+CVE-2020-22013
+ RESERVED
+CVE-2020-22012
+ RESERVED
+CVE-2020-22011
+ RESERVED
+CVE-2020-22010
+ RESERVED
+CVE-2020-22009
+ RESERVED
+CVE-2020-22008
+ RESERVED
+CVE-2020-22007
+ RESERVED
+CVE-2020-22006
+ RESERVED
+CVE-2020-22005
+ RESERVED
+CVE-2020-22004
+ RESERVED
+CVE-2020-22003
+ RESERVED
+CVE-2020-22002 (An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability ex ...)
+ NOT-FOR-US: Inim Electronics Smartliving SmartLAN/G/SI
+CVE-2020-22001 (HomeAutomation 3.3.2 suffers from an authentication bypass vulnerabili ...)
+ NOT-FOR-US: HomeAutomation
+CVE-2020-22000 (HomeAutomation 3.3.2 suffers from an authenticated OS command executio ...)
+ NOT-FOR-US: HomeAutomation
+CVE-2020-21999 (iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authent ...)
+ NOT-FOR-US: iWT Ltd FaceSentry Access Control System
+CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter ...)
+ NOT-FOR-US: HomeAutomation
+CVE-2020-21997 (Smartwares HOME easy &lt;=1.0.9 is vulnerable to an unauthenticated da ...)
+ NOT-FOR-US: Smartwares HOME easy
+CVE-2020-21996 (AVE DOMINAplus &lt;=1.10.x suffers from an unauthenticated reboot comm ...)
+ NOT-FOR-US: AVE DOMINAplus
+CVE-2020-21995 (Inim Electronics Smartliving SmartLAN/G/SI &lt;=6.x uses default hardc ...)
+ NOT-FOR-US: Inim Electronics Smartliving SmartLAN/G/SI
+CVE-2020-21994 (AVE DOMINAplus &lt;=1.10.x suffers from clear-text credentials disclos ...)
+ NOT-FOR-US: AVE DOMINAplus
+CVE-2020-21993 (In WEMS Limited Enterprise Manager 2.58, input passed to the GET param ...)
+ NOT-FOR-US: WEMS Limited Enterprise Manager
+CVE-2020-21992 (Inim Electronics SmartLiving SmartLAN/G/SI &lt;=6.x suffers from an au ...)
+ NOT-FOR-US: Inim Electronics SmartLiving SmartLAN/G/SI
+CVE-2020-21991 (AVE DOMINAplus &lt;=1.10.x suffers from an authentication bypass vulne ...)
+ NOT-FOR-US: AVE DOMINAplus
+CVE-2020-21990 (Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0. ...)
+ NOT-FOR-US: Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway
+CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). ...)
+ NOT-FOR-US: HomeAutomation
+CVE-2020-21988
+ RESERVED
+CVE-2020-21987 (HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (X ...)
+ NOT-FOR-US: HomeAutomation
+CVE-2020-21986
+ RESERVED
+CVE-2020-21985
+ RESERVED
+CVE-2020-21984
+ RESERVED
+CVE-2020-21983
+ RESERVED
+CVE-2020-21982
+ RESERVED
+CVE-2020-21981
+ RESERVED
+CVE-2020-21980
+ RESERVED
+CVE-2020-21979
+ RESERVED
+CVE-2020-21978
+ RESERVED
+CVE-2020-21977
+ RESERVED
+CVE-2020-21976 (An arbitrary file upload in the &lt;input type="file" name="user_image ...)
+ NOT-FOR-US: NewsOne CMS
+CVE-2020-21975
+ RESERVED
+CVE-2020-21974
+ RESERVED
+CVE-2020-21973
+ RESERVED
+CVE-2020-21972
+ RESERVED
+CVE-2020-21971
+ RESERVED
+CVE-2020-21970
+ RESERVED
+CVE-2020-21969
+ RESERVED
+CVE-2020-21968
+ RESERVED
+CVE-2020-21967
+ RESERVED
+CVE-2020-21966
+ RESERVED
+CVE-2020-21965
+ RESERVED
+CVE-2020-21964
+ RESERVED
+CVE-2020-21963
+ RESERVED
+CVE-2020-21962
+ RESERVED
+CVE-2020-21961
+ RESERVED
+CVE-2020-21960
+ RESERVED
+CVE-2020-21959
+ RESERVED
+CVE-2020-21958
+ RESERVED
+CVE-2020-21957
+ RESERVED
+CVE-2020-21956
+ RESERVED
+CVE-2020-21955
+ RESERVED
+CVE-2020-21954
+ RESERVED
+CVE-2020-21953
+ RESERVED
+CVE-2020-21952
+ RESERVED
+CVE-2020-21951
+ RESERVED
+CVE-2020-21950
+ RESERVED
+CVE-2020-21949
+ RESERVED
+CVE-2020-21948
+ RESERVED
+CVE-2020-21947
+ RESERVED
+CVE-2020-21946
+ RESERVED
+CVE-2020-21945
+ RESERVED
+CVE-2020-21944
+ RESERVED
+CVE-2020-21943
+ RESERVED
+CVE-2020-21942
+ RESERVED
+CVE-2020-21941
+ RESERVED
+CVE-2020-21940
+ RESERVED
+CVE-2020-21939
+ RESERVED
+CVE-2020-21938
+ RESERVED
+CVE-2020-21937 (An command injection vulnerability in HNAP1/SetWLanApcliSettings of Mo ...)
+ NOT-FOR-US: Motorola
+CVE-2020-21936 (An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Bui ...)
+ NOT-FOR-US: Motorola
+CVE-2020-21935 (A command injection vulnerability in HNAP1/GetNetworkTomographySetting ...)
+ NOT-FOR-US: Motorola
+CVE-2020-21934 (An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 ...)
+ NOT-FOR-US: Motorola
+CVE-2020-21933 (An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 ...)
+ NOT-FOR-US: Motorola
+CVE-2020-21932 (A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 2 ...)
+ NOT-FOR-US: Motorola
+CVE-2020-21931
+ RESERVED
+CVE-2020-21930 (A stored cross site scripting (XSS) vulnerability in the web_attr_2 fi ...)
+ NOT-FOR-US: Eyoucms
+CVE-2020-21929 (A stored cross site scripting (XSS) vulnerability in the web_copyright ...)
+ NOT-FOR-US: Eyoucms
+CVE-2020-21928
+ RESERVED
+CVE-2020-21927
+ RESERVED
+CVE-2020-21926
+ RESERVED
+CVE-2020-21925
+ RESERVED
+CVE-2020-21924
+ RESERVED
+CVE-2020-21923
+ RESERVED
+CVE-2020-21922
+ RESERVED
+CVE-2020-21921
+ RESERVED
+CVE-2020-21920
+ RESERVED
+CVE-2020-21919
+ RESERVED
+CVE-2020-21918
+ RESERVED
+CVE-2020-21917
+ RESERVED
+CVE-2020-21916
+ RESERVED
+CVE-2020-21915
+ RESERVED
+CVE-2020-21914
+ RESERVED
+CVE-2020-21913 (International Components for Unicode (ICU-20850) v66.1 was discovered ...)
+ {DSA-5014-1 DLA-2784-1}
+ - icu 67.1-2
+ NOTE: https://github.com/unicode-org/icu/pull/886
+ NOTE: https://unicode-org.atlassian.net/browse/ICU-20850
+ NOTE: https://github.com/unicode-org/icu/commit/727505bddab0bfd527f1db6697cb4d4f7febe4a9
+CVE-2020-21912
+ RESERVED
+CVE-2020-21911
+ RESERVED
+CVE-2020-21910
+ RESERVED
+CVE-2020-21909
+ RESERVED
+CVE-2020-21908
+ RESERVED
+CVE-2020-21907
+ RESERVED
+CVE-2020-21906
+ RESERVED
+CVE-2020-21905
+ RESERVED
+CVE-2020-21904
+ RESERVED
+CVE-2020-21903
+ RESERVED
+CVE-2020-21902
+ RESERVED
+CVE-2020-21901
+ RESERVED
+CVE-2020-21900
+ RESERVED
+CVE-2020-21899
+ RESERVED
+CVE-2020-21898
+ RESERVED
+CVE-2020-21897
+ RESERVED
+CVE-2020-21896
+ RESERVED
+CVE-2020-21895
+ RESERVED
+CVE-2020-21894
+ RESERVED
+CVE-2020-21893
+ RESERVED
+CVE-2020-21892
+ RESERVED
+CVE-2020-21891
+ RESERVED
+CVE-2020-21890
+ RESERVED
+CVE-2020-21889
+ RESERVED
+CVE-2020-21888
+ RESERVED
+CVE-2020-21887
+ RESERVED
+CVE-2020-21886
+ RESERVED
+CVE-2020-21885
+ RESERVED
+CVE-2020-21884 (Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Seri ...)
+ NOT-FOR-US: UniBox
+CVE-2020-21883 (Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Ser ...)
+ NOT-FOR-US: UniBox
+CVE-2020-21882
+ RESERVED
+CVE-2020-21881
+ RESERVED
+CVE-2020-21880
+ RESERVED
+CVE-2020-21879
+ RESERVED
+CVE-2020-21878
+ RESERVED
+CVE-2020-21877
+ RESERVED
+CVE-2020-21876
+ RESERVED
+CVE-2020-21875
+ RESERVED
+CVE-2020-21874
+ RESERVED
+CVE-2020-21873
+ RESERVED
+CVE-2020-21872
+ RESERVED
+CVE-2020-21871
+ RESERVED
+CVE-2020-21870
+ RESERVED
+CVE-2020-21869
+ RESERVED
+CVE-2020-21868
+ RESERVED
+CVE-2020-21867
+ RESERVED
+CVE-2020-21866
+ RESERVED
+CVE-2020-21865 (ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerabili ...)
+ NOT-FOR-US: ThinkPHP50-CMS
+CVE-2020-21864
+ RESERVED
+CVE-2020-21863
+ RESERVED
+CVE-2020-21862
+ RESERVED
+CVE-2020-21861
+ RESERVED
+CVE-2020-21860
+ RESERVED
+CVE-2020-21859
+ RESERVED
+CVE-2020-21858
+ RESERVED
+CVE-2020-21857
+ RESERVED
+CVE-2020-21856
+ RESERVED
+CVE-2020-21855
+ RESERVED
+CVE-2020-21854 (Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the syste ...)
+ NOT-FOR-US: WDScanner
+CVE-2020-21853
+ RESERVED
+CVE-2020-21852
+ RESERVED
+CVE-2020-21851
+ RESERVED
+CVE-2020-21850
+ RESERVED
+CVE-2020-21849
+ RESERVED
+CVE-2020-21848
+ RESERVED
+CVE-2020-21847
+ RESERVED
+CVE-2020-21846
+ RESERVED
+CVE-2020-21845 (Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage u ...)
+ NOT-FOR-US: Codoforum
+CVE-2020-21844 (GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21843 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21842 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21841 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21840 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21839 (An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21838 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21837
+ RESERVED
+CVE-2020-21836 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21835 (A null pointer deference issue exists in GNU LibreDWG 0.10 via read_20 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21834 (A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21833 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21832 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21831 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21830 (A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.1 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21829
+ RESERVED
+CVE-2020-21828
+ RESERVED
+CVE-2020-21827 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21826
+ RESERVED
+CVE-2020-21825
+ RESERVED
+CVE-2020-21824
+ RESERVED
+CVE-2020-21823
+ RESERVED
+CVE-2020-21822
+ RESERVED
+CVE-2020-21821
+ RESERVED
+CVE-2020-21820
+ RESERVED
+CVE-2020-21819 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21818 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21817 (A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21816 (A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21815 (A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via ou ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21814 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21813 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-21812
+ RESERVED
+CVE-2020-21811
+ RESERVED
+CVE-2020-21810
+ RESERVED
+CVE-2020-21809 (SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4. ...)
+ NOT-FOR-US: NukeViet CMS module Shops
+CVE-2020-21808 (SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the to ...)
+ NOT-FOR-US: NukeViet CMS
+CVE-2020-21807
+ RESERVED
+CVE-2020-21806 (SQL Injection Vulnerability in ECTouch v2 via the shop page in index.p ...)
+ NOT-FOR-US: ECTouch
+CVE-2020-21805
+ RESERVED
+CVE-2020-21804
+ RESERVED
+CVE-2020-21803
+ RESERVED
+CVE-2020-21802
+ RESERVED
+CVE-2020-21801
+ RESERVED
+CVE-2020-21800
+ RESERVED
+CVE-2020-21799
+ RESERVED
+CVE-2020-21798
+ RESERVED
+CVE-2020-21797
+ RESERVED
+CVE-2020-21796
+ RESERVED
+CVE-2020-21795
+ RESERVED
+CVE-2020-21794
+ RESERVED
+CVE-2020-21793
+ RESERVED
+CVE-2020-21792
+ RESERVED
+CVE-2020-21791
+ RESERVED
+CVE-2020-21790
+ RESERVED
+CVE-2020-21789
+ RESERVED
+CVE-2020-21788 (In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side ...)
+ NOT-FOR-US: CRMEB
+CVE-2020-21787 (CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/se ...)
+ NOT-FOR-US: CRMEB
+CVE-2020-21786 (In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /syst ...)
+ NOT-FOR-US: IBOS
+CVE-2020-21785 (In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerab ...)
+ NOT-FOR-US: IBOS
+CVE-2020-21784 (phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setu ...)
+ NOT-FOR-US: phpwcms
+CVE-2020-21783 (In IBOS 4.5.4 the email function has a cross site scripting (XSS) vuln ...)
+ NOT-FOR-US: IBOS
+CVE-2020-21782
+ RESERVED
+CVE-2020-21781
+ RESERVED
+CVE-2020-21780
+ RESERVED
+CVE-2020-21779
+ RESERVED
+CVE-2020-21778
+ RESERVED
+CVE-2020-21777
+ RESERVED
+CVE-2020-21776
+ RESERVED
+CVE-2020-21775
+ RESERVED
+CVE-2020-21774
+ RESERVED
+CVE-2020-21773
+ RESERVED
+CVE-2020-21772
+ RESERVED
+CVE-2020-21771
+ RESERVED
+CVE-2020-21770
+ RESERVED
+CVE-2020-21769
+ RESERVED
+CVE-2020-21768
+ RESERVED
+CVE-2020-21767
+ RESERVED
+CVE-2020-21766
+ RESERVED
+CVE-2020-21765
+ RESERVED
+CVE-2020-21764
+ RESERVED
+CVE-2020-21763
+ RESERVED
+CVE-2020-21762
+ RESERVED
+CVE-2020-21761
+ RESERVED
+CVE-2020-21760
+ RESERVED
+CVE-2020-21759
+ RESERVED
+CVE-2020-21758
+ RESERVED
+CVE-2020-21757
+ RESERVED
+CVE-2020-21756
+ RESERVED
+CVE-2020-21755
+ RESERVED
+CVE-2020-21754
+ RESERVED
+CVE-2020-21753
+ RESERVED
+CVE-2020-21752
+ RESERVED
+CVE-2020-21751
+ RESERVED
+CVE-2020-21750
+ RESERVED
+CVE-2020-21749
+ RESERVED
+CVE-2020-21748
+ RESERVED
+CVE-2020-21747
+ RESERVED
+CVE-2020-21746
+ RESERVED
+CVE-2020-21745
+ RESERVED
+CVE-2020-21744
+ RESERVED
+CVE-2020-21743
+ RESERVED
+CVE-2020-21742
+ RESERVED
+CVE-2020-21741
+ RESERVED
+CVE-2020-21740
+ RESERVED
+CVE-2020-21739
+ RESERVED
+CVE-2020-21738
+ RESERVED
+CVE-2020-21737
+ RESERVED
+CVE-2020-21736
+ RESERVED
+CVE-2020-21735
+ RESERVED
+CVE-2020-21734
+ RESERVED
+CVE-2020-21733 (Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdn ...)
+ NOT-FOR-US: Sagemcom F@ST3686
+CVE-2020-21732 (Rukovoditel Project Management app 2.6 is affected by: Cross Site Scri ...)
+ NOT-FOR-US: Rukovoditel Project Management app
+CVE-2020-21731 (Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.1 ...)
+ NOT-FOR-US: Gazie
+CVE-2020-21730
+ RESERVED
+CVE-2020-21729 (JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability ...)
+ NOT-FOR-US: JEECMS
+CVE-2020-21728
+ RESERVED
+CVE-2020-21727
+ RESERVED
+CVE-2020-21726 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...)
+ NOT-FOR-US: OpenSNS
+CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...)
+ NOT-FOR-US: OpenSNS
+CVE-2020-21724
+ RESERVED
+CVE-2020-21723
+ RESERVED
+CVE-2020-21722
+ RESERVED
+CVE-2020-21721
+ RESERVED
+CVE-2020-21720
+ RESERVED
+CVE-2020-21719
+ RESERVED
+CVE-2020-21718
+ RESERVED
+CVE-2020-21717
+ RESERVED
+CVE-2020-21716
+ RESERVED
+CVE-2020-21715
+ RESERVED
+CVE-2020-21714
+ RESERVED
+CVE-2020-21713
+ RESERVED
+CVE-2020-21712
+ RESERVED
+CVE-2020-21711
+ RESERVED
+CVE-2020-21710
+ RESERVED
+CVE-2020-21709
+ RESERVED
+CVE-2020-21708
+ RESERVED
+CVE-2020-21707
+ RESERVED
+CVE-2020-21706
+ RESERVED
+CVE-2020-21705
+ RESERVED
+CVE-2020-21704
+ RESERVED
+CVE-2020-21703
+ RESERVED
+CVE-2020-21702
+ RESERVED
+CVE-2020-21701
+ RESERVED
+CVE-2020-21700
+ RESERVED
+CVE-2020-21699
+ RESERVED
+CVE-2020-21698
+ RESERVED
+CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...)
+ {DSA-4998-1}
+ - ffmpeg 7:4.4-5
+ [buster] - ffmpeg <postponed> (Wait for 4.1.9)
+ [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://trac.ffmpeg.org/ticket/8188
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6
+CVE-2020-21696
+ RESERVED
+CVE-2020-21695
+ RESERVED
+CVE-2020-21694
+ RESERVED
+CVE-2020-21693
+ RESERVED
+CVE-2020-21692
+ RESERVED
+CVE-2020-21691
+ RESERVED
+CVE-2020-21690
+ REJECTED
+CVE-2020-21689
+ RESERVED
+CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...)
+ {DSA-4998-1}
+ - ffmpeg 7:4.4-5
+ [buster] - ffmpeg <postponed> (Wait for 4.1.9)
+ [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://trac.ffmpeg.org/ticket/8186
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1
+CVE-2020-21687
+ RESERVED
+CVE-2020-21686
+ RESERVED
+CVE-2020-21685
+ RESERVED
+CVE-2020-21684 (A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2 ...)
+ - fig2dev 1:3.2.8-1 (unimportant)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/75/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-21683 (A global buffer overflow in the shade_or_tint_name_after_declare_color ...)
+ - fig2dev 1:3.2.8-1 (unimportant)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/77/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/639c36010a120e97a6e82e7cd57cbf9dbf4b64f1/ (3.2.8)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-21682 (A global buffer overflow in the set_fill component in genge.c of fig2d ...)
+ - fig2dev 1:3.2.8-1 (unimportant)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/72/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/4d4e1fdac467c386cba8706aa0067d5ab8da02d7/ (3.2.8)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-21681 (A global buffer overflow in the set_color component in genge.c of fig2 ...)
+ - fig2dev 1:3.2.8-1 (unimportant)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/73/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8)
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/4d4e1fdac467c386cba8706aa0067d5ab8da02d7/ (3.2.8)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-21680 (A stack-based buffer overflow in the put_arrow() component in genpict2 ...)
+ - fig2dev 1:3.2.8-1 (unimportant)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/74/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/3165d86c31c6323913239fdc6460be6ababd3826/ (3.2.8)
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/100e2789f8106f9cc0f7e4319c4ee7bda076c3ac/ (3.2.8)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-21679
+ RESERVED
+CVE-2020-21678 (A global buffer overflow in the genmp_writefontmacro_latex component i ...)
+ - fig2dev 1:3.2.8-1 (unimportant)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/71/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-21677 (A heap-based buffer overflow in the sixel_encoder_output_without_macro ...)
+ - libsixel 1.8.6-1
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/saitoha/libsixel/issues/123
+ NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d
+CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component in genp ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.8-1
+ [buster] - fig2dev <no-dsa> (Minor issue)
+ [stretch] - fig2dev <not-affected> (Vulnerable code introduced later)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/76/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/acccc89c20206a5db1f463438ba444e35bcb400e/ (3.2.8)
+ NOTE: Introduced by https://sourceforge.net/p/mcj/fig2dev/ci/102f607eea49785d4a9c9c24af85f046c23674de (3.2.7)
+CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in genptk.c ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.7b-3
+ [buster] - fig2dev 1:3.2.7a-5+deb10u3
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/78/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
+CVE-2020-21674 (Heap-based buffer overflow in archive_string_append_from_wcs() (archiv ...)
+ - libarchive <not-affected> (Vulnerable code not present in a released version)
+ NOTE: https://github.com/libarchive/libarchive/issues/1298
+ NOTE: Introduced (around): https://github.com/libarchive/libarchive/commit/3566a5d6ba2458e68c7e42b23f00a57901c6eafb
+ NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/4f085eea879e2be745f4d9bf57e8513ae48157f4 (v3.4.1)
+CVE-2020-21673
+ RESERVED
+CVE-2020-21672
+ RESERVED
+CVE-2020-21671
+ RESERVED
+CVE-2020-21670
+ RESERVED
+CVE-2020-21669
+ RESERVED
+CVE-2020-21668
+ RESERVED
+CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the ' ...)
+ NOT-FOR-US: fastadmin-tp6
+CVE-2020-21666
+ RESERVED
+CVE-2020-21665 (In fastadmin V1.0.0.20191212_beta, when a user with administrator righ ...)
+ NOT-FOR-US: fastadmin
+CVE-2020-21664
+ RESERVED
+CVE-2020-21663
+ RESERVED
+CVE-2020-21662
+ RESERVED
+CVE-2020-21661
+ RESERVED
+CVE-2020-21660
+ RESERVED
+CVE-2020-21659
+ RESERVED
+CVE-2020-21658 (A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attacker ...)
+ NOT-FOR-US: WDJA CMS
+CVE-2020-21657
+ RESERVED
+CVE-2020-21656 (XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability ...)
+ NOT-FOR-US: XYHCMS
+CVE-2020-21655
+ RESERVED
+CVE-2020-21654 (emlog v6.0 contains a vulnerability in the component admin\template.ph ...)
+ NOT-FOR-US: emlog
+CVE-2020-21653 (Myucms v2.2.1 contains a server-side request forgery (SSRF) in the com ...)
+ NOT-FOR-US: Myucms
+CVE-2020-21652 (Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in ...)
+ NOT-FOR-US: Myucms
+CVE-2020-21651 (Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in ...)
+ NOT-FOR-US: Myucms
+CVE-2020-21650 (Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in ...)
+ NOT-FOR-US: Myucms
+CVE-2020-21649 (Myucms v2.2.1 contains a server-side request forgery (SSRF) in the com ...)
+ NOT-FOR-US: Myucms
+CVE-2020-21648 (WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in t ...)
+ NOT-FOR-US: WDJA CMS
+CVE-2020-21647
+ RESERVED
+CVE-2020-21646
+ RESERVED
+CVE-2020-21645
+ RESERVED
+CVE-2020-21644
+ RESERVED
+CVE-2020-21643
+ RESERVED
+CVE-2020-21642
+ RESERVED
+CVE-2020-21641
+ RESERVED
+CVE-2020-21640
+ RESERVED
+CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cros ...)
+ NOT-FOR-US: Ruijie
+CVE-2020-21638
+ RESERVED
+CVE-2020-21637
+ RESERVED
+CVE-2020-21636
+ RESERVED
+CVE-2020-21635
+ RESERVED
+CVE-2020-21634
+ RESERVED
+CVE-2020-21633
+ RESERVED
+CVE-2020-21632
+ RESERVED
+CVE-2020-21631
+ RESERVED
+CVE-2020-21630
+ RESERVED
+CVE-2020-21629
+ RESERVED
+CVE-2020-21628
+ RESERVED
+CVE-2020-21627 (Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability ...)
+ NOT-FOR-US: Ruijie
+CVE-2020-21626
+ RESERVED
+CVE-2020-21625
+ RESERVED
+CVE-2020-21624
+ RESERVED
+CVE-2020-21623
+ RESERVED
+CVE-2020-21622
+ RESERVED
+CVE-2020-21621
+ RESERVED
+CVE-2020-21620
+ RESERVED
+CVE-2020-21619
+ RESERVED
+CVE-2020-21618
+ RESERVED
+CVE-2020-21617
+ RESERVED
+CVE-2020-21616
+ RESERVED
+CVE-2020-21615
+ RESERVED
+CVE-2020-21614
+ RESERVED
+CVE-2020-21613
+ RESERVED
+CVE-2020-21612
+ RESERVED
+CVE-2020-21611
+ RESERVED
+CVE-2020-21610
+ RESERVED
+CVE-2020-21609
+ RESERVED
+CVE-2020-21608
+ RESERVED
+CVE-2020-21607
+ RESERVED
+CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/232
+CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/234
+CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/231
+CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/240
+CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...)
+ - libde265 <unfixed> (bug #1004963)
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/242
+CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/241
+CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...)
+ - libde265 <unfixed> (bug #1004963)
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/243
+CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/235
+CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...)
+ - libde265 <unfixed> (bug #1004963)
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/237
+CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/238
+CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/236
+CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/239
+CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ [stretch] - libde265 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://github.com/strukturag/libde265/issues/233
+CVE-2020-21593
+ RESERVED
+CVE-2020-21592
+ RESERVED
+CVE-2020-21591
+ RESERVED
+CVE-2020-21590 (Directory traversal in coreframe/app/template/admin/index.php in WUZHI ...)
+ NOT-FOR-US: WUZHI CMS
+CVE-2020-21589
+ RESERVED
+CVE-2020-21588 (Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a ...)
+ NOT-FOR-US: Core FTP
+CVE-2020-21587
+ RESERVED
+CVE-2020-21586
+ RESERVED
+CVE-2020-21585 (Vulnerability in emlog v6.0.0 allows user to upload webshells via zip ...)
+ NOT-FOR-US: emlog
+CVE-2020-21584
+ RESERVED
+CVE-2020-21583
+ RESERVED
+CVE-2020-21582
+ RESERVED
+CVE-2020-21581
+ RESERVED
+CVE-2020-21580
+ RESERVED
+CVE-2020-21579
+ RESERVED
+CVE-2020-21578
+ RESERVED
+CVE-2020-21577
+ RESERVED
+CVE-2020-21576
+ RESERVED
+CVE-2020-21575
+ RESERVED
+CVE-2020-21574 (Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows at ...)
+ NOT-FOR-US: YotsuyaNight c-http
+CVE-2020-21573 (An issue was discoverered in in abhijitnathwani image-processing v0.1. ...)
+ NOT-FOR-US: abhijitnathwani image-processing
+CVE-2020-21572 (Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 ...)
+ NOT-FOR-US: trgil gilcc
+CVE-2020-21571
+ RESERVED
+CVE-2020-21570
+ RESERVED
+CVE-2020-21569
+ RESERVED
+CVE-2020-21568
+ RESERVED
+CVE-2020-21567
+ RESERVED
+CVE-2020-21566
+ RESERVED
+CVE-2020-21565
+ RESERVED
+CVE-2020-21564 (An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2020-21563
+ RESERVED
+CVE-2020-21562
+ RESERVED
+CVE-2020-21561
+ RESERVED
+CVE-2020-21560
+ RESERVED
+CVE-2020-21559
+ RESERVED
+CVE-2020-21558
+ RESERVED
+CVE-2020-21557
+ RESERVED
+CVE-2020-21556
+ RESERVED
+CVE-2020-21555
+ RESERVED
+CVE-2020-21554
+ RESERVED
+CVE-2020-21553
+ RESERVED
+CVE-2020-21552
+ RESERVED
+CVE-2020-21551
+ RESERVED
+CVE-2020-21550
+ RESERVED
+CVE-2020-21549
+ RESERVED
+CVE-2020-21548 (Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_enco ...)
+ - libsixel 1.8.6-1
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/saitoha/libsixel/issues/116
+ NOTE: https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a (v1.8.4)
+CVE-2020-21547 (Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_fun ...)
+ - libsixel 1.8.6-1
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/saitoha/libsixel/issues/114
+ NOTE: https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a (v1.8.4)
+CVE-2020-21546
+ RESERVED
+CVE-2020-21545
+ RESERVED
+CVE-2020-21544
+ RESERVED
+CVE-2020-21543
+ RESERVED
+CVE-2020-21542
+ RESERVED
+CVE-2020-21541
+ RESERVED
+CVE-2020-21540
+ RESERVED
+CVE-2020-21539
+ RESERVED
+CVE-2020-21538
+ RESERVED
+CVE-2020-21537
+ RESERVED
+CVE-2020-21536
+ RESERVED
+CVE-2020-21535 (fig2dev 3.2.7b contains a segmentation fault in the gencgm_start funct ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.7b-3
+ [buster] - fig2dev 1:3.2.7a-5+deb10u2
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/62/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
+CVE-2020-21534 (fig2dev 3.2.7b contains a global buffer overflow in the get_line funct ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.7b-3
+ [buster] - fig2dev 1:3.2.7a-5+deb10u2
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/58/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
+CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.7b-3
+ [buster] - fig2dev 1:3.2.7a-5+deb10u2
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/59/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
+CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.8-1
+ [buster] - fig2dev <no-dsa> (Minor issue)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/64/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/ (3.2.8)
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/ (3.2.8)
+CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.8-1
+ [buster] - fig2dev <no-dsa> (Minor issue)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/63/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/ (3.2.8)
+CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects funct ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.7b-3
+ [buster] - fig2dev 1:3.2.7a-5+deb10u2
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/61/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8)
+CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.8-1
+ [buster] - fig2dev <no-dsa> (Minor issue)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/65/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8)
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/e3cee2576438f47a3b8678c6960472e625f8f7d7/ (3.2.8)
+CVE-2020-21528
+ RESERVED
+CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo v1.1.3. A ba ...)
+ NOT-FOR-US: Halo
+CVE-2020-21526 (An Arbitrary file writing vulnerability in halo v1.1.3. In an interfac ...)
+ NOT-FOR-US: Halo
+CVE-2020-21525 (Halo V1.1.3 is affected by: Arbitrary File reading. In an interface th ...)
+ NOT-FOR-US: Halo
+CVE-2020-21524 (There is a XML external entity (XXE) vulnerability in halo v1.1.3, The ...)
+ NOT-FOR-US: Halo
+CVE-2020-21523 (A Server-Side Freemarker template injection vulnerability in halo CMS ...)
+ NOT-FOR-US: Halo
+CVE-2020-21522 (An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal ...)
+ NOT-FOR-US: Halo
+CVE-2020-21521
+ RESERVED
+CVE-2020-21520
+ RESERVED
+CVE-2020-21519
+ RESERVED
+CVE-2020-21518
+ RESERVED
+CVE-2020-21517 (Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gour ...)
+ NOT-FOR-US: MetInfo
+CVE-2020-21516
+ RESERVED
+CVE-2020-21515
+ RESERVED
+CVE-2020-21514
+ RESERVED
+CVE-2020-21513
+ RESERVED
+CVE-2020-21512
+ RESERVED
+CVE-2020-21511
+ RESERVED
+CVE-2020-21510
+ RESERVED
+CVE-2020-21509
+ RESERVED
+CVE-2020-21508
+ RESERVED
+CVE-2020-21507
+ RESERVED
+CVE-2020-21506 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...)
+ NOT-FOR-US: waimai Super Cms
+CVE-2020-21505 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...)
+ NOT-FOR-US: waimai Super Cms
+CVE-2020-21504 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...)
+ NOT-FOR-US: waimai Super Cms
+CVE-2020-21503 (waimai Super Cms 20150505 has a logic flaw allowing attackers to modif ...)
+ NOT-FOR-US: waimai Super Cms
+CVE-2020-21502
+ RESERVED
+CVE-2020-21501
+ RESERVED
+CVE-2020-21500
+ RESERVED
+CVE-2020-21499
+ RESERVED
+CVE-2020-21498
+ RESERVED
+CVE-2020-21497
+ RESERVED
+CVE-2020-21496 (A cross-site scripting (XSS) vulnerability in the component /admin/?se ...)
+ NOT-FOR-US: Xiuno BBS
+CVE-2020-21495 (A cross-site scripting (XSS) vulnerability in the component /admin/?se ...)
+ NOT-FOR-US: Xiuno BBS
+CVE-2020-21494 (A cross-site scripting (XSS) vulnerability in the component install\in ...)
+ NOT-FOR-US: Xiuno BBS
+CVE-2020-21493 (An issue in the component route\user.php of Xiuno BBS v4.0.4 allows at ...)
+ NOT-FOR-US: Xiuno BBS
+CVE-2020-21492
+ RESERVED
+CVE-2020-21491
+ RESERVED
+CVE-2020-21490
+ RESERVED
+CVE-2020-21489
+ RESERVED
+CVE-2020-21488
+ RESERVED
+CVE-2020-21487
+ RESERVED
+CVE-2020-21486
+ RESERVED
+CVE-2020-21485
+ RESERVED
+CVE-2020-21484
+ RESERVED
+CVE-2020-21483 (An arbitrary file upload vulnerability in Jizhicms v1.5 allows attacke ...)
+ NOT-FOR-US: Jizhicms
+CVE-2020-21482 (A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attac ...)
+ NOT-FOR-US: RGCMS
+CVE-2020-21481 (An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers ...)
+ NOT-FOR-US: RGCMS
+CVE-2020-21480 (An arbitrary file write vulnerability in RGCMS v1.06 allows attackers ...)
+ NOT-FOR-US: RGCMS
+CVE-2020-21479
+ RESERVED
+CVE-2020-21478
+ RESERVED
+CVE-2020-21477
+ RESERVED
+CVE-2020-21476
+ RESERVED
+CVE-2020-21475
+ RESERVED
+CVE-2020-21474
+ RESERVED
+CVE-2020-21473
+ RESERVED
+CVE-2020-21472
+ RESERVED
+CVE-2020-21471
+ RESERVED
+CVE-2020-21470
+ RESERVED
+CVE-2020-21469
+ RESERVED
+CVE-2020-21468 (** DISPUTED ** A segmentation fault in the redis-server component of R ...)
+ - redis <unfixed> (unimportant)
+ NOTE: https://github.com/redis/redis/issues/6633
+ NOTE: Negligible security impact; disputed issue upstream and unreproducible.
+CVE-2020-21467
+ RESERVED
+CVE-2020-21466
+ RESERVED
+CVE-2020-21465
+ RESERVED
+CVE-2020-21464
+ RESERVED
+CVE-2020-21463
+ RESERVED
+CVE-2020-21462
+ RESERVED
+CVE-2020-21461
+ RESERVED
+CVE-2020-21460
+ RESERVED
+CVE-2020-21459
+ RESERVED
+CVE-2020-21458
+ RESERVED
+CVE-2020-21457
+ RESERVED
+CVE-2020-21456
+ RESERVED
+CVE-2020-21455
+ RESERVED
+CVE-2020-21454
+ RESERVED
+CVE-2020-21453
+ RESERVED
+CVE-2020-21452 (An issue was discovered in uniview ISC2500-S. This is an upload vulner ...)
+ NOT-FOR-US: uniview ISC2500-S
+CVE-2020-21451
+ RESERVED
+CVE-2020-21450
+ RESERVED
+CVE-2020-21449
+ RESERVED
+CVE-2020-21448
+ RESERVED
+CVE-2020-21447
+ RESERVED
+CVE-2020-21446
+ RESERVED
+CVE-2020-21445
+ RESERVED
+CVE-2020-21444
+ RESERVED
+CVE-2020-21443
+ RESERVED
+CVE-2020-21442
+ RESERVED
+CVE-2020-21441
+ RESERVED
+CVE-2020-21440
+ RESERVED
+CVE-2020-21439
+ RESERVED
+CVE-2020-21438
+ RESERVED
+CVE-2020-21437
+ RESERVED
+CVE-2020-21436
+ RESERVED
+CVE-2020-21435
+ RESERVED
+CVE-2020-21434 (Maccms 10 contains a cross-site scripting (XSS) vulnerability in the E ...)
+ NOT-FOR-US: Maccms
+CVE-2020-21433
+ RESERVED
+CVE-2020-21432
+ RESERVED
+CVE-2020-21431 (HongCMS v3.0 contains an arbitrary file read and write vulnerability i ...)
+ NOT-FOR-US: HongCMS
+CVE-2020-21430
+ RESERVED
+CVE-2020-21429
+ RESERVED
+CVE-2020-21428
+ RESERVED
+CVE-2020-21427
+ RESERVED
+CVE-2020-21426
+ RESERVED
+CVE-2020-21425
+ RESERVED
+CVE-2020-21424
+ RESERVED
+CVE-2020-21423
+ RESERVED
+CVE-2020-21422
+ RESERVED
+CVE-2020-21421
+ RESERVED
+CVE-2020-21420
+ RESERVED
+CVE-2020-21419
+ RESERVED
+CVE-2020-21418
+ RESERVED
+CVE-2020-21417
+ RESERVED
+CVE-2020-21416
+ RESERVED
+CVE-2020-21415
+ RESERVED
+CVE-2020-21414
+ RESERVED
+CVE-2020-21413
+ RESERVED
+CVE-2020-21412
+ RESERVED
+CVE-2020-21411
+ RESERVED
+CVE-2020-21410
+ RESERVED
+CVE-2020-21409
+ RESERVED
+CVE-2020-21408
+ RESERVED
+CVE-2020-21407
+ RESERVED
+CVE-2020-21406
+ RESERVED
+CVE-2020-21405
+ RESERVED
+CVE-2020-21404
+ RESERVED
+CVE-2020-21403
+ RESERVED
+CVE-2020-21402
+ RESERVED
+CVE-2020-21401
+ RESERVED
+CVE-2020-21400
+ RESERVED
+CVE-2020-21399
+ RESERVED
+CVE-2020-21398
+ RESERVED
+CVE-2020-21397
+ RESERVED
+CVE-2020-21396
+ RESERVED
+CVE-2020-21395
+ RESERVED
+CVE-2020-21394 (SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB ma ...)
+ NOT-FOR-US: CRMEB mall system
+CVE-2020-21393
+ RESERVED
+CVE-2020-21392
+ RESERVED
+CVE-2020-21391
+ RESERVED
+CVE-2020-21390
+ RESERVED
+CVE-2020-21389
+ RESERVED
+CVE-2020-21388
+ RESERVED
+CVE-2020-21387 (A cross-site scripting (XSS) vulnerability in the parameter type_en of ...)
+ NOT-FOR-US: Maccms
+CVE-2020-21386 (A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/t ...)
+ NOT-FOR-US: Maccms
+CVE-2020-21385
+ RESERVED
+CVE-2020-21384
+ RESERVED
+CVE-2020-21383
+ RESERVED
+CVE-2020-21382
+ RESERVED
+CVE-2020-21381
+ RESERVED
+CVE-2020-21380
+ RESERVED
+CVE-2020-21379
+ RESERVED
+CVE-2020-21378 (SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id par ...)
+ NOT-FOR-US: SeaCMS
+CVE-2020-21377 (SQL injection vulnerability in yunyecms V2.0.1 via the selcart paramet ...)
+ NOT-FOR-US: yunyecms
+CVE-2020-21376
+ RESERVED
+CVE-2020-21375
+ RESERVED
+CVE-2020-21374
+ RESERVED
+CVE-2020-21373
+ RESERVED
+CVE-2020-21372
+ RESERVED
+CVE-2020-21371
+ RESERVED
+CVE-2020-21370
+ RESERVED
+CVE-2020-21369
+ RESERVED
+CVE-2020-21368
+ RESERVED
+CVE-2020-21367
+ RESERVED
+CVE-2020-21366
+ RESERVED
+CVE-2020-21365
+ RESERVED
+CVE-2020-21364
+ RESERVED
+CVE-2020-21363 (An arbitrary file deletion vulnerability exists within Maccms10. ...)
+ NOT-FOR-US: Maccms10
+CVE-2020-21362 (A cross site scripting (XSS) vulnerability in the background search fu ...)
+ NOT-FOR-US: Maccms10
+CVE-2020-21361
+ RESERVED
+CVE-2020-21360
+ RESERVED
+CVE-2020-21359 (An arbitrary file upload vulnerability in the Template Upload function ...)
+ NOT-FOR-US: Maccms10
+CVE-2020-21358 (A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attac ...)
+ NOT-FOR-US: Wage-CMS
+CVE-2020-21357 (A stored cross site scripting (XSS) vulnerability in /admin.php?mod=us ...)
+ NOT-FOR-US: PopojiCMS
+CVE-2020-21356 (An information disclosure vulnerability in upload.php of PopojiCMS 1.2 ...)
+ NOT-FOR-US: PopojiCMS
+CVE-2020-21355
+ RESERVED
+CVE-2020-21354
+ RESERVED
+CVE-2020-21353 (A stored cross site scripting (XSS) vulnerability in /admin/snippets.p ...)
+ NOT-FOR-US: GetSimple CMS
+CVE-2020-21352
+ RESERVED
+CVE-2020-21351
+ RESERVED
+CVE-2020-21350
+ RESERVED
+CVE-2020-21349
+ RESERVED
+CVE-2020-21348
+ RESERVED
+CVE-2020-21347
+ RESERVED
+CVE-2020-21346
+ RESERVED
+CVE-2020-21345 (Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publis ...)
+ NOT-FOR-US: halo
+CVE-2020-21344
+ RESERVED
+CVE-2020-21343
+ RESERVED
+CVE-2020-21342 (Insecure permissions issue in zzcms 201910 via the reset any user pass ...)
+ NOT-FOR-US: zzcms
+CVE-2020-21341
+ RESERVED
+CVE-2020-21340
+ RESERVED
+CVE-2020-21339
+ RESERVED
+CVE-2020-21338
+ RESERVED
+CVE-2020-21337
+ RESERVED
+CVE-2020-21336
+ RESERVED
+CVE-2020-21335
+ RESERVED
+CVE-2020-21334
+ RESERVED
+CVE-2020-21333 (Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an ad ...)
+ NOT-FOR-US: PublicCMS
+CVE-2020-21332
+ RESERVED
+CVE-2020-21331
+ RESERVED
+CVE-2020-21330
+ RESERVED
+CVE-2020-21329
+ RESERVED
+CVE-2020-21328
+ RESERVED
+CVE-2020-21327
+ RESERVED
+CVE-2020-21326
+ RESERVED
+CVE-2020-21325
+ RESERVED
+CVE-2020-21324
+ RESERVED
+CVE-2020-21323
+ RESERVED
+CVE-2020-21322 (An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below a ...)
+ NOT-FOR-US: Feehi CMS
+CVE-2020-21321 (emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/lin ...)
+ NOT-FOR-US: emlog CMS
+CVE-2020-21320
+ RESERVED
+CVE-2020-21319
+ RESERVED
+CVE-2020-21318
+ RESERVED
+CVE-2020-21317
+ RESERVED
+CVE-2020-21316 (A Cross-site scripting (XSS) vulnerability exists in the comment secti ...)
+ NOT-FOR-US: zrlog
+CVE-2020-21315
+ RESERVED
+CVE-2020-21314
+ RESERVED
+CVE-2020-21313
+ RESERVED
+CVE-2020-21312
+ RESERVED
+CVE-2020-21311
+ RESERVED
+CVE-2020-21310
+ RESERVED
+CVE-2020-21309
+ RESERVED
+CVE-2020-21308
+ RESERVED
+CVE-2020-21307
+ RESERVED
+CVE-2020-21306
+ RESERVED
+CVE-2020-21305
+ RESERVED
+CVE-2020-21304
+ RESERVED
+CVE-2020-21303
+ RESERVED
+CVE-2020-21302
+ RESERVED
+CVE-2020-21301
+ RESERVED
+CVE-2020-21300
+ RESERVED
+CVE-2020-21299
+ RESERVED
+CVE-2020-21298
+ RESERVED
+CVE-2020-21297
+ RESERVED
+CVE-2020-21296
+ RESERVED
+CVE-2020-21295
+ RESERVED
+CVE-2020-21294
+ RESERVED
+CVE-2020-21293
+ RESERVED
+CVE-2020-21292
+ RESERVED
+CVE-2020-21291
+ RESERVED
+CVE-2020-21290
+ RESERVED
+CVE-2020-21289
+ RESERVED
+CVE-2020-21288
+ RESERVED
+CVE-2020-21287
+ RESERVED
+CVE-2020-21286
+ RESERVED
+CVE-2020-21285
+ RESERVED
+CVE-2020-21284
+ RESERVED
+CVE-2020-21283
+ RESERVED
+CVE-2020-21282
+ RESERVED
+CVE-2020-21281
+ RESERVED
+CVE-2020-21280
+ RESERVED
+CVE-2020-21279
+ RESERVED
+CVE-2020-21278
+ RESERVED
+CVE-2020-21277
+ RESERVED
+CVE-2020-21276
+ RESERVED
+CVE-2020-21275
+ RESERVED
+CVE-2020-21274
+ RESERVED
+CVE-2020-21273
+ RESERVED
+CVE-2020-21272
+ RESERVED
+CVE-2020-21271
+ RESERVED
+CVE-2020-21270
+ RESERVED
+CVE-2020-21269
+ RESERVED
+CVE-2020-21268
+ RESERVED
+CVE-2020-21267
+ RESERVED
+CVE-2020-21266 (Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) ...)
+ NOT-FOR-US: Broadleaf Commerce
+CVE-2020-21265
+ RESERVED
+CVE-2020-21264
+ RESERVED
+CVE-2020-21263
+ RESERVED
+CVE-2020-21262
+ RESERVED
+CVE-2020-21261
+ RESERVED
+CVE-2020-21260
+ RESERVED
+CVE-2020-21259
+ RESERVED
+CVE-2020-21258
+ RESERVED
+CVE-2020-21257
+ RESERVED
+CVE-2020-21256
+ RESERVED
+CVE-2020-21255
+ RESERVED
+CVE-2020-21254
+ RESERVED
+CVE-2020-21253
+ RESERVED
+CVE-2020-21252
+ RESERVED
+CVE-2020-21251
+ RESERVED
+CVE-2020-21250 (CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vuln ...)
+ NOT-FOR-US: CSZ CMS
+CVE-2020-21249
+ RESERVED
+CVE-2020-21248
+ RESERVED
+CVE-2020-21247
+ RESERVED
+CVE-2020-21246
+ RESERVED
+CVE-2020-21245
+ RESERVED
+CVE-2020-21244 (An issue was discovered in FrontAccounting 2.4.7. There is a Directory ...)
+ - frontaccounting <removed>
+CVE-2020-21243
+ RESERVED
+CVE-2020-21242
+ RESERVED
+CVE-2020-21241
+ RESERVED
+CVE-2020-21240
+ RESERVED
+CVE-2020-21239
+ RESERVED
+CVE-2020-21238 (An issue in the user login box of CSCMS v4.0 allows attackers to hijac ...)
+ NOT-FOR-US: CSCMS
+CVE-2020-21237 (An issue in the user login box of LJCMS v1.11 allows attackers to hija ...)
+ NOT-FOR-US: LJCMS
+CVE-2020-21236 (A vulnerability in /damicms-master/admin.php?s=/Article/doedit of Dami ...)
+ NOT-FOR-US: DamiCMS
+CVE-2020-21235
+ RESERVED
+CVE-2020-21234
+ RESERVED
+CVE-2020-21233
+ RESERVED
+CVE-2020-21232
+ RESERVED
+CVE-2020-21231
+ RESERVED
+CVE-2020-21230
+ RESERVED
+CVE-2020-21229
+ RESERVED
+CVE-2020-21228 (JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in ...)
+ NOT-FOR-US: JIZHICMS
+CVE-2020-21227
+ RESERVED
+CVE-2020-21226
+ RESERVED
+CVE-2020-21225
+ RESERVED
+CVE-2020-21224 (A Remote Code Execution vulnerability has been found in Inspur Cluster ...)
+ NOT-FOR-US: Inspur ClusterEngine
+CVE-2020-21223
+ RESERVED
+CVE-2020-21222
+ RESERVED
+CVE-2020-21221
+ RESERVED
+CVE-2020-21220
+ RESERVED
+CVE-2020-21219
+ RESERVED
+CVE-2020-21218
+ RESERVED
+CVE-2020-21217
+ RESERVED
+CVE-2020-21216
+ RESERVED
+CVE-2020-21215
+ RESERVED
+CVE-2020-21214
+ RESERVED
+CVE-2020-21213
+ RESERVED
+CVE-2020-21212
+ RESERVED
+CVE-2020-21211
+ RESERVED
+CVE-2020-21210
+ RESERVED
+CVE-2020-21209
+ RESERVED
+CVE-2020-21208
+ RESERVED
+CVE-2020-21207
+ RESERVED
+CVE-2020-21206
+ RESERVED
+CVE-2020-21205
+ RESERVED
+CVE-2020-21204
+ RESERVED
+CVE-2020-21203
+ RESERVED
+CVE-2020-21202
+ RESERVED
+CVE-2020-21201
+ RESERVED
+CVE-2020-21200
+ RESERVED
+CVE-2020-21199
+ RESERVED
+CVE-2020-21198
+ RESERVED
+CVE-2020-21197
+ RESERVED
+CVE-2020-21196
+ RESERVED
+CVE-2020-21195
+ RESERVED
+CVE-2020-21194
+ RESERVED
+CVE-2020-21193
+ RESERVED
+CVE-2020-21192
+ RESERVED
+CVE-2020-21191
+ RESERVED
+CVE-2020-21190
+ RESERVED
+CVE-2020-21189
+ RESERVED
+CVE-2020-21188
+ RESERVED
+CVE-2020-21187
+ RESERVED
+CVE-2020-21186
+ RESERVED
+CVE-2020-21185
+ RESERVED
+CVE-2020-21184
+ RESERVED
+CVE-2020-21183
+ RESERVED
+CVE-2020-21182
+ RESERVED
+CVE-2020-21181
+ RESERVED
+CVE-2020-21180 (Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers ...)
+ NOT-FOR-US: koa2-blog
+CVE-2020-21179 (Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers ...)
+ NOT-FOR-US: koa2-blog
+CVE-2020-21178
+ RESERVED
+CVE-2020-21177
+ RESERVED
+CVE-2020-21176 (SQL injection vulnerability in the model.increment and model.decrement ...)
+ NOT-FOR-US: ThinkJS
+CVE-2020-21175
+ RESERVED
+CVE-2020-21174
+ RESERVED
+CVE-2020-21173
+ RESERVED
+CVE-2020-21172
+ RESERVED
+CVE-2020-21171
+ RESERVED
+CVE-2020-21170
+ RESERVED
+CVE-2020-21169
+ RESERVED
+CVE-2020-21168
+ RESERVED
+CVE-2020-21167
+ RESERVED
+CVE-2020-21166
+ RESERVED
+CVE-2020-21165
+ RESERVED
+CVE-2020-21164
+ RESERVED
+CVE-2020-21163
+ RESERVED
+CVE-2020-21162
+ RESERVED
+CVE-2020-21161
+ RESERVED
+CVE-2020-21160
+ RESERVED
+CVE-2020-21159
+ RESERVED
+CVE-2020-21158
+ RESERVED
+CVE-2020-21157
+ RESERVED
+CVE-2020-21156
+ RESERVED
+CVE-2020-21155
+ RESERVED
+CVE-2020-21154
+ RESERVED
+CVE-2020-21153
+ RESERVED
+CVE-2020-21152
+ RESERVED
+CVE-2020-21151
+ RESERVED
+CVE-2020-21150
+ RESERVED
+CVE-2020-21149
+ RESERVED
+CVE-2020-21148
+ RESERVED
+CVE-2020-21147 (RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: RockOA
+CVE-2020-21146 (Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerabil ...)
+ NOT-FOR-US: Feehi CMS
+CVE-2020-21145
+ RESERVED
+CVE-2020-21144
+ RESERVED
+CVE-2020-21143
+ RESERVED
+CVE-2020-21142 (Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire ...)
+ NOT-FOR-US: IPFire
+CVE-2020-21141 (iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (C ...)
+ NOT-FOR-US: iCMS
+CVE-2020-21140
+ RESERVED
+CVE-2020-21139 (EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site ...)
+ NOT-FOR-US: EC Cloud E-Commerce System
+CVE-2020-21138
+ RESERVED
+CVE-2020-21137
+ RESERVED
+CVE-2020-21136
+ RESERVED
+CVE-2020-21135
+ RESERVED
+CVE-2020-21134
+ RESERVED
+CVE-2020-21133 (SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpasswor ...)
+ NOT-FOR-US: Metinfo
+CVE-2020-21132 (SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. ...)
+ NOT-FOR-US: Metinfo
+CVE-2020-21131 (SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language ...)
+ NOT-FOR-US: Metinfo
+CVE-2020-21130 (Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the grou ...)
+ NOT-FOR-US: HisiPHP
+CVE-2020-21129
+ RESERVED
+CVE-2020-21128
+ RESERVED
+CVE-2020-21127 (MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs ...)
+ NOT-FOR-US: MetInfo
+CVE-2020-21126 (MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/? ...)
+ NOT-FOR-US: MetInfo
+CVE-2020-21125 (An arbitrary file creation vulnerability in UReport 2.2.9 allows attac ...)
+ NOT-FOR-US: UReport
+CVE-2020-21124 (UReport 2.2.9 allows attackers to execute arbitrary code due to a lack ...)
+ NOT-FOR-US: UReport
+CVE-2020-21123
+ RESERVED
+CVE-2020-21122 (UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the de ...)
+ NOT-FOR-US: UReport
+CVE-2020-21121 (Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via ...)
+ NOT-FOR-US: Pligg CMS
+CVE-2020-21120
+ RESERVED
+CVE-2020-21119
+ RESERVED
+CVE-2020-21118
+ RESERVED
+CVE-2020-21117
+ RESERVED
+CVE-2020-21116
+ RESERVED
+CVE-2020-21115
+ RESERVED
+CVE-2020-21114
+ RESERVED
+CVE-2020-21113
+ RESERVED
+CVE-2020-21112
+ RESERVED
+CVE-2020-21111
+ RESERVED
+CVE-2020-21110
+ RESERVED
+CVE-2020-21109
+ RESERVED
+CVE-2020-21108
+ RESERVED
+CVE-2020-21107
+ RESERVED
+CVE-2020-21106
+ RESERVED
+CVE-2020-21105
+ RESERVED
+CVE-2020-21104
+ RESERVED
+CVE-2020-21103
+ RESERVED
+CVE-2020-21102
+ RESERVED
+CVE-2020-21101 (Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versio ...)
+ NOT-FOR-US: Screenly
+CVE-2020-21100
+ RESERVED
+CVE-2020-21099
+ RESERVED
+CVE-2020-21098
+ RESERVED
+CVE-2020-21097
+ RESERVED
+CVE-2020-21096
+ RESERVED
+CVE-2020-21095
+ RESERVED
+CVE-2020-21094
+ RESERVED
+CVE-2020-21093
+ RESERVED
+CVE-2020-21092
+ RESERVED
+CVE-2020-21091
+ RESERVED
+CVE-2020-21090
+ RESERVED
+CVE-2020-21089
+ RESERVED
+CVE-2020-21088 (Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows rem ...)
+ NOT-FOR-US: X2engine X2CRM
+CVE-2020-21087 (Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows rem ...)
+ NOT-FOR-US: X2engine X2CRM
+CVE-2020-21086
+ RESERVED
+CVE-2020-21085
+ RESERVED
+CVE-2020-21084
+ RESERVED
+CVE-2020-21083
+ RESERVED
+CVE-2020-21082 (A cross-site scripting (XSS) vulnerability in the background administr ...)
+ NOT-FOR-US: Maccms
+CVE-2020-21081 (A cross-site request forgery (CSRF) in Maccms 8.0 causes administrator ...)
+ NOT-FOR-US: Maccms
+CVE-2020-21080
+ RESERVED
+CVE-2020-21079
+ RESERVED
+CVE-2020-21078
+ RESERVED
+CVE-2020-21077
+ RESERVED
+CVE-2020-21076
+ RESERVED
+CVE-2020-21075
+ RESERVED
+CVE-2020-21074
+ RESERVED
+CVE-2020-21073
+ RESERVED
+CVE-2020-21072
+ RESERVED
+CVE-2020-21071
+ RESERVED
+CVE-2020-21070
+ RESERVED
+CVE-2020-21069
+ RESERVED
+CVE-2020-21068
+ RESERVED
+CVE-2020-21067
+ RESERVED
+CVE-2020-21066 (An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-ove ...)
+ NOT-FOR-US: Bento4
+CVE-2020-21065
+ RESERVED
+CVE-2020-21064
+ REJECTED
+CVE-2020-21063
+ RESERVED
+CVE-2020-21062
+ RESERVED
+CVE-2020-21061
+ RESERVED
+CVE-2020-21060
+ RESERVED
+CVE-2020-21059
+ RESERVED
+CVE-2020-21058
+ RESERVED
+CVE-2020-21057 (Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a r ...)
+ NOT-FOR-US: FusionPBX
+CVE-2020-21056 (Directory Traversal vulnerability exists in FusionPBX 4.5.7, which all ...)
+ NOT-FOR-US: FusionPBX
+CVE-2020-21055 (A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows m ...)
+ NOT-FOR-US: FusionPBX
+CVE-2020-21054 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows rem ...)
+ NOT-FOR-US: FusionPBX
+CVE-2020-21053 (Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 al ...)
+ NOT-FOR-US: FusionPBX
+CVE-2020-21052
+ RESERVED
+CVE-2020-21051
+ RESERVED
+CVE-2020-21050 (Libsixel prior to v1.8.3 contains a stack buffer overflow in the funct ...)
+ - libsixel 1.8.6-1
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/saitoha/libsixel/commit/7808a06b88c11dbc502318cdd51fa374f8cd47ee (v1.8.3)
+ NOTE: https://github.com/saitoha/libsixel/issues/75
+CVE-2020-21049 (An invalid read in the stb_image.h component of libsixel prior to v1.8 ...)
+ - libsixel 1.8.6-1
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/saitoha/libsixel/issues/74
+ NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d (v1.8.5)
+CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 allows ...)
+ - libsixel 1.8.6-1
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/saitoha/libsixel/issues/73
+ NOTE: https://github.com/saitoha/libsixel/commit/cb373ab6614c910407c5e5a93ab935144e62b037 (v1.8.4)
+ NOTE: https://github.com/saitoha/libsixel/commit/26ac06f3623279348f0dce2d191a9b6ca0c80226 (v1.8.4)
+CVE-2020-21047
+ RESERVED
+CVE-2020-21046
+ RESERVED
+CVE-2020-21045
+ RESERVED
+CVE-2020-21044
+ RESERVED
+CVE-2020-21043
+ RESERVED
+CVE-2020-21042
+ RESERVED
+CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse ...)
+ {DSA-4990-1 DLA-2742-1}
+ [experimental] - ffmpeg 7:4.4-1
+ - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439)
+ [stretch] - ffmpeg <postponed> (Wait for 4.1.9)
+ NOTE: https://trac.ffmpeg.org/ticket/7989
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba
+CVE-2020-21040
+ RESERVED
+CVE-2020-21039
+ RESERVED
+CVE-2020-21038
+ RESERVED
+CVE-2020-21037
+ RESERVED
+CVE-2020-21036
+ RESERVED
+CVE-2020-21035
+ RESERVED
+CVE-2020-21034
+ RESERVED
+CVE-2020-21033
+ RESERVED
+CVE-2020-21032
+ RESERVED
+CVE-2020-21031
+ RESERVED
+CVE-2020-21030
+ RESERVED
+CVE-2020-21029
+ RESERVED
+CVE-2020-21028
+ RESERVED
+CVE-2020-21027
+ RESERVED
+CVE-2020-21026
+ RESERVED
+CVE-2020-21025
+ RESERVED
+CVE-2020-21024
+ RESERVED
+CVE-2020-21023
+ RESERVED
+CVE-2020-21022
+ RESERVED
+CVE-2020-21021
+ RESERVED
+CVE-2020-21020
+ RESERVED
+CVE-2020-21019
+ RESERVED
+CVE-2020-21018
+ RESERVED
+CVE-2020-21017
+ RESERVED
+CVE-2020-21016
+ RESERVED
+CVE-2020-21015
+ RESERVED
+CVE-2020-21014 (emlog v6.0.0 contains an arbitrary file deletion vulnerability in admi ...)
+ NOT-FOR-US: emlog
+CVE-2020-21013 (emlog v6.0.0 contains a SQL injection via /admin/comment.php. ...)
+ NOT-FOR-US: emlog
+CVE-2020-21012 (Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to ...)
+ NOT-FOR-US: Sourcecodester Hotel and Lodge Management System
+CVE-2020-21011
+ RESERVED
+CVE-2020-21010
+ RESERVED
+CVE-2020-21009
+ REJECTED
+CVE-2020-21008
+ RESERVED
+CVE-2020-21007
+ RESERVED
+CVE-2020-21006
+ RESERVED
+CVE-2020-21005 (WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to t ...)
+ NOT-FOR-US: WellCMS
+CVE-2020-21004
+ RESERVED
+CVE-2020-21003 (Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin. ...)
+ NOT-FOR-US: Pbootcms
+CVE-2020-21002
+ RESERVED
+CVE-2020-21001
+ RESERVED
+CVE-2020-21000
+ RESERVED
+CVE-2020-20999
+ RESERVED
+CVE-2020-20998
+ RESERVED
+CVE-2020-20997
+ RESERVED
+CVE-2020-20996
+ RESERVED
+CVE-2020-20995
+ RESERVED
+CVE-2020-20994
+ RESERVED
+CVE-2020-20993
+ RESERVED
+CVE-2020-20992
+ RESERVED
+CVE-2020-20991
+ RESERVED
+CVE-2020-20990 (A cross site scripting (XSS) vulnerability in the /segments/edit.php c ...)
+ NOT-FOR-US: DomainMOD
+CVE-2020-20989 (A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmo ...)
+ NOT-FOR-US: DomainMOD
+CVE-2020-20988 (A cross site scripting (XSS) vulnerability in the /domains/cost-by-own ...)
+ NOT-FOR-US: DomainMOD
+CVE-2020-20987
+ RESERVED
+CVE-2020-20986
+ RESERVED
+CVE-2020-20985
+ RESERVED
+CVE-2020-20984
+ RESERVED
+CVE-2020-20983
+ RESERVED
+CVE-2020-20982 (Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allo ...)
+ NOT-FOR-US: shadoweb wdja
+CVE-2020-20981 (A SQL injection in the /admin/?n=logs&amp;c=index&amp;a=dolist compone ...)
+ NOT-FOR-US: Metinfo
+CVE-2020-20980
+ RESERVED
+CVE-2020-20979 (An arbitrary file upload vulnerability in the move_uploaded_file() fun ...)
+ NOT-FOR-US: LJCMS
+CVE-2020-20978
+ RESERVED
+CVE-2020-20977 (A stored cross site scripting (XSS) vulnerability in index.php/legend/ ...)
+ NOT-FOR-US: UK CMS
+CVE-2020-20976
+ RESERVED
+CVE-2020-20975 (In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injectio ...)
+ NOT-FOR-US: Gxlcms
+CVE-2020-20974
+ RESERVED
+CVE-2020-20973
+ RESERVED
+CVE-2020-20972
+ RESERVED
+CVE-2020-20971
+ RESERVED
+CVE-2020-20970
+ RESERVED
+CVE-2020-20969
+ RESERVED
+CVE-2020-20968
+ RESERVED
+CVE-2020-20967
+ RESERVED
+CVE-2020-20966
+ RESERVED
+CVE-2020-20965
+ RESERVED
+CVE-2020-20964
+ RESERVED
+CVE-2020-20963
+ RESERVED
+CVE-2020-20962
+ RESERVED
+CVE-2020-20961
+ RESERVED
+CVE-2020-20960
+ RESERVED
+CVE-2020-20959
+ RESERVED
+CVE-2020-20958
+ RESERVED
+CVE-2020-20957
+ RESERVED
+CVE-2020-20956
+ RESERVED
+CVE-2020-20955
+ RESERVED
+CVE-2020-20954
+ RESERVED
+CVE-2020-20953
+ RESERVED
+CVE-2020-20952
+ RESERVED
+CVE-2020-20951 (In Pluck-4.7.10-dev2 admin background, a remote command execution vuln ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip L ...)
+ NOT-FOR-US: Microchip Libraries for Applications
+CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 crypt ...)
+ NOT-FOR-US: STM32 cryptographic firmware library
+CVE-2020-20948 (An arbitrary file download vulnerability in jeecg v3.8 allows attacker ...)
+ NOT-FOR-US: jeecg
+CVE-2020-20947
+ RESERVED
+CVE-2020-20946 (Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability ...)
+ NOT-FOR-US: Qibosoft
+CVE-2020-20945 (A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&amp ...)
+ NOT-FOR-US: Qibosoft
+CVE-2020-20944 (An issue in /admin/index.php?lfj=mysql&amp;action=del of Qibosoft v7 a ...)
+ NOT-FOR-US: Qibosoft
+CVE-2020-20943 (A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&am ...)
+ NOT-FOR-US: Qibosoft
+CVE-2020-20942
+ RESERVED
+CVE-2020-20941
+ RESERVED
+CVE-2020-20940
+ RESERVED
+CVE-2020-20939
+ RESERVED
+CVE-2020-20938
+ RESERVED
+CVE-2020-20937
+ RESERVED
+CVE-2020-20936
+ RESERVED
+CVE-2020-20935
+ RESERVED
+CVE-2020-20934
+ RESERVED
+CVE-2020-20933
+ RESERVED
+CVE-2020-20932
+ RESERVED
+CVE-2020-20931
+ RESERVED
+CVE-2020-20930
+ RESERVED
+CVE-2020-20929
+ RESERVED
+CVE-2020-20928
+ RESERVED
+CVE-2020-20927
+ RESERVED
+CVE-2020-20926
+ RESERVED
+CVE-2020-20925
+ RESERVED
+CVE-2020-20924
+ RESERVED
+CVE-2020-20923
+ RESERVED
+CVE-2020-20922
+ RESERVED
+CVE-2020-20921
+ RESERVED
+CVE-2020-20920
+ RESERVED
+CVE-2020-20919
+ RESERVED
+CVE-2020-20918
+ RESERVED
+CVE-2020-20917
+ RESERVED
+CVE-2020-20916
+ RESERVED
+CVE-2020-20915
+ RESERVED
+CVE-2020-20914
+ RESERVED
+CVE-2020-20913
+ RESERVED
+CVE-2020-20912
+ RESERVED
+CVE-2020-20911
+ RESERVED
+CVE-2020-20910
+ RESERVED
+CVE-2020-20909
+ RESERVED
+CVE-2020-20908 (Akaunting v1.3.17 was discovered to contain a stored cross-site script ...)
+ NOT-FOR-US: Akaunting
+CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification vulnerability. Att ...)
+ NOT-FOR-US: MetInfo
+CVE-2020-20906
+ RESERVED
+CVE-2020-20905
+ RESERVED
+CVE-2020-20904
+ RESERVED
+CVE-2020-20903
+ RESERVED
+CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter ...)
+ {DSA-4722-1}
+ - ffmpeg 7:4.2.2-1
+ [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://trac.ffmpeg.org/ticket/8176
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd (4.3)
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22 (4.3)
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b97aaf791f6ea3506a6252ecef6a1a0e9a542e04 (4.2.2)
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=81672bf00f3b5a3c025034f4b2e33d67b72f3839 (4.2.2)
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0c91fb0f0641f9f35f650281a176657907097cf (4.1.5)
+CVE-2020-20901
+ REJECTED
+CVE-2020-20900
+ REJECTED
+CVE-2020-20899
+ REJECTED
+CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in libavfi ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 (4.3)
+ NOTE: https://trac.ffmpeg.org/ticket/8263
+CVE-2020-20897
+ REJECTED
+CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...)
+ - ffmpeg 7:4.3-2
+ [buster] - ffmpeg <postponed> (Wait for 4.1.9)
+ [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3)
+ NOTE: https://trac.ffmpeg.org/ticket/8273
+CVE-2020-20895
+ REJECTED
+CVE-2020-20894
+ REJECTED
+CVE-2020-20893
+ REJECTED
+CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...)
+ - ffmpeg 7:4.3-2
+ [buster] - ffmpeg <ignored> (Minor issue)
+ [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01 (4.3)
+ NOTE: https://trac.ffmpeg.org/ticket/8265
+CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...)
+ - ffmpeg 7:4.3-2
+ [buster] - ffmpeg <postponed> (Wait for 4.1.9)
+ [stretch] - ffmpeg <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3)
+ NOTE: https://trac.ffmpeg.org/ticket/8282
+CVE-2020-20890
+ RESERVED
+CVE-2020-20889
+ RESERVED
+CVE-2020-20888
+ RESERVED
+CVE-2020-20887
+ RESERVED
+CVE-2020-20886
+ RESERVED
+CVE-2020-20885
+ RESERVED
+CVE-2020-20884
+ RESERVED
+CVE-2020-20883
+ RESERVED
+CVE-2020-20882
+ RESERVED
+CVE-2020-20881
+ RESERVED
+CVE-2020-20880
+ RESERVED
+CVE-2020-20879
+ RESERVED
+CVE-2020-20878
+ RESERVED
+CVE-2020-20877
+ RESERVED
+CVE-2020-20876
+ RESERVED
+CVE-2020-20875
+ RESERVED
+CVE-2020-20874
+ RESERVED
+CVE-2020-20873
+ RESERVED
+CVE-2020-20872
+ RESERVED
+CVE-2020-20871
+ RESERVED
+CVE-2020-20870
+ RESERVED
+CVE-2020-20869
+ RESERVED
+CVE-2020-20868
+ RESERVED
+CVE-2020-20867
+ RESERVED
+CVE-2020-20866
+ RESERVED
+CVE-2020-20865
+ RESERVED
+CVE-2020-20864
+ RESERVED
+CVE-2020-20863
+ RESERVED
+CVE-2020-20862
+ RESERVED
+CVE-2020-20861
+ RESERVED
+CVE-2020-20860
+ RESERVED
+CVE-2020-20859
+ RESERVED
+CVE-2020-20858
+ RESERVED
+CVE-2020-20857
+ RESERVED
+CVE-2020-20856
+ RESERVED
+CVE-2020-20855
+ RESERVED
+CVE-2020-20854
+ RESERVED
+CVE-2020-20853
+ RESERVED
+CVE-2020-20852
+ RESERVED
+CVE-2020-20851
+ RESERVED
+CVE-2020-20850
+ RESERVED
+CVE-2020-20849
+ RESERVED
+CVE-2020-20848
+ RESERVED
+CVE-2020-20847
+ RESERVED
+CVE-2020-20846
+ RESERVED
+CVE-2020-20845
+ RESERVED
+CVE-2020-20844
+ RESERVED
+CVE-2020-20843
+ RESERVED
+CVE-2020-20842
+ RESERVED
+CVE-2020-20841
+ RESERVED
+CVE-2020-20840
+ RESERVED
+CVE-2020-20839
+ RESERVED
+CVE-2020-20838
+ RESERVED
+CVE-2020-20837
+ RESERVED
+CVE-2020-20836
+ RESERVED
+CVE-2020-20835
+ RESERVED
+CVE-2020-20834
+ RESERVED
+CVE-2020-20833
+ RESERVED
+CVE-2020-20832
+ RESERVED
+CVE-2020-20831
+ RESERVED
+CVE-2020-20830
+ RESERVED
+CVE-2020-20829
+ RESERVED
+CVE-2020-20828
+ RESERVED
+CVE-2020-20827
+ RESERVED
+CVE-2020-20826
+ RESERVED
+CVE-2020-20825
+ RESERVED
+CVE-2020-20824
+ RESERVED
+CVE-2020-20823
+ RESERVED
+CVE-2020-20822
+ RESERVED
+CVE-2020-20821
+ RESERVED
+CVE-2020-20820
+ RESERVED
+CVE-2020-20819
+ RESERVED
+CVE-2020-20818
+ RESERVED
+CVE-2020-20817
+ RESERVED
+CVE-2020-20816
+ RESERVED
+CVE-2020-20815
+ RESERVED
+CVE-2020-20814
+ RESERVED
+CVE-2020-20813
+ RESERVED
+CVE-2020-20812
+ RESERVED
+CVE-2020-20811
+ RESERVED
+CVE-2020-20810
+ RESERVED
+CVE-2020-20809
+ RESERVED
+CVE-2020-20808
+ RESERVED
+CVE-2020-20807
+ RESERVED
+CVE-2020-20806
+ RESERVED
+CVE-2020-20805
+ RESERVED
+CVE-2020-20804
+ RESERVED
+CVE-2020-20803
+ RESERVED
+CVE-2020-20802
+ RESERVED
+CVE-2020-20801
+ RESERVED
+CVE-2020-20800 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection ...)
+ NOT-FOR-US: MetInfo
+CVE-2020-20799 (JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: JeeCMS
+CVE-2020-20798
+ RESERVED
+CVE-2020-20797 (FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability ...)
+ NOT-FOR-US: FlameCMS
+CVE-2020-20796 (FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/artic ...)
+ NOT-FOR-US: FlameCMS
+CVE-2020-20795
+ RESERVED
+CVE-2020-20794
+ RESERVED
+CVE-2020-20793
+ RESERVED
+CVE-2020-20792
+ RESERVED
+CVE-2020-20791
+ RESERVED
+CVE-2020-20790
+ RESERVED
+CVE-2020-20789
+ RESERVED
+CVE-2020-20788
+ RESERVED
+CVE-2020-20787
+ RESERVED
+CVE-2020-20786
+ RESERVED
+CVE-2020-20785
+ RESERVED
+CVE-2020-20784
+ RESERVED
+CVE-2020-20783
+ RESERVED
+CVE-2020-20782
+ RESERVED
+CVE-2020-20781 (A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?d ...)
+ NOT-FOR-US: UCMS
+CVE-2020-20780
+ RESERVED
+CVE-2020-20779
+ RESERVED
+CVE-2020-20778
+ RESERVED
+CVE-2020-20777
+ RESERVED
+CVE-2020-20776
+ RESERVED
+CVE-2020-20775
+ RESERVED
+CVE-2020-20774
+ RESERVED
+CVE-2020-20773
+ RESERVED
+CVE-2020-20772
+ RESERVED
+CVE-2020-20771
+ RESERVED
+CVE-2020-20770
+ RESERVED
+CVE-2020-20769
+ RESERVED
+CVE-2020-20768
+ RESERVED
+CVE-2020-20767
+ RESERVED
+CVE-2020-20766
+ RESERVED
+CVE-2020-20765
+ RESERVED
+CVE-2020-20764
+ RESERVED
+CVE-2020-20763
+ RESERVED
+CVE-2020-20762
+ RESERVED
+CVE-2020-20761
+ RESERVED
+CVE-2020-20760
+ RESERVED
+CVE-2020-20759
+ RESERVED
+CVE-2020-20758
+ RESERVED
+CVE-2020-20757
+ RESERVED
+CVE-2020-20756
+ RESERVED
+CVE-2020-20755
+ RESERVED
+CVE-2020-20754
+ RESERVED
+CVE-2020-20753
+ RESERVED
+CVE-2020-20752
+ RESERVED
+CVE-2020-20751
+ RESERVED
+CVE-2020-20750
+ RESERVED
+CVE-2020-20749
+ RESERVED
+CVE-2020-20748
+ RESERVED
+CVE-2020-20747
+ RESERVED
+CVE-2020-20746 (A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03. ...)
+ NOT-FOR-US: Tenda
+CVE-2020-20745
+ RESERVED
+CVE-2020-20744
+ RESERVED
+CVE-2020-20743
+ RESERVED
+CVE-2020-20742
+ RESERVED
+CVE-2020-20741 (Incorrect Access Control in Beckhoff Automation GmbH &amp; Co. KG CX90 ...)
+ NOT-FOR-US: Beckhoff
+CVE-2020-20740 (PDFResurrect before 0.20 lack of header validation checks causes heap- ...)
+ {DLA-2475-1}
+ - pdfresurrect 0.21-1
+ [buster] - pdfresurrect <no-dsa> (Minor issue)
+ NOTE: https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397 (v0.21)
+ NOTE: https://github.com/enferex/pdfresurrect/issues/14
+CVE-2020-20739 (im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips befo ...)
+ {DLA-2473-1}
+ - vips 8.9.0-1
+ [buster] - vips 8.7.4-1+deb10u1
+ NOTE: https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a (v8.9.0-alpha1)
+ NOTE: https://github.com/libvips/libvips/issues/1419
+CVE-2020-20738
+ RESERVED
+CVE-2020-20737
+ RESERVED
+CVE-2020-20736
+ RESERVED
+CVE-2020-20735
+ RESERVED
+CVE-2020-20734
+ RESERVED
+CVE-2020-20733
+ RESERVED
+CVE-2020-20732
+ RESERVED
+CVE-2020-20731
+ RESERVED
+CVE-2020-20730
+ RESERVED
+CVE-2020-20729
+ RESERVED
+CVE-2020-20728
+ RESERVED
+CVE-2020-20727
+ RESERVED
+CVE-2020-20726
+ RESERVED
+CVE-2020-20725
+ RESERVED
+CVE-2020-20724
+ RESERVED
+CVE-2020-20723
+ RESERVED
+CVE-2020-20722
+ RESERVED
+CVE-2020-20721
+ RESERVED
+CVE-2020-20720
+ RESERVED
+CVE-2020-20719
+ RESERVED
+CVE-2020-20718
+ RESERVED
+CVE-2020-20717
+ RESERVED
+CVE-2020-20716
+ RESERVED
+CVE-2020-20715
+ RESERVED
+CVE-2020-20714
+ RESERVED
+CVE-2020-20713
+ RESERVED
+CVE-2020-20712
+ RESERVED
+CVE-2020-20711
+ RESERVED
+CVE-2020-20710
+ RESERVED
+CVE-2020-20709
+ RESERVED
+CVE-2020-20708
+ RESERVED
+CVE-2020-20707
+ RESERVED
+CVE-2020-20706
+ RESERVED
+CVE-2020-20705
+ RESERVED
+CVE-2020-20704
+ RESERVED
+CVE-2020-20703
+ RESERVED
+CVE-2020-20702
+ RESERVED
+CVE-2020-20701 (A stored cross site scripting (XSS) vulnerability in /app/config/of S- ...)
+ NOT-FOR-US: S-CMS PHP
+CVE-2020-20700 (A stored cross site scripting (XSS) vulnerability in /app/form_add/of ...)
+ NOT-FOR-US: S-CMS PHP
+CVE-2020-20699 (A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows at ...)
+ NOT-FOR-US: S-CMS PHP
+CVE-2020-20698 (A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP ...)
+ NOT-FOR-US: S-CMS PHP
+CVE-2020-20697
+ RESERVED
+CVE-2020-20696 (A cross-site scripting (XSS) vulnerability in /admin/content/post of G ...)
+ NOT-FOR-US: GilaCMS
+CVE-2020-20695 (A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 a ...)
+ NOT-FOR-US: GilaCMS
+CVE-2020-20694
+ RESERVED
+CVE-2020-20693 (A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenti ...)
+ NOT-FOR-US: GilaCMS
+CVE-2020-20692 (GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerabilit ...)
+ NOT-FOR-US: GilaCMS
+CVE-2020-20691 (An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary w ...)
+ NOT-FOR-US: Monstra CMS
+CVE-2020-20690
+ RESERVED
+CVE-2020-20689
+ RESERVED
+CVE-2020-20688
+ RESERVED
+CVE-2020-20687
+ RESERVED
+CVE-2020-20686
+ RESERVED
+CVE-2020-20685
+ RESERVED
+CVE-2020-20684
+ RESERVED
+CVE-2020-20683
+ RESERVED
+CVE-2020-20682
+ RESERVED
+CVE-2020-20681
+ RESERVED
+CVE-2020-20680
+ RESERVED
+CVE-2020-20679
+ RESERVED
+CVE-2020-20678
+ RESERVED
+CVE-2020-20677
+ RESERVED
+CVE-2020-20676
+ RESERVED
+CVE-2020-20675 (Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoods ...)
+ NOT-FOR-US: Nuishop
+CVE-2020-20674
+ RESERVED
+CVE-2020-20673
+ RESERVED
+CVE-2020-20672 (An arbitrary file upload vulnerability in /admin/upload/uploadfile of ...)
+ NOT-FOR-US: KiteCMS
+CVE-2020-20671 (A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers t ...)
+ NOT-FOR-US: KiteCMS
+CVE-2020-20670 (An arbitrary file upload vulnerability in /admin/media/upload of ZKEAC ...)
+ NOT-FOR-US: ZKEACMS
+CVE-2020-20669
+ RESERVED
+CVE-2020-20668
+ RESERVED
+CVE-2020-20667
+ RESERVED
+CVE-2020-20666
+ RESERVED
+CVE-2020-20665 (rudp v0.6 was discovered to contain a memory leak in the component mai ...)
+ NOT-FOR-US: rudp
+CVE-2020-20664 (libiec_iccp_mod v1.5 contains a segmentation violation in the componen ...)
+ NOT-FOR-US: libiec_iccp_mod
+CVE-2020-20663 (libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component ...)
+ NOT-FOR-US: libiec_iccp_mod
+CVE-2020-20662 (libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component ...)
+ NOT-FOR-US: libiec_iccp_mod
+CVE-2020-20661
+ RESERVED
+CVE-2020-20660
+ RESERVED
+CVE-2020-20659
+ RESERVED
+CVE-2020-20658 (Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows ...)
+ NOT-FOR-US: fcovatti libiec_iccp_mod
+CVE-2020-20657 (Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows ...)
+ NOT-FOR-US: fcovatti libiec_iccp_mod
+CVE-2020-20656
+ RESERVED
+CVE-2020-20655
+ RESERVED
+CVE-2020-20654
+ RESERVED
+CVE-2020-20653
+ RESERVED
+CVE-2020-20652
+ RESERVED
+CVE-2020-20651
+ RESERVED
+CVE-2020-20650
+ RESERVED
+CVE-2020-20649
+ RESERVED
+CVE-2020-20648
+ RESERVED
+CVE-2020-20647
+ RESERVED
+CVE-2020-20646
+ RESERVED
+CVE-2020-20645 (Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the ...)
+ NOT-FOR-US: EyouCMS
+CVE-2020-20644
+ RESERVED
+CVE-2020-20643
+ RESERVED
+CVE-2020-20642 (Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3. ...)
+ NOT-FOR-US: EyouCMS
+CVE-2020-20641
+ RESERVED
+CVE-2020-20640 (Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security ...)
+ NOT-FOR-US: ECShop
+CVE-2020-20639
+ RESERVED
+CVE-2020-20638
+ RESERVED
+CVE-2020-20637
+ RESERVED
+CVE-2020-20636
+ RESERVED
+CVE-2020-20635
+ RESERVED
+CVE-2020-20634 (Elementor 2.9.5 and below WordPress plugin allows authenticated users ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2020-20633 (ajax_policy_generator in admin/modules/cli-policy-generator/classes/cl ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2020-20632
+ RESERVED
+CVE-2020-20631
+ RESERVED
+CVE-2020-20630
+ RESERVED
+CVE-2020-20629
+ RESERVED
+CVE-2020-20628 (controller/controller-comments.php in WP GDPR plugin through 2.1.1 has ...)
+ NOT-FOR-US: WP GDPR plugin
+CVE-2020-20627 (The includes/gateways/stripe/includes/admin/admin-actions.php in GiveW ...)
+ NOT-FOR-US: includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin for WordPress
+CVE-2020-20626 (lara-google-analytics.php in Lara Google Analytics plugin through 2.0. ...)
+ NOT-FOR-US: Lara Google Analytics plugin for WordPress
+CVE-2020-20625 (Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthen ...)
+ NOT-FOR-US: Sliced Invoices plugin for WordPress
+CVE-2020-20624
+ RESERVED
+CVE-2020-20623
+ RESERVED
+CVE-2020-20622
+ RESERVED
+CVE-2020-20621
+ RESERVED
+CVE-2020-20620
+ RESERVED
+CVE-2020-20619
+ RESERVED
+CVE-2020-20618
+ RESERVED
+CVE-2020-20617
+ RESERVED
+CVE-2020-20616
+ RESERVED
+CVE-2020-20615
+ RESERVED
+CVE-2020-20614
+ RESERVED
+CVE-2020-20613
+ RESERVED
+CVE-2020-20612
+ RESERVED
+CVE-2020-20611
+ RESERVED
+CVE-2020-20610
+ RESERVED
+CVE-2020-20609
+ RESERVED
+CVE-2020-20608
+ RESERVED
+CVE-2020-20607
+ RESERVED
+CVE-2020-20606
+ RESERVED
+CVE-2020-20605 (Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in t ...)
+ NOT-FOR-US: Blog CMS
+CVE-2020-20604
+ RESERVED
+CVE-2020-20603
+ RESERVED
+CVE-2020-20602
+ RESERVED
+CVE-2020-20601 (An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbi ...)
+ NOT-FOR-US: ThinkCMF
+CVE-2020-20600 (MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerab ...)
+ NOT-FOR-US: MetInfo
+CVE-2020-20599
+ RESERVED
+CVE-2020-20598 (A cross-site scripting (XSS) vulnerability in the Editing component of ...)
+ NOT-FOR-US: com.mossle.lemon
+CVE-2020-20597 (A cross-site scripting (XSS) vulnerability in the potrtalItemName para ...)
+ NOT-FOR-US: com.mossle.lemon
+ NOTE: https://github.com/xuhuisheng/lemon
+CVE-2020-20596
+ RESERVED
+CVE-2020-20595 (A cross-site request forgery (CSRF) in OPMS v1.3 and below allows atta ...)
+ NOT-FOR-US: OPMS
+CVE-2020-20594
+ RESERVED
+CVE-2020-20593 (A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authent ...)
+ NOT-FOR-US: Rockoa
+CVE-2020-20592
+ RESERVED
+CVE-2020-20591
+ RESERVED
+CVE-2020-20590
+ RESERVED
+CVE-2020-20589
+ RESERVED
+CVE-2020-20588
+ RESERVED
+CVE-2020-20587
+ RESERVED
+CVE-2020-20586 (A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s= ...)
+ NOT-FOR-US: XYHCMS
+CVE-2020-20585 (A blind SQL injection in /admin/?n=logs&amp;c=index&amp;a=dode of Meti ...)
+ NOT-FOR-US: Metinfo
+CVE-2020-20584 (A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows a ...)
+ NOT-FOR-US: baigo CMS
+CVE-2020-20583 (A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R ...)
+ NOT-FOR-US: LJCMS
+CVE-2020-20582 (A server side request forgery (SSRF) vulnerability in /ApiAdminDomainS ...)
+ NOT-FOR-US: MipCMS
+CVE-2020-20581
+ RESERVED
+CVE-2020-20580
+ RESERVED
+CVE-2020-20579
+ RESERVED
+CVE-2020-20578
+ RESERVED
+CVE-2020-20577
+ RESERVED
+CVE-2020-20576
+ RESERVED
+CVE-2020-20575
+ RESERVED
+CVE-2020-20574
+ RESERVED
+CVE-2020-20573
+ RESERVED
+CVE-2020-20572
+ RESERVED
+CVE-2020-20571
+ RESERVED
+CVE-2020-20570
+ RESERVED
+CVE-2020-20569
+ RESERVED
+CVE-2020-20568
+ RESERVED
+CVE-2020-20567
+ RESERVED
+CVE-2020-20566
+ RESERVED
+CVE-2020-20565
+ RESERVED
+CVE-2020-20564
+ RESERVED
+CVE-2020-20563
+ RESERVED
+CVE-2020-20562
+ RESERVED
+CVE-2020-20561
+ RESERVED
+CVE-2020-20560
+ RESERVED
+CVE-2020-20559
+ RESERVED
+CVE-2020-20558
+ RESERVED
+CVE-2020-20557
+ RESERVED
+CVE-2020-20556
+ RESERVED
+CVE-2020-20555
+ RESERVED
+CVE-2020-20554
+ RESERVED
+CVE-2020-20553
+ RESERVED
+CVE-2020-20552
+ RESERVED
+CVE-2020-20551
+ RESERVED
+CVE-2020-20550
+ RESERVED
+CVE-2020-20549
+ RESERVED
+CVE-2020-20548
+ RESERVED
+CVE-2020-20547
+ RESERVED
+CVE-2020-20546
+ RESERVED
+CVE-2020-20545 (Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Coll ...)
+ NOT-FOR-US: Zhiyuan G6 Government Collaboration System
+CVE-2020-20544
+ RESERVED
+CVE-2020-20543
+ RESERVED
+CVE-2020-20542
+ RESERVED
+CVE-2020-20541
+ RESERVED
+CVE-2020-20540
+ RESERVED
+CVE-2020-20539
+ RESERVED
+CVE-2020-20538
+ RESERVED
+CVE-2020-20537
+ RESERVED
+CVE-2020-20536
+ RESERVED
+CVE-2020-20535
+ RESERVED
+CVE-2020-20534
+ RESERVED
+CVE-2020-20533
+ RESERVED
+CVE-2020-20532
+ RESERVED
+CVE-2020-20531
+ RESERVED
+CVE-2020-20530
+ RESERVED
+CVE-2020-20529
+ RESERVED
+CVE-2020-20528
+ RESERVED
+CVE-2020-20527
+ RESERVED
+CVE-2020-20526
+ RESERVED
+CVE-2020-20525
+ RESERVED
+CVE-2020-20524
+ RESERVED
+CVE-2020-20523
+ RESERVED
+CVE-2020-20522
+ RESERVED
+CVE-2020-20521
+ RESERVED
+CVE-2020-20520
+ RESERVED
+CVE-2020-20519
+ RESERVED
+CVE-2020-20518
+ RESERVED
+CVE-2020-20517
+ RESERVED
+CVE-2020-20516
+ RESERVED
+CVE-2020-20515
+ RESERVED
+CVE-2020-20514 (A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/ ...)
+ NOT-FOR-US: Maccms
+CVE-2020-20513
+ RESERVED
+CVE-2020-20512
+ RESERVED
+CVE-2020-20511
+ RESERVED
+CVE-2020-20510
+ RESERVED
+CVE-2020-20509
+ RESERVED
+CVE-2020-20508 (Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerab ...)
+ NOT-FOR-US: Shopkit
+CVE-2020-20507
+ RESERVED
+CVE-2020-20506
+ RESERVED
+CVE-2020-20505
+ RESERVED
+CVE-2020-20504
+ RESERVED
+CVE-2020-20503
+ RESERVED
+CVE-2020-20502
+ RESERVED
+CVE-2020-20501
+ RESERVED
+CVE-2020-20500
+ RESERVED
+CVE-2020-20499
+ RESERVED
+CVE-2020-20498
+ RESERVED
+CVE-2020-20497
+ RESERVED
+CVE-2020-20496
+ RESERVED
+CVE-2020-20495 (bludit v3.13.0 contains an arbitrary file deletion vulnerability in th ...)
+ NOT-FOR-US: bludit
+ NOTE: https://github.com/bludit/bludit
+CVE-2020-20494
+ RESERVED
+CVE-2020-20493
+ RESERVED
+CVE-2020-20492
+ RESERVED
+CVE-2020-20491
+ RESERVED
+CVE-2020-20490 (A heap buffer-overflow in the client_example1.c component of libiec_ic ...)
+ NOT-FOR-US: libiec_iccp_mod
+ NOTE: https://github.com/fcovatti/libiec_iccp_mod
+ NOTE: IEC 61850
+CVE-2020-20489
+ RESERVED
+CVE-2020-20488
+ RESERVED
+CVE-2020-20487
+ RESERVED
+CVE-2020-20486 (IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10x_S ...)
+ NOT-FOR-US: IEC104
+ NOTE: https://github.com/airpig2011/IEC104
+CVE-2020-20485
+ RESERVED
+CVE-2020-20484
+ RESERVED
+CVE-2020-20483
+ RESERVED
+CVE-2020-20482
+ RESERVED
+CVE-2020-20481
+ RESERVED
+CVE-2020-20480
+ RESERVED
+CVE-2020-20479
+ RESERVED
+CVE-2020-20478
+ RESERVED
+CVE-2020-20477
+ RESERVED
+CVE-2020-20476
+ RESERVED
+CVE-2020-20475
+ RESERVED
+CVE-2020-20474 (White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The ...)
+ NOT-FOR-US: White Shark System (WSS)
+CVE-2020-20473 (White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The ...)
+ NOT-FOR-US: White Shark System (WSS)
+CVE-2020-20472 (White Shark System (WSS) 1.3.2 has a sensitive information disclosure ...)
+ NOT-FOR-US: White Shark System (WSS)
+CVE-2020-20471 (White Shark System (WSS) 1.3.2 has an unauthorized access vulnerabilit ...)
+ NOT-FOR-US: White Shark System (WSS)
+CVE-2020-20470 (White Shark System (WSS) 1.3.2 has web site physical path leakage vuln ...)
+ NOT-FOR-US: White Shark System (WSS)
+CVE-2020-20469 (White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The ...)
+ NOT-FOR-US: White Shark System (WSS)
+CVE-2020-20468 (White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can us ...)
+ NOT-FOR-US: White Shark System (WSS)
+CVE-2020-20467 (White Shark System (WSS) 1.3.2 is vulnerable to sensitive information ...)
+ NOT-FOR-US: White Shark System (WSS)
+CVE-2020-20466 (White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access vi ...)
+ NOT-FOR-US: White Shark System (WSS)
+CVE-2020-20465
+ RESERVED
+CVE-2020-20464
+ RESERVED
+CVE-2020-20463
+ RESERVED
+CVE-2020-20462
+ RESERVED
+CVE-2020-20461
+ RESERVED
+CVE-2020-20460
+ RESERVED
+CVE-2020-20459
+ RESERVED
+CVE-2020-20458
+ RESERVED
+CVE-2020-20457
+ RESERVED
+CVE-2020-20456
+ RESERVED
+CVE-2020-20455
+ RESERVED
+CVE-2020-20454
+ RESERVED
+CVE-2020-20453 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccod ...)
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
+ - ffmpeg 7:4.4.1-1 (unimportant)
+ NOTE: https://trac.ffmpeg.org/ticket/8003
+ NOTE: Negligible security impact
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8
+CVE-2020-20452
+ RESERVED
+CVE-2020-20451 (Denial of Service issue in FFmpeg 4.2 due to resource management error ...)
+ {DLA-2818-1}
+ - ffmpeg 7:4.3-2 (unimportant)
+ NOTE: https://trac.ffmpeg.org/ticket/8094
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21265f42ecb265debe9fec1dbfd0cb7de5a8aefb
+ NOTE: Negligible security impact
+CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer dereference passed as argument ...)
+ {DSA-4998-1}
+ [experimental] - ffmpeg 7:4.4-1
+ - ffmpeg 7:4.4-5 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://trac.ffmpeg.org/ticket/7993
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5400e4a50c61e53e1bc50b3e77201649bbe9c510
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3865b1952e5cf993b016d83ba78fe1deb63bbfad (4.3)
+ NOTE: Negligible security impact
+CVE-2020-20449
+ RESERVED
+CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/rate ...)
+ {DSA-4722-1}
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://trac.ffmpeg.org/ticket/7990
+ NOTE: Negligible security impact
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8802e329c8317ca5ceb929df48a23eb0f9e852b2
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=55279d699fa64d8eb1185d8db04ab4ed92e8dea2
+CVE-2020-20447
+ RESERVED
+CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy ...)
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
+ - ffmpeg 7:4.4.1-1 (unimportant)
+ NOTE: https://trac.ffmpeg.org/ticket/7995
+ NOTE: Negligible security impact
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/223b5e8ac9f6461bb13ed365419ec485c5b2b002
+CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, ...)
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
+ - ffmpeg <unfixed> (unimportant)
+ NOTE: https://trac.ffmpeg.org/ticket/7996
+ NOTE: Negligible security impact
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38d18fb57863bb9c54e68ae44aa780c5c282a184
+CVE-2020-20444 (Jact OpenClinic 0.8.20160412 allows the attacker to read server files ...)
+ NOT-FOR-US: Jact OpenClinic
+CVE-2020-20443
+ RESERVED
+CVE-2020-20442
+ RESERVED
+CVE-2020-20441
+ RESERVED
+CVE-2020-20440
+ RESERVED
+CVE-2020-20439
+ RESERVED
+CVE-2020-20438
+ RESERVED
+CVE-2020-20437
+ RESERVED
+CVE-2020-20436
+ RESERVED
+CVE-2020-20435
+ RESERVED
+CVE-2020-20434
+ RESERVED
+CVE-2020-20433
+ RESERVED
+CVE-2020-20432
+ RESERVED
+CVE-2020-20431
+ RESERVED
+CVE-2020-20430
+ RESERVED
+CVE-2020-20429
+ RESERVED
+CVE-2020-20428
+ RESERVED
+CVE-2020-20427
+ RESERVED
+CVE-2020-20426 (S-CMS Government Station Building System v5.0 contains a cross-site sc ...)
+ NOT-FOR-US: S-CMS Government Station Building System
+CVE-2020-20425 (S-CMS Government Station Building System v5.0 contains a cross-site sc ...)
+ NOT-FOR-US: S-CMS Government Station Building System
+CVE-2020-20424
+ RESERVED
+CVE-2020-20423
+ RESERVED
+CVE-2020-20422
+ RESERVED
+CVE-2020-20421
+ RESERVED
+CVE-2020-20420
+ RESERVED
+CVE-2020-20419
+ RESERVED
+CVE-2020-20418
+ RESERVED
+CVE-2020-20417
+ RESERVED
+CVE-2020-20416
+ RESERVED
+CVE-2020-20415
+ RESERVED
+CVE-2020-20414
+ RESERVED
+CVE-2020-20413
+ RESERVED
+CVE-2020-20412 (lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 ...)
+ NOT-FOR-US: StepMania integration of libvorbis
+CVE-2020-20411
+ RESERVED
+CVE-2020-20410
+ RESERVED
+CVE-2020-20409
+ RESERVED
+CVE-2020-20408
+ RESERVED
+CVE-2020-20407
+ RESERVED
+CVE-2020-20406 (A stored XSS vulnerability exists in the Custom Link Attributes contro ...)
+ NOT-FOR-US: Elementor Page Builder
+CVE-2020-20405
+ RESERVED
+CVE-2020-20404
+ RESERVED
+CVE-2020-20403
+ RESERVED
+CVE-2020-20402
+ RESERVED
+CVE-2020-20401
+ RESERVED
+CVE-2020-20400
+ RESERVED
+CVE-2020-20399
+ RESERVED
+CVE-2020-20398
+ RESERVED
+CVE-2020-20397
+ RESERVED
+CVE-2020-20396
+ RESERVED
+CVE-2020-20395
+ RESERVED
+CVE-2020-20394
+ RESERVED
+CVE-2020-20393
+ RESERVED
+CVE-2020-20392 (SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters ...)
+ NOT-FOR-US: imcat
+CVE-2020-20391 (Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/sni ...)
+ NOT-FOR-US: GetSimpleCMS
+CVE-2020-20390
+ RESERVED
+CVE-2020-20389 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in adm ...)
+ NOT-FOR-US: GetSimpleCMS
+CVE-2020-20388
+ RESERVED
+CVE-2020-20387
+ RESERVED
+CVE-2020-20386
+ RESERVED
+CVE-2020-20385
+ RESERVED
+CVE-2020-20384
+ RESERVED
+CVE-2020-20383
+ RESERVED
+CVE-2020-20382
+ RESERVED
+CVE-2020-20381
+ RESERVED
+CVE-2020-20380
+ RESERVED
+CVE-2020-20379
+ RESERVED
+CVE-2020-20378
+ RESERVED
+CVE-2020-20377
+ RESERVED
+CVE-2020-20376
+ RESERVED
+CVE-2020-20375
+ RESERVED
+CVE-2020-20374
+ RESERVED
+CVE-2020-20373
+ RESERVED
+CVE-2020-20372
+ RESERVED
+CVE-2020-20371
+ RESERVED
+CVE-2020-20370
+ RESERVED
+CVE-2020-20369
+ RESERVED
+CVE-2020-20368
+ RESERVED
+CVE-2020-20367
+ RESERVED
+CVE-2020-20366
+ RESERVED
+CVE-2020-20365
+ RESERVED
+CVE-2020-20364
+ RESERVED
+CVE-2020-20363 (Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.p ...)
+ NOT-FOR-US: PbootCMS
+CVE-2020-20362
+ RESERVED
+CVE-2020-20361
+ RESERVED
+CVE-2020-20360
+ RESERVED
+CVE-2020-20359
+ RESERVED
+CVE-2020-20358
+ RESERVED
+CVE-2020-20357
+ RESERVED
+CVE-2020-20356
+ RESERVED
+CVE-2020-20355
+ RESERVED
+CVE-2020-20354
+ RESERVED
+CVE-2020-20353
+ RESERVED
+CVE-2020-20352
+ RESERVED
+CVE-2020-20351
+ RESERVED
+CVE-2020-20350
+ RESERVED
+CVE-2020-20349 (WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability i ...)
+ NOT-FOR-US: WTCMS
+CVE-2020-20348 (WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability i ...)
+ NOT-FOR-US: WTCMS
+CVE-2020-20347 (WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability i ...)
+ NOT-FOR-US: WTCMS
+CVE-2020-20346
+ RESERVED
+CVE-2020-20345 (WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerabili ...)
+ NOT-FOR-US: WTCMS
+CVE-2020-20344 (WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerabili ...)
+ NOT-FOR-US: WTCMS
+CVE-2020-20343 (WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability i ...)
+ NOT-FOR-US: WTCMS
+CVE-2020-20342
+ RESERVED
+CVE-2020-20341 (YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_ ...)
+ NOT-FOR-US: YzmCMS
+CVE-2020-20340 (A SQL injection vulnerability in the 4.edu.php\conn\function.php compo ...)
+ NOT-FOR-US: S-CMS
+CVE-2020-20339
+ RESERVED
+CVE-2020-20338
+ RESERVED
+CVE-2020-20337
+ RESERVED
+CVE-2020-20336
+ RESERVED
+CVE-2020-20335
+ RESERVED
+CVE-2020-20334
+ RESERVED
+CVE-2020-20333
+ RESERVED
+CVE-2020-20332
+ RESERVED
+CVE-2020-20331
+ RESERVED
+CVE-2020-20330
+ RESERVED
+CVE-2020-20329
+ RESERVED
+CVE-2020-20328
+ RESERVED
+CVE-2020-20327
+ RESERVED
+CVE-2020-20326
+ RESERVED
+CVE-2020-20325
+ RESERVED
+CVE-2020-20324
+ RESERVED
+CVE-2020-20323
+ RESERVED
+CVE-2020-20322
+ RESERVED
+CVE-2020-20321
+ RESERVED
+CVE-2020-20320
+ RESERVED
+CVE-2020-20319
+ RESERVED
+CVE-2020-20318
+ RESERVED
+CVE-2020-20317
+ RESERVED
+CVE-2020-20316
+ RESERVED
+CVE-2020-20315
+ RESERVED
+CVE-2020-20314
+ RESERVED
+CVE-2020-20313
+ RESERVED
+CVE-2020-20312
+ RESERVED
+CVE-2020-20311
+ RESERVED
+CVE-2020-20310
+ RESERVED
+CVE-2020-20309
+ RESERVED
+CVE-2020-20308
+ RESERVED
+CVE-2020-20307
+ RESERVED
+CVE-2020-20306
+ RESERVED
+CVE-2020-20305
+ RESERVED
+CVE-2020-20304
+ RESERVED
+CVE-2020-20303
+ RESERVED
+CVE-2020-20302
+ RESERVED
+CVE-2020-20301
+ RESERVED
+CVE-2020-20300 (SQL injection vulnerability in the wp_where function in WeiPHP 5.0. ...)
+ NOT-FOR-US: WeiPHP
+CVE-2020-20299 (WeiPHP 5.0 does not properly restrict access to pages, related to usin ...)
+ NOT-FOR-US: WeiPHP
+CVE-2020-20298 (Eval injection vulnerability in the parserCommom method in the ParserT ...)
+ NOT-FOR-US: zzzphp
+CVE-2020-20297
+ RESERVED
+CVE-2020-20296 (An issue was found in CMSWing project version 1.3.8, Because the recha ...)
+ NOT-FOR-US: CMSWing
+CVE-2020-20295 (An issue was found in CMSWing project version 1.3.8. Because the updat ...)
+ NOT-FOR-US: CMSWing
+CVE-2020-20294 (An issue was found in CMSWing project version 1.3.8. Because the log f ...)
+ NOT-FOR-US: CMSWing
+CVE-2020-20293
+ RESERVED
+CVE-2020-20292
+ RESERVED
+CVE-2020-20291
+ RESERVED
+CVE-2020-20290 (Directory traversal vulnerability in the yccms 3.3 project. The delete ...)
+ NOT-FOR-US: yccms
+CVE-2020-20289 (Sql injection vulnerability in the yccms 3.3 project. The no_top funct ...)
+ NOT-FOR-US: yccms
+CVE-2020-20288
+ RESERVED
+CVE-2020-20287 (Unrestricted file upload vulnerability in the yccms 3.3 project. The x ...)
+ NOT-FOR-US: yccms
+CVE-2020-20286
+ RESERVED
+CVE-2020-20285 (There is a XSS in the user login page in zzcms 2019. Users can inject ...)
+ NOT-FOR-US: zzcms
+CVE-2020-20284
+ RESERVED
+CVE-2020-20283
+ RESERVED
+CVE-2020-20282
+ RESERVED
+CVE-2020-20281
+ RESERVED
+CVE-2020-20280
+ RESERVED
+CVE-2020-20279
+ RESERVED
+CVE-2020-20278
+ RESERVED
+CVE-2020-20277 (There are multiple unauthenticated directory traversal vulnerabilities ...)
+ NOT-FOR-US: uftpd
+CVE-2020-20276 (An unauthenticated stack-based buffer overflow vulnerability in common ...)
+ NOT-FOR-US: uftpd
+CVE-2020-20275
+ RESERVED
+CVE-2020-20274
+ RESERVED
+CVE-2020-20273
+ RESERVED
+CVE-2020-20272
+ RESERVED
+CVE-2020-20271
+ RESERVED
+CVE-2020-20270
+ RESERVED
+CVE-2020-20269 (A specially crafted Markdown document could cause the execution of mal ...)
+ NOT-FOR-US: Caret Editor
+CVE-2020-20268
+ RESERVED
+CVE-2020-20267 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20266 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20265 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20264 (Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced- ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20263
+ RESERVED
+CVE-2020-20262 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20261
+ RESERVED
+CVE-2020-20260
+ RESERVED
+CVE-2020-20259
+ RESERVED
+CVE-2020-20258
+ RESERVED
+CVE-2020-20257
+ RESERVED
+CVE-2020-20256
+ RESERVED
+CVE-2020-20255
+ RESERVED
+CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20252 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...)
+ NOT-FOR-US: Mikrotik
+CVE-2020-20251
+ RESERVED
+CVE-2020-20250 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...)
+ NOT-FOR-US: Mikrotik
+CVE-2020-20249 (Mikrotik RouterOs before stable 6.47 suffers from a memory corruption ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20248 (Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled reso ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20247 (Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory co ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20246 (Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulne ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20245 (Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulne ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20244
+ RESERVED
+CVE-2020-20243
+ RESERVED
+CVE-2020-20242
+ RESERVED
+CVE-2020-20241
+ RESERVED
+CVE-2020-20240
+ RESERVED
+CVE-2020-20239
+ RESERVED
+CVE-2020-20238
+ RESERVED
+CVE-2020-20237 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20236 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20235
+ RESERVED
+CVE-2020-20234
+ RESERVED
+CVE-2020-20233
+ RESERVED
+CVE-2020-20232
+ RESERVED
+CVE-2020-20231 (Mikrotik RouterOs through stable version 6.48.3 suffers from a memory ...)
+ NOT-FOR-US: Mikrotik
+CVE-2020-20230 (Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled reso ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20229
+ RESERVED
+CVE-2020-20228
+ RESERVED
+CVE-2020-20227 (Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnera ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20226
+ RESERVED
+CVE-2020-20225 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion ...)
+ NOT-FOR-US: Mikrotik
+CVE-2020-20224
+ RESERVED
+CVE-2020-20223
+ RESERVED
+CVE-2020-20222 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20221 (Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncon ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20220 (Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruptio ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20219 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20218 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20217 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontroll ...)
+ NOT-FOR-US: Mikrotik
+CVE-2020-20216 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
+ NOT-FOR-US: Mikrotik
+CVE-2020-20215 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...)
+ NOT-FOR-US: Mikrotik
+CVE-2020-20214 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion fa ...)
+ NOT-FOR-US: Mikrotik RouterOs
+CVE-2020-20213 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaus ...)
+ NOT-FOR-US: Mikrotik
+CVE-2020-20212 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corrup ...)
+ NOT-FOR-US: Mikrotik
+CVE-2020-20211 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion fa ...)
+ NOT-FOR-US: Mikrotik
+CVE-2020-20210
+ RESERVED
+CVE-2020-20209
+ RESERVED
+CVE-2020-20208
+ RESERVED
+CVE-2020-20207
+ RESERVED
+CVE-2020-20206
+ RESERVED
+CVE-2020-20205
+ RESERVED
+CVE-2020-20204
+ RESERVED
+CVE-2020-20203
+ RESERVED
+CVE-2020-20202
+ RESERVED
+CVE-2020-20201
+ RESERVED
+CVE-2020-20200
+ RESERVED
+CVE-2020-20199
+ RESERVED
+CVE-2020-20198
+ RESERVED
+CVE-2020-20197
+ RESERVED
+CVE-2020-20196
+ RESERVED
+CVE-2020-20195
+ RESERVED
+CVE-2020-20194
+ RESERVED
+CVE-2020-20193
+ RESERVED
+CVE-2020-20192
+ RESERVED
+CVE-2020-20191
+ RESERVED
+CVE-2020-20190
+ RESERVED
+CVE-2020-20189 (SQL Injection vulnerability in NewPK 1.1 via the title parameter to ad ...)
+ NOT-FOR-US: NewPK
+CVE-2020-20188
+ RESERVED
+CVE-2020-20187
+ RESERVED
+CVE-2020-20186
+ RESERVED
+CVE-2020-20185
+ RESERVED
+CVE-2020-20184 (GateOne allows remote attackers to execute arbitrary commands via shel ...)
+ NOT-FOR-US: GateOne
+CVE-2020-20183 (Insecure direct object reference vulnerability in Zyxel&#8217;s P1302- ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-20182
+ RESERVED
+CVE-2020-20181
+ RESERVED
+CVE-2020-20180
+ RESERVED
+CVE-2020-20179
+ RESERVED
+CVE-2020-20178 (Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest ve ...)
+ NOT-FOR-US: Ethereum
+CVE-2020-20177
+ RESERVED
+CVE-2020-20176
+ RESERVED
+CVE-2020-20175
+ RESERVED
+CVE-2020-20174
+ RESERVED
+CVE-2020-20173
+ RESERVED
+CVE-2020-20172
+ RESERVED
+CVE-2020-20171
+ RESERVED
+CVE-2020-20170
+ RESERVED
+CVE-2020-20169
+ RESERVED
+CVE-2020-20168
+ RESERVED
+CVE-2020-20167
+ RESERVED
+CVE-2020-20166
+ RESERVED
+CVE-2020-20165
+ RESERVED
+CVE-2020-20164
+ RESERVED
+CVE-2020-20163
+ RESERVED
+CVE-2020-20162
+ RESERVED
+CVE-2020-20161
+ RESERVED
+CVE-2020-20160
+ RESERVED
+CVE-2020-20159
+ RESERVED
+CVE-2020-20158
+ RESERVED
+CVE-2020-20157
+ RESERVED
+CVE-2020-20156
+ RESERVED
+CVE-2020-20155
+ RESERVED
+CVE-2020-20154
+ RESERVED
+CVE-2020-20153
+ RESERVED
+CVE-2020-20152
+ RESERVED
+CVE-2020-20151
+ RESERVED
+CVE-2020-20150
+ RESERVED
+CVE-2020-20149
+ RESERVED
+CVE-2020-20148
+ RESERVED
+CVE-2020-20147
+ RESERVED
+CVE-2020-20146
+ RESERVED
+CVE-2020-20145
+ RESERVED
+CVE-2020-20144
+ RESERVED
+CVE-2020-20143
+ RESERVED
+CVE-2020-20142 (Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" compon ...)
+ NOT-FOR-US: Flexmonster Pivot Table & Charts
+CVE-2020-20141 (Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) compone ...)
+ NOT-FOR-US: Flexmonster Pivot Table & Charts
+CVE-2020-20140 (Cross Site Scripting (XSS) vulnerability in Remote Report component un ...)
+ NOT-FOR-US: Flexmonster Pivot Table & Charts
+CVE-2020-20139 (Cross Site Scripting (XSS) vulnerability in the Remote JSON component ...)
+ NOT-FOR-US: Flexmonster Pivot Table & Charts
+CVE-2020-20138 (Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow mo ...)
+ NOT-FOR-US: CMS Made Simple (CMSMS)
+CVE-2020-20137
+ RESERVED
+CVE-2020-20136 (QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an ...)
+ NOT-FOR-US: QuantConnect Lean
+CVE-2020-20135
+ RESERVED
+CVE-2020-20134
+ RESERVED
+CVE-2020-20133
+ RESERVED
+CVE-2020-20132
+ RESERVED
+CVE-2020-20131 (LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerabil ...)
+ NOT-FOR-US: LaraCMS
+CVE-2020-20130
+ RESERVED
+CVE-2020-20129 (LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerabil ...)
+ NOT-FOR-US: LaraCMS
+CVE-2020-20128 (LaraCMS v1.0.1 transmits sensitive information in cleartext which can ...)
+ NOT-FOR-US: LaraCMS
+CVE-2020-20127
+ RESERVED
+CVE-2020-20126
+ RESERVED
+CVE-2020-20125 (EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability ...)
+ NOT-FOR-US: EARCLINK ESPCMS-P8
+CVE-2020-20124 (Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability ...)
+ NOT-FOR-US: Wuzhi CMS
+CVE-2020-20123
+ RESERVED
+CVE-2020-20122 (Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitl ...)
+ NOT-FOR-US: Wuzhi CMS
+CVE-2020-20121
+ RESERVED
+CVE-2020-20120 (ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which ...)
+ NOT-FOR-US: ThinkPHP
+CVE-2020-20119
+ RESERVED
+CVE-2020-20118
+ RESERVED
+CVE-2020-20117
+ RESERVED
+CVE-2020-20116
+ RESERVED
+CVE-2020-20115
+ RESERVED
+CVE-2020-20114
+ RESERVED
+CVE-2020-20113
+ RESERVED
+CVE-2020-20112
+ RESERVED
+CVE-2020-20111
+ RESERVED
+CVE-2020-20110
+ RESERVED
+CVE-2020-20109
+ RESERVED
+CVE-2020-20108
+ RESERVED
+CVE-2020-20107
+ RESERVED
+CVE-2020-20106
+ RESERVED
+CVE-2020-20105
+ RESERVED
+CVE-2020-20104
+ RESERVED
+CVE-2020-20103
+ RESERVED
+CVE-2020-20102
+ RESERVED
+CVE-2020-20101
+ RESERVED
+CVE-2020-20100
+ RESERVED
+CVE-2020-20099
+ RESERVED
+CVE-2020-20098
+ RESERVED
+CVE-2020-20097
+ RESERVED
+CVE-2020-20096
+ RESERVED
+CVE-2020-20095
+ RESERVED
+CVE-2020-20094
+ RESERVED
+CVE-2020-20093
+ RESERVED
+CVE-2020-20092 (File Upload vulnerability exists in ArticleCMS 1.0 via the image uploa ...)
+ NOT-FOR-US: ArticleCMS
+CVE-2020-20091
+ RESERVED
+CVE-2020-20090
+ RESERVED
+CVE-2020-20089
+ RESERVED
+CVE-2020-20088
+ RESERVED
+CVE-2020-20087
+ RESERVED
+CVE-2020-20086
+ RESERVED
+CVE-2020-20085
+ RESERVED
+CVE-2020-20084
+ RESERVED
+CVE-2020-20083
+ RESERVED
+CVE-2020-20082
+ RESERVED
+CVE-2020-20081
+ RESERVED
+CVE-2020-20080
+ RESERVED
+CVE-2020-20079
+ RESERVED
+CVE-2020-20078
+ RESERVED
+CVE-2020-20077
+ RESERVED
+CVE-2020-20076
+ RESERVED
+CVE-2020-20075
+ RESERVED
+CVE-2020-20074
+ RESERVED
+CVE-2020-20073
+ RESERVED
+CVE-2020-20072
+ RESERVED
+CVE-2020-20071
+ RESERVED
+CVE-2020-20070
+ RESERVED
+CVE-2020-20069
+ RESERVED
+CVE-2020-20068
+ RESERVED
+CVE-2020-20067
+ RESERVED
+CVE-2020-20066
+ RESERVED
+CVE-2020-20065
+ RESERVED
+CVE-2020-20064
+ RESERVED
+CVE-2020-20063
+ RESERVED
+CVE-2020-20062
+ RESERVED
+CVE-2020-20061
+ RESERVED
+CVE-2020-20060
+ RESERVED
+CVE-2020-20059
+ RESERVED
+CVE-2020-20058
+ RESERVED
+CVE-2020-20057
+ RESERVED
+CVE-2020-20056
+ RESERVED
+CVE-2020-20055
+ RESERVED
+CVE-2020-20054
+ RESERVED
+CVE-2020-20053
+ RESERVED
+CVE-2020-20052
+ RESERVED
+CVE-2020-20051
+ RESERVED
+CVE-2020-20050
+ RESERVED
+CVE-2020-20049
+ RESERVED
+CVE-2020-20048
+ RESERVED
+CVE-2020-20047
+ RESERVED
+CVE-2020-20046
+ RESERVED
+CVE-2020-20045
+ RESERVED
+CVE-2020-20044
+ RESERVED
+CVE-2020-20043
+ RESERVED
+CVE-2020-20042
+ RESERVED
+CVE-2020-20041
+ RESERVED
+CVE-2020-20040
+ RESERVED
+CVE-2020-20039
+ RESERVED
+CVE-2020-20038
+ RESERVED
+CVE-2020-20037
+ RESERVED
+CVE-2020-20036
+ RESERVED
+CVE-2020-20035
+ RESERVED
+CVE-2020-20034
+ RESERVED
+CVE-2020-20033
+ RESERVED
+CVE-2020-20032
+ RESERVED
+CVE-2020-20031
+ RESERVED
+CVE-2020-20030
+ RESERVED
+CVE-2020-20029
+ RESERVED
+CVE-2020-20028
+ RESERVED
+CVE-2020-20027
+ RESERVED
+CVE-2020-20026
+ RESERVED
+CVE-2020-20025
+ RESERVED
+CVE-2020-20024
+ RESERVED
+CVE-2020-20023
+ RESERVED
+CVE-2020-20022
+ RESERVED
+CVE-2020-20021
+ RESERVED
+CVE-2020-20020
+ RESERVED
+CVE-2020-20019
+ RESERVED
+CVE-2020-20018
+ RESERVED
+CVE-2020-20017
+ RESERVED
+CVE-2020-20016
+ RESERVED
+CVE-2020-20015
+ RESERVED
+CVE-2020-20014
+ RESERVED
+CVE-2020-20013
+ RESERVED
+CVE-2020-20012
+ RESERVED
+CVE-2020-20011
+ RESERVED
+CVE-2020-20010
+ RESERVED
+CVE-2020-20009
+ RESERVED
+CVE-2020-20008
+ RESERVED
+CVE-2020-20007
+ RESERVED
+CVE-2020-20006
+ RESERVED
+CVE-2020-20005
+ RESERVED
+CVE-2020-20004
+ RESERVED
+CVE-2020-20003
+ RESERVED
+CVE-2020-20002
+ RESERVED
+CVE-2020-20001
+ RESERVED
+CVE-2020-20000
+ RESERVED
+CVE-2020-19999
+ RESERVED
+CVE-2020-19998
+ RESERVED
+CVE-2020-19997
+ RESERVED
+CVE-2020-19996
+ RESERVED
+CVE-2020-19995
+ RESERVED
+CVE-2020-19994
+ RESERVED
+CVE-2020-19993
+ RESERVED
+CVE-2020-19992
+ RESERVED
+CVE-2020-19991
+ RESERVED
+CVE-2020-19990
+ RESERVED
+CVE-2020-19989
+ RESERVED
+CVE-2020-19988
+ RESERVED
+CVE-2020-19987
+ RESERVED
+CVE-2020-19986
+ RESERVED
+CVE-2020-19985
+ RESERVED
+CVE-2020-19984
+ RESERVED
+CVE-2020-19983
+ RESERVED
+CVE-2020-19982
+ RESERVED
+CVE-2020-19981
+ RESERVED
+CVE-2020-19980
+ RESERVED
+CVE-2020-19979
+ RESERVED
+CVE-2020-19978
+ RESERVED
+CVE-2020-19977
+ RESERVED
+CVE-2020-19976
+ RESERVED
+CVE-2020-19975
+ RESERVED
+CVE-2020-19974
+ RESERVED
+CVE-2020-19973
+ RESERVED
+CVE-2020-19972
+ RESERVED
+CVE-2020-19971
+ RESERVED
+CVE-2020-19970
+ RESERVED
+CVE-2020-19969
+ RESERVED
+CVE-2020-19968
+ RESERVED
+CVE-2020-19967
+ RESERVED
+CVE-2020-19966
+ RESERVED
+CVE-2020-19965
+ RESERVED
+CVE-2020-19964 (A Cross Site Request Forgery (CSRF) vulnerability was discovered in PH ...)
+ NOT-FOR-US: PHPMyWind
+CVE-2020-19963
+ RESERVED
+CVE-2020-19962 (A stored cross-site scripting (XSS) vulnerability in the getClientIp f ...)
+ NOT-FOR-US: Chaoji CMS
+CVE-2020-19961 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
+ NOT-FOR-US: zz cms
+CVE-2020-19960 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
+ NOT-FOR-US: zz cms
+CVE-2020-19959 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
+ NOT-FOR-US: zz cms
+CVE-2020-19958
+ RESERVED
+CVE-2020-19957 (A SQL injection vulnerability has been discovered in zz cms version 20 ...)
+ NOT-FOR-US: zz cms
+CVE-2020-19956
+ RESERVED
+CVE-2020-19955
+ RESERVED
+CVE-2020-19954 (An XML External Entity (XXE) vulnerability was discovered in /api/noti ...)
+ NOT-FOR-US: S-CMS
+CVE-2020-19953
+ RESERVED
+CVE-2020-19952
+ RESERVED
+CVE-2020-19951 (A cross-site request forgery (CSRF) in /controller/pay.class.php of Yz ...)
+ NOT-FOR-US: YzmCMS
+CVE-2020-19950 (A cross-site scripting (XSS) vulnerability in the /banner/add.html com ...)
+ NOT-FOR-US: YzmCMS
+CVE-2020-19949 (A cross-site scripting (XSS) vulnerability in the /link/add.html compo ...)
+ NOT-FOR-US: YzmCMS
+CVE-2020-19948
+ RESERVED
+CVE-2020-19947
+ RESERVED
+CVE-2020-19946
+ RESERVED
+CVE-2020-19945
+ RESERVED
+CVE-2020-19944
+ RESERVED
+CVE-2020-19943
+ RESERVED
+CVE-2020-19942
+ RESERVED
+CVE-2020-19941
+ RESERVED
+CVE-2020-19940
+ RESERVED
+CVE-2020-19939
+ RESERVED
+CVE-2020-19938
+ RESERVED
+CVE-2020-19937
+ RESERVED
+CVE-2020-19936
+ RESERVED
+CVE-2020-19935
+ RESERVED
+CVE-2020-19934
+ RESERVED
+CVE-2020-19933
+ RESERVED
+CVE-2020-19932
+ RESERVED
+CVE-2020-19931
+ RESERVED
+CVE-2020-19930
+ RESERVED
+CVE-2020-19929
+ RESERVED
+CVE-2020-19928
+ RESERVED
+CVE-2020-19927
+ RESERVED
+CVE-2020-19926
+ RESERVED
+CVE-2020-19925
+ RESERVED
+CVE-2020-19924 (In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS a ...)
+ NOT-FOR-US: Boostnote
+CVE-2020-19923
+ RESERVED
+CVE-2020-19922
+ RESERVED
+CVE-2020-19921
+ RESERVED
+CVE-2020-19920
+ RESERVED
+CVE-2020-19919
+ RESERVED
+CVE-2020-19918
+ RESERVED
+CVE-2020-19917
+ RESERVED
+CVE-2020-19916
+ RESERVED
+CVE-2020-19915 (Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via ...)
+ NOT-FOR-US: WUZHI CMS
+CVE-2020-19914
+ RESERVED
+CVE-2020-19913
+ RESERVED
+CVE-2020-19912
+ RESERVED
+CVE-2020-19911
+ RESERVED
+CVE-2020-19910
+ RESERVED
+CVE-2020-19909
+ RESERVED
+CVE-2020-19908
+ RESERVED
+CVE-2020-19907 (A command injection vulnerability in the sandcat plugin of Caldera 2.3 ...)
+ NOT-FOR-US: Caldera plugin
+CVE-2020-19906
+ RESERVED
+CVE-2020-19905
+ RESERVED
+CVE-2020-19904
+ RESERVED
+CVE-2020-19903
+ RESERVED
+CVE-2020-19902
+ RESERVED
+CVE-2020-19901
+ RESERVED
+CVE-2020-19900
+ RESERVED
+CVE-2020-19899
+ RESERVED
+CVE-2020-19898
+ RESERVED
+CVE-2020-19897
+ RESERVED
+CVE-2020-19896
+ RESERVED
+CVE-2020-19895
+ RESERVED
+CVE-2020-19894
+ RESERVED
+CVE-2020-19893
+ RESERVED
+CVE-2020-19892
+ RESERVED
+CVE-2020-19891 (DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\ ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19890 (DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\m ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19889 (DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19888 (DBHcms v1.2.0 has an unauthorized operation vulnerability because ther ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19887 (DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecia ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19886 (DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19885 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19884 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19883 (DBHcms v1.2.0 has a stored xss vulnerability as there is no security f ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19882 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19881 (DBHcms v1.2.0 has a reflected xss vulnerability as there is no securit ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19880 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19879 (DBHcms v1.2.0 has a stored xss vulnerability as there is no security f ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19878 (DBHcms v1.2.0 has a sensitive information leaks vulnerability as there ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19877 (DBHcms v1.2.0 has a directory traversal vulnerability as there is no d ...)
+ NOT-FOR-US: DBHcms
+CVE-2020-19876
+ RESERVED
+CVE-2020-19875
+ RESERVED
+CVE-2020-19874
+ RESERVED
+CVE-2020-19873
+ RESERVED
+CVE-2020-19872
+ RESERVED
+CVE-2020-19871
+ RESERVED
+CVE-2020-19870
+ RESERVED
+CVE-2020-19869
+ RESERVED
+CVE-2020-19868
+ RESERVED
+CVE-2020-19867
+ RESERVED
+CVE-2020-19866
+ RESERVED
+CVE-2020-19865
+ RESERVED
+CVE-2020-19864
+ RESERVED
+CVE-2020-19863
+ RESERVED
+CVE-2020-19862
+ RESERVED
+CVE-2020-19861 (When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt ...)
+ {DLA-2910-1}
+ - ldns <unfixed>
+ [bullseye] - ldns <no-dsa> (Minor issue)
+ [buster] - ldns <no-dsa> (Minor issue)
+ NOTE: https://github.com/NLnetLabs/ldns/issues/51
+ NOTE: https://github.com/NLnetLabs/ldns/commit/136ec420437041fe13f344a2053e774f9050cc38 (1.8.0-rc.1)
+CVE-2020-19860 (When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_ ...)
+ {DLA-2910-1}
+ - ldns <unfixed>
+ [bullseye] - ldns <no-dsa> (Minor issue)
+ [buster] - ldns <no-dsa> (Minor issue)
+ NOTE: https://github.com/NLnetLabs/ldns/issues/50
+ NOTE: https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3 (1.8.0-rc.1)
+ NOTE: https://github.com/NLnetLabs/ldns/commit/4e9861576a600a5ecfa16ec2de853c90dd9ce276 (1.8.0-rc.1)
+CVE-2020-19859
+ RESERVED
+CVE-2020-19858 (Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerabilit ...)
+ NOT-FOR-US: Platinum Upnp SDK
+CVE-2020-19857
+ RESERVED
+CVE-2020-19856
+ RESERVED
+CVE-2020-19855 (phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /i ...)
+ NOT-FOR-US: phpwcms
+CVE-2020-19854
+ RESERVED
+CVE-2020-19853 (BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. ...)
+ NOT-FOR-US: BlueCMS
+CVE-2020-19852
+ RESERVED
+CVE-2020-19851
+ RESERVED
+CVE-2020-19850
+ RESERVED
+CVE-2020-19849
+ RESERVED
+CVE-2020-19848
+ RESERVED
+CVE-2020-19847
+ RESERVED
+CVE-2020-19846
+ RESERVED
+CVE-2020-19845
+ RESERVED
+CVE-2020-19844
+ RESERVED
+CVE-2020-19843
+ RESERVED
+CVE-2020-19842
+ RESERVED
+CVE-2020-19841
+ RESERVED
+CVE-2020-19840
+ RESERVED
+CVE-2020-19839
+ RESERVED
+CVE-2020-19838
+ RESERVED
+CVE-2020-19837
+ RESERVED
+CVE-2020-19836
+ RESERVED
+CVE-2020-19835
+ RESERVED
+CVE-2020-19834
+ RESERVED
+CVE-2020-19833
+ RESERVED
+CVE-2020-19832
+ RESERVED
+CVE-2020-19831
+ RESERVED
+CVE-2020-19830
+ RESERVED
+CVE-2020-19829
+ RESERVED
+CVE-2020-19828
+ RESERVED
+CVE-2020-19827
+ RESERVED
+CVE-2020-19826
+ RESERVED
+CVE-2020-19825
+ RESERVED
+CVE-2020-19824
+ RESERVED
+CVE-2020-19823
+ RESERVED
+CVE-2020-19822 (A remote code execution (RCE) vulnerability in template_user.php of ZZ ...)
+ NOT-FOR-US: ZZCMS
+CVE-2020-19821 (A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attac ...)
+ NOT-FOR-US: DOYOCMS
+CVE-2020-19820
+ RESERVED
+CVE-2020-19819
+ RESERVED
+CVE-2020-19818
+ RESERVED
+CVE-2020-19817
+ RESERVED
+CVE-2020-19816
+ RESERVED
+CVE-2020-19815
+ RESERVED
+CVE-2020-19814
+ RESERVED
+CVE-2020-19813
+ RESERVED
+CVE-2020-19812
+ RESERVED
+CVE-2020-19811
+ RESERVED
+CVE-2020-19810
+ RESERVED
+CVE-2020-19809
+ RESERVED
+CVE-2020-19808
+ RESERVED
+CVE-2020-19807
+ RESERVED
+CVE-2020-19806
+ RESERVED
+CVE-2020-19805
+ RESERVED
+CVE-2020-19804
+ RESERVED
+CVE-2020-19803
+ RESERVED
+CVE-2020-19802
+ RESERVED
+CVE-2020-19801
+ RESERVED
+CVE-2020-19800
+ RESERVED
+CVE-2020-19799
+ RESERVED
+CVE-2020-19798
+ RESERVED
+CVE-2020-19797
+ RESERVED
+CVE-2020-19796
+ RESERVED
+CVE-2020-19795
+ RESERVED
+CVE-2020-19794
+ RESERVED
+CVE-2020-19793
+ RESERVED
+CVE-2020-19792
+ RESERVED
+CVE-2020-19791
+ RESERVED
+CVE-2020-19790
+ RESERVED
+CVE-2020-19789
+ RESERVED
+CVE-2020-19788
+ RESERVED
+CVE-2020-19787
+ RESERVED
+CVE-2020-19786
+ RESERVED
+CVE-2020-19785
+ RESERVED
+CVE-2020-19784
+ RESERVED
+CVE-2020-19783
+ RESERVED
+CVE-2020-19782
+ RESERVED
+CVE-2020-19781
+ RESERVED
+CVE-2020-19780
+ RESERVED
+CVE-2020-19779
+ RESERVED
+CVE-2020-19778 (Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote att ...)
+ NOT-FOR-US: Shopxo
+CVE-2020-19777
+ RESERVED
+CVE-2020-19776
+ RESERVED
+CVE-2020-19775
+ RESERVED
+CVE-2020-19774
+ RESERVED
+CVE-2020-19773
+ RESERVED
+CVE-2020-19772
+ RESERVED
+CVE-2020-19771
+ RESERVED
+CVE-2020-19770 (A cross-site scripting (XSS) vulnerability in the system bulletin comp ...)
+ NOT-FOR-US: WUZHI CMS
+CVE-2020-19769 (A lack of target address verification in the BurnMe() function of Rob ...)
+ NOT-FOR-US: Rob The Bank
+CVE-2020-19768 (A lack of target address verification in the selfdestructs() function ...)
+ NOT-FOR-US: ICOVO
+CVE-2020-19767 (A lack of target address verification in the destroycontract() functio ...)
+ NOT-FOR-US: 0xRACER
+CVE-2020-19766 (The time check operation of PepeAuctionSale 1.0 can be rendered ineffe ...)
+ NOT-FOR-US: PepeAuctionSale
+CVE-2020-19765 (An issue in the noReentrance() modifier of the Ethereum-based contract ...)
+ NOT-FOR-US: Ethereum Accounting
+CVE-2020-19764
+ RESERVED
+CVE-2020-19763
+ RESERVED
+CVE-2020-19762 (Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows ...)
+ NOT-FOR-US: Automated Logic Corporation (ALC) WebCTRL System
+CVE-2020-19761
+ RESERVED
+CVE-2020-19760
+ RESERVED
+CVE-2020-19759
+ RESERVED
+CVE-2020-19758
+ RESERVED
+CVE-2020-19757
+ RESERVED
+CVE-2020-19756
+ RESERVED
+CVE-2020-19755
+ RESERVED
+CVE-2020-19754
+ RESERVED
+CVE-2020-19753
+ RESERVED
+CVE-2020-19752 (The find_color_or_error function in gifsicle 1.92 contains a NULL poin ...)
+ - gifsicle 1.93-2 (unimportant)
+ NOTE: https://github.com/kohler/gifsicle/issues/140
+ NOTE: https://github.com/kohler/gifsicle/commit/eb9e083dcc0050996d79de2076ddc76011ad2f10 (v1.93)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool functi ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1272
+ NOTE: https://github.com/gpac/gpac/commit/c26b0aa605aaea1f0ebe8d21fe1398d94680adf7 (v0.9.0-preview~20)
+CVE-2020-19750 (An issue was discovered in gpac 0.8.0. The strdup function in box_code ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1262
+ NOTE: https://github.com/gpac/gpac/commit/3fcf66c6031da966cf33ee89bcbefa2f8bec4b02 (v0.9.0-preview~20)
+CVE-2020-19749
+ RESERVED
+CVE-2020-19748
+ RESERVED
+CVE-2020-19747
+ RESERVED
+CVE-2020-19746
+ RESERVED
+CVE-2020-19745
+ RESERVED
+CVE-2020-19744
+ RESERVED
+CVE-2020-19743
+ RESERVED
+CVE-2020-19742
+ RESERVED
+CVE-2020-19741
+ RESERVED
+CVE-2020-19740
+ RESERVED
+CVE-2020-19739
+ RESERVED
+CVE-2020-19738
+ RESERVED
+CVE-2020-19737
+ RESERVED
+CVE-2020-19736
+ RESERVED
+CVE-2020-19735
+ RESERVED
+CVE-2020-19734
+ RESERVED
+CVE-2020-19733
+ RESERVED
+CVE-2020-19732
+ RESERVED
+CVE-2020-19731
+ RESERVED
+CVE-2020-19730
+ RESERVED
+CVE-2020-19729
+ RESERVED
+CVE-2020-19728
+ RESERVED
+CVE-2020-19727
+ RESERVED
+CVE-2020-19726
+ RESERVED
+CVE-2020-19725
+ RESERVED
+CVE-2020-19724
+ RESERVED
+CVE-2020-19723
+ RESERVED
+CVE-2020-19722 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1. ...)
+ NOT-FOR-US: Bento4
+CVE-2020-19721 (A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1 ...)
+ NOT-FOR-US: Bento4
+CVE-2020-19720 (An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bent ...)
+ NOT-FOR-US: Bento4
+CVE-2020-19719 (A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 ...)
+ NOT-FOR-US: Bento4
+CVE-2020-19718 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1. ...)
+ NOT-FOR-US: Bento4
+CVE-2020-19717 (An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bent ...)
+ NOT-FOR-US: Bento4
+CVE-2020-19716 (A buffer overflow vulnerability in the Databuf function in types.cpp o ...)
+ - exiv2 <undetermined>
+ NOTE: https://github.com/Exiv2/exiv2/issues/980
+ TODO: check, unclear if fixed or not, upstream cannot reproduce as well in 0.27.1 as reported
+CVE-2020-19715
+ REJECTED
+CVE-2020-19714
+ RESERVED
+CVE-2020-19713
+ RESERVED
+CVE-2020-19712
+ RESERVED
+CVE-2020-19711
+ RESERVED
+CVE-2020-19710
+ RESERVED
+CVE-2020-19709 (Insufficient filtering of the tag parameters in feehicms 0.1.3 allows ...)
+ NOT-FOR-US: feehicms
+CVE-2020-19708
+ RESERVED
+CVE-2020-19707
+ RESERVED
+CVE-2020-19706
+ RESERVED
+CVE-2020-19705 (thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home ...)
+ NOT-FOR-US: thinkphp-zcms
+CVE-2020-19704 (A stored cross-site scripting (XSS) vulnerability via ResourceControll ...)
+ NOT-FOR-US: Spring Boot admin
+ NOTE: https://github.com/sail-y/spring-boot-admin
+CVE-2020-19703 (A cross-site scripting (XSS) vulnerability in the referer parameter of ...)
+ NOT-FOR-US: Dzzoffice
+CVE-2020-19702
+ RESERVED
+CVE-2020-19701
+ RESERVED
+CVE-2020-19700
+ RESERVED
+CVE-2020-19699
+ RESERVED
+CVE-2020-19698
+ RESERVED
+CVE-2020-19697
+ RESERVED
+CVE-2020-19696
+ RESERVED
+CVE-2020-19695
+ RESERVED
+CVE-2020-19694
+ RESERVED
+CVE-2020-19693
+ RESERVED
+CVE-2020-19692
+ RESERVED
+CVE-2020-19691
+ RESERVED
+CVE-2020-19690
+ RESERVED
+CVE-2020-19689
+ RESERVED
+CVE-2020-19688
+ RESERVED
+CVE-2020-19687
+ RESERVED
+CVE-2020-19686
+ RESERVED
+CVE-2020-19685
+ RESERVED
+CVE-2020-19684
+ RESERVED
+CVE-2020-19683 (A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile a ...)
+ NOT-FOR-US: zzzcms
+CVE-2020-19682 (A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7 ...)
+ NOT-FOR-US: zzzcms
+CVE-2020-19681
+ RESERVED
+CVE-2020-19680
+ RESERVED
+CVE-2020-19679
+ RESERVED
+CVE-2020-19678
+ RESERVED
+CVE-2020-19677
+ RESERVED
+CVE-2020-19676 (Nacos 1.1.4 is affected by: Incorrect Access Control. An environment c ...)
+ NOT-FOR-US: Nacos
+CVE-2020-19675
+ RESERVED
+CVE-2020-19674
+ RESERVED
+CVE-2020-19673
+ RESERVED
+CVE-2020-19672 (Niushop B2B2C Multi-business basic version V1.11, can bypass the admin ...)
+ NOT-FOR-US: Niushop B2B2C Multi-business basic
+CVE-2020-19671
+ RESERVED
+CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication ca ...)
+ NOT-FOR-US: Niushop B2B2C Multi-Business Basic Edition
+CVE-2020-19669 (Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3. ...)
+ NOT-FOR-US: Eyoucms
+CVE-2020-19668 (Unverified indexs into the array lead to out of bound access in the gi ...)
+ - libsixel 1.10.3-1 (bug #990799)
+ [bullseye] - libsixel <no-dsa> (Minor issue)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/saitoha/libsixel/issues/136
+ NOTE: https://github.com/libsixel/libsixel/issues/7
+ NOTE: https://github.com/libsixel/libsixel/pull/8
+ NOTE: https://github.com/libsixel/libsixel/commit/05e5d21d065c663ec7a83d185974f4c252314968 (v1.9.0)
+ NOTE: Since 1.10.3-1 the Debian package moved from https://github.com/saitoha/libsixel to https://github.com/libsixel/libsixel fork
+CVE-2020-19667 (Stack-based buffer overflow and unconditional jump in ReadXPMImage in ...)
+ {DLA-2523-1}
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/1895
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/26538669546730c5b2dc36e7d48850f1f6928f94
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/5462fd4725018567764c8f66bed98b7ee3e23006
+CVE-2020-19666
+ RESERVED
+CVE-2020-19665
+ RESERVED
+CVE-2020-19664 (DrayTek Vigor2960 1.5.1 allows remote command execution via shell meta ...)
+ NOT-FOR-US: DrayTek Vigor2960
+CVE-2020-19663
+ RESERVED
+CVE-2020-19662
+ RESERVED
+CVE-2020-19661
+ RESERVED
+CVE-2020-19660
+ RESERVED
+CVE-2020-19659
+ RESERVED
+CVE-2020-19658
+ RESERVED
+CVE-2020-19657
+ RESERVED
+CVE-2020-19656
+ RESERVED
+CVE-2020-19655
+ RESERVED
+CVE-2020-19654
+ RESERVED
+CVE-2020-19653
+ RESERVED
+CVE-2020-19652
+ RESERVED
+CVE-2020-19651
+ RESERVED
+CVE-2020-19650
+ RESERVED
+CVE-2020-19649
+ RESERVED
+CVE-2020-19648
+ RESERVED
+CVE-2020-19647
+ RESERVED
+CVE-2020-19646
+ RESERVED
+CVE-2020-19645
+ RESERVED
+CVE-2020-19644
+ RESERVED
+CVE-2020-19643 (Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P ...)
+ NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera
+CVE-2020-19642 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...)
+ NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera
+CVE-2020-19641 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...)
+ NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera
+CVE-2020-19640 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...)
+ NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera
+CVE-2020-19639 (Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy ...)
+ NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera
+CVE-2020-19638
+ RESERVED
+CVE-2020-19637
+ RESERVED
+CVE-2020-19636
+ RESERVED
+CVE-2020-19635
+ RESERVED
+CVE-2020-19634
+ RESERVED
+CVE-2020-19633
+ RESERVED
+CVE-2020-19632
+ RESERVED
+CVE-2020-19631
+ RESERVED
+CVE-2020-19630
+ RESERVED
+CVE-2020-19629
+ RESERVED
+CVE-2020-19628
+ RESERVED
+CVE-2020-19627
+ RESERVED
+CVE-2020-19626 (Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows re ...)
+ NOT-FOR-US: craftcms
+CVE-2020-19625 (Remote Code Execution Vulnerability in tests/support/stores/test_grid_ ...)
+ NOT-FOR-US: oria gridx
+CVE-2020-19624
+ RESERVED
+CVE-2020-19623
+ RESERVED
+CVE-2020-19622
+ RESERVED
+CVE-2020-19621
+ RESERVED
+CVE-2020-19620
+ RESERVED
+CVE-2020-19619 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signatur ...)
+ NOT-FOR-US: mblog
+CVE-2020-19618 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post con ...)
+ NOT-FOR-US: mblog
+CVE-2020-19617 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname ...)
+ NOT-FOR-US: mblog
+CVE-2020-19616 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post hea ...)
+ NOT-FOR-US: mblog
+CVE-2020-19615
+ RESERVED
+CVE-2020-19614
+ RESERVED
+CVE-2020-19613 (Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function ...)
+ NOT-FOR-US: sunkaifei FlyCMS
+CVE-2020-19612
+ RESERVED
+CVE-2020-19611 (Cross Site Scripting (XSS) in redirect module of Racktables version 0. ...)
+ - racktables <itp> (bug #629531)
+CVE-2020-19610
+ RESERVED
+CVE-2020-19609 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff ...)
+ {DLA-2765-1}
+ - mupdf 1.17.0+ds1-2 (bug #991401)
+ [buster] - mupdf <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275
+ NOTE: http://git.ghostscript.com/?p=mupdf.git;h=2c4f11f8dcdbd18c35a65e58cc789be0e46012a8
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701176
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703076
+CVE-2020-19608
+ RESERVED
+CVE-2020-19607
+ RESERVED
+CVE-2020-19606
+ RESERVED
+CVE-2020-19605
+ RESERVED
+CVE-2020-19604
+ RESERVED
+CVE-2020-19603
+ RESERVED
+CVE-2020-19602
+ RESERVED
+CVE-2020-19601
+ RESERVED
+CVE-2020-19600
+ RESERVED
+CVE-2020-19599
+ RESERVED
+CVE-2020-19598
+ RESERVED
+CVE-2020-19597
+ RESERVED
+CVE-2020-19596 (Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a ...)
+ NOT-FOR-US: Core FTP
+CVE-2020-19595 (Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a c ...)
+ NOT-FOR-US: Core FTP
+CVE-2020-19594
+ RESERVED
+CVE-2020-19593
+ RESERVED
+CVE-2020-19592
+ RESERVED
+CVE-2020-19591
+ RESERVED
+CVE-2020-19590
+ RESERVED
+CVE-2020-19589
+ RESERVED
+CVE-2020-19588
+ RESERVED
+CVE-2020-19587
+ RESERVED
+CVE-2020-19586
+ RESERVED
+CVE-2020-19585
+ RESERVED
+CVE-2020-19584
+ RESERVED
+CVE-2020-19583
+ RESERVED
+CVE-2020-19582
+ RESERVED
+CVE-2020-19581
+ RESERVED
+CVE-2020-19580
+ RESERVED
+CVE-2020-19579
+ RESERVED
+CVE-2020-19578
+ RESERVED
+CVE-2020-19577
+ RESERVED
+CVE-2020-19576
+ RESERVED
+CVE-2020-19575
+ RESERVED
+CVE-2020-19574
+ RESERVED
+CVE-2020-19573
+ RESERVED
+CVE-2020-19572
+ RESERVED
+CVE-2020-19571
+ RESERVED
+CVE-2020-19570
+ RESERVED
+CVE-2020-19569
+ RESERVED
+CVE-2020-19568
+ RESERVED
+CVE-2020-19567
+ RESERVED
+CVE-2020-19566
+ RESERVED
+CVE-2020-19565
+ RESERVED
+CVE-2020-19564
+ RESERVED
+CVE-2020-19563
+ RESERVED
+CVE-2020-19562
+ RESERVED
+CVE-2020-19561
+ RESERVED
+CVE-2020-19560
+ RESERVED
+CVE-2020-19559
+ RESERVED
+CVE-2020-19558
+ RESERVED
+CVE-2020-19557
+ RESERVED
+CVE-2020-19556
+ RESERVED
+CVE-2020-19555
+ RESERVED
+CVE-2020-19554 (Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPMana ...)
+ NOT-FOR-US: ManageEngine
+CVE-2020-19553 (Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and ...)
+ NOT-FOR-US: WUZHI CMS
+CVE-2020-19552
+ RESERVED
+CVE-2020-19551 (Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 i ...)
+ NOT-FOR-US: WUZHI CMS
+CVE-2020-19550
+ RESERVED
+CVE-2020-19549
+ RESERVED
+CVE-2020-19548
+ RESERVED
+CVE-2020-19547 (Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id ...)
+ NOT-FOR-US: PopojiCMS
+CVE-2020-19546
+ RESERVED
+CVE-2020-19545
+ RESERVED
+CVE-2020-19544
+ RESERVED
+CVE-2020-19543
+ RESERVED
+CVE-2020-19542
+ RESERVED
+CVE-2020-19541
+ RESERVED
+CVE-2020-19540
+ RESERVED
+CVE-2020-19539
+ RESERVED
+CVE-2020-19538
+ RESERVED
+CVE-2020-19537
+ RESERVED
+CVE-2020-19536
+ RESERVED
+CVE-2020-19535
+ RESERVED
+CVE-2020-19534
+ RESERVED
+CVE-2020-19533
+ RESERVED
+CVE-2020-19532
+ RESERVED
+CVE-2020-19531
+ RESERVED
+CVE-2020-19530
+ RESERVED
+CVE-2020-19529
+ RESERVED
+CVE-2020-19528
+ RESERVED
+CVE-2020-19527 (iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metac ...)
+ NOT-FOR-US: idreamsoft iCMS
+CVE-2020-19526
+ RESERVED
+CVE-2020-19525
+ RESERVED
+CVE-2020-19524
+ RESERVED
+CVE-2020-19523
+ RESERVED
+CVE-2020-19522
+ RESERVED
+CVE-2020-19521
+ RESERVED
+CVE-2020-19520
+ RESERVED
+CVE-2020-19519
+ RESERVED
+CVE-2020-19518
+ RESERVED
+CVE-2020-19517
+ RESERVED
+CVE-2020-19516
+ RESERVED
+CVE-2020-19515 (qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install ...)
+ NOT-FOR-US: qdPM
+CVE-2020-19514
+ RESERVED
+CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows atta ...)
+ NOT-FOR-US: FinalWire Ltd AIDA64 Engineer
+CVE-2020-19512
+ RESERVED
+CVE-2020-19511 (Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) clas ...)
+ NOT-FOR-US: Typesetter CMS
+CVE-2020-19510 (Textpattern 4.7.3 contains an aribtrary file load via the file_insert ...)
+ NOT-FOR-US: Textpattern CMS
+CVE-2020-19509
+ RESERVED
+CVE-2020-19508
+ RESERVED
+CVE-2020-19507
+ RESERVED
+CVE-2020-19506
+ RESERVED
+CVE-2020-19505
+ RESERVED
+CVE-2020-19504
+ RESERVED
+CVE-2020-19503
+ RESERVED
+CVE-2020-19502
+ RESERVED
+CVE-2020-19501
+ RESERVED
+CVE-2020-19500
+ RESERVED
+CVE-2020-19499 (An issue was discovered in heif::Box_iref::get_references in libheif 1 ...)
+ - libheif 1.5.0-1
+ [buster] - libheif <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libheif/commit/f7399b62d7fbc596f1b2871578c1d2053bedf1dd
+ NOTE: https://github.com/strukturag/libheif/issues/138
+CVE-2020-19498 (Floating point exception in function Fraction in libheif 1.4.0, allows ...)
+ - libheif 1.5.0-1
+ [buster] - libheif <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libheif/issues/139
+ NOTE: https://github.com/strukturag/libheif/commit/2710c930918609caaf0a664e9c7bc3dce05d5b58
+CVE-2020-19497 (Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tb ...)
+ - libmatio 1.5.19-2
+ [buster] - libmatio <no-dsa> (Minor issue)
+ [stretch] - libmatio <no-dsa> (Minor issue)
+ NOTE: https://github.com/tbeu/matio/commit/5fa49ef9fc4368fe3d19b5fdaa36d8fa5e7f4606 (v1.5.18)
+ NOTE: https://github.com/tbeu/matio/issues/121
+CVE-2020-19496
+ RESERVED
+CVE-2020-19495
+ RESERVED
+CVE-2020-19494
+ RESERVED
+CVE-2020-19493
+ RESERVED
+CVE-2020-19492 (There is a floating point exception in ReadImage that leads to a Segme ...)
+ - sam2p <removed>
+ NOTE: https://github.com/pts/sam2p/commit/b953f63307c4a83fa4615a4863e3fb250205cd98
+ NOTE: https://github.com/pts/sam2p/issues/66
+CVE-2020-19491 (There is an invalid memory access bug in cgif.c that leads to a Segmen ...)
+ - sam2p <removed>
+ NOTE: https://github.com/pts/sam2p/commit/1d62cf8964bfcafa6561c4c3bb66d4aa4c529a73
+ NOTE: https://github.com/pts/sam2p/issues/67
+CVE-2020-19490 (tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixe ...)
+ - tinyexr <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/syoyo/tinyexr/issues/124
+ NOTE: https://github.com/syoyo/tinyexr/commit/a685e3332f61cd4e59324bf3f669d36973d64270
+CVE-2020-19489
+ RESERVED
+CVE-2020-19488 (An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+ NOTE: https://github.com/gpac/gpac/issues/1263
+ NOTE: Introduced by: https://github.com/gpac/gpac/commit/86d072b6a13baa1a4a90168098a0f8354c24d8cf (v0.8.0)
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/6170024568f4dda310e98ef7508477b425c58d09 (v0.9.0-preview)
+CVE-2020-19487
+ RESERVED
+CVE-2020-19486
+ RESERVED
+CVE-2020-19485
+ RESERVED
+CVE-2020-19484
+ RESERVED
+CVE-2020-19483
+ RESERVED
+CVE-2020-19482
+ RESERVED
+CVE-2020-19481 (An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Bo ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+ NOTE: https://github.com/gpac/gpac/issues/1265
+ NOTE: https://github.com/gpac/gpac/issues/1266
+ NOTE: https://github.com/gpac/gpac/issues/1267
+ NOTE: Introduced by: https://github.com/gpac/gpac/commit/bb002ad4f92d216f8ab7c8466102279ef8af6f88 (v0.8.0)
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 (v0.9.0-preview)
+CVE-2020-19480
+ RESERVED
+CVE-2020-19479
+ RESERVED
+CVE-2020-19478
+ RESERVED
+CVE-2020-19477
+ RESERVED
+CVE-2020-19476
+ RESERVED
+CVE-2020-19475 (An issue has been found in function CCITTFaxStream::lookChar in PDF2JS ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19474 (An issue has been found in function Gfx::doShowText in PDF2JSON 0.70 t ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19473 (An issue has been found in function DCTStream::decodeImage in PDF2JSON ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19472 (An issue has been found in function DCTStream::readHuffSym in PDF2JSON ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19471 (An issue has been found in function DCTStream::decodeImage in PDF2JSON ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19470 (An issue has been found in function DCTStream::getChar in PDF2JSON 0.7 ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19469 (An issue has been found in function DCTStream::reset in PDF2JSON 0.70 ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19468 (An issue has been found in function EmbedStream::getChar in PDF2JSON 0 ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19467 (An issue has been found in function DCTStream::transformDataUnit in PD ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19466 (An issue has been found in function DCTStream::transformDataUnit in PD ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19465 (An issue has been found in function ObjectStream::getObject in PDF2JSO ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19464 (An issue has been found in function XRef::fetch in PDF2JSON 0.70 that ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19463 (An issue has been found in function vfprintf in PDF2JSON 0.70 that all ...)
+ NOT-FOR-US: pdf2json
+ NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in
+ NOTE: tracking whether this affects src:poppler
+CVE-2020-19462
+ RESERVED
+CVE-2020-19461
+ RESERVED
+CVE-2020-19460
+ RESERVED
+CVE-2020-19459
+ RESERVED
+CVE-2020-19458
+ RESERVED
+CVE-2020-19457
+ RESERVED
+CVE-2020-19456
+ RESERVED
+CVE-2020-19455 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...)
+ NOT-FOR-US: jdownloads component for Joomla!
+CVE-2020-19454
+ RESERVED
+CVE-2020-19453
+ RESERVED
+CVE-2020-19452
+ RESERVED
+CVE-2020-19451 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...)
+ NOT-FOR-US: jdownloads component for Joomla!
+CVE-2020-19450 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...)
+ NOT-FOR-US: jdownloads component for Joomla!
+CVE-2020-19449
+ RESERVED
+CVE-2020-19448
+ RESERVED
+CVE-2020-19447 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! co ...)
+ NOT-FOR-US: jdownloads component for Joomla!
+CVE-2020-19446
+ RESERVED
+CVE-2020-19445
+ RESERVED
+CVE-2020-19444
+ RESERVED
+CVE-2020-19443
+ RESERVED
+CVE-2020-19442
+ RESERVED
+CVE-2020-19441
+ RESERVED
+CVE-2020-19440
+ RESERVED
+CVE-2020-19439
+ RESERVED
+CVE-2020-19438
+ RESERVED
+CVE-2020-19437
+ RESERVED
+CVE-2020-19436
+ RESERVED
+CVE-2020-19435
+ RESERVED
+CVE-2020-19434
+ RESERVED
+CVE-2020-19433
+ RESERVED
+CVE-2020-19432
+ RESERVED
+CVE-2020-19431
+ RESERVED
+CVE-2020-19430
+ RESERVED
+CVE-2020-19429
+ RESERVED
+CVE-2020-19428
+ RESERVED
+CVE-2020-19427
+ RESERVED
+CVE-2020-19426
+ RESERVED
+CVE-2020-19425
+ RESERVED
+CVE-2020-19424
+ RESERVED
+CVE-2020-19423
+ RESERVED
+CVE-2020-19422
+ RESERVED
+CVE-2020-19421
+ RESERVED
+CVE-2020-19420
+ RESERVED
+CVE-2020-19419 (Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 ...)
+ NOT-FOR-US: Emerson Smart Wireless Gateway 1420
+CVE-2020-19418
+ RESERVED
+CVE-2020-19417 (Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users ...)
+ NOT-FOR-US: Emerson Smart Wireless Gateway 1420
+CVE-2020-19416
+ RESERVED
+CVE-2020-19415
+ RESERVED
+CVE-2020-19414
+ RESERVED
+CVE-2020-19413
+ RESERVED
+CVE-2020-19412
+ RESERVED
+CVE-2020-19411
+ RESERVED
+CVE-2020-19410
+ RESERVED
+CVE-2020-19409
+ RESERVED
+CVE-2020-19408
+ RESERVED
+CVE-2020-19407
+ RESERVED
+CVE-2020-19406
+ RESERVED
+CVE-2020-19405
+ RESERVED
+CVE-2020-19404
+ RESERVED
+CVE-2020-19403
+ RESERVED
+CVE-2020-19402
+ RESERVED
+CVE-2020-19401
+ RESERVED
+CVE-2020-19400
+ RESERVED
+CVE-2020-19399
+ RESERVED
+CVE-2020-19398
+ RESERVED
+CVE-2020-19397
+ RESERVED
+CVE-2020-19396
+ RESERVED
+CVE-2020-19395
+ RESERVED
+CVE-2020-19394
+ RESERVED
+CVE-2020-19393
+ RESERVED
+CVE-2020-19392
+ RESERVED
+CVE-2020-19391
+ RESERVED
+CVE-2020-19390
+ RESERVED
+CVE-2020-19389
+ RESERVED
+CVE-2020-19388
+ RESERVED
+CVE-2020-19387
+ RESERVED
+CVE-2020-19386
+ RESERVED
+CVE-2020-19385
+ RESERVED
+CVE-2020-19384
+ RESERVED
+CVE-2020-19383
+ RESERVED
+CVE-2020-19382
+ RESERVED
+CVE-2020-19381
+ RESERVED
+CVE-2020-19380
+ RESERVED
+CVE-2020-19379
+ RESERVED
+CVE-2020-19378
+ RESERVED
+CVE-2020-19377
+ RESERVED
+CVE-2020-19376
+ RESERVED
+CVE-2020-19375
+ RESERVED
+CVE-2020-19374
+ RESERVED
+CVE-2020-19373
+ RESERVED
+CVE-2020-19372
+ RESERVED
+CVE-2020-19371
+ RESERVED
+CVE-2020-19370
+ RESERVED
+CVE-2020-19369
+ RESERVED
+CVE-2020-19368
+ RESERVED
+CVE-2020-19367
+ RESERVED
+CVE-2020-19366
+ RESERVED
+CVE-2020-19365
+ RESERVED
+CVE-2020-19364 (OpenEMR 5.0.1 allows an authenticated attacker to upload and execute m ...)
+ NOT-FOR-US: OpenEMR
+CVE-2020-19363 (Vtiger CRM v7.2.0 allows an attacker to display hidden files, list dir ...)
+ NOT-FOR-US: Vtiger CRM
+CVE-2020-19362 (Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the ...)
+ NOT-FOR-US: Vtiger CRM
+CVE-2020-19361 (Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 ...)
+ NOT-FOR-US: Medintux
+CVE-2020-19360 (Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper fil ...)
+ NOT-FOR-US: FHEM
+CVE-2020-19359
+ RESERVED
+CVE-2020-19358
+ RESERVED
+CVE-2020-19357
+ RESERVED
+CVE-2020-19356
+ RESERVED
+CVE-2020-19355
+ RESERVED
+CVE-2020-19354
+ RESERVED
+CVE-2020-19353
+ RESERVED
+CVE-2020-19352
+ RESERVED
+CVE-2020-19351
+ RESERVED
+CVE-2020-19350
+ RESERVED
+CVE-2020-19349
+ RESERVED
+CVE-2020-19348
+ RESERVED
+CVE-2020-19347
+ RESERVED
+CVE-2020-19346
+ RESERVED
+CVE-2020-19345
+ RESERVED
+CVE-2020-19344
+ RESERVED
+CVE-2020-19343
+ RESERVED
+CVE-2020-19342
+ RESERVED
+CVE-2020-19341
+ RESERVED
+CVE-2020-19340
+ RESERVED
+CVE-2020-19339
+ RESERVED
+CVE-2020-19338
+ RESERVED
+CVE-2020-19337
+ RESERVED
+CVE-2020-19336
+ RESERVED
+CVE-2020-19335
+ RESERVED
+CVE-2020-19334
+ RESERVED
+CVE-2020-19333
+ RESERVED
+CVE-2020-19332
+ RESERVED
+CVE-2020-19331
+ RESERVED
+CVE-2020-19330
+ RESERVED
+CVE-2020-19329
+ RESERVED
+CVE-2020-19328
+ RESERVED
+CVE-2020-19327
+ RESERVED
+CVE-2020-19326
+ RESERVED
+CVE-2020-19325
+ RESERVED
+CVE-2020-19324
+ RESERVED
+CVE-2020-19323
+ RESERVED
+CVE-2020-19322
+ RESERVED
+CVE-2020-19321
+ RESERVED
+CVE-2020-19320
+ RESERVED
+CVE-2020-19319
+ RESERVED
+CVE-2020-19318
+ RESERVED
+CVE-2020-19317
+ RESERVED
+CVE-2020-19316 (OS Command injection vulnerability in function link in Filesystem.php ...)
+ - php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+ NOTE: http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/
+ NOTE: https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31 (5.8.17)
+CVE-2020-19315
+ RESERVED
+CVE-2020-19314
+ RESERVED
+CVE-2020-19313
+ RESERVED
+CVE-2020-19312
+ RESERVED
+CVE-2020-19311
+ RESERVED
+CVE-2020-19310
+ RESERVED
+CVE-2020-19309
+ RESERVED
+CVE-2020-19308
+ RESERVED
+CVE-2020-19307
+ RESERVED
+CVE-2020-19306
+ RESERVED
+CVE-2020-19305 (An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 ...)
+ NOT-FOR-US: Metinfo
+CVE-2020-19304 (An issue in /admin/index.php?n=system&amp;c=filept&amp;a=doGetFileList ...)
+ NOT-FOR-US: Metinfo
+CVE-2020-19303 (An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 ...)
+ NOT-FOR-US: hdcms
+CVE-2020-19302 (An arbitrary file upload vulnerability in the avatar upload function o ...)
+ NOT-FOR-US: vaeThink
+CVE-2020-19301 (A vulnerability in the vae_admin_rule database table of vaeThink v1.0. ...)
+ NOT-FOR-US: vaeThink
+CVE-2020-19300
+ RESERVED
+CVE-2020-19299
+ RESERVED
+CVE-2020-19298
+ RESERVED
+CVE-2020-19297
+ RESERVED
+CVE-2020-19296
+ RESERVED
+CVE-2020-19295 (A reflected cross-site scripting (XSS) vulnerability in the /weibo/top ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19294 (A stored cross-site scripting (XSS) vulnerability in the /article/comm ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19293 (A stored cross-site scripting (XSS) vulnerability in the /article/add ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19292 (A stored cross-site scripting (XSS) vulnerability in the /question/ask ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19291 (A stored cross-site scripting (XSS) vulnerability in the /weibo/publis ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19290 (A stored cross-site scripting (XSS) vulnerability in the /weibo/commen ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19289 (A stored cross-site scripting (XSS) vulnerability in the /member/pictu ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19288 (A stored cross-site scripting (XSS) vulnerability in the /localhost/u ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19287 (A stored cross-site scripting (XSS) vulnerability in the /group/post c ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19286 (A stored cross-site scripting (XSS) vulnerability in the /question/det ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19285 (A stored cross-site scripting (XSS) vulnerability in the /group/apply ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19284 (A stored cross-site scripting (XSS) vulnerability in the /group/commen ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19283 (A reflected cross-site scripting (XSS) vulnerability in the /newVersio ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19282 (A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 a ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19281 (A stored cross-site scripting (XSS) vulnerability in the /manage/login ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19280 (Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-19279
+ RESERVED
+CVE-2020-19278
+ RESERVED
+CVE-2020-19277
+ RESERVED
+CVE-2020-19276
+ RESERVED
+CVE-2020-19275 (An Information Disclosure vulnerability exists in dhcms 2017-09-18 whe ...)
+ NOT-FOR-US: dhcms
+CVE-2020-19274 (A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 ...)
+ NOT-FOR-US: dhcms
+CVE-2020-19273
+ RESERVED
+CVE-2020-19272
+ RESERVED
+CVE-2020-19271
+ RESERVED
+CVE-2020-19270
+ RESERVED
+CVE-2020-19269
+ RESERVED
+CVE-2020-19268 (A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of ...)
+ NOT-FOR-US: Dswjcms
+CVE-2020-19267 (An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows ...)
+ NOT-FOR-US: Dswjcms
+CVE-2020-19266 (A stored cross-site scripting (XSS) vulnerability in the index.php/Dsw ...)
+ NOT-FOR-US: Dswjcms
+CVE-2020-19265 (A stored cross-site scripting (XSS) vulnerability in the index.php/Dsw ...)
+ NOT-FOR-US: Dswjcms
+CVE-2020-19264 (A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers ...)
+ NOT-FOR-US: MipCMS
+CVE-2020-19263 (A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers ...)
+ NOT-FOR-US: MipCMS
+CVE-2020-19262
+ RESERVED
+CVE-2020-19261
+ RESERVED
+CVE-2020-19260
+ RESERVED
+CVE-2020-19259
+ RESERVED
+CVE-2020-19258
+ RESERVED
+CVE-2020-19257
+ RESERVED
+CVE-2020-19256
+ RESERVED
+CVE-2020-19255
+ RESERVED
+CVE-2020-19254
+ RESERVED
+CVE-2020-19253
+ RESERVED
+CVE-2020-19252
+ RESERVED
+CVE-2020-19251
+ RESERVED
+CVE-2020-19250
+ RESERVED
+CVE-2020-19249
+ RESERVED
+CVE-2020-19248
+ RESERVED
+CVE-2020-19247
+ RESERVED
+CVE-2020-19246
+ RESERVED
+CVE-2020-19245
+ RESERVED
+CVE-2020-19244
+ RESERVED
+CVE-2020-19243
+ RESERVED
+CVE-2020-19242
+ RESERVED
+CVE-2020-19241
+ RESERVED
+CVE-2020-19240
+ RESERVED
+CVE-2020-19239
+ RESERVED
+CVE-2020-19238
+ RESERVED
+CVE-2020-19237
+ RESERVED
+CVE-2020-19236
+ RESERVED
+CVE-2020-19235
+ RESERVED
+CVE-2020-19234
+ RESERVED
+CVE-2020-19233
+ RESERVED
+CVE-2020-19232
+ RESERVED
+CVE-2020-19231
+ RESERVED
+CVE-2020-19230
+ RESERVED
+CVE-2020-19229
+ RESERVED
+CVE-2020-19228
+ RESERVED
+CVE-2020-19227
+ RESERVED
+CVE-2020-19226
+ RESERVED
+CVE-2020-19225
+ RESERVED
+CVE-2020-19224
+ RESERVED
+CVE-2020-19223
+ RESERVED
+CVE-2020-19222
+ RESERVED
+CVE-2020-19221
+ RESERVED
+CVE-2020-19220
+ RESERVED
+CVE-2020-19219
+ RESERVED
+CVE-2020-19218
+ RESERVED
+CVE-2020-19217
+ RESERVED
+CVE-2020-19216
+ RESERVED
+CVE-2020-19215
+ RESERVED
+CVE-2020-19214
+ RESERVED
+CVE-2020-19213
+ RESERVED
+CVE-2020-19212
+ RESERVED
+CVE-2020-19211
+ RESERVED
+CVE-2020-19210
+ RESERVED
+CVE-2020-19209
+ RESERVED
+CVE-2020-19208
+ RESERVED
+CVE-2020-19207
+ RESERVED
+CVE-2020-19206
+ RESERVED
+CVE-2020-19205
+ RESERVED
+CVE-2020-19204 (An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exis ...)
+ NOT-FOR-US: IPFire
+CVE-2020-19203 (An authenticated Cross-Site Scripting (XSS) vulnerability was found in ...)
+ NOT-FOR-US: Netgate pfSense Community Edition
+CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...)
+ NOT-FOR-US: IPFire
+CVE-2020-19201 (A Stored Cross-Site Scripting (XSS) vulnerability was found in status_ ...)
+ NOT-FOR-US: Netgate pfSense
+CVE-2020-19200
+ RESERVED
+CVE-2020-19199 (A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2. ...)
+ NOT-FOR-US: PHPOK
+CVE-2020-19198
+ RESERVED
+CVE-2020-19197
+ RESERVED
+CVE-2020-19196
+ RESERVED
+CVE-2020-19195
+ RESERVED
+CVE-2020-19194
+ RESERVED
+CVE-2020-19193
+ RESERVED
+CVE-2020-19192
+ RESERVED
+CVE-2020-19191
+ RESERVED
+CVE-2020-19190
+ RESERVED
+CVE-2020-19189
+ RESERVED
+CVE-2020-19188
+ RESERVED
+CVE-2020-19187
+ RESERVED
+CVE-2020-19186
+ RESERVED
+CVE-2020-19185
+ RESERVED
+CVE-2020-19184
+ RESERVED
+CVE-2020-19183
+ RESERVED
+CVE-2020-19182
+ RESERVED
+CVE-2020-19181
+ RESERVED
+CVE-2020-19180
+ RESERVED
+CVE-2020-19179
+ RESERVED
+CVE-2020-19178
+ RESERVED
+CVE-2020-19177
+ RESERVED
+CVE-2020-19176
+ RESERVED
+CVE-2020-19175
+ RESERVED
+CVE-2020-19174
+ RESERVED
+CVE-2020-19173
+ RESERVED
+CVE-2020-19172
+ RESERVED
+CVE-2020-19171
+ RESERVED
+CVE-2020-19170
+ RESERVED
+CVE-2020-19169
+ RESERVED
+CVE-2020-19168
+ RESERVED
+CVE-2020-19167
+ RESERVED
+CVE-2020-19166
+ RESERVED
+CVE-2020-19165 (PHPSHE 1.7 has SQL injection via the admin.php?mod=user&amp;userlevel_ ...)
+ NOT-FOR-US: PHPSHE
+CVE-2020-19164
+ RESERVED
+CVE-2020-19163
+ RESERVED
+CVE-2020-19162
+ RESERVED
+CVE-2020-19161
+ RESERVED
+CVE-2020-19160
+ RESERVED
+CVE-2020-19159 (Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attacke ...)
+ NOT-FOR-US: LaikeTui
+CVE-2020-19158 (Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows ...)
+ NOT-FOR-US: S-CMS
+CVE-2020-19157 (Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers t ...)
+ NOT-FOR-US: Wenku CMS
+CVE-2020-19156 (Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers t ...)
+ NOT-FOR-US: Wordpress ari-adminer
+CVE-2020-19155 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
+ NOT-FOR-US: Jfinal CMS
+CVE-2020-19154 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
+ NOT-FOR-US: Jfinal CMS
+CVE-2020-19153
+ RESERVED
+CVE-2020-19152
+ RESERVED
+CVE-2020-19151 (Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attac ...)
+ NOT-FOR-US: Jfinal CMS
+CVE-2020-19150 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
+ NOT-FOR-US: Jfinal CMS
+CVE-2020-19149
+ RESERVED
+CVE-2020-19148 (Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows rem ...)
+ NOT-FOR-US: Jfinal CMS
+CVE-2020-19147 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
+ NOT-FOR-US: Jfinal CMS
+CVE-2020-19146 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...)
+ NOT-FOR-US: Jfinal CMS
+CVE-2020-19145
+ RESERVED
+CVE-2020-19144 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...)
+ {DLA-2777-1}
+ - tiff 4.0.10+git190814-1
+ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2852
+ NOTE: https://gitlab.com/libtiff/libtiff/-/issues/159
+ NOTE: Fixed around https://gitlab.com/libtiff/libtiff/-/commit/1fb9e731ef3e4ceb7af128ce298adb271088064f (v4.1.0)
+CVE-2020-19143 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...)
+ {DSA-4997-1}
+ - tiff 4.1.0+git201212-1
+ [stretch] - tiff <not-affected> (Vulnerable code introduced later)
+ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2851
+ NOTE: https://gitlab.com/libtiff/libtiff/-/issues/158
+ NOTE: Introduced with: https://gitlab.com/libtiff/libtiff/-/commit/9eacd59fecc4ef593ac17689bc530ab451c8ec14 (v4.0.10)
+ NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/54ce8c522078cd0f39861df71db848648ec28ade (v4.2.0)
+CVE-2020-19142 (iCMS 7 attackers to execute arbitrary OS commands via shell metacharac ...)
+ NOT-FOR-US: idreamsoft iCMS
+CVE-2020-19141
+ RESERVED
+CVE-2020-19140
+ RESERVED
+CVE-2020-19139
+ RESERVED
+CVE-2020-19138 (Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and e ...)
+ NOT-FOR-US: DotCMS
+CVE-2020-19137 (Incorrect Access Control in Autumn v1.0.4 and earlier allows remote at ...)
+ NOT-FOR-US: Autumn
+CVE-2020-19136
+ RESERVED
+CVE-2020-19135
+ RESERVED
+CVE-2020-19134
+ RESERVED
+CVE-2020-19133
+ RESERVED
+CVE-2020-19132
+ RESERVED
+CVE-2020-19131 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...)
+ {DLA-2777-1}
+ - tiff 4.0.10+git190814-1
+ NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2831
+ NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/61
+ NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9cfa5c469109c207bf3b916c52e618d4400ba2c0 (v4.1.0)
+CVE-2020-19130
+ RESERVED
+CVE-2020-19129
+ RESERVED
+CVE-2020-19128
+ RESERVED
+CVE-2020-19127
+ RESERVED
+CVE-2020-19126
+ RESERVED
+CVE-2020-19125
+ RESERVED
+CVE-2020-19124
+ RESERVED
+CVE-2020-19123
+ RESERVED
+CVE-2020-19122
+ RESERVED
+CVE-2020-19121
+ RESERVED
+CVE-2020-19120
+ RESERVED
+CVE-2020-19119
+ RESERVED
+CVE-2020-19118 (Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_cod ...)
+ NOT-FOR-US: YzmCMS
+CVE-2020-19117
+ RESERVED
+CVE-2020-19116
+ RESERVED
+CVE-2020-19115
+ RESERVED
+CVE-2020-19114 (SQL Injection vulnerability in Online Book Store v1.0 via the publishe ...)
+ NOT-FOR-US: Online Book Store
+CVE-2020-19113 (Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin ...)
+ NOT-FOR-US: Online Book Store
+CVE-2020-19112 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...)
+ NOT-FOR-US: Online Book Store
+CVE-2020-19111 (Incorrect Access Control vulnerability in Online Book Store v1.0 via a ...)
+ NOT-FOR-US: Online Book Store
+CVE-2020-19110 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...)
+ NOT-FOR-US: Online Book Store
+CVE-2020-19109 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...)
+ NOT-FOR-US: Online Book Store
+CVE-2020-19108 (SQL Injection vulnerability in Online Book Store v1.0 via the pubid pa ...)
+ NOT-FOR-US: Online Book Store
+CVE-2020-19107 (SQL Injection vulnerability in Online Book Store v1.0 via the isbn par ...)
+ NOT-FOR-US: Online Book Store
+CVE-2020-19106
+ RESERVED
+CVE-2020-19105
+ RESERVED
+CVE-2020-19104
+ RESERVED
+CVE-2020-19103
+ RESERVED
+CVE-2020-19102
+ RESERVED
+CVE-2020-19101
+ RESERVED
+CVE-2020-19100
+ RESERVED
+CVE-2020-19099
+ RESERVED
+CVE-2020-19098
+ RESERVED
+CVE-2020-19097
+ RESERVED
+CVE-2020-19096
+ RESERVED
+CVE-2020-19095
+ RESERVED
+CVE-2020-19094
+ RESERVED
+CVE-2020-19093
+ RESERVED
+CVE-2020-19092
+ RESERVED
+CVE-2020-19091
+ RESERVED
+CVE-2020-19090
+ RESERVED
+CVE-2020-19089
+ RESERVED
+CVE-2020-19088
+ RESERVED
+CVE-2020-19087
+ RESERVED
+CVE-2020-19086
+ RESERVED
+CVE-2020-19085
+ RESERVED
+CVE-2020-19084
+ RESERVED
+CVE-2020-19083
+ RESERVED
+CVE-2020-19082
+ RESERVED
+CVE-2020-19081
+ RESERVED
+CVE-2020-19080
+ RESERVED
+CVE-2020-19079
+ RESERVED
+CVE-2020-19078
+ RESERVED
+CVE-2020-19077
+ RESERVED
+CVE-2020-19076
+ RESERVED
+CVE-2020-19075
+ RESERVED
+CVE-2020-19074
+ RESERVED
+CVE-2020-19073
+ RESERVED
+CVE-2020-19072
+ RESERVED
+CVE-2020-19071
+ RESERVED
+CVE-2020-19070
+ RESERVED
+CVE-2020-19069
+ RESERVED
+CVE-2020-19068
+ RESERVED
+CVE-2020-19067
+ RESERVED
+CVE-2020-19066
+ RESERVED
+CVE-2020-19065
+ RESERVED
+CVE-2020-19064
+ RESERVED
+CVE-2020-19063
+ RESERVED
+CVE-2020-19062
+ RESERVED
+CVE-2020-19061
+ RESERVED
+CVE-2020-19060
+ RESERVED
+CVE-2020-19059
+ RESERVED
+CVE-2020-19058
+ RESERVED
+CVE-2020-19057
+ RESERVED
+CVE-2020-19056
+ RESERVED
+CVE-2020-19055
+ RESERVED
+CVE-2020-19054
+ RESERVED
+CVE-2020-19053
+ RESERVED
+CVE-2020-19052
+ RESERVED
+CVE-2020-19051
+ RESERVED
+CVE-2020-19050
+ RESERVED
+CVE-2020-19049 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to ...)
+ NOT-FOR-US: MyBB
+CVE-2020-19048 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to ...)
+ NOT-FOR-US: MyBB
+CVE-2020-19047 (Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatck ...)
+ NOT-FOR-US: iWebShop
+CVE-2020-19046 (Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to ex ...)
+ NOT-FOR-US: S-CMS
+CVE-2020-19045
+ RESERVED
+CVE-2020-19044
+ RESERVED
+CVE-2020-19043
+ RESERVED
+CVE-2020-19042 (Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via ...)
+ NOT-FOR-US: zzcms
+CVE-2020-19041
+ RESERVED
+CVE-2020-19040
+ RESERVED
+CVE-2020-19039
+ RESERVED
+CVE-2020-19038 (File Deletion vulnerability in Halo 0.4.3 via delBackup. ...)
+ NOT-FOR-US: Halo
+CVE-2020-19037 (Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a m ...)
+ NOT-FOR-US: Halo
+CVE-2020-19036
+ RESERVED
+CVE-2020-19035
+ RESERVED
+CVE-2020-19034
+ RESERVED
+CVE-2020-19033
+ RESERVED
+CVE-2020-19032
+ RESERVED
+CVE-2020-19031
+ RESERVED
+CVE-2020-19030
+ RESERVED
+CVE-2020-19029
+ RESERVED
+CVE-2020-19028
+ RESERVED
+CVE-2020-19027
+ RESERVED
+CVE-2020-19026
+ RESERVED
+CVE-2020-19025
+ RESERVED
+CVE-2020-19024
+ RESERVED
+CVE-2020-19023
+ RESERVED
+CVE-2020-19022
+ RESERVED
+CVE-2020-19021
+ RESERVED
+CVE-2020-19020
+ RESERVED
+CVE-2020-19019
+ RESERVED
+CVE-2020-19018
+ RESERVED
+CVE-2020-19017
+ RESERVED
+CVE-2020-19016
+ RESERVED
+CVE-2020-19015
+ RESERVED
+CVE-2020-19014
+ RESERVED
+CVE-2020-19013
+ RESERVED
+CVE-2020-19012
+ RESERVED
+CVE-2020-19011
+ RESERVED
+CVE-2020-19010
+ RESERVED
+CVE-2020-19009
+ RESERVED
+CVE-2020-19008
+ RESERVED
+CVE-2020-19007 (Halo blog 1.2.0 allows users to submit comments on blog posts via /api ...)
+ NOT-FOR-US: Halo blog
+CVE-2020-19006
+ RESERVED
+CVE-2020-19005 (zrlog v2.1.0 has a vulnerability with the permission check. If admin a ...)
+ NOT-FOR-US: zrlog
+CVE-2020-19004
+ RESERVED
+CVE-2020-19003 (An issue in Gate One 1.2.0 allows attackers to bypass to the verificat ...)
+ NOT-FOR-US: Gate One
+CVE-2020-19002 (Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers ...)
+ NOT-FOR-US: Mezzanine CMS
+CVE-2020-19001 (Command Injection in Simiki v1.6.2.1 and prior allows remote attackers ...)
+ NOT-FOR-US: Simiki
+CVE-2020-19000 (Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote ...)
+ NOT-FOR-US: Simiki
+CVE-2020-18999 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers t ...)
+ NOT-FOR-US: Blog_mini
+CVE-2020-18998 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers t ...)
+ NOT-FOR-US: Blog_mini
+CVE-2020-18997
+ RESERVED
+CVE-2020-18996
+ RESERVED
+CVE-2020-18995
+ RESERVED
+CVE-2020-18994
+ RESERVED
+CVE-2020-18993
+ RESERVED
+CVE-2020-18992
+ RESERVED
+CVE-2020-18991
+ RESERVED
+CVE-2020-18990
+ RESERVED
+CVE-2020-18989
+ RESERVED
+CVE-2020-18988
+ RESERVED
+CVE-2020-18987
+ RESERVED
+CVE-2020-18986
+ RESERVED
+CVE-2020-18985 (An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboratio ...)
+ NOT-FOR-US: Zimbra
+CVE-2020-18984 (A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmi ...)
+ NOT-FOR-US: Zimbra
+CVE-2020-18983
+ RESERVED
+CVE-2020-18982 (Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAutho ...)
+ NOT-FOR-US: Halo
+CVE-2020-18981
+ RESERVED
+CVE-2020-18980 (Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr an ...)
+ NOT-FOR-US: Halo
+CVE-2020-18979 (Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwa ...)
+ NOT-FOR-US: Halo
+CVE-2020-18978
+ RESERVED
+CVE-2020-18977
+ RESERVED
+CVE-2020-18976 (Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial ...)
+ - tcpreplay 4.3.3-1 (unimportant)
+ NOTE: https://github.com/appneta/tcpreplay/issues/556
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-18975
+ RESERVED
+CVE-2020-18974 (Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers ...)
+ - nasm <unfixed> (unimportant)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392568
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-18973
+ RESERVED
+CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v ...)
+ - libpodofo <unfixed>
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
+ [buster] - libpodofo <no-dsa> (Minor issue)
+ [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://sourceforge.net/p/podofo/tickets/49/
+CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...)
+ - libpodofo <unfixed>
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
+ [buster] - libpodofo <no-dsa> (Minor issue)
+ [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://sourceforge.net/p/podofo/tickets/48/
+CVE-2020-18970
+ RESERVED
+CVE-2020-18969
+ RESERVED
+CVE-2020-18968
+ RESERVED
+CVE-2020-18967
+ RESERVED
+CVE-2020-18966
+ RESERVED
+CVE-2020-18965
+ RESERVED
+CVE-2020-18964 (Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest v ...)
+ NOT-FOR-US: ForestBlog
+CVE-2020-18963
+ RESERVED
+CVE-2020-18962
+ RESERVED
+CVE-2020-18961
+ RESERVED
+CVE-2020-18960
+ RESERVED
+CVE-2020-18959
+ RESERVED
+CVE-2020-18958
+ RESERVED
+CVE-2020-18957
+ RESERVED
+CVE-2020-18956
+ RESERVED
+CVE-2020-18955
+ RESERVED
+CVE-2020-18954
+ RESERVED
+CVE-2020-18953
+ RESERVED
+CVE-2020-18952
+ RESERVED
+CVE-2020-18951
+ RESERVED
+CVE-2020-18950
+ RESERVED
+CVE-2020-18949
+ RESERVED
+CVE-2020-18948
+ RESERVED
+CVE-2020-18947
+ RESERVED
+CVE-2020-18946
+ RESERVED
+CVE-2020-18945
+ RESERVED
+CVE-2020-18944
+ RESERVED
+CVE-2020-18943
+ RESERVED
+CVE-2020-18942
+ RESERVED
+CVE-2020-18941
+ RESERVED
+CVE-2020-18940
+ RESERVED
+CVE-2020-18939
+ RESERVED
+CVE-2020-18938
+ RESERVED
+CVE-2020-18937
+ RESERVED
+CVE-2020-18936
+ RESERVED
+CVE-2020-18935
+ RESERVED
+CVE-2020-18934
+ RESERVED
+CVE-2020-18933
+ RESERVED
+CVE-2020-18932
+ RESERVED
+CVE-2020-18931
+ RESERVED
+CVE-2020-18930
+ RESERVED
+CVE-2020-18929
+ RESERVED
+CVE-2020-18928
+ RESERVED
+CVE-2020-18927
+ RESERVED
+CVE-2020-18926
+ RESERVED
+CVE-2020-18925
+ RESERVED
+CVE-2020-18924
+ RESERVED
+CVE-2020-18923
+ RESERVED
+CVE-2020-18922
+ RESERVED
+CVE-2020-18921
+ RESERVED
+CVE-2020-18920
+ RESERVED
+CVE-2020-18919
+ RESERVED
+CVE-2020-18918
+ RESERVED
+CVE-2020-18917 (The plus/search.php component in DedeCMS 5.7 SP2 allows remote attacke ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-18916
+ RESERVED
+CVE-2020-18915
+ RESERVED
+CVE-2020-18914
+ RESERVED
+CVE-2020-18913 (EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerabi ...)
+ NOT-FOR-US: EARCLINK ESPCMS-P8
+CVE-2020-18912
+ RESERVED
+CVE-2020-18911
+ RESERVED
+CVE-2020-18910
+ RESERVED
+CVE-2020-18909
+ RESERVED
+CVE-2020-18908
+ RESERVED
+CVE-2020-18907
+ RESERVED
+CVE-2020-18906
+ RESERVED
+CVE-2020-18905
+ RESERVED
+CVE-2020-18904
+ RESERVED
+CVE-2020-18903
+ RESERVED
+CVE-2020-18902
+ RESERVED
+CVE-2020-18901
+ RESERVED
+CVE-2020-18900 (** DISPUTED ** A heap-based buffer overflow in the libexe_io_handle_re ...)
+ NOT-FOR-US: libyal
+CVE-2020-18899 (An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof( ...)
+ - exiv2 0.27.2-6
+ [buster] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/issues/742
+ NOTE: https://github.com/Exiv2/exiv2/commit/051b5d9df1f4669117937b7a40104404cc252993 (0.27.1)
+CVE-2020-18898 (A stack exhaustion issue in the printIFDStructure function of Exiv2 0. ...)
+ - exiv2 <unfixed> (unimportant)
+ NOTE: https://github.com/Exiv2/exiv2/issues/741
+ NOTE: Negligible security impact, issue in debugging only function
+CVE-2020-18897 (An use-after-free vulnerability in the libpff_item_tree_create_node fu ...)
+ - libpff 20180714-1
+ [stretch] - libpff <no-dsa> (Minor issue)
+ NOTE: https://github.com/libyal/libpff/issues/61
+ NOTE: https://github.com/libyal/libpff/issues/62
+ NOTE: https://github.com/libyal/libpff/commit/effae88adfc9def45be0bb7ff27d20ce133d8c7c
+CVE-2020-18896
+ RESERVED
+CVE-2020-18895
+ RESERVED
+CVE-2020-18894
+ RESERVED
+CVE-2020-18893
+ RESERVED
+CVE-2020-18892
+ RESERVED
+CVE-2020-18891
+ RESERVED
+CVE-2020-18890 (Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insec ...)
+ NOT-FOR-US: puppyCMS
+CVE-2020-18889 (Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that ...)
+ NOT-FOR-US: puppyCMS
+CVE-2020-18888 (Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote m ...)
+ NOT-FOR-US: puppyCMS
+CVE-2020-18887
+ RESERVED
+CVE-2020-18886 (Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to ...)
+ NOT-FOR-US: PHPMyWind
+CVE-2020-18885 (Command Injection in PHPMyWind v5.6 allows remote attackers to execute ...)
+ NOT-FOR-US: PHPMyWind
+CVE-2020-18884
+ RESERVED
+CVE-2020-18883
+ RESERVED
+CVE-2020-18882
+ RESERVED
+CVE-2020-18881
+ RESERVED
+CVE-2020-18880
+ RESERVED
+CVE-2020-18879 (Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to e ...)
+ NOT-FOR-US: Bludit
+CVE-2020-18878 (Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain ...)
+ NOT-FOR-US: Skycaiji
+CVE-2020-18877 (SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain se ...)
+ NOT-FOR-US: Wuzhi CMS
+CVE-2020-18876
+ RESERVED
+CVE-2020-18875 (Incorrect Access Control in DotCMS versions before 5.1 allows remote a ...)
+ NOT-FOR-US: DotCMS
+CVE-2020-18874
+ RESERVED
+CVE-2020-18873
+ RESERVED
+CVE-2020-18872
+ RESERVED
+CVE-2020-18871
+ RESERVED
+CVE-2020-18870
+ RESERVED
+CVE-2020-18869
+ RESERVED
+CVE-2020-18868
+ RESERVED
+CVE-2020-18867
+ RESERVED
+CVE-2020-18866
+ RESERVED
+CVE-2020-18865
+ RESERVED
+CVE-2020-18864
+ RESERVED
+CVE-2020-18863
+ RESERVED
+CVE-2020-18862
+ RESERVED
+CVE-2020-18861
+ RESERVED
+CVE-2020-18860
+ RESERVED
+CVE-2020-18859
+ RESERVED
+CVE-2020-18858
+ RESERVED
+CVE-2020-18857
+ RESERVED
+CVE-2020-18856
+ RESERVED
+CVE-2020-18855
+ RESERVED
+CVE-2020-18854
+ RESERVED
+CVE-2020-18853
+ RESERVED
+CVE-2020-18852
+ RESERVED
+CVE-2020-18851
+ RESERVED
+CVE-2020-18850
+ RESERVED
+CVE-2020-18849
+ RESERVED
+CVE-2020-18848
+ RESERVED
+CVE-2020-18847
+ RESERVED
+CVE-2020-18846
+ RESERVED
+CVE-2020-18845
+ RESERVED
+CVE-2020-18844
+ RESERVED
+CVE-2020-18843
+ RESERVED
+CVE-2020-18842
+ RESERVED
+CVE-2020-18841
+ RESERVED
+CVE-2020-18840
+ RESERVED
+CVE-2020-18839
+ RESERVED
+CVE-2020-18838
+ RESERVED
+CVE-2020-18837
+ RESERVED
+CVE-2020-18836
+ RESERVED
+CVE-2020-18835
+ RESERVED
+CVE-2020-18834
+ RESERVED
+CVE-2020-18833
+ RESERVED
+CVE-2020-18832
+ RESERVED
+CVE-2020-18831
+ RESERVED
+CVE-2020-18830
+ RESERVED
+CVE-2020-18829
+ RESERVED
+CVE-2020-18828
+ RESERVED
+CVE-2020-18827
+ RESERVED
+CVE-2020-18826
+ RESERVED
+CVE-2020-18825
+ RESERVED
+CVE-2020-18824
+ RESERVED
+CVE-2020-18823
+ RESERVED
+CVE-2020-18822
+ RESERVED
+CVE-2020-18821
+ RESERVED
+CVE-2020-18820
+ RESERVED
+CVE-2020-18819
+ RESERVED
+CVE-2020-18818
+ RESERVED
+CVE-2020-18817
+ RESERVED
+CVE-2020-18816
+ RESERVED
+CVE-2020-18815
+ RESERVED
+CVE-2020-18814
+ RESERVED
+CVE-2020-18813
+ RESERVED
+CVE-2020-18812
+ RESERVED
+CVE-2020-18811
+ RESERVED
+CVE-2020-18810
+ RESERVED
+CVE-2020-18809
+ RESERVED
+CVE-2020-18808
+ RESERVED
+CVE-2020-18807
+ RESERVED
+CVE-2020-18806
+ RESERVED
+CVE-2020-18805
+ RESERVED
+CVE-2020-18804
+ RESERVED
+CVE-2020-18803
+ RESERVED
+CVE-2020-18802
+ RESERVED
+CVE-2020-18801
+ RESERVED
+CVE-2020-18800
+ RESERVED
+CVE-2020-18799
+ RESERVED
+CVE-2020-18798
+ RESERVED
+CVE-2020-18797
+ RESERVED
+CVE-2020-18796
+ RESERVED
+CVE-2020-18795
+ RESERVED
+CVE-2020-18794
+ RESERVED
+CVE-2020-18793
+ RESERVED
+CVE-2020-18792
+ RESERVED
+CVE-2020-18791
+ RESERVED
+CVE-2020-18790
+ RESERVED
+CVE-2020-18789
+ RESERVED
+CVE-2020-18788
+ RESERVED
+CVE-2020-18787
+ RESERVED
+CVE-2020-18786
+ RESERVED
+CVE-2020-18785
+ RESERVED
+CVE-2020-18784
+ RESERVED
+CVE-2020-18783
+ RESERVED
+CVE-2020-18782
+ RESERVED
+CVE-2020-18781
+ RESERVED
+CVE-2020-18780
+ RESERVED
+CVE-2020-18779
+ RESERVED
+CVE-2020-18778 (In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_ ...)
+ - libav <removed>
+ NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1155
+CVE-2020-18777
+ RESERVED
+CVE-2020-18776 (In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr ...)
+ - libav <removed>
+ NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1153
+CVE-2020-18775 (In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_ ...)
+ - libav <removed>
+ NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1152
+CVE-2020-18774 (A float point exception in the printLong function in tags_int.cpp of E ...)
+ - exiv2 <unfixed> (unimportant)
+ NOTE: https://github.com/Exiv2/exiv2/issues/759
+ NOTE: Negligible security impact
+CVE-2020-18773 (An invalid memory access in the decode function in iptc.cpp of Exiv2 0 ...)
+ - exiv2 <unfixed> (unimportant)
+ NOTE: https://github.com/Exiv2/exiv2/issues/760
+ NOTE: Negligible security impact
+CVE-2020-18772
+ RESERVED
+CVE-2020-18771 (Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Niko ...)
+ - exiv2 0.27.2-6
+ [buster] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/issues/756
+CVE-2020-18770
+ RESERVED
+CVE-2020-18769
+ RESERVED
+CVE-2020-18768
+ RESERVED
+CVE-2020-18767
+ RESERVED
+CVE-2020-18766 (A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotel ...)
+ NOT-FOR-US: AntSword
+CVE-2020-18765
+ RESERVED
+CVE-2020-18764
+ RESERVED
+CVE-2020-18763
+ RESERVED
+CVE-2020-18762
+ RESERVED
+CVE-2020-18761
+ RESERVED
+CVE-2020-18760
+ RESERVED
+CVE-2020-18759 (An information disclosure vulnerability exists in the EPA protocol of ...)
+ NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100
+CVE-2020-18758 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...)
+ NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100
+CVE-2020-18757 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...)
+ NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100
+CVE-2020-18756 (An arbitrary memory access vulnerability in the EPA protocol of Dut Co ...)
+ NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100
+CVE-2020-18755
+ RESERVED
+CVE-2020-18754 (An information disclosure vulnerability exists within Dut Computer Con ...)
+ NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100
+CVE-2020-18753 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...)
+ NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100
+CVE-2020-18752
+ RESERVED
+CVE-2020-18751
+ RESERVED
+CVE-2020-18750 (Buffer overflow in pdf2json 0.69 allows local users to execute arbitra ...)
+ NOT-FOR-US: pdf2json
+CVE-2020-18749
+ RESERVED
+CVE-2020-18748 (Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execu ...)
+ NOT-FOR-US: Typora
+CVE-2020-18747
+ RESERVED
+CVE-2020-18746 (SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbit ...)
+ NOT-FOR-US: AiteCMS
+CVE-2020-18745
+ RESERVED
+CVE-2020-18744
+ RESERVED
+CVE-2020-18743
+ RESERVED
+CVE-2020-18742
+ RESERVED
+CVE-2020-18741 (Improper Authorization in ThinkSAAS v2.7 allows remote attackers to mo ...)
+ NOT-FOR-US: ThinkSAAS
+CVE-2020-18740
+ RESERVED
+CVE-2020-18739
+ RESERVED
+CVE-2020-18738
+ RESERVED
+CVE-2020-18737 (An issue was discovered in Typora 0.9.67. There is an XSS vulnerabilit ...)
+ NOT-FOR-US: Typora
+CVE-2020-18736
+ RESERVED
+CVE-2020-18735 (A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS ...)
+ NOT-FOR-US: Eclipse IOT Cyclone
+CVE-2020-18734 (A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS ...)
+ NOT-FOR-US: Eclipse IOT Cyclone
+CVE-2020-18733
+ RESERVED
+CVE-2020-18732
+ RESERVED
+CVE-2020-18731 (A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC ...)
+ NOT-FOR-US: IEC104
+CVE-2020-18730 (A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 ...)
+ NOT-FOR-US: IEC104
+CVE-2020-18729
+ RESERVED
+CVE-2020-18728
+ RESERVED
+CVE-2020-18727
+ RESERVED
+CVE-2020-18726
+ RESERVED
+CVE-2020-18725
+ RESERVED
+CVE-2020-18724 (Authenticated stored cross-site scripting (XSS) in the contact name fi ...)
+ NOT-FOR-US: MDaemon webmail
+CVE-2020-18723 (Stored cross-site scripting (XSS) in file attachment field in MDaemon ...)
+ NOT-FOR-US: MDaemon webmail
+CVE-2020-18722
+ RESERVED
+CVE-2020-18721
+ RESERVED
+CVE-2020-18720
+ RESERVED
+CVE-2020-18719
+ RESERVED
+CVE-2020-18718
+ RESERVED
+CVE-2020-18717 (SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execut ...)
+ NOT-FOR-US: ZZZCMS
+CVE-2020-18716 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...)
+ NOT-FOR-US: Rockoa
+CVE-2020-18715
+ REJECTED
+CVE-2020-18714 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...)
+ NOT-FOR-US: Rockoa
+CVE-2020-18713 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...)
+ NOT-FOR-US: Rockoa
+CVE-2020-18712
+ RESERVED
+CVE-2020-18711
+ RESERVED
+CVE-2020-18710
+ RESERVED
+CVE-2020-18709
+ RESERVED
+CVE-2020-18708
+ RESERVED
+CVE-2020-18707
+ RESERVED
+CVE-2020-18706
+ RESERVED
+CVE-2020-18705 (XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers t ...)
+ NOT-FOR-US: Quokka
+CVE-2020-18704 (Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 ...)
+ NOT-FOR-US: Django-Widgy
+CVE-2020-18703 (XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers t ...)
+ NOT-FOR-US: Quokka
+CVE-2020-18702 (Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to ...)
+ NOT-FOR-US: Quokka
+CVE-2020-18701 (Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attacke ...)
+ NOT-FOR-US: Lin-CMS-Flask
+CVE-2020-18700
+ RESERVED
+CVE-2020-18699 (Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attac ...)
+ NOT-FOR-US: Lin-CMS-Flask
+CVE-2020-18698 (Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attacker ...)
+ NOT-FOR-US: Lin-CMS-Flask
+CVE-2020-18697
+ RESERVED
+CVE-2020-18696
+ RESERVED
+CVE-2020-18695
+ RESERVED
+CVE-2020-18694 (Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote att ...)
+ NOT-FOR-US: IgnitedCMS
+CVE-2020-18693 (Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attacker ...)
+ NOT-FOR-US: MineWebCMS
+CVE-2020-18692
+ RESERVED
+CVE-2020-18691
+ RESERVED
+CVE-2020-18690
+ RESERVED
+CVE-2020-18689
+ RESERVED
+CVE-2020-18688
+ RESERVED
+CVE-2020-18687
+ RESERVED
+CVE-2020-18686
+ RESERVED
+CVE-2020-18685 (Floodlight through 1.2 has poor input validation in checkFlow in Stati ...)
+ NOT-FOR-US: Floodlight
+CVE-2020-18684 (Floodlight through 1.2 has an integer overflow in checkFlow in StaticF ...)
+ NOT-FOR-US: Floodlight
+CVE-2020-18683 (Floodlight through 1.2 has poor input validation in checkFlow in Stati ...)
+ NOT-FOR-US: Floodlight
+CVE-2020-18682
+ RESERVED
+CVE-2020-18681
+ RESERVED
+CVE-2020-18680
+ RESERVED
+CVE-2020-18679
+ RESERVED
+CVE-2020-18678
+ RESERVED
+CVE-2020-18677
+ RESERVED
+CVE-2020-18676
+ RESERVED
+CVE-2020-18675
+ RESERVED
+CVE-2020-18674
+ RESERVED
+CVE-2020-18673
+ RESERVED
+CVE-2020-18672
+ RESERVED
+CVE-2020-18671 (Cross Site Scripting (XSS) vulnerability in Roundcube Mail &lt;=1.4.4 ...)
+ - roundcube 1.4.5+dfsg.1-1
+ [buster] - roundcube 1.3.13+dfsg.1-1~deb10u1
+ [stretch] - roundcube <ignored> (Minor issue, XSS in installer which is not exposed in Debian)
+ NOTE: https://github.com/roundcube/roundcubemail/issues/7406
+ NOTE: https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12
+CVE-2020-18670 (Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via d ...)
+ - roundcube 1.4.5+dfsg.1-1
+ [buster] - roundcube 1.3.13+dfsg.1-1~deb10u1
+ [stretch] - roundcube <ignored> (Minor issue, XSS in installer which is not exposed in Debian)
+ NOTE: https://github.com/roundcube/roundcubemail/issues/7406
+ NOTE: https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12
+CVE-2020-18669
+ RESERVED
+CVE-2020-18668 (Cross Site Scripting (XSS) vulnerabililty in WebPort &lt;=1.19.1 via t ...)
+ NOT-FOR-US: WebPort
+CVE-2020-18667 (SQL Injection vulnerability in WebPort &lt;=1.19.1 via the new connect ...)
+ NOT-FOR-US: WebPort
+CVE-2020-18666
+ REJECTED
+CVE-2020-18665 (Directory Traversal vulnerability in WebPort &lt;=1.19.1 in tags of sy ...)
+ NOT-FOR-US: WebPort
+CVE-2020-18664 (Cross Site Scripting (XSS) vulnerability in WebPort &lt;=1.19.1via the ...)
+ NOT-FOR-US: WebPort
+CVE-2020-18663 (Cross Site Scripting (XSS) vulnerability in gnuboard5 &lt;=v5.3.2.8 vi ...)
+ NOT-FOR-US: gnuboard5
+CVE-2020-18662 (SQL Injection vulnerability in gnuboard5 &lt;=v5.3.2.8 via the table_p ...)
+ NOT-FOR-US: gnuboard5
+CVE-2020-18661 (Cross Site Scripting (XSS) vulnerability in gnuboard5 &lt;=v5.3.2.8 vi ...)
+ NOT-FOR-US: gnuboard5
+CVE-2020-18660 (GetSimpleCMS &lt;=3.3.15 has an open redirect in admin/changedata.php ...)
+ NOT-FOR-US: GetSimpleCMS
+CVE-2020-18659 (Cross Site Scripting vulnerability in GetSimpleCMS &lt;=3.3.15 via the ...)
+ NOT-FOR-US: GetSimpleCMS
+CVE-2020-18658 (Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS &lt;=3.3.15 ...)
+ NOT-FOR-US: GetSimpleCMS
+CVE-2020-18657 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS &lt;= 3.3.15 ...)
+ NOT-FOR-US: GetSimpleCMS
+CVE-2020-18656
+ RESERVED
+CVE-2020-18655
+ RESERVED
+CVE-2020-18654 (Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers ...)
+ NOT-FOR-US: Wuzhi CMS
+CVE-2020-18653
+ RESERVED
+CVE-2020-18652
+ RESERVED
+CVE-2020-18651
+ RESERVED
+CVE-2020-18650
+ RESERVED
+CVE-2020-18649
+ RESERVED
+CVE-2020-18648 (Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote atta ...)
+ NOT-FOR-US: JuQingCMS
+CVE-2020-18647 (Information Disclosure in NoneCMS v1.3 allows remote attackers to obta ...)
+ NOT-FOR-US: NoneCMS
+CVE-2020-18646 (Information Disclosure in NoneCMS v1.3 allows remote attackers to obta ...)
+ NOT-FOR-US: NoneCMS
+CVE-2020-18645
+ RESERVED
+CVE-2020-18644
+ RESERVED
+CVE-2020-18643
+ RESERVED
+CVE-2020-18642
+ RESERVED
+CVE-2020-18641
+ RESERVED
+CVE-2020-18640
+ RESERVED
+CVE-2020-18639
+ RESERVED
+CVE-2020-18638
+ RESERVED
+CVE-2020-18637
+ RESERVED
+CVE-2020-18636
+ RESERVED
+CVE-2020-18635
+ RESERVED
+CVE-2020-18634
+ RESERVED
+CVE-2020-18633
+ RESERVED
+CVE-2020-18632
+ RESERVED
+CVE-2020-18631
+ RESERVED
+CVE-2020-18630
+ RESERVED
+CVE-2020-18629
+ RESERVED
+CVE-2020-18628
+ RESERVED
+CVE-2020-18627
+ RESERVED
+CVE-2020-18626
+ RESERVED
+CVE-2020-18625
+ RESERVED
+CVE-2020-18624
+ RESERVED
+CVE-2020-18623
+ RESERVED
+CVE-2020-18622
+ RESERVED
+CVE-2020-18621
+ RESERVED
+CVE-2020-18620
+ RESERVED
+CVE-2020-18619
+ RESERVED
+CVE-2020-18618
+ RESERVED
+CVE-2020-18617
+ RESERVED
+CVE-2020-18616
+ RESERVED
+CVE-2020-18615
+ RESERVED
+CVE-2020-18614
+ RESERVED
+CVE-2020-18613
+ RESERVED
+CVE-2020-18612
+ RESERVED
+CVE-2020-18611
+ RESERVED
+CVE-2020-18610
+ RESERVED
+CVE-2020-18609
+ RESERVED
+CVE-2020-18608
+ RESERVED
+CVE-2020-18607
+ RESERVED
+CVE-2020-18606
+ RESERVED
+CVE-2020-18605
+ RESERVED
+CVE-2020-18604
+ RESERVED
+CVE-2020-18603
+ RESERVED
+CVE-2020-18602
+ RESERVED
+CVE-2020-18601
+ RESERVED
+CVE-2020-18600
+ RESERVED
+CVE-2020-18599
+ RESERVED
+CVE-2020-18598
+ RESERVED
+CVE-2020-18597
+ RESERVED
+CVE-2020-18596
+ RESERVED
+CVE-2020-18595
+ RESERVED
+CVE-2020-18594
+ RESERVED
+CVE-2020-18593
+ RESERVED
+CVE-2020-18592
+ RESERVED
+CVE-2020-18591
+ RESERVED
+CVE-2020-18590
+ RESERVED
+CVE-2020-18589
+ RESERVED
+CVE-2020-18588
+ RESERVED
+CVE-2020-18587
+ RESERVED
+CVE-2020-18586
+ RESERVED
+CVE-2020-18585
+ RESERVED
+CVE-2020-18584
+ RESERVED
+CVE-2020-18583
+ RESERVED
+CVE-2020-18582
+ RESERVED
+CVE-2020-18581
+ RESERVED
+CVE-2020-18580
+ RESERVED
+CVE-2020-18579
+ RESERVED
+CVE-2020-18578
+ RESERVED
+CVE-2020-18577
+ RESERVED
+CVE-2020-18576
+ RESERVED
+CVE-2020-18575
+ RESERVED
+CVE-2020-18574
+ RESERVED
+CVE-2020-18573
+ RESERVED
+CVE-2020-18572
+ RESERVED
+CVE-2020-18571
+ RESERVED
+CVE-2020-18570
+ RESERVED
+CVE-2020-18569
+ RESERVED
+CVE-2020-18568 (The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a ...)
+ NOT-FOR-US: D-Link
+CVE-2020-18567
+ RESERVED
+CVE-2020-18566
+ RESERVED
+CVE-2020-18565
+ RESERVED
+CVE-2020-18564
+ RESERVED
+CVE-2020-18563
+ RESERVED
+CVE-2020-18562
+ RESERVED
+CVE-2020-18561
+ RESERVED
+CVE-2020-18560
+ RESERVED
+CVE-2020-18559
+ RESERVED
+CVE-2020-18558
+ RESERVED
+CVE-2020-18557
+ RESERVED
+CVE-2020-18556
+ RESERVED
+CVE-2020-18555
+ RESERVED
+CVE-2020-18554
+ RESERVED
+CVE-2020-18553
+ RESERVED
+CVE-2020-18552
+ RESERVED
+CVE-2020-18551
+ RESERVED
+CVE-2020-18550
+ RESERVED
+CVE-2020-18549
+ RESERVED
+CVE-2020-18548
+ RESERVED
+CVE-2020-18547
+ RESERVED
+CVE-2020-18546
+ RESERVED
+CVE-2020-18545
+ RESERVED
+CVE-2020-18544 (SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary ...)
+ NOT-FOR-US: WMS
+CVE-2020-18543
+ RESERVED
+CVE-2020-18542
+ RESERVED
+CVE-2020-18541
+ RESERVED
+CVE-2020-18540
+ RESERVED
+CVE-2020-18539
+ RESERVED
+CVE-2020-18538
+ RESERVED
+CVE-2020-18537
+ RESERVED
+CVE-2020-18536
+ RESERVED
+CVE-2020-18535
+ RESERVED
+CVE-2020-18534
+ RESERVED
+CVE-2020-18533
+ RESERVED
+CVE-2020-18532
+ RESERVED
+CVE-2020-18531
+ RESERVED
+CVE-2020-18530
+ RESERVED
+CVE-2020-18529
+ RESERVED
+CVE-2020-18528
+ RESERVED
+CVE-2020-18527
+ RESERVED
+CVE-2020-18526
+ RESERVED
+CVE-2020-18525
+ RESERVED
+CVE-2020-18524
+ RESERVED
+CVE-2020-18523
+ RESERVED
+CVE-2020-18522
+ RESERVED
+CVE-2020-18521
+ RESERVED
+CVE-2020-18520
+ RESERVED
+CVE-2020-18519
+ RESERVED
+CVE-2020-18518
+ RESERVED
+CVE-2020-18517
+ RESERVED
+CVE-2020-18516
+ RESERVED
+CVE-2020-18515
+ RESERVED
+CVE-2020-18514
+ RESERVED
+CVE-2020-18513
+ RESERVED
+CVE-2020-18512
+ RESERVED
+CVE-2020-18511
+ RESERVED
+CVE-2020-18510
+ RESERVED
+CVE-2020-18509
+ RESERVED
+CVE-2020-18508
+ RESERVED
+CVE-2020-18507
+ RESERVED
+CVE-2020-18506
+ RESERVED
+CVE-2020-18505
+ RESERVED
+CVE-2020-18504
+ RESERVED
+CVE-2020-18503
+ RESERVED
+CVE-2020-18502
+ RESERVED
+CVE-2020-18501
+ RESERVED
+CVE-2020-18500
+ RESERVED
+CVE-2020-18499
+ RESERVED
+CVE-2020-18498
+ RESERVED
+CVE-2020-18497
+ RESERVED
+CVE-2020-18496
+ RESERVED
+CVE-2020-18495
+ RESERVED
+CVE-2020-18494
+ RESERVED
+CVE-2020-18493
+ RESERVED
+CVE-2020-18492
+ RESERVED
+CVE-2020-18491
+ RESERVED
+CVE-2020-18490
+ RESERVED
+CVE-2020-18489
+ RESERVED
+CVE-2020-18488
+ RESERVED
+CVE-2020-18487
+ RESERVED
+CVE-2020-18486
+ RESERVED
+CVE-2020-18485
+ RESERVED
+CVE-2020-18484
+ RESERVED
+CVE-2020-18483
+ RESERVED
+CVE-2020-18482
+ RESERVED
+CVE-2020-18481
+ RESERVED
+CVE-2020-18480
+ RESERVED
+CVE-2020-18479
+ RESERVED
+CVE-2020-18478
+ RESERVED
+CVE-2020-18477 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enqui ...)
+ NOT-FOR-US: Hucart CMS
+CVE-2020-18476 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic informat ...)
+ NOT-FOR-US: Hucart CMS
+CVE-2020-18475 (Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is ...)
+ NOT-FOR-US: Hucart CMS
+CVE-2020-18474
+ RESERVED
+CVE-2020-18473
+ RESERVED
+CVE-2020-18472
+ RESERVED
+CVE-2020-18471
+ RESERVED
+CVE-2020-18470 (Stored cross-site scripting (XSS) vulnerability in the Name of applica ...)
+ NOT-FOR-US: Rukovoditel
+CVE-2020-18469 (Stored cross-site scripting (XSS) vulnerability in the Copyright Text ...)
+ NOT-FOR-US: Rukovoditel
+CVE-2020-18468 (Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Hea ...)
+ NOT-FOR-US: qdPM
+CVE-2020-18467 (Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in ...)
+ NOT-FOR-US: BigTree-CMS
+CVE-2020-18466
+ RESERVED
+CVE-2020-18465
+ RESERVED
+CVE-2020-18464 (Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in vid ...)
+ NOT-FOR-US: AikCms
+CVE-2020-18463 (Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in vi ...)
+ NOT-FOR-US: AikCms
+CVE-2020-18462 (File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because t ...)
+ NOT-FOR-US: AikCms
+CVE-2020-18461
+ RESERVED
+CVE-2020-18460 (Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0. ...)
+ NOT-FOR-US: 711cms
+CVE-2020-18459
+ RESERVED
+CVE-2020-18458 (Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0 ...)
+ NOT-FOR-US: DamiCMS
+CVE-2020-18457 (Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 ...)
+ NOT-FOR-US: bycms
+CVE-2020-18456 (Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via ...)
+ NOT-FOR-US: PbootCMS
+CVE-2020-18455 (Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via th ...)
+ NOT-FOR-US: bycms
+CVE-2020-18454 (Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admi ...)
+ NOT-FOR-US: bycms
+CVE-2020-18453
+ RESERVED
+CVE-2020-18452
+ RESERVED
+CVE-2020-18451 (Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via ...)
+ NOT-FOR-US: DamiCMS
+CVE-2020-18450
+ RESERVED
+CVE-2020-18449 (Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via d ...)
+ NOT-FOR-US: UKCMS
+CVE-2020-18448
+ RESERVED
+CVE-2020-18447
+ RESERVED
+CVE-2020-18446 (Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via t ...)
+ NOT-FOR-US: YUNUCMS
+CVE-2020-18445 (Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via t ...)
+ NOT-FOR-US: YUNUCMS
+CVE-2020-18444
+ RESERVED
+CVE-2020-18443
+ RESERVED
+CVE-2020-18442 (Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a d ...)
+ {DLA-2859-1}
+ - zziplib 0.13.72+dfsg.1-1
+ [bullseye] - zziplib <no-dsa> (Minor issue)
+ [buster] - zziplib <no-dsa> (Minor issue)
+ NOTE: https://github.com/gdraheim/zziplib/issues/68
+ NOTE: https://github.com/gdraheim/zziplib/commit/ac9ae39ef419e9f0f83da1e583314d8c7cda34a6
+ NOTE: https://github.com/gdraheim/zziplib/commit/7e786544084548da7fcfcd9090d3c4e7f5777f7e
+ NOTE: https://github.com/gdraheim/zziplib/commit/d453977f59ca59c61bf59dec28dd724498828f2a
+ NOTE: https://github.com/gdraheim/zziplib/commit/0a9db9ded9d15fbdb63bf5cf451920d0a368c00e
+ NOTE: https://github.com/gdraheim/zziplib/commit/a34a96fbda1e58fbec5c79f4c0b5063e031ce11d
+ NOTE: https://github.com/gdraheim/zziplib/commit/fa1f78abe1b08544061204019016809664f2618c
+ NOTE: https://github.com/gdraheim/zziplib/commit/f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7
+CVE-2020-18441
+ RESERVED
+CVE-2020-18440 (Buffer overflow vulnerability in framework/init.php in qinggan phpok 5 ...)
+ NOT-FOR-US: qinggan phpok
+CVE-2020-18439 (An issue was discoverered in in function edit_save_f in framework/admi ...)
+ NOT-FOR-US: qinggan phpok
+CVE-2020-18438 (Directory traversal vulnerability in qinggan phpok 5.1, allows attacke ...)
+ NOT-FOR-US: qinggan phpok
+CVE-2020-18437
+ RESERVED
+CVE-2020-18436
+ RESERVED
+CVE-2020-18435
+ RESERVED
+CVE-2020-18434
+ RESERVED
+CVE-2020-18433
+ RESERVED
+CVE-2020-18432
+ RESERVED
+CVE-2020-18431
+ RESERVED
+CVE-2020-18430 (tinyexr 0.9.5 was discovered to contain an array index error in the ti ...)
+ - tinyexr <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#cve-2020-18430-out-of-memory-in-function-tinyexrdecodeexrimage-tinyexrh11046
+ NOTE: https://github.com/syoyo/tinyexr/issues/108
+CVE-2020-18429
+ RESERVED
+CVE-2020-18428 (tinyexr commit 0.9.5 was discovered to contain an array index error in ...)
+ - tinyexr <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#cve-2020-18428-out-of-range-in-function-tinyexrsaveexr-tinyexrh13107
+ NOTE: https://github.com/syoyo/tinyexr/issues/109
+CVE-2020-18427
+ RESERVED
+CVE-2020-18426
+ RESERVED
+CVE-2020-18425
+ RESERVED
+CVE-2020-18424
+ RESERVED
+CVE-2020-18423
+ RESERVED
+CVE-2020-18422
+ RESERVED
+CVE-2020-18421
+ RESERVED
+CVE-2020-18420
+ RESERVED
+CVE-2020-18419
+ RESERVED
+CVE-2020-18418
+ RESERVED
+CVE-2020-18417
+ RESERVED
+CVE-2020-18416
+ RESERVED
+CVE-2020-18415
+ RESERVED
+CVE-2020-18414
+ RESERVED
+CVE-2020-18413
+ RESERVED
+CVE-2020-18412
+ RESERVED
+CVE-2020-18411
+ RESERVED
+CVE-2020-18410
+ RESERVED
+CVE-2020-18409
+ RESERVED
+CVE-2020-18408
+ RESERVED
+CVE-2020-18407
+ RESERVED
+CVE-2020-18406
+ RESERVED
+CVE-2020-18405
+ RESERVED
+CVE-2020-18404
+ RESERVED
+CVE-2020-18403
+ RESERVED
+CVE-2020-18402
+ RESERVED
+CVE-2020-18401
+ RESERVED
+CVE-2020-18400
+ RESERVED
+CVE-2020-18399
+ RESERVED
+CVE-2020-18398
+ RESERVED
+CVE-2020-18397
+ RESERVED
+CVE-2020-18396
+ RESERVED
+CVE-2020-18395 (A NULL-pointer deference issue was discovered in GNU_gama::set() in el ...)
+ NOT-FOR-US: GNU Gama
+CVE-2020-18394
+ RESERVED
+CVE-2020-18393
+ RESERVED
+CVE-2020-18392 (Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2020-18391
+ RESERVED
+CVE-2020-18390
+ RESERVED
+CVE-2020-18389
+ RESERVED
+CVE-2020-18388
+ RESERVED
+CVE-2020-18387
+ RESERVED
+CVE-2020-18386
+ RESERVED
+CVE-2020-18385
+ RESERVED
+CVE-2020-18384
+ RESERVED
+CVE-2020-18383
+ RESERVED
+CVE-2020-18382
+ RESERVED
+CVE-2020-18381
+ RESERVED
+CVE-2020-18380
+ RESERVED
+CVE-2020-18379
+ RESERVED
+CVE-2020-18378
+ RESERVED
+CVE-2020-18377
+ RESERVED
+CVE-2020-18376
+ RESERVED
+CVE-2020-18375
+ RESERVED
+CVE-2020-18374
+ RESERVED
+CVE-2020-18373
+ RESERVED
+CVE-2020-18372
+ RESERVED
+CVE-2020-18371
+ RESERVED
+CVE-2020-18370
+ RESERVED
+CVE-2020-18369
+ RESERVED
+CVE-2020-18368
+ RESERVED
+CVE-2020-18367
+ RESERVED
+CVE-2020-18366
+ RESERVED
+CVE-2020-18365
+ RESERVED
+CVE-2020-18364
+ RESERVED
+CVE-2020-18363
+ RESERVED
+CVE-2020-18362
+ RESERVED
+CVE-2020-18361
+ RESERVED
+CVE-2020-18360
+ RESERVED
+CVE-2020-18359
+ RESERVED
+CVE-2020-18358
+ RESERVED
+CVE-2020-18357
+ RESERVED
+CVE-2020-18356
+ RESERVED
+CVE-2020-18355
+ RESERVED
+CVE-2020-18354
+ RESERVED
+CVE-2020-18353
+ RESERVED
+CVE-2020-18352
+ RESERVED
+CVE-2020-18351
+ RESERVED
+CVE-2020-18350
+ RESERVED
+CVE-2020-18349
+ RESERVED
+CVE-2020-18348
+ RESERVED
+CVE-2020-18347
+ RESERVED
+CVE-2020-18346
+ RESERVED
+CVE-2020-18345
+ RESERVED
+CVE-2020-18344
+ RESERVED
+CVE-2020-18343
+ RESERVED
+CVE-2020-18342
+ RESERVED
+CVE-2020-18341
+ RESERVED
+CVE-2020-18340
+ RESERVED
+CVE-2020-18339
+ RESERVED
+CVE-2020-18338
+ RESERVED
+CVE-2020-18337
+ RESERVED
+CVE-2020-18336
+ RESERVED
+CVE-2020-18335
+ RESERVED
+CVE-2020-18334
+ RESERVED
+CVE-2020-18333
+ RESERVED
+CVE-2020-18332
+ RESERVED
+CVE-2020-18331
+ RESERVED
+CVE-2020-18330
+ RESERVED
+CVE-2020-18329
+ RESERVED
+CVE-2020-18328
+ RESERVED
+CVE-2020-18327
+ RESERVED
+CVE-2020-18326
+ RESERVED
+CVE-2020-18325
+ RESERVED
+CVE-2020-18324
+ RESERVED
+CVE-2020-18323
+ RESERVED
+CVE-2020-18322
+ RESERVED
+CVE-2020-18321
+ RESERVED
+CVE-2020-18320
+ RESERVED
+CVE-2020-18319
+ RESERVED
+CVE-2020-18318
+ RESERVED
+CVE-2020-18317
+ RESERVED
+CVE-2020-18316
+ RESERVED
+CVE-2020-18315
+ RESERVED
+CVE-2020-18314
+ RESERVED
+CVE-2020-18313
+ RESERVED
+CVE-2020-18312
+ RESERVED
+CVE-2020-18311
+ RESERVED
+CVE-2020-18310
+ RESERVED
+CVE-2020-18309
+ RESERVED
+CVE-2020-18308
+ RESERVED
+CVE-2020-18307
+ RESERVED
+CVE-2020-18306
+ RESERVED
+CVE-2020-18305
+ RESERVED
+CVE-2020-18304
+ RESERVED
+CVE-2020-18303
+ RESERVED
+CVE-2020-18302
+ RESERVED
+CVE-2020-18301
+ RESERVED
+CVE-2020-18300
+ RESERVED
+CVE-2020-18299
+ RESERVED
+CVE-2020-18298
+ RESERVED
+CVE-2020-18297
+ RESERVED
+CVE-2020-18296
+ RESERVED
+CVE-2020-18295
+ RESERVED
+CVE-2020-18294
+ RESERVED
+CVE-2020-18293
+ RESERVED
+CVE-2020-18292
+ RESERVED
+CVE-2020-18291
+ RESERVED
+CVE-2020-18290
+ RESERVED
+CVE-2020-18289
+ RESERVED
+CVE-2020-18288
+ RESERVED
+CVE-2020-18287
+ RESERVED
+CVE-2020-18286
+ RESERVED
+CVE-2020-18285
+ RESERVED
+CVE-2020-18284
+ RESERVED
+CVE-2020-18283
+ RESERVED
+CVE-2020-18282
+ RESERVED
+CVE-2020-18281
+ RESERVED
+CVE-2020-18280
+ RESERVED
+CVE-2020-18279
+ RESERVED
+CVE-2020-18278
+ RESERVED
+CVE-2020-18277
+ RESERVED
+CVE-2020-18276
+ RESERVED
+CVE-2020-18275
+ RESERVED
+CVE-2020-18274
+ RESERVED
+CVE-2020-18273
+ RESERVED
+CVE-2020-18272
+ RESERVED
+CVE-2020-18271
+ RESERVED
+CVE-2020-18270
+ RESERVED
+CVE-2020-18269
+ RESERVED
+CVE-2020-18268 (Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers ...)
+ NOT-FOR-US: Z-BlogPHP
+CVE-2020-18267
+ RESERVED
+CVE-2020-18266
+ RESERVED
+CVE-2020-18265 (Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote att ...)
+ NOT-FOR-US: Simple-Log
+CVE-2020-18264 (Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote att ...)
+ NOT-FOR-US: Simple-Log
+CVE-2020-18263 (PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability i ...)
+ NOT-FOR-US: PHP-CMS
+CVE-2020-18262 (ED01-CMS v1.0 was discovered to contain a SQL injection in the compone ...)
+ NOT-FOR-US: ED01-CMS
+CVE-2020-18261 (An arbitrary file upload vulnerability in the image upload function of ...)
+ NOT-FOR-US: ED01-CMS
+CVE-2020-18260
+ RESERVED
+CVE-2020-18259 (ED01-CMS v1.0 was discovered to contain a reflective cross-site script ...)
+ NOT-FOR-US: ED01-CMS
+CVE-2020-18258
+ RESERVED
+CVE-2020-18257
+ RESERVED
+CVE-2020-18256
+ RESERVED
+CVE-2020-18255
+ RESERVED
+CVE-2020-18254
+ RESERVED
+CVE-2020-18253
+ RESERVED
+CVE-2020-18252
+ RESERVED
+CVE-2020-18251
+ RESERVED
+CVE-2020-18250
+ RESERVED
+CVE-2020-18249
+ RESERVED
+CVE-2020-18248
+ RESERVED
+CVE-2020-18247
+ RESERVED
+CVE-2020-18246
+ RESERVED
+CVE-2020-18245
+ RESERVED
+CVE-2020-18244
+ RESERVED
+CVE-2020-18243
+ RESERVED
+CVE-2020-18242
+ RESERVED
+CVE-2020-18241
+ RESERVED
+CVE-2020-18240
+ RESERVED
+CVE-2020-18239
+ RESERVED
+CVE-2020-18238
+ RESERVED
+CVE-2020-18237
+ RESERVED
+CVE-2020-18236
+ RESERVED
+CVE-2020-18235
+ RESERVED
+CVE-2020-18234
+ RESERVED
+CVE-2020-18233
+ RESERVED
+CVE-2020-18232
+ RESERVED
+CVE-2020-18231
+ RESERVED
+CVE-2020-18230 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...)
+ NOT-FOR-US: PHPMyWind
+CVE-2020-18229 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...)
+ NOT-FOR-US: PHPMyWind
+CVE-2020-18228
+ RESERVED
+CVE-2020-18227
+ RESERVED
+CVE-2020-18226
+ RESERVED
+CVE-2020-18225
+ RESERVED
+CVE-2020-18224
+ RESERVED
+CVE-2020-18223
+ RESERVED
+CVE-2020-18222
+ RESERVED
+CVE-2020-18221 (Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote ...)
+ NOT-FOR-US: Typora
+CVE-2020-18220 (Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attack ...)
+ NOT-FOR-US: DoraCMS
+CVE-2020-18219
+ RESERVED
+CVE-2020-18218
+ RESERVED
+CVE-2020-18217
+ RESERVED
+CVE-2020-18216
+ RESERVED
+CVE-2020-18215 (Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.p ...)
+ NOT-FOR-US: PHPSHE
+CVE-2020-18214
+ RESERVED
+CVE-2020-18213
+ RESERVED
+CVE-2020-18212
+ RESERVED
+CVE-2020-18211
+ RESERVED
+CVE-2020-18210
+ RESERVED
+CVE-2020-18209
+ RESERVED
+CVE-2020-18208
+ RESERVED
+CVE-2020-18207
+ RESERVED
+CVE-2020-18206
+ RESERVED
+CVE-2020-18205
+ RESERVED
+CVE-2020-18204
+ RESERVED
+CVE-2020-18203
+ RESERVED
+CVE-2020-18202
+ RESERVED
+CVE-2020-18201
+ RESERVED
+CVE-2020-18200
+ RESERVED
+CVE-2020-18199
+ RESERVED
+CVE-2020-18198 (Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote at ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2020-18197
+ RESERVED
+CVE-2020-18196
+ RESERVED
+CVE-2020-18195 (Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote at ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2020-18194 (Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to ...)
+ NOT-FOR-US: emlog
+CVE-2020-18193
+ RESERVED
+CVE-2020-18192
+ RESERVED
+CVE-2020-18191 (GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attacke ...)
+ NOT-FOR-US: GetSimple CMS
+CVE-2020-18190 (Bludit v3.8.1 is affected by directory traversal. Remote attackers are ...)
+ NOT-FOR-US: Bludit
+CVE-2020-18189
+ RESERVED
+CVE-2020-18188
+ RESERVED
+CVE-2020-18187
+ RESERVED
+CVE-2020-18186
+ RESERVED
+CVE-2020-18185 (class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrar ...)
+ - pluxml <unfixed> (unimportant; bug #973382)
+ NOTE: https://github.com/pluxml/PluXml/issues/321
+ NOTE: The attack vector is a little unusual but it would be quite expected that
+ NOTE: the admin can execute arbitrary php code.
+CVE-2020-18184 (In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_ ...)
+ - pluxml <unfixed> (unimportant; bug #973382)
+ NOTE: https://github.com/pluxml/PluXml/issues/320
+ NOTE: One could question whether this is a vulnerability at all. The
+ NOTE: developer documentation describes this as expected behavior.
+CVE-2020-18183
+ RESERVED
+CVE-2020-18182
+ RESERVED
+CVE-2020-18181
+ RESERVED
+CVE-2020-18180
+ RESERVED
+CVE-2020-18179
+ RESERVED
+CVE-2020-18178 (Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit ...)
+ NOT-FOR-US: HongCMS
+CVE-2020-18177
+ RESERVED
+CVE-2020-18176
+ RESERVED
+CVE-2020-18175 (SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd a ...)
+ NOT-FOR-US: Metinfo
+CVE-2020-18174 (A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 ...)
+ NOT-FOR-US: AutoHotkey
+CVE-2020-18173 (A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 al ...)
+ NOT-FOR-US: 1Password
+CVE-2020-18172 (A code injection vulnerability in the SeDebugPrivilege component of Tr ...)
+ NOT-FOR-US: Trezor Bridge
+CVE-2020-18171 (** DISPUTED ** TechSmith Snagit 19.1.0.2653 uses Object Linking and Em ...)
+ NOT-FOR-US: TechSmith Snagit
+CVE-2020-18170 (An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager ...)
+ NOT-FOR-US: Abloy Key Manager
+CVE-2020-18169 (** DISPUTED ** A vulnerability in the Windows installer XML (WiX) tool ...)
+ NOT-FOR-US: TechSmith Snagit
+CVE-2020-18168
+ RESERVED
+CVE-2020-18167 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...)
+ NOT-FOR-US: LAOBANCMS
+CVE-2020-18166 (Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to ...)
+ NOT-FOR-US: LAOBANCMS
+CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...)
+ NOT-FOR-US: LAOBANCMS
+CVE-2020-18164 (SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.p ...)
+ NOT-FOR-US: tp-shop
+CVE-2020-18163
+ RESERVED
+CVE-2020-18162
+ RESERVED
+CVE-2020-18161
+ RESERVED
+CVE-2020-18160
+ RESERVED
+CVE-2020-18159
+ RESERVED
+CVE-2020-18158 (Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname ...)
+ NOT-FOR-US: HuCart
+CVE-2020-18157 (Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a ...)
+ NOT-FOR-US: MetInfo
+CVE-2020-18156
+ RESERVED
+CVE-2020-18155 (SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page i ...)
+ NOT-FOR-US: Subrion CMS
+CVE-2020-18154
+ RESERVED
+CVE-2020-18153
+ RESERVED
+CVE-2020-18152
+ RESERVED
+CVE-2020-18151 (Cross Site Request Forgerly (CSRF) vulnerability in ThinkCMF v5.1.0, w ...)
+ NOT-FOR-US: ThinkCMF
+CVE-2020-18150
+ RESERVED
+CVE-2020-18149
+ RESERVED
+CVE-2020-18148
+ RESERVED
+CVE-2020-18147
+ RESERVED
+CVE-2020-18146
+ RESERVED
+CVE-2020-18145 (Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /publi ...)
+ NOT-FOR-US: umeditor
+CVE-2020-18144 (SQL Injection Vulnerability in ECTouch v2 via the integral_min paramet ...)
+ NOT-FOR-US: ECTouch
+CVE-2020-18143
+ RESERVED
+CVE-2020-18142
+ RESERVED
+CVE-2020-18141
+ RESERVED
+CVE-2020-18140
+ RESERVED
+CVE-2020-18139
+ RESERVED
+CVE-2020-18138
+ RESERVED
+CVE-2020-18137
+ RESERVED
+CVE-2020-18136
+ RESERVED
+CVE-2020-18135
+ RESERVED
+CVE-2020-18134
+ RESERVED
+CVE-2020-18133
+ RESERVED
+CVE-2020-18132
+ RESERVED
+CVE-2020-18131
+ RESERVED
+CVE-2020-18130
+ RESERVED
+CVE-2020-18129 (A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an ad ...)
+ NOT-FOR-US: Eyoucms
+CVE-2020-18128
+ RESERVED
+CVE-2020-18127 (An issue in the /config/config.php component of Indexhibit 2.1.5 allow ...)
+ NOT-FOR-US: Indexhibit
+CVE-2020-18126 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Sect ...)
+ NOT-FOR-US: Indexhibit
+CVE-2020-18125 (A reflected cross-site scripting (XSS) vulnerability in the /plugin/aj ...)
+ NOT-FOR-US: Indexhibit
+CVE-2020-18124 (A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 ...)
+ NOT-FOR-US: Indexhibit
+CVE-2020-18123 (A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 ...)
+ NOT-FOR-US: Indexhibit
+CVE-2020-18122
+ RESERVED
+CVE-2020-18121 (A configuration issue in Indexhibit 2.1.5 allows authenticated attacke ...)
+ NOT-FOR-US: Indexhibit
+CVE-2020-18120
+ RESERVED
+CVE-2020-18119
+ RESERVED
+CVE-2020-18118
+ RESERVED
+CVE-2020-18117
+ RESERVED
+CVE-2020-18116 (A lack of filtering for searched keywords in the search bar of YouDian ...)
+ NOT-FOR-US: YouDianCMS
+CVE-2020-18115
+ RESERVED
+CVE-2020-18114 (An arbitrary file upload vulnerability in the /uploads/dede component ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-18113
+ RESERVED
+CVE-2020-18112
+ RESERVED
+CVE-2020-18111
+ RESERVED
+CVE-2020-18110
+ RESERVED
+CVE-2020-18109
+ RESERVED
+CVE-2020-18108
+ RESERVED
+CVE-2020-18107
+ RESERVED
+CVE-2020-18106 (The GET parameter "id" in WMS v1.0 is passed without filtering, which ...)
+ NOT-FOR-US: WMS
+ NOTE: https://github.com/FeMiner/wms
+CVE-2020-18105
+ RESERVED
+CVE-2020-18104
+ RESERVED
+CVE-2020-18103
+ RESERVED
+CVE-2020-18102 (Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attacke ...)
+ NOT-FOR-US: Hotels_Server
+CVE-2020-18101
+ RESERVED
+CVE-2020-18100
+ RESERVED
+CVE-2020-18099
+ RESERVED
+CVE-2020-18098
+ RESERVED
+CVE-2020-18097
+ RESERVED
+CVE-2020-18096
+ RESERVED
+CVE-2020-18095
+ RESERVED
+CVE-2020-18094
+ RESERVED
+CVE-2020-18093
+ RESERVED
+CVE-2020-18092
+ RESERVED
+CVE-2020-18091
+ RESERVED
+CVE-2020-18090
+ RESERVED
+CVE-2020-18089
+ RESERVED
+CVE-2020-18088
+ RESERVED
+CVE-2020-18087
+ RESERVED
+CVE-2020-18086
+ RESERVED
+CVE-2020-18085
+ RESERVED
+CVE-2020-18084 (Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to e ...)
+ NOT-FOR-US: yzmCMS
+CVE-2020-18083
+ RESERVED
+CVE-2020-18082
+ RESERVED
+CVE-2020-18081 (The checkuser function of SEMCMS 3.8 was discovered to contain a vulne ...)
+ NOT-FOR-US: SEMCMS
+CVE-2020-18080
+ RESERVED
+CVE-2020-18079
+ RESERVED
+CVE-2020-18078 (A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attack ...)
+ NOT-FOR-US: SEMCMS
+CVE-2020-18077 (A buffer overflow vulnerability in the Virtual Path Mapping component ...)
+ NOT-FOR-US: FTPShell Server
+CVE-2020-18076
+ RESERVED
+CVE-2020-18075
+ RESERVED
+CVE-2020-18074
+ RESERVED
+CVE-2020-18073
+ RESERVED
+CVE-2020-18072
+ RESERVED
+CVE-2020-18071
+ RESERVED
+CVE-2020-18070 (Path Traversal in iCMS v7.0.13 allows remote attackers to delete folde ...)
+ NOT-FOR-US: iCMS
+CVE-2020-18069
+ RESERVED
+CVE-2020-18068
+ RESERVED
+CVE-2020-18067
+ RESERVED
+CVE-2020-18066 (Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName ...)
+ NOT-FOR-US: Zrlog
+CVE-2020-18065 (Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in ...)
+ NOT-FOR-US: PopojiCMS
+CVE-2020-18064
+ RESERVED
+CVE-2020-18063
+ RESERVED
+CVE-2020-18062
+ RESERVED
+CVE-2020-18061
+ RESERVED
+CVE-2020-18060
+ RESERVED
+CVE-2020-18059
+ RESERVED
+CVE-2020-18058
+ RESERVED
+CVE-2020-18057
+ RESERVED
+CVE-2020-18056
+ RESERVED
+CVE-2020-18055
+ RESERVED
+CVE-2020-18054
+ RESERVED
+CVE-2020-18053
+ RESERVED
+CVE-2020-18052
+ RESERVED
+CVE-2020-18051
+ RESERVED
+CVE-2020-18050
+ RESERVED
+CVE-2020-18049
+ RESERVED
+CVE-2020-18048 (An issue in craigms/main.php of CraigMS 1.0 allows attackers to execut ...)
+ NOT-FOR-US: CraigMS
+ NOTE: https://github.com/bertanddip/CraigMS
+CVE-2020-18047
+ RESERVED
+CVE-2020-18046
+ RESERVED
+CVE-2020-18045
+ RESERVED
+CVE-2020-18044
+ RESERVED
+CVE-2020-18043
+ RESERVED
+CVE-2020-18042
+ RESERVED
+CVE-2020-18041
+ RESERVED
+CVE-2020-18040
+ RESERVED
+CVE-2020-18039
+ RESERVED
+CVE-2020-18038
+ RESERVED
+CVE-2020-18037
+ RESERVED
+CVE-2020-18036
+ RESERVED
+CVE-2020-18035 (Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to ...)
+ NOT-FOR-US: Jeesns
+CVE-2020-18034
+ RESERVED
+CVE-2020-18033
+ RESERVED
+CVE-2020-18032 (Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f ...)
+ {DSA-4914-1 DLA-2659-1}
+ - graphviz 2.42.2-5 (bug #988000)
+ NOTE: https://gitlab.com/graphviz/graphviz/-/issues/1700
+ NOTE: https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b
+CVE-2020-18031
+ RESERVED
+CVE-2020-18030
+ RESERVED
+CVE-2020-18029
+ RESERVED
+CVE-2020-18028
+ RESERVED
+CVE-2020-18027
+ RESERVED
+CVE-2020-18026
+ RESERVED
+CVE-2020-18025
+ RESERVED
+CVE-2020-18024
+ RESERVED
+CVE-2020-18023
+ RESERVED
+CVE-2020-18022 (Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows r ...)
+ NOT-FOR-US: Qibosoft QiboCMS
+CVE-2020-18021
+ RESERVED
+CVE-2020-18020 (SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to ex ...)
+ NOT-FOR-US: PHPSHE Mall System
+CVE-2020-18019 (SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obt ...)
+ NOT-FOR-US: Xinhu OA System
+CVE-2020-18018
+ RESERVED
+CVE-2020-18017
+ RESERVED
+CVE-2020-18016
+ RESERVED
+CVE-2020-18015
+ RESERVED
+CVE-2020-18014
+ RESERVED
+CVE-2020-18013 (SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter ...)
+ NOT-FOR-US: Whatsns
+CVE-2020-18012
+ RESERVED
+CVE-2020-18011
+ RESERVED
+CVE-2020-18010
+ RESERVED
+CVE-2020-18009
+ RESERVED
+CVE-2020-18008
+ RESERVED
+CVE-2020-18007
+ RESERVED
+CVE-2020-18006
+ RESERVED
+CVE-2020-18005
+ RESERVED
+CVE-2020-18004
+ RESERVED
+CVE-2020-18003
+ RESERVED
+CVE-2020-18002
+ RESERVED
+CVE-2020-18001
+ RESERVED
+CVE-2020-18000
+ RESERVED
+CVE-2020-17999 (Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to ...)
+ NOT-FOR-US: MiniCMS
+CVE-2020-17998
+ RESERVED
+CVE-2020-17997
+ RESERVED
+CVE-2020-17996
+ RESERVED
+CVE-2020-17995
+ RESERVED
+CVE-2020-17994
+ RESERVED
+CVE-2020-17993
+ RESERVED
+CVE-2020-17992
+ RESERVED
+CVE-2020-17991
+ RESERVED
+CVE-2020-17990
+ RESERVED
+CVE-2020-17989
+ RESERVED
+CVE-2020-17988
+ RESERVED
+CVE-2020-17987
+ RESERVED
+CVE-2020-17986
+ RESERVED
+CVE-2020-17985
+ RESERVED
+CVE-2020-17984
+ RESERVED
+CVE-2020-17983
+ RESERVED
+CVE-2020-17982
+ RESERVED
+CVE-2020-17981
+ RESERVED
+CVE-2020-17980
+ RESERVED
+CVE-2020-17979
+ RESERVED
+CVE-2020-17978
+ RESERVED
+CVE-2020-17977
+ RESERVED
+CVE-2020-17976
+ RESERVED
+CVE-2020-17975
+ RESERVED
+CVE-2020-17974
+ RESERVED
+CVE-2020-17973
+ RESERVED
+CVE-2020-17972
+ RESERVED
+CVE-2020-17971
+ RESERVED
+CVE-2020-17970
+ RESERVED
+CVE-2020-17969
+ RESERVED
+CVE-2020-17968
+ RESERVED
+CVE-2020-17967
+ RESERVED
+CVE-2020-17966
+ RESERVED
+CVE-2020-17965
+ RESERVED
+CVE-2020-17964
+ RESERVED
+CVE-2020-17963
+ RESERVED
+CVE-2020-17962
+ RESERVED
+CVE-2020-17961
+ RESERVED
+CVE-2020-17960
+ RESERVED
+CVE-2020-17959
+ RESERVED
+CVE-2020-17958
+ RESERVED
+CVE-2020-17957
+ RESERVED
+CVE-2020-17956
+ RESERVED
+CVE-2020-17955
+ RESERVED
+CVE-2020-17954
+ RESERVED
+CVE-2020-17953
+ RESERVED
+CVE-2020-17952 (A remote code execution (RCE) vulnerability in /library/think/App.php ...)
+ NOT-FOR-US: Twothink
+CVE-2020-17951
+ RESERVED
+CVE-2020-17950
+ RESERVED
+CVE-2020-17949
+ RESERVED
+CVE-2020-17948
+ RESERVED
+CVE-2020-17947
+ RESERVED
+CVE-2020-17946
+ RESERVED
+CVE-2020-17945
+ RESERVED
+CVE-2020-17944
+ RESERVED
+CVE-2020-17943
+ RESERVED
+CVE-2020-17942
+ RESERVED
+CVE-2020-17941
+ RESERVED
+CVE-2020-17940
+ RESERVED
+CVE-2020-17939
+ RESERVED
+CVE-2020-17938
+ RESERVED
+CVE-2020-17937
+ RESERVED
+CVE-2020-17936
+ RESERVED
+CVE-2020-17935
+ RESERVED
+CVE-2020-17934
+ RESERVED
+CVE-2020-17933
+ RESERVED
+CVE-2020-17932
+ RESERVED
+CVE-2020-17931
+ RESERVED
+CVE-2020-17930
+ RESERVED
+CVE-2020-17929
+ RESERVED
+CVE-2020-17928
+ RESERVED
+CVE-2020-17927
+ RESERVED
+CVE-2020-17926
+ RESERVED
+CVE-2020-17925
+ RESERVED
+CVE-2020-17924
+ RESERVED
+CVE-2020-17923
+ RESERVED
+CVE-2020-17922
+ RESERVED
+CVE-2020-17921
+ RESERVED
+CVE-2020-17920
+ RESERVED
+CVE-2020-17919
+ RESERVED
+CVE-2020-17918
+ RESERVED
+CVE-2020-17917
+ RESERVED
+CVE-2020-17916
+ RESERVED
+CVE-2020-17915
+ RESERVED
+CVE-2020-17914
+ RESERVED
+CVE-2020-17913
+ RESERVED
+CVE-2020-17912
+ RESERVED
+CVE-2020-17911
+ RESERVED
+CVE-2020-17910
+ RESERVED
+CVE-2020-17909
+ RESERVED
+CVE-2020-17908
+ RESERVED
+CVE-2020-17907
+ RESERVED
+CVE-2020-17906
+ RESERVED
+CVE-2020-17905
+ RESERVED
+CVE-2020-17904
+ RESERVED
+CVE-2020-17903
+ RESERVED
+CVE-2020-17902
+ RESERVED
+CVE-2020-17901 (Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers t ...)
+ NOT-FOR-US: PbootCMS
+CVE-2020-17900
+ RESERVED
+CVE-2020-17899
+ RESERVED
+CVE-2020-17898
+ RESERVED
+CVE-2020-17897
+ RESERVED
+CVE-2020-17896
+ RESERVED
+CVE-2020-17895
+ RESERVED
+CVE-2020-17894
+ RESERVED
+CVE-2020-17893
+ RESERVED
+CVE-2020-17892
+ RESERVED
+CVE-2020-17891 (TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-17890
+ RESERVED
+CVE-2020-17889
+ RESERVED
+CVE-2020-17888
+ RESERVED
+CVE-2020-17887
+ RESERVED
+CVE-2020-17886
+ RESERVED
+CVE-2020-17885
+ RESERVED
+CVE-2020-17884
+ RESERVED
+CVE-2020-17883
+ RESERVED
+CVE-2020-17882
+ RESERVED
+CVE-2020-17881
+ RESERVED
+CVE-2020-17880
+ RESERVED
+CVE-2020-17879
+ RESERVED
+CVE-2020-17878
+ RESERVED
+CVE-2020-17877
+ RESERVED
+CVE-2020-17876
+ RESERVED
+CVE-2020-17875
+ RESERVED
+CVE-2020-17874
+ RESERVED
+CVE-2020-17873
+ RESERVED
+CVE-2020-17872
+ RESERVED
+CVE-2020-17871
+ RESERVED
+CVE-2020-17870
+ RESERVED
+CVE-2020-17869
+ RESERVED
+CVE-2020-17868
+ RESERVED
+CVE-2020-17867
+ RESERVED
+CVE-2020-17866
+ RESERVED
+CVE-2020-17865
+ RESERVED
+CVE-2020-17864
+ RESERVED
+CVE-2020-17863
+ RESERVED
+CVE-2020-17862
+ RESERVED
+CVE-2020-17861
+ RESERVED
+CVE-2020-17860
+ RESERVED
+CVE-2020-17859
+ RESERVED
+CVE-2020-17858
+ RESERVED
+CVE-2020-17857
+ RESERVED
+CVE-2020-17856
+ RESERVED
+CVE-2020-17855
+ RESERVED
+CVE-2020-17854
+ RESERVED
+CVE-2020-17853
+ RESERVED
+CVE-2020-17852
+ RESERVED
+CVE-2020-17851
+ RESERVED
+CVE-2020-17850
+ RESERVED
+CVE-2020-17849
+ RESERVED
+CVE-2020-17848
+ RESERVED
+CVE-2020-17847
+ RESERVED
+CVE-2020-17846
+ RESERVED
+CVE-2020-17845
+ RESERVED
+CVE-2020-17844
+ RESERVED
+CVE-2020-17843
+ RESERVED
+CVE-2020-17842
+ RESERVED
+CVE-2020-17841
+ RESERVED
+CVE-2020-17840
+ RESERVED
+CVE-2020-17839
+ RESERVED
+CVE-2020-17838
+ RESERVED
+CVE-2020-17837
+ RESERVED
+CVE-2020-17836
+ RESERVED
+CVE-2020-17835
+ RESERVED
+CVE-2020-17834
+ RESERVED
+CVE-2020-17833
+ RESERVED
+CVE-2020-17832
+ RESERVED
+CVE-2020-17831
+ RESERVED
+CVE-2020-17830
+ RESERVED
+CVE-2020-17829
+ RESERVED
+CVE-2020-17828
+ RESERVED
+CVE-2020-17827
+ RESERVED
+CVE-2020-17826
+ RESERVED
+CVE-2020-17825
+ RESERVED
+CVE-2020-17824
+ RESERVED
+CVE-2020-17823
+ RESERVED
+CVE-2020-17822
+ RESERVED
+CVE-2020-17821
+ RESERVED
+CVE-2020-17820
+ RESERVED
+CVE-2020-17819
+ RESERVED
+CVE-2020-17818
+ RESERVED
+CVE-2020-17817
+ RESERVED
+CVE-2020-17816
+ RESERVED
+CVE-2020-17815
+ RESERVED
+CVE-2020-17814
+ RESERVED
+CVE-2020-17813
+ RESERVED
+CVE-2020-17812
+ RESERVED
+CVE-2020-17811
+ RESERVED
+CVE-2020-17810
+ RESERVED
+CVE-2020-17809
+ RESERVED
+CVE-2020-17808
+ RESERVED
+CVE-2020-17807
+ RESERVED
+CVE-2020-17806
+ RESERVED
+CVE-2020-17805
+ RESERVED
+CVE-2020-17804
+ RESERVED
+CVE-2020-17803
+ RESERVED
+CVE-2020-17802
+ RESERVED
+CVE-2020-17801
+ RESERVED
+CVE-2020-17800
+ RESERVED
+CVE-2020-17799
+ RESERVED
+CVE-2020-17798
+ RESERVED
+CVE-2020-17797
+ RESERVED
+CVE-2020-17796
+ RESERVED
+CVE-2020-17795
+ RESERVED
+CVE-2020-17794
+ RESERVED
+CVE-2020-17793
+ RESERVED
+CVE-2020-17792
+ RESERVED
+CVE-2020-17791
+ RESERVED
+CVE-2020-17790
+ RESERVED
+CVE-2020-17789
+ RESERVED
+CVE-2020-17788
+ RESERVED
+CVE-2020-17787
+ RESERVED
+CVE-2020-17786
+ RESERVED
+CVE-2020-17785
+ RESERVED
+CVE-2020-17784
+ RESERVED
+CVE-2020-17783
+ RESERVED
+CVE-2020-17782
+ RESERVED
+CVE-2020-17781
+ RESERVED
+CVE-2020-17780
+ RESERVED
+CVE-2020-17779
+ RESERVED
+CVE-2020-17778
+ RESERVED
+CVE-2020-17777
+ RESERVED
+CVE-2020-17776
+ RESERVED
+CVE-2020-17775
+ RESERVED
+CVE-2020-17774
+ RESERVED
+CVE-2020-17773
+ RESERVED
+CVE-2020-17772
+ RESERVED
+CVE-2020-17771
+ RESERVED
+CVE-2020-17770
+ RESERVED
+CVE-2020-17769
+ RESERVED
+CVE-2020-17768
+ RESERVED
+CVE-2020-17767
+ RESERVED
+CVE-2020-17766
+ RESERVED
+CVE-2020-17765
+ RESERVED
+CVE-2020-17764
+ RESERVED
+CVE-2020-17763
+ RESERVED
+CVE-2020-17762
+ RESERVED
+CVE-2020-17761
+ RESERVED
+CVE-2020-17760
+ RESERVED
+CVE-2020-17759 (An issue was found in the Evernote client for Windows 10, 7, and 2008 ...)
+ NOT-FOR-US: Evernote
+CVE-2020-17758
+ RESERVED
+CVE-2020-17757
+ RESERVED
+CVE-2020-17756
+ RESERVED
+CVE-2020-17755
+ RESERVED
+CVE-2020-17754
+ RESERVED
+CVE-2020-17753 (An issue was discovered in function addMeByRC in the smart contract im ...)
+ NOT-FOR-US: some Ethereum token
+CVE-2020-17752 (Integer overflow vulnerability in payable function of a smart contract ...)
+ NOT-FOR-US: some Ethereum token
+CVE-2020-17751
+ RESERVED
+CVE-2020-17750
+ RESERVED
+CVE-2020-17749
+ RESERVED
+CVE-2020-17748
+ RESERVED
+CVE-2020-17747
+ RESERVED
+CVE-2020-17746
+ RESERVED
+CVE-2020-17745
+ RESERVED
+CVE-2020-17744
+ RESERVED
+CVE-2020-17743
+ RESERVED
+CVE-2020-17742
+ RESERVED
+CVE-2020-17741
+ RESERVED
+CVE-2020-17740
+ RESERVED
+CVE-2020-17739
+ RESERVED
+CVE-2020-17738
+ RESERVED
+CVE-2020-17737
+ RESERVED
+CVE-2020-17736
+ RESERVED
+CVE-2020-17735
+ RESERVED
+CVE-2020-17734
+ RESERVED
+CVE-2020-17733
+ RESERVED
+CVE-2020-17732
+ RESERVED
+CVE-2020-17731
+ RESERVED
+CVE-2020-17730
+ RESERVED
+CVE-2020-17729
+ RESERVED
+CVE-2020-17728
+ RESERVED
+CVE-2020-17727
+ RESERVED
+CVE-2020-17726
+ RESERVED
+CVE-2020-17725
+ RESERVED
+CVE-2020-17724
+ RESERVED
+CVE-2020-17723
+ RESERVED
+CVE-2020-17722
+ RESERVED
+CVE-2020-17721
+ RESERVED
+CVE-2020-17720
+ RESERVED
+CVE-2020-17719
+ RESERVED
+CVE-2020-17718
+ RESERVED
+CVE-2020-17717
+ RESERVED
+CVE-2020-17716
+ RESERVED
+CVE-2020-17715
+ RESERVED
+CVE-2020-17714
+ RESERVED
+CVE-2020-17713
+ RESERVED
+CVE-2020-17712
+ RESERVED
+CVE-2020-17711
+ RESERVED
+CVE-2020-17710
+ RESERVED
+CVE-2020-17709
+ RESERVED
+CVE-2020-17708
+ RESERVED
+CVE-2020-17707
+ RESERVED
+CVE-2020-17706
+ RESERVED
+CVE-2020-17705
+ RESERVED
+CVE-2020-17704
+ RESERVED
+CVE-2020-17703
+ RESERVED
+CVE-2020-17702
+ RESERVED
+CVE-2020-17701
+ RESERVED
+CVE-2020-17700
+ RESERVED
+CVE-2020-17699
+ RESERVED
+CVE-2020-17698
+ RESERVED
+CVE-2020-17697
+ RESERVED
+CVE-2020-17696
+ RESERVED
+CVE-2020-17695
+ RESERVED
+CVE-2020-17694
+ RESERVED
+CVE-2020-17693
+ RESERVED
+CVE-2020-17692
+ RESERVED
+CVE-2020-17691
+ RESERVED
+CVE-2020-17690
+ RESERVED
+CVE-2020-17689
+ RESERVED
+CVE-2020-17688
+ RESERVED
+CVE-2020-17687
+ RESERVED
+CVE-2020-17686
+ RESERVED
+CVE-2020-17685
+ RESERVED
+CVE-2020-17684
+ RESERVED
+CVE-2020-17683
+ RESERVED
+CVE-2020-17682
+ RESERVED
+CVE-2020-17681
+ RESERVED
+CVE-2020-17680
+ RESERVED
+CVE-2020-17679
+ RESERVED
+CVE-2020-17678
+ RESERVED
+CVE-2020-17677
+ RESERVED
+CVE-2020-17676
+ RESERVED
+CVE-2020-17675
+ RESERVED
+CVE-2020-17674
+ RESERVED
+CVE-2020-17673
+ RESERVED
+CVE-2020-17672
+ RESERVED
+CVE-2020-17671
+ RESERVED
+CVE-2020-17670
+ RESERVED
+CVE-2020-17669
+ RESERVED
+CVE-2020-17668
+ RESERVED
+CVE-2020-17667
+ RESERVED
+CVE-2020-17666
+ RESERVED
+CVE-2020-17665
+ RESERVED
+CVE-2020-17664
+ RESERVED
+CVE-2020-17663
+ RESERVED
+CVE-2020-17662
+ RESERVED
+CVE-2020-17661
+ RESERVED
+CVE-2020-17660
+ RESERVED
+CVE-2020-17659
+ RESERVED
+CVE-2020-17658
+ RESERVED
+CVE-2020-17657
+ RESERVED
+CVE-2020-17656
+ RESERVED
+CVE-2020-17655
+ RESERVED
+CVE-2020-17654
+ RESERVED
+CVE-2020-17653
+ RESERVED
+CVE-2020-17652
+ RESERVED
+CVE-2020-17651
+ RESERVED
+CVE-2020-17650
+ RESERVED
+CVE-2020-17649
+ RESERVED
+CVE-2020-17648
+ RESERVED
+CVE-2020-17647
+ RESERVED
+CVE-2020-17646
+ RESERVED
+CVE-2020-17645
+ RESERVED
+CVE-2020-17644
+ RESERVED
+CVE-2020-17643
+ RESERVED
+CVE-2020-17642
+ RESERVED
+CVE-2020-17641
+ RESERVED
+CVE-2020-17640
+ RESERVED
+CVE-2020-17639
+ RESERVED
+CVE-2020-17638
+ RESERVED
+CVE-2020-17637
+ RESERVED
+CVE-2020-17636
+ RESERVED
+CVE-2020-17635
+ RESERVED
+CVE-2020-17634
+ RESERVED
+CVE-2020-17633
+ RESERVED
+CVE-2020-17632
+ RESERVED
+CVE-2020-17631
+ RESERVED
+CVE-2020-17630
+ RESERVED
+CVE-2020-17629
+ RESERVED
+CVE-2020-17628
+ RESERVED
+CVE-2020-17627
+ RESERVED
+CVE-2020-17626
+ RESERVED
+CVE-2020-17625
+ RESERVED
+CVE-2020-17624
+ RESERVED
+CVE-2020-17623
+ RESERVED
+CVE-2020-17622
+ RESERVED
+CVE-2020-17621
+ RESERVED
+CVE-2020-17620
+ RESERVED
+CVE-2020-17619
+ RESERVED
+CVE-2020-17618
+ RESERVED
+CVE-2020-17617
+ RESERVED
+CVE-2020-17616
+ RESERVED
+CVE-2020-17615
+ RESERVED
+CVE-2020-17614
+ RESERVED
+CVE-2020-17613
+ RESERVED
+CVE-2020-17612
+ RESERVED
+CVE-2020-17611
+ RESERVED
+CVE-2020-17610
+ RESERVED
+CVE-2020-17609
+ RESERVED
+CVE-2020-17608
+ RESERVED
+CVE-2020-17607
+ RESERVED
+CVE-2020-17606
+ RESERVED
+CVE-2020-17605
+ RESERVED
+CVE-2020-17604
+ RESERVED
+CVE-2020-17603
+ RESERVED
+CVE-2020-17602
+ RESERVED
+CVE-2020-17601
+ RESERVED
+CVE-2020-17600
+ RESERVED
+CVE-2020-17599
+ RESERVED
+CVE-2020-17598
+ RESERVED
+CVE-2020-17597
+ RESERVED
+CVE-2020-17596
+ RESERVED
+CVE-2020-17595
+ RESERVED
+CVE-2020-17594
+ RESERVED
+CVE-2020-17593
+ RESERVED
+CVE-2020-17592
+ RESERVED
+CVE-2020-17591
+ RESERVED
+CVE-2020-17590
+ RESERVED
+CVE-2020-17589
+ RESERVED
+CVE-2020-17588
+ RESERVED
+CVE-2020-17587
+ RESERVED
+CVE-2020-17586
+ RESERVED
+CVE-2020-17585
+ RESERVED
+CVE-2020-17584
+ RESERVED
+CVE-2020-17583
+ RESERVED
+CVE-2020-17582
+ RESERVED
+CVE-2020-17581
+ RESERVED
+CVE-2020-17580
+ RESERVED
+CVE-2020-17579
+ RESERVED
+CVE-2020-17578
+ RESERVED
+CVE-2020-17577
+ RESERVED
+CVE-2020-17576
+ RESERVED
+CVE-2020-17575
+ RESERVED
+CVE-2020-17574
+ RESERVED
+CVE-2020-17573
+ RESERVED
+CVE-2020-17572
+ RESERVED
+CVE-2020-17571
+ RESERVED
+CVE-2020-17570
+ RESERVED
+CVE-2020-17569
+ RESERVED
+CVE-2020-17568
+ RESERVED
+CVE-2020-17567
+ RESERVED
+CVE-2020-17566
+ RESERVED
+CVE-2020-17565
+ RESERVED
+CVE-2020-17564 (Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arb ...)
+ NOT-FOR-US: FeiFeiCMS
+CVE-2020-17563 (Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arb ...)
+ NOT-FOR-US: FeiFeiCMS
+CVE-2020-17562
+ RESERVED
+CVE-2020-17561
+ RESERVED
+CVE-2020-17560
+ RESERVED
+CVE-2020-17559
+ RESERVED
+CVE-2020-17558
+ RESERVED
+CVE-2020-17557
+ RESERVED
+CVE-2020-17556
+ RESERVED
+CVE-2020-17555
+ RESERVED
+CVE-2020-17554
+ RESERVED
+CVE-2020-17553
+ RESERVED
+CVE-2020-17552
+ RESERVED
+CVE-2020-17551 (ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which ...)
+ NOT-FOR-US: ImpressCMS
+CVE-2020-17550
+ RESERVED
+CVE-2020-17549
+ RESERVED
+CVE-2020-17548
+ RESERVED
+CVE-2020-17547
+ RESERVED
+CVE-2020-17546
+ RESERVED
+CVE-2020-17545
+ RESERVED
+CVE-2020-17544
+ RESERVED
+CVE-2020-17543
+ RESERVED
+CVE-2020-17542 (Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to ...)
+ NOT-FOR-US: dotCMS
+CVE-2020-17541 (Libjpeg-turbo all version have a stack-based buffer overflow in the "t ...)
+ - libjpeg-turbo 1:2.0.5-1 (unimportant)
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c76f4a08263b0cea40d2967560ac7c21f6959079
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392
+CVE-2020-17540
+ RESERVED
+CVE-2020-17539
+ RESERVED
+CVE-2020-17538 (A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/g ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51)
+ NOTE: chunk #1, see also CVE-2020-16296
+CVE-2020-17537
+ REJECTED
+CVE-2020-17536
+ REJECTED
+CVE-2020-17535
+ REJECTED
+CVE-2020-17534 (There exists a race condition between the deletion of the temporary fi ...)
+ NOT-FOR-US: netbeans-html4j
+CVE-2020-17533 (Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not ...)
+ NOT-FOR-US: Apache Accumulo
+CVE-2020-17532 (When handler-router component is enabled in servicecomb-java-chassis, ...)
+ NOT-FOR-US: servicecomb-java-chassis
+CVE-2020-17531 (A Java Serialization vulnerability was found in Apache Tapestry 4. Apa ...)
+ NOT-FOR-US: Apache Tapestry
+CVE-2020-17530 (Forced OGNL evaluation, when evaluated on raw user input in tag attrib ...)
+ - libstruts1.2-java <not-affected> (Specific to 2.x)
+ NOTE: https://cwiki.apache.org/confluence/display/WW/S2-061
+CVE-2020-17529 (Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incuba ...)
+ NOT-FOR-US: Apache NuttX
+CVE-2020-17528 (Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incuba ...)
+ NOT-FOR-US: Apache NuttX
+CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache Tomcat 10. ...)
+ {DSA-4835-1 DLA-2495-1}
+ - tomcat9 9.0.40-1
+ - tomcat8 <removed>
+ NOTE: https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65 (9.0.40)
+ NOTE: https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29 (8.5.60)
+CVE-2020-17526 (Incorrect Session Validation in Apache Airflow Webserver versions prio ...)
+ - airflow <itp> (bug #819700)
+CVE-2020-17525 (Subversion's mod_authz_svn module will crash if the server is using in ...)
+ {DSA-4851-1 DLA-2646-1}
+ - subversion 1.14.1-1 (bug #982464)
+ NOTE: https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
+CVE-2020-17524
+ REJECTED
+CVE-2020-17523 (Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a spec ...)
+ - shiro <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/01/3
+ NOTE: https://issues.apache.org/jira/browse/SHIRO-797
+CVE-2020-17522 (When ORT (now via atstccfg) generates ip_allow.config files in Apache ...)
+ NOT-FOR-US: Apache Traffic Control
+CVE-2020-17521 (Apache Groovy provides extension methods to aid with creating temporar ...)
+ - groovy 2.4.21-1 (bug #977399)
+ [buster] - groovy <no-dsa> (Minor issue)
+ [stretch] - groovy <no-dsa> (Minor issue)
+ - groovy2 <removed>
+ NOTE: https://issues.apache.org/jira/browse/GROOVY-9824
+ NOTE: https://www.openwall.com/lists/oss-security/2020/12/06/1
+ NOTE: https://github.com/apache/groovy/commit/4e418d4a34c973a7ec1e822552103043ac13780e (GROOVY_2_4_21)
+CVE-2020-17520 (In the Pulsar manager 0.1.0 version, malicious users will be able to b ...)
+ NOT-FOR-US: Apache Pulsar
+CVE-2020-17519 (A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and ...)
+ NOT-FOR-US: Apache Flink
+CVE-2020-17518 (Apache Flink 1.5.1 introduced a REST handler that allows you to write ...)
+ NOT-FOR-US: Apache Flink
+CVE-2020-17517 (The S3 buckets and keys in a secure Apache Ozone Cluster must be inacc ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2020-17516 (Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3 ...)
+ - cassandra <itp> (bug #585905)
+CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like '/trigger' ...)
+ - airflow <itp> (bug #819700)
+CVE-2020-17514 (Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ...)
+ NOT-FOR-US: Apache Fineract
+CVE-2020-17513 (In Apache Airflow versions prior to 1.10.13, the Charts and Query View ...)
+ - airflow <itp> (bug #819700)
+CVE-2020-17512
+ RESERVED
+CVE-2020-17511 (In Airflow versions prior to 1.10.13, when creating a user using airfl ...)
+ - airflow <itp> (bug #819700)
+CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...)
+ {DLA-2726-1}
+ - shiro 1.3.2-5 (bug #988728)
+ [bullseye] - shiro 1.3.2-4+deb11u1
+ [buster] - shiro 1.3.2-4+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7
+ NOTE: https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E
+ NOTE: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12349284&styleName=Text&projectId=12310950
+CVE-2020-17509 (ATS negative cache option is vulnerable to a cache poisoning attack. I ...)
+ {DSA-4805-1}
+ - trafficserver 8.1.1+ds-1
+ NOTE: https://github.com/apache/trafficserver/pull/7359
+ NOTE: https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E
+CVE-2020-17508 (The ATS ESI plugin has a memory disclosure vulnerability. If you are r ...)
+ {DSA-4805-1}
+ - trafficserver 8.1.1+ds-1
+ NOTE: https://github.com/apache/trafficserver/pull/7358
+ NOTE: https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E
+CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...)
+ {DLA-2377-1 DLA-2376-1}
+ - qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444)
+ [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u4
+ - qt4-x11 <removed> (bug #970308)
+ [buster] - qt4-x11 4:4.8.7+dfsg-18+deb10u1
+ NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308436 (dev branch)
+ NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308496 (5.15 branch)
+ NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308495 (5.12 branch)
+CVE-2020-17506 (Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privil ...)
+ NOT-FOR-US: Artica Web Proxy
+CVE-2020-17505 (Artica Web Proxy 4.30.000000 allows an authenticated remote attacker t ...)
+ NOT-FOR-US: Artica Web Proxy
+CVE-2020-17504 (The NDN-210 has a web administration panel which is made available ove ...)
+ NOT-FOR-US: Barco
+CVE-2020-17503 (The NDN-210 has a web administration panel which is made available ove ...)
+ NOT-FOR-US: Barco
+CVE-2020-17502 (Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). ...)
+ NOT-FOR-US: Barco
+CVE-2020-17501
+ RESERVED
+CVE-2020-17500 (Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 P ...)
+ NOT-FOR-US: Barco
+CVE-2020-17499
+ RESERVED
+CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. ...)
+ - wireshark 3.2.6-1
+ [buster] - wireshark <not-affected> (Vulnerable compose_tvb code not present)
+ [stretch] - wireshark <not-affected> (Vulnerable compose_tvb code not present)
+ NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672
+ NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=76afda963de4f0b9be24f2d8e873990a5cbf221b
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-10.html
+CVE-2020-17497 (eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to ...)
+ - iwd 1.9-1 (bug #968996)
+ [buster] - iwd <no-dsa> (Minor issue)
+ NOTE: https://lists.01.org/hyperkitty/list/iwd@lists.01.org/thread/4GUXL4Z6KZWWZINATGHNJVAEUTS3I7PG/
+ NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=f22ba5aebb569ca54521afd2babdc1f67e3904ea
+CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution via craf ...)
+ NOT-FOR-US: vBulletin
+CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...)
+ - python-django-celery-results <unfixed> (unimportant; bug #968305)
+ NOTE: https://github.com/celery/django-celery-results/issues/142
+ NOTE: Disputed upstream as security vulnerablity, as it is up to the developers who uses
+ NOTE: sensitive information when calling celery tasks to provide suitable replacement argument
+ NOTE: through argsrepr and kwargsrepr as described in:
+ NOTE: https://github.com/celery/django-celery-results/issues/154#issuecomment-734706270
+CVE-2020-17494 (Untangle Firewall NG before 16.0 uses MD5 for passwords. ...)
+ NOT-FOR-US: Untangle Firewall NG
+CVE-2020-17493
+ RESERVED
+CVE-2020-17492
+ RESERVED
+CVE-2020-17491
+ RESERVED
+CVE-2020-17490 (The TLS module within SaltStack Salt through 3002 creates certificates ...)
+ {DSA-4837-1 DLA-2480-1}
+ - salt 3002.1+dfsg1-1
+ NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
+ NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2018.3.x.patch (2018.3.x)
+ NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2016.11.x.patch (2016.11.x)
+CVE-2020-17489 (An issue was discovered in certain configurations of GNOME gnome-shell ...)
+ {DLA-2374-1}
+ - gnome-shell 3.36.5-1 (bug #968311)
+ [buster] - gnome-shell 3.30.2-11~deb10u2
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1377
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/13137aad9db52223e8b62cecbd3456f4a7f66f04
+CVE-2020-17488
+ RESERVED
+CVE-2020-17487 (radare2 4.5.0 misparses signature information in PE files, causing a s ...)
+ - radare2 5.0.0+dfsg-1
+ NOTE: https://github.com/radareorg/radare2/issues/17431
+CVE-2020-17486
+ RESERVED
+CVE-2020-17485
+ RESERVED
+CVE-2020-17484
+ RESERVED
+CVE-2020-17483
+ RESERVED
+CVE-2020-17482 (An issue has been found in PowerDNS Authoritative Server before 4.3.1 ...)
+ - pdns 4.3.1-1 (bug #970737)
+ [buster] - pdns 4.1.6-3+deb10u1
+ [stretch] - pdns <no-dsa> (Minor issue)
+ NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
+CVE-2020-17481
+ RESERVED
+CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...)
+ - tinymce <removed> (bug #972642)
+ [buster] - tinymce <no-dsa> (Minor issue)
+ [stretch] - tinymce <no-dsa> (Minor issue)
+ NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
+CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...)
+ NOT-FOR-US: jpv
+CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly conside ...)
+ - libcrypt-perl-perl <itp> (bug #907353)
+CVE-2020-17477
+ RESERVED
+CVE-2020-17476 (Mibew Messenger before 3.2.7 allows XSS via a crafted user name. ...)
+ NOT-FOR-US: Mibew Messenger
+CVE-2020-17475 (Lack of authentication in the network relays used in MEGVII Koala 2.9. ...)
+ NOT-FOR-US: MEGVII Koala
+CVE-2020-17474 (A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiose ...)
+ NOT-FOR-US: ZKTeco FaceDepot 7B and ZKBiosecurity Server
+CVE-2020-17473 (Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBio ...)
+ NOT-FOR-US: ZKTeco FaceDepot and ZKBiosecurity Server
+CVE-2020-17472
+ RESERVED
+CVE-2020-17471
+ RESERVED
+CVE-2020-17470 (An issue was discovered in FNET through 4.6.4. The code that initializ ...)
+ NOT-FOR-US: FNET
+CVE-2020-17469 (An issue was discovered in FNET through 4.6.4. The code for IPv6 fragm ...)
+ NOT-FOR-US: FNET
+CVE-2020-17468 (An issue was discovered in FNET through 4.6.4. The code for processing ...)
+ NOT-FOR-US: FNET
+CVE-2020-17467 (An issue was discovered in FNET through 4.6.4. The code for processing ...)
+ NOT-FOR-US: FNET
+CVE-2020-17466 (Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by ...)
+ NOT-FOR-US: Turcom TRCwifiZone
+CVE-2020-17465 (Dashboards and progressiveProfileForms in ForgeRock Identity Manager b ...)
+ NOT-FOR-US: Dashboards and progressiveProfileForms in ForgeRock Identity Manager
+CVE-2020-17464
+ REJECTED
+CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2020-17462 (CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload beca ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-17461
+ RESERVED
+CVE-2020-17460
+ RESERVED
+CVE-2020-17459
+ RESERVED
+CVE-2020-17458 (A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via th ...)
+ NOT-FOR-US: MultiUx
+CVE-2020-17457 (Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticate ...)
+ NOT-FOR-US: Fujitsu
+CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...)
+ NOT-FOR-US: SEOWON INTECH
+CVE-2020-17455
+ RESERVED
+CVE-2020-17454 (WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher ...)
+ NOT-FOR-US: WSO2 API Manager
+CVE-2020-17453 (WSO2 Management Console through 5.10 allows XSS via the carbon/admin/l ...)
+ NOT-FOR-US: WSO2 Management Console
+CVE-2020-17452 (flatCore before 1.5.7 allows upload and execution of a .php file by an ...)
+ NOT-FOR-US: flatCore CMS
+CVE-2020-17451 (flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pa ...)
+ NOT-FOR-US: flatCore CMS
+CVE-2020-17450 (PHP-Fusion 9.03 allows XSS on the preview page. ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-17449 (PHP-Fusion 9.03 allows XSS via the error_log file. ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-17448 (Telegram Desktop through 2.1.13 allows a spoofed file type to bypass t ...)
+ - telegram-desktop 2.2.0+ds-1
+ [buster] - telegram-desktop <no-dsa> (Minor issue)
+CVE-2020-17447
+ REJECTED
+CVE-2020-17446 (asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger ...)
+ {DLA-2363-1}
+ - asyncpg 0.21.0-1
+ NOTE: https://github.com/MagicStack/asyncpg/commit/69bcdf5bf7696b98ee708be5408fd7d854e910d0
+CVE-2020-17445 (An issue was discovered in picoTCP 1.7.0. The code for processing the ...)
+ NOT-FOR-US: picoTCP
+CVE-2020-17444 (An issue was discovered in picoTCP 1.7.0. The routine for processing t ...)
+ NOT-FOR-US: picoTCP
+CVE-2020-17443 (An issue was discovered in picoTCP 1.7.0. The code for creating an ICM ...)
+ NOT-FOR-US: picoTCP
+CVE-2020-17442 (An issue was discovered in picoTCP 1.7.0. The code for parsing the hop ...)
+ NOT-FOR-US: picoTCP
+CVE-2020-17441 (An issue was discovered in picoTCP 1.7.0. The code for processing the ...)
+ NOT-FOR-US: picoTCP
+CVE-2020-17440 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...)
+ NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi)
+CVE-2020-17439 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...)
+ NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi)
+CVE-2020-17438 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...)
+ NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi)
+CVE-2020-17437 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...)
+ - open-iscsi 2.1.3-1
+ [buster] - open-iscsi <no-dsa> (Minor issue)
+ [stretch] - open-iscsi <no-dsa> (Minor issue)
+ NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
+ NOTE: Adressed upstream in 2.1.3 release
+CVE-2020-17436 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17435 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17434 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17433 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17432 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17431 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17430 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17429 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17428 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17427 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17426 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17425 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17424 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17423 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17422 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17421 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17420 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17419 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17418 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17417 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-17416 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-17415 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17414 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-17413 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17412 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17411 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17410 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17409 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ NOT-FOR-US: Netgear
+CVE-2020-17408 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: NEC
+CVE-2020-17407 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Microhard Bullet-LTE
+CVE-2020-17406 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Microhard Bullet-LTE
+CVE-2020-17405 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Senstar Symphony
+CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17403 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17402 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17401 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17400 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17399 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17398 (This vulnerability allows local attackers to disclose information on a ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17397 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17396 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17395 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17394 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17393 (This vulnerability allows local attackers to disclose information on a ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17392 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17391 (This vulnerability allows local attackers to disclose information on a ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17390 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2020-17389 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Marvell QConvergeConsole
+CVE-2020-17388 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Marvell QConvergeConsole
+CVE-2020-17387 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Marvell QConvergeConsole
+CVE-2020-17386 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
+ NOT-FOR-US: Cellopoint Cellos
+CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
+ NOT-FOR-US: Cellopoint Cellos
+CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...)
+ NOT-FOR-US: Cellopoint Cellos
+CVE-2020-17383 (A directory traversal vulnerability on Telos Z/IP One devices through ...)
+ NOT-FOR-US: Telos Z/IP ONE Broadcast
+CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x801 ...)
+ NOT-FOR-US: MSI AmbientLink MsIo64 driver
+CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...)
+ NOT-FOR-US: Ghisler Total Commander
+CVE-2020-17380 (A heap-based buffer overflow was found in QEMU through 5.0.0 in the SD ...)
+ {DLA-2623-1}
+ - qemu 1:5.2+dfsg-10 (bug #970937)
+ [buster] - qemu <postponed> (Minor issue, fix along in future DSA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3
+ NOTE: possible duplicate of CVE-2020-25085, see RH bug
+CVE-2020-17379
+ RESERVED
+CVE-2020-17378
+ RESERVED
+CVE-2020-17377
+ RESERVED
+CVE-2020-17376 (An issue was discovered in Guest.migrate in virt/libvirt/guest.py in O ...)
+ - nova 2:21.1.0-1 (bug #969052)
+ [buster] - nova <no-dsa> (Minor issue)
+ [stretch] - nova <no-dsa> (Minor issue)
+ NOTE: https://launchpad.net/bugs/1890501
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/25/4
+CVE-2020-17375
+ RESERVED
+CVE-2020-17374
+ RESERVED
+CVE-2020-17373 (SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. ...)
+ NOT-FOR-US: SugarCRM
+CVE-2020-17372 (SugarCRM before 10.1.0 (Q3 2020) allows XSS. ...)
+ NOT-FOR-US: SugarCRM
+CVE-2020-17371
+ RESERVED
+CVE-2020-17370
+ RESERVED
+CVE-2020-17369
+ RESERVED
+CVE-2020-17368 (Firejail through 0.9.62 mishandles shell metacharacters during use of ...)
+ {DSA-4767-1 DSA-4742-1 DLA-2336-1}
+ - firejail 0.9.62-4
+ NOTE: https://phabricator.wikimedia.org/T258763
+ NOTE: https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b
+ NOTE: https://phabricator.wikimedia.org/T257062
+ NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
+CVE-2020-17367 (Firejail through 0.9.62 does not honor the -- end-of-options indicator ...)
+ {DSA-4767-1 DSA-4742-1 DLA-2336-1}
+ - firejail 0.9.62-4
+ NOTE: https://phabricator.wikimedia.org/T258763
+ NOTE: https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37
+ NOTE: https://phabricator.wikimedia.org/T257062
+ NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
+CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. ...)
+ - routinator <itp> (bug #929024)
+ NOTE: https://github.com/NLnetLabs/routinator/issues/319
+CVE-2020-17365 (Improper directory permissions in the Hotspot Shield VPN client softwa ...)
+ NOT-FOR-US: Hotspot Shield VPN client for Windows
+CVE-2020-17364 (USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. ...)
+ NOT-FOR-US: User-friendly SVN
+CVE-2020-17363 (USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution ...)
+ NOT-FOR-US: User-friendly SVN
+CVE-2020-17362 (search.php in the Nova Lite theme before 1.3.9 for WordPress allows Re ...)
+ NOT-FOR-US: Nova Lite theme for WordPress
+CVE-2020-17361 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...)
+ NOT-FOR-US: ReadyTalk Avian
+CVE-2020-17360 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...)
+ NOT-FOR-US: ReadyTalk Avian
+CVE-2020-17359
+ RESERVED
+CVE-2020-17358
+ RESERVED
+CVE-2020-17357
+ RESERVED
+CVE-2020-17356
+ RESERVED
+CVE-2020-17355 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...)
+ NOT-FOR-US: Arista
+CVE-2020-17354
+ RESERVED
+ NOTE: https://phabricator.wikimedia.org/T259210
+ NOTE: https://phabricator.wikimedia.org/T257062
+ NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
+CVE-2020-17353 (scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x ...)
+ {DSA-4756-1}
+ - lilypond 2.20.0-2 (bug #968993)
+ NOTE: https://phabricator.wikimedia.org/T258547
+ NOTE: http://git.savannah.gnu.org/gitweb/?p=lilypond.git;a=commit;h=b84ea4740f3279516905c5db05f4074e777c16ff
+ NOTE: https://phabricator.wikimedia.org/T257062
+ NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory
+CVE-2020-17352 (Two OS command injection vulnerabilities in the User Portal of Sophos ...)
+ NOT-FOR-US: Sophos
+CVE-2020-17351
+ RESERVED
+CVE-2020-17350
+ RESERVED
+CVE-2020-17349
+ RESERVED
+CVE-2020-17348
+ RESERVED
+CVE-2020-17347
+ RESERVED
+CVE-2020-17346
+ RESERVED
+CVE-2020-17345
+ RESERVED
+CVE-2020-17344
+ RESERVED
+CVE-2020-17343
+ RESERVED
+CVE-2020-17342
+ RESERVED
+CVE-2020-17341
+ RESERVED
+CVE-2020-17340
+ RESERVED
+CVE-2020-17339
+ RESERVED
+CVE-2020-17338
+ RESERVED
+CVE-2020-17337
+ RESERVED
+CVE-2020-17336
+ RESERVED
+CVE-2020-17335
+ RESERVED
+CVE-2020-17334
+ RESERVED
+CVE-2020-17333
+ RESERVED
+CVE-2020-17332
+ RESERVED
+CVE-2020-17331
+ RESERVED
+CVE-2020-17330
+ RESERVED
+CVE-2020-17329
+ RESERVED
+CVE-2020-17328
+ RESERVED
+CVE-2020-17327
+ RESERVED
+CVE-2020-17326
+ RESERVED
+CVE-2020-17325
+ RESERVED
+CVE-2020-17324
+ RESERVED
+CVE-2020-17323
+ RESERVED
+CVE-2020-17322
+ RESERVED
+CVE-2020-17321
+ RESERVED
+CVE-2020-17320
+ RESERVED
+CVE-2020-17319
+ RESERVED
+CVE-2020-17318
+ RESERVED
+CVE-2020-17317
+ RESERVED
+CVE-2020-17316
+ RESERVED
+CVE-2020-17315
+ RESERVED
+CVE-2020-17314
+ RESERVED
+CVE-2020-17313
+ RESERVED
+CVE-2020-17312
+ RESERVED
+CVE-2020-17311
+ RESERVED
+CVE-2020-17310
+ RESERVED
+CVE-2020-17309
+ RESERVED
+CVE-2020-17308
+ RESERVED
+CVE-2020-17307
+ RESERVED
+CVE-2020-17306
+ RESERVED
+CVE-2020-17305
+ RESERVED
+CVE-2020-17304
+ RESERVED
+CVE-2020-17303
+ RESERVED
+CVE-2020-17302
+ RESERVED
+CVE-2020-17301
+ RESERVED
+CVE-2020-17300
+ RESERVED
+CVE-2020-17299
+ RESERVED
+CVE-2020-17298
+ RESERVED
+CVE-2020-17297
+ RESERVED
+CVE-2020-17296
+ RESERVED
+CVE-2020-17295
+ RESERVED
+CVE-2020-17294
+ RESERVED
+CVE-2020-17293
+ RESERVED
+CVE-2020-17292
+ RESERVED
+CVE-2020-17291
+ RESERVED
+CVE-2020-17290
+ RESERVED
+CVE-2020-17289
+ RESERVED
+CVE-2020-17288
+ RESERVED
+CVE-2020-17287
+ RESERVED
+CVE-2020-17286
+ RESERVED
+CVE-2020-17285
+ RESERVED
+CVE-2020-17284
+ RESERVED
+CVE-2020-17283
+ RESERVED
+CVE-2020-17282
+ RESERVED
+CVE-2020-17281
+ RESERVED
+CVE-2020-17280
+ RESERVED
+CVE-2020-17279
+ RESERVED
+CVE-2020-17278
+ RESERVED
+CVE-2020-17277
+ RESERVED
+CVE-2020-17276
+ RESERVED
+CVE-2020-17275
+ RESERVED
+CVE-2020-17274
+ RESERVED
+CVE-2020-17273
+ RESERVED
+CVE-2020-17272
+ RESERVED
+CVE-2020-17271
+ RESERVED
+CVE-2020-17270
+ RESERVED
+CVE-2020-17269
+ RESERVED
+CVE-2020-17268
+ RESERVED
+CVE-2020-17267
+ RESERVED
+CVE-2020-17266
+ RESERVED
+CVE-2020-17265
+ RESERVED
+CVE-2020-17264
+ RESERVED
+CVE-2020-17263
+ RESERVED
+CVE-2020-17262
+ RESERVED
+CVE-2020-17261
+ RESERVED
+CVE-2020-17260
+ RESERVED
+CVE-2020-17259
+ RESERVED
+CVE-2020-17258
+ RESERVED
+CVE-2020-17257
+ RESERVED
+CVE-2020-17256
+ RESERVED
+CVE-2020-17255
+ RESERVED
+CVE-2020-17254
+ RESERVED
+CVE-2020-17253
+ RESERVED
+CVE-2020-17252
+ RESERVED
+CVE-2020-17251
+ RESERVED
+CVE-2020-17250
+ RESERVED
+CVE-2020-17249
+ RESERVED
+CVE-2020-17248
+ RESERVED
+CVE-2020-17247
+ RESERVED
+CVE-2020-17246
+ RESERVED
+CVE-2020-17245
+ RESERVED
+CVE-2020-17244
+ RESERVED
+CVE-2020-17243
+ RESERVED
+CVE-2020-17242
+ RESERVED
+CVE-2020-17241
+ RESERVED
+CVE-2020-17240
+ RESERVED
+CVE-2020-17239
+ RESERVED
+CVE-2020-17238
+ RESERVED
+CVE-2020-17237
+ RESERVED
+CVE-2020-17236
+ RESERVED
+CVE-2020-17235
+ RESERVED
+CVE-2020-17234
+ RESERVED
+CVE-2020-17233
+ RESERVED
+CVE-2020-17232
+ RESERVED
+CVE-2020-17231
+ RESERVED
+CVE-2020-17230
+ RESERVED
+CVE-2020-17229
+ RESERVED
+CVE-2020-17228
+ RESERVED
+CVE-2020-17227
+ RESERVED
+CVE-2020-17226
+ RESERVED
+CVE-2020-17225
+ RESERVED
+CVE-2020-17224
+ RESERVED
+CVE-2020-17223
+ RESERVED
+CVE-2020-17222
+ RESERVED
+CVE-2020-17221
+ RESERVED
+CVE-2020-17220
+ RESERVED
+CVE-2020-17219
+ RESERVED
+CVE-2020-17218
+ RESERVED
+CVE-2020-17217
+ RESERVED
+CVE-2020-17216
+ RESERVED
+CVE-2020-17215
+ RESERVED
+CVE-2020-17214
+ RESERVED
+CVE-2020-17213
+ RESERVED
+CVE-2020-17212
+ RESERVED
+CVE-2020-17211
+ RESERVED
+CVE-2020-17210
+ RESERVED
+CVE-2020-17209
+ RESERVED
+CVE-2020-17208
+ RESERVED
+CVE-2020-17207
+ RESERVED
+CVE-2020-17206
+ RESERVED
+CVE-2020-17205
+ RESERVED
+CVE-2020-17204
+ RESERVED
+CVE-2020-17203
+ RESERVED
+CVE-2020-17202
+ RESERVED
+CVE-2020-17201
+ RESERVED
+CVE-2020-17200
+ RESERVED
+CVE-2020-17199
+ RESERVED
+CVE-2020-17198
+ RESERVED
+CVE-2020-17197
+ RESERVED
+CVE-2020-17196
+ RESERVED
+CVE-2020-17195
+ RESERVED
+CVE-2020-17194
+ RESERVED
+CVE-2020-17193
+ RESERVED
+CVE-2020-17192
+ RESERVED
+CVE-2020-17191
+ RESERVED
+CVE-2020-17190
+ RESERVED
+CVE-2020-17189
+ RESERVED
+CVE-2020-17188
+ RESERVED
+CVE-2020-17187
+ RESERVED
+CVE-2020-17186
+ RESERVED
+CVE-2020-17185
+ RESERVED
+CVE-2020-17184
+ RESERVED
+CVE-2020-17183
+ RESERVED
+CVE-2020-17182
+ RESERVED
+CVE-2020-17181
+ RESERVED
+CVE-2020-17180
+ RESERVED
+CVE-2020-17179
+ RESERVED
+CVE-2020-17178
+ RESERVED
+CVE-2020-17177
+ RESERVED
+CVE-2020-17176
+ RESERVED
+CVE-2020-17175
+ RESERVED
+CVE-2020-17174
+ RESERVED
+CVE-2020-17173
+ RESERVED
+CVE-2020-17172
+ RESERVED
+CVE-2020-17171
+ RESERVED
+CVE-2020-17170
+ RESERVED
+CVE-2020-17169
+ RESERVED
+CVE-2020-17168
+ RESERVED
+CVE-2020-17167
+ RESERVED
+CVE-2020-17166
+ RESERVED
+CVE-2020-17165
+ RESERVED
+CVE-2020-17164
+ RESERVED
+CVE-2020-17163
+ RESERVED
+CVE-2020-17162 (Microsoft Windows Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17161
+ RESERVED
+CVE-2020-17160
+ REJECTED
+CVE-2020-17159 (Visual Studio Code Java Extension Pack Remote Code Execution Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17158 (Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17157
+ RESERVED
+CVE-2020-17156 (Visual Studio Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17155
+ RESERVED
+CVE-2020-17154
+ RESERVED
+CVE-2020-17153 (Microsoft Edge for Android Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17152 (Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17151
+ RESERVED
+CVE-2020-17150 (Visual Studio Code Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17149
+ RESERVED
+CVE-2020-17148 (Visual Studio Code Remote Development Extension Remote Code Execution ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17147 (Dynamics CRM Webclient Cross-site Scripting Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17146
+ RESERVED
+CVE-2020-17145 (Azure DevOps Server and Team Foundation Services Spoofing Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17144 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17143 (Microsoft Exchange Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17142 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17141 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17140 (Windows SMB Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17139 (Windows Overlay Filter Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17138 (Windows Error Reporting Information Disclosure Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17137 (DirectX Graphics Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17136 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17135 (Azure DevOps Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17134 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17133 (Microsoft Dynamics Business Central/NAV Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17132 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17131 (Chakra Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17130 (Microsoft Excel Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17129 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17128 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17127 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17126 (Microsoft Excel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17125 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17124 (Microsoft PowerPoint Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17123 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17122 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17121 (Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17120 (Microsoft SharePoint Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17119 (Microsoft Outlook Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17118 (Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17117 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17116
+ RESERVED
+CVE-2020-17115 (Microsoft SharePoint Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17114
+ RESERVED
+CVE-2020-17113 (Windows Camera Codec Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17112
+ RESERVED
+CVE-2020-17111
+ RESERVED
+CVE-2020-17110 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17109 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17108 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17107 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17106 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17105 (AV1 Video Extension Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17104 (Visual Studio Code JSHint Extension Remote Code Execution Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17103 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17102 (WebP Image Extensions Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17101 (HEIF Image Extensions Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17100 (Visual Studio Tampering Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17099 (Windows Lock Screen Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17098 (Windows GDI+ Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17097 (Windows Digital Media Receiver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17096 (Windows NTFS Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17095 (Hyper-V Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17094 (Windows Error Reporting Information Disclosure Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17093
+ RESERVED
+CVE-2020-17092 (Windows Network Connections Service Elevation of Privilege Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17091 (Microsoft Teams Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17090 (Microsoft Defender for Endpoint Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17089 (Microsoft SharePoint Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17088 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17087 (Windows Kernel Local Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17086 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17085 (Microsoft Exchange Server Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17084 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17083 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17082 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17081 (Microsoft Raw Image Extension Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17080
+ RESERVED
+CVE-2020-17079 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17078 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17077 (Windows Update Stack Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17076 (Windows Update Orchestrator Service Elevation of Privilege Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17075 (Windows USO Core Worker Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17074 (Windows Update Orchestrator Service Elevation of Privilege Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17073 (Windows Update Orchestrator Service Elevation of Privilege Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17072
+ RESERVED
+CVE-2020-17071 (Windows Delivery Optimization Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17070 (Windows Update Medic Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17069 (Windows NDIS Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17068 (Windows GDI+ Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17067 (Microsoft Excel Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17066 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17065 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17064 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17063 (Microsoft Office Online Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17062 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17061 (Microsoft SharePoint Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17060 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17059
+ RESERVED
+CVE-2020-17058 (Microsoft Browser Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17057 (Windows Win32k Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17056 (Windows Network File System Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17055 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17054 (Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17053 (Internet Explorer Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17052 (Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17051 (Windows Network File System Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17050
+ RESERVED
+CVE-2020-17049 (Kerberos Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17048 (Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17047 (Windows Network File System Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17046 (Windows Error Reporting Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17045 (Windows KernelStream Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17044 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17043 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17042 (Windows Print Spooler Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17041 (Windows Print Configuration Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17040 (Windows Hyper-V Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17039
+ RESERVED
+CVE-2020-17038 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17037 (Windows WalletService Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17036 (Windows Function Discovery SSDP Provider Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17035 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17034 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17033 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17032 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17031 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17030 (Windows MSCTF Server Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17029 (Windows Canonical Display Driver Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17028 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17027 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17026 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17025 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17024 (Windows Client Side Rendering Print Provider Elevation of Privilege Vu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17023 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17022 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17021 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17020 (Microsoft Word Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17019 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17018 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17017 (Microsoft SharePoint Information Disclosure Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17016 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17015 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17014 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17013 (Win32k Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17012 (Windows Bind Filter Driver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17011 (Windows Port Class Library Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17010 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17009
+ RESERVED
+CVE-2020-17008
+ RESERVED
+CVE-2020-17007 (Windows Error Reporting Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17006 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17005 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17004 (Windows Graphics Component Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17003 (A remote code execution vulnerability exists when the Base3D rendering ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17002 (Azure SDK for C Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17001 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17000 (Remote Desktop Protocol Client Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16999 (Windows WalletService Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16998 (DirectX Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16997 (Remote Desktop Protocol Server Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16996 (Kerberos Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16995 (An elevation of privilege vulnerability exists in Network Watcher Agen ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16994 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16993 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16992 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16991 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16990 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16989 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16988 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16987 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16986 (Azure Sphere Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16985 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16984 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16983 (Azure Sphere Tampering Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16982 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16981 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16980 (An elevation of privilege vulnerability exists when the Windows iSCSI ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16979 (Microsoft SharePoint Information Disclosure Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16978 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16977 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16976 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16975 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16974 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16973 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16972 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16971 (Azure SDK for Java Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16970 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16969 (An information disclosure vulnerability exists in how Microsoft Exchan ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16968 (A remote code execution vulnerability exists when the Windows Camera C ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16967 (A remote code execution vulnerability exists when the Windows Camera C ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16966
+ RESERVED
+CVE-2020-16965
+ RESERVED
+CVE-2020-16964 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16963 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16962 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16961 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16960 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16959 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16958 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16957 (A remote code execution vulnerability exists when the Microsoft Office ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16956 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16955 (An elevation of privilege vulnerability exists in the way that Microso ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16954 (A remote code execution vulnerability exists in Microsoft Office softw ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16953 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16952 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16951 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16950 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16949 (A denial of service vulnerability exists in Microsoft Outlook software ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16948 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16947 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16946 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16945 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16944 (This vulnerability is caused when SharePoint Server does not properly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16943 (An elevation of privilege vulnerability exists in Microsoft Dynamics 3 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16942 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16941 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16940 (An elevation of privilege vulnerability exists when the Windows User P ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16939 (An elevation of privilege vulnerability exists when Group Policy impro ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16938 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16937 (An information disclosure vulnerability exists when the .NET Framework ...)
+ - dotnet-core-3.1 <itp> (bug #968921)
+CVE-2020-16936 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16935 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16934 (An elevation of privilege vulnerability exists in the way that Microso ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16933 (A security feature bypass vulnerability exists in Microsoft Word softw ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16932 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16931 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16930 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16929 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16928 (An elevation of privilege vulnerability exists in the way that Microso ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16927 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16926
+ RESERVED
+CVE-2020-16925
+ RESERVED
+CVE-2020-16924 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16923 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16922 (A spoofing vulnerability exists when Windows incorrectly validates fil ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16921 (An information disclosure vulnerability exists in Text Services Framew ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16920 (An elevation of privilege vulnerability exists when the Windows Applic ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16919 (An information disclosure vulnerability exists when the Windows Enterp ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16918 (A remote code execution vulnerability exists when the Base3D rendering ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16917
+ RESERVED
+CVE-2020-16916 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16915 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16914 (An information disclosure vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16913 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16912 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16911 (A remote code execution vulnerability exists in the way that the Windo ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16910 (A security feature bypass vulnerability exists when Microsoft Windows ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16909 (An elevation of privilege vulnerability exists in Windows Error Report ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16908 (An elevation of privilege vulnerability exists in Windows Setup in the ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16907 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16906
+ RESERVED
+CVE-2020-16905 (An elevation of privilege vulnerability exists in Windows Error Report ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16904 (An elevation of privilege vulnerability exists in the way Azure Functi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16903
+ RESERVED
+CVE-2020-16902 (An elevation of privilege vulnerability exists in the Windows Installe ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16901 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16900 (An elevation of privilege vulnerability exists when the Windows Event ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16899 (A denial of service vulnerability exists when the Windows TCP/IP stack ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16898 (A remote code execution vulnerability exists when the Windows TCP/IP s ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16897 (An information disclosure vulnerability exists when NetBIOS over TCP ( ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16896 (An information disclosure vulnerability exists in Remote Desktop Proto ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16895 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16894 (A remote code execution vulnerability exists when Windows Network Addr ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16893
+ RESERVED
+CVE-2020-16892 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16891 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16890 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16889 (An information disclosure vulnerability exists when the Windows Kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16888
+ RESERVED
+CVE-2020-16887 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16886 (A security feature bypass vulnerability exists in the PowerShellGet V2 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16885 (An elevation of privilege vulnerability exists when the Windows Storag ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16884 (A remote code execution vulnerability exists in the way that the IEToE ...)
+ NOT-FOR-US: IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer
+CVE-2020-16883
+ RESERVED
+CVE-2020-16882
+ RESERVED
+CVE-2020-16881 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16880
+ RESERVED
+CVE-2020-16879 (An information disclosure vulnerability exists when a Windows Projecte ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16878 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16877 (An elevation of privilege vulnerability exists when Microsoft Windows ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16876 (An elevation of privilege vulnerability exists when the Windows Applic ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16875 (A remote code execution vulnerability exists in Microsoft Exchange ser ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16874 (A remote code execution vulnerability exists in Visual Studio when it ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16873 (A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to t ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16872 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16871 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16870
+ RESERVED
+CVE-2020-16869
+ RESERVED
+CVE-2020-16868
+ RESERVED
+CVE-2020-16867
+ RESERVED
+CVE-2020-16866
+ RESERVED
+CVE-2020-16865
+ RESERVED
+CVE-2020-16864 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16863 (A denial of service vulnerability exists in Windows Remote Desktop Ser ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16862 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16861 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16860 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16859 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16858 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16857 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16856 (A remote code execution vulnerability exists in Visual Studio when it ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16855 (An information disclosure vulnerability exists when Microsoft Office s ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16854 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16853 (An elevation of privilege vulnerability exists when the OneDrive for W ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16852 (An elevation of privilege vulnerability exists when the OneDrive for W ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16851 (An elevation of privilege vulnerability exists when the OneDrive for W ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16850 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthent ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-16849 (An issue was discovered on Canon MF237w 06.07 devices. An "Improper Ha ...)
+ NOT-FOR-US: Canon
+CVE-2020-16848
+ RESERVED
+CVE-2020-16847 (Extreme Analytics in Extreme Management Center before 8.5.0.169 allows ...)
+ NOT-FOR-US: Extreme Management Center
+CVE-2020-16846 (An issue was discovered in SaltStack Salt through 3002. Sending crafte ...)
+ {DSA-4837-1 DLA-2480-1}
+ - salt 3002.1+dfsg1-1
+ NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
+ NOTE: https://gitlab.com/saltstack/open/salt-patches/tree/master/patches/2020/09/02/
+ NOTE: Regression: https://github.com/saltstack/salt/issues/58970
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/84d91931865626a9b53558f88d6c8919a270df3a (v3000.6)
+CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...)
+ {DSA-4848-1 DLA-2460-1 DLA-2459-1}
+ - golang-1.15 1.15~rc2-1
+ - golang-1.14 1.14.7-1
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo
+ NOTE: https://github.com/golang/go/issues/40618
+ NOTE: Fixed in 1.15~rc2, 1.14.7, 1.13.15
+CVE-2020-16844 (In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users ...)
+ NOT-FOR-US: Istio
+CVE-2020-16843 (In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the netw ...)
+ NOT-FOR-US: Firecracker
+CVE-2020-16842
+ RESERVED
+CVE-2020-16841
+ RESERVED
+CVE-2020-16840
+ RESERVED
+CVE-2020-16839 (On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before th ...)
+ NOT-FOR-US: Crestron
+CVE-2020-16838
+ RESERVED
+CVE-2020-16837
+ RESERVED
+CVE-2020-16836
+ REJECTED
+CVE-2020-16835
+ REJECTED
+CVE-2020-16834
+ REJECTED
+CVE-2020-16833
+ REJECTED
+CVE-2020-16832
+ REJECTED
+CVE-2020-16831
+ REJECTED
+CVE-2020-16830
+ REJECTED
+CVE-2020-16829
+ REJECTED
+CVE-2020-16828
+ REJECTED
+CVE-2020-16827
+ REJECTED
+CVE-2020-16826
+ REJECTED
+CVE-2020-16825
+ REJECTED
+CVE-2020-16824
+ REJECTED
+CVE-2020-16823
+ REJECTED
+CVE-2020-16822
+ REJECTED
+CVE-2020-16821
+ REJECTED
+CVE-2020-16820
+ REJECTED
+CVE-2020-16819
+ REJECTED
+CVE-2020-16818
+ REJECTED
+CVE-2020-16817
+ REJECTED
+CVE-2020-16816
+ REJECTED
+CVE-2020-16815
+ REJECTED
+CVE-2020-16814
+ REJECTED
+CVE-2020-16813
+ REJECTED
+CVE-2020-16812
+ REJECTED
+CVE-2020-16811
+ REJECTED
+CVE-2020-16810
+ REJECTED
+CVE-2020-16809
+ REJECTED
+CVE-2020-16808
+ REJECTED
+CVE-2020-16807
+ REJECTED
+CVE-2020-16806
+ REJECTED
+CVE-2020-16805
+ REJECTED
+CVE-2020-16804
+ REJECTED
+CVE-2020-16803
+ REJECTED
+CVE-2020-16802
+ REJECTED
+CVE-2020-16801
+ REJECTED
+CVE-2020-16800
+ REJECTED
+CVE-2020-16799
+ REJECTED
+CVE-2020-16798
+ REJECTED
+CVE-2020-16797
+ REJECTED
+CVE-2020-16796
+ REJECTED
+CVE-2020-16795
+ REJECTED
+CVE-2020-16794
+ REJECTED
+CVE-2020-16793
+ REJECTED
+CVE-2020-16792
+ REJECTED
+CVE-2020-16791
+ REJECTED
+CVE-2020-16790
+ REJECTED
+CVE-2020-16789
+ REJECTED
+CVE-2020-16788
+ REJECTED
+CVE-2020-16787
+ REJECTED
+CVE-2020-16786
+ REJECTED
+CVE-2020-16785
+ REJECTED
+CVE-2020-16784
+ REJECTED
+CVE-2020-16783
+ REJECTED
+CVE-2020-16782
+ REJECTED
+CVE-2020-16781
+ REJECTED
+CVE-2020-16780
+ REJECTED
+CVE-2020-16779
+ REJECTED
+CVE-2020-16778
+ REJECTED
+CVE-2020-16777
+ REJECTED
+CVE-2020-16776
+ REJECTED
+CVE-2020-16775
+ REJECTED
+CVE-2020-16774
+ REJECTED
+CVE-2020-16773
+ REJECTED
+CVE-2020-16772
+ REJECTED
+CVE-2020-16771
+ REJECTED
+CVE-2020-16770
+ REJECTED
+CVE-2020-16769
+ REJECTED
+CVE-2020-16768
+ REJECTED
+CVE-2020-16767
+ REJECTED
+CVE-2020-16766
+ REJECTED
+CVE-2020-16765
+ REJECTED
+CVE-2020-16764
+ REJECTED
+CVE-2020-16763
+ REJECTED
+CVE-2020-16762
+ REJECTED
+CVE-2020-16761
+ REJECTED
+CVE-2020-16760
+ REJECTED
+CVE-2020-16759
+ REJECTED
+CVE-2020-16758
+ REJECTED
+CVE-2020-16757
+ REJECTED
+CVE-2020-16756
+ REJECTED
+CVE-2020-16755
+ REJECTED
+CVE-2020-16754
+ REJECTED
+CVE-2020-16753
+ REJECTED
+CVE-2020-16752
+ REJECTED
+CVE-2020-16751
+ REJECTED
+CVE-2020-16750
+ REJECTED
+CVE-2020-16749
+ REJECTED
+CVE-2020-16748
+ REJECTED
+CVE-2020-16747
+ REJECTED
+CVE-2020-16746
+ REJECTED
+CVE-2020-16745
+ REJECTED
+CVE-2020-16744
+ REJECTED
+CVE-2020-16743
+ REJECTED
+CVE-2020-16742
+ REJECTED
+CVE-2020-16741
+ REJECTED
+CVE-2020-16740
+ REJECTED
+CVE-2020-16739
+ REJECTED
+CVE-2020-16738
+ REJECTED
+CVE-2020-16737
+ REJECTED
+CVE-2020-16736
+ REJECTED
+CVE-2020-16735
+ REJECTED
+CVE-2020-16734
+ REJECTED
+CVE-2020-16733
+ REJECTED
+CVE-2020-16732
+ REJECTED
+CVE-2020-16731
+ REJECTED
+CVE-2020-16730
+ REJECTED
+CVE-2020-16729
+ REJECTED
+CVE-2020-16728
+ REJECTED
+CVE-2020-16727
+ REJECTED
+CVE-2020-16726
+ REJECTED
+CVE-2020-16725
+ REJECTED
+CVE-2020-16724
+ REJECTED
+CVE-2020-16723
+ REJECTED
+CVE-2020-16722
+ REJECTED
+CVE-2020-16721
+ REJECTED
+CVE-2020-16720
+ REJECTED
+CVE-2020-16719
+ REJECTED
+CVE-2020-16718
+ REJECTED
+CVE-2020-16717
+ REJECTED
+CVE-2020-16716
+ REJECTED
+CVE-2020-16715
+ REJECTED
+CVE-2020-16714
+ REJECTED
+CVE-2020-16713
+ REJECTED
+CVE-2020-16712
+ REJECTED
+CVE-2020-16711
+ REJECTED
+CVE-2020-16710
+ REJECTED
+CVE-2020-16709
+ REJECTED
+CVE-2020-16708
+ REJECTED
+CVE-2020-16707
+ REJECTED
+CVE-2020-16706
+ REJECTED
+CVE-2020-16705
+ REJECTED
+CVE-2020-16704
+ REJECTED
+CVE-2020-16703
+ REJECTED
+CVE-2020-16702
+ REJECTED
+CVE-2020-16701
+ REJECTED
+CVE-2020-16700
+ REJECTED
+CVE-2020-16699
+ REJECTED
+CVE-2020-16698
+ REJECTED
+CVE-2020-16697
+ REJECTED
+CVE-2020-16696
+ REJECTED
+CVE-2020-16695
+ REJECTED
+CVE-2020-16694
+ REJECTED
+CVE-2020-16693
+ REJECTED
+CVE-2020-16692
+ REJECTED
+CVE-2020-16691
+ REJECTED
+CVE-2020-16690
+ REJECTED
+CVE-2020-16689
+ REJECTED
+CVE-2020-16688
+ REJECTED
+CVE-2020-16687
+ REJECTED
+CVE-2020-16686
+ REJECTED
+CVE-2020-16685
+ REJECTED
+CVE-2020-16684
+ REJECTED
+CVE-2020-16683
+ REJECTED
+CVE-2020-16682
+ REJECTED
+CVE-2020-16681
+ REJECTED
+CVE-2020-16680
+ REJECTED
+CVE-2020-16679
+ REJECTED
+CVE-2020-16678
+ REJECTED
+CVE-2020-16677
+ REJECTED
+CVE-2020-16676
+ REJECTED
+CVE-2020-16675
+ REJECTED
+CVE-2020-16674
+ REJECTED
+CVE-2020-16673
+ REJECTED
+CVE-2020-16672
+ REJECTED
+CVE-2020-16671
+ REJECTED
+CVE-2020-16670
+ REJECTED
+CVE-2020-16669
+ REJECTED
+CVE-2020-16668
+ REJECTED
+CVE-2020-16667
+ REJECTED
+CVE-2020-16666
+ REJECTED
+CVE-2020-16665
+ REJECTED
+CVE-2020-16664
+ REJECTED
+CVE-2020-16663
+ REJECTED
+CVE-2020-16662
+ REJECTED
+CVE-2020-16661
+ REJECTED
+CVE-2020-16660
+ REJECTED
+CVE-2020-16659
+ REJECTED
+CVE-2020-16658
+ REJECTED
+CVE-2020-16657
+ REJECTED
+CVE-2020-16656
+ REJECTED
+CVE-2020-16655
+ REJECTED
+CVE-2020-16654
+ REJECTED
+CVE-2020-16653
+ REJECTED
+CVE-2020-16652
+ REJECTED
+CVE-2020-16651
+ REJECTED
+CVE-2020-16650
+ REJECTED
+CVE-2020-16649
+ REJECTED
+CVE-2020-16648
+ REJECTED
+CVE-2020-16647
+ REJECTED
+CVE-2020-16646
+ REJECTED
+CVE-2020-16645
+ REJECTED
+CVE-2020-16644
+ REJECTED
+CVE-2020-16643
+ REJECTED
+CVE-2020-16642
+ REJECTED
+CVE-2020-16641
+ REJECTED
+CVE-2020-16640
+ REJECTED
+CVE-2020-16639
+ REJECTED
+CVE-2020-16638
+ REJECTED
+CVE-2020-16637
+ REJECTED
+CVE-2020-16636
+ REJECTED
+CVE-2020-16635
+ RESERVED
+CVE-2020-16634
+ RESERVED
+CVE-2020-16633
+ RESERVED
+CVE-2020-16632 (A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-16631
+ RESERVED
+CVE-2020-16630 (TI&#8217;s BLE stack caches and reuses the LTK&#8217;s property for a ...)
+ NOT-FOR-US: Texas Instruments
+CVE-2020-16629 (PhpOK 5.4.137 contains a SQL injection vulnerability that can inject a ...)
+ NOT-FOR-US: PhpOK
+CVE-2020-16628
+ RESERVED
+CVE-2020-16627
+ RESERVED
+CVE-2020-16626
+ RESERVED
+CVE-2020-16625
+ RESERVED
+CVE-2020-16624
+ RESERVED
+CVE-2020-16623
+ RESERVED
+CVE-2020-16622
+ RESERVED
+CVE-2020-16621
+ RESERVED
+CVE-2020-16620
+ RESERVED
+CVE-2020-16619
+ RESERVED
+CVE-2020-16618
+ RESERVED
+CVE-2020-16617
+ RESERVED
+CVE-2020-16616
+ RESERVED
+CVE-2020-16615
+ RESERVED
+CVE-2020-16614
+ RESERVED
+CVE-2020-16613
+ RESERVED
+CVE-2020-16612
+ RESERVED
+CVE-2020-16611
+ RESERVED
+CVE-2020-16610 (Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request ...)
+ NOT-FOR-US: Hoosk Codeigniter CMS
+CVE-2020-16609
+ RESERVED
+CVE-2020-16608 (Notable 1.8.4 allows XSS via crafted Markdown text, with resultant rem ...)
+ NOT-FOR-US: Notable
+CVE-2020-16607
+ RESERVED
+CVE-2020-16606
+ RESERVED
+CVE-2020-16605
+ RESERVED
+CVE-2020-16604
+ RESERVED
+CVE-2020-16603
+ RESERVED
+CVE-2020-16602 (Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers t ...)
+ NOT-FOR-US: Razer Chroma SDK Rest Server
+CVE-2020-16601
+ RESERVED
+CVE-2020-16600 (A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF ...)
+ - mupdf 1.17.0+ds1-1 (bug #989526)
+ [buster] - mupdf 1.14.0+ds1-4+deb10u3
+ [stretch] - mupdf <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702253
+ NOTE: http://git.ghostscript.com/?p=mupdf.git;h=96751b25462f83d6e16a9afaf8980b0c3f979c8b
+CVE-2020-16599 (A Null Pointer Dereference vulnerability exists in the Binary File Des ...)
+ - binutils 2.35-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25842
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4
+ NOTE: binutils not covered by security support
+CVE-2020-16598
+ REJECTED
+CVE-2020-16597
+ RESERVED
+CVE-2020-16596
+ RESERVED
+CVE-2020-16595
+ RESERVED
+CVE-2020-16594
+ RESERVED
+CVE-2020-16593 (A Null Pointer Dereference vulnerability exists in the Binary File Des ...)
+ - binutils 2.35-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25827
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aec72fda3b320c36eb99fc1c4cf95b10fc026729
+ NOTE: binutils not covered by security support
+CVE-2020-16592 (A use after free issue exists in the Binary File Descriptor (BFD) libr ...)
+ - binutils 2.35-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25823
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7ecb51549ab1ec22aba5aaf34b70323cf0b8509a
+ NOTE: binutils not covered by security support
+CVE-2020-16591 (A Denial of Service vulnerability exists in the Binary File Descriptor ...)
+ - binutils 2.35-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25822
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=001890e1f9269697f7e0212430a51479271bdab2
+ NOTE: binutils not covered by security support
+CVE-2020-16590 (A double free vulnerability exists in the Binary File Descriptor (BFD) ...)
+ - binutils 2.35-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25821
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c98a4545dc7bf2bcaf1de539c4eb84784680eaa4
+ NOTE: binutils not covered by security support
+CVE-2020-16589 (A head-based buffer overflow exists in Academy Software Foundation Ope ...)
+ {DLA-2491-1}
+ - openexr 2.5.3-2
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8 (v2.4.0-beta.1)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/494
+CVE-2020-16588 (A Null Pointer Deference issue exists in Academy Software Foundation O ...)
+ {DLA-2491-1}
+ - openexr 2.5.3-2
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f (v2.4.0-beta.1)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/493
+CVE-2020-16587 (A heap-based buffer overflow vulnerability exists in Academy Software ...)
+ {DLA-2701-1}
+ - openexr 2.5.3-2
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a (v2.4.0-beta.1)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/491
+CVE-2020-16586
+ RESERVED
+CVE-2020-16585
+ RESERVED
+CVE-2020-16584
+ RESERVED
+CVE-2020-16583
+ RESERVED
+CVE-2020-16582
+ RESERVED
+CVE-2020-16581
+ RESERVED
+CVE-2020-16580
+ RESERVED
+CVE-2020-16579
+ RESERVED
+CVE-2020-16578
+ RESERVED
+CVE-2020-16577
+ RESERVED
+CVE-2020-16576
+ RESERVED
+CVE-2020-16575
+ RESERVED
+CVE-2020-16574
+ RESERVED
+CVE-2020-16573
+ RESERVED
+CVE-2020-16572
+ RESERVED
+CVE-2020-16571
+ RESERVED
+CVE-2020-16570
+ RESERVED
+CVE-2020-16569
+ RESERVED
+CVE-2020-16568
+ RESERVED
+CVE-2020-16567
+ RESERVED
+CVE-2020-16566
+ RESERVED
+CVE-2020-16565
+ RESERVED
+CVE-2020-16564
+ RESERVED
+CVE-2020-16563
+ RESERVED
+CVE-2020-16562
+ RESERVED
+CVE-2020-16561
+ RESERVED
+CVE-2020-16560
+ RESERVED
+CVE-2020-16559
+ RESERVED
+CVE-2020-16558
+ RESERVED
+CVE-2020-16557
+ RESERVED
+CVE-2020-16556
+ RESERVED
+CVE-2020-16555
+ RESERVED
+CVE-2020-16554
+ RESERVED
+CVE-2020-16553
+ RESERVED
+CVE-2020-16552
+ RESERVED
+CVE-2020-16551
+ RESERVED
+CVE-2020-16550
+ RESERVED
+CVE-2020-16549
+ RESERVED
+CVE-2020-16548
+ RESERVED
+CVE-2020-16547
+ RESERVED
+CVE-2020-16546
+ RESERVED
+CVE-2020-16545
+ RESERVED
+CVE-2020-16544
+ RESERVED
+CVE-2020-16543
+ RESERVED
+CVE-2020-16542
+ RESERVED
+CVE-2020-16541
+ RESERVED
+CVE-2020-16540
+ RESERVED
+CVE-2020-16539
+ RESERVED
+CVE-2020-16538
+ RESERVED
+CVE-2020-16537
+ RESERVED
+CVE-2020-16536
+ RESERVED
+CVE-2020-16535
+ RESERVED
+CVE-2020-16534
+ RESERVED
+CVE-2020-16533
+ RESERVED
+CVE-2020-16532
+ RESERVED
+CVE-2020-16531
+ RESERVED
+CVE-2020-16530
+ RESERVED
+CVE-2020-16529
+ RESERVED
+CVE-2020-16528
+ RESERVED
+CVE-2020-16527
+ RESERVED
+CVE-2020-16526
+ REJECTED
+CVE-2020-16525
+ RESERVED
+CVE-2020-16524
+ RESERVED
+CVE-2020-16523
+ RESERVED
+CVE-2020-16522
+ RESERVED
+CVE-2020-16521
+ RESERVED
+CVE-2020-16520
+ RESERVED
+CVE-2020-16519
+ RESERVED
+CVE-2020-16518
+ RESERVED
+CVE-2020-16517
+ RESERVED
+CVE-2020-16516
+ RESERVED
+CVE-2020-16515
+ RESERVED
+CVE-2020-16514
+ RESERVED
+CVE-2020-16513
+ RESERVED
+CVE-2020-16512
+ RESERVED
+CVE-2020-16511
+ RESERVED
+CVE-2020-16510
+ RESERVED
+CVE-2020-16509
+ RESERVED
+CVE-2020-16508
+ RESERVED
+CVE-2020-16507
+ RESERVED
+CVE-2020-16506
+ RESERVED
+CVE-2020-16505
+ RESERVED
+CVE-2020-16504
+ RESERVED
+CVE-2020-16503
+ RESERVED
+CVE-2020-16502
+ RESERVED
+CVE-2020-16501
+ RESERVED
+CVE-2020-16500
+ RESERVED
+CVE-2020-16499
+ RESERVED
+CVE-2020-16498
+ RESERVED
+CVE-2020-16497
+ RESERVED
+CVE-2020-16496
+ RESERVED
+CVE-2020-16495
+ RESERVED
+CVE-2020-16494
+ RESERVED
+CVE-2020-16493
+ RESERVED
+CVE-2020-16492
+ RESERVED
+CVE-2020-16491
+ RESERVED
+CVE-2020-16490
+ RESERVED
+CVE-2020-16489
+ RESERVED
+CVE-2020-16488
+ RESERVED
+CVE-2020-16487
+ RESERVED
+CVE-2020-16486
+ RESERVED
+CVE-2020-16485
+ RESERVED
+CVE-2020-16484
+ RESERVED
+CVE-2020-16483
+ RESERVED
+CVE-2020-16482
+ RESERVED
+CVE-2020-16481
+ RESERVED
+CVE-2020-16480
+ RESERVED
+CVE-2020-16479
+ RESERVED
+CVE-2020-16478
+ RESERVED
+CVE-2020-16477
+ RESERVED
+CVE-2020-16476
+ RESERVED
+CVE-2020-16475
+ RESERVED
+CVE-2020-16474
+ RESERVED
+CVE-2020-16473
+ RESERVED
+CVE-2020-16472
+ RESERVED
+CVE-2020-16471
+ RESERVED
+CVE-2020-16470
+ RESERVED
+CVE-2020-16469
+ RESERVED
+CVE-2020-16468
+ RESERVED
+CVE-2020-16467
+ RESERVED
+CVE-2020-16466
+ RESERVED
+CVE-2020-16465
+ RESERVED
+CVE-2020-16464
+ RESERVED
+CVE-2020-16463
+ RESERVED
+CVE-2020-16462
+ RESERVED
+CVE-2020-16461
+ RESERVED
+CVE-2020-16460
+ RESERVED
+CVE-2020-16459
+ RESERVED
+CVE-2020-16458
+ RESERVED
+CVE-2020-16457
+ RESERVED
+CVE-2020-16456
+ RESERVED
+CVE-2020-16455
+ RESERVED
+CVE-2020-16454
+ RESERVED
+CVE-2020-16453
+ RESERVED
+CVE-2020-16452
+ RESERVED
+CVE-2020-16451
+ RESERVED
+CVE-2020-16450
+ RESERVED
+CVE-2020-16449
+ RESERVED
+CVE-2020-16448
+ RESERVED
+CVE-2020-16447
+ RESERVED
+CVE-2020-16446
+ RESERVED
+CVE-2020-16445
+ RESERVED
+CVE-2020-16444
+ RESERVED
+CVE-2020-16443
+ RESERVED
+CVE-2020-16442
+ RESERVED
+CVE-2020-16441
+ RESERVED
+CVE-2020-16440
+ RESERVED
+CVE-2020-16439
+ RESERVED
+CVE-2020-16438
+ RESERVED
+CVE-2020-16437
+ RESERVED
+CVE-2020-16436
+ RESERVED
+CVE-2020-16435
+ RESERVED
+CVE-2020-16434
+ RESERVED
+CVE-2020-16433
+ RESERVED
+CVE-2020-16432
+ RESERVED
+CVE-2020-16431
+ RESERVED
+CVE-2020-16430
+ RESERVED
+CVE-2020-16429
+ RESERVED
+CVE-2020-16428
+ RESERVED
+CVE-2020-16427
+ RESERVED
+CVE-2020-16426
+ RESERVED
+CVE-2020-16425
+ RESERVED
+CVE-2020-16424
+ RESERVED
+CVE-2020-16423
+ RESERVED
+CVE-2020-16422
+ RESERVED
+CVE-2020-16421
+ RESERVED
+CVE-2020-16420
+ RESERVED
+CVE-2020-16419
+ RESERVED
+CVE-2020-16418
+ RESERVED
+CVE-2020-16417
+ RESERVED
+CVE-2020-16416
+ RESERVED
+CVE-2020-16415
+ RESERVED
+CVE-2020-16414
+ RESERVED
+CVE-2020-16413
+ RESERVED
+CVE-2020-16412
+ RESERVED
+CVE-2020-16411
+ RESERVED
+CVE-2020-16410
+ RESERVED
+CVE-2020-16409
+ RESERVED
+CVE-2020-16408
+ RESERVED
+CVE-2020-16407
+ RESERVED
+CVE-2020-16406
+ RESERVED
+CVE-2020-16405
+ RESERVED
+CVE-2020-16404
+ RESERVED
+CVE-2020-16403
+ RESERVED
+CVE-2020-16402
+ RESERVED
+CVE-2020-16401
+ RESERVED
+CVE-2020-16400
+ RESERVED
+CVE-2020-16399
+ RESERVED
+CVE-2020-16398
+ RESERVED
+CVE-2020-16397
+ RESERVED
+CVE-2020-16396
+ RESERVED
+CVE-2020-16395
+ RESERVED
+CVE-2020-16394
+ RESERVED
+CVE-2020-16393
+ RESERVED
+CVE-2020-16392
+ RESERVED
+CVE-2020-16391
+ RESERVED
+CVE-2020-16390
+ RESERVED
+CVE-2020-16389
+ RESERVED
+CVE-2020-16388
+ RESERVED
+CVE-2020-16387
+ RESERVED
+CVE-2020-16386
+ RESERVED
+CVE-2020-16385
+ RESERVED
+CVE-2020-16384
+ RESERVED
+CVE-2020-16383
+ RESERVED
+CVE-2020-16382
+ RESERVED
+CVE-2020-16381
+ RESERVED
+CVE-2020-16380
+ RESERVED
+CVE-2020-16379
+ RESERVED
+CVE-2020-16378
+ RESERVED
+CVE-2020-16377
+ RESERVED
+CVE-2020-16376
+ RESERVED
+CVE-2020-16375
+ RESERVED
+CVE-2020-16374
+ RESERVED
+CVE-2020-16373
+ RESERVED
+CVE-2020-16372
+ RESERVED
+CVE-2020-16371
+ RESERVED
+CVE-2020-16370
+ RESERVED
+CVE-2020-16369
+ RESERVED
+CVE-2020-16368
+ RESERVED
+CVE-2020-16367
+ RESERVED
+CVE-2020-16366
+ RESERVED
+CVE-2020-16365
+ RESERVED
+CVE-2020-16364
+ RESERVED
+CVE-2020-16363
+ RESERVED
+CVE-2020-16362
+ RESERVED
+CVE-2020-16361
+ RESERVED
+CVE-2020-16360
+ RESERVED
+CVE-2020-16359
+ RESERVED
+CVE-2020-16358
+ RESERVED
+CVE-2020-16357
+ RESERVED
+CVE-2020-16356
+ RESERVED
+CVE-2020-16355
+ RESERVED
+CVE-2020-16354
+ RESERVED
+CVE-2020-16353
+ RESERVED
+CVE-2020-16352
+ RESERVED
+CVE-2020-16351
+ RESERVED
+CVE-2020-16350
+ RESERVED
+CVE-2020-16349
+ RESERVED
+CVE-2020-16348
+ RESERVED
+CVE-2020-16347
+ RESERVED
+CVE-2020-16346
+ RESERVED
+CVE-2020-16345
+ RESERVED
+CVE-2020-16344
+ RESERVED
+CVE-2020-16343
+ RESERVED
+CVE-2020-16342
+ RESERVED
+CVE-2020-16341
+ RESERVED
+CVE-2020-16340
+ RESERVED
+CVE-2020-16339
+ RESERVED
+CVE-2020-16338
+ RESERVED
+CVE-2020-16337
+ RESERVED
+CVE-2020-16336
+ RESERVED
+CVE-2020-16335
+ RESERVED
+CVE-2020-16334
+ RESERVED
+CVE-2020-16333
+ RESERVED
+CVE-2020-16332
+ RESERVED
+CVE-2020-16331
+ RESERVED
+CVE-2020-16330
+ RESERVED
+CVE-2020-16329
+ RESERVED
+CVE-2020-16328
+ RESERVED
+CVE-2020-16327
+ RESERVED
+CVE-2020-16326
+ RESERVED
+CVE-2020-16325
+ RESERVED
+CVE-2020-16324
+ RESERVED
+CVE-2020-16323
+ RESERVED
+CVE-2020-16322
+ RESERVED
+CVE-2020-16321
+ RESERVED
+CVE-2020-16320
+ RESERVED
+CVE-2020-16319
+ RESERVED
+CVE-2020-16318
+ RESERVED
+CVE-2020-16317
+ RESERVED
+CVE-2020-16316
+ RESERVED
+CVE-2020-16315
+ RESERVED
+CVE-2020-16314
+ RESERVED
+CVE-2020-16313
+ RESERVED
+CVE-2020-16312
+ RESERVED
+CVE-2020-16311
+ RESERVED
+CVE-2020-16310 (A division by zero vulnerability in dot24_print_page() in devices/gdev ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701828
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e (9.51)
+CVE-2020-16309 (A buffer overflow vulnerability in lxm5700m_print_page() in devices/gd ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701827
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10 (9.51)
+ NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger
+CVE-2020-16308 (A buffer overflow vulnerability in p_print_image() in devices/gdevcdj. ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701829
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6 (9.51)
+CVE-2020-16307 (A null pointer dereference vulnerability in devices/vector/gdevtxtw.c ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701822
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f (9.51)
+CVE-2020-16306 (A null pointer dereference vulnerability in devices/gdevtsep.c of Arti ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 (9.51)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701821
+CVE-2020-16305 (A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701819
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550 (9.51)
+CVE-2020-16304 (A buffer overflow vulnerability in image_render_color_thresh() in base ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 (9.51)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701816
+ NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger
+CVE-2020-16303 (A use-after-free vulnerability in xps_finish_image_path() in devices/v ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701818
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb7725eb5f3557ddc02310c76124fdd1a (9.51)
+CVE-2020-16302 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701815
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207 (9.51)
+CVE-2020-16301 (A buffer overflow vulnerability in okiibm_print_page1() in devices/gde ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701808
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc (9.51)
+CVE-2020-16300 (A buffer overflow vulnerability in tiff12_print_page() in devices/gdev ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701807
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e (9.51)
+CVE-2020-16299 (A Division by Zero vulnerability in bj10v_print_page() in contrib/japa ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701801
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=19cebe708b9ee3d9e0f8bcdd79dbc6ef9ddc70d2 (9.51)
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece468706e0e89ed2856729b2ccacbc112be (9.51)
+CVE-2020-16298 (A buffer overflow vulnerability in mj_color_correct() in contrib/japan ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701799
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=849e74e5ab450dd581942192da7101e0664fa5af (9.51)
+CVE-2020-16297 (A buffer overflow vulnerability in FloydSteinbergDitheringC() in contr ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701800
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39 (9.51)
+CVE-2020-16296 (A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/ ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51)
+ NOTE: chunk #2, see also CVE-2020-17538
+CVE-2020-16295 (A null pointer dereference vulnerability in clj_media_size() in device ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e (9.51)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701796
+CVE-2020-16294 (A buffer overflow vulnerability in epsc_print_page() in devices/gdevep ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701794
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=89f58f1aa95b3482cadf6977da49457194ee5358 (9.51)
+CVE-2020-16293 (A null pointer dereference vulnerability in compose_group_nonknockout_ ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701795
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7870f4951bcc6a153f317e3439e14d0e929fd231 (9.51)
+CVE-2020-16292 (A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701793
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=863ada11f9a942a622a581312e2be022d9e2a6f7 (9.51)
+CVE-2020-16291 (A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Softwa ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6 (9.51)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701787
+CVE-2020-16290 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d (9.51)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701786
+CVE-2020-16289 (A buffer overflow vulnerability in cif_print_page() in devices/gdevcif ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701788
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d31e25ed5b130499e0d880e4609b1b4824699768 (9.51)
+CVE-2020-16288 (A buffer overflow vulnerability in pj_common_print_page() in devices/g ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f (9.51)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701791
+CVE-2020-16287 (A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gd ...)
+ {DSA-4748-1 DLA-2335-1}
+ - ghostscript 9.51~dfsg-1
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701785
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=450da26a76286a8342ec0864b3d113856709f8f6 (9.51)
+CVE-2020-16286
+ RESERVED
+CVE-2020-16285
+ RESERVED
+CVE-2020-16284
+ RESERVED
+CVE-2020-16283
+ RESERVED
+CVE-2020-16282 (In the default configuration of Rangee GmbH RangeeOS 8.0.4, all compon ...)
+ NOT-FOR-US: Rangee
+CVE-2020-16281 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a loca ...)
+ NOT-FOR-US: Rangee
+CVE-2020-16280 (Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plain ...)
+ NOT-FOR-US: Rangee
+CVE-2020-16279 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to R ...)
+ NOT-FOR-US: Rangee
+CVE-2020-16278 (A cross-site scripting (XSS) vulnerability in the Permissions componen ...)
+ NOT-FOR-US: SAINT Security Suite
+CVE-2020-16277 (An SQL injection vulnerability in the Analytics component of SAINT Sec ...)
+ NOT-FOR-US: SAINT Security Suite
+CVE-2020-16276 (An SQL injection vulnerability in the Assets component of SAINT Securi ...)
+ NOT-FOR-US: SAINT Security Suite
+CVE-2020-16275 (A cross-site scripting (XSS) vulnerability in the Credential Manager c ...)
+ NOT-FOR-US: SAINT Security Suite
+CVE-2020-16274
+ RESERVED
+CVE-2020-16273 (In Arm software implementing the Armv8-M processors (all versions), th ...)
+ NOT-FOR-US: Arm hardware issue
+CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is mis ...)
+ NOT-FOR-US: Kee Vault KeePassRPC
+CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...)
+ NOT-FOR-US: Kee Vault KeePassRPC
+CVE-2020-16270 (OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attac ...)
+ NOT-FOR-US: OLIMPOKS
+CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...)
+ - radare2 5.0.0+dfsg-1
+ NOTE: https://github.com/radareorg/radare2/issues/17383
+CVE-2020-16268 (The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote a ...)
+ NOT-FOR-US: 1E Client
+CVE-2020-16267 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...)
+ NOT-FOR-US: Zoho ManageEngine Applications Manager
+CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...)
+ - mantis <removed>
+CVE-2020-16265
+ RESERVED
+CVE-2020-16264
+ RESERVED
+CVE-2020-16263 (Winston 1.5.4 devices have a CORS configuration that trusts arbitrary ...)
+ NOT-FOR-US: Winston devices
+CVE-2020-16262 (Winston 1.5.4 devices have a local www-data user that is overly permis ...)
+ NOT-FOR-US: Winston devices
+CVE-2020-16261 (Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local roo ...)
+ NOT-FOR-US: Winston devices
+CVE-2020-16260 (Winston 1.5.4 devices do not enforce authorization. This is exploitabl ...)
+ NOT-FOR-US: Winston devices
+CVE-2020-16259 (Winston 1.5.4 devices have an SSH user account with access from bastio ...)
+ NOT-FOR-US: Winston devices
+CVE-2020-16258 (Winston 1.5.4 devices make use of a Monit service (not managed during ...)
+ NOT-FOR-US: Winston devices
+CVE-2020-16257 (Winston 1.5.4 devices are vulnerable to command injection via the API. ...)
+ NOT-FOR-US: Winston devices
+CVE-2020-16256 (The API on Winston 1.5.4 devices is vulnerable to CSRF. ...)
+ NOT-FOR-US: Winston devices
+CVE-2020-16255 (ownCloud (Core) before 10.5 allows XSS in login page 'forgot password. ...)
+ - owncloud <removed>
+CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...)
+ NOT-FOR-US: Chartkick gem
+CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...)
+ - ruby-pghero <itp> (bug #882288)
+CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. ...)
+ NOT-FOR-US: Field Test gem
+CVE-2020-16251 (HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when co ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2020-16250 (HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when co ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2020-16249
+ RESERVED
+CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /pro ...)
+ - prometheus-blackbox-exporter <unfixed> (unimportant)
+ NOTE: https://github.com/prometheus/blackbox_exporter/issues/669
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/12
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/3
+ NOTE: Upstream of the project did disputed the CVE. Upstream position is
+ NOTE: that the refererred behaviour is intended functionality.
+CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+ NOT-FOR-US: Philips
+CVE-2020-16246 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...)
+ NOT-FOR-US: Reason S20 Ethernet Switch
+CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...)
+ NOT-FOR-US: Advantech
+CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...)
+ NOT-FOR-US: GE Digital APM Classic
+CVE-2020-16243 (Multiple buffer overflow vulnerabilities exist when LeviStudioU (Versi ...)
+ NOT-FOR-US: LeviStudioU
+CVE-2020-16242 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...)
+ NOT-FOR-US: General Electric
+CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...)
+ NOT-FOR-US: Philips SureSigns
+CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure direct obj ...)
+ NOT-FOR-US: GE Digital APM Classic
+CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...)
+ NOT-FOR-US: Philips SureSigns
+CVE-2020-16238
+ RESERVED
+CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives input ...)
+ NOT-FOR-US: Philips SureSigns
+CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a ...)
+ NOT-FOR-US: FPWIN Pro
+CVE-2020-16235
+ RESERVED
+CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer overf ...)
+ NOT-FOR-US: PLC WinProladder
+CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...)
+ NOT-FOR-US: CodeMeter
+CVE-2020-16232
+ RESERVED
+CVE-2020-16231
+ RESERVED
+CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...)
+ NOT-FOR-US: HMS Networks
+CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+ NOT-FOR-US: Philips
+CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An improper input ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2020-16226 (Multiple Mitsubishi Electric products are vulnerable to impersonations ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2020-16224 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+ NOT-FOR-US: Philips
+CVE-2020-16223 (Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffe ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2020-16222 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+ NOT-FOR-US: Philips
+CVE-2020-16221 (Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buff ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2020-16220 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+ NOT-FOR-US: Philips
+CVE-2020-16219 (Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds r ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2020-16218 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+ NOT-FOR-US: Philips
+CVE-2020-16217 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A doubl ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2020-16216 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+ NOT-FOR-US: Philips
+CVE-2020-16215 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2020-16214 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+ NOT-FOR-US: Philips
+CVE-2020-16213 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2020-16212 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
+ NOT-FOR-US: Philips
+CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out- ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2020-16210 (The affected product is vulnerable to reflected cross-site scripting, ...)
+ NOT-FOR-US: N-Tron
+CVE-2020-16209
+ RESERVED
+CVE-2020-16208 (The affected product is vulnerable to cross-site request forgery, whic ...)
+ NOT-FOR-US: N-Tron
+CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multipl ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2020-16206 (The affected product is vulnerable to stored cross-site scripting, whi ...)
+ NOT-FOR-US: N-Tron
+CVE-2020-16205 (Using a specially crafted URL command, a remote authenticated user can ...)
+ NOT-FOR-US: G-Cam and G-Code
+CVE-2020-16204 (The affected product is vulnerable due to an undocumented interface fo ...)
+ NOT-FOR-US: N-Tron
+CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
+ NOT-FOR-US: Delta Industrial Automation
+CVE-2020-16202 (WebAccess Node (All versions prior to 9.0.1) has incorrect permissions ...)
+ NOT-FOR-US: WebAccess Node
+CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
+ NOT-FOR-US: Delta Industrial Automation
+CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+ NOT-FOR-US: Philips
+CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
+ NOT-FOR-US: Delta Industrial Automation
+CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Wh ...)
+ NOT-FOR-US: Philips
+CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...)
+ NOT-FOR-US: Octopus Deploy
+CVE-2020-16196
+ REJECTED
+CVE-2020-16195
+ RESERVED
+CVE-2020-16194 (An Insecure Direct Object Reference (IDOR) vulnerability was found in ...)
+ NOT-FOR-US: Prestashop Opart devis
+CVE-2020-16193 (osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.ph ...)
+ NOT-FOR-US: osTicket
+CVE-2020-16192 (LimeSurvey 4.3.2 allows reflected XSS because application/controllers/ ...)
+ - limesurvey <itp> (bug #472802)
+CVE-2020-16191
+ RESERVED
+CVE-2020-16190
+ RESERVED
+CVE-2020-16189
+ RESERVED
+CVE-2020-16188
+ RESERVED
+CVE-2020-16187
+ RESERVED
+CVE-2020-16186
+ REJECTED
+CVE-2020-16185
+ RESERVED
+CVE-2020-16184
+ RESERVED
+CVE-2020-16183
+ RESERVED
+CVE-2020-16182
+ RESERVED
+CVE-2020-16181
+ RESERVED
+CVE-2020-16180
+ RESERVED
+CVE-2020-16179
+ RESERVED
+CVE-2020-16178
+ RESERVED
+CVE-2020-16177
+ RESERVED
+CVE-2020-16176
+ RESERVED
+CVE-2020-16175
+ RESERVED
+CVE-2020-16174
+ RESERVED
+CVE-2020-16173
+ RESERVED
+CVE-2020-16172
+ RESERVED
+CVE-2020-16171 (An issue was discovered in Acronis Cyber Backup before 12.5 Build 1634 ...)
+ NOT-FOR-US: Acronis
+CVE-2020-16170 (Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Andr ...)
+ NOT-FOR-US: Temi application fo Android
+CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in temi Robox ...)
+ NOT-FOR-US: Temi Robox OS
+CVE-2020-16168 (Origin Validation Error in temi Robox OS prior to 120, temi Android ap ...)
+ NOT-FOR-US: Temi firmware
+CVE-2020-16167 (Missing Authentication for Critical Function in temi Robox OS prior to ...)
+ NOT-FOR-US: Temi Launcher OS
+CVE-2020-16166 (The Linux kernel through 5.7.11 allows remote attackers to make observ ...)
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.7.17-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4
+CVE-2020-16165 (The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Inj ...)
+ NOT-FOR-US: SpringBlade
+CVE-2020-16164 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...)
+ NOT-FOR-US: RIPE NCC RPKI Validator
+CVE-2020-16163 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...)
+ NOT-FOR-US: RIPE NCC RPKI Validator
+CVE-2020-16162 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...)
+ NOT-FOR-US: RIPE NCC RPKI Validator
+CVE-2020-16161 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Sca ...)
+ NOT-FOR-US: GoPro
+CVE-2020-16160 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Dec ...)
+ NOT-FOR-US: GoPro
+CVE-2020-16159 (GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GP ...)
+ NOT-FOR-US: GoPro
+CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerab ...)
+ NOT-FOR-US: GoPro
+CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...)
+ NOT-FOR-US: Nagios Log Server
+CVE-2020-16156 (CPAN 2.28 allows Signature Verification Bypass. ...)
+ - perl <unfixed>
+ [bullseye] - perl <no-dsa> (Minor issue)
+ [buster] - perl <no-dsa> (Minor issue)
+ [stretch] - perl <no-dsa> (Minor issue)
+ NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
+ NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
+CVE-2020-16155 (The CPAN::Checksums package 2.12 for Perl does not uniquely define sig ...)
+ - libcpan-checksums-perl <unfixed>
+ [bullseye] - libcpan-checksums-perl <no-dsa> (Minor issue)
+ [buster] - libcpan-checksums-perl <no-dsa> (Minor issue)
+ [stretch] - libcpan-checksums-perl <no-dsa> (Minor issue)
+ NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
+ NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
+CVE-2020-16154 (The App::cpanminus package 1.7044 for Perl allows Signature Verificati ...)
+ - cpanminus 1.7045-1
+ [bullseye] - cpanminus <no-dsa> (Minor issue)
+ [buster] - cpanminus <no-dsa> (Minor issue)
+ [stretch] - cpanminus <no-dsa> (Minor issue)
+ NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
+ NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
+CVE-2020-16153
+ RESERVED
+CVE-2020-16152 (The NetConfig UI administrative interface in Extreme Networks ExtremeW ...)
+ NOT-FOR-US: Extreme Networks
+CVE-2020-16151
+ RESERVED
+CVE-2020-16150 (A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/s ...)
+ - mbedtls 2.16.9-0.1 (bug #972806)
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
+ NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
+CVE-2020-16149
+ REJECTED
+CVE-2020-16148 (The ping page of the administration panel in Telmat AccessLog &lt;= 6. ...)
+ NOT-FOR-US: Telmat AccessLog
+CVE-2020-16147 (The login page in Telmat AccessLog &lt;= 6.0 (TAL_20180415) allows an ...)
+ NOT-FOR-US: Telmat AccessLog
+CVE-2020-16146 (Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x ...)
+ NOT-FOR-US: Espressif
+CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML me ...)
+ {DSA-4744-1 DLA-2322-1}
+ - roundcube 1.4.8+dfsg.1-1 (bug #968216)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 (1.4.8)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b (1.3.15)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e (1.2.12)
+CVE-2020-16144 (When using an object storage like S3 as the file store, when a user cr ...)
+ - owncloud <removed>
+CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijac ...)
+ - seafile-client <not-affected> (Windows-specific)
+CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the B ...)
+ NOT-FOR-US: Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles
+CVE-2020-16141
+ RESERVED
+CVE-2020-16140 (The search functionality of the Greenmart theme 2.4.2 for WordPress is ...)
+ NOT-FOR-US: search functionality of the Greenmart theme for WordPress
+CVE-2020-16139 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified I ...)
+ NOT-FOR-US: Cisco
+CVE-2020-16138 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in Cisco Uni ...)
+ NOT-FOR-US: Cisco
+CVE-2020-16137 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation issue in Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permis ...)
+ NOT-FOR-US: tgstation-server
+CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buf ...)
+ {DLA-2303-1}
+ - libssh 0.9.5-1 (bug #966560)
+ [buster] - libssh <no-dsa> (Minor issue)
+ NOTE: https://bugs.libssh.org/T232
+ NOTE: https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238
+ NOTE: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120
+CVE-2020-16134 (An issue was discovered on Swisscom Internet Box 2, Internet Box Stand ...)
+ NOT-FOR-US: Swisscom
+CVE-2020-16133
+ RESERVED
+CVE-2020-16132
+ REJECTED
+CVE-2020-16131 (Tiki before 21.2 allows XSS because [\s\/"\'] is not properly consider ...)
+ - tikiwiki <removed>
+CVE-2020-16130
+ RESERVED
+CVE-2020-16129
+ RESERVED
+CVE-2020-16128 (The aptdaemon DBus interface disclosed file existence disclosure by se ...)
+ - aptdaemon <removed>
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513
+CVE-2020-16127 (An Ubuntu-specific modification to AccountsService in versions before ...)
+ - accountsservice <not-affected> (Ubuntu-specific issue in 0010-set-language.patch)
+CVE-2020-16126 (An Ubuntu-specific modification to AccountsService in versions before ...)
+ - accountsservice <not-affected> (Ubuntu-specific issue in 0010-set-language.patch)
+CVE-2020-16125 (gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup ...)
+ {DLA-2434-1}
+ - gdm3 3.38.2-1
+ [buster] - gdm3 <no-dsa> (Minor issue on Debian)
+ NOTE: https://github.com/GNOME/gdm/commit/dc8235128c3a1fcd5da8f30ab6839d413d353f28
+ NOTE: https://gitlab.gnome.org/GNOME/gdm/-/issues/642
+CVE-2020-16124 (Integer Overflow or Wraparound vulnerability in the XML RPC library of ...)
+ - ros-ros-comm 1.15.8+ds1-2
+ [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u2
+ [stretch] - ros-ros-comm <no-dsa> (Minor issue)
+ NOTE: https://github.com/ros/ros_comm/pull/2065
+CVE-2020-16123 (An Ubuntu-specific patch in PulseAudio created a race condition where ...)
+ - pulseaudio <not-affected> (Ubuntu-specific issue)
+CVE-2020-16122 (PackageKit's apt backend mistakenly treated all local debs as trusted. ...)
+ {DLA-2399-1}
+ - packagekit 1.2.1-1 (bug #972229)
+ [buster] - packagekit <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098
+CVE-2020-16121 (PackageKit provided detailed error messages to unprivileged callers th ...)
+ {DLA-2399-1}
+ - packagekit 1.2.1-1 (bug #972229)
+ [buster] - packagekit <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887
+CVE-2020-16120 (Overlayfs did not properly perform permission checking when copying up ...)
+ - linux 5.8.7-1
+ [stretch] - linux <not-affected> (Vulnerable configuration combination not possible)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6
+CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable by a loca ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7
+ NOTE: https://git.kernel.org/linus/d9ea761fdd197351890418acd462c51f241014a7
+CVE-2020-16118 (In GNOME Balsa before 2.6.0, a malicious server operator or man in the ...)
+ - balsa 2.6.0-1
+ [buster] - balsa <no-dsa> (Minor issue)
+ [stretch] - balsa <no-dsa> (Minor issue)
+ NOTE: https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1c826a01080d40c22ca8706f0339e5
+ NOTE: https://gitlab.gnome.org/GNOME/balsa/-/issues/23
+CVE-2020-16117 (In GNOME evolution-data-server before 3.35.91, a malicious server can ...)
+ {DLA-2309-1}
+ - evolution-data-server 3.36.0-1
+ [buster] - evolution-data-server <no-dsa> (Minor issue)
+ NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5
+ NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7
+ NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189
+CVE-2020-16116 (In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can ...)
+ {DSA-4738-1}
+ - ark 4:20.04.3-1
+ [stretch] - ark <no-dsa> (Intrusive to backport, partial patch for GUI https://people.debian.org/~abhijith/upload/backport_to_1608.patch)
+ NOTE: https://kde.org/info/security/advisory-20200730-1.txt
+ NOTE: https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f
+CVE-2020-16115
+ REJECTED
+CVE-2020-16114
+ REJECTED
+CVE-2020-16113
+ REJECTED
+CVE-2020-16112
+ REJECTED
+CVE-2020-16111
+ REJECTED
+CVE-2020-16110
+ REJECTED
+CVE-2020-16109
+ REJECTED
+CVE-2020-16108
+ REJECTED
+CVE-2020-16107
+ REJECTED
+CVE-2020-16106
+ REJECTED
+CVE-2020-16105
+ REJECTED
+CVE-2020-16104 (SQL Injection vulnerability in Enterprise Data Interface of Gallagher ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2020-16103 (Type confusion in Gallagher Command Centre Server allows a remote atta ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2020-16102 (Improper Authentication vulnerability in Gallagher Command Centre Serv ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2020-16101 (It is possible for an unauthenticated remote DCOM websocket connection ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2020-16100 (It is possible for an unauthenticated remote DCOM websocket connection ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2020-16099 (In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possi ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2020-16098 (It is possible to enumerate access card credentials via an unauthentic ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2020-16097 (On controllers running versions of v8.20 prior to vCR8.20.200221b (dis ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2020-16096 (In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.0 ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2020-16095 (The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 all ...)
+ NOT-FOR-US: dlf for TYPO3
+CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...)
+ - claws-mail 3.17.7-1 (bug #966630)
+ [buster] - claws-mail <no-dsa> (Minor issue)
+ [stretch] - claws-mail <no-dsa> (Minor issue)
+ NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
+CVE-2020-16093
+ RESERVED
+ - lemonldap-ng 2.0.9+ds-1
+ [buster] - lemonldap-ng <no-dsa> (Minor issue)
+ [stretch] - lemonldap-ng <no-dsa> (Minor issue + 2.x is a complete re-write, so very hard to backport!)
+ NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250
+CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the network p ...)
+ {DSA-4760-1 DLA-2373-1}
+ - qemu 1:5.1+dfsg-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8
+CVE-2020-16091
+ REJECTED
+CVE-2020-16090
+ RESERVED
+CVE-2020-16089
+ RESERVED
+CVE-2020-16088 (iked in OpenIKED, as used in OpenBSD through 6.7, allows authenticatio ...)
+ NOT-FOR-US: OpenIKED
+CVE-2020-16087 (An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An a ...)
+ NOT-FOR-US: VNG Zalo Desktop
+CVE-2020-16086
+ RESERVED
+CVE-2020-16085
+ RESERVED
+CVE-2020-16084
+ RESERVED
+CVE-2020-16083
+ RESERVED
+CVE-2020-16082
+ RESERVED
+CVE-2020-16081
+ RESERVED
+CVE-2020-16080
+ RESERVED
+CVE-2020-16079
+ RESERVED
+CVE-2020-16078
+ RESERVED
+CVE-2020-16077
+ RESERVED
+CVE-2020-16076
+ RESERVED
+CVE-2020-16075
+ RESERVED
+CVE-2020-16074
+ RESERVED
+CVE-2020-16073
+ RESERVED
+CVE-2020-16072
+ RESERVED
+CVE-2020-16071
+ RESERVED
+CVE-2020-16070
+ RESERVED
+CVE-2020-16069
+ RESERVED
+CVE-2020-16068
+ RESERVED
+CVE-2020-16067
+ RESERVED
+CVE-2020-16066
+ RESERVED
+CVE-2020-16065
+ RESERVED
+CVE-2020-16064
+ RESERVED
+CVE-2020-16063
+ RESERVED
+CVE-2020-16062
+ RESERVED
+CVE-2020-16061
+ RESERVED
+CVE-2020-16060
+ RESERVED
+CVE-2020-16059
+ RESERVED
+CVE-2020-16058
+ RESERVED
+CVE-2020-16057
+ RESERVED
+CVE-2020-16056
+ RESERVED
+CVE-2020-16055
+ RESERVED
+CVE-2020-16054
+ RESERVED
+CVE-2020-16053
+ RESERVED
+CVE-2020-16052
+ RESERVED
+CVE-2020-16051
+ RESERVED
+CVE-2020-16050
+ RESERVED
+CVE-2020-16049
+ RESERVED
+CVE-2020-16048 (Out of bounds read in ANGLE allowed a remote attacker to obtain sensit ...)
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1926979
+CVE-2020-16047
+ RESERVED
+CVE-2020-16046 (Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147. ...)
+ - chromium <not-affected> (Only affects Chrome on iOS)
+CVE-2020-16045 (Use after Free in Payments in Google Chrome on Android prior to 87.0.4 ...)
+ - chromium <not-affected> (Only affects Chrome on Android)
+CVE-2020-16044 (Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowe ...)
+ {DSA-4846-1 DSA-4842-1 DSA-4827-1 DLA-2541-1 DLA-2521-1}
+ - firefox 84.0.2-1
+ - firefox-esr 78.6.1esr-1
+ - thunderbird 1:78.6.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-02/#CVE-2020-16044
+CVE-2020-16043 (Insufficient data validation in networking in Google Chrome prior to 8 ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16042 (Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed ...)
+ {DSA-4824-1 DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ - firefox 84.0-1
+ - firefox-esr 78.6.0esr-1
+ - thunderbird 1:78.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-16042
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-16042
+CVE-2020-16041 (Out of bounds read in networking in Google Chrome prior to 87.0.4280.8 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16040 (Insufficient data validation in V8 in Google Chrome prior to 87.0.4280 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16039 (Use after free in extensions in Google Chrome prior to 87.0.4280.88 al ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16038 (Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16037 (Use after free in clipboard in Google Chrome prior to 87.0.4280.88 all ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16036 (Inappropriate implementation in cookies in Google Chrome prior to 87.0 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16035 (Insufficient data validation in cros-disks in Google Chrome on ChromeO ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16034 (Inappropriate implementation in WebRTC in Google Chrome prior to 87.0. ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16033 (Inappropriate implementation in WebUSB in Google Chrome prior to 87.0. ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16032 (Insufficient data validation in sharing in Google Chrome prior to 87.0 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16031 (Insufficient data validation in UI in Google Chrome prior to 87.0.4280 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16030 (Insufficient data validation in Blink in Google Chrome prior to 87.0.4 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16029 (Inappropriate implementation in PDFium in Google Chrome prior to 87.0. ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16028 (Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16027 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16026 (Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowe ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16025 (Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280. ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16024 (Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allo ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16023 (Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 all ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16022 (Insufficient policy enforcement in networking in Google Chrome prior t ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16021 (Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.6 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16020 (Inappropriate implementation in cryptohome in Google Chrome on ChromeO ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16019 (Inappropriate implementation in filesystem in Google Chrome on ChromeO ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16018 (Use after free in payments in Google Chrome prior to 87.0.4280.66 allo ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16017 (Use after free in site isolation in Google Chrome prior to 86.0.4240.1 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16016 (Inappropriate implementation in base in Google Chrome prior to 86.0.42 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16015 (Insufficient data validation in WASM in Google Chrome prior to 87.0.42 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16014 (Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16013 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16012 (Side-channel information leakage in graphics in Google Chrome prior to ...)
+ {DSA-4824-1 DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
+ - firefox 83.0-1
+ - firefox-esr 78.5.0esr-1
+ - thunderbird 1:78.5.0-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-16012
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-16012
+CVE-2020-16011 (Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4 ...)
+ {DSA-4824-1}
+ - chromium <not-affected> (Windows-specific)
+CVE-2020-16010 (Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4 ...)
+ - chromium <not-affected> (Android-specific)
+CVE-2020-16009 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16008 (Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.18 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16007 (Insufficient data validation in installer in Google Chrome prior to 86 ...)
+ - chromium <not-affected> (debian package disables the installer)
+CVE-2020-16006 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16005 (Insufficient policy enforcement in ANGLE in Google Chrome prior to 86. ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16004 (Use after free in user interface in Google Chrome prior to 86.0.4240.1 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16003 (Use after free in printing in Google Chrome prior to 86.0.4240.111 all ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16002 (Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allow ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16001 (Use after free in media in Google Chrome prior to 86.0.4240.111 allowe ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-16000 (Inappropriate implementation in Blink in Google Chrome prior to 86.0.4 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15999 (Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.1 ...)
+ {DSA-4824-1 DSA-4777-1 DLA-2415-1}
+ - freetype 2.10.2+dfsg-4 (bug #972586)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/20/7
+ NOTE: https://savannah.nongnu.org/bugs/?59308
+ NOTE: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2103
+CVE-2020-15998 (Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a ...)
+ - chromium <not-affected> (Chrome on Android)
+CVE-2020-15997 (Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed ...)
+ - chromium <not-affected> (Chrome on Android)
+CVE-2020-15996 (Use after free in passwords in Google Chrome prior to 86.0.4240.99 all ...)
+ - chromium <not-affected> (Chrome on Android)
+CVE-2020-15995 (Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allow ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15994 (Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a ...)
+ - chromium <not-affected> (Chrome on Android)
+CVE-2020-15993 (Use after free in printing in Google Chrome prior to 86.0.4240.99 allo ...)
+ - chromium <not-affected> (Chrome on Android)
+CVE-2020-15992 (Insufficient policy enforcement in networking in Google Chrome prior t ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15991 (Use after free in password manager in Google Chrome prior to 86.0.4240 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15990 (Use after free in autofill in Google Chrome prior to 86.0.4240.75 allo ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15989 (Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 al ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15988 (Insufficient policy enforcement in downloads in Google Chrome on Windo ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15987 (Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowe ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15986 (Integer overflow in media in Google Chrome prior to 86.0.4240.75 allow ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15985 (Inappropriate implementation in Blink in Google Chrome prior to 86.0.4 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15984 (Insufficient policy enforcement in Omnibox in Google Chrome on iOS pri ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15983 (Insufficient data validation in webUI in Google Chrome on ChromeOS pri ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15982 (Inappropriate implementation in cache in Google Chrome prior to 86.0.4 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15981 (Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 all ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15980 (Insufficient policy enforcement in Intents in Google Chrome on Android ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15979 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15978 (Insufficient data validation in navigation in Google Chrome on Android ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15977 (Insufficient data validation in dialogs in Google Chrome on OS X prior ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15976 (Use after free in WebXR in Google Chrome on Android prior to 86.0.4240 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15975 (Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15974 (Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allow ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15973 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15972 (Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15971 (Use after free in printing in Google Chrome prior to 86.0.4240.75 allo ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15970 (Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15969 (Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowe ...)
+ {DSA-4824-1 DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ - firefox 82.0-1
+ - firefox-esr 78.4.0esr-1
+ - thunderbird 1:78.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15969
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15969
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15969
+CVE-2020-15968 (Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15967 (Use after free in payments in Google Chrome prior to 86.0.4240.75 allo ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15966 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15965 (Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15964 (Insufficient data validation in media in Google Chrome prior to 85.0.4 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15963 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15962 (Insufficient policy validation in serial in Google Chrome prior to 85. ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15961 (Insufficient policy validation in extensions in Google Chrome prior to ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15960 (Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.12 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15959 (Insufficient policy enforcement in networking in Google Chrome prior t ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15958 (An issue was discovered in 1CRM System through 8.6.7. An insecure dire ...)
+ NOT-FOR-US: 1CRM System
+CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...)
+ NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T)
+CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...)
+ NOT-FOR-US: ACTi NVR3 Standard Server
+CVE-2020-15955 (In s/qmail through 4.0.07, an active MitM can inject arbitrary plainte ...)
+ NOT-FOR-US: s/qmail
+CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...)
+ {DLA-2300-1}
+ - kdepim-runtime 4:20.04.1-2 (bug #966666)
+ [buster] - kdepim-runtime <no-dsa> (Minor issue)
+ - kmail-account-wizard 4:20.04.1-2 (bug #966667)
+ [buster] - kmail-account-wizard <no-dsa> (Minor issue)
+ - ksmtp <unfixed>
+ [bullseye] - ksmtp <no-dsa> (Minor issue; Upstream changes change API)
+ [buster] - ksmtp <no-dsa> (Minor issue; Upstream changes change API)
+ NOTE: https://bugs.kde.org/show_bug.cgi?id=423426
+ NOTE: kdepim-runtime: https://invent.kde.org/pim/kdepim-runtime/commit/bd64ab29116aa7318fdee7f95878ff97580162f2
+ NOTE: kmail-account-wizard: https://invent.kde.org/pim/kmail-account-wizard/commit/a64d80e523edce7d3d59c26834973418fae042f6
+ NOTE: https://kde.org/info/security/advisory-20211118-1.txt
+ NOTE: https://bugs.kde.org/show_bug.cgi?id=423423
+CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other ...)
+ {DLA-2329-1}
+ - libetpan 1.9.4-3 (bug #966647)
+ [buster] - libetpan <no-dsa> (Minor issue)
+ NOTE: https://github.com/dinhvh/libetpan/issues/386
+ NOTE: https://github.com/dinhvh/libetpan/pull/387
+ NOTE: https://github.com/dinhvh/libetpan/pull/388
+CVE-2020-15952 (Immuta v2.8.2 is affected by stored XSS that allows a low-privileged u ...)
+ NOT-FOR-US: Immuta
+CVE-2020-15951 (Immuta v2.8.2 accepts user-supplied project names without properly san ...)
+ NOT-FOR-US: Immuta
+CVE-2020-15950 (Immuta v2.8.2 is affected by improper session management: user session ...)
+ NOT-FOR-US: Immuta
+CVE-2020-15949 (Immuta v2.8.2 is affected by one instance of insecure permissions that ...)
+ NOT-FOR-US: Immuta
+CVE-2020-15948 (eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. ...)
+ NOT-FOR-US: eGain Chat
+CVE-2020-25573 (An issue was discovered in the linked-hash-map crate before 0.5.3 for ...)
+ - rust-linked-hash-map 0.5.4-1 (bug #966246)
+ [buster] - rust-linked-hash-map <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0026.html
+CVE-2020-15947 (A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do end ...)
+ NOT-FOR-US: Loway QueueMetrics
+CVE-2020-15946
+ RESERVED
+CVE-2020-15945 (Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c ...)
+ - lua5.4 5.4.1-1
+ - lua5.3 <not-affected> (Specific to 5.4)
+ - lua5.2 <not-affected> (Specific to 5.4)
+ - lua5.1 <not-affected> (Specific to 5.4)
+ - lua50 <not-affected> (Specific to 5.4)
+ NOTE: https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3 (v5.4.1)
+ NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00123.html
+CVE-2020-15944 (An issue was discovered in the Gantt-Chart module before 5.5.5 for Jir ...)
+ NOT-FOR-US: Gantt-Chart module for Jira
+CVE-2020-15943 (An issue was discovered in the Gantt-Chart module before 5.5.4 for Jir ...)
+ NOT-FOR-US: Gantt-Chart module for Jira
+CVE-2020-15942 (An information disclosure vulnerability in Web Vulnerability Scan prof ...)
+ NOT-FOR-US: Fortinet
+CVE-2020-15941 (A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4 ...)
+ NOT-FOR-US: Fortiguard
+CVE-2020-15940 (An improper neutralization of input vulnerability [CWE-79] in FortiCli ...)
+ NOT-FOR-US: Fortiguard
+CVE-2020-15939 (An improper access control vulnerability (CWE-284) in FortiSandbox ver ...)
+ NOT-FOR-US: FortiGuard
+CVE-2020-15938 (When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the ...)
+ NOT-FOR-US: FortiGate FortiGuard
+CVE-2020-15937 (An improper neutralization of input vulnerability in FortiGate version ...)
+ NOT-FOR-US: FortiGate FortiGuard
+CVE-2020-15936
+ RESERVED
+CVE-2020-15935 (A cleartext storage of sensitive information in GUI in FortiADC versio ...)
+ NOT-FOR-US: Fortiguard
+CVE-2020-15934
+ RESERVED
+CVE-2020-15933 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
+ NOT-FOR-US: FortiGuard
+CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...)
+ NOT-FOR-US: Overwolf
+CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attackers to ...)
+ NOT-FOR-US: Netwrix Account Lockout Examiner
+CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary cod ...)
+ NOT-FOR-US: Joplin desktop
+CVE-2020-15929 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...)
+ NOT-FOR-US: Ortus TestBox
+CVE-2020-15928 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...)
+ NOT-FOR-US: Ortus TestBox
+CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...)
+ NOT-FOR-US: Zoho ManageEngine Applications Manager
+CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...)
+ NOT-FOR-US: Loway QueueMetrics
+CVE-2020-15924 (There is a SQL Injection in Mida eFramework through 2.9.0 that leads t ...)
+ NOT-FOR-US: Mida eFramework
+CVE-2020-15923 (Mida eFramework through 2.9.0 allows unauthenticated ../ directory tra ...)
+ NOT-FOR-US: Mida eFramework
+CVE-2020-15922 (There is an OS Command Injection in Mida eFramework 2.9.0 that allows ...)
+ NOT-FOR-US: Mida eFramework
+CVE-2020-15921 (Mida eFramework through 2.9.0 has a back door that permits a change of ...)
+ NOT-FOR-US: Mida eFramework
+CVE-2020-15920 (There is an OS Command Injection in Mida eFramework through 2.9.0 that ...)
+ NOT-FOR-US: Mida eFramework
+CVE-2020-15919 (A Reflected Cross Site Scripting (XSS) vulnerability was discovered in ...)
+ NOT-FOR-US: Mida eFramework
+CVE-2020-15918 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discov ...)
+ NOT-FOR-US: Mida eFramework
+CVE-2020-15917 (common/session.c in Claws Mail before 3.17.6 has a protocol violation ...)
+ - claws-mail 3.17.6-1
+ [buster] - claws-mail <no-dsa> (Minor issue)
+ [stretch] - claws-mail <no-dsa> (low priority issue)
+ NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5
+CVE-2020-15916 (goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices a ...)
+ NOT-FOR-US: Tenda devices
+CVE-2020-15915
+ RESERVED
+CVE-2020-15914 (A cross-site scripting (XSS) vulnerability exists in the Origin Client ...)
+ NOT-FOR-US: EA Origin Client
+CVE-2020-15913
+ RESERVED
+CVE-2020-15912 (** DISPUTED ** Tesla Model 3 vehicles allow attackers to open a door b ...)
+ NOT-FOR-US: Tesla
+CVE-2020-15911
+ RESERVED
+CVE-2020-15910 (SolarWinds N-Central version 12.3 GA and lower does not set the JSESSI ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-15909 (SolarWinds N-central through 2020.1 allows session hijacking and requi ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-15908 (tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6. ...)
+ NOT-FOR-US: Cauldron cbang
+CVE-2020-15907 (In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before ...)
+ - mahara <removed>
+CVE-2020-15906 (tiki-login.php in Tiki before 21.2 sets the admin password to a blank ...)
+ - tikiwiki <removed>
+CVE-2020-15905
+ RESERVED
+CVE-2020-15904 (A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allo ...)
+ NOT-FOR-US: bsdiff4 (different from src:bsdiff)
+CVE-2020-15903 (An issue was found in Nagios XI before 5.7.3. There is a privilege esc ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url o ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-15901 (In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript 9.50 and 9. ...)
+ - ghostscript 9.52.1~dfsg-1
+ [buster] - ghostscript <not-affected> (Vulnerable code introduced later)
+ [stretch] - ghostscript <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702582
+ NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff (9.28rc1)
+ NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b (9.53.0rc1)
+CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data related to ...)
+ NOT-FOR-US: Grin
+CVE-2020-15898 (In Arista EOS malformed packets can be incorrectly forwarded across VL ...)
+ NOT-FOR-US: Arista
+CVE-2020-15897 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...)
+ NOT-FOR-US: Arista EOS
+CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link DAP-1522 devic ...)
+ NOT-FOR-US: D-Link
+CVE-2020-15895 (An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10 ...)
+ NOT-FOR-US: D-Link
+CVE-2020-15894 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...)
+ NOT-FOR-US: D-Link
+CVE-2020-15893 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...)
+ NOT-FOR-US: D-Link
+CVE-2020-15892 (An issue was discovered in apply.cgi on D-Link DAP-1520 devices before ...)
+ NOT-FOR-US: D-Link
+CVE-2020-15891
+ RESERVED
+CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...)
+ {DLA-2296-1}
+ - luajit 2.1.0~beta3+git20210112+dfsg-2 (unimportant; bug #966148)
+ NOTE: https://github.com/LuaJIT/LuaJIT/issues/601
+ NOTE: https://github.com/LuaJIT/LuaJIT/commit/53f82e6e2e858a0a62fd1a2ff47e9866693382e6
+ NOTE: No security impact, only "exploitable" with untrusted Lua code
+CVE-2020-15889 (Lua 5.4.0 has a getobjname heap-based buffer over-read because youngco ...)
+ - lua5.4 5.4.0-2
+ NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00078.html
+ NOTE: https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312
+ NOTE: Introduced in 5.4
+CVE-2020-15888 (Lua through 5.4.0 mishandles the interaction between stack resizes and ...)
+ - lua5.4 5.4.1-1 (bug #972101)
+ NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00053.html
+ NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00054.html
+ NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00071.html
+ NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00079.html
+ NOTE: https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7
+ NOTE: https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5
+CVE-2020-15887 (A SQL injection vulnerability in softwareupdate_controller.php in the ...)
+ NOT-FOR-US: MunkiReport
+CVE-2020-15886 (A SQL injection vulnerability in reportdata_controller.php in the repo ...)
+ NOT-FOR-US: MunkiReport
+CVE-2020-15885 (A Cross-Site Scripting (XSS) vulnerability in the comment module befor ...)
+ NOT-FOR-US: MunkiReport
+CVE-2020-15884 (A SQL injection vulnerability in TableQuery.php in MunkiReport before ...)
+ NOT-FOR-US: MunkiReport
+CVE-2020-15883 (A Cross-Site Scripting (XSS) vulnerability in the managedinstalls modu ...)
+ NOT-FOR-US: MunkiReport
+CVE-2020-15882 (A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6. ...)
+ NOT-FOR-US: MunkiReport
+CVE-2020-15881 (A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Mun ...)
+ NOT-FOR-US: MunkiReport
+CVE-2020-15880
+ RESERVED
+CVE-2020-15879 (Bitwarden Server 1.35.1 allows SSRF because it does not consider certa ...)
+ NOT-FOR-US: Bitwarden Server
+ NOTE: bitwarden client is ITP'ed as #956836
+CVE-2020-15878
+ RESERVED
+CVE-2020-15877 (An issue was discovered in LibreNMS before 1.65.1. It has insufficient ...)
+ NOT-FOR-US: LibreNMS
+CVE-2020-15876
+ RESERVED
+CVE-2020-15875
+ RESERVED
+CVE-2020-15874
+ RESERVED
+CVE-2020-15873 (In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL I ...)
+ NOT-FOR-US: LibreNMS
+CVE-2020-15872
+ RESERVED
+CVE-2020-15871 (Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro
+CVE-2020-15870 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro
+CVE-2020-15869 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro
+CVE-2020-15868 (Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro
+CVE-2020-15867 (The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authentic ...)
+ NOT-FOR-US: Go Git Service
+CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...)
+ - mruby 2.1.2-1 (bug #972051)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <no-dsa> (Minor issue)
+ NOTE: https://github.com/mruby/mruby/issues/5042
+ NOTE: https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b (3.0.0-preview)
+ NOTE: https://github.com/mruby/mruby/commit/63956036e116ef6a33a91e16348c4d1a09f6f72c (2.1.2-rc2)
+CVE-2020-15865 (A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Re ...)
+ NOT-FOR-US: Stimulsoft
+CVE-2020-15864 (An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability ...)
+ NOT-FOR-US: Quali CloudShell
+CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...)
+ {DSA-4760-1 DLA-2288-1}
+ - qemu 1:5.0-12
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555
+CVE-2020-15861 (Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX ...)
+ {DSA-4746-1 DLA-2313-1}
+ - net-snmp 5.8+dfsg-5 (bug #966599)
+ NOTE: https://github.com/net-snmp/net-snmp/issues/145
+ NOTE: https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602
+CVE-2020-15860 (Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic ...)
+ NOT-FOR-US: Parallels
+CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...)
+ {DLA-2560-1}
+ - qemu 1:5.2+dfsg-1 (bug #965978)
+ [buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
+ NOTE: Proposed patch: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=22dc8663d9fc7baa22100544c600b6285a63c7a3
+CVE-2020-15858 (Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allo ...)
+ NOT-FOR-US: Thales DIS
+CVE-2020-15857
+ RESERVED
+CVE-2020-15856
+ RESERVED
+CVE-2020-15855
+ RESERVED
+CVE-2020-15854
+ RESERVED
+CVE-2020-15853
+ RESERVED
+CVE-2020-XXXX [mpv insecure lua loadpath]
+ - mpv 0.32.0-2 (bug #950816)
+ [buster] - mpv <no-dsa> (Minor issue)
+ [stretch] - mpv <no-dsa> (Minor issue)
+ NOTE: https://github.com/mpv-player/mpv/commit/cce7062a8a6b6a3b3666aea3ff86db879cba67b6
+CVE-2020-15851 (Lack of access control in Nakivo Backup &amp; Replication Transporter ...)
+ NOT-FOR-US: Nakivo Backup
+CVE-2020-15850 (Insecure permissions in Nakivo Backup &amp; Replication Director versi ...)
+ NOT-FOR-US: Nakivo Backup
+CVE-2020-15849 (Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in t ...)
+ NOT-FOR-US: Re:Desk
+CVE-2020-15848
+ RESERVED
+CVE-2020-15847
+ RESERVED
+CVE-2020-15846
+ RESERVED
+CVE-2020-15845
+ RESERVED
+CVE-2020-15844
+ RESERVED
+CVE-2020-15843 (ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privil ...)
+ NOT-FOR-US: ActFax
+CVE-2020-15842 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7 ...)
+ NOT-FOR-US: Liferay
+CVE-2020-15841 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7 ...)
+ NOT-FOR-US: Liferay
+CVE-2020-15840 (In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP ...)
+ NOT-FOR-US: Liferay
+CVE-2020-15839 (Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 an ...)
+ NOT-FOR-US: Liferay
+CVE-2020-15838 (The Agent Update System in ConnectWise Automate before 2020.8 allows P ...)
+ NOT-FOR-US: ConnectWise Automate
+CVE-2020-15837
+ RESERVED
+CVE-2020-15836 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...)
+ NOT-FOR-US: Mofi Network devices
+CVE-2020-15835 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...)
+ NOT-FOR-US: Mofi Network devices
+CVE-2020-15834 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...)
+ NOT-FOR-US: Mofi Network devices
+CVE-2020-15833 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...)
+ NOT-FOR-US: Mofi Network devices
+CVE-2020-15832 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...)
+ NOT-FOR-US: Mofi Network devices
+CVE-2020-15831 (JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in t ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2020-15830 (JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2020-15829 (In JetBrains TeamCity before 2019.2.3, password parameters could be di ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2020-15828 (In JetBrains TeamCity before 2020.1.1, project parameter values can be ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2020-15827 (In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signatu ...)
+ NOT-FOR-US: JetBrains ToolBox
+CVE-2020-15826 (In JetBrains TeamCity before 2020.1, users are able to assign more per ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2020-15825 (In JetBrains TeamCity before 2020.1, users with the Modify Group permi ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2020-15824 (In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not aff ...)
+ - kotlin <unfixed>
+CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Wor ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2020-15822 (In JetBrains YouTrack before 2020.2.10514, SSRF is possible because UR ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without permission is ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser could di ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2020-15819 (JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that all ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2020-15818 (In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2020-15817 (In JetBrains YouTrack before 2020.1.1331, an external user could execu ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2020-15862 (Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP ...)
+ {DSA-4746-1 DLA-2299-1}
+ - net-snmp 5.8+dfsg-4 (bug #965166)
+ NOTE: The commit https://github.com/net-snmp/net-snmp/commit/c2b96ee744392243782094432f657ded4e985a07
+ NOTE: disables NET-SNMP-EXTEND-MIB support by default. But it is still
+ NOTE: possible to enable the MIB via --with-mib-modules configure option.
+ NOTE: Upstream reverted the change and the solution is to make NET-SNMP-EXTEND-MIB
+ NOTE: read-only, cf. https://bugs.debian.org/966544
+ NOTE: Disabling was reverted with: https://github.com/net-snmp/net-snmp/commit/4097a311e952d3b5c12610102bb4cc2fe72b56e5
+ NOTE: Makes extended mib read-only:
+ NOTE: https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205
+CVE-2020-15816 (In Western Digital WD Discovery before 4.0.251.0, a malicious applicat ...)
+ NOT-FOR-US: Western Digital WD Discovery
+CVE-2020-15815
+ RESERVED
+CVE-2020-15814
+ RESERVED
+CVE-2020-15813 (Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers ...)
+ - graylog2 <itp> (bug #652273)
+CVE-2020-15812
+ RESERVED
+CVE-2020-15811 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...)
+ {DSA-4751-1 DLA-2394-1}
+ - squid 4.13-1 (bug #968932)
+ - squid3 <removed>
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
+ NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_8.patch
+CVE-2020-24606 (Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perfor ...)
+ {DSA-4751-1 DLA-2394-1}
+ - squid 4.13-1 (bug #968933)
+ - squid3 <removed>
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg
+ NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch
+CVE-2020-15810 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...)
+ {DSA-4751-1 DLA-2394-1}
+ - squid 4.13-1 (bug #968934)
+ - squid3 <removed>
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
+ NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_10.patch
+CVE-2020-15809 (spxmanage on certain SpinetiX devices allows requests that access unin ...)
+ NOT-FOR-US: SpinetiX devices
+CVE-2020-15808
+ RESERVED
+CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted ...)
+ - libredwg <itp> (bug #595191)
+CVE-2020-15806 (CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Me ...)
+ NOT-FOR-US: CODESYS
+CVE-2020-15805
+ RESERVED
+CVE-2020-15804
+ RESERVED
+CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ...)
+ {DLA-2631-1 DLA-2311-1}
+ - zabbix 1:5.0.2+dfsg-1 (bug #966146)
+ [buster] - zabbix <no-dsa> (Minor issue)
+ NOTE: https://support.zabbix.com/browse/ZBX-18057
+CVE-2020-15802 (Devices supporting Bluetooth before 5.1 may allow man-in-the-middle at ...)
+ - linux <unfixed>
+ [bullseye] - linux <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - linux <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://www.kb.cert.org/vuls/id/589825/
+CVE-2020-15801 (In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ...)
+ - python3.9 <not-affected> (Windows-specific)
+ - python3.8 <not-affected> (Windows-specific)
+ - python3.7 <not-affected> (Windows-specific)
+ - python3.5 <not-affected> (Windows-specific)
+ - python2.7 <not-affected> (Windows-specific)
+CVE-2020-15852 (An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used ...)
+ - linux 5.7.10-1
+ [buster] - linux <not-affected> (Only affects 5.5 and later)
+ [stretch] - linux <not-affected> (Only affects 5.5 and later)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/16/1
+CVE-2020-15800 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+ NOT-FOR-US: Siemens
+CVE-2020-15799 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+ NOT-FOR-US: Siemens
+CVE-2020-15798 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...)
+ NOT-FOR-US: Siemens
+CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
+ NOT-FOR-US: DCA Vantage Analyzer
+CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
+ NOT-FOR-US: Siemens
+CVE-2020-15795 (A vulnerability has been identified in Nucleus NET (All versions &lt; ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions). ...)
+ NOT-FOR-US: Desigo Insight
+CVE-2020-15793 (A vulnerability has been identified in Desigo Insight (All versions). ...)
+ NOT-FOR-US: Desigo Insight
+CVE-2020-15792 (A vulnerability has been identified in Desigo Insight (All versions). ...)
+ NOT-FOR-US: Desigo Insight
+CVE-2020-15791 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...)
+ NOT-FOR-US: Siemens
+CVE-2020-15790 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2020-15789 (A vulnerability has been identified in Polarion Subversion Webclient ( ...)
+ NOT-FOR-US: Siemens
+CVE-2020-15788 (A vulnerability has been identified in Polarion Subversion Webclient ( ...)
+ NOT-FOR-US: Siemens
+CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI Unified Comfort Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2020-15786 (A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Ge ...)
+ NOT-FOR-US: Siemens
+CVE-2020-15785 (A vulnerability has been identified in Siveillance Video Client (All v ...)
+ NOT-FOR-US: Siveillance Video Client
+CVE-2020-15784 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
+ NOT-FOR-US: Spectrum Power 4
+CVE-2020-15783 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...)
+ NOT-FOR-US: Siemens
+CVE-2020-15782 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ NOT-FOR-US: Siemens
+CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SICAM A8 ...)
+ NOT-FOR-US: SICAM
+CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...)
+ NOT-FOR-US: Node socket.io-file
+CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...)
+ - linux 5.7.10-1
+ [buster] - linux 4.19.146-1
+ [stretch] - linux <ignored> (securelevel included but not supported)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/3
+ NOTE: Fixed by: https://git.kernel.org/linus/75b0cea7bf307f362057cc778efe89af4c615354
+CVE-2020-15778 (** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection i ...)
+ - openssh <unfixed> (unimportant)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860487
+ NOTE: https://github.com/cpandya2909/CVE-2020-15778
+ NOTE: Negligible security impact, changing the scp protocol can have a good chance
+ NOTE: of breaking existing workflows.
+CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...)
+ NOT-FOR-US: Maven Extension plugin for Gradle Enterprise
+CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CS ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /u ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An att ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2020-15773 (An issue was discovered in Gradle Enterprise before 2020.2.4. Because ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When c ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2020-15771 (An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterpr ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. An attacker can p ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2020-15769 (An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gra ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. The cook ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2020-15766
+ REJECTED
+CVE-2020-15765
+ REJECTED
+CVE-2020-15764
+ REJECTED
+CVE-2020-15763
+ REJECTED
+CVE-2020-15762
+ REJECTED
+CVE-2020-15761
+ REJECTED
+CVE-2020-15760
+ REJECTED
+CVE-2020-15759
+ REJECTED
+CVE-2020-15758
+ REJECTED
+CVE-2020-15757
+ REJECTED
+CVE-2020-15756
+ REJECTED
+CVE-2020-15755
+ REJECTED
+CVE-2020-15754
+ REJECTED
+CVE-2020-15753
+ REJECTED
+CVE-2020-15752
+ REJECTED
+CVE-2020-15751
+ REJECTED
+CVE-2020-15750
+ REJECTED
+CVE-2020-15749
+ REJECTED
+CVE-2020-15748
+ REJECTED
+CVE-2020-15747
+ REJECTED
+CVE-2020-15746
+ REJECTED
+CVE-2020-15745
+ REJECTED
+CVE-2020-15744 (Stack-based Buffer Overflow vulnerability in the ONVIF server componen ...)
+ NOT-FOR-US: Victure PC420 devices
+CVE-2020-15743
+ REJECTED
+CVE-2020-15742
+ RESERVED
+CVE-2020-15741
+ REJECTED
+CVE-2020-15740
+ REJECTED
+CVE-2020-15739
+ RESERVED
+CVE-2020-15738
+ REJECTED
+CVE-2020-15737
+ REJECTED
+CVE-2020-15736
+ REJECTED
+CVE-2020-15735
+ RESERVED
+CVE-2020-15734 (An Origin Validation Error vulnerability in Bitdefender Safepay allows ...)
+ NOT-FOR-US: Bitdefender
+CVE-2020-15733 (An Origin Validation Error vulnerability in the SafePay component of B ...)
+ NOT-FOR-US: Bitdefender Antivirus Plus
+CVE-2020-15732 (Improper Certificate Validation vulnerability in the Online Threat Pre ...)
+ NOT-FOR-US: Bitdefender
+CVE-2020-15731 (An improper Input Validation vulnerability in the code handling file r ...)
+ NOT-FOR-US: Bitdefender
+CVE-2020-15730
+ RESERVED
+CVE-2020-15729
+ RESERVED
+CVE-2020-15728
+ REJECTED
+CVE-2020-15727
+ RESERVED
+CVE-2020-15726
+ RESERVED
+CVE-2020-15725
+ RESERVED
+CVE-2020-15724 (In the version 12.1.0.1005 and below of 360 Total Security, when the G ...)
+ NOT-FOR-US: 360 Total Security
+CVE-2020-15723 (In the version 12.1.0.1004 and below of 360 Total Security, when the m ...)
+ NOT-FOR-US: 360 Total Security
+CVE-2020-15722 (In version 12.1.0.1004 and below of 360 Total Security,when TPI calls ...)
+ NOT-FOR-US: 360 Total Security
+CVE-2020-15721 (RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XS ...)
+ NOT-FOR-US: RosarioSIS
+CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did n ...)
+ - dogtag-pki 10.9.1-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855273
+ NOTE: https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72
+CVE-2020-15719 (libldap in certain third-party OpenLDAP packages has a certificate-val ...)
+ - openldap <unfixed> (unimportant; bug #965184)
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9266
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1740070
+ NOTE: RedHat/CentOS applied patch: https://git.centos.org/rpms/openldap/raw/67459960064be9d226d57c5f82aaba0929876813/f/SOURCES/openldap-tlso-dont-check-cn-when-bad-san.patch
+ NOTE: OpenLDAP upstream did dispute the issue as beeing valid, as the current libldap
+ NOTE: behaviour does conform with RFC4513. RFC6125 does not superseed the rules for
+ NOTE: verifying service identity provided in specifications for existing application
+ NOTE: protocols published prior to RFC6125, like RFC4513 for LDAP.
+CVE-2020-15718 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...)
+ NOT-FOR-US: RosarioSIS
+CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...)
+ NOT-FOR-US: RosarioSIS
+CVE-2020-15716 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...)
+ NOT-FOR-US: RosarioSIS
+CVE-2020-15715 (rConfig 3.9.5 could allow a remote authenticated attacker to execute a ...)
+ NOT-FOR-US: rConfig
+CVE-2020-15714 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...)
+ NOT-FOR-US: rConfig
+CVE-2020-15713 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...)
+ NOT-FOR-US: rConfig
+CVE-2020-15712 (rConfig 3.9.5 could allow a remote authenticated attacker to traverse ...)
+ NOT-FOR-US: rConfig
+CVE-2020-15711 (In MISP before 2.4.129, setting a favourite homepage was not CSRF prot ...)
+ NOT-FOR-US: MISP
+CVE-2020-15710 (Potential double free in Bluez 5 module of PulseAudio could allow a lo ...)
+ - pulseaudio <not-affected> (Issue in Ubuntu-specific patch)
+ NOTE: https://bugs.launchpad.net/ubuntu/%2Bsource/pulseaudio/%2Bbug/1884738
+CVE-2020-15709 (Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20 ...)
+ {DLA-2339-1}
+ - software-properties <unfixed> (bug #968850)
+ [bullseye] - software-properties <no-dsa> (Minor issue)
+ [buster] - software-properties <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/03/1
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286
+CVE-2020-15708 (Ubuntu's packaging of libvirt in 20.04 LTS created a control socket wi ...)
+ - libvirt <not-affected> (Ubuntu specific issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866270#c2
+ NOTE: Debian used to use polkit in 1.2.9-rc1-1 and only later on
+ NOTE: enabled as well libvirtd socket activation. Ubuntu OTOH continued
+ NOTE: to ship the Allow-libvirt-group-to-access-the-socket.patch patch
+ NOTE: which caused the CVE-2020-15708 issue.
+ NOTE: Upstream improved documentation in with:
+ NOTE: https://www.redhat.com/archives/libvir-list/2020-August/msg00360.html
+CVE-2020-15707 (Integer overflows were discovered in the functions grub_cmd_initrd and ...)
+ {DSA-4735-1}
+ - grub2 2.04-9
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
+ NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
+CVE-2020-15706 (GRUB2 contains a race condition in grub_script_function_create() leadi ...)
+ {DSA-4735-1}
+ - grub2 2.04-9
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
+ NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=426f57383d647406ae9c628c472059c27cd6e040
+CVE-2020-15705 (GRUB2 fails to validate kernel signature when booted directly without ...)
+ - grub2 <not-affected> (Vulnerable code specific in Ubuntu)
+ NOTE: Debian's grub_linuxefi_secure_validate has different interface than the one in
+ NOTE: Ubuntu and returns the code from "shim not available" and "kernel signature
+ NOTE: verification failed". The patch for CVE-2020-15705 is essentially about handling
+ NOTE: those two cases in the same way when they were previously handled differently,
+ NOTE: and so not a problem for src:grub2 in Debian.
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
+CVE-2020-15704 (The modprobe child process in the ./debian/patches/load_ppp_generic_if ...)
+ - ppp <not-affected> (Ubuntu-specific issue, load_ppp_generic_if_needed.patch not used in Debian)
+CVE-2020-15703 (There is no input validation on the Locale property in an apt transact ...)
+ - aptdaemon <removed>
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1888235
+CVE-2020-15702 (TOCTOU Race Condition vulnerability in apport allows a local attacker ...)
+ NOT-FOR-US: Apport
+CVE-2020-15701 (An unhandled exception in check_ignored() in apport/report.py can be e ...)
+ NOT-FOR-US: Apport
+CVE-2020-15700 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-15699 (An issue was discovered in Joomla! through 3.9.19. Missing validation ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-15698 (An issue was discovered in Joomla! through 3.9.19. Inadequate filterin ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-15697 (An issue was discovered in Joomla! through 3.9.19. Internal read-only ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-15696 (An issue was discovered in Joomla! through 3.9.19. Lack of input filte ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly valida ...)
+ - nim 1.2.6-1
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2
+CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...)
+ - nim 1.2.6-1
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2
+CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...)
+ - nim 1.2.6-1
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/1
+CVE-2020-15691
+ RESERVED
+CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks a check ...)
+ - nim 1.2.6-1
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/3
+CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, ...)
+ NOT-FOR-US: Appweb
+CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server before 5.1.2 ...)
+ NOT-FOR-US: Embedthis GoAhead
+CVE-2020-15687 (Missing access control restrictions in the Hypervisor component of the ...)
+ NOT-FOR-US: ACRN Project
+CVE-2020-15686
+ RESERVED
+CVE-2020-15685
+ RESERVED
+ {DSA-4842-1 DLA-2541-1}
+ - thunderbird 1:78.7.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685
+CVE-2020-15684 (Mozilla developers reported memory safety bugs present in Firefox 81. ...)
+ - firefox 82.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684
+CVE-2020-15683 (Mozilla developers and community members reported memory safety bugs p ...)
+ {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1}
+ - firefox 82.0-1
+ - firefox-esr 78.4.0esr-1
+ - thunderbird 1:78.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15683
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15683
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15683
+CVE-2020-15682 (When a link to an external protocol was clicked, a prompt was presente ...)
+ - firefox 82.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15682
+CVE-2020-15681 (When multiple WASM threads had a reference to a module, and were looki ...)
+ - firefox 82.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15681
+CVE-2020-15680 (If a valid external protocol handler was referenced in an image tag, t ...)
+ - firefox 82.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15680
+CVE-2020-15679
+ RESERVED
+CVE-2020-15678 (When recursing through graphical layers while scrolling, an iterator m ...)
+ {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
+ - firefox 81.0-1
+ - firefox-esr 78.3.0esr-1
+ - thunderbird 1:78.3.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15678
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15678
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15678
+CVE-2020-15677 (By exploiting an Open Redirect vulnerability on a website, an attacker ...)
+ {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
+ - firefox 81.0-1
+ - firefox-esr 78.3.0esr-1
+ - thunderbird 1:78.3.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15677
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15677
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15677
+CVE-2020-15676 (Firefox sometimes ran the onload handler for SVG elements that the DOM ...)
+ {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
+ - firefox 81.0-1
+ - firefox-esr 78.3.0esr-1
+ - thunderbird 1:78.3.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15676
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15676
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15676
+CVE-2020-15675 (When processing surfaces, the lifetime may outlive a persistent buffer ...)
+ - firefox 81.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15675
+CVE-2020-15674 (Mozilla developers reported memory safety bugs present in Firefox 80. ...)
+ - firefox 81.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15674
+CVE-2020-15673 (Mozilla developers reported memory safety bugs present in Firefox 80 a ...)
+ {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
+ - firefox 81.0-1
+ - firefox-esr 78.3.0esr-1
+ - thunderbird 1:78.3.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15673
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15673
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15673
+CVE-2020-15672
+ RESERVED
+CVE-2020-15671 (When typing in a password under certain conditions, a race may have oc ...)
+ - firefox <not-affected> (Android specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-39/#CVE-2020-15671
+CVE-2020-15670 (Mozilla developers reported memory safety bugs present in Firefox for ...)
+ - firefox 80.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670
+CVE-2020-15669 (When aborting an operation, such as a fetch, an abort signal may be de ...)
+ {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1}
+ - firefox-esr 68.12.0esr-1
+ - thunderbird 1:68.12.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15669
+CVE-2020-15668 (A lock was missing when accessing a data structure and importing certi ...)
+ - firefox 80.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15668
+CVE-2020-15667 (When processing a MAR update file, after the signature has been valida ...)
+ - firefox 80.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15667
+CVE-2020-15666 (When trying to load a non-video in an audio/video context the exact st ...)
+ - firefox 80.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15666
+CVE-2020-15665 (Firefox did not reset the address bar after the beforeunload dialog wa ...)
+ - firefox 80.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665
+CVE-2020-15664 (By holding a reference to the eval() function from an about:blank wind ...)
+ {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1}
+ - firefox 80.0-1
+ - firefox-esr 68.12.0esr-1
+ - thunderbird 1:68.12.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15664
+CVE-2020-15663 (If Firefox is installed to a user-writable directory, the Mozilla Main ...)
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15663
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15663
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15663
+CVE-2020-15662 (A rogue webpage could override the injected WKUserScript used by the d ...)
+ - firefox <not-affected> (Specific to Firefox for iOS)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15662
+CVE-2020-15661 (A rogue webpage could override the injected WKUserScript used by the l ...)
+ - firefox <not-affected> (Specific to Firefox for iOS)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15661
+CVE-2020-15660 (Missing checks on Content-Type headers in geckodriver before 0.27.0 co ...)
+ - geckodriver <itp> (bug #989456)
+CVE-2020-15659 (Mozilla developers and community members reported memory safety bugs p ...)
+ {DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1}
+ - firefox 79.0-1
+ - firefox-esr 68.11.0esr-1
+ - thunderbird 1:68.11.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15659
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15659
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15659
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15659
+CVE-2020-15658 (The code for downloading files did not properly take care of special c ...)
+ - firefox 79.0-1
+ - thunderbird <not-affected> (Only affects Thunderbird 78.x)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15658
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15658
+CVE-2020-15657 (Firefox could be made to load attacker-supplied DLL files from the ins ...)
+ - firefox <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15657
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15657
+CVE-2020-15656 (JIT optimizations involving the Javascript arguments object could conf ...)
+ - firefox 79.0-1
+ - thunderbird <not-affected> (Only affects Thunderbird 78.x)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15656
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15656
+CVE-2020-15655 (A redirected HTTP request which is observed or modified through a web ...)
+ - firefox 79.0-1
+ - thunderbird <not-affected> (Only affects Thunderbird 78.x)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15655
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15655
+CVE-2020-15654 (When in an endless loop, a website specifying a custom cursor using CS ...)
+ - firefox 79.0-1
+ - thunderbird <not-affected> (Only affects Thunderbird 78.x)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15654
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15654
+CVE-2020-15653 (An iframe sandbox element with the allow-popups flag could be bypassed ...)
+ - firefox 79.0-1
+ - thunderbird <not-affected> (Only affects Thunderbird 78.x)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15653
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15653
+CVE-2020-15652 (By observing the stack trace for JavaScript errors in web workers, it ...)
+ {DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1}
+ - firefox 79.0-1
+ - firefox-esr 68.11.0esr-1
+ - thunderbird 1:68.11.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15652
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15652
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15652
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15652
+CVE-2020-15651 (A unicode RTL order character in the downloaded file name can be used ...)
+ - firefox <not-affected> (Specific to Firefox for iOS)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15651
+CVE-2020-15650 (Given an installed malicious file picker application, an attacker was ...)
+ - firefox-esr <not-affected> (Android specific)
+ - firefox <not-affected> (Android specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15650
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15650
+CVE-2020-15649 (Given an installed malicious file picker application, an attacker was ...)
+ - firefox-esr <not-affected> (Android specific)
+ - firefox <not-affected> (Android specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15649
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15649
+CVE-2020-15648 (Using object or embed tags, it was possible to frame other websites, e ...)
+ - firefox 78.0.2-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-28/#CVE-2020-15648
+CVE-2020-15647 (A Content Provider in Firefox for Android allowed local files accessib ...)
+ - firefox <not-affected> (Only affects Firefox for Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-27/#CVE-2020-15647
+CVE-2020-15646 (If an attacker intercepts Thunderbird's initial attempt to perform aut ...)
+ {DSA-4718-1}
+ - thunderbird 1:68.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646
+CVE-2020-15645 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Marvell QConvergeConsole
+CVE-2020-15644 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Marvell QConvergeConsole
+CVE-2020-15643 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Marvell QConvergeConsole
+CVE-2020-15642 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Marvell QConvergeConsole
+CVE-2020-15641 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Marvell QConvergeConsole
+CVE-2020-15640 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Marvell QConvergeConsole
+CVE-2020-15639 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Marvell QConvergeConsole
+CVE-2020-15638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-15637 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-15636 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Netgear
+CVE-2020-15635 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2020-15634 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2020-15633 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: D-Link
+CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: D-Link
+CVE-2020-15631 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2020-15630 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-15629 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-15628 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15627 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15626 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15625 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15624 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15623 (This vulnerability allows remote attackers to write arbitrary files on ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15622 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15621 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15620 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15619 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15618 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15617 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15616 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15615 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15614 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15613 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15612 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15611 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15610 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15609 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15608 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15607 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15606 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15605 (If LDAP authentication is enabled, an LDAP authentication bypass vulne ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-15604 (An incomplete SSL server certification validation vulnerability in the ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-15603 (An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v1 ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-15602 (An untrusted search path remote code execution (RCE) vulnerability in ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-15601 (If LDAP authentication is enabled, an LDAP authentication bypass vulne ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to ...)
+ NOT-FOR-US: CMSUno
+CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php user_fir ...)
+ NOT-FOR-US: Victor CMS
+CVE-2020-15598 (** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial o ...)
+ {DSA-4765-1}
+ - modsecurity 3.0.4-2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879588
+ NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-regular-expressions-and-disputed-cve-2020-15598/
+ NOTE: https://coreruleset.org/20200914/cve-2020-15598/
+ NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2348
+CVE-2020-15597 (SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statute ...)
+ NOT-FOR-US: SOPlanning
+CVE-2020-15596 (The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on var ...)
+ NOT-FOR-US: ALPS ALPINE touchpad driver for Windows
+CVE-2020-XXXX [veyon-configurator tmp handling]
+ - veyon 4.4.1+repack1-1 (bug #964568)
+ [buster] - veyon <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/07/1
+CVE-2020-15595 (An issue was discovered in Zoho Application Control Plus before versio ...)
+ NOT-FOR-US: Zoho Application Control Plus
+CVE-2020-15594 (An SSRF issue was discovered in Zoho Application Control Plus before v ...)
+ NOT-FOR-US: Zoho Application Control Plus
+CVE-2020-15593 (SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It u ...)
+ NOT-FOR-US: SteelCentral Aternity Agent
+CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privil ...)
+ NOT-FOR-US: SteelCentral Aternity Agent
+CVE-2020-15591
+ RESERVED
+CVE-2020-15590 (A vulnerability in the Private Internet Access (PIA) VPN Client for Li ...)
+ NOT-FOR-US: Private Internet Access client for Linux
+CVE-2020-15589 (A design issue was discovered in GetInternetRequestHandle, InternetSen ...)
+ NOT-FOR-US: Zoho ManageEngine Desktop Central
+CVE-2020-15588 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2020-15587
+ RESERVED
+CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net ...)
+ {DSA-4848-1 DLA-2460-1 DLA-2459-1}
+ - golang-1.15 1.15~rc1-1
+ - golang-1.14 1.14.6-1
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ - golang <removed>
+ NOTE: https://github.com/golang/go/issues/34902
+ NOTE: https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ
+CVE-2020-15585
+ RESERVED
+CVE-2020-15584 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-15583 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-15582 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-15581 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-15580 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-15579 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-15578 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-15577 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-15576 (SolarWinds Serv-U File Server before 15.2.1 allows information disclos ...)
+ NOT-FOR-US: SolarWinds Serv-U File Server
+CVE-2020-15575 (SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated ...)
+ NOT-FOR-US: SolarWinds Serv-U File Server
+CVE-2020-15574 (SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site c ...)
+ NOT-FOR-US: SolarWinds Serv-U File Server
+CVE-2020-15573 (SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulner ...)
+ NOT-FOR-US: SolarWinds Serv-U File Server
+CVE-2020-15572 (Tor before 0.4.3.6 has an out-of-bounds memory access that allows a re ...)
+ - tor 0.4.3.6-1 (unimportant)
+ NOTE: Tor in Debian doesn't use NSS
+ NOTE: https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes
+CVE-2020-15571
+ RESERVED
+CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 m ...)
+ NOT-FOR-US: Whoopsie
+CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free ...)
+ {DLA-2292-1}
+ - milkytracker 1.02.00+dfsg-2.1 (bug #964797)
+ [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
+ NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
+CVE-2020-15568 (TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that lead ...)
+ NOT-FOR-US: TerraMaster TOS
+CVE-2020-15567 (An issue was discovered in Xen through 4.13.x, allowing Intel guest OS ...)
+ {DSA-4723-1}
+ - xen 4.11.4+24-gddaaccbbab-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-328.html
+CVE-2020-15566 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...)
+ {DSA-4723-1}
+ - xen 4.11.4+24-gddaaccbbab-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-317.html
+CVE-2020-15565 (An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM ...)
+ {DSA-4723-1}
+ - xen 4.11.4+24-gddaaccbbab-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-321.html
+CVE-2020-15564 (An issue was discovered in Xen through 4.13.x, allowing Arm guest OS u ...)
+ {DSA-4723-1}
+ - xen 4.11.4+24-gddaaccbbab-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-327.html
+CVE-2020-15563 (An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest ...)
+ {DSA-4723-1}
+ - xen 4.11.4+24-gddaaccbbab-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-319.html
+CVE-2020-15561
+ RESERVED
+CVE-2020-15560
+ RESERVED
+CVE-2020-15559
+ RESERVED
+CVE-2020-15558
+ RESERVED
+CVE-2020-15557
+ RESERVED
+CVE-2020-15556
+ RESERVED
+CVE-2020-15555
+ RESERVED
+CVE-2020-15554
+ RESERVED
+CVE-2020-15553
+ RESERVED
+CVE-2020-15552
+ RESERVED
+CVE-2020-15551
+ RESERVED
+CVE-2020-15550
+ RESERVED
+CVE-2020-15549
+ RESERVED
+CVE-2020-15548
+ RESERVED
+CVE-2020-15547
+ RESERVED
+CVE-2020-15546
+ RESERVED
+CVE-2020-15545
+ RESERVED
+CVE-2020-15544
+ RESERVED
+CVE-2020-15543 (SolarWinds Serv-U FTP server before 15.2.1 does not validate an argume ...)
+ NOT-FOR-US: SolarWinds Serv-U FTP server
+CVE-2020-15542 (SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD comman ...)
+ NOT-FOR-US: SolarWinds Serv-U FTP server
+CVE-2020-15541 (SolarWinds Serv-U FTP server before 15.2.1 allows remote command execu ...)
+ NOT-FOR-US: SolarWinds Serv-U FTP server
+CVE-2020-15562 (An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x befo ...)
+ {DSA-4720-1}
+ - roundcube 1.4.7+dfsg.1-1 (bug #964355)
+ [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u6
+ NOTE: 1.4.x https://github.com/roundcube/roundcubemail/commit/3e8832d029b035e3fcfb4c75839567a9580b4f82
+ NOTE: 1.3.x https://github.com/roundcube/roundcubemail/commit/19502419757a976dbd55ce5a746610c5bab7896b
+ NOTE: 1.2.x https://github.com/roundcube/roundcubemail/commit/f3d1566cf223eb04f47b6dfffcd88753f66c36ee
+CVE-2020-15540 (We-com OpenData CMS 2.0 allows SQL Injection via the username field on ...)
+ NOT-FOR-US: We-com OpenData CMS
+CVE-2020-15539 (SQL injection can occur in We-com Municipality portal CMS 2.1.x via th ...)
+ NOT-FOR-US: We-com Municipality portal CMS
+CVE-2020-15538 (XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ s ...)
+ NOT-FOR-US: We-com Municipality portal CMS
+CVE-2020-15537 (An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS ...)
+ NOT-FOR-US: Vanguard plugin for WordPress
+CVE-2020-15536 (An issue was discovered in the bestsoftinc Hotel Booking System Pro pl ...)
+ NOT-FOR-US: bestsoftinc Hotel Booking System Pro plugin for WordPress
+CVE-2020-15535 (An issue was discovered in the bestsoftinc Car Rental System plugin th ...)
+ NOT-FOR-US: bestsoftinc Car Rental System plugin for WordPress
+CVE-2020-15534
+ RESERVED
+CVE-2020-15533 (In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 1468 ...)
+ NOT-FOR-US: Zoho ManageEngine Application Manager
+CVE-2020-15532 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...)
+ NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK
+CVE-2020-15531 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...)
+ NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK
+CVE-2020-15530 (An issue was discovered in Valve Steam Client 2.10.91.91. The installe ...)
+ - steam <not-affected> (Steam on Windows)
+CVE-2020-15529 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation ...)
+ NOT-FOR-US: GOG Galaxy client
+CVE-2020-15528 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation ...)
+ NOT-FOR-US: GOG Galaxy client
+CVE-2020-15527
+ RESERVED
+CVE-2020-15526 (In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for ...)
+ NOT-FOR-US: Redgate SQL Monitor
+CVE-2020-15525 (GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2020-15524
+ RESERVED
+CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, ...)
+ - python3.8 <not-affected> (Python on Windows)
+ - python2.7 <not-affected> (Python on Windows)
+CVE-2020-15522 (Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA bef ...)
+ - bouncycastle 1.68-1
+ [buster] - bouncycastle <no-dsa> (Minor issue)
+ [stretch] - bouncycastle <no-dsa> (Minor issue)
+ NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2020-15522
+CVE-2020-15521 (Zoho ManageEngine Applications Manager before 14 build 14730 has no pr ...)
+ NOT-FOR-US: Zoho
+CVE-2020-15520
+ RESERVED
+CVE-2020-15519
+ RESERVED
+CVE-2020-15518 (VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup &a ...)
+ NOT-FOR-US: Veeam
+CVE-2020-15517 (The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x th ...)
+ NOT-FOR-US: Typo3 extension
+CVE-2020-15516 (The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be ...)
+ NOT-FOR-US: Typo3 extension
+CVE-2020-15515 (The turn extension through 0.3.2 for TYPO3 allows Remote Code Executio ...)
+ NOT-FOR-US: Typo3 extension
+CVE-2020-15514 (The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYP ...)
+ NOT-FOR-US: Typo3 extension
+CVE-2020-15513 (The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access ...)
+ NOT-FOR-US: Typo3 extension
+CVE-2020-15512
+ RESERVED
+CVE-2020-15511 (HashiCorp Terraform Enterprise up to v202006-1 contained a default sig ...)
+ NOT-FOR-US: HashiCorp Terraform Enterprise
+CVE-2020-15510
+ RESERVED
+CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library ...)
+ NOT-FOR-US: Nordic Semiconductor
+CVE-2020-15508
+ RESERVED
+CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core versions 10 ...)
+ NOT-FOR-US: MobileIron Core and Connector
+CVE-2020-15506 (An authentication bypass vulnerability in MobileIron Core &amp; Connec ...)
+ NOT-FOR-US: MobileIron Core and Connector
+CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core &amp; Connect ...)
+ NOT-FOR-US: MobileIron Core and Connector
+CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfaces of ...)
+ NOT-FOR-US: Sophos
+CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affect ...)
+ [experimental] - libraw 0.20.0-1
+ - libraw 0.20.0-4 (bug #964747)
+ [buster] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477
+ NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
+CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android, ...)
+ NOT-FOR-US: DuckDuckGo application for Android and iOS
+CVE-2020-15501 (** UNSUPPORTED WHEN ASSIGNED ** Smarter Coffee Maker before 2nd genera ...)
+ NOT-FOR-US: Smarter Coffee Maker
+CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...)
+ NOT-FOR-US: TileServer GL
+CVE-2020-15499 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...)
+ NOT-FOR-US: ASUS RT-AC1900P routers
+CVE-2020-15498 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...)
+ NOT-FOR-US: ASUS RT-AC1900P routers
+CVE-2020-15497 (** DISPUTED ** jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build ...)
+ NOT-FOR-US: Jalios JCMS
+CVE-2020-15496 (Acronis True Image for Mac before 2021 Update 4 allowed local privileg ...)
+ NOT-FOR-US: Acronis
+CVE-2020-15495 (Acronis True Image 2019 update 1 through 2020 on macOS allows local pr ...)
+ NOT-FOR-US: Acronis
+CVE-2020-15494
+ RESERVED
+CVE-2020-15493
+ RESERVED
+CVE-2020-15492 (An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 ...)
+ NOT-FOR-US: INNEO
+CVE-2020-15491
+ RESERVED
+CVE-2020-15490 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
+ NOT-FOR-US: Wavlink WL-WN530HG4
+CVE-2020-15489 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
+ NOT-FOR-US: Wavlink WL-WN530HG4
+CVE-2020-15488 (Re:Desk 2.3 allows insecure file upload. ...)
+ NOT-FOR-US: Re:Desk
+CVE-2020-15487 (Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerabili ...)
+ NOT-FOR-US: Re:Desk
+CVE-2020-15486 (An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because t ...)
+ NOT-FOR-US: Dr Trust ECG Pen 2.00.08 devices
+CVE-2020-15485 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...)
+ NOT-FOR-US: Nescomed Multipara Monitor M1000 devices
+CVE-2020-15484 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...)
+ NOT-FOR-US: Nescomed Multipara Monitor M1000 devices
+CVE-2020-15483 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...)
+ NOT-FOR-US: Nescomed Multipara Monitor M1000 devices
+CVE-2020-15482 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...)
+ NOT-FOR-US: Nescomed Multipara Monitor M1000 devices
+CVE-2020-15481 (An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSFore ...)
+ NOT-FOR-US: PassMark
+CVE-2020-15480 (An issue was discovered in PassMark BurnInTest through 9.1, OSForensic ...)
+ NOT-FOR-US: PassMark
+CVE-2020-15479 (An issue was discovered in PassMark BurnInTest through 9.1, OSForensic ...)
+ NOT-FOR-US: PassMark
+CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of sensiti ...)
+ NOT-FOR-US: Journal theme for OpenCart
+CVE-2020-15477 (The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable t ...)
+ NOT-FOR-US: RaspberryTortoise
+CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...)
+ {DLA-2354-1}
+ - ndpi 3.4-1 (bug #972050)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
+ NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05 (3.4)
+CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c om ...)
+ - ndpi 3.4-1 (bug #972050)
+ [stretch] - ndpi <not-affected> (Vulnerable code not present, content_disposition_line introduced later)
+ NOTE: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952 (3.4)
+CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequence i ...)
+ - ndpi 3.4-1 (bug #972050)
+ [buster] - ndpi <not-affected> (Vulnerable code not present)
+ [stretch] - ndpi <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce (3.4)
+CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...)
+ - ndpi 3.4-1 (bug #972050)
+ [stretch] - ndpi <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e (3.4)
+CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...)
+ - ndpi 3.4-1 (bug #972050)
+ [stretch] - ndpi <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701 (3.4)
+CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a heap-b ...)
+ - ndpi 3.4-1 (bug #972050)
+ [buster] - ndpi <not-affected> (Vulnerable code not present)
+ [stretch] - ndpi <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622 (3.4)
+CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...)
+ NOT-FOR-US: ffjpeg
+CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...)
+ {DLA-2560-1}
+ - qemu 1:6.0+dfsg-3 (low; bug #970253)
+ [bullseye] - qemu <ignored> (Minor issue, too intrusive to backport)
+ [buster] - qemu <ignored> (Minor issue, too intrusive to backport)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00674.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=520f26fc6d17b71a43eaf620e834b3bdf316f3d3
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=4f2a5202a05fc1612954804a2482f07bff105ea2
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=24202d2b561c3b4c48bd28383c8c34b4ac66c2bf
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=f867cebaedbc9c43189f102e4cdfdff05e88df7f
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b5bf601f364e1a14ca4c3276f88dfec024acf613
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=921604e175b8ec06c39503310e7b3ec1e3eafe9e
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2c9fb3b784000c1df32231e1c2464bb2e3fc4620
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=735754aaa15a6ed46db51fd731e88331c446ea54
+CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...)
+ NOT-FOR-US: Persian VIP Download Script
+CVE-2020-15467 (The administrative interface of Cohesive Networks vns3:vpn appliances ...)
+ NOT-FOR-US: Cohesive Networks vns3:vpn appliances
+CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infin ...)
+ {DLA-2547-1}
+ - wireshark 3.2.5-1 (low)
+ [buster] - wireshark 2.6.20-0+deb10u1
+ NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029
+ NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-09.html
+CVE-2020-15465
+ REJECTED
+CVE-2020-15464
+ REJECTED
+CVE-2020-15463
+ REJECTED
+CVE-2020-15462
+ REJECTED
+CVE-2020-15461
+ REJECTED
+CVE-2020-15460
+ REJECTED
+CVE-2020-15459
+ REJECTED
+CVE-2020-15458
+ REJECTED
+CVE-2020-15457
+ REJECTED
+CVE-2020-15456
+ REJECTED
+CVE-2020-15455
+ REJECTED
+CVE-2020-15454
+ REJECTED
+CVE-2020-15453
+ REJECTED
+CVE-2020-15452
+ REJECTED
+CVE-2020-15451
+ REJECTED
+CVE-2020-15450
+ REJECTED
+CVE-2020-15449
+ REJECTED
+CVE-2020-15448
+ REJECTED
+CVE-2020-15447
+ REJECTED
+CVE-2020-15446
+ REJECTED
+CVE-2020-15445
+ REJECTED
+CVE-2020-15444
+ REJECTED
+CVE-2020-15443
+ REJECTED
+CVE-2020-15442
+ REJECTED
+CVE-2020-15441
+ REJECTED
+CVE-2020-15440
+ REJECTED
+CVE-2020-15439
+ REJECTED
+CVE-2020-15438
+ REJECTED
+CVE-2020-15437 (The Linux kernel before version 5.8 is vulnerable to a NULL pointer de ...)
+ - linux 5.7.17-1
+ [buster] - linux 4.19.146-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/f4c23a140d80ef5e6d3d1f8f57007649014b60fa
+CVE-2020-15436 (Use-after-free vulnerability in fs/block_dev.c in the Linux kernel bef ...)
+ - linux 5.7.6-1
+ [buster] - linux 4.19.131-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/2d3a8e2deddea6c89961c422ec0c5b851e648c14
+CVE-2020-15435 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15434 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15433 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15432 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15431 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15430 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15429 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15428 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15427 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15426 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15425 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15424 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15423 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15422 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15421 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15420 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: CentOS-WebPanel.com
+CVE-2020-15419 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Veeam
+CVE-2020-15418 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Veeam
+CVE-2020-15417 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2020-15416 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
+CVE-2020-15415 (On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, c ...)
+ NOT-FOR-US: DrayTek
+CVE-2020-15414
+ RESERVED
+CVE-2020-15413
+ RESERVED
+CVE-2020-15412 (An issue was discovered in MISP 2.4.128. app/Controller/EventsControll ...)
+ NOT-FOR-US: MISP
+CVE-2020-15411 (An issue was discovered in MISP 2.4.128. app/Controller/AttributesCont ...)
+ NOT-FOR-US: MISP
+CVE-2020-15410
+ RESERVED
+CVE-2020-15409
+ RESERVED
+CVE-2020-15408 (An issue was discovered in Pulse Secure Pulse Connect Secure before 9. ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure
+CVE-2020-15407
+ RESERVED
+CVE-2020-15406
+ RESERVED
+CVE-2020-15405
+ RESERVED
+CVE-2020-15404
+ RESERVED
+CVE-2020-15403
+ RESERVED
+CVE-2020-15402
+ RESERVED
+CVE-2020-15401 (IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privile ...)
+ NOT-FOR-US: IOBit Malware Fighter Pro
+CVE-2020-15400 (CakePHP before 4.0.6 mishandles CSRF token generation. This might be r ...)
+ - cakephp <unfixed> (bug #985673)
+ [bullseye] - cakephp <ignored> (Minor issue)
+ [buster] - cakephp <ignored> (Minor issue)
+ [stretch] - cakephp <no-dsa> (Minor issue)
+CVE-2020-15399
+ RESERVED
+CVE-2020-15398
+ RESERVED
+CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execut ...)
+ - hylafax <not-affected> (/var/spool/hylafax/bin and /var/spool/hylafax/etc are root-owned in Debian)
+ NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/
+CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility ...)
+ - hylafax 3:6.0.7-3.1 (bug #964198)
+ [buster] - hylafax <no-dsa> (Minor issue)
+ [stretch] - hylafax <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/
+CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based b ...)
+ {DLA-2603-1}
+ - libmediainfo 20.09+dfsg-1 (low; bug #967073)
+ [buster] - libmediainfo <no-dsa> (Minor issue)
+ [jessie] - libmediainfo <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/mediainfo/bugs/1127/
+ NOTE: https://github.com/MediaArea/MediaInfoLib/commit/5b998282f47f080592d298a25c642f13a895c4dc
+CVE-2020-15394 (The REST API in Zoho ManageEngine Applications Manager before build 14 ...)
+ NOT-FOR-US: Zoho
+CVE-2020-15393 (In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/u ...)
+ {DLA-2420-1 DLA-2323-1}
+ - linux 5.7.10-1
+ [buster] - linux 4.19.131-1
+ NOTE: https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba
+CVE-2020-15392 (A user enumeration vulnerability flaw was found in Venki Supravizio BP ...)
+ NOT-FOR-US: Venki
+CVE-2020-15391 (The UI in DevSpace 4.13.0 allows web sites to execute actions on pods ...)
+ NOT-FOR-US: DevSpace
+CVE-2020-15390 (pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration ...)
+ NOT-FOR-US: Pega Platform
+CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...)
+ {DSA-4882-1 DLA-2277-1}
+ - openjpeg2 2.4.0-1 (bug #965220)
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1261
+ NOTE: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 (v2.4.0)
+CVE-2020-15388
+ RESERVED
+CVE-2020-15387 (The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7. ...)
+ NOT-FOR-US: Brocade
+CVE-2020-15386 (Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2 ...)
+ NOT-FOR-US: Brocade
+CVE-2020-15385 (Brocade SANnav before version 2.1.1 allows an authenticated attacker t ...)
+ NOT-FOR-US: Brocade
+CVE-2020-15384 (Brocade SANNav before version 2.1.1 contains an information disclosure ...)
+ NOT-FOR-US: Brocade
+CVE-2020-15383 (Running security scans against the SAN switch can cause config and sec ...)
+ NOT-FOR-US: Brocade
+CVE-2020-15382 (Brocade SANnav before version 2.1.1 uses a hard-coded administrator ac ...)
+ NOT-FOR-US: Brocade
+CVE-2020-15381 (Brocade SANnav before version 2.1.1 contains an Improper Authenticatio ...)
+ NOT-FOR-US: Brocade
+CVE-2020-15380 (Brocade SANnav before version 2.1.1 logs account credentials at the &# ...)
+ NOT-FOR-US: Brocade
+CVE-2020-15379 (Brocade SANnav before v.2.1.0a could allow remote attackers cause a de ...)
+ NOT-FOR-US: Brocade
+CVE-2020-15378 (The OVA version of Brocade SANnav before version 2.1.1 installation wi ...)
+ NOT-FOR-US: Brocade
+CVE-2020-15377 (Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated ...)
+ NOT-FOR-US: Brocade
+CVE-2020-15376 (Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, con ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15375 (Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15374 (Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versio ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15373 (Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15372 (A vulnerability in the command-line interface in Brocade Fabric OS bef ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15371 (Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15370 (Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allo ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15369 (Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restrict acce ...)
+ NOT-FOR-US: ASRock RGB Driver
+CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authenticatio ...)
+ NOT-FOR-US: Venki
+CVE-2020-15366 (An issue was discovered in ajv.validate() in Ajv (aka Another JSON Sch ...)
+ - node-ajv 6.12.4-1
+ [buster] - node-ajv <no-dsa> (Minor issue)
+ NOTE: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
+CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...)
+ - libraw <not-affected> (Vulnerable code introduced in 0.20-Beta1)
+ NOTE: https://github.com/LibRaw/LibRaw/issues/301
+ NOTE: https://github.com/LibRaw/LibRaw/commit/55f0a0c08974b8b79ebfa7762b555a1704b25fb2
+CVE-2020-15364 (The Nexos theme through 1.7 for WordPress allows top-map/?search_locat ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2020-15363 (The Nexos theme through 1.7 for WordPress allows side-map/?search_orde ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2020-15362 (wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection b ...)
+ NOT-FOR-US: thingsSDK WiFi Scanner
+CVE-2020-15361
+ RESERVED
+CVE-2020-15360 (com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalatio ...)
+ NOT-FOR-US: Docker Desktop on Windows
+CVE-2020-15359
+ RESERVED
+CVE-2020-15357 (Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and ...)
+ NOT-FOR-US: Askey
+CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...)
+ - sqlite3 3.32.3-1
+ [buster] - sqlite3 3.27.2-3+deb10u1
+ [stretch] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0)
+ [jessie] - sqlite3 <not-affected> (Vulnerable code introduced in 3.25.0)
+ NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5
+ NOTE: https://www.sqlite.org/src/tktview?name=8f157e8010
+CVE-2020-15356
+ REJECTED
+CVE-2020-15355
+ REJECTED
+CVE-2020-15354
+ REJECTED
+CVE-2020-15353
+ RESERVED
+CVE-2020-15352 (An XML external entity (XXE) vulnerability in Pulse Connect Secure (PC ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure
+CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...)
+ NOT-FOR-US: IDrive
+CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2020-15349 (BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation ...)
+ NOT-FOR-US: BinaryNights ForkLift
+CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManag ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15347 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b pa ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15346 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API wit ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15345 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15344 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15343 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15342 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15341 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated upda ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15340 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/A ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15339 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCa ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15338 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15337 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15336 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15335 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15334 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence inje ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15333 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discove ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15332 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/def ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15331 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRE ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15330 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15329 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permission ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15328 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blo ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15327 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without a ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cook ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15324 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/ ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15323 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15322 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM ha ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15321 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password fo ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15320 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15319 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15318 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15317 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15316 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15315 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15314 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15313 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15312 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-15311
+ REJECTED
+CVE-2020-15310
+ RESERVED
+CVE-2020-15309 (An issue was discovered in wolfSSL before 4.5.0, when single precision ...)
+ - wolfssl 4.5.0+dfsg-1 (bug #969663)
+ NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable
+CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...)
+ NOT-FOR-US: Support Incident Tracker
+CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS ( ...)
+ NOT-FOR-US: Nozomi Guardian
+CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...)
+ {DSA-4755-1 DLA-2358-1}
+ [experimental] - openexr 2.5.2-1
+ - openexr 2.5.3-2
+ [jessie] - openexr <not-affected> (getChunkOffsetTableSize introduced in v2)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/738
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6a9f8af6e89547bcd370ae3cec2b12849eee0b54
+CVE-2020-15305 (An issue was discovered in OpenEXR before 2.5.2. Invalid input could c ...)
+ {DSA-4755-1 DLA-2358-1}
+ [experimental] - openexr 2.5.2-1
+ - openexr 2.5.3-2
+ [jessie] - openexr <not-affected> (ImfDeepScanLineInputFile.cpp introduced in v2)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/730
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3d03979dc101612e806cdf0b011475d9fa685a73
+CVE-2020-15304 (An issue was discovered in OpenEXR before 2.5.2. An invalid tiled inpu ...)
+ [experimental] - openexr 2.5.2-1
+ - openexr 2.5.3-2
+ [buster] - openexr <not-affected> (Vulnerable code not present)
+ [stretch] - openexr <not-affected> (Vulnerable code not present)
+ [jessie] - openexr <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/727
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/36e05c14c612a89c43d4e0b013669ecd7f8e3440 (v3.0.4)
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/e79d2296496a50826a15c667bf92bdc5a05518b4 (v2.4.1)
+CVE-2020-15303 (Infoblox NIOS before 8.5.2 allows entity expansion during an XML uploa ...)
+ NOT-FOR-US: Infoblox NIOS
+CVE-2020-15302 (In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A0397 ...)
+ NOT-FOR-US: Argent RecoveryManager
+CVE-2020-15301 (SuiteCRM through 7.11.13 allows CSV Injection via registration fields ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2020-15300 (SuiteCRM through 7.11.13 has an Open Redirect in the Documents module ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2020-15299 (A reflected Cross-Site Scripting (XSS) Vulnerability in the KingCompos ...)
+ NOT-FOR-US: KingComposer plugin for WordPress
+CVE-2020-15298
+ REJECTED
+CVE-2020-15297 (Insufficient validation in the Bitdefender Update Server and BEST Rela ...)
+ NOT-FOR-US: Bitdefender
+CVE-2020-15296
+ REJECTED
+CVE-2020-15295
+ REJECTED
+CVE-2020-15294 (Compiler Optimization Removal or Modification of Security-critical Cod ...)
+ NOT-FOR-US: Bitdefender
+CVE-2020-15293 (Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, Int ...)
+ NOT-FOR-US: Bitdefender
+CVE-2020-15292 (Lack of validation on data read from guest memory in IntPeGetDirectory ...)
+ NOT-FOR-US: Bitdefender
+CVE-2020-15291
+ REJECTED
+CVE-2020-15290
+ REJECTED
+CVE-2020-15289
+ REJECTED
+CVE-2020-15288
+ REJECTED
+CVE-2020-15287
+ REJECTED
+CVE-2020-15286
+ REJECTED
+CVE-2020-15285
+ REJECTED
+CVE-2020-15284
+ RESERVED
+CVE-2020-15283
+ RESERVED
+CVE-2020-15282
+ REJECTED
+CVE-2020-15281
+ REJECTED
+CVE-2020-15280
+ RESERVED
+CVE-2020-15279 (An Improper Access Control vulnerability in the logging component of B ...)
+ NOT-FOR-US: Bitdefender
+CVE-2020-15278 (Red Discord Bot before version 3.4.1 has an unauthorized privilege esc ...)
+ NOT-FOR-US: Red Discord Bot
+CVE-2020-15277 (baserCMS before version 4.4.1 is affected by Remote Code Execution (RC ...)
+ NOT-FOR-US: baserCMS
+CVE-2020-15276 (baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. A ...)
+ NOT-FOR-US: baserCMS
+CVE-2020-15275 (MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attac ...)
+ {DSA-4787-1 DLA-2446-1}
+ - moin <removed>
+ NOTE: https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43
+ NOTE: https://github.com/moinwiki/moin-1.9/commit/64e16037a60646a4d834f0203c75481b9c3fa74c (1.9.11)
+CVE-2020-15274 (In Wiki.js before version 2.5.162, an XSS payload can be injected in a ...)
+ NOT-FOR-US: Wiki.js
+CVE-2020-15273 (baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. T ...)
+ NOT-FOR-US: baserCMS
+CVE-2020-15272 (In the git-tag-annotation-action (open source GitHub Action) before ve ...)
+ NOT-FOR-US: git-tag-annotation-action
+CVE-2020-15271 (In lookatme (python/pypi package) versions prior to 2.3.0, the package ...)
+ - lookatme 2.3.0-1 (bug #972988)
+ NOTE: https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q
+ NOTE: https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84 (v2.3.0)
+ NOTE: https://github.com/d0c-s4vage/lookatme/pull/110
+CVE-2020-15270 (Parse Server (npm package parse-server) broadcasts events to all clien ...)
+ NOT-FOR-US: Node parse-server
+CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens ...)
+ NOT-FOR-US: Spree
+CVE-2020-15268
+ RESERVED
+CVE-2020-15267
+ RESERVED
+CVE-2020-15266 (In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.i ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15265 (In Tensorflow before version 2.4.0, an attacker can pass an invalid `a ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15264 (The Boxstarter installer before version 2.13.0 configures C:\ProgramDa ...)
+ NOT-FOR-US: Boxstarter
+CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not properly e ...)
+ NOT-FOR-US: Laravel Orchid Platform
+CVE-2020-15262 (In webpack-subresource-integrity before version 1.5.1, all dynamically ...)
+ NOT-FOR-US: Node webpack-subresource-integrity
+CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an unquoted ...)
+ - veyon <not-affected> (Windows-specific)
+ NOTE: https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp
+CVE-2020-15260 (PJSIP is a free and open source multimedia communication library writt ...)
+ - pjproject <removed>
+ [stretch] - pjproject <not-affected> (Vulnerable code introduced later, no connection reuse available)
+ - ring 20210112.2.b757bac~ds1-1 (bug #986815)
+ [buster] - ring <not-affected> (Vulnerable code introduced later, no connection reuse available in embedded pjproject)
+ [stretch] - ring <not-affected> (Vulnerable code introduced later, no connection reuse available in embedded pjproject)
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8hcp-hm38-mfph
+ NOTE: https://github.com/pjsip/pjproject/commit/67e46c1ac45ad784db5b9080f5ed8b133c122872
+ NOTE: https://github.com/pjsip/pjproject/pull/2663
+CVE-2020-15259 (ad-ldap-connector's admin panel before version 5.0.13 does not provide ...)
+ NOT-FOR-US: ad-ldap-connector
+CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without checking ...)
+ NOT-FOR-US: Wire app
+CVE-2020-15257 (containerd is an industry-standard container runtime and is available ...)
+ {DSA-4865-1}
+ - containerd 1.4.3~ds1-1
+ - docker.io 20.10.0~rc1+dfsg2-1
+ NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
+ NOTE: https://github.com/containerd/containerd/commit/3519233e1b5a408c7e92b0af4293000820a0089b (v1.2)
+ NOTE: docker.io switched to systemwide containerd packages in 20.10.0~rc1+dfsg2-1
+CVE-2020-15256 (A prototype pollution vulnerability has been found in `object-path` &l ...)
+ - node-object-path 0.11.5-3
+ [buster] - node-object-path 0.11.4-2+deb10u1
+ [stretch] - node-object-path <postponed> (Minor issue)
+ NOTE: https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w
+CVE-2020-15255 (In Anuko Time Tracker before verion 1.19.23.5325, due to not properly ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2020-15254 (Crossbeam is a set of tools for concurrent programming. In crossbeam-c ...)
+ - firefox 82.0-1
+ - rust-crossbeam-channel <not-affected> (Only affected 0.4.3 which was not released in Debian)
+ NOTE: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15254
+CVE-2020-15253 (Versions of Grocy &lt;= 2.7.1 are vulnerable to Cross-Site Scripting v ...)
+ NOT-FOR-US: Grocy
+CVE-2020-15252 (In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right ( ...)
+ NOT-FOR-US: XWiki
+CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version ...)
+ NOT-FOR-US: Channelmgnt plug-in for Sopel
+CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryF ...)
+ {DLA-2426-1}
+ - junit4 4.13.1-1 (bug #972231)
+ [buster] - junit4 <no-dsa> (Minor issue)
+ NOTE: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
+ NOTE: https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae
+CVE-2020-15249 (October is a free, open-source, self-hosted CMS platform based on the ...)
+ NOT-FOR-US: October CMS
+CVE-2020-15248 (October is a free, open-source, self-hosted CMS platform based on the ...)
+ NOT-FOR-US: October CMS
+CVE-2020-15247 (October is a free, open-source, self-hosted CMS platform based on the ...)
+ NOT-FOR-US: October CMS
+CVE-2020-15246 (October is a free, open-source, self-hosted CMS platform based on the ...)
+ NOT-FOR-US: October CMS
+CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...)
+ NOT-FOR-US: Sylius
+CVE-2020-15244 (In Magento (rubygems openmage/magento-lts package) before versions 19. ...)
+ NOT-FOR-US: Magento
+CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi Authentication a ...)
+ NOT-FOR-US: Smartstore
+CVE-2020-15242 (Next.js versions &gt;=9.5.0 and &lt;9.5.4 are vulnerable to an Open Re ...)
+ NOT-FOR-US: next.js
+CVE-2020-15241 (TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, ...)
+ NOT-FOR-US: TYPO3 Fluid Engine
+CVE-2020-15240 (omniauth-auth0 (rubygems) versions &gt;= 2.3.0 and &lt; 2.4.1 improper ...)
+ - ruby-omniauth-auth0 <not-affected> (Introduced in 2.3.0)
+ NOTE: https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm
+CVE-2020-15239 (In xmpp-http-upload before version 0.4.0, when the GET method is attac ...)
+ NOT-FOR-US: xmpp-http-upload
+CVE-2020-15238 (Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the Dhcp ...)
+ {DSA-4781-1 DLA-2430-1}
+ - blueman 2.1.4-1 (bug #973718)
+ NOTE: https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287
+ NOTE: https://github.com/blueman-project/blueman/commit/02161d60e8e311b08fb18254615259085fcd6688
+ NOTE: Additionally Build-Depends on libpolkit-agent-1-dev needed (blueman should
+ NOTE: use polkit for authorisation but due to a packaging issue this was not
+ NOTE: enabled).
+CVE-2020-15237 (In Shrine before version 3.3.0, when using the `derivation_endpoint` p ...)
+ NOT-FOR-US: Shrine
+CVE-2020-15236 (In Wiki.js before version 2.5.151, directory traversal outside of Wiki ...)
+ NOT-FOR-US: Wiki.js
+CVE-2020-15235 (In RACTF before commit f3dc89b, unauthenticated users are able to get ...)
+ NOT-FOR-US: RACTF
+CVE-2020-15234 (ORY Fosite is a security first OAuth2 &amp; OpenID Connect framework f ...)
+ NOT-FOR-US: ORY Fosite
+CVE-2020-15233 (ORY Fosite is a security first OAuth2 &amp; OpenID Connect framework f ...)
+ NOT-FOR-US: ORY Fosite
+CVE-2020-15232 (In mapfish-print before version 3.24, a user can do to an XML External ...)
+ NOT-FOR-US: mapfish-print
+CVE-2020-15231 (In mapfish-print before version 3.24, a user can use the JSONP support ...)
+ NOT-FOR-US: mapfish-print
+CVE-2020-15230 (Vapor is a web framework for Swift. In Vapor before version 4.29.4, At ...)
+ NOT-FOR-US: Vapor
+CVE-2020-15229 (Singularity (an open source container platform) from version 3.1.1 thr ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
+ - singularity-container <unfixed> (bug #972212)
+ NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9
+CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath` and ` ...)
+ NOT-FOR-US: Node @actions/core
+CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 ar ...)
+ {DLA-2617-1}
+ - php-nette <removed>
+ NOTE: https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
+CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the API's se ...)
+ - glpi <removed>
+CVE-2020-15225 (django-filter is a generic system for filtering Django QuerySets based ...)
+ - django-filter 2.4.0-1
+ [buster] - django-filter <no-dsa> (Minor issue)
+ [stretch] - django-filter <no-dsa> (Minor issue)
+ NOTE: https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973
+ NOTE: https://github.com/carltongibson/django-filter/commit/340cf7a23a2b3dcd7183f6a0d6c383e85b130d2b
+CVE-2020-15224 (In Open Enclave before version 0.12.0, an information disclosure vulne ...)
+ NOT-FOR-US: Open Enclave
+CVE-2020-15223 (In ORY Fosite (the security first OAuth2 &amp; OpenID Connect framewor ...)
+ NOT-FOR-US: ORY Fosite
+CVE-2020-15222 (In ORY Fosite (the security first OAuth2 &amp; OpenID Connect framewor ...)
+ NOT-FOR-US: ORY Fosite
+CVE-2020-15221 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2020-15220 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2020-15219 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2020-15218 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2020-15217 (In GLPI before version 9.5.2, there is a leakage of user information t ...)
+ - glpi <removed>
+CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go) before ve ...)
+ - golang-github-russellhaering-goxmldsig 1.1.0-1 (bug #971615)
+ [buster] - golang-github-russellhaering-goxmldsig <no-dsa> (Minor issue)
+ NOTE: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7
+ NOTE: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64
+CVE-2020-15215 (Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vuln ...)
+ - electron <itp> (bug #842420)
+CVE-2020-15214 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15213 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15212 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15211 (In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15210 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15209 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15208 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15207 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15206 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15205 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15204 (In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15203 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, b ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15202 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15201 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` impl ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15200 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` impl ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15199 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15198 (In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` impl ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15197 (In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` impl ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15196 (In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `Ragged ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15195 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15194 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15193 (In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of ` ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15192 (In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15191 (In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an inv ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15190 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) u ...)
+ NOT-FOR-US: SOY CMS
+CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Co ...)
+ NOT-FOR-US: SOY CMS
+CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain d ...)
+ - helm-kubernetes <itp> (bug #910799)
+CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitiz ...)
+ - helm-kubernetes <itp> (bug #910799)
+CVE-2020-15185 (In Helm before versions 2.16.11 and 3.3.2, a Helm repository can conta ...)
+ - helm-kubernetes <itp> (bug #910799)
+CVE-2020-15184 (In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the ...)
+ - helm-kubernetes <itp> (bug #910799)
+CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting ...)
+ NOT-FOR-US: SoyCMS
+CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site Request ...)
+ NOT-FOR-US: SoyCMS
+CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies on untr ...)
+ NOT-FOR-US: Alfresco Reset Password add-on
+CVE-2020-15180 (A flaw was found in the mysql-wsrep component of mariadb. Lack of inpu ...)
+ {DSA-4776-1 DLA-2409-1}
+ - mariadb-10.5 1:10.5.6-1
+ [experimental] - mariadb-10.3 1:10.3.27-1~exp1
+ - mariadb-10.3 <unfixed> (bug #972746)
+ - mariadb-10.1 <removed>
+ - percona-xtradb-cluster-5.5 <removed>
+ NOTE: Fixed in MariaDB 10.5.6, 10.4.15, 10.3.25, 10.2.34, 10.1.47
+ NOTE: https://jira.mariadb.org/browse/MDEV-23884
+ NOTE: https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/
+CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 allows sto ...)
+ NOT-FOR-US: ScratchSig MediaWiki extension
+CVE-2020-15178 (In PrestaShop contactform module (prestashop/contactform) before versi ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-15177 (In GLPI before version 9.5.2, the `install/install.php` endpoint insec ...)
+ - glpi <removed>
+CVE-2020-15176 (In GLPI before version 9.5.2, when supplying a back tick in input that ...)
+ - glpi <removed>
+CVE-2020-15175 (In GLPI before version 9.5.2, the `&#8203;pluginimage.send.php&#8203;` ...)
+ - glpi <removed>
+CVE-2020-15174 (In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the ...)
+ - electron <itp> (bug #842420)
+CVE-2020-15173 (In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a b ...)
+ NOT-FOR-US: ACCEL-PPP
+CVE-2020-15172 (The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerabl ...)
+ NOT-FOR-US: Act module for Red Discord Bot
+CVE-2020-15171 (In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right ...)
+ NOT-FOR-US: XWiki
+CVE-2020-15170 (apollo-adminservice before version 1.7.1 does not implement access con ...)
+ NOT-FOR-US: apollo-adminservice
+CVE-2020-15169 (In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potentia ...)
+ {DSA-4766-1 DLA-2403-1}
+ - rails 2:6.0.3.3+dfsg-1 (bug #970040)
+ NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml
+ NOTE: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc?pli=1
+ NOTE: https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e (master)
+ NOTE: https://github.com/rails/rails/commit/aaa7ab1320330b3c4fa8f0fbda716dcfa21e3d65 (5.2)
+CVE-2020-15168 (node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the si ...)
+ [experimental] - node-fetch 2.6.1-1
+ - node-fetch 2.6.1-2 (bug #970173)
+ [buster] - node-fetch <ignored> (Minor issue; Intrusive to backport)
+ NOTE: https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r
+CVE-2020-15167 (In Miller (command line utility) using the configuration file support ...)
+ - miller 5.9.1+dfsg-1 (bug #969467)
+ [buster] - miller <not-affected> (Introduced in 5.9.0)
+ [stretch] - miller <not-affected> (Introduced in 5.9.0)
+ NOTE: https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw
+CVE-2020-15166 (In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerabi ...)
+ {DSA-4761-1 DLA-2443-1}
+ - zeromq3 4.3.3-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/3
+ NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
+ NOTE: https://github.com/zeromq/libzmq/commit/e7f0090b161ce6344f6bd35009816a925c070b09
+CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Stor ...)
+ NOT-FOR-US: Chameleon Mini Live Debugger
+CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any account ...)
+ NOT-FOR-US: Scrach Login MediaWiki extension
+CVE-2020-15163 (Python TUF (The Update Framework) reference implementation before vers ...)
+ - python-tuf <itp> (bug #934151)
+CVE-2020-15162 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users a ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-15161 (In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attac ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-15160 (PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerab ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-15159 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) a ...)
+ NOT-FOR-US: baserCMS
+CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP message ...)
+ NOT-FOR-US: libIEC61850
+CVE-2020-15157 (In containerd (an industry-standard container runtime) before version ...)
+ {DSA-4865-1}
+ - containerd 1.3.2~ds1-2
+ - docker.io 19.03.13+dfsg2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/15/1
+ NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c
+ NOTE: https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726 (v1.2.14)
+ NOTE: docker.io switched to systemwide containerd packages in 20.10.0~rc1+dfsg2-1
+ NOTE: docker.io/19.03.13+dfsg2-1 uses containerd 1.3.7
+CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged in user ...)
+ NOT-FOR-US: nodebb-plugin-blog-comments
+CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: baserCMS
+CVE-2020-15154 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: baserCMS
+CVE-2020-15153 (Ampache before version 4.2.2 allows unauthenticated users to perform S ...)
+ - ampache <removed>
+CVE-2020-15152 (ftp-srv is an npm package which is a modern and extensible FTP server ...)
+ NOT-FOR-US: Node ftp-srv
+CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...)
+ NOT-FOR-US: OpenMage
+CVE-2020-15150 (There is a vulnerability in Paginator (Elixir/Hex package) which makes ...)
+ NOT-FOR-US: Paginator
+CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...)
+ NOT-FOR-US: NodeBB
+CVE-2020-15148 (Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote cod ...)
+ - yii <itp> (bug #597899)
+CVE-2020-15147 (Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execu ...)
+ NOT-FOR-US: Red Discord Bot
+CVE-2020-15146 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...)
+ NOT-FOR-US: SyliusResourceBundle
+CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...)
+ NOT-FOR-US: Composer-Setup for Windows
+CVE-2020-15144
+ RESERVED
+CVE-2020-15143 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...)
+ NOT-FOR-US: SyliusResourceBundle
+CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with ...)
+ NOT-FOR-US: openapi-python-client
+CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...)
+ NOT-FOR-US: openapi-python-client
+CVE-2020-15140 (In Red Discord Bot before version 3.3.11, a RCE exploit has been disco ...)
+ NOT-FOR-US: Red Discord Bot
+CVE-2020-15139 (In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visu ...)
+ NOT-FOR-US: MyBB
+CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview of the ...)
+ - node-prismjs 1.11.0+dfsg-4 (bug #968094)
+ NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9
+ NOTE: https://github.com/PrismJS/prism/commit/8bba4880202ef6bd7a1e379fe9aebe69dd75f7be
+CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...)
+ NOT-FOR-US: HoRNDIS
+CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...)
+ [experimental] - etcd 3.3.25+dfsg-1
+ - etcd 3.3.25+dfsg-5 (bug #968752)
+ [buster] - etcd <no-dsa> (Minor issue)
+ NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q
+CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...)
+ NOT-FOR-US: Node save-server
+CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...)
+ - ruby-faye 1.4.0-1 (bug #967063)
+ [buster] - ruby-faye <no-dsa> (Minor issue)
+ NOTE: https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9
+ NOTE: https://github.com/faye/faye/issues/524
+ NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/
+CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of certificat ...)
+ - ruby-faye-websocket 0.11.0-1 (bug #967061)
+ [buster] - ruby-faye-websocket <no-dsa> (Minor issue)
+ NOTE: https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv
+ NOTE: https://github.com/faye/faye-websocket-ruby/pull/129
+ NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/
+CVE-2020-15132 (In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget pa ...)
+ NOT-FOR-US: Sulu
+CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...)
+ NOT-FOR-US: Node slp-validate
+CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...)
+ NOT-FOR-US: Node slpjs
+CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists ...)
+ NOT-FOR-US: Traefik
+CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...)
+ NOT-FOR-US: October CMS
+CVE-2020-15127 (In Contour ( Ingress controller for Kubernetes) before version 1.7.0, ...)
+ NOT-FOR-US: Countour
+CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...)
+ NOT-FOR-US: Node parser-server
+CVE-2020-15125 (In auth0 (npm package) versions before 2.27.1, a DenyList of specific ...)
+ NOT-FOR-US: Node auth0
+CVE-2020-15124 (In Goobi Viewer Core before version 4.8.3, a path traversal vulnerabil ...)
+ NOT-FOR-US: Goobi Viewer Core
+CVE-2020-15123 (In codecov (npm package) before version 3.7.1 the upload method has a ...)
+ NOT-FOR-US: Node codedev
+CVE-2020-15122
+ RESERVED
+CVE-2020-15121 (In radare2 before version 4.5.0, malformed PDB file names in the PDB s ...)
+ - radare2 5.0.0+dfsg-1
+ NOTE: https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
+ NOTE: https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
+ NOTE: https://github.com/radareorg/radare2/issues/16945
+ NOTE: https://github.com/radareorg/radare2/pull/16966
+CVE-2020-15120 (In "I hate money" before version 4.1.5, an authenticated member of one ...)
+ NOT-FOR-US: ihatemoney
+CVE-2020-15119 (In auth0-lock versions before and including 11.25.1, dangerouslySetInn ...)
+ NOT-FOR-US: Node auth0-lock
+CVE-2020-15118 (In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is m ...)
+ NOT-FOR-US: Wagtail
+CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...)
+ - synergy <removed>
+ [stretch] - synergy <no-dsa> (minor issue, low priority)
+ NOTE: https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39
+ NOTE: https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp
+CVE-2020-15116
+ RESERVED
+CVE-2020-15115 (etcd before versions 3.3.23 and 3.4.10 does not perform any password l ...)
+ [experimental] - etcd 3.3.25+dfsg-1
+ - etcd 3.3.25+dfsg-5 (bug #968740)
+ [buster] - etcd <no-dsa> (Minor issue)
+ NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh
+CVE-2020-15114 (In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simpl ...)
+ [experimental] - etcd 3.3.25+dfsg-1
+ - etcd 3.3.25+dfsg-5 (bug #968740)
+ [buster] - etcd <no-dsa> (Minor issue)
+ NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224
+CVE-2020-15113 (In etcd before versions 3.3.23 and 3.4.10, certain directory paths are ...)
+ [experimental] - etcd 3.3.25+dfsg-1
+ - etcd 3.3.25+dfsg-5 (bug #968740)
+ [buster] - etcd <no-dsa> (Minor issue)
+ NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92
+CVE-2020-15112 (In etcd before versions 3.3.23 and 3.4.10, it is possible to have an e ...)
+ [experimental] - etcd 3.3.25+dfsg-1
+ - etcd 3.3.25+dfsg-5 (bug #968740)
+ [buster] - etcd <no-dsa> (Minor issue)
+ NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93
+CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.Attach ...)
+ NOT-FOR-US: Fiber
+CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able ...)
+ NOT-FOR-US: jupyterhub-kubespawner
+CVE-2020-15109 (In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bilit ...)
+ NOT-FOR-US: solidus
+CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of "Clon ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v
+ NOTE: https://github.com/glpi-project/glpi/commit/a4baa64114eb92fd2adf6056a36e0582324414ba
+ NOTE: https://github.com/glpi-project/glpi/pull/6684
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...)
+ NOT-FOR-US: openenclave
+CVE-2020-15106 (In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic ...)
+ [experimental] - etcd 3.3.25+dfsg-1
+ - etcd 3.3.25+dfsg-5 (bug #968740)
+ [buster] - etcd <no-dsa> (Minor issue)
+ NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2
+CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...)
+ NOT-FOR-US: Django Two-Factor Authentication
+CVE-2020-15104 (In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when valid ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2020-15103 (In FreeRDP less than or equal to 2.1.2, an integer overflow exists due ...)
+ - freerdp2 2.2.0+dfsg1-1 (bug #965979)
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
- NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc
-CVE-2020-13395
+ [stretch] - freerdp <not-affected> (Vulnerable gfx code not present)
+ NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924 (stable-2.0)
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e (stable-2.0)
+CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, there is imp ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...)
+ NOT-FOR-US: freewvs
+CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that freewvs ...)
+ NOT-FOR-US: freewvs
+CVE-2020-15099 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...)
+ NOT-FOR-US: TYPO3
+CVE-2020-15098 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...)
+ NOT-FOR-US: TYPO3
+CVE-2020-15097 (loklak is an open-source server application which is able to collect m ...)
+ NOT-FOR-US: loklak
+CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...)
+ - electron <itp> (bug #842420)
+CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...)
+ - npm 6.14.6+ds-1 (low; bug #964746)
+ [buster] - npm 5.8.0+ds6-4+deb10u2
+ NOTE: https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
+ NOTE: https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
+CVE-2020-15094 (In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient cla ...)
+ - symfony 4.4.13+dfsg-1
+ [buster] - symfony <not-affected> (Vulnerable code introduced later - in v4.4.0)
+ [stretch] - symfony <not-affected> (Vulnerable code introduced later - in v4.4.0)
+ NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r
+ NOTE: https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78
+CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does not pro ...)
+ NOT-FOR-US: Rust tough
+CVE-2020-15092 (In TimelineJS before version 3.7.0, some user data renders as HTML. An ...)
+ NOT-FOR-US: TimelineJS
+CVE-2020-15091 (TenderMint from version 0.33.0 and before version 0.33.6 allows block ...)
+ NOT-FOR-US: TenderMint
+CVE-2020-15090
+ RESERVED
+CVE-2020-15089
+ RESERVED
+CVE-2020-15088
+ RESERVED
+CVE-2020-15087 (In Presto before version 337, authenticated users can bypass authoriza ...)
+ NOT-FOR-US: Presto query engine, different from src:presto
+CVE-2020-15086 (In TYPO3 installations with the "mediace" extension from version 7.6.2 ...)
+ NOT-FOR-US: TYPO3
+CVE-2020-15085 (In Saleor Storefront before version 2.10.3, request data used to authe ...)
+ NOT-FOR-US: Saleor Storefront
+CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3, the algor ...)
+ NOT-FOR-US: Node express-jwt
+CVE-2020-15083 (In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a ta ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-15082 (In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the das ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-15081 (In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is inform ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-15080 (In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some fi ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-15079 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there i ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-15078 (OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass ...)
+ - openvpn 2.5.1-2 (bug #987380)
+ [buster] - openvpn 2.4.7-1+deb10u1
+ [stretch] - openvpn <no-dsa> (Minor issue)
+ NOTE: https://github.com/OpenVPN/openvpn/commit/f7b3bf067ffce72e7de49a4174fd17a3a83f0573 (v2.5.2)
+ NOTE: https://github.com/OpenVPN/openvpn/commit/3d18e308c4e7e6f7ab7c2826c70d2d07b031c18a (v2.5.2)
+ NOTE: https://github.com/OpenVPN/openvpn/commit/3aca477a1b58714754fea3a26d0892fffc51db6b (v2.5.2)
+ NOTE: https://github.com/OpenVPN/openvpn/commit/0e5516a9d656ce86f7fb370c824344ea1760c255 (2.4.11)
+CVE-2020-15077 (OpenVPN Access Server 2.8.7 and earlier versions allows a remote attac ...)
+ NOT-FOR-US: OpenVPN Access Server (security impact for src:openvpn covered by CVE-2020-15078)
+CVE-2020-15076 (Private Tunnel installer for macOS version 3.0.1 and older versions ma ...)
+ NOT-FOR-US: Private Tunnel installer for macOS
+CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older may corrup ...)
+ NOT-FOR-US: OpenVPN Connect installer for macOS
+CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 and version 2.9.5 gener ...)
+ NOT-FOR-US: OpenVPN Access Server
+CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS vulnerability ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-15072 (An issue was discovered in phpList through 3.5.4. An error-based SQL I ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-15071 (content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS ...)
+ NOT-FOR-US: Symphony CMS
+CVE-2020-15070 (Zulip Server 2.x before 2.1.7 allows eval injection if a privileged at ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow an ...)
+ NOT-FOR-US: Sophos
+CVE-2020-15068
+ RESERVED
+CVE-2020-15067
+ RESERVED
+CVE-2020-15066
+ RESERVED
+CVE-2020-15065 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...)
+ NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices
+CVE-2020-15064 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...)
+ NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices
+CVE-2020-15063 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...)
+ NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices
+CVE-2020-15062 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...)
+ NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices
+CVE-2020-15061 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...)
+ NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices
+CVE-2020-15060 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...)
+ NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices
+CVE-2020-15059 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...)
+ NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices
+CVE-2020-15058 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...)
+ NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices
+CVE-2020-15057 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-15056 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-15055 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-15054 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-15053 (An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflec ...)
+ NOT-FOR-US: Artica Proxy
+CVE-2020-15052 (An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL In ...)
+ NOT-FOR-US: Artica Proxy
+CVE-2020-15051 (An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS ...)
+ NOT-FOR-US: Artica Proxy
+CVE-2020-15050 (An issue was discovered in the Video Extension in Suprema BioStar 2 be ...)
+ NOT-FOR-US: Suprema BioStar
+CVE-2020-15049 (An issue was discovered in http/ContentLengthInterpreter.cc in Squid b ...)
+ {DSA-4732-1 DLA-2394-1}
+ - squid 4.12-1
+ - squid3 <removed>
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5
+ NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch
+CVE-2020-15048
RESERVED
-CVE-2020-13394 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
- NOT-FOR-US: Tenda devices
-CVE-2020-13393 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
- NOT-FOR-US: Tenda devices
-CVE-2020-13392 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
- NOT-FOR-US: Tenda devices
-CVE-2020-13391 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
- NOT-FOR-US: Tenda devices
-CVE-2020-13390 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
- NOT-FOR-US: Tenda devices
-CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
- NOT-FOR-US: Tenda devices
-CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...)
- NOT-FOR-US: jw.util
-CVE-2020-13387
+CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification er ...)
+ - trojita <itp> (bug #795701)
+CVE-2020-15046 (The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a ...)
+ NOT-FOR-US: Supermicro
+CVE-2020-15045
RESERVED
-CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...)
- NOT-FOR-US: SmartDraw
-CVE-2020-13385
+CVE-2020-15044
RESERVED
-CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...)
- NOT-FOR-US: Monstra CMS
-CVE-2020-13383
+CVE-2020-15043 (iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling ...)
+ NOT-FOR-US: iBall WRB303N devices
+CVE-2020-15042
RESERVED
-CVE-2020-13382
+CVE-2020-15041 (PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Ad ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-15040
RESERVED
-CVE-2020-13381
+CVE-2020-15039
RESERVED
-CVE-2020-13380
+CVE-2020-15038 (The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2020-15037 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
+ NOT-FOR-US: NeDi
+CVE-2020-15036 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
+ NOT-FOR-US: NeDi
+CVE-2020-15035 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
+ NOT-FOR-US: NeDi
+CVE-2020-15034 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
+ NOT-FOR-US: NeDi
+CVE-2020-15033 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
+ NOT-FOR-US: NeDi
+CVE-2020-15032 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
+ NOT-FOR-US: NeDi
+CVE-2020-15031 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
+ NOT-FOR-US: NeDi
+CVE-2020-15030 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
+ NOT-FOR-US: NeDi
+CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...)
+ NOT-FOR-US: NeDi
+CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The ap ...)
+ NOT-FOR-US: NeDi
+CVE-2020-15027 (ConnectWise Automate through 2020.x has insufficient validation on cer ...)
+ NOT-FOR-US: ConnectWise
+CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ ...)
+ NOT-FOR-US: Bludit
+CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ...)
+ - ntp 1:4.2.8p15-1 (low; bug #963807)
+ [buster] - ntp <no-dsa> (Minor issue)
+ [stretch] - ntp <not-affected> (Vulnerable code introduced later)
+ [jessie] - ntp <not-affected> (Vulnerable code introduced later)
+ - ntpsec <not-affected> (Vulnerable code not present)
+ NOTE: https://support.ntp.org/bin/view/Main/NtpBug3661
+ NOTE: https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
+ NOTE: https://bugs.ntp.org/show_bug.cgi?id=3661
+ NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e84aa07N2NcL4sE_0dW35Tizc74SA
+CVE-2020-15024 (An issue was discovered in the Login Password feature of the Password ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2020-15023 (Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected b ...)
+ NOT-FOR-US: Askey
+CVE-2020-15022
RESERVED
-CVE-2020-13379
+CVE-2020-15021
RESERVED
-CVE-2020-13378
+CVE-2020-15020 (An issue was discovered in the Elementor plugin through 2.9.13 for Wor ...)
+ NOT-FOR-US: Elementor plugin for WordPress
+CVE-2020-15019
+ RESERVED
+CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation. ...)
+ NOT-FOR-US: playSMS
+CVE-2020-15017 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices ...)
+ NOT-FOR-US: NeDi
+CVE-2020-15016 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-C ...)
+ NOT-FOR-US: NeDi
+CVE-2020-15015 (The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XS ...)
+ NOT-FOR-US: FileExplorer component in GleamTech FileUltimate
+CVE-2020-15014 (pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. ...)
+ NOT-FOR-US: BlogCMS
+CVE-2020-15013
+ RESERVED
+CVE-2020-15012 (A Directory Traversal issue was discovered in Sonatype Nexus Repositor ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager
+CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...)
+ {DSA-4991-1 DLA-2276-1 DLA-2265-1}
+ - mailman <removed>
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1877379
+ NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1848
+CVE-2020-15010
+ RESERVED
+CVE-2020-15009 (AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe i ...)
+ NOT-FOR-US: ASUS
+CVE-2020-15008 (A SQLi exists in the probe code of all Connectwise Automate versions b ...)
+ NOT-FOR-US: Connectwise
+CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...)
+ - rbdoom3bfg <unfixed> (unimportant)
+ NOTE: https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabaa6cb9ec
+ NOTE: Problematic code not built
+CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document ...)
+ NOT-FOR-US: Bludit
+CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34. ...)
+ {DSA-4767-1 DLA-2504-1}
+ - mediawiki 1:1.31.8-1
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
+CVE-2020-15004 (OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. ...)
+ NOT-FOR-US: Open-Xchange App Suite
+CVE-2020-15003 (OX App Suite through 7.10.3 allows Information Exposure because a user ...)
+ NOT-FOR-US: Open-Xchange App Suite
+CVE-2020-15002 (OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/me ...)
+ NOT-FOR-US: Open-Xchange App Suite
+CVE-2020-15001 (An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0 ...)
+ NOT-FOR-US: Yubico YubiKey 5 NFC devices
+CVE-2020-15000 (A PIN management problem was discovered on Yubico YubiKey 5 devices 5. ...)
+ NOT-FOR-US: Yubico YubiKey 5 devices
+CVE-2020-14999 (A logic bug in system monitoring driver of Acronis Agent after 12.5.21 ...)
+ NOT-FOR-US: Acronis
+CVE-2020-14998
+ RESERVED
+CVE-2020-14997
+ RESERVED
+CVE-2020-14996
+ RESERVED
+CVE-2020-14995
+ RESERVED
+CVE-2020-14994
+ RESERVED
+CVE-2020-14993 (A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vig ...)
+ NOT-FOR-US: DrayTek devices
+CVE-2020-14992
+ RESERVED
+CVE-2020-14991
+ RESERVED
+CVE-2020-14990 (IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain p ...)
+ NOT-FOR-US: IOBit Advanced SystemCare Free
+CVE-2020-14989 (An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 ...)
+ NOT-FOR-US: Bloomreach Experience Manager (brXM)
+CVE-2020-14988 (An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 ...)
+ NOT-FOR-US: Bloomreach Experience Manager (brXM)
+CVE-2020-14987 (An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 ...)
+ NOT-FOR-US: Bloomreach Experience Manager (brXM)
+CVE-2020-14986
+ RESERVED
+CVE-2020-14985
+ RESERVED
+CVE-2020-14984
+ RESERVED
+CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't valid ...)
+ - crispy-doom 5.9.0-1 (bug #964564)
+ [buster] - crispy-doom <no-dsa> (Minor issue)
+ - chocolate-doom 3.0.1-1
+ [buster] - chocolate-doom 3.0.0-4+deb10u1
+ [stretch] - chocolate-doom <no-dsa> (Minor issue)
+ [jessie] - chocolate-doom <end-of-life> (games are not supported)
+ NOTE: https://github.com/chocolate-doom/chocolate-doom/issues/1293
+ NOTE: https://github.com/chocolate-doom/chocolate-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1
+ NOTE: https://github.com/fabiangreffrath/crispy-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1
+CVE-2020-14982 (A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later be ...)
+ NOT-FOR-US: Kronos WebTA
+CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...)
+ NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS
+CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...)
+ NOT-FOR-US: Sophos Secure Email application for Android
+CVE-2020-14979 (The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X ...)
+ NOT-FOR-US: EVGA Precision X1
+CVE-2020-14978 (An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorre ...)
+ NOT-FOR-US: F-Secure SAFE
+CVE-2020-14977 (An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC servic ...)
+ NOT-FOR-US: F-Secure SAFE
+CVE-2020-14976 (GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2. ...)
+ - gns3-server <itp> (bug #766166)
+CVE-2020-14975 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to del ...)
+ NOT-FOR-US: IOBit Unlocker
+CVE-2020-14974 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unl ...)
+ NOT-FOR-US: IOBit Unlocker
+CVE-2020-14973 (The loginForm within the general/login.php webpage in webTareas 2.0p8 ...)
+ NOT-FOR-US: webTareas
+CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online ...)
+ NOT-FOR-US: Sourcecodester Pisay Online E-Learning System
+CVE-2020-14971 (Pi-hole through 5.0 allows code injection in piholedhcp (the Static DH ...)
+ NOT-FOR-US: Pi-hole
+CVE-2020-14970
RESERVED
-CVE-2020-13377
+CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribu ...)
+ NOT-FOR-US: MISP
+CVE-2020-14968 (An issue was discovered in the jsrsasign package before 8.0.17 for Nod ...)
+ NOT-FOR-US: jsrsasign
+CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18 for Nod ...)
+ NOT-FOR-US: jsrsasign
+CVE-2020-14966 (An issue was discovered in the jsrsasign package through 8.0.18 for No ...)
+ NOT-FOR-US: jsrsasign
+CVE-2020-14965 (On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with ac ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-14964
RESERVED
-CVE-2020-13376
+CVE-2020-14963
RESERVED
-CVE-2020-13375
+CVE-2020-14962 (Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before ...)
+ NOT-FOR-US: Final Tiles Gallery plugin for WordPress
+CVE-2020-14961 (Concrete5 before 8.5.3 does not constrain the sort direction to a vali ...)
+ NOT-FOR-US: Concrete5
+CVE-2020-14960 (A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoi ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2020-14959 (Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3. ...)
+ NOT-FOR-US: Easy Testimonials plugin for WordPress
+CVE-2020-14958 (In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not ...)
+ NOT-FOR-US: Go Git Service
+CVE-2020-14957 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...)
+ NOT-FOR-US: Windows cleaning assistant
+CVE-2020-14956 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...)
+ NOT-FOR-US: Windows cleaning assistant
+CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows l ...)
+ NOT-FOR-US: Jiangmin Antivirus
+CVE-2020-14953
+ RESERVED
+CVE-2020-14952
+ RESERVED
+CVE-2020-14951
+ RESERVED
+CVE-2020-14950 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...)
+ NOT-FOR-US: aaPanel
+CVE-2020-14949
+ RESERVED
+CVE-2020-14948
+ RESERVED
+CVE-2020-14947 (OCS Inventory NG 2.7 allows Remote Command Execution via shell metacha ...)
+ - ocsinventory-server <unfixed> (unimportant)
+ NOTE: Only supported in trusted environments, see debtags
+CVE-2020-14946 (downloadFile.ashx in the Administrator section of the Surveillance mod ...)
+ NOT-FOR-US: Surveillance module in Global RADAR BSA Radar
+CVE-2020-14945 (A privilege escalation vulnerability exists within Global RADAR BSA Ra ...)
+ NOT-FOR-US: Global RADAR BSA Radar
+CVE-2020-14944 (Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authoriz ...)
+ NOT-FOR-US: Global RADAR BSA Radar
+CVE-2020-14943 (The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.72 ...)
+ NOT-FOR-US: Global RADAR BSA Radar
+CVE-2020-14942 (Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\ ...)
+ NOT-FOR-US: Tendenci
+CVE-2020-14941
+ RESERVED
+CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar ...)
+ - tuxguitar <unfixed> (bug #963626)
+ [bullseye] - tuxguitar <no-dsa> (Minor issue)
+ [buster] - tuxguitar <no-dsa> (Minor issue)
+ [stretch] - tuxguitar <no-dsa> (Minor issue)
+ [jessie] - tuxguitar <no-dsa> (Minor issue)
+ NOTE: https://logicaltrust.net/blog/2020/06/tuxguitar.html
+ NOTE: https://sourceforge.net/p/tuxguitar/bugs/126/
+CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc ...)
+ - freedroidrpg <unfixed> (low; bug #964197)
+ [bullseye] - freedroidrpg <no-dsa> (Minor issue)
+ [buster] - freedroidrpg <no-dsa> (Minor issue)
+ [stretch] - freedroidrpg <no-dsa> (Minor issue)
+ [jessie] - freedroidrpg <end-of-life> (games are not supported)
+ NOTE: https://bugs.freedroid.org/b/issue953
+ NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html
+CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes le ...)
+ - freedroidrpg <unfixed> (low; bug #964197)
+ [bullseye] - freedroidrpg <no-dsa> (Minor issue)
+ [buster] - freedroidrpg <no-dsa> (Minor issue)
+ [stretch] - freedroidrpg <no-dsa> (Minor issue)
+ [jessie] - freedroidrpg <end-of-life> (games are not supported)
+ NOTE: https://bugs.freedroid.org/b/issue952
+ NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html
+CVE-2020-14937 (Memory access out of buffer boundaries issues was discovered in Contik ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2020-14936 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2020-14935 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2020-14934 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2020-14933 (** DISPUTED ** compose.php in SquirrelMail 1.4.22 calls unserialize fo ...)
+ - squirrelmail <removed>
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1
+CVE-2020-14932 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtoda ...)
+ - squirrelmail <removed>
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1
+CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information Gatheri ...)
+ NOT-FOR-US: DMitry
+CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. A ...)
+ NOT-FOR-US: BT CTROMS Terminal OS Port Portal CT-464
+CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...)
+ {DLA-2254-1}
+ - alpine 2.23+dfsg1-1 (bug #963179)
+ [buster] - alpine <no-dsa> (Minor issue)
+ [stretch] - alpine <no-dsa> (Minor issue)
+ NOTE: http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html
+ NOTE: https://repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab
+CVE-2020-14928 (evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering is ...)
+ {DSA-4725-1 DLA-2281-1}
+ - evolution-data-server 3.36.4-1
+ NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
+ NOTE: https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
+CVE-2020-14927 (Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "We ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2020-14926 (CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/modul ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-14925
RESERVED
-CVE-2020-13374
+CVE-2020-14924
RESERVED
-CVE-2020-13373
+CVE-2020-14923
RESERVED
-CVE-2020-13372
+CVE-2020-14922
RESERVED
-CVE-2020-13371
+CVE-2020-14921
RESERVED
-CVE-2020-13370
+CVE-2020-14920
RESERVED
-CVE-2020-13369
+CVE-2020-14919
RESERVED
-CVE-2020-13368
+CVE-2020-14918
RESERVED
-CVE-2020-13367
+CVE-2020-14917
RESERVED
-CVE-2020-13366
+CVE-2020-14916
RESERVED
-CVE-2020-13365
+CVE-2020-14915
RESERVED
-CVE-2020-13364
+CVE-2020-14914
RESERVED
-CVE-2020-13363
+CVE-2020-14913
RESERVED
-CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...)
- - qemu <unfixed> (bug #961887)
- NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
-CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c ...)
- - qemu <unfixed> (bug #961888)
- NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
-CVE-2020-13360
+CVE-2020-14912
+ RESERVED
+CVE-2020-14911
+ RESERVED
+CVE-2020-14910
+ RESERVED
+CVE-2020-14909
+ RESERVED
+CVE-2020-14908
+ RESERVED
+CVE-2020-14907
+ RESERVED
+CVE-2020-14906
+ RESERVED
+CVE-2020-14905
+ RESERVED
+CVE-2020-14904
+ RESERVED
+CVE-2020-14903
+ RESERVED
+CVE-2020-14902
+ RESERVED
+CVE-2020-14901 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14900 (Vulnerability in the Oracle Application Express Group Calendar compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14899 (Vulnerability in the Oracle Application Express Data Reporter componen ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14898 (Vulnerability in the Oracle Application Express Packaged Apps componen ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14897 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14896 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14895 (Vulnerability in the Oracle Utilities Framework product of Oracle Util ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14894 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14893 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14892 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14891 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14890 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14889 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14888 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14887 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14886 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14885 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14884 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14883 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14882 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14881 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14880 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14879 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14878 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14877 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14876 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14875 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14874 (Vulnerability in the Oracle Cloud Infrastructure Identity and Access M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14873 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14872 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14871 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14870 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14869 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #972824)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14868 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14867 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #972824)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14866 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14865 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection pr ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14864 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14863 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14862 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14861 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14860 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14859 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14858 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14857 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14856 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14855 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14854 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14853 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-cluster <itp> (bug #833356)
+CVE-2020-14852 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14851 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14850 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14849 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14848 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14847 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14846 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14845 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14844 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14843 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14842 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14841 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14840 (Vulnerability in the Oracle Application Object Library product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14839 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14838 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14837 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14836 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14835 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14834 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14833 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14832 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14831 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14830 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14829 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14828 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14827 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #972824)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14826 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14825 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14824 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14823 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14822 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14821 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14820 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14819 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14818 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14817 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14816 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14815 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14814 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14813 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14812 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ {DLA-2538-1}
+ - mariadb-10.5 1:10.5.8-1
+ [experimental] - mariadb-10.3 1:10.3.27-1~exp1
+ - mariadb-10.3 <unfixed>
+ [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
+ - mariadb-10.1 <removed>
+ - mysql-5.7 <removed> (bug #972824)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+ NOTE: Fixed in MariaDB 10.5.7, 10.3.26, 10.1.48
+CVE-2020-14811 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14810 (Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospi ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14809 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14808 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14807 (Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospi ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14806 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14805 (Vulnerability in the Oracle E-Business Suite Secure Enterprise Search ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14804 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14803 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14802 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14801 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14800 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14799 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14798 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14797 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14796 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14795 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14794 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14793 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #972824)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14792 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14791 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14790 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #972824)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14789 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.8-1
+ [experimental] - mariadb-10.3 1:10.3.27-1~exp1
+ - mariadb-10.3 <unfixed>
+ [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
+ - mysql-5.7 <removed> (bug #972824)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+ NOTE: Fixed in MariaDB 10.5.7, 10.3.26
+CVE-2020-14788 (Vulnerability in the Oracle Communications Diameter Signaling Router ( ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14787 (Vulnerability in the Oracle Communications Diameter Signaling Router ( ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14786 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14785 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14784 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14783 (Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Foo ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14782 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14780 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14779 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14778 (Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core pro ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14777 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14776 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.8-1
+ [experimental] - mariadb-10.3 1:10.3.27-1~exp1
+ - mariadb-10.3 <unfixed>
+ [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
+ - mysql-8.0 8.0.22-1 (bug #972623)
+ - mysql-5.7 <removed> (bug #972824)
+ NOTE: Fixed in MariaDB 10.5.7, 10.3.26
+CVE-2020-14775 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+ - mysql-5.7 <removed> (bug #972824)
+CVE-2020-14774 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14773 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14772 (Vulnerability in the Hyperion Lifecycle Management product of Oracle H ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14771 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #972824)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14770 (Vulnerability in the Hyperion BI+ product of Oracle Hyperion (componen ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14769 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+ - mysql-5.7 <removed> (bug #972824)
+CVE-2020-14768 (Vulnerability in the Hyperion Analytic Provider Services product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14767 (Vulnerability in the Hyperion BI+ product of Oracle Hyperion (componen ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14766 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14765 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ {DLA-2538-1}
+ - mariadb-10.5 1:10.5.8-1
+ [experimental] - mariadb-10.3 1:10.3.27-1~exp1
+ - mariadb-10.3 <unfixed>
+ [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
+ - mariadb-10.1 <removed>
+ - mysql-8.0 8.0.22-1 (bug #972623)
+ - mysql-5.7 <removed> (bug #972824)
+ NOTE: Fixed in MariaDB 10.5.7, 10.3.26, 10.1.48
+CVE-2020-14764 (Vulnerability in the Hyperion Planning product of Oracle Hyperion (com ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14763 (Vulnerability in the Oracle Application Express Quick Poll component o ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14762 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14761 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14760 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #972824)
+CVE-2020-14759 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14758 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14757 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14756 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14755
+ RESERVED
+CVE-2020-14754 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14753 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14752 (Vulnerability in the Hyperion Lifecycle Management product of Oracle H ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14751
+ RESERVED
+CVE-2020-14750 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14749
+ RESERVED
+CVE-2020-14748
+ RESERVED
+CVE-2020-14747
+ RESERVED
+CVE-2020-14746 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14745 (Vulnerability in the Oracle REST Data Services product of Oracle REST ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14744 (Vulnerability in the Oracle REST Data Services product of Oracle REST ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14743 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14742 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14741 (Vulnerability in the Database Filesystem component of Oracle Database ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14740 (Vulnerability in the SQL Developer Install component of Oracle Databas ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14739
+ RESERVED
+CVE-2020-14738
+ RESERVED
+CVE-2020-14737
+ RESERVED
+CVE-2020-14736 (Vulnerability in the Database Vault component of Oracle Database Serve ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14735 (Vulnerability in the Scheduler component of Oracle Database Server. Su ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14734 (Vulnerability in the Oracle Text component of Oracle Database Server. ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14733
+ RESERVED
+CVE-2020-14732 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14731 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14730
+ RESERVED
+CVE-2020-14729 (Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracl ...)
+ NOT-FOR-US: Oracle NetSuite
+CVE-2020-14728 (Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle ...)
+ NOT-FOR-US: Oracle NetSuite
+CVE-2020-14727
RESERVED
-CVE-2020-13359
+CVE-2020-14726
RESERVED
-CVE-2020-13358
+CVE-2020-14725 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14724 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14723 (Vulnerability in the Oracle Help Technologies product of Oracle Fusion ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14722 (Vulnerability in the Oracle Enterprise Communications Broker product o ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14721 (Vulnerability in the Oracle Enterprise Communications Broker product o ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14720 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14719 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14718 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14717 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14716 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14715 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14714 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14713 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14712 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14711 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox <not-affected> (MacOS-specific)
+CVE-2020-14710 (Vulnerability in the Customer Management and Segmentation Foundation p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14709 (Vulnerability in the Customer Management and Segmentation Foundation p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14708 (Vulnerability in the Customer Management and Segmentation Foundation p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14707 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14705 (Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (c ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14702 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14701 (Vulnerability in the Oracle SD-WAN Aware product of Oracle Communicati ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14700 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14699 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14697 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14696 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14695 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14694 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14693 (Vulnerability in the Oracle Insurance Accounting Analyzer product of O ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14692 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14691 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14690 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14689
+ RESERVED
+CVE-2020-14688 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14687 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14686 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14685 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14684 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14683
+ RESERVED
+CVE-2020-14682 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14681 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14680 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14679 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14678 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14677 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14676 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14675 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14673 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14672 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #972824)
+ - mysql-8.0 8.0.22-1 (bug #972623)
+CVE-2020-14671 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14670 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14669 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14668 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14667 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14666 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14665 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14664 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...)
+ - openjfx 11+26-1
+ [stretch] - openjfx <no-dsa> (Minor issue)
+ NOTE: Oracle CPU lists only 8.x as affected, so marking the first 11.x upload as fixed
+CVE-2020-14663 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14662 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14661 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14660 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14659 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14658 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14656 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14655 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14654 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14653 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14652 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14651 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14650 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14649 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14648 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14647 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14646 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14645 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14644 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14643 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14642 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14640 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14639 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14638 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14637 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14636 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14635 (Vulnerability in the Oracle Application Object Library product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14634 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14631 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14630 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14629 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14628 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.12-dfsg-1
+CVE-2020-14627 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14626 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14625 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14624 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14623 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14622 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14621 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4734-1 DLA-2325-1}
+ - openjdk-14 14.0.2+12-1
+ - openjdk-11 11.0.8+10-1
+ - openjdk-8 8u265-b01-1
+CVE-2020-14620 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14619 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14618 (Vulnerability in the Primavera Unifier product of Oracle Construction ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14617 (Vulnerability in the Primavera Unifier product of Oracle Construction ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14616 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14615 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14614 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14613 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14612 (Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle Peop ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14611 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14610 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14609 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14608 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14607 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14606 (Vulnerability in the Oracle SD-WAN Edge product of Oracle Communicatio ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14605 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14604 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14603 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14602 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14601 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14599 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14598 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14597 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14596 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14595 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14594 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4734-1 DLA-2325-1}
+ - openjdk-14 14.0.2+12-1
+ - openjdk-11 11.0.8+10-1
+ - openjdk-8 8u265-b01-1
+CVE-2020-14592 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14591 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14590 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14589 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14588 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14587 (Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14586 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14585 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14584 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4734-1 DLA-2325-1}
+ - openjdk-14 14.0.2+12-1
+ - openjdk-11 11.0.8+10-1
+ - openjdk-8 8u265-b01-1
+CVE-2020-14582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14581 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4734-1 DLA-2325-1}
+ - openjdk-14 14.0.2+12-1
+ - openjdk-11 11.0.8+10-1
+ - openjdk-8 8u265-b01-1
+CVE-2020-14580 (Vulnerability in the Oracle Communications Session Border Controller p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14579 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4734-1 DLA-2325-1}
+ - openjdk-14 14.0.2+12-1
+ - openjdk-11 11.0.8+10-1
+ - openjdk-8 8u265-b01-1
+CVE-2020-14578 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4734-1 DLA-2325-1}
+ - openjdk-14 14.0.2+12-1
+ - openjdk-11 11.0.8+10-1
+ - openjdk-8 8u265-b01-1
+CVE-2020-14577 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4734-1 DLA-2325-1}
+ - openjdk-14 14.0.2+12-1
+ - openjdk-11 11.0.8+10-1
+ - openjdk-8 8u265-b01-1
+CVE-2020-14576 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #965168)
+ NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL
+CVE-2020-14575 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14574 (Vulnerability in the Oracle Communications Interactive Session Recorde ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14573 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...)
+ {DSA-4734-1}
+ - openjdk-14 14.0.2+12-1
+ - openjdk-11 11.0.8+10-1
+CVE-2020-14572 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14571 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14570 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14569 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14568 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <not-affected> (Only affects MySQL 8)
+CVE-2020-14567 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #965168)
+ NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL
+CVE-2020-14566 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14565 (Vulnerability in the Oracle Unified Directory product of Oracle Fusion ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14564 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14563 (Vulnerability in the Oracle Enterprise Communications Broker product o ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14562 (Vulnerability in the Java SE product of Oracle Java SE (component: Ima ...)
+ {DSA-4734-1}
+ - openjdk-14 14.0.2+12-1
+ - openjdk-11 11.0.8+10-1
+CVE-2020-14561 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14560 (Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (c ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14559 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #965168)
+ NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL
+CVE-2020-14558 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14557 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14556 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4734-1 DLA-2325-1}
+ - openjdk-14 14.0.2+12-1
+ - openjdk-11 11.0.8+10-1
+ - openjdk-8 8u265-b01-1
+CVE-2020-14555 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14554 (Vulnerability in the Oracle Application Object Library product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14553 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #965168)
+ NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL
+CVE-2020-14552 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14551 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14550 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #965168)
+ NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL
+CVE-2020-14549 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14548 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14547 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #965168)
+ NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL
+CVE-2020-14546 (Vulnerability in the Hyperion Financial Close Management product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14545 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14544 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14543 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14542 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14541 (Vulnerability in the Hyperion Financial Close Management product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14540 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #965168)
+ NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL
+CVE-2020-14539 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #965168)
+ NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL
+CVE-2020-14538
+ RESERVED
+CVE-2020-14537 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14536 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14535 (Vulnerability in the Oracle Commerce Service Center product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14534 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14533 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14532 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14531 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14530 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14529 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14528 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14526
+ RESERVED
+CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+ NOT-FOR-US: Philips
+CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...)
+ NOT-FOR-US: Softing Industrial Automation
+CVE-2020-14523 (Multiple Mitsubishi Electric Factory Automation products have a vulner ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-14522 (Softing Industrial Automation all versions prior to the latest build o ...)
+ NOT-FOR-US: Softing Industrial Automation
+CVE-2020-14521 (Multiple Mitsubishi Electric Factory Automation engineering software p ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-14520 (The affected product is vulnerable to an information leak, which may a ...)
+ NOT-FOR-US: Inductive Automation Ignition
+CVE-2020-14519 (This vulnerability allows an attacker to use the internal WebSockets A ...)
+ NOT-FOR-US: CodeMeter
+CVE-2020-14518 (Philips DreamMapper, Version 2.24 and prior. Information written to lo ...)
+ NOT-FOR-US: Philips DreamMapper
+CVE-2020-14517 (Protocol encryption can be easily broken for CodeMeter (All versions p ...)
+ NOT-FOR-US: CodeMeter
+CVE-2020-14516 (In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 ...)
+ NOT-FOR-US: Rockwell Automation
+CVE-2020-14515 (CodeMeter (All versions prior to 6.90 when using CmActLicense update f ...)
+ NOT-FOR-US: CodeMeter
+CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus traffic ca ...)
+ NOT-FOR-US: PLC
+CVE-2020-14513 (CodeMeter (All versions prior to 6.81) and the software using it may c ...)
+ NOT-FOR-US: CodeMeter
+CVE-2020-14512 (GateManager versions prior to 9.2c, The affected product uses a weak h ...)
+ NOT-FOR-US: GateManager
+CVE-2020-14511 (Malicious operation of the crafted web browser cookie may cause a stac ...)
+ NOT-FOR-US: EDR routers
+CVE-2020-14510 (GateManager versions prior to 9.2c, The affected product contains a ha ...)
+ NOT-FOR-US: GateManager
+CVE-2020-14509 (Multiple memory corruption vulnerabilities exist in CodeMeter (All ver ...)
+ NOT-FOR-US: CodeMeter
+CVE-2020-14508 (GateManager versions prior to 9.2c, The affected product is vulnerable ...)
+ NOT-FOR-US: GateManager
+CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to multiple pat ...)
+ NOT-FOR-US: Advantech
+CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+ NOT-FOR-US: Philips
+CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...)
+ NOT-FOR-US: Advantech
+CVE-2020-14504
+ RESERVED
+CVE-2020-14503 (Advantech iView, versions 5.6 and prior, has an improper input validat ...)
+ NOT-FOR-US: Advantech
+CVE-2020-14502
+ RESERVED
+CVE-2020-14501 (Advantech iView, versions 5.6 and prior, has an improper authenticatio ...)
+ NOT-FOR-US: Advantech
+CVE-2020-14500 (Secomea GateManager all versions prior to 9.2c, An attacker can send a ...)
+ NOT-FOR-US: Secomea GateManager
+CVE-2020-14499 (Advantech iView, versions 5.6 and prior, has an improper access contro ...)
+ NOT-FOR-US: Advantech
+CVE-2020-14498 (HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. The a ...)
+ NOT-FOR-US: HMS Industrial Networks AB eCatche
+CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL injecti ...)
+ NOT-FOR-US: Advantech
+CVE-2020-14496
+ RESERVED
+CVE-2020-14495
+ REJECTED
+CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication ...)
+ NOT-FOR-US: OpenClinic GA
+CVE-2020-14493 (A low-privilege user may use SQL syntax to write arbitrary files to th ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-14492 (OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-c ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-14491 (OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check perm ...)
+ NOT-FOR-US: OpenClinic GA
+CVE-2020-14490 (OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files spec ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-14489 (OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate h ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-14488 (OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded f ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-14487 (OpenClinic GA 5.09.02 contains a hidden default user account that may ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-14486 (An attacker may bypass permission/authorization checks in OpenClinic G ...)
+ NOT-FOR-US: OpenClinic
+CVE-2020-14485 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...)
+ NOT-FOR-US: OpenClinic GA
+CVE-2020-14484 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...)
+ NOT-FOR-US: OpenClinic GA
+CVE-2020-14483 (A timeout during a TLS handshake can result in the connection failing ...)
+ NOT-FOR-US: Niagara
+CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...)
+ NOT-FOR-US: Delta Industrial Automation DOPSoft
+CVE-2020-14481
+ RESERVED
+CVE-2020-14480
+ RESERVED
+CVE-2020-14479
+ RESERVED
+CVE-2020-14478
+ RESERVED
+CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...)
+ NOT-FOR-US: Philips
+CVE-2020-14476
+ REJECTED
+CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0. ...)
+ - dolibarr <removed>
+ NOTE: https://github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08
+CVE-2020-14474 (The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on ke ...)
+ NOT-FOR-US: Cellebrite
+CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...)
+ NOT-FOR-US: DrayTek
+CVE-2020-14472 (On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1 ...)
+ NOT-FOR-US: DrayTek
+CVE-2020-14471
+ RESERVED
+CVE-2020-14470 (In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authent ...)
+ NOT-FOR-US: Octopus Deploy
+CVE-2020-14469
+ RESERVED
+CVE-2020-14468
+ RESERVED
+CVE-2020-14467
+ REJECTED
+CVE-2020-14466
+ RESERVED
+CVE-2020-14465
+ RESERVED
+CVE-2020-14464
+ RESERVED
+CVE-2020-14463
+ RESERVED
+CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box. ...)
+ NOT-FOR-US: CALDERA
+CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversa ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5. ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2020-14459 (An issue was discovered in Mattermost Server before 5.19.0. Attackers ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2020-14458 (An issue was discovered in Mattermost Server before 5.19.0. Attackers ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2020-14457 (An issue was discovered in Mattermost Server before 5.20.0. Non-member ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2020-14456 (An issue was discovered in Mattermost Desktop App before 4.4.0. The Sa ...)
+ - mattermost-desktop <itp> (bug #831861)
+CVE-2020-14455 (An issue was discovered in Mattermost Desktop App before 4.4.0. Prompt ...)
+ - mattermost-desktop <itp> (bug #831861)
+CVE-2020-14454 (An issue was discovered in Mattermost Desktop App before 4.4.0. Attack ...)
+ - mattermost-desktop <itp> (bug #831861)
+CVE-2020-14453 (An issue was discovered in Mattermost Server before 5.21.0. Socket rea ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2020-14452 (An issue was discovered in Mattermost Server before 5.21.0. mmctl allo ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2020-14451 (An issue was discovered in Mattermost Mobile Apps before 1.29.0. The i ...)
+ NOT-FOR-US: Mattermost
+CVE-2020-14450 (An issue was discovered in Mattermost Server before 5.22.0. The markdo ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2020-14449 (An issue was discovered in Mattermost Mobile Apps before 1.30.0. Autho ...)
+ NOT-FOR-US: Mattermost
+CVE-2020-14448 (An issue was discovered in Mattermost Server before 5.23.0. Automatic ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2020-14447 (An issue was discovered in Mattermost Server before 5.23.0. Large webh ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2020-14954 (Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffe ...)
+ {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1}
+ - mutt 1.14.4-1
+ - neomutt 20200619+dfsg.1-1
+ NOTE: https://gitlab.com/muttmua/mutt/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4
+ NOTE: https://gitlab.com/muttmua/mutt/-/issues/248
+ NOTE: https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc
+CVE-2020-14446 (An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO ...)
+ NOT-FOR-US: WSO2 Identity Server
+CVE-2020-14445 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...)
+ NOT-FOR-US: WSO2 Identity Server
+CVE-2020-14444 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...)
+ NOT-FOR-US: WSO2 Identity Server
+CVE-2020-14443 (A SQL injection vulnerability in accountancy/customer/card.php in Doli ...)
+ - dolibarr <removed>
+CVE-2020-14442 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14441 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14440 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14439 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14438 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14437 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14436 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14435 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14434 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14433 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14432 (Certain NETGEAR devices are affected by CSRF. This affects RBK752 befo ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14431 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14430 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14429 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14428 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14427 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14426 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: NETGEAR
+CVE-2020-14425 (Foxit Reader before 10.0 allows Remote Command Execution via the app.o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-14424 (Cacti before 1.2.18 allows remote attackers to trigger XSS via templat ...)
+ - cacti 1.2.19+ds1-1
+ [bullseye] - cacti <no-dsa> (Minor issue)
+ [buster] - cacti <no-dsa> (Minor issue)
+ [stretch] - cacti <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/Cacti/cacti/pull/4261
+ NOTE: https://github.com/Cacti/cacti/commit/d12800ab479ad95a091bc577f28fd99ec95eb64c (release/1.2.18)
+CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...)
+ NOT-FOR-US: Convos
+CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...)
+ {DLA-2280-1}
+ - python3.8 3.8.4~rc1-1
+ - python3.7 <removed>
+ [buster] - python3.7 3.7.3-2+deb10u2
+ - python3.5 <removed>
+ - python3.4 <removed>
+ [jessie] - python3.4 <postponed> (Minor issue, DoS with constraints)
+ NOTE: https://bugs.python.org/issue41004
+ NOTE: https://github.com/python/cpython/pull/20956
+ NOTE: https://github.com/python/cpython/pull/21033
+ NOTE: https://github.com/python/cpython/commit/b30ee26e366bf509b7538d79bfec6c6d38d53f28 (master)
+ NOTE: https://github.com/python/cpython/commit/9a646aa82dfa62d70ca2a99ada901ee6cf9f82bd (3.9-branch)
+ NOTE: https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 (v3.8.4rc1)
+ NOTE: https://github.com/python/cpython/commit/b98e7790c77a4378ec4b1c71b84138cb930b69b7 (3.7-branch)
+ NOTE: https://github.com/python/cpython/commit/cfc7ff8d05f7a949a88b8a8dd506fb5c1c30d3e9 (3.6-branch)
+CVE-2020-14421 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...)
+ NOT-FOR-US: aaPanel
+CVE-2020-14420
+ RESERVED
+CVE-2020-14419
+ RESERVED
+CVE-2020-14418 (A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that al ...)
+ NOT-FOR-US: madCodeHook
+CVE-2020-14417
+ RESERVED
+CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...)
+ - qemu 1:5.0-1
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ [jessie] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=3ba4066d085f5bdce2c7ac145692a4fd52493d67 (4.2.0-rc0)
+ NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=7a4ede0047a8613b0e3b72c9d351038f013dd357 (5.0.0-rc0)
+CVE-2020-14416 (In the Linux kernel before 5.4.16, a race condition in tty-&gt;disc_da ...)
+ - linux 5.4.19-1
+ [buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.210-1+deb9u1
+ [jessie] - linux 3.16.84-1
+ NOTE: https://git.kernel.org/linus/0ace17d56824165c7f4c68785d6b58971db954dd
+CVE-2020-14414 (NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php imprope ...)
+ NOT-FOR-US: NeDi
+CVE-2020-14413 (NeDi 1.9C is vulnerable to XSS because of an incorrect implementation ...)
+ NOT-FOR-US: NeDi
+CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.p ...)
+ NOT-FOR-US: NeDi
+CVE-2020-14411
+ RESERVED
+CVE-2020-14410 (SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer ...)
+ {DLA-2536-1}
+ - libsdl1.2 <not-affected> (Only affects SDL2)
+ - libsdl2 2.0.14+dfsg2-2
+ [buster] - libsdl2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
+ NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
+CVE-2020-14409 (SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow ...)
+ {DLA-2536-1}
+ - libsdl2 2.0.14+dfsg2-2
+ [buster] - libsdl2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200
+ NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
+ NOTE: Specific to SDL2, these checks were addresses in SDL 1.2 with CVE-2019-7637
+CVE-2020-14408 (An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanit ...)
+ NOT-FOR-US: Agentejo Cockpit
+CVE-2020-14407
+ RESERVED
+CVE-2020-14406
+ RESERVED
+CVE-2020-14405 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rf ...)
+ {DLA-2347-1 DLA-2264-1}
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
+ NOTE: https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365
+CVE-2020-14404 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rr ...)
+ {DLA-2347-1 DLA-2264-1}
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
+ NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
+CVE-2020-14403 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/he ...)
+ {DLA-2347-1 DLA-2264-1}
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
+ NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
+CVE-2020-14402 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/co ...)
+ {DLA-2347-1 DLA-2264-1}
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
+ NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
+CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/sc ...)
+ {DLA-2347-1 DLA-2264-1}
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
+ NOTE: https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af
+CVE-2020-14400 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. ...)
+ {DLA-2347-1 DLA-2264-1}
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
+ NOTE: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d
+CVE-2020-14399 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. ...)
+ {DLA-2347-1 DLA-2264-1}
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
+ NOTE: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d
+CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improperly c ...)
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver <ignored> (Proposed patch might break ABI for consumers)
+ [stretch] - libvncserver <ignored> (Proposed patch might break ABI for consumers)
+ [jessie] - libvncserver <ignored> (Proposed patch might break ABI for consumers)
+ NOTE: https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b
+CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rf ...)
+ {DLA-2347-1 DLA-2264-1}
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
+ NOTE: https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0
+CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tl ...)
+ - libvncserver 0.9.13+dfsg-1
+ [buster] - libvncserver <not-affected> (Vulnerable code not present)
+ [stretch] - libvncserver <not-affected> (Vulnerable code not present)
+ [jessie] - libvncserver <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553
+CVE-2020-14395
+ RESERVED
+CVE-2020-14394 [infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c]
+ RESERVED
+ - qemu <unfixed> (bug #979677)
+ [bullseye] - qemu <postponed> (Minor issue)
+ [buster] - qemu <postponed> (Minor issue)
+ [stretch] - qemu <postponed> (Minor issue, privileged local DoS, low CVSS, no patch)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1908004
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/646
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2020-14393 (A buffer overflow was found in perl-DBI &lt; 1.643 in DBI.xs. A local ...)
+ {DLA-2386-1}
+ - libdbi-perl 1.643-1
+ [buster] - libdbi-perl 1.642-1+deb10u1
+ NOTE: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b
+CVE-2020-14392 (An untrusted pointer dereference flaw was found in Perl-DBI &lt; 1.643 ...)
+ {DLA-2386-1}
+ - libdbi-perl 1.643-1
+ [buster] - libdbi-perl 1.642-1+deb10u1
+ NOTE: https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1
+CVE-2020-14391 (A flaw was found in the GNOME Control Center in Red Hat Enterprise Lin ...)
+ - gnome-settings-daemon <not-affected> (Red Hat-specific plugin)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093
+CVE-2020-14390 (A flaw was found in the Linux kernel in versions before 5.9-rc6. When ...)
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.8.10-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489
+ NOTE: https://www.openwall.com/lists/oss-security/2020/09/15/2
+CVE-2020-14389 (It was found that Keycloak before version 12.0.0 would permit a user w ...)
+ NOT-FOR-US: Keycloak
+CVE-2020-14388 (A flaw was found in the Red Hat 3scale API Management Platform, where ...)
+ NOT-FOR-US: 3scale
+CVE-2020-14387 (A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperl ...)
+ - rsync 3.2.3-3 (bug #969530)
+ [buster] - rsync <not-affected> (Vulnerable code introduced later)
+ [stretch] - rsync <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=2a87d78f693f10fe5ad13af0bb9311bd3714077d (v3.2.0pre1)
+ NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549
+CVE-2020-14386 (A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption ...)
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.8.7-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3
+CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure of the ...)
+ {DLA-2385-1}
+ - linux 5.8.7-1
+ [buster] - linux 4.19.146-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933
+CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. ...)
+ NOT-FOR-US: JBossWeb
+CVE-2020-14383 (A flaw was found in samba's DNS server. An authenticated user could us ...)
+ {DLA-2463-1}
+ [experimental] - samba 2:4.13.2+dfsg-1
+ - samba 2:4.13.2+dfsg-2 (bug #973398)
+ [buster] - samba <no-dsa> (Minor issue)
+ NOTE: https://www.samba.org/samba/security/CVE-2020-14383.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14472
+CVE-2020-14382 (A vulnerability was found in upstream release cryptsetup-2.2.0 where, ...)
+ - cryptsetup 2:2.3.4-1 (bug #969471)
+ [buster] - cryptsetup <not-affected> (Vulnerable code not present)
+ [stretch] - cryptsetup <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874712
+ NOTE: https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/102
+ NOTE: Fixed by: https://gitlab.com/cryptsetup/cryptsetup/-/commit/52f5cb8cedf22fb3e14c744814ec8af7614146c7
+ NOTE: Improvement: https://gitlab.com/cryptsetup/cryptsetup/-/commit/46ee71edcd13e1dad50815ad65c28779aa6f7503
+ NOTE: Improvement: https://gitlab.com/cryptsetup/cryptsetup/-/commit/752c9a52798f11d3b765b673ebaa3058eb25316e
+ NOTE: Introduced with: https://gitlab.com/cryptsetup/cryptsetup/-/commit/a7f80a27701450e40ef37e2224577f1a0c98cf0f (v2.2.0-rc0)
+CVE-2020-14381 (A flaw was found in the Linux kernel&#8217;s futex implementation. Thi ...)
+ - linux 5.5.13-1
+ [buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://git.kernel.org/linus/8019ad13ef7f64be44d4f892af9c840179009254
+CVE-2020-14380 (An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. ...)
+ NOT-FOR-US: Red Hat Satellite
+CVE-2020-14379
+ RESERVED
+ NOT-FOR-US: Red Hat AMQ broker
+CVE-2020-14378 (An integer underflow in dpdk versions before 18.11.10 and before 19.11 ...)
+ - dpdk 19.11.5-1 (bug #971269)
+ [buster] - dpdk 18.11.10-1~deb10u1
+ [stretch] - dpdk <no-dsa> (Minor issue)
+ NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+CVE-2020-14377 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
+ - dpdk 19.11.5-1 (bug #971269)
+ [buster] - dpdk 18.11.10-1~deb10u1
+ [stretch] - dpdk <no-dsa> (Minor issue)
+ NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+CVE-2020-14376 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
+ - dpdk 19.11.5-1 (bug #971269)
+ [buster] - dpdk 18.11.10-1~deb10u1
+ [stretch] - dpdk <no-dsa> (Minor issue)
+ NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+CVE-2020-14375 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
+ - dpdk 19.11.5-1 (bug #971269)
+ [buster] - dpdk 18.11.10-1~deb10u1
+ [stretch] - dpdk <no-dsa> (Minor issue)
+ NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+CVE-2020-14374 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
+ - dpdk 19.11.5-1 (bug #971269)
+ [buster] - dpdk 18.11.10-1~deb10u1
+ [stretch] - dpdk <no-dsa> (Minor issue)
+ NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of g ...)
+ - ghostscript 9.26~dfsg-1
+ [stretch] - ghostscript 9.26~dfsg-0+deb9u1
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ece5cbbd9979cd35737b00e68267762d72feb2ea
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702851
+CVE-2020-14372 (A flaw was found in grub2 in versions prior to 2.06, where it incorrec ...)
+ {DSA-4867-1}
+ - grub2 2.04-16
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+CVE-2020-14371 (A credential leak vulnerability was found in Red Hat Satellite. This f ...)
+ NOT-FOR-US: Red Hat Satellite
+CVE-2020-14370 (An information disclosure vulnerability was found in containers/podman ...)
+ - libpod 2.0.6+dfsg1-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874268
+ NOTE: https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074
+CVE-2020-14369 (This release fixes a Cross Site Request Forgery vulnerability was foun ...)
+ NOT-FOR-US: Red Hat CloudForm
+CVE-2020-14368 (A flaw was found in Eclipse Che in versions prior to 7.14.0 that impac ...)
+ NOT-FOR-US: Eclipse Che
+CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating the PID ...)
+ - chrony 3.5.1-1 (unimportant)
+ [buster] - chrony 3.4-4+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/21/1
+ NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/util.c?id=7a4c396bba8f92a3ee8018620983529152050c74 (4.0-pre1)
+ NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/main.c?id=e18903a6b56341481a2e08469c0602010bf7bfe3 (4.0-pre1)
+ NOTE: Minimal backport: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=f00fed20092b6a42283f29c6ee1f58244d74b545 (3.5.1)
+ NOTE: Debian packaging relocates chronyd.pid as well to /run since 3.1-3
+ NOTE: additionally mitigating the issue. Earlier versions used /var/run/chronyd.pid.
+CVE-2020-14366 (A vulnerability was found in keycloak, where path traversal using URL- ...)
+ NOT-FOR-US: Keycloak
+CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...)
+ {DSA-4950-1}
+ - ansible 2.9.13+dfsg-1 (unimportant)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154
+ NOTE: https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275 (v2.9.13)
+ NOTE: Negligible security impact on Debian systems
+CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator ...)
+ {DSA-4760-1 DLA-2373-1}
+ - qemu 1:5.1+dfsg-4 (bug #968947)
+ NOTE: https://xenbits.xen.org/xsa/advisory-335.html
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/24/3
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b946434f2659a182afc17e155be6791ebfb302eb
+CVE-2020-14363 (An integer overflow vulnerability leading to a double-free was found i ...)
+ {DLA-2361-1}
+ - libx11 2:1.6.12-1 (bug #969008)
+ [buster] - libx11 2:1.6.7-1+deb10u1
+ NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003056.html
+ NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d
+CVE-2020-14362 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...)
+ {DSA-4758-1 DLA-2359-1}
+ - xorg-server 2:1.20.9-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc
+CVE-2020-14361 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...)
+ {DSA-4758-1 DLA-2359-1}
+ - xorg-server 2:1.20.9-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787
+CVE-2020-14360 (A flaw was found in the X.Org Server before version 1.20.10. An out-of ...)
+ {DSA-4803-1 DLA-2486-1}
+ - xorg-server 2:1.20.10-1 (bug #976216)
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b
+CVE-2020-14359 (A vulnerability was found in all versions of keycloak, where on using ...)
+ NOT-FOR-US: Keycloak
+CVE-2020-14358
+ REJECTED
+CVE-2020-14357
+ REJECTED
+CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem ...)
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.7.10-1 (bug #966846)
+ [buster] - linux 4.19.146-1
+ NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed
+CVE-2020-14355 (Multiple buffer overflow vulnerabilities were found in the QUIC image ...)
+ {DSA-4771-1 DLA-2428-1 DLA-2427-1}
+ - spice 0.14.3-2 (bug #971750)
+ - spice-gtk 0.39-1 (bug #971751)
+ [buster] - spice-gtk <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0abae36033ccde658fd52d3235887b60862d
+ NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d74782c8b5e57d146c5bf3118bb41bf3378e4
+ NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7b82e15d759e5415b8e35b92bb1a4c206
+ NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b66b86e601c725d30f00c37e684b6395b6
+CVE-2020-14354 (A possible use-after-free and double-free in c-ares lib version 1.16.0 ...)
+ - c-ares 1.16.1-1
+ [buster] - c-ares <not-affected> (Vulnerable code introduced later)
+ [stretch] - c-ares <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866838
+ NOTE: Introduced in: https://github.com/c-ares/c-ares/commit/dbd4c441fb7babad5c56f455d720af38e20546bc (1.16.0)
+ NOTE: Fixed by: https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e (1.16.1)
+CVE-2020-14353
+ REJECTED
+CVE-2020-14352 (A flaw was found in librepo in versions before 1.12.1. A directory tra ...)
+ NOT-FOR-US: librepo
+CVE-2020-14351 (A flaw was found in the Linux kernel. A use-after-free memory flaw was ...)
+ {DLA-2494-1 DLA-2483-1}
+ - linux 5.9.6-1
+ [buster] - linux 4.19.160-1
+ NOTE: https://lore.kernel.org/lkml/20200910104153.1672460-1-jolsa@kernel.org/
+CVE-2020-14350 (It was found that some PostgreSQL extensions did not use search_path s ...)
+ {DLA-2331-1}
+ - postgresql-12 12.4-1
+ - postgresql-11 <removed>
+ [buster] - postgresql-11 11.9-0+deb10u1
+ - postgresql-9.6 <removed>
+ NOTE: https://www.postgresql.org/about/news/2060/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7eeb1d9861b0a3f453f8b31c7648396cdd7f1e59
+CVE-2020-14349 (It was found that PostgreSQL versions before 12.4, before 11.9 and bef ...)
+ - postgresql-12 12.4-1
+ - postgresql-11 <removed>
+ [buster] - postgresql-11 11.9-0+deb10u1
+ - postgresql-9.6 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.postgresql.org/about/news/2060/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=11da97024abbe76b8c81e3f2375b2a62e9717c67
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc
+CVE-2020-14348 (It was found in AMQ Online before 1.5.2 that injecting an invalid fiel ...)
+ NOT-FOR-US: AMQ Online
+CVE-2020-14347 (A flaw was found in the way xserver memory was not properly initialize ...)
+ {DSA-4758-1 DLA-2359-1}
+ - xorg-server 2:1.20.9-1 (bug #968986)
+ NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816
+CVE-2020-14346 (A flaw was found in xorg-x11-server before 1.20.9. An integer underflo ...)
+ {DSA-4758-1 DLA-2359-1}
+ - xorg-server 2:1.20.9-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff
+CVE-2020-14345 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out ...)
+ {DSA-4758-1 DLA-2359-1}
+ - xorg-server 2:1.20.9-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f7cd1276bbd4fe3a9700096dec33b52b8440788d
+CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found in The ...)
+ {DLA-2312-1}
+ - libx11 2:1.6.10-1
+ [buster] - libx11 2:1.6.7-1+deb10u1
+ NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003050.html
+ NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e
+ NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488
+ NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60
+ NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2
+ NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d
+ NOTE: Original patchset introduces regression: https://bugs.debian.org/966691 and https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116
+ NOTE: Follow-up for regression: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b
+CVE-2020-14343 (A vulnerability was discovered in the PyYAML library in versions befor ...)
+ - pyyaml 5.3.1-4 (bug #966233)
+ [buster] - pyyaml <not-affected> (Vulnerable code not present)
+ [stretch] - pyyaml <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/yaml/pyyaml/issues/420
+ NOTE: Fixed via: https://github.com/yaml/pyyaml/pull/472
+ NOTE: https://github.com/yaml/pyyaml/commit/7adc0db3f613a82669f2b168edd98379b83adb3c
+ NOTE: CVE is for an incomplete fix of CVE-2020-1747.
+CVE-2020-14342 (It was found that cifs-utils' mount.cifs was invoking a shell when req ...)
+ - cifs-utils 2:6.11-1 (bug #970172)
+ [buster] - cifs-utils <no-dsa> (Minor issue)
+ [stretch] - cifs-utils <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14442
+ NOTE: https://lists.samba.org/archive/samba-technical/2020-September/135747.html
+ NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=48a654e2e763fce24c22e1b9c695b42804bbdd4a
+CVE-2020-14341 (The "Test Connection" available in v7.x of the Red Hat Single Sign On ...)
+ NOT-FOR-US: Red Hat Single Sign On application console
+CVE-2020-14340 (A vulnerability was discovered in XNIO where file descriptor leak caus ...)
+ - jboss-xnio 3.8.2-1
+ [buster] - jboss-xnio <no-dsa> (Minor issue)
+ [stretch] - jboss-xnio <not-affected> (vulnerable code is not present)
+ NOTE: Fix for 3.8: https://github.com/xnio/xnio/pull/233
+ NOTE: Fix for 3.7 (Buster): https://github.com/xnio/xnio/pull/234
+CVE-2020-14339 (A flaw was found in libvirt, where it leaked a file descriptor for `/d ...)
+ - libvirt 6.6.0-1 (bug #966563)
+ [buster] - libvirt <not-affected> (Vulnerable code introduced later)
+ [stretch] - libvirt <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860069
+ NOTE: https://www.redhat.com/archives/libvir-list/2020-July/msg01500.html
+ NOTE: Proposed patch: https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html
+ NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=22494556542c676d1b9e7f1c1f2ea13ac17e1e3e (v6.6.0)
+CVE-2020-14338 (A flaw was found in Wildfly's implementation of Xerces, specifically i ...)
+ - wildfly <itp> (bug #752018)
+CVE-2020-14337 (A data exposure flaw was found in Tower, where sensitive data was reve ...)
+ NOT-FOR-US: Ansible Tower
+CVE-2020-14336 (A flaw was found in the Restricted Security Context Constraints (SCC), ...)
+ NOT-FOR-US: OpenShift
+CVE-2020-14335 (A flaw was found in Red Hat Satellite, which allows a privileged attac ...)
+ NOT-FOR-US: Red Hat Satellite
+CVE-2020-14334 (A flaw was found in Red Hat Satellite 6 which allows privileged attack ...)
+ - foreman <itp> (bug #663101)
+CVE-2020-14333 (A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earl ...)
+ NOT-FOR-US: ovirt-engine
+CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args. Tasks e ...)
+ {DSA-4950-1}
+ - ansible 2.9.13+dfsg-1 (bug #966672)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1857805
+ NOTE: https://github.com/ansible/ansible/pull/71033
+ NOTE: https://github.com/ansible/ansible/commit/6cae9a4b168df776bf82deb04b2c62e00c38b49a (v2.9.12)
+CVE-2020-14331 (A flaw was found in the Linux kernel&#8217;s implementation of the inv ...)
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.7.17-1 (unimportant)
+ [buster] - linux 4.19.146-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/28/2
+ NOTE: Only exploitable when CONFIG_VGACON_SOFT_SCROLLBACK is set
+CVE-2020-14330 (An Improper Output Neutralization for Logs flaw was found in Ansible w ...)
+ {DSA-4950-1}
+ - ansible 2.9.13+dfsg-1
+ NOTE: https://github.com/ansible/ansible/issues/68400
+ NOTE: Initial fix: https://github.com/ansible/ansible/pull/69653
+ NOTE: Complete fix (reverting first and adding more elaborated fix):
+ NOTE: https://github.com/ansible/ansible/pull/70762
+ NOTE: https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e
+ NOTE: https://github.com/ansible/ansible/commit/76815d3afccc7baffa196456d092f4de94b4fbb1 (v2.9.12)
+CVE-2020-14329 (A data exposure flaw was found in Ansible Tower in versions before 3.7 ...)
+ NOT-FOR-US: Ansible Tower
+CVE-2020-14328 (A flaw was found in Ansible Tower in versions before 3.7.2. A Server S ...)
+ NOT-FOR-US: Ansible Tower
+CVE-2020-14327 (A Server-side request forgery (SSRF) flaw was found in Ansible Tower i ...)
+ NOT-FOR-US: Ansible Tower
+CVE-2020-14326 (A vulnerability was found in RESTEasy, where RootNode incorrectly cach ...)
+ - resteasy <not-affected> (Vulnerable code introduced later)
+ - resteasy3.0 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855826
+ NOTE: https://issues.redhat.com/browse/RESTEASY-2643
+ NOTE: https://issues.redhat.com/browse/RESTEASY-2646
+ NOTE: Introduced by: https://github.com/resteasy/Resteasy/commit/f948c45f4ebe00531f858e289d17664bc2edd496 (4.2.0.Final)
+CVE-2020-14325 (Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Imperson ...)
+ NOT-FOR-US: Red Hat CloudForm
+CVE-2020-14324 (A high severity vulnerability was found in all active versions of Red ...)
+ NOT-FOR-US: Red Hat CloudForm
+CVE-2020-14323 (A null pointer dereference flaw was found in samba's Winbind service i ...)
+ {DLA-2463-1}
+ [experimental] - samba 2:4.13.2+dfsg-1
+ - samba 2:4.13.2+dfsg-2 (bug #973399)
+ [buster] - samba <no-dsa> (Minor issue)
+ NOTE: https://www.samba.org/samba/security/CVE-2020-14323.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14436
+CVE-2020-14322
+ RESERVED
+CVE-2020-14321
+ RESERVED
+CVE-2020-14320
+ RESERVED
+CVE-2020-14319 (It was found that the AMQ Online console is vulnerable to a Cross-Site ...)
+ NOT-FOR-US: AMQ Online
+CVE-2020-14318 (A flaw was found in the way samba handled file and directory permissio ...)
+ {DLA-2463-1}
+ [experimental] - samba 2:4.13.2+dfsg-1
+ - samba 2:4.13.2+dfsg-2 (bug #973400)
+ [buster] - samba <no-dsa> (Minor issue)
+ NOTE: https://www.samba.org/samba/security/CVE-2020-14318.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14434
+CVE-2020-14317 (It was found that the issue for security flaw CVE-2019-3805 appeared a ...)
+ - wildfly <itp> (bug #752018)
+CVE-2020-14316 (A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instanc ...)
+ NOT-FOR-US: KubeVirt
+CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as shipped in ...)
+ - bsdiff 4.3-22 (bug #964796)
+ [buster] - bsdiff <no-dsa> (Minor issue)
+ [stretch] - bsdiff <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/09/2
+ NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc
+CVE-2020-14314 (A memory out-of-bounds read flaw was found in the Linux kernel before ...)
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.8.7-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853922
+ NOTE: https://git.kernel.org/linus/5872331b3d91820e14716632ebb56b1399b34fe1
+CVE-2020-14313 (An information disclosure vulnerability was found in Red Hat Quay in v ...)
+ NOT-FOR-US: Quay
+CVE-2020-14312 (A flaw was found in the default configuration of dnsmasq, as shipped w ...)
+ - dnsmasq 2.69-1 (bug #732610)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342
+CVE-2020-14311 (There is an issue with grub2 before version 2.06 while handling symlin ...)
+ {DSA-4735-1}
+ - grub2 2.04-9
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
+ NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6
+CVE-2020-14310 (There is an issue on grub2 before version 2.06 at function read_sectio ...)
+ {DSA-4735-1}
+ - grub2 2.04-9
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
+ NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6
+CVE-2020-14309 (There's an issue with grub2 in all versions before 2.06 when handling ...)
+ {DSA-4735-1}
+ - grub2 2.04-9
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
+ NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6
+CVE-2020-14308 (In grub2 versions before 2.06 the grub memory allocator doesn't check ...)
+ {DSA-4735-1}
+ - grub2 2.04-9
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
+ NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=f725fa7cb2ece547c5af01eeeecfe8d95802ed41
+CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) ver ...)
+ - wildfly <itp> (bug #752018)
+CVE-2020-14306 (An incorrect access control flaw was found in the operator, openshift- ...)
+ NOT-FOR-US: OpenShift
+CVE-2020-14305 (An out-of-bounds memory write flaw was found in how the Linux kernel&# ...)
+ {DLA-2420-1}
+ - linux 4.12.6-1
+ NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/
+CVE-2020-14304 (A memory disclosure flaw was found in the Linux kernel's ethernet driv ...)
+ - linux <unfixed> (bug #960702)
+ [bullseye] - linux <ignored> (Minor issue)
+ [buster] - linux <ignored> (Minor issue)
+CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions before ...)
+ {DLA-2463-1}
+ - samba 2:4.12.5+dfsg-1
+ [buster] - samba <postponed> (Minor issue, fix along in next DSA)
+ NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html
+CVE-2020-14302 (A flaw was found in Keycloak before 13.0.0 where an external identity ...)
+ NOT-FOR-US: Keycloak
+CVE-2020-14301 (An information disclosure vulnerability was found in libvirt in versio ...)
+ - libvirt <not-affected> (Vulnerable code introduced with 6.2.0)
+ NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/a5b064bf4b17a9884d7d361733737fb614ad8979
+ NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/524de6cc35d3b222f0e940bb0fd027f5482572c5
+CVE-2020-14300 (The docker packages version docker-1.13.1-108.git4ef4b30.el7 as releas ...)
+ - docker.io <not-affected> (Red Hat specific regression)
+CVE-2020-14299 (A flaw was found in JBoss EAP, where the authentication configuration ...)
+ NOT-FOR-US: JBoss EAP
+CVE-2020-14298 (The version of docker as released for Red Hat Enterprise Linux 7 Extra ...)
+ - docker.io <not-affected> (Red Hat specific regression)
+CVE-2020-14297 (A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat ...)
+ - wildfly <itp> (bug #752018)
+CVE-2020-14296 (Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request For ...)
+ NOT-FOR-US: Red Hat CloudForm
+CVE-2020-14295 (A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to ...)
+ - cacti 1.2.13+ds1-1 (bug #963139)
+ [buster] - cacti <not-affected> (Vulnerability introduced later)
+ [stretch] - cacti <not-affected> (Vulnerability introduced later)
+ [jessie] - cacti <not-affected> (Vulnerability introduced later)
+ NOTE: https://github.com/Cacti/cacti/issues/3622
+ NOTE: Fixed by: https://github.com/Cacti/cacti/commit/cc1a656f37b08c0c45667c119a44a3751271ac6e
+ NOTE: Introduced with the fix for https://github.com/Cacti/cacti/issues/2839
+ NOTE: Introduced by: https://github.com/Cacti/cacti/commit/b87747c38ba58e8cf6507d4f1f8476d1df567556 (1.2.6)
+CVE-2020-14294 (An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feat ...)
+ NOT-FOR-US: Secudos Qiata FTA
+CVE-2020-14293 (conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute ...)
+ NOT-FOR-US: Secudos DOMOS
+CVE-2020-14292 (In the COVIDSafe application through 1.0.21 for Android, unsafe use of ...)
+ NOT-FOR-US: COVIDSafe application for Android
+CVE-2020-14291
RESERVED
-CVE-2020-13357
+CVE-2020-14290
RESERVED
-CVE-2020-13356
+CVE-2020-14289
RESERVED
-CVE-2020-13355
+CVE-2020-14288
RESERVED
-CVE-2020-13354
+CVE-2020-14287
RESERVED
-CVE-2020-13353
+CVE-2020-14286
RESERVED
-CVE-2020-13352
+CVE-2020-14285
RESERVED
-CVE-2020-13351
+CVE-2020-14284
RESERVED
-CVE-2020-13350
+CVE-2020-14283
RESERVED
-CVE-2020-13349
+CVE-2020-14282
RESERVED
-CVE-2020-13348
+CVE-2020-14281
RESERVED
-CVE-2020-13347
+CVE-2020-14280
RESERVED
-CVE-2020-13346
+CVE-2020-14279
RESERVED
-CVE-2020-13345
+CVE-2020-14278
RESERVED
-CVE-2020-13344
+CVE-2020-14277
RESERVED
-CVE-2020-13343
+CVE-2020-14276
RESERVED
-CVE-2020-13342
+CVE-2020-14275 (Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1 ...)
+ NOT-FOR-US: HCL
+CVE-2020-14274 (Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9 ...)
+ NOT-FOR-US: HCL
+CVE-2020-14273 (HCL Domino is susceptible to a Denial of Service (DoS) vulnerability d ...)
+ NOT-FOR-US: HCL Domino
+CVE-2020-14272
RESERVED
-CVE-2020-13341
+CVE-2020-14271 (HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scrip ...)
+ NOT-FOR-US: HCL iNotes
+CVE-2020-14270 (HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vu ...)
+ NOT-FOR-US: HCL Domino
+CVE-2020-14269
RESERVED
-CVE-2020-13340
+CVE-2020-14268 (A vulnerability in the MIME message handling of the Notes client (vers ...)
+ NOT-FOR-US: HCL Notes
+CVE-2020-14267
RESERVED
-CVE-2020-13339
+CVE-2020-14266
RESERVED
-CVE-2020-13338
+CVE-2020-14265
RESERVED
-CVE-2020-13337
+CVE-2020-14264 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...)
+ NOT-FOR-US: HCL
+CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...)
+ NOT-FOR-US: HCL
+CVE-2020-14262
RESERVED
-CVE-2020-13336
+CVE-2020-14261
RESERVED
-CVE-2020-13335
+CVE-2020-14260 (HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL du ...)
+ NOT-FOR-US: HCL Domino
+CVE-2020-14259
RESERVED
-CVE-2020-13334
+CVE-2020-14258 (HCL Notes is susceptible to a Denial of Service vulnerability caused b ...)
+ NOT-FOR-US: HCL
+CVE-2020-14257
RESERVED
-CVE-2020-13333
+CVE-2020-14256
RESERVED
-CVE-2020-13332
+CVE-2020-14255 (HCL Digital Experience 9.5 containers include vulnerabilities that cou ...)
+ NOT-FOR-US: HCL
+CVE-2020-14254 (TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v ...)
+ NOT-FOR-US: HCL BigFix Inventory
+CVE-2020-14253
+ RESERVED
+CVE-2020-14252
+ RESERVED
+CVE-2020-14251
+ RESERVED
+CVE-2020-14250
+ RESERVED
+CVE-2020-14249
+ RESERVED
+CVE-2020-14248 (BigFix Inventory up to v10.0.2 does not set the secure flag for the se ...)
+ NOT-FOR-US: HCL BigFix Inventory
+CVE-2020-14247 (HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate sess ...)
+ NOT-FOR-US: HCL
+CVE-2020-14246 (HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication w ...)
+ NOT-FOR-US: HCL
+CVE-2020-14245 (HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication ...)
+ NOT-FOR-US: HCL
+CVE-2020-14244 (A vulnerability in the MIME message handling of the Domino server (ver ...)
+ NOT-FOR-US: HCL Domino server
+CVE-2020-14243
+ RESERVED
+CVE-2020-14242
+ RESERVED
+CVE-2020-14241
+ RESERVED
+CVE-2020-14240 (HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and ...)
+ NOT-FOR-US: HCL Notes
+CVE-2020-14239
+ RESERVED
+CVE-2020-14238
+ RESERVED
+CVE-2020-14237
+ RESERVED
+CVE-2020-14236
+ RESERVED
+CVE-2020-14235
+ RESERVED
+CVE-2020-14234 (HCL Domino is susceptible to a Denial of Service vulnerability due to ...)
+ NOT-FOR-US: HCL
+CVE-2020-14233
+ RESERVED
+CVE-2020-14232 (A vulnerability in the input parameter handling of HCL Notes v9 could ...)
+ NOT-FOR-US: HCL Notes
+CVE-2020-14231 (A vulnerability in the input parameter handling of HCL Client Applicat ...)
+ NOT-FOR-US: HCL
+CVE-2020-14230 (HCL Domino is susceptible to a Denial of Service vulnerability caused ...)
+ NOT-FOR-US: HCL
+CVE-2020-14229
+ RESERVED
+CVE-2020-14228
+ RESERVED
+CVE-2020-14227
+ RESERVED
+CVE-2020-14226
+ RESERVED
+CVE-2020-14225 (HCL iNotes is susceptible to a Tabnabbing vulnerability caused by impr ...)
+ NOT-FOR-US: HCL iNotes
+CVE-2020-14224 (A vulnerability in the MIME message handling of the HCL Notes v9 clien ...)
+ NOT-FOR-US: HCL Notes
+CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scri ...)
+ NOT-FOR-US: HCL Digital Experience
+CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scri ...)
+ NOT-FOR-US: HCL Digital Experience
+CVE-2020-14221 (HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the ...)
+ NOT-FOR-US: HCL
+CVE-2020-14220
+ RESERVED
+CVE-2020-14219
+ RESERVED
+CVE-2020-14218
+ RESERVED
+CVE-2020-14217
+ RESERVED
+CVE-2020-14216
+ RESERVED
+CVE-2020-14215 (Zulip Server before 2.1.5 has Incorrect Access Control because 0198_pr ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2020-14214 (Zammad before 3.3.1, when Domain Based Assignment is enabled, relies o ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that should only ...)
+ - zammad <itp> (bug #841355)
+CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in ...)
+ - ffmpeg 7:4.3.1-1
+ [buster] - ffmpeg <not-affected> (Vulnerable code not present)
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
+ NOTE: https://trac.ffmpeg.org/ticket/8716
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14
+CVE-2020-14211
+ RESERVED
+CVE-2020-14210 (Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF i ...)
+ NOT-FOR-US: MONITORAPP
+CVE-2020-14209 (Dolibarr before 11.0.5 allows low-privilege users to upload files of d ...)
+ - dolibarr <removed>
+CVE-2020-14208 (SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in t ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2020-14207 (The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection w ...)
+ NOT-FOR-US: DiveBook plugin for WordPress
+CVE-2020-14206 (The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XS ...)
+ NOT-FOR-US: DiveBook plugin for WordPress
+CVE-2020-14205 (The DiveBook plugin 1.1.4 for WordPress is prone to improper access co ...)
+ NOT-FOR-US: DiveBook plugin for WordPress
+CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal ...)
+ NOT-FOR-US: WebFOCUS Business Intelligence
+CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request F ...)
+ NOT-FOR-US: WebFOCUS Business Intelligence
+CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrar ...)
+ NOT-FOR-US: WebFOCUS Business Intelligence
+CVE-2020-14201 (Dolibarr CRM before 11.0.5 allows privilege escalation. This could all ...)
+ - dolibarr <removed>
+CVE-2020-14200
+ RESERVED
+CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the signing o ...)
+ NOT-FOR-US: Bitcoin protocol issue
+CVE-2020-14198 (Bitcoin Core 0.20.0 allows remote denial of service. ...)
+ - bitcoin <unfixed> (bug #976448)
+ NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198
+CVE-2020-14197
+ RESERVED
+CVE-2020-14196 (In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1 ...)
+ - pdns-recursor 4.3.2-1 (low; bug #964103)
+ [buster] - pdns-recursor <postponed> (Minor issue, fix along in next DSA)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/01/1
+CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
+ {DLA-2270-1}
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2765
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+CVE-2020-14194 (Zulip Server before 2.1.5 allows reverse tabnapping via a topic header ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2020-14193 (Affected versions of Automation for Jira - Server allowed remote attac ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14192 (Affected versions of Atlassian Fisheye and Crucible allow remote attac ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14191 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14190 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14189 (The execute function in in the Atlassian gajira-comment GitHub Action ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14188 (The preprocessArgs function in the Atlassian gajira-create GitHub Acti ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14187
+ RESERVED
+CVE-2020-14186
+ RESERVED
+CVE-2020-14185 (Affected versions of Jira Server allow remote unauthenticated attacker ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14184 (Affected versions of Atlassian Jira Server allow remote attackers to i ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14183 (Affected versions of Jira Server &amp; Data Center allow a remote atta ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14182
+ RESERVED
+CVE-2020-14181 (Affected versions of Atlassian Jira Server and Data Center allow an un ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14180 (Affected versions of Atlassian Jira Service Desk Server and Data Cente ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14179 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14178 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14177 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14176
+ RESERVED
+CVE-2020-14175 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14174 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data Center in af ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14172 (This issue exists to document that a security improvement in the way t ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14171 (Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 all ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14170 (Webhooks in Atlassian Bitbucket Server from version 5.4.0 before versi ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data Center be ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14168 (The email client in Jira Server and Data Center before version 7.13.16 ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data Center befo ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service Desk Server ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server and Dat ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center before vers ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in ...)
+ - iotjs <not-affected> (Vulnerable code never in released version)
+ NOTE: https://github.com/jerryscript-project/jerryscript/commit/c2b662170245a16f46ce02eae68815c325d99821
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3804
+CVE-2020-14162 (An issue was discovered in Pi-Hole through 5.0. The local www-data use ...)
+ NOT-FOR-US: Pi-Hole
+CVE-2020-14161 (It is possible to inject HTML and/or JavaScript in the HTML to PDF con ...)
+ NOT-FOR-US: Gotenberg
+CVE-2020-14160 (An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote ...)
+ NOT-FOR-US: Gotenberg
+CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 2020.5.178, a ...)
+ NOT-FOR-US: ConnectWise
+CVE-2020-14158 (The ABUS Secvest FUMO50110 hybrid module does not have any security me ...)
+ NOT-FOR-US: ABUS Secvest FUMO50110 hybrid module
+CVE-2020-14157 (The wireless-communication feature of the ABUS Secvest FUBE50001 devic ...)
+ NOT-FOR-US: ABUS
+CVE-2020-14156 (user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020 ...)
+ NOT-FOR-US: OpenBMC
+CVE-2020-14155 (libpcre in PCRE before 8.44 allows an integer overflow via a large num ...)
+ - pcre3 2:8.39-13 (bug #963086)
+ [buster] - pcre3 <no-dsa> (Minor issue)
+ [stretch] - pcre3 <no-dsa> (Minor issue)
+ [jessie] - pcre3 <no-dsa> (Minor issue)
+ NOTE: https://bugs.exim.org/show_bug.cgi?id=2463
+ NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1761 (8.44)
+CVE-2020-14154 (Mutt before 1.14.3 proceeds with a connection even if, in response to ...)
+ - mutt 1.14.3-1 (unimportant)
+ [buster] - mutt 1.10.1-2.1+deb10u1
+ - neomutt 20200619+dfsg.1-1 (unimportant)
+ NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html
+ NOTE: https://gitlab.com/muttmua/mutt/commit/bb0e6277a45a5d4c3a30d3b968eeb31d78124e95
+ NOTE: https://gitlab.com/muttmua/mutt/commit/5fccf603ebcf352ba783136d6b2d2600d811fb3b
+ NOTE: https://gitlab.com/muttmua/mutt/commit/f64ec1deefb67d471a642004e102cd1c501a1db3
+ NOTE: Negligible security impact
+CVE-2020-14153 (In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an o ...)
+ - libjpeg9 1:9d-1
+ - libjpeg-turbo <not-affected> (Vulnerable code not present; problematic condition cannot be reached)
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445
+CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...)
+ {DLA-2302-1}
+ - libjpeg9 1:9d-1 (low)
+ - libjpeg-turbo 1:1.5.2-1 (low)
+ [jessie] - libjpeg-turbo <no-dsa> (Minor issue)
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933
+CVE-2020-14151
+ REJECTED
+CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...)
+ - bison 2:3.6.1+dfsg-1 (unimportant)
+ NOTE: https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html
+ NOTE: Crash in CLI tool, no security impact
+CVE-2020-14149 (In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provi ...)
+ NOT-FOR-US: uftpd
+CVE-2020-14148 (The Server-Server protocol implementation in ngIRCd before 26~rc2 allo ...)
+ {DLA-2252-1}
+ - ngircd 26-1 (bug #963147)
+ [buster] - ngircd <no-dsa> (Minor issue)
+ [stretch] - ngircd <no-dsa> (Minor issue)
+ NOTE: https://github.com/ngircd/ngircd/issues/274
+ NOTE: https://github.com/ngircd/ngircd/issues/277
+ NOTE: https://github.com/ngircd/ngircd/pull/275
+ NOTE: https://github.com/ngircd/ngircd/pull/276
+ NOTE: https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5
+CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in Redis be ...)
+ {DSA-4731-1}
+ - redis 5:6.0.0-1
+ [stretch] - redis <not-affected> (Vulnerable code reintroduced later)
+ [jessie] - redis <not-affected> (Vulnerable code reintroduced later)
+ NOTE: https://github.com/antirez/redis/pull/6875
+ NOTE: Issue re-introduced with https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3 (5.0-rc4)
+ NOTE: Fixed by: https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571
+ NOTE: Fixed upstream in 6.0~rc2 and 5.0.8
+CVE-2020-14146 (KumbiaPHP through 1.1.1, in Development mode, allows XSS via the publi ...)
+ NOT-FOR-US: KumbiaPHP
+CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepan ...)
+ - openssh <unfixed> (unimportant)
+ NOTE: https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
+ NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf
+ NOTE: The OpenSSH project is not planning to change the behaviour of OpenSSH regarding
+ NOTE: the issue, details in "3.1 OpenSSH" in the publication.
+ NOTE: Partial mitigation: https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d (V_8_4_P1)
+CVE-2020-14144 (** DISPUTED ** The git hook feature in Gitea 1.1.0 through 1.12.5 migh ...)
+ - gitea <removed>
+CVE-2020-14143
+ RESERVED
+CVE-2020-14142
+ RESERVED
+CVE-2020-14141
+ RESERVED
+CVE-2020-14140
+ RESERVED
+CVE-2020-14139
+ RESERVED
+CVE-2020-14138
+ RESERVED
+CVE-2020-14137
+ RESERVED
+CVE-2020-14136
+ RESERVED
+CVE-2020-14135
+ RESERVED
+CVE-2020-14134
+ RESERVED
+CVE-2020-14133
+ RESERVED
+CVE-2020-14132
+ RESERVED
+CVE-2020-14131
+ RESERVED
+CVE-2020-14130 (Some js interfaces in the Xiaomi community were exposed, causing sensi ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14129
+ RESERVED
+CVE-2020-14128
+ RESERVED
+CVE-2020-14127
+ RESERVED
+CVE-2020-14126
+ RESERVED
+CVE-2020-14125
+ RESERVED
+CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl interf ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14123
+ RESERVED
+CVE-2020-14122
+ RESERVED
+CVE-2020-14121
+ RESERVED
+CVE-2020-14120
+ RESERVED
+CVE-2020-14119 (There is command injection in the addMeshNode interface of xqnetwork.l ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14118
+ RESERVED
+CVE-2020-14117
+ RESERVED
+CVE-2020-14116
+ RESERVED
+CVE-2020-14115
+ RESERVED
+CVE-2020-14114
+ RESERVED
+CVE-2020-14113
+ RESERVED
+CVE-2020-14112
+ RESERVED
+CVE-2020-14111
+ RESERVED
+CVE-2020-14110 (AX3600 router sensitive information leaked.There is an unauthorized in ...)
+ NOT-FOR-US: AX3600 router
+CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14108
+ RESERVED
+CVE-2020-14107 (A stack overflow in the HTTP server of Cast can be exploited to make t ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14106 (The application in the mobile phone can unauthorized access to the lis ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14105 (The application in the mobile phone can read the SNO information of th ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14104 (A RACE CONDITION on XQBACKUP causes a decompression path error on Xiao ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14103 (The application in the mobile phone can read the SNO information of th ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14102 (There is command injection when ddns processes the hostname, which cau ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14101 (The data collection SDK of the router web management interface caused ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14100 (In Xiaomi router R3600 ROM version&lt;1.0.66, filters in the set_WAN6 ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14099 (On Xiaomi router AX1800 rom version &lt; 1.0.336 and RM1800 root versi ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14098 (The login verification can be bypassed by using the problem that the t ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14097 (Wrong nginx configuration, causing specific paths to be downloaded wit ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14096 (Memory overflow in Xiaomi AI speaker Rom version &lt;1.59.6 can happen ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14095 (In Xiaomi router R3600, ROM version&lt;1.0.20, a connect service suffe ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14094 (In Xiaomi router R3600, ROM version&lt;1.0.20, the connection service ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attac ...)
+ {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1}
+ - mutt 1.14.3-1 (bug #962897)
+ - neomutt 20200619+dfsg.1-1
+ NOTE: Fixed by: https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
+ NOTE: Fix for CVE-2020-14093 introduces a regression, cf. #963107
+ NOTE: Regression fixed by: https://gitlab.com/muttmua/mutt/-/commit/dc909119b3433a84290f0095c0f43a23b98b3748
+CVE-2020-14092 (The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for Wo ...)
+ NOT-FOR-US: CodePeople Payment Form for PayPal Pro plugin for WordPress
+CVE-2020-14091
+ RESERVED
+CVE-2020-14090
+ RESERVED
+CVE-2020-14089
+ RESERVED
+CVE-2020-14088
+ RESERVED
+CVE-2020-14087
+ RESERVED
+CVE-2020-14086
+ RESERVED
+CVE-2020-14085
+ RESERVED
+CVE-2020-14084
+ RESERVED
+CVE-2020-14083
+ RESERVED
+CVE-2020-14082
+ RESERVED
+CVE-2020-14081 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command i ...)
+ NOT-FOR-US: TRENDnet
+CVE-2020-14080 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
+ NOT-FOR-US: TRENDnet
+CVE-2020-14079 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
+ NOT-FOR-US: TRENDnet
+CVE-2020-14078 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
+ NOT-FOR-US: TRENDnet
+CVE-2020-14077 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
+ NOT-FOR-US: TRENDnet
+CVE-2020-14076 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
+ NOT-FOR-US: TRENDnet TEW-827DRU devices
+CVE-2020-14075 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command i ...)
+ NOT-FOR-US: TRENDnet
+CVE-2020-14074 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...)
+ NOT-FOR-US: TRENDnet
+CVE-2020-14073 (XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map proper ...)
+ NOT-FOR-US: PRTG Network Monitor
+CVE-2020-14072 (An issue was discovered in MK-AUTH 19.01. It allows command execution ...)
+ NOT-FOR-US: MK-AUTH
+CVE-2020-14071 (An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin ...)
+ NOT-FOR-US: MK-AUTH
+CVE-2020-14070 (An issue was discovered in MK-AUTH 19.01. There is authentication bypa ...)
+ NOT-FOR-US: MK-AUTH
+CVE-2020-14069 (An issue was discovered in MK-AUTH 19.01. There are SQL injection issu ...)
+ NOT-FOR-US: MK-AUTH
+CVE-2020-14068 (An issue was discovered in MK-AUTH 19.01. The web login functionality ...)
+ NOT-FOR-US: MK-AUTH
+CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does not consi ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2020-14066 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaSc ...)
+ NOT-FOR-US: IceWarp Email Server
+CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload files ...)
+ NOT-FOR-US: IceWarp Email Server
+CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user ac ...)
+ NOT-FOR-US: IceWarp Email Server
+CVE-2020-14063 (A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom Jav ...)
+ NOT-FOR-US: TC Custom JavaScript plugin for WordPress
+CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
+ {DLA-2270-1}
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2704
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+CVE-2020-14061 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
+ {DLA-2270-1}
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2698
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+CVE-2020-14060 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
+ {DLA-2270-1}
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2688
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+CVE-2020-14059 (An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect ...)
+ - squid <not-affected> (vulnerability introduced in the 5.x series)
+ - squid3 <not-affected> (vulnerability introduced in the 5.x series)
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-w7pw-2m4p-58hr
+CVE-2020-14058 (An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ...)
+ - squid 4.12-1 (unimportant)
+ - squid3 <removed> (unimportant)
+ NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57
+ NOTE: Squid in Debian builds without OpenSSL support
+CVE-2020-14057 (Monsta FTP 2.10.1 or below allows external control of paths used in fi ...)
+ NOT-FOR-US: Monsta FTP
+CVE-2020-14056 (Monsta FTP 2.10.1 or below is prone to a server-side request forgery v ...)
+ NOT-FOR-US: Monsta FTP
+CVE-2020-14055 (Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting v ...)
+ NOT-FOR-US: Monsta FTP
+CVE-2020-14054 (SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e ...)
+ NOT-FOR-US: SOKKIA GNR5 Vanguard WEB
+CVE-2020-14053
+ RESERVED
+CVE-2020-14052
+ RESERVED
+CVE-2020-14051
+ RESERVED
+CVE-2020-14050
+ RESERVED
+CVE-2020-14049 (Viber for Windows up to 13.2.0.39 does not properly quote its custom U ...)
+ NOT-FOR-US: Viber
+CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remo ...)
+ NOT-FOR-US: Zoho
+CVE-2020-14047
+ RESERVED
+CVE-2020-14046
+ RESERVED
+CVE-2020-14045
+ RESERVED
+CVE-2020-14044 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forger ...)
+ NOT-FOR-US: Codiad
+CVE-2020-14043 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery ...)
+ NOT-FOR-US: Codiad
+CVE-2020-14042 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) ...)
+ NOT-FOR-US: Codiad
+CVE-2020-14041
+ RESERVED
+CVE-2020-14040 (The x/text package before 0.3.3 for Go has a vulnerability in encoding ...)
+ - golang-golang-x-text 0.3.3-1 (bug #964272)
+ - golang-x-text <removed> (bug #964271)
+ [buster] - golang-x-text <no-dsa> (Minor issue)
+ [stretch] - golang-x-text <no-dsa> (Minor issue)
+ NOTE: https://github.com/golang/go/issues/39491
+ NOTE: https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e
+ NOTE: https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0
+CVE-2020-14039 (In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may ...)
+ - golang-1.15 <not-affected> (Windows-specific)
+ - golang-1.14 <not-affected> (Windows-specific)
+ - golang-1.11 <not-affected> (Windows-specific)
+ NOTE: https://golang.org/issue/39360
+ NOTE: https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ
+CVE-2020-25286 (In wp-includes/comment-template.php in WordPress before 5.4.2, comment ...)
+ {DSA-4709-1 DLA-2371-1}
+ - wordpress 5.4.2+dfsg1-1 (bug #962685)
+ NOTE: https://core.trac.wordpress.org/changeset/47984
+CVE-2020-4050 (In affected versions of WordPress, misuse of the `set-screen-option` f ...)
+ {DSA-4709-1 DLA-2371-1 DLA-2269-1}
+ - wordpress 5.4.2+dfsg1-1 (bug #962685)
+ NOTE: https://core.trac.wordpress.org/changeset/47951
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
+ NOTE: https://core.trac.wordpress.org/ticket/50392 (regression fix)
+CVE-2020-4049 (In affected versions of WordPress, when uploading themes, the name of ...)
+ {DSA-4709-1 DLA-2371-1 DLA-2269-1}
+ - wordpress 5.4.2+dfsg1-1 (bug #962685)
+ NOTE: https://core.trac.wordpress.org/changeset/47950
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148
+CVE-2020-4048 (In affected versions of WordPress, due to an issue in wp_validate_redi ...)
+ {DSA-4709-1 DLA-2371-1 DLA-2269-1}
+ - wordpress 5.4.2+dfsg1-1 (bug #962685)
+ NOTE: https://core.trac.wordpress.org/changeset/47949
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693
+CVE-2020-4046 (In affected versions of WordPress, users with low privileges (like con ...)
+ - wordpress 5.4.2+dfsg1-1 (bug #962685)
+ [buster] - wordpress <not-affected> (Vulnerable code introduced later)
+ [stretch] - wordpress <not-affected> (Vulnerable code introduced later)
+ [jessie] - wordpress <not-affected> (Vulnerable code introduced later)
+ NOTE: https://core.trac.wordpress.org/changeset/47947
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf
+CVE-2020-4047 (In affected versions of WordPress, authenticated users with upload per ...)
+ {DSA-4709-1 DLA-2371-1 DLA-2269-1}
+ - wordpress 5.4.2+dfsg1-1 (bug #962685)
+ NOTE: https://core.trac.wordpress.org/changeset/47948
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f
+CVE-2020-14038
+ RESERVED
+CVE-2020-14037
+ RESERVED
+CVE-2020-14036
+ RESERVED
+CVE-2020-14035
+ RESERVED
+CVE-2020-14034 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
+ - janus 0.10.2-1
+ NOTE: https://github.com/meetecho/janus-gateway/pull/2229
+ NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80
+CVE-2020-14033 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
+ - janus 0.10.2-1
+ NOTE: https://github.com/meetecho/janus-gateway/pull/2229
+ NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80
+CVE-2020-14032 (ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via ...)
+ NOT-FOR-US: ASRock
+CVE-2020-14031 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ou ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14030 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It sto ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RS ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14028 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By lev ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14027 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The da ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14026 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14025 (Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14024 (Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14023 (Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14022 (Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file typ ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The AS ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14020
+ RESERVED
+CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...)
+ - python-rtslib-fb 2.1.71-3 (bug #972227)
+ [buster] - python-rtslib-fb <not-affected> (Introduced in 2.1.70)
+ [stretch] - python-rtslib-fb <not-affected> (vulnerable code introduced later, shutil.copyfile is not used)
+ [jessie] - python-rtslib-fb <not-affected> (vulnerable code introduced later, shutil.copyfile is not used)
+ NOTE: https://github.com/open-iscsi/rtslib-fb/pull/162
+ NOTE: https://github.com/open-iscsi/rtslib-fb/commit/75e73778dce1cb7a2816a936240ef75adfbd6ed9
+CVE-2020-14018 (An issue was discovered in Navigate CMS 2.9 r1433. There is a stored X ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2020-14017 (An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well a ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2020-14016 (An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2020-14015 (An issue was discovered in Navigate CMS 2.9 r1433. When performing a p ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2020-14014 (An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query p ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2020-14013
+ RESERVED
+CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase C ...)
+ NOT-FOR-US: osTicket
+CVE-2020-14011 (Lansweeper 6.0.x through 7.2.x has a default installation in which the ...)
+ NOT-FOR-US: Lansweeper
+CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via t ...)
+ NOT-FOR-US: Laborator Xenon theme for WordPress
+CVE-2020-14009 (Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vu ...)
+ NOT-FOR-US: Proofpoint Enterprise Protection (PPS/PoD)
+CVE-2020-14008 (Zoho ManageEngine Applications Manager 14710 and before allows an auth ...)
+ NOT-FOR-US: Zoho ManageEngine Applications Manager
+CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...)
+ NOT-FOR-US: Solarwinds
+CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...)
+ NOT-FOR-US: Solarwinds
+CVE-2020-14005 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...)
+ NOT-FOR-US: Solarwinds
+CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dir ...)
+ - icinga2 2.11.5-1 (bug #970252)
+ [buster] - icinga2 2.10.3-2+deb10u1
+ [stretch] - icinga2 <not-affected> (prepare-dirs script not shipped)
+ [jessie] - icinga2 <not-affected> (prepare-dirs script not shipped)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/12/1
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1172171
+ NOTE: https://github.com/Icinga/icinga2/commit/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6
+CVE-2020-14003
+ RESERVED
+CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an in ...)
+ - putty 0.74-1
+ [buster] - putty <no-dsa> (Minor issue)
+ [stretch] - putty <no-dsa> (Minor issue)
+ [jessie] - putty <no-dsa> (Minor issue)
+ NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74)
+CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template option i ...)
+ {DSA-4743-1 DLA-2316-1}
+ [experimental] - ruby-kramdown 2.3.0-1
+ - ruby-kramdown 2.3.0-3 (bug #965305)
+ NOTE: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6
+ NOTE: https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
+CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.2 ...)
+ NOT-FOR-US: scratch-vm different from src:scratch
+CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Libr ...)
+ - libemf 1.0.13-1 (bug #963778)
+ [buster] - libemf <no-dsa> (Minor issue)
+ NOTE: Fixed upstream in 1.0.13
+CVE-2020-13998 (** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled ...)
+ NOT-FOR-US: Citrix
+CVE-2020-13997 (In Shopware before 6.2.3, the database password is leaked to an unauth ...)
+ NOT-FOR-US: Shopware
+CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection at ...)
+ NOT-FOR-US: J2Store plugin for Joomla!
+CVE-2020-13995 (U.S. Air Force Sensor Data Management System extract75 has a buffer ov ...)
+ NOT-FOR-US: U.S. Air Force Sensor Data Management System extract75
+CVE-2020-13994 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A pri ...)
+ NOT-FOR-US: Mods for HESK
+CVE-2020-13993 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A bli ...)
+ NOT-FOR-US: Mods for HESK
+CVE-2020-13992 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Sto ...)
+ NOT-FOR-US: Mods for HESK
+CVE-2020-13991 (vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow ...)
+ - iotjs <not-affected> (Vulnerable code not present; cf. #972228)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3858
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3859
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3860
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/3867
+CVE-2020-13990
+ RESERVED
+CVE-2020-13989
+ RESERVED
+CVE-2020-13988 (An issue was discovered in Contiki through 3.0. An Integer Overflow ex ...)
+ - open-iscsi 2.1.3-1
+ [buster] - open-iscsi <no-dsa> (Minor issue)
+ [stretch] - open-iscsi <no-dsa> (Minor issue)
+ NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
+ NOTE: Adressed upstream in 2.1.3 release
+CVE-2020-13987 (An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read ...)
+ - open-iscsi 2.1.3-1
+ [buster] - open-iscsi <no-dsa> (Minor issue)
+ [stretch] - open-iscsi <no-dsa> (Minor issue)
+ NOTE: https://github.com/open-iscsi/open-iscsi/security/advisories/GHSA-r278-fm99-8rgp
+ NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ
+ NOTE: Adressed upstream in 2.1.3 release
+CVE-2020-13986 (An issue was discovered in Contiki through 3.0. An infinite loop exist ...)
+ NOT-FOR-US: Contiki
+CVE-2020-13985 (An issue was discovered in Contiki through 3.0. A memory corruption vu ...)
+ NOT-FOR-US: Contiki
+CVE-2020-13984 (An issue was discovered in Contiki through 3.0. An infinite loop exist ...)
+ NOT-FOR-US: Contiki
+CVE-2020-13983
+ REJECTED
+CVE-2020-13982
+ RESERVED
+CVE-2020-13981
+ RESERVED
+CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated users to c ...)
+ NOT-FOR-US: OpenCart
+CVE-2020-13979
+ RESERVED
+CVE-2020-13978 (** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has a ...)
+ NOT-FOR-US: Monstra CMS
+CVE-2020-13977 (Nagios 4.4.5 allows an attacker, who already has administrative access ...)
+ - nagios4 4.3.4-4 (bug #962826)
+ [buster] - nagios4 <no-dsa> (Minor issue)
+ NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/8deeca7cad3df1143ad9c351d107b5c0a6c61213
+CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Di ...)
+ NOT-FOR-US: DD-WRT
+CVE-2020-13975
+ RESERVED
+CVE-2020-13974 (An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers ...)
+ {DLA-2323-1}
+ - linux 5.7.6-1
+ [buster] - linux 4.19.131-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae
+CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...)
+ NOT-FOR-US: OWASP json-sanitizer
+CVE-2020-13972 (Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own dom ...)
+ NOT-FOR-US: Enghouse Web Chat
+CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to use the M ...)
+ NOT-FOR-US: Shopware
+CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery ( ...)
+ NOT-FOR-US: Shopware
+CVE-2020-13969 (CRK Business Platform &lt;= 2019.1 allows reflected XSS via erro.aspx ...)
+ NOT-FOR-US: CRK Business Platform
+CVE-2020-13968 (CRK Business Platform &lt;= 2019.1 allows can inject SQL statements ag ...)
+ NOT-FOR-US: CRK Business Platform
+CVE-2020-13967
+ RESERVED
+CVE-2020-13966
+ RESERVED
+CVE-2020-13963 (SOPlanning before 1.47 has Incorrect Access Control because certain se ...)
+ NOT-FOR-US: SOPlanning
+CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 ...)
+ - qtbase-opensource-src 5.14.2+dfsg-6
+ [buster] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later)
+ [stretch] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later)
+ [jessie] - qtbase-opensource-src <not-affected> (Only affects 5.12.2 and later)
+ NOTE: https://bugreports.qt.io/browse/QTBUG-83450
+ NOTE: https://github.com/mumble-voip/mumble/issues/3679
+ NOTE: https://github.com/mumble-voip/mumble/pull/4032
+CVE-2020-13961 (Strapi before 3.0.2 could allow a remote authenticated attacker to byp ...)
+ NOT-FOR-US: Strapi
+CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have t ...)
+ NOT-FOR-US: D-Link
+CVE-2020-13959 (The default error page for VelocityView in Apache Velocity Tools prior ...)
+ {DLA-2597-1}
+ - velocity-tools 2.0-8 (bug #985221)
+ [buster] - velocity-tools <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/2
+ NOTE: Fixed by: https://github.com/apache/velocity-tools/commit/e141828a4eb03e4b0224535eed12b5c463a24152
+CVE-2020-13958 (A vulnerability in Apache OpenOffice scripting events allows an attack ...)
+ NOT-FOR-US: Apache OpenOffice
+CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 ...)
+ - lucene-solr <not-affected> (Vulnerable functionality not yet present)
+CVE-2020-13956 (Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misin ...)
+ {DSA-4772-1 DLA-2405-1}
+ - httpcomponents-client 4.5.13-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587
+ NOTE: Fixed by: https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e (4.5.13-RC1)
+CVE-2020-13955 (HttpUtils#getURLConnection method disables explicitly hostname verific ...)
+ NOT-FOR-US: Apache Calcite
+CVE-2020-13954 (By default, Apache CXF creates a /services page containing a listing o ...)
+ NOT-FOR-US: Apache CXF
+CVE-2020-13953 (In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an att ...)
+ NOT-FOR-US: Apache Tapestry
+CVE-2020-13952 (In the course of work on the open source project it was discovered tha ...)
+ NOT-FOR-US: Apache Superset
+CVE-2020-13951 (Attackers can use public NetTest web service of Apache OpenMeetings 4. ...)
+ NOT-FOR-US: Apache OpenMeetings
+CVE-2020-13950 (Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be mad ...)
+ [experimental] - apache2 2.4.48-1
+ - apache2 2.4.46-6
+ [buster] - apache2 <not-affected> (Vulnerable code not present)
+ [stretch] - apache2 <not-affected> (Vulnerable code not present)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950
+ NOTE: Fixed by: https://svn.apache.org/r1678771
+ NOTE: Introduced by: https://svn.apache.org/r1656259
+CVE-2020-13949 (In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send sho ...)
+ - thrift <unfixed> (bug #988949)
+ [bullseye] - thrift <no-dsa> (Minor issue)
+ [buster] - thrift <no-dsa> (Minor issue)
+ NOTE: https://seclists.org/oss-sec/2021/q1/140
+CVE-2020-13948 (While investigating a bug report on Apache Superset, it was determined ...)
+ NOT-FOR-US: Apache Superset
+CVE-2020-13947 (An instance of a cross-site scripting vulnerability was identified to ...)
+ - activemq <unfixed> (unimportant)
+ NOTE: Admin console not enabled in the Debian package, see #702670)
+ NOTE: Fixed in 5.15.13, 5.16.1
+CVE-2020-13946 (In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.1 ...)
+ - cassandra <itp> (bug #585905)
+CVE-2020-13945 (In Apache APISIX, the user enabled the Admin API and deleted the Admin ...)
+ NOT-FOR-US: Apache APISIX
+CVE-2020-13944 (In Apache Airflow &lt; 1.10.12, the "origin" parameter passed to some ...)
+ - airflow <itp> (bug #819700)
+CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7 ...)
+ {DSA-4835-1 DLA-2407-1}
+ - tomcat9 9.0.38-1
+ - tomcat8 <removed>
+ NOTE: https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b (9.0.38)
+ NOTE: https://github.com/apache/tomcat/commit/9d7def063b47407a09a2f9202beed99f4dcb292a (8.5.58)
+CVE-2020-13942 (It is possible to inject malicious OGNL or MVEL scripts into the /cont ...)
+ NOT-FOR-US: Apache Unomi
+CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...)
+ - lucene-solr 3.6.2+dfsg-23
+ [buster] - lucene-solr <ignored> (Minor issue)
+ [stretch] - lucene-solr <ignored> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/15/1
+ NOTE: https://issues.apache.org/jira/browse/SOLR-14561
+ NOTE: https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2
+ NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version
+CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and v ...)
+ NOT-FOR-US: Apache NiFi
+CVE-2020-13939
+ REJECTED
+CVE-2020-13938 (Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users c ...)
+ - apache2 <not-affected> (Only affects Apache on Windows)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13938
+CVE-2020-13937 (Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2 ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2020-13936 (An attacker that is able to modify Velocity templates may execute arbi ...)
+ {DLA-2595-1}
+ - velocity 1.7-6 (bug #985220)
+ [buster] - velocity 1.7-5+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/1
+ NOTE: Fixed by: https://github.com/apache/velocity-engine/commit/1ba60771d23dae7e6b3138ae6bee09cf6f9d2485
+CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...)
+ {DSA-4727-1 DLA-2286-1}
+ - tomcat9 9.0.37-1
+ - tomcat8 <removed>
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/3
+ NOTE: https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5 (8.5.57)
+ NOTE: https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d (9.0.37)
+CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0. ...)
+ {DSA-4727-1 DLA-2286-1}
+ - tomcat9 9.0.37-1
+ - tomcat8 <removed>
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/4
+ NOTE: https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e (8.5.57)
+ NOTE: https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399 (9.0.37)
+CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ...)
+ {DLA-2726-1}
+ - shiro 1.3.2-5 (bug #968753)
+ [bullseye] - shiro 1.3.2-4+deb11u1
+ [buster] - shiro 1.3.2-4+deb10u1
+ NOTE: https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E
+CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT p ...)
+ NOT-FOR-US: Apache ActiveMQ Artemis
+ NOTE: https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt
+CVE-2020-13931 (If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0 ...)
+ NOT-FOR-US: Apache TomEE
+CVE-2020-13930
+ RESERVED
+CVE-2020-13929 (Authentication bypass vulnerability in Apache Zeppelin allows an attac ...)
+ NOT-FOR-US: Apache Zeppelin
+CVE-2020-13928 (Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving se ...)
+ NOT-FOR-US: Apache Atlas
+CVE-2020-13927 (The previous default setting for Airflow's Experimental API was to all ...)
+ - airflow <itp> (bug #819700)
+CVE-2020-13926 (Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2020-13925 (Similar to CVE-2020-1956, Kylin has one more restful API which concate ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2020-13924 (In Apache Ambari versions 2.6.2.2 and earlier, malicious users can con ...)
+ NOT-FOR-US: Apache Ambari
+CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerce comp ...)
+ NOT-FOR-US: Apache OFBiz
+CVE-2020-13922 (Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary ...)
+ NOT-FOR-US: Apache DolphinScheduler
+CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storag ...)
+ NOT-FOR-US: Apache SkyWalking
+CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...)
+ {DLA-2400-1}
+ - activemq 5.16.0-1
+ [buster] - activemq <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt
+ NOTE: When fixing this issue make sure to use a complete fix and not open up
+ NOTE: CVE-2020-11998 (a regression introduced in 5.15.12 in the commit preventing
+ NOTE: JMX re-bind).
+ NOTE: Fixed by: https://github.com/apache/activemq/commit/c29244931d54affaceabb478b3a52d9b74f5d543 (activemq-5.15.12)
+ NOTE: Followup needed: https://github.com/apache/activemq/commit/0d6e5f240ef34bae2e4089102047593bef628e6c (activemq-5.15.13)
+CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...)
+ NOT-FOR-US: Ruckus Wireless Unleashed
+CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed through ...)
+ NOT-FOR-US: Ruckus Wireless Unleashed
+CVE-2020-13917 (rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remot ...)
+ NOT-FOR-US: Ruckus Wireless Unleashed
+CVE-2020-13916 (A stack buffer overflow in webs in Ruckus Wireless Unleashed through 2 ...)
+ NOT-FOR-US: Ruckus Wireless Unleashed
+CVE-2020-13915 (Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed throu ...)
+ NOT-FOR-US: Ruckus Wireless Unleashed
+CVE-2020-13914 (webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a rem ...)
+ NOT-FOR-US: Ruckus Wireless Unleashed
+CVE-2020-13913 (An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102 ...)
+ NOT-FOR-US: Ruckus Wireless Unleashed
+CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users ...)
+ NOT-FOR-US: SolarWinds Advanced Monitoring Agent
+CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a ...)
+ NOT-FOR-US: Your Online Shop
+CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nf ...)
+ NOT-FOR-US: Pengutronix Barebox
+CVE-2020-13909 (The Ignition component before 2.0.5 for Laravel mishandles globals, _g ...)
+ NOT-FOR-US: Laravel Ignition component
+CVE-2020-13908
+ RESERVED
+CVE-2020-13907
+ RESERVED
+CVE-2020-13906 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ NOT-FOR-US: IrfanView
+CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ NOT-FOR-US: IrfanView
+CVE-2020-13904 (FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duratio ...)
+ {DSA-4722-1 DLA-2291-1}
+ - ffmpeg 7:4.3.1-1
+ NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/9dfb19baeb86a8bb02c53a441682c6e9a6e104cc
+ NOTE: https://trac.ffmpeg.org/ticket/8673
+CVE-2020-13903
+ REJECTED
+CVE-2020-13902 (ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-re ...)
+ - imagemagick 8:6.9.11.24+dfsg-1
+ [buster] - imagemagick <not-affected> (Not affected, tiff uses TIFF_SETGET_C32_UINT32)
+ [stretch] - imagemagick <not-affected> (Not affected, tiff uses TIFF_SETGET_C32_UINT32)
+ [jessie] - imagemagick <not-affected> (Not affected, tiff uses TIFF_SETGET_C32_UINT32)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920
+ NOTE: https://github.com/ImageMagick/ImageMagick/discussions/2132
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/824f344ceb823e156ad6e85314d79c087933c2a0
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/218d6abc4e36596c90a07463bfb2ab9e8312efbb
+CVE-2020-13901 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
+ - janus 0.10.1-1 (bug #962680)
+ NOTE: https://github.com/meetecho/janus-gateway/pull/2214
+ NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/90cc2ada775c4d4d8f6ae66f96b4ec7588e4bc86
+CVE-2020-13900 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
+ - janus 0.10.1-1 (bug #962680)
+ NOTE: https://github.com/meetecho/janus-gateway/pull/2214
+ NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/5f33d5e1073207f7275a726b7bb4cd7dbb08d13a
+CVE-2020-13899 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
+ - janus 0.10.1-1 (bug #962680)
+ NOTE: https://github.com/meetecho/janus-gateway/pull/2214
+ NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/f46f27fb129fd1b3744830b4fc6e75ab78794636
+CVE-2020-13898 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...)
+ - janus 0.10.1-1 (bug #962680)
+ NOTE: https://github.com/meetecho/janus-gateway/pull/2214
+ NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/2ed485d04630b9ee9de7c96517135654b7f32120
+CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS. ...)
+ NOT-FOR-US: HESK
+CVE-2020-13896 (The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remot ...)
+ NOT-FOR-US: Maipu devices
+CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows ...)
+ NOT-FOR-US: DEXT5 Editor
+CVE-2020-13893 (Multiple stored cross-site scripting (XSS) vulnerabilities in Sage Eas ...)
+ NOT-FOR-US: Sage EasyPay
+CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS. ...)
+ NOT-FOR-US: SportsPress plugin for WordPress
+CVE-2020-13891 (An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS ...)
+ NOT-FOR-US: Mattermost
+CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an A ...)
+ NOT-FOR-US: Bootstrap theme
+CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS. ...)
+ NOT-FOR-US: Bludit
+CVE-2020-13888 (Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, use ...)
+ NOT-FOR-US: Kordil EDMS
+CVE-2020-13887 (documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Comma ...)
+ NOT-FOR-US: Kordil EDMS
+CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module befor ...)
+ - libcrypt-perl-perl <itp> (bug #907353)
+ NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14
+ NOTE: https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2
+CVE-2020-13886 (Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 6 ...)
+ NOT-FOR-US: Intelbras TIP
+CVE-2020-13885 (Citrix Workspace App before 1912 on Windows has Insecure Permissions w ...)
+ NOT-FOR-US: Citrix
+CVE-2020-13884 (Citrix Workspace App before 1912 on Windows has Insecure Permissions a ...)
+ NOT-FOR-US: Citrix
+CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, an ...)
+ NOT-FOR-US: WSO2 API Manager
+CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TO ...)
+ - lynis 3.0.0-1 (unimportant)
+ NOTE: Neutralised by kernel hardening
+ NOTE: https://github.com/CISOfy/lynis/pull/594
+ NOTE: https://github.com/CISOfy/lynis/commit/5b09da0d9878096d45f04b858c4f65e674369ab4
+CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...)
+ {DLA-2730-1 DLA-2239-1}
+ - libpam-tacplus 1.3.8-2.1 (low; bug #962830)
+ [buster] - libpam-tacplus 1.3.8-2+deb10u1
+ [stretch] - libpam-tacplus <no-dsa> (Minor issue)
+ NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0
+ NOTE: https://github.com/kravietz/pam_tacplus/issues/149
+CVE-2020-13880
RESERVED
-CVE-2020-13331
+CVE-2020-13879
RESERVED
-CVE-2020-13330
+CVE-2020-13878
RESERVED
-CVE-2020-13329
+CVE-2020-13877 (SQL Injection issues in various ASPX pages of ResourceXpress Meeting M ...)
+ NOT-FOR-US: ResourceXpress Meeting Monitor
+CVE-2020-13876
RESERVED
-CVE-2020-13328
+CVE-2020-13875
RESERVED
-CVE-2020-13327
+CVE-2020-13874
RESERVED
-CVE-2020-13326
+CVE-2020-13873 (A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/T ...)
+ NOT-FOR-US: Codoforum
+CVE-2020-13872 (Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for at ...)
+ NOT-FOR-US: Royal TS
+CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec ...)
+ {DLA-2340-1}
+ - sqlite3 3.32.2-2
+ [buster] - sqlite3 <not-affected> (Vulnerability introduced later)
+ [jessie] - sqlite3 <not-affected> (Vulnerable code not present)
+ NOTE: New fix: https://www.sqlite.org/src/info/44a58d6cb135a104
+ NOTE: Fixed by: https://www.sqlite.org/src/info/79eff1d0383179c4
+ NOTE: https://www.sqlite.org/src/info/c8d3b9f0a750a529
+ NOTE: https://www.sqlite.org/src/info/cd708fa84d2aaaea
+CVE-2020-13870 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...)
+ NOT-FOR-US: Comments plugin for Craft CMS
+CVE-2020-13869 (An issue was discovered in the Comments plugin before 1.5.6 for Craft ...)
+ NOT-FOR-US: Comments plugin for Craft CMS
+CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...)
+ NOT-FOR-US: Comments plugin for Craft CMS
+CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...)
+ - targetcli-fb 1:2.1.53-1 (low; bug #962331)
+ [buster] - targetcli-fb <no-dsa> (Minor issue)
+ [stretch] - targetcli-fb <no-dsa> (Minor issue)
+ NOTE: https://github.com/open-iscsi/targetcli-fb/pull/172
+CVE-2020-13866 (WinGate v9.4.1.5998 has insecure permissions for the installation dire ...)
+ NOT-FOR-US: WinGate
+CVE-2020-13865 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...)
+ NOT-FOR-US: Elementor Page Builder plugin for WordPress
+CVE-2020-13864 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...)
+ NOT-FOR-US: Elementor Page Builder plugin for WordPress
+CVE-2020-13863 (The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker ...)
+ NOT-FOR-US: Mitel
+CVE-2020-13862
+ RESERVED
+CVE-2020-13861
+ RESERVED
+CVE-2020-13860 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std dev ...)
+ NOT-FOR-US: Mofi Network devices
+CVE-2020-13859 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std dev ...)
+ NOT-FOR-US: Mofi Network devices
+CVE-2020-13858 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and ...)
+ NOT-FOR-US: Mofi Network devices
+CVE-2020-13857 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and ...)
+ NOT-FOR-US: Mofi Network devices
+CVE-2020-13856 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std dev ...)
+ NOT-FOR-US: Mofi Network devices
+CVE-2020-13855 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2020-13854 (Artica Pandora FMS 7.44 allows privilege escalation. ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2020-13853 (Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2020-13852 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2020-13851 (Artica Pandora FMS 7.44 allows remote command execution via the events ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2020-13850 (Artica Pandora FMS 7.44 has inadequate access controls on a web folder ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout value of 1. ...)
+ NOT-FOR-US: MQTT protocol flaw
+CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attac ...)
+ {DLA-2585-1 DLA-2238-1}
+ - pupnp-1.8 <unfixed> (bug #962282)
+ [bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
+ [buster] - pupnp-1.8 <no-dsa> (Minor issue)
+ - libupnp <removed>
+ NOTE: https://github.com/pupnp/pupnp/issues/177
+ NOTE: https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0
+CVE-2020-13847 (Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Chec ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
+ - singularity-container <unfixed> (bug #965040)
+ NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v
+CVE-2020-13846 (Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a S ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
+ - singularity-container <unfixed> (bug #965040)
+ NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92
+CVE-2020-13845 (Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integ ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
+ - singularity-container <unfixed> (bug #965040)
+ NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c
+CVE-2020-13844 (Arm Armv8-A core implementations utilizing speculative execution past ...)
+ NOTE: https://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html
+ NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation
+ NOTE: Hardware issue, mitigations to intrusive to backport (and would require to recompile
+ NOTE: the entire distro, which is not warranted for the impact)
+ NOTE: GCC patches:
+ NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=a9ba2a9b77bec7eacaf066801f22d1c366a2bc86
+ NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=be178ecd5ac1fe1510d960ff95c66d0ff831afe1
+ NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=96b7f495f9269d5448822e4fc28882edb35a58d7
+CVE-2020-13843 (An issue was discovered on LG mobile devices with Android OS software ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-13842 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-13841 (An issue was discovered on LG mobile devices with Android OS 9 and 10 ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-13840 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-13839 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-13838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-13837 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-13836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-13835 (An issue was discovered on Samsung mobile devices with O(8.x) (with TE ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-13834 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-13833 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-13832 (An issue was discovered on Samsung mobile devices with Q(10.0) (with T ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-13831 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-13830 (An issue was discovered on Samsung mobile devices with P(9.0) software ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-13829 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-13828 (Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (X ...)
+ - dolibarr <removed>
+CVE-2020-13827 (phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/a ...)
+ - phplist <itp> (bug #612288)
+CVE-2020-13826 (A CSV injection (aka Excel Macro Injection or Formula Injection) issue ...)
+ NOT-FOR-US: i-doit
+CVE-2020-13825 (A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows rem ...)
+ NOT-FOR-US: i-doit
+CVE-2020-13824
+ RESERVED
+CVE-2020-13823
+ RESERVED
+CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleabi ...)
+ - node-elliptic 6.5.3~dfsg-1 (bug #963149)
+ [buster] - node-elliptic 6.4.1~dfsg-1+deb10u1
+ NOTE: https://github.com/indutny/elliptic/issues/226
+CVE-2020-13821 (An issue was discovered in HiveMQ Broker Control Center 4.3.2. A craft ...)
+ NOT-FOR-US: HiveMQ Broker Control Center
+CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated reflected XS ...)
+ NOT-FOR-US: Extreme Management Center
+CVE-2020-13819 (Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS vi ...)
+ NOT-FOR-US: Extreme EAC Appliance
+CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when &lt;cachestart&gt; ...)
+ NOT-FOR-US: Zoho ManageEngine OpManager
+CVE-2020-13817 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...)
+ - ntp 1:4.2.8p14+dfsg-1 (low)
+ [buster] - ntp <ignored> (Minor issue)
+ [stretch] - ntp <ignored> (Minor issue)
+ [jessie] - ntp <ignored> (Too intrusive to backport, requires new configuration)
+ - ntpsec <not-affected> (Doesn't affect ntpsec per upstream, #964395)
+ NOTE: http://support.ntp.org/bin/view/Main/NtpBug3596
+ NOTE: https://bugs.ntp.org/show_bug.cgi?id=3596
+ NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e312021VVVkyioYBR_aeIP1LqMCVg (4.2.8p14)
+ NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e4a536dzxRWAzMw-KsKjm04l6joNA (4.2.8p14)
+CVE-2020-13816
+ REJECTED
+CVE-2020-13815 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-13814 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-13813 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...)
+ NOT-FOR-US: Foxit Studio Photo
+CVE-2020-13812 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...)
+ NOT-FOR-US: Foxit Studio Photo
+CVE-2020-13811 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has ...)
+ NOT-FOR-US: Foxit Studio Photo
+CVE-2020-13810 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-13809 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-13808 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-13807 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-13806 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-13805 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-13802 (Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command in ...)
+ - rebar3 <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/erlang/rebar3/pull/2302
+ NOTE: https://github.com/erlang/rebar3/commit/2e2d1a6bb141a969b6483e082a2afd361fc2ece2
+CVE-2020-13801
+ RESERVED
+CVE-2020-13799 (Western Digital has identified a security vulnerability in the Replay ...)
+ NOT-FOR-US: Western Digital iNAND devices
+CVE-2020-13798 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2020-13797 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2020-13796 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2020-13795 (An issue was discovered in Navigate CMS through 2.8.7. It allows Direc ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2020-13794 (Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information ...)
+ NOT-FOR-US: Harbor
+CVE-2020-13793 (Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a st ...)
+ NOT-FOR-US: Ivanti
+CVE-2020-13792 (PlayTube 1.8 allows disclosure of user details via ajax.php?type=../ad ...)
+ NOT-FOR-US: PlayTube
+CVE-2020-13965 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...)
+ {DSA-4700-1}
+ - roundcube 1.4.5+dfsg.1-1 (bug #962124)
+ NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/ccaccae6653031b809b4347a60021951e19a0e43
+ NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3
+CVE-2020-13964 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...)
+ {DSA-4700-1}
+ - roundcube 1.4.5+dfsg.1-1 (bug #962123)
+ NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/4beec65d40c5e5b1f2bace935c110baf05e10ae5
+ NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19
+CVE-2020-13800 (ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to tri ...)
+ - qemu 1:5.0-6
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ [jessie] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/2
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00833.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a98610c429d52db0937c1e48659428929835c455
+CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of- ...)
+ - qemu 1:5.0-6
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ [jessie] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/1
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00831.html
+CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...)
+ {DLA-2302-1}
+ - libjpeg-turbo 1:2.0.5-1 (bug #962829)
+ [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
+ [jessie] - libjpeg-turbo <ignored> (No package in Debian jessie uses the TurboJPEG API)
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x)
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x)
+CVE-2020-13789
+ RESERVED
+CVE-2020-13788 (Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker wi ...)
+ NOT-FOR-US: Harbor
+CVE-2020-13787 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of ...)
+ NOT-FOR-US: D-Link
+CVE-2020-13786 (D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. ...)
+ NOT-FOR-US: D-Link
+CVE-2020-13785 (D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Str ...)
+ NOT-FOR-US: D-Link
+CVE-2020-13784 (D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a P ...)
+ NOT-FOR-US: D-Link
+CVE-2020-13783 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sens ...)
+ NOT-FOR-US: D-Link
+CVE-2020-13782 (D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. ...)
+ NOT-FOR-US: D-Link
+CVE-2020-13781
RESERVED
-CVE-2020-13325
+CVE-2020-13780
RESERVED
-CVE-2020-13324
+CVE-2020-13779
RESERVED
-CVE-2020-13323
+CVE-2020-13778 (rConfig 3.9.4 and earlier allows authenticated code execution (of syst ...)
+ NOT-FOR-US: rConfig
+CVE-2020-13777 (GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting ...)
+ {DSA-4697-1}
+ - gnutls28 3.6.14-1 (bug #962289)
+ [stretch] - gnutls28 <not-affected> (Vulnerable code introduced in 3.6.4)
+ [jessie] - gnutls28 <not-affected> (Vulnerable code introduced in 3.6.4)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1843723
+ NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
+ NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1011
+ NOTE: https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
+ NOTE: https://gitlab.com/gnutls/gnutls/-/commit/3d7fae761e65e9d0f16d7247ee8a464d4fe002da
+CVE-2020-13776 (systemd through v245 mishandles numerical usernames such as ones compo ...)
+ - systemd 246-2 (unimportant)
+ NOTE: https://github.com/systemd/systemd/issues/15985
+ NOTE: https://github.com/systemd/systemd/commit/156a5fd297b61bce31630d7a52c15614bf784843 (v246-rc1)
+ NOTE: https://github.com/systemd/systemd/commit/6495ceddf38aed2c9efdcf9d3440140190800b55 (v246-rc1)
+ NOTE: Issue exists due to an incomplete fix for CVE-2017-1000082.
+CVE-2020-13775 (ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an app ...)
+ - znc 1.8.1-1 (bug #962105)
+ [buster] - znc <not-affected> (Vulnerable code introduced later)
+ [stretch] - znc <not-affected> (Vulnerable code introduced later)
+ [jessie] - znc <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed by: https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8 (znc-1.8.1-rc1)
+ NOTE: Introduced with: https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001 (znc-1.8.0)
+CVE-2020-13774 (An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivant ...)
+ NOT-FOR-US: Ivanti
+CVE-2020-13773 (Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_spli ...)
+ NOT-FOR-US: Ivanti
+CVE-2020-13772 (In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, a ...)
+ NOT-FOR-US: Ivanti
+CVE-2020-13771 (Various components in Ivanti Endpoint Manager through 2020.1.1 rely on ...)
+ NOT-FOR-US: Ivanti
+CVE-2020-13770 (Several services are accessing named pipes in Ivanti Endpoint Manager ...)
+ NOT-FOR-US: Ivanti
+CVE-2020-13769 (LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows S ...)
+ NOT-FOR-US: Ivanti
+CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via ...)
+ NOT-FOR-US: MiniShare
+CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could allow an u ...)
+ NOT-FOR-US: Mitel
+CVE-2020-13766
+ RESERVED
+CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate ...)
+ {DSA-4728-1 DLA-2288-1 DLA-2262-1}
+ - qemu 1:4.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1844635
+CVE-2020-13764 (common.php in the Gravity Forms plugin before 2.4.9 for WordPress can ...)
+ NOT-FOR-US: Gravity Forms plugin for WordPress
+CVE-2020-13763 (In Joomla! before 3.9.19, the default settings of the global textfilte ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-13762 (In Joomla! before 3.9.19, incorrect input validation of the module tag ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-13761 (In Joomla! before 3.9.19, lack of input validation in the heading tag ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-13760 (In Joomla! before 3.9.19, missing token checks in com_postinstall lead ...)
+ NOT-FOR-US: Joomla!
+CVE-2020-13759 (rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attacker ...)
+ NOT-FOR-US: rust-vmm
+CVE-2020-13758 (modules/security/classes/general.post_filter.php/post_filter.php in th ...)
+ NOT-FOR-US: Bitrix24
+CVE-2020-13757 (Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ...)
+ - python-rsa 4.7.2-1 (bug #962142)
+ [bullseye] - python-rsa <no-dsa> (Minor issue)
+ [buster] - python-rsa <no-dsa> (Minor issue)
+ [stretch] - python-rsa <no-dsa> (Minor issue)
+ [jessie] - python-rsa <no-dsa> (Minor issue)
+ NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146
+ NOTE: https://github.com/sybrenstuvel/python-rsa/commit/93af6f2f89a9bf28361e67716c4240e691520f30 (version-4.1)
+CVE-2020-13756 (Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...)
+ NOT-FOR-US: Sabberworm PHP CSS Parser
+CVE-2020-13755
RESERVED
-CVE-2020-13322
+CVE-2020-13753 (The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, f ...)
+ {DSA-4724-1}
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
+CVE-2020-13752
+ REJECTED
+CVE-2020-13751
+ REJECTED
+CVE-2020-13750
+ REJECTED
+CVE-2020-13749
+ REJECTED
+CVE-2020-13748
+ REJECTED
+CVE-2020-13747
+ REJECTED
+CVE-2020-13746
+ REJECTED
+CVE-2020-13745
+ REJECTED
+CVE-2020-13744
+ REJECTED
+CVE-2020-13743
+ REJECTED
+CVE-2020-13742
+ REJECTED
+CVE-2020-13741
+ REJECTED
+CVE-2020-13740
+ REJECTED
+CVE-2020-13739
+ REJECTED
+CVE-2020-13738
+ REJECTED
+CVE-2020-13737
+ REJECTED
+CVE-2020-13736
+ REJECTED
+CVE-2020-13735
+ REJECTED
+CVE-2020-13734
+ REJECTED
+CVE-2020-13733
+ REJECTED
+CVE-2020-13732
+ REJECTED
+CVE-2020-13731
+ REJECTED
+CVE-2020-13730
+ REJECTED
+CVE-2020-13729
+ REJECTED
+CVE-2020-13728
+ REJECTED
+CVE-2020-13727
+ REJECTED
+CVE-2020-13726
+ REJECTED
+CVE-2020-13725
+ REJECTED
+CVE-2020-13724
+ REJECTED
+CVE-2020-13723
+ REJECTED
+CVE-2020-13722
+ REJECTED
+CVE-2020-13721
+ REJECTED
+CVE-2020-13720
+ REJECTED
+CVE-2020-13719
+ REJECTED
+CVE-2020-13718
+ REJECTED
+CVE-2020-13717
+ REJECTED
+CVE-2020-13716
+ REJECTED
+CVE-2020-13715
+ REJECTED
+CVE-2020-13714
+ REJECTED
+CVE-2020-13713
+ REJECTED
+CVE-2020-13712
RESERVED
-CVE-2020-13321
+CVE-2020-13711
RESERVED
-CVE-2020-13320
+CVE-2020-13710
RESERVED
-CVE-2020-13319
+CVE-2020-13709
RESERVED
-CVE-2020-13318
+CVE-2020-13708
RESERVED
-CVE-2020-13317
+CVE-2020-13707
RESERVED
-CVE-2020-13316
+CVE-2020-13706
RESERVED
-CVE-2020-13315
+CVE-2020-13705
RESERVED
-CVE-2020-13314
+CVE-2020-13704
RESERVED
-CVE-2020-13313
+CVE-2020-13703
RESERVED
-CVE-2020-13312
+CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...)
+ {DSA-4728-1 DLA-2288-1}
+ - qemu 1:5.0-6
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5d971f9e672507210e77d020d89e0e89165c8fc9 (fix)
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dba04c3488c4699f5afe96f66e448b1d447cf3fb (regression fix)
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=8e67fda2dd6202ccec093fda561107ba14830a17 (regression fix)
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=70b78d4e71494c90d2ccb40381336bc9b9a22f79 (regression fix)
+CVE-2020-13702 (The Rolling Proximity Identifier used in the Apple/Google Exposure Not ...)
+ NOT-FOR-US: Apple/Google Exposure Notification API
+CVE-2020-13701
RESERVED
-CVE-2020-13311
+CVE-2020-13700 (An issue was discovered in the acf-to-rest-api plugin through 3.1.0 fo ...)
+ NOT-FOR-US: acf-to-rest-api plugin for WordPress
+CVE-2020-13699 (TeamViewer Desktop for Windows before 15.8.3 does not properly quote i ...)
+ NOT-FOR-US: TeamViewer Desktop
+CVE-2020-13698
RESERVED
-CVE-2020-13310
+CVE-2020-13697 (An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2 ...)
+ NOT-FOR-US: NanoHTTPD Java
+CVE-2020-13696 (An issue was discovered in LinuxTV xawtv before 3.107. The function de ...)
+ {DLA-2246-1}
+ - xawtv 3.107-1 (bug #962221)
+ [stretch] - xawtv <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6
+ NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3
+ NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292
+ NOTE: But those sill allow to test for arbitrary files and would need:
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6/1
+CVE-2020-13695 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...)
+ NOT-FOR-US: QuickBox
+CVE-2020-13694 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...)
+ NOT-FOR-US: QuickBox
+CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...)
+ NOT-FOR-US: bbPress plugin for WordPress
+CVE-2020-13692 (PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. ...)
+ - libpgjava 42.2.12-2 (low; bug #962828)
+ [buster] - libpgjava <no-dsa> (Minor issue)
+ [stretch] - libpgjava <no-dsa> (Minor issue)
+ [jessie] - libpgjava <no-dsa> (Minor issue)
+ NOTE: https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65
+CVE-2020-13691
RESERVED
-CVE-2020-13309
+CVE-2020-13690
RESERVED
-CVE-2020-13308
+CVE-2020-13689
RESERVED
-CVE-2020-13307
+CVE-2020-13688 (Cross-site scripting vulnerability in l Drupal Core allows an attacker ...)
+ - drupal7 <not-affected> (Only affects Drupal 8 and 9)
+ NOTE: https://www.drupal.org/sa-core-2020-009
+CVE-2020-13687
RESERVED
-CVE-2020-13306
+CVE-2020-13686
RESERVED
-CVE-2020-13305
+CVE-2020-13685
RESERVED
-CVE-2020-13304
+CVE-2020-13684
RESERVED
-CVE-2020-13303
+CVE-2020-13683
RESERVED
-CVE-2020-13302
+CVE-2020-13682
RESERVED
-CVE-2020-13301
+CVE-2020-13681
RESERVED
-CVE-2020-13300
+CVE-2020-13680
RESERVED
-CVE-2020-13299
+CVE-2020-13679
RESERVED
-CVE-2020-13298
+CVE-2020-13678
RESERVED
-CVE-2020-13297
+CVE-2020-13677 (Under some circumstances, the Drupal core JSON:API module does not pro ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13676 (The QuickEdit module does not properly check access to fields in some ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13675 (Drupal's JSON:API and REST/File modules allow file uploads through the ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13674 (The QuickEdit module does not properly validate access to routes, whic ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13673 (The Entity Embed module provides a filter to allow embedding entities ...)
+ NOT-FOR-US: Drupal Entity Embed module
+CVE-2020-13671 (Drupal core does not properly sanitize certain filenames on uploaded f ...)
+ {DLA-2458-1}
+ - drupal7 <removed>
+ NOTE: https://www.drupal.org/sa-core-2020-012
+ NOTE: https://github.com/drupal/drupal/commit/0263ea89cfff630262b8c0bc6d9c629c42aa7a84
+CVE-2020-13670 (Information Disclosure vulnerability in file module of Drupal Core all ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13669 (Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core al ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13668 (Access Bypass vulnerability in Drupal Core allows for an attacker to l ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces allows an att ...)
+ NOT-FOR-US: Drupal 8.x
+CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...)
+ {DLA-2458-1}
+ - drupal7 <removed>
+ NOTE: https://www.drupal.org/sa-core-2020-007
+ NOTE: https://github.com/drupal/drupal/commit/cd3721550d988240ef6e682bd1cae2939c6e9e5a
+CVE-2020-13665 (Access bypass vulnerability in Drupal Core allows JSON:API when JSON:A ...)
+ - drupal7 <not-affected> (Drupal 7 not affected)
+ NOTE: https://www.drupal.org/sa-core-2020-006
+CVE-2020-13664 (Arbitrary PHP code execution vulnerability in Drupal Core under certai ...)
+ - drupal7 <not-affected> (Drupal 7 not affected)
+ NOTE: https://www.drupal.org/sa-core-2020-005
+CVE-2020-13663 (Cross Site Request Forgery vulnerability in Drupal Core Form API does ...)
+ {DSA-4706-1 DLA-2263-1}
+ - drupal7 <removed>
+ NOTE: https://www.drupal.org/sa-core-2020-004
+ NOTE: https://git.drupalcode.org/project/drupal/-/commit/3999b8f658bf2ef8e96a7ee8ccb279c5d3073006
+CVE-2020-13661 (Telerik Fiddler through 5.0.20202.18177 allows attackers to execute ar ...)
+ NOT-FOR-US: Telerik
+CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...)
+ NOT-FOR-US: CMS Made Simple
+CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...)
+ {DSA-4728-1 DLA-2288-1}
+ - qemu 1:5.0-6
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=77f55eac6c433e23e82a1b88b2d74f385c4c7d82
+CVE-2020-13658 (In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF atta ...)
+ NOT-FOR-US: Lansweeper
+CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free Antivirus ...)
+ NOT-FOR-US: Avast
+CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implementation ...)
+ NOT-FOR-US: Hobbes
+CVE-2020-13655 (An issue was discovered in Collabtive 3.0 and later. managefile.php is ...)
+ - collabtive <removed>
+CVE-2020-13654 (XWiki Platform before 12.8 mishandles escaping in the property display ...)
+ NOT-FOR-US: XWiki
+CVE-2020-13653 (An XSS vulnerability exists in the Webmail component of Zimbra Collabo ...)
+ NOT-FOR-US: Zimbra
+CVE-2020-13652 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...)
+ NOT-FOR-US: DigDash
+CVE-2020-13651 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...)
+ NOT-FOR-US: DigDash
+CVE-2020-13650 (An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 ...)
+ NOT-FOR-US: DigDash
+CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during c ...)
+ - iotjs 1.0+715-1
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3786
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3788
+CVE-2020-13648
RESERVED
-CVE-2020-13296
+CVE-2020-13647
RESERVED
-CVE-2020-13295
+CVE-2020-13646 (In Cheetah free WiFi 5.1, the driver file (liebaonat.sys) allows local ...)
+ NOT-FOR-US: cheetah free wifi
+CVE-2020-13645 (In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...)
+ - glib-networking 2.64.3-2 (bug #961756)
+ [buster] - glib-networking 2.58.0-2+deb10u1
+ [stretch] - glib-networking 2.50.0-1+deb9u1
+ NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135
+ NOTE: Updating glib-networking to address CVE-2020-13645 will need a compatibility
+ NOTE: update as well for balsa (cf. https://bugs.debian.org/961792)
+CVE-2020-13644 (An issue was discovered in the Accordion plugin before 2.2.9 for WordP ...)
+ NOT-FOR-US: Accordion plugin for WordPress
+CVE-2020-13643 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...)
+ NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress
+CVE-2020-13642 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...)
+ NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress
+CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace plugin befor ...)
+ NOT-FOR-US: Real-Time Find and Replace plugin for WordPress
+CVE-2020-13640 (A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlie ...)
+ NOT-FOR-US: gVectors wpDiscuz plugin for WordPress
+CVE-2020-13639 (A stored XSS vulnerability was discovered in the ECT Provider in OutSy ...)
+ NOT-FOR-US: OutSystems Platform
+CVE-2020-13638 (lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authenti ...)
+ NOT-FOR-US: rConfig
+CVE-2020-13637 (An issue was discovered in the stashcat app through 3.9.2 for macOS, W ...)
+ NOT-FOR-US: stashcat app
+CVE-2020-13636
RESERVED
-CVE-2020-13294
+CVE-2020-13635
RESERVED
-CVE-2020-13293
+CVE-2020-13634 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
+ NOT-FOR-US: Windows Master (aka Windows Optimization Master)
+CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...)
+ NOT-FOR-US: Fork CMS
+CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...)
+ {DLA-2340-1}
+ - sqlite3 3.32.0-1
+ [buster] - sqlite3 3.27.2-3+deb10u1
+ [jessie] - sqlite3 <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
+ NOTE: https://sqlite.org/src/info/a4dd148928ea65bd
+ NOTE: https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730
+CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name ...)
+ - sqlite3 3.32.0-1
+ [buster] - sqlite3 <ignored> (Minor issue, too intrusive to backport)
+ [stretch] - sqlite3 <not-affected> (Vulnerable code not present)
+ [jessie] - sqlite3 <no-dsa> (Too intrusive to backport)
+ NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
+ NOTE: https://sqlite.org/src/info/eca0ba2cf4c0fdf7
+CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...)
+ {DLA-2340-1}
+ - sqlite3 3.32.0-1
+ [buster] - sqlite3 3.27.2-3+deb10u1
+ [jessie] - sqlite3 <not-affected> (Vulnerable code not found)
+ NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
+ NOTE: https://sqlite.org/src/info/0d69f76f0865f962
+ NOTE: https://github.com/sqlite/sqlite/commit/becd68ba0dac41904aa817d96a67fb4685734b41
+CVE-2020-13629
RESERVED
-CVE-2020-13292
+CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2020-13626 (OnePlus App Locker through 2020-10-06 allows physically proximate atta ...)
+ NOT-FOR-US: OnePlus App Locker
+CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...)
+ {DLA-2306-1 DLA-2244-1}
+ - libphp-phpmailer 6.1.6-1 (bug #962827)
+ [buster] - libphp-phpmailer <no-dsa> (Minor issue)
+ NOTE: https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj
+ NOTE: https://github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3
+CVE-2020-13624
RESERVED
-CVE-2020-13291
+CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...)
+ - iotjs <not-affected> (Vulnerable code never in released version)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3785
+CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service (asser ...)
+ - iotjs <not-affected> (Vulnerable code never in released version)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3787
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/3797
+CVE-2020-13621
RESERVED
-CVE-2020-13290
+CVE-2020-13620 (Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF ...)
+ NOT-FOR-US: Fastweb FASTGate GPON FGA2130FWB devices
+CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attack ...)
+ NOT-FOR-US: Locutus PHP
+CVE-2020-13618
RESERVED
-CVE-2020-13289
+CVE-2020-13617 (The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones ...)
+ NOT-FOR-US: Mitel
+CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...)
+ NOT-FOR-US: pichi
+CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification ...)
+ NOT-FOR-US: Qore
+CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implem ...)
+ - axel 2.17.8-1
+ [buster] - axel <no-dsa> (Minor issue)
+ [stretch] - axel <no-dsa> (Minor issue)
+ [jessie] - axel <not-affected> (SSL/TLS implemented from v2.10. But without ssl support is a major drawback)
+ NOTE: https://github.com/axel-download-accelerator/axel/issues/262
+CVE-2020-13613
RESERVED
-CVE-2020-13288
+CVE-2020-13612
+ REJECTED
+CVE-2020-13611
+ REJECTED
+CVE-2020-13610
+ REJECTED
+CVE-2020-13609
+ REJECTED
+CVE-2020-13608
+ REJECTED
+CVE-2020-13607
+ REJECTED
+CVE-2020-13606
+ REJECTED
+CVE-2020-13605
+ REJECTED
+CVE-2020-13604
+ REJECTED
+CVE-2020-13603 (Integer Overflow in memory allocating functions. Zephyr versions &gt;= ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-13602 (Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions &gt ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-13601 (Possible read out of bounds in dns read. Zephyr versions &gt;= 1.14.2, ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-13600 (Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-13599 (Security problem with settings and littlefs. Zephyr versions &gt;= 1.1 ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-13598 (FS: Buffer Overflow when enabling Long File Names in FAT_FS and callin ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...)
+ NOT-FOR-US: Calico
+CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
+ {DSA-4705-1 DLA-2233-1}
+ - python-django 2:2.2.13-1 (bug #962323)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1
+ NOTE: https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master)
+ NOTE: https://github.com/django/django/commit/49d7cc19e33a104bb23f7ae1dbb1240b4f6c40f9 (3.1 branch)
+ NOTE: https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38 (3.0 branch)
+ NOTE: https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815 (2.2. branch)
+CVE-2020-13595 (The Bluetooth Low Energy (BLE) controller implementation in Espressif ...)
+ NOT-FOR-US: Espressif
+CVE-2020-13594 (The Bluetooth Low Energy (BLE) controller implementation in Espressif ...)
+ NOT-FOR-US: Espressif
+CVE-2020-13593 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...)
+ NOT-FOR-US: Espressif
+CVE-2020-13662 (Open Redirect vulnerability in Drupal Core allows a user to be tricked ...)
+ {DSA-4693-1 DLA-2250-1}
+ - drupal7 <removed>
+ NOTE: https://www.drupal.org/sa-core-2020-003
+ NOTE: https://git.drupalcode.org/project/drupal/-/commit/905ff00a44160adee3f266cdcc87d3350a64a072
+CVE-2020-13592 (An exploitable SQL injection vulnerability exists in "global_lists/cho ...)
+ NOT-FOR-US: Rukovoditel Project Management App
+CVE-2020-13591 (An exploitable SQL injection vulnerability exists in the "access_rules ...)
+ NOT-FOR-US: Rukovoditel Project Management App
+CVE-2020-13590
RESERVED
-CVE-2020-13287
+CVE-2020-13589 (An exploitable SQL injection vulnerability exists in the &#8216;entiti ...)
+ NOT-FOR-US: Rukovoditel Project Management App
+CVE-2020-13588 (An exploitable SQL injection vulnerability exists in the &#8216;entiti ...)
+ NOT-FOR-US: Rukovoditel Project Management App
+CVE-2020-13587 (An exploitable SQL injection vulnerability exists in the "forms_fields ...)
+ NOT-FOR-US: Rukovoditel Project Management App
+CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...)
+ NOT-FOR-US: SoftMaker
+CVE-2020-13585 (An out-of-bounds write vulnerability exists in the PSD Header processi ...)
+ NOT-FOR-US: AccuSoft
+CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.30.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
+CVE-2020-13583 (A denial-of-service vulnerability exists in the HTTP Server functional ...)
+ NOT-FOR-US: Micrium
+CVE-2020-13582 (A denial-of-service vulnerability exists in the HTTP Server functional ...)
+ NOT-FOR-US: Micrium
+CVE-2020-13581 (In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1 ...)
+ NOT-FOR-US: SoftMaker
+CVE-2020-13580 (An exploitable heap-based buffer overflow vulnerability exists in the ...)
+ NOT-FOR-US: SoftMaker
+CVE-2020-13579 (An exploitable integer overflow vulnerability exists in the PlanMaker ...)
+ NOT-FOR-US: SoftMaker
+CVE-2020-13578 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
+ - gsoap 2.8.104-3 (bug #983596)
+ [buster] - gsoap <no-dsa> (Minor issue)
+ [stretch] - gsoap <ignored> (intrusive to backport, will either not compile or may cause runtime errors)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189
+CVE-2020-13577 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
+ - gsoap 2.8.104-3 (bug #983596)
+ [buster] - gsoap <no-dsa> (Minor issue)
+ [stretch] - gsoap <ignored> (intrusive to backport, will either not compile or may cause runtime errors)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188
+CVE-2020-13576 (A code execution vulnerability exists in the WS-Addressing plugin func ...)
+ - gsoap 2.8.104-3 (bug #983596)
+ [buster] - gsoap <no-dsa> (Minor issue)
+ [stretch] - gsoap <ignored> (intrusive to backport, will either not compile or may cause runtime errors)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1187
+CVE-2020-13575 (A denial-of-service vulnerability exists in the WS-Addressing plugin f ...)
+ - gsoap 2.8.104-3 (bug #983596)
+ [buster] - gsoap <no-dsa> (Minor issue)
+ [stretch] - gsoap <ignored> (intrusive to backport, will either not compile or may cause runtime errors)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186
+CVE-2020-13574 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...)
+ - gsoap 2.8.104-3 (bug #983596)
+ [buster] - gsoap <no-dsa> (Minor issue)
+ [stretch] - gsoap <ignored> (intrusive to backport, will either not compile or may cause runtime errors)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185
+CVE-2020-13573 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...)
+ NOT-FOR-US: Rockwell Automation RSLinx Classic
+CVE-2020-13572 (A heap overflow vulnerability exists in the way the GIF parser decodes ...)
+ NOT-FOR-US: Accusoft
+CVE-2020-13571 (An out-of-bounds write vulnerability exists in the SGI RLE decompressi ...)
+ NOT-FOR-US: Accusoft
+CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL function ...)
+ NOT-FOR-US: OpenEMR
+CVE-2020-13568 (SQL injection vulnerability exists in phpGACL 3.3.7. A specially craft ...)
+ NOT-FOR-US: phpGACL
+CVE-2020-13567
RESERVED
-CVE-2020-13286
+CVE-2020-13566 (SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially craf ...)
+ NOT-FOR-US: phpGACL
+CVE-2020-13565 (An open redirect vulnerability exists in the return_page redirection f ...)
+ NOT-FOR-US: OpenEMR
+CVE-2020-13564 (A cross-site scripting vulnerability exists in the template functional ...)
+ NOT-FOR-US: phpGACL
+CVE-2020-13563 (A cross-site scripting vulnerability exists in the template functional ...)
+ NOT-FOR-US: phpGACL
+CVE-2020-13562 (A cross-site scripting vulnerability exists in the template functional ...)
+ NOT-FOR-US: phpGACL
+CVE-2020-13561 (An out-of-bounds write vulnerability exists in the TIFF parser of Accu ...)
+ NOT-FOR-US: Accusoft
+CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2020-13559 (A denial-of-service vulnerability exists in the traffic-logging functi ...)
+ NOT-FOR-US: FreyrSCADA IEC-60879-5-104 Server Simulator
+CVE-2020-13558 (A code execution vulnerability exists in the AudioSourceProviderGStrea ...)
+ {DSA-4854-1}
+ - webkit2gtk 2.30.5-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.5-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0001.html
+CVE-2020-13557 (A use after free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP server ...)
+ NOT-FOR-US: EIP Stack Group OpENer
+CVE-2020-13555 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ NOT-FOR-US: Advantech WebAccess/SCADA
+CVE-2020-13554 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ NOT-FOR-US: Advantech WebAccess/SCADA
+CVE-2020-13553 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ NOT-FOR-US: Advantech WebAccess/SCADA
+CVE-2020-13552 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ NOT-FOR-US: Advantech WebAccess/SCADA
+CVE-2020-13551 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ NOT-FOR-US: Advantech WebAccess/SCADA
+CVE-2020-13550 (A local file inclusion vulnerability exists in the installation functi ...)
+ NOT-FOR-US: Advantech WebAccess/SCADA
+CVE-2020-13549 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ NOT-FOR-US: Sytech XL Reporter
+CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2020-13546 (In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1 ...)
+ NOT-FOR-US: SoftMaker
+CVE-2020-13545 (An exploitable signed conversion vulnerability exists in the TextMaker ...)
+ NOT-FOR-US: SoftMaker
+CVE-2020-13544 (An exploitable sign extension vulnerability exists in the TextMaker do ...)
+ NOT-FOR-US: SoftMaker
+CVE-2020-13543 (A code execution vulnerability exists in the WebSocket functionality o ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0009.html
+CVE-2020-13542 (A local privilege elevation vulnerability exists in the file system pe ...)
+ NOT-FOR-US: LogicalDoc
+CVE-2020-13541 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ NOT-FOR-US: Mobile-911 Server
+CVE-2020-13540 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ NOT-FOR-US: Win-911 Enterprise
+CVE-2020-13539 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ NOT-FOR-US: Win-911 Enterprise
+CVE-2020-13538
RESERVED
-CVE-2020-13285
+CVE-2020-13537 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ NOT-FOR-US: Moxa
+CVE-2020-13536 (An exploitable local privilege elevation vulnerability exists in the f ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-13535 (A privilege escalation vulnerability exists in Kepware LinkMaster 3.0. ...)
+ NOT-FOR-US: Kepware LinkMaster
+CVE-2020-13534 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. C ...)
+ NOT-FOR-US: Dream Report
+CVE-2020-13533 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. I ...)
+ NOT-FOR-US: Dream Report
+CVE-2020-13532 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. I ...)
+ NOT-FOR-US: Dream Report
+CVE-2020-13531 (A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 pro ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...)
+ NOT-FOR-US: EIP Stack Group OpENer
+CVE-2020-13529 (An exploitable denial-of-service vulnerability exists in Systemd 245. ...)
+ [experimental] - systemd 249~rc2-1
+ - systemd <unfixed> (unimportant)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
+ NOTE: https://github.com/systemd/systemd/issues/16774
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959397
+ NOTE: Fixed by: https://github.com/systemd/systemd/commit/38e980a6a5a3442c2f48b1f827284388096d8ca5 (v249-rc2)
+ NOTE: Generic DHCP protocol issue, negligible security impact
+CVE-2020-13528 (An information disclosure vulnerability exists in the Web Manager and ...)
+ NOT-FOR-US: Lantronix
+CVE-2020-13527 (An authentication bypass vulnerability exists in the Web Manager funct ...)
+ NOT-FOR-US: Lantronix
+CVE-2020-13526 (SQL injection vulnerability exists in the handling of sort parameters ...)
+ NOT-FOR-US: ProcessMaker
+CVE-2020-13525 (The sort parameter in the download page /sysworkflow/en/neoclassic/rep ...)
+ NOT-FOR-US: ProcessMaker
+CVE-2020-13524 (An out-of-bounds memory corruption vulnerability exists in the way Pix ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-13523 (An exploitable information disclosure vulnerability exists in SoftPerf ...)
+ NOT-FOR-US: SoftPerfect
+CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in SoftPerfe ...)
+ NOT-FOR-US: SoftPerfect
+CVE-2020-13521
+ REJECTED
+CVE-2020-13520 (An out of bounds memory corruption vulnerability exists in the way Pix ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-13519 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...)
+ NOT-FOR-US: NZXT CAM
+CVE-2020-13518 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
+ NOT-FOR-US: NZXT CAM
+CVE-2020-13517 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
+ NOT-FOR-US: NZXT CAM
+CVE-2020-13516 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
+ NOT-FOR-US: NZXT CAM
+CVE-2020-13515 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...)
+ NOT-FOR-US: NZXT CAM
+CVE-2020-13514 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...)
+ NOT-FOR-US: NZXT CAM
+CVE-2020-13513 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...)
+ NOT-FOR-US: NZXT CAM
+CVE-2020-13512 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...)
+ NOT-FOR-US: NZXT CAM
+CVE-2020-13511 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
+ NOT-FOR-US: NZXT CAM
+CVE-2020-13510 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
+ NOT-FOR-US: NZXT CAM
+CVE-2020-13509 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...)
+ NOT-FOR-US: NZXT CAM
+CVE-2020-13508
+ REJECTED
+CVE-2020-13507
+ REJECTED
+CVE-2020-13506
+ REJECTED
+CVE-2020-13505 (Parameter psClass in ednareporting.asmx is vulnerable to unauthenticat ...)
+ NOT-FOR-US: ednareporting.asmx
+CVE-2020-13504 (Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauth ...)
+ NOT-FOR-US: ednareporting.asmx
+CVE-2020-13503
+ REJECTED
+CVE-2020-13502
+ REJECTED
+CVE-2020-13501 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...)
+ NOT-FOR-US: CHaD.asmx
+CVE-2020-13500 (SQL injection vulnerability exists in the CHaD.asmx web service functi ...)
+ NOT-FOR-US: CHaD.asmx
+CVE-2020-13499 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...)
+ NOT-FOR-US: CHaD.asmx
+CVE-2020-13498 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-13497 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-13496 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-13495
RESERVED
-CVE-2020-13284
+CVE-2020-13494 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsin ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-13493 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-13492
RESERVED
-CVE-2020-13283
+CVE-2020-13491
RESERVED
-CVE-2020-13282
+CVE-2020-13490
RESERVED
-CVE-2020-13281
+CVE-2020-13489
RESERVED
-CVE-2020-13280
+CVE-2020-13488
RESERVED
-CVE-2020-13279
+CVE-2020-13487 (The bbPress plugin through 2.6.4 for WordPress has stored XSS in the F ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious red ...)
+ NOT-FOR-US: Craft CMS plugin
+CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist ...)
+ NOT-FOR-US: Craft CMS plugin
+CVE-2020-13484 (Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in th ...)
+ NOT-FOR-US: Bitrix24
+CVE-2020-13483 (The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via ...)
+ NOT-FOR-US: Bitrix24
+CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way ...)
+ NOT-FOR-US: EM-HTTP-Request
+CVE-2020-13481
RESERVED
-CVE-2020-13278
+CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ...)
+ NOT-FOR-US: Verint Workforce Optimization (WFO)
+CVE-2020-13479
RESERVED
-CVE-2020-13277
+CVE-2020-13478
RESERVED
-CVE-2020-13276
+CVE-2020-13477
RESERVED
-CVE-2020-13275
+CVE-2020-13476 (NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the ...)
+ NOT-FOR-US: NCH Express Invoice
+CVE-2020-13475
RESERVED
-CVE-2020-13274
+CVE-2020-13474 (In NCH Express Accounts 8.24 and earlier, an authenticated low-privile ...)
+ NOT-FOR-US: NCH Express Accounts
+CVE-2020-13473 (NCH Express Accounts 8.24 and earlier allows local users to discover t ...)
+ NOT-FOR-US: NCH Express Accounts
+CVE-2020-13472 (The flash memory readout protection in Gigadevice GD32F103 devices all ...)
+ NOT-FOR-US: Gigadevice GD32F103 devices
+CVE-2020-13471 (Apex Microelectronics APM32F103 devices allow physical attackers to ex ...)
+ NOT-FOR-US: Apex Microelectronics APM32F103 devices
+CVE-2020-13470 (Gigadevice GD32F103 and GD32F130 devices allow physical attackers to e ...)
+ NOT-FOR-US: Gigadevice GD32F103 and GD32F130 devices
+CVE-2020-13469 (The flash memory readout protection in Gigadevice GD32VF103 devices al ...)
+ NOT-FOR-US: Gigadevice GD32VF103 devices
+CVE-2020-13468 (Gigadevice GD32F130 devices allow physical attackers to escalate their ...)
+ NOT-FOR-US: Gigadevice GD32F130 devices
+CVE-2020-13467 (The flash memory readout protection in China Key Systems &amp; Integra ...)
+ NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices
+CVE-2020-13466 (STMicroelectronics STM32F103 devices through 2020-05-20 allow physical ...)
+ NOT-FOR-US: STMicroelectronics STM32F103 devices
+CVE-2020-13465 (The security protection in Gigadevice GD32F103 devices allows physical ...)
+ NOT-FOR-US: Gigadevice GD32F103 devices
+CVE-2020-13464 (The flash memory readout protection in China Key Systems &amp; Integra ...)
+ NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices
+CVE-2020-13463 (The flash memory readout protection in Apex Microelectronics APM32F103 ...)
+ NOT-FOR-US: Apex Microelectronics APM32F103 devices
+CVE-2020-13462 (Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, ...)
+ NOT-FOR-US: Tufin
+CVE-2020-13461 (Username enumeration in present in Tufin SecureTrack. It's affecting a ...)
+ NOT-FOR-US: Tufin
+CVE-2020-13460 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were presen ...)
+ NOT-FOR-US: Tufin
+CVE-2020-13459 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...)
+ NOT-FOR-US: Image Resizer plugin for Craft CMS
+CVE-2020-13458 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...)
+ NOT-FOR-US: Image Resizer plugin for Craft CMS
+CVE-2020-13457
RESERVED
-CVE-2020-13273
+CVE-2020-13456
RESERVED
-CVE-2020-13272
+CVE-2020-13455
RESERVED
-CVE-2020-13271
+CVE-2020-13454
RESERVED
-CVE-2020-13270
+CVE-2020-13453
RESERVED
-CVE-2020-13269
+CVE-2020-13452 (In Gotenberg through 6.2.1, insecure permissions for tini (writable by ...)
+ NOT-FOR-US: Gotenberg
+CVE-2020-13451 (An incomplete-cleanup vulnerability in the Office rendering engine of ...)
+ NOT-FOR-US: Gotenberg
+CVE-2020-13450 (A directory traversal vulnerability in file upload function of Gotenbe ...)
+ NOT-FOR-US: Gotenberg
+CVE-2020-13449 (A directory traversal vulnerability in the Markdown engine of Gotenber ...)
+ NOT-FOR-US: Gotenberg
+CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 ...)
+ NOT-FOR-US: QuickBox
+CVE-2020-13447
RESERVED
-CVE-2020-13268
+CVE-2020-13446
RESERVED
-CVE-2020-13267
+CVE-2020-13445 (In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, ...)
+ NOT-FOR-US: Liferay
+CVE-2020-13444 (Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 9 ...)
+ NOT-FOR-US: Liferay
+CVE-2020-13443 (ExpressionEngine before 5.3.2 allows remote attackers to upload and ex ...)
+ NOT-FOR-US: ExpressionEngine
+CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 t ...)
+ NOT-FOR-US: DEXT5
+CVE-2020-13441
RESERVED
-CVE-2020-13266
+CVE-2020-13440 (ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. ...)
+ NOT-FOR-US: ffjpeg
+CVE-2020-13439 (ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_de ...)
+ NOT-FOR-US: ffjpeg
+CVE-2020-13438 (ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c ...)
+ NOT-FOR-US: ffjpeg
+CVE-2020-13437
RESERVED
-CVE-2020-13265
+CVE-2020-13436
RESERVED
-CVE-2020-13264
+CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarge ...)
+ - sqlite3 3.32.1-1
+ [buster] - sqlite3 3.27.2-3+deb10u1
+ [stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
+ [jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.sqlite.org/src/info/7a5279a25c57adf1
+ NOTE: https://www.sqlite.org/src/info/ad7bb70af9bb68d1
+ NOTE: https://www.sqlite.org/src/info/572105de1d44bca4
+CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf ...)
+ {DLA-2340-1 DLA-2221-1}
+ - sqlite3 3.32.1-1
+ [buster] - sqlite3 3.27.2-3+deb10u1
+ NOTE: https://www.sqlite.org/src/info/23439ea582241138
+ NOTE: https://www.sqlite.org/src/info/d08d3405878d394e
+ NOTE: https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018
+CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...)
+ NOT-FOR-US: Jason2605 AdminPanel
+CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...)
+ NOT-FOR-US: Rejetto HTTP File Server
+CVE-2020-13431 (I2P before 0.9.46 allows local users to gain privileges via a Trojan h ...)
+ - i2p <not-affected> (Windows-specific)
+CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. ...)
+ - grafana <removed>
+ NOTE: https://github.com/grafana/grafana/pull/24539
+CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...)
+ NOT-FOR-US: piechart-panel plugin for Grafana
+CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in mod ...)
+ {DSA-4704-1}
+ - vlc 3.0.11-1
+ [jessie] - vlc <end-of-life> (Not supported in jessie LTS)
+ NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11
+ NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0
+CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user v ...)
+ NOT-FOR-US: Victor CMS
+CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Reques ...)
+ NOT-FOR-US: Multi-Scheduler plugin for WordPress
+CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep ...)
+ NOT-FOR-US: TrackR
+CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...)
+ NOT-FOR-US: Joomla addon
+CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that can be exp ...)
+ NOT-FOR-US: Form Builder for Magento
+CVE-2020-13422 (OpenIAM before 4.2.0.3 does not verify if a user has permissions to pe ...)
+ NOT-FOR-US: OpenIAM
+CVE-2020-13421 (OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create Use ...)
+ NOT-FOR-US: OpenIAM
+CVE-2020-13420 (OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary co ...)
+ NOT-FOR-US: OpenIAM
+CVE-2020-13419 (OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. ...)
+ NOT-FOR-US: OpenIAM
+CVE-2020-13418 (OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. ...)
+ NOT-FOR-US: OpenIAM
+CVE-2020-13417 (An Elevation of Privilege issue was discovered in Aviatrix VPN Client ...)
+ NOT-FOR-US: Aviatrix
+CVE-2020-13416 (An issue was discovered in Aviatrix Controller before 5.4.1066. A Cont ...)
+ NOT-FOR-US: Aviatrix
+CVE-2020-13415 (An issue was discovered in Aviatrix Controller through 5.1. An attacke ...)
+ NOT-FOR-US: Aviatrix
+CVE-2020-13414 (An issue was discovered in Aviatrix Controller before 5.4.1204. It con ...)
+ NOT-FOR-US: Aviatrix
+CVE-2020-13413 (An issue was discovered in Aviatrix Controller before 5.4.1204. There ...)
+ NOT-FOR-US: Aviatrix
+CVE-2020-13412 (An issue was discovered in Aviatrix Controller before 5.4.1204. An API ...)
+ NOT-FOR-US: Aviatrix
+CVE-2020-13411
+ RESERVED
+CVE-2020-13410 (An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not ...)
+ NOT-FOR-US: MoscaJS Aedes
+CVE-2020-13409 (Tufin SecureTrack &lt; R20-2 GA contains reflected + stored XSS (as in ...)
+ NOT-FOR-US: Tufin
+CVE-2020-13408 (Tufin SecureTrack &lt; R20-2 GA contains reflected + stored XSS (as in ...)
+ NOT-FOR-US: Tufin
+CVE-2020-13407 (Tufin SecureTrack &lt; R20-2 GA contains reflected + stored XSS (as in ...)
+ NOT-FOR-US: Tufin
+CVE-2020-13406
+ RESERVED
+CVE-2020-13405 (userfiles/modules/users/controller/controller.php in Microweber before ...)
+ NOT-FOR-US: Microweber
+CVE-2020-13404 (The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for M ...)
+ NOT-FOR-US: Atos-Magento
+CVE-2020-13403
+ RESERVED
+CVE-2020-13402
+ RESERVED
+CVE-2020-13401 (An issue was discovered in Docker Engine before 19.03.11. An attacker ...)
+ {DSA-4716-1}
+ - docker.io 19.03.11+dfsg1-1 (bug #962141)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833233
+ NOTE: https://github.com/moby/libnetwork/commit/153d0769a1181bf591a9637fd487a541ec7db1e6
+CVE-2020-13400
+ RESERVED
+CVE-2020-13399
+ RESERVED
+CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
+ {DLA-2356-1}
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
+CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
+ {DLA-2356-1}
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
+CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...)
+ {DLA-2356-1}
+ - freerdp2 2.1.1+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc
+CVE-2020-13395
+ RESERVED
+CVE-2020-13394 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
+ NOT-FOR-US: Tenda devices
+CVE-2020-13393 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
+ NOT-FOR-US: Tenda devices
+CVE-2020-13392 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
+ NOT-FOR-US: Tenda devices
+CVE-2020-13391 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
+ NOT-FOR-US: Tenda devices
+CVE-2020-13390 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
+ NOT-FOR-US: Tenda devices
+CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...)
+ NOT-FOR-US: Tenda devices
+CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...)
+ NOT-FOR-US: jw.util
+CVE-2020-13387 (Pexip Infinity before 23.4 has a lack of input validation, leading to ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...)
+ NOT-FOR-US: SmartDraw
+CVE-2020-13385
+ RESERVED
+CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...)
+ NOT-FOR-US: Monstra CMS
+CVE-2020-13383 (openSIS through 7.4 allows Directory Traversal. ...)
+ NOT-FOR-US: openSIS
+CVE-2020-13382 (openSIS through 7.4 has Incorrect Access Control. ...)
+ NOT-FOR-US: openSIS
+CVE-2020-13381 (openSIS through 7.4 allows SQL Injection. ...)
+ NOT-FOR-US: openSIS
+CVE-2020-13380 (openSIS before 7.4 allows SQL Injection. ...)
+ NOT-FOR-US: openSIS
+CVE-2020-13379 (The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ...)
+ - grafana <removed>
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/4
+ NOTE: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
+CVE-2020-13378
+ RESERVED
+CVE-2020-13377
RESERVED
-CVE-2020-13263
+CVE-2020-13376 (SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable fil ...)
+ NOT-FOR-US: SecurEnvoy SecurMail
+CVE-2020-13375
+ RESERVED
+CVE-2020-13374
+ RESERVED
+CVE-2020-13373
+ RESERVED
+CVE-2020-13372
+ RESERVED
+CVE-2020-13371
+ RESERVED
+CVE-2020-13370
RESERVED
-CVE-2020-13262
+CVE-2020-13369
+ RESERVED
+CVE-2020-13368
RESERVED
-CVE-2020-13261
+CVE-2020-13367
RESERVED
-CVE-2020-13260
+CVE-2020-13366
RESERVED
-CVE-2020-13259
+CVE-2020-13365 (Certain Zyxel products have a locally accessible binary that allows a ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-13364 (A backdoor in certain Zyxel products allows remote TELNET access via a ...)
+ NOT-FOR-US: Zyxel
+CVE-2020-13363
RESERVED
+CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...)
+ {DSA-4728-1 DLA-2288-1 DLA-2262-1}
+ - qemu 1:5.0-6 (bug #961887)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html
+CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c ...)
+ {DSA-4728-1 DLA-2288-1 DLA-2262-1}
+ - qemu 1:5.0-6 (bug #961888)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html
+CVE-2020-13360
+ REJECTED
+CVE-2020-13359 (The Terraform API in GitLab CE/EE 12.10+ exposed the object storage si ...)
+ - gitlab 13.3.9-1
+ NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
+CVE-2020-13358 (A vulnerability in the internal Kubernetes agent api in GitLab CE/EE v ...)
+ - gitlab 13.3.9-1
+ NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
+CVE-2020-13357 (An issue was discovered in Gitlab CE/EE versions &gt;= 13.1 to &lt;13. ...)
+ - gitlab 13.4.7-1
+ NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/
+CVE-2020-13356 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab 13.3.9-1
+ NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
+CVE-2020-13355 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab 13.3.9-1
+ NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
+CVE-2020-13354 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...)
+ - gitlab 13.3.9-1
+ NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
+CVE-2020-13353 (When importing repos via URL, one time use git credentials were persis ...)
+ - gitaly 13.3.9-1
+CVE-2020-13352 (Private group info is leaked leaked in GitLab CE/EE version 10.2 and a ...)
+ - gitlab 13.3.9-1
+ NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
+CVE-2020-13351 (Insufficient permission checks in scheduled pipeline API in GitLab CE/ ...)
+ - gitlab 13.3.9-1
+ NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
+CVE-2020-13350 (CSRF in runner administration page in all versions of GitLab CE/EE all ...)
+ - gitlab 13.3.9-1
+ NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
+CVE-2020-13349 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2020-13348 (An issue has been discovered in GitLab EE affecting all versions start ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2020-13347 (A command injection vulnerability was discovered in Gitlab runner vers ...)
+ - gitlab-ci-multi-runner <not-affected> (Only affects gitlab-runner when configured on Windows)
+CVE-2020-13346 (Membership changes are not reflected in ToDo subscriptions in GitLab v ...)
+ - gitlab 13.2.10-1
+CVE-2020-13345 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab 13.2.10-1
+CVE-2020-13344 (An issue has been discovered in GitLab affecting all versions prior to ...)
+ - gitlab 13.2.10-1
+CVE-2020-13343 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab 13.2.10-1
+CVE-2020-13342 (An issue has been discovered in GitLab affecting versions prior to 13. ...)
+ - gitlab 13.2.10-1
+CVE-2020-13341 (An issue has been discovered in GitLab affecting all versions prior to ...)
+ - gitlab 13.2.10-1
+CVE-2020-13340 (An issue has been discovered in GitLab affecting all versions prior to ...)
+ - gitlab 13.3.9-1
+ NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
+CVE-2020-13339 (An issue has been discovered in GitLab affecting all versions before 1 ...)
+ - gitlab 13.2.10-1
+CVE-2020-13338 (An issue has been discovered in GitLab affecting versions prior to 12. ...)
+ - gitlab 13.2.3-2
+ NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/213273
+CVE-2020-13337 (An issue has been discovered in GitLab affecting versions from 12.10 t ...)
+ - gitlab <not-affected> (Only affected 12.10 to 12.10.12)
+ NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/199049
+CVE-2020-13336 (An issue has been discovered in GitLab affecting versions from 11.8 be ...)
+ - gitlab <not-affected> (Only affected 11.x/12.x while unstable on 13.x)
+CVE-2020-13335 (Improper group membership validation when deleting a user account in G ...)
+ - gitlab 13.2.10-1
+CVE-2020-13334 (In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper autho ...)
+ - gitlab 13.2.10-1
+CVE-2020-13333 (A potential DOS vulnerability was discovered in GitLab versions 13.1, ...)
+ - gitlab 13.2.10-1
+CVE-2020-13332
+ REJECTED
+CVE-2020-13331 (An issue has been discovered in GitLab affecting versions prior to 12. ...)
+ - gitlab 13.2.3-2
+CVE-2020-13330 (An issue has been discovered in GitLab affecting versions prior to 12. ...)
+ - gitlab 13.2.3-2
+CVE-2020-13329 (An issue has been discovered in GitLab affecting versions from 12.6.2 ...)
+ - gitlab 13.2.3-2
+CVE-2020-13328 (An issue has been discovered in GitLab affecting versions prior to 13. ...)
+ - gitlab 13.2.3-2
+CVE-2020-13327 (An issue has been discovered in GitLab Runner affecting all versions s ...)
+ - gitlab-ci-multi-runner <unfixed> (bug #985377)
+CVE-2020-13326 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...)
+ - gitlab 13.2.3-2
+CVE-2020-13325 (A vulnerability was discovered in GitLab versions prior 13.1. The comm ...)
+ - gitlab 13.2.3-2
+CVE-2020-13324 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...)
+ - gitlab 13.2.3-2
+CVE-2020-13323 (A vulnerability was discovered in GitLab versions prior 13.1. Under ce ...)
+ - gitlab 13.2.3-2
+CVE-2020-13322 (A vulnerability was discovered in GitLab versions after 12.9. Due to i ...)
+ - gitlab 13.2.3-2
+CVE-2020-13321 (A vulnerability was discovered in GitLab versions prior to 13.1. Usern ...)
+ - gitlab 13.2.3-2
+CVE-2020-13320 (An issue has been discovered in GitLab before version 12.10.13 that al ...)
+ - gitlab 13.2.3-2
+CVE-2020-13319 (An issue has been discovered in GitLab affecting versions prior to 13. ...)
+ - gitlab 13.2.3-2
+CVE-2020-13318 (A vulnerability was discovered in GitLab versions before 13.0.12, 13.1 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13317 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13316 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13315 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13314 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13313 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13312 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13311 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13310 (A vulnerability was discovered in GitLab runner versions before 13.1.3 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13309 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13308 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13307 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13306 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13305 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13304 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13303 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13302 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13301 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13300 (GitLab before version 13.3.4 was vulnerable to an OAuth authorization ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13299 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13298 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13297 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13296 (An issue has been discovered in GitLab affecting versions &gt;=10.7 &l ...)
+ - gitlab 13.2.6-1
+CVE-2020-13295 (For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd ...)
+ - gitlab-ci-multi-runner <unfixed> (bug #985377)
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13294 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not re ...)
+ [experimental] - gitlab 13.1.6-1
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13293 (In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexa ...)
+ [experimental] - gitlab 13.1.6-1
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13292 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass ...)
+ [experimental] - gitlab 13.1.6-1
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13291 (In GitLab before 13.2.3, project sharing could temporarily allow too p ...)
+ - gitlab <not-affected> (Only affects GitLab 13.2 and later)
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13290 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control ...)
+ [experimental] - gitlab 13.1.6-1
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13289 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13288 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerabili ...)
+ - gitlab <not-affected> (Only affects GitLab 13.0 and later)
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13287 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13286 (For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configur ...)
+ - gitlab <not-affected> (Only affects GitLab 12.7 and later)
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13285 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) ...)
+ - gitlab <not-affected> (Only affects GitLab 12.9 and later)
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13284 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
+ - gitlab 13.2.8-1
+ NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
+CVE-2020-13283 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulne ...)
+ [experimental] - gitlab 13.1.6-1
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13282 (For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occur ...)
+ [experimental] - gitlab 13.1.6-1
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13281 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists i ...)
+ [experimental] - gitlab 13.1.6-1
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13280 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exi ...)
+ [experimental] - gitlab 13.1.6-1
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
+CVE-2020-13279 (Client side code execution in gitlab-vscode-extension v2.2.0 allows at ...)
+ NOT-FOR-US: gitlab-vscode-extension
+CVE-2020-13278 (Reflected Cross-Site Scripting vulnerability in Modules.php in Rosario ...)
+ NOT-FOR-US: RosarioSIS Student Information System
+CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...)
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/06/10/critical-security-release-13-0-6-released/
+CVE-2020-13276 (User is allowed to set an email as a notification email even without v ...)
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13275 (A user with an unverified email address could request an access to dom ...)
+ - gitlab <not-affected> (Only affects GitLab EE/CE 12.2 and later)
+CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks through m ...)
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the system resour ...)
+ - gitlab <not-affected> (Only affects GitLab 12.0 and later)
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later through 13 ...)
+ - gitlab <not-affected> (Only affects GitLab 12.3 and later)
+CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the execution of a ...)
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13270 (Missing permission check on fork relation creation in GitLab CE/EE 11. ...)
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13269 (A Reflected Cross-Site Scripting vulnerability allowed the execution o ...)
+ - gitlab <not-affected> (Only affects GitLab 12.10 and later)
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13268 (A specially crafted request could be used to confirm the existence of ...)
+ - gitlab <not-affected> (Only affects GitLab 12.10 and later)
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the execution on J ...)
+ - gitlab <not-affected> (Only affects GitLab 12.8 and later)
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...)
+ - gitlab <not-affected> (Only affects GitLab 12.8 and later)
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later through ...)
+ - gitlab <not-affected> (Only affects GitLab 12.5 and later)
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...)
+ - gitlab 13.2.3-2
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13263 (An authorization issue relating to project maintainer impersonation wa ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 ...)
+ - gitlab <not-affected> (Only affects GitLab 12.9 and later)
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...)
+ - gitlab <not-affected> (Only affects GitLab 12.6 and later)
+ NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
+CVE-2020-13260 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...)
+ NOT-FOR-US: RAD SecFlow-1v os-image
+CVE-2020-13259 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...)
+ NOT-FOR-US: RAD SecFlow-1v os-image
CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...)
NOT-FOR-US: Contentful
CVE-2020-13257
@@ -1054,30 +41467,42 @@ CVE-2020-13256
RESERVED
CVE-2020-13255
RESERVED
-CVE-2020-13254
- RESERVED
+CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
+ {DSA-4705-1 DLA-2233-1}
+ - python-django 2:2.2.13-1 (bug #962323)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1
+ NOTE: https://github.com/django/django/commit/2c82414914ae6476be5a166be9ff49c24d0d9069 (master)
+ NOTE: https://github.com/django/django/commit/580bd64c0482ae9b7c05715390e25f4405a12719 (3.1 branch)
+ NOTE: https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693 (3.0 branch)
+ NOTE: https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206 (2.2 branch)
+ NOTE: Regression https://code.djangoproject.com/ticket/31654
CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, wh ...)
- - qemu <unfixed> (bug #961297)
- [buster] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
- [stretch] - qemu <postponed> (Minor issue, can be fixed along in next DSA)
+ {DLA-2373-1}
+ - qemu 1:5.0-8 (bug #961297)
+ [buster] - qemu <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html
NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/2
- NOTE: https://bugs.launchpad.net/qemu/+bug/1880822
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1880822 (reproducer)
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=790762e5487114341cccc5bffcec4cb3c022c3cd (5.1)
CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...)
- centreon-web <itp> (bug #913903)
CVE-2020-13251
RESERVED
-CVE-2020-13250
- RESERVED
+CVE-2020-13250 (HashiCorp Consul and Consul Enterprise include an HTTP API (introduced ...)
+ - consul 1.7.4+dfsg1-1
+ [buster] - consul <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
+ NOTE: https://github.com/hashicorp/consul/pull/8023
CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not ...)
- - mariadb-10.3 <unfixed>
+ - mariadb-10.3 1:10.3.23-1
+ [buster] - mariadb-10.3 1:10.3.23-0+deb10u1
- mariadb-10.1 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 (v3.1.8)
NOTE: Introduced around: https://github.com/mariadb-corporation/mariadb-connector-c/commit/b4efe73c9e725f97b3550371f8a78a10a20bf2fd (v3.0-cc-server-integ-0)
-CVE-2020-13248
- RESERVED
-CVE-2020-13247
- RESERVED
+CVE-2020-13248 (BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS ...)
+ NOT-FOR-US: BooleBox Secure File Sharing Utility
+CVE-2020-13247 (BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injecti ...)
+ NOT-FOR-US: BooleBox Secure File Sharing Utility
CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...)
- gitea <removed>
CVE-2020-13245 (Certain NETGEAR devices are affected by Missing SSL Certificate Valida ...)
@@ -1094,8 +41519,8 @@ CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Set
- dolibarr <removed>
CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html file ...)
- dolibarr <removed>
-CVE-2020-13238
- RESERVED
+CVE-2020-13238 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to ...)
+ NOT-FOR-US: Mitsubishi
CVE-2020-13237
RESERVED
CVE-2020-13236
@@ -1110,135 +41535,142 @@ CVE-2020-13232
RESERVED
CVE-2020-13231 (In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for a ...)
- cacti 1.2.11+ds1-1
+ [buster] - cacti 1.2.2+ds1-2+deb10u3
+ [stretch] - cacti <no-dsa> (Minor issue)
NOTE: https://github.com/Cacti/cacti/issues/3342
CVE-2020-13230 (In Cacti before 1.2.11, disabling a user account does not immediately ...)
- cacti 1.2.11+ds1-1
+ [buster] - cacti 1.2.2+ds1-2+deb10u3
+ [stretch] - cacti <no-dsa> (Minor issue, Partial patch https://people.debian.org/~abhijith/upload/CVE-2020-13230.patch)
NOTE: https://github.com/Cacti/cacti/issues/3343
-CVE-2020-13229
- RESERVED
-CVE-2020-13228
- RESERVED
-CVE-2020-13227
- RESERVED
+CVE-2020-13229 (An issue was discovered in Sysax Multi Server 6.90. A session can be h ...)
+ NOT-FOR-US: Sysax Multi Server
+CVE-2020-13228 (An issue was discovered in Sysax Multi Server 6.90. There is reflected ...)
+ NOT-FOR-US: Sysax Multi Server
+CVE-2020-13227 (An issue was discovered in Sysax Multi Server 6.90. An attacker can de ...)
+ NOT-FOR-US: Sysax Multi Server
CVE-2020-13226 (WSO2 API Manager 3.0.0 does not properly restrict outbound network acc ...)
NOT-FOR-US: WSO2 API Manager
CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability ...)
- phpipam <itp> (bug #731713)
NOTE: https://github.com/phpipam/phpipam/issues/3025
-CVE-2020-13224
- RESERVED
-CVE-2020-13223
- RESERVED
+CVE-2020-13224 (TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices throu ...)
+ NOT-FOR-US: TP-LINK
+CVE-2020-13223 (HashiCorp Vault and Vault Enterprise logged proxy environment variable ...)
+ NOT-FOR-US: HashiCorp Vault
CVE-2020-13222
- RESERVED
+ REJECTED
CVE-2020-13221
- RESERVED
+ REJECTED
CVE-2020-13220
- RESERVED
+ REJECTED
CVE-2020-13219
- RESERVED
+ REJECTED
CVE-2020-13218
- RESERVED
+ REJECTED
CVE-2020-13217
- RESERVED
+ REJECTED
CVE-2020-13216
- RESERVED
+ REJECTED
CVE-2020-13215
- RESERVED
+ REJECTED
CVE-2020-13214
- RESERVED
+ REJECTED
CVE-2020-13213
- RESERVED
+ REJECTED
CVE-2020-13212
- RESERVED
+ REJECTED
CVE-2020-13211
- RESERVED
+ REJECTED
CVE-2020-13210
- RESERVED
+ REJECTED
CVE-2020-13209
- RESERVED
+ REJECTED
CVE-2020-13208
- RESERVED
+ REJECTED
CVE-2020-13207
- RESERVED
+ REJECTED
CVE-2020-13206
- RESERVED
+ REJECTED
CVE-2020-13205
- RESERVED
+ REJECTED
CVE-2020-13204
- RESERVED
+ REJECTED
CVE-2020-13203
- RESERVED
+ REJECTED
CVE-2020-13202
- RESERVED
+ REJECTED
CVE-2020-13201
- RESERVED
+ REJECTED
CVE-2020-13200
- RESERVED
+ REJECTED
CVE-2020-13199
- RESERVED
+ REJECTED
CVE-2020-13198
- RESERVED
+ REJECTED
CVE-2020-13197
- RESERVED
+ REJECTED
CVE-2020-13196
- RESERVED
+ REJECTED
CVE-2020-13195
- RESERVED
+ REJECTED
CVE-2020-13194
- RESERVED
+ REJECTED
CVE-2020-13193
- RESERVED
+ REJECTED
CVE-2020-13192
- RESERVED
+ REJECTED
CVE-2020-13191
- RESERVED
+ REJECTED
CVE-2020-13190
- RESERVED
+ REJECTED
CVE-2020-13189
- RESERVED
+ REJECTED
CVE-2020-13188
- RESERVED
+ REJECTED
CVE-2020-13187
- RESERVED
-CVE-2020-13186
- RESERVED
-CVE-2020-13185
- RESERVED
+ REJECTED
+CVE-2020-13186 (An Anti CSRF mechanism was discovered missing in the Teradici Cloud Ac ...)
+ NOT-FOR-US: Teradici
+CVE-2020-13185 (Certain web application pages in the authenticated section of the Tera ...)
+ NOT-FOR-US: Teradici
CVE-2020-13184
RESERVED
-CVE-2020-13183
- RESERVED
+CVE-2020-13183 (Reflected Cross Site Scripting in Teradici PCoIP Management Console pr ...)
+ NOT-FOR-US: Teradici
CVE-2020-13182
RESERVED
CVE-2020-13181
RESERVED
CVE-2020-13180
RESERVED
-CVE-2020-13179
- RESERVED
-CVE-2020-13178
- RESERVED
-CVE-2020-13177
- RESERVED
-CVE-2020-13176
- RESERVED
-CVE-2020-13175
- RESERVED
-CVE-2020-13174
- RESERVED
+CVE-2020-13179 (Broker Protocol messages in Teradici PCoIP Standard Agent for Windows ...)
+ NOT-FOR-US: Teradici
+CVE-2020-13178 (A function in the Teradici PCoIP Standard Agent for Windows and Graphi ...)
+ NOT-FOR-US: Teradici
+CVE-2020-13177 (The support bundler in Teradici PCoIP Standard Agent for Windows and G ...)
+ NOT-FOR-US: Teradici
+CVE-2020-13176 (The Management Interface of the Teradici Cloud Access Connector and Cl ...)
+ NOT-FOR-US: Teradici
+CVE-2020-13175 (The Management Interface of the Teradici Cloud Access Connector and Cl ...)
+ NOT-FOR-US: Teradici
+CVE-2020-13174 (The web server in the Teradici Managament console versions 20.04 and 2 ...)
+ NOT-FOR-US: Teradici
CVE-2020-13173 (Initialization of the pcoip_credential_provider in Teradici PCoIP Stan ...)
NOT-FOR-US: Teradici
CVE-2020-13172
RESERVED
CVE-2020-13171
RESERVED
-CVE-2020-13170
- RESERVED
-CVE-2020-13169
- RESERVED
-CVE-2020-13168
- RESERVED
+CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enforce s ...)
+ - consul 1.7.4+dfsg1-1
+ [buster] - consul <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
+ NOTE: https://github.com/hashicorp/consul/pull/8068
+CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platf ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-13168 (SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp acco ...)
+ NOT-FOR-US: SysAid
CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution ...)
NOT-FOR-US: Netsweeper
CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers to ex ...)
@@ -1246,31 +41678,31 @@ CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers
CVE-2020-13165
RESERVED
CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the ...)
+ {DLA-2547-1}
- wireshark 3.2.4-1 (low)
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
- [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
+ [buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <postponed> (Can be fixed along with other CVEs)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-08.html
CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way that allo ...)
NOT-FOR-US: em-imap
-CVE-2020-13162
- RESERVED
+CVE-2020-13162 (A time-of-check time-of-use vulnerability in PulseSecureService.exe in ...)
+ NOT-FOR-US: Pulse Secure Client
CVE-2020-13161
RESERVED
-CVE-2020-13160
- RESERVED
-CVE-2020-13159
- RESERVED
-CVE-2020-13158
- RESERVED
-CVE-2020-13157
- RESERVED
-CVE-2020-13156
- RESERVED
-CVE-2020-13155
- RESERVED
+CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...)
+ NOT-FOR-US: AnyDesk
+CVE-2020-13159 (Artica Proxy before 4.30.000000 Community Edition allows OS command in ...)
+ NOT-FOR-US: Artica Proxy
+CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows Directory Tra ...)
+ NOT-FOR-US: Artica Proxy
+CVE-2020-13157 (modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a u ...)
+ NOT-FOR-US: NukeViet
+CVE-2020-13156 (modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a ...)
+ NOT-FOR-US: NukeViet
+CVE-2020-13155 (clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML inject ...)
+ NOT-FOR-US: NukeViet
CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-priv ...)
NOT-FOR-US: Zoho
CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...)
@@ -1278,10 +41710,10 @@ CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 h
CVE-2020-13152 (A remote user can create a specially crafted M3U file, media playlist ...)
- amarok <removed> (unimportant)
NOTE: Elevated resource usage in client application, no security impact
-CVE-2020-13151
- RESERVED
-CVE-2020-13150
- RESERVED
+CVE-2020-13151 (Aerospike Community Edition 4.9.0.5 allows for unauthenticated submiss ...)
+ NOT-FOR-US: Aerospike
+CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 secon ...)
+ NOT-FOR-US: D-link
CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...)
NOT-FOR-US: Dragon Center
CVE-2020-13148
@@ -1310,15 +41742,21 @@ CVE-2020-13136 (D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can
NOT-FOR-US: D-Link
CVE-2020-13135 (D-Link DSP-W215 1.26b03 devices allow information disclosure by interc ...)
NOT-FOR-US: D-Link
-CVE-2020-13134
- RESERVED
-CVE-2020-13133
- RESERVED
-CVE-2020-13132
- RESERVED
-CVE-2020-13131
- RESERVED
+CVE-2020-13134 (Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to ...)
+ NOT-FOR-US: Tufin SecureChange
+CVE-2020-13133 (Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to ...)
+ NOT-FOR-US: Tufin SecureChange
+CVE-2020-13132 (An issue was discovered in Yubico libykpiv before 2.1.0. An attacker c ...)
+ - yubico-piv-tool 2.1.1-1 (bug #972644)
+ [stretch] - yubico-piv-tool <not-affected> (Vulnerable code not present)
+ NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-02/
+ NOTE: https://blog.inhq.net/posts/yubico-libykpiv-vuln/
+CVE-2020-13131 (An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in ...)
+ - yubico-piv-tool 2.1.1-1 (bug #975612)
+ [stretch] - yubico-piv-tool <not-affected> (Vulnerable code not present)
+ NOTE: https://blog.inhq.net/posts/yubico-libykpiv-vuln/
CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.6.14-1
NOTE: https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f
CVE-2020-13130
@@ -1327,49 +41765,54 @@ CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for ma
NOT-FOR-US: stashcat app for MacOS
CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServle ...)
NOT-FOR-US: Manolo GWTUpload
-CVE-2020-13127
- RESERVED
+CVE-2020-13127 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...)
+ NOT-FOR-US: Loway QueueMetrics
CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 2.9.4 for W ...)
NOT-FOR-US: Elementor Pro plugin for WordPress
CVE-2020-13125 (An issue was discovered in the "Ultimate Addons for Elementor" plugin ...)
NOT-FOR-US: "Ultimate Addons for Elementor" plugin for WordPress
-CVE-2020-13124
- RESERVED
+CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in ...)
+ - sabnzbdplus 3.1.1+dfsg-1
+ [buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u1
+ [stretch] - sabnzbdplus <ignored> (contrib not supported)
+ NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2
+ NOTE: https://github.com/sabnzbd/sabnzbd/commit/dfcba6e2fb37f58fea06b453b1ba258c7f110429
+ NOTE: https://github.com/sabnzbd/sabnzbd/commit/73d3f7b5c248fc369de3454fe53e3e93924ebfe3
CVE-2020-13123
RESERVED
-CVE-2020-13122
- RESERVED
+CVE-2020-13122 (The novish command-line interface, included in NoviFlow NoviWare befor ...)
+ NOT-FOR-US: Noviflow
CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...)
NOT-FOR-US: Submitty
CVE-2020-13120
RESERVED
-CVE-2020-13119
- RESERVED
+CVE-2020-13119 (ismartgate PRO 1.5.9 is vulnerable to clickjacking. ...)
+ NOT-FOR-US: ismartgate PRO
CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...)
NOT-FOR-US: Mikrotik-Router-Monitoring-System
-CVE-2020-13117
- RESERVED
-CVE-2020-13116
- RESERVED
+CVE-2020-13117 (Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthent ...)
+ NOT-FOR-US: Wavlink WN575A4 and WN579X3 devices
+CVE-2020-13116 (OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an ...)
+ NOT-FOR-US: OpenText Carbonite Server Backup Portal
CVE-2020-13115
RESERVED
CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...)
{DLA-2222-1}
- libexif 0.6.21-9 (bug #961410)
- [buster] - libexif <no-dsa> (Minor issue)
- [stretch] - libexif <no-dsa> (Minor issue)
+ [buster] - libexif 0.6.21-5.1+deb10u3
+ [stretch] - libexif 0.6.21-2+deb9u3
NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22)
CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...)
{DLA-2222-1}
- libexif 0.6.21-9 (bug #961409)
- [buster] - libexif <no-dsa> (Minor issue)
- [stretch] - libexif <no-dsa> (Minor issue)
+ [buster] - libexif 0.6.21-5.1+deb10u3
+ [stretch] - libexif 0.6.21-2+deb9u3
NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22)
CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...)
{DLA-2222-1}
- libexif 0.6.21-9 (bug #961407)
- [buster] - libexif <no-dsa> (Minor issue)
- [stretch] - libexif <no-dsa> (Minor issue)
+ [buster] - libexif 0.6.21-5.1+deb10u3
+ [stretch] - libexif 0.6.21-2+deb9u3
NOTE: https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 (0.6.22)
CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...)
NOT-FOR-US: NaviServer
@@ -1391,10 +41834,10 @@ CVE-2020-13103
RESERVED
CVE-2020-13102
RESERVED
-CVE-2020-13101
- RESERVED
-CVE-2020-13100
- RESERVED
+CVE-2020-13101 (In OASIS Digital Signature Services (DSS) 1.0, an attacker can control ...)
+ NOT-FOR-US: OASIS Digital Signature Services (DSS)
+CVE-2020-13100 (Arista&#8217;s CloudVision eXchange (CVX) server before 4.21.12M, 4.22 ...)
+ NOT-FOR-US: Arista
CVE-2020-13099
RESERVED
CVE-2020-13098
@@ -1403,8 +41846,8 @@ CVE-2020-13097
RESERVED
CVE-2020-13096
RESERVED
-CVE-2020-13095
- RESERVED
+CVE-2020-13095 (Little Snitch version 4.5.1 and older changed ownership of a directory ...)
+ NOT-FOR-US: Little Snitch
CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...)
- dolibarr <removed>
CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...)
@@ -1416,430 +41859,438 @@ CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and execute
CVE-2020-13090
RESERVED
CVE-2020-13089
- RESERVED
+ REJECTED
CVE-2020-13088
- RESERVED
+ REJECTED
CVE-2020-13087
- RESERVED
+ REJECTED
CVE-2020-13086
- RESERVED
+ REJECTED
CVE-2020-13085
- RESERVED
+ REJECTED
CVE-2020-13084
- RESERVED
+ REJECTED
CVE-2020-13083
- RESERVED
+ REJECTED
CVE-2020-13082
- RESERVED
+ REJECTED
CVE-2020-13081
- RESERVED
+ REJECTED
CVE-2020-13080
- RESERVED
+ REJECTED
CVE-2020-13079
- RESERVED
+ REJECTED
CVE-2020-13078
- RESERVED
+ REJECTED
CVE-2020-13077
- RESERVED
+ REJECTED
CVE-2020-13076
- RESERVED
+ REJECTED
CVE-2020-13075
- RESERVED
+ REJECTED
CVE-2020-13074
- RESERVED
+ REJECTED
CVE-2020-13073
- RESERVED
+ REJECTED
CVE-2020-13072
- RESERVED
+ REJECTED
CVE-2020-13071
- RESERVED
+ REJECTED
CVE-2020-13070
- RESERVED
+ REJECTED
CVE-2020-13069
- RESERVED
+ REJECTED
CVE-2020-13068
- RESERVED
+ REJECTED
CVE-2020-13067
- RESERVED
+ REJECTED
CVE-2020-13066
- RESERVED
+ REJECTED
CVE-2020-13065
- RESERVED
+ REJECTED
CVE-2020-13064
- RESERVED
+ REJECTED
CVE-2020-13063
- RESERVED
+ REJECTED
CVE-2020-13062
- RESERVED
+ REJECTED
CVE-2020-13061
- RESERVED
+ REJECTED
CVE-2020-13060
- RESERVED
+ REJECTED
CVE-2020-13059
- RESERVED
+ REJECTED
CVE-2020-13058
- RESERVED
+ REJECTED
CVE-2020-13057
- RESERVED
+ REJECTED
CVE-2020-13056
- RESERVED
+ REJECTED
CVE-2020-13055
- RESERVED
+ REJECTED
CVE-2020-13054
- RESERVED
+ REJECTED
CVE-2020-13053
- RESERVED
+ REJECTED
CVE-2020-13052
- RESERVED
+ REJECTED
CVE-2020-13051
- RESERVED
+ REJECTED
CVE-2020-13050
- RESERVED
+ REJECTED
CVE-2020-13049
- RESERVED
+ REJECTED
CVE-2020-13048
- RESERVED
+ REJECTED
CVE-2020-13047
- RESERVED
+ REJECTED
CVE-2020-13046
- RESERVED
+ REJECTED
CVE-2020-13045
- RESERVED
+ REJECTED
CVE-2020-13044
- RESERVED
+ REJECTED
CVE-2020-13043
- RESERVED
+ REJECTED
CVE-2020-13042
- RESERVED
+ REJECTED
CVE-2020-13041
- RESERVED
+ REJECTED
CVE-2020-13040
- RESERVED
+ REJECTED
CVE-2020-13039
- RESERVED
+ REJECTED
CVE-2020-13038
- RESERVED
+ REJECTED
CVE-2020-13037
- RESERVED
+ REJECTED
CVE-2020-13036
- RESERVED
+ REJECTED
CVE-2020-13035
- RESERVED
+ REJECTED
CVE-2020-13034
- RESERVED
+ REJECTED
CVE-2020-13033
- RESERVED
+ REJECTED
CVE-2020-13032
- RESERVED
+ REJECTED
CVE-2020-13031
- RESERVED
+ REJECTED
CVE-2020-13030
- RESERVED
+ REJECTED
CVE-2020-13029
- RESERVED
+ REJECTED
CVE-2020-13028
- RESERVED
+ REJECTED
CVE-2020-13027
- RESERVED
+ REJECTED
CVE-2020-13026
- RESERVED
+ REJECTED
CVE-2020-13025
- RESERVED
+ REJECTED
CVE-2020-13024
- RESERVED
+ REJECTED
CVE-2020-13023
- RESERVED
+ REJECTED
CVE-2020-13022
- RESERVED
+ REJECTED
CVE-2020-13021
- RESERVED
+ REJECTED
CVE-2020-13020
- RESERVED
+ REJECTED
CVE-2020-13019
- RESERVED
+ REJECTED
CVE-2020-13018
- RESERVED
+ REJECTED
CVE-2020-13017
- RESERVED
+ REJECTED
CVE-2020-13016
- RESERVED
+ REJECTED
CVE-2020-13015
- RESERVED
+ REJECTED
CVE-2020-13014
- RESERVED
+ REJECTED
CVE-2020-13013
- RESERVED
+ REJECTED
CVE-2020-13012
- RESERVED
+ REJECTED
CVE-2020-13011
- RESERVED
+ REJECTED
CVE-2020-13010
- RESERVED
+ REJECTED
CVE-2020-13009
- RESERVED
+ REJECTED
CVE-2020-13008
- RESERVED
+ REJECTED
CVE-2020-13007
- RESERVED
+ REJECTED
CVE-2020-13006
- RESERVED
+ REJECTED
CVE-2020-13005
- RESERVED
+ REJECTED
CVE-2020-13004
- RESERVED
+ REJECTED
CVE-2020-13003
- RESERVED
+ REJECTED
CVE-2020-13002
- RESERVED
+ REJECTED
CVE-2020-13001
- RESERVED
+ REJECTED
CVE-2020-13000
- RESERVED
+ REJECTED
CVE-2020-12999
- RESERVED
+ REJECTED
CVE-2020-12998
- RESERVED
+ REJECTED
CVE-2020-12997
- RESERVED
+ REJECTED
CVE-2020-12996
- RESERVED
+ REJECTED
CVE-2020-12995
- RESERVED
+ REJECTED
CVE-2020-12994
- RESERVED
+ REJECTED
CVE-2020-12993
- RESERVED
+ REJECTED
CVE-2020-12992
- RESERVED
+ REJECTED
CVE-2020-12991
- RESERVED
+ REJECTED
CVE-2020-12990
- RESERVED
+ REJECTED
CVE-2020-12989
- RESERVED
-CVE-2020-12988
- RESERVED
-CVE-2020-12987
- RESERVED
-CVE-2020-12986
- RESERVED
-CVE-2020-12985
- RESERVED
+ REJECTED
+CVE-2020-12988 (A potential denial of service (DoS) vulnerability exists in the integr ...)
+ NOT-FOR-US: AMD
+CVE-2020-12987 (A heap information leak/kernel pool address disclosure vulnerability i ...)
+ NOT-FOR-US: AMD
+CVE-2020-12986 (An insufficient pointer validation vulnerability in the AMD Graphics D ...)
+ NOT-FOR-US: AMD
+CVE-2020-12985 (An insufficient pointer validation vulnerability in the AMD Graphics D ...)
+ NOT-FOR-US: AMD
CVE-2020-12984
- RESERVED
-CVE-2020-12983
- RESERVED
-CVE-2020-12982
- RESERVED
-CVE-2020-12981
- RESERVED
-CVE-2020-12980
- RESERVED
+ REJECTED
+CVE-2020-12983 (An out of bounds write vulnerability in the AMD Graphics Driver for Wi ...)
+ NOT-FOR-US: AMD
+CVE-2020-12982 (An invalid object pointer free vulnerability in the AMD Graphics Drive ...)
+ NOT-FOR-US: AMD
+CVE-2020-12981 (An insufficient input validation in the AMD Graphics Driver for Window ...)
+ NOT-FOR-US: AMD
+CVE-2020-12980 (An out of bounds write and read vulnerability in the AMD Graphics Driv ...)
+ NOT-FOR-US: AMD
CVE-2020-12979
- RESERVED
+ REJECTED
CVE-2020-12978
- RESERVED
+ REJECTED
CVE-2020-12977
- RESERVED
+ REJECTED
CVE-2020-12976
- RESERVED
+ REJECTED
CVE-2020-12975
- RESERVED
+ REJECTED
CVE-2020-12974
- RESERVED
+ REJECTED
CVE-2020-12973
- RESERVED
+ REJECTED
CVE-2020-12972
- RESERVED
+ REJECTED
CVE-2020-12971
- RESERVED
+ REJECTED
CVE-2020-12970
- RESERVED
+ REJECTED
CVE-2020-12969
- RESERVED
+ REJECTED
CVE-2020-12968
- RESERVED
-CVE-2020-12967
- RESERVED
-CVE-2020-12966
- RESERVED
-CVE-2020-12965
- RESERVED
-CVE-2020-12964
- RESERVED
-CVE-2020-12963
- RESERVED
-CVE-2020-12962
- RESERVED
-CVE-2020-12961
- RESERVED
-CVE-2020-12960
- RESERVED
+ REJECTED
+CVE-2020-12967 (The lack of nested page table protection in the AMD SEV/SEV-ES feature ...)
+ NOT-FOR-US: AMD
+CVE-2020-12966 (AMD EPYC&#8482; Processors contain an information disclosure vulnerabi ...)
+ NOT-FOR-US: AMD
+CVE-2020-12965 (When combined with specific software sequences, AMD CPUs may transient ...)
+ NOT-FOR-US: AMD
+CVE-2020-12964 (A potential privilege escalation/denial of service issue exists in the ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Graphics D ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12962 (Escape call interface in the AMD Graphics Driver for Windows may cause ...)
+ NOT-FOR-US: AMD
+CVE-2020-12961 (A potential vulnerability exists in AMD Platform Security Processor (P ...)
+ NOT-FOR-US: AMD
+CVE-2020-12960 (AMD Graphics Driver for Windows 10, amdfender.sys may improperly handl ...)
+ NOT-FOR-US: AMD
CVE-2020-12959
- RESERVED
+ REJECTED
CVE-2020-12958
- RESERVED
+ REJECTED
CVE-2020-12957
- RESERVED
+ REJECTED
CVE-2020-12956
- RESERVED
+ REJECTED
CVE-2020-12955
- RESERVED
-CVE-2020-12954
- RESERVED
+ REJECTED
+CVE-2020-12954 (A side effect of an integrated chipset option may be able to be used b ...)
+ NOT-FOR-US: AMD
CVE-2020-12953
- RESERVED
+ REJECTED
CVE-2020-12952
- RESERVED
-CVE-2020-12951
- RESERVED
+ REJECTED
+CVE-2020-12951 (Race condition in PSP FW could allow less privileged x86 code to perfo ...)
+ NOT-FOR-US: AMD
CVE-2020-12950
- RESERVED
+ REJECTED
CVE-2020-12949
- RESERVED
+ REJECTED
CVE-2020-12948
- RESERVED
+ REJECTED
CVE-2020-12947
- RESERVED
-CVE-2020-12946
- RESERVED
+ REJECTED
+CVE-2020-12946 (Insufficient input validation in PSP firmware for discrete TPM command ...)
+ NOT-FOR-US: AMD
CVE-2020-12945
- RESERVED
-CVE-2020-12944
- RESERVED
+ REJECTED
+CVE-2020-12944 (Insufficient validation of BIOS image length by PSP Firmware could lea ...)
+ NOT-FOR-US: AMD
CVE-2020-12943
- RESERVED
+ REJECTED
CVE-2020-12942
- RESERVED
+ REJECTED
CVE-2020-12941
- RESERVED
+ REJECTED
CVE-2020-12940
RESERVED
CVE-2020-12939
- RESERVED
+ REJECTED
CVE-2020-12938
- RESERVED
+ REJECTED
CVE-2020-12937
- RESERVED
+ REJECTED
CVE-2020-12936
- RESERVED
+ REJECTED
CVE-2020-12935
- RESERVED
+ REJECTED
CVE-2020-12934
- RESERVED
-CVE-2020-12933
- RESERVED
+ REJECTED
+CVE-2020-12933 (A denial of service vulnerability exists in the D3DKMTEscape handler f ...)
+ NOT-FOR-US: AMD ATIKMDAG.SYS
CVE-2020-12932
RESERVED
CVE-2020-12931
RESERVED
CVE-2020-12930
RESERVED
-CVE-2020-12929
- RESERVED
-CVE-2020-12928
- RESERVED
-CVE-2020-12927
- RESERVED
-CVE-2020-12926
- RESERVED
+CVE-2020-12929 (Improper parameters validation in some trusted applications of the PSP ...)
+ NOT-FOR-US: AMD
+CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master ...)
+ NOT-FOR-US: AMD Ryzen Master
+CVE-2020-12927 (A potential vulnerability in a dynamically loaded AMD driver in AMD VB ...)
+ NOT-FOR-US: AMD
+CVE-2020-12926 (The Trusted Platform Modules (TPM) reference software may not properly ...)
+ NOT-FOR-US: AMD
CVE-2020-12925
- RESERVED
+ REJECTED
CVE-2020-12924
- RESERVED
+ REJECTED
CVE-2020-12923
- RESERVED
+ REJECTED
CVE-2020-12922
- RESERVED
+ REJECTED
CVE-2020-12921
- RESERVED
-CVE-2020-12920
- RESERVED
+ REJECTED
+CVE-2020-12920 (A potential denial of service issue exists in the AMD Display driver E ...)
+ NOT-FOR-US: AMD
CVE-2020-12919
- RESERVED
+ REJECTED
CVE-2020-12918
- RESERVED
+ REJECTED
CVE-2020-12917
- RESERVED
+ REJECTED
CVE-2020-12916
- RESERVED
+ REJECTED
CVE-2020-12915
- RESERVED
+ REJECTED
CVE-2020-12914
- RESERVED
+ REJECTED
CVE-2020-12913
- RESERVED
-CVE-2020-12912
- RESERVED
-CVE-2020-12911
- RESERVED
+ REJECTED
+CVE-2020-12912 (A potential vulnerability in the AMD extension to Linux "hwmon" servic ...)
+ - linux 5.9.9-1 (unimportant)
+ [buster] - linux <not-affected> (Vulnerable driver introduced later)
+ [stretch] - linux <not-affected> (Vulnerable driver introduced later)
+ NOTE: https://lore.kernel.org/stable/238e3cf7-582f-a265-5300-9b44948107b0@roeck-us.net/T/#ma48754bff34127867149bf466fc2f9c2deea3960
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1897402
+ NOTE: https://support.lenovo.com/lu/uk/product_security/LEN-50481
+ NOTE: CONFIG_SENSORS_AMD_ENERGY not enabled in Debian builds
+CVE-2020-12911 (A denial of service vulnerability exists in the D3DKMTCreateAllocation ...)
+ NOT-FOR-US: AMD ATIKMDAG.SYS
CVE-2020-12910
- RESERVED
+ REJECTED
CVE-2020-12909
- RESERVED
+ REJECTED
CVE-2020-12908
- RESERVED
+ REJECTED
CVE-2020-12907
- RESERVED
+ REJECTED
CVE-2020-12906
- RESERVED
-CVE-2020-12905
- RESERVED
-CVE-2020-12904
- RESERVED
-CVE-2020-12903
- RESERVED
-CVE-2020-12902
- RESERVED
-CVE-2020-12901
- RESERVED
-CVE-2020-12900
- RESERVED
-CVE-2020-12899
- RESERVED
-CVE-2020-12898
- RESERVED
-CVE-2020-12897
- RESERVED
+ REJECTED
+CVE-2020-12905 (Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3 ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12904 (Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3 ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12903 (Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12902 (Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Wi ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12901 (Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lea ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12900 (An arbitrary write vulnerability in the AMD Radeon Graphics Driver for ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12899 (Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12898 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead t ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12897 (Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 m ...)
+ NOT-FOR-US: Intel / AMD
CVE-2020-12896
- RESERVED
-CVE-2020-12895
- RESERVED
-CVE-2020-12894
- RESERVED
-CVE-2020-12893
- RESERVED
-CVE-2020-12892
- RESERVED
-CVE-2020-12891
- RESERVED
-CVE-2020-12890
- RESERVED
+ REJECTED
+CVE-2020-12895 (Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x1 ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12894 (Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x4001 ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12893 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12892 (An untrusted search path in AMD Radeon settings Installer may lead to ...)
+ NOT-FOR-US: Intel / AMD
+CVE-2020-12891 (AMD Radeon Software may be vulnerable to DLL Hijacking through path va ...)
+ NOT-FOR-US: AMD
+CVE-2020-12890 (Improper handling of pointers in the System Management Mode (SMM) hand ...)
+ NOT-FOR-US: AMD
CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...)
NOT-FOR-US: MISP
CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...)
- - linux <unfixed>
+ {DLA-2420-1 DLA-2385-1}
+ - linux 5.8.7-1
+ [buster] - linux 4.19.146-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244
-CVE-2020-12887
- RESERVED
-CVE-2020-12886
- RESERVED
-CVE-2020-12885
- RESERVED
-CVE-2020-12884
- RESERVED
-CVE-2020-12883
- RESERVED
+CVE-2020-12887 (Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 ...)
+ NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls)
+CVE-2020-12886 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...)
+ NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls)
+CVE-2020-12885 (An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.1 ...)
+ NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls)
+CVE-2020-12884 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...)
+ NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls)
+CVE-2020-12883 (Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5 ...)
+ NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls)
CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG document, as ...)
NOT-FOR-US: Submitty
CVE-2020-12881
RESERVED
-CVE-2020-12880
- RESERVED
+CVE-2020-12880 (An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect ...)
+ NOT-FOR-US: Pulse
CVE-2020-12879
RESERVED
-CVE-2020-12878
- RESERVED
+CVE-2020-12878 (Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate pr ...)
+ NOT-FOR-US: Digi ConnectPort X2e
CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...)
NOT-FOR-US: Veritas
CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...)
@@ -1848,78 +42299,98 @@ CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate a
NOT-FOR-US: Veritas
CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the ...)
NOT-FOR-US: Veritas
-CVE-2020-12873
- RESERVED
+CVE-2020-12873 (An issue was discovered in Alfresco Enterprise Content Management (ECM ...)
+ NOT-FOR-US: Alfresco Enterprise Content Management (ECM)
CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ...)
- - yaws <unfixed> (low; bug #961422)
- [buster] - yaws <no-dsa> (Minor issue)
- [stretch] - yaws <no-dsa> (Minor issue)
- [jessie] - yaws <no-dsa> (Minor issue)
+ - erlang 1:21.2.6+dfsg-1 (low)
+ [stretch] - erlang 1:19.2.1+dfsg-2+deb9u3
+ [jessie] - erlang <no-dsa> (Minor issue)
NOTE: https://medium.com/@charlielabs101/cve-2020-12872-df315411aa70
NOTE: https://github.com/erlyaws/yaws/issues/402
+ NOTE: In Debian yaws uses the cipher settings from erlang, mark the version which
+ NOTE: landed in Buster as fixed (although it was possibly fixed earlier between
+ NOTE: Stretch and Buster. The CVE was assigned specifically for yaws, cf. #961422
+ NOTE: for discussion.
CVE-2020-12871
RESERVED
-CVE-2020-12870
- RESERVED
-CVE-2020-12869
- RESERVED
+CVE-2020-12870 (RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username ...)
+ NOT-FOR-US: RainbowFish PacsOne Server
+CVE-2020-12869 (RainbowFish PacsOne Server 6.8.4 allows XSS. ...)
+ NOT-FOR-US: RainbowFish PacsOne Server
CVE-2020-12868
RESERVED
-CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends th ...)
- {DLA-2231-1}
+CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...)
+ {DLA-2332-1 DLA-2231-1}
[experimental] - sane-backends 1.0.30-1~experimental1
- - sane-backends <unfixed> (bug #961302)
+ - sane-backends 1.0.31-2 (bug #961302)
+ [buster] - sane-backends <no-dsa> (Minor issue)
NOTE: https://gitlab.com/sane-project/backends/-/issues/279
NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read
NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
-CVE-2020-12866
- RESERVED
+ NOTE: https://gitlab.com/sane-project/backends/-/commit/fff83e7eacd0f27bb2d71c42488e0fd735c15ac3 (1.0.30)
+CVE-2020-12866 (A NULL pointer dereference in SANE Backends before 1.0.30 allows a mal ...)
[experimental] - sane-backends 1.0.30-1~experimental1
- - sane-backends <unfixed> (bug #961302)
+ - sane-backends 1.0.31-2 (bug #961302)
+ [buster] - sane-backends <no-dsa> (Minor issue)
+ [stretch] - sane-backends <ignored> (already mitigated, auto-discovery for unsupported network access added in 1.0.27)
[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
NOTE: https://gitlab.com/sane-project/backends/-/issues/279
NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-2-ghsl-2020-079-null-pointer-dereference-in-epsonds_net_read
NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
-CVE-2020-12865
- RESERVED
+ NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access)
+ NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix)
+CVE-2020-12865 (A heap buffer overflow in SANE Backends before 1.0.30 may allow a mali ...)
+ {DLA-2332-1}
[experimental] - sane-backends 1.0.30-1~experimental1
- - sane-backends <unfixed> (bug #961302)
+ - sane-backends 1.0.31-2 (bug #961302)
+ [buster] - sane-backends <no-dsa> (Minor issue)
[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
NOTE: https://gitlab.com/sane-project/backends/-/issues/279
NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-9-ghsl-2020-084-buffer-overflow-in-esci2_img
NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
-CVE-2020-12864
- RESERVED
+ NOTE: https://gitlab.com/sane-project/backends/-/commit/b9b0173409df73e235da2aa0dae5edd21fb55967 (1.0.30)
+CVE-2020-12864 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...)
[experimental] - sane-backends 1.0.30-1~experimental1
- - sane-backends <unfixed> (bug #961302)
+ - sane-backends 1.0.31-2 (bug #961302)
+ [buster] - sane-backends <no-dsa> (Minor issue)
+ [stretch] - sane-backends <ignored> (already mitigated, auto-discovery for unsupported network access added in 1.0.27)
[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
NOTE: https://gitlab.com/sane-project/backends/-/issues/279
NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-4-ghsl-2020-081-reading-uninitialized-data-in-epsonds_net_read
NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
-CVE-2020-12863
- RESERVED
+ NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access)
+ NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix)
+CVE-2020-12863 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...)
+ {DLA-2332-1}
[experimental] - sane-backends 1.0.30-1~experimental1
- - sane-backends <unfixed> (bug #961302)
+ - sane-backends 1.0.31-2 (bug #961302)
+ [buster] - sane-backends <no-dsa> (Minor issue)
[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
NOTE: https://gitlab.com/sane-project/backends/-/issues/279
NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-7-ghsl-2020-083-out-of-bounds-read-in-esci2_check_header
NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
-CVE-2020-12862
- RESERVED
+ NOTE: https://gitlab.com/sane-project/backends/-/commit/db9480b09ea807e52029f2334769a55d4b95e45b (1.0.30)
+CVE-2020-12862 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...)
+ {DLA-2332-1}
[experimental] - sane-backends 1.0.30-1~experimental1
- - sane-backends <unfixed> (bug #961302)
+ - sane-backends 1.0.31-2 (bug #961302)
+ [buster] - sane-backends <no-dsa> (Minor issue)
[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
NOTE: https://gitlab.com/sane-project/backends/-/issues/279
NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-5-ghsl-2020-082-out-of-bounds-read-in-decode_binary
NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
-CVE-2020-12861
- RESERVED
+ NOTE: https://gitlab.com/sane-project/backends/-/commit/27ea994d23ee52fe1ec1249c92ebc1080a358288 (1.0.30)
+CVE-2020-12861 (A heap buffer overflow in SANE Backends before 1.0.30 allows a malicio ...)
[experimental] - sane-backends 1.0.30-1~experimental1
- - sane-backends <unfixed> (bug #961302)
+ - sane-backends 1.0.31-2 (bug #961302)
+ [buster] - sane-backends <no-dsa> (Minor issue)
+ [stretch] - sane-backends <ignored> (already mitigated, auto-discovery for unsupported network access added in 1.0.27)
[jessie] - sane-backends <not-affected> (epsonds backend was added in 1.0.25)
NOTE: https://gitlab.com/sane-project/backends/-/issues/279
NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-3-ghsl-2020-080-heap-buffer-overflow-in-epsonds_net_read
NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
+ NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access)
+ NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix)
CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access phone nam ...)
NOT-FOR-US: COVIDSafe
CVE-2020-12859 (Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe th ...)
@@ -1930,44 +42401,44 @@ CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe v1.0
NOT-FOR-US: COVIDSafe
CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTrac ...)
NOT-FOR-US: COVIDSafe
-CVE-2020-12855
- RESERVED
-CVE-2020-12854
- RESERVED
-CVE-2020-12853
- RESERVED
-CVE-2020-12852
- RESERVED
-CVE-2020-12851
- RESERVED
-CVE-2020-12850
- RESERVED
-CVE-2020-12849
- RESERVED
-CVE-2020-12848
- RESERVED
-CVE-2020-12847
- RESERVED
-CVE-2020-12846
- RESERVED
-CVE-2020-12845
- RESERVED
+CVE-2020-12855 (A Host header injection vulnerability has been discovered in SecZetta ...)
+ NOT-FOR-US: SecZetta NEProfile
+CVE-2020-12854 (A remote code execution vulnerability was identified in SecZetta NEPro ...)
+ NOT-FOR-US: SecZetta NEProfile
+CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator user ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or overwrite e ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2020-12850 (The following vulnerability applies only to the Pydio Cells Enterprise ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to the web ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2020-12848 (In Pydio Cells 2.0.4, once an authenticated user shares a file selecti ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2020-12847 (Pydio Cells 2.0.4 web application offers an administrative console nam ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2020-12846 (Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remo ...)
+ NOT-FOR-US: Zimbra
+CVE-2020-12845 (Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a ...)
+ - cherokee <removed>
CVE-2020-12844
RESERVED
-CVE-2020-12843
- RESERVED
-CVE-2020-12842
- RESERVED
-CVE-2020-12841
- RESERVED
-CVE-2020-12840
- RESERVED
-CVE-2020-12839
- RESERVED
-CVE-2020-12838
- RESERVED
-CVE-2020-12837
- RESERVED
+CVE-2020-12843 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the f ...)
+ NOT-FOR-US: ismartgate PRO
+CVE-2020-12842 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...)
+ NOT-FOR-US: ismartgate PRO
+CVE-2020-12841 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
+ NOT-FOR-US: ismartgate PRO
+CVE-2020-12840 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
+ NOT-FOR-US: ismartgate PRO
+CVE-2020-12839 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...)
+ NOT-FOR-US: ismartgate PRO
+CVE-2020-12838 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...)
+ NOT-FOR-US: ismartgate PRO
+CVE-2020-12837 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the f ...)
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12836
RESERVED
CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to ...)
@@ -1982,31 +42453,33 @@ CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Fre
- frr <unfixed> (unimportant)
NOTE: https://github.com/FRRouting/frr/pull/6383
NOTE: https://github.com/FRRouting/frr/commit/7734484a378052a513c9e21165c13bf85f78ad48
-CVE-2020-12830
- RESERVED
-CVE-2020-12829
- RESERVED
- - qemu <unfixed> (low; bug #961451)
- [buster] - qemu <no-dsa> (Minor issue)
- [stretch] - qemu <no-dsa> (Minor issue)
+CVE-2020-12830 (Addressed multiple stack buffer overflow vulnerabilities that could al ...)
+ NOT-FOR-US: Western Digital My Cloud devices
+CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the SM501 disp ...)
+ {DSA-4760-1}
+ - qemu 1:5.0-12 (low; bug #961451)
+ [stretch] - qemu <not-affected> (SM501 only compiled for misc/sh4 where it's not enabled as a graphics device yet; intrusive)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4
CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VP ...)
NOT-FOR-US: AnchorFree VPN SDK
-CVE-2020-12827
- RESERVED
+CVE-2020-12827 (MJML prior to 4.6.3 contains a path traversal vulnerability when proce ...)
+ NOT-FOR-US: MJML
CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...)
+ {DLA-2241-1}
- linux 5.6.7-1
[buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.228-1
NOTE: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da
CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any ...)
- - libcroco <unfixed> (low; bug #960527)
+ - libcroco <removed> (low; bug #960527)
[buster] - libcroco <ignored> (Minor issue)
[stretch] - libcroco <ignored> (Minor issue)
[jessie] - libcroco <ignored> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libcroco/-/issues/8
-CVE-2020-12824
- RESERVED
+CVE-2020-12824 (Pexip Infinity 23.x before 23.3 has improper input validation, leading ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...)
{DLA-2212-1}
- openconnect 8.10-1 (unimportant; bug #960620)
@@ -2014,28 +42487,28 @@ CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of serv
NOTE: Only triggerable by local certs, which are under the control of the user
CVE-2020-12822
RESERVED
-CVE-2020-12821
- RESERVED
+CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...)
+ NOT-FOR-US: Gossipsub
CVE-2020-12820
RESERVED
CVE-2020-12819
RESERVED
-CVE-2020-12818
- RESERVED
-CVE-2020-12817
- RESERVED
-CVE-2020-12816
- RESERVED
-CVE-2020-12815
- RESERVED
-CVE-2020-12814
- RESERVED
+CVE-2020-12818 (An insufficient logging vulnerability in FortiGate before 6.4.1 may al ...)
+ NOT-FOR-US: FortiGuard
+CVE-2020-12817 (An improper neutralization of input vulnerability in FortiAnalyzer bef ...)
+ NOT-FOR-US: FortiGuard
+CVE-2020-12816 (An improper neutralization of input vulnerability in FortiNAC before 8 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2020-12815 (An improper neutralization of input vulnerability in FortiTester befor ...)
+ NOT-FOR-US: FortiGuard
+CVE-2020-12814 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: Fortiguard
CVE-2020-12813
RESERVED
-CVE-2020-12812
- RESERVED
-CVE-2020-12811
- RESERVED
+CVE-2020-12812 (An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, ...)
+ NOT-FOR-US: Fortinet
+CVE-2020-12811 (An improper neutralization of script-related HTML tags in a web page i ...)
+ NOT-FOR-US: FortiGuard
CVE-2020-12810
RESERVED
CVE-2020-12809
@@ -2050,24 +42523,35 @@ CVE-2020-12805
RESERVED
CVE-2020-12804
RESERVED
-CVE-2020-12803
- RESERVED
-CVE-2020-12802
- RESERVED
+CVE-2020-12803 (ODF documents can contain forms to be filled out by the user. Similar ...)
+ - libreoffice 1:6.4.4-1 (low)
+ [buster] - libreoffice <ignored> (Minor issue)
+ [stretch] - libreoffice <ignored> (Minor issue)
+ [jessie] - libreoffice <ignored> (Minor issue)
+ NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12803
+CVE-2020-12802 (LibreOffice has a 'stealth mode' in which only documents from location ...)
+ - libreoffice 1:6.4.4-1 (low)
+ [buster] - libreoffice <ignored> (Minor issue)
+ [stretch] - libreoffice <ignored> (Minor issue)
+ [jessie] - libreoffice <no-dsa> (Minor issue)
+ NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802
CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...)
- libreoffice 1:6.4.3-1 (low)
[buster] - libreoffice <ignored> (Minor issue)
[stretch] - libreoffice <ignored> (Minor issue)
[jessie] - libreoffice <no-dsa> (Minor issue)
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801
-CVE-2020-12800
- RESERVED
+CVE-2020-12800 (The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1. ...)
+ NOT-FOR-US: drag-and-drop-multiple-file-upload-contact-form-7 plugin for WordPress
CVE-2020-12799
RESERVED
CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...)
NOT-FOR-US: Cellebrite UFED
-CVE-2020-12797
- RESERVED
+CVE-2020-12797 (HashiCorp Consul and Consul Enterprise failed to enforce changes to le ...)
+ - consul 1.7.4+dfsg1-1
+ [buster] - consul <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
+ NOTE: https://github.com/hashicorp/consul/pull/8047
CVE-2020-12796
RESERVED
CVE-2020-12795
@@ -2082,38 +42566,38 @@ CVE-2020-12791
RESERVED
CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMet ...)
NOT-FOR-US: SEOmatic plugin for Craft CMS
-CVE-2020-12789
- RESERVED
-CVE-2020-12788
- RESERVED
-CVE-2020-12787
- RESERVED
+CVE-2020-12789 (The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded ...)
+ NOT-FOR-US: Microchip Atmel ATSAMA5 products
+CVE-2020-12788 (CMAC verification functionality in Microchip Atmel ATSAMA5 products is ...)
+ NOT-FOR-US: Microchip Atmel ATSAMA5 products
+CVE-2020-12787 (Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to b ...)
+ NOT-FOR-US: Microchip Atmel ATSAMA5 products
CVE-2020-12786
RESERVED
CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the current ...)
NOT-FOR-US: cPanel
CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a bandwidth s ...)
NOT-FOR-US: cPanel
-CVE-2020-12782
- RESERVED
-CVE-2020-12781
- RESERVED
-CVE-2020-12780
- RESERVED
-CVE-2020-12779
- RESERVED
-CVE-2020-12778
- RESERVED
-CVE-2020-12777
- RESERVED
-CVE-2020-12776
- RESERVED
+CVE-2020-12782 (Openfind MailGates contains a Command Injection flaw, when receiving e ...)
+ NOT-FOR-US: Openfind MailGates
+CVE-2020-12781 (Combodo iTop contains a cross-site request forgery (CSRF) vulnerabilit ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2020-12780 (A security misconfiguration exists in Combodo iTop, which can expose s ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2020-12779 (Combodo iTop contains a stored Cross-site Scripting vulnerability, whi ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2020-12778 (Combodo iTop does not validate inputted parameters, attackers can inje ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2020-12777 (A function in Combodo iTop contains a vulnerability of Broken Access C ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2020-12776 (Openfind Mail2000 contains Broken Access Control vulnerability, which ...)
+ NOT-FOR-US: Openfind Mail2000
CVE-2020-12775
RESERVED
-CVE-2020-12774
- RESERVED
-CVE-2020-12773
- RESERVED
+CVE-2020-12774 (D-Link DSL-7740C does not properly validate user input, which allows a ...)
+ NOT-FOR-US: D-Link
+CVE-2020-12773 (A security misconfiguration vulnerability exists in the SDK of some Re ...)
+ NOT-FOR-US: Realtek ADSL/PON Modem SoC firmware
CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...)
{DSA-4687-1 DLA-2213-1}
- exim4 4.93-16
@@ -2125,25 +42609,32 @@ CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the
CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...)
{DLA-2214-1}
- libexif 0.6.21-7 (bug #960199)
- [buster] - libexif <no-dsa> (Minor issue)
- [stretch] - libexif <no-dsa> (Minor issue)
+ [buster] - libexif 0.6.21-5.1+deb10u2
+ [stretch] - libexif 0.6.21-2+deb9u2
NOTE: https://github.com/libexif/libexif/issues/31
NOTE: https://github.com/libexif/libexif/commit/e22f73064f804c94e90b642cd0db4697c827da72
CVE-2020-XXXX [unspecified fexsrv security issue]
- fex 20160919-2
[buster] - fex 20160919-2~deb10u1
- [stretch] - fex <no-dsa> (Non-free not supported)
+ [stretch] - fex 20160919-2~deb9u1
CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btree_gc_c ...)
- - linux <unfixed>
+ {DLA-2420-1 DLA-2323-1}
+ - linux 5.7.6-1
+ [buster] - linux 4.19.131-1
NOTE: https://lkml.org/lkml/2020/4/26/87
+ NOTE: https://git.kernel.org/linus/be23e837333a914df3f24bf0b32e87b0331ab8d1 (5.8-rc2)
CVE-2020-12770 (An issue was discovered in the Linux kernel through 5.6.11. sg_write l ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.6.14-1
NOTE: https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee (5.7-rc3)
CVE-2020-12769 (An issue was discovered in the Linux kernel before 5.4.17. drivers/spi ...)
+ {DLA-2241-1}
- linux 5.4.19-1
[buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.228-1
NOTE: https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6)
CVE-2020-12768 (** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. ...)
+ {DSA-4699-1}
- linux 5.6.7-1 (unimportant)
[stretch] - linux <not-affected> (Vulnerability introduced later)
[jessie] - linux <not-affected> (Vulnerability introduced later)
@@ -2157,8 +42648,8 @@ CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&amp;file= Directory Travers
CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...)
NOT-FOR-US: TRENDnet ProView
CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...)
- {DLA-2228-2 DLA-2228-1}
- - json-c <unfixed> (bug #960326)
+ {DSA-4741-1 DLA-2301-1 DLA-2228-2 DLA-2228-1}
+ - json-c 0.13.1+dfsg-8 (bug #960326)
NOTE: https://github.com/json-c/json-c/pull/592
NOTE: https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426
NOTE: https://github.com/json-c/json-c/commit/77d935b7ae7871a1940cd827e850e6063044ec45
@@ -2176,20 +42667,23 @@ CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer over
[jessie] - imlib2 <not-affected> (Vulnerable code introduced later)
NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63
CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...)
- NOT-FOR-US: OpenNMS
-CVE-2020-12759
- RESERVED
-CVE-2020-12758
- RESERVED
-CVE-2020-12757
- RESERVED
+ - opennms <itp> (bug #450615)
+CVE-2020-12759 (Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configured wit ...)
+ - consul 1.7.4+dfsg1-1
+ [buster] - consul <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
+ NOTE: https://github.com/hashicorp/consul/pull/7783
+CVE-2020-12757 (HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured ...)
+ NOT-FOR-US: HashiCorp Vault
CVE-2020-12756
RESERVED
CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras t ...)
- - kio-extras <unfixed> (low; bug #960306)
+ - kio-extras 4:20.08.3-1 (low; bug #960306)
[buster] - kio-extras <no-dsa> (Minor issue)
[stretch] - kio-extras <no-dsa> (Minor issue)
- NOTE: https://cgit.kde.org/kio-extras.git/commit/?id=d813cef3cecdec9af1532a40d677a203ff979145
+ NOTE: https://github.com/KDE/kio-extras/commit/d813cef3cecdec9af1532a40d677a203ff979145
CVE-2020-12754 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
NOT-FOR-US: LG mobile devices
CVE-2020-12753 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...)
@@ -2219,50 +42713,49 @@ CVE-2020-12742 (The iubenda-cookie-law-solution plugin before 2.3.5 for WordPres
CVE-2020-12741
RESERVED
CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-rea ...)
- - tcpreplay <unfixed> (unimportant)
+ - tcpreplay 4.3.3-1 (unimportant)
[jessie] - tcpreplay <not-affected> (Vulnerable code added later)
NOTE: https://github.com/appneta/tcpreplay/issues/576
NOTE: https://github.com/appneta/tcpreplay/pull/590
NOTE: Fixed with: https://github.com/appneta/tcpreplay/issues/578
NOTE: --fuzz-seed in PoC not present until version 4.2.0
NOTE: Crash in CLI tool, no security impact
-CVE-2020-12739
- RESERVED
+CVE-2020-12739 (A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and ...)
+ NOT-FOR-US: Fanuc i Series CNC
CVE-2020-12738
RESERVED
CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...)
NOT-FOR-US: Maxum Rumpus
-CVE-2020-12736
- RESERVED
+CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and earlier ...)
+ NOT-FOR-US: Code42
CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...)
NOT-FOR-US: DomainMOD
-CVE-2020-12734
- RESERVED
-CVE-2020-12733
- RESERVED
-CVE-2020-12732
- RESERVED
-CVE-2020-12731
- RESERVED
-CVE-2020-12730
- RESERVED
-CVE-2020-12729
- RESERVED
+CVE-2020-12734 (DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change t ...)
+ NOT-FOR-US: DEPSTECH WiFi Digital Microscope
+CVE-2020-12733 (Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microsc ...)
+ NOT-FOR-US: DEPSTECH WiFi Digital Microscope
+CVE-2020-12732 (DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxx ...)
+ NOT-FOR-US: DEPSTECH WiFi Digital Microscope
+CVE-2020-12731 (The MagicMotion Flamingo 2 application for Android stores data on an s ...)
+ NOT-FOR-US: MagicMotion Flamingo 2 application for Android
+CVE-2020-12730 (MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing an ...)
+ NOT-FOR-US: MagicMotion Flamingo 2
+CVE-2020-12729 (MagicMotion Flamingo 2 has a lack of access control for reading from d ...)
+ NOT-FOR-US: MagicMotion Flamingo 2
CVE-2020-12728
RESERVED
CVE-2020-12727
RESERVED
CVE-2020-12726
RESERVED
-CVE-2020-12725
- RESERVED
+CVE-2020-12725 (Havoc Research discovered an authenticated Server-Side Request Forgery ...)
+ NOT-FOR-US: Redash
CVE-2020-12724
RESERVED
-CVE-2020-12723 [Buffer overflow caused by a crafted regular expression]
- RESERVED
+CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...)
- perl 5.30.3-1 (bug #962005)
- [buster] - perl <no-dsa> (Minor issue)
- [stretch] - perl <no-dsa> (Minor issue)
+ [buster] - perl 5.28.1-6+deb10u1
+ [stretch] - perl 5.24.1-3+deb9u7
NOTE: https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a (v5.30.3)
CVE-2020-12722
RESERVED
@@ -2278,14 +42771,14 @@ CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remot
NOT-FOR-US: COVIDSafe (Australia) app
CVE-2020-12716
RESERVED
-CVE-2020-12715
- RESERVED
-CVE-2020-12714
- RESERVED
-CVE-2020-12713
- RESERVED
-CVE-2020-12712
- RESERVED
+CVE-2020-12715 (RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. ...)
+ NOT-FOR-US: RainbowFish PacsOne Server
+CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual Applia ...)
+ NOT-FOR-US: CipherMail
+CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...)
+ NOT-FOR-US: CipherMail
+CVE-2020-12712 (A vulnerability based on insecure user/password encryption in the JOE ...)
+ NOT-FOR-US: SOS JobScheduler
CVE-2020-12711
RESERVED
CVE-2020-12710
@@ -2304,8 +42797,8 @@ CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS. ...)
NOT-FOR-US: UliCMS
CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall. ...)
NOT-FOR-US: UliCMS
-CVE-2020-12702
- RESERVED
+CVE-2020-12702 (Weak encryption in the Quick Pairing mode in the eWeLink mobile applic ...)
+ NOT-FOR-US: eWeLink mobile application
CVE-2020-12701
RESERVED
CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows Information D ...)
@@ -2318,18 +42811,35 @@ CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial
NOT-FOR-US: Typo3 extension
CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...)
NOT-FOR-US: iframe plugin for WordPress
-CVE-2020-12695
- RESERVED
+CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17 ...)
+ {DSA-4898-1 DSA-4806-1 DLA-2489-1 DLA-2318-1 DLA-2315-1}
+ - wpa 2:2.9.0-16 (bug #976106)
+ - gupnp 1.2.3-1
+ [buster] - gupnp 1.0.5-0+deb10u1
+ - minidlna 1.2.1+dfsg-3 (bug #976594)
+ - pupnp-1.8 <unfixed> (bug #983206)
+ [bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
+ [buster] - pupnp-1.8 <no-dsa> (Minor issue)
+ - libupnp <removed>
+ [stretch] - libupnp <no-dsa> (Invasive change, hard to backport; chances of regression)
+ NOTE: https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
+ NOTE: https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
+ NOTE: https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
+ NOTE: https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
+ NOTE: https://sourceforge.net/p/minidlna/git/ci/06ee114731612462eb1eb1266f0431ccf59269d2 (v1_3_0)
+ NOTE: https://github.com/pupnp/pupnp/commit/5f76bf2858dd601bd985bf37a1db9f262c0ff7bf (release-1.14.0)
+ NOTE: https://github.com/pupnp/pupnp/commit/7b3f0f5f497f9f493c82307af495b87fa9ebdacb (release-1.14.0)
CVE-2020-12694
RESERVED
CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...)
- - slurm-llnl <unfixed> (bug #961406)
- [buster] - slurm-llnl <no-dsa> (Minor issue)
- [stretch] - slurm-llnl <no-dsa> (Minor issue)
+ {DSA-4841-1 DLA-2886-1}
+ - slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package)
+ - slurm-llnl <removed> (bug #961406)
[jessie] - slurm-llnl <not-affected> (Message Aggregation added in 14.11)
NOTE: https://www.schedmd.com/news.php?id=236
NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html
NOTE: Issue affects systems with Message Aggregation enabled
+ NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix
CVE-2020-12688
RESERVED
CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/attacments ...)
@@ -2338,14 +42848,14 @@ CVE-2020-12686
RESERVED
CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...)
NOT-FOR-US: Interchange
-CVE-2020-12684
- RESERVED
+CVE-2020-12684 (XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer ...)
+ NOT-FOR-US: i-net Clear Reports
CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...)
NOT-FOR-US: Katyshop2
CVE-2020-12682
RESERVED
-CVE-2020-12681
- RESERVED
+CVE-2020-12681 (Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices ...)
+ NOT-FOR-US: 3xLogic Infinias eIDC32 devices
CVE-2020-12680 (** DISPUTED ** Avira Free Antivirus through 15.0.2005.1866 allows loca ...)
NOT-FOR-US: Avira Free Antivirus
CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mitel Shor ...)
@@ -2354,52 +42864,65 @@ CVE-2020-12678
REJECTED
CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web Admin. A Web ...)
NOT-FOR-US: Progress MOVEit Automation Web Admin
-CVE-2020-12676
- RESERVED
+CVE-2020-12676 (FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge me ...)
+ NOT-FOR-US: FusionAuth
CVE-2020-12675 (The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPr ...)
NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress
CVE-2020-12692 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
{DSA-4679-1}
- keystone 2:17.0.0~rc2-1 (bug #959900)
+ [stretch] - keystone <end-of-life> (Not supported in stretch LTS)
[jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
NOTE: https://bugs.launchpad.net/keystone/+bug/1872737
NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/4
CVE-2020-12691 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
{DSA-4679-1}
- keystone 2:17.0.0~rc2-1 (bug #959900)
+ [stretch] - keystone <end-of-life> (Not supported in stretch LTS)
[jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
NOTE: https://bugs.launchpad.net/keystone/+bug/1872733
NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5
CVE-2020-12690 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
{DSA-4679-1}
- keystone 2:17.0.0~rc2-1 (bug #959900)
+ [stretch] - keystone <end-of-life> (Not supported in stretch LTS)
[jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
NOTE: https://bugs.launchpad.net/keystone/+bug/1873290
NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/6
-CVE-2020-12674
- RESERVED
-CVE-2020-12673
- RESERVED
+CVE-2020-12674 (In Dovecot before 2.3.11.3, sending a specially formatted RPA request ...)
+ {DSA-4745-1 DLA-2328-1}
+ - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/3
+ NOTE: https://github.com/dovecot/core/commit/69ad3c902ea4bbf9f21ab1857d8923f975dc6145
+CVE-2020-12673 (In Dovecot before 2.3.11.3, sending a specially formatted NTLM request ...)
+ {DSA-4745-1 DLA-2328-1}
+ - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/2
+ NOTE: https://github.com/dovecot/core/commit/fb246611e62ad8c5a95b0ca180a63f17aa34b0d8
CVE-2020-12689 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
{DSA-4679-1}
- keystone 2:17.0.0~rc2-1 (bug #959900)
+ [stretch] - keystone <end-of-life> (Not supported in stretch LTS)
[jessie] - keystone <end-of-life> (Not supported in Jessie)
NOTE: https://bugs.launchpad.net/keystone/+bug/1872735
NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5
CVE-2020-12672 (GraphicsMagick through 1.3.35 has a heap-based buffer overflow in Read ...)
+ {DLA-2902-1 DLA-2236-1}
- graphicsmagick 1.4+really1.3.35-2 (bug #960000)
+ [buster] - graphicsmagick <postponed> (Minor issue; can be fixed along in future DSA)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025
NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/50395430a37188d0d197e71bd85ed6dd0f649ee3/
CVE-2020-12671
RESERVED
-CVE-2020-12670
- RESERVED
+CVE-2020-12670 (XSS exists in Webmin 1.941 and earlier affecting the Save function of ...)
+ - webmin <removed>
CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...)
- dolibarr <removed>
-CVE-2020-12668
- RESERVED
+CVE-2020-12668 (Jinjava before 2.5.4 allow access to arbitrary classes by calling Java ...)
+ NOT-FOR-US: Jinjava
CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...)
- - knot-resolver <unfixed> (bug #961076)
+ - knot-resolver 5.1.1-0.1 (bug #961076)
+ [buster] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/54f05e4d7b2e47c0bdd30b84272fc503cc65304b
NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/ba7b89db780fe3884b4e90090318e25ee5afb118
@@ -2410,15 +42933,17 @@ CVE-2020-12665
CVE-2020-12664
RESERVED
CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...)
- {DSA-4694-1}
+ {DSA-4694-1 DLA-2556-1}
- unbound 1.10.1-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ [jessie] - unbound <end-of-life> (No longer supported)
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...)
- {DSA-4694-1}
+ {DSA-4694-1 DLA-2556-1}
- unbound 1.10.1-1
[stretch] - unbound <end-of-life> (No longer supported, see DSA 4694)
+ [jessie] - unbound <end-of-life> (No longer supported)
NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff
CVE-2020-12661
@@ -2431,8 +42956,11 @@ CVE-2020-12659 (An issue was discovered in the Linux kernel before 5.6.7. xdp_um
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2)
-CVE-2020-12658
- RESERVED
+CVE-2020-12658 (** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock c ...)
+ {DLA-2516-1}
+ - gssproxy <unfixed> (unimportant; bug #978931)
+ NOTE: https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003 (v0.8.3)
+ NOTE: code change in question only happens in a shutdown path.
CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There is a u ...)
- linux 5.6.7-1
[buster] - linux 4.19.118-1
@@ -2440,21 +42968,28 @@ CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 (5.7-rc1)
CVE-2020-12656 (** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c ...)
- - linux <unfixed> (unimportant)
+ - linux 5.7.6-1 (unimportant)
+ [buster] - linux 4.19.131-1
+ [stretch] - linux 4.9.228-1
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=206651
NOTE: Issue is triggered only at module reloading / rebinding
CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c ...)
+ {DLA-2420-1 DLA-2323-1}
- linux 5.6.14-1
+ [buster] - linux 4.19.131-1
NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1)
CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 (5.6-rc1)
CVE-2020-12653 (An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d (5.6-rc1)
CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.4.19-1
[buster] - linux 4.19.98-1
NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7)
@@ -2464,18 +42999,21 @@ CVE-2020-12650
REJECTED
CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
NOT-FOR-US: Gurbalib
-CVE-2020-12648
- RESERVED
+CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...)
+ - tinymce <removed> (bug #972642)
+ [buster] - tinymce <no-dsa> (Minor issue)
+ [stretch] - tinymce <ignored> (Vulnerable code not present and not reproducible)
+ NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1
CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...)
NOT-FOR-US: Unisys ALGOL Compiler
-CVE-2020-12646
- RESERVED
-CVE-2020-12645
- RESERVED
-CVE-2020-12644
- RESERVED
-CVE-2020-12643
- RESERVED
+CVE-2020-12646 (OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text ...)
+ NOT-FOR-US: OX App Suite
+CVE-2020-12645 (OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate l ...)
+ NOT-FOR-US: OX App Suite
+CVE-2020-12644 (OX App Suite 7.10.3 and earlier allows SSRF, related to the mail accou ...)
+ NOT-FOR-US: OX App Suite
+CVE-2020-12643 (OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /a ...)
+ NOT-FOR-US: OX App Suite
CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x before 5. ...)
NOT-FOR-US: Report Portal
CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to ...)
@@ -2490,14 +43028,14 @@ CVE-2020-12640 (Roundcube Webmail before 1.4.4 allows attackers to include local
NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10
CVE-2020-12639 (phpList before 3.5.3 allows XSS, with resultant privilege elevation, v ...)
- phplist <itp> (bug #612288)
-CVE-2020-12638
- RESERVED
+CVE-2020-12638 (An encryption-bypass issue was discovered on Espressif ESP-IDF devices ...)
+ NOT-FOR-US: Espressif
CVE-2020-12637 (Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation beca ...)
NOT-FOR-US: Zulip Desktop
CVE-2020-12636
RESERVED
-CVE-2020-12635
- RESERVED
+CVE-2020-12635 (XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento ...)
+ NOT-FOR-US: WebForms Pro M2 extension for Magento
CVE-2020-12634
RESERVED
CVE-2020-12633
@@ -2520,14 +43058,14 @@ CVE-2020-12623
RESERVED
CVE-2020-12622
RESERVED
-CVE-2020-12621
- RESERVED
-CVE-2020-12620
- RESERVED
-CVE-2020-12619
- RESERVED
-CVE-2020-12618
- RESERVED
+CVE-2020-12621 (The Teamwire application 5.3.0 for Android allows physically proximate ...)
+ NOT-FOR-US: Teamwire application for Android
+CVE-2020-12620 (Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.con ...)
+ NOT-FOR-US: Pi-hole
+CVE-2020-12619 (MailMate before 1.11 automatically imported S/MIME certificates and th ...)
+ NOT-FOR-US: MailMate
+CVE-2020-12618 (eM Client before 7.2.33412.0 automatically imported S/MIME certificate ...)
+ NOT-FOR-US: eM Client
CVE-2020-12617
RESERVED
CVE-2020-12616
@@ -2548,16 +43086,16 @@ CVE-2020-12609
RESERVED
CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management Engine ...)
NOT-FOR-US: SolarWinds
-CVE-2020-12607
- RESERVED
-CVE-2020-12606
- RESERVED
-CVE-2020-12605
- RESERVED
-CVE-2020-12604
- RESERVED
-CVE-2020-12603
- RESERVED
+CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...)
+ NOT-FOR-US: fastecdsa
+CVE-2020-12606 (An issue was discovered in DB Soft SGLAC before 20.05.001. The Procedi ...)
+ NOT-FOR-US: DB Soft
+CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2020-12603 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...)
+ - envoyproxy <itp> (bug #987544)
CVE-2020-12602
RESERVED
CVE-2020-12601
@@ -2572,12 +43110,12 @@ CVE-2020-12597
RESERVED
CVE-2020-12596
RESERVED
-CVE-2020-12595
- RESERVED
-CVE-2020-12594
- RESERVED
-CVE-2020-12593
- RESERVED
+CVE-2020-12595 (An information disclosure flaw allows a malicious, authenticated, priv ...)
+ NOT-FOR-US: Symantec
+CVE-2020-12594 (A privilege escalation flaw allows a malicious, authenticated, privile ...)
+ NOT-FOR-US: Symantec
+CVE-2020-12593 (Symantec Endpoint Detection &amp; Response, prior to 4.5, may be susce ...)
+ NOT-FOR-US: Symantec
CVE-2020-12592
RESERVED
CVE-2020-12591
@@ -2702,80 +43240,80 @@ CVE-2020-12532
RESERVED
CVE-2020-12531
RESERVED
-CVE-2020-12530
- RESERVED
-CVE-2020-12529
- RESERVED
-CVE-2020-12528
- RESERVED
-CVE-2020-12527
- RESERVED
-CVE-2020-12526
- RESERVED
-CVE-2020-12525
- RESERVED
-CVE-2020-12524
- RESERVED
-CVE-2020-12523
- RESERVED
-CVE-2020-12522
- RESERVED
-CVE-2020-12521
- RESERVED
+CVE-2020-12530 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB connect software
+CVE-2020-12529 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB connect software
+CVE-2020-12528 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB connect software
+CVE-2020-12527 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB connect software
+CVE-2020-12526 (TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics U ...)
+ NOT-FOR-US: TwinCAT OPC UA Server
+CVE-2020-12525 (M&amp;M Software fdtCONTAINER Component in versions below 3.5.20304.x ...)
+ NOT-FOR-US: M&M Software fdtCONTAINER Component
+CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause the Phoeni ...)
+ NOT-FOR-US: Phoenix Contact HMIs BTP
+CVE-2020-12523 (On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get ...)
+ NOT-FOR-US: Phoenix Contact mGuard Devices
+CVE-2020-12522 (The reported vulnerability allows an attacker who has network access t ...)
+ NOT-FOR-US: WAGO
+CVE-2020-12521 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...)
+ NOT-FOR-US: Phoenix Contact PLCnext Control Devices
CVE-2020-12520
RESERVED
-CVE-2020-12519
- RESERVED
-CVE-2020-12518
- RESERVED
-CVE-2020-12517
- RESERVED
-CVE-2020-12516
- RESERVED
+CVE-2020-12519 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...)
+ NOT-FOR-US: Phoenix Contact PLCnext Control Devices
+CVE-2020-12518 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...)
+ NOT-FOR-US: Phoenix Contact PLCnext Control Devices
+CVE-2020-12517 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...)
+ NOT-FOR-US: Phoenix Contact PLCnext Control Devices
+CVE-2020-12516 (Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88 ...)
+ NOT-FOR-US: WAGO
CVE-2020-12515
RESERVED
-CVE-2020-12514
- RESERVED
-CVE-2020-12513
- RESERVED
-CVE-2020-12512
- RESERVED
-CVE-2020-12511
- RESERVED
-CVE-2020-12510
- RESERVED
+CVE-2020-12514 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...)
+ NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
+CVE-2020-12513 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...)
+ NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
+CVE-2020-12512 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...)
+ NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
+CVE-2020-12511 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...)
+ NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master
+CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software in all v ...)
+ NOT-FOR-US: Beckhoff
CVE-2020-12509
RESERVED
CVE-2020-12508
RESERVED
CVE-2020-12507
RESERVED
-CVE-2020-12506
- RESERVED
-CVE-2020-12505
- RESERVED
-CVE-2020-12504
- RESERVED
-CVE-2020-12503
- RESERVED
-CVE-2020-12502
- RESERVED
-CVE-2020-12501
- RESERVED
-CVE-2020-12500
- RESERVED
-CVE-2020-12499
- RESERVED
-CVE-2020-12498
- RESERVED
-CVE-2020-12497
- RESERVED
-CVE-2020-12496
- RESERVED
-CVE-2020-12495
- RESERVED
-CVE-2020-12494
- RESERVED
+CVE-2020-12506 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...)
+ NOT-FOR-US: WAGO
+CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...)
+ NOT-FOR-US: WAGO
+CVE-2020-12504 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ NOT-FOR-US: Pepperl+Fuchs
+CVE-2020-12503 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ NOT-FOR-US: Pepperl+Fuchs
+CVE-2020-12502 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ NOT-FOR-US: Pepperl+Fuchs
+CVE-2020-12501 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ NOT-FOR-US: Pepperl+Fuchs
+CVE-2020-12500 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ NOT-FOR-US: Pepperl+Fuchs
+CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...)
+ NOT-FOR-US: PHOENIX CONTACT PLCnext Engineer
+CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...)
+ NOT-FOR-US: Phoenix
+CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Expres ...)
+ NOT-FOR-US: Phoenix
+CVE-2020-12496 (Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and ...)
+ NOT-FOR-US: Endress+Hauser
+CVE-2020-12495 (Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with ...)
+ NOT-FOR-US: Endress+Hauser
+CVE-2020-12494 (Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is prov ...)
+ NOT-FOR-US: Beckhoff
CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series with vers ...)
NOT-FOR-US: SWARCOs CPU LS4000 Series
CVE-2020-12492
@@ -2786,24 +43324,24 @@ CVE-2020-12490
RESERVED
CVE-2020-12489
RESERVED
-CVE-2020-12488
- RESERVED
+CVE-2020-12488 (The attacker can access the sensitive information stored within the jo ...)
+ NOT-FOR-US: Vivo
CVE-2020-12487
RESERVED
CVE-2020-12486
RESERVED
-CVE-2020-12485
- RESERVED
+CVE-2020-12485 (The frame touch module does not make validity judgments on parameter l ...)
+ NOT-FOR-US: Vivo
CVE-2020-12484
RESERVED
-CVE-2020-12483
- RESERVED
+CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components, and the a ...)
+ NOT-FOR-US: Vivo
CVE-2020-12482
RESERVED
CVE-2020-12481
RESERVED
-CVE-2020-12480
- RESERVED
+CVE-2020-12480 (In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed ...)
+ NOT-FOR-US: Play Framework
CVE-2020-12479 (TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a ...)
- teampass <itp> (bug #730180)
CVE-2020-12478 (TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve file ...)
@@ -2854,6 +43392,7 @@ CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b102f0c522cf668c8382c56a4f771b37d011cda2 (5.6-rc6)
CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.6.14-1
NOTE: https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3)
CVE-2020-12463 (An elevation of privilege vulnerability exists in Avira Software Updat ...)
@@ -2862,18 +43401,24 @@ CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF
NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...)
NOT-FOR-US: PHP-Fusion
-CVE-2020-12460
- RESERVED
+CVE-2020-12460 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper nul ...)
+ {DLA-2639-1}
+ - opendmarc 1.4.0~beta1+dfsg-3 (bug #966464)
+ [buster] - opendmarc 1.3.2-6+deb10u2
+ NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/64
+ NOTE: https://github.com/trusteddomainproject/OpenDMARC/commit/50d28af25d8735504b6103537228ce7f76ad765f
CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the configu ...)
NOT-FOR-US: Grafana as shipped in Red Hat
CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.3. The ...)
- grafana <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1827765
NOTE: https://github.com/grafana/grafana/issues/8283
-CVE-2020-12457
- RESERVED
-CVE-2020-12456
- RESERVED
+CVE-2020-12457 (An issue was discovered in wolfSSL before 4.5.0. It mishandles the cha ...)
+ - wolfssl 4.5.0+dfsg-1 (bug #969663)
+ NOTE: https://github.com/wolfSSL/wolfssl/commit/df1b7f34f173cfc2968ce12e8fcd2fd8bcc61a59 (v4.5.0-stable)
+ NOTE: https://github.com/wolfSSL/wolfssl/pull/2927
+CVE-2020-12456 (A remote code execution vulnerability in Mitel MiVoice Connect Client ...)
+ NOT-FOR-US: Mitel
CVE-2020-12455
RESERVED
CVE-2020-12454
@@ -2903,8 +43448,8 @@ CVE-2020-12443 (BigBlueButton before 2.2.6 allows remote attackers to read arbit
NOT-FOR-US: BigBlueButton
CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated ...)
NOT-FOR-US: Ivanti
-CVE-2020-12441
- RESERVED
+CVE-2020-12441 (Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control ...)
+ NOT-FOR-US: Ivanti
CVE-2020-12440
REJECTED
CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...)
@@ -2921,13 +43466,13 @@ CVE-2020-12434
RESERVED
CVE-2020-12433
RESERVED
-CVE-2020-12432
- RESERVED
+CVE-2020-12432 (The WOPI API integration for Vereign Collabora CODE through 4.2.2 does ...)
+ NOT-FOR-US: Vereign Collabora CODE
CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software ...)
NOT-FOR-US: Splashtop Software Updater
CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...)
[experimental] - libvirt 6.2.0-1
- - libvirt <unfixed> (low; bug #959447)
+ - libvirt 6.4.0-2 (low; bug #959447)
[buster] - libvirt <no-dsa> (Minor issue)
[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -2941,85 +43486,168 @@ CVE-2020-12428
RESERVED
CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 for MyClou ...)
NOT-FOR-US: Western Digital
-CVE-2020-12426
- RESERVED
-CVE-2020-12425
- RESERVED
-CVE-2020-12424
- RESERVED
-CVE-2020-12423
- RESERVED
-CVE-2020-12422
- RESERVED
-CVE-2020-12421
- RESERVED
-CVE-2020-12420
- RESERVED
-CVE-2020-12419
- RESERVED
-CVE-2020-12418
- RESERVED
-CVE-2020-12417
- RESERVED
-CVE-2020-12416
- RESERVED
-CVE-2020-12415
- RESERVED
-CVE-2020-12414
- RESERVED
-CVE-2020-12413
- RESERVED
-CVE-2020-12412
- RESERVED
-CVE-2020-12411
- RESERVED
- - firefox <unfixed>
+CVE-2020-12426 (Mozilla developers and community members reported memory safety bugs p ...)
+ - firefox 78.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12426
+CVE-2020-12425 (Due to confusion processing a hyphen character in Date.parse(), a one- ...)
+ - firefox 78.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12425
+CVE-2020-12424 (When constructing a permission prompt for WebRTC, a URI was supplied f ...)
+ - firefox 78.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12424
+CVE-2020-12423 (When the Windows DLL "webauthn.dll" was missing from the Operating Sys ...)
+ - firefox <not-affected> (Windows-specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12423
+CVE-2020-12422 (In non-standard configurations, a JPEG image created by JavaScript cou ...)
+ - firefox 78.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422
+CVE-2020-12421 (When performing add-on updates, certificate chains terminating in non- ...)
+ {DSA-4718-1 DSA-4713-1}
+ - firefox 78.0-1
+ - firefox-esr 68.10.0esr-1
+ - thunderbird 1:68.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12421
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12421
+CVE-2020-12420 (When trying to connect to a STUN server, a race condition could have c ...)
+ {DSA-4718-1 DSA-4713-1}
+ - firefox 78.0-1
+ - firefox-esr 68.10.0esr-1
+ - thunderbird 1:68.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12420
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12420
+CVE-2020-12419 (When processing callbacks that occurred during window flushing in the ...)
+ {DSA-4718-1 DSA-4713-1}
+ - firefox 78.0-1
+ - firefox-esr 68.10.0esr-1
+ - thunderbird 1:68.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12419
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12419
+CVE-2020-12418 (Manipulating individual parts of a URL object could have caused an out ...)
+ {DSA-4718-1 DSA-4713-1}
+ - firefox 78.0-1
+ - firefox-esr 68.10.0esr-1
+ - thunderbird 1:68.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12418
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12418
+CVE-2020-12417 (Due to confusion about ValueTags on JavaScript Objects, an object may ...)
+ {DSA-4718-1 DSA-4713-1}
+ - firefox 78.0-1
+ - firefox-esr 68.10.0esr-1
+ - thunderbird 1:68.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12417
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12417
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12417
+CVE-2020-12416 (A VideoStreamEncoder may have been freed in a race condition with Vide ...)
+ - firefox 78.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12416
+CVE-2020-12415 (When "%2F" was present in a manifest URL, Firefox's AppCache behavior ...)
+ - firefox 78.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12415
+CVE-2020-12414 (IndexedDB should be cleared when leaving private browsing mode and it ...)
+ - firefox <not-affected> (Specific to Firefox on iOS)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/#CVE-2020-12414
+CVE-2020-12413 [racoon attack for NSS]
+ RESERVED
+ - nss 2:3.17-1
+ [buster] - nss <no-dsa> (Minor issue)
+ [stretch] - nss <no-dsa> (Minor issue)
+ NOTE: https://raccoon-attack.com/
+ NOTE: Starting with 3.17 NSS allows to disable reuse of ECDHE keys, marking this
+ NOTE: as the "fixed" version for unstable:
+ NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17_release_notes
+CVE-2020-12412 (By navigating a tab using the history API, an attacker could cause the ...)
+ - firefox 70.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2020-12412
+CVE-2020-12411 (Mozilla developers reported memory safety bugs present in Firefox 76. ...)
+ - firefox 77.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
-CVE-2020-12410
- RESERVED
-CVE-2020-12409
- RESERVED
- - firefox <unfixed>
+CVE-2020-12410 (Mozilla developers reported memory safety bugs present in Firefox 76 a ...)
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
+ - firefox 77.0-1
+ - firefox-esr 68.9.0esr-1
+ - thunderbird 1:68.9.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12410
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12410
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12410
+CVE-2020-12409 (When using certain blank characters in a URL, they where incorrectly r ...)
+ - firefox 77.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12409
-CVE-2020-12408
- RESERVED
- - firefox <unfixed>
+CVE-2020-12408 (When browsing a document hosted on an IP address, an attacker could in ...)
+ - firefox 77.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12408
-CVE-2020-12407
- RESERVED
- - firefox <unfixed>
+CVE-2020-12407 (Mozilla Developer Nicolas Silva found that when using WebRender, Firef ...)
+ - firefox 77.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
-CVE-2020-12406
- RESERVED
- - firefox <unfixed>
+CVE-2020-12406 (Mozilla Developer Iain Ireland discovered a missing type check during ...)
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
+ - firefox 77.0-1
+ - firefox-esr 68.9.0esr-1
+ - thunderbird 1:68.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12406
-CVE-2020-12405
- RESERVED
- - firefox <unfixed>
- - firefox-esr <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406
+CVE-2020-12405 (When browsing a malicious page, a race condition in our SharedWorkerSe ...)
+ {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
+ - firefox 77.0-1
+ - firefox-esr 68.9.0esr-1
+ - thunderbird 1:68.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12405
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405
-CVE-2020-12404
- RESERVED
-CVE-2020-12403
- RESERVED
-CVE-2020-12402
- RESERVED
-CVE-2020-12401
- RESERVED
-CVE-2020-12400
- RESERVED
-CVE-2020-12399 [Force a fixed length for DSA exponentiation]
- RESERVED
- - firefox <unfixed>
- - firefox-esr <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12405
+CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be passed ...)
+ - firefox <not-affected> (Specific to iOS)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404
+CVE-2020-12403 (A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i ...)
+ {DLA-2388-1}
+ - nss 2:3.55-1
+ [buster] - nss <no-dsa> (Minor issue)
+ NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38
+ NOTE: https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1868931
+CVE-2020-12402 (During RSA key generation, bignum implementations used a variation of ...)
+ {DSA-4726-1 DLA-2388-1 DLA-2266-1}
+ - nss 2:3.53.1-1 (bug #963152)
+ NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
+ NOTE: Fixed upstream in 3.53.1
+CVE-2020-12401 (During ECDSA signature generation, padding applied in the nonce design ...)
+ {DLA-2388-1}
+ - firefox 80.0-1
+ - nss 2:3.55-1
+ [buster] - nss <no-dsa> (Minor issue)
+ NOTE: https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private)
+ NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401
+CVE-2020-12400 (When converting coordinates from projective to affine, the modular inv ...)
+ {DLA-2388-1}
+ - firefox 80.0-1
+ - nss 2:3.55-1
+ [buster] - nss <no-dsa> (Minor issue)
+ NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
+ NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
+ NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
+ NOTE: Issue relates to CVE-2020-6829 and resolved in the same commits.
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12400
+CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures, which ...)
+ {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2388-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
+ - firefox 77.0-1
+ - firefox-esr 68.9.0esr-1
- nss 2:3.53-1 (bug #961752)
+ - thunderbird 1:68.9.0-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631576 (non-public)
NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12399
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12399
-CVE-2020-12398
- RESERVED
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399
+CVE-2020-12398 (If Thunderbird is configured to use STARTTLS for an IMAP server, and t ...)
+ {DSA-4702-1 DLA-2247-1}
+ - thunderbird 1:68.9.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398
CVE-2020-12397 (By encoding Unicode whitespace characters within the From email header ...)
{DSA-4683-1 DLA-2206-1}
- thunderbird 1:68.8.0-1
@@ -3052,7 +43680,7 @@ CVE-2020-12392 (The 'Copy as cURL' feature of Devtools' network tab did not prop
- thunderbird 1:68.8.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12392
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12392
- NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12392
CVE-2020-12391 (Documents formed using data: URLs in an OBJECT element failed to inher ...)
- firefox 76.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12391
@@ -3077,90 +43705,134 @@ CVE-2020-12387 (A race condition when running shutdown code for Web Worker led t
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12387
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12387
-CVE-2020-12386
- RESERVED
-CVE-2020-12385
- RESERVED
-CVE-2020-12384
- RESERVED
+CVE-2020-12386 (Out-of-bounds write in some Intel(R) Graphics Drivers before version 1 ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-12385 (Improper input validation in some Intel(R) Graphics Drivers before ver ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-12384 (Improper access control in some Intel(R) Graphics Drivers before versi ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-12383
RESERVED
CVE-2020-12382
RESERVED
CVE-2020-12381
RESERVED
-CVE-2020-12380
- RESERVED
+CVE-2020-12380 (Out of bounds read in the BMC firmware for some Intel(R) Server Boards ...)
+ NOT-FOR-US: Intel
CVE-2020-12379
RESERVED
CVE-2020-12378
RESERVED
-CVE-2020-12377
- RESERVED
-CVE-2020-12376
- RESERVED
-CVE-2020-12375
- RESERVED
-CVE-2020-12374
- RESERVED
-CVE-2020-12373
- RESERVED
-CVE-2020-12372
- RESERVED
-CVE-2020-12371
- RESERVED
-CVE-2020-12370
- RESERVED
-CVE-2020-12369
- RESERVED
-CVE-2020-12368
- RESERVED
-CVE-2020-12367
- RESERVED
-CVE-2020-12366
- RESERVED
-CVE-2020-12365
- RESERVED
-CVE-2020-12364
- RESERVED
-CVE-2020-12363
- RESERVED
-CVE-2020-12362
- RESERVED
-CVE-2020-12361
- RESERVED
-CVE-2020-12360
- RESERVED
-CVE-2020-12359
- RESERVED
-CVE-2020-12358
- RESERVED
-CVE-2020-12357
- RESERVED
-CVE-2020-12356
- RESERVED
-CVE-2020-12355
- RESERVED
-CVE-2020-12354
- RESERVED
-CVE-2020-12353
- RESERVED
-CVE-2020-12352
- RESERVED
-CVE-2020-12351
- RESERVED
-CVE-2020-12350
- RESERVED
-CVE-2020-12349
- RESERVED
+CVE-2020-12377 (Insufficient input validation in the BMC firmware for some Intel(R) Se ...)
+ NOT-FOR-US: Intel
+CVE-2020-12376 (Use of hard-coded key in the BMC firmware for some Intel(R) Server Boa ...)
+ NOT-FOR-US: Intel
+CVE-2020-12375 (Heap overflow in the BMC firmware for some Intel(R) Server Boards, Ser ...)
+ NOT-FOR-US: Intel
+CVE-2020-12374 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...)
+ NOT-FOR-US: Intel
+CVE-2020-12373 (Expired pointer dereference in some Intel(R) Graphics Drivers before v ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-12372 (Unchecked return value in some Intel(R) Graphics Drivers before versio ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-12371 (Divide by zero in some Intel(R) Graphics Drivers before version 26.20. ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-12370 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-12369 (Out of bound write in some Intel(R) Graphics Drivers before version 26 ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-12368 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-12367 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-12366 (Insufficient input validation in some Intel(R) Graphics Drivers before ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-12365 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Windows* ...)
+ - linux <unfixed>
+ [bullseye] - linux <ignored> (Too intrusive to backport)
+ [buster] - linux <ignored> (Too intrusive to backport)
+ - firmware-nonfree 20210208-1
+ [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
+ [stretch] - firmware-nonfree <ignored> (Minor issue, too intrusive to fix since kernel patch is needed)
+ NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
+ NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
+ NOTE: firmware is required. The new firmware requires a kernel patch
+ NOTE: https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26
+ NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b
+ NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load
+ NOTE: the updated firmware, thus also marking linux as affected
+CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for Window ...)
+ - linux <unfixed>
+ [bullseye] - linux <ignored> (Too intrusive to backport)
+ [buster] - linux <ignored> (Too intrusive to backport)
+ - firmware-nonfree 20210208-1
+ [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
+ [stretch] - firmware-nonfree <ignored> (Minor issue, too intrusive to fix since kernel patch is needed)
+ NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
+ NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
+ NOTE: firmware is required. The new firmware requires a kernel patch
+ NOTE: https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26
+ NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b
+ NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load
+ NOTE: the updated firmware, thus also marking linux as affected
+CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Drivers fo ...)
+ - linux <unfixed>
+ [bullseye] - linux <ignored> (Too intrusive to backport)
+ [buster] - linux <ignored> (Too intrusive to backport)
+ - firmware-nonfree 20210208-1
+ [buster] - firmware-nonfree <no-dsa> (Non-free not supported)
+ [stretch] - firmware-nonfree <ignored> (Minor issue, too intrusive to fix since kernel patch is needed)
+ NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
+ NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the
+ NOTE: firmware is required. The new firmware requires a kernel patch
+ NOTE: https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26
+ NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b
+ NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load
+ NOTE: the updated firmware, thus also marking linux as affected
+CVE-2020-12361 (Use after free in some Intel(R) Graphics Drivers before version 15.33. ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-12360 (Out of bounds read in the firmware for some Intel(R) Processors may al ...)
+ NOT-FOR-US: Intel
+CVE-2020-12359 (Insufficient control flow management in the firmware for some Intel(R) ...)
+ NOT-FOR-US: Intel
+CVE-2020-12358 (Out of bounds write in the firmware for some Intel(R) Processors may a ...)
+ NOT-FOR-US: Intel
+CVE-2020-12357 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ NOT-FOR-US: Intel
+CVE-2020-12356 (Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.8 ...)
+ NOT-FOR-US: Intel
+CVE-2020-12355 (Authentication bypass by capture-replay in RPMB protocol message authe ...)
+ NOT-FOR-US: Intel
+CVE-2020-12354 (Incorrect default permissions in Windows(R) installer in Intel(R) AMT ...)
+ NOT-FOR-US: Intel
+CVE-2020-12353 (Improper permissions in the Intel(R) Data Center Manager Console befor ...)
+ NOT-FOR-US: Intel
+CVE-2020-12352 (Improper access control in BlueZ may allow an unauthenticated user to ...)
+ {DSA-4774-1 DLA-2420-1 DLA-2417-1}
+ - linux 5.9.1-1
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
+ NOTE: https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq
+ NOTE: Fixed by: https://git.kernel.org/linus/eddb7732119d53400f48a02536a84c509692faa8
+CVE-2020-12351 (Improper input validation in BlueZ may allow an unauthenticated user t ...)
+ {DSA-4774-1 DLA-2420-1 DLA-2417-1}
+ - linux 5.9.1-1
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
+ NOTE: https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
+ NOTE: Fixed by: https://git.kernel.org/linus/f19425641cb2572a33cb074d5e30283720bd4d22
+CVE-2020-12350 (Improper access control in the Intel(R) XTU before version 6.5.1.360 m ...)
+ NOT-FOR-US: Intel
+CVE-2020-12349 (Improper input validation in the Intel(R) Data Center Manager Console ...)
+ NOT-FOR-US: Intel
CVE-2020-12348
RESERVED
-CVE-2020-12347
- RESERVED
-CVE-2020-12346
- RESERVED
-CVE-2020-12345
- RESERVED
+CVE-2020-12347 (Improper input validation in the Intel(R) Data Center Manager Console ...)
+ NOT-FOR-US: Intel
+CVE-2020-12346 (Improper permissions in the installer for the Intel(R) Battery Life Di ...)
+ NOT-FOR-US: Intel
+CVE-2020-12345 (Improper permissions in the installer for the Intel(R) Data Center Man ...)
+ NOT-FOR-US: Intel
CVE-2020-12344
RESERVED
CVE-2020-12343
@@ -3171,128 +43843,153 @@ CVE-2020-12341
RESERVED
CVE-2020-12340
RESERVED
-CVE-2020-12339
- RESERVED
-CVE-2020-12338
- RESERVED
-CVE-2020-12337
- RESERVED
-CVE-2020-12336
- RESERVED
-CVE-2020-12335
- RESERVED
-CVE-2020-12334
- RESERVED
-CVE-2020-12333
- RESERVED
-CVE-2020-12332
- RESERVED
-CVE-2020-12331
- RESERVED
-CVE-2020-12330
- RESERVED
-CVE-2020-12329
- RESERVED
-CVE-2020-12328
- RESERVED
-CVE-2020-12327
- RESERVED
-CVE-2020-12326
- RESERVED
-CVE-2020-12325
- RESERVED
-CVE-2020-12324
- RESERVED
-CVE-2020-12323
- RESERVED
-CVE-2020-12322
- RESERVED
-CVE-2020-12321
- RESERVED
-CVE-2020-12320
- RESERVED
-CVE-2020-12319
- RESERVED
-CVE-2020-12318
- RESERVED
-CVE-2020-12317
- RESERVED
-CVE-2020-12316
- RESERVED
-CVE-2020-12315
- RESERVED
-CVE-2020-12314
- RESERVED
-CVE-2020-12313
- RESERVED
-CVE-2020-12312
- RESERVED
-CVE-2020-12311
- RESERVED
-CVE-2020-12310
- RESERVED
-CVE-2020-12309
- RESERVED
-CVE-2020-12308
- RESERVED
-CVE-2020-12307
- RESERVED
-CVE-2020-12306
- RESERVED
+CVE-2020-12339 (Insufficient control flow management in the API for the Intel(R) Colla ...)
+ NOT-FOR-US: Intel
+CVE-2020-12338 (Insufficient control flow management in the Open WebRTC Toolkit before ...)
+ NOT-FOR-US: Intel
+CVE-2020-12337 (Improper buffer restrictions in firmware for some Intel(R) NUCs may al ...)
+ NOT-FOR-US: Intel
+CVE-2020-12336 (Insecure default variable initialization in firmware for some Intel(R) ...)
+ NOT-FOR-US: Intel
+CVE-2020-12335 (Improper permissions in the installer for the Intel(R) Processor Ident ...)
+ NOT-FOR-US: Intel
+CVE-2020-12334 (Improper permissions in the installer for the Intel(R) Advisor tools b ...)
+ NOT-FOR-US: Intel
+CVE-2020-12333 (Insufficiently protected credentials in the Intel(R) QAT for Linux bef ...)
+ NOT-FOR-US: Intel
+CVE-2020-12332 (Improper permissions in the installer for the Intel(R) HID Event Filte ...)
+ NOT-FOR-US: Intel
+CVE-2020-12331 (Improper access controls in Intel Unite(R) Cloud Service client before ...)
+ NOT-FOR-US: Intel
+CVE-2020-12330 (Improper permissions in the installer for the Intel(R) Falcon 8+ UAS A ...)
+ NOT-FOR-US: Intel
+CVE-2020-12329 (Uncontrolled search path in the Intel(R) VTune(TM) Profiler before ver ...)
+ NOT-FOR-US: Intel
+CVE-2020-12328 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH driv ...)
+ NOT-FOR-US: Intel
+CVE-2020-12327 (Insecure default variable initialization in some Intel(R) Thunderbolt( ...)
+ NOT-FOR-US: Intel
+CVE-2020-12326 (Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers f ...)
+ NOT-FOR-US: Intel
+CVE-2020-12325 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...)
+ NOT-FOR-US: Intel
+CVE-2020-12324 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH driv ...)
+ NOT-FOR-US: Intel
+CVE-2020-12323 (Improper input validation in the Intel(R) ADAS IE before version ADAS_ ...)
+ NOT-FOR-US: Intel
+CVE-2020-12322 (Improper input validation in some Intel(R) Wireless Bluetooth(R) produ ...)
+ NOT-FOR-US: Intel (Wireless Bluetooth products, but only affecting Windows)
+CVE-2020-12321 (Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) pro ...)
+ - firmware-nonfree <undetermined>
+ [buster] - firmware-nonfree <no-dsa> (non-free not supported)
+ [stretch] - firmware-nonfree <no-dsa> (Minor issue, can be considered if some other major issue appear)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html
+ NOTE: See notes for CVE-2020-12313
+CVE-2020-12320 (Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM be ...)
+ NOT-FOR-US: Intel
+CVE-2020-12319 (Insufficient control flow management in some Intel(R) PROSet/Wireless ...)
+ - firmware-nonfree <undetermined>
+ [buster] - firmware-nonfree <no-dsa> (non-free not supported)
+ [stretch] - firmware-nonfree <no-dsa> (Minor issue, can be considered if some other major issue appear)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
+ NOTE: See notes for CVE-2020-12313
+CVE-2020-12318 (Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi pro ...)
+ NOT-FOR-US: Intel PROSet/Wireless WiFi products (not applicable to Linux)
+CVE-2020-12317 (Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi prod ...)
+ - firmware-nonfree <undetermined>
+ [buster] - firmware-nonfree <no-dsa> (non-free not supported)
+ [stretch] - firmware-nonfree <no-dsa> (Minor Issue, May be considered if some major issue appear)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
+ NOTE: See notes for CVE-2020-12313
+CVE-2020-12316 (Insufficiently protected credentials in the Intel(R) EMA before versio ...)
+ NOT-FOR-US: Intel
+CVE-2020-12315 (Path traversal in the Intel(R) EMA before version 1.3.3 may allow an u ...)
+ NOT-FOR-US: Intel
+CVE-2020-12314 (Improper input validation in some Intel(R) PROSet/Wireless WiFi produc ...)
+ NOT-FOR-US: Intel PROSet/Wireless WiFi products (not applicable to Linux)
+CVE-2020-12313 (Insufficient control flow management in some Intel(R) PROSet/Wireless ...)
+ - firmware-nonfree <undetermined>
+ [buster] - firmware-nonfree <no-dsa> (non-free not supported)
+ [stretch] - firmware-nonfree <no-dsa> (Minor Issue, May be considered if some major issue appear)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html
+ NOTE: Fixed firmware blobs:
+ NOTE: ibt-18-16-1.sfi: FW Build: REL17064 Release Version: 22.20.0.3
+ NOTE: ibt-hw-37.8.10-fw-22.50.19.14.f.bseq
+ NOTE: Not shipped in Debian: Wi-Fi 6 AX200, Wireless-AC 9560, Wireless-AC 9462, Wireless-AC 9461, Dual Band Wireless-AC 3165
+ NOTE: Intel seems to have missed the update for ibt-12-16.sfi, last update from May 2019
+ NOTE: Intel seems to have missed the update for ibt-11-5.sfi, last update from Jan 2019
+ NOTE: There's no conclusive information which allows to track these, until something
+ NOTE: gets confirmed by Intel, track as <undetermined>
+CVE-2020-12312 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...)
+ NOT-FOR-US: Intel
+CVE-2020-12311 (Insufficient control flow managementin firmware in some Intel(R) Clien ...)
+ NOT-FOR-US: Intel
+CVE-2020-12310 (Insufficient control flow managementin firmware in some Intel(R) Clien ...)
+ NOT-FOR-US: Intel
+CVE-2020-12309 (Insufficiently protected credentialsin subsystem in some Intel(R) Clie ...)
+ NOT-FOR-US: Intel
+CVE-2020-12308 (Improper access control for the Intel(R) Computing Improvement Program ...)
+ NOT-FOR-US: Intel
+CVE-2020-12307 (Improper permissions in some Intel(R) High Definition Audio drivers be ...)
+ NOT-FOR-US: Intel
+CVE-2020-12306 (Incorrect default permissions in the Intel(R) RealSense(TM) D400 Serie ...)
+ NOT-FOR-US: Intel
CVE-2020-12305
RESERVED
-CVE-2020-12304
- RESERVED
-CVE-2020-12303
- RESERVED
-CVE-2020-12302
- RESERVED
-CVE-2020-12301
- RESERVED
-CVE-2020-12300
- RESERVED
-CVE-2020-12299
- RESERVED
+CVE-2020-12304 (Improper access control in Installer for Intel(R) DAL SDK before versi ...)
+ NOT-FOR-US: Intel
+CVE-2020-12303 (Use after free in DAL subsystem for Intel(R) CSME versions before 11.8 ...)
+ NOT-FOR-US: Intel
+CVE-2020-12302 (Improper permissions in the Intel(R) Driver &amp; Support Assistant be ...)
+ NOT-FOR-US: Intel
+CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...)
+ NOT-FOR-US: Intel
+CVE-2020-12300 (Uninitialized pointer in BIOS firmware for Intel(R) Server Board Famil ...)
+ NOT-FOR-US: Intel
+CVE-2020-12299 (Improper input validation in BIOS firmware for Intel(R) Server Board F ...)
+ NOT-FOR-US: Intel
CVE-2020-12298
RESERVED
-CVE-2020-12297
- RESERVED
-CVE-2020-12296
- RESERVED
-CVE-2020-12295
- RESERVED
-CVE-2020-12294
- RESERVED
-CVE-2020-12293
- RESERVED
-CVE-2020-12292
- RESERVED
-CVE-2020-12291
- RESERVED
-CVE-2020-12290
- RESERVED
-CVE-2020-12289
- RESERVED
-CVE-2020-12288
- RESERVED
-CVE-2020-12287
- RESERVED
+CVE-2020-12297 (Improper access control in Installer for Intel(R) CSME Driver for Wind ...)
+ NOT-FOR-US: Intel
+CVE-2020-12296 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...)
+ NOT-FOR-US: Intel
+CVE-2020-12295 (Improper input validation in some Intel(R) Thunderbolt(TM) controllers ...)
+ NOT-FOR-US: Intel
+CVE-2020-12294 (Insufficient control flow management in some Intel(R) Thunderbolt(TM) ...)
+ NOT-FOR-US: Intel
+CVE-2020-12293 (Improper control of a resource through its lifetime in some Intel(R) T ...)
+ NOT-FOR-US: Intel
+CVE-2020-12292 (Improper conditions check in some Intel(R) Thunderbolt(TM) controllers ...)
+ NOT-FOR-US: Intel
+CVE-2020-12291 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...)
+ NOT-FOR-US: Intel
+CVE-2020-12290 (Improper access control in some Intel(R) Thunderbolt(TM) controllers m ...)
+ NOT-FOR-US: Intel
+CVE-2020-12289 (Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may a ...)
+ NOT-FOR-US: Intel
+CVE-2020-12288 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) controll ...)
+ NOT-FOR-US: Intel
+CVE-2020-12287 (Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Too ...)
+ NOT-FOR-US: Intel
CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...)
NOT-FOR-US: Octopus Deploy
CVE-2020-12285
RESERVED
-CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a ...)
- - ffmpeg <unfixed>
+CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2 ...)
+ {DSA-4722-1}
+ - ffmpeg 7:4.2.3-1
+ [stretch] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734
NOTE: https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726
CVE-2020-12283 (Sourcegraph before 3.15.1 has a vulnerable authentication workflow bec ...)
NOT-FOR-US: Sourcegraph
-CVE-2020-12282
- RESERVED
-CVE-2020-12281
- RESERVED
-CVE-2020-12280
- RESERVED
+CVE-2020-12282 (iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in ...)
+ NOT-FOR-US: iSmartgate PRO
+CVE-2020-12281 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
+ NOT-FOR-US: iSmartgate PRO
+CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
+ NOT-FOR-US: iSmartgate PRO
CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
- libgit2 0.28.4+dfsg.1-2
[buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
@@ -3308,24 +44005,27 @@ CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before
NOTE: https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb
CVE-2020-12277 (GitLab 10.8 through 12.9 has a vulnerability that allows someone to mi ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-12276 (GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin noti ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-12275 (GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url param ...)
NOT-FOR-US: TestLink
CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...)
NOT-FOR-US: TestLink
CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...)
- - opendmarc <unfixed>
+ - opendmarc 1.4.0~beta1+dfsg-4 (bug #977767)
+ [buster] - opendmarc <no-dsa> (Minor issue)
+ [stretch] - opendmarc <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceforge.net/p/opendmarc/tickets/237/
NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
+ NOTE: Fix: https://github.com/trusteddomainproject/OpenDMARC/commit/f3a9a9d4edfaa05102292727d021683f58aa4b6e
CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...)
NOT-FOR-US: SFOS
CVE-2020-12270 (** DISPUTED ** React Native Bluetooth Scan in Bluezone 1.0.0 uses six- ...)
@@ -3333,9 +44033,9 @@ CVE-2020-12270 (** DISPUTED ** React Native Bluetooth Scan in Bluezone 1.0.0 use
CVE-2020-12269
RESERVED
CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 h ...)
+ {DLA-2796-1}
- jbig2dec 0.18-1
[buster] - jbig2dec <no-dsa> (Minor issue)
- [stretch] - jbig2dec <no-dsa> (Minor issue)
[jessie] - jbig2dec <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332
NOTE: https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
@@ -3344,7 +44044,7 @@ CVE-2020-12267 (setMarkdown in Qt before 5.14.2 has a use-after-free related to
NOTE: https://github.com/qt/qtbase/commit/7447e2b337f12b4d04935d0f30fc673e4327d5a0
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450
NOTE: The 5.14 in experimental contains the code, but is already fixed
-CVE-2020-12266 (An issue was discovered on WAVLINK WL-WN579G3 M79X3.V5030.180719, WL-W ...)
+CVE-2020-12266 (An issue was discovered where there are multiple externally accessible ...)
NOT-FOR-US: WAVLINK
CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...)
NOT-FOR-US: Node decompress
@@ -3352,8 +44052,8 @@ CVE-2020-12264
RESERVED
CVE-2020-12263
RESERVED
-CVE-2020-12262
- RESERVED
+CVE-2020-12262 (Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61 ...)
+ NOT-FOR-US: Intelbras
CVE-2020-12261 (Open-AudIT 3.3.0 allows an XSS attack after login. ...)
NOT-FOR-US: Open-AudIT
CVE-2020-12260
@@ -3380,10 +44080,10 @@ CVE-2020-12250
RESERVED
CVE-2020-12249
RESERVED
-CVE-2020-12248
- RESERVED
-CVE-2020-12247
- RESERVED
+CVE-2020-12248 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...)
+ NOT-FOR-US: Foxit
+CVE-2020-12247 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...)
+ NOT-FOR-US: Foxit
CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings &gt; Other & ...)
NOT-FOR-US: Beeline Smart Box
CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...)
@@ -3392,7 +44092,7 @@ CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or
CVE-2020-12244 (An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where ...)
{DSA-4691-1}
- pdns-recursor 4.3.1-1
- [stretch] - pdns-recursor <end-of-life> (No longer supported, see DSA 4691)
+ [jessie] - pdns-recursor <not-affected> (Vulnerable code added later)
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
CVE-2020-12243 (In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters wi ...)
@@ -3587,26 +44287,26 @@ CVE-2020-12151
RESERVED
CVE-2020-12150
RESERVED
-CVE-2020-12149
- RESERVED
-CVE-2020-12148
- RESERVED
-CVE-2020-12147
- RESERVED
-CVE-2020-12146
- RESERVED
-CVE-2020-12145
- RESERVED
+CVE-2020-12149 (The configuration backup/restore function in Silver Peak Unity ECOSTM ...)
+ NOT-FOR-US: Silver Peak Unity ECOSTM (ECOS) appliance software
+CVE-2020-12148 (A command injection flaw identified in the nslookup API in Silver Peak ...)
+ NOT-FOR-US: Silver Peak Unity ECOSTM (ECOS) appliance software
+CVE-2020-12147 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...)
+ NOT-FOR-US: Silver Peak Unity Orchestrator
+CVE-2020-12146 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...)
+ NOT-FOR-US: Silver Peak Unity Orchestrator
+CVE-2020-12145 (Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or ...)
+ NOT-FOR-US: Silver Peak Unity Orchestrator
CVE-2020-12144 (The certificate used to identify the Silver Peak Cloud Portal to EdgeC ...)
NOT-FOR-US: Silver Peak Cloud Portal
CVE-2020-12143 (The certificate used to identify Orchestrator to EdgeConnect devices i ...)
NOT-FOR-US: EdgeConnect
CVE-2020-12142 (1. IPSec UDP key material can be retrieved from machine-to-machine int ...)
NOT-FOR-US: EdgeConnect
-CVE-2020-12141
- RESERVED
-CVE-2020-12140
- RESERVED
+CVE-2020-12141 (An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier ...)
+ NOT-FOR-US: SNMP stack in Contiki-NG
+CVE-2020-12140 (A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Co ...)
+ NOT-FOR-US: Contiki-NG
CVE-2020-12139
RESERVED
CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact ...)
@@ -3630,24 +44330,24 @@ CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolde
NOT-FOR-US: AirDisk Pro app for iOS
CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal rela ...)
NOT-FOR-US: DONG JOO CHO File Transfer iFamily
-CVE-2020-12127
- RESERVED
-CVE-2020-12126
- RESERVED
-CVE-2020-12125
- RESERVED
-CVE-2020-12124
- RESERVED
-CVE-2020-12123
- RESERVED
-CVE-2020-12122
- RESERVED
+CVE-2020-12127 (An information disclosure vulnerability in the /cgi-bin/ExportAllSetti ...)
+ NOT-FOR-US: WAVLINK
+CVE-2020-12126 (Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoi ...)
+ NOT-FOR-US: WAVLINK
+CVE-2020-12125 (A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi ...)
+ NOT-FOR-US: WAVLINK
+CVE-2020-12124 (A remote command-line injection vulnerability in the /cgi-bin/live_api ...)
+ NOT-FOR-US: WAVLINK
+CVE-2020-12123 (CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 ...)
+ NOT-FOR-US: WAVLINK
+CVE-2020-12122 (In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc ...)
+ NOT-FOR-US: Max Secure Max Spyware Detector
CVE-2020-12121
RESERVED
CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote ...)
NOT-FOR-US: PrestaShop
-CVE-2020-12119
- RESERVED
+CVE-2020-12119 (Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF ...)
+ NOT-FOR-US: Ledger Live
CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2.0 all ...)
NOT-FOR-US: Binance tss-lib
CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allo ...)
@@ -3657,6 +44357,7 @@ CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Relea
CVE-2020-12115
RESERVED
CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.3.7-1
NOTE: https://www.openwall.com/lists/oss-security/2020/05/04/2
CVE-2020-12113 (BigBlueButton before 2.2.4 allows XSS via closed captions because dang ...)
@@ -3670,13 +44371,14 @@ CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This af
CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...)
NOT-FOR-US: TP-Link
CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...)
- {DLA-2204-1}
+ {DSA-4991-1 DLA-2276-1 DLA-2204-1}
- mailman <removed>
NOTE: https://bugs.launchpad.net/mailman/+bug/1873722
-CVE-2020-12107
- RESERVED
-CVE-2020-12106
- RESERVED
+ NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1844
+CVE-2020-12107 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command ...)
+ NOT-FOR-US: VPNCrypt
+CVE-2020-12106 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthe ...)
+ NOT-FOR-US: VPNCrypt
CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from X509_c ...)
- openconnect <unfixed> (unimportant; bug #959428)
[jessie] - openconnect <not-affected> (Vulnerable code introduced later)
@@ -3691,8 +44393,26 @@ CVE-2020-12102 (In Tiny File Manager 2.4.1, there is a Path Traversal vulnerabil
NOT-FOR-US: Tiny File Manager
CVE-2020-12101 (The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remo ...)
NOT-FOR-US: xt:Commerce
-CVE-2020-12100
- RESERVED
+CVE-2020-12100 (In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp ...)
+ {DSA-4745-1 DLA-2328-1}
+ - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/1
+ NOTE: https://github.com/dovecot/core/commit/d4bb43a08ab9ecfab7249a17279e5f773c8abaad
+ NOTE: https://github.com/dovecot/core/commit/6d77e00e4d170efde908591dc5871a8e48ea844b
+ NOTE: https://github.com/dovecot/core/commit/926742088a3c66c11099386b2c6e80999c29f405
+ NOTE: https://github.com/dovecot/core/commit/e5830ae88531a32db36c97ebf122cba9a39cf801
+ NOTE: https://github.com/dovecot/core/commit/cb00e21fd70aae49453aedc1bb33c0765ab98667
+ NOTE: https://github.com/dovecot/core/commit/5ecadd30746d91854b5aa484feff9c70ea91c20b
+ NOTE: https://github.com/dovecot/core/commit/24f0bfefdbccaaaaab9f52be428648ec3f1c34d3
+ NOTE: https://github.com/dovecot/core/commit/02c7c6dbb51748a5af8b0c70a499a3ab17de8490
+ NOTE: https://github.com/dovecot/core/commit/729941c996ee0b0ede40f462c9e34ceb6a6bd049
+ NOTE: https://github.com/dovecot/core/commit/8dbc754a31fbf7684e858aa1fb633b8dfbeb13cf
+ NOTE: https://github.com/dovecot/core/commit/a175d654c3bc4d57641b871bbff99c10799b7d67
+ NOTE: https://github.com/dovecot/core/commit/a676cb539fc1545c58d1341baa2f875f7b694133
+ NOTE: https://github.com/dovecot/core/commit/0f46088a1af7b493db76a1d97ef4ecc6bb41f5a4
+ NOTE: https://github.com/dovecot/core/commit/7868f5f49be91fe51795b477a5440e69c1540716
+ NOTE: https://github.com/dovecot/core/commit/be53a118e789886efcdd57c513651c5148651161
+ NOTE: https://github.com/dovecot/core/commit/19193f40b1d74e8d4ef88121992b4a61d84773e3
CVE-2020-12099
RESERVED
CVE-2020-12098
@@ -3725,14 +44445,14 @@ CVE-2020-12085
RESERVED
CVE-2020-12084
RESERVED
-CVE-2020-12083
- RESERVED
-CVE-2020-12082
- RESERVED
-CVE-2020-12081
- RESERVED
-CVE-2020-12080
- RESERVED
+CVE-2020-12083 (An elevated privileges issue related to Spring MVC calls impacts Code ...)
+ NOT-FOR-US: Code Insight
+CVE-2020-12082 (A stored cross-site scripting issue impacts certain areas of the Web U ...)
+ NOT-FOR-US: Insight
+CVE-2020-12081 (An information disclosure vulnerability has been identified in FlexNet ...)
+ NOT-FOR-US: FlexNet Publisher lmadmin.exe
+CVE-2020-12080 (A Denial of Service vulnerability has been identified in FlexNet Publi ...)
+ NOT-FOR-US: FlexNet
CVE-2020-12137 (GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ...)
{DSA-4664-1 DLA-2200-1}
- mailman <removed> (bug #958930)
@@ -3765,7 +44485,8 @@ CVE-2020-12068 (An issue was discovered in CODESYS Development System before 3.5
CVE-2020-12067
RESERVED
CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before ...)
- - teeworlds <unfixed>
+ {DSA-4763-1}
+ - teeworlds 0.7.5-1
[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
NOTE: https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5
NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=14785
@@ -3778,21 +44499,27 @@ CVE-2020-12063 (** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an
NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/12
NOTE: Not considered a Postfix vulnerability and scope is outside of the design goals
CVE-2020-12062 (** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplica ...)
- TODO: check
-CVE-2020-12061
- RESERVED
+ - openssh 1:8.3p1-1 (unimportant)
+ NOTE: https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1
+ NOTE: https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894
+ NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/1
+ NOTE: Negligible security impact, a malicious peer can achieve no more than already
+ NOTE: able o achieve within the scp protocol.
+CVE-2020-12061 (An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Com ...)
+ NOT-FOR-US: Nitrokey firmware
CVE-2020-12060
RESERVED
CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...)
- ceph 14.2.4-1
+ [buster] - ceph <no-dsa> (Minor issue)
[stretch] - ceph <not-affected> (Vulnerable code introduced later)
[jessie] - ceph <not-affected> (Vulnerable code introduced later)
NOTE: https://tracker.ceph.com/issues/44967
NOTE: Introduced with: https://github.com/ceph/ceph/commit/5fb068114bb3da2f8fabea89160a8453f861dc96 (v12.1.1)
NOTE: Fixed by: https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3 (v13.2.10)
NOTE: Consider 14.x series as fixed due to the use of the new style xml parsing.
-CVE-2020-12058
- RESERVED
+CVE-2020-12058 (Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 al ...)
+ NOT-FOR-US: osCommerce CE Phoenix
CVE-2020-12057
RESERVED
CVE-2020-12056
@@ -3801,8 +44528,8 @@ CVE-2020-12055
RESERVED
CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflecte ...)
NOT-FOR-US: Catch Breadcrumb plugin for WordPress
-CVE-2020-12053
- RESERVED
+CVE-2020-12053 (In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-ba ...)
+ NOT-FOR-US: Unisys Stealth
CVE-2020-12052 (Grafana version &lt; 6.7.3 is vulnerable for annotation popup XSS. ...)
- grafana <removed>
CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows remote ...)
@@ -3812,158 +44539,223 @@ CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for certain Linux distributions a
NOTE: The issue is located in the *.spec files used for rpm packaging using insecurely
NOTE: /tmp/sqliteodbc$$. Debian packaging maintainer scripts do not suffer from same
NOTE: issue.
-CVE-2020-12049
- RESERVED
-CVE-2020-12048
- RESERVED
-CVE-2020-12047
- RESERVED
+CVE-2020-12049 (An issue was discovered in dbus &gt;= 1.3.0 before 1.12.18. The DBusSe ...)
+ {DLA-2235-1}
+ - dbus 1.12.18-1
+ [buster] - dbus 1.12.20-0+deb10u1
+ [stretch] - dbus 1.10.32-0+deb9u1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/3
+ NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/294
+ NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5
+ NOTE: Test: https://gitlab.freedesktop.org/dbus/dbus/-/commit/8bc1381819e5a845331650bfa28dacf6d2ac1748
+CVE-2020-12048 (Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hem ...)
+ NOT-FOR-US: Phoenix Hemodialysis Delivery System
+CVE-2020-12047 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), whe ...)
+ NOT-FOR-US: Baxter Spectrum WBM
CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC&#8217;s firmwar ...)
NOT-FOR-US: Opto 22 SoftPAC Project
-CVE-2020-12045
- RESERVED
+CVE-2020-12045 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...)
+ NOT-FOR-US: Baxter Spectrum WBM
CVE-2020-12044
RESERVED
-CVE-2020-12043
- RESERVED
+CVE-2020-12043 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...)
+ NOT-FOR-US: Baxter Spectrum WBM
CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within ...)
NOT-FOR-US: Opto 22 SoftPAC Project
-CVE-2020-12041
- RESERVED
-CVE-2020-12040
- RESERVED
-CVE-2020-12039
- RESERVED
+CVE-2020-12041 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) teln ...)
+ NOT-FOR-US: Baxter Spectrum WBM
+CVE-2020-12040 (Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spec ...)
+ NOT-FOR-US: Sigma Spectrum Infusion System
+CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v' ...)
+ NOT-FOR-US: Baxter
CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
NOT-FOR-US: Rockwell Automation
-CVE-2020-12037
- RESERVED
-CVE-2020-12036
- RESERVED
-CVE-2020-12035
- RESERVED
+CVE-2020-12037 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
+ NOT-FOR-US: Baxter
+CVE-2020-12036 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
+ NOT-FOR-US: Baxter
+CVE-2020-12035 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
+ NOT-FOR-US: Baxter
CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
NOT-FOR-US: Rockwell Automation
-CVE-2020-12033
- RESERVED
-CVE-2020-12032
- RESERVED
-CVE-2020-12031
- RESERVED
-CVE-2020-12030
- RESERVED
-CVE-2020-12029
- RESERVED
-CVE-2020-12028
- RESERVED
-CVE-2020-12027
- RESERVED
+CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all versions, th ...)
+ NOT-FOR-US: Rockwell Automation
+CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
+ NOT-FOR-US: Baxter
+CVE-2020-12031 (In all versions of FactoryTalk View SE, after bypassing memory corrupt ...)
+ NOT-FOR-US: FactoryTalk View SE
+CVE-2020-12030 (There is a flaw in the code used to configure the internal gateway fir ...)
+ NOT-FOR-US: Emerson WirelessHART Gateway
+CVE-2020-12029 (All versions of FactoryTalk View SE do not properly validate input of ...)
+ NOT-FOR-US: FactoryTalk View SE
+CVE-2020-12028 (In all versions of FactoryTalk View SEA remote, an authenticated attac ...)
+ NOT-FOR-US: FactoryTalk View
+CVE-2020-12027 (All versions of FactoryTalk View SE disclose the hostnames and file pa ...)
+ NOT-FOR-US: FactoryTalk View SE
CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
NOT-FOR-US: Advantech WebAccess Node
-CVE-2020-12025
- RESERVED
-CVE-2020-12024
- RESERVED
-CVE-2020-12023
- RESERVED
+CVE-2020-12025 (Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, ...)
+ NOT-FOR-US: Rockwell Automation
+CVE-2020-12024 (Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix ...)
+ NOT-FOR-US: Baxter
+CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, Intel ...)
+ NOT-FOR-US: Philips
CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An i ...)
NOT-FOR-US: Advantech WebAccess Node
-CVE-2020-12021
- RESERVED
-CVE-2020-12020
- RESERVED
-CVE-2020-12019
- RESERVED
+CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous vers ...)
+ NOT-FOR-US: OSIsoft PI Web
+CVE-2020-12020 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix E ...)
+ NOT-FOR-US: Baxter
+CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based ...)
+ NOT-FOR-US: WebAccess Node
CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An o ...)
NOT-FOR-US: Advantech WebAccess Node
-CVE-2020-12017
- RESERVED
-CVE-2020-12016
- RESERVED
-CVE-2020-12015
- RESERVED
+CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmw ...)
+ NOT-FOR-US: GE Grid Solutions Reason RT Clocks
+CVE-2020-12016 (Baxter ExactaMix EM 2400 &amp; EM 1200, Versions ExactaMix EM2400 Vers ...)
+ NOT-FOR-US: Baxter
+CVE-2020-12015 (A specially crafted communication packet sent to the affected systems ...)
+ NOT-FOR-US: Mitsubishi
CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...)
NOT-FOR-US: Advantech WebAccess Node
-CVE-2020-12013
- RESERVED
-CVE-2020-12012
- RESERVED
-CVE-2020-12011
- RESERVED
+CVE-2020-12013 (A specially crafted WCF client that interfaces to the may allow the ex ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-12012 (Baxter ExactaMix EM 2400 &amp; EM 1200, Versions ExactaMix EM2400 Vers ...)
+ NOT-FOR-US: Baxter
+CVE-2020-12011 (A specially crafted communication packet sent to the affected systems ...)
+ NOT-FOR-US: Mitsubishi
CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
NOT-FOR-US: Advantech WebAccess Node
-CVE-2020-12009
- RESERVED
-CVE-2020-12008
- RESERVED
-CVE-2020-12007
- RESERVED
+CVE-2020-12009 (A specially crafted communication packet sent to the affected device c ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
+ NOT-FOR-US: Baxter
+CVE-2020-12007 (A specially crafted communication packet sent to the affected devices ...)
+ NOT-FOR-US: Mitsubishi
CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
NOT-FOR-US: Advantech WebAccess Node
-CVE-2020-12005
- RESERVED
-CVE-2020-12004
- RESERVED
-CVE-2020-12003
- RESERVED
+CVE-2020-12005 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
+ NOT-FOR-US: FactoryTalk
+CVE-2020-12004 (The affected product lacks proper authentication required to query the ...)
+ NOT-FOR-US: Inductive Automation Ignition
+CVE-2020-12003 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
+ NOT-FOR-US: FactoryTalk
CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
NOT-FOR-US: Advantech WebAccess Node
-CVE-2020-12001
- RESERVED
-CVE-2020-12000
- RESERVED
-CVE-2020-11999
- RESERVED
-CVE-2020-11998
- RESERVED
-CVE-2020-11997
- RESERVED
-CVE-2020-11996
- RESERVED
-CVE-2020-11995
- RESERVED
-CVE-2020-11994
- RESERVED
-CVE-2020-11993
- RESERVED
+CVE-2020-12001 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
+ NOT-FOR-US: FactoryTalk
+CVE-2020-12000 (The affected product is vulnerable to the handling of serialized data. ...)
+ NOT-FOR-US: Inductive Automation Ignition
+CVE-2020-11999 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
+ NOT-FOR-US: FactoryTalk
+CVE-2020-11998 (A regression has been introduced in the commit preventing JMX re-bind. ...)
+ - activemq <not-affected> (Only affects 5.15.12)
+ NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt
+CVE-2020-11997 (Apache Guacamole 1.2.0 and earlier do not consistently restrict access ...)
+ - guacamole-client <unfixed>
+ [stretch] - guacamole-client <ignored> (Minor issue; fix intrusive to backport)
+ NOTE: https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E
+ NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-1123
+ NOTE: https://github.com/apache/guacamole-client/pulls?q=is%3Apr+guacamole-1123+is%3Aclosed
+ NOTE: https://github.com/glyptodon/guacamole-client/pull/453
+ NOTE: https://enterprise.glyptodon.com/doc/latest/cve-2020-11997-inconsistent-restriction-of-connection-history-visibility-31424710.html
+ NOTE: https://enterprise.glyptodon.com/doc/1.x/changelog-950368.html#id-.Changelogv1.x-1.14
+CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...)
+ {DSA-4727-1 DLA-2279-1}
+ - tomcat9 9.0.36-1
+ - tomcat8 <removed>
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6
+ NOTE: https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976 (9.0.36)
+ NOTE: https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552 (8.5.56)
+CVE-2020-11995 (A deserialization vulnerability existed in dubbo 2.7.5 and its earlier ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure on Camel ...)
+ NOT-FOR-US: Apache Camel
+CVE-2020-11993 (Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enab ...)
+ {DSA-4757-1}
+ - apache2 2.4.46-1
+ [stretch] - apache2 <ignored> (Too intrusive to backport)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/3
+ NOTE: https://svn.apache.org/r1879642
+ NOTE: https://github.com/apache/httpd/commit/63a0a87efa0925514d15c211b508f6594669888c
CVE-2020-11992
- RESERVED
-CVE-2020-11991
- RESERVED
-CVE-2020-11990
- RESERVED
-CVE-2020-11989
- RESERVED
-CVE-2020-11988
- RESERVED
-CVE-2020-11987
- RESERVED
-CVE-2020-11986
- RESERVED
-CVE-2020-11985
- RESERVED
-CVE-2020-11984
- RESERVED
-CVE-2020-11983
- RESERVED
-CVE-2020-11982
- RESERVED
-CVE-2020-11981
- RESERVED
-CVE-2020-11980
- RESERVED
-CVE-2020-11979
- RESERVED
-CVE-2020-11978
- RESERVED
-CVE-2020-11977
- RESERVED
-CVE-2020-11976
- RESERVED
-CVE-2020-11975
- RESERVED
-CVE-2020-11974
- RESERVED
+ REJECTED
+CVE-2020-11991 (When using the StreamGenerator, the code parse a user-provided XML. A ...)
+ - cocoon <removed>
+CVE-2020-11990 (We have resolved a security issue in the camera plugin that could have ...)
+ NOT-FOR-US: Apache Cordova
+CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...)
+ {DLA-2273-1}
+ - shiro 1.3.2-5 (bug #988728)
+ [bullseye] - shiro 1.3.2-4+deb11u1
+ [buster] - shiro 1.3.2-4+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1
+ NOTE: https://github.com/apache/shiro/pull/211
+ NOTE: https://issues.apache.org/jira/browse/SHIRO-753
+ NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an encoding issue
+ NOTE: which can (security wise) be exploited, resulting in a 1.5.3 release. This
+ NOTE: CVE is closely related to CVE-2020-1957.
+CVE-2020-11988 (Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-sid ...)
+ - xmlgraphics-commons 2.4-2 (bug #984949)
+ [bullseye] - xmlgraphics-commons 2.4-2~deb11u1
+ [buster] - xmlgraphics-commons 2.3-1+deb10u1
+ [stretch] - xmlgraphics-commons <not-affected> (Vulnerable code is not present)
+ NOTE: https://github.com/apache/xmlgraphics-commons/commit/57393912eb87b994c7fed39ddf30fb778a275183
+ NOTE: https://issues.apache.org/jira/browse/XGC-122
+CVE-2020-11987 (Apache Batik 1.13 is vulnerable to server-side request forgery, caused ...)
+ - batik 1.14-1 (bug #984829)
+ [bullseye] - batik <no-dsa> (Minor issue)
+ [buster] - batik <no-dsa> (Minor issue)
+ [stretch] - batik <no-dsa> (Minor issue)
+ NOTE: https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f77772d1110877ea9e0287987098f6
+CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need to be ex ...)
+ - netbeans 12.1-1
+ [stretch] - netbeans <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/2
+CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and mod_rewrite F ...)
+ - apache2 2.4.25-1
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=60251
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11985
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/2
+ NOTE: Upstream patch: https://svn.apache.org/r1688399
+ NOTE: https://github.com/apache/httpd/commit/dd6c959b3625048ee15ba4ad72e6cb7bcaf91020
+CVE-2020-11984 (Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure an ...)
+ {DSA-4757-1 DLA-2362-1}
+ - apache2 2.4.46-1
+ [stretch] - apache2 <not-affected> (Vulnerable code not present)
+ - uwsgi <unfixed> (unimportant)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11984
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/1
+ NOTE: https://svn.apache.org/r1880251
+ NOTE: https://github.com/apache/httpd/commit/0c543e3f5b3881d515d6235f152aacaaaf3aba72
+ NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg}
+ NOTE: packages which are provided by src:apache2 itself.
+CVE-2020-11983 (An issue was found in Apache Airflow versions 1.10.10 and below. It wa ...)
+ - airflow <itp> (bug #819700)
+CVE-2020-11982 (An issue was found in Apache Airflow versions 1.10.10 and below. When ...)
+ - airflow <itp> (bug #819700)
+CVE-2020-11981 (An issue was found in Apache Airflow versions 1.10.10 and below. When ...)
+ - airflow <itp> (bug #819700)
+CVE-2020-11980 (In Karaf, JMX authentication takes place using JAAS and authorization ...)
+ - apache-karaf <itp> (bug #881297)
+CVE-2020-11979 (As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissi ...)
+ - ant 1.10.9-1 (bug #971612)
+ [buster] - ant <not-affected> (Vulnerability not present as CVE-2020-1945 not addressed)
+ [stretch] - ant <not-affected> (Vulnerability not present as CVE-2020-1945 not addressed)
+ NOTE: https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E
+ NOTE: Issue is pesent depending on if CVE-2020-1945 was fixed.
+CVE-2020-11978 (An issue was found in Apache Airflow versions 1.10.10 and below. A rem ...)
+ - airflow <itp> (bug #819700)
+CVE-2020-11977 (In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable ext ...)
+ NOT-FOR-US: Apache Syncope
+CVE-2020-11976 (By crafting a special URL it is possible to make Wicket deliver unproc ...)
+ NOT-FOR-US: Apache Wicket
+CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which offers the ...)
+ NOT-FOR-US: Apache Unomi
+CVE-2020-11974 (In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote co ...)
+ NOT-FOR-US: DolphinScheduler
CVE-2020-11973 (Apache Camel Netty enables Java deserialization by default. Apache Cam ...)
NOT-FOR-US: Apache Camel
CVE-2020-11972 (Apache Camel RabbitMQ enables Java deserialization by default. Apache ...)
@@ -3972,30 +44764,30 @@ CVE-2020-11971 (Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.
NOT-FOR-US: Apache Camel
CVE-2020-11970
REJECTED
-CVE-2020-11969
- RESERVED
-CVE-2020-11968 (In the web-panel in IQrouter through 3.3.1, remote attackers can read ...)
+CVE-2020-11969 (If Apache TomEE is configured to use the embedded ActiveMQ broker, and ...)
+ NOT-FOR-US: Apache TomEE
+CVE-2020-11968 (** DISPUTED ** In the web-panel in IQrouter through 3.3.1, remote atta ...)
NOT-FOR-US: IQrouter
-CVE-2020-11967 (In IQrouter through 3.3.1, remote attackers can control the device (re ...)
+CVE-2020-11967 (** DISPUTED ** In IQrouter through 3.3.1, remote attackers can control ...)
NOT-FOR-US: IQrouter
-CVE-2020-11966 (In IQrouter through 3.3.1, the Lua function reset_password in the web- ...)
+CVE-2020-11966 (** DISPUTED ** In IQrouter through 3.3.1, the Lua function reset_passw ...)
NOT-FOR-US: IQrouter
-CVE-2020-11965 (In IQrouter through 3.3.1, there is a root user without a password, wh ...)
+CVE-2020-11965 (** DISPUTED ** In IQrouter through 3.3.1, there is a root user without ...)
NOT-FOR-US: IQrouter
-CVE-2020-11964 (In IQrouter through 3.3.1, the Lua function diag_set_password in the w ...)
+CVE-2020-11964 (** DISPUTED ** In IQrouter through 3.3.1, the Lua function diag_set_pa ...)
NOT-FOR-US: IQrouter
-CVE-2020-11963 (IQrouter through 3.3.1, when unconfigured, has multiple remote code ex ...)
+CVE-2020-11963 (** DISPUTED ** IQrouter through 3.3.1, when unconfigured, has multiple ...)
NOT-FOR-US: IQrouter
CVE-2020-11962
RESERVED
-CVE-2020-11961
- RESERVED
-CVE-2020-11960
- RESERVED
-CVE-2020-11959
- RESERVED
+CVE-2020-11961 (Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive infor ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-11960 (Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability w ...)
+ NOT-FOR-US: Xiaomi
+CVE-2020-11959 (An unsafe configuration of nginx lead to information leak in Xiaomi ro ...)
+ NOT-FOR-US: Xiaomi
CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/sc ...)
- - re2c <unfixed>
+ - re2c 1.3-2 (bug #963158)
[buster] - re2c <not-affected> (Vulnerability introduced later)
[stretch] - re2c <not-affected> (Vulnerability introduced later)
[jessie] - re2c <not-affected> (Vulnerability introduced later)
@@ -4004,32 +44796,34 @@ CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in pa
NOTE: Vulnerability introduced in: https://github.com/skvadrik/re2c/commit/1edd26a35457c5835afd58b8fa8330d33e7a1192 (1.2)
NOTE: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a#commitcomment-38652070
NOTE: Fixed by: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a
-CVE-2020-11957
- RESERVED
-CVE-2020-11956
- RESERVED
-CVE-2020-11955
- RESERVED
+CVE-2020-11957 (The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4. ...)
+ NOT-FOR-US: Cypress
+CVE-2020-11956 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...)
+ NOT-FOR-US: Rittal PDU-3C002DEC
+CVE-2020-11955 (An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMC ...)
+ NOT-FOR-US: Rittal PDU-3C002DEC
CVE-2020-11954
RESERVED
-CVE-2020-11953
- RESERVED
-CVE-2020-11952
- RESERVED
-CVE-2020-11951
- RESERVED
+CVE-2020-11953 (An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMC ...)
+ NOT-FOR-US: Rittal PDU-3C002DEC
+CVE-2020-11952 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...)
+ NOT-FOR-US: Rittal PDU-3C002DEC
+CVE-2020-11951 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...)
+ NOT-FOR-US: Rittal PDU-3C002DEC
CVE-2020-11950 (VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XX ...)
NOT-FOR-US: VIVOTEK Network Cameras
CVE-2020-11949 (testserver.cgi of the web service on VIVOTEK Network Cameras before XX ...)
NOT-FOR-US: VIVOTEK Network Cameras
CVE-2020-11948
RESERVED
-CVE-2020-11947
- RESERVED
+CVE-2020-11947 (iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buf ...)
+ {DSA-4665-1 DLA-2288-1}
+ - qemu 1:4.2-7
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 (v5.0.0-rc4)
CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...)
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2020-11945 (An issue was discovered in Squid before 5.0.2. A remote attacker can r ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.11-1
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_4.txt
@@ -4043,31 +44837,43 @@ CVE-2020-11942 (An issue was discovered in Open-AudIT 3.2.2. There are Multiple
CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...)
NOT-FOR-US: Open-AudIT
CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...)
- - ndpi <unfixed>
+ - ndpi 3.4-1 (bug #972050)
[buster] - ndpi <not-affected> (Introduced in 3.0)
[stretch] - ndpi <not-affected> (Introduced in 3.0)
[jessie] - ndpi <not-affected> (Introduced in 3.0)
- NOTE: https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435
+ NOTE: https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435 (3.4)
NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi
CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...)
- - ndpi <unfixed>
+ - ndpi 3.4-1 (bug #972050)
[buster] - ndpi <not-affected> (Introduced in 3.0)
[stretch] - ndpi <not-affected> (Introduced in 3.0)
[jessie] - ndpi <not-affected> (Introduced in 3.0)
- NOTE: https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202
+ NOTE: https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202 (3.4)
NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi
CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator ...)
NOT-FOR-US: JetBrains TeamCity
-CVE-2020-11937
- RESERVED
+CVE-2020-11937 (In whoopsie, parse_report() from whoopsie.c allows a local attacker to ...)
+ NOT-FOR-US: Whoopsie
CVE-2020-11936
RESERVED
CVE-2020-11935
RESERVED
-CVE-2020-11934
- RESERVED
-CVE-2020-11933
- RESERVED
+ - aufs <unfixed> (bug #964748)
+ [buster] - aufs <no-dsa> (Minor issue; CONFIG_IMA not enabled in kernel; can be fixed via point release)
+ [stretch] - aufs <ignored> (Minor issue; too many other aufs issues open)
+ NOTE: To exploit the issue CONFIG_IMA in Kernel needs to be enabled.
+ NOTE: linux/4.9.y had the config enabled, but was disabled in later versions
+ NOTE: including linux/4.19.y.
+ NOTE: https://sourceforge.net/p/aufs/mailman/message/37048642/
+ NOTE: https://github.com/sfjro/aufs4-linux/commit/515a586eeef31e0717d5dea21e2c11a965340b3c
+ NOTE: https://github.com/sfjro/aufs4-linux/commit/f10aea57d39d6cd311312e9e7746804f7059b5c8
+CVE-2020-11934 (It was discovered that snapctl user-open allowed altering the $XDG_DAT ...)
+ - snapd 2.45.2-1
+ [buster] - snapd <no-dsa> (Minor issue)
+ [stretch] - snapd <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/snapcore/snapd/commit/06342a31878f1cf99d56da5483e71b9af61f46ad
+CVE-2020-11933 (cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 de ...)
+ NOT-FOR-US: cloud-init in some Ubuntu images
CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu Server logge ...)
NOT-FOR-US: Subiquity installer for Ubuntu
CVE-2020-11931 (An Ubuntu-specific modification to Pulseaudio to provide security medi ...)
@@ -4082,18 +44888,18 @@ CVE-2020-11927
RESERVED
CVE-2020-11926
RESERVED
-CVE-2020-11925
- RESERVED
-CVE-2020-11924
- RESERVED
-CVE-2020-11923
- RESERVED
-CVE-2020-11922
- RESERVED
+CVE-2020-11925 (An issue was discovered in Luvion Grand Elite 3 Connect through 2020-0 ...)
+ NOT-FOR-US: Luvion Grand Elite 3 Connect
+CVE-2020-11924 (An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials ar ...)
+ NOT-FOR-US: WiZ Colors A60
+CVE-2020-11923 (An issue was discovered in WiZ Colors A60 1.14.0. API credentials are ...)
+ NOT-FOR-US: WiZ Colors A60
+CVE-2020-11922 (An issue was discovered in WiZ Colors A60 1.14.0. The device sends unn ...)
+ NOT-FOR-US: WiZ Colors A60
CVE-2020-11921
RESERVED
-CVE-2020-11920
- RESERVED
+CVE-2020-11920 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...)
+ NOT-FOR-US: Svakom Siime Eye
CVE-2020-11919
RESERVED
CVE-2020-11918
@@ -4102,46 +44908,46 @@ CVE-2020-11917
RESERVED
CVE-2020-11916
RESERVED
-CVE-2020-11915
- RESERVED
-CVE-2020-11914
- RESERVED
-CVE-2020-11913
- RESERVED
-CVE-2020-11912
- RESERVED
-CVE-2020-11911
- RESERVED
-CVE-2020-11910
- RESERVED
-CVE-2020-11909
- RESERVED
-CVE-2020-11908
- RESERVED
-CVE-2020-11907
- RESERVED
-CVE-2020-11906
- RESERVED
-CVE-2020-11905
- RESERVED
-CVE-2020-11904
- RESERVED
-CVE-2020-11903
- RESERVED
-CVE-2020-11902
- RESERVED
-CVE-2020-11901
- RESERVED
-CVE-2020-11900
- RESERVED
-CVE-2020-11899
- RESERVED
-CVE-2020-11898
- RESERVED
-CVE-2020-11897
- RESERVED
-CVE-2020-11896
- RESERVED
+CVE-2020-11915 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...)
+ NOT-FOR-US: Svakom Siime Eye
+CVE-2020-11914 (The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11913 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11912 (The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11911 (The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Cont ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11910 (The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Rea ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11909 (The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11908 (The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11907 (The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Par ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11906 (The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Inte ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11905 (The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11904 (The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11903 (The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11902 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling O ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11901 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution vi ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11900 (The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Fr ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11899 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11898 (The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMP ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11897 (The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
+CVE-2020-11896 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, r ...)
+ NOT-FOR-US: Treck TCP/IP stack / Cisco
CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) i ...)
- ming <removed>
NOTE: https://github.com/libming/libming/issues/197
@@ -4159,16 +44965,16 @@ CVE-2020-11890 (An issue was discovered in Joomla! before 3.9.17. Improper input
CVE-2020-11889 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...)
NOT-FOR-US: Joomla!
CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names are mi ...)
- - python-markdown2 <unfixed> (bug #959445)
- [buster] - python-markdown2 <no-dsa> (Minor issue)
- NOTE: https://github.com/trentm/python-markdown2/issues/348
+ - python-markdown2 2.3.9-1 (bug #959445)
+ [buster] - python-markdown2 2.3.7-2+deb10u1
+ NOTE: https://github.com/trentm/python-markdown2/issues/348
CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an ...)
NOT-FOR-US: svg2png
CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...)
- NOT-FOR-US: OpenNMS
+ - opennms <itp> (bug #450615)
CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...)
NOT-FOR-US: WSO2 Enterprise Integrator
-CVE-2020-11884 (In the Linux kernel through 5.6.7 on the s390 platform, code execution ...)
+CVE-2020-11884 (In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code exec ...)
{DSA-4667-1}
- linux 5.6.7-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
@@ -4176,17 +44982,17 @@ CVE-2020-11884 (In the Linux kernel through 5.6.7 on the s390 platform, code exe
NOTE: https://git.kernel.org/linus/316ec154810960052d4586b634156c54d0778f74
CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...)
NOT-FOR-US: Divante vue-storefront-api
-CVE-2020-11882
- RESERVED
-CVE-2020-11881
- RESERVED
+CVE-2020-11882 (The O2 Business application 1.2.0 for Android exposes the canvasm.myo2 ...)
+ NOT-FOR-US: O2 Business
+CVE-2020-11881 (An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7 ...)
+ NOT-FOR-US: MikroTik RouterOS
CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...)
- - kmail <unfixed> (bug #958054)
+ - kmail 4:20.04.1-1 (bug #958054)
[buster] - kmail <no-dsa> (Minor issue)
- kdepim <removed>
[stretch] - kdepim <no-dsa> (Minor issue)
[jessie] - kdepim <no-dsa> (Minor issue)
- NOTE: https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1
+ NOTE: https://github.com/KDE/kmail/commit/2a348eccd352260f192d9b449492071bbf2b34b1
CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By using th ...)
- evolution 3.36.0-1
[buster] - evolution <no-dsa> (Minor issue)
@@ -4231,8 +45037,11 @@ CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an o
NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5deb5269ieF1tee6Mp3UJyZOk8DB-Q
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1716665
NOTE: https://gitlab.com/NTPsec/ntpsec/issues/651
-CVE-2020-11867
- RESERVED
+CVE-2020-11867 (Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USE ...)
+ - audacity 2.4.2~dfsg0-4 (bug #976874)
+ [buster] - audacity <no-dsa> (Minor issue)
+ [stretch] - audacity <no-dsa> (Minor issue)
+ NOTE: https://github.com/audacity/audacity/pull/700
CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-aft ...)
- libemf 1.0.12-1
[buster] - libemf <no-dsa> (Minor issue)
@@ -4247,76 +45056,76 @@ CVE-2020-11863 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows den
[buster] - libemf <no-dsa> (Minor issue)
CVE-2020-11862
RESERVED
-CVE-2020-11861
- RESERVED
-CVE-2020-11860
- RESERVED
+CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Micro Foc ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11860 (Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger prod ...)
+ NOT-FOR-US: Micro Focus
CVE-2020-11859
RESERVED
-CVE-2020-11858
- RESERVED
-CVE-2020-11857
- RESERVED
-CVE-2020-11856
- RESERVED
-CVE-2020-11855
- RESERVED
-CVE-2020-11854
- RESERVED
-CVE-2020-11853
- RESERVED
-CVE-2020-11852
- RESERVED
-CVE-2020-11851
- RESERVED
+CVE-2020-11858 (Code execution with escalated privileges vulnerability in Micro Focus ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11857 (An Authorization Bypass vulnerability on Micro Focus Operation Bridge ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11856 (Arbitrary code execution vulnerability on Micro Focus Operation Bridge ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11855 (An Authorization Bypass vulnerability on Micro Focus Operation Bridge ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11854 (Arbitrary code execution vlnerability in Operation bridge Manager, App ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11853 (Arbitrary code execution vulnerability affecting multiple Micro Focus ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure Messaging ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11851 (Arbitrary code execution vulnerability on Micro Focus ArcSight Logger ...)
+ NOT-FOR-US: Micro Focus
CVE-2020-11850
RESERVED
-CVE-2020-11849
- RESERVED
-CVE-2020-11848
- RESERVED
+CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Management Cen ...)
+ NOT-FOR-US: Micro Focus
CVE-2020-11847
RESERVED
CVE-2020-11846
RESERVED
CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11844 (There is an Incorrect Authorization vulnerability in Micro Focus Servi ...)
+CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container Deploym ...)
NOT-FOR-US: Micro Focus
CVE-2020-11843
RESERVED
CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...)
NOT-FOR-US: Micro Focus
-CVE-2020-11841
- RESERVED
-CVE-2020-11840
- RESERVED
-CVE-2020-11839
- RESERVED
-CVE-2020-11838
- RESERVED
+CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11840 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11839 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logge ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11838 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Manag ...)
+ NOT-FOR-US: Micro Focus
CVE-2020-11837
RESERVED
-CVE-2020-11836
- RESERVED
-CVE-2020-11835
- RESERVED
-CVE-2020-11834
- RESERVED
-CVE-2020-11833
- RESERVED
-CVE-2020-11832
- RESERVED
-CVE-2020-11831
- RESERVED
-CVE-2020-11830
- RESERVED
-CVE-2020-11829
- RESERVED
+CVE-2020-11836 (OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions h ...)
+ NOT-FOR-US: OPPO Android Phone
+CVE-2020-11835 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_d ...)
+ NOT-FOR-US: oppo
+CVE-2020-11834 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the ...)
+ NOT-FOR-US: oppo
+CVE-2020-11833 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_m ...)
+ NOT-FOR-US: oppo
+CVE-2020-11832 (In functions charging_limit_current_write and charging_limit_time_writ ...)
+ NOT-FOR-US: oppo
+CVE-2020-11831 (OvoiceManager has system permission to write vulnerability reports for ...)
+ NOT-FOR-US: OvoiceManager
+CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system command ...)
+ NOT-FOR-US: QualityProtect
+CVE-2020-11829 (Dynamic loading of services in the backup and restore SDK leads to ele ...)
+ NOT-FOR-US: com.coloros.codebook (oppo.com)
CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...)
NOT-FOR-US: ColorOS
-CVE-2020-11827
- RESERVED
+CVE-2020-11827 (In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak fi ...)
+ NOT-FOR-US: GOG Galaxy client
CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...)
NOT-FOR-US: Memono
CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...)
@@ -4351,7 +45160,7 @@ CVE-2020-11811 (In qdPM 9.1, an attacker can upload a malicious .php file to the
NOT-FOR-US: qdPM
CVE-2020-11810 (An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ...)
- openvpn 2.4.9-1 (low)
- [buster] - openvpn <no-dsa> (Minor issue)
+ [buster] - openvpn 2.4.7-1+deb10u1
[stretch] - openvpn <no-dsa> (Minor issue)
[jessie] - openvpn <no-dsa> (Minor issue)
NOTE: https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab
@@ -4363,24 +45172,29 @@ CVE-2020-11807 (Because of Unrestricted Upload of a File with a Dangerous Type,
NOT-FOR-US: Sourcefabric Newscoop
CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...)
NOT-FOR-US: MailStore Outlook Add-in
-CVE-2020-11805
- RESERVED
-CVE-2020-11804
- RESERVED
-CVE-2020-11803
- RESERVED
+CVE-2020-11805 (Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Acc ...)
+ NOT-FOR-US: Pexip Reverse Proxy and TURN Server
+CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to improper sanit ...)
+ NOT-FOR-US: Titan SpamTitan
+CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...)
+ NOT-FOR-US: Titan SpamTitan
CVE-2020-11802
RESERVED
CVE-2020-11801
RESERVED
-CVE-2020-11800
- RESERVED
+CVE-2020-11800 (Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote att ...)
+ {DLA-2461-1}
+ - zabbix 1:4.0.0+dfsg-1
+ NOTE: https://support.zabbix.com/browse/DEV-1538
+ NOTE: https://support.zabbix.com/browse/ZBX-17600
+ NOTE: https://support.zabbix.com/browse/ZBXSEC-30 (not public)
+ NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/85453e04656fc7bd8a6790f5295d79410101745c
CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...)
NOT-FOR-US: Z-Cron
-CVE-2020-11798
- RESERVED
-CVE-2020-11797
- RESERVED
+CVE-2020-11798 (A Directory Traversal vulnerability in the web conference component of ...)
+ NOT-FOR-US: Mitel
+CVE-2020-11797 (An Authentication Bypass vulnerability in the Published Area of the we ...)
+ NOT-FOR-US: Mitel
CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...)
NOT-FOR-US: JetBrains Space
CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was ...)
@@ -4445,60 +45259,74 @@ CVE-2020-11769 (Certain NETGEAR devices are affected by stored XSS. This affects
CVE-2020-11768 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...)
NOT-FOR-US: Netgear
CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. I ...)
- NOT-FOR-US: itsio
+ NOT-FOR-US: Istio
CVE-2020-11766 (sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web I ...)
NOT-FOR-US: iFAX AvantFAX
CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...)
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- - openexr <unfixed> (bug #959444)
- [jessie] - openexr <no-dsa> (Minor issue)
+ - openexr 2.5.3-2 (bug #959444)
+ [jessie] - openexr <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0)
CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- - openexr <unfixed> (bug #959444)
+ - openexr 2.5.3-2 (bug #959444)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6bad53af7eebed507564dd5fc90320e4c6a6c0bc
CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...)
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- - openexr <unfixed> (bug #959444)
+ - openexr 2.5.3-2 (bug #959444)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
- NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/643/commits/d0303d1785d2a8cb994efee9efa81f8ee4be4c17
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3
CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- - openexr <unfixed> (bug #959444)
- [jessie] - openexr <no-dsa> (Minor issue)
+ - openexr 2.5.3-2 (bug #959444)
+ [jessie] - openexr <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0)
CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- - openexr <unfixed> (bug #959444)
+ - openexr 2.5.3-2 (bug #959444)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/801272c9bf8b84a66c62f1e8a4490ece81da6a56
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/43cd3ad47d53356da6ae2e983e47c8313aebf72e
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ea3349896d4a8a3b523e8f3b830334a85240b1e6
CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- - openexr <unfixed> (bug #959444)
+ - openexr 2.5.3-2 (bug #959444)
[jessie] - openexr <no-dsa> (Minor issue)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3
CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...)
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- - openexr <unfixed> (bug #959444)
- [jessie] - openexr <no-dsa> (Minor issue)
+ - openexr 2.5.3-2 (bug #959444)
+ [jessie] - openexr <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b9997d0c045fa01af3d2e46e1a74b07cc4519446
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/acad98d6d3e787f36012a3737c23c42c7f43a00f
- TODO: check completeness for upstream commits to cover CVE-2020-11759
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0)
CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...)
+ {DSA-4755-1 DLA-2358-1}
[experimental] - openexr 2.5.0-1
- - openexr <unfixed> (bug #959444)
- [jessie] - openexr <no-dsa> (Minor issue)
+ - openexr 2.5.3-2 (bug #959444)
+ [jessie] - openexr <not-affected> (SSE support introduced in v2.0)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/7a52d40ae23c148f27116cb1f6e897b9143b372c
CVE-2020-11757
@@ -4517,8 +45345,8 @@ CVE-2020-11751
RESERVED
CVE-2020-11750
RESERVED
-CVE-2020-11749
- RESERVED
+CVE-2020-11749 (Pandora FMS 7.0 NG &lt;= 746 suffers from Multiple XSS vulnerabilities ...)
+ NOT-FOR-US: Pandora FMS
CVE-2020-11748
RESERVED
CVE-2020-11747
@@ -4530,32 +45358,32 @@ CVE-2020-11745
CVE-2020-11744
RESERVED
CVE-2020-11743 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...)
+ {DSA-4723-1}
- xen 4.11.4-1
- [buster] - xen <postponed> (Can be fixed along in future Xen DSA)
[stretch] - xen <end-of-life> (DSA 4602-1)
[jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-316.html
CVE-2020-11742 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...)
+ {DSA-4723-1}
- xen 4.11.4-1
- [buster] - xen <postponed> (Can be fixed along in future Xen DSA)
[stretch] - xen <end-of-life> (DSA 4602-1)
[jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-318.html
CVE-2020-11741 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...)
+ {DSA-4723-1}
- xen 4.11.4-1
- [buster] - xen <postponed> (Can be fixed along in future Xen DSA)
[stretch] - xen <end-of-life> (DSA 4602-1)
[jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-313.html
CVE-2020-11740 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...)
+ {DSA-4723-1}
- xen 4.11.4-1
- [buster] - xen <postponed> (Can be fixed along in future Xen DSA)
[stretch] - xen <end-of-life> (DSA 4602-1)
[jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-313.html
CVE-2020-11739 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...)
+ {DSA-4723-1}
- xen 4.11.4-1
- [buster] - xen <postponed> (Can be fixed along in future Xen DSA)
[stretch] - xen <end-of-life> (DSA 4602-1)
[jessie] - xen <end-of-life> (Not supported in jessie LTS)
NOTE: https://xenbits.xen.org/xsa/advisory-314.html
@@ -4563,16 +45391,19 @@ CVE-2020-11738 (The Snap Creek Duplicator plugin before 1.3.28 for WordPress (an
NOT-FOR-US: Snap Creek Duplicator plugin for WordPress
CVE-2020-11737 (A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 ...)
NOT-FOR-US: Zimbra
-CVE-2020-11735
- RESERVED
+CVE-2020-11735 (The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use ...)
+ - wolfssl 4.4.0+dfsg-1
+ NOTE: https://github.com/wolfSSL/wolfssl/commit/1de07da61f0c8e9926dcbd68119f73230dae283f
CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...)
{DLA-2180-1}
- file-roller 3.36.2-1 (bug #956638)
+ [buster] - file-roller 3.30.1-2+deb10u1
+ [stretch] - file-roller 3.22.3-1+deb9u2
NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0
CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...)
NOT-FOR-US: CyberSolutions CyberMail
-CVE-2020-11733
- RESERVED
+CVE-2020-11733 (An issue was discovered on Spirent TestCenter and Avalanche appliance ...)
+ NOT-FOR-US: Spirent
CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...)
NOT-FOR-US: Media Library Assistant plugin for WordPress
CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...)
@@ -4594,16 +45425,19 @@ CVE-2020-11727 (A cross-site scripting (XSS) vulnerability in the AlgolPlus Adva
CVE-2020-11726
RESERVED
CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...)
- - nginx <unfixed>
- NOTE: Patch: https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch
- TODO: check details (patch applies to src:ngnix, but check if issue is specific to OpenResty before 1.15.8.4)
+ {DSA-4750-1 DLA-2283-1}
+ - nginx 1.18.0-5 (bug #964950)
+ NOTE: https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa (ngx_lua 0.10.17, with tests)
+ NOTE: https://github.com/openresty/openresty/commit/4e8b4c395f842a078e429c80dd063b2323999957 (ngx_lua 0.10.15)
+ NOTE: nginx packages include ngx_lua in debian/modules/
CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux k ...)
- - linux <unfixed>
+ - linux <unfixed> (unimportant)
NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400
+ NOTE: Disputed security-impact across the kernel community
CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys ...)
NOT-FOR-US: Cellebrite UFED
CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...)
- - crawl <unfixed> (bug #958232)
+ - crawl 2:0.25.0-1 (bug #958232)
[buster] - crawl <no-dsa> (Minor issue)
[stretch] - crawl <no-dsa> (Minor issue)
[jessie] - crawl <no-dsa> (Minor issue)
@@ -4611,19 +45445,24 @@ CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows
NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...)
- - libsixel <unfixed> (low)
+ - libsixel 1.10.3-1 (low; bug #972641)
+ [bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/134
-CVE-2020-11720
- RESERVED
-CVE-2020-11719
- RESERVED
-CVE-2020-11718
- RESERVED
-CVE-2020-11717
- RESERVED
+ NOTE: https://github.com/libsixel/libsixel/issues/9
+ NOTE: https://github.com/libsixel/libsixel/pull/10
+ NOTE: https://github.com/libsixel/libsixel/commit/e71aacc97b5f756948b13c1228877d29395c7b55 (v1.9.0)
+ NOTE: Since 1.10.3-1 the Debian package moved from https://github.com/saitoha/libsixel to https://github.com/libsixel/libsixel fork
+CVE-2020-11720 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)
+ NOT-FOR-US: Programi Bilanc
+CVE-2020-11719 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)
+ NOT-FOR-US: Programi Bilanc
+CVE-2020-11718 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...)
+ NOT-FOR-US: Programi Bilanc
+CVE-2020-11717 (An issue was discovered in Programi 014 31.01.2020. It has multiple SQ ...)
+ NOT-FOR-US: Programi
CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices throu ...)
NOT-FOR-US: Panasonic
CVE-2020-11715 (Panasonic P99 devices through 2020-04-10 have Incorrect Access Control ...)
@@ -4640,9 +45479,7 @@ CVE-2020-11711
CVE-2020-11710 (** DISPUTED ** An issue was discovered in docker-kong (for Kong) throu ...)
NOT-FOR-US: docker-kong
CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...)
- - chromium <unfixed>
- [stretch] - chromium <end-of-life> (see DSA 4562)
- NOTE: Chromium embeds cpp-httplib
+ NOT-FOR-US: cpp-httplip
NOTE: https://github.com/yhirose/cpp-httplib/issues/425
CVE-2020-11708 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
NOT-FOR-US: ProVide (formerly zFTPServer)
@@ -4660,16 +45497,16 @@ CVE-2020-11702 (An issue was discovered in ProVide (formerly zFTPServer) through
NOT-FOR-US: ProVide (formerly zFTPServer)
CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...)
NOT-FOR-US: ProVide (formerly zFTPServer)
-CVE-2020-11700
- RESERVED
-CVE-2020-11699
- RESERVED
-CVE-2020-11698
- RESERVED
-CVE-2020-11697
- RESERVED
-CVE-2020-11696
- RESERVED
+CVE-2020-11700 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...)
+ NOT-FOR-US: Titan SpamTitan
+CVE-2020-11699 (An issue was discovered in Titan SpamTitan 7.07. Improper validation o ...)
+ NOT-FOR-US: Titan SpamTitan
+CVE-2020-11698 (An issue was discovered in Titan SpamTitan 7.07. Improper input saniti ...)
+ NOT-FOR-US: Titan SpamTitan
+CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a reflective XSS ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a stored XS ...)
+ NOT-FOR-US: Combodo iTop
CVE-2020-11695
RESERVED
CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarizatio ...)
@@ -4692,18 +45529,18 @@ CVE-2020-11686 (In JetBrains TeamCity before 2019.1.4, a project administrator w
NOT-FOR-US: JetBrains TeamCity
CVE-2020-11685 (In JetBrains GoLand before 2019.3.2, the plugin repository was accesse ...)
NOT-FOR-US: JetBrains GoLand
-CVE-2020-11684
- RESERVED
-CVE-2020-11683
- RESERVED
-CVE-2020-11682
- RESERVED
-CVE-2020-11681
- RESERVED
-CVE-2020-11680
- RESERVED
-CVE-2020-11679
- RESERVED
+CVE-2020-11684 (AT91bootstrap before 3.9.2 does not properly wipe encryption and authe ...)
+ NOT-FOR-US: Microchip AT91bootstrap
+CVE-2020-11683 (A timing side channel was discovered in AT91bootstrap before 3.9.2. It ...)
+ NOT-FOR-US: Microchip AT91bootstrap
+CVE-2020-11682 (Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing ...)
+ NOT-FOR-US: Castel NextGen DVR
+CVE-2020-11681 (Castel NextGen DVR v1.0.0 stores and displays credentials for the asso ...)
+ NOT-FOR-US: Castel NextGen DVR
+CVE-2020-11680 (Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all ...)
+ NOT-FOR-US: Castel NextGen DVR
+CVE-2020-11679 (Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation throug ...)
+ NOT-FOR-US: Castel NextGen DVR
CVE-2020-11678
RESERVED
CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). ...)
@@ -4730,6 +45567,7 @@ CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the po
NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0
NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1
CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.17-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
@@ -4762,13 +45600,15 @@ CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a u
NOTE: https://www.sqlite.org/src/info/b64674919f673602
NOTE: Negliglible security impact (and uncovered in DEBUG build)
CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...)
- {DLA-2203-1}
+ {DLA-2340-1 DLA-2203-1}
- sqlite3 3.31.1-5
- [buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <not-affected> (Introduced/exploitable in 3.30 with 3251a2031bfd29f338a5fda1a08c18878296d354)
NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c
NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed
NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11
+ NOTE: https://github.com/sqlite/sqlite/commit/3251a2031bfd29f338a5fda1a08c18878296d354
+ NOTE: https://github.com/sqlite/sqlite/commit/c415d91007e1680e4eb17def583b202c3c83c718
+ NOTE: https://github.com/sqlite/sqlite/commit/4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae
CVE-2020-11654
RESERVED
CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...)
@@ -4787,57 +45627,56 @@ CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 30
{DSA-4676-2 DSA-4676-1 DLA-2223-1}
- salt 3000.2+dfsg1-1 (bug #959684)
NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst
- NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7
- NOTE: Followup needed: https://github.com/saltstack/salt/commit/78172bf647473d5c1c2720e72fc12d6f2314d583
- NOTE: There is a typo in the whitelisted methods on AESFuncs:
- NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue
- NOTE: Regression bugreport: https://github.com/saltstack/salt/issues/57016
- NOTE: https://github.com/saltstack/salt/issues/57027
+ NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7 (v3000.2)
+ NOTE: Regression: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/cea28c850f7562fd3b869a1bbcc95050ab19e0f1 (v3000.3)
+ NOTE: See also https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2020/04/14/
CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...)
NOT-FOR-US: FreeNAS
CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...)
- - gitlab <unfixed>
+ [experimental] - gitlab 12.9.3+dfsg-1
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
CVE-2020-11648
RESERVED
CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...)
+ {DLA-2547-1}
- wireshark 3.2.3-1 (low; bug #958213)
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
- [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
+ [buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <postponed> (Minor, can be fixed along in a future update)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html
-CVE-2020-11646
- RESERVED
-CVE-2020-11645
- RESERVED
-CVE-2020-11644
- RESERVED
-CVE-2020-11643
- RESERVED
-CVE-2020-11642
- RESERVED
-CVE-2020-11641
- RESERVED
+CVE-2020-11646 (A log information disclosure vulnerability in B&amp;R GateManager 4260 ...)
+ NOT-FOR-US: B&R GateManager
+CVE-2020-11645 (A denial of service vulnerability in B&amp;R GateManager 4260 and 9250 ...)
+ NOT-FOR-US: B&R GateManager
+CVE-2020-11644 (The information disclosure vulnerability present in B&amp;R GateManage ...)
+ NOT-FOR-US: B&R GateManager
+CVE-2020-11643 (An information disclosure vulnerability in B&amp;R GateManager 4260 an ...)
+ NOT-FOR-US: B&R GateManager
+CVE-2020-11642 (The local file inclusion vulnerability present in B&amp;R SiteManager ...)
+ NOT-FOR-US: B&R SiteManager
+CVE-2020-11641 (A local file inclusion vulnerability in B&amp;R SiteManager versions & ...)
+ NOT-FOR-US: B&R GateManager
CVE-2020-11640
RESERVED
CVE-2020-11639
RESERVED
CVE-2020-11638
RESERVED
-CVE-2020-11637
- RESERVED
+CVE-2020-11637 (A memory leak in the TFTP service in B&amp;R Automation Runtime versio ...)
+ NOT-FOR-US: B&R Automation Runtime
CVE-2020-11636
RESERVED
-CVE-2020-11635
- RESERVED
-CVE-2020-11634
- RESERVED
-CVE-2020-11633
- RESERVED
-CVE-2020-11632
- RESERVED
+CVE-2020-11635 (The Zscaler Client Connector prior to 3.1.0 did not sufficiently valid ...)
+ NOT-FOR-US: Zscaler Client Connector
+CVE-2020-11634 (The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL ...)
+ NOT-FOR-US: Zscaler Client Connector
+CVE-2020-11633 (The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack ...)
+ NOT-FOR-US: Zscaler Client Connector for Windows
+CVE-2020-11632 (The Zscaler Client Connector prior to 2.1.2.150 did not quote the sear ...)
+ NOT-FOR-US: Zscaler Client Connector
CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
NOT-FOR-US: EJBCA / PrimeKey
CVE-2020-11630 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
@@ -4850,45 +45689,46 @@ CVE-2020-11627 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before
NOT-FOR-US: EJBCA / PrimeKey
CVE-2020-11626 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...)
NOT-FOR-US: EJBCA / PrimeKey
-CVE-2020-11625
- RESERVED
-CVE-2020-11624
- RESERVED
-CVE-2020-11623
- RESERVED
-CVE-2020-11622
- RESERVED
+CVE-2020-11625 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...)
+ NOT-FOR-US: AvertX
+CVE-2020-11624 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...)
+ NOT-FOR-US: AvertX
+CVE-2020-11623 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...)
+ NOT-FOR-US: AvertX
+CVE-2020-11622 (A vulnerability exists in Arista&#8217;s Cloud EOS VM / vEOS 4.23.2M a ...)
+ NOT-FOR-US: Cloud EOS
CVE-2020-11621
RESERVED
CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2179-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2682
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2179-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2680
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-11618
- RESERVED
-CVE-2020-11617
- RESERVED
-CVE-2020-11616
- RESERVED
-CVE-2020-11615
- RESERVED
-CVE-2020-11614
- RESERVED
-CVE-2020-11613
- RESERVED
+CVE-2020-11618 (THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top b ...)
+ NOT-FOR-US: THOMSON
+CVE-2020-11617 (The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA ...)
+ NOT-FOR-US: THOMSON
+CVE-2020-11616 (NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contai ...)
+ NOT-FOR-US: NVIDIA DGX servers
+CVE-2020-11615 (NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contai ...)
+ NOT-FOR-US: NVIDIA DGX servers
+CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as w ...)
+ NOT-FOR-US: Mids' Reborn Hero Designer
+CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...)
+ NOT-FOR-US: Mids' Reborn Hero Designer
CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...)
+ {DSA-4885-1 DLA-2364-1}
- netty 1:4.1.48-1
[jessie] - netty <ignored> (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API)
NOTE: https://github.com/netty/netty/issues/6168
@@ -4899,10 +45739,12 @@ CVE-2020-11611 (An issue was discovered in xdLocalStorage through 2.0.5. The bui
CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The postData( ...)
NOT-FOR-US: xdLocalStorage
CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.17-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205
CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.17-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30
@@ -4952,18 +45794,18 @@ CVE-2020-11586 (An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 20190
NOT-FOR-US: CIPPlanner
CVE-2020-11585 (There is an information disclosure issue in DNN (formerly DotNetNuke) ...)
NOT-FOR-US: DNN (formerly DotNetNuke)
-CVE-2020-11584
- RESERVED
-CVE-2020-11583
- RESERVED
+CVE-2020-11584 (A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows r ...)
+ NOT-FOR-US: Plesk Onyx
+CVE-2020-11583 (A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allo ...)
+ NOT-FOR-US: Plesk Obsidian
CVE-2020-11582 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2020-11581 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2020-11580 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
-CVE-2020-11579
- RESERVED
+CVE-2020-11579 (An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. instal ...)
+ NOT-FOR-US: Chadha PHPKB
CVE-2020-11578
RESERVED
CVE-2020-11577
@@ -4991,7 +45833,7 @@ CVE-2020-11567
CVE-2020-11566
RESERVED
CVE-2020-11565 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.6 ...)
- {DSA-4667-1}
+ {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.17-1
NOTE: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd
CVE-2020-11564
@@ -5007,11 +45849,14 @@ CVE-2020-11560 (NCH Express Invoice 7.25 allows local users to discover the clea
CVE-2020-11559
RESERVED
CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...)
- - gpac <undetermined>
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
+ [buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+ [stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
[jessie] - gpac <not-affected> (Vulnerable code not present and not reproducible)
- NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c
NOTE: https://github.com/gpac/gpac/issues/1440
- TODO: check
+ NOTE: Introduced by: https://github.com/gpac/gpac/commit/3f1564c43825e052a5d53cbb4c8a242abdf603b4 (v0.9.0-preview)
+ NOTE: and https://github.com/gpac/gpac/commit/526bc968451e1ec83386c93f2c1f5a74ac65e649 (v0.9.0-preview)
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c (v0.9.0-preview~20)
CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
NOT-FOR-US: Castle Rock SNMPc
CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
@@ -5022,8 +45867,8 @@ CVE-2020-11554 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 bef
NOT-FOR-US: Castle Rock SNMPc
CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...)
NOT-FOR-US: Castle Rock SNMPc
-CVE-2020-11552
- RESERVED
+CVE-2020-11552 (An elevation of privilege vulnerability exists in ManageEngine ADSelfS ...)
+ NOT-FOR-US: ManageEngine
CVE-2020-11551 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...)
NOT-FOR-US: Netgear
CVE-2020-11550 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...)
@@ -5034,13 +45879,13 @@ CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user
NOT-FOR-US: Search Meter plugin for WordPress
CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...)
NOT-FOR-US: PRTG Network Monitor
-CVE-2020-11546
- RESERVED
+CVE-2020-11546 (SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution ...)
+ NOT-FOR-US: SuperWebMailer
CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to multiple ...)
NOT-FOR-US: Project Worlds Official Car Rental System 1
CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...)
NOT-FOR-US: Project Worlds Official Car Rental System 1
-CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with the pa ...)
+CVE-2020-11543 (OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the pa ...)
NOT-FOR-US: OpsRamp Gateway
CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...)
NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices
@@ -5050,8 +45895,12 @@ CVE-2020-11540
RESERVED
CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It ...)
NOT-FOR-US: Tata Sonata Smart SF Rush 1.12 devices
-CVE-2020-11538
- RESERVED
+CVE-2020-11538 (In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ...)
+ - pillow 7.2.0-1 (low)
+ [buster] - pillow 5.4.1-2+deb10u2
+ [stretch] - pillow <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/python-pillow/Pillow/pull/4504
+ NOTE: https://github.com/python-pillow/Pillow/pull/4538
CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5 ...)
NOT-FOR-US: ONLYOFFICE Document Server
CVE-2020-11536 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...)
@@ -5068,59 +45917,59 @@ CVE-2020-11531 (The DataEngine Xnode Server application in Zoho ManageEngine Dat
NOT-FOR-US: Zoho ManageEngine DataSecurity Plus
CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider 3, a Wor ...)
NOT-FOR-US: Chop Slider 3 WordPress plugin
-CVE-2020-11529 (Common/Grav.php in Grav before 1.6.23 has an Open Redirect. ...)
+CVE-2020-11529 (Common/Grav.php in Grav before 1.7 has an Open Redirect. This is parti ...)
NOT-FOR-US: Grav CMS
CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) ...)
NOT-FOR-US: bit2spr
CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...)
NOT-FOR-US: Zoho
CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions &gt; 1.1 through 2.0.0-rc ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012
CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions &gt; 1.0 through 2.0.0-r ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e
CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions &gt; 1.0 through 2. ...)
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw
NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820
CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions &gt; 1.0 through 2.0.0-rc4 ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e
CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP &gt; 1.0 through 2.0.0-rc4 has an Out- ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b
CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version &gt; 1.0 through 2.0.0-rc ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
- [buster] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845
-CVE-2020-11520
- RESERVED
-CVE-2020-11519
- RESERVED
+CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...)
+ NOT-FOR-US: WinMagic SecureDoc
+CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...)
+ NOT-FOR-US: WinMagic SecureDoc
CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticate ...)
NOT-FOR-US: Zoho
CVE-2020-11517
@@ -5135,10 +45984,11 @@ CVE-2020-11513
RESERVED
CVE-2020-11512 (Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 ...)
NOT-FOR-US: IMPress for IDX Broker WordPress plugin
-CVE-2020-11511
- RESERVED
+CVE-2020-11511 (The LearnPress plugin before 3.2.6.9 for WordPress allows remote attac ...)
+ NOT-FOR-US: LearnPress plugin for WordPress
CVE-2020-11510
RESERVED
+ NOT-FOR-US: LearnPress plugin for WordPress
CVE-2020-11509 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...)
NOT-FOR-US: WP Lead Plus X plugin for WordPress
CVE-2020-11508 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...)
@@ -5146,15 +45996,16 @@ CVE-2020-11508 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 f
CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0. ...)
NOT-FOR-US: Malwarebytes AdwCleaner
CVE-2020-11506 (An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A W ...)
- - gitlab <unfixed>
+ [experimental] - gitlab 12.9.3+dfsg-1
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
CVE-2020-11505 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
- gitlab <not-affected> (Only affects GitLab EE 12.8.0 and later)
NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/
CVE-2020-11504
RESERVED
-CVE-2020-11503
- RESERVED
+CVE-2020-11503 (A heap-based buffer overflow in the awarrensmtp component of Sophos XG ...)
+ NOT-FOR-US: Sophos
CVE-2020-11502
RESERVED
CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for vi ...)
@@ -5163,38 +46014,39 @@ CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS wh
NOT-FOR-US: Firmware Analysis and Comparison Tool
CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerability that ...)
NOT-FOR-US: Slack Nebula
-CVE-2020-11497
- RESERVED
-CVE-2020-11496
- RESERVED
+CVE-2020-11497 (An issue was discovered in the NAB Transact extension 2.1.0 for the Wo ...)
+ NOT-FOR-US: NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress
+CVE-2020-11496 (Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers ...)
+ NOT-FOR-US: Sprecher SPRECON-E firmware
CVE-2020-11495
REJECTED
CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.17-1
[buster] - linux 4.19.118-1
NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/
-CVE-2020-11493
- RESERVED
-CVE-2020-11492
- RESERVED
+CVE-2020-11493 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...)
+ NOT-FOR-US: Foxit
+CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. ...)
+ NOT-FOR-US: Docker Desktop on Windows
CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...)
NOT-FOR-US: Zen Load Balancer
CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...)
NOT-FOR-US: Zen Load Balancer
-CVE-2020-11489
- RESERVED
-CVE-2020-11488
- RESERVED
-CVE-2020-11487
- RESERVED
-CVE-2020-11486
- RESERVED
-CVE-2020-11485
- RESERVED
-CVE-2020-11484
- RESERVED
-CVE-2020-11483
- RESERVED
+CVE-2020-11489 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...)
+ NOT-FOR-US: NVIDIA DGX servers
+CVE-2020-11488 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...)
+ NOT-FOR-US: NVIDIA DGX servers
+CVE-2020-11487 (NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. ...)
+ NOT-FOR-US: NVIDIA DGX servers
+CVE-2020-11486 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...)
+ NOT-FOR-US: NVIDIA DGX servers
+CVE-2020-11485 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...)
+ NOT-FOR-US: NVIDIA DGX servers
+CVE-2020-11484 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...)
+ NOT-FOR-US: NVIDIA DGX servers
+CVE-2020-11483 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...)
+ NOT-FOR-US: NVIDIA DGX servers
CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The e ...)
{DSA-4652-1}
- gnutls28 3.6.13-2 (bug #955556)
@@ -5216,12 +46068,12 @@ CVE-2020-11478
RESERVED
CVE-2020-11477
RESERVED
-CVE-2020-11476
- RESERVED
+CVE-2020-11476 (Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangero ...)
+ NOT-FOR-US: Concrete5
CVE-2020-11475
RESERVED
-CVE-2020-11474
- RESERVED
+CVE-2020-11474 (NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic lin ...)
+ NOT-FOR-US: NCP Secure Enterprise Client
CVE-2020-11473
RESERVED
CVE-2020-11472
@@ -5262,7 +46114,7 @@ CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains a path traversal vulner
- limesurvey <itp> (bug #472802)
CVE-2020-11454 (Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Contain ...)
NOT-FOR-US: Microstrategy Web
-CVE-2020-11453 (Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in ...)
+CVE-2020-11453 (** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Req ...)
NOT-FOR-US: Microstrategy Web
CVE-2020-11452 (Microstrategy Web 10.4 includes functionality to allow users to import ...)
NOT-FOR-US: Microstrategy Web
@@ -5287,19 +46139,20 @@ CVE-2020-11443 (The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior
CVE-2020-11442
RESERVED
CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated ...)
- - phpmyadmin <undetermined>
+ - phpmyadmin <unfixed> (unimportant)
[jessie] - phpmyadmin <not-affected> (The pma_error display code does not exist in this version)
NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056
-CVE-2020-11440
- RESERVED
-CVE-2020-11439
- RESERVED
-CVE-2020-11438
- RESERVED
-CVE-2020-11437
- RESERVED
-CVE-2020-11436
- RESERVED
+ NOTE: Not considered a security issue
+CVE-2020-11440 (httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no ...)
+ NOT-FOR-US: Wind River
+CVE-2020-11439 (LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue all ...)
+ NOT-FOR-US: LibreHealth EMR
+CVE-2020-11438 (LibreHealth EMR v2.0.0 is affected by systemic CSRF. ...)
+ NOT-FOR-US: LibreHealth EMR
+CVE-2020-11437 (LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privi ...)
+ NOT-FOR-US: LibreHealth EMR
+CVE-2020-11436 (LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the abilit ...)
+ NOT-FOR-US: LibreHealth EMR
CVE-2020-11435
RESERVED
CVE-2020-11434
@@ -5345,605 +46198,605 @@ CVE-2020-11415 (An issue was discovered in Sonatype Nexus Repository Manager 2.x
CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...)
NOT-FOR-US: Progress Telerik UI
CVE-2020-11413
- RESERVED
+ REJECTED
CVE-2020-11412
- RESERVED
+ REJECTED
CVE-2020-11411
- RESERVED
+ REJECTED
CVE-2020-11410
- RESERVED
+ REJECTED
CVE-2020-11409
- RESERVED
+ REJECTED
CVE-2020-11408
- RESERVED
+ REJECTED
CVE-2020-11407
- RESERVED
+ REJECTED
CVE-2020-11406
- RESERVED
+ REJECTED
CVE-2020-11405
- RESERVED
+ REJECTED
CVE-2020-11404
- RESERVED
+ REJECTED
CVE-2020-11403
- RESERVED
+ REJECTED
CVE-2020-11402
- RESERVED
+ REJECTED
CVE-2020-11401
- RESERVED
+ REJECTED
CVE-2020-11400
- RESERVED
+ REJECTED
CVE-2020-11399
- RESERVED
+ REJECTED
CVE-2020-11398
- RESERVED
+ REJECTED
CVE-2020-11397
- RESERVED
+ REJECTED
CVE-2020-11396
- RESERVED
+ REJECTED
CVE-2020-11395
- RESERVED
+ REJECTED
CVE-2020-11394
- RESERVED
+ REJECTED
CVE-2020-11393
- RESERVED
+ REJECTED
CVE-2020-11392
- RESERVED
+ REJECTED
CVE-2020-11391
- RESERVED
+ REJECTED
CVE-2020-11390
- RESERVED
+ REJECTED
CVE-2020-11389
- RESERVED
+ REJECTED
CVE-2020-11388
- RESERVED
+ REJECTED
CVE-2020-11387
- RESERVED
+ REJECTED
CVE-2020-11386
- RESERVED
+ REJECTED
CVE-2020-11385
- RESERVED
+ REJECTED
CVE-2020-11384
- RESERVED
+ REJECTED
CVE-2020-11383
- RESERVED
+ REJECTED
CVE-2020-11382
- RESERVED
+ REJECTED
CVE-2020-11381
- RESERVED
+ REJECTED
CVE-2020-11380
- RESERVED
+ REJECTED
CVE-2020-11379
- RESERVED
+ REJECTED
CVE-2020-11378
- RESERVED
+ REJECTED
CVE-2020-11377
- RESERVED
+ REJECTED
CVE-2020-11376
- RESERVED
+ REJECTED
CVE-2020-11375
- RESERVED
+ REJECTED
CVE-2020-11374
- RESERVED
+ REJECTED
CVE-2020-11373
- RESERVED
+ REJECTED
CVE-2020-11372
- RESERVED
+ REJECTED
CVE-2020-11371
- RESERVED
+ REJECTED
CVE-2020-11370
- RESERVED
+ REJECTED
CVE-2020-11369
- RESERVED
+ REJECTED
CVE-2020-11368
- RESERVED
+ REJECTED
CVE-2020-11367
- RESERVED
+ REJECTED
CVE-2020-11366
- RESERVED
+ REJECTED
CVE-2020-11365
- RESERVED
+ REJECTED
CVE-2020-11364
- RESERVED
+ REJECTED
CVE-2020-11363
- RESERVED
+ REJECTED
CVE-2020-11362
- RESERVED
+ REJECTED
CVE-2020-11361
- RESERVED
+ REJECTED
CVE-2020-11360
- RESERVED
+ REJECTED
CVE-2020-11359
- RESERVED
+ REJECTED
CVE-2020-11358
- RESERVED
+ REJECTED
CVE-2020-11357
- RESERVED
+ REJECTED
CVE-2020-11356
- RESERVED
+ REJECTED
CVE-2020-11355
- RESERVED
+ REJECTED
CVE-2020-11354
- RESERVED
+ REJECTED
CVE-2020-11353
- RESERVED
+ REJECTED
CVE-2020-11352
- RESERVED
+ REJECTED
CVE-2020-11351
- RESERVED
+ REJECTED
CVE-2020-11350
- RESERVED
+ REJECTED
CVE-2020-11349
- RESERVED
+ REJECTED
CVE-2020-11348
- RESERVED
+ REJECTED
CVE-2020-11347
- RESERVED
+ REJECTED
CVE-2020-11346
- RESERVED
+ REJECTED
CVE-2020-11345
- RESERVED
+ REJECTED
CVE-2020-11344
- RESERVED
+ REJECTED
CVE-2020-11343
- RESERVED
+ REJECTED
CVE-2020-11342
- RESERVED
+ REJECTED
CVE-2020-11341
- RESERVED
+ REJECTED
CVE-2020-11340
- RESERVED
+ REJECTED
CVE-2020-11339
- RESERVED
+ REJECTED
CVE-2020-11338
- RESERVED
+ REJECTED
CVE-2020-11337
- RESERVED
+ REJECTED
CVE-2020-11336
- RESERVED
+ REJECTED
CVE-2020-11335
- RESERVED
+ REJECTED
CVE-2020-11334
- RESERVED
+ REJECTED
CVE-2020-11333
- RESERVED
+ REJECTED
CVE-2020-11332
- RESERVED
+ REJECTED
CVE-2020-11331
- RESERVED
+ REJECTED
CVE-2020-11330
- RESERVED
+ REJECTED
CVE-2020-11329
- RESERVED
+ REJECTED
CVE-2020-11328
- RESERVED
+ REJECTED
CVE-2020-11327
- RESERVED
+ REJECTED
CVE-2020-11326
- RESERVED
+ REJECTED
CVE-2020-11325
- RESERVED
+ REJECTED
CVE-2020-11324
- RESERVED
+ REJECTED
CVE-2020-11323
- RESERVED
+ REJECTED
CVE-2020-11322
- RESERVED
+ REJECTED
CVE-2020-11321
- RESERVED
+ REJECTED
CVE-2020-11320
- RESERVED
+ REJECTED
CVE-2020-11319
- RESERVED
+ REJECTED
CVE-2020-11318
- RESERVED
+ REJECTED
CVE-2020-11317
- RESERVED
+ REJECTED
CVE-2020-11316
- RESERVED
+ REJECTED
CVE-2020-11315
- RESERVED
+ REJECTED
CVE-2020-11314
- RESERVED
+ REJECTED
CVE-2020-11313
- RESERVED
+ REJECTED
CVE-2020-11312
- RESERVED
+ REJECTED
CVE-2020-11311
RESERVED
CVE-2020-11310
- RESERVED
-CVE-2020-11309
- RESERVED
-CVE-2020-11308
- RESERVED
-CVE-2020-11307
- RESERVED
-CVE-2020-11306
- RESERVED
-CVE-2020-11305
- RESERVED
-CVE-2020-11304
- RESERVED
-CVE-2020-11303
- RESERVED
+ REJECTED
+CVE-2020-11309 (Use after free in GPU driver while mapping the user memory to GPU memo ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11308 (Buffer overflow occurs when trying to convert ASCII string to Unicode ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11307 (Buffer overflow in modem due to improper array index check before copy ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-11306 (Possible integer overflow in RPMB counter due to lack of length check ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11305 (Integer overflow in boot due to improper length check on arguments rec ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-11304 (Possible out of bound read in DRM due to improper buffer length check. ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11303 (Accepting AMSDU frames with mismatched destination and source address ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11302
- RESERVED
-CVE-2020-11301
- RESERVED
+ REJECTED
+CVE-2020-11301 (Improper authentication of un-encrypted plaintext Wi-Fi frames in an e ...)
+ NOT-FOR-US: Qualcomm WIGIG chipsets
CVE-2020-11300
- RESERVED
-CVE-2020-11299
- RESERVED
-CVE-2020-11298
- RESERVED
-CVE-2020-11297
- RESERVED
-CVE-2020-11296
- RESERVED
-CVE-2020-11295
- RESERVED
-CVE-2020-11294
- RESERVED
-CVE-2020-11293
- RESERVED
-CVE-2020-11292
- RESERVED
-CVE-2020-11291
- RESERVED
-CVE-2020-11290
- RESERVED
-CVE-2020-11289
- RESERVED
-CVE-2020-11288
- RESERVED
-CVE-2020-11287
- RESERVED
-CVE-2020-11286
- RESERVED
-CVE-2020-11285
- RESERVED
-CVE-2020-11284
- RESERVED
-CVE-2020-11283
- RESERVED
-CVE-2020-11282
- RESERVED
-CVE-2020-11281
- RESERVED
-CVE-2020-11280
- RESERVED
-CVE-2020-11279
- RESERVED
-CVE-2020-11278
- RESERVED
-CVE-2020-11277
- RESERVED
-CVE-2020-11276
- RESERVED
-CVE-2020-11275
- RESERVED
-CVE-2020-11274
- RESERVED
-CVE-2020-11273
- RESERVED
-CVE-2020-11272
- RESERVED
-CVE-2020-11271
- RESERVED
-CVE-2020-11270
- RESERVED
-CVE-2020-11269
- RESERVED
-CVE-2020-11268
- RESERVED
-CVE-2020-11267
- RESERVED
-CVE-2020-11266
- RESERVED
-CVE-2020-11265
- RESERVED
-CVE-2020-11264
- RESERVED
-CVE-2020-11263
- RESERVED
-CVE-2020-11262
- RESERVED
-CVE-2020-11261
- RESERVED
-CVE-2020-11260
- RESERVED
-CVE-2020-11259
- RESERVED
-CVE-2020-11258
- RESERVED
-CVE-2020-11257
- RESERVED
-CVE-2020-11256
- RESERVED
-CVE-2020-11255
- RESERVED
-CVE-2020-11254
- RESERVED
-CVE-2020-11253
- RESERVED
-CVE-2020-11252
- RESERVED
-CVE-2020-11251
- RESERVED
-CVE-2020-11250
- RESERVED
+ REJECTED
+CVE-2020-11299 (Buffer overflow can occur in video while playing the non-standard clip ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11298 (While waiting for a response to a callback or listener request, non-se ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11297 (Denial of service in WLAN module due to improper check of subtypes in ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11296 (Arithmetic overflow can happen while processing NOA IE due to improper ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11295 (Use after free in camera If the threadmanager is being cleaned up whil ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11294 (Out of bound write in logger due to prefix size is not validated while ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11293 (Out of bound read can happen in Widevine TA while copying data to buff ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11292 (Possible buffer overflow in voice service due to lack of input validat ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11291 (Possible buffer overflow while updating ikev2 parameters for delete pa ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11290 (Use after free condition in msm ioctl events due to race between the i ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11289 (Out of bound write can occur in TZ command handler due to lack of vali ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11288 (Out of bound write can occur in playready while processing command due ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11287 (Allowing RTT frames to be linked with non randomized MAC address by co ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11286 (An Untrusted Pointer Dereference can occur while doing USB control tra ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11285 (Buffer over-read while unpacking the RTCP packet we may read extra byt ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11284 (Locked memory can be unlocked and modified by non secure boot loader t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11283 (A buffer overflow can occur when playing an MKV clip due to lack of in ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11282 (Improper access control when using mmap with the kgsl driver with a sp ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11281 (Allowing RTT frames to be linked with non randomized MAC address by co ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11280 (Denial of service while processing fine timing measurement request (FT ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11279 (Memory corruption while processing crafted SDES packets due to imprope ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11278 (Possible denial of service while handling host WMI command due to impr ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11277 (Possible race condition during async fastrpc session after sending RPC ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11276 (Possible buffer over read while processing P2P IE and NOA attribute of ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11275 (Possible buffer over-read while parsing quiet IE in Rx beacon frame du ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11274 (Denial of service in MODEM due to assert to the invalid configuration ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11273 (Histogram type KPI was teardown with the assumption of the existence o ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11272 (Before enqueuing a frame to the PE queue for further processing, an en ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11271 (Possible out of bounds while accessing global control elements due to ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11270 (Possible denial of service due to RTT responder consistently rejects a ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11269 (Possible memory corruption while processing EAPOL frames due to lack o ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11268 (Potential UE reset while decoding a crafted Sib1 or SIB1 that schedule ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-11267 (Stack out-of-bounds write occurs while setting up a cipher device if t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11266 (Image address is dereferenced before validating its range which can ca ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11265 (Information disclosure issue due to lack of validation of pointer argu ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11264 (Improper authentication of Non-EAPOL/WAPI plaintext frames during four ...)
+ NOT-FOR-US: Qualcomm WLAN Windows Host
+CVE-2020-11263 (An integer overflow due to improper check performed after the address ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11262 (A race between command submission and destroying the context can cause ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11261 (Memory corruption due to improper check to return error when user appl ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11260 (An improper free of uninitialized memory can occur in DIAG services in ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11259 (Memory corruption due to lack of validation of pointer arguments passe ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11258 (Memory corruption due to lack of validation of pointer arguments passe ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11257 (Memory corruption due to lack of validation of pointer arguments passe ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11256 (Memory corruption due to lack of check of validation of pointer to buf ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11255 (Denial of service while processing RTCP packets containing multiple SD ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11254 (Memory corruption during buffer allocation due to dereferencing sessio ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11253 (Arbitrary memory write issue in video driver while setting the interna ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11252 (Trustzone initialization code will disable xPU`s when memory dumps are ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11251 (Out-of-bounds read vulnerability while accessing DTMF payload due to l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11250 (Use after free due to race condition when reopening the device driver ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11249
RESERVED
CVE-2020-11248
RESERVED
-CVE-2020-11247
- RESERVED
-CVE-2020-11246
- RESERVED
-CVE-2020-11245
- RESERVED
+CVE-2020-11247 (Out of bound memory read while unpacking data due to lack of offset le ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11246 (A double free condition can occur when the device moves to suspend mod ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11245 (Unintended reads and writes by NS EL2 in access control driver due to ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11244
RESERVED
-CVE-2020-11243
- RESERVED
-CVE-2020-11242
- RESERVED
-CVE-2020-11241
- RESERVED
-CVE-2020-11240
- RESERVED
-CVE-2020-11239
- RESERVED
-CVE-2020-11238
- RESERVED
-CVE-2020-11237
- RESERVED
-CVE-2020-11236
- RESERVED
-CVE-2020-11235
- RESERVED
-CVE-2020-11234
- RESERVED
-CVE-2020-11233
- RESERVED
+CVE-2020-11243 (RRC sends a connection establishment success to NAS even though connec ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11242 (User could gain access to secure memory due to incorrect argument into ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11241 (Out of bound read will happen if EAPOL Key length is less than expecte ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11240 (Memory corruption due to ioctl command size was incorrectly set to the ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11239 (Use after free issue when importing a DMA buffer by using the CPU addr ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11238 (Possible Buffer over-read in ARP/NS parsing due to lack of check of pa ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11237 (Memory crash when accessing histogram type KPI input received due to l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11236 (Memory corruption due to invalid value of total dimension in the non-h ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11235 (Buffer overflow might occur while parsing unified command due to lack ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11234 (When sending a socket event message to a user application, invalid inf ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11233 (Time-of-check time-of-use race condition While processing partition en ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11232
RESERVED
-CVE-2020-11231
- RESERVED
-CVE-2020-11230
- RESERVED
+CVE-2020-11231 (Two threads call one or both functions concurrently leading to corrupt ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11230 (Potential arbitrary memory corruption when the qseecom driver updates ...)
+ NOT-FOR-US: Snapdragon
CVE-2020-11229
RESERVED
-CVE-2020-11228
- RESERVED
-CVE-2020-11227
- RESERVED
-CVE-2020-11226
- RESERVED
-CVE-2020-11225
- RESERVED
+CVE-2020-11228 (Part of RPM region was not protected from xblSec itself due to imprope ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11227 (Out of bound write while parsing RTT/TTY packet parsing due to lack of ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11226 (Out of bound memory read in Data modem while unpacking data due to lac ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11225 (Out of bound access in WLAN driver due to lack of validation of array ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11224
RESERVED
-CVE-2020-11223
- RESERVED
-CVE-2020-11222
- RESERVED
-CVE-2020-11221
- RESERVED
-CVE-2020-11220
- RESERVED
+CVE-2020-11223 (Out of bound in camera driver due to lack of check of validation of ar ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11222 (Buffer over read while processing MT SMS with maximum length due to im ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11221 (Usage of syscall by non-secure entity can allow extraction of secure Q ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11220 (While processing storage SCM commands there is a time of check or time ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11219
RESERVED
-CVE-2020-11218
- RESERVED
-CVE-2020-11217
- RESERVED
-CVE-2020-11216
- RESERVED
-CVE-2020-11215
- RESERVED
-CVE-2020-11214
- RESERVED
-CVE-2020-11213
- RESERVED
-CVE-2020-11212
- RESERVED
+CVE-2020-11218 (Denial of service in baseband when NW configures LTE betaOffset-RI-Ind ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11217 (A possible double free or invalid memory access in audio driver while ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11216 (Buffer over read can happen in video driver when playing clip with ato ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11215 (An out of bounds read can happen when processing VSA attribute due to ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11214 (Buffer over-read while processing NDL attribute if attribute length is ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11213 (Out of bound reads might occur in while processing Service descriptor ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11212 (Out of bounds reads while parsing NAN beacons attributes and OUIs due ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11211
RESERVED
-CVE-2020-11210
- RESERVED
-CVE-2020-11209
- RESERVED
-CVE-2020-11208
- RESERVED
-CVE-2020-11207
- RESERVED
-CVE-2020-11206
- RESERVED
-CVE-2020-11205
- RESERVED
-CVE-2020-11204
- RESERVED
-CVE-2020-11203
- RESERVED
-CVE-2020-11202
- RESERVED
-CVE-2020-11201
- RESERVED
-CVE-2020-11200
- RESERVED
-CVE-2020-11199
- RESERVED
-CVE-2020-11198
- RESERVED
-CVE-2020-11197
- RESERVED
-CVE-2020-11196
- RESERVED
-CVE-2020-11195
- RESERVED
-CVE-2020-11194
- RESERVED
-CVE-2020-11193
- RESERVED
-CVE-2020-11192
- RESERVED
-CVE-2020-11191
- RESERVED
-CVE-2020-11190
- RESERVED
-CVE-2020-11189
- RESERVED
-CVE-2020-11188
- RESERVED
-CVE-2020-11187
- RESERVED
-CVE-2020-11186
- RESERVED
-CVE-2020-11185
- RESERVED
-CVE-2020-11184
- RESERVED
-CVE-2020-11183
- RESERVED
-CVE-2020-11182
- RESERVED
-CVE-2020-11181
- RESERVED
-CVE-2020-11180
- RESERVED
-CVE-2020-11179
- RESERVED
-CVE-2020-11178
- RESERVED
-CVE-2020-11177
- RESERVED
-CVE-2020-11176
- RESERVED
-CVE-2020-11175
- RESERVED
-CVE-2020-11174
- RESERVED
-CVE-2020-11173
- RESERVED
-CVE-2020-11172
- RESERVED
-CVE-2020-11171
- RESERVED
-CVE-2020-11170
- RESERVED
-CVE-2020-11169
- RESERVED
-CVE-2020-11168
- RESERVED
-CVE-2020-11167
- RESERVED
-CVE-2020-11166
- RESERVED
-CVE-2020-11165
- RESERVED
-CVE-2020-11164
- RESERVED
-CVE-2020-11163
- RESERVED
-CVE-2020-11162
- RESERVED
-CVE-2020-11161
- RESERVED
-CVE-2020-11160
- RESERVED
-CVE-2020-11159
- RESERVED
-CVE-2020-11158
- RESERVED
-CVE-2020-11157
- RESERVED
-CVE-2020-11156
- RESERVED
-CVE-2020-11155
- RESERVED
-CVE-2020-11154
- RESERVED
-CVE-2020-11153
- RESERVED
-CVE-2020-11152
- RESERVED
-CVE-2020-11151
- RESERVED
-CVE-2020-11150
- RESERVED
-CVE-2020-11149
- RESERVED
-CVE-2020-11148
- RESERVED
-CVE-2020-11147
- RESERVED
-CVE-2020-11146
- RESERVED
-CVE-2020-11145
- RESERVED
-CVE-2020-11144
- RESERVED
-CVE-2020-11143
- RESERVED
+CVE-2020-11210 (Possible memory corruption in RPM region due to improper XPU configura ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11209 (Improper authorization in DSP process could allow unauthorized users t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11208 (Out of Bound issue in DSP services while processing received arguments ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11207 (Buffer overflow in LibFastCV library due to improper size checks with ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11206 (Possible buffer overflow in Fastrpc while handling received parameters ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11205 (u'Possible integer overflow to heap overflow while processing command ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11204 (Possible memory corruption and information leakage in sub-system due t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11203 (Stack overflow may occur if GSM/WCDMA broadcast config size received f ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11202 (Buffer overflow/underflow occurs when typecasting the buffer passed by ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11201 (Arbitrary access to DSP memory due to improper check in loaded library ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11200 (Buffer over-read while parsing RPS due to lack of check of input valid ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11199 (HLOS to access EL3 stack canary by just mapping imem region due to Imp ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11198 (Key material used for TZ diag buffer encryption and other data related ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11197 (Possible integer overflow can occur when stream info update is called ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11196 (u'Integer overflow to buffer overflow occurs while playback of ASF cli ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11195 (Out of bound write and read in TA while processing command from NS sid ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11194 (Possible out of bound access in TA while processing a command from NS ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11193 (u'Buffer over read can happen while parsing mkv clip due to improper t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11192 (Out of bound write while parsing SDP string due to missing check on nu ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11191 (Out of bound read occurs while processing crafted SDP due to lack of c ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11190 (Buffer over-read can happen while parsing received SDP values due to l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11189 (Buffer over-read can happen while parsing received SDP values due to l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11188 (Buffer over-read can happen while parsing received SDP values due to l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11187 (Possible memory corruption in BSI module due to improper validation of ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11186 (Modem will enter into busy mode in an infinite loop while parsing hist ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11185 (Out of bound issue in WLAN driver while processing vdev responses from ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11184 (u'Possible buffer overflow will occur in video while parsing mp4 clip ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11183 (A process can potentially cause a buffer overflow in the display servi ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11182 (Possible heap overflow while parsing NAL header due to lack of check o ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11181 (Out of bound access issue while handling cvp process control command d ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11180 (Out of bound access in computer vision control due to improper validat ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-11179 (Arbitrary read and write to kernel addresses by temporarily overwritin ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11178 (Trusted APPS to overwrite the CPZ memory of another use-case as TZ onl ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11177 (User can overwrite Security Code NV item without knowing current SPC d ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11176 (While processing server certificate from IPSec server, certificate val ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11175 (u'Use after free issue in Bluetooth transport driver when a method in ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11174 (u'Array index underflow issue in adsp driver due to improper check of ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11173 (u'Two threads running simultaneously from user space can lead to race ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11172 (u'fscanf reads a string from a file and stores its contents on a stati ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11171 (Buffer over-read can happen while parsing received SDP values due to l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11170 (Out of bound memory access while playing music playbacks with crafted ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11169 (u'Buffer over-read while processing received L2CAP packet due to lack ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11168 (u'Null-pointer dereference can occur while accessing data buffer beyon ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11167 (Memory corruption while calculating L2CAP packet length in reassembly ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11166 (Potential out of bound read exception when UE receives unusually large ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11165 (Memory corruption due to buffer overflow while copying the message pro ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11164 (u'Third-party app may also call the broadcasts in Perfdump and cause p ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11163 (Possible buffer overflow while updating ikev2 parameters due to lack o ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11162 (u'Possible buffer overflow in MHI driver due to lack of input paramete ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11161 (Out-of-bounds memory access can occur while calculating alignment requ ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11160 (Resource leakage issue during dci client registration due to reference ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11159 (Buffer over-read can happen while processing WPA,RSN IE of beacon and ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11158 (u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due t ...)
+ NOT-FOR-US: Qualcomm
+CVE-2020-11157 (u'Lack of handling unexpected control messages while encryption was in ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11156 (u'Buffer over-read issue in Bluetooth estack due to lack of check for ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11155 (u'Buffer overflow while processing PDU packet in bluetooth due to lack ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11154 (u'Buffer overflow while processing a crafted PDU data packet in blueto ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11153 (u'Out of bound memory access while processing GATT data received due t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11152 (Race condition in HAL layer while processing callback objects received ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11151 (Race condition occurs while calling user space ioctl from two differen ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11150 (Out of bound memory access in camera driver due to improper validation ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11149 (Out of bound access due to usage of an out-of-range pointer offset in ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11148 (Use after free issue in HIDL while using callback to post event in Rx ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11147 (Use after free issue in audio modules while removing and freeing objec ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11146 (Out of bound write while copying data using IOCTL due to lack of check ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11145 (Divide by zero issue can happen while updating delta extension header ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11144 (Buffer over-read while UE process invalid DL ROHC packet for decompres ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11143 (Out of bound memory access during music playback with modified content ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11142
RESERVED
-CVE-2020-11141
- RESERVED
-CVE-2020-11140
- RESERVED
-CVE-2020-11139
- RESERVED
-CVE-2020-11138
- RESERVED
-CVE-2020-11137
- RESERVED
-CVE-2020-11136
- RESERVED
-CVE-2020-11135
- RESERVED
-CVE-2020-11134
- RESERVED
-CVE-2020-11133
- RESERVED
-CVE-2020-11132
- RESERVED
-CVE-2020-11131
- RESERVED
-CVE-2020-11130
- RESERVED
-CVE-2020-11129
- RESERVED
-CVE-2020-11128
- RESERVED
-CVE-2020-11127
- RESERVED
-CVE-2020-11126
- RESERVED
-CVE-2020-11125
- RESERVED
-CVE-2020-11124
- RESERVED
-CVE-2020-11123
- RESERVED
-CVE-2020-11122
- RESERVED
-CVE-2020-11121
- RESERVED
-CVE-2020-11120
- RESERVED
-CVE-2020-11119
- RESERVED
-CVE-2020-11118
- RESERVED
-CVE-2020-11117
- RESERVED
-CVE-2020-11116
- RESERVED
-CVE-2020-11115
- RESERVED
-CVE-2020-11114
- RESERVED
+CVE-2020-11141 (u'Buffer over-read issue in Bluetooth estack due to lack of check for ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11140 (Out of bound memory access during music playback with ALAC modified co ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11139 (Out of bound memory access while processing frames due to lack of chec ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-11138 (Uninitialized pointers accessed during music play back with incorrect ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11137 (Integer multiplication overflow resulting in lower buffer size allocat ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11136 (Buffer Over-read in audio driver while using malloc management functio ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11135 (u'Reachable assertion when wrong data size is returned by parser for a ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-11134 (Possible stack out of bound write might happen due to time bitmap leng ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11133 (u'Possible out of bound array write in rxdco cal utility due to lack o ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-11132 (u'Buffer over read in boot due to size check ignored before copying GU ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11131 (u'Possible buffer overflow in WMA message processing due to integer ov ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11130 (u'Possible buffer overflow in WIFI hal process due to copying data wit ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11129 (u'During the error occurrence in capture request, the buffer is freed ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-11128 (u'Possible out of bound access while copying the mask file content int ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11127 (u'Integer overflow can cause a buffer overflow due to lack of table le ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11126 (Possible out of bound read while WLAN frame parsing due to lack of che ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11125 (u'Out of bound access can happen in MHI command process due to lack of ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11124 (u'Possible use-after-free while accessing diag client map table since ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-11123 (u'information disclosure in gatekeeper trustzone implementation as the ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11122 (u'Null Pointer exception while playing crafted mkv file as data stream ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11121 (u'Possible buffer overflow in WIFI hal process due to usage of memcpy ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11120 (u'Calling thread may free the data buffer pointer that was passed to t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11119 (Buffer over-read can happen when the buffer length received from respo ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11118 (u'Information exposure issues while processing IE header due to improp ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11117 (u'In the lbd service, an external user can issue a specially crafted d ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-11116 (u'Possible out of bound write while processing association response re ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11115 (u'Buffer over read occurs while processing information element from be ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-11114 (u'Bluetooth devices does not properly restrict the L2CAP payload lengt ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode a ...)
- bubblewrap 0.4.1-1 (low; bug #955441)
[buster] - bubblewrap <not-affected> (Introduced in 0.4.0)
@@ -5952,30 +46805,30 @@ CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid m
NOTE: https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240
CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2179-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2670
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2179-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2666
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2179-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2664
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-11110
- RESERVED
+CVE-2020-11110 (Grafana through 6.7.1 allows stored XSS due to insufficient input prot ...)
+ - grafana <removed>
CVE-2020-11109
RESERVED
CVE-2020-11108 (The Gravity updater in Pi-hole through 4.4 allows an authenticated adv ...)
@@ -5988,8 +46841,8 @@ CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It emp
NOT-FOR-US: USC iLab cereal
CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serializatio ...)
NOT-FOR-US: USC iLab cereal
-CVE-2020-11103
- RESERVED
+CVE-2020-11103 (JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, ...)
+ NOT-FOR-US: Webswing
CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying ...)
- qemu 1:4.2-4 (bug #956145)
[buster] - qemu <not-affected> (Vulnerable code/Tulip NIC emulator added later)
@@ -6006,26 +46859,46 @@ CVE-2020-11100 (In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAPro
[stretch] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
[jessie] - haproxy <not-affected> (Vulnerable code introduced in 1.8)
NOTE: https://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=f17f86304f187b0f10ca6a8d46346afd9851a543
-CVE-2020-11099
- RESERVED
-CVE-2020-11098
- RESERVED
-CVE-2020-11097
- RESERVED
-CVE-2020-11096
- RESERVED
-CVE-2020-11095
- RESERVED
-CVE-2020-11094
- RESERVED
-CVE-2020-11093
- RESERVED
+CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds read in lic ...)
+ - freerdp2 2.1.2+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
+CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read in glyp ...)
+ - freerdp2 2.1.2+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
+CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs resultin ...)
+ - freerdp2 2.1.2+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
+CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in update_ ...)
+ - freerdp2 2.1.2+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
+CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs resultin ...)
+ - freerdp2 2.1.2+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
+CVE-2020-11094 (The October CMS debugbar plugin before version 3.1.0 contains a featur ...)
+ NOT-FOR-US: October CMS
+CVE-2020-11093 (Hyperledger Indy Node is the server portion of a distributed ledger pu ...)
+ NOT-FOR-US: Hyperledger Indy Node
CVE-2020-11092
RESERVED
-CVE-2020-11091
- RESERVED
-CVE-2020-11090
- RESERVED
+CVE-2020-11091 (In Weave Net before version 2.6.3, an attacker able to run a process a ...)
+ NOT-FOR-US: Weave Net
+CVE-2020-11090 (In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vul ...)
+ NOT-FOR-US: Indy Node
CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp function ...)
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
@@ -6056,21 +46929,31 @@ CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in clipr
- freerdp <removed>
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
-CVE-2020-11084
- RESERVED
-CVE-2020-11083
- RESERVED
+CVE-2020-11084 (In iPear, the manual execution of the eval() function can lead to comm ...)
+ NOT-FOR-US: iPear
+CVE-2020-11083 (In October from version 1.0.319 and before version 1.0.466, a user wit ...)
+ NOT-FOR-US: October CMS
CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would allow an ...)
- - ruby-kaminari <unfixed> (bug #961847)
+ {DSA-5005-1 DLA-2763-1}
+ - ruby-kaminari 1.0.1-6 (bug #961847)
[jessie] - ruby-kaminari <no-dsa> (No reverse dependency)
NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433
NOTE: https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8
-CVE-2020-11081
- RESERVED
-CVE-2020-11080
- RESERVED
+CVE-2020-11081 (osquery before version 4.4.0 enables a privilege escalation vulnerabil ...)
+ - osquery <itp> (bug #803502)
+CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...)
+ {DSA-4696-1 DLA-2786-1}
+ - nghttp2 1.41.0-1
+ [buster] - nghttp2 <no-dsa> (Minor issue)
+ - nodejs 10.21.0~dfsg-1 (bug #962145)
+ [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
+ [jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
+ NOTE: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr
+ NOTE: https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090 (v1.41.0)
+ NOTE: https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394 (v1.41.0)
+ NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#http-2-large-settings-frame-dos-low-cve-2020-11080
CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of ...)
- TODO: check
+ NOT-FOR-US: dns-sync nodejs module
CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unescaped p ...)
{DLA-2232-1}
- python-httplib2 0.18.1-1
@@ -6079,16 +46962,20 @@ CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unesc
NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
NOTE: https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e
CVE-2020-11077 (In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a re ...)
- - puma <unfixed>
+ {DLA-2398-1}
+ - puma 4.3.6-1 (bug #972102)
+ [buster] - puma 3.12.0-2+deb10u2
NOTE: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ...)
- - puma <unfixed>
+ {DLA-2398-1}
+ - puma 4.3.6-1 (bug #972102)
+ [buster] - puma 3.12.0-2+deb10u2
NOTE: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
NOTE: https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container image m ...)
NOT-FOR-US: Anchore Engine
-CVE-2020-11074
- RESERVED
+CVE-2020-11074 (In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there i ...)
+ NOT-FOR-US: PrestaShop
CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...)
NOT-FOR-US: zsh-autoswitch-virtualenv
CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 1.2.1, users ...)
@@ -6099,8 +46986,8 @@ CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting
NOT-FOR-US: TYPO3
CVE-2020-11069 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...)
NOT-FOR-US: TYPO3
-CVE-2020-11068
- RESERVED
+CVE-2020-11068 (In LoRaMac-node before 4.4.4, a reception buffer overflow can happen d ...)
+ NOT-FOR-US: LoRaMac-node
CVE-2020-11067 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...)
NOT-FOR-US: TYPO3
CVE-2020-11066 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...)
@@ -6116,8 +47003,17 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h
NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2020-11061
- RESERVED
+CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and ...)
+ {DLA-2353-1}
+ - bacula 9.6.5-1
+ [buster] - bacula 9.4.2-2+deb10u1
+ - bareos <removed> (bug #968957)
+ [buster] - bareos <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - bareos <no-dsa> (minor issue, low priority)
+ NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4
+ NOTE: https://bugs.bareos.org/view.php?id=1210
+ NOTE: https://github.com/bareos/bareos/commit/86c6fa479a21a1464366babb74e6cf33770ed7ae (master)
+ NOTE: https://www.bacula.org/git/cgit.cgi/bacula/commit/?id=f9472227317b8e1d26a781d042e0efdf432a633f (Release-9.6.4)
CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...)
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f
@@ -6126,10 +47022,10 @@ CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by
CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir ...)
NOT-FOR-US: AEgir
CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g
NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011
@@ -6145,7 +47041,7 @@ CVE-2020-11054 (In qutebrowser versions less than 1.11.1, reloading a page with
NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j
NOTE: Depends on qtwebkit, which is not covered by security support
CVE-2020-11053 (In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. ...)
- NOT-FOR-US: OAuth2 Proxy
+ - oauth2-proxy <itp> (bug #982891)
CVE-2020-11052 (In Sorcery before 0.15.0, there is a brute force vulnerability when us ...)
NOT-FOR-US: Sorcery
CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor ...)
@@ -6161,10 +47057,10 @@ CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound
NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008
CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007
@@ -6177,18 +47073,18 @@ CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009
CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q
- NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
+ NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006
CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005
@@ -6206,10 +47102,10 @@ CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound
[stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...)
+ {DLA-2356-1}
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
- freerdp <removed>
- [stretch] - freerdp <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010
@@ -6259,8 +47155,11 @@ CVE-2020-11032 (In GLPI before version 9.4.6, there is a SQL injection vulnerabi
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2020-11031
- RESERVED
+CVE-2020-11031 (In GLPI before version 9.5.0, the encryption algorithm used is insecur ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-7xwm-4vjr-jvqh
+ NOTE: https://github.com/glpi-project/glpi/commit/f1ae6c8481e5c19a6f1801a5548cada45702e01a#diff-b5d0ee8c97c7abd7e3fa29b9a27d1780
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...)
- wordpress 5.4.1+dfsg1-1 (bug #959391)
[buster] - wordpress <not-affected> (Vulnerable code not present)
@@ -6309,26 +47208,41 @@ CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS)
CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable ...)
NOT-FOR-US: Moonlight iOS/tvOS
CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...)
- {DSA-4693-1}
+ {DSA-4693-1 DLA-2608-1}
- jquery <removed>
- [jessie] - jquery <not-affected> (Vulnerable code note present)
+ [buster] - jquery 3.3.1~dfsg-3+deb10u1
+ [jessie] - jquery <not-affected> (Vulnerable code not present)
- drupal7 <removed>
+ [jessie] - drupal7 <not-affected> (Vulnerable code not embedded)
- node-jquery 3.5.0+dfsg-2
+ [buster] - node-jquery <no-dsa> (Minor issue)
+ - otrs2 6.0.30-1
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
NOTE: https://www.drupal.org/sa-core-2020-002
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/
CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...)
- {DSA-4693-1}
+ {DSA-4693-1 DLA-2608-1}
- jquery <removed>
- [jessie] - jquery <not-affected> (Vulnerable code note present)
+ [buster] - jquery 3.3.1~dfsg-3+deb10u1
+ [jessie] - jquery <not-affected> (Vulnerable code not present)
- node-jquery 3.5.0+dfsg-2
+ [buster] - node-jquery <no-dsa> (Minor issue)
- drupal7 <removed>
+ [jessie] - drupal7 <not-affected> (Vulnerable code not embedded)
+ - otrs2 6.0.30-1
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
NOTE: https://www.drupal.org/sa-core-2020-002
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/
CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...)
NOT-FOR-US: Actions Http-Client
CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...)
- - ruby-faye <unfixed> (bug #959392)
+ - ruby-faye 1.4.0-1 (bug #959392)
+ [buster] - ruby-faye <no-dsa> (Minor issue)
NOTE: https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5
NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e
CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with logger set t ...)
@@ -6407,15 +47321,19 @@ CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the comm
NOTE: Introduced in: https://github.com/percona/percona-xtrabackup/commit/0b38ffc0f30f1b6d3ff7ed0f9cb3ab31a2ccad13 (percona-xtrabackup-2.4.11)
NOTE: https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/
CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41. ...)
- NOT-FOR-US: Percona XtraDB Cluster
+ - percona-xtradb-cluster-5.5 <removed>
CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not suffic ...)
{DSA-4691-1}
- pdns-recursor 4.3.1-1
- [stretch] - pdns-recursor <end-of-life> (No longer supported, see DSA 4691)
+ [jessie] - pdns-recursor <not-affected> (Vulnerable code added later)
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
-CVE-2020-10994
- RESERVED
+CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...)
+ - pillow 7.2.0-1 (unimportant)
+ NOTE: https://github.com/python-pillow/Pillow/pull/4505
+ NOTE: https://github.com/python-pillow/Pillow/pull/4538
+ NOTE: Fixed in 7.1.0
+ NOTE: Debian packages are built without JPEG2000 support
CVE-2020-10993 (Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader. ...)
NOT-FOR-US: Osmand
CVE-2020-10992 (Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorMa ...)
@@ -6424,83 +47342,83 @@ CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows XXE because of validation/R
NOT-FOR-US: Mulesoft APIkit
CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28 because of the ...)
NOT-FOR-US: Accenture Mercury
-CVE-2020-10989
- RESERVED
-CVE-2020-10988
- RESERVED
-CVE-2020-10987
- RESERVED
-CVE-2020-10986
- RESERVED
-CVE-2020-10985
- RESERVED
-CVE-2020-10984
- RESERVED
-CVE-2020-10983
- RESERVED
-CVE-2020-10982
- RESERVED
+CVE-2020-10989 (An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 ...)
+ NOT-FOR-US: Tenda
+CVE-2020-10988 (A hard-coded telnet credential in the tenda_login binary of Tenda AC15 ...)
+ NOT-FOR-US: Tenda
+CVE-2020-10987 (The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05 ...)
+ NOT-FOR-US: Tenda
+CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC190 ...)
+ NOT-FOR-US: Tenda
+CVE-2020-10985 (Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. ...)
+ NOT-FOR-US: Gambio GX
+CVE-2020-10984 (Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. ...)
+ NOT-FOR-US: Gambio GX
+CVE-2020-10983 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. ...)
+ NOT-FOR-US: Gambio GX
+CVE-2020-10982 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. ...)
+ NOT-FOR-US: Gambio GX
CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintaine ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10980 (GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogB ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10979 (GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pip ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10978 (GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10977 (GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when mov ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10976 (GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when qu ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerab ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
-CVE-2020-10974 (An issue was discovered on Wavlink WL-WN579G3 - M79X3.V5030.180719 and ...)
+CVE-2020-10974 (An issue was discovered affecting a backup feature where a crafted POS ...)
NOT-FOR-US: Wavlink
-CVE-2020-10973 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
+CVE-2020-10973 (An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink ...)
NOT-FOR-US: Wavlink
-CVE-2020-10972 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
+CVE-2020-10972 (An issue was discovered where a page is exposed that has the current a ...)
NOT-FOR-US: Wavlink
-CVE-2020-10971 (An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719, WL-W ...)
+CVE-2020-10971 (An issue was discovered on Wavlink Jetstream devices where a crafted P ...)
NOT-FOR-US: Wavlink
CVE-2020-10970
RESERVED
CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2179-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2642
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2179-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2662
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10967 (In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash ...)
{DSA-4690-1}
- - dovecot <unfixed> (bug #960963)
+ - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1
-CVE-2020-XXXX [RUSTSEC-2020-0006: bumpalo: Flaw in `realloc` allows reading unknown memory]
+CVE-2020-35861 (An issue was discovered in the bumpalo crate before 3.2.1 for Rust. Th ...)
- rust-bumpalo 3.2.1-1 (bug #955151)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0006.html
NOTE: https://github.com/fitzgen/bumpalo/issues/69
@@ -6522,41 +47440,40 @@ CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading Styl
[stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
NOTE: https://phabricator.wikimedia.org/T246602
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
-CVE-2020-10959 [mediawiki: User content can redirect the logout button to different URL]
- RESERVED
+CVE-2020-10959 (resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 a ...)
- mediawiki <not-affected> (Vulnerable code introduced later)
NOTE: https://phabricator.wikimedia.org/T232932
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html
CVE-2020-10958 (In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an un ...)
{DSA-4690-1}
- - dovecot <unfixed> (bug #960963)
+ - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1
CVE-2020-10957 (In Dovecot before 2.3.10.1, unauthenticated sending of malformed param ...)
{DSA-4690-1}
- - dovecot <unfixed> (bug #960963)
+ - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963)
[stretch] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
[jessie] - dovecot <not-affected> (Vulnerable code introduced in 2.3.0)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1
CVE-2020-10956 (GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a proje ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10955 (GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10954 (GitLab through 12.9 is affected by a potential DoS in repository archi ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10953 (In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a pat ...)
- gitlab <not-affected> (Only affects GitLab EE 11.7 and later)
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10952 (GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push doc ...)
[experimental] - gitlab 12.8.8-1
- - gitlab <unfixed>
+ - gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10951 (Western Digital My Cloud Home and ibi devices before 2.2.0 allow click ...)
NOT-FOR-US: Western Digital My Cloud Home and ibi devices
@@ -6569,20 +47486,22 @@ CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienfor
CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...)
NOT-FOR-US: Sophos
CVE-2020-10946 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2020-10945 (Centreon before 19.10.7 exposes Session IDs in server responses. ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-si ...)
- nomad 0.10.5+dfsg1-1
NOTE: https://github.com/hashicorp/nomad/issues/7468
CVE-2020-10943
RESERVED
CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...)
- {DSA-4667-1}
+ {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
-CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive inform ...)
+CVE-2020-10941 (Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive inform ...)
- mbedtls 2.16.5-1
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02
CVE-2020-10940 (Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER ...)
NOT-FOR-US: PHOENIX CONTACT
@@ -6592,19 +47511,29 @@ CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resulta
{DSA-4675-1 DLA-2173-1}
- graphicsmagick 1.4+really1.3.34-1
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce
-CVE-2020-10937
- RESERVED
+CVE-2020-10937 (An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can ...)
+ - ipfs <itp> (bug #779893)
CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
- - sympa <unfixed> (bug #961491)
+ {DSA-4818-1 DLA-2401-1}
+ - sympa 6.2.40~dfsg-5 (bug #961491)
NOTE: https://sympa-community.github.io/security/2020-002.html
NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch
+ NOTE: Patch for sympa-6.1.25: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.1.25-sa-2020-002-r2.patch
NOTE: https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/
NOTE: https://github.com/sympa-community/sympa/issues/943
+CVE-2020-26932 (debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg- ...)
+ {DSA-4818-1 DLA-2401-1}
+ - sympa 6.2.40~dfsg-7 (bug #971904)
+ NOTE: Debian specific issue where sympa_newaliases-wrapper had loose permissions
+ NOTE: (already suid root and word-executable) allowing to gain root privileges
+ NOTE: without first to escalate to sympa user.
+ NOTE: https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1
CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with resulta ...)
- zulip-server <itp> (bug #800052)
CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. ...)
NOT-FOR-US: Acyba AcyMailing
CVE-2020-10933 (An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6 ...)
+ {DSA-4721-1}
- ruby2.7 2.7.1-1
- ruby2.5 <removed>
- ruby2.3 <not-affected> (Vulnerable code introduced in 2.5.0)
@@ -6614,37 +47543,39 @@ CVE-2020-10933 (An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x throu
NOTE: Introduced around https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc
NOTE: and https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc
CVE-2020-10932 (An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before ...)
- - mbedtls <unfixed>
+ - mbedtls 2.16.9-0.1 (bug #963159)
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
-CVE-2020-10930
- RESERVED
-CVE-2020-10929
- RESERVED
-CVE-2020-10928
- RESERVED
-CVE-2020-10927
- RESERVED
-CVE-2020-10926
- RESERVED
-CVE-2020-10925
- RESERVED
-CVE-2020-10924
- RESERVED
-CVE-2020-10923
- RESERVED
-CVE-2020-10922
- RESERVED
-CVE-2020-10921
- RESERVED
-CVE-2020-10920
- RESERVED
-CVE-2020-10919
- RESERVED
-CVE-2020-10918
- RESERVED
-CVE-2020-10917
- RESERVED
+CVE-2020-10930 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ NOT-FOR-US: Netgear
+CVE-2020-10929 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2020-10928 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2020-10927 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2020-10926 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2020-10925 (This vulnerability allows network-adjacent attackers to compromise the ...)
+ NOT-FOR-US: Netgear
+CVE-2020-10924 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
+CVE-2020-10923 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
+CVE-2020-10922 (This vulnerability allows remote attackers to create a denial-of-servi ...)
+ NOT-FOR-US: C-MORE HMI
+CVE-2020-10921 (This vulnerability allows remote attackers to issue commands on affect ...)
+ NOT-FOR-US: C-MORE HMI
+CVE-2020-10920 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: C-MORE HMI
+CVE-2020-10919 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: C-MORE HMI
+CVE-2020-10918 (This vulnerability allows remote attackers to bypass authentication on ...)
+ NOT-FOR-US: C-MORE HMI
+CVE-2020-10917 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: NEC
CVE-2020-10916 (This vulnerability allows network-adjacent attackers to escalate privi ...)
NOT-FOR-US: TP-Link
CVE-2020-10915 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -6721,11 +47652,10 @@ CVE-2020-10880
RESERVED
CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a crafted GET ...)
NOT-FOR-US: rConfig
-CVE-2020-10878 [Integer overflow via malformed bytecode produced by a crafted regular expression]
- RESERVED
+CVE-2020-10878 (Perl before 5.30.3 has an integer overflow related to mishandling of a ...)
- perl 5.30.3-1 (bug #962005)
- [buster] - perl <no-dsa> (Minor issue)
- [stretch] - perl <no-dsa> (Minor issue)
+ [buster] - perl 5.28.1-6+deb10u1
+ [stretch] - perl 5.24.1-3+deb9u7
NOTE: https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 (v5.30.3)
NOTE: https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c (v5.30.3)
CVE-2020-10877
@@ -6768,10 +47698,10 @@ CVE-2020-10860 (An issue was discovered in Avast Antivirus before 20. An Arbitra
NOT-FOR-US: Avast Antivirus
CVE-2020-10859 (Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated ...)
NOT-FOR-US: Zoho
-CVE-2020-10858
- RESERVED
-CVE-2020-10857
- RESERVED
+CVE-2020-10858 (Zulip Desktop before 5.0.0 allows attackers to perform recording via t ...)
+ NOT-FOR-US: Zulip Desktop
+CVE-2020-10857 (Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shel ...)
+ NOT-FOR-US: Zulip Desktop
CVE-2020-10856
RESERVED
CVE-2020-10931 (Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial ...)
@@ -6859,8 +47789,8 @@ CVE-2020-10818 (Artica Proxy 4.26 allows remote command execution for an authent
NOT-FOR-US: Artica Proxy
CVE-2020-10817 (The custom-searchable-data-entry-system (aka Custom Searchable Data En ...)
NOT-FOR-US: custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin for WordPress
-CVE-2020-10816
- RESERVED
+CVE-2020-10816 (Zoho ManageEngine Applications Manager 14780 and before allows a remot ...)
+ NOT-FOR-US: Zoho ManageEngine
CVE-2020-10815
RESERVED
CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...)
@@ -6868,25 +47798,25 @@ CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an
CVE-2020-10813 (A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to cr ...)
NOT-FOR-US: FTPDMIN
CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4
NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/
- TODO: check details
+ NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2
NOTE: https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/
- TODO: check details
+ NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3
NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/
- TODO: check details
+ NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
CVE-2020-10809 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1
NOTE: https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/
- TODO: check details
+ NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injectio ...)
NOT-FOR-US: Vesta Control Panel
CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass (for RES ...)
@@ -6897,7 +47827,7 @@ CVE-2020-10805
RESERVED
CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...)
- phpmyadmin 4:4.9.5+dfsg1-1 (bug #954667)
- [stretch] - phpmyadmin <no-dsa> (Minor issue)
+ [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/56b43527196b0349ec2bea8ca711667e5aa75c65
NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/d55abcd5ffa1ea8785f1217f5b7d78a8a54b8542
@@ -6907,14 +47837,14 @@ CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injec
CVE-2020-10803 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...)
{DLA-2154-1}
- phpmyadmin 4:4.9.5+dfsg1-1 (bug #954666)
- [stretch] - phpmyadmin <no-dsa> (Minor issue)
+ [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
NOTE: https://www.phpmyadmin.net/security/PMASA-2020-4/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a
CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...)
{DLA-2154-1}
- phpmyadmin 4:4.9.5+dfsg1-1 (bug #954665)
- [stretch] - phpmyadmin <no-dsa> (Minor issue)
+ [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
NOTE: https://www.phpmyadmin.net/security/PMASA-2020-3/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe
CVE-2020-10801
@@ -6933,7 +47863,7 @@ CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remot
NOT-FOR-US: Gira TKS-IP-Gateway
CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...)
NOT-FOR-US: Gira TKS-IP-Gateway
-CVE-2020-10793 (** DISPUTED ** CodeIgniter through 4.0.0 allows remote attackers to ga ...)
+CVE-2020-10793 (CodeIgniter through 4.0.0 allows remote attackers to gain privileges v ...)
- codeigniter <itp> (bug #471583)
CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...)
NOT-FOR-US: openITCOCKPIT
@@ -6953,146 +47883,227 @@ CVE-2020-10785
RESERVED
CVE-2020-10784
RESERVED
-CVE-2020-10783
- RESERVED
-CVE-2020-10782
- RESERVED
-CVE-2020-10781
- RESERVED
-CVE-2020-10780
- RESERVED
-CVE-2020-10779
- RESERVED
-CVE-2020-10778
- RESERVED
-CVE-2020-10777
- RESERVED
-CVE-2020-10776
- RESERVED
-CVE-2020-10775
- RESERVED
-CVE-2020-10774
- RESERVED
-CVE-2020-10773
- RESERVED
-CVE-2020-10772
- RESERVED
-CVE-2020-10771
- RESERVED
-CVE-2020-10770
- RESERVED
-CVE-2020-10769
- RESERVED
-CVE-2020-10768
- RESERVED
-CVE-2020-10767
- RESERVED
-CVE-2020-10766
- RESERVED
+CVE-2020-10783 (Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege esc ...)
+ NOT-FOR-US: Red Hat CloudForm
+CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible version ...)
+ NOT-FOR-US: Ansible Tower
+CVE-2020-10781 (A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel ...)
+ {DLA-2385-1}
+ - linux 5.7.10-1
+ [buster] - linux 4.19.146-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ [jessie] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/18/1
+ NOTE: https://git.kernel.org/linus/853eab68afc80f59f36bbdeb715e5c88c501e680
+CVE-2020-10780 (Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a craf ...)
+ NOT-FOR-US: Red Hat CloudForm
+CVE-2020-10779 (Red Hat CloudForms 4.7 and 5 leads to insecure direct object reference ...)
+ NOT-FOR-US: Red Hat CloudForm
+CVE-2020-10778 (In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited b ...)
+ NOT-FOR-US: Red Hat CloudForm
+CVE-2020-10777 (A cross-site scripting flaw was found in Report Menu feature of Red Ha ...)
+ NOT-FOR-US: Red Hat CloudForm
+CVE-2020-10776 (A flaw was found in Keycloak before version 12.0.0, where it is possib ...)
+ NOT-FOR-US: Keycloak
+CVE-2020-10775 (An Open redirect vulnerability was found in ovirt-engine versions 4.4 ...)
+ NOT-FOR-US: ovirt-engine
+CVE-2020-10774 (A memory disclosure flaw was found in the Linux kernel's versions befo ...)
+ - linux <not-affected> (Red Hat-specific patch)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846964
+CVE-2020-10773 (A stack information leak flaw was found in s390/s390x in the Linux ker ...)
+ - linux 5.3.9-1
+ [buster] - linux 4.19.87-1
+ [stretch] - linux 4.9.210-1
+ [jessie] - linux 3.16.81-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846380
+CVE-2020-10772 (An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Ha ...)
+ - unbound <not-affected> (Red Hat specific regression in backport)
+CVE-2020-10771 (A flaw was found in Infinispan version 10, where it is possible to per ...)
+ NOT-FOR-US: Infinispan
+CVE-2020-10770 (A flaw was found in Keycloak before 13.0.0, where it is possible to fo ...)
+ NOT-FOR-US: Keycloak
+CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 5.0 in ...)
+ - linux 4.19.20-1
+ [stretch] - linux 4.9.161-1
+ [jessie] - linux 3.16.68-1
+ NOTE: https://git.kernel.org/linus/8f9c469348487844328e162db57112f7d347c49f
+CVE-2020-10768 (A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() fun ...)
+ {DLA-2323-1}
+ - linux 5.7.6-1
+ [buster] - linux 4.19.131-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
+ NOTE: https://git.kernel.org/linus/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf
+CVE-2020-10767 (A flaw was found in the Linux kernel before 5.8-rc1 in the implementat ...)
+ {DLA-2323-1}
+ - linux 5.7.6-1
+ [buster] - linux 4.19.131-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
+ NOTE: https://git.kernel.org/linus/21998a351512eba4ed5969006f0c55882d995ada
+CVE-2020-10766 (A logic bug flaw was found in Linux kernel before 5.8-rc1 in the imple ...)
+ {DLA-2323-1}
+ - linux 5.7.6-1
+ [buster] - linux 4.19.131-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1
+ NOTE: https://git.kernel.org/linus/dbbe2ad02e9df26e372f38cc3e70dab9222c832e
CVE-2020-10765
RESERVED
CVE-2020-10764
RESERVED
-CVE-2020-10763
- RESERVED
-CVE-2020-10762
- RESERVED
-CVE-2020-10761
- RESERVED
-CVE-2020-10760
- RESERVED
-CVE-2020-10759
- RESERVED
-CVE-2020-10758
- RESERVED
-CVE-2020-10757
- RESERVED
-CVE-2020-10756
- RESERVED
-CVE-2020-10755
- RESERVED
-CVE-2020-10754 [user configuration not honoured leaving the connection unauthenticated via insecure defaults]
- RESERVED
- - network-manager <unfixed> (unimportant)
+CVE-2020-10763 (An information-disclosure flaw was found in the way Heketi before 10.1 ...)
+ - heketi <itp> (bug #903384)
+CVE-2020-10762 (An information-disclosure flaw was found in the way that gluster-block ...)
+ NOT-FOR-US: gluster-block
+CVE-2020-10761 (An assertion failure issue was found in the Network Block Device(NBD) ...)
+ - qemu 1:5.0-6
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ [jessie] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/06/09/1
+ NOTE: Proposed upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html
+ NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=5c4fe018c025740fef4a0a4421e8162db0c3eefd
+ NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af
+CVE-2020-10760 (A use-after-free flaw was found in all samba LDAP server versions befo ...)
+ {DLA-2463-1}
+ - samba 2:4.12.5+dfsg-1
+ [buster] - samba <postponed> (Minor issue, fix along in next DSA)
+ NOTE: https://www.samba.org/samba/security/CVE-2020-10760.html
+CVE-2020-10759 (A PGP signature bypass flaw was found in fwupd (all versions), which c ...)
+ {DLA-2274-1}
+ - fwupd 1.3.10-1 (bug #962517)
+ [buster] - fwupd 1.2.13-1
+ - libjcat 0.1.3-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1844316
+ NOTE: https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md
+ NOTE: Fixed by: https://github.com/fwupd/fwupd/commit/21f2d12fccef63b8aaa99ec53278ce18250b0444 (1.3.10)
+ NOTE: Introduced with: https://github.com/fwupd/fwupd/commit/36a889034c3d34ae4ac4530ea7b6b16e82476fae (0.1.2)
+ NOTE: https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e
+CVE-2020-10758 (A vulnerability was found in Keycloak before 11.0.1 where DoS attack i ...)
+ NOT-FOR-US: Keycloak
+CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1}
+ - linux 5.6.14-2
+ [jessie] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9
+CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP networking ...)
+ {DSA-4728-1 DLA-2288-1}
+ - libslirp 4.3.1-1
+ - qemu 1:4.1-2
+ - slirp4netns 1.0.1-1
+ [buster] - slirp4netns <no-dsa> (Minor issue)
+ NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+ NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11
+ NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-96c5-v27g-58vf
+CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder version ...)
+ - cinder 2:16.1.0-1 (low)
+ [buster] - cinder <no-dsa> (Minor issue)
+ [stretch] - cinder <no-dsa> (Minor issue)
+ [jessie] - cinder <end-of-life> (OpenStack component, not supported in jessie LTS)
+ - python-os-brick 3.1.0-1 (low)
+ [buster] - python-os-brick <no-dsa> (Minor issue)
+ [stretch] - python-os-brick <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
+ NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
+CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...)
+ - network-manager 1.24.2-1 (unimportant)
NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448
NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8affcc19b61fc3c516474ba075e61b82030feeb4
NOTE: Only affects builds enabling ifcfg-rh settings plugin, source-wise only
NOTE: affected but not the Debian binary builds (and is RedHat/Fedora specific
NOTE: plugin).
-CVE-2020-10753
- RESERVED
-CVE-2020-10752
- RESERVED
+CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...)
+ {DLA-2735-1}
+ - ceph 14.2.15-1 (bug #975300)
+ [buster] - ceph <no-dsa> (Minor issue)
+ [jessie] - ceph <no-dsa> (Minor issue)
+ NOTE: https://github.com/ceph/ceph/pull/35773
+ NOTE: Fix: https://github.com/ceph/ceph/commit/1524d3c0c5cb11775313ea1e2bb36a93257947f2
+CVE-2020-10752 (A flaw was found in the OpenShift API Server, where it failed to suffi ...)
+ NOT-FOR-US: OpenShift
CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implementation ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.6.14-1
NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6
-CVE-2020-10750
- RESERVED
-CVE-2020-10749
- RESERVED
-CVE-2020-10748
- RESERVED
+CVE-2020-10750 (Sensitive information written to a log file vulnerability was found in ...)
+ NOT-FOR-US: Jaeger
+CVE-2020-10749 (A vulnerability was found in all versions of containernetworking/plugi ...)
+ - golang-github-containernetworking-plugins 0.8.6-1
+ NOTE: https://github.com/containernetworking/plugins/pull/484
+ NOTE: https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43
+CVE-2020-10748 (A flaw was found in Keycloak's data filter, in version 10.0.1, where i ...)
+ NOT-FOR-US: Keycloak
CVE-2020-10747
- RESERVED
-CVE-2020-10746
- RESERVED
-CVE-2020-10745
- RESERVED
+ REJECTED
+CVE-2020-10746 (A flaw was found in Infinispan (org.infinispan:infinispan-server-runti ...)
+ NOT-FOR-US: Infinispan
+CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before 4.11.11 ...)
+ {DLA-2463-1}
+ - samba 2:4.12.5+dfsg-1
+ [buster] - samba <postponed> (Minor issue, fix along in next DSA)
+ NOTE: https://www.samba.org/samba/security/CVE-2020-10745.html
CVE-2020-10744 (An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansi ...)
- - ansible <unfixed>
+ - ansible 2.9.13+dfsg-1 (bug #966660)
[buster] - ansible <not-affected> (Incomplete fix not applied)
[stretch] - ansible <not-affected> (Incomplete fix not applied)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835566
+ NOTE: https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d
+ NOTE: https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f (v2.9.12)
NOTE: CVE is for an incomplete fix of CVE-2020-1733
-CVE-2020-10743
- RESERVED
+CVE-2020-10743 (It was discovered that OpenShift Container Platform's (OCP) distributi ...)
- kibana <itp> (bug #700337)
-CVE-2020-10742
- RESERVED
+CVE-2020-10742 (A flaw was found in the Linux kernel. An index buffer overflow during ...)
- linux 3.16.2-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835127
CVE-2020-10741
REJECTED
-CVE-2020-10740
- RESERVED
-CVE-2020-10739
- RESERVED
- NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+CVE-2020-10740 (A vulnerability was found in Wildfly in versions before 20.0.0.Final, ...)
+ - wildfly <itp> (bug #752018)
+CVE-2020-10739 (Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the foll ...)
+ - envoyproxy <itp> (bug #987544)
CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...)
- moodle <removed>
CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with the oddj ...)
- oddjob 0.34.6-1 (bug #960089)
[buster] - oddjob <no-dsa> (Minor issue)
+ [stretch] - oddjob <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042
NOTE: https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac
-CVE-2020-10736 [authorization bypass in mons & mgrs]
- RESERVED
+CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions 15.2. ...)
- ceph <not-affected> (Vulnerable code introduced later)
NOTE: https://ceph.io/releases/v15-2-2-octopus-released/
NOTE: https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 (master)
NOTE: https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 (v15.2.2)
CVE-2020-10735
RESERVED
-CVE-2020-10734
- RESERVED
-CVE-2020-10733
- RESERVED
+CVE-2020-10734 (A vulnerability was found in keycloak in the way that the OIDC logout ...)
+ NOT-FOR-US: Keycloak
+CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided ...)
- postgresql-12 <not-affected> (Windows-specific)
- postgresql-11 <not-affected> (Windows-specific)
- postgresql-9.6 <not-affected> (Windows-specific)
NOTE: https://www.postgresql.org/about/news/2038/
-CVE-2020-10732 [uninitialized kernel data leak in userspace coredumps]
- RESERVED
- - linux <unfixed>
+CVE-2020-10732 (A flaw was found in the Linux kernel's implementation of Userspace cor ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1}
+ - linux 5.6.14-2
[jessie] - linux <ignored> (Does not affect supported architectures)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1
NOTE: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413
-CVE-2020-10731
- RESERVED
-CVE-2020-10730
- RESERVED
-CVE-2020-10729 [two random password lookups in same task return same value]
- RESERVED
+CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the Red Hat ...)
+ NOT-FOR-US: Red Hat OpenStack platform
+CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found ...)
+ {DSA-4884-1 DLA-2463-1}
+ - ldb 2:2.1.4-1
+ [stretch] - ldb <not-affected> (Vulnerable code introduced later)
+ - samba 2:4.12.5+dfsg-1
+ [buster] - samba <postponed> (Minor issue, fix along in next DSA)
+ NOTE: https://www.samba.org/samba/security/CVE-2020-10730.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14364
+ NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0 (for ldb)
+CVE-2020-10729 (A flaw was found in the use of insufficiently random values in Ansible ...)
+ {DSA-4950-1}
- ansible 2.9.6+dfsg-1
[jessie] - ansible <not-affected> (Vulnerable code introduced later, no variables template caching)
NOTE: https://github.com/ansible/ansible/issues/34144
@@ -7102,8 +48113,8 @@ CVE-2020-10729 [two random password lookups in same task return same value]
CVE-2020-10728
RESERVED
NOT-FOR-US: automationbroker/apb
-CVE-2020-10727
- RESERVED
+CVE-2020-10727 (A flaw was found in ActiveMQ Artemis management API from version 2.7.0 ...)
+ NOT-FOR-US: ApacheMQ Artemis
CVE-2020-10726 (A vulnerability was found in DPDK versions 19.11 and above. A maliciou ...)
- dpdk 19.11.2-1 (bug #960936)
[buster] - dpdk <not-affected> (Vulnerable code not present)
@@ -7123,10 +48134,9 @@ CVE-2020-10723 (A memory corruption issue was found in DPDK versions 17.05 and a
CVE-2020-10722 (A vulnerability was found in DPDK versions 18.05 and above. A missing ...)
{DSA-4688-1}
- dpdk 19.11.2-1 (bug #960936)
-CVE-2020-10721
- RESERVED
-CVE-2020-10720
- RESERVED
+CVE-2020-10721 (A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When usi ...)
+ NOT-FOR-US: fabric8-maven-plugin
+CVE-2020-10720 (A flaw was found in the Linux kernel's implementation of GRO in versio ...)
- linux 5.2.6-1
[buster] - linux 4.19.67-1
[stretch] - linux 4.9.184-1
@@ -7134,11 +48144,12 @@ CVE-2020-10720
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1781204
NOTE: Fixed by: https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef
CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...)
- - undertow <undetermined>
+ - undertow 2.1.1-1 (bug #969913)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459
- TODO: check, no details on Red Hat bugreport
-CVE-2020-10718
- RESERVED
+ NOTE: https://issues.redhat.com/browse/UNDERTOW-1708 (not public)
+ NOTE: most likely fixed by https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf
+CVE-2020-10718 (A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, wher ...)
+ - wildfly <itp> (bug #752018)
CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file system dae ...)
- qemu 1:5.0-5 (bug #959746)
[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -7146,50 +48157,50 @@ CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file syst
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=01a6dc95ec7f71eeff9963fe3cb03d85225fba3e (v5.0.0-rc0)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html
-CVE-2020-10716
- RESERVED
+CVE-2020-10716 (A flaw was found in Red Hat Satellite's Job Invocation, where the "Use ...)
NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation
-CVE-2020-10715
- RESERVED
-CVE-2020-10714
- RESERVED
+CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...)
+ NOT-FOR-US: Openshift Web Console
+CVE-2020-10714 (A flaw was found in WildFly Elytron version 1.11.3.Final and before. W ...)
NOT-FOR-US: WildFly Elytron
-CVE-2020-10713
- RESERVED
+CVE-2020-10713 (A flaw was found in grub2, prior to version 2.06. An attacker may use ...)
+ {DSA-4735-1}
+ - grub2 2.04-9
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+ NOTE: https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
+ NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e
CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...)
NOT-FOR-US: image registry operator in OpenShift Container Platform
CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's SELinu ...)
+ {DSA-4699-1 DSA-4698-1 DLA-2242-1}
- linux 5.6.14-1
[jessie] - linux <not-affected> (Vulnerability introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2
CVE-2020-10710
RESERVED
-CVE-2020-10709
- RESERVED
+ NOT-FOR-US: foreman-installer
+CVE-2020-10709 (A security flaw was found in Ansible Tower when requesting an OAuth2 t ...)
- ansible-awx <itp> (bug #908763)
NOTE: https://github.com/ansible/awx/issues/6630
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1824033
-CVE-2020-10708 [race condition in kernel/audit.c may allow low privilege users trigger kernel panic]
- RESERVED
- - linux <unfixed> (unimportant)
- NOTE: Disputed and negligigle imapct
+CVE-2020-10708
+ REJECTED
CVE-2020-10707
REJECTED
CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth tokens ar ...)
NOT-FOR-US: OpenShift
-CVE-2020-10705
- RESERVED
- - undertow <undetermined>
+CVE-2020-10705 (A flaw was discovered in Undertow in versions before Undertow 2.1.1.Fi ...)
+ - undertow 2.1.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803241
+ NOTE: https://github.com/undertow-io/undertow/commit/b53d4589c586e8bbdcc89ed60f32cd7977e9a4f4
CVE-2020-10704 (A flaw was found when using samba as an Active Directory Domain Contro ...)
- - samba <unfixed> (bug #960188)
+ {DLA-2463-1}
+ - samba 2:4.12.3+dfsg-2 (bug #960188)
[buster] - samba <postponed> (Can be fixed along in future DSA)
- [stretch] - samba <postponed> (Can be fixed along in future DSA)
- [jessie] - samba <postponed> (Minor issue and the patch is very invisible, eg. http://paste.debian.net/plain/1143919 is not even complete)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14334
NOTE: https://www.samba.org/samba/security/CVE-2020-10704.html
-CVE-2020-10703 [Potential denial of service via active pool without target path]
- RESERVED
+CVE-2020-10703 (A NULL pointer dereference was found in the libvirt API responsible in ...)
- libvirt 6.0.0-2
[buster] - libvirt <no-dsa> (Minor issue)
[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -7197,16 +48208,14 @@ CVE-2020-10703 [Potential denial of service via active pool without target path]
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725
NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e (v3.10.0-rc1)
NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1)
-CVE-2020-10702 [weak signature generation in Pointer Authentication support for ARM]
- RESERVED
+CVE-2020-10702 (A flaw was found in QEMU in the implementation of the Pointer Authenti ...)
- qemu 1:4.2-5
[buster] - qemu <not-affected> (Vulnerable code introduced later)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
[jessie] - qemu <not-affected> (Vulnerable code introduced later)
- qemu-kvm <not-affected> (Vulnerable code introduced later)
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 (v5.0.0-rc0)
-CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to DoS]
- RESERVED
+CVE-2020-10701 (A missing authorization flaw was found in the libvirt API responsible ...)
- libvirt 6.0.0-7 (bug #955841)
[buster] - libvirt <not-affected> (Vulnerable code introduced later)
[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -7214,7 +48223,7 @@ CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to D
NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=95f5ac9ae52455e9da47afc95fa31c9456ac27ae (v5.10.0-rc1)
NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 (v6.2.0-rc1)
CVE-2020-10700 (A use-after-free flaw was found in the way samba AD DC LDAP servers, h ...)
- - samba <unfixed> (bug #960189)
+ - samba 2:4.12.3+dfsg-2 (bug #960189)
[buster] - samba <not-affected> (Vulnerable code introduced later)
[stretch] - samba <not-affected> (Vulnerable code introduced later)
[jessie] - samba <not-affected> (Vulnerable code introduced later)
@@ -7225,22 +48234,24 @@ CVE-2020-10699 (A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2
NOTE: https://github.com/open-iscsi/targetcli-fb/issues/162
NOTE: Introduced in: https://github.com/open-iscsi/targetcli-fb/commit/ad37f94ae72d0e3d5963ce182e2897c84af9c039 (v2.1.50)
NOTE: Fixed by: https://github.com/open-iscsi/targetcli-fb/commit/6e4f39357a90a914d11bac21cc2d2b52c07c213d
-CVE-2020-10698
- RESERVED
+CVE-2020-10698 (A flaw was found in Ansible Tower when running jobs. This flaw allows ...)
NOT-FOR-US: Ansible Tower
-CVE-2020-10697
- RESERVED
+CVE-2020-10697 (A flaw was found in Ansible Tower when running Openshift. Tower runs a ...)
NOT-FOR-US: Ansible Tower
CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5. ...)
- - golang-github-containers-buildah <unfixed>
+ - golang-github-containers-buildah 1.11.6-2
NOTE: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed
-CVE-2020-10695
- RESERVED
+CVE-2020-10695 (An insecure modification flaw in the /etc/passwd file was found in the ...)
NOTE: Red Hat specific CVE assignment for openshift/redhat-sso-7 container
CVE-2020-10694
RESERVED
CVE-2020-10693 (A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in ...)
- - libhibernate-validator-java <undetermined>
+ - libhibernate-validator-java <unfixed> (bug #988946)
+ [bullseye] - libhibernate-validator-java <no-dsa> (Minor issue)
+ [buster] - libhibernate-validator-java <not-affected> (EL support added in 5.x)
+ [stretch] - libhibernate-validator-java <not-affected> (EL support added in 5.x)
+ [jessie] - libhibernate-validator-java <not-affected> (EL support added in 5.x)
+ - libhibernate-validator4-java <not-affected> (EL support added in 5.x)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805501
CVE-2020-10692
RESERVED
@@ -7253,26 +48264,31 @@ CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versio
NOTE: https://github.com/ansible/ansible/pull/68596
NOTE: https://github.com/ansible/ansible/commit/b2551bb6943eec078066aa3a923e0bb3ed85abe8 (stable-2.9)
CVE-2020-10690 (There is a use-after-free in kernel versions before 5.5 due to a race ...)
+ {DLA-2241-1}
- linux 5.4.8-1
[buster] - linux 4.19.98-1
+ [stretch] - linux 4.9.228-1
NOTE: Fixed by: https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e
CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where it did ...)
NOT-FOR-US: Eclipse Che
-CVE-2020-10688
- RESERVED
- - resteasy <undetermined>
+CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...)
+ - resteasy <unfixed> (bug #970328)
- resteasy3.0 <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
NOTE: https://github.com/quarkusio/quarkus/issues/7248
NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted)
- TODO: check details, not much information provided by Red Hat.
-CVE-2020-10687
- RESERVED
- - undertow <undetermined>
+ NOTE: https://github.com/resteasy/Resteasy/pull/2320
+ NOTE: https://github.com/resteasy/Resteasy/commit/3fe881cf945c06bdb16895fbc73bc620694d2ba7 (4.6.0.Final)
+CVE-2020-10687 (A flaw was discovered in all versions of Undertow before Undertow 2.2. ...)
+ - undertow 2.2.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049
+ NOTE: https://issues.jboss.org/browse/UNDERTOW-1780
+ NOTE: https://github.com/undertow-io/undertow/pull/951
+ NOTE: https://github.com/undertow-io/undertow/commit/a18574a4da09449d855c0a7e58dfca3e9e2e488e (2.2.0.Final)
CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in ...)
NOT-FOR-US: Keycloak
CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine versions 2 ...)
+ {DSA-4950-1}
- ansible 2.9.7+dfsg-1
[jessie] - ansible <not-affected> (Vulnerable code introduced later, all decryption in-memory, no transparent file decryption)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627
@@ -7280,14 +48296,16 @@ CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine vers
NOTE: https://github.com/ansible/ansible/commit/6452a82452f3a721233b50f62419598206442fd9
NOTE: Introduced in https://github.com/ansible/ansible/commit/cdf6e3e4bf44fdab62c2e4ccd3f5fd67ea554548 (2.1)
CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...)
+ {DSA-4950-1}
- ansible 2.9.7+dfsg-1
- [jessie] - ansible <not-affected> (Vulnerable code introduced later, 'ansible_facts' variable not exposed)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519
NOTE: https://github.com/ansible/ansible/pull/68431
NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce
-CVE-2020-10683 (dom4j before 2.1.3 allows external DTDs and External Entities by defau ...)
+CVE-2020-10683 (dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and Ext ...)
{DLA-2191-1}
- - dom4j <unfixed> (bug #958055)
+ - dom4j 2.1.3-1 (bug #958055)
+ [buster] - dom4j <no-dsa> (Minor issue)
+ [stretch] - dom4j <no-dsa> (Minor issue)
NOTE: https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d (the fix?)
NOTE: https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658 (post-fix refactor?)
CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...)
@@ -7311,17 +48329,17 @@ CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows at
NOTE: https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717
CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2153-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2660
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2153-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2659
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -7335,11 +48353,10 @@ CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0
NOT-FOR-US: Canon
CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
NOT-FOR-US: Canon
-CVE-2020-10666
- RESERVED
+CVE-2020-10666 (The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXa ...)
+ NOT-FOR-US: FreePBX
CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS comman ...)
- libperlspeak-perl <removed> (bug #954238)
- [stretch] - libperlspeak-perl <ignored> (Will be removed in next point release)
[jessie] - libperlspeak-perl <end-of-life> (Not supported in jessie LTS)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173
CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTE ...)
@@ -7347,15 +48364,14 @@ CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY
CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 ...)
NOT-FOR-US: VxWorks
CVE-2020-10663 (The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...)
- {DLA-2192-1 DLA-2190-1}
+ {DSA-4721-1 DLA-2192-1 DLA-2190-1}
- ruby-json 2.3.0+dfsg-1
- [buster] - ruby-json <no-dsa> (Minor issue)
- [stretch] - ruby-json <no-dsa> (Minor issue)
+ [buster] - ruby-json 2.1.0+dfsg-2+deb10u1
+ [stretch] - ruby-json 2.0.1+dfsg-3+deb9u1
- ruby2.7 <not-affected> (Fixed before initial upload to Debian)
- ruby2.5 <removed>
- [buster] - ruby2.5 <no-dsa> (Minor issue)
- ruby2.3 <removed>
- [stretch] - ruby2.3 <no-dsa> (Minor issue)
+ [stretch] - ruby2.3 2.3.3-1+deb9u8
- ruby2.1 <removed>
NOTE: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/
NOTE: https://hackerone.com/reports/706934
@@ -7369,14 +48385,14 @@ CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.
NOT-FOR-US: HashiCorp Vault
CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows ...)
NOT-FOR-US: Entrust Entelligence Security Provider (ESP)
-CVE-2020-10658
- RESERVED
-CVE-2020-10657
- RESERVED
-CVE-2020-10656
- RESERVED
-CVE-2020-10655
- RESERVED
+CVE-2020-10658 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Server
+CVE-2020-10657 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Server
+CVE-2020-10656 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Server
+CVE-2020-10655 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Server
CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...)
NOT-FOR-US: Ping Identity PingID
CVE-2020-10653
@@ -7391,23 +48407,23 @@ CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windo
NOT-FOR-US: ASUS Device Activation
CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...)
- u-boot 2020.04+dfsg-1
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <ignored> (Minor issue)
- NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
+ NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/5
NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html
-CVE-2020-10647 (Wind River VxWorks tftp client library, as distributed in VxWorks 6.9 ...)
- NOT-FOR-US: VxWorks
+CVE-2020-10647
+ REJECTED
CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...)
NOT-FOR-US: Fuji Electric V-Server Lite
CVE-2020-10645
RESERVED
-CVE-2020-10644
- RESERVED
-CVE-2020-10643
- RESERVED
-CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...)
+CVE-2020-10644 (The affected product lacks proper validation of user-supplied data, wh ...)
+ NOT-FOR-US: Inductive Automation Ignition
+CVE-2020-10643 (An authenticated remote attacker could use specially crafted URLs to s ...)
+ NOT-FOR-US: PI Vision
+CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an a ...)
NOT-FOR-US: Rockwell
CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...)
NOT-FOR-US: Inductive Automation
@@ -7435,16 +48451,16 @@ CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software d
NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit
CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...)
NOT-FOR-US: WebAccess/NMS
-CVE-2020-10628
- RESERVED
-CVE-2020-10627
- RESERVED
+CVE-2020-10628 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...)
+ NOT-FOR-US: ControlEdge PLC
+CVE-2020-10627 (Insulet Omnipod Insulin Management System insulin pump product ID 1919 ...)
+ NOT-FOR-US: Insulet Omnipod Insulin Management System
CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...)
NOT-FOR-US: Fazecast jSerialComm
CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...)
NOT-FOR-US: WebAccess/NMS
-CVE-2020-10624
- RESERVED
+CVE-2020-10624 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...)
+ NOT-FOR-US: ControlEdge PLC
CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...)
NOT-FOR-US: WebAccess/NMS
CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...)
@@ -7463,41 +48479,41 @@ CVE-2020-10616 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not
NOT-FOR-US: Opto 22 SoftPAC Project
CVE-2020-10615 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...)
NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
-CVE-2020-10614
- RESERVED
+CVE-2020-10614 (In OSIsoft PI System multiple products and versions, an authenticated ...)
+ NOT-FOR-US: OSIsoft PI System
CVE-2020-10613 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...)
NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
CVE-2020-10612 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicat ...)
NOT-FOR-US: Opto 22 SoftPAC Project
CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...)
NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway
-CVE-2020-10610
- RESERVED
-CVE-2020-10609
- RESERVED
-CVE-2020-10608
- RESERVED
+CVE-2020-10610 (In OSIsoft PI System multiple products and versions, a local attacker ...)
+ NOT-FOR-US: OSIsoft PI System
+CVE-2020-10609 (Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may all ...)
+ NOT-FOR-US: Grundfos
+CVE-2020-10608 (In OSIsoft PI System multiple products and versions, a local attacker ...)
+ NOT-FOR-US: OSIsoft PI System
CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2020-10606
- RESERVED
-CVE-2020-10605
- RESERVED
-CVE-2020-10604
- RESERVED
+CVE-2020-10606 (In OSIsoft PI System multiple products and versions, a local attacker ...)
+ NOT-FOR-US: OSIsoft PI System
+CVE-2020-10605 (Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests ...)
+ NOT-FOR-US: Grundfos CIM
+CVE-2020-10604 (In OSIsoft PI System multiple products and versions, a remote, unauthe ...)
+ NOT-FOR-US: OSIsoft PI System
CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...)
NOT-FOR-US: WebAccess/NMS
-CVE-2020-10602
- RESERVED
+CVE-2020-10602 (In OSIsoft PI System multiple products and versions, an authenticated ...)
+ NOT-FOR-US: OSIsoft PI System
CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...)
NOT-FOR-US: VISAM VBASE Editor
-CVE-2020-10600
- RESERVED
+CVE-2020-10600 (An authenticated remote attacker could crash PI Archive Subsystem when ...)
+ NOT-FOR-US: OSIsoft PI System
CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
NOT-FOR-US: VISAM VBASE Editor
CVE-2020-10598 (In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES ...)
NOT-FOR-US: Pyxis
-CVE-2020-10597 (The affected insulin pump is designed to communicate using a wireless ...)
+CVE-2020-10597 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Mul ...)
NOT-FOR-US: Insulet
CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...)
NOT-FOR-US: OpenCart
@@ -7523,8 +48539,8 @@ CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.
NOTE: https://bugs.torproject.org/33120
CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Ac ...)
NOT-FOR-US: Walmart Labs Concord
-CVE-2020-10590
- RESERVED
+CVE-2020-10590 (Replicated Classic 2.x versions have an improperly secured API that ex ...)
+ NOT-FOR-US: Replicated Classic
CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...)
NOT-FOR-US: v2rayL
CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...)
@@ -7535,18 +48551,18 @@ CVE-2020-10586
RESERVED
CVE-2020-10585
RESERVED
-CVE-2020-10584
- RESERVED
-CVE-2020-10583
- RESERVED
-CVE-2020-10582
- RESERVED
-CVE-2020-10581
- RESERVED
-CVE-2020-10580
- RESERVED
-CVE-2020-10579
- RESERVED
+CVE-2020-10584 (A directory traversal on the /admin/search_by.php script of Invigo Aut ...)
+ NOT-FOR-US: Invigo Automatic Device Management (ADM)
+CVE-2020-10583 (The /admin/admapi.php script of Invigo Automatic Device Management (AD ...)
+ NOT-FOR-US: Invigo Automatic Device Management (ADM)
+CVE-2020-10582 (A SQL injection on the /admin/display_errors.php script of Invigo Auto ...)
+ NOT-FOR-US: Invigo Automatic Device Management (ADM)
+CVE-2020-10581 (Multiple session validity check issues in several administration funct ...)
+ NOT-FOR-US: Invigo Automatic Device Management (ADM)
+CVE-2020-10580 (A command injection on the /admin/broadcast.php script of Invigo Autom ...)
+ NOT-FOR-US: Invigo Automatic Device Management (ADM)
+CVE-2020-10579 (A directory traversal on the /admin/sysmon.php script of Invigo Automa ...)
+ NOT-FOR-US: Invigo Automatic Device Management (ADM)
CVE-2020-10578 (An arbitrary file read vulnerability exists in system/controller/backe ...)
NOT-FOR-US: QCMS
CVE-2020-10577 (An issue was discovered in Janus through 0.9.1. janus.c has multiple c ...)
@@ -7570,7 +48586,7 @@ CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython im
NOT-FOR-US: psd-tools
CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show Popup is ...)
NOT-FOR-US: Telegram for Android
-CVE-2020-10569 (SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, w ...)
+CVE-2020-10569 (** DISPUTED ** SysAid On-Premise 20.1.11, by default, allows the AJP p ...)
NOT-FOR-US: SysAid On-Premise
CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for Word ...)
NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress
@@ -7586,8 +48602,8 @@ CVE-2020-10563 (An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactl
NOT-FOR-US: DEVOME GRR
CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.p ...)
NOT-FOR-US: DEVOME GRR
-CVE-2020-10561
- RESERVED
+CVE-2020-10561 (An issue was discovered on Xiaomi Mi Jia ink-jet printer &lt; 3.4.6_01 ...)
+ NOT-FOR-US: Xiaomi
CVE-2020-10560 (An issue was discovered in Open Source Social Network (OSSN) through 5 ...)
NOT-FOR-US: Open Source Social Network (OSSN)
CVE-2020-10559
@@ -7600,33 +48616,32 @@ CVE-2020-10556
RESERVED
CVE-2020-10555
RESERVED
-CVE-2020-10554
- RESERVED
-CVE-2020-10553
- RESERVED
-CVE-2020-10552
- RESERVED
+CVE-2020-10554 (An issue was discovered in Psyprax beforee 3.2.2. Passwords used to en ...)
+ NOT-FOR-US: Psyprax
+CVE-2020-10553 (An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA ...)
+ NOT-FOR-US: Psyprax
+CVE-2020-10552 (An issue was discovered in Psyprax before 3.2.2. The Firebird database ...)
+ NOT-FOR-US: Psyprax
CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...)
NOT-FOR-US: QQBrowser
CVE-2020-10550
RESERVED
-CVE-2020-10549
- RESERVED
-CVE-2020-10548
- RESERVED
-CVE-2020-10547
- RESERVED
-CVE-2020-10546
- RESERVED
+CVE-2020-10549 (rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.p ...)
+ NOT-FOR-US: rConfig
+CVE-2020-10548 (rConfig 3.9.4 and previous versions has unauthenticated devices.inc.ph ...)
+ NOT-FOR-US: rConfig
+CVE-2020-10547 (rConfig 3.9.4 and previous versions has unauthenticated compliancepoli ...)
+ NOT-FOR-US: rConfig
+CVE-2020-10546 (rConfig 3.9.4 and previous versions has unauthenticated compliancepoli ...)
+ NOT-FOR-US: rConfig
CVE-2020-10545
RESERVED
CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFac ...)
NOT-FOR-US: PrimeTek PrimeFaces
-CVE-2020-10543 [Buffer overflow caused by a crafted regular expression]
- RESERVED
+CVE-2020-10543 (Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer over ...)
- perl 5.30.3-1 (bug #962005)
- [buster] - perl <no-dsa> (Minor issue)
- [stretch] - perl <no-dsa> (Minor issue)
+ [buster] - perl 5.28.1-6+deb10u1
+ [stretch] - perl 5.24.1-3+deb9u7
NOTE: https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed (v5.30.3)
CVE-2020-10542
RESERVED
@@ -7634,12 +48649,12 @@ CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code e
NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of ...)
NOT-FOR-US: Untis WebUntis
-CVE-2020-10539
- RESERVED
-CVE-2020-10538
- RESERVED
-CVE-2020-10537
- RESERVED
+CVE-2020-10539 (An issue was discovered in Epikur before 20.1.1. The Epikur server con ...)
+ NOT-FOR-US: Epikur
+CVE-2020-10538 (An issue was discovered in Epikur before 20.1.1. It stores the secret ...)
+ NOT-FOR-US: Epikur
+CVE-2020-10537 (An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 serve ...)
+ NOT-FOR-US: Epikur
CVE-2020-10536
RESERVED
CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...)
@@ -7681,14 +48696,14 @@ CVE-2020-10521
RESERVED
CVE-2020-10520
RESERVED
-CVE-2020-10519
- RESERVED
-CVE-2020-10518
- RESERVED
-CVE-2020-10517
- RESERVED
-CVE-2020-10516
- RESERVED
+CVE-2020-10519 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2020-10518 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2020-10517 (An improper access control vulnerability was identified in GitHub Ente ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2020-10516 (An improper access control vulnerability was identified in the GitHub ...)
+ NOT-FOR-US: GitHub Enterprise Server API
CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...)
NOT-FOR-US: STARFACE UCC Client
CVE-2020-10514 (iCatch DVR firmware before 20200103 do not validate function parameter ...)
@@ -7965,16 +48980,31 @@ CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...)
[jessie] - rmysql <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32
NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40
-CVE-2020-10379
- RESERVED
-CVE-2020-10378
- RESERVED
+CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...)
+ - pillow 7.2.0-1
+ [buster] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0)
+ [stretch] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0)
+ [jessie] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0)
+ NOTE: https://github.com/python-pillow/Pillow/pull/4538
+ NOTE: https://github.com/python-pillow/Pillow/pull/4507
+ NOTE: Fixed in 6.2.3 and 7.1.0
+CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...)
+ - pillow 7.2.0-1
+ [buster] - pillow 5.4.1-2+deb10u2
+ [stretch] - pillow <not-affected> (Vulnerable code not present)
+ [jessie] - pillow <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/python-pillow/Pillow/pull/4538
+ NOTE: https://github.com/python-pillow/Pillow/pull/4506
+ NOTE: https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2 (Test)
+ NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7
+ NOTE: https://github.com/python-pillow/Pillow/commit/ada137eba5b605fd5aeff619c33bbf0e53af26ee (Test)
+ NOTE: Fixed in 6.2.3 and 7.1.0
CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client before ...)
NOT-FOR-US: Mitel
CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...)
NOT-FOR-US: Technicolor
-CVE-2020-10375
- RESERVED
+CVE-2020-10375 (An issue was discovered in New Media Smarty before 9.10. Passwords are ...)
+ NOT-FOR-US: New Media Smarty
CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...)
NOT-FOR-US: PRTG Network Monitor
CVE-2020-10373
@@ -8139,56 +49169,59 @@ CVE-2020-10294
RESERVED
CVE-2020-10293
RESERVED
-CVE-2020-10292
- RESERVED
-CVE-2020-10291
- RESERVED
-CVE-2020-10290
- RESERVED
-CVE-2020-10289
- RESERVED
-CVE-2020-10288
- RESERVED
-CVE-2020-10287
- RESERVED
-CVE-2020-10286
- RESERVED
-CVE-2020-10285
- RESERVED
-CVE-2020-10284
- RESERVED
-CVE-2020-10283
- RESERVED
-CVE-2020-10282
- RESERVED
-CVE-2020-10281
- RESERVED
-CVE-2020-10280
- RESERVED
-CVE-2020-10279
- RESERVED
-CVE-2020-10278
- RESERVED
-CVE-2020-10277
- RESERVED
-CVE-2020-10276
- RESERVED
-CVE-2020-10275
- RESERVED
-CVE-2020-10274
- RESERVED
-CVE-2020-10273
- RESERVED
-CVE-2020-10272
- RESERVED
-CVE-2020-10271
- RESERVED
-CVE-2020-10270
- RESERVED
-CVE-2020-10269
- RESERVED
-CVE-2020-10268
- RESERVED
+CVE-2020-10292 (Visual Components (owned by KUKA) is a robotic simulator that allows s ...)
+ NOT-FOR-US: Visual Components
+CVE-2020-10291 (Visual Components (owned by KUKA) is a robotic simulator that allows s ...)
+ NOT-FOR-US: Visual Components
+CVE-2020-10290 (Universal Robots controller execute URCaps (zip files containing Java- ...)
+ NOT-FOR-US: Universal Robots controller
+CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary objects. Th ...)
+ {DLA-2357-1}
+ - ros-actionlib 1.13.1-4 (bug #968830)
+ [buster] - ros-actionlib 1.11.15-1+deb10u1
+ NOTE: https://github.com/ros/actionlib/pull/171
+CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain access y ...)
+ NOT-FOR-US: ABB IRC5
+CVE-2020-10287 (The IRC5 family with UAS service enabled comes by default with credent ...)
+ NOT-FOR-US: ABB IRC5
+CVE-2020-10286 (the main user account has restricted privileges but is in the sudoers ...)
+ NOT-FOR-US: xArm
+CVE-2020-10285 (The authentication implementation on the xArm controller has very low ...)
+ NOT-FOR-US: xArm
+CVE-2020-10284 (No authentication is required to control the robot inside the network, ...)
+ NOT-FOR-US: xArm
+CVE-2020-10283 (The Micro Air Vehicle Link (MAVLink) protocol presents authentication ...)
+ NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol
+CVE-2020-10282 (The Micro Air Vehicle Link (MAVLink) protocol presents no authenticati ...)
+ NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol
+CVE-2020-10281 (This vulnerability applies to the Micro Air Vehicle Link (MAVLink) pro ...)
+ NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol
+CVE-2020-10280 (The Apache server on port 80 that host the web interface is vulnerable ...)
+ NOT-FOR-US: MiR
+CVE-2020-10279 (MiR robot controllers (central computation unit) makes use of Ubuntu 1 ...)
+ NOT-FOR-US: MiR
+CVE-2020-10278 (The BIOS onboard MiR's Computer is not protected by password, therefor ...)
+ NOT-FOR-US: MiR
+CVE-2020-10277 (There is no mechanism in place to prevent a bad operator to boot from ...)
+ NOT-FOR-US: MiR
+CVE-2020-10276 (The password for the safety PLC is the default and thus easy to find ( ...)
+ NOT-FOR-US: Safety PLC
+CVE-2020-10275 (The access tokens for the REST API are directly derived from the publi ...)
+ NOT-FOR-US: MiR
+CVE-2020-10274 (The access tokens for the REST API are directly derived (sha256 and ba ...)
+ NOT-FOR-US: MiR
+CVE-2020-10273 (MiR controllers across firmware versions 2.8.1.1 and before do not enc ...)
+ NOT-FOR-US: MiR
+CVE-2020-10272 (MiR100, MiR200 and other MiR robots use the Robot Operating System (RO ...)
+ NOT-FOR-US: MiR
+CVE-2020-10271 (MiR100, MiR200 and other MiR robots use the Robot Operating System (RO ...)
+ NOT-FOR-US: MiR
+CVE-2020-10270 (Out of the wired and wireless interfaces within MiR100, MiR200 and oth ...)
+ NOT-FOR-US: MiR
+CVE-2020-10269 (One of the wireless interfaces within MiR100, MiR200 and possibly (acc ...)
+ NOT-FOR-US: MiR
+CVE-2020-10268 (Critical services for operation can be terminated from windows task ma ...)
+ NOT-FOR-US: Kuka
CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...)
NOT-FOR-US: Universal Robots control box CB
CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...)
@@ -8211,18 +49244,19 @@ CVE-2020-10258
RESERVED
CVE-2020-10257 (The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks acces ...)
NOT-FOR-US: ThemeREX Addons plugin for WordPress
-CVE-2020-10256
- RESERVED
+CVE-2020-10256 (An issue was discovered in beta versions of the 1Password command-line ...)
+ NOT-FOR-US: 1Password
CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...)
NOT-FOR-US: Hardware vulnerabliity in DDR4 DRAM chips
-CVE-2020-10254
- RESERVED
+CVE-2020-10254 (An issue was discovered in ownCloud before 10.4. An attacker can bypas ...)
+ - owncloud <removed>
CVE-2020-10253
RESERVED
-CVE-2020-10252
- RESERVED
+CVE-2020-10252 (An issue was discovered in ownCloud before 10.4. Because of an SSRF is ...)
+ - owncloud <removed>
CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...)
- - imagemagick <unfixed> (bug #953741)
+ - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #953741)
+ [buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <not-affected> (Vulnerable code introduced later with HEIC image format support)
[jessie] - imagemagick <not-affected> (Vulnerable code introduced later with HEIC image format support)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1859
@@ -8260,16 +49294,16 @@ CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created fi
NOT-FOR-US: Froxlor
CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...)
NOT-FOR-US: Froxlor
-CVE-2020-10234
- RESERVED
+CVE-2020-10234 (The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 1 ...)
+ NOT-FOR-US: IObit Advanced SystemCare
CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...)
- sleuthkit <unfixed> (unimportant)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829
NOTE: Crash in CLI tool, no security impact
CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack ...)
{DLA-2137-1}
- - sleuthkit <unfixed> (low; bug #953976)
- [buster] - sleuthkit <no-dsa> (Minor issue)
+ - sleuthkit 4.9.0+dfsg-2 (low; bug #953976)
+ [buster] - sleuthkit 4.6.5-1+deb10u1
[stretch] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836
NOTE: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1
@@ -8277,12 +49311,12 @@ CVE-2020-10231 (TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Bu
NOT-FOR-US: TP-Link
CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) al ...)
NOT-FOR-US: CentOS-WebPanel.com
-CVE-2020-10229
- RESERVED
-CVE-2020-10228
- RESERVED
-CVE-2020-10227
- RESERVED
+CVE-2020-10229 (A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unw ...)
+ NOT-FOR-US: vtecrm vtenext
+CVE-2020-10228 (A file upload vulnerability in vtecrm vtenext 19 CE allows authenticat ...)
+ NOT-FOR-US: vtecrm vtenext
+CVE-2020-10227 (A cross-site scripting (XSS) vulnerability in the messages module of v ...)
+ NOT-FOR-US: vtecrm vtenext
CVE-2020-10226
RESERVED
CVE-2020-10225 (An unauthenticated file upload vulnerability has been identified in ad ...)
@@ -8315,16 +49349,16 @@ CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SS
NOT-FOR-US: Responsive FileManager
CVE-2020-10211 (A remote code execution vulnerability in UCB component of Mitel MiVoic ...)
NOT-FOR-US: Mitel
-CVE-2020-10210
- RESERVED
-CVE-2020-10209
- RESERVED
-CVE-2020-10208
- RESERVED
-CVE-2020-10207
- RESERVED
-CVE-2020-10206
- RESERVED
+CVE-2020-10210 (Because of hard-coded SSH keys for the root user in Amino Communicatio ...)
+ NOT-FOR-US: Amino Communications
+CVE-2020-10209 (Command Injection in the CPE WAN Management Protocol (CWMP) registrati ...)
+ NOT-FOR-US: Amino Communications
+CVE-2020-10208 (Command Injection in EntoneWebEngine in Amino Communications AK45x ser ...)
+ NOT-FOR-US: Amino Communications
+CVE-2020-10207 (Use of Hard-coded Credentials in EntoneWebEngine in Amino Communicatio ...)
+ NOT-FOR-US: Amino Communications
+CVE-2020-10206 (Use of a Hard-coded Password in VNCserver in Amino Communications AK45 ...)
+ NOT-FOR-US: Amino Communications
CVE-2020-10205
RESERVED
CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. ...)
@@ -8360,8 +49394,9 @@ CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenti
CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...)
- {DLA-2176-1}
+ {DLA-2341-1 DLA-2176-1}
- inetutils 2:1.9.4-12 (bug #956084)
+ [buster] - inetutils 2:1.9.4-7+deb10u1
- netkit-telnet 0.17-18woody2 (bug #953477)
- netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478)
NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
@@ -8370,8 +49405,11 @@ CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote
NOTE: Patch in Fedora: https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch
CVE-2020-10187 (Doorkeeper version 5.0.0 and later contains an information disclosure ...)
- ruby-doorkeeper 5.0.3-1 (bug #959903)
+ [buster] - ruby-doorkeeper <not-affected> (Vulnerable code not present)
+ [stretch] - ruby-doorkeeper <not-affected> (Vulnerable code not present)
NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6
NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9
+ NOTE: Introduced in https://github.com/doorkeeper-gem/doorkeeper/commit/4acc923dc77fa00928268136f54136d5a6a865dc (v5.0.0.rc1)
CVE-2020-10186
RESERVED
CVE-2020-10185 (The sync endpoint in YubiKey Validation Server before 2.40 allows remo ...)
@@ -8400,8 +49438,13 @@ CVE-2020-10179
RESERVED
CVE-2020-10178
REJECTED
-CVE-2020-10177
- RESERVED
+CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...)
+ {DLA-2317-1}
+ - pillow 7.2.0-1
+ [buster] - pillow 5.4.1-2+deb10u2
+ NOTE: https://github.com/python-pillow/Pillow/pull/4503
+ NOTE: https://github.com/python-pillow/Pillow/pull/4538
+ NOTE: Fixed in 6.2.3 and 7.1.0
CVE-2020-10176 (ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow E ...)
NOT-FOR-US: ASSA ABLOY Yale WIPC-301W
CVE-2020-10175
@@ -8462,32 +49505,32 @@ CVE-2020-10150
RESERVED
CVE-2020-10149
RESERVED
-CVE-2020-10148
- RESERVED
+CVE-2020-10148 (The SolarWinds Orion API is vulnerable to an authentication bypass tha ...)
+ NOT-FOR-US: SolarWinds
CVE-2020-10147
RESERVED
-CVE-2020-10146
- RESERVED
-CVE-2020-10145
- RESERVED
+CVE-2020-10146 (The Microsoft Teams online service contains a stored cross-site script ...)
+ NOT-FOR-US: Microsoft Teams
+CVE-2020-10145 (The Adobe ColdFusion installer fails to set a secure access-control li ...)
+ NOT-FOR-US: Adobe
CVE-2020-10144
RESERVED
-CVE-2020-10143
- RESERVED
+CVE-2020-10143 (Macrium Reflect includes an OpenSSL component that specifies an OPENSS ...)
+ NOT-FOR-US: Macrium Reflect
CVE-2020-10142
RESERVED
CVE-2020-10141
RESERVED
-CVE-2020-10140
- RESERVED
-CVE-2020-10139
- RESERVED
-CVE-2020-10138
- RESERVED
-CVE-2020-10137
- RESERVED
-CVE-2020-10136
- RESERVED
+CVE-2020-10140 (Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramDa ...)
+ NOT-FOR-US: Acronis
+CVE-2020-10139 (Acronis True Image 2021 includes an OpenSSL component that specifies a ...)
+ NOT-FOR-US: Acronis
+CVE-2020-10138 (Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL comp ...)
+ NOT-FOR-US: Acronis
+CVE-2020-10137 (Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do n ...)
+ NOT-FOR-US: Z-Wave devices
+CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...)
+ NOT-FOR-US: Cisco
CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...)
NOTE: Bluetooth protocol issue
CVE-2020-10134 (Pairing in Bluetooth&#174; Core v5.2 and earlier may permit an unauthe ...)
@@ -8506,14 +49549,14 @@ CVE-2020-10128
RESERVED
CVE-2020-10127
RESERVED
-CVE-2020-10126
- RESERVED
-CVE-2020-10125
- RESERVED
-CVE-2020-10124
- RESERVED
-CVE-2020-10123
- RESERVED
+CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate ...)
+ NOT-FOR-US: NCR SelfServ ATMs
+CVE-2020-10125 (NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 51 ...)
+ NOT-FOR-US: NCR SelfServ ATMs
+CVE-2020-10124 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authentic ...)
+ NOT-FOR-US: NCR SelfServ ATMs
+CVE-2020-10123 (The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 ...)
+ NOT-FOR-US: NCR SelfServ ATMs
CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to delete arbit ...)
NOT-FOR-US: cPanel
CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code execution ...)
@@ -8541,17 +49584,15 @@ CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Incons
CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information ...)
NOT-FOR-US: Citrix
CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
- {DLA-2145-1}
+ {DLA-2927-1 DLA-2145-1}
- twisted 18.9.0-7 (bug #953950)
[buster] - twisted <no-dsa> (Minor issue)
- [stretch] - twisted <no-dsa> (Minor issue)
NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...)
- {DLA-2145-1}
+ {DLA-2927-1 DLA-2145-1}
- twisted 18.9.0-7 (bug #953950)
[buster] - twisted <no-dsa> (Minor issue)
- [stretch] - twisted <no-dsa> (Minor issue)
NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281
CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)
@@ -8653,30 +49694,30 @@ CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scena
CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...)
- gitlab <not-affected> (Only affects Gitlab EE)
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
-CVE-2020-10072
- RESERVED
-CVE-2020-10071
- RESERVED
-CVE-2020-10070
- RESERVED
-CVE-2020-10069
- RESERVED
-CVE-2020-10068
- RESERVED
+CVE-2020-10072 (Improper Handling of Insufficient Permissions or Privileges in zephyr. ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of the len ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can result i ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-10069 (Zephyr Bluetooth unchecked packet data results in denial of service. Z ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate and back- ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...)
NOT-FOR-US: Zephyr, different from src:zephyr
-CVE-2020-10066
- RESERVED
-CVE-2020-10065
- RESERVED
-CVE-2020-10064
- RESERVED
-CVE-2020-10063
- RESERVED
-CVE-2020-10062
- RESERVED
-CVE-2020-10061
- RESERVED
+CVE-2020-10066 (Incorrect Error Handling in Bluetooth HCI core. Zephyr versions &gt;= ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-10065 (Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions &gt;= v ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-10064 (Improper Input Frame Validation in ieee802154 Processing. Zephyr versi ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP packets to ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length decoder c ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2020-10061 (Improper handling of the full-buffer case in the Zephyr Bluetooth impl ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, objects\[1] ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows for a m ...)
@@ -8685,46 +49726,46 @@ CVE-2020-10058 (Multiple syscalls in the Kscan subsystem perform insufficient ar
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...)
NOT-FOR-US: GeniXCMS
-CVE-2020-10056
- RESERVED
-CVE-2020-10055
- RESERVED
-CVE-2020-10054
- RESERVED
-CVE-2020-10053
- RESERVED
-CVE-2020-10052
- RESERVED
-CVE-2020-10051
- RESERVED
-CVE-2020-10050
- RESERVED
-CVE-2020-10049
- RESERVED
-CVE-2020-10048
- RESERVED
+CVE-2020-10056 (A vulnerability has been identified in License Management Utility (LMU ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...)
+ NOT-FOR-US: Desigo
+CVE-2020-10054 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10053 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10052 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10051 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10049 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10048 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...)
+ NOT-FOR-US: Siemens
CVE-2020-10047
RESERVED
CVE-2020-10046
RESERVED
-CVE-2020-10045
- RESERVED
-CVE-2020-10044
- RESERVED
-CVE-2020-10043
- RESERVED
-CVE-2020-10042
- RESERVED
-CVE-2020-10041
- RESERVED
-CVE-2020-10040
- RESERVED
-CVE-2020-10039
- RESERVED
-CVE-2020-10038
- RESERVED
-CVE-2020-10037
- RESERVED
+CVE-2020-10045 (A vulnerability has been identified in SICAM MMU (All versions &lt; V2 ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10044 (A vulnerability has been identified in SICAM MMU (All versions &lt; V2 ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10043 (A vulnerability has been identified in SICAM MMU (All versions &lt; V2 ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10042 (A vulnerability has been identified in SICAM MMU (All versions &lt; V2 ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10041 (A vulnerability has been identified in SICAM MMU (All versions &lt; V2 ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10040 (A vulnerability has been identified in SICAM MMU (All versions &lt; V2 ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10039 (A vulnerability has been identified in SICAM MMU (All versions &lt; V2 ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10038 (A vulnerability has been identified in SICAM MMU (All versions &lt; V2 ...)
+ NOT-FOR-US: Siemens
+CVE-2020-10037 (A vulnerability has been identified in SICAM MMU (All versions &lt; V2 ...)
+ NOT-FOR-US: Siemens
CVE-2020-10036
RESERVED
CVE-2020-10035
@@ -8750,451 +49791,540 @@ CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflo
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25487
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a
-CVE-2020-9999
- RESERVED
+CVE-2020-9999 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
CVE-2020-9998
RESERVED
-CVE-2020-9997
- RESERVED
-CVE-2020-9996
- RESERVED
-CVE-2020-9995
- RESERVED
-CVE-2020-9994
- RESERVED
-CVE-2020-9993
- RESERVED
-CVE-2020-9992
- RESERVED
-CVE-2020-9991
- RESERVED
-CVE-2020-9990
- RESERVED
-CVE-2020-9989
- RESERVED
-CVE-2020-9988
- RESERVED
-CVE-2020-9987
- RESERVED
-CVE-2020-9986
- RESERVED
-CVE-2020-9985
- RESERVED
-CVE-2020-9984
- RESERVED
-CVE-2020-9983
- RESERVED
-CVE-2020-9982
- RESERVED
-CVE-2020-9981
- RESERVED
-CVE-2020-9980
- RESERVED
-CVE-2020-9979
- RESERVED
-CVE-2020-9978
- RESERVED
-CVE-2020-9977
- RESERVED
-CVE-2020-9976
- RESERVED
-CVE-2020-9975
- RESERVED
-CVE-2020-9974
- RESERVED
-CVE-2020-9973
- RESERVED
-CVE-2020-9972
- RESERVED
-CVE-2020-9971
- RESERVED
+CVE-2020-9997 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2020-9996 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9995 (An issue existed in the parsing of URLs. This issue was addressed with ...)
+ NOT-FOR-US: Apple
+CVE-2020-9994 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2020-9993 (The issue was addressed with improved UI handling. This issue is fixed ...)
+ NOT-FOR-US: Apple
+CVE-2020-9992 (This issue was addressed by encrypting communications over the network ...)
+ NOT-FOR-US: Apple
+CVE-2020-9991 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: sqlite3 as used by Apple
+ NOTE: No details available due to typical Apple intransparency
+CVE-2020-9990 (A race condition was addressed with additional validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-9989 (The issue was addressed with improved deletion. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-9988 (The issue was addressed with improved deletion. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-9987 (An inconsistent user interface issue was addressed with improved state ...)
+ NOT-FOR-US: Apple
+CVE-2020-9986 (A file access issue existed with certain home folder files. This was a ...)
+ NOT-FOR-US: Apple
+CVE-2020-9985 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9984 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.30.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
+CVE-2020-9982 (This issue was addressed with improved checks to prevent unauthorized ...)
+ NOT-FOR-US: Apple
+CVE-2020-9981 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9979 (A trust issue was addressed by removing a legacy API. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9978 (This issue was addressed with improved setting propagation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-9977 (A validation issue existed in the entitlement verification. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-9976 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-9975 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9974 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-9973 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9972 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9971 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
CVE-2020-9970
RESERVED
-CVE-2020-9969
- RESERVED
-CVE-2020-9968
- RESERVED
-CVE-2020-9967
- RESERVED
-CVE-2020-9966
- RESERVED
-CVE-2020-9965
- RESERVED
-CVE-2020-9964
- RESERVED
-CVE-2020-9963
- RESERVED
-CVE-2020-9962
- RESERVED
-CVE-2020-9961
- RESERVED
-CVE-2020-9960
- RESERVED
-CVE-2020-9959
- RESERVED
-CVE-2020-9958
- RESERVED
+CVE-2020-9969 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9968 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9967 (Multiple memory corruption issues were addressed with improved input v ...)
+ NOT-FOR-US: Apple
+CVE-2020-9966 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9965 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9964 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
+CVE-2020-9963 (The issue was addressed with improved handling of icon caches. This is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9962 (A buffer overflow was addressed with improved size validation. This is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9961 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9960 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9959 (A lock screen issue allowed access to messages on a locked device. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9958 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
CVE-2020-9957
RESERVED
-CVE-2020-9956
- RESERVED
-CVE-2020-9955
- RESERVED
-CVE-2020-9954
- RESERVED
+CVE-2020-9956 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9955 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9954 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
CVE-2020-9953
RESERVED
-CVE-2020-9952
- RESERVED
-CVE-2020-9951
- RESERVED
-CVE-2020-9950
- RESERVED
-CVE-2020-9949
- RESERVED
-CVE-2020-9948
- RESERVED
-CVE-2020-9947
- RESERVED
-CVE-2020-9946
- RESERVED
-CVE-2020-9945
- RESERVED
-CVE-2020-9944
- RESERVED
-CVE-2020-9943
- RESERVED
-CVE-2020-9942
- RESERVED
-CVE-2020-9941
- RESERVED
-CVE-2020-9940
- RESERVED
-CVE-2020-9939
- RESERVED
-CVE-2020-9938
- RESERVED
-CVE-2020-9937
- RESERVED
-CVE-2020-9936
- RESERVED
-CVE-2020-9935
- RESERVED
-CVE-2020-9934
- RESERVED
-CVE-2020-9933
- RESERVED
-CVE-2020-9932
- RESERVED
-CVE-2020-9931
- RESERVED
-CVE-2020-9930
- RESERVED
-CVE-2020-9929
- RESERVED
-CVE-2020-9928
- RESERVED
-CVE-2020-9927
- RESERVED
-CVE-2020-9926
- RESERVED
-CVE-2020-9925
- RESERVED
-CVE-2020-9924
- RESERVED
-CVE-2020-9923
- RESERVED
-CVE-2020-9922
- RESERVED
-CVE-2020-9921
- RESERVED
-CVE-2020-9920
- RESERVED
-CVE-2020-9919
- RESERVED
-CVE-2020-9918
- RESERVED
-CVE-2020-9917
- RESERVED
-CVE-2020-9916
- RESERVED
-CVE-2020-9915
- RESERVED
-CVE-2020-9914
- RESERVED
-CVE-2020-9913
- RESERVED
-CVE-2020-9912
- RESERVED
-CVE-2020-9911
- RESERVED
-CVE-2020-9910
- RESERVED
-CVE-2020-9909
- RESERVED
-CVE-2020-9908
- RESERVED
-CVE-2020-9907
- RESERVED
-CVE-2020-9906
- RESERVED
-CVE-2020-9905
- RESERVED
-CVE-2020-9904
- RESERVED
-CVE-2020-9903
- RESERVED
-CVE-2020-9902
- RESERVED
-CVE-2020-9901
- RESERVED
-CVE-2020-9900
- RESERVED
-CVE-2020-9899
- RESERVED
-CVE-2020-9898
- RESERVED
-CVE-2020-9897
- RESERVED
+CVE-2020-9952 (An input validation issue was addressed with improved input validation ...)
+ {DSA-4739-1}
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
+CVE-2020-9951 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
+CVE-2020-9950 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9949 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9948 (A type confusion issue was addressed with improved memory handling. Th ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
+CVE-2020-9947 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2020-9946 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-9945 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
+ NOT-FOR-US: Apple
+CVE-2020-9944 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9943 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9942 (An inconsistent user interface issue was addressed with improved state ...)
+ NOT-FOR-US: Apple
+CVE-2020-9941 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-9940 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9939 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-9938 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9937 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9936 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9935 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-9934 (An issue existed in the handling of environment variables. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-9933 (An authorization issue was addressed with improved state management. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9932 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2020-9931 (A denial of service issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-9930 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9929 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9928 (Multiple memory corruption issues were addressed with improved memory ...)
+ NOT-FOR-US: Apple
+CVE-2020-9927 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-9926 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9925 (A logic issue was addressed with improved state management. This issue ...)
+ {DSA-4739-1}
+ - webkit2gtk 2.28.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
+CVE-2020-9924 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-9923 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9922 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-9921 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9920 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2020-9919 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9918 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9917 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-9916 (A URL Unicode encoding issue was addressed with improved state managem ...)
+ NOT-FOR-US: Apple
+CVE-2020-9915 (An access issue existed in Content Security Policy. This issue was add ...)
+ {DSA-4739-1}
+ - webkit2gtk 2.28.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
+CVE-2020-9914 (An input validation issue existed in Bluetooth. This issue was address ...)
+ NOT-FOR-US: Apple
+CVE-2020-9913 (This issue was addressed with improved data protection. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9912 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Safari
+CVE-2020-9911 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Safari
+CVE-2020-9910 (Multiple issues were addressed with improved logic. This issue is fixe ...)
+ NOT-FOR-US: Safari
+CVE-2020-9909 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9908 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9907 (A memory corruption issue was addressed by removing the vulnerable cod ...)
+ NOT-FOR-US: Apple
+CVE-2020-9906 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-9905 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9904 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2020-9903 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Safari
+CVE-2020-9902 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9901 (An issue existed within the path validation logic for symlinks. This i ...)
+ NOT-FOR-US: Apple
+CVE-2020-9900 (An issue existed within the path validation logic for symlinks. This i ...)
+ NOT-FOR-US: Apple
+CVE-2020-9899 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-9898 (This issue was addressed with improved entitlements. This issue is fix ...)
+ NOT-FOR-US: Apple
+CVE-2020-9897 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
CVE-2020-9896
RESERVED
-CVE-2020-9895
- RESERVED
-CVE-2020-9894
- RESERVED
-CVE-2020-9893
- RESERVED
-CVE-2020-9892
- RESERVED
-CVE-2020-9891
- RESERVED
-CVE-2020-9890
- RESERVED
-CVE-2020-9889
- RESERVED
-CVE-2020-9888
- RESERVED
-CVE-2020-9887
- RESERVED
+CVE-2020-9895 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4739-1}
+ - webkit2gtk 2.28.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
+CVE-2020-9894 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ {DSA-4739-1}
+ - webkit2gtk 2.28.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
+CVE-2020-9893 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4739-1}
+ - webkit2gtk 2.28.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
+CVE-2020-9892 (Multiple memory corruption issues were addressed with improved state m ...)
+ NOT-FOR-US: Apple
+CVE-2020-9891 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9890 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9889 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9888 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9887 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
CVE-2020-9886
RESERVED
-CVE-2020-9885
- RESERVED
-CVE-2020-9884
- RESERVED
-CVE-2020-9883
- RESERVED
-CVE-2020-9882
- RESERVED
-CVE-2020-9881
- RESERVED
-CVE-2020-9880
- RESERVED
-CVE-2020-9879
- RESERVED
-CVE-2020-9878
- RESERVED
-CVE-2020-9877
- RESERVED
-CVE-2020-9876
- RESERVED
-CVE-2020-9875
- RESERVED
-CVE-2020-9874
- RESERVED
-CVE-2020-9873
- RESERVED
-CVE-2020-9872
- RESERVED
-CVE-2020-9871
- RESERVED
-CVE-2020-9870
- RESERVED
-CVE-2020-9869
- RESERVED
-CVE-2020-9868
- RESERVED
+CVE-2020-9885 (An issue existed in the handling of iMessage tapbacks. The issue was r ...)
+ NOT-FOR-US: Apple
+CVE-2020-9884 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9883 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9882 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9881 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9880 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9879 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9878 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9876 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9875 (An integer overflow was addressed through improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9874 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9873 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9872 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9871 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9870 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9869 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9868 (A certificate validation issue existed when processing administrator a ...)
+ NOT-FOR-US: Apple
CVE-2020-9867
RESERVED
-CVE-2020-9866
- RESERVED
-CVE-2020-9865
- RESERVED
-CVE-2020-9864
- RESERVED
-CVE-2020-9863
- RESERVED
-CVE-2020-9862
- RESERVED
-CVE-2020-9861
- RESERVED
-CVE-2020-9860
- RESERVED
-CVE-2020-9859
- RESERVED
-CVE-2020-9858
- RESERVED
-CVE-2020-9857
- RESERVED
-CVE-2020-9856
- RESERVED
-CVE-2020-9855
- RESERVED
-CVE-2020-9854
- RESERVED
-CVE-2020-9853
- RESERVED
-CVE-2020-9852
- RESERVED
-CVE-2020-9851
- RESERVED
-CVE-2020-9850
- RESERVED
-CVE-2020-9849
- RESERVED
-CVE-2020-9848
- RESERVED
-CVE-2020-9847
- RESERVED
+CVE-2020-9866 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9865 (A memory corruption issue was addressed by removing the vulnerable cod ...)
+ NOT-FOR-US: Apple
+CVE-2020-9864 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9863 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
+CVE-2020-9862 (A command injection issue existed in Web Inspector. This issue was add ...)
+ {DSA-4739-1}
+ - webkit2gtk 2.28.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
+CVE-2020-9861 (A stack overflow issue existed in Swift for Linux. The issue was addre ...)
+ NOT-FOR-US: Swift (different from src:swift)
+CVE-2020-9860 (A custom URL scheme handling issue was addressed with improved input v ...)
+ NOT-FOR-US: Apple
+CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...)
+ NOT-FOR-US: Apple
+CVE-2020-9858 (A dynamic library loading issue was addressed with improved path searc ...)
+ NOT-FOR-US: Apple
+CVE-2020-9857 (An issue existed in the parsing of URLs. This issue was addressed with ...)
+ NOT-FOR-US: Safari
+CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...)
+ NOT-FOR-US: Apple
+CVE-2020-9854 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9853 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2020-9852 (An integer overflow was addressed through improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9851 (An access issue was addressed with improved access restrictions. This ...)
+ NOT-FOR-US: Apple
+CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4724-1}
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
+CVE-2020-9849 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: sqlite3 as used by Apple
+ NOTE: No details available due to typical Apple intransparency
+CVE-2020-9848 (An authorization issue was addressed with improved state management. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
CVE-2020-9846
RESERVED
CVE-2020-9845
RESERVED
-CVE-2020-9844
- RESERVED
-CVE-2020-9843
- RESERVED
-CVE-2020-9842
- RESERVED
-CVE-2020-9841
- RESERVED
+CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9843 (An input validation issue was addressed with improved input validation ...)
+ {DSA-4724-1}
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
+CVE-2020-9842 (An entitlement parsing issue was addressed with improved parsing. This ...)
+ NOT-FOR-US: Apple
+CVE-2020-9841 (An integer overflow was addressed through improved input validation. T ...)
+ NOT-FOR-US: Apple
CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...)
NOT-FOR-US: SwiftNIO Extras
-CVE-2020-9839
- RESERVED
-CVE-2020-9838
- RESERVED
-CVE-2020-9837
- RESERVED
+CVE-2020-9839 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2020-9838 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9837 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
CVE-2020-9836
RESERVED
-CVE-2020-9835
- RESERVED
-CVE-2020-9834
- RESERVED
-CVE-2020-9833
- RESERVED
-CVE-2020-9832
- RESERVED
-CVE-2020-9831
- RESERVED
-CVE-2020-9830
- RESERVED
-CVE-2020-9829
- RESERVED
-CVE-2020-9828
- RESERVED
-CVE-2020-9827
- RESERVED
-CVE-2020-9826
- RESERVED
-CVE-2020-9825
- RESERVED
-CVE-2020-9824
- RESERVED
-CVE-2020-9823
- RESERVED
-CVE-2020-9822
- RESERVED
-CVE-2020-9821
- RESERVED
-CVE-2020-9820
- RESERVED
-CVE-2020-9819
- RESERVED
-CVE-2020-9818
- RESERVED
-CVE-2020-9817
- RESERVED
-CVE-2020-9816
- RESERVED
-CVE-2020-9815
- RESERVED
-CVE-2020-9814
- RESERVED
-CVE-2020-9813
- RESERVED
-CVE-2020-9812
- RESERVED
-CVE-2020-9811
- RESERVED
-CVE-2020-9810
- RESERVED
-CVE-2020-9809
- RESERVED
-CVE-2020-9808
- RESERVED
-CVE-2020-9807
- RESERVED
-CVE-2020-9806
- RESERVED
-CVE-2020-9805
- RESERVED
-CVE-2020-9804
- RESERVED
-CVE-2020-9803
- RESERVED
-CVE-2020-9802
- RESERVED
-CVE-2020-9801
- RESERVED
-CVE-2020-9800
- RESERVED
-CVE-2020-9799
- RESERVED
+CVE-2020-9835 (An issue existed in the pausing of FaceTime video. The issue was resol ...)
+ NOT-FOR-US: Apple
+CVE-2020-9834 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-9833 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
+CVE-2020-9832 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9830 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2020-9829 (A validation issue was addressed with improved input sanitization. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9828 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9827 (A denial of service issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-9826 (A denial of service issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-9825 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9824 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9823 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-9822 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9821 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2020-9820 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9819 (A memory consumption issue was addressed with improved memory handling ...)
+ NOT-FOR-US: Apple
+CVE-2020-9818 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9817 (A permissions issue existed. This issue was addressed with improved pe ...)
+ NOT-FOR-US: Apple
+CVE-2020-9816 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9815 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9814 (A logic issue existed resulting in memory corruption. This was address ...)
+ NOT-FOR-US: Apple
+CVE-2020-9813 (A logic issue existed resulting in memory corruption. This was address ...)
+ NOT-FOR-US: Apple
+CVE-2020-9812 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2020-9811 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2020-9810 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9809 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...)
+ {DSA-4724-1}
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
+CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...)
+ {DSA-4724-1}
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
+CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4724-1}
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
+CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...)
+ {DSA-4724-1}
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
+CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4724-1}
+ - webkit2gtk 2.28.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
+ - wpewebkit 2.28.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
+CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9799 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
CVE-2020-9798
RESERVED
-CVE-2020-9797
- RESERVED
-CVE-2020-9796
- RESERVED
-CVE-2020-9795
- RESERVED
-CVE-2020-9794 [unknown input leads to a memory corruption vulnerability]
- RESERVED
- - sqlite3 <undetermined>
- NOTE: https://vuldb.com/?id.155768
- TODO: Try to get more information, as usual Apple advisories are too unspecific
-CVE-2020-9793
- RESERVED
-CVE-2020-9792
- RESERVED
-CVE-2020-9791
- RESERVED
-CVE-2020-9790
- RESERVED
-CVE-2020-9789
- RESERVED
-CVE-2020-9788
- RESERVED
-CVE-2020-9787
- RESERVED
-CVE-2020-9786
- RESERVED
+CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...)
+ NOT-FOR-US: Apple
+CVE-2020-9796 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2020-9795 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: sqlite3 as used by Apple
+ NOTE: No details available due to typical Apple intransparency
+CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9791 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9790 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9788 (A validation issue was addressed with improved input sanitization. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9787 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9786 (This issue was addressed with improved checks This issue is fixed in m ...)
+ NOT-FOR-US: Apple
CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...)
NOT-FOR-US: Apple
CVE-2020-9784 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple Safari
CVE-2020-9783 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
-CVE-2020-9782
- RESERVED
+CVE-2020-9782 (A parsing issue in the handling of directory paths was addressed with ...)
+ NOT-FOR-US: Apple
CVE-2020-9781 (The issue was addressed by clearing website permission prompts after n ...)
NOT-FOR-US: Apple
CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...)
NOT-FOR-US: Apple
-CVE-2020-9779
- RESERVED
+CVE-2020-9779 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
CVE-2020-9778
RESERVED
CVE-2020-9777 (An issue existed in the selection of video file by Mail. The issue was ...)
@@ -9203,22 +50333,22 @@ CVE-2020-9776 (This issue was addressed with a new entitlement. This issue is fi
NOT-FOR-US: Apple
CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in picture ...)
NOT-FOR-US: Apple
-CVE-2020-9774
- RESERVED
+CVE-2020-9774 (An issue existed with Siri Suggestions access to encrypted data. The i ...)
+ NOT-FOR-US: Apple
CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...)
NOT-FOR-US: Apple
-CVE-2020-9772
- RESERVED
-CVE-2020-9771
- RESERVED
+CVE-2020-9772 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9771 (This issue was addressed with a new entitlement. This issue is fixed i ...)
+ NOT-FOR-US: Apple
CVE-2020-9770 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. This i ...)
NOT-FOR-US: Apple
CVE-2020-9768 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
-CVE-2020-9767
- RESERVED
+CVE-2020-9767 (A vulnerability related to Dynamic-link Library (&#8220;DLL&#8221;) lo ...)
+ NOT-FOR-US: Zoom
CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...)
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...)
@@ -9246,40 +50376,43 @@ CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which ar
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0003.html
-CVE-2020-10017
- RESERVED
-CVE-2020-10016
- RESERVED
-CVE-2020-10015
- RESERVED
-CVE-2020-10014
- RESERVED
-CVE-2020-10013
- RESERVED
-CVE-2020-10012
- RESERVED
-CVE-2020-10011
- RESERVED
-CVE-2020-10010
- RESERVED
-CVE-2020-10009
- RESERVED
-CVE-2020-10008
- RESERVED
-CVE-2020-10007
- RESERVED
-CVE-2020-10006
- RESERVED
-CVE-2020-10005
- RESERVED
-CVE-2020-10004
- RESERVED
-CVE-2020-10003
- RESERVED
-CVE-2020-10002
- RESERVED
-CVE-2020-10001
- RESERVED
+CVE-2020-10017 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-10016 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2020-10015 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-10014 (A parsing issue in the handling of directory paths was addressed with ...)
+ NOT-FOR-US: Apple
+CVE-2020-10013 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-10012 (An access issue was addressed with improved access restrictions. This ...)
+ NOT-FOR-US: Apple
+CVE-2020-10011 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-10010 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2020-10009 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-10008 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-10007 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-10006 (This issue was addressed with improved entitlements. This issue is fix ...)
+ NOT-FOR-US: Apple
+CVE-2020-10005 (A resource exhaustion issue was addressed with improved input validati ...)
+ NOT-FOR-US: Apple
+CVE-2020-10004 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-10003 (An issue existed within the path validation logic for symlinks. This i ...)
+ NOT-FOR-US: Apple
+CVE-2020-10002 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-10001 (An input validation issue was addressed with improved memory handling. ...)
+ {DLA-2800-1}
+ - cups 2.3.3op2-1
+ [buster] - cups <no-dsa> (Minor issue)
+ NOTE: https://github.com/OpenPrinting/cups/commit/efbea1742bd30f842fbbfb87a473e5c84f4162f9 (v2.3.3op2)
CVE-2020-10000
RESERVED
CVE-2020-9766
@@ -9295,16 +50428,14 @@ CVE-2020-9762
CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...)
NOT-FOR-US: UNCTAD ASYCUDA World
CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affe ...)
- {DLA-2157-1}
+ {DLA-2770-1 DLA-2157-1}
- weechat 2.7.1-1
[buster] - weechat <no-dsa> (Minor issue)
- [stretch] - weechat <no-dsa> (Minor issue)
NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d
-CVE-2020-9759 (An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affe ...)
- {DLA-2157-1}
+CVE-2020-9759 (A Vulnerability of LG Electronic web OS TV Emulator could allow an att ...)
+ {DLA-2770-1 DLA-2157-1}
- weechat 2.7.1-1
[buster] - weechat <no-dsa> (Minor issue)
- [stretch] - weechat <no-dsa> (Minor issue)
NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e
CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...)
NOT-FOR-US: LiveZilla Live Chat
@@ -9322,402 +50453,402 @@ CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move
NOT-FOR-US: Naver Cloud Explorer
CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an ...)
NOT-FOR-US: Naver Cloud Explorer
-CVE-2020-9750
- RESERVED
-CVE-2020-9749
- RESERVED
-CVE-2020-9748
- RESERVED
-CVE-2020-9747
- RESERVED
-CVE-2020-9746
- RESERVED
-CVE-2020-9745
- RESERVED
-CVE-2020-9744
- RESERVED
-CVE-2020-9743
- RESERVED
-CVE-2020-9742
- RESERVED
-CVE-2020-9741
- RESERVED
-CVE-2020-9740
- RESERVED
-CVE-2020-9739
- RESERVED
-CVE-2020-9738
- RESERVED
-CVE-2020-9737
- RESERVED
-CVE-2020-9736
- RESERVED
-CVE-2020-9735
- RESERVED
-CVE-2020-9734
- RESERVED
-CVE-2020-9733
- RESERVED
-CVE-2020-9732
- RESERVED
-CVE-2020-9731
- RESERVED
-CVE-2020-9730
- RESERVED
-CVE-2020-9729
- RESERVED
-CVE-2020-9728
- RESERVED
-CVE-2020-9727
- RESERVED
-CVE-2020-9726
- RESERVED
-CVE-2020-9725
- RESERVED
-CVE-2020-9724
- RESERVED
-CVE-2020-9723
- RESERVED
-CVE-2020-9722
- RESERVED
-CVE-2020-9721
- RESERVED
-CVE-2020-9720
- RESERVED
-CVE-2020-9719
- RESERVED
-CVE-2020-9718
- RESERVED
-CVE-2020-9717
- RESERVED
-CVE-2020-9716
- RESERVED
-CVE-2020-9715
- RESERVED
-CVE-2020-9714
- RESERVED
+CVE-2020-9750 (Adobe Animate version 20.5 (and earlier) is affected by an out-of-boun ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9749 (Adobe Animate version 20.5 (and earlier) is affected by an out-of-boun ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9748 (Adobe Animate version 20.5 (and earlier) is affected by a stack overfl ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9747 (Adobe Animate version 20.5 (and earlier) is affected by a double free ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9746 (Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an ...)
+ NOT-FOR-US: Adobe Flash Plugin
+CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9744 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9743 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
+ NOT-FOR-US: Adobe AEM
+CVE-2020-9742 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and ...)
+ NOT-FOR-US: Adobe AEM
+CVE-2020-9741 (The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and ...)
+ NOT-FOR-US: Adobe AEM
+CVE-2020-9740 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
+ NOT-FOR-US: Adobe AEM
+CVE-2020-9739 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9738 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
+ NOT-FOR-US: Adobe AEM
+CVE-2020-9737 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
+ NOT-FOR-US: Adobe AEM
+CVE-2020-9736 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
+ NOT-FOR-US: Adobe AEM
+CVE-2020-9735 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
+ NOT-FOR-US: Adobe AEM
+CVE-2020-9734 (The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and ...)
+ NOT-FOR-US: Adobe AEM
+CVE-2020-9733 (An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (a ...)
+ NOT-FOR-US: Adobe AEM
+CVE-2020-9732 (The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and ...)
+ NOT-FOR-US: Adobe AEM
+CVE-2020-9731 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9730 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9729 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9728 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9727 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9726 (Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9725 (Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9724 (Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9723 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9722 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9721 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9720 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9719 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9718 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9717 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9716 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9715 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9714 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
CVE-2020-9713
RESERVED
-CVE-2020-9712
- RESERVED
+CVE-2020-9712 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
CVE-2020-9711
RESERVED
-CVE-2020-9710
- RESERVED
+CVE-2020-9710 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
CVE-2020-9709
RESERVED
-CVE-2020-9708
- RESERVED
-CVE-2020-9707
- RESERVED
-CVE-2020-9706
- RESERVED
-CVE-2020-9705
- RESERVED
-CVE-2020-9704
- RESERVED
-CVE-2020-9703
- RESERVED
-CVE-2020-9702
- RESERVED
-CVE-2020-9701
- RESERVED
-CVE-2020-9700
- RESERVED
-CVE-2020-9699
- RESERVED
-CVE-2020-9698
- RESERVED
-CVE-2020-9697
- RESERVED
-CVE-2020-9696
- RESERVED
+CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9707 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9706 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9705 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9704 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9703 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9702 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9701 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9700 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9699 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9698 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9697 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9696 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
CVE-2020-9695
RESERVED
-CVE-2020-9694
- RESERVED
-CVE-2020-9693
- RESERVED
-CVE-2020-9692
- RESERVED
-CVE-2020-9691
- RESERVED
-CVE-2020-9690
- RESERVED
-CVE-2020-9689
- RESERVED
-CVE-2020-9688
- RESERVED
-CVE-2020-9687
- RESERVED
-CVE-2020-9686
- RESERVED
-CVE-2020-9685
- RESERVED
-CVE-2020-9684
- RESERVED
-CVE-2020-9683
- RESERVED
-CVE-2020-9682
- RESERVED
-CVE-2020-9681
- RESERVED
-CVE-2020-9680
- RESERVED
-CVE-2020-9679
- RESERVED
-CVE-2020-9678
- RESERVED
-CVE-2020-9677
- RESERVED
-CVE-2020-9676
- RESERVED
-CVE-2020-9675
- RESERVED
-CVE-2020-9674
- RESERVED
-CVE-2020-9673
- RESERVED
-CVE-2020-9672
- RESERVED
-CVE-2020-9671
- RESERVED
-CVE-2020-9670
- RESERVED
-CVE-2020-9669
- RESERVED
-CVE-2020-9668
- RESERVED
-CVE-2020-9667
- RESERVED
-CVE-2020-9666
- RESERVED
-CVE-2020-9665
- RESERVED
-CVE-2020-9664
- RESERVED
-CVE-2020-9663
- RESERVED
-CVE-2020-9662
- RESERVED
-CVE-2020-9661
- RESERVED
-CVE-2020-9660
- RESERVED
-CVE-2020-9659
- RESERVED
-CVE-2020-9658
- RESERVED
-CVE-2020-9657
- RESERVED
-CVE-2020-9656
- RESERVED
-CVE-2020-9655
- RESERVED
-CVE-2020-9654
- RESERVED
-CVE-2020-9653
- RESERVED
-CVE-2020-9652
- RESERVED
-CVE-2020-9651
- RESERVED
-CVE-2020-9650
- RESERVED
-CVE-2020-9649
- RESERVED
-CVE-2020-9648
- RESERVED
-CVE-2020-9647
- RESERVED
-CVE-2020-9646
- RESERVED
-CVE-2020-9645
- RESERVED
-CVE-2020-9644
- RESERVED
-CVE-2020-9643
- RESERVED
-CVE-2020-9642
- RESERVED
-CVE-2020-9641
- RESERVED
-CVE-2020-9640
- RESERVED
-CVE-2020-9639
- RESERVED
-CVE-2020-9638
- RESERVED
-CVE-2020-9637
- RESERVED
-CVE-2020-9636
- RESERVED
-CVE-2020-9635
- RESERVED
-CVE-2020-9634
- RESERVED
-CVE-2020-9633
- RESERVED
-CVE-2020-9632
- RESERVED
-CVE-2020-9631
- RESERVED
-CVE-2020-9630
- RESERVED
-CVE-2020-9629
- RESERVED
-CVE-2020-9628
- RESERVED
-CVE-2020-9627
- RESERVED
-CVE-2020-9626
- RESERVED
-CVE-2020-9625
- RESERVED
-CVE-2020-9624
- RESERVED
-CVE-2020-9623
- RESERVED
-CVE-2020-9622
- RESERVED
-CVE-2020-9621
- RESERVED
-CVE-2020-9620
- RESERVED
+CVE-2020-9694 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9693 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9692 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
+ NOT-FOR-US: Magento
+CVE-2020-9691 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
+ NOT-FOR-US: Magento
+CVE-2020-9690 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
+ NOT-FOR-US: Magento
+CVE-2020-9689 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...)
+ NOT-FOR-US: Magento
+CVE-2020-9688 (Adobe Download Manager version 2.0.0.518 have a command injection vuln ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9687 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9686 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9685 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9684 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9683 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9682 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9681 (Adobe Genuine Service version 6.6 (and earlier) is affected by an Unco ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9680 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vul ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9679 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vuln ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9678 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vul ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9677 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vuln ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9676 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write v ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9675 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vu ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9674 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write v ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9673 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9672 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9671 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9670 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9669 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9668 (Adobe Genuine Service version 6.6 (and earlier) is affected by an Impr ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9667 (Adobe Genuine Service version 6.6 (and earlier) is affected by an Unco ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9666 (Adobe Campaign Classic before 20.2 have an out-of-bounds read vulnerab ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9665 (Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a ...)
+ NOT-FOR-US: Magento
+CVE-2020-9664 (Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a ...)
+ NOT-FOR-US: Magento
+CVE-2020-9663 (Adobe Reader Mobile versions 20.0.1 and earlier have a directory trave ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9662 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds wr ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9661 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds re ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9660 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds wr ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9659 (Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9658 (Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9657 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9656 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9655 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9654 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds wri ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9653 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds wri ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9652 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds rea ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9650 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9649 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds re ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9646 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind server- ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9643 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9642 (Adobe Illustrator versions 24.1.2 and earlier have a buffer errors vul ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9641 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9640 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9639 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9638 (Adobe After Effects versions 17.1 and earlier have a heap overflow vul ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9637 (Adobe After Effects versions 17.1 and earlier have a heap overflow vul ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9636 (Adobe Framemaker versions 2019.0.5 and below have a memory corruption ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9635 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9634 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9633 (Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9632 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9631 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9630 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9629 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9628 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9627 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9626 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9625 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9624 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9623 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9622 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9621 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9620 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
+ NOT-FOR-US: Adobe
CVE-2020-9619
RESERVED
-CVE-2020-9618
- RESERVED
-CVE-2020-9617
- RESERVED
-CVE-2020-9616
- RESERVED
-CVE-2020-9615
- RESERVED
-CVE-2020-9614
- RESERVED
-CVE-2020-9613
- RESERVED
-CVE-2020-9612
- RESERVED
-CVE-2020-9611
- RESERVED
-CVE-2020-9610
- RESERVED
-CVE-2020-9609
- RESERVED
-CVE-2020-9608
- RESERVED
-CVE-2020-9607
- RESERVED
-CVE-2020-9606
- RESERVED
-CVE-2020-9605
- RESERVED
-CVE-2020-9604
- RESERVED
-CVE-2020-9603
- RESERVED
-CVE-2020-9602
- RESERVED
-CVE-2020-9601
- RESERVED
-CVE-2020-9600
- RESERVED
-CVE-2020-9599
- RESERVED
-CVE-2020-9598
- RESERVED
-CVE-2020-9597
- RESERVED
-CVE-2020-9596
- RESERVED
-CVE-2020-9595
- RESERVED
-CVE-2020-9594
- RESERVED
-CVE-2020-9593
- RESERVED
-CVE-2020-9592
- RESERVED
-CVE-2020-9591
- RESERVED
-CVE-2020-9590
- RESERVED
-CVE-2020-9589
- RESERVED
-CVE-2020-9588
- RESERVED
-CVE-2020-9587
- RESERVED
-CVE-2020-9586
- RESERVED
-CVE-2020-9585
- RESERVED
-CVE-2020-9584
- RESERVED
-CVE-2020-9583
- RESERVED
-CVE-2020-9582
- RESERVED
-CVE-2020-9581
- RESERVED
-CVE-2020-9580
- RESERVED
-CVE-2020-9579
- RESERVED
-CVE-2020-9578
- RESERVED
-CVE-2020-9577
- RESERVED
-CVE-2020-9576
- RESERVED
-CVE-2020-9575
- RESERVED
-CVE-2020-9574
- RESERVED
-CVE-2020-9573
- RESERVED
-CVE-2020-9572
- RESERVED
-CVE-2020-9571
- RESERVED
-CVE-2020-9570
- RESERVED
-CVE-2020-9569
- RESERVED
-CVE-2020-9568
- RESERVED
-CVE-2020-9567
- RESERVED
-CVE-2020-9566
- RESERVED
-CVE-2020-9565
- RESERVED
-CVE-2020-9564
- RESERVED
-CVE-2020-9563
- RESERVED
-CVE-2020-9562
- RESERVED
-CVE-2020-9561
- RESERVED
-CVE-2020-9560
- RESERVED
-CVE-2020-9559
- RESERVED
-CVE-2020-9558
- RESERVED
-CVE-2020-9557
- RESERVED
-CVE-2020-9556
- RESERVED
-CVE-2020-9555
- RESERVED
-CVE-2020-9554
- RESERVED
-CVE-2020-9553
- RESERVED
+CVE-2020-9618 (Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9617 (Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds r ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9616 (Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds rea ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9615 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9614 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9613 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9612 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9611 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9610 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9609 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9608 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9607 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9606 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9605 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9604 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9603 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9602 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9601 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9600 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9599 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9598 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9597 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9596 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9595 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9594 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9593 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9592 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9591 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9590 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9589 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9588 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9587 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9586 (Adobe Character Animator versions 3.2 and earlier have a buffer overfl ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9585 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9584 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9583 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9582 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9581 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9580 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9579 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9578 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9577 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9576 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...)
+ NOT-FOR-US: Magento
+CVE-2020-9575 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9574 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9573 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9572 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9571 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9570 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9569 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9568 (Adobe Bridge versions 10.0.1 and earlier version have a memory corrupt ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9567 (Adobe Bridge versions 10.0.1 and earlier version have an use after fre ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9566 (Adobe Bridge versions 10.0.1 and earlier version have an use after fre ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9565 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9564 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9563 (Adobe Bridge versions 10.0.1 and earlier version have a heap overflow ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9562 (Adobe Bridge versions 10.0.1 and earlier version have a heap overflow ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9561 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9560 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9559 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9558 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9557 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9556 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9555 (Adobe Bridge versions 10.0.1 and earlier version have a stack-based bu ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9554 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9553 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
CVE-2020-9552 (Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerabi ...)
NOT-FOR-US: Adobe
CVE-2020-9551 (Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. ...)
@@ -9731,25 +50862,25 @@ CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-o
NOTE: Crash in CLI tool, no security impact
CVE-2020-9548 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2135-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2634
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-9547 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2135-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2634
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
{DLA-2135-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2631
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -9789,22 +50920,22 @@ CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices.
NOT-FOR-US: Xiaomi
CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The ...)
NOT-FOR-US: Xiaomi
-CVE-2020-9529
- RESERVED
-CVE-2020-9528
- RESERVED
-CVE-2020-9527
- RESERVED
-CVE-2020-9526
- RESERVED
-CVE-2020-9525
- RESERVED
+CVE-2020-9529 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...)
+ NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology
+CVE-2020-9528 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...)
+ NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology
+CVE-2020-9527 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...)
+ NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology
+CVE-2020-9526 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...)
+ NOT-FOR-US: CS2 Network P2P
+CVE-2020-9525 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...)
+ NOT-FOR-US: CS2 Network P2P
CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Server an ...)
NOT-FOR-US: Micro Focus
CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...)
NOT-FOR-US: Micro Focus
-CVE-2020-9522
- RESERVED
+CVE-2020-9522 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enter ...)
+ NOT-FOR-US: Micro Focus
CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus Service M ...)
NOT-FOR-US: Micro Focus
CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...)
@@ -9851,52 +50982,74 @@ CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. Af
NOT-FOR-US: Dahua
CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...)
NOT-FOR-US: Dahua
-CVE-2020-9498
- RESERVED
-CVE-2020-9497
- RESERVED
-CVE-2020-9496
- RESERVED
-CVE-2020-9495
- RESERVED
-CVE-2020-9494
- RESERVED
-CVE-2020-9493
- RESERVED
-CVE-2020-9492
- RESERVED
-CVE-2020-9491
- RESERVED
-CVE-2020-9490
- RESERVED
+CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved inpro ...)
+ {DLA-2435-1}
+ - guacamole-server 1.3.0-1 (bug #964195)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/3
+ NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/
+ NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb
+CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...)
+ {DLA-2435-1}
+ - guacamole-server 1.3.0-1 (bug #964195)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2
+ NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/
+ NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb
+CVE-2020-9496 (XML-RPC request are vulnerable to unsafe deserialization and Cross-Sit ...)
+ NOT-FOR-US: Apache OFBiz
+CVE-2020-9495 (Apache Archiva login service before 2.2.5 is vulnerable to LDAP inject ...)
+ NOT-FOR-US: Apache Archiva
+CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8. ...)
+ {DSA-4710-1}
+ - trafficserver 8.0.8+ds-1 (bug #963629)
+ NOTE: https://github.com/apache/trafficserver/pull/6922
+CVE-2020-9493 (A deserialization flaw was found in Apache Chainsaw versions prior to ...)
+ NOT-FOR-US: Apache Chainsaw
+CVE-2020-9492 (In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alph ...)
+ - hadoop <itp> (bug #793644)
+CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by ...)
+ NOT-FOR-US: Apache NiFi
+CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted valu ...)
+ {DSA-4757-1}
+ - apache2 2.4.46-1
+ [stretch] - apache2 <ignored> (Too intrusive to backport)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490
+ NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/4
+ NOTE: https://svn.apache.org/r1880396
+ NOTE: https://github.com/apache/httpd/commit/a61223e9cb906110f35ec144b93fee9eb80ad6e4
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2030
CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in Tika' ...)
- - tika <unfixed>
+ - tika <unfixed> (bug #984666)
+ [bullseye] - tika <no-dsa> (Minor issue)
+ [buster] - tika <no-dsa> (Minor issue)
[jessie] - tika <ignored> (the fix is too invasive to backport)
NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1
CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j ...)
- - apache-log4j2 <unfixed> (bug #959450)
+ {DLA-2852-1}
+ - apache-log4j2 2.13.3-1 (bug #959450)
+ [buster] - apache-log4j2 2.15.0-1~deb10u1
[jessie] - apache-log4j2 <no-dsa> (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1
NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819
NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b (release-2.x)
NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb (master)
-CVE-2020-9487
- RESERVED
-CVE-2020-9486
- RESERVED
-CVE-2020-9485
- RESERVED
+CVE-2020-9487 (In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time pass ...)
+ NOT-FOR-US: Apache NiFi
+CVE-2020-9486 (In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine p ...)
+ NOT-FOR-US: Apache NiFi
+CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and below. A sto ...)
+ - airflow <itp> (bug #819700)
CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...)
- {DLA-2217-1 DLA-2209-1}
+ {DSA-4727-1 DLA-2279-1 DLA-2217-1 DLA-2209-1}
- tomcat9 9.0.35-1 (bug #961209)
- tomcat8 <removed>
- tomcat7 <removed>
+ [stretch] - tomcat7 <ignored> (No components in libservlet3.0-java binary package are affected)
NOTE: https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b (10.0.0-M5)
NOTE: https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222 (9.0.35)
NOTE: https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f (8.5.55)
NOTE: https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06 (7.0.104)
-CVE-2020-9483
- RESERVED
+CVE-2020-9483 (**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the ...)
+ NOT-FOR-US: Apache SkyWalking
CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other ...)
NOT-FOR-US: Apache NiFi
CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulne ...)
@@ -9904,10 +51057,10 @@ CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is
- trafficserver 8.0.7+ds-1
NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E
NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c
-CVE-2020-9480
- RESERVED
-CVE-2020-9479
- RESERVED
+CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...)
+ - apache-spark <itp> (bug #802194)
+CVE-2020-9479 (When loading a UDF, a specially crafted zip file could allow files to ...)
+ NOT-FOR-US: Apache AsterixDB
CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection ...)
NOT-FOR-US: Rubrik
CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...)
@@ -9940,8 +51093,8 @@ CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP
NOT-FOR-US: BECKHOFF Ethernet TCP/IP Bus Coupler BK9000
CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary ...)
- centreon-web <itp> (bug #913903)
-CVE-2020-9462
- RESERVED
+CVE-2020-9462 (An issue was discovered in all Athom Homey and Homey Pro devices up to ...)
+ NOT-FOR-US: Athom
CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated us ...)
NOT-FOR-US: Octech Oempro
CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The ...)
@@ -9958,14 +51111,14 @@ CVE-2020-9455 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows
NOT-FOR-US: RegistrationMagic plugin for WordPress
CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 f ...)
NOT-FOR-US: RegistrationMagic plugin for WordPress
-CVE-2020-9453
- RESERVED
-CVE-2020-9452
- RESERVED
-CVE-2020-9451
- RESERVED
-CVE-2020-9450
- RESERVED
+CVE-2020-9453 (In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local ...)
+ NOT-FOR-US: Epson
+CVE-2020-9452 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...)
+ NOT-FOR-US: Acronis
+CVE-2020-9451 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...)
+ NOT-FOR-US: Acronis
+CVE-2020-9450 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...)
+ NOT-FOR-US: Acronis
CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, BlaB! ...)
NOT-FOR-US: BlaB!
CVE-2020-9448
@@ -9986,12 +51139,12 @@ CVE-2020-9441
RESERVED
CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin through 5 ...)
NOT-FOR-US: CKEditor plugin
-CVE-2020-9439
- RESERVED
-CVE-2020-9438
- RESERVED
-CVE-2020-9437
- RESERVED
+CVE-2020-9439 (Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin ...)
+ NOT-FOR-US: Uncanny Owl Tin Canny LearnDash Reporting
+CVE-2020-9438 (Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a d ...)
+ NOT-FOR-US: Tinxy Door Lock
+CVE-2020-9437 (SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side tem ...)
+ NOT-FOR-US: SecureAuth IdP
CVE-2020-9436 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...)
NOT-FOR-US: PHOENIX
CVE-2020-9435 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...)
@@ -10002,10 +51155,10 @@ CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509
NOT-FOR-US: lua-openssl (different from lua-luaossl)
CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...)
NOT-FOR-US: lua-openssl (different from lua-luaossl)
-CVE-2020-9427
- RESERVED
-CVE-2020-9426
- RESERVED
+CVE-2020-9427 (OX Guard 2.10.3 and earlier allows SSRF. ...)
+ NOT-FOR-US: OX Guard
+CVE-2020-9426 (OX Guard 2.10.3 and earlier allows XSS. ...)
+ NOT-FOR-US: OX Guard
CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...)
NOT-FOR-US: rConfig
CVE-2020-9424
@@ -10021,17 +51174,17 @@ CVE-2020-9420
CVE-2020-9419
RESERVED
CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...)
+ {DLA-2547-1}
- wireshark 3.2.2-1
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
- [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
+ [buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <not-affected> (composite TVB handling added later)
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850
CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...)
+ {DLA-2547-1}
- wireshark 3.2.2-1
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
- [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
+ [buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-04.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368
@@ -10039,9 +51192,9 @@ CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14,
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790
CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...)
+ {DLA-2547-1}
- wireshark 3.2.2-1 (low)
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
- [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
+ [buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-05.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397
@@ -10057,20 +51210,20 @@ CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash.
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2530f740d67d41908e84434bb5ec99480c2ac2e
CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...)
NOT-FOR-US: PDFescape
-CVE-2020-9417
- RESERVED
-CVE-2020-9416
- RESERVED
-CVE-2020-9415
- RESERVED
-CVE-2020-9414
- RESERVED
-CVE-2020-9413
- RESERVED
-CVE-2020-9412
- RESERVED
-CVE-2020-9411
- RESERVED
+CVE-2020-9417 (The Transaction Insight reporting component of TIBCO Software Inc.'s T ...)
+ NOT-FOR-US: TIBCO
+CVE-2020-9416 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...)
+ NOT-FOR-US: TIBCO
+CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO Software Inc.' ...)
+ NOT-FOR-US: TIBCO
+CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...)
+ NOT-FOR-US: TIBCO
+CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...)
+ NOT-FOR-US: TIBCO
+CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...)
+ NOT-FOR-US: TIBCO
+CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...)
+ NOT-FOR-US: TIBCO
CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...)
NOT-FOR-US: TIBCO
CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...)
@@ -10083,13 +51236,13 @@ CVE-2020-9406 (IBL Online Weather before 4.3.5a allows unauthenticated eval inje
NOT-FOR-US: IBL Online Weather
CVE-2020-9405 (IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS ...)
NOT-FOR-US: IBL Online Weather
-CVE-2020-9404
- RESERVED
-CVE-2020-9403
- RESERVED
+CVE-2020-9404 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...)
+ NOT-FOR-US: PACTware
+CVE-2020-9403 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...)
+ NOT-FOR-US: PACTware
CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...)
- python-django 2:2.2.11-1 (low; bug #953102)
- [buster] - python-django <postponed> (Can be fixed along in a future DSA)
+ [buster] - python-django 1:1.11.29-1~deb10u1
[stretch] - python-django <postponed> (Can be fixed along in a future DSA)
[jessie] - python-django <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/04/1
@@ -10108,20 +51261,20 @@ CVE-2020-9397
RESERVED
CVE-2020-9396
RESERVED
-CVE-2020-9395
- RESERVED
+CVE-2020-9395 (An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, an ...)
+ NOT-FOR-US: Realtek
CVE-2020-9394 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...)
NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...)
NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...)
NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress
-CVE-2020-9390
- RESERVED
-CVE-2020-9389
- RESERVED
-CVE-2020-9388
- RESERVED
+CVE-2020-9390 (SquaredUp allowed Stored XSS before version 4.6.0. A user was able to ...)
+ NOT-FOR-US: SquaredUp
+CVE-2020-9389 (A username enumeration issue was discovered in SquaredUp before versio ...)
+ NOT-FOR-US: SquaredUp
+CVE-2020-9388 (CSRF protection was not present in SquaredUp before version 4.6.0. A C ...)
+ NOT-FOR-US: SquaredUp
CVE-2020-9387 (In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account detai ...)
- mahara <removed>
CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...)
@@ -10133,10 +51286,11 @@ CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a
CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...)
- - zint <itp> (bug #732141)
+ - zint <not-affected> (Fixed with initial upload to archive)
CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerabilit ...)
NOT-FOR-US: Subex
-CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...)
+CVE-2020-9383 (An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fd ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3
@@ -10150,10 +51304,10 @@ CVE-2020-9379 (The Software Development Kit of the MiContact Center Business wit
NOT-FOR-US: Mitel
CVE-2020-9378
RESERVED
-CVE-2020-9377
- RESERVED
-CVE-2020-9376
- RESERVED
+CVE-2020-9377 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Co ...)
+ NOT-FOR-US: D-Link
+CVE-2020-9376 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Informati ...)
+ NOT-FOR-US: D-Link
CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows re ...)
NOT-FOR-US: TP-Link
CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vu ...)
@@ -10167,17 +51321,17 @@ CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin befo
CVE-2020-9370 (HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. ...)
NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices
CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial ...)
+ {DSA-4818-1}
- sympa 6.2.40~dfsg-4 (low; bug #952428)
- [buster] - sympa <no-dsa> (Minor issue)
[stretch] - sympa <not-affected> (Vulnerability introduced later in 6.2.38)
[jessie] - sympa <not-affected> (Vulnerability introduced later in 6.2.38)
NOTE: https://github.com/sympa-community/sympa/issues/886
NOTE: https://sympa-community.github.io/security/2020-001.html
NOTE: Upstream patch: https://github.com/sympa-community/sympa/releases/download/6.2.54/sympa-6.2.52-sa-2020-001.patch
-CVE-2020-9368
- RESERVED
-CVE-2020-9367
- RESERVED
+CVE-2020-9368 (The Module Olea Gift On Order module through 5.0.8 for PrestaShop enab ...)
+ NOT-FOR-US: Module Olea Gift On Order module for PrestaShop
+CVE-2020-9367 (The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build ...)
+ NOT-FOR-US: Zoho ManageEngine
CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) re ...)
- pure-ftpd 1.0.49-3 (bug #952471)
[buster] - pure-ftpd <no-dsa> (Minor issue)
@@ -10200,15 +51354,14 @@ CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 tr
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=68386dfb1fa33471372a8cd2e74686758a2f527b (v4.8.0)
NOTE: Follow-up: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=0dd53533e20d2948351a99ec5336fbc9b82b226a (v4.8.0)
NOTE: Introduced due to: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 (v4.7.0)
-CVE-2020-9361
- RESERVED
+CVE-2020-9361 (CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local use ...)
+ NOT-FOR-US: CryptoPro CSP
CVE-2020-9360
RESERVED
CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...)
- {DLA-2159-1}
+ {DLA-2856-1 DLA-2159-1}
- okular 4:19.12.3-2 (bug #954891)
- [buster] - okular <no-dsa> (Minor issue)
- [stretch] - okular <no-dsa> (Minor issue)
+ [buster] - okular 4:17.12.2-2.2+deb10u1
NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
NOTE: https://kde.org/info/security/advisory-20200312-1.txt
NOTE: https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/ (PoC)
@@ -10278,10 +51431,10 @@ CVE-2020-9334 (A stored XSS vulnerability exists in the Envira Photo Gallery plu
NOT-FOR-US: Envira Photo Gallery plugin for WordPress
CVE-2020-9333
RESERVED
-CVE-2020-9332
- RESERVED
-CVE-2020-9331
- RESERVED
+CVE-2020-9332 (ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 ...)
+ NOT-FOR-US: FabulaTech
+CVE-2020-9331 (CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Pri ...)
+ NOT-FOR-US: CryptoPro CSP
CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...)
NOT-FOR-US: Xerox
CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...)
@@ -10290,12 +51443,14 @@ CVE-2020-9328
RESERVED
CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...)
- sqlite3 3.31.1-3 (bug #951835)
- [buster] - sqlite3 <no-dsa> (Minor issue)
- [stretch] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <not-affected> (Vulnerable code not present)
+ [stretch] - sqlite3 <not-affected> (vulnerable code not present)
[jessie] - sqlite3 <not-affected> (vulnerable code not present)
NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380
NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
+ NOTE: https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d
+ NOTE: https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21
CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM; former ...)
NOT-FOR-US: BeyondTrust Privilege Management for Windows and Mac
CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Downl ...)
@@ -10308,7 +51463,7 @@ CVE-2020-9322
RESERVED
CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...)
NOT-FOR-US: Traefik
-CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a ...)
+CVE-2020-9320 (** DISPUTED ** Avira AV Engine before 8.3.54.138 allows virus-detectio ...)
NOT-FOR-US: Avira
CVE-2020-9319
RESERVED
@@ -10326,12 +51481,12 @@ CVE-2020-9313
RESERVED
CVE-2020-9312
RESERVED
-CVE-2020-9311
- RESERVED
+CVE-2020-9311 (In SilverStripe through 4.5, malicious users with a valid Silverstripe ...)
+ NOT-FOR-US: SilverStripe
CVE-2020-9310
REJECTED
-CVE-2020-9309
- RESERVED
+CVE-2020-9309 (Silverstripe CMS through 4.5 can be susceptible to script execution fr ...)
+ NOT-FOR-US: SilverStripe
CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...)
- libarchive 3.4.0-2 (bug #951759)
[buster] - libarchive <not-affected> (rar5 support added in 3.4.0)
@@ -10340,10 +51495,10 @@ CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 att
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459
NOTE: https://github.com/libarchive/libarchive/pull/1326
NOTE: https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a
-CVE-2020-9307
- RESERVED
-CVE-2020-9306
- RESERVED
+CVE-2020-9307 (Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a deni ...)
+ NOT-FOR-US: Hirschmann OS2, RSP, and RSPE devices
+CVE-2020-9306 (Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of ...)
+ NOT-FOR-US: Tesla SolarCity Solar Monitoring Gateway
CVE-2020-9305
RESERVED
CVE-2020-9304
@@ -10352,34 +51507,34 @@ CVE-2020-9303
RESERVED
CVE-2020-9302
RESERVED
-CVE-2020-9301
- RESERVED
-CVE-2020-9300
- RESERVED
-CVE-2020-9299
- RESERVED
-CVE-2020-9298
- RESERVED
-CVE-2020-9297
- RESERVED
-CVE-2020-9296
- RESERVED
+CVE-2020-9301 (Nolan Ray from Apple Information Security identified a security vulner ...)
+ NOT-FOR-US: Spinnaker
+CVE-2020-9300 (The Access Control issues include allowing a regular user to view a re ...)
+ NOT-FOR-US: Netflix dispatch
+CVE-2020-9299 (There were XSS vulnerabilities discovered and reported in the Dispatch ...)
+ NOT-FOR-US: Netflix dispatch
+CVE-2020-9298 (The Spinnaker template resolution functionality is vulnerable to Serve ...)
+ NOT-FOR-US: Spinnaker
+CVE-2020-9297 (Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java ...)
+ NOT-FOR-US: Netflix Titus
+CVE-2020-9296 (Netflix Titus uses Java Bean Validation (JSR 380) custom constraint va ...)
+ NOT-FOR-US: Netflix Conductor
CVE-2020-9295
RESERVED
CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...)
NOT-FOR-US: FortiMail Fortiguard
CVE-2020-9293
RESERVED
-CVE-2020-9292
- RESERVED
+CVE-2020-9292 (An unquoted service path vulnerability in the FortiSIEM Windows Agent ...)
+ NOT-FOR-US: Fortiguard
CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windows 6. ...)
NOT-FOR-US: Fortiguard / FortiClient for Windows
CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online ...)
NOT-FOR-US: Fortiguard
-CVE-2020-9289
- RESERVED
-CVE-2020-9288
- RESERVED
+CVE-2020-9289 (Use of a hard-coded cryptographic key to encrypt password data in CLI ...)
+ NOT-FOR-US: Fortiguard
+CVE-2020-9288 (An improper neutralization of input vulnerability in FortiWLC 8.5.1 al ...)
+ NOT-FOR-US: Fortinet
CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...)
NOT-FOR-US: Fortiguard
CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...)
@@ -10389,9 +51544,9 @@ CVE-2020-9285
CVE-2020-9284
RESERVED
CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...)
+ {DLA-2455-1 DLA-2453-1 DLA-2402-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462)
[buster] - golang-go.crypto <no-dsa> (Minor issue)
- [stretch] - golang-go.crypto <no-dsa> (Minor issue)
[jessie] - golang-go.crypto <no-dsa> (Minor issue)
NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...)
@@ -10449,88 +51604,88 @@ CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections agai
NOT-FOR-US: phpMyChat-Plus
CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass ...)
NOT-FOR-US: ESET
-CVE-2020-9263
- RESERVED
-CVE-2020-9262
- RESERVED
-CVE-2020-9261
- RESERVED
-CVE-2020-9260
- RESERVED
-CVE-2020-9259
- RESERVED
-CVE-2020-9258
- RESERVED
-CVE-2020-9257
- RESERVED
-CVE-2020-9256
- RESERVED
-CVE-2020-9255
- RESERVED
-CVE-2020-9254
- RESERVED
+CVE-2020-9263 (HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWE ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
+ NOT-FOR-US: HUAWEI
+CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
+ NOT-FOR-US: HUAWEI
+CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 1 ...)
+ NOT-FOR-US: HUAWEI
+CVE-2020-9259 (Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00 ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P ...)
+ NOT-FOR-US: HUAWEI
+CVE-2020-9257 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9256 (Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9255 (Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9254 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...)
+ NOT-FOR-US: Huawei
CVE-2020-9253
RESERVED
-CVE-2020-9252
- RESERVED
-CVE-2020-9251
- RESERVED
+CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI M ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9251 (HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E1 ...)
+ NOT-FOR-US: Huawei
CVE-2020-9250
RESERVED
-CVE-2020-9249
- RESERVED
-CVE-2020-9248
- RESERVED
-CVE-2020-9247
- RESERVED
-CVE-2020-9246
- RESERVED
-CVE-2020-9245
- RESERVED
-CVE-2020-9244
- RESERVED
-CVE-2020-9243
- RESERVED
-CVE-2020-9242
- RESERVED
-CVE-2020-9241
- RESERVED
-CVE-2020-9240
- RESERVED
-CVE-2020-9239
- RESERVED
-CVE-2020-9238
- RESERVED
-CVE-2020-9237
- RESERVED
+CVE-2020-9249 (HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2 ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9247 (There is a buffer overflow vulnerability in several Huawei products. T ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9246 (FusionCompute 8.0.0 has an information leak vulnerability. A module do ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9245 (HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUA ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8); ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9242 (FusionCompute 8.0.0 have a command injection vulnerability. The softwa ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9241 (Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00), ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9240 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buff ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9239 (Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier t ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9238 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buff ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C ...)
+ NOT-FOR-US: Huawei
CVE-2020-9236
RESERVED
-CVE-2020-9235
- RESERVED
+CVE-2020-9235 (Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E ...)
+ NOT-FOR-US: Huawei
CVE-2020-9234
RESERVED
-CVE-2020-9233
- RESERVED
+CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication vulnerability. ...)
+ NOT-FOR-US: Huawei
CVE-2020-9232
RESERVED
CVE-2020-9231
RESERVED
-CVE-2020-9230
- RESERVED
-CVE-2020-9229
- RESERVED
-CVE-2020-9228
- RESERVED
-CVE-2020-9227
- RESERVED
-CVE-2020-9226
- RESERVED
-CVE-2020-9225
- RESERVED
+CVE-2020-9230 (WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...)
+ NOT-FOR-US: HUAWEI
+CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...)
+ NOT-FOR-US: Huawei
CVE-2020-9224
RESERVED
-CVE-2020-9223
- RESERVED
+CVE-2020-9223 (There is a denial of service vulnerability in some Huawei smartphones. ...)
+ NOT-FOR-US: Huawei
CVE-2020-9222
RESERVED
CVE-2020-9221
@@ -10549,36 +51704,36 @@ CVE-2020-9215
RESERVED
CVE-2020-9214
RESERVED
-CVE-2020-9213
- RESERVED
-CVE-2020-9212
- RESERVED
+CVE-2020-9213 (There is a denial of service vulnerability in some huawei products. In ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9212 (There is a vulnerability in some version of USG9500 that the device im ...)
+ NOT-FOR-US: Huawei
CVE-2020-9211
RESERVED
CVE-2020-9210
RESERVED
-CVE-2020-9209
- RESERVED
-CVE-2020-9208
- RESERVED
-CVE-2020-9207
- RESERVED
-CVE-2020-9206
- RESERVED
-CVE-2020-9205
- RESERVED
+CVE-2020-9209 (There is a privilege escalation vulnerability in SMC2.0 product. Some ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9208 (There is an information leak vulnerability in iManager NetEco 6000 ver ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9207 (There is an improper authentication vulnerability in some verisons of ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9206 (The eUDC660 product has a resource management vulnerability. An attack ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9205 (There has a CSV injection vulnerability in ManageOne 8.0.1. An attacke ...)
+ NOT-FOR-US: Huawei
CVE-2020-9204
RESERVED
-CVE-2020-9203
- RESERVED
-CVE-2020-9202
- RESERVED
-CVE-2020-9201
- RESERVED
-CVE-2020-9200
- RESERVED
-CVE-2020-9199
- RESERVED
+CVE-2020-9203 (There is a resource management errors vulnerability in Huawei P30. Loc ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9202 (There is an information disclosure vulnerability in TE Mobile software ...)
+ NOT-FOR-US: TE Mobile
+CVE-2020-9201 (There is an out-of-bounds read vulnerability in some versions of NIP68 ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9200 (There has a CSV injection vulnerability in iManager NetEco 6000 versio ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9199 (B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a ...)
+ NOT-FOR-US: Huawei
CVE-2020-9198
RESERVED
CVE-2020-9197
@@ -10659,8 +51814,8 @@ CVE-2020-9160
RESERVED
CVE-2020-9159
RESERVED
-CVE-2020-9158
- RESERVED
+CVE-2020-9158 (There is a Missing Cryptographic Step vulnerability in Huawei Smartpho ...)
+ NOT-FOR-US: Huawei
CVE-2020-9157
RESERVED
CVE-2020-9156
@@ -10677,32 +51832,32 @@ CVE-2020-9151
RESERVED
CVE-2020-9150
RESERVED
-CVE-2020-9149
- RESERVED
-CVE-2020-9148
- RESERVED
-CVE-2020-9147
- RESERVED
-CVE-2020-9146
- RESERVED
-CVE-2020-9145
- RESERVED
-CVE-2020-9144
- RESERVED
-CVE-2020-9143
- RESERVED
-CVE-2020-9142
- RESERVED
-CVE-2020-9141
- RESERVED
-CVE-2020-9140
- RESERVED
-CVE-2020-9139
- RESERVED
-CVE-2020-9138
- RESERVED
-CVE-2020-9137
- RESERVED
+CVE-2020-9149 (An application error verification vulnerability exists in a component ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9148 (An application bypass mechanism vulnerability exists in a component in ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9147 (A memory buffer error vulnerability exists in a component interface of ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9146 (A memory buffer error vulnerability exists in a component interface of ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9145 (There is an Out-of-bounds Write vulnerability in some Huawei smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9144 (There is a heap overflow vulnerability in some Huawei smartphone, atta ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9143 (There is a missing authentication vulnerability in some Huawei smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9142 (There is a heap base buffer overflow vulnerability in some Huawei smar ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9141 (There is a improper privilege management vulnerability in some Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9140 (There is a vulnerability with buffer access with incorrect length valu ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9139 (There is a improper input validation vulnerability in some Huawei Smar ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9138 (There is a heap-based buffer overflow vulnerability in some Huawei Sma ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9137 (There is a privilege escalation vulnerability in some versions of Clou ...)
+ NOT-FOR-US: Huawei
CVE-2020-9136
RESERVED
CVE-2020-9135
@@ -10717,118 +51872,118 @@ CVE-2020-9131
RESERVED
CVE-2020-9130
RESERVED
-CVE-2020-9129
- RESERVED
-CVE-2020-9128
- RESERVED
-CVE-2020-9127
- RESERVED
+CVE-2020-9129 (HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vu ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9128 (FusionCompute versions 8.0.0 have an insecure encryption algorithm vul ...)
+ NOT-FOR-US: Uawei FusionCompute
+CVE-2020-9127 (Some Huawei products have a command injection vulnerability. Due to in ...)
+ NOT-FOR-US: Huawei
CVE-2020-9126
RESERVED
-CVE-2020-9125
- RESERVED
-CVE-2020-9124
- RESERVED
-CVE-2020-9123
- RESERVED
-CVE-2020-9122
- RESERVED
+CVE-2020-9125 (There is an out-of-bound read vulnerability in huawei smartphone Mate ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9124 (There is a memory leak vulnerability in some versions of Huawei CloudE ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9123 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versi ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9122 (Some Huawei products have an insufficient input verification vulnerabi ...)
+ NOT-FOR-US: Huawei
CVE-2020-9121
RESERVED
-CVE-2020-9120
- RESERVED
-CVE-2020-9119
- RESERVED
-CVE-2020-9118
- RESERVED
-CVE-2020-9117
- RESERVED
-CVE-2020-9116
- RESERVED
-CVE-2020-9115
- RESERVED
-CVE-2020-9114
- RESERVED
-CVE-2020-9113
- RESERVED
-CVE-2020-9112
- RESERVED
-CVE-2020-9111
- RESERVED
-CVE-2020-9110
- RESERVED
-CVE-2020-9109
- RESERVED
-CVE-2020-9108
- RESERVED
-CVE-2020-9107
- RESERVED
-CVE-2020-9106
- RESERVED
-CVE-2020-9105
- RESERVED
-CVE-2020-9104
- RESERVED
-CVE-2020-9103
- RESERVED
-CVE-2020-9102
- RESERVED
-CVE-2020-9101
- RESERVED
-CVE-2020-9100
- RESERVED
-CVE-2020-9099
- RESERVED
+CVE-2020-9120 (CloudEngine 1800V versions V100R019C10SPC500 has a resource management ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9119 (There is a privilege escalation vulnerability on some Huawei smart pho ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9118 (There is an insufficient integrity check vulnerability in Huawei Sound ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9117 (HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9116 (Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9115 (ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9114 (FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a pri ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9113 (HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buf ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9112 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a priv ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9111 (E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9110 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an inf ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9109 (There is an information disclosure vulnerability in several smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9108 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an o ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9107 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an o ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9106 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a pa ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9105 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an ins ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9104 (HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2 ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Th ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...)
+ NOT-FOR-US: Huawei
CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...)
NOT-FOR-US: Huawei
CVE-2020-9097
RESERVED
-CVE-2020-9096
- RESERVED
-CVE-2020-9095
- RESERVED
-CVE-2020-9094
- RESERVED
-CVE-2020-9093
- RESERVED
-CVE-2020-9092
- RESERVED
-CVE-2020-9091
- RESERVED
-CVE-2020-9090
- RESERVED
+CVE-2020-9096 (HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E1 ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9095 (HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E16 ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9094 (There is an out of bound read vulnerability in some verisons of Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9093 (There is a use after free vulnerability in Taurus-AL00A versions 10.0. ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9092 (HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a Ja ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9091 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9090 (FusionAccess version 6.5.1 has an improper authorization vulnerability ...)
+ NOT-FOR-US: Huawei
CVE-2020-9089
RESERVED
CVE-2020-9088
RESERVED
-CVE-2020-9087
- RESERVED
+CVE-2020-9087 (Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vul ...)
+ NOT-FOR-US: Huawei
CVE-2020-9086
RESERVED
CVE-2020-9085
RESERVED
-CVE-2020-9084
- RESERVED
-CVE-2020-9083
- RESERVED
+CVE-2020-9084 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use- ...)
+ NOT-FOR-US: Taurus-AN00B
+CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E ...)
+ NOT-FOR-US: Huawei
CVE-2020-9082
RESERVED
CVE-2020-9081
RESERVED
CVE-2020-9080
RESERVED
-CVE-2020-9079
- RESERVED
-CVE-2020-9078
- RESERVED
-CVE-2020-9077
- RESERVED
-CVE-2020-9076
- RESERVED
-CVE-2020-9075
- RESERVED
-CVE-2020-9074
- RESERVED
+CVE-2020-9079 (FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulne ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9078 (FusionCompute 8.0.0 have local privilege escalation vulnerability. A l ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9077 (HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9076 (HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9075 (Huawei products Secospace USG6300;USG6300E with versions of V500R001C3 ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9074 (Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an imprope ...)
+ NOT-FOR-US: Huawei
CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...)
NOT-FOR-US: Huawei
CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...)
@@ -10849,20 +52004,20 @@ CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0
NOT-FOR-US: Huawei
CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...)
NOT-FOR-US: Huawei
-CVE-2020-9063
- RESERVED
-CVE-2020-9062
- RESERVED
-CVE-2020-9061
- RESERVED
-CVE-2020-9060
- RESERVED
-CVE-2020-9059
- RESERVED
-CVE-2020-9058
- RESERVED
-CVE-2020-9057
- RESERVED
+CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authent ...)
+ NOT-FOR-US: NCR SelfServ ATMs
+CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version ...)
+ NOT-FOR-US: Diebold Nixdorf ProCash 2100xe USB ATMs
+CVE-2020-9061 (Z-Wave devices using Silicon Labs 500 and 700 series chipsets, includi ...)
+ NOT-FOR-US: Z-Wave devices
+CVE-2020-9060 (Z-Wave devices based on Silicon Labs 500 series chipsets using S2, inc ...)
+ NOT-FOR-US: Z-Wave devices
+CVE-2020-9059 (Z-Wave devices based on Silicon Labs 500 series chipsets using S0 auth ...)
+ NOT-FOR-US: Z-Wave devices
+CVE-2020-9058 (Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 ...)
+ NOT-FOR-US: Z-Wave devices
+CVE-2020-9057 (Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets ...)
+ NOT-FOR-US: Z-Wave devices
CVE-2020-9056 (Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scr ...)
NOT-FOR-US: Periscope BuySpeed
CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...)
@@ -10870,19 +52025,19 @@ CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vu
CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running firmware ...)
NOT-FOR-US: ZyXEL
CVE-2020-9053
- RESERVED
+ REJECTED
CVE-2020-9052
- RESERVED
+ REJECTED
CVE-2020-9051
- RESERVED
-CVE-2020-9050
- RESERVED
-CVE-2020-9049
- RESERVED
-CVE-2020-9048
- RESERVED
-CVE-2020-9047
- RESERVED
+ REJECTED
+CVE-2020-9050 (Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) ...)
+ NOT-FOR-US: Metasys Reporting Engine (MRE) Web Services
+CVE-2020-9049 (A vulnerability in specified versions of American Dynamics victor Web ...)
+ NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls
+CVE-2020-9048 (A vulnerability in specified versions of American Dynamics victor Web ...)
+ NOT-FOR-US: Johnson Controls
+CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized ...)
+ NOT-FOR-US: exacqVision Web Service
CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...)
NOT-FOR-US: Kantech
CVE-2020-9045 (During installation or upgrade to Software House C&#8226;CURE 9000 v2. ...)
@@ -10891,20 +52046,20 @@ CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Ser
NOT-FOR-US: Johnson Controls
CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...)
NOT-FOR-US: wpCentral plugin for WordPress
-CVE-2020-9042
- RESERVED
-CVE-2020-9041
- RESERVED
-CVE-2020-9040
- RESERVED
+CVE-2020-9042 (In Couchbase Server 6.0, credentials cached by a browser can be used t ...)
+ NOT-FOR-US: Couchbase
+CVE-2020-9041 (In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, th ...)
+ NOT-FOR-US: Couchbase
+CVE-2020-9040 (Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker t ...)
+ NOT-FOR-US: Couchbase
CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6. ...)
NOT-FOR-US: Couchbase
CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...)
NOT-FOR-US: Joplin
CVE-2020-9037
RESERVED
-CVE-2020-9036
- RESERVED
+CVE-2020-9036 (Jeedom through 4.0.38 allows XSS. ...)
+ NOT-FOR-US: Jeedom
CVE-2020-9035
RESERVED
CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalati ...)
@@ -10953,8 +52108,8 @@ CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parame
- dolibarr <removed>
CVE-2020-9015 (** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20 ...)
NOT-FOR-US: Arista devices
-CVE-2020-9014
- RESERVED
+CVE-2020-9014 (In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows loca ...)
+ NOT-FOR-US: Epson
CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...)
NOT-FOR-US: Arvato Skillpipe
CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People functi ...)
@@ -10977,22 +52132,22 @@ CVE-2020-9004 (A remote authenticated authorization-bypass vulnerability in Wowz
NOT-FOR-US: Wowza Streaming Engine
CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery plugin b ...)
NOT-FOR-US: Modula Image Gallery plugin for WordPress
-CVE-2020-9002
- RESERVED
+CVE-2020-9002 (An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gai ...)
+ NOT-FOR-US: iPortalis iCS
CVE-2020-9001
- RESERVED
-CVE-2020-9000
- RESERVED
+ REJECTED
+CVE-2020-9000 (An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send ...)
+ NOT-FOR-US: iPortalis iCS
CVE-2020-8999
- RESERVED
+ REJECTED
CVE-2020-8998
REJECTED
CVE-2020-8997 (Older generation Abbott FreeStyle Libre sensors allow remote attackers ...)
NOT-FOR-US: Abbott FreeStyle Libre
CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal to read ...)
NOT-FOR-US: AnyShare Cloud
-CVE-2020-8995
- RESERVED
+CVE-2020-8995 (Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file ...)
+ NOT-FOR-US: Programi Bilanc
CVE-2020-8994 (An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1. ...)
NOT-FOR-US: XIAOMI AI speaker MDZ-25-DT
CVE-2020-8993
@@ -11053,12 +52208,12 @@ CVE-2020-8970
RESERVED
CVE-2020-8969
RESERVED
-CVE-2020-8968
- RESERVED
+CVE-2020-8968 (Parallels Remote Application Server (RAS) allows a local attacker to r ...)
+ NOT-FOR-US: Parallels Remote Application Server (RAS)
CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...)
- TODO: check
+ NOT-FOR-US: GESIO
CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...)
- NOT-FOR-US: Tiki-Wiki Groupware
+ - tikiwiki <removed>
CVE-2020-8965
RESERVED
CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...)
@@ -11073,25 +52228,24 @@ CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows X
NOT-FOR-US: Western Digital mycloud.com
CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...)
NOT-FOR-US: Western Digital
-CVE-2020-8958
- RESERVED
+CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804R ...)
+ NOT-FOR-US: Guangzhou
CVE-2020-8957
RESERVED
-CVE-2020-8956
- RESERVED
+CVE-2020-8956 (Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 ...)
+ NOT-FOR-US: Pulse Secure Pulse Secure Desktop Client
CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...)
- {DLA-2157-1}
+ {DLA-2770-1 DLA-2157-1}
- weechat 2.7.1-1 (bug #951289)
[buster] - weechat <no-dsa> (Minor issue)
- [stretch] - weechat <no-dsa> (Minor issue)
NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da
-CVE-2020-8954
- RESERVED
+CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link ...)
+ NOT-FOR-US: OpenSearch Web browser
CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...)
NOT-FOR-US: OpenVPN Access Server
-CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp ti ...)
+CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allow ...)
NOT-FOR-US: Fiserv Accurate Reconciliation
-CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source or Des ...)
+CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allow ...)
NOT-FOR-US: Fiserv Accurate Reconciliation
CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...)
NOT-FOR-US: Radeon AMD User Experience Program Launcher
@@ -11105,43 +52259,49 @@ CVE-2020-8946 (Netis WF2471 v1.2.30142 devices allow an authenticated attacker t
NOT-FOR-US: Netis devices
CVE-2020-8945 (The proglottis Go wrapper before 0.1.1 for the GPGME library has a use ...)
- golang-github-proglottis-gpgme 0.1.1-1 (bug #951372)
+ [buster] - golang-github-proglottis-gpgme <no-dsa> (Minor issue)
NOTE: https://github.com/proglottis/gpgme/pull/23
-CVE-2020-8944
- RESERVED
-CVE-2020-8943
- RESERVED
-CVE-2020-8942
- RESERVED
-CVE-2020-8941
- RESERVED
-CVE-2020-8940
- RESERVED
-CVE-2020-8939
- RESERVED
-CVE-2020-8938
- RESERVED
-CVE-2020-8937
- RESERVED
-CVE-2020-8936
- RESERVED
-CVE-2020-8935
- RESERVED
+CVE-2020-8944 (An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 ...)
+ NOT-FOR-US: Asylo
+CVE-2020-8943 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...)
+ NOT-FOR-US: Asylo
+CVE-2020-8942 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...)
+ NOT-FOR-US: Asylo
+CVE-2020-8941 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...)
+ NOT-FOR-US: Asylo
+CVE-2020-8940 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...)
+ NOT-FOR-US: Asylo
+CVE-2020-8939 (An out of bounds read on the enc_untrusted_inet_ntop function allows a ...)
+ NOT-FOR-US: Asylo
+CVE-2020-8938 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...)
+ NOT-FOR-US: Asylo
+CVE-2020-8937 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...)
+ NOT-FOR-US: Asylo
+CVE-2020-8936 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...)
+ NOT-FOR-US: Asylo
+CVE-2020-8935 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...)
+ NOT-FOR-US: Asylo
CVE-2020-8934
RESERVED
-CVE-2020-8933
- RESERVED
+CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
+ - google-compute-image-packages <removed> (bug #987353)
+ [buster] - google-compute-image-packages <ignored> (Minor issue)
+ NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
+ NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
CVE-2020-8932
RESERVED
CVE-2020-8931
RESERVED
CVE-2020-8930
RESERVED
-CVE-2020-8929
- RESERVED
+CVE-2020-8929 (A mis-handling of invalid unicode characters in the Java implementatio ...)
+ NOT-FOR-US: Tink
CVE-2020-8928
RESERVED
-CVE-2020-8927
- RESERVED
+CVE-2020-8927 (A buffer overflow exists in the Brotli library versions prior to 1.0.8 ...)
+ {DSA-4801-1 DLA-2476-1}
+ - brotli 1.0.9-1
+ NOTE: https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6
CVE-2020-8926
RESERVED
CVE-2020-8925
@@ -11154,46 +52314,50 @@ CVE-2020-8922
RESERVED
CVE-2020-8921
RESERVED
-CVE-2020-8920
- RESERVED
-CVE-2020-8919
- RESERVED
-CVE-2020-8918
- RESERVED
+CVE-2020-8920 (An information leak vulnerability exists in Gerrit versions prior to 2 ...)
+ - gerrit <itp> (bug #589436)
+CVE-2020-8919 (An information leak vulnerability exists in Gerrit versions prior to 2 ...)
+ - gerrit <itp> (bug #589436)
+CVE-2020-8918 (An improperly initialized 'migrationAuth' value in Google's go-tpm TPM ...)
+ NOT-FOR-US: go-tpm TPM1.2 library
CVE-2020-8917
RESERVED
-CVE-2020-8916
- RESERVED
+CVE-2020-8916 (A memory leak in Openthread's wpantund versions up to commit 0e5d1601f ...)
+ NOT-FOR-US: wpantund
CVE-2020-8915
RESERVED
CVE-2020-8914
RESERVED
-CVE-2020-8913
- RESERVED
-CVE-2020-8912
- RESERVED
-CVE-2020-8911
- RESERVED
+CVE-2020-8913 (A local, arbitrary code execution vulnerability exists in the SplitCom ...)
+ NOT-FOR-US: Android's Play Core Library
+CVE-2020-8912 (A vulnerability in the in-band key negotiation exists in the AWS S3 Cr ...)
+ NOT-FOR-US: AWS S3 Crypto SDK for Go
+CVE-2020-8911 (A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoL ...)
+ NOT-FOR-US: AWS S3 Crypto SDK for Go
CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...)
- - chromium <unfixed>
- [stretch] - chromium <end-of-life> (see DSA 4562)
- NOTE: https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9
+ NOT-FOR-US: Google Closure Library
CVE-2020-8909
RESERVED
-CVE-2020-8908
- RESERVED
-CVE-2020-8907
- RESERVED
+CVE-2020-8908 (A temp directory creation vulnerability exists in all versions of Guav ...)
+ NOT-FOR-US: Google Guava
+CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
+ - google-compute-image-packages <removed> (bug #987353)
+ [buster] - google-compute-image-packages <ignored> (Minor issue)
+ NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
+ NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
CVE-2020-8906
RESERVED
-CVE-2020-8905
- RESERVED
-CVE-2020-8904
- RESERVED
-CVE-2020-8903
- RESERVED
-CVE-2020-8902
- RESERVED
+CVE-2020-8905 (A buffer length validation vulnerability in Asylo versions prior to 0. ...)
+ NOT-FOR-US: Asylo
+CVE-2020-8904 (An arbitrary memory overwrite vulnerability in the trusted memory of A ...)
+ NOT-FOR-US: Asylo
+CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
+ - google-compute-image-packages <removed> (bug #987353)
+ [buster] - google-compute-image-packages <ignored> (Minor issue)
+ NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
+ NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
+CVE-2020-8902 (Rendertron versions prior to 3.0.0 are are susceptible to a Server-Sid ...)
+ NOT-FOR-US: Rendertron
CVE-2020-8901
RESERVED
CVE-2020-8900
@@ -11202,8 +52366,8 @@ CVE-2020-8899 (There is a buffer overwrite vulnerability in the Quram qmg librar
NOT-FOR-US: Samsung
CVE-2020-8898
RESERVED
-CVE-2020-8897
- RESERVED
+CVE-2020-8897 (A weak robustness vulnerability exists in the AWS Encryption SDKs for ...)
+ NOT-FOR-US: AWS Encryption SDKs
CVE-2020-8896 (A Buffer Overflow vulnerability in the khcrypt implementation in Googl ...)
NOT-FOR-US: Google Earth Pro
CVE-2020-8895 (Untrusted Search Path vulnerability in the windows installer of Google ...)
@@ -11222,14 +52386,14 @@ CVE-2020-8889
RESERVED
CVE-2020-8888
RESERVED
-CVE-2020-8887
- RESERVED
+CVE-2020-8887 (Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 hav ...)
+ NOT-FOR-US: Telestream Tektronix Medius
CVE-2020-8886
RESERVED
CVE-2020-8885
RESERVED
-CVE-2020-8884
- RESERVED
+CVE-2020-8884 (rcdsvc in the Proofpoint Insider Threat Management Windows Agent (form ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Windows Agent
CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: Foxit Studio Photo
CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -11256,27 +52420,27 @@ CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive i
NOT-FOR-US: Parallels
CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Parallels
-CVE-2020-8870
- RESERVED
-CVE-2020-8869
- RESERVED
+CVE-2020-8870 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-8869 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Quest Foglight Evolve
CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...)
NOT-FOR-US: OPC Foundation UA .NET Standard
CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...)
{DLA-2162-1}
- - php-horde-form <unfixed> (bug #955020)
+ - php-horde-form 2.0.20-1 (bug #955020)
[buster] - php-horde-form 2.0.18-3.1+deb10u1
- [stretch] - php-horde-form <no-dsa> (Minor issue)
+ [stretch] - php-horde-form 2.0.15-1+deb9u2
NOTE: https://lists.horde.org/archives/announce/2020/001288.html
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-275/
NOTE: https://github.com/horde/Form/commit/813f8e7e9479fad4546b89c569325ee9eef60b0f
CVE-2020-8865 (This vulnerability allows remote attackers to execute local PHP files ...)
{DLA-2175-1}
- - php-horde-trean <unfixed> (bug #955019)
+ - php-horde-trean 1.1.10-1 (bug #955019)
[buster] - php-horde-trean 1.1.9-3+deb10u1
- [stretch] - php-horde-trean <no-dsa> (Minor issue)
+ [stretch] - php-horde-trean 1.1.7-1+deb9u1
NOTE: https://lists.horde.org/archives/announce/2020/001286.html
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-276/
NOTE: https://github.com/horde/trean/commit/db0714a0c04d87bda9e2852f1b0d259fc281ca75
@@ -11324,16 +52488,16 @@ CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary co
CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit Reader
CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...)
- NOT-FOR-US: itsio
-CVE-2020-8842 (Unquoted search path vulnerability in MSI True Color before 3.0.52.0 a ...)
- NOT-FOR-US: MSI True Color
+ NOT-FOR-US: Istio
+CVE-2020-8842
+ REJECTED
CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...)
NOT-FOR-US: TestLink
CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...)
{DLA-2111-1}
- - jackson-databind <unfixed>
- [buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
- [stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u2
+ [stretch] - jackson-databind 2.8.6-1+deb9u7
NOTE: https://github.com/FasterXML/jackson-databind/issues/2620
NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
@@ -11362,6 +52526,7 @@ CVE-2020-8833 (Time-of-check Time-of-use Race Condition vulnerability on crash r
NOT-FOR-US: Apport
CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...)
- linux 4.16.5-1
+ [stretch] - linux <not-affected> (Vulnerable code not present, incomplete fix not applied)
[jessie] - linux <not-affected> (No support for this hardware)
NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840
NOTE: The CVE is for an incomplete fix for CVE-2019-14615 which technically only
@@ -11385,20 +52550,20 @@ CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows
NOT-FOR-US: Vanilla Forums
CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...)
NOT-FOR-US: Hitron devices
-CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerab ...)
+CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulner ...)
NOT-FOR-US: SockJS
CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices ...)
NOT-FOR-US: Digi TransPort
-CVE-2020-8821
- RESERVED
-CVE-2020-8820
- RESERVED
+CVE-2020-8821 (An Improper Data Validation Vulnerability exists in Webmin 1.941 and e ...)
+ - webmin <removed>
+CVE-2020-8820 (An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the ...)
+ - webmin <removed>
CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 3.1.15 ...)
NOT-FOR-US: CardGate Payments plugin for WooCommerce
CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2.0.30 ...)
NOT-FOR-US: CardGate Payments plugin for Magento
-CVE-2020-8817
- RESERVED
+CVE-2020-8817 (Dataiku DSS before 6.0.5 allows attackers write access to the project ...)
+ NOT-FOR-US: Dataiku
CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by priv ...)
NOT-FOR-US: Pi-hole
CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam ...)
@@ -11407,6 +52572,7 @@ CVE-2020-8814
RESERVED
CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...)
- cacti 1.2.10+ds1-1 (bug #951832)
+ [buster] - cacti <no-dsa> (Minor issue)
[stretch] - cacti <not-affected> (Vulnerable code not present)
[jessie] - cacti <not-affected> (Vulnerable code not present)
NOTE: https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129
@@ -11423,10 +52589,10 @@ CVE-2020-8809 (Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to
NOT-FOR-US: Gurux
CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...)
NOT-FOR-US: CORSAIR iCUE
-CVE-2020-8807
- RESERVED
-CVE-2020-8806
- RESERVED
+CVE-2020-8807 (In Electric Coin Company Zcashd before 2.1.1-1, the time offset betwee ...)
+ NOT-FOR-US: Electric Coin Company Zcashd
+CVE-2020-8806 (Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigge ...)
+ NOT-FOR-US: Electric Coin Company Zcashd
CVE-2020-8805
RESERVED
CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...)
@@ -11484,10 +52650,10 @@ CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions pri
NOT-FOR-US: SuiteCRM
CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
NOT-FOR-US: SuiteCRM
-CVE-2020-8782
- RESERVED
-CVE-2020-8781
- RESERVED
+CVE-2020-8782 (Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 al ...)
+ NOT-FOR-US: ALEOS
+CVE-2020-8781 (Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 an ...)
+ NOT-FOR-US: ALEOS
CVE-2020-8780
RESERVED
CVE-2020-8779
@@ -11514,84 +52680,84 @@ CVE-2020-8769
RESERVED
CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...)
NOT-FOR-US: PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L)
-CVE-2020-8767
- RESERVED
-CVE-2020-8766
- RESERVED
-CVE-2020-8765
- RESERVED
-CVE-2020-8764
- RESERVED
-CVE-2020-8763
- RESERVED
+CVE-2020-8767 (Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus ...)
+ NOT-FOR-US: Intel
+CVE-2020-8766 (Improper conditions check in the Intel(R) SGX DCAP software before ver ...)
+ NOT-FOR-US: Intel
+CVE-2020-8765 (Incorrect default permissions in the installer for the Intel(R) RealSe ...)
+ NOT-FOR-US: Intel
+CVE-2020-8764 (Improper access control in BIOS firmware for some Intel(R) Processors ...)
+ NOT-FOR-US: Intel
+CVE-2020-8763 (Improper permissions in the installer for the Intel(R) RealSense(TM) D ...)
+ NOT-FOR-US: Intel
CVE-2020-8762
RESERVED
-CVE-2020-8761
- RESERVED
-CVE-2020-8760
- RESERVED
-CVE-2020-8759
- RESERVED
-CVE-2020-8758
- RESERVED
-CVE-2020-8757
- RESERVED
-CVE-2020-8756
- RESERVED
-CVE-2020-8755
- RESERVED
-CVE-2020-8754
- RESERVED
-CVE-2020-8753
- RESERVED
-CVE-2020-8752
- RESERVED
-CVE-2020-8751
- RESERVED
-CVE-2020-8750
- RESERVED
-CVE-2020-8749
- RESERVED
+CVE-2020-8761 (Inadequate encryption strength in subsystem for Intel(R) CSME versions ...)
+ NOT-FOR-US: Intel
+CVE-2020-8760 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...)
+ NOT-FOR-US: Intel
+CVE-2020-8759 (Improper access control in the installer for Intel(R) SSD DCT versions ...)
+ NOT-FOR-US: Intel
+CVE-2020-8758 (Improper buffer restrictions in network subsystem in provisioned Intel ...)
+ NOT-FOR-US: Intel
+CVE-2020-8757 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...)
+ NOT-FOR-US: Intel
+CVE-2020-8756 (Improper input validation in subsystem for Intel(R) CSME versions befo ...)
+ NOT-FOR-US: Intel
+CVE-2020-8755 (Race condition in subsystem for Intel(R) CSME versions before 12.0.70 ...)
+ NOT-FOR-US: Intel
+CVE-2020-8754 (Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM version ...)
+ NOT-FOR-US: Intel
+CVE-2020-8753 (Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM ve ...)
+ NOT-FOR-US: Intel
+CVE-2020-8752 (Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM v ...)
+ NOT-FOR-US: Intel
+CVE-2020-8751 (Insufficient control flow management in subsystem for Intel(R) CSME ve ...)
+ NOT-FOR-US: Intel
+CVE-2020-8750 (Use after free in Kernel Mode Driver for Intel(R) TXE versions before ...)
+ NOT-FOR-US: Intel
+CVE-2020-8749 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...)
+ NOT-FOR-US: Intel
CVE-2020-8748
RESERVED
-CVE-2020-8747
- RESERVED
-CVE-2020-8746
- RESERVED
-CVE-2020-8745
- RESERVED
-CVE-2020-8744
- RESERVED
-CVE-2020-8743
- RESERVED
-CVE-2020-8742
- RESERVED
-CVE-2020-8741
- RESERVED
-CVE-2020-8740
- RESERVED
-CVE-2020-8739
- RESERVED
-CVE-2020-8738
- RESERVED
-CVE-2020-8737
- RESERVED
-CVE-2020-8736
- RESERVED
+CVE-2020-8747 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...)
+ NOT-FOR-US: Intel
+CVE-2020-8746 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...)
+ NOT-FOR-US: Intel
+CVE-2020-8745 (Insufficient control flow management in subsystem for Intel(R) CSME ve ...)
+ NOT-FOR-US: Intel
+CVE-2020-8744 (Improper initialization in subsystem for Intel(R) CSME versions before ...)
+ NOT-FOR-US: Intel
+CVE-2020-8743 (Improper permissions in the installer for the Intel(R) Mailbox Interfa ...)
+ NOT-FOR-US: Intel
+CVE-2020-8742 (Improper input validation in the firmware for Intel(R) NUCs may allow ...)
+ NOT-FOR-US: Intel
+CVE-2020-8741 (Improper permissions in the installer for the Intel(R) Thunderbolt(TM) ...)
+ NOT-FOR-US: Intel
+CVE-2020-8740 (Out of bounds write in Intel BIOS platform sample code for some Intel( ...)
+ NOT-FOR-US: Intel
+CVE-2020-8739 (Use of potentially dangerous function in Intel BIOS platform sample co ...)
+ NOT-FOR-US: Intel
+CVE-2020-8738 (Improper conditions check in Intel BIOS platform sample code for some ...)
+ NOT-FOR-US: Intel
+CVE-2020-8737 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...)
+ NOT-FOR-US: Intel
+CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing Improv ...)
+ NOT-FOR-US: Intel
CVE-2020-8735
RESERVED
-CVE-2020-8734
- RESERVED
-CVE-2020-8733
- RESERVED
-CVE-2020-8732
- RESERVED
-CVE-2020-8731
- RESERVED
-CVE-2020-8730
- RESERVED
-CVE-2020-8729
- RESERVED
+CVE-2020-8734 (Improper input validation in the firmware for Intel(R) Server Board M1 ...)
+ NOT-FOR-US: Intel
+CVE-2020-8733 (Improper buffer restrictions in the firmware for Intel(R) Server Board ...)
+ NOT-FOR-US: Intel
+CVE-2020-8732 (Heap-based buffer overflow in the firmware for some Intel(R) Server Bo ...)
+ NOT-FOR-US: Intel
+CVE-2020-8731 (Incorrect execution-assigned permissions in the file system for some I ...)
+ NOT-FOR-US: Intel
+CVE-2020-8730 (Heap-based overflow for some Intel(R) Server Boards, Server Systems an ...)
+ NOT-FOR-US: Intel
+CVE-2020-8729 (Buffer copy without checking size of input for some Intel(R) Server Bo ...)
+ NOT-FOR-US: Intel
CVE-2020-8728
RESERVED
CVE-2020-8727
@@ -11602,116 +52768,131 @@ CVE-2020-8725
RESERVED
CVE-2020-8724
RESERVED
-CVE-2020-8723
- RESERVED
-CVE-2020-8722
- RESERVED
-CVE-2020-8721
- RESERVED
-CVE-2020-8720
- RESERVED
-CVE-2020-8719
- RESERVED
-CVE-2020-8718
- RESERVED
-CVE-2020-8717
- RESERVED
-CVE-2020-8716
- RESERVED
-CVE-2020-8715
- RESERVED
-CVE-2020-8714
- RESERVED
-CVE-2020-8713
- RESERVED
-CVE-2020-8712
- RESERVED
-CVE-2020-8711
- RESERVED
-CVE-2020-8710
- RESERVED
-CVE-2020-8709
- RESERVED
-CVE-2020-8708
- RESERVED
-CVE-2020-8707
- RESERVED
-CVE-2020-8706
- RESERVED
-CVE-2020-8705
- RESERVED
-CVE-2020-8704
- RESERVED
-CVE-2020-8703
- RESERVED
-CVE-2020-8702
- RESERVED
-CVE-2020-8701
- RESERVED
-CVE-2020-8700
- RESERVED
+CVE-2020-8723 (Cross-site scripting for some Intel(R) Server Boards, Server Systems a ...)
+ NOT-FOR-US: Intel
+CVE-2020-8722 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...)
+ NOT-FOR-US: Intel
+CVE-2020-8721 (Improper input validation for some Intel(R) Server Boards, Server Syst ...)
+ NOT-FOR-US: Intel
+CVE-2020-8720 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...)
+ NOT-FOR-US: Intel
+CVE-2020-8719 (Buffer overflow in subsystem for some Intel(R) Server Boards, Server S ...)
+ NOT-FOR-US: Intel
+CVE-2020-8718 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...)
+ NOT-FOR-US: Intel
+CVE-2020-8717 (Improper input validation in a subsystem for some Intel Server Boards, ...)
+ NOT-FOR-US: Intel
+CVE-2020-8716 (Improper access control for some Intel(R) Server Boards, Server System ...)
+ NOT-FOR-US: Intel
+CVE-2020-8715 (Invalid pointer for some Intel(R) Server Boards, Server Systems and Co ...)
+ NOT-FOR-US: Intel
+CVE-2020-8714 (Improper authentication for some Intel(R) Server Boards, Server System ...)
+ NOT-FOR-US: Intel
+CVE-2020-8713 (Improper authentication for some Intel(R) Server Boards, Server System ...)
+ NOT-FOR-US: Intel
+CVE-2020-8712 (Buffer overflow in a verification process for some Intel(R) Server Boa ...)
+ NOT-FOR-US: Intel
+CVE-2020-8711 (Improper access control in the bootloader for some Intel(R) Server Boa ...)
+ NOT-FOR-US: Intel
+CVE-2020-8710 (Buffer overflow in the bootloader for some Intel(R) Server Boards, Ser ...)
+ NOT-FOR-US: Intel
+CVE-2020-8709 (Improper authentication in socket services for some Intel(R) Server Bo ...)
+ NOT-FOR-US: Intel
+CVE-2020-8708 (Improper authentication for some Intel(R) Server Boards, Server System ...)
+ NOT-FOR-US: Intel
+CVE-2020-8707 (Buffer overflow in daemon for some Intel(R) Server Boards, Server Syst ...)
+ NOT-FOR-US: Intel
+CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards, Server Sy ...)
+ NOT-FOR-US: Intel
+CVE-2020-8705 (Insecure default initialization of resource in Intel(R) Boot Guard in ...)
+ NOT-FOR-US: Intel
+CVE-2020-8704 (Race condition in a subsystem in the Intel(R) LMS versions before 2039 ...)
+ NOT-FOR-US: Intel
+CVE-2020-8703 (Improper buffer restrictions in a subsystem in the Intel(R) CSME versi ...)
+ NOT-FOR-US: Intel
+CVE-2020-8702 (Uncontrolled search path element in the Intel(R) Processor Diagnostic ...)
+ NOT-FOR-US: Intel
+CVE-2020-8701 (Incorrect default permissions in installer for the Intel(R) SSD Toolbo ...)
+ NOT-FOR-US: Intel
+CVE-2020-8700 (Improper input validation in the firmware for some Intel(R) Processors ...)
+ NOT-FOR-US: Intel
CVE-2020-8699
RESERVED
-CVE-2020-8698
- RESERVED
+CVE-2020-8698 (Improper isolation of shared resources in some Intel(R) Processors may ...)
+ {DLA-2546-1}
+ - intel-microcode 3.20201110.1
+ [buster] - intel-microcode 3.20201118.1~deb10u1
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
CVE-2020-8697
RESERVED
-CVE-2020-8696
- RESERVED
-CVE-2020-8695
- RESERVED
-CVE-2020-8694
- RESERVED
-CVE-2020-8693
- RESERVED
-CVE-2020-8692
- RESERVED
-CVE-2020-8691
- RESERVED
-CVE-2020-8690
- RESERVED
-CVE-2020-8689
- RESERVED
-CVE-2020-8688
- RESERVED
-CVE-2020-8687
- RESERVED
+CVE-2020-8696 (Improper removal of sensitive information before storage or transfer i ...)
+ {DLA-2546-1}
+ - intel-microcode 3.20201110.1
+ [buster] - intel-microcode 3.20201118.1~deb10u1
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
+CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R) Process ...)
+ {DLA-2546-1}
+ - intel-microcode 3.20201110.1
+ [buster] - intel-microcode 3.20201118.1~deb10u1
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
+CVE-2020-8694 (Insufficient access control in the Linux kernel driver for some Intel( ...)
+ {DLA-2494-1 DLA-2483-1}
+ - linux 5.9.9-1
+ [buster] - linux 4.19.160-1
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
+ NOTE: https://git.kernel.org/linus/949dd0104c496fa7c14991a23c03c62e44637e71
+CVE-2020-8693 (Improper buffer restrictions in the firmware of the Intel(R) Ethernet ...)
+ NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows)
+CVE-2020-8692 (Insufficient access control in the firmware of the Intel(R) Ethernet 7 ...)
+ NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows)
+CVE-2020-8691 (A logic issue in the firmware of the Intel(R) Ethernet 700 Series Cont ...)
+ NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows)
+CVE-2020-8690 (Protection mechanism failure in Intel(R) Ethernet 700 Series Controlle ...)
+ NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows)
+CVE-2020-8689 (Improper buffer restrictions in the Intel(R) Wireless for Open Source ...)
+ - iwd 1.5-1
+ [buster] - iwd <no-dsa> (Minor issue)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00379.html
+CVE-2020-8688 (Improper input validation in the Intel(R) RAID Web Console 3 for Windo ...)
+ NOT-FOR-US: Intel
+CVE-2020-8687 (Uncontrolled search path in the installer for Intel(R) RSTe Software R ...)
+ NOT-FOR-US: Intel
CVE-2020-8686
RESERVED
-CVE-2020-8685
- RESERVED
-CVE-2020-8684
- RESERVED
-CVE-2020-8683
- RESERVED
-CVE-2020-8682
- RESERVED
-CVE-2020-8681
- RESERVED
-CVE-2020-8680
- RESERVED
-CVE-2020-8679
- RESERVED
-CVE-2020-8678
- RESERVED
-CVE-2020-8677
- RESERVED
-CVE-2020-8676
- RESERVED
-CVE-2020-8675
- RESERVED
-CVE-2020-8674
- RESERVED
+CVE-2020-8685 (Improper authentication in subsystem for Intel (R) LED Manager for NUC ...)
+ NOT-FOR-US: Intel
+CVE-2020-8684 (Improper access control in firmware for Intel(R) PAC with Arria(R) 10 ...)
+ NOT-FOR-US: Intel
+CVE-2020-8683 (Improper buffer restrictions in system driver for some Intel(R) Graphi ...)
+ NOT-FOR-US: Intel
+CVE-2020-8682 (Out of bounds read in system driver for some Intel(R) Graphics Drivers ...)
+ NOT-FOR-US: Intel
+CVE-2020-8681 (Out of bounds write in system driver for some Intel(R) Graphics Driver ...)
+ NOT-FOR-US: Intel
+CVE-2020-8680 (Race condition in some Intel(R) Graphics Drivers before version 15.40. ...)
+ NOT-FOR-US: Intel
+CVE-2020-8679 (Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics D ...)
+ NOT-FOR-US: Intel
+CVE-2020-8678 (Improper access control for Intel(R) Graphics Drivers before version 1 ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-8677 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...)
+ NOT-FOR-US: Intel
+CVE-2020-8676 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...)
+ NOT-FOR-US: Intel
+CVE-2020-8675 (Insufficient control flow management in firmware build and signing too ...)
+ NOT-FOR-US: Intel
+CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM ...)
+ NOT-FOR-US: Intel
CVE-2020-8673
RESERVED
-CVE-2020-8672
- RESERVED
-CVE-2020-8671
- RESERVED
-CVE-2020-8670
- RESERVED
-CVE-2020-8669
- RESERVED
+CVE-2020-8672 (Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Co ...)
+ NOT-FOR-US: Intel
+CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...)
+ NOT-FOR-US: Intel
+CVE-2020-8670 (Race condition in the firmware for some Intel(R) Processors may allow ...)
+ NOT-FOR-US: Intel
+CVE-2020-8669 (Improper input validation in the Intel(R) Data Center Manager Console ...)
+ NOT-FOR-US: Intel
CVE-2020-8668
RESERVED
CVE-2020-8667
@@ -11721,17 +52902,17 @@ CVE-2020-8666
CVE-2020-8665
RESERVED
CVE-2020-8664 (CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS ...)
- NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-8663
- RESERVED
+ - envoyproxy <itp> (bug #987544)
+CVE-2020-8663 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descr ...)
+ - envoyproxy <itp> (bug #987544)
CVE-2020-8662
RESERVED
CVE-2020-8661 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...)
- NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+ - envoyproxy <itp> (bug #987544)
CVE-2020-8660 (CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could ha ...)
- NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+ - envoyproxy <itp> (bug #987544)
CVE-2020-8659 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...)
- NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+ - envoyproxy <itp> (bug #987544)
CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...)
NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress
CVE-2020-8657 (An issue was discovered in EyesOfNetwork 5.3. The installation uses th ...)
@@ -11763,14 +52944,17 @@ CVE-2020-8642
CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php ...)
NOT-FOR-US: Lotus Core CMS
CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56
CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5
CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
+ {DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56
@@ -11806,31 +52990,73 @@ CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random p
NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795
NOTE: https://github.com/canonical/cloud-init/pull/204
CVE-2020-8630
- RESERVED
+ REJECTED
CVE-2020-8629
- RESERVED
+ REJECTED
CVE-2020-8628
- RESERVED
+ REJECTED
CVE-2020-8627
- RESERVED
+ REJECTED
CVE-2020-8626
- RESERVED
-CVE-2020-8625
- RESERVED
-CVE-2020-8624
- RESERVED
-CVE-2020-8623
- RESERVED
-CVE-2020-8622
- RESERVED
-CVE-2020-8621
- RESERVED
-CVE-2020-8620
- RESERVED
-CVE-2020-8619
- RESERVED
-CVE-2020-8618
- RESERVED
+ REJECTED
+CVE-2020-8625 (BIND servers are vulnerable if they are running an affected version an ...)
+ {DSA-4857-1 DLA-2568-1}
+ - bind9 1:9.16.12-1 (bug #983004)
+ NOTE: https://kb.isc.org/v1/docs/cve-2020-8625
+ NOTE: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.28/patches
+ NOTE: 9.16 branch: https://downloads.isc.org/isc/bind9/9.16.12/patches
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/b04cb88462863d762093760ffcfe1946200e30f5
+CVE-2020-8624 (In BIND 9.9.12 -&gt; 9.9.13, 9.10.7 -&gt; 9.10.8, 9.11.3 -&gt; 9.11.21 ...)
+ {DSA-4752-1}
+ - bind9 1:9.16.6-1 (bug #966497)
+ [stretch] - bind9 <not-affected> (Vulnerable code (dns_ssu_mtypefromstring()) introduced later)
+ NOTE: https://kb.isc.org/docs/cve-2020-8624
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/7630a64141a997b5247d9ad4a7dfff6ac6d9a485 (v9_16_6)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/5bf457e89a3fdc355aad74140f5e010b42d1df82 (v9_16_6)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/14aa0c5df65d28cf6aaf437151c6a008afb66fb1 (v9_16_6)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/e4cccf9668c7adee4724a7649ec64685f82c8677 (v9_11_22)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/393e8f643c02215fa4e6d4edf67be7d77085da0e (v9_11_22)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/58e560beb50873c699f3431cf57e215dc645d7aa (v9_11_22)
+CVE-2020-8623 (In BIND 9.10.0 -&gt; 9.11.21, 9.12.0 -&gt; 9.16.5, 9.17.0 -&gt; 9.17.3 ...)
+ {DSA-4752-1 DLA-2355-1}
+ - bind9 1:9.16.6-1
+ NOTE: https://kb.isc.org/docs/cve-2020-8623
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/ac3862a5da95bb07b6cf748b0958175687a9de1d (v9_16_6)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab (v9_11_22)
+CVE-2020-8622 (In BIND 9.0.0 -&gt; 9.11.21, 9.12.0 -&gt; 9.16.5, 9.17.0 -&gt; 9.17.3, ...)
+ {DSA-4752-1 DLA-2355-1}
+ - bind9 1:9.16.6-1
+ NOTE: https://kb.isc.org/docs/cve-2020-8622
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0eec632d6a5a474280017ec949d8a8014612f3b3 (v9_16_6)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/6ed167ad0a647dff20c8cb08c944a7967df2d415 (v9_11_22)
+CVE-2020-8621 (In BIND 9.14.0 -&gt; 9.16.5, 9.17.0 -&gt; 9.17.3, If a server is confi ...)
+ - bind9 1:9.16.6-1
+ [buster] - bind9 <not-affected> (Vulnerable code introduced in 9.14.x)
+ [stretch] - bind9 <not-affected> (Vulnerable code introduced in 9.14.x)
+ NOTE: https://kb.isc.org/docs/cve-2020-8621
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/81514ff925dfc6e0c293745e0fc8320a8af95586 (v9_16_6)
+CVE-2020-8620 (In BIND 9.15.6 -&gt; 9.16.5, 9.17.0 -&gt; 9.17.3, An attacker who can ...)
+ - bind9 1:9.16.6-1
+ [buster] - bind9 <not-affected> (Vulnerable code introduced later)
+ [stretch] - bind9 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://kb.isc.org/docs/cve-2020-8620
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9a372f2bce642545164d2b4408eb6c4e301acc5e (v9_16_6)
+CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -&gt; 9.11.19, BIND 9.14.9 -&gt; 9. ...)
+ {DSA-4752-1}
+ - bind9 1:9.16.4-1
+ [stretch] - bind9 <not-affected> (Vulnerable code introduced later)
+ [jessie] - bind9 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://kb.isc.org/docs/cve-2020-8619
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/-/issues/1718
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0854f631149848b64cc193979d0b0edf39159330 (v9_17_3)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/90a7416d1599df7aa1cdfac33b2da9352eeec4b0 (v9_11_21)
+CVE-2020-8618 (An attacker who is permitted to send zone data to a server via zone tr ...)
+ - bind9 1:9.16.4-1
+ [buster] - bind9 <not-affected> (Vulnerable code introduced later)
+ [stretch] - bind9 <not-affected> (Vulnerable code introduced later)
+ [jessie] - bind9 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://kb.isc.org/docs/cve-2020-8618
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/-/issues/1850
CVE-2020-8617 (Using a specially-crafted message, an attacker may potentially cause a ...)
{DSA-4689-1 DLA-2227-1}
- bind9 1:9.16.3-1 (bug #961939)
@@ -11855,21 +53081,21 @@ CVE-2020-8610
CVE-2020-8609
RESERVED
CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...)
- {DLA-2144-1 DLA-2142-1}
+ {DSA-4733-1 DLA-2551-1 DLA-2288-1 DLA-2144-1 DLA-2142-1}
- libslirp 4.2.0-1
- qemu 1:4.1-2
- [buster] - qemu <postponed> (Minor issue)
- [stretch] - qemu <postponed> (Minor issue)
- qemu-kvm <removed>
- - slirp <unfixed>
+ - slirp 1:1.0.17-11
+ [buster] - slirp 1:1.0.17-8+deb10u1
- slirp4netns 1.0.1-1
[buster] - slirp4netns <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
-CVE-2020-8607
- RESERVED
+ NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-p3hx-89v2-4r99
+CVE-2020-8607 (An input validation vulnerability found in multiple Trend Micro produc ...)
+ NOT-FOR-US: Trend Micro
CVE-2020-8606 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
NOT-FOR-US: Trend Micro
CVE-2020-8605 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
@@ -11878,8 +53104,8 @@ CVE-2020-8604 (A vulnerability in Trend Micro InterScan Web Security Virtual App
NOT-FOR-US: Trend Micro
CVE-2020-8603 (A cross-site scripting vulnerability (XSS) in Trend Micro InterScan We ...)
NOT-FOR-US: Trend Micro
-CVE-2020-8602
- RESERVED
+CVE-2020-8602 (A vulnerability in the management consoles of Trend Micro Deep Securit ...)
+ NOT-FOR-US: Trend Micro
CVE-2020-8601 (Trend Micro Vulnerability Protection 2.0 is affected by a vulnerabilit ...)
NOT-FOR-US: Trend Micro
CVE-2020-8600 (Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected ...)
@@ -11892,14 +53118,13 @@ CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer
{DSA-4632-1 DLA-2097-1}
- lwip 2.1.2+dfsg1-5 (bug #951291)
[buster] - lwip 2.0.3-3+deb10u1
- [experimental] - ppp 2.4.8-1+1~exp1
- - ppp <unfixed> (bug #950618)
+ - ppp 2.4.8-1+1 (bug #950618)
NOTE: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86
NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5 ...)
NOT-FOR-US: Participants Database plugin for WordPress
CVE-2020-8595 (Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and ...)
- NOT-FOR-US: itsio
+ NOT-FOR-US: Istio
CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...)
NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2020-8593
@@ -11908,82 +53133,111 @@ CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to c
NOT-FOR-US: eG Manager
CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLogi ...)
NOT-FOR-US: eG Manager
-CVE-2020-8590
- RESERVED
-CVE-2020-8589
- RESERVED
-CVE-2020-8588
- RESERVED
-CVE-2020-8587
- RESERVED
+CVE-2020-8590 (Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptib ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2020-8589 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2020-8588 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2020-8587 (OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to ...)
+ NOT-FOR-US: NetApp
CVE-2020-8586
RESERVED
-CVE-2020-8585
- RESERVED
-CVE-2020-8584
- RESERVED
-CVE-2020-8583
- RESERVED
-CVE-2020-8582
- RESERVED
-CVE-2020-8581
- RESERVED
-CVE-2020-8580
- RESERVED
-CVE-2020-8579
- RESERVED
-CVE-2020-8578
- RESERVED
-CVE-2020-8577
- RESERVED
-CVE-2020-8576
- RESERVED
-CVE-2020-8575
- RESERVED
-CVE-2020-8574
- RESERVED
-CVE-2020-8573
- RESERVED
+CVE-2020-8585 (OnCommand Unified Manager Core Package versions prior to 5.2.5 may dis ...)
+ NOT-FOR-US: OnCommand Unified Manager Core Package
+CVE-2020-8584 (Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulne ...)
+ NOT-FOR-US: Element OS
+CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)
+ NOT-FOR-US: HCI
+CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...)
+ NOT-FOR-US: HCI
+CVE-2020-8581 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2020-8580 (SANtricity OS Controller Software versions 11.30 and higher are suscep ...)
+ NOT-FOR-US: SANtricity OS Controller Software
+CVE-2020-8579 (Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a v ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2020-8578 (Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vul ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2020-8577 (SANtricity OS Controller Software versions 11.50.1 and higher are susc ...)
+ NOT-FOR-US: SANtricity OS Controller Software
+CVE-2020-8576 (Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 a ...)
+ NOT-FOR-US: ONTAP
+CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows versions prio ...)
+ NOT-FOR-US: Active IQ Unified Manager
+CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship with th ...)
+ NOT-FOR-US: Active IQ Unified Manager
+CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers ...)
+ NOT-FOR-US: NetApp
CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...)
NOT-FOR-US: Element OS
CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...)
NOT-FOR-US: StorageGRID
-CVE-2020-8570
- RESERVED
-CVE-2020-8569
- RESERVED
-CVE-2020-8568
- RESERVED
-CVE-2020-8567
- RESERVED
-CVE-2020-8566
- RESERVED
-CVE-2020-8565
- RESERVED
-CVE-2020-8564
- RESERVED
-CVE-2020-8563
- RESERVED
-CVE-2020-8562
- RESERVED
-CVE-2020-8561
- RESERVED
+CVE-2020-8570 (Kubernetes Java client libraries in version 10.0.0 and versions prior ...)
+ NOT-FOR-US: Kubernetes Java client
+CVE-2020-8569 (Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could pa ...)
+ NOT-FOR-US: Kubernetes CSI Snapshotter
+ NOTE: https://github.com/kubernetes-csi/external-snapshotter/issues/421
+CVE-2020-8568 (Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow ...)
+ NOT-FOR-US: Kubernetes Secrets Store CSI Driver
+CVE-2020-8567 (Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azur ...)
+ NOT-FOR-US: Kubernetes Secrets Store CSI Driver
+CVE-2020-8566 (In Kubernetes clusters using Ceph RBD as a storage provisioner, with l ...)
+ - kubernetes 1.19.3-1 (bug #972341)
+ NOTE: https://github.com/kubernetes/kubernetes/pull/95245
+ NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
+ NOTE: https://github.com/kubernetes/kubernetes/issues/95624
+CVE-2020-8565 (In Kubernetes, if the logging level is set to at least 9, authorizatio ...)
+ - kubernetes 1.20.0-1 (bug #972649)
+ NOTE: https://github.com/kubernetes/kubernetes/pull/95316
+ NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
+ NOTE: https://github.com/kubernetes/kubernetes/issues/95623
+CVE-2020-8564 (In Kubernetes clusters using a logging level of at least 4, processing ...)
+ - kubernetes 1.19.3-1 (bug #972341)
+ NOTE: https://github.com/kubernetes/kubernetes/pull/94712
+ NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
+ NOTE: https://github.com/kubernetes/kubernetes/issues/95622
+CVE-2020-8563 (In Kubernetes clusters using VSphere as a cloud provider, with a loggi ...)
+ - kubernetes <not-affected> (Only affects 19.x)
+ NOTE: https://github.com/kubernetes/kubernetes/pull/95236
+ NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
+ NOTE: https://github.com/kubernetes/kubernetes/issues/95621
+CVE-2020-8562 (As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes att ...)
+ - kubernetes <unfixed> (bug #990793)
+ [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/8
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+CVE-2020-8561 (A security issue was discovered in Kubernetes where actors that contro ...)
+ - kubernetes <unfixed>
+ [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+ NOTE: https://github.com/kubernetes/kubernetes/issues/104720
CVE-2020-8560
RESERVED
-CVE-2020-8559
- RESERVED
-CVE-2020-8558
- RESERVED
-CVE-2020-8557
- RESERVED
+CVE-2020-8559 (The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions pri ...)
+ - kubernetes 1.18.5-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/07/15/6
+CVE-2020-8558 (The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17. ...)
+ - kubernetes 1.18.5-1
+ NOTE: Issue: https://github.com/kubernetes/kubernetes/issues/90259
+ NOTE: Upstream fix: https://github.com/kubernetes/kubernetes/pull/91569
+CVE-2020-8557 (The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17. ...)
+ - kubernetes 1.18.5-1
+ NOTE: https://github.com/kubernetes/kubernetes/issues/93032
+ NOTE: https://github.com/kubernetes/kubernetes/pull/92916
CVE-2020-8556
RESERVED
-CVE-2020-8555
- RESERVED
-CVE-2020-8554
- RESERVED
-CVE-2020-8553
- RESERVED
+CVE-2020-8555 (The Kubernetes kube-controller-manager in versions v1.0-1.14, versions ...)
+ - kubernetes 1.18.2-1
+ NOTE: https://github.com/kubernetes/kubernetes/issues/91542
+CVE-2020-8554 (Kubernetes API server in all versions allow an attacker who is able to ...)
+ - kubernetes <unfixed> (bug #990793)
+ [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/5
+ NOTE: https://github.com/kubernetes/kubernetes/issues/97076
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+CVE-2020-8553 (The Kubernetes ingress-nginx component prior to version 0.28.0 allows ...)
+ NOT-FOR-US: Kubernetes ingress-nginx component
CVE-2020-8552 (The Kubernetes API server component in versions prior to 1.15.9, 1.16. ...)
- kubernetes 1.17.4-1
NOTE: https://github.com/kubernetes/kubernetes/issues/89378
@@ -12002,18 +53256,18 @@ CVE-2020-8546
RESERVED
CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...)
NOT-FOR-US: AIL framework
-CVE-2020-8544
- RESERVED
-CVE-2020-8543
- RESERVED
-CVE-2020-8542
- RESERVED
-CVE-2020-8541
- RESERVED
+CVE-2020-8544 (OX App Suite through 7.10.3 allows SSRF. ...)
+ NOT-FOR-US: OX App Suite
+CVE-2020-8543 (OX App Suite through 7.10.3 has Improper Input Validation. ...)
+ NOT-FOR-US: OX App Suite
+CVE-2020-8542 (OX App Suite through 7.10.3 allows XSS. ...)
+ NOT-FOR-US: OX App Suite
+CVE-2020-8541 (OX App Suite through 7.10.3 allows XXE attacks. ...)
+ NOT-FOR-US: OX App Suite
CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine Deskto ...)
NOT-FOR-US: Zoho ManageEngine Desktop Central
-CVE-2020-8539
- RESERVED
+CVE-2020-8539 (Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.00 ...)
+ NOT-FOR-US: Kia Motors Head Unit with Software
CVE-2020-8538
RESERVED
CVE-2020-8537
@@ -12048,17 +53302,17 @@ CVE-2020-8523
RESERVED
CVE-2020-8522
RESERVED
-CVE-2020-8521
- RESERVED
-CVE-2020-8520
- RESERVED
-CVE-2020-8519
- RESERVED
+CVE-2020-8521 (SQL injection with start and length parameters in Records.php for phpz ...)
+ NOT-FOR-US: phpzag
+CVE-2020-8520 (SQL injection in order and column parameters in Records.php for phpzag ...)
+ NOT-FOR-US: phpzag
+CVE-2020-8519 (SQL injection with the search parameter in Records.php for phpzag live ...)
+ NOT-FOR-US: phpzag
CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...)
{DLA-2174-1}
- - php-horde-data <unfixed> (bug #951537)
+ - php-horde-data 2.1.5-1 (bug #951537)
[buster] - php-horde-data 2.1.4-5+deb10u1
- [stretch] - php-horde-data <no-dsa> (Minor issue)
+ [stretch] - php-horde-data 2.1.4-3+deb9u1
NOTE: https://lists.horde.org/archives/announce/2020/001285.html
NOTE: https://github.com/horde/Data/commit/78ad0c2390176cdde7260a271bc6ddd86f4c9c0e
CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...)
@@ -12121,16 +53375,16 @@ CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x ver
CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...)
NOT-FOR-US: Kronos Web Time and Attendance (webTA)
CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...)
+ {DLA-2280-1}
- python3.8 3.8.3~rc1-1
- - python3.7 <unfixed>
- [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ [buster] - python3.7 3.7.3-2+deb10u2
- python3.5 <removed>
- [stretch] - python3.5 <no-dsa> (Minor issue)
- python3.4 <removed>
- [jessie] - python3.4 <no-dsa> (Minor issue)
- - python2.7 <unfixed>
+ [jessie] - python3.4 <postponed> (Minor issue)
+ - python2.7 2.7.18-2 (low; bug #970099)
[buster] - python2.7 <no-dsa> (Minor issue)
- [stretch] - python2.7 <no-dsa> (Minor issue)
+ [stretch] - python2.7 <ignored> (Too destructive to backport. Though the patch is partly ready. https://salsa.debian.org/lts-team/packages/python2.7/-/blob/master/debian/patches/CVE-2020-8492.patch)
[jessie] - python2.7 <no-dsa> (Minor issue)
NOTE: https://bugs.python.org/issue39503
NOTE: https://github.com/python/cpython/pull/18284
@@ -12189,18 +53443,18 @@ CVE-2020-8468 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Busines
NOT-FOR-US: Trend Micro
CVE-2020-8467 (A migration tool component of Trend Micro Apex One (2019) and OfficeSc ...)
NOT-FOR-US: Trend Micro
-CVE-2020-8466
- RESERVED
-CVE-2020-8465
- RESERVED
-CVE-2020-8464
- RESERVED
-CVE-2020-8463
- RESERVED
-CVE-2020-8462
- RESERVED
-CVE-2020-8461
- RESERVED
+CVE-2020-8466 (A command injection vulnerability in Trend Micro InterScan Web Securit ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-8465 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-8464 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-8463 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-8462 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-8461 (A CSRF protection bypass vulnerability in Trend Micro InterScan Web Se ...)
+ NOT-FOR-US: Trend Micro
CVE-2020-8460
RESERVED
CVE-2020-8459
@@ -12222,7 +53476,7 @@ CVE-2020-8452
CVE-2020-8451
RESERVED
CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.10-1 (bug #950802)
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
@@ -12230,7 +53484,7 @@ CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect bu
NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older)
NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9)
CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...)
- {DSA-4682-1}
+ {DSA-4682-1 DLA-2278-1}
- squid 4.10-1 (bug #950802)
- squid3 <removed>
NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
@@ -12271,7 +53525,7 @@ CVE-2020-8433
RESERVED
CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...)
- u-boot 2020.01+dfsg-2 (low)
- [buster] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <ignored> (Minor issue)
[stretch] - u-boot <no-dsa> (Minor issue)
[jessie] - u-boot <ignored> (Minor issue)
NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396799.html
@@ -12282,7 +53536,7 @@ CVE-2020-8430 (Stormshield Network Security 310 3.7.10 devices have an auth/lang
NOT-FOR-US: Stormshield Network Security 310
CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not ...)
NOT-FOR-US: Kinetica
-CVE-2020-8427 (Kaseya Traverse before 9.5.20 allows OS command injection attacks agai ...)
+CVE-2020-8427 (In Unitrends Backup before 10.4.1, an HTTP request parameter was not p ...)
NOT-FOR-US: Kaseya Traverse
CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...)
NOT-FOR-US: Elementor plugin for WordPress
@@ -12295,11 +53549,11 @@ CVE-2020-8423 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (f
CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...)
- NOT-FOR-US: Joomla!
+ NOT-FOR-US: Joomla!
CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...)
- NOT-FOR-US: Joomla!
+ NOT-FOR-US: Joomla!
CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...)
- NOT-FOR-US: Joomla!
+ NOT-FOR-US: Joomla!
CVE-2020-8418
RESERVED
CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...)
@@ -12307,207 +53561,207 @@ CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF
CVE-2020-8416 (IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial ...)
NOT-FOR-US: BearFTP
CVE-2020-8415
- RESERVED
+ REJECTED
CVE-2020-8414
- RESERVED
+ REJECTED
CVE-2020-8413
- RESERVED
+ REJECTED
CVE-2020-8412
- RESERVED
+ REJECTED
CVE-2020-8411
- RESERVED
+ REJECTED
CVE-2020-8410
- RESERVED
+ REJECTED
CVE-2020-8409
- RESERVED
+ REJECTED
CVE-2020-8408
- RESERVED
+ REJECTED
CVE-2020-8407
- RESERVED
+ REJECTED
CVE-2020-8406
- RESERVED
+ REJECTED
CVE-2020-8405
- RESERVED
+ REJECTED
CVE-2020-8404
- RESERVED
+ REJECTED
CVE-2020-8403
- RESERVED
+ REJECTED
CVE-2020-8402
- RESERVED
+ REJECTED
CVE-2020-8401
- RESERVED
+ REJECTED
CVE-2020-8400
- RESERVED
+ REJECTED
CVE-2020-8399
- RESERVED
+ REJECTED
CVE-2020-8398
- RESERVED
+ REJECTED
CVE-2020-8397
- RESERVED
+ REJECTED
CVE-2020-8396
- RESERVED
+ REJECTED
CVE-2020-8395
- RESERVED
+ REJECTED
CVE-2020-8394
- RESERVED
+ REJECTED
CVE-2020-8393
- RESERVED
+ REJECTED
CVE-2020-8392
- RESERVED
+ REJECTED
CVE-2020-8391
- RESERVED
+ REJECTED
CVE-2020-8390
- RESERVED
+ REJECTED
CVE-2020-8389
- RESERVED
+ REJECTED
CVE-2020-8388
- RESERVED
+ REJECTED
CVE-2020-8387
- RESERVED
+ REJECTED
CVE-2020-8386
- RESERVED
+ REJECTED
CVE-2020-8385
- RESERVED
+ REJECTED
CVE-2020-8384
- RESERVED
+ REJECTED
CVE-2020-8383
- RESERVED
+ REJECTED
CVE-2020-8382
- RESERVED
+ REJECTED
CVE-2020-8381
- RESERVED
+ REJECTED
CVE-2020-8380
- RESERVED
+ REJECTED
CVE-2020-8379
- RESERVED
+ REJECTED
CVE-2020-8378
- RESERVED
+ REJECTED
CVE-2020-8377
- RESERVED
+ REJECTED
CVE-2020-8376
- RESERVED
+ REJECTED
CVE-2020-8375
- RESERVED
+ REJECTED
CVE-2020-8374
- RESERVED
+ REJECTED
CVE-2020-8373
- RESERVED
+ REJECTED
CVE-2020-8372
- RESERVED
+ REJECTED
CVE-2020-8371
- RESERVED
+ REJECTED
CVE-2020-8370
- RESERVED
+ REJECTED
CVE-2020-8369
- RESERVED
+ REJECTED
CVE-2020-8368
- RESERVED
+ REJECTED
CVE-2020-8367
- RESERVED
+ REJECTED
CVE-2020-8366
- RESERVED
+ REJECTED
CVE-2020-8365
- RESERVED
+ REJECTED
CVE-2020-8364
- RESERVED
+ REJECTED
CVE-2020-8363
- RESERVED
+ REJECTED
CVE-2020-8362
- RESERVED
+ REJECTED
CVE-2020-8361
- RESERVED
+ REJECTED
CVE-2020-8360
- RESERVED
+ REJECTED
CVE-2020-8359
- RESERVED
+ REJECTED
CVE-2020-8358
- RESERVED
-CVE-2020-8357
- RESERVED
-CVE-2020-8356
- RESERVED
-CVE-2020-8355
- RESERVED
-CVE-2020-8354
- RESERVED
-CVE-2020-8353
- RESERVED
-CVE-2020-8352
- RESERVED
-CVE-2020-8351
- RESERVED
-CVE-2020-8350
- RESERVED
-CVE-2020-8349
- RESERVED
-CVE-2020-8348
- RESERVED
-CVE-2020-8347
- RESERVED
-CVE-2020-8346
- RESERVED
-CVE-2020-8345
- RESERVED
+ REJECTED
+CVE-2020-8357 (A denial of service vulnerability was reported in Lenovo PCManager, pr ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8356 (An internal product security audit of LXCO, prior to version 1.2.2, di ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8355 (An internal product security audit of Lenovo XClarity Administrator (L ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8354 (A potential vulnerability in the SMI callback function used in the Var ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8353 (Prior to August 10, 2020, some Lenovo Desktop and Workstation systems ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8352 (In some Lenovo Desktop models, the Configuration Change Detection BIOS ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8351 (A privilege escalation vulnerability was reported in Lenovo PCManager ...)
+ NOT-FOR-US: Lenovo PCManager
+CVE-2020-8350 (An authentication bypass vulnerability was reported in Lenovo ThinkPad ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8349 (An internal security review has identified an unauthenticated remote c ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8348 (A DOM-based cross-site scripting (XSS) vulnerability was reported in L ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8347 (A reflective cross-site scripting (XSS) vulnerability was reported in ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8346 (A denial of service vulnerability was reported in the Lenovo Vantage c ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8345 (A DLL search path vulnerability was reported in the Lenovo HardwareSca ...)
+ NOT-FOR-US: Lenovo
CVE-2020-8344
- RESERVED
+ REJECTED
CVE-2020-8343
- RESERVED
-CVE-2020-8342
- RESERVED
-CVE-2020-8341
- RESERVED
-CVE-2020-8340
- RESERVED
-CVE-2020-8339
- RESERVED
-CVE-2020-8338
- RESERVED
-CVE-2020-8337
- RESERVED
-CVE-2020-8336
- RESERVED
-CVE-2020-8335
- RESERVED
-CVE-2020-8334
- RESERVED
-CVE-2020-8333
- RESERVED
-CVE-2020-8332
- RESERVED
+ REJECTED
+CVE-2020-8342 (A race condition vulnerability was reported in Lenovo System Update pr ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8341 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8340 (A cross-site scripting (XSS) vulnerability was discovered in the legac ...)
+ NOT-FOR-US: IBM
+CVE-2020-8339 (A cross-site scripting inclusion (XSSI) vulnerability was reported in ...)
+ NOT-FOR-US: IBM
+CVE-2020-8338 (A DLL search path vulnerability was reported in Lenovo Diagnostics pri ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8337 (An unquoted search path vulnerability was reported in versions prior t ...)
+ NOT-FOR-US: Synaptics Smart Audio UWP app
+CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on some Th ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8335 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8333 (A potential vulnerability in the SMI callback function used in the EEP ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8332 (A potential vulnerability in the SMI callback function used in the leg ...)
+ NOT-FOR-US: Lenovo
CVE-2020-8331
- RESERVED
+ REJECTED
CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...)
NOT-FOR-US: Lenovo
CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...)
NOT-FOR-US: Lenovo
CVE-2020-8328
- RESERVED
+ REJECTED
CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...)
NOT-FOR-US: Lenovo
-CVE-2020-8326
- RESERVED
+CVE-2020-8326 (An unquoted service path vulnerability was reported in Lenovo Drivers ...)
+ NOT-FOR-US: Lenovo
CVE-2020-8325
- RESERVED
+ REJECTED
CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem for Leno ...)
NOT-FOR-US: Lenovo
-CVE-2020-8323
- RESERVED
-CVE-2020-8322
- RESERVED
-CVE-2020-8321
- RESERVED
-CVE-2020-8320
- RESERVED
+CVE-2020-8323 (A potential vulnerability in the SMI callback function used in the Leg ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8322 (A potential vulnerability in the SMI callback function used in the Leg ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8321 (A potential vulnerability in the SMI callback function used in the Sys ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8320 (An internal shell was included in BIOS image in some ThinkPad models t ...)
+ NOT-FOR-US: Lenovo
CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo System Int ...)
NOT-FOR-US: Lenovo
CVE-2020-8318 (A privilege escalation vulnerability was reported in the LenovoSystemU ...)
NOT-FOR-US: Lenovo
-CVE-2020-8317
- RESERVED
+CVE-2020-8317 (A DLL search path vulnerability was reported in Lenovo Drivers Managem ...)
+ NOT-FOR-US: Lenovo
CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version 10.200 ...)
NOT-FOR-US: Lenovo
CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...)
- {DSA-4667-1}
+ {DSA-4698-1 DSA-4667-1 DLA-2242-1}
- linux 5.4.19-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6
@@ -12543,301 +53797,422 @@ CVE-2020-8302
RESERVED
CVE-2020-8301
RESERVED
-CVE-2020-8300
- RESERVED
-CVE-2020-8299
- RESERVED
-CVE-2020-8298
- RESERVED
-CVE-2020-8297
- RESERVED
-CVE-2020-8296
- RESERVED
-CVE-2020-8295
- RESERVED
-CVE-2020-8294
- RESERVED
-CVE-2020-8293
- RESERVED
-CVE-2020-8292
- RESERVED
-CVE-2020-8291
- RESERVED
-CVE-2020-8290
- RESERVED
-CVE-2020-8289
- RESERVED
-CVE-2020-8288
- RESERVED
-CVE-2020-8287
- RESERVED
-CVE-2020-8286
- RESERVED
-CVE-2020-8285
- RESERVED
-CVE-2020-8284
- RESERVED
-CVE-2020-8283
- RESERVED
-CVE-2020-8282
- RESERVED
-CVE-2020-8281
- RESERVED
-CVE-2020-8280
- RESERVED
-CVE-2020-8279
- RESERVED
-CVE-2020-8278
- RESERVED
-CVE-2020-8277
- RESERVED
-CVE-2020-8276
- RESERVED
-CVE-2020-8275
- RESERVED
-CVE-2020-8274
- RESERVED
-CVE-2020-8273
- RESERVED
-CVE-2020-8272
- RESERVED
-CVE-2020-8271
- RESERVED
-CVE-2020-8270
- RESERVED
-CVE-2020-8269
- RESERVED
-CVE-2020-8268
- RESERVED
-CVE-2020-8267
- RESERVED
+CVE-2020-8300 (Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8299 (Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-6 ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8298 (fs-path node module before 0.0.25 is vulnerable to command injection b ...)
+ NOT-FOR-US: Node fs-path
+CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...)
+ NOT-FOR-US: Nextcloud Deck
+CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 1 ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scr ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2020-8291 (A link preview rendering issue in Rocket.Chat versions before 3.9 coul ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer ...)
+ NOT-FOR-US: Backblaze
+CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before ...)
+ NOT-FOR-US: Backblaze
+CVE-2020-8288 (The `specializedRendering` function in Rocket.Chat server before 3.9.2 ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two co ...)
+ {DSA-4826-1}
+ - nodejs 12.20.1~dfsg-1 (bug #979364)
+ [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/release/v10.23.1/
+ NOTE: https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e (v10.23.1)
+CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...)
+ {DSA-4881-1 DLA-2500-1}
+ - curl 7.74.0-1 (bug #977161)
+ NOTE: https://curl.se/docs/CVE-2020-8286.html
+ NOTE: https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 (curl-7_74_0)
+CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recu ...)
+ {DSA-4881-1 DLA-2500-1}
+ - curl 7.74.0-1 (bug #977162)
+ NOTE: https://curl.se/docs/CVE-2020-8285.html
+ NOTE: https://github.com/curl/curl/issues/6255
+ NOTE: https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d (curl-7_74_0)
+CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 7.73.0 ...)
+ {DSA-4881-1 DLA-2500-1}
+ - curl 7.74.0-1 (bug #977163)
+ NOTE: https://curl.se/docs/CVE-2020-8284.html
+ NOTE: https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (curl-7_74_0)
+CVE-2020-8283 (An authorised user on a Windows host running Citrix Universal Print Se ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8282 (A security issue was found in EdgePower 24V/54V firmware v1.7.0 and ea ...)
+ NOT-FOR-US: EdgePower 24V/54V firmware
+CVE-2020-8281 (A missing file type check in Nextcloud Contacts 3.3.0 allows a malicio ...)
+ NOT-FOR-US: Nextcloud Contacts
+CVE-2020-8280 (A missing file type check in Nextcloud Contacts 3.4.0 allows a malicio ...)
+ NOT-FOR-US: Nextcloud Contacts
+CVE-2020-8279 (Missing validation of server certificates for out-going connections in ...)
+ NOT-FOR-US: Nextcloud Social app
+CVE-2020-8278 (Improper access control in Nextcloud Social app version 0.3.1 allowed ...)
+ NOT-FOR-US: Nextcloud Social app
+CVE-2020-8277 (A Node.js application that allows an attacker to trigger a DNS request ...)
+ - c-ares 1.17.1-1
+ [buster] - c-ares <not-affected> (Introduced in 1.16)
+ [stretch] - c-ares <not-affected> (Introduced in 1.16)
+ NOTE: Originally reported for nodes, which bundles c-ares: https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#denial-of-service-through-dns-request-cve-2020-8277
+ NOTE: Fix in c-ares: https://github.com/c-ares/c-ares/commit/0d252eb3b2147179296a3bdb4ef97883c97c54d3
+ NOTE: Introduced in https://github.com/c-ares/c-ares/commit/7d3591ee8a1a63e7748e68e6d880bd1763a32885
+CVE-2020-8276 (The implementation of Brave Desktop's privacy-preserving analytics sys ...)
+ - brave-browser <itp> (bug #864795)
+CVE-2020-8275 (Citrix Secure Mail for Android before 20.11.0 suffers from improper ac ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8274 (Citrix Secure Mail for Android before 20.11.0 suffers from Improper Co ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8273 (Privilege escalation of an authenticated user to root in Citrix SD-WAN ...)
+ NOT-FOR-US: Citrix SD-WAN center
+CVE-2020-8272 (Authentication Bypass resulting in exposure of SD-WAN functionality in ...)
+ NOT-FOR-US: Citrix SD-WAN Center
+CVE-2020-8271 (Unauthenticated remote code execution with root privileges in Citrix S ...)
+ NOT-FOR-US: Citrix SD-WAN Center
+CVE-2020-8270 (An unprivileged Windows user on the VDA or an SMB user can perform arb ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8269 (An unprivileged Windows user on the VDA can perform arbitrary command ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8268 (Prototype pollution vulnerability in json8-merge-patch npm package &lt ...)
+ NOT-FOR-US: Node json8-merge-patch
+CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10 and ea ...)
+ NOT-FOR-US: UniFi Protect controller
CVE-2020-8266
RESERVED
-CVE-2020-8265
- RESERVED
-CVE-2020-8264
- RESERVED
-CVE-2020-8263
- RESERVED
-CVE-2020-8262
- RESERVED
-CVE-2020-8261
- RESERVED
-CVE-2020-8260
- RESERVED
-CVE-2020-8259
- RESERVED
-CVE-2020-8258
- RESERVED
-CVE-2020-8257
- RESERVED
-CVE-2020-8256
- RESERVED
-CVE-2020-8255
- RESERVED
-CVE-2020-8254
- RESERVED
-CVE-2020-8253
- RESERVED
-CVE-2020-8252
- RESERVED
-CVE-2020-8251
- RESERVED
-CVE-2020-8250
- RESERVED
-CVE-2020-8249
- RESERVED
-CVE-2020-8248
- RESERVED
-CVE-2020-8247
- RESERVED
-CVE-2020-8246
- RESERVED
-CVE-2020-8245
- RESERVED
-CVE-2020-8244
- RESERVED
-CVE-2020-8243
- RESERVED
-CVE-2020-8242
- RESERVED
-CVE-2020-8241
- RESERVED
-CVE-2020-8240
- RESERVED
-CVE-2020-8239
- RESERVED
-CVE-2020-8238
- RESERVED
-CVE-2020-8237
- RESERVED
-CVE-2020-8236
- RESERVED
-CVE-2020-8235
- RESERVED
-CVE-2020-8234
- RESERVED
-CVE-2020-8233
- RESERVED
-CVE-2020-8232
- RESERVED
-CVE-2020-8231
- RESERVED
-CVE-2020-8230
- RESERVED
-CVE-2020-8229
- RESERVED
-CVE-2020-8228
- RESERVED
-CVE-2020-8227
- RESERVED
-CVE-2020-8226
- RESERVED
-CVE-2020-8225
- RESERVED
-CVE-2020-8224
- RESERVED
-CVE-2020-8223
- RESERVED
-CVE-2020-8222
- RESERVED
-CVE-2020-8221
- RESERVED
-CVE-2020-8220
- RESERVED
-CVE-2020-8219
- RESERVED
-CVE-2020-8218
- RESERVED
-CVE-2020-8217
- RESERVED
-CVE-2020-8216
- RESERVED
-CVE-2020-8215
- RESERVED
-CVE-2020-8214
- RESERVED
-CVE-2020-8213
- RESERVED
-CVE-2020-8212
- RESERVED
-CVE-2020-8211
- RESERVED
-CVE-2020-8210
- RESERVED
-CVE-2020-8209
- RESERVED
-CVE-2020-8208
- RESERVED
-CVE-2020-8207
- RESERVED
-CVE-2020-8206
- RESERVED
-CVE-2020-8205
- RESERVED
-CVE-2020-8204
- RESERVED
-CVE-2020-8203
- RESERVED
-CVE-2020-8202
- RESERVED
-CVE-2020-8201
- RESERVED
-CVE-2020-8200
- RESERVED
-CVE-2020-8199
- RESERVED
-CVE-2020-8198
- RESERVED
-CVE-2020-8197
- RESERVED
-CVE-2020-8196
- RESERVED
-CVE-2020-8195
- RESERVED
-CVE-2020-8194
- RESERVED
-CVE-2020-8193
- RESERVED
-CVE-2020-8192
- RESERVED
-CVE-2020-8191
- RESERVED
-CVE-2020-8190
- RESERVED
-CVE-2020-8189
- RESERVED
-CVE-2020-8188
- RESERVED
-CVE-2020-8187
- RESERVED
-CVE-2020-8186
- RESERVED
-CVE-2020-8185
- RESERVED
-CVE-2020-8184
- RESERVED
-CVE-2020-8183
- RESERVED
-CVE-2020-8182
- RESERVED
-CVE-2020-8181
- RESERVED
-CVE-2020-8180
- RESERVED
-CVE-2020-8179
- RESERVED
-CVE-2020-8178
- RESERVED
-CVE-2020-8177
- RESERVED
-CVE-2020-8176
- RESERVED
-CVE-2020-8175
- RESERVED
-CVE-2020-8174
- RESERVED
-CVE-2020-8173
- RESERVED
-CVE-2020-8172
- RESERVED
+CVE-2020-8265 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerab ...)
+ {DSA-4826-1}
+ - nodejs 12.20.1~dfsg-1 (bug #979364)
+ [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/release/v10.23.1/
+ NOTE: https://github.com/nodejs/node/commit/7f178663ebffc82c9f8a5a1b6bf2da0c263a30ed (v10.23.1)
+CVE-2020-8264 (In actionpack gem &gt;= 6.0.0, a possible XSS vulnerability exists whe ...)
+ - rails 2:6.0.3.4+dfsg-1 (bug #971988)
+ [buster] - rails <not-affected> (Vulnerable code not present)
+ [stretch] - rails <not-affected> (Vulnerable code not present)
+ NOTE: https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ
+CVE-2020-8263 (A vulnerability in the authenticated user web interface of Pulse Conne ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure
+CVE-2020-8262 (A vulnerability in the Pulse Connect Secure / Pulse Policy Secure belo ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure / Pulse Policy Secure
+CVE-2020-8261 (A vulnerability in the Pulse Connect Secure / Pulse Policy Secure &lt; ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure / Pulse Policy Secure
+CVE-2020-8260 (A vulnerability in the Pulse Connect Secure &lt; 9.1R9 admin web inter ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure
+CVE-2020-8259 (Insufficient protection of the server-side encryption keys in Nextclou ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2020-8258 (Improper privilege management on services run by Citrix Gateway Plug-i ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8257 (Improper privilege management on services run by Citrix Gateway Plug-i ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8256 (A vulnerability in the Pulse Connect Secure &lt; 9.1R8.2 admin web int ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2020-8255 (A vulnerability in the Pulse Connect Secure &lt; 9.1R9 admin web inter ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure
+CVE-2020-8254 (A vulnerability in the Pulse Secure Desktop Client &lt; 9.1R9 has Remo ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client
+CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8252 (The implementation of realpath in libuv &lt; 10.22.1, &lt; 12.18.4, an ...)
+ - libuv1 1.39.0-1 (unimportant)
+ [stretch] - libuv1 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://hackerone.com/reports/965914
+ NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
+ NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead
+ NOTE: of the bundled one.
+ NOTE: https://github.com/libuv/libuv/issues/2965
+ NOTE: Introduced by: https://github.com/libuv/libuv/commit/b56d279b172fbe78dee2fb1d29cae9c9c5c6d1c4 (v1.24.0)
+ NOTE: Fixed by: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd (v1.39.0)
+ NOTE: Broken path in uv__fs_realpath() only taken when libuv1 build in
+ NOTE: pre-POSIX.2008 mode (defined(_POSIX_VERSION) && _POSIX_VERSION < 200809L).
+CVE-2020-8251 (Node.js &lt; 14.11.0 is vulnerable to HTTP denial of service (DoS) att ...)
+ - nodejs <not-affected> (Only affects 14.x series)
+ NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251
+CVE-2020-8250 (A vulnerability in the Pulse Secure Desktop Client (Linux) &lt; 9.1R9 ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client
+CVE-2020-8249 (A vulnerability in the Pulse Secure Desktop Client (Linux) &lt; 9.1R9 ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client
+CVE-2020-8248 (A vulnerability in the Pulse Secure Desktop Client (Linux) &lt; 9.1R9 ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client
+CVE-2020-8247 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8244 (A buffer over-read vulnerability exists in bl &lt;4.0.3, &lt;3.0.1, &l ...)
+ {DLA-2698-1}
+ - node-bl 4.0.3-1 (bug #969309)
+ [buster] - node-bl 1.1.2-1+deb10u1
+ NOTE: https://hackerone.com/reports/966347
+ NOTE: https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
+CVE-2020-8243 (A vulnerability in the Pulse Connect Secure &lt; 9.1R8.2 admin web int ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2020-8242 (Unsanitized user input in ExpressionEngine &lt;= 5.4.0 control panel m ...)
+ NOT-FOR-US: ExpressionEngine
+CVE-2020-8241 (A vulnerability in the Pulse Secure Desktop Client &lt; 9.1R9 could al ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client
+CVE-2020-8240 (A vulnerability in the Pulse Secure Desktop Client &lt; 9.1R9 allows a ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client
+CVE-2020-8239 (A vulnerability in the Pulse Secure Desktop Client &lt; 9.1R9 is vulne ...)
+ NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client
+CVE-2020-8238 (A vulnerability in the authenticated user web interface of Pulse Conne ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2020-8237 (Prototype pollution in json-bigint npm package &lt; 1.0.0 may lead to ...)
+ NOT-FOR-US: Node json-bigint
+CVE-2020-8236 (A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2020-8235 (Missing access control in Nextcloud Deck 1.0.4 caused an insecure dire ...)
+ NOT-FOR-US: Nextcloud Deck
+CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware &lt;v1.9.1 w ...)
+ NOT-FOR-US: EdgeMax EdgeSwitch firmware
+CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware &lt;v1 ...)
+ NOT-FOR-US: Edgeswitch
+CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...)
+ NOT-FOR-US: Edgeswitch
+CVE-2020-8231 (Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can us ...)
+ {DSA-4881-1 DLA-2382-1}
+ - curl 7.72.0-1 (bug #968831)
+ NOTE: https://curl.haxx.se/docs/CVE-2020-8231.html
+ NOTE: https://github.com/curl/curl/pull/5824
+ NOTE: https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8
+CVE-2020-8230 (A memory corruption vulnerability exists in NextCloud Desktop Client v ...)
+ - nextcloud-desktop <not-affected> (Windows-specific)
+CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop Clie ...)
+ - nextcloud-desktop <not-affected> (Windows-specific)
+ NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-034
+ NOTE: Windows-specific code in shell_integration/windows/OCUtil
+ NOTE: https://hackerone.com/reports/588562
+CVE-2020-8228 (A missing rate limit in the Preferred Providers app 1.7.0 allowed an a ...)
+ NOT-FOR-US: Preferred Providers app
+CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Client ...)
+ - nextcloud-desktop 3.0.1-1
+ [buster] - nextcloud-desktop <no-dsa> (Minor issue)
+ NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-032
+ NOTE: https://hackerone.com/reports/685552
+CVE-2020-8226 (A vulnerability exists in phpBB &lt;v3.2.10 and &lt;v3.3.1 which allow ...)
+ NOT-FOR-US: phpBB
+CVE-2020-8225 (A cleartext storage of sensitive information in Nextcloud Desktop Clie ...)
+ - nextcloud-desktop 3.0.1-1
+ [buster] - nextcloud-desktop <no-dsa> (Minor issue)
+ NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-031
+CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...)
+ - nextcloud-desktop <not-affected> (Windows-specific)
+ NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030
+ NOTE: https://hackerone.com/reports/622170
+CVE-2020-8223 (A logic error in Nextcloud Server 19.0.0 caused a privilege escalation ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2020-8222 (A path traversal vulnerability exists in Pulse Connect Secure &lt;9.1R ...)
+ NOT-FOR-US: Pulse
+CVE-2020-8221 (A path traversal vulnerability exists in Pulse Connect Secure &lt;9.1R ...)
+ NOT-FOR-US: Pulse
+CVE-2020-8220 (A denial of service vulnerability exists in Pulse Connect Secure &lt;9 ...)
+ NOT-FOR-US: Pulse
+CVE-2020-8219 (An insufficient permission check vulnerability exists in Pulse Connect ...)
+ NOT-FOR-US: Pulse
+CVE-2020-8218 (A code injection vulnerability exists in Pulse Connect Secure &lt;9.1R ...)
+ NOT-FOR-US: Pulse
+CVE-2020-8217 (A cross site scripting (XSS) vulnerability in Pulse Connect Secure &lt ...)
+ NOT-FOR-US: Pulse
+CVE-2020-8216 (An information disclosure vulnerability in meeting of Pulse Connect Se ...)
+ NOT-FOR-US: Pulse
+CVE-2020-8215 (A buffer overflow is present in canvas version &lt;= 1.6.9, which coul ...)
+ NOT-FOR-US: Node canvas
+CVE-2020-8214 (A path traversal vulnerability in servey version &lt; 3 allows an atta ...)
+ NOT-FOR-US: servey
+CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect before v ...)
+ NOT-FOR-US: UniFi Protect
+CVE-2020-8212 (Improper access control in Citrix XenMobile Server 10.12 before RP3, C ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8211 (Improper input validation in Citrix XenMobile Server 10.12 before RP3, ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8210 (Insufficient protection of secrets in Citrix XenMobile Server 10.12 be ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8209 (Improper access control in Citrix XenMobile Server 10.12 before RP2, C ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8208 (Improper input validation in Citrix XenMobile Server 10.12 before RP1, ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8207 (Improper access control in Citrix Workspace app for Windows 1912 CU1 a ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8206 (An improper authentication vulnerability exists in Pulse Connect Secur ...)
+ NOT-FOR-US: Pulse
+CVE-2020-8205 (The uppy npm package &lt; 1.13.2 and &lt; 2.0.0-alpha.5 is vulnerable ...)
+ NOT-FOR-US: Node uppy
+CVE-2020-8204 (A cross site scripting (XSS) vulnerability exists in Pulse Connect Sec ...)
+ NOT-FOR-US: Pulse
+CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash before ...)
+ - node-lodash 4.17.19+dfsg-1 (bug #965283)
+ [buster] - node-lodash <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://hackerone.com/reports/712065
+CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...)
+ NOT-FOR-US: Nextcloud Preferred Providers app
+CVE-2020-8201 (Node.js &lt; 12.18.4 and &lt; 14.11 can be exploited to perform HTTP d ...)
+ - nodejs 12.18.4~dfsg-1
+ [buster] - nodejs <not-affected> (Only affects 12.x and later)
+ [stretch] - nodejs <not-affected> (Only affects 12.x and later)
+ NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201
+CVE-2020-8200 (Improper authentication in Citrix StoreFront Server &lt; 1912.0.1000 a ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8197 (Privilege escalation vulnerability on Citrix ADC and Citrix Gateway ve ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8196 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8195 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8194 (Reflected code injection in Citrix ADC and Citrix Gateway versions bef ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8193 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8192 (A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0 ...)
+ NOT-FOR-US: Node fastify
+CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8189 (A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed ...)
+ - nextcloud-desktop 3.0.1-1
+ [buster] - nextcloud-desktop <no-dsa> (Minor issue)
+ NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-027
+CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v1.13. ...)
+ NOT-FOR-US: UniFi Protect
+CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
+ NOT-FOR-US: Citrix
+CVE-2020-8186 (A command injection vulnerability in the `devcert` module may lead to ...)
+ NOT-FOR-US: Node devcert
+CVE-2020-8185 (A denial of service vulnerability exists in Rails &lt;6.0.3.2 that all ...)
+ [experimental] - rails 6.0.3.2+dfsg-1 (bug #964081)
+ - rails <not-affected> (Introduced in rails 6.x)
+ NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
+CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...)
+ {DLA-2275-1}
+ - ruby-rack 2.1.1-6 (bug #963477)
+ [buster] - ruby-rack <no-dsa> (Minor issue)
+ NOTE: https://hackerone.com/reports/895727
+ NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
+CVE-2020-8183 (A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2020-8182 (Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to ...)
+ NOT-FOR-US: Nextcloud Deck
+CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...)
+ NOT-FOR-US: Nextcloud Contacts
+CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...)
+ NOT-FOR-US: Nextcloud Talk
+CVE-2020-8179 (Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to ...)
+ NOT-FOR-US: Nextcloud Deck
+CVE-2020-8178 (Insufficient input validation in npm package `jison` &lt;= 0.4.18 may ...)
+ - node-jison <not-affected> (Vulnerable code not included in Debian source)
+ NOTE: https://hackerone.com/reports/690010
+ NOTE: ports/ is stripped/excluded in the src:node-jison source package.
+CVE-2020-8177 (curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of na ...)
+ {DSA-4881-1 DLA-2295-1}
+ - curl 7.72.0-1 (bug #965281)
+ NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html
+ NOTE: https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 (7.71.0)
+CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.6 ...)
+ NOT-FOR-US: koa-shopify-auth
+CVE-2020-8175 (Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow ...)
+ NOT-FOR-US: Node jimp
+CVE-2020-8174 (napi_get_value_string_*() allows various kinds of memory corruption in ...)
+ {DSA-4696-1}
+ - nodejs 10.21.0~dfsg-1 (bug #962145)
+ [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
+ [jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#napi_get_value_string_-allows-various-kinds-of-memory-corruption-high-cve-2020-8174
+CVE-2020-8173 (A too small set of random characters being used for encryption in Next ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2020-8172 (TLS session reuse can lead to host certificate verification bypass in ...)
+ - nodejs <not-affected> (Only affects 12.x and later)
+ NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#tls-session-reuse-can-lead-to-host-certificate-verification-bypass-high-cve-2020-8172
CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...)
NOT-FOR-US: AirMax AirOS
CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...)
NOT-FOR-US: AirMax AirOS
-CVE-2020-8169
- RESERVED
+CVE-2020-8169 (curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure ...)
+ {DSA-4881-1}
+ - curl 7.72.0-1 (bug #965280)
+ [stretch] - curl <not-affected> (Vulnerable code introduced later)
+ [jessie] - curl <not-affected> (Vulnerable code introduced later)
+ NOTE: https://curl.haxx.se/docs/CVE-2020-8169.html
+ NOTE: https://github.com/curl/curl/commit/600a8cded447cd7118ed50142c576567c0cf5158 (7.71.0)
CVE-2020-8168 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...)
NOT-FOR-US: AirMax AirOS
-CVE-2020-8167
- RESERVED
-CVE-2020-8166
- RESERVED
-CVE-2020-8165
- RESERVED
-CVE-2020-8164
- RESERVED
-CVE-2020-8163
- RESERVED
-CVE-2020-8162
- RESERVED
-CVE-2020-8161 [Directory traversal in Rack::Directory]
- RESERVED
- {DLA-2216-1}
+CVE-2020-8167 (A CSRF vulnerability exists in rails &lt;= 6.0.3 rails-ujs module that ...)
+ {DSA-4766-1}
+ - rails 2:5.2.4.3+dfsg-1
+ [stretch] - rails <not-affected> (Vulnerable code introduced later)
+ [jessie] - rails <not-affected> (Vulnerable code introduced later)
+ NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
+ NOTE: https://github.com/rails/rails/commit/fbc7bec074b5ef9ae22f79ca5d9bafec7b276dd3 (5.2)
+CVE-2020-8166 (A CSRF forgery vulnerability exists in rails &lt; 5.2.5, rails &lt; 6. ...)
+ {DSA-4766-1}
+ - rails 2:5.2.4.3+dfsg-1
+ [stretch] - rails <not-affected> (Vulnerable code introduced later)
+ [jessie] - rails <not-affected> (Vulnerable code introduced later)
+ NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
+ NOTE: https://github.com/rails/rails/commit/d124f19287f4892c72ca54da728a781591c6fca1 (5.2)
+ NOTE: per-form CSRF token introduced in 5.x: https://github.com/rails/rails/commit/3e98819e20bc113343d4d4c0df614865ad5a9d3a
+CVE-2020-8165 (A deserialization of untrusted data vulnernerability exists in rails & ...)
+ {DSA-4766-1 DLA-2282-1 DLA-2251-1}
+ - rails 2:5.2.4.3+dfsg-1
+ NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
+ NOTE: https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 (MemCache backend) (5.2)
+ NOTE: https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 (Redis backend) (5.2)
+ NOTE: Redis backend introduced in 5.2: https://github.com/rails/rails/commit/9f8ec3535247ac41a9c92e84ddc7a3b771bc318b
+CVE-2020-8164 (A deserialization of untrusted data vulnerability exists in rails &lt; ...)
+ {DSA-4766-1 DLA-2282-1 DLA-2251-1}
+ [experimental] - rails 2:6.0.3.1+dfsg-1
+ - rails 2:5.2.4.3+dfsg-1
+ NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
+ NOTE: https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec (5.2)
+CVE-2020-8163 (The is a code injection vulnerability in versions of Rails prior to 5. ...)
+ {DLA-2282-1}
+ - rails 2:5.2.0+dfsg-2
+ NOTE: https://weblog.rubyonrails.org/2020/5/15/Rails-4-2-11-2-has-been-released/
+ NOTE: https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/
+ NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0
+ NOTE: https://github.com/rails/rails/commit/4c46a15e0a7815ca9e4cd7c7fda042eb8c1b7724 (4.2.11.2)
+ NOTE: Follow-up needed due to breaking change: https://github.com/rails/rails/issues/39301
+ NOTE: https://github.com/rails/rails/commit/1f3db0ad793441a0c00e85d56228fc80aafbe6c1 (4.2.11.3)
+ NOTE: Follow-up #2:
+ NOTE: https://github.com/rails/rails/commit/0ecaaf76d1b79cf2717cdac754e55b4114ad6599 (4-2-stable)
+ NOTE: For rails 5.0 the issue is fixed in >= 5.0.1
+CVE-2020-8162 (A client side enforcement of server side security vulnerability exists ...)
+ {DSA-4766-1}
+ - rails 2:5.2.4.3+dfsg-1
+ [stretch] - rails <not-affected> (Vulnerable code introduced later)
+ [jessie] - rails <not-affected> (Vulnerable code introduced later)
+ NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
+ NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be (5.2)
+CVE-2020-8161 (A directory traversal vulnerability exists in rack &lt; 2.2.0 that all ...)
+ {DLA-2275-1 DLA-2216-1}
- ruby-rack 2.1.1-5
[buster] - ruby-rack <no-dsa> (Minor issue; can be fixed via point release)
- [stretch] - ruby-rack <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ
NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e
NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa
NOTE: Test: https://github.com/rack/rack/commit/775c836bdd25b63340399fea739532d746860a94
-CVE-2020-8160
- RESERVED
+CVE-2020-8160 (MendixSSO &lt;= 2.1.1 contains endpoints that make use of the openid h ...)
+ NOT-FOR-US: MendixSSO
CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem &lt; v1.2.1 th ...)
- - ruby-actionpack-page-caching <unfixed> (bug #960680)
+ {DLA-2719-1}
+ - ruby-actionpack-page-caching 1.2.2-1 (bug #960680)
+ [buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue)
NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
-CVE-2020-8158
- RESERVED
+ NOTE: https://github.com/rails/actionpack-page_caching/commit/127da70a559bed4fc573fdb4a6d498a7d5815ce2 (v1.2.1)
+ NOTE: https://github.com/rails/actionpack-page_caching/commit/bf4aab113f90a0c5182009709d5115a1d5772608 (v1.2.2)
+CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package &lt; 0.2.25 m ...)
+ NOT-FOR-US: TypeORM
CVE-2020-8157 (UniFi Cloud Key firmware &lt;= v1.1.10 for Cloud Key gen2 and Cloud Ke ...)
NOT-FOR-US: UniFi Cloud Key
CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...)
@@ -12848,14 +54223,14 @@ CVE-2020-8154 (An Insecure direct object reference vulnerability in Nextcloud Se
- nextcloud-server <itp> (bug #941708)
CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to delete hi ...)
NOT-FOR-US: Nextcloud Groupfolders app
-CVE-2020-8152
- RESERVED
+CVE-2020-8152 (Insufficient protection of the server-side encryption keys in Nextclou ...)
+ - nextcloud-server <itp> (bug #941708)
CVE-2020-8151 (There is a possible information disclosure issue in Active Resource &l ...)
- - rails <not-affected> (Vulnerable code splitted out upstream before initial upload to Debian)
+ - rails <not-affected> (Vulnerable code splitted out upstream before initial upload to Debian)
NOTE: ActiveResource was extracted to a separate gem in starting in the 4.0 rails
NOTE: release as it was not widely used.
-CVE-2020-8150
- RESERVED
+CVE-2020-8150 (A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker t ...)
+ - nextcloud-server <itp> (bug #941708)
CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...)
NOT-FOR-US: Node logkitty
CVE-2020-8148 (UniFi Cloud Key firmware &lt; 1.1.6 contains a vulnerability that enab ...)
@@ -12890,19 +54265,20 @@ CVE-2020-8135 (The uppy npm package &lt; 1.9.3 is vulnerable to a Server-Side Re
NOT-FOR-US: Node uppy
CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS &lt; 3.1 ...)
NOT-FOR-US: Ghost CMS
-CVE-2020-8133
- RESERVED
+CVE-2020-8133 (A wrong generation of the passphrase for the encrypted block in Nextcl ...)
+ - nextcloud-server <itp> (bug #941708)
CVE-2020-8132 (Lack of input validation in pdf-image npm package version &lt;= 2.0.0 ...)
NOT-FOR-US: Node pdf-image package
CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...)
- node-yarnpkg 1.22.4-2 (bug #952912)
+ [buster] - node-yarnpkg <no-dsa> (Minor issue)
NOTE: https://hackerone.com/reports/730239
NOTE: https://github.com/yarnpkg/yarn/pull/7831
CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake &lt; 12.3. ...)
{DLA-2120-1}
- rake 12.3.3-1
[buster] - rake 12.3.1-3+deb10u1
- [stretch] - rake <no-dsa> (Minor issue)
+ [stretch] - rake 10.5.0-2+deb9u1
NOTE: https://hackerone.com/reports/651518
NOTE: Fixed by: https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee (v12.3.3)
CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...)
@@ -12917,7 +54293,7 @@ CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and e
NOT-FOR-US: klona node module
CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...)
- node-url-parse 1.4.7-1
- [buster] - node-url-parse <no-dsa> (Minor issue)
+ [buster] - node-url-parse 1.2.0-2+deb10u1
[stretch] - node-url-parse <ignored> (Nodejs in stretch not covered by security support)
NOTE: https://github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b
NOTE: https://hackerone.com/reports/496293
@@ -12935,7 +54311,7 @@ CVE-2020-8118 (An authenticated server-side request forgery in Nextcloud server
- nextcloud-server <itp> (bug #941708)
CVE-2020-8117 (Improper preservation of permissions in Nextcloud Server 14.0.3 causes ...)
- nextcloud-server <itp> (bug #941708)
-CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package version 5.1. ...)
+CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package versions bef ...)
- node-dot-prop 5.2.0-1
[buster] - node-dot-prop 4.1.1-1+deb10u1
NOTE: https://hackerone.com/reports/719856
@@ -12950,41 +54326,40 @@ CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control
- gitlab 12.6.8-3
NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...)
- {DLA-2089-1}
- - openjpeg2 <unfixed> (bug #950184)
- [buster] - openjpeg2 <no-dsa> (Minor issue)
- [stretch] - openjpeg2 <no-dsa> (Minor issue)
+ {DSA-4882-1 DLA-2277-1 DLA-2089-1}
+ - openjpeg2 2.4.0-1 (bug #950184)
NOTE: https://github.com/uclouvain/openjpeg/issues/1231
+ NOTE: https://github.com/rouault/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074 (v2.4.0)
CVE-2020-8111
- RESERVED
-CVE-2020-8110
- RESERVED
-CVE-2020-8109
- RESERVED
-CVE-2020-8108
- RESERVED
-CVE-2020-8107
- RESERVED
+ REJECTED
+CVE-2020-8110 (A vulnerability has been discovered in the ceva_emu.cvd module that re ...)
+ NOT-FOR-US: Bitdefender
+CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that results ...)
+ NOT-FOR-US: Bitdefender
+CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...)
+ NOT-FOR-US: Bitdefender
+CVE-2020-8107 (A Process Control vulnerability in ProductAgentUI.exe as used in Bitde ...)
+ NOT-FOR-US: Bitdefender
CVE-2020-8106
- RESERVED
-CVE-2020-8105
- RESERVED
+ REJECTED
+CVE-2020-8105 (OS Command Injection vulnerability in the wirelessConnect handler of A ...)
+ NOT-FOR-US: Abode iota All-In-One Security Kit
CVE-2020-8104
RESERVED
-CVE-2020-8103
- RESERVED
-CVE-2020-8102
- RESERVED
-CVE-2020-8101
- RESERVED
+CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...)
+ NOT-FOR-US: Bitdefender Antivirus Free
+CVE-2020-8102 (Improper Input Validation vulnerability in the Safepay browser compone ...)
+ NOT-FOR-US: Safepay
+CVE-2020-8101 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
+ NOT-FOR-US: Bitdefender
CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as ...)
NOT-FOR-US: Bitdefender
CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...)
NOT-FOR-US: Bitdefender Antivirus Free
CVE-2020-8098
RESERVED
-CVE-2020-8097
- RESERVED
+CVE-2020-8097 (An improper authentication vulnerability in Bitdefender Endpoint Secur ...)
+ NOT-FOR-US: Bitdefender
CVE-2020-8096 (Untrusted Search Path vulnerability in Bitdefender High-Level Antimalw ...)
NOT-FOR-US: Bitdefender
CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion ...)
@@ -13106,54 +54481,66 @@ CVE-2020-8039
RESERVED
CVE-2020-8038
RESERVED
-CVE-2020-8037
- RESERVED
-CVE-2020-8036
- RESERVED
+CVE-2020-8037 (The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a l ...)
+ {DLA-2444-1}
+ - tcpdump 4.9.3-7 (unimportant; bug #973877)
+ [buster] - tcpdump 4.9.3-1~deb10u2
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231
+CVE-2020-8036 (The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SO ...)
+ - tcpdump <not-affected> (Vulnerable code and support for SOME/IP protocol added later)
+ NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e2256b4f2506102be2c6f7976f84f0d607c53d43
CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...)
{DLA-2230-1}
- - php-horde <removed>
- [buster] - php-horde <no-dsa> (Minor issue; can be fixed via point release)
- [stretch] - php-horde <no-dsa> (Minor issue; can be fixed via point release)
+ - php-horde 5.2.23+debian0-1 (bug #963809)
+ [buster] - php-horde 5.2.20+debian0-1+deb10u2
+ [stretch] - php-horde 5.2.13+debian0-1+deb9u2
NOTE: https://github.com/horde/base/commit/64127fe3c2b9843c9760218e59dae9731cc56bdf
NOTE: https://lists.horde.org/archives/announce/2020/001290.html
CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.2 ...)
{DLA-2229-1}
- php-horde-gollem 3.0.12-6 (bug #961649)
- [buster] - php-horde-gollem <no-dsa> (Minor issue)
- [stretch] - php-horde-gollem <no-dsa> (Minor issue)
+ [buster] - php-horde-gollem 3.0.12-3+deb10u1
+ [stretch] - php-horde-gollem 3.0.10-1+deb9u1
NOTE: https://lists.horde.org/archives/announce/2020/001289.html
NOTE: https://github.com/horde/gollem/commit/a73bef1aef27d4cbfc7b939c2a81dea69aabb083
CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Nam ...)
NOT-FOR-US: Ruckus
-CVE-2020-8032
- RESERVED
-CVE-2020-8031
- RESERVED
-CVE-2020-8030
- RESERVED
-CVE-2020-8029
- RESERVED
-CVE-2020-8028
- RESERVED
-CVE-2020-8027
- RESERVED
-CVE-2020-8026
- RESERVED
-CVE-2020-8025
- RESERVED
-CVE-2020-8024
- RESERVED
-CVE-2020-8023
- RESERVED
-CVE-2020-8022
- RESERVED
+CVE-2020-8032 (A Insecure Temporary File vulnerability in the packaging of cyrus-sasl ...)
+ - cyrus-sasl2 <not-affected> (openSUSE specific packaging issue)
+CVE-2020-8031 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
+ - open-build-service <unfixed> (bug #983576)
+ [stretch] - open-build-service <postponed> (Minor issue, XSS in web app)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1178880
+CVE-2020-8030 (A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform ...)
+ NOT-FOR-US: SuSE CaaS
+CVE-2020-8029 (A Incorrect Permission Assignment for Critical Resource vulnerability ...)
+ NOT-FOR-US: SuSE CaaS
+CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of salt o ...)
+ NOT-FOR-US: Salt configuration in SUSE Server Manager
+CVE-2020-8027 (A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Ent ...)
+ NOT-FOR-US: SAP
+CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn ...)
+ - inn2 <not-affected> (inews has correct ownership in Debian)
+CVE-2020-8025 (A Incorrect Execution-Assigned Permissions vulnerability in the permis ...)
+ NOT-FOR-US: SAP
+CVE-2020-8024 (A Incorrect Default Permissions vulnerability in the packaging of hyla ...)
+ - hylafax <not-affected> (SuSE-specific packaging issue)
+CVE-2020-8023 (A acceptance of Extraneous Untrusted Data With Trusted Data vulnerabil ...)
+ NOT-FOR-US: SAP
+CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...)
+ NOT-FOR-US: SAP
CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...)
- TODO: check
+ {DLA-2545-1}
+ - open-build-service <unfixed> (bug #983576)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649
+ NOTE: https://github.com/openSUSE/open-build-service/commit/7323c904f86ba9e04065c23422d06c03647589fb
CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...)
- TODO: check
-CVE-2020-8019
- RESERVED
+ {DLA-2545-1}
+ - open-build-service <unfixed> (bug #983576)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439
+ NOTE: https://github.com/openSUSE/open-build-service/commit/7cc32c8e2ff7290698e101d9a80a9dc29a5500fb
+CVE-2020-8019 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
+ NOT-FOR-US: SAP
CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...)
NOT-FOR-US: Some SLES images
CVE-2020-8017 (A Race Condition Enabling Link Following vulnerability in the cron job ...)
@@ -13162,15 +54549,15 @@ CVE-2020-8016 (A Race Condition Enabling Link Following vulnerability in the pac
NOT-FOR-US: SuSE packaging of TexLive
CVE-2020-8015 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
NOT-FOR-US: SuSE packaging of TexLive
-CVE-2020-8014
- RESERVED
+CVE-2020-8014 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...)
+ - kopanocore <not-affected> (SuSE-specific packaging issue)
CVE-2020-8013 (A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of S ...)
NOT-FOR-US: chkstat
-CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
+CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...)
NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM)
-CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
+CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...)
NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM)
-CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...)
+CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...)
NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM)
CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...)
NOT-FOR-US: AVB MOTU devices
@@ -13285,8 +54672,8 @@ CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incor
NOT-FOR-US: Mirumee Saleor
CVE-2020-7963
RESERVED
-CVE-2020-7962
- RESERVED
+CVE-2020-7962 (An issue was discovered in One Identity Password Manager 5.8. An attac ...)
+ NOT-FOR-US: One Identity Password Manager
CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE ...)
NOT-FOR-US: Liferay Portal
CVE-2020-7960
@@ -13324,15 +54711,12 @@ CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0
NOT-FOR-US: Login by Auth0 plugin for WordPress
CVE-2020-7946
RESERVED
-CVE-2020-7945
- RESERVED
+CVE-2020-7945 (Local registry credentials were included directly in the CD4PE deploym ...)
+ NOT-FOR-US: Puppet Enterprise
CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...)
NOT-FOR-US: Puppet Enterprise
CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...)
- - puppet <unfixed> (low)
- [stretch] - puppet <no-dsa> (Minor issue)
- [buster] - puppet <no-dsa> (Minor issue)
- [jessie] - puppet <not-affected> (vulnerable code not present)
+ - puppet <not-affected> (Doesn't affect Puppet masters (passenger-based) in Debian)
- puppetdb <unfixed> (low)
[buster] - puppetdb <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/CVE-2020-7943/
@@ -13356,46 +54740,71 @@ CVE-2020-7936 (An open redirect on the login form (and possibly other places) in
NOT-FOR-US: Plone
CVE-2020-7935 (Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execu ...)
NOT-FOR-US: Artica Pandora FMS
-CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, ...)
+CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle N ...)
NOT-FOR-US: LifeRay Portal
CVE-2020-7933
RESERVED
-CVE-2020-7932
- RESERVED
+CVE-2020-7932 (OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g. ...)
+ NOT-FOR-US: OMERO
CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...)
NOT-FOR-US: JFrog Artifactory
CVE-2020-7930
RESERVED
-CVE-2020-7929
- RESERVED
-CVE-2020-7928
- RESERVED
-CVE-2020-7927
- RESERVED
-CVE-2020-7926
- RESERVED
-CVE-2020-7925
- RESERVED
-CVE-2020-7924
- RESERVED
-CVE-2020-7923
- RESERVED
+CVE-2020-7929 (A user authorized to perform database queries may trigger denial of se ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-51083
+CVE-2020-7928 (A user authorized to perform database queries may trigger a read overr ...)
+ - mongodb <removed>
+ [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jira.mongodb.org/browse/SERVER-49404
+ NOTE: https://github.com/mongodb/mongo/commit/e10ce2e779cd17c9ba217c49740cffd2bef72694 (v3.6.20, SSPL)
+ NOTE: Introduced by: https://github.com/mongodb/mongo/commit/5b8b1ca6364342d5a1bf21ec6c707edfae0f3555 (v3.5.5)
+CVE-2020-7927 (Specially crafted API calls may allow an authenticated user who holds ...)
+ NOT-FOR-US: MongoDB Ops Manager
+CVE-2020-7926 (A user authorized to perform database queries may cause denial of serv ...)
+ - mongodb <removed>
+ [stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
+ NOTE: https://jira.mongodb.org/browse/SERVER-50170
+ NOTE: https://github.com/mongodb/mongo/commit/859ec65c84f201e7aa687865633a2fa34e318174 (v4.4.1, SSPL)
+CVE-2020-7925 (Incorrect validation of user input in the role name parser may lead to ...)
+ - mongodb <removed>
+ [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jira.mongodb.org/browse/SERVER-49142
+ NOTE: https://github.com/mongodb/mongo/commit/8fbd1af03310704de68c22163900636f58f7eba8 (v3.6.19)
+ NOTE: Introduced by: https://github.com/mongodb/mongo/commit/3ca76fd569c94de72c4daf6eef27fbf9bf51233b (v3.6.18)
+CVE-2020-7924 (Usage of specific command line parameter in MongoDB Tools which was or ...)
+ - mongo-tools <unfixed> (bug #988021)
+ [buster] - mongo-tools <no-dsa> (Minor issue)
+ [stretch] - mongo-tools <no-dsa> (Minor issue)
+ NOTE: https://jira.mongodb.org/browse/TOOLS-2587
+CVE-2020-7923 (A user authorized to perform database queries may cause denial of serv ...)
+ {DLA-2344-1}
+ - mongodb <removed>
+ NOTE: https://jira.mongodb.org/browse/SERVER-47773
CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...)
NOT-FOR-US: MongoDB Enterprise
CVE-2020-7921 (Improper serialization of internal state in the authorization subsyste ...)
- TODO: check
+ - mongodb <removed>
+ [stretch] - mongodb <no-dsa> (Minor issue)
+ [jessie] - mongodb <no-dsa> (Minor issue)
+ NOTE: https://jira.mongodb.org/browse/SERVER-45472
CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...)
NOT-FOR-US: Percona Monitoring and Management (PMM)
CVE-2020-7919 (Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte ...)
+ {DSA-4848-1}
- golang-1.14 1.14~rc1-1
- golang-1.13 1.13.7-1
- golang-1.11 <removed>
- [buster] - golang-1.11 <postponed> (Minor issue, can be fixed along in next DSA)
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <not-affected> (cryptobyte stuff introduced in golang-1.10)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <not-affected> (cryptobyte stuff introduced in golang-1.10)
+ - golang <removed>
NOTE: https://github.com/golang/go/issues/36837
NOTE: https://github.com/golang/go/commit/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574 (master)
NOTE: https://github.com/golang/go/issues/36838 (Go 1.13)
NOTE: https://github.com/golang/go/commit/f938e06d0623d0e1de202575d16f1e126741f6e0 (go1.13.7)
- TODO: check older versions than golang-1.11
CVE-2020-7918 (An insecure direct object reference in webmail in totemo totemomail 7. ...)
NOT-FOR-US: totemo totemomail
CVE-2020-7917
@@ -13419,7 +54828,7 @@ CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwor
CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...)
NOT-FOR-US: JetBrains
CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact dependenc ...)
- NOT-FOR-US: JetBrains Scala plugin
+ NOT-FOR-US: JetBrains Scala plugin
CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...)
NOT-FOR-US: JetBrains
CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...)
@@ -13466,160 +54875,160 @@ CVE-2020-7885
RESERVED
CVE-2020-7884
RESERVED
-CVE-2020-7883
- RESERVED
-CVE-2020-7882
- RESERVED
-CVE-2020-7881
- RESERVED
-CVE-2020-7880
- RESERVED
-CVE-2020-7879
- RESERVED
-CVE-2020-7878
- RESERVED
-CVE-2020-7877
- RESERVED
+CVE-2020-7883 (Printchaser v2.2021.804.1 and earlier versions contain a vulnerability ...)
+ NOT-FOR-US: Printchaser
+CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...)
+ NOT-FOR-US: anySign
+CVE-2020-7881 (The vulnerability function is enabled when the streamer service relate ...)
+ NOT-FOR-US: AfreecaTV
+CVE-2020-7880 (The vulnerabilty was discovered in ActiveX module related to NeoRS rem ...)
+ NOT-FOR-US: duozone NeoRS remote support
+CVE-2020-7879 (This issue was discovered when the ipTIME C200 IP Camera was synchroni ...)
+ NOT-FOR-US: ipTIME C200 IP Camera
+CVE-2020-7878 (An arbitrary file download and execution vulnerability was found in th ...)
+ NOT-FOR-US: VideoOffice
+CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote adminis ...)
+ NOT-FOR-US: ZOOK
CVE-2020-7876
RESERVED
-CVE-2020-7875
- RESERVED
-CVE-2020-7874
- RESERVED
-CVE-2020-7873
- RESERVED
-CVE-2020-7872
- RESERVED
-CVE-2020-7871
- RESERVED
-CVE-2020-7870
- RESERVED
-CVE-2020-7869
- RESERVED
-CVE-2020-7868
- RESERVED
-CVE-2020-7867
- RESERVED
-CVE-2020-7866
- RESERVED
-CVE-2020-7865
- RESERVED
-CVE-2020-7864
- RESERVED
-CVE-2020-7863
- RESERVED
-CVE-2020-7862
- RESERVED
-CVE-2020-7861
- RESERVED
-CVE-2020-7860
- RESERVED
+CVE-2020-7875 (DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, w ...)
+ NOT-FOR-US: DEXT5 Upload
+CVE-2020-7874 (Download of code without integrity check vulnerability in NEXACRO14 Ru ...)
+ NOT-FOR-US: NEXACRO14 Runtime ActiveX control of tobesoft
+CVE-2020-7873 (Download of code without integrity check vulnerability in ActiveX cont ...)
+ NOT-FOR-US: Younglimwon
+CVE-2020-7872 (DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vuln ...)
+ NOT-FOR-US: DaviewIndy
+CVE-2020-7871 (A vulnerability of Helpcom could allow an unauthenticated attacker to ...)
+ NOT-FOR-US: Cnesty Helpcom
+CVE-2020-7870 (A memory corruption vulnerability exists when ezPDF improperly handles ...)
+ NOT-FOR-US: ezPDF
+CVE-2020-7869 (An improper input validation vulnerability of ZOOK software (remote ad ...)
+ NOT-FOR-US: ZOOK software
+CVE-2020-7868 (A remote code execution vulnerability exists in helpUS(remote administ ...)
+ NOT-FOR-US: helpUS(remote administration tool)
+CVE-2020-7867 (An improper input validation vulnerability in Helpu solution could all ...)
+ NOT-FOR-US: Helpu
+CVE-2020-7866 (When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, ...)
+ NOT-FOR-US: XPLATFORM
+CVE-2020-7865 (A vulnerability(improper input validation) in the ExECM CoreB2B soluti ...)
+ NOT-FOR-US: ExECM CoreB2B
+CVE-2020-7864 (Parameter manipulation can bypass authentication to cause file upload ...)
+ NOT-FOR-US: Raonwiz DEXT5Editor
+CVE-2020-7863 (A vulnerability in File Transfer Solution of Raonwiz could allow arbit ...)
+ NOT-FOR-US: Raonwiz
+CVE-2020-7862 (A vulnerability in agent program of HelpU remote control solution coul ...)
+ NOT-FOR-US: HelpU remote control solution
+CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows directo ...)
+ NOT-FOR-US: AnySupport
+CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, ...)
+ NOT-FOR-US: UnEgg
CVE-2020-7859
- RESERVED
-CVE-2020-7858
- RESERVED
-CVE-2020-7857
- RESERVED
-CVE-2020-7856
- RESERVED
+ REJECTED
+CVE-2020-7858 (There is a directory traversing vulnerability in the download page url ...)
+ NOT-FOR-US: AquaNPlayer
+CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated attacker t ...)
+ NOT-FOR-US: XPlatform
+CVE-2020-7856 (A vulnerability of Helpcom could allow an unauthenticated attacker to ...)
+ NOT-FOR-US: Helpcom
CVE-2020-7855
RESERVED
CVE-2020-7854
RESERVED
-CVE-2020-7853
- RESERVED
-CVE-2020-7852
- RESERVED
-CVE-2020-7851
- RESERVED
-CVE-2020-7850
- RESERVED
-CVE-2020-7849
- RESERVED
-CVE-2020-7848
- RESERVED
-CVE-2020-7847
- RESERVED
-CVE-2020-7846
- RESERVED
-CVE-2020-7845
- RESERVED
+CVE-2020-7853 (An outbound read/write vulnerability exists in XPLATFORM that does not ...)
+ NOT-FOR-US: XPLATFORM
+CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...)
+ NOT-FOR-US: DaviewIndy
+CVE-2020-7851 (Innorix Web-Based File Transfer Solution versuibs prior to and includi ...)
+ NOT-FOR-US: Innorix
+CVE-2020-7850 (NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerabilit ...)
+ NOT-FOR-US: NBBDownloader.ocx ActiveX Control in Groupware
+CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...)
+ NOT-FOR-US: uPrism.io CURIX
+CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...)
+ NOT-FOR-US: EFM ipTIME C200 IP Camera
+CVE-2020-7847 (The ipTIME NAS product allows an arbitrary file upload vulnerability i ...)
+ NOT-FOR-US: ipTIME NAS product
+CVE-2020-7846 (Helpcom before v10.0 contains a file download and execution vulnerabil ...)
+ NOT-FOR-US: Helpcom
+CVE-2020-7845 (Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerabi ...)
+ NOT-FOR-US: Spamsniper
CVE-2020-7844
RESERVED
CVE-2020-7843
RESERVED
-CVE-2020-7842
- RESERVED
-CVE-2020-7841
- RESERVED
+CVE-2020-7842 (Improper Input validation vulnerability exists in Netis Korea D'live A ...)
+ NOT-FOR-US: Netis Korea D'live AP
+CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT XPLATFORM w ...)
+ NOT-FOR-US: TOBESOFT XPLATFORM
CVE-2020-7840
RESERVED
-CVE-2020-7839
- RESERVED
-CVE-2020-7838
- RESERVED
-CVE-2020-7837
- RESERVED
-CVE-2020-7836
- RESERVED
+CVE-2020-7839 (In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability c ...)
+ NOT-FOR-US: MaEPSBroker
+CVE-2020-7838 (A arbitrary code execution vulnerability exists in the way that the St ...)
+ NOT-FOR-US: Smilegate STOVE Client
+CVE-2020-7837 (An issue was discovered in ML Report Program. There is a stack-based b ...)
+ NOT-FOR-US: ML Report Program
+CVE-2020-7836 (VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-ba ...)
+ NOT-FOR-US: VOICEYE WSActiveBridgeES
CVE-2020-7835
RESERVED
CVE-2020-7834
RESERVED
CVE-2020-7833
RESERVED
-CVE-2020-7832
- RESERVED
-CVE-2020-7831
- RESERVED
-CVE-2020-7830
- RESERVED
-CVE-2020-7829
- RESERVED
-CVE-2020-7828
- RESERVED
-CVE-2020-7827
- RESERVED
-CVE-2020-7826
- RESERVED
-CVE-2020-7825
- RESERVED
-CVE-2020-7824
- RESERVED
-CVE-2020-7823
- RESERVED
-CVE-2020-7822
- RESERVED
-CVE-2020-7821
- RESERVED
-CVE-2020-7820
- RESERVED
-CVE-2020-7819
- RESERVED
-CVE-2020-7818
- RESERVED
-CVE-2020-7817
- RESERVED
-CVE-2020-7816
- RESERVED
-CVE-2020-7815
- RESERVED
-CVE-2020-7814
- RESERVED
+CVE-2020-7832 (A vulnerability (improper input validation) in the DEXT5 Upload soluti ...)
+ NOT-FOR-US: DEXT5 Upload
+CVE-2020-7831 (A vulnerability in the web-based contract management service interface ...)
+ NOT-FOR-US: Inogard Ebiz4u
+CVE-2020-7830 (RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability tha ...)
+ NOT-FOR-US: RAONWIZ
+CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...)
+ NOT-FOR-US: DaviewIndy
+CVE-2020-7828 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...)
+ NOT-FOR-US: DaviewIndy
+CVE-2020-7827 (DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerabi ...)
+ NOT-FOR-US: DaviewIndy
+CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a ...)
+ NOT-FOR-US: EyeSurfer BflyInstallerX.ocx
+CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...)
+ NOT-FOR-US: MiPlatform
+CVE-2020-7824 (A vulnerability in the web-based management interface of iPECS could a ...)
+ NOT-FOR-US: iPECS
+CVE-2020-7823 (DaviewIndy has a Memory corruption vulnerability, triggered when the u ...)
+ NOT-FOR-US: DaviewIndy
+CVE-2020-7822 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...)
+ NOT-FOR-US: DaviewIndy
+CVE-2020-7821 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a ...)
+ NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library
+CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a ...)
+ NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library
+CVE-2020-7819 (A SQL-Injection vulnerability in the nTracker USB Enterprise(secure US ...)
+ NOT-FOR-US: nTracker USB Enterprise
+CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, ...)
+ NOT-FOR-US: Daview
+CVE-2020-7817 (MyBrowserPlus downloads the files needed to run the program through th ...)
+ NOT-FOR-US: MyBrowserPlus
+CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...)
+ NOT-FOR-US: DaView
+CVE-2020-7815 (XPLATFORM v9.2.260 and eariler versions contain a vulnerability that c ...)
+ NOT-FOR-US: XPLATFORM
+CVE-2020-7814 (RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability tha ...)
+ NOT-FOR-US: RAONWIZ
CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
NOT-FOR-US: Kaoni
CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
NOT-FOR-US: Kaoni ezHTTPTrans
-CVE-2020-7811
- RESERVED
-CVE-2020-7810
- RESERVED
+CVE-2020-7811 (Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows priv ...)
+ NOT-FOR-US: Samsung
+CVE-2020-7810 (hslogin2.dll ActiveX Control in Groupware contains a vulnerability tha ...)
+ NOT-FOR-US: hslogin2.dll ActiveX Control in Groupware
CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM) ...)
NOT-FOR-US: ALSong
CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...)
NOT-FOR-US: RAONWIZ K Upload
-CVE-2020-7807
- RESERVED
+CVE-2020-7807 (A vulnerability that can hijack a DLL file that is loaded during produ ...)
+ NOT-FOR-US: LG
CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...)
NOT-FOR-US: Tobesoft Xplatform
CVE-2020-7805 (An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) an ...)
@@ -13644,304 +55053,368 @@ CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSR
NOT-FOR-US: Zimbra Collaboration Suite (ZCS)
CVE-2020-7795
RESERVED
-CVE-2020-7794
- RESERVED
-CVE-2020-7793
- RESERVED
-CVE-2020-7792
- RESERVED
-CVE-2020-7791
- RESERVED
-CVE-2020-7790
- RESERVED
-CVE-2020-7789
- RESERVED
-CVE-2020-7788
- RESERVED
-CVE-2020-7787
- RESERVED
-CVE-2020-7786
- RESERVED
-CVE-2020-7785
- RESERVED
-CVE-2020-7784
- RESERVED
+CVE-2020-7794 (This affects all versions of package buns. The injection point is loca ...)
+ NOT-FOR-US: Node buns
+CVE-2020-7793 (The package ua-parser-js before 0.7.23 are vulnerable to Regular Expre ...)
+ - node-ua-parser-js 0.7.23+ds-1
+ [buster] - node-ua-parser-js <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599
+ NOTE: https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18 (0.7.23)
+CVE-2020-7792 (This affects all versions of package mout. The deepFillIn function can ...)
+ NOT-FOR-US: Node mout
+CVE-2020-7791 (This affects the package i18n before 2.1.15. Vulnerability arises out ...)
+ NOT-FOR-US: i18n module for asp.net
+CVE-2020-7790 (This affects the package spatie/browsershot from 0.0.0. By specifying ...)
+ NOT-FOR-US: spatie/browsershot
+CVE-2020-7789 (This affects the package node-notifier before 9.0.0. It allows an atta ...)
+ NOT-FOR-US: Node node-notifier
+CVE-2020-7788 (This affects the package ini before 1.3.6. If an attacker submits a ma ...)
+ {DLA-2503-1}
+ - node-ini 2.0.0-1 (bug #977718)
+ [buster] - node-ini 1.3.5-1+deb10u1
+ NOTE: https://snyk.io/vuln/SNYK-JS-INI-1048974
+ NOTE: https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6)
+CVE-2020-7787 (This affects all versions of package react-adal. It is possible for a ...)
+ NOT-FOR-US: Node react-adal
+CVE-2020-7786 (This affects all versions of package macfromip. The injection point is ...)
+ NOT-FOR-US: Node macfromip
+CVE-2020-7785 (This affects all versions of package node-ps. The injection point is l ...)
+ NOT-FOR-US: Noed node-ps
+CVE-2020-7784 (This affects all versions of package ts-process-promises. The injectio ...)
+ NOT-FOR-US: Node ts-process-promises
CVE-2020-7783
RESERVED
-CVE-2020-7782
- RESERVED
-CVE-2020-7781
- RESERVED
-CVE-2020-7780
- RESERVED
-CVE-2020-7779
- RESERVED
-CVE-2020-7778
- RESERVED
-CVE-2020-7777
- RESERVED
-CVE-2020-7776
- RESERVED
-CVE-2020-7775
- RESERVED
-CVE-2020-7774
- RESERVED
-CVE-2020-7773
- RESERVED
-CVE-2020-7772
- RESERVED
-CVE-2020-7771
- RESERVED
-CVE-2020-7770
- RESERVED
-CVE-2020-7769
- RESERVED
-CVE-2020-7768
- RESERVED
-CVE-2020-7767
- RESERVED
-CVE-2020-7766
- RESERVED
-CVE-2020-7765
- RESERVED
-CVE-2020-7764
- RESERVED
-CVE-2020-7763
- RESERVED
-CVE-2020-7762
- RESERVED
-CVE-2020-7761
- RESERVED
-CVE-2020-7760
- RESERVED
-CVE-2020-7759
- RESERVED
-CVE-2020-7758
- RESERVED
-CVE-2020-7757
- RESERVED
+CVE-2020-7782 (This affects all versions of package spritesheet-js. It depends on a v ...)
+ NOT-FOR-US: Node spritesheet-js
+CVE-2020-7781 (This affects the package connection-tester before 0.2.1. The injection ...)
+ NOT-FOR-US: Node connection-tester
+CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_2.13 ...)
+ NOT-FOR-US: om.softwaremill.akka-http-session:core_2.13
+CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular Expressi ...)
+ NOT-FOR-US: Node djvalidator
+CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The attacker ...)
+ NOT-FOR-US: Node systeminformation
+CVE-2020-7777 (This affects all versions of package jsen. If an attacker can control ...)
+ NOT-FOR-US: Node jsen
+CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The libr ...)
+ NOT-FOR-US: phpoffice/phpspreadsheet
+CVE-2020-7775 (This affects all versions of package freediskspace. The vulnerability ...)
+ NOT-FOR-US: Node freediskspace
+CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po ...)
+ - node-y18n 4.0.0-3 (bug #976390)
+ [buster] - node-y18n 3.2.1-2+deb10u1
+ [stretch] - node-y18n <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-JS-Y18N-1021887
+ NOTE: https://github.com/yargs/y18n/issues/96
+ NOTE: https://github.com/yargs/y18n/pull/108
+CVE-2020-7773 (This affects the package markdown-it-highlightjs before 3.3.1. It is p ...)
+ NOT-FOR-US: Node markdown-it-highlightjs
+CVE-2020-7772 (This affects the package doc-path before 2.1.2. ...)
+ NOT-FOR-US: Node doc-path
+CVE-2020-7771 (The package asciitable.js before 1.0.3 are vulnerable to Prototype Pol ...)
+ NOT-FOR-US: Node asciitable.js
+CVE-2020-7770 (This affects the package json8 before 1.0.3. The function adds in the ...)
+ NOT-FOR-US: Node json8
+CVE-2020-7769 (This affects the package nodemailer before 6.4.16. Use of crafted reci ...)
+ - node-nodemailer 6.4.16-1
+ NOTE: https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834
+ NOTE: https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54
+CVE-2020-7768 (The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 ...)
+ NOT-FOR-US: Node grpc
+CVE-2020-7767 (All versions of package express-validators are vulnerable to Regular E ...)
+ NOT-FOR-US: Node express-validators
+CVE-2020-7766 (This affects all versions of package json-ptr. The issue occurs in the ...)
+ NOT-FOR-US: Node json-ptr
+CVE-2020-7765 (This affects the package @firebase/util before 0.3.4. This vulnerabili ...)
+ NOT-FOR-US: Node firebase/util
+CVE-2020-7764 (This affects the package find-my-way before 2.2.5, from 3.0.0 and befo ...)
+ NOT-FOR-US: Node find-my-way
+CVE-2020-7763 (This affects the package phantom-html-to-pdf before 0.6.1. ...)
+ NOT-FOR-US: Node phantom-html-to-pdf
+CVE-2020-7762 (This affects the package jsreport-chrome-pdf before 1.10.0. ...)
+ NOT-FOR-US: Node jsreport-chrome-pdf
+CVE-2020-7761 (This affects the package @absolunet/kafe before 3.2.10. It allows caus ...)
+ NOT-FOR-US: @absolunet/kafe
+CVE-2020-7760 (This affects the package codemirror before 5.58.2; the package org.apa ...)
+ {DSA-4789-1}
+ - codemirror-js 5.58.2+~cs0.23.101-1
+ [stretch] - codemirror-js <not-affected> (Vulnerable code added later)
+ NOTE: https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937
+ NOTE: https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
+CVE-2020-7759 (The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable ...)
+ NOT-FOR-US: pimcore
+CVE-2020-7758 (This affects versions of package browserless-chrome before 1.40.2-chro ...)
+ NOT-FOR-US: Node browserless-chrome
+CVE-2020-7757 (This affects all versions of package droppy. It is possible to travers ...)
+ NOT-FOR-US: droppy
CVE-2020-7756
RESERVED
-CVE-2020-7755
- RESERVED
-CVE-2020-7754
- RESERVED
-CVE-2020-7753
- RESERVED
-CVE-2020-7752
- RESERVED
-CVE-2020-7751
- RESERVED
-CVE-2020-7750
- RESERVED
-CVE-2020-7749
- RESERVED
-CVE-2020-7748
- RESERVED
-CVE-2020-7747
- RESERVED
-CVE-2020-7746
- RESERVED
-CVE-2020-7745
- RESERVED
-CVE-2020-7744
- RESERVED
-CVE-2020-7743
- RESERVED
-CVE-2020-7742
- RESERVED
-CVE-2020-7741
- RESERVED
-CVE-2020-7740
- RESERVED
-CVE-2020-7739
- RESERVED
-CVE-2020-7738
- RESERVED
-CVE-2020-7737
- RESERVED
-CVE-2020-7736
- RESERVED
-CVE-2020-7735
- RESERVED
-CVE-2020-7734
- RESERVED
-CVE-2020-7733
- RESERVED
+CVE-2020-7755 (All versions of package dat.gui are vulnerable to Regular Expression D ...)
+ NOT-FOR-US: dat.GUI
+CVE-2020-7754 (This affects the package npm-user-validate before 1.0.1. The regex tha ...)
+ NOT-FOR-US: npm-user-validate
+CVE-2020-7753 (All versions of package trim are vulnerable to Regular Expression Deni ...)
+ NOT-FOR-US: Node trim
+CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This packag ...)
+ NOT-FOR-US: Node systeminformation
+CVE-2020-7751 (pathval before version 1.1.1 is vulnerable to prototype pollution. ...)
+ - node-pathval 1.1.0-4 (bug #972895)
+ [buster] - node-pathval 1.1.0-3+deb10u1
+ NOTE: https://snyk.io/vuln/SNYK-JS-PATHVAL-596926
+ NOTE: https://github.com/chaijs/pathval/pull/58
+CVE-2020-7750 (This affects the package scratch-svg-renderer before 0.2.0-prerelease. ...)
+ NOT-FOR-US: scratch-svg-renderer nodejs module
+CVE-2020-7749 (This affects all versions of package osm-static-maps. User input given ...)
+ NOT-FOR-US: osm-static-maps nodejs module
+CVE-2020-7748 (This affects the package @tsed/core before 5.65.7. This vulnerability ...)
+ NOT-FOR-US: Ts.ED
+CVE-2020-7747 (This affects all versions of package lightning-server. It is possible ...)
+ NOT-FOR-US: lightning-server nodejs module
+CVE-2020-7746 (This affects the package chart.js before 2.9.4. The options parameter ...)
+ - node-chart.js 2.9.4+dfsg+~cs2.10.1-1
+ [buster] - node-chart.js <ignored> (Minor issue; intrusive to backport)
+ NOTE: https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716
+ NOTE: https://github.com/chartjs/Chart.js/pull/7920
+CVE-2020-7745 (This affects the package MintegralAdSDK before 6.6.0.0. The SDK distri ...)
+ NOT-FOR-US: MintegralAdSDK
+CVE-2020-7744 (This affects all versions of package com.mintegral.msdk:alphab. The An ...)
+ NOT-FOR-US: com.mintegral.msdk:alphab
+CVE-2020-7743 (The package mathjs before 7.5.1 are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node mathjs
+CVE-2020-7742 (This affects the package simpl-schema before 1.10.2. ...)
+ NOT-FOR-US: Node simpl-schema
+CVE-2020-7741 (This affects the package hellojs before 1.18.6. The code get the param ...)
+ NOT-FOR-US: hello.js
+CVE-2020-7740 (This affects all versions of package node-pdf-generator. Due to lack o ...)
+ NOT-FOR-US: Node pdf-generator
+CVE-2020-7739 (This affects all versions of package phantomjs-seo. It is possible for ...)
+ NOT-FOR-US: Node phantomjs-seo
+CVE-2020-7738 (All versions of package shiba are vulnerable to Arbitrary Code Executi ...)
+ NOT-FOR-US: Node shiba
+CVE-2020-7737 (All versions of package safetydance are vulnerable to Prototype Pollut ...)
+ NOT-FOR-US: Node safetydance
+CVE-2020-7736 (The package bmoor before 0.8.12 are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node bmoor
+CVE-2020-7735 (The package ng-packagr before 10.1.1 are vulnerable to Command Injecti ...)
+ NOT-FOR-US: ng-packagr
+CVE-2020-7734 (All versions of package cabot are vulnerable to Cross-site Scripting ( ...)
+ NOT-FOR-US: cabot
+CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to Regular Expre ...)
+ - node-ua-parser-js <not-affected> (No affected version present in the archive, introduced after 0.7.14 and fixed in 0.7.22)
+ NOTE: https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d
+ NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226
CVE-2020-7732
RESERVED
-CVE-2020-7731
- RESERVED
-CVE-2020-7730
- RESERVED
-CVE-2020-7729
- RESERVED
+CVE-2020-7731 (This affects all versions of package github.com/russellhaering/gosaml2 ...)
+ - golang-github-russellhaering-gosaml2 <itp> (bug #948190)
+ NOTE: https://github.com/russellhaering/gosaml2/issues/59
+ NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302
+CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Injection v ...)
+ NOT-FOR-US: bestzip nodejs module
+CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...)
+ {DLA-2368-1}
+ - grunt 1.3.0-1 (bug #969668)
+ [buster] - grunt 1.0.1-8+deb10u1
+ NOTE: https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
+ NOTE: https://snyk.io/vuln/SNYK-JS-GRUNT-597546
CVE-2020-7728
RESERVED
-CVE-2020-7727
- RESERVED
-CVE-2020-7726
- RESERVED
-CVE-2020-7725
- RESERVED
-CVE-2020-7724
- RESERVED
-CVE-2020-7723
- RESERVED
-CVE-2020-7722
- RESERVED
-CVE-2020-7721
- RESERVED
-CVE-2020-7720
- RESERVED
-CVE-2020-7719
- RESERVED
-CVE-2020-7718
- RESERVED
-CVE-2020-7717
- RESERVED
-CVE-2020-7716
- RESERVED
-CVE-2020-7715
- RESERVED
-CVE-2020-7714
- RESERVED
-CVE-2020-7713
- RESERVED
-CVE-2020-7712
- RESERVED
-CVE-2020-7711
- RESERVED
-CVE-2020-7710
- RESERVED
-CVE-2020-7709
- RESERVED
-CVE-2020-7708
- RESERVED
-CVE-2020-7707
- RESERVED
-CVE-2020-7706
- RESERVED
-CVE-2020-7705
- RESERVED
-CVE-2020-7704
- RESERVED
-CVE-2020-7703
- RESERVED
-CVE-2020-7702
- RESERVED
-CVE-2020-7701
- RESERVED
-CVE-2020-7700
- RESERVED
-CVE-2020-7699
- RESERVED
-CVE-2020-7698
- RESERVED
-CVE-2020-7697
- RESERVED
-CVE-2020-7696
- RESERVED
-CVE-2020-7695
- RESERVED
-CVE-2020-7694
- RESERVED
-CVE-2020-7693
- RESERVED
-CVE-2020-7692
- RESERVED
-CVE-2020-7691
- RESERVED
-CVE-2020-7690
- RESERVED
-CVE-2020-7689
- RESERVED
-CVE-2020-7688
- RESERVED
-CVE-2020-7687
- RESERVED
-CVE-2020-7686
- RESERVED
-CVE-2020-7685
- RESERVED
-CVE-2020-7684
- RESERVED
-CVE-2020-7683
- RESERVED
-CVE-2020-7682
- RESERVED
-CVE-2020-7681
- RESERVED
-CVE-2020-7680
- RESERVED
-CVE-2020-7679
- RESERVED
+CVE-2020-7727 (All versions of package gedi are vulnerable to Prototype Pollution via ...)
+ NOT-FOR-US: Node gedi
+CVE-2020-7726 (All versions of package safe-object2 are vulnerable to Prototype Pollu ...)
+ NOT-FOR-US: Node safe-object2
+CVE-2020-7725 (All versions of package worksmith are vulnerable to Prototype Pollutio ...)
+ NOT-FOR-US: Node worksmith
+CVE-2020-7724 (All versions of package tiny-conf are vulnerable to Prototype Pollutio ...)
+ NOT-FOR-US: Node tiny-conf
+CVE-2020-7723 (All versions of package promisehelpers are vulnerable to Prototype Pol ...)
+ NOT-FOR-US: Node promisehelpers
+CVE-2020-7722 (All versions of package nodee-utils are vulnerable to Prototype Pollut ...)
+ NOT-FOR-US: Node nodee-utils
+CVE-2020-7721 (All versions of package node-oojs are vulnerable to Prototype Pollutio ...)
+ NOT-FOR-US: Node node-oojs
+CVE-2020-7720 (The package node-forge before 0.10.0 is vulnerable to Prototype Pollut ...)
+ - node-node-forge 0.10.0~dfsg-1 (bug #969669)
+ [buster] - node-node-forge <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
+ NOTE: https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756
+CVE-2020-7719 (Versions of package locutus before 2.0.12 are vulnerable to prototype ...)
+ NOT-FOR-US: Node locutus
+CVE-2020-7718 (All versions of package gammautils are vulnerable to Prototype Polluti ...)
+ NOT-FOR-US: Node gammautils
+CVE-2020-7717 (All versions of package dot-notes are vulnerable to Prototype Pollutio ...)
+ NOT-FOR-US: Node dot-notes
+CVE-2020-7716 (All versions of package deeps are vulnerable to Prototype Pollution vi ...)
+ NOT-FOR-US: Node deeps
+CVE-2020-7715 (All versions of package deep-get-set are vulnerable to Prototype Pollu ...)
+ NOT-FOR-US: Node deep-get-set
+CVE-2020-7714 (All versions of package confucious are vulnerable to Prototype Polluti ...)
+ NOT-FOR-US: Node confucious
+CVE-2020-7713 (All versions of package arr-flatten-unflatten are vulnerable to Protot ...)
+ NOT-FOR-US: Node arr-flatten-unflatten
+CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to inject ...)
+ NOT-FOR-US: Node json
+CVE-2020-7711 (This affects all versions of package github.com/russellhaering/goxmlds ...)
+ - golang-github-russellhaering-goxmldsig 1.1.1-1 (bug #968928)
+ [bullseye] - golang-github-russellhaering-goxmldsig <no-dsa> (Minor issue)
+ [buster] - golang-github-russellhaering-goxmldsig <no-dsa> (Minor issue)
+ NOTE: https://github.com/russellhaering/goxmldsig/issues/48
+ NOTE: https://github.com/russellhaering/goxmldsig/commit/fb23e0af61c023e3a6dae8ad30dbd0f04d8a4d8f
+CVE-2020-7710 (This affects all versions of package safe-eval. It is possible for an ...)
+ NOT-FOR-US: Node safe-eval
+CVE-2020-7709 (This affects the package json-pointer before 0.6.1. Multiple reference ...)
+ NOT-FOR-US: Node json-pointer
+CVE-2020-7708 (The package irrelon-path before 4.7.0; the package @irrelon/path befor ...)
+ NOT-FOR-US: Node irrelon-path
+CVE-2020-7707 (The package property-expr before 2.0.3 are vulnerable to Prototype Pol ...)
+ NOT-FOR-US: Node property-expr
+CVE-2020-7706 (The package connie-lang before 0.1.1 are vulnerable to Prototype Pollu ...)
+ NOT-FOR-US: Node connie-lang
+CVE-2020-7705 (This affects the package MintegralAdSDK from 0.0.0. The SDK distribute ...)
+ NOT-FOR-US: MintegralAdSDK
+CVE-2020-7704 (The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pol ...)
+ NOT-FOR-US: Node linux-cmdline
+CVE-2020-7703 (All versions of package nis-utils are vulnerable to Prototype Pollutio ...)
+ NOT-FOR-US: Node nis-utils
+CVE-2020-7702 (All versions of package templ8 are vulnerable to Prototype Pollution v ...)
+ NOT-FOR-US: templ8
+CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node madlib-object-utils
+CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via parse_ ...)
+ NOT-FOR-US: phpjs
+CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...)
+ NOT-FOR-US: express-fileupload
+CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...)
+ NOT-FOR-US: Gerapy
+CVE-2020-7697 (This affects all versions of package mock2easy. a malicious user could ...)
+ NOT-FOR-US: mock2easy nodejs module
+CVE-2020-7696 (This affects all versions of package react-native-fast-image. When an ...)
+ NOT-FOR-US: react-native-fast-image nodejs module
+CVE-2020-7695 (Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF s ...)
+ - python-uvicorn 0.13.3-1 (bug #969275)
+ [buster] - python-uvicorn <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-PYTHON-UVICORN-570471
+ NOTE: https://github.com/encode/uvicorn/issues/719
+CVE-2020-7694 (This affects all versions of package uvicorn. The request logger provi ...)
+ - python-uvicorn 0.13.3-1 (bug #969276)
+ [buster] - python-uvicorn <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-PYTHON-UVICORN-575560
+ NOTE: https://github.com/encode/uvicorn/issues/723
+CVE-2020-7693 (Incorrect handling of Upgrade header with the value websocket leads in ...)
+ - node-socks <itp> (bug #922921)
+CVE-2020-7692 (PKCE support is not implemented in accordance with the RFC for OAuth 2 ...)
+ - google-oauth-client-java 1.28.0-2 (bug #988944)
+ NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276
+ NOTE: https://github.com/googleapis/google-oauth-java-client/issues/469
+ NOTE: https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824
+CVE-2020-7691 (In all versions of the package jspdf, it is possible to use &lt;&lt;sc ...)
+ NOT-FOR-US: jspdf
+CVE-2020-7690 (All affected versions &lt;2.0.0 of package jspdf are vulnerable to Cro ...)
+ NOT-FOR-US: jspdf
+CVE-2020-7689 (Data is truncated wrong when its length is greater than 255 bytes. ...)
+ NOT-FOR-US: Node bcrypt
+CVE-2020-7688 (The issue occurs because tagName user input is formatted inside the ex ...)
+ NOT-FOR-US: Node mversion
+CVE-2020-7687 (This affects all versions of package fast-http. There is no path sanit ...)
+ NOT-FOR-US: Node fast-http
+CVE-2020-7686 (This affects all versions of package rollup-plugin-dev-server. There i ...)
+ NOT-FOR-US: Node rollup-plugin-dev-server
+CVE-2020-7685 (This affects all versions of package UmbracoForms. When using the defa ...)
+ NOT-FOR-US: UmbracoForms
+CVE-2020-7684 (This affects all versions of package rollup-plugin-serve. There is no ...)
+ NOT-FOR-US: Node rollup-plugin-server
+CVE-2020-7683 (This affects all versions of package rollup-plugin-server. There is no ...)
+ NOT-FOR-US: Node rollup-plugin-server
+CVE-2020-7682 (This affects all versions of package marked-tree. There is no path san ...)
+ NOT-FOR-US: Node marked-tree
+CVE-2020-7681 (This affects all versions of package marscode. There is no path saniti ...)
+ NOT-FOR-US: Node marscode
+CVE-2020-7680 (docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). ...)
+ NOT-FOR-US: docsify
+CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility function ...)
+ NOT-FOR-US: Node casperjs
CVE-2020-7678
RESERVED
CVE-2020-7677
RESERVED
-CVE-2020-7676
- RESERVED
-CVE-2020-7675
- RESERVED
-CVE-2020-7674
- RESERVED
-CVE-2020-7673
- RESERVED
-CVE-2020-7672
- RESERVED
-CVE-2020-7671
- RESERVED
-CVE-2020-7670
- RESERVED
-CVE-2020-7669
- RESERVED
-CVE-2020-7668
- RESERVED
-CVE-2020-7667
- RESERVED
-CVE-2020-7666
- RESERVED
-CVE-2020-7665
- RESERVED
-CVE-2020-7664
- RESERVED
-CVE-2020-7663
- RESERVED
-CVE-2020-7662
- RESERVED
-CVE-2020-7661
- RESERVED
+CVE-2020-7676 (angular.js prior to 1.8.0 allows cross site scripting. The regex-based ...)
+ - angular.js 1.8.0-1
+ [buster] - angular.js <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - angular.js <ignored> (Nodejs in stretch not covered by security support)
+ [jessie] - angular.js <no-dsa> (Minor issue, low usage of 2014-era Nodejs)
+ NOTE: https://github.com/angular/angular.js/pull/17028
+ NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
+CVE-2020-7675 (cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. ...)
+ NOT-FOR-US: Node cd-messenger
+CVE-2020-7674 (access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. ...)
+ NOT-FOR-US: Node access-policy
+CVE-2020-7673 (node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. U ...)
+ - node-extend <not-affected> (Vulnerable code not present)
+ NOTE: Debian's node-extend is a different package(fork?) which doesn't eval()
+CVE-2020-7672 (mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User inp ...)
+ NOT-FOR-US: Node mosc
+CVE-2020-7671 (goliath through 1.0.6 allows request smuggling attacks where goliath i ...)
+ NOT-FOR-US: Ruby gem goliath
+CVE-2020-7670 (agoo prior to 2.14.0 allows request smuggling attacks where agoo is us ...)
+ NOT-FOR-US: Ruby gem agoo
+CVE-2020-7669 (This affects all versions of package github.com/u-root/u-root/pkg/taru ...)
+ NOT-FOR-US: github.com/u-root/u-root/pkg/tarutil Go package
+CVE-2020-7668 (In all versions of the package github.com/unknwon/cae/tz, the ExtractT ...)
+ - golang-github-unknwon-cae <removed> (bug #967956)
+ NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384
+CVE-2020-7667 (In package github.com/sassoftware/go-rpmutils/cpio before version 0.1. ...)
+ NOT-FOR-US: github.com/sassoftware/go-rpmutils/cpio go module
+CVE-2020-7666 (This affects all versions of package github.com/u-root/u-root/pkg/cpio ...)
+ NOT-FOR-US: github.com/u-root/u-root/pkg/cpio Go package
+CVE-2020-7665 (This affects all versions of package github.com/u-root/u-root/pkg/uzip ...)
+ NOT-FOR-US: github.com/u-root/u-root/pkg/uzip Go package
+CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the Extract ...)
+ - golang-github-unknwon-cae <removed> (bug #967955)
+ NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383
+CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of Servi ...)
+ {DLA-2334-1}
+ - ruby-websocket-extensions 0.1.5-1 (bug #964274)
+ [buster] - ruby-websocket-extensions 0.1.2-1+deb10u1
+ NOTE: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2
+ NOTE: https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b
+CVE-2020-7662 (websocket-extensions npm module prior to 0.1.4 allows Denial of Servic ...)
+ NOT-FOR-US: Node websocket-extensions
+CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression Denial ...)
+ NOT-FOR-US: Node url-regex
CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to inject ...)
- TODO: check
+ NOT-FOR-US: serialize-javascript Node package
CVE-2020-7659 (reel through 0.6.1 allows Request Smuggling attacks due to incorrect C ...)
- TODO: check
+ - reel <removed>
+ [stretch] - reel <end-of-life> (Not supported in Stretch LTS)
+ NOTE: https://snyk.io/vuln/SNYK-RUBY-REEL-569135
CVE-2020-7658 (meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP ...)
NOT-FOR-US: meinheld
CVE-2020-7657
RESERVED
CVE-2020-7656 (jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ...)
- jquery 2.2.4+dfsg-1
+ [jessie] - jquery <ignored> (Too intrusive to backport)
NOTE: https://snyk.io/vuln/SNYK-JS-JQUERY-569619
+ NOTE: See debian-lts discussion starting at: https://lists.debian.org/debian-lts/2020/06/msg00025.html
CVE-2020-7655 (netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP ...)
NOT-FOR-US: netius
CVE-2020-7654 (All versions of snyk-broker before 4.73.1 are vulnerable to Informatio ...)
- TODO: check
+ NOT-FOR-US: snyk-broker
CVE-2020-7653 (All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary ...)
- TODO: check
+ NOT-FOR-US: snyk-broker
CVE-2020-7652 (All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary ...)
- TODO: check
+ NOT-FOR-US: snyk-broker
CVE-2020-7651 (All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary ...)
- TODO: check
+ NOT-FOR-US: snyk-broker
CVE-2020-7650 (All versions of snyk-broker after 4.72.0 including and before 4.73.1 a ...)
- TODO: check
+ NOT-FOR-US: snyk-broker
CVE-2020-7649
RESERVED
CVE-2020-7648 (All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary ...)
- TODO: check
+ NOT-FOR-US: snyk-broker
CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...)
NOT-FOR-US: jooby
-CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary commands.It is ...)
+CVE-2020-7646 (curlrequest through 1.0.1 allows reading any file by populating the fi ...)
NOT-FOR-US: Noed curlrequest
CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...)
NOT-FOR-US: Node chrome-launcher
@@ -13959,7 +55432,7 @@ CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollut
NOT-FOR-US: Node eivindfjeldstad-dot
CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...)
NOT-FOR-US: Node confinit
-CVE-2020-7637 (class-transformer through 0.2.3 is vulnerable to Prototype Pollution. ...)
+CVE-2020-7637 (class-transformer before 0.3.1 allow attackers to perform Prototype Po ...)
NOT-FOR-US: Node class-transformer
CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It allows ...)
NOT-FOR-US: Node adb-driver
@@ -13977,7 +55450,7 @@ CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection.
NOT-FOR-US: git-add-remote node module
CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...)
NOT-FOR-US: install-package node module
-CVE-2020-7628 (install-package through 1.1.6 is vulnerable to Command Injection. It a ...)
+CVE-2020-7628 (umount through 1.1.6 is vulnerable to Command Injection. The argument ...)
NOT-FOR-US: install-package node module
CVE-2020-7627 (node-key-sender through 1.0.11 is vulnerable to Command Injection. It ...)
NOT-FOR-US: node-key-sender node module
@@ -13989,7 +55462,7 @@ CVE-2020-7624 (effect through 1.0.4 is vulnerable to Command Injection. It allow
NOT-FOR-US: effect node module
CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It allows ex ...)
NOT-FOR-US: Node jscover
-CVE-2020-7622 (All versions of Jooby before 2.2.1 are vulnerable to HTTP Response Spl ...)
+CVE-2020-7622 (This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 ...)
NOT-FOR-US: Jooby
CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command Injecti ...)
NOT-FOR-US: Node strong-nginx-controller
@@ -14049,7 +55522,7 @@ CVE-2020-7599 (All versions of com.gradle.plugin-publish before 0.11.0 are vulne
NOT-FOR-US: com.gradle.plugin-publish
CVE-2020-7598 (minimist before 1.2.2 could be tricked into adding or modifying proper ...)
- node-minimist 1.2.5-1 (bug #953762)
- [buster] - node-minimist <no-dsa> (Minor issue)
+ [buster] - node-minimist 1.2.0-1+deb10u1
[stretch] - node-minimist <ignored> (Nodejs in stretch not covered by security support)
NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
NOTE: POC: https://gist.github.com/Kirill89/47feb345b09bf081317f08dd43403a8a
@@ -14059,219 +55532,219 @@ CVE-2020-7597 (codecov-node npm module before 3.6.5 allows remote attackers to e
CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...)
NOT-FOR-US: Codecov npm module
CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...)
+ {DLA-2369-1}
- libxml2 2.9.10+dfsg-2.1 (bug #949582)
- [buster] - libxml2 <no-dsa> (Minor issue)
- [stretch] - libxml2 <no-dsa> (Minor issue)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u1
[jessie] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5
CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remo ...)
NOT-FOR-US: MultiTech Conduit MTCDT-LVW2-24XX devices
-CVE-2020-7593
- RESERVED
-CVE-2020-7592
- RESERVED
-CVE-2020-7591
- RESERVED
-CVE-2020-7590
- RESERVED
-CVE-2020-7589
- RESERVED
-CVE-2020-7588
- RESERVED
-CVE-2020-7587
- RESERVED
-CVE-2020-7586
- RESERVED
-CVE-2020-7585
- RESERVED
-CVE-2020-7584
- RESERVED
-CVE-2020-7583
- RESERVED
+CVE-2020-7593 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7592 (A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Ge ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7591 (A vulnerability has been identified in SIPORT MP (All versions &lt; 3. ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7590 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
+ NOT-FOR-US: DCA Vantage Analyzer
+CVE-2020-7589 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7588 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7587 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7586 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7585 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7584 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU family ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7583 (A vulnerability has been identified in Automation License Manager 5 (A ...)
+ NOT-FOR-US: Siemens
CVE-2020-7582
RESERVED
-CVE-2020-7581
- RESERVED
-CVE-2020-7580
- RESERVED
+CVE-2020-7581 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7580 (A vulnerability has been identified in SIMATIC Automation Tool (All ve ...)
+ NOT-FOR-US: Siemens
CVE-2020-7579 (A vulnerability has been identified in Spectrum Power&#8482; 5 (All ve ...)
NOT-FOR-US: Siemens
-CVE-2020-7578
- RESERVED
-CVE-2020-7577
- RESERVED
-CVE-2020-7576
- RESERVED
+CVE-2020-7578 (A vulnerability has been identified in Camstar Enterprise Platform (Al ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7577 (A vulnerability has been identified in Camstar Enterprise Platform (Al ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7576 (A vulnerability has been identified in Camstar Enterprise Platform (Al ...)
+ NOT-FOR-US: Siemens
CVE-2020-7575 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...)
NOT-FOR-US: Climatix
CVE-2020-7574 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...)
NOT-FOR-US: Climatix
-CVE-2020-7573
- RESERVED
-CVE-2020-7572
- RESERVED
-CVE-2020-7571
- RESERVED
-CVE-2020-7570
- RESERVED
-CVE-2020-7569
- RESERVED
-CVE-2020-7568
- RESERVED
-CVE-2020-7567
- RESERVED
-CVE-2020-7566
- RESERVED
-CVE-2020-7565
- RESERVED
-CVE-2020-7564
- RESERVED
-CVE-2020-7563
- RESERVED
-CVE-2020-7562
- RESERVED
-CVE-2020-7561
- RESERVED
-CVE-2020-7560
- RESERVED
-CVE-2020-7559
- RESERVED
-CVE-2020-7558
- RESERVED
-CVE-2020-7557
- RESERVED
-CVE-2020-7556
- RESERVED
-CVE-2020-7555
- RESERVED
-CVE-2020-7554
- RESERVED
-CVE-2020-7553
- RESERVED
-CVE-2020-7552
- RESERVED
-CVE-2020-7551
- RESERVED
-CVE-2020-7550
- RESERVED
-CVE-2020-7549
- RESERVED
-CVE-2020-7548
- RESERVED
-CVE-2020-7547
- RESERVED
-CVE-2020-7546
- RESERVED
-CVE-2020-7545
- RESERVED
-CVE-2020-7544
- RESERVED
-CVE-2020-7543
- RESERVED
-CVE-2020-7542
- RESERVED
-CVE-2020-7541
- RESERVED
-CVE-2020-7540
- RESERVED
-CVE-2020-7539
- RESERVED
-CVE-2020-7538
- RESERVED
-CVE-2020-7537
- RESERVED
-CVE-2020-7536
- RESERVED
-CVE-2020-7535
- RESERVED
-CVE-2020-7534
- RESERVED
-CVE-2020-7533
- RESERVED
-CVE-2020-7532
- RESERVED
-CVE-2020-7531
- RESERVED
-CVE-2020-7530
- RESERVED
-CVE-2020-7529
- RESERVED
-CVE-2020-7528
- RESERVED
-CVE-2020-7527
- RESERVED
-CVE-2020-7526
- RESERVED
-CVE-2020-7525
- RESERVED
-CVE-2020-7524
- RESERVED
-CVE-2020-7523
- RESERVED
-CVE-2020-7522
- RESERVED
-CVE-2020-7521
- RESERVED
-CVE-2020-7520
- RESERVED
-CVE-2020-7519
- RESERVED
-CVE-2020-7518
- RESERVED
-CVE-2020-7517
- RESERVED
-CVE-2020-7516
- RESERVED
-CVE-2020-7515
- RESERVED
-CVE-2020-7514
- RESERVED
-CVE-2020-7513
- RESERVED
-CVE-2020-7512
- RESERVED
-CVE-2020-7511
- RESERVED
-CVE-2020-7510
- RESERVED
-CVE-2020-7509
- RESERVED
-CVE-2020-7508
- RESERVED
-CVE-2020-7507
- RESERVED
-CVE-2020-7506
- RESERVED
-CVE-2020-7505
- RESERVED
-CVE-2020-7504
- RESERVED
-CVE-2020-7503
- RESERVED
-CVE-2020-7502
- RESERVED
-CVE-2020-7501
- RESERVED
-CVE-2020-7500
- RESERVED
-CVE-2020-7499
- RESERVED
-CVE-2020-7498
- RESERVED
-CVE-2020-7497
- RESERVED
-CVE-2020-7496
- RESERVED
-CVE-2020-7495
- RESERVED
-CVE-2020-7494
- RESERVED
-CVE-2020-7493
- RESERVED
-CVE-2020-7492
- RESERVED
-CVE-2020-7491
- RESERVED
+CVE-2020-7573 (A CWE-284 Improper Access Control vulnerability exists in EcoStruxure ...)
+ NOT-FOR-US: EcoStruxure Building Operation WebReports
+CVE-2020-7572 (A CWE-611 Improper Restriction of XML External Entity Reference vulner ...)
+ NOT-FOR-US: EcoStruxure Building Operation WebReports
+CVE-2020-7571 (A CWE-79 Multiple Improper Neutralization of Input During Web Page Gen ...)
+ NOT-FOR-US: EcoStruxure Building Operation WebReports
+CVE-2020-7570 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...)
+ NOT-FOR-US: EcoStruxure Building Operation WebReports
+CVE-2020-7569 (A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerabilit ...)
+ NOT-FOR-US: EcoStruxure Building Operation WebReports
+CVE-2020-7568 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7567 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists i ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7566 (A CWE-334: Small Space of Random Values vulnerability exists in Modico ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7565 (A CWE-326: Inadequate Encryption Strength vulnerability exists in Modi ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7564 (A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7563 (A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7562 (A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server o ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7561 (A CWE-284: Improper Access Control vulnerability exists in Easergy T30 ...)
+ NOT-FOR-US: Easergy
+CVE-2020-7560 (A CWE-123: Write-what-where Condition vulnerability exists in EcoStrux ...)
+ NOT-FOR-US: EcoStruxure Control Expert
+CVE-2020-7559 (A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer ...)
+ NOT-FOR-US: EcoStruxure Control Expert
+CVE-2020-7558 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition ...)
+ NOT-FOR-US: IGSS Definition (Def.exe)
+CVE-2020-7557 (A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition ( ...)
+ NOT-FOR-US: IGSS Definition (Def.exe)
+CVE-2020-7556 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition ...)
+ NOT-FOR-US: IGSS Definition (Def.exe)
+CVE-2020-7555 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition ...)
+ NOT-FOR-US: IGSS Definition (Def.exe)
+CVE-2020-7554 (A CWE-119 Improper Restriction of Operations within the Bounds of a Me ...)
+ NOT-FOR-US: IGSS Definition (Def.exe)
+CVE-2020-7553 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition ...)
+ NOT-FOR-US: IGSS Definition (Def.exe)
+CVE-2020-7552 (A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition ...)
+ NOT-FOR-US: IGSS Definition (Def.exe)
+CVE-2020-7551 (A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition ...)
+ NOT-FOR-US: IGSS Definition (Def.exe)
+CVE-2020-7550 (A CWE-119 Improper Restriction of Operations within the Bounds of a Me ...)
+ NOT-FOR-US: IGSS Definition (Def.exe)
+CVE-2020-7549 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7548 (A CWE-330 - Use of Insufficiently Random Values vulnerability exists i ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7547 (A CWE-284: Improper Access Control vulnerability exists in EcoStruxure ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7546 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7545 (A CWE-284:Improper Access Control vulnerability exists in EcoStruxure& ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7544 (A CWE-269 Improper Privilege Management vulnerability exists in EcoStr ...)
+ NOT-FOR-US: EcoStruxure Operator Terminal Expert runtime
+CVE-2020-7543 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7542 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7541 (A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7540 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7539 (A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnera ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7538 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ NOT-FOR-US: EcoStruxure Control Expert
+CVE-2020-7537 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7536 (A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnera ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7535 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7534 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on t ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web Server o ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...)
+ NOT-FOR-US: SCADAPack x70 Security Administrator
+CVE-2020-7531 (A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x ...)
+ NOT-FOR-US: SCADAPack 7x Remote Connect
+CVE-2020-7530 (A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x ...)
+ NOT-FOR-US: SCADAPack 7x Remote Connect
+CVE-2020-7529 (A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ( ...)
+ NOT-FOR-US: SCADAPack 7x Remote Connect
+CVE-2020-7528 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...)
+ NOT-FOR-US: SCADAPack 7x Remote Connect
+CVE-2020-7527 (Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) a ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7526 (Improper Input Validation vulnerability exists in PowerChute Business ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7525 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7524 (Out-of-bounds Write vulnerability exists in Modicon M218 Logic Control ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7523 (Improper Privilege Management vulnerability exists in Schneider Electr ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7522 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7521 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7520 (A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnera ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7519 (A CWE-521: Weak Password Requirements vulnerability exists in Easergy ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7518 (A CWE-20: Improper input validation vulnerability exists in Easergy Bu ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7517 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7516 (A CWE-316: Cleartext Storage of Sensitive Information in Memory vulner ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7515 (A CWE-321: Use of hard-coded cryptographic key stored in cleartext vul ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7514 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7513 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent Third Party Components with vuln ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-7511 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-7510 (A CWE-200: Information Exposure vulnerability exists in Easergy T300 ( ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-7509 (A CWE-269: Improper privilege management (write) vulnerability exists ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-7508 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-7507 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists in E ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-7506 (A CWE-200: Information Exposure vulnerability exists in Easergy T300, ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-7505 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-7504 (A CWE-20: Improper Input Validation vulnerability exists in Easergy T3 ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-7503 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in E ...)
+ NOT-FOR-US: Easergy T300
+CVE-2020-7502 (A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Lo ...)
+ NOT-FOR-US: Modicon
+CVE-2020-7501 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7500 (A CWE-89:Improper Neutralization of Special Elements used in an SQL Co ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7499 (A CWE-863: Incorrect Authorization vulnerability exists in U.motion Se ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7498 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in the U ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7497 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7496 (A CWE-88: Argument Injection or Modification vulnerability exists in E ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7495 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7494 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7493 (A CWE-89: Improper Neutralization of Special Elements used in an SQL C ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in the GP-P ...)
+ NOT-FOR-US: Schneider
+CVE-2020-7491 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in ...)
+ NOT-FOR-US: Schneider
CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...)
NOT-FOR-US: Schneider
CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...)
@@ -14289,7 +55762,7 @@ CVE-2020-7484 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the
CVE-2020-7483 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause ce ...)
NOT-FOR-US: Schneider Electric
CVE-2020-7482 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...)
- NOT-FOR-US: Andover Continuum
+ NOT-FOR-US: Andover Continuum
CVE-2020-7481 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...)
NOT-FOR-US: Andover Continuum
CVE-2020-7480 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...)
@@ -14308,8 +55781,8 @@ CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability exists
NOT-FOR-US: ProSoft Configurator
CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...)
NOT-FOR-US: Citrix
-CVE-2020-7472
- RESERVED
+CVE-2020-7472 (An authorization bypass and PHP local-file-include vulnerability in th ...)
+ NOT-FOR-US: SugarCRM
CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ...)
{DSA-4629-1}
- python-django 2:2.2.10-1 (bug #950581)
@@ -14321,34 +55794,36 @@ CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0
NOTE: https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd (1.11.28)
CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the ...)
NOT-FOR-US: Sonoff TH 10 and 16 devices
-CVE-2020-7469
- RESERVED
-CVE-2020-7468
- RESERVED
-CVE-2020-7467
- RESERVED
-CVE-2020-7466
- RESERVED
-CVE-2020-7465
- RESERVED
-CVE-2020-7464
- RESERVED
-CVE-2020-7463
- RESERVED
-CVE-2020-7462
- RESERVED
-CVE-2020-7461
- RESERVED
-CVE-2020-7460
- RESERVED
-CVE-2020-7459
- RESERVED
-CVE-2020-7458
- RESERVED
-CVE-2020-7457
- RESERVED
-CVE-2020-7456
- RESERVED
+CVE-2020-7469 (In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12. ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+CVE-2020-7468 (In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12. ...)
+ NOT-FOR-US: FreeBSD ftpd
+CVE-2020-7467 (In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12. ...)
+ NOT-FOR-US: FreeBSD
+CVE-2020-7466 (The PPP implementation of MPD before 5.9 allows a remote attacker who ...)
+ NOT-FOR-US: MPD (FreeBSD PPP daemon)
+CVE-2020-7465 (The L2TP implementation of MPD before 5.9 allows a remote attacker who ...)
+ NOT-FOR-US: MPD (FreeBSD PPP daemon)
+CVE-2020-7464 (In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12. ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+CVE-2020-7463 (In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12. ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+CVE-2020-7462 (In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, imprope ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+CVE-2020-7461 (In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12. ...)
+ NOT-FOR-US: FreeBSD
+CVE-2020-7460 (In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-ST ...)
+ NOT-FOR-US: FreeBSD
+CVE-2020-7459 (In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-ST ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:21.usb_net.asc
+CVE-2020-7458 (In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and ...)
+ NOT-FOR-US: FreeBSD
+CVE-2020-7457 (In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-ST ...)
+ NOT-FOR-US: FreeBSD
+CVE-2020-7456 (In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-ST ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:17.usb.asc
CVE-2020-7455 (In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-ST ...)
NOT-FOR-US: FreeBSD
CVE-2020-7454 (In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-ST ...)
@@ -14481,50 +55956,50 @@ CVE-2020-7392
RESERVED
CVE-2020-7391
RESERVED
-CVE-2020-7390
- RESERVED
-CVE-2020-7389
- RESERVED
-CVE-2020-7388
- RESERVED
-CVE-2020-7387
- RESERVED
+CVE-2020-7390 (Sage X3 Stored XSS Vulnerability on &#8216;Edit&#8217; Page of User Pr ...)
+ NOT-FOR-US: Sage X3
+CVE-2020-7389 (Sage X3 System CHAINE Variable Script Command Injection. An authentica ...)
+ NOT-FOR-US: Sage X3
+CVE-2020-7388 (Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in Ad ...)
+ NOT-FOR-US: Sage X3
+CVE-2020-7387 (Sage X3 Installation Pathname Disclosure. A specially crafted packet c ...)
+ NOT-FOR-US: Sage X3
CVE-2020-7386
RESERVED
-CVE-2020-7385
- RESERVED
-CVE-2020-7384
- RESERVED
-CVE-2020-7383
- RESERVED
-CVE-2020-7382
- RESERVED
-CVE-2020-7381
- RESERVED
+CVE-2020-7385 (By launching the drb_remote_codeexec exploit, a Metasploit Framework u ...)
+ NOT-FOR-US: Rapid7
+CVE-2020-7384 (Rapid7's Metasploit msfvenom framework handles APK files in a way that ...)
+ NOT-FOR-US: Rapid7
+CVE-2020-7383 (A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that m ...)
+ NOT-FOR-US: Rapid7 Nexpose
+CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted ...)
+ NOT-FOR-US: Rapid7 Nexpose installer
+CVE-2020-7381 (In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose inst ...)
+ NOT-FOR-US: Rapid7 Nexpose installer
CVE-2020-7380
RESERVED
CVE-2020-7379
RESERVED
-CVE-2020-7378
- RESERVED
-CVE-2020-7377
- RESERVED
-CVE-2020-7376
- RESERVED
+CVE-2020-7378 (CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an ...)
+ NOT-FOR-US: CRIXP OpenCRX
+CVE-2020-7377 (The Metasploit Framework module "auxiliary/admin/http/telpho10_credent ...)
+ NOT-FOR-US: Metasploit Framework module
+CVE-2020-7376 (The Metasploit Framework module "post/osx/gather/enum_osx module" is a ...)
+ NOT-FOR-US: Metasploit Framework module
CVE-2020-7375
RESERVED
-CVE-2020-7374
- RESERVED
-CVE-2020-7373
- RESERVED
+CVE-2020-7374 (Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scan ...)
+ NOT-FOR-US: Documalis Free PDF Editor
+CVE-2020-7373 (vBulletin 5.5.4 through 5.6.2 allows remote command execution via craf ...)
+ NOT-FOR-US: vBulletin
CVE-2020-7372
RESERVED
-CVE-2020-7371
- RESERVED
-CVE-2020-7370
- RESERVED
-CVE-2020-7369
- RESERVED
+CVE-2020-7371 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ NOT-FOR-US: Yandex Browser
+CVE-2020-7370 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ NOT-FOR-US: Danyil Vasilenko's Bolt Browser
+CVE-2020-7369 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ NOT-FOR-US: Yandex Browser
CVE-2020-7368
RESERVED
CVE-2020-7367
@@ -14533,32 +56008,32 @@ CVE-2020-7366
RESERVED
CVE-2020-7365
RESERVED
-CVE-2020-7364
- RESERVED
-CVE-2020-7363
- RESERVED
+CVE-2020-7364 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ NOT-FOR-US: UCWeb's UC Browser
+CVE-2020-7363 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ NOT-FOR-US: UCWeb's UC Browser
CVE-2020-7362
RESERVED
-CVE-2020-7361
- RESERVED
-CVE-2020-7360
- RESERVED
+CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command injecti ...)
+ NOT-FOR-US: EasyCorp ZenTao Pro application
+CVE-2020-7360 (An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartCo ...)
+ NOT-FOR-US: SmartControl
CVE-2020-7359
RESERVED
-CVE-2020-7358
- RESERVED
-CVE-2020-7357
- RESERVED
-CVE-2020-7356
- RESERVED
-CVE-2020-7355
- RESERVED
-CVE-2020-7354
- RESERVED
+CVE-2020-7358 (In AppSpider installer versions prior to 7.2.126, the AppSpider instal ...)
+ NOT-FOR-US: AppSpider installer
+CVE-2020-7357 (Cayin CMS suffers from an authenticated OS semi-blind command injectio ...)
+ NOT-FOR-US: Cayin CMS
+CVE-2020-7356 (CAYIN xPost suffers from an unauthenticated SQL Injection vulnerabilit ...)
+ NOT-FOR-US: CAYIN xPost
+CVE-2020-7355 (Cross-site Scripting (XSS) vulnerability in the 'notes' field of a dis ...)
+ NOT-FOR-US: Metasploit Pro
+CVE-2020-7354 (Cross-site Scripting (XSS) vulnerability in the 'host' field of a disc ...)
+ NOT-FOR-US: Metasploit Pro
CVE-2020-7353
RESERVED
-CVE-2020-7352
- RESERVED
+CVE-2020-7352 (The GalaxyClientService component of GOG Galaxy runs with elevated SYS ...)
+ NOT-FOR-US: GOG Galaxy
CVE-2020-7351 (An OS Command Injection vulnerability in the endpoint_devicemap.php co ...)
NOT-FOR-US: Fonality Trixbox Community Edition
CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from an ins ...)
@@ -14569,116 +56044,116 @@ CVE-2020-7348
RESERVED
CVE-2020-7347
RESERVED
-CVE-2020-7346
- RESERVED
+CVE-2020-7346 (Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP ...)
+ NOT-FOR-US: McAfee
CVE-2020-7345
RESERVED
CVE-2020-7344
RESERVED
-CVE-2020-7343
- RESERVED
+CVE-2020-7343 (Missing Authorization vulnerability in McAfee Agent (MA) for Windows p ...)
+ NOT-FOR-US: McAfee
CVE-2020-7342
RESERVED
CVE-2020-7341
RESERVED
CVE-2020-7340
RESERVED
-CVE-2020-7339
- RESERVED
+CVE-2020-7339 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAf ...)
+ NOT-FOR-US: McAfee
CVE-2020-7338
RESERVED
-CVE-2020-7337
- RESERVED
-CVE-2020-7336
- RESERVED
-CVE-2020-7335
- RESERVED
-CVE-2020-7334
- RESERVED
-CVE-2020-7333
- RESERVED
-CVE-2020-7332
- RESERVED
-CVE-2020-7331
- RESERVED
-CVE-2020-7330
- RESERVED
-CVE-2020-7329
- RESERVED
-CVE-2020-7328
- RESERVED
-CVE-2020-7327
- RESERVED
-CVE-2020-7326
- RESERVED
-CVE-2020-7325
- RESERVED
-CVE-2020-7324
- RESERVED
-CVE-2020-7323
- RESERVED
-CVE-2020-7322
- RESERVED
+CVE-2020-7337 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7336 (Cross Site Request Forgery vulnerability in McAfee Network Security Ma ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7335 (Privilege Escalation vulnerability in Microsoft Windows client McAfee ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7334 (Improper privilege assignment vulnerability in the installer McAfee Ap ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7333 (Cross site scripting vulnerability in the firewall ePO extension of Mc ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7332 (Cross Site Request Forgery vulnerability in the firewall ePO extension ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7331 (Unquoted service executable path in McAfee Endpoint Security (ENS) pri ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7330 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) tr ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7329 (Server-side request forgery vulnerability in the ePO extension in McAf ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7328 (External entity attack vulnerability in the ePO extension in McAfee MV ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7327 (Improperly implemented security check in McAfee MVISION Endpoint Detec ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7326 (Improperly implemented security check in McAfee Active Response (MAR) ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7325 (Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7324 (Improper Access Control vulnerability in McAfee MVISION Endpoint prior ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7323 (Authentication Protection Bypass vulnerability in McAfee Endpoint Secu ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7322 (Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) ...)
+ NOT-FOR-US: McAfee
CVE-2020-7321
RESERVED
-CVE-2020-7320
- RESERVED
-CVE-2020-7319
- RESERVED
-CVE-2020-7318
- RESERVED
-CVE-2020-7317
- RESERVED
-CVE-2020-7316
- RESERVED
-CVE-2020-7315
- RESERVED
-CVE-2020-7314
- RESERVED
+CVE-2020-7320 (Protection Mechanism Failure vulnerability in McAfee Endpoint Security ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7319 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7318 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7317 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7316 (Unquoted service path vulnerability in McAfee File and Removable Media ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7315 (DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7314 (Privilege Escalation Vulnerability in the installer in McAfee Data Exc ...)
+ NOT-FOR-US: McAfee
CVE-2020-7313
RESERVED
-CVE-2020-7312
- RESERVED
-CVE-2020-7311
- RESERVED
-CVE-2020-7310
- RESERVED
-CVE-2020-7309
- RESERVED
-CVE-2020-7308
- RESERVED
-CVE-2020-7307
- RESERVED
-CVE-2020-7306
- RESERVED
-CVE-2020-7305
- RESERVED
-CVE-2020-7304
- RESERVED
-CVE-2020-7303
- RESERVED
-CVE-2020-7302
- RESERVED
-CVE-2020-7301
- RESERVED
-CVE-2020-7300
- RESERVED
-CVE-2020-7299
- RESERVED
-CVE-2020-7298
- RESERVED
-CVE-2020-7297
- RESERVED
-CVE-2020-7296
- RESERVED
-CVE-2020-7295
- RESERVED
-CVE-2020-7294
- RESERVED
-CVE-2020-7293
- RESERVED
-CVE-2020-7292
- RESERVED
+CVE-2020-7312 (DLL Search Order Hijacking Vulnerability in the installer in McAfee Ag ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7311 (Privilege Escalation vulnerability in the installer in McAfee Agent (M ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7310 (Privilege Escalation vulnerability in the installer in McAfee McAfee T ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7309 (Cross Site Scripting vulnerability in ePO extension in McAfee Applicat ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7308 (Cleartext Transmission of Sensitive Information between McAfee Endpoin ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7307 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7306 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7305 (Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7304 (Cross site request forgery vulnerability in McAfee Data Loss Preventio ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7303 (Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7302 (Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Pr ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7301 (Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7300 (Improper Authorization vulnerability in McAfee Data Loss Prevention (D ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7299 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7298 (Unexpected behavior violation in McAfee Total Protection (MTP) prior t ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7297 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7296 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7295 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7294 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7293 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7292 (Inappropriate Encoding for output context vulnerability in McAfee Web ...)
+ NOT-FOR-US: McAfee
CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
NOT-FOR-US: McAfee
CVE-2020-7290 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
@@ -14693,18 +56168,18 @@ CVE-2020-7286 (Privilege Escalation vulnerability in McAfee Exploit Detection an
NOT-FOR-US: McAfee
CVE-2020-7285 (Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to ...)
NOT-FOR-US: McAfee
-CVE-2020-7284
- RESERVED
-CVE-2020-7283
- RESERVED
-CVE-2020-7282
- RESERVED
-CVE-2020-7281
- RESERVED
-CVE-2020-7280
- RESERVED
-CVE-2020-7279
- RESERVED
+CVE-2020-7284 (Exposure of Sensitive Information in McAfee Network Security Managemen ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7283 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) be ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7282 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) be ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7281 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7280 (Privilege Escalation vulnerability during daily DAT updates when using ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7279 (DLL Search Order Hijacking Vulnerability in the installer component of ...)
+ NOT-FOR-US: McAfee
CVE-2020-7278 (Exploiting incorrectly configured access control security levels vulne ...)
NOT-FOR-US: McAfee
CVE-2020-7277 (Protection mechanism failure in all processes in McAfee Endpoint Secur ...)
@@ -14721,12 +56196,12 @@ CVE-2020-7272
RESERVED
CVE-2020-7271
RESERVED
-CVE-2020-7270
- RESERVED
-CVE-2020-7269
- RESERVED
-CVE-2020-7268
- RESERVED
+CVE-2020-7270 (Exposure of Sensitive Information in the web interface in McAfee Advan ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7269 (Exposure of Sensitive Information in the web interface in McAfee Advan ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7268 (Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prio ...)
+ NOT-FOR-US: McAfee
CVE-2020-7267 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...)
NOT-FOR-US: McAfee
CVE-2020-7266 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...)
@@ -14735,10 +56210,10 @@ CVE-2020-7265 (Privilege Escalation vulnerability in McAfee Endpoint Security (E
NOT-FOR-US: McAfee
CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...)
NOT-FOR-US: McAfee
-CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS for W ...)
+CVE-2020-7263 (Improper access control vulnerability in ESconfigTool.exe in McAfee En ...)
NOT-FOR-US: ENS for Windows
-CVE-2020-7262
- RESERVED
+CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...)
+ NOT-FOR-US: McAfee
CVE-2020-7261 (Buffer Overflow via Environment Variables vulnerability in AMSI compon ...)
NOT-FOR-US: McAfee
CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee Application ...)
@@ -14769,8 +56244,8 @@ CVE-2020-7248 (libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a t
NOT-FOR-US: libubox in OpenWrt
CVE-2020-XXXX [opensmtpd DoS via opportunistic TLS downgrade]
- opensmtpd 6.6.2p1-1 (bug #950121)
- [stretch] - opensmtpd 6.0.2p1-2+deb9u2
[buster] - opensmtpd 6.0.3p1-5+deb10u3
+ [stretch] - opensmtpd 6.0.2p1-2+deb9u2
NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/018_smtpd_tls.patch.sig
CVE-2020-7247 (smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6 ...)
{DSA-4611-1}
@@ -14798,15 +56273,18 @@ CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow atta
CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...)
NOT-FOR-US: conversation-watson plugin for WordPress
CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...)
- {DLA-2110-1 DLA-2109-1}
+ {DSA-4885-1 DLA-2364-1 DLA-2110-1 DLA-2109-1}
- netty 1:4.1.45-1 (bug #950967)
- netty-3.9 <removed>
+ [stretch] - netty-3.9 <not-affected> (Incomplete fix for CVE-2019-16869 was not applied)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225
NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1
NOTE: Issue exists because of incomplete fix for CVE-2019-16869.
NOTE: https://github.com/netty/netty/issues/9861#issuecomment-582307539 (same fix as CVE-2019-20445)
CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...)
- cacti 1.2.9+ds1-1 (bug #949997)
+ [buster] - cacti 1.2.2+ds1-2+deb10u3
+ [stretch] - cacti <no-dsa> (Minor issue)
[jessie] - cacti <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Cacti/cacti/issues/3201
NOTE: https://github.com/Cacti/cacti/commit/5010719dbd160198be3e07bb994cf237e3af1308
@@ -14818,7 +56296,7 @@ CVE-2020-7234 (Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via
NOT-FOR-US: Ruckus ZoneFlex R310 devices
CVE-2020-7233 (KMS Controls BAC-A1616BC BACnet devices have a cleartext password of s ...)
NOT-FOR-US: KMS Controls BAC-A1616BC BACnet devices
-CVE-2020-7232 (Evoko Home 1.31 devices allow remote attackers to obtain sensitive inf ...)
+CVE-2020-7232 (Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain ...)
NOT-FOR-US: Evoko Home devices
CVE-2020-7231 (Evoko Home 1.31 devices provide different error messages for failed lo ...)
NOT-FOR-US: Evoko Home devices
@@ -14850,7 +56328,7 @@ CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC servi
[buster] - consul <no-dsa> (Minor issue)
NOTE: https://github.com/hashicorp/consul/issues/7159
NOTE: Fixed in 1.6.3.
-CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded res ...)
+CVE-2020-7218 (HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services al ...)
- nomad 0.10.3+dfsg1-1
NOTE: https://github.com/hashicorp/nomad/issues/7002
CVE-2020-7217 (An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0. ...)
@@ -14881,142 +56359,142 @@ CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code execut
NOT-FOR-US: LinuxKI
CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved i ...)
NOT-FOR-US: LinuxKI
-CVE-2020-7207
- RESERVED
-CVE-2020-7206
- RESERVED
-CVE-2020-7205
- RESERVED
+CVE-2020-7207 (A local elevation of privilege using physical access security vulnerab ...)
+ NOT-FOR-US: HPE
+CVE-2020-7206 (HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has ...)
+ NOT-FOR-US: HP nagios plugin for iLO
+CVE-2020-7205 (A potential security vulnerability has been identified in HPE Intellig ...)
+ NOT-FOR-US: HPE
CVE-2020-7204
RESERVED
-CVE-2020-7203
- RESERVED
-CVE-2020-7202
- RESERVED
-CVE-2020-7201
- RESERVED
-CVE-2020-7200
- RESERVED
-CVE-2020-7199
- RESERVED
-CVE-2020-7198
- RESERVED
-CVE-2020-7197
- RESERVED
-CVE-2020-7196
- RESERVED
-CVE-2020-7195
- RESERVED
-CVE-2020-7194
- RESERVED
-CVE-2020-7193
- RESERVED
-CVE-2020-7192
- RESERVED
-CVE-2020-7191
- RESERVED
-CVE-2020-7190
- RESERVED
-CVE-2020-7189
- RESERVED
-CVE-2020-7188
- RESERVED
-CVE-2020-7187
- RESERVED
-CVE-2020-7186
- RESERVED
-CVE-2020-7185
- RESERVED
-CVE-2020-7184
- RESERVED
-CVE-2020-7183
- RESERVED
-CVE-2020-7182
- RESERVED
-CVE-2020-7181
- RESERVED
-CVE-2020-7180
- RESERVED
-CVE-2020-7179
- RESERVED
-CVE-2020-7178
- RESERVED
-CVE-2020-7177
- RESERVED
-CVE-2020-7176
- RESERVED
-CVE-2020-7175
- RESERVED
-CVE-2020-7174
- RESERVED
-CVE-2020-7173
- RESERVED
-CVE-2020-7172
- RESERVED
-CVE-2020-7171
- RESERVED
-CVE-2020-7170
- RESERVED
-CVE-2020-7169
- RESERVED
-CVE-2020-7168
- RESERVED
-CVE-2020-7167
- RESERVED
-CVE-2020-7166
- RESERVED
-CVE-2020-7165
- RESERVED
-CVE-2020-7164
- RESERVED
-CVE-2020-7163
- RESERVED
-CVE-2020-7162
- RESERVED
-CVE-2020-7161
- RESERVED
-CVE-2020-7160
- RESERVED
-CVE-2020-7159
- RESERVED
-CVE-2020-7158
- RESERVED
-CVE-2020-7157
- RESERVED
-CVE-2020-7156
- RESERVED
-CVE-2020-7155
- RESERVED
-CVE-2020-7154
- RESERVED
-CVE-2020-7153
- RESERVED
-CVE-2020-7152
- RESERVED
-CVE-2020-7151
- RESERVED
-CVE-2020-7150
- RESERVED
-CVE-2020-7149
- RESERVED
-CVE-2020-7148
- RESERVED
-CVE-2020-7147
- RESERVED
-CVE-2020-7146
- RESERVED
-CVE-2020-7145
- RESERVED
-CVE-2020-7144
- RESERVED
-CVE-2020-7143
- RESERVED
-CVE-2020-7142
- RESERVED
-CVE-2020-7141
- RESERVED
-CVE-2020-7140
- RESERVED
+CVE-2020-7203 (A potential security vulnerability has been identified in HPE iLO Ampl ...)
+ NOT-FOR-US: HPE
+CVE-2020-7202 (A potential security vulnerability has been identified in HPE Integrat ...)
+ NOT-FOR-US: HPE
+CVE-2020-7201 (A potential security vulnerability has been identified in the HPE Stor ...)
+ NOT-FOR-US: HPE
+CVE-2020-7200 (A potential security vulnerability has been identified in HPE Systems ...)
+ NOT-FOR-US: HPE
+CVE-2020-7199 (A security vulnerability has been identified in the HPE Edgeline Infra ...)
+ NOT-FOR-US: HPE
+CVE-2020-7198 (There is a remote escalation of privilege possible for a malicious use ...)
+ NOT-FOR-US: HPE
+CVE-2020-7197 (SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreSe ...)
+ NOT-FOR-US: HPE
+CVE-2020-7196 (The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Co ...)
+ NOT-FOR-US: HPE
+CVE-2020-7195 (A iccselectrules expression language injection remote code execution v ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7194 (A perfaddormoddevicemonitor expression language injection remote code ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7193 (A ictexpertcsvdownload expression language injection remote code execu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7192 (A devicethresholdconfig expression language injection remote code exec ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7191 (A devsoftsel expression language injection remote code execution vulne ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7190 (A deviceselect expression language injection remote code execution vul ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7189 (A faultflasheventselectfact expression language injectionremote code e ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7188 (A userselectpagingcontent expression language injection remote code ex ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7187 (A reportpage index expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7186 (A powershellconfigcontent expression language injection remote code ex ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7185 (A tvxlanlegend expression language injection remote code execution vul ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7184 (A viewbatchtaskresultdetailfact expression language injection remote c ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7183 (A forwardredirect expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7182 (A sshconfig expression language injection remote code execution vulner ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7181 (A smsrulesdownload expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7180 (A ictexpertdownload expression language injection remote code executio ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7179 (A thirdpartyperfselecttask expression language injection remote code e ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7178 (A mediaforaction expression language injection remote code execution v ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7177 (A wmiconfigcontent expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7176 (A viewtaskresultdetailfact expression language injection remote code e ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7175 (A iccselectdymicparam expression language injection remote code execut ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7174 (A soapconfigcontent expression language injection remote code executio ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7173 (A actionselectcontent expression language injection remote code execut ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7172 (A templateselect expression language injection remote code execution v ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7171 (A guidatadetail expression language injection remote code execution vu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7170 (A select expression language injection remote code execution vulnerabi ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7169 (A ictexpertcsvdownload expression language injection remote code execu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7168 (A selectusergroup expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7167 (A quicktemplateselect expression language injection remote code execut ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7166 (A operatorgrouptreeselectcontent expression language injection remote ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7165 (A iccselectcommand expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7164 (A operationselect expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7163 (A navigationto expression language injection remote code execution vul ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7162 (A operatorgroupselectcontent expression language injection remote code ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7161 (A reporttaskselect expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7160 (A iccselectdeviceseries expression language injection remote code exec ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7159 (A customtemplateselect expression language injection remote code execu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7158 (A perfselecttask expression language injection remote code execution v ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7157 (A selviewnavcontent expression language injection remote code executio ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7156 (A faultinfo_content expression language injection remote code executio ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7155 (A select expression language injection remote code execution vulnerabi ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7154 (A ifviewselectpage expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7153 (A iccselectdevtype expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7152 (A faultparasset expression language injection remote code execution vu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7151 (A faulttrapgroupselect expression language injection remote code execu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7150 (A faultstatchoosefaulttype expression language injection remote code e ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7149 (A ictexpertcsvdownload expression language injection remote code execu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7148 (A deployselectsoftware expression language injection remote code execu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7147 (A deployselectbootrom expression language injection remote code execut ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7146 (A devgroupselect expression language injection remote code execution v ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7145 (A chooseperfview expression language injection remote code execution v ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7144 (A comparefilesresult expression language injection remote code executi ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7143 (A faultdevparasset expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7142 (A eventinfo_content expression language injection remote code executio ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7141 (A adddevicetoview expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7140 (A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gatew ...)
+ NOT-FOR-US: HPE
CVE-2020-7139 (Potential remote access security vulnerabilities have been identified ...)
NOT-FOR-US: HPE
CVE-2020-7138 (Potential remote code execution security vulnerabilities have been ide ...)
@@ -15037,36 +56515,36 @@ CVE-2020-7131 (This document describes a security vulnerability in Blade Mainten
NOT-FOR-US: HPE
CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote information discl ...)
NOT-FOR-US: HPE
-CVE-2020-7129
- RESERVED
-CVE-2020-7128
- RESERVED
-CVE-2020-7127
- RESERVED
-CVE-2020-7126
- RESERVED
-CVE-2020-7125
- RESERVED
-CVE-2020-7124
- RESERVED
-CVE-2020-7123
- RESERVED
-CVE-2020-7122
- RESERVED
-CVE-2020-7121
- RESERVED
-CVE-2020-7120
- RESERVED
-CVE-2020-7119
- RESERVED
+CVE-2020-7129 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7128 (A remote unauthenticated arbitrary code execution vulnerability was di ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7127 (A remote unauthenticated arbitrary code execution vulnerability was di ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7126 (A remote server-side request forgery (ssrf) vulnerability was discover ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7125 (A remote escalation of privilege vulnerability was discovered in Aruba ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7124 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7123 (A local escalation of privilege vulnerability was discovered in Aruba ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches Series ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7121 (Two memory corruption vulnerabilities in the Aruba CX Switches Series ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7120 (A local authenticated buffer overflow vulnerability was discovered in ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location Engine (ALE ...)
+ NOT-FOR-US: Aruba
CVE-2020-7118
RESERVED
-CVE-2020-7117
- RESERVED
-CVE-2020-7116
- RESERVED
-CVE-2020-7115
- RESERVED
+CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
+ NOT-FOR-US: ClearPass Policy Manager WebUI
+CVE-2020-7116 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
+ NOT-FOR-US: ClearPass Policy Manager WebUI
+CVE-2020-7115 (The ClearPass Policy Manager web interface is affected by a vulnerabil ...)
+ NOT-FOR-US: ClearPass Policy Manager
CVE-2020-7114 (A vulnerability exists allowing attackers, when present in the same ne ...)
NOT-FOR-US: ClearPass
CVE-2020-7113 (A vulnerability was found when an attacker, while communicating with t ...)
@@ -15086,7 +56564,7 @@ CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS vi
CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...)
{DLA-2069-1}
- cacti 1.2.9+ds1-1 (bug #949996)
- [buster] - cacti <postponed> (can be fixed along with more important issues)
+ [buster] - cacti 1.2.2+ds1-2+deb10u3
[stretch] - cacti <postponed> (can be fixed along with more important issues)
NOTE: https://github.com/Cacti/cacti/issues/3191
NOTE: https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9
@@ -15165,77 +56643,98 @@ CVE-2020-7073
RESERVED
CVE-2020-7072
RESERVED
-CVE-2020-7071
- RESERVED
-CVE-2020-7070
- RESERVED
-CVE-2020-7069
- RESERVED
-CVE-2020-7068
- RESERVED
+CVE-2020-7071 (In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when ...)
+ {DSA-4856-1 DLA-2708-1}
+ - php8.0 8.0.1-1
+ - php7.4 7.4.14-1
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in PHP 8.0.1, 7.4.14, 7.3.26
+ NOTE: PHP Bug: https://bugs.php.net/77423
+CVE-2020-7070 (In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...)
+ {DSA-4856-1 DLA-2397-1}
+ - php7.4 7.4.11-1
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in PHP 7.4.11, 7.3.23, 7.2.34
+ NOTE: PHP Bug: https://bugs.php.net/79699
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6559fe912661ca5ce5f0eeeb591d928451428ed0
+CVE-2020-7069 (In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...)
+ {DSA-4856-1}
+ - php7.4 7.4.11-1
+ - php7.3 <removed>
+ - php7.0 <not-affected> (Affected code not present)
+ NOTE: Fixed in PHP 7.4.11, 7.3.23, 7.2.34
+ NOTE: PHP Bug: https://bugs.php.net/79601
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0216630ea2815a5789a24279a1211ac398d4de79
+CVE-2020-7068 (In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below ...)
+ {DSA-4856-1 DLA-2345-1}
+ - php7.4 7.4.9-1
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in PHP 7.4.9, 7.3.21, 7.2.33
+ NOTE: PHP Bug: https://bugs.php.net/79797
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=7355ab81763a3d6a04ac11660e6a16d58838d187
CVE-2020-7067 (In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ...)
- {DLA-2188-1}
+ {DSA-4719-1 DSA-4717-1 DLA-2188-1}
- php7.4 7.4.5-1 (unimportant)
- php7.3 <removed> (unimportant)
- php7.0 <removed> (unimportant)
- php5 <removed> (unimportant)
NOTE: Fixed in PHP 7.4.5, 7.3.17
NOTE: PHP Bug: https://bugs.php.net/79465
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=9d6bf8221b05f86ce5875832f0f646c4c1f218be
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=9d6bf8221b05f86ce5875832f0f646c4c1f218be
NOTE: This only affects builds which enable EDBDIC
CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ...)
- {DLA-2188-1}
+ {DSA-4719-1 DSA-4717-1 DLA-2188-1}
- php7.4 7.4.5-1
- php7.3 <removed>
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29
NOTE: PHP Bug: https://bugs.php.net/79329
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0d139c5b94a5f485a66901919e51faddb0371c43
-CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using ...)
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0d139c5b94a5f485a66901919e51faddb0371c43
+CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using ...)
+ {DSA-4719-1}
- php7.4 7.4.5-1
- php7.3 <removed>
- - php7.0 <removed>
+ - php7.0 <not-affected> (Vulnerable code introduced later)
- php5 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed in PHP 7.4.4, 7.3.16
NOTE: PHP Bug: https://bugs.php.net/79371
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=1fdffd1c55d771ca22ae217784ab75fce592ad38
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1fdffd1c55d771ca22ae217784ab75fce592ad38
CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...)
- {DLA-2188-1}
+ {DSA-4719-1 DSA-4717-1 DLA-2188-1}
- php7.4 7.4.5-1
- php7.3 <removed>
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29
NOTE: PHP Bug: https://bugs.php.net/79282
- NOTE: http://git.php.net/?p=php-src.git;a=commit;h=25238bdf6005b85ab844aa2b743b589dfce9f0d2
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=25238bdf6005b85ab844aa2b743b589dfce9f0d2
CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...)
- {DLA-2160-1}
+ {DSA-4719-1 DSA-4717-1 DLA-2160-1}
- php7.4 7.4.3-1
- php7.3 7.3.15-1
- [buster] - php7.3 <postponed> (Minor issue, can be fixed along in a future DSA)
- php7.0 <removed>
- [stretch] - php7.0 <postponed> (Minor issue, can be fixed along in a future DSA)
- php5 <removed>
NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28
- NOTE: PHP Bug: http://bugs.php.net/79082
+ NOTE: PHP Bug: https://bugs.php.net/79082
CVE-2020-7062 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...)
- {DLA-2160-1}
+ {DSA-4719-1 DSA-4717-1 DLA-2160-1}
- php7.4 7.4.3-1
- php7.3 7.3.15-1
- [buster] - php7.3 <postponed> (Minor issue, can be fixed along in a future DSA)
- php7.0 <removed>
- [stretch] - php7.0 <postponed> (Minor issue, can be fixed along in a future DSA)
- php5 <removed>
NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28
- NOTE: PHP Bug: http://bugs.php.net/79221
+ NOTE: PHP Bug: https://bugs.php.net/79221
CVE-2020-7061 (In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...)
- php7.4 <not-affected> (Windows specific issue)
- php7.3 <not-affected> (Windows specific issue)
- php7.0 <not-affected> (Windows specific issue)
- php5 <not-affected> (Windows specific issue)
NOTE: Fixed in PHP 7.4.3, 7.3.15
- NOTE: PHP Bug: http://bugs.php.net/79171
+ NOTE: PHP Bug: https://bugs.php.net/79171
CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings, ...)
{DSA-4628-1 DSA-4626-1 DLA-2124-1}
- php7.4 7.4.2-7
@@ -15243,7 +56742,7 @@ CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodi
- php7.0 <removed>
- php5 <removed>
NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27
- NOTE: PHP Bug: http://bugs.php.net/79037
+ NOTE: PHP Bug: https://bugs.php.net/79037
CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP ...)
{DSA-4628-1 DSA-4626-1 DLA-2124-1}
- php7.4 7.4.2-7
@@ -15267,6 +56766,7 @@ CVE-2020-7054 (MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c
NOT-FOR-US: libIEC61850
CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm t ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.98-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com/
@@ -15276,8 +56776,8 @@ CVE-2020-7051 (Codologic Codoforum through 4.8.4 allows stored XSS in the login
NOT-FOR-US: Codoforum
CVE-2020-7050 (Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creati ...)
NOT-FOR-US: Codoforum
-CVE-2020-7049
- RESERVED
+CVE-2020-7049 (Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_li ...)
+ NOT-FOR-US: Nozomi Networks OS
CVE-2020-7048 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...)
NOT-FOR-US: Wordpress plugin
CVE-2020-7047 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...)
@@ -15286,9 +56786,9 @@ CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3
- dovecot <not-affected> (Only affects 2.3.9)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1
CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...)
+ {DLA-2547-1}
- wireshark 3.2.0-1
- [buster] - wireshark <postponed> (Can be fixed along in next 3.0.x DSA)
- [stretch] - wireshark <postponed> (Can be fixed along in next DSA/update to 3.0)
+ [buster] - wireshark 2.6.20-0+deb10u1
[jessie] - wireshark <not-affected> (Doesn't support request-respone tracking in affected code passage, yet)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d
@@ -15318,45 +56818,45 @@ CVE-2020-7041 (An issue was discovered in openfortivpn 1.11.0 when used with Ope
NOTE: https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91
CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...)
{DLA-2095-1}
- - storebackup <unfixed> (bug #949393)
- [buster] - storebackup <no-dsa> (Minor issue)
- [stretch] - storebackup <no-dsa> (Minor issue)
+ - storebackup 3.2.1-2 (bug #949393)
+ [buster] - storebackup 3.2.1-2~deb10u1
+ [stretch] - storebackup 3.2.1-2~deb9u1
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1156767
NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3
NOTE: SuSE provided patch: https://www.openwall.com/lists/oss-security/2020/01/20/3/1
CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...)
- {DSA-4616-1 DLA-2090-1 DLA-2076-1}
+ {DSA-4616-1 DLA-2551-1 DLA-2090-1 DLA-2076-1}
- libslirp 4.1.0-2 (bug #949084)
- qemu 1:4.1-2
- qemu-kvm <removed>
- slirp 1:1.0.17-10 (bug #949085)
- [buster] - slirp <no-dsa> (Minor issue; can be fixed via point release)
- [stretch] - slirp <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - slirp 1:1.0.17-8+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/2
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
-CVE-2020-7038
- RESERVED
-CVE-2020-7037
- RESERVED
-CVE-2020-7036
- RESERVED
-CVE-2020-7035
- RESERVED
-CVE-2020-7034
- RESERVED
-CVE-2020-7033
- RESERVED
-CVE-2020-7032
- RESERVED
+ NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vjwg-42w7-w64h
+CVE-2020-7038 (A vulnerability was discovered in Management component of Avaya Equino ...)
+ NOT-FOR-US: Avaya Equinox Conferencing
+CVE-2020-7037 (An XML External Entities (XXE) vulnerability in Media Server component ...)
+ NOT-FOR-US: Avaya Equinox Conferencing
+CVE-2020-7036 (An XML External Entities (XXE)vulnerability in Callback Assist could a ...)
+ NOT-FOR-US: Callback Assist
+CVE-2020-7035 (An XML External Entities (XXE)vulnerability in the web-based user inte ...)
+ NOT-FOR-US: Avaya Aura Orchestration Designer
+CVE-2020-7034 (A command injection vulnerability in Avaya Session Border Controller f ...)
+ NOT-FOR-US: Avaya Session Border Controller for Enterprise
+CVE-2020-7033 (A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Clien ...)
+ NOT-FOR-US: Avaya
+CVE-2020-7032 (An XML external entity (XXE) vulnerability in Avaya WebLM admin interf ...)
+ NOT-FOR-US: Avaya
CVE-2020-7031
- RESERVED
-CVE-2020-7030
- RESERVED
-CVE-2020-7029
- RESERVED
+ REJECTED
+CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered in the ...)
+ NOT-FOR-US: IP Office
+CVE-2020-7029 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in th ...)
+ NOT-FOR-US: Avaya
CVE-2020-7028
RESERVED
CVE-2020-7027
@@ -15371,30 +56871,30 @@ CVE-2020-7023
RESERVED
CVE-2020-7022
RESERVED
-CVE-2020-7021
- RESERVED
-CVE-2020-7020
- RESERVED
-CVE-2020-7019
- RESERVED
-CVE-2020-7018
- RESERVED
-CVE-2020-7017
- RESERVED
-CVE-2020-7016
- RESERVED
-CVE-2020-7015
- RESERVED
-CVE-2020-7014
- RESERVED
-CVE-2020-7013
- RESERVED
-CVE-2020-7012
- RESERVED
-CVE-2020-7011
- RESERVED
-CVE-2020-7010
- RESERVED
+CVE-2020-7021 (Elasticsearch versions before 7.10.0 and 6.8.14 have an information di ...)
+ - elasticsearch <removed>
+CVE-2020-7020 (Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disc ...)
+ - elasticsearch <removed>
+CVE-2020-7019 (In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was f ...)
+ - elasticsearch <removed>
+CVE-2020-7018 (Elastic Enterprise Search before 7.9.0 contain a credential exposure f ...)
+ - elasticsearch <removed>
+CVE-2020-7017 (In Kibana versions before 6.8.11 and 7.8.1 the region map visualizatio ...)
+ - kibana <itp> (bug #700337)
+CVE-2020-7016 (Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (D ...)
+ - kibana <itp> (bug #700337)
+CVE-2020-7015 (Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in t ...)
+ - kibana <itp> (bug #700337)
+CVE-2020-7014 (The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch ve ...)
+ - elasticsearch <removed>
+CVE-2020-7013 (Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution f ...)
+ - kibana <itp> (bug #700337)
+CVE-2020-7012 (Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype ...)
+ - kibana <itp> (bug #700337)
+CVE-2020-7011 (Elastic App Search versions before 7.7.0 contain a cross site scriptin ...)
+ - elasticsearch <removed>
+CVE-2020-7010 (Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate pas ...)
+ NOT-FOR-US: Elastic Cloud
CVE-2020-7009 (Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 ...)
- elasticsearch <removed>
CVE-2020-7008 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
@@ -15513,8 +57013,7 @@ CVE-2020-6952
RESERVED
CVE-2020-6951
RESERVED
-CVE-2020-6950
- RESERVED
+CVE-2020-6950 (Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers ...)
- mojarra <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
CVE-2020-6949 (A privilege escalation issue was discovered in the postUser function i ...)
@@ -15537,24 +57036,24 @@ CVE-2020-6941
RESERVED
CVE-2020-6940
RESERVED
-CVE-2020-6939
- RESERVED
-CVE-2020-6938
- RESERVED
+CVE-2020-6939 (Tableau Server installations configured with Site-Specific SAML that a ...)
+ NOT-FOR-US: Tableau Server
+CVE-2020-6938 (A sensitive information disclosure vulnerability in Tableau Server 10. ...)
+ NOT-FOR-US: Tableau Server
CVE-2020-6937 (A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, ...)
- TODO: check
+ NOT-FOR-US: MuleSoft
CVE-2020-6936
RESERVED
CVE-2020-6935
RESERVED
CVE-2020-6934
RESERVED
-CVE-2020-6933
- RESERVED
-CVE-2020-6932
- RESERVED
-CVE-2020-6931
- RESERVED
+CVE-2020-6933 (An improper input validation vulnerability in the UEM Core of BlackBer ...)
+ NOT-FOR-US: BlackBerry
+CVE-2020-6932 (An information disclosure and remote code execution vulnerability in t ...)
+ NOT-FOR-US: BlackBerry QNX Software Development Platform
+CVE-2020-6931 (HP Print and Scan Doctor may potentially be vulnerable to local elevat ...)
+ NOT-FOR-US: HP
CVE-2020-6930
RESERVED
CVE-2020-6929
@@ -15571,18 +57070,18 @@ CVE-2020-6924
RESERVED
CVE-2020-6923
RESERVED
-CVE-2020-6922
- RESERVED
-CVE-2020-6921
- RESERVED
-CVE-2020-6920
- RESERVED
-CVE-2020-6919
- RESERVED
-CVE-2020-6918
- RESERVED
-CVE-2020-6917
- RESERVED
+CVE-2020-6922 (Potential security vulnerabilities including compromise of integrity, ...)
+ NOT-FOR-US: HP
+CVE-2020-6921 (Potential security vulnerabilities including compromise of integrity, ...)
+ NOT-FOR-US: HP
+CVE-2020-6920 (Potential security vulnerabilities including compromise of integrity, ...)
+ NOT-FOR-US: HP
+CVE-2020-6919 (Potential security vulnerabilities including compromise of integrity, ...)
+ NOT-FOR-US: HP
+CVE-2020-6918 (Potential security vulnerabilities including compromise of integrity, ...)
+ NOT-FOR-US: HP
+CVE-2020-6917 (Potential security vulnerabilities including compromise of integrity, ...)
+ NOT-FOR-US: HP
CVE-2020-6916
RESERVED
CVE-2020-6915
@@ -15594,92 +57093,92 @@ CVE-2020-6913
CVE-2020-6912
RESERVED
CVE-2020-6911
- RESERVED
+ REJECTED
CVE-2020-6910
- RESERVED
+ REJECTED
CVE-2020-6909
- RESERVED
+ REJECTED
CVE-2020-6908
- RESERVED
+ REJECTED
CVE-2020-6907
- RESERVED
+ REJECTED
CVE-2020-6906
- RESERVED
+ REJECTED
CVE-2020-6905
- RESERVED
+ REJECTED
CVE-2020-6904
- RESERVED
+ REJECTED
CVE-2020-6903
- RESERVED
+ REJECTED
CVE-2020-6902
- RESERVED
+ REJECTED
CVE-2020-6901
- RESERVED
+ REJECTED
CVE-2020-6900
- RESERVED
+ REJECTED
CVE-2020-6899
- RESERVED
+ REJECTED
CVE-2020-6898
- RESERVED
+ REJECTED
CVE-2020-6897
- RESERVED
+ REJECTED
CVE-2020-6896
- RESERVED
+ REJECTED
CVE-2020-6895
- RESERVED
+ REJECTED
CVE-2020-6894
- RESERVED
+ REJECTED
CVE-2020-6893
- RESERVED
+ REJECTED
CVE-2020-6892
- RESERVED
+ REJECTED
CVE-2020-6891
- RESERVED
+ REJECTED
CVE-2020-6890
- RESERVED
+ REJECTED
CVE-2020-6889
- RESERVED
+ REJECTED
CVE-2020-6888
- RESERVED
+ REJECTED
CVE-2020-6887
- RESERVED
+ REJECTED
CVE-2020-6886
- RESERVED
+ REJECTED
CVE-2020-6885
- RESERVED
+ REJECTED
CVE-2020-6884
- RESERVED
+ REJECTED
CVE-2020-6883
- RESERVED
-CVE-2020-6882
- RESERVED
-CVE-2020-6881
- RESERVED
-CVE-2020-6880
- RESERVED
-CVE-2020-6879
- RESERVED
+ REJECTED
+CVE-2020-6882 (ZTE E8810/E8820/E8822 series routers have an information leak vulnerab ...)
+ NOT-FOR-US: ZTE
+CVE-2020-6881 (ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, w ...)
+ NOT-FOR-US: ZTE
+CVE-2020-6880 (A ZXELINK wireless controller has a SQL injection vulnerability. A rem ...)
+ NOT-FOR-US: ZXELINK
+CVE-2020-6879 (Some ZTE devices have input verification vulnerabilities. The devices ...)
+ NOT-FOR-US: ZTE
CVE-2020-6878
- RESERVED
-CVE-2020-6877
- RESERVED
-CVE-2020-6876
- RESERVED
-CVE-2020-6875
- RESERVED
-CVE-2020-6874
- RESERVED
-CVE-2020-6873
- RESERVED
-CVE-2020-6872
- RESERVED
-CVE-2020-6871
- RESERVED
-CVE-2020-6870
- RESERVED
-CVE-2020-6869
- RESERVED
-CVE-2020-6868 (ZTE's PON terminal product is impacted by the access control vulnerabi ...)
+ REJECTED
+CVE-2020-6877 (A ZTE product is impacted by an information leak vulnerability. An att ...)
+ NOT-FOR-US: ZTE
+CVE-2020-6876 (A ZTE product is impacted by an XSS vulnerability. The vulnerability i ...)
+ NOT-FOR-US: ZTE
+CVE-2020-6875 (A ZTE product is impacted by the improper access control vulnerability ...)
+ NOT-FOR-US: ZTE
+CVE-2020-6874 (A ZTE product is impacted by the cryptographic issues vulnerability. T ...)
+ NOT-FOR-US: ZTE
+CVE-2020-6873 (A ZTE product has a DoS vulnerability. Because the equipment couldn&#8 ...)
+ NOT-FOR-US: ZTE
+CVE-2020-6872 (The server management software module of ZTE has a storage XSS vulnera ...)
+ NOT-FOR-US: ZTE
+CVE-2020-6871 (The server management software module of ZTE has an authentication iss ...)
+ NOT-FOR-US: ZTE
+CVE-2020-6870 (The version V12.17.20T115 of ZTE U31R20 product is impacted by a desig ...)
+ NOT-FOR-US: ZTE
+CVE-2020-6869 (All versions up to 10.06 of ZTEMarket APK are impacted by an informati ...)
+ NOT-FOR-US: ZTE
+CVE-2020-6868 (There is an input validation vulnerability in a PON terminal product o ...)
NOT-FOR-US: ZTE
CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...)
NOT-FOR-US: ZTE
@@ -15717,12 +57216,10 @@ CVE-2020-6853
CVE-2020-6852 (CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3. ...)
NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP
CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...)
- {DLA-2081-1}
- - openjpeg2 <unfixed> (bug #950000)
- [buster] - openjpeg2 <no-dsa> (Minor issue)
- [stretch] - openjpeg2 <no-dsa> (Minor issue)
+ {DSA-4882-1 DLA-2277-1 DLA-2081-1}
+ - openjpeg2 2.4.0-1 (bug #950000)
NOTE: https://github.com/uclouvain/openjpeg/issues/1228
- NOTE: https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04
+ NOTE: https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04 (v2.4.0)
CVE-2020-6850 (Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4 ...)
NOT-FOR-US: miniorange-saml-20-single-sign-on plugin for WordPress
CVE-2020-6849 (The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allo ...)
@@ -15775,19 +57272,27 @@ CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 t
- gitlab <not-affected> (Only affects GitLab EE 8.9.0 and later)
NOTE: https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/
CVE-2020-6831 (A buffer overflow could occur when parsing and validating SCTP chunks ...)
- {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
+ {DSA-4714-1 DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1}
- firefox 76.0-1
- firefox-esr 68.8.0esr-1
- - chromium <unfixed>
- thunderbird 1:68.8.0-1
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-6831
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831
CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to be passe ...)
- firefox <not-affected> (Firefox on iOS)
-CVE-2020-6829
- RESERVED
+CVE-2020-6829 (When performing EC scalar point multiplication, the wNAF point multipl ...)
+ {DLA-2388-1}
+ - firefox 80.0-1
+ - nss 2:3.55-1
+ [buster] - nss <no-dsa> (Minor issue)
+ NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
+ NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
+ NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
+ NOTE: Issue relates to CVE-2020-12400 and resolved in the same commits.
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-6829
CVE-2020-6828 (A malicious Android application could craft an Intent that would have ...)
- firefox-esr <not-affected> (Android-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6828
@@ -15976,36 +57481,36 @@ CVE-2020-6792 (When deriving an identifier for an email message, uninitialized m
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6792
CVE-2020-6791
RESERVED
-CVE-2020-6790
- RESERVED
-CVE-2020-6789
- RESERVED
-CVE-2020-6788
- RESERVED
-CVE-2020-6787
- RESERVED
-CVE-2020-6786
- RESERVED
-CVE-2020-6785
- RESERVED
+CVE-2020-6790 (Calling an executable through an Uncontrolled Search Path Element in t ...)
+ NOT-FOR-US: Bosch
+CVE-2020-6789 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...)
+ NOT-FOR-US: Bosch
+CVE-2020-6788 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...)
+ NOT-FOR-US: Bosch
+CVE-2020-6787 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...)
+ NOT-FOR-US: Bosch
+CVE-2020-6786 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...)
+ NOT-FOR-US: Bosch
+CVE-2020-6785 (Loading a DLL through an Uncontrolled Search Path Element in Bosch BVM ...)
+ NOT-FOR-US: Bosch
CVE-2020-6784
RESERVED
CVE-2020-6783
RESERVED
CVE-2020-6782
RESERVED
-CVE-2020-6781
- RESERVED
-CVE-2020-6780
- RESERVED
-CVE-2020-6779
- RESERVED
+CVE-2020-6781 (Improper certificate validation for certain connections in the Bosch S ...)
+ NOT-FOR-US: Bosch Smart Home System App for iOS
+CVE-2020-6780 (Use of Password Hash With Insufficient Computational Effort in the dat ...)
+ NOT-FOR-US: Bosch
+CVE-2020-6779 (Use of Hard-coded Credentials in the database of Bosch FSM-2500 server ...)
+ NOT-FOR-US: Bosch
CVE-2020-6778
RESERVED
-CVE-2020-6777
- RESERVED
-CVE-2020-6776
- RESERVED
+CVE-2020-6777 (A vulnerability in the web-based management interface of Bosch PRAESID ...)
+ NOT-FOR-US: Bosch
+CVE-2020-6776 (A vulnerability in the web-based management interface of Bosch PRAESID ...)
+ NOT-FOR-US: Bosch
CVE-2020-6775
RESERVED
CVE-2020-6774 (Improper Access Control in the Kiosk Mode functionality of Bosch Recor ...)
@@ -16014,8 +57519,8 @@ CVE-2020-6773
RESERVED
CVE-2020-6772
RESERVED
-CVE-2020-6771
- RESERVED
+CVE-2020-6771 (Loading a DLL through an Uncontrolled Search Path Element in Bosch IP ...)
+ NOT-FOR-US: Bosch
CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video Service (BV ...)
NOT-FOR-US: BVMS Mobile Video Service (BVMS MVS)
CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video Stream ...)
@@ -16052,8 +57557,8 @@ CVE-2020-6754 (dotCMS before 5.2.4 is vulnerable to directory traversal, leading
NOT-FOR-US: dotCMS
CVE-2020-6753 (The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS ...)
NOT-FOR-US: Login by Auth0 plugin for WordPress
-CVE-2020-6752
- RESERVED
+CVE-2020-6752 (In OMERO before 5.6.1, group owners can access members' data in other ...)
+ NOT-FOR-US: OMERO
CVE-2020-6751
RESERVED
CVE-2020-6750 (GSocketClient in GNOME GLib through 2.62.4 may occasionally connect di ...)
@@ -16063,231 +57568,231 @@ CVE-2020-6750 (GSocketClient in GNOME GLib through 2.62.4 may occasionally conne
[jessie] - glib2.0 <not-affected> (Vulnerable code introduced later, regreession from 2.60.0)
NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1989
CVE-2020-6749
- RESERVED
+ REJECTED
CVE-2020-6748
- RESERVED
+ REJECTED
CVE-2020-6747
- RESERVED
+ REJECTED
CVE-2020-6746
- RESERVED
+ REJECTED
CVE-2020-6745
- RESERVED
+ REJECTED
CVE-2020-6744
- RESERVED
+ REJECTED
CVE-2020-6743
- RESERVED
+ REJECTED
CVE-2020-6742
- RESERVED
+ REJECTED
CVE-2020-6741
- RESERVED
+ REJECTED
CVE-2020-6740
- RESERVED
+ REJECTED
CVE-2020-6739
- RESERVED
+ REJECTED
CVE-2020-6738
- RESERVED
+ REJECTED
CVE-2020-6737
- RESERVED
+ REJECTED
CVE-2020-6736
- RESERVED
+ REJECTED
CVE-2020-6735
- RESERVED
+ REJECTED
CVE-2020-6734
- RESERVED
+ REJECTED
CVE-2020-6733
- RESERVED
+ REJECTED
CVE-2020-6732
- RESERVED
+ REJECTED
CVE-2020-6731
- RESERVED
+ REJECTED
CVE-2020-6730
- RESERVED
+ REJECTED
CVE-2020-6729
- RESERVED
+ REJECTED
CVE-2020-6728
- RESERVED
+ REJECTED
CVE-2020-6727
- RESERVED
+ REJECTED
CVE-2020-6726
- RESERVED
+ REJECTED
CVE-2020-6725
- RESERVED
+ REJECTED
CVE-2020-6724
- RESERVED
+ REJECTED
CVE-2020-6723
- RESERVED
+ REJECTED
CVE-2020-6722
- RESERVED
+ REJECTED
CVE-2020-6721
- RESERVED
+ REJECTED
CVE-2020-6720
- RESERVED
+ REJECTED
CVE-2020-6719
- RESERVED
+ REJECTED
CVE-2020-6718
- RESERVED
+ REJECTED
CVE-2020-6717
- RESERVED
+ REJECTED
CVE-2020-6716
- RESERVED
+ REJECTED
CVE-2020-6715
- RESERVED
+ REJECTED
CVE-2020-6714
- RESERVED
+ REJECTED
CVE-2020-6713
- RESERVED
+ REJECTED
CVE-2020-6712
- RESERVED
+ REJECTED
CVE-2020-6711
- RESERVED
+ REJECTED
CVE-2020-6710
- RESERVED
+ REJECTED
CVE-2020-6709
- RESERVED
+ REJECTED
CVE-2020-6708
- RESERVED
+ REJECTED
CVE-2020-6707
- RESERVED
+ REJECTED
CVE-2020-6706
- RESERVED
+ REJECTED
CVE-2020-6705
- RESERVED
+ REJECTED
CVE-2020-6704
- RESERVED
+ REJECTED
CVE-2020-6703
- RESERVED
+ REJECTED
CVE-2020-6702
- RESERVED
+ REJECTED
CVE-2020-6701
- RESERVED
+ REJECTED
CVE-2020-6700
- RESERVED
+ REJECTED
CVE-2020-6699
- RESERVED
+ REJECTED
CVE-2020-6698
- RESERVED
+ REJECTED
CVE-2020-6697
- RESERVED
+ REJECTED
CVE-2020-6696
- RESERVED
+ REJECTED
CVE-2020-6695
- RESERVED
+ REJECTED
CVE-2020-6694
- RESERVED
+ REJECTED
CVE-2020-6693
- RESERVED
+ REJECTED
CVE-2020-6692
- RESERVED
+ REJECTED
CVE-2020-6691
- RESERVED
+ REJECTED
CVE-2020-6690
- RESERVED
+ REJECTED
CVE-2020-6689
- RESERVED
+ REJECTED
CVE-2020-6688
- RESERVED
+ REJECTED
CVE-2020-6687
- RESERVED
+ REJECTED
CVE-2020-6686
- RESERVED
+ REJECTED
CVE-2020-6685
- RESERVED
+ REJECTED
CVE-2020-6684
- RESERVED
+ REJECTED
CVE-2020-6683
- RESERVED
+ REJECTED
CVE-2020-6682
- RESERVED
+ REJECTED
CVE-2020-6681
- RESERVED
+ REJECTED
CVE-2020-6680
- RESERVED
+ REJECTED
CVE-2020-6679
- RESERVED
+ REJECTED
CVE-2020-6678
- RESERVED
+ REJECTED
CVE-2020-6677
- RESERVED
+ REJECTED
CVE-2020-6676
- RESERVED
+ REJECTED
CVE-2020-6675
- RESERVED
+ REJECTED
CVE-2020-6674
- RESERVED
+ REJECTED
CVE-2020-6673
- RESERVED
+ REJECTED
CVE-2020-6672
- RESERVED
+ REJECTED
CVE-2020-6671
- RESERVED
+ REJECTED
CVE-2020-6670
- RESERVED
+ REJECTED
CVE-2020-6669
- RESERVED
+ REJECTED
CVE-2020-6668
- RESERVED
+ REJECTED
CVE-2020-6667
- RESERVED
+ REJECTED
CVE-2020-6666
- RESERVED
+ REJECTED
CVE-2020-6665
- RESERVED
+ REJECTED
CVE-2020-6664
- RESERVED
+ REJECTED
CVE-2020-6663
- RESERVED
+ REJECTED
CVE-2020-6662
- RESERVED
+ REJECTED
CVE-2020-6661
- RESERVED
+ REJECTED
CVE-2020-6660
- RESERVED
+ REJECTED
CVE-2020-6659
RESERVED
CVE-2020-6658
RESERVED
CVE-2020-6657
RESERVED
-CVE-2020-6656
- RESERVED
-CVE-2020-6655
- RESERVED
-CVE-2020-6654
- RESERVED
-CVE-2020-6653
- RESERVED
+CVE-2020-6656 (Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file ...)
+ NOT-FOR-US: Eaton
+CVE-2020-6655 (The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to ...)
+ NOT-FOR-US: Eaton
+CVE-2020-6654 (A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configu ...)
+ NOT-FOR-US: Eaton
+CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 &amp; prior stores the user l ...)
+ NOT-FOR-US: Eaton
CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...)
NOT-FOR-US: Eaton
CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v ...)
NOT-FOR-US: Eaton
CVE-2020-6650 (UPS companion software v1.05 &amp; Prior is affected by &#8216;Eval In ...)
NOT-FOR-US: UPS companion software
-CVE-2020-6649
- RESERVED
-CVE-2020-6648
- RESERVED
+CVE-2020-6649 (An insufficient session expiration vulnerability in FortiNet's FortiIs ...)
+ NOT-FOR-US: Fortinet
+CVE-2020-6648 (A cleartext storage of sensitive information vulnerability in FortiOS ...)
+ NOT-FOR-US: Fortiguard FortiOS
CVE-2020-6647 (An improper neutralization of input vulnerability in the dashboard of ...)
NOT-FOR-US: Fortiguard
CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...)
NOT-FOR-US: Fortiguard
CVE-2020-6645
RESERVED
-CVE-2020-6644
- RESERVED
+CVE-2020-6644 (An insufficient session expiration vulnerability in FortiDeceptor 3.0. ...)
+ NOT-FOR-US: Fortiguard
CVE-2020-6643 (An improper neutralization of input vulnerability in the URL Descripti ...)
NOT-FOR-US: Fortinet
CVE-2020-6642
RESERVED
-CVE-2020-6641
- RESERVED
-CVE-2020-6640
- RESERVED
+CVE-2020-6641 (Two authorization bypass through user-controlled key vulnerabilities i ...)
+ NOT-FOR-US: FortiGuard
+CVE-2020-6640 (An improper neutralization of input vulnerability in the Admin Profile ...)
+ NOT-FOR-US: Fortiguard
CVE-2020-6639
RESERVED
CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...)
NOT-FOR-US: Grin
-CVE-2020-6637
- RESERVED
+CVE-2020-6637 (openSIS Community Edition version 7.3 is vulnerable to SQL injection v ...)
+ NOT-FOR-US: openSIS
CVE-2020-6636
RESERVED
CVE-2020-6635
@@ -16299,18 +57804,24 @@ CVE-2020-6633
CVE-2020-6632 (In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a Q ...)
NOT-FOR-US: PrestaShop
CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...)
- - gpac <unfixed> (low)
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <postponed> (Minor issue, clean crash, MP42TS not shipped, incomplete patch)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1378
NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS
CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...)
- - gpac <unfixed> (low)
+ - gpac 1.0.1+dfsg1-2 (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <postponed> (Minor issue, clean crash, MP42TS not shipped, incomplete patch)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1377
NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS
@@ -16333,34 +57844,33 @@ CVE-2020-6624 (jhead through 3.04 has a heap-based buffer over-read in process_D
NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744
NOTE: Crash in CLI tool, no security impact
CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...)
- - libstb <unfixed> (low; bug #949560)
- [buster] - libstb <no-dsa> (Minor issue)
+ - libstb <unfixed> (unimportant; bug #949560)
NOTE: https://github.com/nothings/stb/issues/865
- NOTE: Potentially affects mame, embree, libtcod, sumo, goxel, mesa, godot, dart
+ NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
- - libstb <unfixed> (low; bug #949559)
- [buster] - libstb <no-dsa> (Minor issue)
+ - libstb <unfixed> (unimportant; bug #949559)
NOTE: https://github.com/nothings/stb/issues/869
+ NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...)
- - libstb <unfixed> (low; bug #949558)
- [buster] - libstb <no-dsa> (Minor issue)
+ - libstb <unfixed> (unimportant; bug #949558)
NOTE: https://github.com/nothings/stb/issues/867
+ NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
- - libstb <unfixed> (low; bug #949557)
- [buster] - libstb <no-dsa> (Minor issue)
+ - libstb <unfixed> (unimportant; bug #949557)
NOTE: https://github.com/nothings/stb/issues/868
+ NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...)
- - libstb <unfixed> (low; bug #949556)
- [buster] - libstb <no-dsa> (Minor issue)
+ - libstb <unfixed> (unimportant; bug #949556)
NOTE: https://github.com/nothings/stb/issues/863
+ NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
- - libstb <unfixed> (low; bug #949555)
- [buster] - libstb <no-dsa> (Minor issue)
+ - libstb <unfixed> (unimportant; bug #949555)
NOTE: https://github.com/nothings/stb/issues/866
+ NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...)
- - libstb <unfixed> (low; bug #949554)
- [buster] - libstb <no-dsa> (Minor issue)
+ - libstb <unfixed> (unimportant; bug #949554)
NOTE: https://github.com/nothings/stb/issues/867
+ NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files
CVE-2020-6616 (Some Broadcom chips mishandle Bluetooth random-number generation becau ...)
NOT-FOR-US: Broadcom
CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...)
@@ -16413,8 +57923,8 @@ CVE-2020-6592
RESERVED
CVE-2020-6591
RESERVED
-CVE-2020-6590
- RESERVED
+CVE-2020-6590 (Forcepoint Web Security Content Gateway versions prior to 8.5.4 improp ...)
+ NOT-FOR-US: Forcepoint Web Security Content Gateway
CVE-2020-6589
RESERVED
CVE-2020-6588
@@ -16449,295 +57959,541 @@ CVE-2020-6580
RESERVED
CVE-2020-6579 (Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudlo ...)
NOT-FOR-US: MailBeez plugin for ZenCart
-CVE-2020-6578
- RESERVED
-CVE-2020-6577
- RESERVED
-CVE-2020-6576
- RESERVED
-CVE-2020-6575
- RESERVED
-CVE-2020-6574
- RESERVED
-CVE-2020-6573
- RESERVED
-CVE-2020-6572
- RESERVED
-CVE-2020-6571
- RESERVED
-CVE-2020-6570
- RESERVED
-CVE-2020-6569
- RESERVED
-CVE-2020-6568
- RESERVED
-CVE-2020-6567
- RESERVED
-CVE-2020-6566
- RESERVED
-CVE-2020-6565
- RESERVED
-CVE-2020-6564
- RESERVED
-CVE-2020-6563
- RESERVED
-CVE-2020-6562
- RESERVED
-CVE-2020-6561
- RESERVED
-CVE-2020-6560
- RESERVED
-CVE-2020-6559
- RESERVED
-CVE-2020-6558
- RESERVED
-CVE-2020-6557
- RESERVED
-CVE-2020-6556
- RESERVED
-CVE-2020-6555
- RESERVED
-CVE-2020-6554
- RESERVED
-CVE-2020-6553
- RESERVED
-CVE-2020-6552
- RESERVED
-CVE-2020-6551
- RESERVED
-CVE-2020-6550
- RESERVED
-CVE-2020-6549
- RESERVED
-CVE-2020-6548
- RESERVED
-CVE-2020-6547
- RESERVED
-CVE-2020-6546
- RESERVED
-CVE-2020-6545
- RESERVED
-CVE-2020-6544
- RESERVED
-CVE-2020-6543
- RESERVED
-CVE-2020-6542
- RESERVED
-CVE-2020-6541
- RESERVED
-CVE-2020-6540
- RESERVED
-CVE-2020-6539
- RESERVED
-CVE-2020-6538
- RESERVED
-CVE-2020-6537
- RESERVED
-CVE-2020-6536
- RESERVED
-CVE-2020-6535
- RESERVED
-CVE-2020-6534
- RESERVED
-CVE-2020-6533
- RESERVED
-CVE-2020-6532
- RESERVED
-CVE-2020-6531
- RESERVED
-CVE-2020-6530
- RESERVED
-CVE-2020-6529
- RESERVED
-CVE-2020-6528
- RESERVED
-CVE-2020-6527
- RESERVED
-CVE-2020-6526
- RESERVED
-CVE-2020-6525
- RESERVED
-CVE-2020-6524
- RESERVED
-CVE-2020-6523
- RESERVED
-CVE-2020-6522
- RESERVED
-CVE-2020-6521
- RESERVED
-CVE-2020-6520
- RESERVED
-CVE-2020-6519
- RESERVED
-CVE-2020-6518
- RESERVED
-CVE-2020-6517
- RESERVED
-CVE-2020-6516
- RESERVED
-CVE-2020-6515
- RESERVED
-CVE-2020-6514
- RESERVED
-CVE-2020-6513
- RESERVED
-CVE-2020-6512
- RESERVED
-CVE-2020-6511
- RESERVED
-CVE-2020-6510
- RESERVED
-CVE-2020-6509
- RESERVED
+CVE-2020-6578 (Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to in ...)
+ NOT-FOR-US: Zen Cart
+CVE-2020-6577 (The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows ...)
+ NOT-FOR-US: IT-Recht Kanzlei plugin in Zen Cart
+CVE-2020-6576 (Use after free in offscreen canvas in Google Chrome prior to 85.0.4183 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6575 (Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6574 (Insufficient policy enforcement in installer in Google Chrome on OS X ...)
+ - chromium <not-affected> (debian package disables the installer)
+CVE-2020-6573 (Use after free in video in Google Chrome on Android prior to 85.0.4183 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6572 (Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed ...)
+ - chromium 81.0.4044.92-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6571 (Insufficient data validation in Omnibox in Google Chrome prior to 85.0 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6570 (Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 a ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6569 (Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allo ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6568 (Insufficient policy enforcement in intent handling in Google Chrome on ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6567 (Insufficient validation of untrusted input in command line handling in ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6566 (Insufficient policy enforcement in media in Google Chrome prior to 85. ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6565 (Inappropriate implementation in Omnibox in Google Chrome on iOS prior ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6564 (Inappropriate implementation in permissions in Google Chrome prior to ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6563 (Insufficient policy enforcement in intent handling in Google Chrome on ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6562 (Insufficient policy enforcement in Blink in Google Chrome prior to 85. ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6561 (Inappropriate implementation in Content Security Policy in Google Chro ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6560 (Insufficient policy enforcement in autofill in Google Chrome prior to ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6559 (Use after free in presentation API in Google Chrome prior to 85.0.4183 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6558 (Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prio ...)
+ - chromium <not-affected> (ios specific)
+CVE-2020-6557 (Inappropriate implementation in networking in Google Chrome prior to 8 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6556 (Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.414 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6555 (Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 al ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6554 (Use after free in extensions in Google Chrome prior to 84.0.4147.125 a ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6553 (Use after free in offline mode in Google Chrome on iOS prior to 84.0.4 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6552 (Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowe ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6551 (Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowe ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6550 (Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 al ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6549 (Use after free in media in Google Chrome prior to 84.0.4147.125 allowe ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6548 (Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 a ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6547 (Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6546 (Inappropriate implementation in installer in Google Chrome prior to 84 ...)
+ - chromium <not-affected> (debian package disables the installer)
+CVE-2020-6545 (Use after free in audio in Google Chrome prior to 84.0.4147.125 allowe ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6544 (Use after free in media in Google Chrome prior to 84.0.4147.125 allowe ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6543 (Use after free in task scheduling in Google Chrome prior to 84.0.4147. ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6542 (Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowe ...)
+ {DSA-4824-1}
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6541 (Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allow ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.105-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6540 (Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowe ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.105-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6539 (Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.105-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6538 (Inappropriate implementation in WebView in Google Chrome on Android pr ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.105-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6537 (Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.105-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6536 (Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 a ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6535 (Insufficient data validation in WebUI in Google Chrome prior to 84.0.4 ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6534 (Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6533 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6532 (Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.105-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6531 (Side-channel information leakage in scroll to text in Google Chrome pr ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6530 (Out of bounds memory access in developer tools in Google Chrome prior ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6529 (Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6528 (Incorrect security UI in basic auth in Google Chrome on iOS prior to 8 ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6527 (Insufficient policy enforcement in CSP in Google Chrome prior to 84.0. ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6526 (Inappropriate implementation in iframe sandbox in Google Chrome prior ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6525 (Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 al ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6524 (Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.8 ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6523 (Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 all ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6522 (Inappropriate implementation in external protocol handlers in Google C ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6521 (Side-channel information leakage in autofill in Google Chrome prior to ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6520 (Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6519 (Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6518 (Use after free in developer tools in Google Chrome prior to 84.0.4147. ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6517 (Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6516 (Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6515 (Use after free in tab strip in Google Chrome prior to 84.0.4147.89 all ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6514 (Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ...)
+ {DSA-4824-1 DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ - firefox 79.0-1
+ - firefox-esr 68.11.0esr-1
+ - thunderbird 1:68.11.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-6514
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-6514
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-6514
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-6514
+CVE-2020-6513 (Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6512 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6511 (Information leak in content security policy in Google Chrome prior to ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6510 (Heap buffer overflow in background fetch in Google Chrome prior to 84. ...)
+ {DSA-4824-1}
+ [experimental] - chromium 84.0.4147.89-1
+ - chromium 87.0.4280.88-0.1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6509 (Use after free in extensions in Google Chrome prior to 83.0.4103.116 a ...)
+ {DSA-4714-1}
+ - chromium 83.0.4103.116-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6508
RESERVED
-CVE-2020-6507
- RESERVED
-CVE-2020-6506
- RESERVED
-CVE-2020-6505
- RESERVED
-CVE-2020-6504
- RESERVED
-CVE-2020-6503
- RESERVED
-CVE-2020-6502
- RESERVED
-CVE-2020-6501
- RESERVED
-CVE-2020-6500
- RESERVED
-CVE-2020-6499
- RESERVED
-CVE-2020-6498
- RESERVED
-CVE-2020-6497
- RESERVED
-CVE-2020-6496
- RESERVED
-CVE-2020-6495
- RESERVED
-CVE-2020-6494
- RESERVED
-CVE-2020-6493
- RESERVED
-CVE-2020-6492
- RESERVED
+CVE-2020-6507 (Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allo ...)
+ {DSA-4714-1}
+ - chromium 83.0.4103.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6506 (Insufficient policy enforcement in WebView in Google Chrome on Android ...)
+ {DSA-4714-1}
+ - chromium 83.0.4103.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6505 (Use after free in speech in Google Chrome prior to 83.0.4103.106 allow ...)
+ {DSA-4714-1}
+ - chromium 83.0.4103.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6504 (Insufficient policy enforcement in notifications in Google Chrome prio ...)
+ {DSA-4500-1}
+ - chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6503 (Inappropriate implementation in accessibility in Google Chrome prior t ...)
+ {DSA-4500-1}
+ - chromium 74.0.3729.108-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6502 (Incorrect implementation in permissions in Google Chrome prior to 80.0 ...)
+ {DSA-4638-1}
+ - chromium 80.0.3987.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6501 (Insufficient policy enforcement in CSP in Google Chrome prior to 80.0. ...)
+ {DSA-4638-1}
+ - chromium 80.0.3987.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6500 (Inappropriate implementation in interstitials in Google Chrome prior t ...)
+ {DSA-4638-1}
+ - chromium 80.0.3987.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6499 (Inappropriate implementation in AppCache in Google Chrome prior to 80. ...)
+ {DSA-4638-1}
+ - chromium 80.0.3987.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6498 (Incorrect implementation in user interface in Google Chrome on iOS pri ...)
+ {DSA-4714-1}
+ - chromium 83.0.4103.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6497 (Insufficient policy enforcement in Omnibox in Google Chrome on iOS pri ...)
+ {DSA-4714-1}
+ - chromium 83.0.4103.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6496 (Use after free in payments in Google Chrome on MacOS prior to 83.0.410 ...)
+ {DSA-4714-1}
+ - chromium 83.0.4103.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6495 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
+ {DSA-4714-1}
+ - chromium 83.0.4103.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6494 (Incorrect security UI in payments in Google Chrome on Android prior to ...)
+ {DSA-4714-1}
+ - chromium 83.0.4103.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6493 (Use after free in WebAuthentication in Google Chrome prior to 83.0.410 ...)
+ {DSA-4714-1}
+ - chromium 83.0.4103.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6492 (Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed ...)
+ {DSA-4714-1}
+ - chromium 83.0.4103.106-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6491 (Insufficient data validation in site information in Google Chrome prio ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6490 (Insufficient data validation in loader in Google Chrome prior to 83.0. ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6489 (Inappropriate implementation in developer tools in Google Chrome prior ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6488 (Insufficient policy enforcement in downloads in Google Chrome prior to ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6487 (Insufficient policy enforcement in downloads in Google Chrome prior to ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6486 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6485 (Insufficient data validation in media router in Google Chrome prior to ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6484 (Insufficient data validation in ChromeDriver in Google Chrome prior to ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6483 (Insufficient policy enforcement in payments in Google Chrome prior to ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6482 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6481 (Insufficient policy enforcement in URL formatting in Google Chrome pri ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6480 (Insufficient policy enforcement in enterprise in Google Chrome prior t ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6479 (Inappropriate implementation in sharing in Google Chrome prior to 83.0 ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6478 (Inappropriate implementation in full screen in Google Chrome prior to ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6477 (Inappropriate implementation in installer in Google Chrome on OS X pri ...)
- chromium <not-affected> (Only affects installer)
CVE-2020-6476 (Insufficient policy enforcement in tab strip in Google Chrome prior to ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6475 (Incorrect implementation in full screen in Google Chrome prior to 83.0 ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6474 (Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6473 (Insufficient policy enforcement in Blink in Google Chrome prior to 83. ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6472 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6471 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6470 (Insufficient validation of untrusted input in clipboard in Google Chro ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6469 (Insufficient policy enforcement in developer tools in Google Chrome pr ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6468 (Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6467 (Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowe ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6466 (Use after free in media in Google Chrome prior to 83.0.4103.61 allowed ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6465 (Use after free in reader mode in Google Chrome on Android prior to 83. ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6464 (Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowe ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6463 (Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowe ...)
- - chromium <unfixed>
+ {DSA-4740-1 DSA-4736-1 DSA-4714-1 DLA-2310-1 DLA-2297-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
+ - firefox 79.0-1
+ - firefox-esr 68.11.0esr-1
+ - thunderbird 1:68.11.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-6463
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-6463
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-6463
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-6463
CVE-2020-6462 (Use after free in task scheduling in Google Chrome prior to 81.0.4044. ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6461 (Use after free in storage in Google Chrome prior to 81.0.4044.129 allo ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6460 (Insufficient data validation in URL formatting in Google Chrome prior ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6459 (Use after free in payments in Google Chrome prior to 81.0.4044.122 all ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6458 (Out of bounds read and write in PDFium in Google Chrome prior to 81.0. ...)
- - chromium <unfixed>
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6457 (Use after free in speech recognizer in Google Chrome prior to 81.0.404 ...)
- - chromium <unfixed> (bug #958450)
+ {DSA-4714-1}
+ - chromium 83.0.4103.83-1 (bug #958450)
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6456 (Insufficient validation of untrusted input in clipboard in Google Chro ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6455 (Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 al ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6454 (Use after free in extensions in Google Chrome prior to 81.0.4044.92 al ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6453
- RESERVED
+CVE-2020-6453 (Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987 ...)
+ {DSA-4654-1}
+ - chromium 80.0.3987.162-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6452 (Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 ...)
{DSA-4654-1}
- chromium 80.0.3987.162-1
@@ -16755,60 +58511,79 @@ CVE-2020-6449 (Use after free in audio in Google Chrome prior to 80.0.3987.149 a
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6448 (Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6447 (Inappropriate implementation in developer tools in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6446 (Insufficient policy enforcement in trusted types in Google Chrome prio ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6445 (Insufficient policy enforcement in trusted types in Google Chrome prio ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6444 (Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 all ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6443 (Insufficient data validation in developer tools in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6442 (Inappropriate implementation in cache in Google Chrome prior to 81.0.4 ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6441 (Insufficient policy enforcement in omnibox in Google Chrome prior to 8 ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6440 (Inappropriate implementation in extensions in Google Chrome prior to 8 ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6439 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6438 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6437 (Inappropriate implementation in WebView in Google Chrome prior to 81.0 ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6436 (Use after free in window management in Google Chrome prior to 81.0.404 ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6435 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6434 (Use after free in devtools in Google Chrome prior to 81.0.4044.92 allo ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6433 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6432 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6431 (Insufficient policy enforcement in full screen in Google Chrome prior ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6430 (Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6429 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...)
@@ -16836,6 +58611,7 @@ CVE-2020-6424 (Use after free in media in Google Chrome prior to 80.0.3987.149 a
- chromium 80.0.3987.149-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6423 (Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed ...)
+ {DSA-4714-1}
- chromium 81.0.4044.92-1
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6422 (Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowe ...)
@@ -16848,8 +58624,9 @@ CVE-2020-6420 (Insufficient policy enforcement in media in Google Chrome prior t
{DSA-4638-1}
- chromium 80.0.3987.132-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6419
- RESERVED
+CVE-2020-6419 (Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allow ...)
+ - chromium 81.0.4044.92-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6418 (Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a ...)
{DSA-4638-1}
- chromium 80.0.3987.122-1
@@ -17016,144 +58793,144 @@ CVE-2020-6377 (Use after free in audio in Google Chrome prior to 79.0.3945.117 a
{DSA-4606-1}
- chromium 79.0.3945.130-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6376
- RESERVED
-CVE-2020-6375
- RESERVED
-CVE-2020-6374
- RESERVED
-CVE-2020-6373
- RESERVED
-CVE-2020-6372
- RESERVED
-CVE-2020-6371
- RESERVED
-CVE-2020-6370
- RESERVED
-CVE-2020-6369
- RESERVED
-CVE-2020-6368
- RESERVED
-CVE-2020-6367
- RESERVED
-CVE-2020-6366
- RESERVED
-CVE-2020-6365
- RESERVED
-CVE-2020-6364
- RESERVED
-CVE-2020-6363
- RESERVED
-CVE-2020-6362
- RESERVED
-CVE-2020-6361
- RESERVED
-CVE-2020-6360
- RESERVED
-CVE-2020-6359
- RESERVED
-CVE-2020-6358
- RESERVED
-CVE-2020-6357
- RESERVED
-CVE-2020-6356
- RESERVED
-CVE-2020-6355
- RESERVED
-CVE-2020-6354
- RESERVED
-CVE-2020-6353
- RESERVED
-CVE-2020-6352
- RESERVED
-CVE-2020-6351
- RESERVED
-CVE-2020-6350
- RESERVED
-CVE-2020-6349
- RESERVED
-CVE-2020-6348
- RESERVED
-CVE-2020-6347
- RESERVED
-CVE-2020-6346
- RESERVED
-CVE-2020-6345
- RESERVED
-CVE-2020-6344
- RESERVED
-CVE-2020-6343
- RESERVED
-CVE-2020-6342
- RESERVED
-CVE-2020-6341
- RESERVED
-CVE-2020-6340
- RESERVED
-CVE-2020-6339
- RESERVED
-CVE-2020-6338
- RESERVED
-CVE-2020-6337
- RESERVED
-CVE-2020-6336
- RESERVED
-CVE-2020-6335
- RESERVED
-CVE-2020-6334
- RESERVED
-CVE-2020-6333
- RESERVED
-CVE-2020-6332
- RESERVED
-CVE-2020-6331
- RESERVED
-CVE-2020-6330
- RESERVED
-CVE-2020-6329
- RESERVED
-CVE-2020-6328
- RESERVED
-CVE-2020-6327
- RESERVED
-CVE-2020-6326
- RESERVED
+CVE-2020-6376 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6375 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6374 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6373 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6372 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6371 (User enumeration vulnerability can be exploited to get a list of user ...)
+ NOT-FOR-US: SAP
+CVE-2020-6370 (SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.3 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6369 (SAP Solution Manager and SAP Focused Run (update provided in WILY_INTR ...)
+ NOT-FOR-US: SAP
+CVE-2020-6368 (SAP Business Planning and Consolidation, versions - 750, 751, 752, 753 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6367 (There is a reflected cross site scripting vulnerability in SAP NetWeav ...)
+ NOT-FOR-US: SAP
+CVE-2020-6366 (SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, doe ...)
+ NOT-FOR-US: SAP
+CVE-2020-6365 (SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, ...)
+ NOT-FOR-US: SAP
+CVE-2020-6364 (SAP Solution Manager and SAP Focused Run (update provided in WILY_INTR ...)
+ NOT-FOR-US: SAP
+CVE-2020-6363 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several ...)
+ NOT-FOR-US: SAP
+CVE-2020-6362 (SAP Banking Services version 500, use an incorrect authorization objec ...)
+ NOT-FOR-US: SAP
+CVE-2020-6361 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6360 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6359 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6358 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6357 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6356 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6355 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6354 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6353 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6352 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6351 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6350 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6349 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6348 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6347 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6346 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6345 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6344 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6343 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6342 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6341 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6340 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6339 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6338 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6337 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6336 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6335 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6334 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6333 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6332 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6331 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6330 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6329 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6328 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6327 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6326 (SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, all ...)
+ NOT-FOR-US: SAP
CVE-2020-6325
RESERVED
-CVE-2020-6324
- RESERVED
-CVE-2020-6323
- RESERVED
-CVE-2020-6322
- RESERVED
-CVE-2020-6321
- RESERVED
-CVE-2020-6320
- RESERVED
-CVE-2020-6319
- RESERVED
-CVE-2020-6318
- RESERVED
-CVE-2020-6317
- RESERVED
-CVE-2020-6316
- RESERVED
-CVE-2020-6315
- RESERVED
-CVE-2020-6314
- RESERVED
-CVE-2020-6313
- RESERVED
-CVE-2020-6312
- RESERVED
-CVE-2020-6311
- RESERVED
-CVE-2020-6310
- RESERVED
-CVE-2020-6309
- RESERVED
-CVE-2020-6308
- RESERVED
+CVE-2020-6324 (SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6323 (SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6322 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6321 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6320 (SAP Marketing (Servlet), version-130,140,150, allows an authenticated ...)
+ NOT-FOR-US: SAP
+CVE-2020-6319 (SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABA ...)
+ NOT-FOR-US: SAP
+CVE-2020-6317 (In certain situations, an attacker with regular user credentials and l ...)
+ NOT-FOR-US: SAP
+CVE-2020-6316 (SAP ERP and SAP S/4 HANA allows an authenticated user to see cost reco ...)
+ NOT-FOR-US: SAP
+CVE-2020-6315 (SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send ...)
+ NOT-FOR-US: SAP
+CVE-2020-6314 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6313 (SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, ...)
+ NOT-FOR-US: SAP
+CVE-2020-6312 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...)
+ NOT-FOR-US: SAP
+CVE-2020-6311 (Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP ...)
+ NOT-FOR-US: SAP
+CVE-2020-6310 (Improper access control in SOA Configuration Trace component in SAP Ne ...)
+ NOT-FOR-US: SAP
+CVE-2020-6309 (SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2020-6308 (SAP BusinessObjects Business Intelligence Platform (Web Services) vers ...)
+ NOT-FOR-US: SAP
CVE-2020-6307 (Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7. ...)
NOT-FOR-US: SAP
CVE-2020-6306 (Missing authorization check in a transaction within SAP Leasing (updat ...)
@@ -17164,92 +58941,92 @@ CVE-2020-6304 (Improper input validation in SAP NetWeaver Internet Communication
NOT-FOR-US: SAP
CVE-2020-6303 (SAP Disclosure Management, before version 10.1, does not validate user ...)
NOT-FOR-US: SAP
-CVE-2020-6302
- RESERVED
-CVE-2020-6301
- RESERVED
-CVE-2020-6300
- RESERVED
-CVE-2020-6299
- RESERVED
-CVE-2020-6298
- RESERVED
-CVE-2020-6297
- RESERVED
-CVE-2020-6296
- RESERVED
-CVE-2020-6295
- RESERVED
-CVE-2020-6294
- RESERVED
-CVE-2020-6293
- RESERVED
-CVE-2020-6292
- RESERVED
-CVE-2020-6291
- RESERVED
-CVE-2020-6290
- RESERVED
-CVE-2020-6289
- RESERVED
-CVE-2020-6288
- RESERVED
-CVE-2020-6287
- RESERVED
-CVE-2020-6286
- RESERVED
-CVE-2020-6285
- RESERVED
-CVE-2020-6284
- RESERVED
-CVE-2020-6283
- RESERVED
-CVE-2020-6282
- RESERVED
-CVE-2020-6281
- RESERVED
-CVE-2020-6280
- RESERVED
+CVE-2020-6302 (SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSessio ...)
+ NOT-FOR-US: SAP
+CVE-2020-6301 (SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 6 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6300 (SAP Business Objects Business Intelligence Platform (Central Managemen ...)
+ NOT-FOR-US: SAP
+CVE-2020-6299 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 75 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6298 (SAP Banking Services (Generic Market Data), versions - 400, 450, 500, ...)
+ NOT-FOR-US: SAP
+CVE-2020-6297 (Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data I ...)
+ NOT-FOR-US: SAP
+CVE-2020-6296 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 70 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6295 (Under certain conditions the SAP Adaptive Server Enterprise, version 1 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6294 (Xvfb of SAP Business Objects Business Intelligence Platform, versions ...)
+ NOT-FOR-US: SAP
+CVE-2020-6293 (SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.5 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6292 (Logout mechanism in SAP Disclosure Management, version 10.1, does not ...)
+ NOT-FOR-US: SAP
+CVE-2020-6291 (SAP Disclosure Management, version 10.1, session mechanism does not ha ...)
+ NOT-FOR-US: SAP
+CVE-2020-6290 (SAP Disclosure Management, version 10.1, is vulnerable to Session Fixa ...)
+ NOT-FOR-US: SAP
+CVE-2020-6289 (SAP Disclosure Management, version 10.1, had insufficient protection a ...)
+ NOT-FOR-US: SAP
+CVE-2020-6288 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...)
+ NOT-FOR-US: SAP
+CVE-2020-6287 (SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6286 (The insufficient input path validation of certain parameter in the web ...)
+ NOT-FOR-US: SAP
+CVE-2020-6285 (SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6284 (SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.5 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6283 (SAP Fiori Launchpad does not sufficiently encode user controlled input ...)
+ NOT-FOR-US: SAP
+CVE-2020-6282 (SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6281 (SAP Business Objects Business Intelligence Platform (BI Launchpad), ve ...)
+ NOT-FOR-US: SAP
+CVE-2020-6280 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, ...)
+ NOT-FOR-US: SAP
CVE-2020-6279
- RESERVED
-CVE-2020-6278
- RESERVED
+ REJECTED
+CVE-2020-6278 (SAP Business Objects Business Intelligence Platform (BI Launchpad and ...)
+ NOT-FOR-US: SAP
CVE-2020-6277
RESERVED
-CVE-2020-6276
- RESERVED
-CVE-2020-6275
- RESERVED
+CVE-2020-6276 (SAP Business Objects Business Intelligence Platform (bipodata), versio ...)
+ NOT-FOR-US: SAP
+CVE-2020-6275 (SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740 ...)
+ NOT-FOR-US: SAP
CVE-2020-6274
RESERVED
-CVE-2020-6273
- RESERVED
-CVE-2020-6272
- RESERVED
-CVE-2020-6271
- RESERVED
-CVE-2020-6270
- RESERVED
-CVE-2020-6269
- RESERVED
-CVE-2020-6268
- RESERVED
-CVE-2020-6267
- RESERVED
-CVE-2020-6266
- RESERVED
-CVE-2020-6265
- RESERVED
-CVE-2020-6264
- RESERVED
-CVE-2020-6263
- RESERVED
+CVE-2020-6273 (SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 1 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6272 (SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not suffici ...)
+ NOT-FOR-US: SAP
+CVE-2020-6271 (SAP Solution Manager (Problem Context Manager), version 7.2, does not ...)
+ NOT-FOR-US: SAP
+CVE-2020-6270 (SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 75 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6269 (Under certain conditions SAP Business Objects Business Intelligence Pl ...)
+ NOT-FOR-US: SAP
+CVE-2020-6268 (Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV ver ...)
+ NOT-FOR-US: SAP
+CVE-2020-6267 (Some sensitive cookies in SAP Disclosure Management, version 10.1, are ...)
+ NOT-FOR-US: SAP
+CVE-2020-6266 (SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an at ...)
+ NOT-FOR-US: SAP
+CVE-2020-6265 (SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data ...)
+ NOT-FOR-US: SAP
+CVE-2020-6264 (SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker ...)
+ NOT-FOR-US: SAP
+CVE-2020-6263 (Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol ...)
+ NOT-FOR-US: SAP
CVE-2020-6262 (Service Data Download in SAP Application Server ABAP (ST-PI, before ve ...)
NOT-FOR-US: SAP
-CVE-2020-6261
- RESERVED
-CVE-2020-6260
- RESERVED
+CVE-2020-6261 (SAP Solution Manager (Trace Analysis), version 7.20, allows an attacke ...)
+ NOT-FOR-US: SAP
+CVE-2020-6260 (SAP Solution Manager (Trace Analysis), version 7.20, allows an attacke ...)
+ NOT-FOR-US: SAP
CVE-2020-6259 (Under certain conditions SAP Adaptive Server Enterprise, versions 15.7 ...)
NOT-FOR-US: SAP
CVE-2020-6258 (SAP Identity Management, version 8.0, does not perform necessary autho ...)
@@ -17276,8 +59053,8 @@ CVE-2020-6248 (SAP Adaptive Server Enterprise (Backup Server), version 16.0, doe
NOT-FOR-US: SAP
CVE-2020-6247 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...)
NOT-FOR-US: SAP
-CVE-2020-6246
- RESERVED
+CVE-2020-6246 (SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_T ...)
+ NOT-FOR-US: SAP
CVE-2020-6245 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...)
NOT-FOR-US: SAP
CVE-2020-6244 (SAP Business Client, version 7.0, allows an attacker after a successfu ...)
@@ -17290,8 +59067,8 @@ CVE-2020-6241 (SAP Adaptive Server Enterprise, version 16.0, allows an authentic
NOT-FOR-US: SAP
CVE-2020-6240 (SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 75 ...)
NOT-FOR-US: SAP
-CVE-2020-6239
- RESERVED
+CVE-2020-6239 (Under certain conditions SAP Business One (Backup service), versions 9 ...)
+ NOT-FOR-US: SAP
CVE-2020-6238 (SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process ...)
NOT-FOR-US: SAP
CVE-2020-6237 (Under certain conditions, SAP Business Objects Business Intelligence P ...)
@@ -17438,10 +59215,10 @@ CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; Mainten
NOT-FOR-US: WordPress plugin
CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; Maintenance ...)
NOT-FOR-US: WordPress plugin
-CVE-2020-6165
- RESERVED
-CVE-2020-6164
- RESERVED
+CVE-2020-6165 (SilverStripe 4.5.0 allows attackers to read certain records that shoul ...)
+ NOT-FOR-US: SilverStripe
+CVE-2020-6164 (In SilverStripe through 4.5.0, a specific URL path configured by defau ...)
+ NOT-FOR-US: SilverStripe
CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because ...)
NOT-FOR-US: WikibaseMediaInfo MediaWiki extension
CVE-2020-6162 (An issue was discovered in Bftpd 5.3. Under certain circumstances, an ...)
@@ -17450,139 +59227,163 @@ CVE-2020-6161
RESERVED
CVE-2020-6160
RESERVED
-CVE-2020-6159
- RESERVED
+CVE-2020-6159 (URLs using &#8220;javascript:&#8221; have the protocol removed when pa ...)
+ NOT-FOR-US: Opera
CVE-2020-6158
RESERVED
-CVE-2020-6157
- RESERVED
-CVE-2020-6156
- RESERVED
-CVE-2020-6155
- RESERVED
+CVE-2020-6157 (Opera Touch for iOS before version 2.4.5 is vulnerable to an address b ...)
+ NOT-FOR-US: Opera Touch for iOS
+CVE-2020-6156 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-6155 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while ...)
+ NOT-FOR-US: Pixar OpenUSD
CVE-2020-6154
RESERVED
CVE-2020-6153
- RESERVED
-CVE-2020-6152
- RESERVED
-CVE-2020-6151
- RESERVED
-CVE-2020-6150
- RESERVED
-CVE-2020-6149
- RESERVED
-CVE-2020-6148
- RESERVED
-CVE-2020-6147
- RESERVED
-CVE-2020-6146
- RESERVED
-CVE-2020-6145
- RESERVED
-CVE-2020-6144
- RESERVED
-CVE-2020-6143
- RESERVED
-CVE-2020-6142
- RESERVED
-CVE-2020-6141
- RESERVED
-CVE-2020-6140
- RESERVED
-CVE-2020-6139
- RESERVED
-CVE-2020-6138
- RESERVED
-CVE-2020-6137
- RESERVED
-CVE-2020-6136
- RESERVED
-CVE-2020-6135
- RESERVED
-CVE-2020-6134
- RESERVED
-CVE-2020-6133
- RESERVED
-CVE-2020-6132
- RESERVED
-CVE-2020-6131
- RESERVED
-CVE-2020-6130
- RESERVED
-CVE-2020-6129
- RESERVED
-CVE-2020-6128
- RESERVED
-CVE-2020-6127
- RESERVED
-CVE-2020-6126
- RESERVED
-CVE-2020-6125
- RESERVED
-CVE-2020-6124
- RESERVED
-CVE-2020-6123
- RESERVED
-CVE-2020-6122
- RESERVED
-CVE-2020-6121
- RESERVED
-CVE-2020-6120
- RESERVED
-CVE-2020-6119
- RESERVED
-CVE-2020-6118
- RESERVED
-CVE-2020-6117
- RESERVED
-CVE-2020-6116
- RESERVED
-CVE-2020-6115
- RESERVED
-CVE-2020-6114
- RESERVED
-CVE-2020-6113
- RESERVED
-CVE-2020-6112
- RESERVED
-CVE-2020-6111
- RESERVED
-CVE-2020-6110
- RESERVED
-CVE-2020-6109
- RESERVED
-CVE-2020-6108
- RESERVED
-CVE-2020-6107
- RESERVED
-CVE-2020-6106
- RESERVED
-CVE-2020-6105
- RESERVED
-CVE-2020-6104
- RESERVED
-CVE-2020-6103
- RESERVED
-CVE-2020-6102
- RESERVED
-CVE-2020-6101
- RESERVED
-CVE-2020-6100
- RESERVED
+ REJECTED
+CVE-2020-6152 (A code execution vulnerability exists in the DICOM parse_dicom_meta_in ...)
+ NOT-FOR-US: Accusoft
+CVE-2020-6151 (A memory corruption vulnerability exists in the TIFF handle_COMPRESSIO ...)
+ NOT-FOR-US: Accusoft
+CVE-2020-6150 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-6149 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-6148 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-6147 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
+ NOT-FOR-US: Pixar OpenUSD
+CVE-2020-6146 (An exploitable code execution vulnerability exists in the rendering fu ...)
+ NOT-FOR-US: Nitro Pro
+CVE-2020-6145 (An SQL injection vulnerability exists in the frappe.desk.reportview.ge ...)
+ NOT-FOR-US: ERPNext
+CVE-2020-6144 (A remote code execution vulnerability exists in the install functional ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6143 (A remote code execution vulnerability exists in the install functional ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6142 (A remote code execution vulnerability exists in the Modules.php functi ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6141 (An exploitable SQL injection vulnerability exists in the login functio ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6140 (SQL injection vulnerability exists in the password reset functionality ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6139 (SQL injection vulnerability exists in the password reset functionality ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6138 (SQL injection vulnerability exists in the password reset functionality ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6137 (SQL injection vulnerability exists in the password reset functionality ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6136 (An exploitable SQL injection vulnerability exists in the DownloadWindo ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6135 (An exploitable SQL injection vulnerability exists in the Validator.php ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6134 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6133 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6132 (SQL injection vulnerability exists in the ID parameters of OS4Ed openS ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6131 (SQL injection vulnerabilities exist in the course_period_id parameters ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6130 (SQL injection vulnerabilities exist in the course_period_id parameters ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6129 (SQL injection vulnerabilities exist in the course_period_id parameters ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6128 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6127 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6126 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6125 (An exploitable SQL injection vulnerability exists in the GetSchool.php ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6124 (An exploitable sql injection vulnerability exists in the email paramet ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6123 (An exploitable sql injection vulnerability exists in the email paramet ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6122 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6121 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6120 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6119 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6118 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6117 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...)
+ NOT-FOR-US: OS4Ed openSIS
+CVE-2020-6116 (An arbitrary code execution vulnerability exists in the rendering func ...)
+ NOT-FOR-US: Nitro Pro
+CVE-2020-6115 (An exploitable vulnerability exists in the cross-reference table repai ...)
+ NOT-FOR-US: Nitro Pro
+CVE-2020-6114 (An exploitable SQL injection vulnerability exists in the Admin Reports ...)
+ NOT-FOR-US: Glacies IceHRM
+CVE-2020-6113 (An exploitable vulnerability exists in the object stream parsing funct ...)
+ NOT-FOR-US: Nitro Pro
+CVE-2020-6112 (An exploitable code execution vulnerability exists in the JPEG2000 Str ...)
+ NOT-FOR-US: Nitro Pro
+CVE-2020-6111 (An exploitable denial-of-service vulnerability exists in the IPv4 func ...)
+ NOT-FOR-US: Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems
+CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way ...)
+ NOT-FOR-US: Zoom
+CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...)
+ NOT-FOR-US: Zoom
+CVE-2020-6108 (An exploitable code execution vulnerability exists in the fsck_chk_orp ...)
+ - f2fs-tools 1.14.0-1 (bug #973380)
+ [buster] - f2fs-tools <no-dsa> (Minor issue)
+ [stretch] - f2fs-tools <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050
+CVE-2020-6107 (An exploitable information disclosure vulnerability exists in the dev_ ...)
+ - f2fs-tools 1.14.0-1 (bug #973380)
+ [buster] - f2fs-tools <no-dsa> (Minor issue)
+ [stretch] - f2fs-tools <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049
+CVE-2020-6106 (An exploitable information disclosure vulnerability exists in the init ...)
+ - f2fs-tools 1.14.0-1 (bug #973380)
+ [buster] - f2fs-tools <no-dsa> (Minor issue)
+ [stretch] - f2fs-tools <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048
+CVE-2020-6105 (An exploitable code execution vulnerability exists in the multiple dev ...)
+ - f2fs-tools 1.14.0-1 (bug #973380)
+ [buster] - f2fs-tools <no-dsa> (Minor issue)
+ [stretch] - f2fs-tools <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047
+CVE-2020-6104 (An exploitable information disclosure vulnerability exists in the get_ ...)
+ - f2fs-tools 1.14.0-1 (bug #973380)
+ [buster] - f2fs-tools <no-dsa> (Minor issue)
+ [stretch] - f2fs-tools <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046
+CVE-2020-6103 (An exploitable code execution vulnerability exists in the Shader funct ...)
+ NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll
+CVE-2020-6102 (An exploitable code execution vulnerability exists in the Shader funct ...)
+ NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll
+CVE-2020-6101 (An exploitable code execution vulnerability exists in the Shader funct ...)
+ NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll
+CVE-2020-6100 (An exploitable memory corruption vulnerability exists in AMD atidxx64. ...)
+ NOT-FOR-US: AMD
CVE-2020-6099
RESERVED
-CVE-2020-6098
- RESERVED
-CVE-2020-6097
- RESERVED
+CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...)
+ - freediameter 1.2.1-8 (bug #985088)
+ [buster] - freediameter 1.2.1-7+deb10u1
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030
+ NOTE: Possible fix: http://www.freediameter.net/trac/changeset/19ab8ac08a361642e7f9ec9f2657202c6f8ef9ee/freeDiameter?old=edfb2b662b91af94b2fccc48b11eec904ccab370
+CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...)
+ {DLA-2820-1}
+ - atftp 0.7.git20120829-3.2 (bug #970066)
+ [buster] - atftp 0.7.git20120829-3.2~deb10u1
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
+ NOTE: https://sourceforge.net/u/peterkaestle/atftp/ci/96409ef3b9ca061f9527cfaafa778105cf15d994/
CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)
- - glibc <unfixed> (low; bug #961452)
+ - glibc 2.31-2 (low; bug #961452)
[buster] - glibc <no-dsa> (Minor issue)
[stretch] - glibc <no-dsa> (Minor issue)
[jessie] - glibc <not-affected> (Vulnerable code not present)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25620
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=beea361050728138b82c57dda0c4810402d342b9
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=79a4fa341b8a89cb03f84564fd72abaa1a2db394
CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstRTSPAu ...)
- gst-rtsp-server1.0 1.16.2-3 (low)
[buster] - gst-rtsp-server1.0 <no-dsa> (Minor issue)
@@ -17597,22 +59398,22 @@ CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nit
NOT-FOR-US: Nitro Pro
CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in the ESPON ...)
NOT-FOR-US: EPSON
-CVE-2020-6090
- RESERVED
-CVE-2020-6089
- RESERVED
-CVE-2020-6088
- RESERVED
-CVE-2020-6087
- RESERVED
-CVE-2020-6086
- RESERVED
-CVE-2020-6085
- RESERVED
-CVE-2020-6084
- RESERVED
-CVE-2020-6083
- RESERVED
+CVE-2020-6090 (An exploitable code execution vulnerability exists in the Web-Based Ma ...)
+ NOT-FOR-US: WAGO
+CVE-2020-6089 (An exploitable code execution vulnerability exists in the ANI file for ...)
+ NOT-FOR-US: Leadtools
+CVE-2020-6088 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ NOT-FOR-US: Allen-Bradley Flex IO
+CVE-2020-6087 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ NOT-FOR-US: Allen-Bradley Flex IO
+CVE-2020-6086 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ NOT-FOR-US: Allen-Bradley Flex IO
+CVE-2020-6085 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ NOT-FOR-US: Allen-Bradley Flex IO
+CVE-2020-6084 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ NOT-FOR-US: Allen-Bradley Flex IO
+CVE-2020-6083 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ NOT-FOR-US: Allen-Bradley Flex IO
CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...)
NOT-FOR-US: Accusoft
CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Task fun ...)
@@ -17620,7 +59421,6 @@ CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Tas
CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource ...)
{DSA-4671-1}
- libmicrodns <removed>
- [stretch] - libmicrodns <ignored> (Will be removed in next point release)
- vlc 3.0.8-4
[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
@@ -17628,7 +59428,6 @@ CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the reso
CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the resource ...)
{DSA-4671-1}
- libmicrodns <removed>
- [stretch] - libmicrodns <ignored> (Will be removed in next point release)
- vlc 3.0.8-4
[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
@@ -17636,7 +59435,6 @@ CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the reso
CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the message-p ...)
{DSA-4671-1}
- libmicrodns <removed>
- [stretch] - libmicrodns <ignored> (Will be removed in next point release)
- vlc 3.0.8-4
[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001
@@ -17644,7 +59442,6 @@ CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the mess
CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the message-p ...)
{DSA-4671-1}
- libmicrodns <removed>
- [stretch] - libmicrodns <ignored> (Will be removed in next point release)
- vlc 3.0.8-4
[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000
@@ -17658,7 +59455,6 @@ CVE-2020-6074 (An exploitable code execution vulnerability exists in the PDF par
CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...)
{DSA-4671-1}
- libmicrodns <removed>
- [stretch] - libmicrodns <ignored> (Will be removed in next point release)
- vlc 3.0.8-4
[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996
@@ -17666,7 +59462,6 @@ CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT
CVE-2020-6072 (An exploitable code execution vulnerability exists in the label-parsin ...)
{DSA-4671-1}
- libmicrodns <removed>
- [stretch] - libmicrodns <ignored> (Will be removed in next point release)
- vlc 3.0.8-4
[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995
@@ -17674,13 +59469,15 @@ CVE-2020-6072 (An exploitable code execution vulnerability exists in the label-p
CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the resource ...)
{DSA-4671-1}
- libmicrodns <removed>
- [stretch] - libmicrodns <ignored> (Will be removed in next point release)
- vlc 3.0.8-4
[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994
NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
-CVE-2020-6070
- RESERVED
+CVE-2020-6070 (An exploitable code execution vulnerability exists in the file system ...)
+ - f2fs-tools 1.14.0-1 (bug #970941)
+ [buster] - f2fs-tools <no-dsa> (Minor issue)
+ [stretch] - f2fs-tools <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0988
CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2020-6068 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
@@ -17696,16 +59493,14 @@ CVE-2020-6064 (An exploitable out-of-bounds write vulnerability exists in the un
CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way CoTUR ...)
+ {DSA-4711-1}
- coturn 4.5.1.1-1.2 (bug #951876)
- [buster] - coturn <no-dsa> (Minor issue)
- [stretch] - coturn <no-dsa> (Minor issue)
[jessie] - coturn <not-affected> (Vulnerable code introduced later)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985
NOTE: https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8
-CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...)
+CVE-2020-6061 (An exploitable heap out-of-bounds read vulnerability exists in the way ...)
+ {DSA-4711-1}
- coturn 4.5.1.1-1.2 (bug #951876)
- [buster] - coturn <no-dsa> (Minor issue)
- [stretch] - coturn <no-dsa> (Minor issue)
[jessie] - coturn <not-affected> (Vulnerable code introduced later)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984
NOTE: https://github.com/coturn/coturn/commit/51a7c2b9bf924890c7a3ff4db9c4976c5a93340a
@@ -17781,32 +59576,32 @@ CVE-2020-6026
RESERVED
CVE-2020-6025
RESERVED
-CVE-2020-6024
- RESERVED
-CVE-2020-6023
- RESERVED
-CVE-2020-6022
- RESERVED
-CVE-2020-6021
- RESERVED
-CVE-2020-6020
- RESERVED
-CVE-2020-6019
- RESERVED
-CVE-2020-6018
- RESERVED
-CVE-2020-6017
- RESERVED
-CVE-2020-6016
- RESERVED
-CVE-2020-6015
- RESERVED
-CVE-2020-6014
- RESERVED
-CVE-2020-6013
- RESERVED
-CVE-2020-6012
- RESERVED
+CVE-2020-6024 (Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R8 ...)
+ NOT-FOR-US: Check Point SmartConsole
+CVE-2020-6023 (Check Point ZoneAlarm before version 15.8.139.18543 allows a local act ...)
+ NOT-FOR-US: Check Point ZoneAlarm
+CVE-2020-6022 (Check Point ZoneAlarm before version 15.8.139.18543 allows a local act ...)
+ NOT-FOR-US: Check Point ZoneAlarm
+CVE-2020-6021 (Check Point Endpoint Security Client for Windows before version E84.20 ...)
+ NOT-FOR-US: Check Point Endpoint Security Client for Windows
+CVE-2020-6020 (Check Point Security Management's Internal CA web management before Ju ...)
+ NOT-FOR-US: Check Point
+CVE-2020-6019 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
+ NOT-FOR-US: Valve's Game Networking Sockets
+CVE-2020-6018 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
+ NOT-FOR-US: Valve's Game Networking Sockets
+CVE-2020-6017 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
+ NOT-FOR-US: Valve's Game Networking Sockets
+CVE-2020-6016 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
+ NOT-FOR-US: Valve's Game Networking Sockets
+CVE-2020-6015 (Check Point Endpoint Security for Windows before E84.10 can reach deni ...)
+ NOT-FOR-US: Check Point Endpoint Security Client
+CVE-2020-6014 (Check Point Endpoint Security Client for Windows, with Anti-Bot or Thr ...)
+ NOT-FOR-US: Check Point Endpoint Security Client
+CVE-2020-6013 (ZoneAlarm Firewall and Antivirus products before version 15.8.109.1843 ...)
+ NOT-FOR-US: ZoneAlarm
+CVE-2020-6012 (ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the ...)
+ NOT-FOR-US: ZoneAlarm
CVE-2020-6011
RESERVED
CVE-2020-6010 (LearnPress Wordpress plugin version prior and including 3.2.6.7 is vul ...)
@@ -17818,95 +59613,127 @@ CVE-2020-6008 (LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to
CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 1935144020 ...)
NOT-FOR-US: Philips Hue Bridge model
CVE-2020-6006
- RESERVED
+ REJECTED
CVE-2020-6005
- RESERVED
+ REJECTED
CVE-2020-6004
- RESERVED
+ REJECTED
CVE-2020-6003
- RESERVED
+ REJECTED
CVE-2020-6002
- RESERVED
+ REJECTED
CVE-2020-6001
- RESERVED
+ REJECTED
CVE-2020-6000
- RESERVED
+ REJECTED
CVE-2020-5999
- RESERVED
+ REJECTED
CVE-2020-5998
- RESERVED
+ REJECTED
CVE-2020-5997
- RESERVED
+ REJECTED
CVE-2020-5996
- RESERVED
+ REJECTED
CVE-2020-5995
- RESERVED
+ REJECTED
CVE-2020-5994
- RESERVED
+ REJECTED
CVE-2020-5993
- RESERVED
-CVE-2020-5992
- RESERVED
-CVE-2020-5991
- RESERVED
-CVE-2020-5990
- RESERVED
-CVE-2020-5989
- RESERVED
-CVE-2020-5988
- RESERVED
-CVE-2020-5987
- RESERVED
-CVE-2020-5986
- RESERVED
-CVE-2020-5985
- RESERVED
-CVE-2020-5984
- RESERVED
-CVE-2020-5983
- RESERVED
-CVE-2020-5982
- RESERVED
-CVE-2020-5981
- RESERVED
-CVE-2020-5980
- RESERVED
-CVE-2020-5979
- RESERVED
-CVE-2020-5978
- RESERVED
-CVE-2020-5977
- RESERVED
-CVE-2020-5976
- RESERVED
-CVE-2020-5975
- RESERVED
-CVE-2020-5974
- RESERVED
-CVE-2020-5973
- RESERVED
-CVE-2020-5972
- RESERVED
-CVE-2020-5971
- RESERVED
-CVE-2020-5970
- RESERVED
-CVE-2020-5969
- RESERVED
-CVE-2020-5968
- RESERVED
-CVE-2020-5967
- RESERVED
-CVE-2020-5966
- RESERVED
-CVE-2020-5965
- RESERVED
-CVE-2020-5964
- RESERVED
-CVE-2020-5963
- RESERVED
-CVE-2020-5962
- RESERVED
+ REJECTED
+CVE-2020-5992 (NVIDIA GeForce NOW application software on Windows, all versions prior ...)
+ NOT-FOR-US: NVIDIA GeForce NOW application software
+CVE-2020-5991 (NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerab ...)
+ [experimental] - nvidia-cuda-toolkit 11.1.1-1
+ - nvidia-cuda-toolkit 11.1.1-2 (bug #973543)
+ [buster] - nvidia-cuda-toolkit <ignored> (Non-free not supported)
+ [stretch] - nvidia-cuda-toolkit <ignored> (Non-free not supported)
+ NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5094
+CVE-2020-5990 (NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a ...)
+ NOT-FOR-US: NVIDIA GeForce Experience
+CVE-2020-5989 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5988 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5987 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5986 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5985 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5984 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5983 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5982 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver
+CVE-2020-5981 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver
+CVE-2020-5980 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver
+CVE-2020-5979 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver
+CVE-2020-5978 (NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a ...)
+ NOT-FOR-US: NVIDIA GeForce Experience
+CVE-2020-5977 (NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a ...)
+ NOT-FOR-US: NVIDIA GeForce Experience
+CVE-2020-5976 (NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and vers ...)
+ NOT-FOR-US: NVIDIA GeForce NOW
+CVE-2020-5975 (NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, con ...)
+ NOT-FOR-US: NVIDIA GeForce NOW
+CVE-2020-5974 (NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in i ...)
+ NOT-FOR-US: NVIDIA
+CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerabili ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5972 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5971 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5970 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5969 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5968 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a vulnerabilit ...)
+ - nvidia-graphics-drivers 440.100-1 (bug #963766)
+ [buster] - nvidia-graphics-drivers 418.152.00-1
+ [stretch] - nvidia-graphics-drivers 390.138-1
+ [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1
+ - nvidia-graphics-drivers-legacy-340xx <unfixed>
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
+ - nvidia-graphics-drivers-legacy-304xx <unfixed>
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-440 440.95.01-1
+ - nvidia-graphics-drivers-tesla-418 418.152.00-1
+ NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin
+CVE-2020-5966 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver
+CVE-2020-5965 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver
+CVE-2020-5964 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver
+CVE-2020-5963 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ - nvidia-graphics-drivers 440.100-1 (bug #963766)
+ [buster] - nvidia-graphics-drivers 418.152.00-1
+ [stretch] - nvidia-graphics-drivers 390.138-1
+ [jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1
+ - nvidia-graphics-drivers-legacy-340xx <unfixed>
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
+ - nvidia-graphics-drivers-legacy-304xx <unfixed>
+ [stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ [jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-440 440.95.01-1
+ - nvidia-graphics-drivers-tesla-418 418.152.00-1
+ NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin
+CVE-2020-5962 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2020-5961 (NVIDIA vGPU graphics driver for guest OS contains a vulnerability in w ...)
NOT-FOR-US: NVIDIA vGPU graphics driver for guest OS
CVE-2020-5960 (NVIDIA Virtual GPU Manager contains a vulnerability in the kernel modu ...)
@@ -17917,122 +59744,122 @@ CVE-2020-5958 (NVIDIA Windows GPU Display Driver, all versions, contains a vulne
NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2020-5957 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
NOT-FOR-US: Nvidia driver for Windows
-CVE-2020-5956
- RESERVED
-CVE-2020-5955
- RESERVED
+CVE-2020-5956 (An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
+CVE-2020-5955 (An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O befor ...)
+ NOT-FOR-US: Int15MicrocodeSmm
CVE-2020-5954
RESERVED
-CVE-2020-5953
- RESERVED
+CVE-2020-5953 (A vulnerability exists in System Management Interrupt (SWSMI) handler ...)
+ NOT-FOR-US: Insyde
CVE-2020-5952
RESERVED
CVE-2020-5951
RESERVED
-CVE-2020-5950
- RESERVED
-CVE-2020-5949
- RESERVED
-CVE-2020-5948
- RESERVED
-CVE-2020-5947
- RESERVED
-CVE-2020-5946
- RESERVED
-CVE-2020-5945
- RESERVED
-CVE-2020-5944
- RESERVED
-CVE-2020-5943
- RESERVED
-CVE-2020-5942
- RESERVED
-CVE-2020-5941
- RESERVED
-CVE-2020-5940
- RESERVED
-CVE-2020-5939
- RESERVED
-CVE-2020-5938
- RESERVED
-CVE-2020-5937
- RESERVED
-CVE-2020-5936
- RESERVED
-CVE-2020-5935
- RESERVED
-CVE-2020-5934
- RESERVED
-CVE-2020-5933
- RESERVED
-CVE-2020-5932
- RESERVED
-CVE-2020-5931
- RESERVED
-CVE-2020-5930
- RESERVED
-CVE-2020-5929
- RESERVED
-CVE-2020-5928
- RESERVED
-CVE-2020-5927
- RESERVED
-CVE-2020-5926
- RESERVED
-CVE-2020-5925
- RESERVED
-CVE-2020-5924
- RESERVED
-CVE-2020-5923
- RESERVED
-CVE-2020-5922
- RESERVED
-CVE-2020-5921
- RESERVED
-CVE-2020-5920
- RESERVED
-CVE-2020-5919
- RESERVED
-CVE-2020-5918
- RESERVED
-CVE-2020-5917
- RESERVED
-CVE-2020-5916
- RESERVED
-CVE-2020-5915
- RESERVED
-CVE-2020-5914
- RESERVED
-CVE-2020-5913
- RESERVED
-CVE-2020-5912
- RESERVED
-CVE-2020-5911
- RESERVED
-CVE-2020-5910
- RESERVED
-CVE-2020-5909
- RESERVED
-CVE-2020-5908
- RESERVED
-CVE-2020-5907
- RESERVED
-CVE-2020-5906
- RESERVED
-CVE-2020-5905
- RESERVED
-CVE-2020-5904
- RESERVED
-CVE-2020-5903
- RESERVED
-CVE-2020-5902
- RESERVED
-CVE-2020-5901
- RESERVED
-CVE-2020-5900
- RESERVED
-CVE-2020-5899
- RESERVED
+CVE-2020-5950 (On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allo ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5949 (On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5948 (On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5947 (In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP plat ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5946 (In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5945 (In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5944 (In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pag ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5943 (In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP objec ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5942 (In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5941 (On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESO ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5940 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a s ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5939 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0- ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5938 (On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5937 (On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5936 (On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5935 (On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Con ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5934 (On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, w ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5933 (On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0- ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5932 (On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerabil ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5931 (On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5930 (In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5929 (In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, B ...)
+ NOT-FOR-US: F5
+CVE-2020-5928 (In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0- ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5927 (In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5926 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5925 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5924 (In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS aut ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5923 (In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5922 (In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5921 (in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5920 (In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0- ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5919 (In versions 15.1.0-15.1.0.4, rendering of certain session variables by ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5918 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5917 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5916 (In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5915 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5914 (In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5913 (In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0- ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5912 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5911 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2020-5910 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2020-5909 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the co ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2020-5908 (In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5907 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5906 (In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5905 (In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5904 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5903 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5902 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5901 (In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow f ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2020-5900 (In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2020-5899 (In NGINX Controller 3.0.0-3.4.0, recovery code required to change a us ...)
+ NOT-FOR-US: NGINX Controller
CVE-2020-5898 (In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver d ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5897 (In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability ...)
@@ -18151,8 +59978,8 @@ CVE-2020-5841 (An issue was discovered in OpServices OpMon 9.3.1-1. Using passwo
NOT-FOR-US: OpServices OpMon
CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/R ...)
NOT-FOR-US: HashBrown CMS
-CVE-2020-5839
- RESERVED
+CVE-2020-5839 (Symantec Endpoint Detection And Response, prior to 4.4, may be suscept ...)
+ NOT-FOR-US: Symantec
CVE-2020-5838 (Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-s ...)
NOT-FOR-US: Symantec
CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect file perm ...)
@@ -18205,124 +60032,124 @@ CVE-2020-5814
RESERVED
CVE-2020-5813
RESERVED
-CVE-2020-5812
- RESERVED
-CVE-2020-5811
- RESERVED
-CVE-2020-5810
- RESERVED
-CVE-2020-5809
- RESERVED
-CVE-2020-5808
- RESERVED
-CVE-2020-5807
- RESERVED
-CVE-2020-5806
- RESERVED
-CVE-2020-5805
- RESERVED
-CVE-2020-5804
- RESERVED
-CVE-2020-5803
- RESERVED
-CVE-2020-5802
- RESERVED
-CVE-2020-5801
- RESERVED
-CVE-2020-5800
- RESERVED
-CVE-2020-5799
- RESERVED
-CVE-2020-5798
- RESERVED
-CVE-2020-5797
- RESERVED
-CVE-2020-5796
- RESERVED
-CVE-2020-5795
- RESERVED
-CVE-2020-5794
- RESERVED
-CVE-2020-5793
- RESERVED
-CVE-2020-5792
- RESERVED
-CVE-2020-5791
- RESERVED
-CVE-2020-5790
- RESERVED
-CVE-2020-5789
- RESERVED
-CVE-2020-5788
- RESERVED
-CVE-2020-5787
- RESERVED
-CVE-2020-5786
- RESERVED
-CVE-2020-5785
- RESERVED
-CVE-2020-5784
- RESERVED
-CVE-2020-5783
- RESERVED
-CVE-2020-5782
- RESERVED
-CVE-2020-5781
- RESERVED
-CVE-2020-5780
- RESERVED
-CVE-2020-5779
- RESERVED
-CVE-2020-5778
- RESERVED
-CVE-2020-5777
- RESERVED
-CVE-2020-5776
- RESERVED
-CVE-2020-5775
- RESERVED
-CVE-2020-5774
- RESERVED
-CVE-2020-5773
- RESERVED
-CVE-2020-5772
- RESERVED
-CVE-2020-5771
- RESERVED
-CVE-2020-5770
- RESERVED
-CVE-2020-5769
- RESERVED
-CVE-2020-5768
- RESERVED
-CVE-2020-5767
- RESERVED
-CVE-2020-5766
- RESERVED
-CVE-2020-5765
- RESERVED
-CVE-2020-5764
- RESERVED
-CVE-2020-5763
- RESERVED
-CVE-2020-5762
- RESERVED
-CVE-2020-5761
- RESERVED
-CVE-2020-5760
- RESERVED
-CVE-2020-5759
- RESERVED
-CVE-2020-5758
- RESERVED
-CVE-2020-5757
- RESERVED
-CVE-2020-5756
- RESERVED
-CVE-2020-5755
- RESERVED
-CVE-2020-5754
- RESERVED
+CVE-2020-5812 (Nessus AMI versions 8.12.0 and earlier were found to either not valida ...)
+ NOT-FOR-US: Nessus
+CVE-2020-5811 (An authenticated path traversal vulnerability exists during package in ...)
+ NOT-FOR-US: Umbraco CMS
+CVE-2020-5810 (A stored XSS vulnerability exists in Umbraco CMS &lt;= 8.9.1 or curren ...)
+ NOT-FOR-US: Umbraco CMS
+CVE-2020-5809 (A stored XSS vulnerability exists in Umbraco CMS &lt;= 8.9.1 or curren ...)
+ NOT-FOR-US: Umbraco CMS
+CVE-2020-5808 (In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could po ...)
+ NOT-FOR-US: Tenable
+CVE-2020-5807 (An unauthenticated remote attacker can send data to RsvcHost.exe liste ...)
+ NOT-FOR-US: FactoryTalk Diagnostics
+CVE-2020-5806 (An attacker-controlled memory allocation size can be passed to the C++ ...)
+ NOT-FOR-US: FactoryTalk
+CVE-2020-5805 (In Marvell QConvergeConsole GUI &lt;= 5.5.0.74, credentials are stored ...)
+ NOT-FOR-US: Marvell QConvergeConsole GUI
+CVE-2020-5804 (Marvell QConvergeConsole GUI &lt;= 5.5.0.74 is affected by a path trav ...)
+ NOT-FOR-US: Marvell QConvergeConsole GUI
+CVE-2020-5803 (Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allow ...)
+ NOT-FOR-US: Marvell QConvergeConsole GUI
+CVE-2020-5802 (An attacker-controlled memory allocation size can be passed to the C++ ...)
+ NOT-FOR-US: FactoryTalk
+CVE-2020-5801 (An attacker can craft and send an OpenNamespace message to port 4241 w ...)
+ NOT-FOR-US: FactoryTalk
+CVE-2020-5800 (The Eat Spray Love mobile app for both iOS and Android contains logic ...)
+ NOT-FOR-US: Eat Spray Love mobile app
+CVE-2020-5799 (The Eat Spray Love mobile app for both iOS and Android contains a back ...)
+ NOT-FOR-US: Eat Spray Love mobile app
+CVE-2020-5798 (inSync Client installer for macOS versions v6.8.0 and prior could allo ...)
+ NOT-FOR-US: inSync Client installer for macOS
+CVE-2020-5797 (UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180 ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-5796 (Improper preservation of permissions in Nagios XI 5.7.4 allows a local ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-5795 (UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200 ...)
+ NOT-FOR-US: TP-Link
+CVE-2020-5794 (A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and ...)
+ NOT-FOR-US: Nessus
+CVE-2020-5793 (A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows &a ...)
+ NOT-FOR-US: Nessus
+CVE-2020-5792 (Improper neutralization of argument delimiters in a command in Nagios ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-5791 (Improper neutralization of special elements used in an OS command in N ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-5790 (Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-5789 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5788 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5787 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5786 (Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 all ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5785 (Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04 ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5784 (Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 al ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5783 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does n ...)
+ NOT-FOR-US: IgniteNet HeliOS GLinq
+CVE-2020-5782 (In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ...)
+ NOT-FOR-US: IgniteNet HeliOS GLinq
+CVE-2020-5781 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is ...)
+ NOT-FOR-US: IgniteNet HeliOS GLinq
+CVE-2020-5780 (Missing Authentication for Critical Function in Icegram Email Subscrib ...)
+ NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress
+CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates t ...)
+ NOT-FOR-US: Trading Technologies Messaging
+CVE-2020-5778 (A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) du ...)
+ NOT-FOR-US: Trading Technologies Messaging
+CVE-2020-5777 (MAGMI versions prior to 0.7.24 are vulnerable to a remote authenticati ...)
+ NOT-FOR-US: MAGMI
+CVE-2020-5776 (Currently, all versions of MAGMI are vulnerable to CSRF due to the lac ...)
+ NOT-FOR-US: MAGMI
+CVE-2020-5775 (Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, ...)
+ NOT-FOR-US: Canvas LMS
+CVE-2020-5774 (Nessus versions 8.11.0 and earlier were found to maintain sessions lon ...)
+ NOT-FOR-US: Nessus
+CVE-2020-5773 (Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allow ...)
+ NOT-FOR-US: Teltonika firmware
+CVE-2020-5772 (Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 all ...)
+ NOT-FOR-US: Teltonika firmware
+CVE-2020-5771 (Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 all ...)
+ NOT-FOR-US: Teltonika firmware
+CVE-2020-5770 (Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 al ...)
+ NOT-FOR-US: Teltonika firmware
+CVE-2020-5769 (Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5768 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress
+CVE-2020-5767 (Cross-site request forgery in Icegram Email Subscribers &amp; Newslett ...)
+ NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress
+CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2020-5765 (Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerabi ...)
+ NOT-FOR-US: Nessus
+CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable to a d ...)
+ NOT-FOR-US: MX Player Android App
+CVE-2020-5763 (Grandstream HT800 series firmware version 1.0.17.5 and below contain a ...)
+ NOT-FOR-US: Grandstream
+CVE-2020-5762 (Grandstream HT800 series firmware version 1.0.17.5 and below is vulner ...)
+ NOT-FOR-US: Grandstream
+CVE-2020-5761 (Grandstream HT800 series firmware version 1.0.17.5 and below is vulner ...)
+ NOT-FOR-US: Grandstream
+CVE-2020-5760 (Grandstream HT800 series firmware version 1.0.17.5 and below is vulner ...)
+ NOT-FOR-US: Grandstream
+CVE-2020-5759 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...)
+ NOT-FOR-US: Grandstream
+CVE-2020-5758 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...)
+ NOT-FOR-US: Grandstream
+CVE-2020-5757 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...)
+ NOT-FOR-US: Grandstream
+CVE-2020-5756 (Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenti ...)
+ NOT-FOR-US: Grandstream
+CVE-2020-5755 (Webroot endpoint agents prior to version v9.0.28.48 did not protect th ...)
+ NOT-FOR-US: Webroot
+CVE-2020-5754 (Webroot endpoint agents prior to version v9.0.28.48 allows remote atta ...)
+ NOT-FOR-US: Webroot
CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...)
NOT-FOR-US: Signal Private Messenger (Android and iOS version)
CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a ...)
@@ -18345,8 +60172,8 @@ CVE-2020-5744 (Relative Path Traversal in TCExam 14.2.2 allows a remote, authent
NOT-FOR-US: TCExam
CVE-2020-5743 (Improper Control of Resource Identifiers in TCExam 14.2.2 allows a rem ...)
NOT-FOR-US: TCExam
-CVE-2020-5742
- RESERVED
+CVE-2020-5742 (Improper Access Control in Plex Media Server prior to June 15, 2020 al ...)
+ NOT-FOR-US: Plex Media Server
CVE-2020-5741 (Deserialization of Untrusted Data in Plex Media Server on Windows allo ...)
NOT-FOR-US: Plex Media Server on Windows
CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows allows a loc ...)
@@ -18457,32 +60284,32 @@ CVE-2020-5688
RESERVED
CVE-2020-5687
RESERVED
-CVE-2020-5686
- RESERVED
-CVE-2020-5685
- RESERVED
-CVE-2020-5684
- RESERVED
-CVE-2020-5683
- RESERVED
-CVE-2020-5682
- RESERVED
-CVE-2020-5681
- RESERVED
-CVE-2020-5680
- RESERVED
-CVE-2020-5679
- RESERVED
-CVE-2020-5678
- RESERVED
-CVE-2020-5677
- RESERVED
-CVE-2020-5676
- RESERVED
-CVE-2020-5675
- RESERVED
-CVE-2020-5674
- RESERVED
+CVE-2020-5686 (Incorrect implementation of authentication algorithm issue in UNIVERGE ...)
+ NOT-FOR-US: UNIVERGE
+CVE-2020-5685 (UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 al ...)
+ NOT-FOR-US: UNIVERGE
+CVE-2020-5684 (iSM client versions from V5.1 prior to V12.1 running on NEC Storage Ma ...)
+ NOT-FOR-US: iSM client
+CVE-2020-5683 (Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v ...)
+ NOT-FOR-US: GROWI
+CVE-2020-5682 (Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Seri ...)
+ NOT-FOR-US: GROWI
+CVE-2020-5681 (Untrusted search path vulnerability in self-extracting files created b ...)
+ NOT-FOR-US: EpsonNet SetupManager
+CVE-2020-5680 (Improper input validation vulnerability in EC-CUBE versions from 3.0.5 ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2020-5679 (Improper restriction of rendered UI layers or frames in EC-CUBE versio ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2020-5678 (Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier ...)
+ NOT-FOR-US: GROWI
+CVE-2020-5677 (Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earli ...)
+ NOT-FOR-US: GROWI
+CVE-2020-5676 (GROWI v4.1.3 and earlier allow remote attackers to obtain information ...)
+ NOT-FOR-US: GROWI
+CVE-2020-5675 (Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT21 ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...)
+ NOT-FOR-US: SEIKO EPSON products
CVE-2020-5673
RESERVED
CVE-2020-5672
@@ -18491,186 +60318,186 @@ CVE-2020-5671
RESERVED
CVE-2020-5670
RESERVED
-CVE-2020-5669
- RESERVED
-CVE-2020-5668
- RESERVED
-CVE-2020-5667
- RESERVED
-CVE-2020-5666
- RESERVED
-CVE-2020-5665
- RESERVED
-CVE-2020-5664
- RESERVED
-CVE-2020-5663
- RESERVED
-CVE-2020-5662
- RESERVED
+CVE-2020-5669 (Cross-site scripting vulnerability in Movable Type Movable Type Premiu ...)
+ - movabletype-opensource <removed>
+CVE-2020-5668 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series ...)
+ NOT-FOR-US: Mitsubishi Electric
+CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS ...)
+ NOT-FOR-US: Studyplus
+CVE-2020-5666 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series ...)
+ NOT-FOR-US: Mitsubishi Electric
+CVE-2020-5665 (Improper check or handling of exceptional conditions in MELSEC iQ-F se ...)
+ NOT-FOR-US: Mitsubishi Electric
+CVE-2020-5664 (Deserialization of untrusted data vulnerability in XooNIps 3.49 and ea ...)
+ NOT-FOR-US: XooNIps
+CVE-2020-5663 (Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier ...)
+ NOT-FOR-US: XooNIps
+CVE-2020-5662 (Reflected cross-site scripting vulnerability in XooNIps 3.49 and earli ...)
+ NOT-FOR-US: XooNIps
CVE-2020-5661
RESERVED
CVE-2020-5660
RESERVED
-CVE-2020-5659
- RESERVED
-CVE-2020-5658
- RESERVED
-CVE-2020-5657
- RESERVED
-CVE-2020-5656
- RESERVED
-CVE-2020-5655
- RESERVED
-CVE-2020-5654
- RESERVED
-CVE-2020-5653
- RESERVED
-CVE-2020-5652
- RESERVED
-CVE-2020-5651
- RESERVED
-CVE-2020-5650
- RESERVED
-CVE-2020-5649
- RESERVED
-CVE-2020-5648
- RESERVED
-CVE-2020-5647
- RESERVED
-CVE-2020-5646
- RESERVED
-CVE-2020-5645
- RESERVED
-CVE-2020-5644
- RESERVED
-CVE-2020-5643
- RESERVED
-CVE-2020-5642
- RESERVED
-CVE-2020-5641
- RESERVED
-CVE-2020-5640
- RESERVED
-CVE-2020-5639
- RESERVED
-CVE-2020-5638
- RESERVED
-CVE-2020-5637
- RESERVED
-CVE-2020-5636
- RESERVED
-CVE-2020-5635
- RESERVED
-CVE-2020-5634
- RESERVED
-CVE-2020-5633
- RESERVED
-CVE-2020-5632
- RESERVED
-CVE-2020-5631
- RESERVED
+CVE-2020-5659 (SQL injection vulnerability in the XooNIps 3.49 and earlier allows rem ...)
+ NOT-FOR-US: XooNIps
+CVE-2020-5658 (Resource Management Errors vulnerability in TCP/IP function included i ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5657 (Improper neutralization of argument delimiters in a command ('Argument ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5656 (Improper access control vulnerability in TCP/IP function included in t ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5655 (NULL pointer dereferences vulnerability in TCP/IP function included in ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5654 (Session fixation vulnerability in TCP/IP function included in the firm ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5653 (Buffer overflow vulnerability in TCP/IP function included in the firmw ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5652 (Uncontrolled resource consumption vulnerability in Ethernet Port on ME ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5651 (SQL injection vulnerability in Simple Download Monitor 3.8.8 and earli ...)
+ NOT-FOR-US: Simple Download Monitor
+CVE-2020-5650 (Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 an ...)
+ NOT-FOR-US: Simple Download Monitor
+CVE-2020-5649 (Resource management error vulnerability in TCP/IP function included in ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5648 (Improper neutralization of argument delimiters in a command ('Argument ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5647 (Improper access control vulnerability in TCP/IP function included in t ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5646 (NULL pointer dereferences vulnerability in TCP/IP function included in ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5645 (Session fixation vulnerability in TCP/IP function included in the firm ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5644 (Buffer overflow vulnerability in TCP/IP function included in the firmw ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5643 (Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0. ...)
+ NOT-FOR-US: Cybozu Garoon
+CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Live su ...)
+ NOT-FOR-US: Live Chat
+CVE-2020-5641 (Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware v ...)
+ NOT-FOR-US: GS108Ev3 firmware
+CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and earlier ...)
+ NOT-FOR-US: OneThird CMS
+CVE-2020-5639 (Directory traversal vulnerability in FileZen versions from V3.0.0 to V ...)
+ NOT-FOR-US: FileZen
+CVE-2020-5638 (Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Sma ...)
+ NOT-FOR-US: desknet's NEO
+CVE-2020-5637 (Improper validation of integrity check value vulnerability in Aterm SA ...)
+ NOT-FOR-US: Aterm SA3500G firmware
+CVE-2020-5636 (Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker ...)
+ NOT-FOR-US: Aterm SA3500G firmware
+CVE-2020-5635 (Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker ...)
+ NOT-FOR-US: Aterm SA3500G firmware
+CVE-2020-5634 (ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC ...)
+ NOT-FOR-US: ELECOM LAN routers
+CVE-2020-5633 (Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express ...)
+ NOT-FOR-US: NEC
+CVE-2020-5632 (InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and ...)
+ NOT-FOR-US: InfoCage SiteShell
+CVE-2020-5631 (Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 ...)
+ NOT-FOR-US: CMONOS.JP
CVE-2020-5630
RESERVED
-CVE-2020-5629
- RESERVED
-CVE-2020-5628
- RESERVED
-CVE-2020-5627
- RESERVED
-CVE-2020-5626
- RESERVED
-CVE-2020-5625
- RESERVED
-CVE-2020-5624
- RESERVED
-CVE-2020-5623
- RESERVED
-CVE-2020-5622
- RESERVED
-CVE-2020-5621
- RESERVED
-CVE-2020-5620
- RESERVED
-CVE-2020-5619
- RESERVED
+CVE-2020-5629 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...)
+ NOT-FOR-US: UNIQLO App for Android
+CVE-2020-5628 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...)
+ NOT-FOR-US: UNIQLO App for Android
+CVE-2020-5627 (Yodobashi App for Android versions 1.8.7 and earlier allows remote att ...)
+ NOT-FOR-US: Yodobashi App for Android
+CVE-2020-5626 (Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 ...)
+ NOT-FOR-US: Logstorage
+CVE-2020-5625 (Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows ...)
+ NOT-FOR-US: XooNIps
+CVE-2020-5624 (SQL injection vulnerability in the XooNIps 3.48 and earlier allows rem ...)
+ NOT-FOR-US: XooNIps
+CVE-2020-5623 (NITORI App for Android versions 6.0.4 and earlier and NITORI App for i ...)
+ NOT-FOR-US: NITORI App for Android and iOS
+CVE-2020-5622 (Shadankun Server Security Type (excluding normal blocking method types ...)
+ NOT-FOR-US: Shadankun Server Security Type
+CVE-2020-5621 (Cross-site request forgery (CSRF) vulnerability in NETGEAR switching h ...)
+ NOT-FOR-US: Netgear
+CVE-2020-5620 (Cross-site scripting vulnerability in Exment prior to v3.6.0 allows re ...)
+ NOT-FOR-US: Exment
+CVE-2020-5619 (Cross-site scripting vulnerability in Exment prior to v3.6.0 allows re ...)
+ NOT-FOR-US: Exment
CVE-2020-5618
RESERVED
-CVE-2020-5617
- RESERVED
-CVE-2020-5616
- RESERVED
-CVE-2020-5615
- RESERVED
-CVE-2020-5614
- RESERVED
-CVE-2020-5613
- RESERVED
-CVE-2020-5612
- RESERVED
-CVE-2020-5611
- RESERVED
-CVE-2020-5610
- RESERVED
-CVE-2020-5609
- RESERVED
-CVE-2020-5608
- RESERVED
-CVE-2020-5607
- RESERVED
-CVE-2020-5606
- RESERVED
-CVE-2020-5605
- RESERVED
-CVE-2020-5604
- RESERVED
-CVE-2020-5603
- RESERVED
-CVE-2020-5602
- RESERVED
-CVE-2020-5601
- RESERVED
-CVE-2020-5600
- RESERVED
-CVE-2020-5599
- RESERVED
-CVE-2020-5598
- RESERVED
-CVE-2020-5597
- RESERVED
-CVE-2020-5596
- RESERVED
-CVE-2020-5595
- RESERVED
-CVE-2020-5594
- RESERVED
-CVE-2020-5593
- RESERVED
-CVE-2020-5592
- RESERVED
-CVE-2020-5591
- RESERVED
-CVE-2020-5590
- RESERVED
-CVE-2020-5589
- RESERVED
-CVE-2020-5588
- RESERVED
-CVE-2020-5587
- RESERVED
-CVE-2020-5586
- RESERVED
-CVE-2020-5585
- RESERVED
-CVE-2020-5584
- RESERVED
-CVE-2020-5583
- RESERVED
-CVE-2020-5582
- RESERVED
-CVE-2020-5581
- RESERVED
-CVE-2020-5580
- RESERVED
+CVE-2020-5617 (Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12 ...)
+ NOT-FOR-US: SKYSEA Client View
+CVE-2020-5616 ([Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], ...)
+ NOT-FOR-US: Calendar01
+CVE-2020-5615 (Cross-site request forgery (CSRF) vulnerability in [Calendar01] free e ...)
+ NOT-FOR-US: Calendar01
+CVE-2020-5614 (Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows ...)
+ NOT-FOR-US: KonaWiki
+CVE-2020-5613 (Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allow ...)
+ NOT-FOR-US: KonaWiki
+CVE-2020-5612 (Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allow ...)
+ NOT-FOR-US: KonaWiki
+CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social Sharing Plug ...)
+ NOT-FOR-US: Social Sharing Plugin for WordPress
+CVE-2020-5610 (Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earli ...)
+ NOT-FOR-US: Global TechStream (GTS) for TOYOTA dealers
+CVE-2020-5609 (Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (incl ...)
+ NOT-FOR-US: Yokogawa CAMS
+CVE-2020-5608 (CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 t ...)
+ NOT-FOR-US: Yokogawa CAMS
+CVE-2020-5607 (Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows re ...)
+ NOT-FOR-US: SHIRASAGI
+CVE-2020-5606 (Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earli ...)
+ NOT-FOR-US: WHR-G54S firmware
+CVE-2020-5605 (Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlie ...)
+ NOT-FOR-US: WHR-G54S firmware
+CVE-2020-5604 (Android App 'Mercari' (Japan version) prior to version 3.52.0 allows a ...)
+ NOT-FOR-US: Mercari
+CVE-2020-5603 (Uncontrolled resource consumption vulnerability in Mitsubishi Electori ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5602 (Mitsubishi Electoric FA Engineering Software (CPU Module Logging Confi ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5601 (Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote a ...)
+ NOT-FOR-US: Chrome Extension for e-Tax Reception System
+CVE-2020-5600 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5599 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5598 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5597 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5596 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5595 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5594 (Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP cod ...)
+ NOT-FOR-US: Zenphoto
+CVE-2020-5592 (Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 ...)
+ NOT-FOR-US: Zenphoto
+CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to ...)
+ NOT-FOR-US: XACK DNS
+CVE-2020-5590 (Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2020-5589 (SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, ...)
+ NOT-FOR-US: SONY
+CVE-2020-5588 (Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows at ...)
+ NOT-FOR-US: Cybozu Garoon
+CVE-2020-5587 (Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to o ...)
+ NOT-FOR-US: Cybozu Garoon
+CVE-2020-5586 (Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 al ...)
+ NOT-FOR-US: Cybozu Garoon
+CVE-2020-5585 (Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 all ...)
+ NOT-FOR-US: Cybozu Garoon
+CVE-2020-5584 (Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintend ...)
+ NOT-FOR-US: Cybozu Garoon
+CVE-2020-5583 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to ...)
+ NOT-FOR-US: Cybozu Garoon
+CVE-2020-5582 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to ...)
+ NOT-FOR-US: Cybozu Garoon
+CVE-2020-5581 (Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows re ...)
+ NOT-FOR-US: Cybozu Garoon
+CVE-2020-5580 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to ...)
+ NOT-FOR-US: Cybozu Garoon
CVE-2020-5579 (SQL injection vulnerability in the Paid Memberships versions prior to ...)
NOT-FOR-US: Paid Memberships
CVE-2020-5578
@@ -18747,10 +60574,10 @@ CVE-2020-5543 (TCP function included in the firmware of Mitsubishi Electric MELQ
NOT-FOR-US: Mitsubishi
CVE-2020-5542 (Buffer error vulnerability in TCP function included in the firmware of ...)
NOT-FOR-US: Mitsubishi
-CVE-2020-5541
- RESERVED
-CVE-2020-5540
- RESERVED
+CVE-2020-5541 (Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows re ...)
+ NOT-FOR-US: CyberMail
+CVE-2020-5540 (Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x al ...)
+ NOT-FOR-US: CyberMail
CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do no ...)
NOT-FOR-US: GRANDIT
CVE-2020-5538 (Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows ...)
@@ -18772,9 +60599,9 @@ CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC Series
CVE-2020-5530 (Cross-site request forgery (CSRF) vulnerability in Easy Property Listi ...)
NOT-FOR-US: Easy Property Listings plugin for WordPress
CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...)
+ {DLA-2326-1}
- htmlunit <removed>
NOTE: https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28
- TODO: check details, might affect jenkins-htmlunit
CVE-2020-5528 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...)
- movabletype-opensource <removed>
CVE-2020-5527 (When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC ...)
@@ -18826,7 +60653,7 @@ CVE-2020-5505 (Freelancy v1.0.0 allows remote command execution via the "file":"
CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists ...)
{DLA-2060-1}
- phpmyadmin 4:4.9.4+dfsg1-1 (bug #948718)
- [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983
NOTE: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b
NOTE: https://www.phpmyadmin.net/security/PMASA-2020-1/
@@ -18845,183 +60672,187 @@ CVE-2020-5498
CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect throug ...)
NOT-FOR-US: MITREid Connect
CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...)
- - fontforge <unfixed> (bug #948231)
+ - fontforge 1:20201107~dfsg-1 (bug #948231)
[buster] - fontforge <no-dsa> (Minor issue)
[stretch] - fontforge <no-dsa> (Minor issue)
[jessie] - fontforge <no-dsa> (Minor issue)
NOTE: https://github.com/fontforge/fontforge/issues/4085
CVE-2020-5495
- RESERVED
+ REJECTED
CVE-2020-5494
- RESERVED
+ REJECTED
CVE-2020-5493
- RESERVED
+ REJECTED
CVE-2020-5492
- RESERVED
+ REJECTED
CVE-2020-5491
- RESERVED
+ REJECTED
CVE-2020-5490
- RESERVED
+ REJECTED
CVE-2020-5489
- RESERVED
+ REJECTED
CVE-2020-5488
- RESERVED
+ REJECTED
CVE-2020-5487
- RESERVED
+ REJECTED
CVE-2020-5486
- RESERVED
+ REJECTED
CVE-2020-5485
- RESERVED
+ REJECTED
CVE-2020-5484
- RESERVED
+ REJECTED
CVE-2020-5483
- RESERVED
+ REJECTED
CVE-2020-5482
- RESERVED
+ REJECTED
CVE-2020-5481
- RESERVED
+ REJECTED
CVE-2020-5480
- RESERVED
+ REJECTED
CVE-2020-5479
- RESERVED
+ REJECTED
CVE-2020-5478
- RESERVED
+ REJECTED
CVE-2020-5477
- RESERVED
+ REJECTED
CVE-2020-5476
- RESERVED
+ REJECTED
CVE-2020-5475
- RESERVED
+ REJECTED
CVE-2020-5474
- RESERVED
+ REJECTED
CVE-2020-5473
- RESERVED
+ REJECTED
CVE-2020-5472
- RESERVED
+ REJECTED
CVE-2020-5471
- RESERVED
+ REJECTED
CVE-2020-5470
- RESERVED
+ REJECTED
CVE-2020-5469
- RESERVED
+ REJECTED
CVE-2020-5468
- RESERVED
+ REJECTED
CVE-2020-5467
- RESERVED
+ REJECTED
CVE-2020-5466
- RESERVED
+ REJECTED
CVE-2020-5465
- RESERVED
+ REJECTED
CVE-2020-5464
- RESERVED
+ REJECTED
CVE-2020-5463
- RESERVED
+ REJECTED
CVE-2020-5462
- RESERVED
+ REJECTED
CVE-2020-5461
- RESERVED
+ REJECTED
CVE-2020-5460
- RESERVED
+ REJECTED
CVE-2020-5459
- RESERVED
+ REJECTED
CVE-2020-5458
- RESERVED
+ REJECTED
CVE-2020-5457
- RESERVED
+ REJECTED
CVE-2020-5456
- RESERVED
+ REJECTED
CVE-2020-5455
- RESERVED
+ REJECTED
CVE-2020-5454
- RESERVED
+ REJECTED
CVE-2020-5453
- RESERVED
+ REJECTED
CVE-2020-5452
- RESERVED
+ REJECTED
CVE-2020-5451
- RESERVED
+ REJECTED
CVE-2020-5450
- RESERVED
+ REJECTED
CVE-2020-5449
- RESERVED
+ REJECTED
CVE-2020-5448
- RESERVED
+ REJECTED
CVE-2020-5447
- RESERVED
+ REJECTED
CVE-2020-5446
- RESERVED
+ REJECTED
CVE-2020-5445
- RESERVED
+ REJECTED
CVE-2020-5444
- RESERVED
+ REJECTED
CVE-2020-5443
- RESERVED
+ REJECTED
CVE-2020-5442
- RESERVED
+ REJECTED
CVE-2020-5441
- RESERVED
+ REJECTED
CVE-2020-5440
- RESERVED
+ REJECTED
CVE-2020-5439
- RESERVED
+ REJECTED
CVE-2020-5438
- RESERVED
+ REJECTED
CVE-2020-5437
- RESERVED
+ REJECTED
CVE-2020-5436
- RESERVED
+ REJECTED
CVE-2020-5435
- RESERVED
+ REJECTED
CVE-2020-5434
- RESERVED
+ REJECTED
CVE-2020-5433
- RESERVED
+ REJECTED
CVE-2020-5432
- RESERVED
+ REJECTED
CVE-2020-5431
- RESERVED
+ REJECTED
CVE-2020-5430
- RESERVED
+ REJECTED
CVE-2020-5429
- RESERVED
-CVE-2020-5428
- RESERVED
-CVE-2020-5427
- RESERVED
-CVE-2020-5426
- RESERVED
-CVE-2020-5425
- RESERVED
+ REJECTED
+CVE-2020-5428 (In applications using Spring Cloud Task 2.2.4.RELEASE and below, may b ...)
+ NOT-FOR-US: VMware
+CVE-2020-5427 (In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5 ...)
+ NOT-FOR-US: VMware
+CVE-2020-5426 (Scheduler for TAS prior to version 1.4.0 was permitting plaintext tran ...)
+ NOT-FOR-US: VMware
+CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x v ...)
+ NOT-FOR-US: VMware
CVE-2020-5424
- RESERVED
-CVE-2020-5423
- RESERVED
-CVE-2020-5422
- RESERVED
-CVE-2020-5421
- RESERVED
-CVE-2020-5420
- RESERVED
-CVE-2020-5419
- RESERVED
-CVE-2020-5418
- RESERVED
-CVE-2020-5417
- RESERVED
-CVE-2020-5416
- RESERVED
-CVE-2020-5415
- RESERVED
-CVE-2020-5414
- RESERVED
-CVE-2020-5413
- RESERVED
-CVE-2020-5412
- RESERVED
-CVE-2020-5411
- RESERVED
-CVE-2020-5410
- RESERVED
+ REJECTED
+CVE-2020-5423 (CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a ...)
+ NOT-FOR-US: Cloud Foundry
+CVE-2020-5422 (BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA pas ...)
+ NOT-FOR-US: BOSH System Metrics Server
+CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...)
+ - libspring-java 4.3.30-1 (bug #973381)
+ [buster] - libspring-java <no-dsa> (Minor issue)
+ [stretch] - libspring-java <ignored> (Minor issue, no known patch)
+ NOTE: https://tanzu.vmware.com/security/cve-2020-5421
+ NOTE: https://github.com/spring-projects/spring-framework/issues/26821 (patch unidentifiable)
+CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...)
+ NOT-FOR-US: Cloud Foundry
+CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific ...)
+ - rabbitmq-server <not-affected> (Windows-specific vulnerability)
+CVE-2020-5418 (Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow a ...)
+ NOT-FOR-US: Cloud Foundry
+CVE-2020-5417 (Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when ...)
+ NOT-FOR-US: Cloud Foundry
+CVE-2020-5416 (Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used ...)
+ NOT-FOR-US: Cloud Foundry
+CVE-2020-5415 (Concourse, versions prior to 6.3.1 and 6.4.1, in installations which u ...)
+ NOT-FOR-US: Councourse
+CVE-2020-5414 (VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7. ...)
+ NOT-FOR-US: VMware
+CVE-2020-5413 (Spring Integration framework provides Kryo Codec implementations as an ...)
+ NOT-FOR-US: VMware
+CVE-2020-5412 (Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x pr ...)
+ NOT-FOR-US: Spring Cloud Netflix
+CVE-2020-5411 (When configured to enable default typing, Jackson contained a deserial ...)
+ NOT-FOR-US: spring-batch
+CVE-2020-5410 (Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x pri ...)
+ NOT-FOR-US: Spring Cloud Config
CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects to u ...)
NOT-FOR-US: Pivotal
CVE-2020-5408 (Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5 ...)
@@ -19047,26 +60878,27 @@ CVE-2020-5400 (Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0,
CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...)
NOT-FOR-US: Cloud Foundry CredHub
CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...)
- - libspring-java <unfixed>
- [jessie] - libspring-java <not-affected> (Vulnerable code not present)
+ - libspring-java <not-affected> (Vulnerable code not present)
NOTE: https://pivotal.io/security/cve-2020-5398
NOTE: https://github.com/spring-projects/spring-framework/issues/24220
NOTE: https://github.com/spring-projects/spring-framework/commit/41f40c6c229d3b4f768718f1ec229d8f0ad76d76
NOTE: https://github.com/spring-projects/spring-framework/commit/956ffe68587c8d5f21135b5ce4650af0c2dea933
CVE-2020-5397 (Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF ...)
- - libspring-java <unfixed>
- [jessie] - libspring-java <not-affected> (Vulnerable code not present)
+ - libspring-java <not-affected> (Only affects 5.2.x)
NOTE: https://pivotal.io/security/cve-2020-5397
NOTE: https://github.com/spring-projects/spring-framework/issues/24327
NOTE: https://github.com/spring-projects/spring-framework/commit/bc7d01048579430b4b2df668178809b63d3f1929
-CVE-2020-5396
- RESERVED
+CVE-2020-5396 (VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and ...)
+ NOT-FOR-US: VMware
CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...)
- - fontforge <unfixed> (bug #948231)
+ - fontforge 1:20201107~dfsg-1 (bug #948231)
[buster] - fontforge <no-dsa> (Minor issue)
[stretch] - fontforge <no-dsa> (Minor issue)
[jessie] - fontforge <no-dsa> (Minor issue)
NOTE: https://github.com/fontforge/fontforge/issues/4084
+ NOTE: https://github.com/fontforge/fontforge/commit/048a91e2682c1a8936ae34dbc7bd70291ec05410
+ NOTE: Additional patch required (to not open up CVE-2020-25690):
+ NOTE: https://github.com/fontforge/fontforge/commit/b96273acc691ac8a36c6a8dd4de8e6edd7eaae59
CVE-2020-5394
RESERVED
CVE-2020-5393 (In Appspace On-Prem through 7.1.3, an adversary can steal a session to ...)
@@ -19079,104 +60911,104 @@ CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML
{DSA-4630-1 DLA-2119-1}
- python-pysaml2 4.5.0-7 (bug #949322)
NOTE: https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 (v5.0.0)
-CVE-2020-5389
- RESERVED
-CVE-2020-5388
- RESERVED
-CVE-2020-5387
- RESERVED
-CVE-2020-5386
- RESERVED
-CVE-2020-5385
- RESERVED
-CVE-2020-5384
- RESERVED
-CVE-2020-5383
- RESERVED
+CVE-2020-5389 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...)
+ NOT-FOR-US: Dell
+CVE-2020-5388 (Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an ...)
+ NOT-FOR-US: Dell
+CVE-2020-5387 (Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Ex ...)
+ NOT-FOR-US: Dell
+CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource ...)
+ NOT-FOR-US: EMC
+CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suit ...)
+ NOT-FOR-US: Dell
+CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Wi ...)
+ NOT-FOR-US: RSA MFA Agent
+CVE-2020-5383 (Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS vers ...)
+ NOT-FOR-US: EMC
CVE-2020-5382
RESERVED
CVE-2020-5381
RESERVED
CVE-2020-5380
RESERVED
-CVE-2020-5379
- RESERVED
-CVE-2020-5378
- RESERVED
-CVE-2020-5377
- RESERVED
-CVE-2020-5376
- RESERVED
+CVE-2020-5379 (Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot ...)
+ NOT-FOR-US: Dell
+CVE-2020-5378 (Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot ...)
+ NOT-FOR-US: Dell
+CVE-2020-5377 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior ...)
+ NOT-FOR-US: EMC
+CVE-2020-5376 (Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot ...)
+ NOT-FOR-US: Dell
CVE-2020-5375
RESERVED
-CVE-2020-5374
- RESERVED
-CVE-2020-5373
- RESERVED
-CVE-2020-5372
- RESERVED
-CVE-2020-5371
- RESERVED
-CVE-2020-5370
- RESERVED
-CVE-2020-5369
- RESERVED
-CVE-2020-5368
- RESERVED
-CVE-2020-5367
- RESERVED
-CVE-2020-5366
- RESERVED
+CVE-2020-5374 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...)
+ NOT-FOR-US: EMC
+CVE-2020-5373 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...)
+ NOT-FOR-US: EMC
+CVE-2020-5372 (Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerab ...)
+ NOT-FOR-US: EMC
+CVE-2020-5371 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...)
+ NOT-FOR-US: EMC
+CVE-2020-5370 (Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an ...)
+ NOT-FOR-US: EMC
+CVE-2020-5369 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...)
+ NOT-FOR-US: EMC
+CVE-2020-5368 (Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authe ...)
+ NOT-FOR-US: EMC
+CVE-2020-5367 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC U ...)
+ NOT-FOR-US: Dell EMC
+CVE-2020-5366 (Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal ...)
+ NOT-FOR-US: EMC
CVE-2020-5365 (Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vul ...)
NOT-FOR-US: EMC
CVE-2020-5364 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vul ...)
NOT-FOR-US: EMC
-CVE-2020-5363
- RESERVED
-CVE-2020-5362
- RESERVED
-CVE-2020-5361
- RESERVED
-CVE-2020-5360
- RESERVED
-CVE-2020-5359
- RESERVED
-CVE-2020-5358
- RESERVED
+CVE-2020-5363 (Select Dell Client Consumer and Commercial platforms include an issue ...)
+ NOT-FOR-US: Dell
+CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an improper auth ...)
+ NOT-FOR-US: Dell
+CVE-2020-5361 (Select Dell Client Commercial and Consumer platforms support a BIOS pa ...)
+ NOT-FOR-US: Dell
+CVE-2020-5360 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable ...)
+ NOT-FOR-US: Dell
+CVE-2020-5359 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable ...)
+ NOT-FOR-US: Dell
+CVE-2020-5358 (Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suit ...)
+ NOT-FOR-US: Dell Encryption
CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer and Comme ...)
NOT-FOR-US: Dell
-CVE-2020-5356
- RESERVED
+CVE-2020-5356 (Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell ...)
+ NOT-FOR-US: Dell
CVE-2020-5355
RESERVED
CVE-2020-5354
RESERVED
-CVE-2020-5353
- RESERVED
-CVE-2020-5352
- RESERVED
-CVE-2020-5351
- RESERVED
+CVE-2020-5353 (The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...)
+ NOT-FOR-US: EMC
+CVE-2020-5352 (Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS comma ...)
+ NOT-FOR-US: EMC
+CVE-2020-5351 (Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an ...)
+ NOT-FOR-US: EMC
CVE-2020-5350 (Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, ...)
NOT-FOR-US: EMC
-CVE-2020-5349
- RESERVED
+CVE-2020-5349 (Dell EMC Networking S4100 and S5200 Series Switches manufactured prior ...)
+ NOT-FOR-US: EMC
CVE-2020-5348 (Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a ...)
NOT-FOR-US: Dell
CVE-2020-5347 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of s ...)
NOT-FOR-US: Dell EMC Isilon OneFS
CVE-2020-5346 (RSA Authentication Manager versions prior to 8.4 P11 contain a stored ...)
NOT-FOR-US: RSA Authentication Manager
-CVE-2020-5345
- RESERVED
+CVE-2020-5345 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC U ...)
+ NOT-FOR-US: Dell EMC
CVE-2020-5344 (Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70. ...)
NOT-FOR-US: EMC
CVE-2020-5343 (Dell Client platforms restored using a Dell OS recovery image download ...)
NOT-FOR-US: Dell
CVE-2020-5342 (Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect ...)
NOT-FOR-US: Dell
-CVE-2020-5341
- RESERVED
+CVE-2020-5341 (Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server ...)
+ NOT-FOR-US: EMC
CVE-2020-5340 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...)
NOT-FOR-US: RSA Authentication Manager
CVE-2020-5339 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...)
@@ -19199,8 +61031,8 @@ CVE-2020-5331 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an inform
NOT-FOR-US: RSA
CVE-2020-5330 (Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell ...)
NOT-FOR-US: EMC
-CVE-2020-5329
- RESERVED
+CVE-2020-5329 (Dell EMC Avamar Server contains an open redirect vulnerability. A remo ...)
+ NOT-FOR-US: EMC
CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized ...)
NOT-FOR-US: EMC
CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 contain a Ja ...)
@@ -19211,24 +61043,24 @@ CVE-2020-5325
RESERVED
CVE-2020-5324 (Dell Client Consumer and Commercial Platforms contain an Arbitrary Fil ...)
NOT-FOR-US: Dell
-CVE-2020-5323
- RESERVED
-CVE-2020-5322
- RESERVED
-CVE-2020-5321
- RESERVED
-CVE-2020-5320
- RESERVED
+CVE-2020-5323 (Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenMan ...)
+ NOT-FOR-US: EMC
+CVE-2020-5322 (Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10. ...)
+ NOT-FOR-US: EMC
+CVE-2020-5321 (Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenMan ...)
+ NOT-FOR-US: EMC
+CVE-2020-5320 (Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenMan ...)
+ NOT-FOR-US: EMC
CVE-2020-5319 (Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prio ...)
NOT-FOR-US: EMC
CVE-2020-5318 (Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 co ...)
NOT-FOR-US: EMC
CVE-2020-5317 (Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A ...)
NOT-FOR-US: EMC
-CVE-2020-5316
- RESERVED
-CVE-2020-5315
- RESERVED
+CVE-2020-5316 (Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2 ...)
+ NOT-FOR-US: Dell
+CVE-2020-5315 (Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text pa ...)
+ NOT-FOR-US: EMC
CVE-2020-5314
RESERVED
CVE-2020-5313 (libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...)
@@ -19263,8 +61095,8 @@ CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display na
NOT-FOR-US: Codoforum
CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of ...)
NOT-FOR-US: Codoforum
-CVE-2020-5304
- RESERVED
+CVE-2020-5304 (The dashboard in WhiteSource Application Vulnerability Management (AVM ...)
+ NOT-FOR-US: WhiteSource Application Vulnerability Management (AVM)
CVE-2020-5303 (Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-o ...)
NOT-FOR-US: Tendermint
CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...)
@@ -19273,16 +61105,16 @@ CVE-2020-5301 (SimpleSAMLphp versions before 1.18.6 contain an information discl
- simplesamlphp <not-affected> (Windows-only issue)
CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified&#8482; OpenID Connect ...)
NOT-FOR-US: ORY Hydra
-CVE-2020-5299
- RESERVED
-CVE-2020-5298
- RESERVED
-CVE-2020-5297
- RESERVED
-CVE-2020-5296
- RESERVED
-CVE-2020-5295
- RESERVED
+CVE-2020-5299 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
+ NOT-FOR-US: OctoberCMS
+CVE-2020-5298 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
+ NOT-FOR-US: OctoberCMS
+CVE-2020-5297 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
+ NOT-FOR-US: OctoberCMS
+CVE-2020-5296 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
+ NOT-FOR-US: OctoberCMS
+CVE-2020-5295 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
+ NOT-FOR-US: OctoberCMS
CVE-2020-5294 (PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflect ...)
NOT-FOR-US: PrestaShop
CVE-2020-5293 (In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper ...)
@@ -19356,7 +61188,7 @@ CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a pos
{DLA-2149-1}
- rails 2:5.2.4.1+dfsg-2 (bug #954304)
[buster] - rails 2:5.2.2.1+dfsg-1+deb10u1
- [stretch] - rails <no-dsa> (Minor issue)
+ [stretch] - rails 2:4.2.7.1-1+deb9u2
NOTE: https://www.openwall.com/lists/oss-security/2020/03/19/1
NOTE: https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a (master)
CVE-2020-5266 (In the ps_link module for PrestaShop before version 3.1.0, there is a ...)
@@ -19384,13 +61216,13 @@ CVE-2020-5260 (Affected versions of Git have a vulnerability whereby Git can be
CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...)
{DLA-2139-1}
- dojo 1.15.3+dfsg1-1 (bug #953587)
- [buster] - dojo <no-dsa> (Minor issue)
+ [buster] - dojo 1.14.2+dfsg1-1+deb10u2
NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw
NOTE: https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da
CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...)
{DLA-2139-1}
- dojo 1.15.3+dfsg1-1 (bug #953585)
- [buster] - dojo <no-dsa> (Minor issue)
+ [buster] - dojo 1.14.2+dfsg1-1+deb10u2
NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2
NOTE: https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d
CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by attri ...)
@@ -19426,8 +61258,8 @@ CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their
NOT-FOR-US: PrestaShop
CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...)
- puma 3.12.4-1 (bug #953122)
- [buster] - puma <no-dsa> (Minor issue)
- [stretch] - puma <no-dsa> (Minor issue)
+ [buster] - puma 3.12.0-2+deb10u2
+ [stretch] - puma <not-affected> (early_hint feature added in later version)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3
CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a defau ...)
@@ -19437,13 +61269,13 @@ CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a
NOTE: https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c
CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...)
- puma 3.12.4-1 (bug #952766)
- [buster] - puma <no-dsa> (Minor issue)
- [stretch] - puma <no-dsa> (Minor issue)
+ [buster] - puma 3.12.0-2+deb10u2
+ [stretch] - puma <no-dsa> (intrusive to backport)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
NOTE: https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3)
NOTE: https://github.com/puma/puma/commit/694feafcd4fdcea786a0730701dad933f7547bea (4.3.2)
-CVE-2020-5246
- RESERVED
+CVE-2020-5246 (Traccar GPS Tracking System before version 4.9 has a LDAP injection vu ...)
+ NOT-FOR-US: Traccar GPS Tracking System
CVE-2020-5245 (Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary cod ...)
NOT-FOR-US: Dropwizard-Validation
CVE-2020-5244 (In BuddyPress before 5.1.2, requests to a certain REST API endpoint ca ...)
@@ -19464,8 +61296,23 @@ CVE-2020-5240 (In wagtail-2fa before 1.4.1, any user with access to the CMS can
NOT-FOR-US: wagtail-2fa
CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...)
NOT-FOR-US: Mailu
-CVE-2020-5238
- RESERVED
+CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0.29.0. ...)
+ - cmark-gfm 0.29.0.gfm.2-1 (bug #965984)
+ [bullseye] - cmark-gfm <no-dsa> (Minor issue)
+ [buster] - cmark-gfm <no-dsa> (Minor issue)
+ - python-cmarkgfm <unfixed> (bug #965983)
+ [bullseye] - python-cmarkgfm <no-dsa> (Minor issue)
+ [buster] - python-cmarkgfm <no-dsa> (Minor issue)
+ - ruby-commonmarker 0.21.0-1 (bug #965981)
+ [buster] - ruby-commonmarker <no-dsa> (Minor issue)
+ - haskell-cmark-gfm 0.2.1+ds1-1 (bug #965982)
+ [buster] - haskell-cmark-gfm <no-dsa> (Minor issue)
+ - r-cran-commonmark <unfixed> (bug #965980)
+ [bullseye] - r-cran-commonmark <no-dsa> (Minor issue)
+ [buster] - r-cran-commonmark <no-dsa> (Minor issue)
+ NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85
+ NOTE: https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4
+ NOTE: haskell-cmark-gfm switched to src:cmark-gfm in 0.2.1+ds1-1, marking that as fixed (despite cmark-gfm not fixed yet)
CVE-2020-5237 (Multiple relative path traversal vulnerabilities in the oneup/uploader ...)
NOT-FOR-US: oneup/uploader-bundle
CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...)
@@ -19482,7 +61329,7 @@ CVE-2020-5235 (There is a potentially exploitable out of memory condition In Nan
CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vu ...)
NOT-FOR-US: MessagePack for C#
CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...)
- NOT-FOR-US: OAuth2 Proxy
+ - oauth2-proxy <itp> (bug #982891)
CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...)
NOT-FOR-US: Ethereum
CVE-2020-5231 (In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN ...)
@@ -19524,13 +61371,15 @@ CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execut
CVE-2020-5218 (Affected versions of Sylius give attackers the ability to switch chann ...)
NOT-FOR-US: Sylius
CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...)
- - ruby-secure-headers <unfixed> (bug #949999)
+ - ruby-secure-headers 6.3.1-1 (bug #949999)
+ [buster] - ruby-secure-headers <no-dsa> (Minor issue)
NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c
NOTE: https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3
NOTE: https://github.com/twitter/secure_headers/issues/418
NOTE: https://github.com/twitter/secure_headers/pull/421
CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...)
- - ruby-secure-headers <unfixed> (bug #949998)
+ - ruby-secure-headers 6.3.1-1 (bug #949998)
+ [buster] - ruby-secure-headers <no-dsa> (Minor issue)
NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg
NOTE: https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0
CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...)
@@ -19562,10 +61411,9 @@ CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i
NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
NOTE: Negligible security impact
CVE-2020-5208 (It's been found that multiple functions in ipmitool before 1.8.19 negl ...)
- {DLA-2098-1}
- - ipmitool <unfixed> (bug #950761)
- [buster] - ipmitool <no-dsa> (Minor issue)
- [stretch] - ipmitool <no-dsa> (Minor issue)
+ {DLA-2699-1 DLA-2098-1}
+ - ipmitool 1.8.18-10.1 (bug #950761)
+ [buster] - ipmitool 1.8.18-6+deb10u1
NOTE: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
NOTE: https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2
NOTE: https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10
@@ -19697,244 +61545,244 @@ CVE-2020-5150
RESERVED
CVE-2020-5149
RESERVED
-CVE-2020-5148
- RESERVED
-CVE-2020-5147
- RESERVED
-CVE-2020-5146
- RESERVED
-CVE-2020-5145
- RESERVED
-CVE-2020-5144
- RESERVED
-CVE-2020-5143
- RESERVED
-CVE-2020-5142
- RESERVED
-CVE-2020-5141
- RESERVED
-CVE-2020-5140
- RESERVED
-CVE-2020-5139
- RESERVED
-CVE-2020-5138
- RESERVED
-CVE-2020-5137
- RESERVED
-CVE-2020-5136
- RESERVED
-CVE-2020-5135
- RESERVED
-CVE-2020-5134
- RESERVED
-CVE-2020-5133
- RESERVED
-CVE-2020-5132
- RESERVED
-CVE-2020-5131
- RESERVED
-CVE-2020-5130
- RESERVED
+CVE-2020-5148 (SonicWall SSO-agent default configuration uses NetAPI to probe the ass ...)
+ NOT-FOR-US: SonicWall
+CVE-2020-5147 (SonicWall NetExtender Windows client vulnerable to unquoted service pa ...)
+ NOT-FOR-US: SonicWall
+CVE-2020-5146 (A vulnerability in SonicWall SMA100 appliance allow an authenticated m ...)
+ NOT-FOR-US: SonicWall
+CVE-2020-5145 (SonicWall Global VPN client version 4.10.4.0314 and earlier have an in ...)
+ NOT-FOR-US: SonicWall
+CVE-2020-5144 (SonicWall Global VPN client version 4.10.4.0314 and earlier allows unp ...)
+ NOT-FOR-US: SonicWall
+CVE-2020-5143 (SonicOS SSLVPN login page allows a remote unauthenticated attacker to ...)
+ NOT-FOR-US: SonicOS SSLVPN
+CVE-2020-5142 (A stored cross-site scripting (XSS) vulnerability exists in the SonicO ...)
+ NOT-FOR-US: SonicOS SSLVPN
+CVE-2020-5141 (A vulnerability in SonicOS allows a remote unauthenticated attacker to ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5140 (A vulnerability in SonicOS allows a remote unauthenticated attacker to ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5139 (A vulnerability in SonicOS SSLVPN service allows a remote unauthentica ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5138 (A Heap Overflow vulnerability in the SonicOS allows a remote unauthent ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5137 (A buffer overflow vulnerability in SonicOS allows a remote unauthentic ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5136 (A buffer overflow vulnerability in SonicOS allows an authenticated att ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5135 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5134 (A vulnerability in SonicOS allows an authenticated attacker to cause o ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5133 (A vulnerability in SonicOS allows a remote unauthenticated attacker to ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5132 (SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misc ...)
+ NOT-FOR-US: SonicWall
+CVE-2020-5131 (SonicWall NetExtender Windows client vulnerable to arbitrary file writ ...)
+ NOT-FOR-US: SonicWall NetExtender Windows client
+CVE-2020-5130 (SonicOS SSLVPN LDAP login request allows remote attackers to cause ext ...)
+ NOT-FOR-US: SonicOS SSLVPN / SonicWall
CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows a ...)
NOT-FOR-US: SonicWall
CVE-2020-5128
- RESERVED
+ REJECTED
CVE-2020-5127
- RESERVED
+ REJECTED
CVE-2020-5126
- RESERVED
+ REJECTED
CVE-2020-5125
- RESERVED
+ REJECTED
CVE-2020-5124
- RESERVED
+ REJECTED
CVE-2020-5123
- RESERVED
+ REJECTED
CVE-2020-5122
- RESERVED
+ REJECTED
CVE-2020-5121
- RESERVED
+ REJECTED
CVE-2020-5120
- RESERVED
+ REJECTED
CVE-2020-5119
- RESERVED
+ REJECTED
CVE-2020-5118
- RESERVED
+ REJECTED
CVE-2020-5117
- RESERVED
+ REJECTED
CVE-2020-5116
- RESERVED
+ REJECTED
CVE-2020-5115
- RESERVED
+ REJECTED
CVE-2020-5114
- RESERVED
+ REJECTED
CVE-2020-5113
- RESERVED
+ REJECTED
CVE-2020-5112
- RESERVED
+ REJECTED
CVE-2020-5111
- RESERVED
+ REJECTED
CVE-2020-5110
- RESERVED
+ REJECTED
CVE-2020-5109
- RESERVED
+ REJECTED
CVE-2020-5108
- RESERVED
+ REJECTED
CVE-2020-5107
- RESERVED
+ REJECTED
CVE-2020-5106
- RESERVED
+ REJECTED
CVE-2020-5105
- RESERVED
+ REJECTED
CVE-2020-5104
- RESERVED
+ REJECTED
CVE-2020-5103
- RESERVED
+ REJECTED
CVE-2020-5102
- RESERVED
+ REJECTED
CVE-2020-5101
- RESERVED
+ REJECTED
CVE-2020-5100
- RESERVED
+ REJECTED
CVE-2020-5099
- RESERVED
+ REJECTED
CVE-2020-5098
- RESERVED
+ REJECTED
CVE-2020-5097
- RESERVED
+ REJECTED
CVE-2020-5096
- RESERVED
+ REJECTED
CVE-2020-5095
- RESERVED
+ REJECTED
CVE-2020-5094
- RESERVED
+ REJECTED
CVE-2020-5093
- RESERVED
+ REJECTED
CVE-2020-5092
- RESERVED
+ REJECTED
CVE-2020-5091
- RESERVED
+ REJECTED
CVE-2020-5090
- RESERVED
+ REJECTED
CVE-2020-5089
- RESERVED
+ REJECTED
CVE-2020-5088
- RESERVED
+ REJECTED
CVE-2020-5087
- RESERVED
+ REJECTED
CVE-2020-5086
- RESERVED
+ REJECTED
CVE-2020-5085
- RESERVED
+ REJECTED
CVE-2020-5084
- RESERVED
+ REJECTED
CVE-2020-5083
- RESERVED
+ REJECTED
CVE-2020-5082
- RESERVED
+ REJECTED
CVE-2020-5081
- RESERVED
+ REJECTED
CVE-2020-5080
- RESERVED
+ REJECTED
CVE-2020-5079
- RESERVED
+ REJECTED
CVE-2020-5078
- RESERVED
+ REJECTED
CVE-2020-5077
- RESERVED
+ REJECTED
CVE-2020-5076
- RESERVED
+ REJECTED
CVE-2020-5075
- RESERVED
+ REJECTED
CVE-2020-5074
- RESERVED
+ REJECTED
CVE-2020-5073
- RESERVED
+ REJECTED
CVE-2020-5072
- RESERVED
+ REJECTED
CVE-2020-5071
- RESERVED
+ REJECTED
CVE-2020-5070
- RESERVED
+ REJECTED
CVE-2020-5069
- RESERVED
+ REJECTED
CVE-2020-5068
- RESERVED
+ REJECTED
CVE-2020-5067
- RESERVED
+ REJECTED
CVE-2020-5066
- RESERVED
+ REJECTED
CVE-2020-5065
- RESERVED
+ REJECTED
CVE-2020-5064
- RESERVED
+ REJECTED
CVE-2020-5063
- RESERVED
+ REJECTED
CVE-2020-5062
- RESERVED
+ REJECTED
CVE-2020-5061
- RESERVED
+ REJECTED
CVE-2020-5060
- RESERVED
+ REJECTED
CVE-2020-5059
- RESERVED
+ REJECTED
CVE-2020-5058
- RESERVED
+ REJECTED
CVE-2020-5057
- RESERVED
+ REJECTED
CVE-2020-5056
- RESERVED
+ REJECTED
CVE-2020-5055
- RESERVED
+ REJECTED
CVE-2020-5054
- RESERVED
+ REJECTED
CVE-2020-5053
- RESERVED
+ REJECTED
CVE-2020-5052
- RESERVED
+ REJECTED
CVE-2020-5051
- RESERVED
+ REJECTED
CVE-2020-5050
- RESERVED
+ REJECTED
CVE-2020-5049
- RESERVED
+ REJECTED
CVE-2020-5048
- RESERVED
+ REJECTED
CVE-2020-5047
- RESERVED
+ REJECTED
CVE-2020-5046
- RESERVED
+ REJECTED
CVE-2020-5045
- RESERVED
+ REJECTED
CVE-2020-5044
- RESERVED
+ REJECTED
CVE-2020-5043
- RESERVED
+ REJECTED
CVE-2020-5042
- RESERVED
+ REJECTED
CVE-2020-5041
- RESERVED
+ REJECTED
CVE-2020-5040
- RESERVED
+ REJECTED
CVE-2020-5039
- RESERVED
+ REJECTED
CVE-2020-5038
- RESERVED
+ REJECTED
CVE-2020-5037
- RESERVED
+ REJECTED
CVE-2020-5036
- RESERVED
+ REJECTED
CVE-2020-5035
RESERVED
CVE-2020-5034
RESERVED
CVE-2020-5033
RESERVED
-CVE-2020-5032
- RESERVED
-CVE-2020-5031
- RESERVED
-CVE-2020-5030
- RESERVED
+CVE-2020-5032 (IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable t ...)
+ NOT-FOR-US: IBM
+CVE-2020-5031 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2020-5030 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
CVE-2020-5029
RESERVED
CVE-2020-5028
@@ -19943,32 +61791,32 @@ CVE-2020-5027
RESERVED
CVE-2020-5026
RESERVED
-CVE-2020-5025
- RESERVED
-CVE-2020-5024
- RESERVED
-CVE-2020-5023
- RESERVED
-CVE-2020-5022
- RESERVED
-CVE-2020-5021
- RESERVED
-CVE-2020-5020
- RESERVED
-CVE-2020-5019
- RESERVED
-CVE-2020-5018
- RESERVED
-CVE-2020-5017
- RESERVED
-CVE-2020-5016
- RESERVED
-CVE-2020-5015
- RESERVED
-CVE-2020-5014
- RESERVED
-CVE-2020-5013
- RESERVED
+CVE-2020-5025 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2020-5024 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2020-5023 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote u ...)
+ NOT-FOR-US: IBM
+CVE-2020-5022 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthentica ...)
+ NOT-FOR-US: IBM
+CVE-2020-5021 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate se ...)
+ NOT-FOR-US: IBM
+CVE-2020-5020 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote a ...)
+ NOT-FOR-US: IBM
+CVE-2020-5019 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP ...)
+ NOT-FOR-US: IBM
+CVE-2020-5018 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive ...)
+ NOT-FOR-US: IBM
+CVE-2020-5017 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user ...)
+ NOT-FOR-US: IBM
+CVE-2020-5016 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ NOT-FOR-US: IBM
+CVE-2020-5015 (IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Stora ...)
+ NOT-FOR-US: IBM
+CVE-2020-5014 (IBM DataPower Gateway V10 and V2018 could allow a local attacker with ...)
+ NOT-FOR-US: IBM
+CVE-2020-5013 (IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity In ...)
+ NOT-FOR-US: IBM
CVE-2020-5012
RESERVED
CVE-2020-5011
@@ -19977,76 +61825,76 @@ CVE-2020-5010
RESERVED
CVE-2020-5009
RESERVED
-CVE-2020-5008
- RESERVED
+CVE-2020-5008 (IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through ...)
+ NOT-FOR-US: IBM
CVE-2020-5007
RESERVED
CVE-2020-5006
RESERVED
CVE-2020-5005
RESERVED
-CVE-2020-5004
- RESERVED
-CVE-2020-5003
- RESERVED
+CVE-2020-5004 (IBM Jazz Foundation products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2020-5003 (IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML Extern ...)
+ NOT-FOR-US: IBM
CVE-2020-5002
RESERVED
CVE-2020-5001
RESERVED
-CVE-2020-5000
- RESERVED
+CVE-2020-5000 (IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cro ...)
+ NOT-FOR-US: IBM
CVE-2020-4999
RESERVED
CVE-2020-4998
RESERVED
-CVE-2020-4997
- RESERVED
-CVE-2020-4996
- RESERVED
-CVE-2020-4995
- RESERVED
+CVE-2020-4997 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+ NOT-FOR-US: IBM
+CVE-2020-4996 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4995 (IBM Security Identity Governance and Intelligence 5.2.6 does not inval ...)
+ NOT-FOR-US: IBM
CVE-2020-4994
RESERVED
-CVE-2020-4993
- RESERVED
-CVE-2020-4992
- RESERVED
+CVE-2020-4993 (IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature ...)
+ NOT-FOR-US: IBM
+CVE-2020-4992 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to ...)
+ NOT-FOR-US: IBM
CVE-2020-4991
RESERVED
-CVE-2020-4990
- RESERVED
+CVE-2020-4990 (IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote at ...)
+ NOT-FOR-US: IBM
CVE-2020-4989
RESERVED
-CVE-2020-4988
- RESERVED
-CVE-2020-4987
- RESERVED
+CVE-2020-4988 (Loopback 8.0.0 contains a vulnerability that could allow an attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4987 (The IBM FlashSystem 900 user management GUI is vulnerable to stored cr ...)
+ NOT-FOR-US: IBM
CVE-2020-4986
RESERVED
-CVE-2020-4985
- RESERVED
+CVE-2020-4985 (IBM Planning Analytics Local 2.0 could allow an attacker to obtain sen ...)
+ NOT-FOR-US: IBM
CVE-2020-4984
RESERVED
-CVE-2020-4983
- RESERVED
+CVE-2020-4983 (IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a us ...)
+ NOT-FOR-US: IBM
CVE-2020-4982
RESERVED
-CVE-2020-4981
- RESERVED
-CVE-2020-4980
- RESERVED
-CVE-2020-4979
- RESERVED
+CVE-2020-4981 (IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privile ...)
+ NOT-FOR-US: IBM
+CVE-2020-4980 (IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting da ...)
+ NOT-FOR-US: IBM
+CVE-2020-4979 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment ...)
+ NOT-FOR-US: IBM
CVE-2020-4978
RESERVED
-CVE-2020-4977
- RESERVED
-CVE-2020-4976
- RESERVED
-CVE-2020-4975
- RESERVED
-CVE-2020-4974
- RESERVED
+CVE-2020-4977 (IBM Engineering Lifecycle Optimization - Publishing is vulnerable to s ...)
+ NOT-FOR-US: IBM
+CVE-2020-4976 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2020-4975 (IBM Engineering products are vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2020-4974 (IBM Jazz Foundation products are vulnerable to server side request for ...)
+ NOT-FOR-US: IBM
CVE-2020-4973
RESERVED
CVE-2020-4972
@@ -20055,18 +61903,18 @@ CVE-2020-4971
RESERVED
CVE-2020-4970
RESERVED
-CVE-2020-4969
- RESERVED
-CVE-2020-4968
- RESERVED
-CVE-2020-4967
- RESERVED
-CVE-2020-4966
- RESERVED
-CVE-2020-4965
- RESERVED
-CVE-2020-4964
- RESERVED
+CVE-2020-4969 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4968 (IBM Security Identity Governance and Intelligence 5.2.6 uses weaker th ...)
+ NOT-FOR-US: IBM
+CVE-2020-4967 (IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive inf ...)
+ NOT-FOR-US: IBM
+CVE-2020-4966 (IBM Security Identity Governance and Intelligence 5.2.6 does not set t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4965 (IBM Jazz Team Server products use weaker than expected cryptographic a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4964 (IBM Jazz Team Server products contain an undisclosed vulnerability tha ...)
+ NOT-FOR-US: IBM
CVE-2020-4963
RESERVED
CVE-2020-4962
@@ -20077,68 +61925,68 @@ CVE-2020-4960
RESERVED
CVE-2020-4959
RESERVED
-CVE-2020-4958
- RESERVED
+CVE-2020-4958 (IBM Security Identity Governance and Intelligence 5.2.6 does not perfo ...)
+ NOT-FOR-US: IBM
CVE-2020-4957
RESERVED
-CVE-2020-4956
- RESERVED
-CVE-2020-4955
- RESERVED
-CVE-2020-4954
- RESERVED
-CVE-2020-4953
- RESERVED
-CVE-2020-4952
- RESERVED
-CVE-2020-4951
- RESERVED
+CVE-2020-4956 (IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4955 (IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2020-4954 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remot ...)
+ NOT-FOR-US: IBM
+CVE-2020-4953 (IBM Planning Analytics 2.0 could allow a remote authenticated attacker ...)
+ NOT-FOR-US: IBM
+CVE-2020-4952 (IBM Security Guardium 11.2 could allow an authenticated user to gain r ...)
+ NOT-FOR-US: IBM
+CVE-2020-4951 (IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser ...)
+ NOT-FOR-US: IBM
CVE-2020-4950
RESERVED
-CVE-2020-4949
- RESERVED
+CVE-2020-4949 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
CVE-2020-4948
RESERVED
CVE-2020-4947
RESERVED
CVE-2020-4946
RESERVED
-CVE-2020-4945
- RESERVED
-CVE-2020-4944
- RESERVED
+CVE-2020-4945 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4944 (IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0 ...)
+ NOT-FOR-US: IBM
CVE-2020-4943
RESERVED
-CVE-2020-4942
- RESERVED
-CVE-2020-4941
- RESERVED
+CVE-2020-4942 (IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to ...)
+ NOT-FOR-US: IBM
+CVE-2020-4941 (IBM Edge 4.2 could reveal sensitive version information about the serv ...)
+ NOT-FOR-US: IBM
CVE-2020-4940
RESERVED
CVE-2020-4939
RESERVED
-CVE-2020-4938
- RESERVED
-CVE-2020-4937
- RESERVED
+CVE-2020-4938 (IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forge ...)
+ NOT-FOR-US: IBM
+CVE-2020-4937 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 u ...)
+ NOT-FOR-US: IBM
CVE-2020-4936
RESERVED
-CVE-2020-4935
- RESERVED
-CVE-2020-4934
- RESERVED
-CVE-2020-4933
- RESERVED
-CVE-2020-4932
- RESERVED
-CVE-2020-4931
- RESERVED
+CVE-2020-4935 (IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerab ...)
+ NOT-FOR-US: IBM
+CVE-2020-4934 (IBM Content Navigator 3.0.CD could allow a remote attacker to traverse ...)
+ NOT-FOR-US: IBM
+CVE-2020-4933 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...)
+ NOT-FOR-US: IBM
+CVE-2020-4932 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4931 (IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authe ...)
+ NOT-FOR-US: IBM
CVE-2020-4930
RESERVED
-CVE-2020-4929
- RESERVED
-CVE-2020-4928
- RESERVED
+CVE-2020-4929 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
+ NOT-FOR-US: IBM
+CVE-2020-4928 (IBM Cloud Pak System 2.3 could allow a local privileged attacker to up ...)
+ NOT-FOR-US: IBM
CVE-2020-4927
RESERVED
CVE-2020-4926
@@ -20151,124 +61999,124 @@ CVE-2020-4923
RESERVED
CVE-2020-4922
RESERVED
-CVE-2020-4921
- RESERVED
-CVE-2020-4920
- RESERVED
-CVE-2020-4919
- RESERVED
-CVE-2020-4918
- RESERVED
-CVE-2020-4917
- RESERVED
-CVE-2020-4916
- RESERVED
+CVE-2020-4921 (IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A ...)
+ NOT-FOR-US: IBM
+CVE-2020-4920 (IBM Jazz Team Server products are vulnerable to stored cross-site scri ...)
+ NOT-FOR-US: IBM
+CVE-2020-4919 (IBM Cloud Pak System 2.3 has insufficient logout controls which could ...)
+ NOT-FOR-US: IBM
+CVE-2020-4918 (IBM Cloud Pak System 2.3 could allow l local privileged user to disclo ...)
+ NOT-FOR-US: IBM
+CVE-2020-4917 (IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery w ...)
+ NOT-FOR-US: IBM
+CVE-2020-4916 (IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This v ...)
+ NOT-FOR-US: IBM
CVE-2020-4915
RESERVED
CVE-2020-4914
RESERVED
-CVE-2020-4913
- RESERVED
-CVE-2020-4912
- RESERVED
+CVE-2020-4913 (IBM Cloud Pak System 2.3 could reveal credential information in the HT ...)
+ NOT-FOR-US: IBM
+CVE-2020-4912 (IBM Cloud Pak System 2.3 Self Service Console could allow a privilege ...)
+ NOT-FOR-US: IBM
CVE-2020-4911
RESERVED
-CVE-2020-4910
- RESERVED
-CVE-2020-4909
- RESERVED
-CVE-2020-4908
- RESERVED
-CVE-2020-4907
- RESERVED
-CVE-2020-4906
- RESERVED
-CVE-2020-4905
- RESERVED
-CVE-2020-4904
- RESERVED
-CVE-2020-4903
- RESERVED
-CVE-2020-4902
- RESERVED
-CVE-2020-4901
- RESERVED
-CVE-2020-4900
- RESERVED
-CVE-2020-4899
- RESERVED
-CVE-2020-4898
- RESERVED
-CVE-2020-4897
- RESERVED
-CVE-2020-4896
- RESERVED
-CVE-2020-4895
- RESERVED
+CVE-2020-4910 (IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This v ...)
+ NOT-FOR-US: IBM
+CVE-2020-4909 (IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This v ...)
+ NOT-FOR-US: IBM
+CVE-2020-4908 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ NOT-FOR-US: IBM
+CVE-2020-4907 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ NOT-FOR-US: IBM
+CVE-2020-4906 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ NOT-FOR-US: IBM
+CVE-2020-4905 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ NOT-FOR-US: IBM
+CVE-2020-4904 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ NOT-FOR-US: IBM
+CVE-2020-4903 (IBM API Connect V10 and V2018 could allow an attacker who has intercep ...)
+ NOT-FOR-US: IBM
+CVE-2020-4902 (IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulner ...)
+ NOT-FOR-US: IBM
+CVE-2020-4901 (IBM Robotic Process Automation with Automation Anywhere 11.0 could all ...)
+ NOT-FOR-US: IBM
+CVE-2020-4900 (IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive ...)
+ NOT-FOR-US: IBM
+CVE-2020-4899 (IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensit ...)
+ NOT-FOR-US: IBM
+CVE-2020-4898 (IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expec ...)
+ NOT-FOR-US: IBM
+CVE-2020-4897 (IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4896 (IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web ...)
+ NOT-FOR-US: IBM
+CVE-2020-4895 (IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is ...)
+ NOT-FOR-US: IBM
CVE-2020-4894
RESERVED
-CVE-2020-4893
- RESERVED
-CVE-2020-4892
- RESERVED
-CVE-2020-4891
- RESERVED
-CVE-2020-4890
- RESERVED
-CVE-2020-4889
- RESERVED
-CVE-2020-4888
- RESERVED
-CVE-2020-4887
- RESERVED
-CVE-2020-4886
- RESERVED
-CVE-2020-4885
- RESERVED
-CVE-2020-4884
- RESERVED
-CVE-2020-4883
- RESERVED
-CVE-2020-4882
- RESERVED
-CVE-2020-4881
- RESERVED
+CVE-2020-4893 (IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 tr ...)
+ NOT-FOR-US: IBM
+CVE-2020-4892 (IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site sc ...)
+ NOT-FOR-US: IBM
+CVE-2020-4891 (IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 use ...)
+ NOT-FOR-US: IBM
+CVE-2020-4890 (IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 cou ...)
+ NOT-FOR-US: IBM
+CVE-2020-4889 (IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local ...)
+ NOT-FOR-US: IBM
+CVE-2020-4888 (IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 coul ...)
+ NOT-FOR-US: IBM
+CVE-2020-4887 (IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit ...)
+ NOT-FOR-US: IBM
+CVE-2020-4886 (IBM InfoSphere Information Server 11.7 stores sensitive information in ...)
+ NOT-FOR-US: IBM
+CVE-2020-4885 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4884 (IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user c ...)
+ NOT-FOR-US: IBM
+CVE-2020-4883 (IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about ...)
+ NOT-FOR-US: IBM
+CVE-2020-4882 (IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Reques ...)
+ NOT-FOR-US: IBM
+CVE-2020-4881 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ NOT-FOR-US: IBM
CVE-2020-4880
RESERVED
-CVE-2020-4879
- RESERVED
+CVE-2020-4879 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote ...)
+ NOT-FOR-US: IBM
CVE-2020-4878
RESERVED
-CVE-2020-4877
- RESERVED
-CVE-2020-4876
- RESERVED
-CVE-2020-4875
- RESERVED
+CVE-2020-4877 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4876 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an X ...)
+ NOT-FOR-US: IBM
+CVE-2020-4875 (IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an X ...)
+ NOT-FOR-US: IBM
CVE-2020-4874
RESERVED
-CVE-2020-4873
- RESERVED
+CVE-2020-4873 (IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive ...)
+ NOT-FOR-US: IBM
CVE-2020-4872
RESERVED
-CVE-2020-4871
- RESERVED
-CVE-2020-4870
- RESERVED
-CVE-2020-4869
- RESERVED
+CVE-2020-4871 (IBM Planning Analytics 2.0 allows web pages to be stored locally which ...)
+ NOT-FOR-US: IBM
+CVE-2020-4870 (IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack cau ...)
+ NOT-FOR-US: IBM
+CVE-2020-4869 (IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of servi ...)
+ NOT-FOR-US: IBM
CVE-2020-4868
RESERVED
CVE-2020-4867
RESERVED
-CVE-2020-4866
- RESERVED
-CVE-2020-4865
- RESERVED
-CVE-2020-4864
- RESERVED
-CVE-2020-4863
- RESERVED
+CVE-2020-4866 (IBM Engineering products are vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2020-4865 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+ NOT-FOR-US: IBM
+CVE-2020-4864 (IBM Resilient SOAR V38.0 could allow an attacker on the internal net w ...)
+ NOT-FOR-US: IBM
+CVE-2020-4863 (IBM Engineering products are vulnerable to stored cross-site scripting ...)
+ NOT-FOR-US: IBM
CVE-2020-4862
RESERVED
CVE-2020-4861
@@ -20279,46 +62127,46 @@ CVE-2020-4859
RESERVED
CVE-2020-4858
RESERVED
-CVE-2020-4857
- RESERVED
-CVE-2020-4856
- RESERVED
-CVE-2020-4855
- RESERVED
-CVE-2020-4854
- RESERVED
+CVE-2020-4857 (IBM Engineering products are vulnerable to stored cross-site scripting ...)
+ NOT-FOR-US: IBM
+CVE-2020-4856 (IBM Engineering products are vulnerable to stored cross-site scripting ...)
+ NOT-FOR-US: IBM
+CVE-2020-4855 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+ NOT-FOR-US: IBM
+CVE-2020-4854 (IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded cr ...)
+ NOT-FOR-US: IBM
CVE-2020-4853
RESERVED
CVE-2020-4852
RESERVED
-CVE-2020-4851
- RESERVED
-CVE-2020-4850
- RESERVED
-CVE-2020-4849
- RESERVED
-CVE-2020-4848
- RESERVED
+CVE-2020-4851 (IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 cou ...)
+ NOT-FOR-US: IBM
+CVE-2020-4850 (IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering c ...)
+ NOT-FOR-US: IBM
+CVE-2020-4849 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could ...)
+ NOT-FOR-US: IBM
+CVE-2020-4848 (IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow a ...)
+ NOT-FOR-US: IBM
CVE-2020-4847
RESERVED
-CVE-2020-4846
- RESERVED
-CVE-2020-4845
- RESERVED
+CVE-2020-4846 (IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2020-4845 (IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cros ...)
+ NOT-FOR-US: IBM
CVE-2020-4844
RESERVED
-CVE-2020-4843
- RESERVED
-CVE-2020-4842
- RESERVED
-CVE-2020-4841
- RESERVED
-CVE-2020-4840
- RESERVED
-CVE-2020-4839
- RESERVED
-CVE-2020-4838
- RESERVED
+CVE-2020-4843 (IBM Security Secret Server 10.6 stores potentially sensitive informati ...)
+ NOT-FOR-US: IBM
+CVE-2020-4842 (IBM Security Secret Server 10.6 could allow a remote attacker to obtai ...)
+ NOT-FOR-US: IBM
+CVE-2020-4841 (IBM Security Secret Server 10.6 could allow a remote attacker to obtai ...)
+ NOT-FOR-US: IBM
+CVE-2020-4840 (IBM Security Secret Server 10.6 could allow a remote attacker to condu ...)
+ NOT-FOR-US: IBM
+CVE-2020-4839 (IBM Host firmware for LC-class Systems is vulnerable to a stack based ...)
+ NOT-FOR-US: IBM
+CVE-2020-4838 (IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross ...)
+ NOT-FOR-US: IBM
CVE-2020-4837
RESERVED
CVE-2020-4836
@@ -20329,162 +62177,165 @@ CVE-2020-4834
RESERVED
CVE-2020-4833
RESERVED
-CVE-2020-4832
- RESERVED
-CVE-2020-4831
- RESERVED
+CVE-2020-4832 (IBM PowerHA 7.2 could allow a local attacker to obtain sensitive infor ...)
+ NOT-FOR-US: IBM
+CVE-2020-4831 (IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expec ...)
+ NOT-FOR-US: IBM
CVE-2020-4830
RESERVED
-CVE-2020-4829
- RESERVED
-CVE-2020-4828
- RESERVED
-CVE-2020-4827
- RESERVED
-CVE-2020-4826
- RESERVED
-CVE-2020-4825
- RESERVED
+CVE-2020-4829 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...)
+ NOT-FOR-US: IBM
+CVE-2020-4828 (IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4827 (IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4826 (IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4825 (IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018. ...)
+ NOT-FOR-US: IBM
CVE-2020-4824
RESERVED
CVE-2020-4823
RESERVED
CVE-2020-4822
RESERVED
-CVE-2020-4821
- RESERVED
-CVE-2020-4820
- RESERVED
+CVE-2020-4821 (IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Ca ...)
+ NOT-FOR-US: IBM
+CVE-2020-4820 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site ...)
+ NOT-FOR-US: IBM
CVE-2020-4819
RESERVED
CVE-2020-4818
RESERVED
CVE-2020-4817
RESERVED
-CVE-2020-4816
- RESERVED
-CVE-2020-4815
- RESERVED
+CVE-2020-4816 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacke ...)
+ NOT-FOR-US: IBM
+CVE-2020-4815 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to ...)
+ NOT-FOR-US: IBM
CVE-2020-4814
RESERVED
CVE-2020-4813
RESERVED
CVE-2020-4812
RESERVED
-CVE-2020-4811
- RESERVED
+CVE-2020-4811 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
+ NOT-FOR-US: IBM
CVE-2020-4810
RESERVED
-CVE-2020-4809
- RESERVED
+CVE-2020-4809 (IBM Edge 4.2 allows web pages to be stored locally which can be read b ...)
+ NOT-FOR-US: IBM
CVE-2020-4808
RESERVED
CVE-2020-4807
RESERVED
CVE-2020-4806
RESERVED
-CVE-2020-4805
- RESERVED
+CVE-2020-4805 (IBM Edge 4.2 allows web pages to be stored locally which can be read b ...)
+ NOT-FOR-US: IBM
CVE-2020-4804
RESERVED
-CVE-2020-4803
- RESERVED
+CVE-2020-4803 (IBM Edge 4.2 allows web pages to be stored locally which can be read b ...)
+ NOT-FOR-US: IBM
CVE-2020-4802
RESERVED
CVE-2020-4801
RESERVED
CVE-2020-4800
RESERVED
-CVE-2020-4799
- RESERVED
+CVE-2020-4799 (IBM Informix spatial 14.10 could allow a local user to execute command ...)
+ NOT-FOR-US: IBM
CVE-2020-4798
RESERVED
CVE-2020-4797
RESERVED
CVE-2020-4796
RESERVED
-CVE-2020-4795
- RESERVED
-CVE-2020-4794
- RESERVED
+CVE-2020-4795 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...)
+ NOT-FOR-US: IBM
+CVE-2020-4794 (IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Busines ...)
+ NOT-FOR-US: IBM
CVE-2020-4793
RESERVED
-CVE-2020-4792
- RESERVED
-CVE-2020-4791
- RESERVED
-CVE-2020-4790
- RESERVED
-CVE-2020-4789
- RESERVED
-CVE-2020-4788
- RESERVED
-CVE-2020-4787
- RESERVED
-CVE-2020-4786
- RESERVED
-CVE-2020-4785
- RESERVED
+CVE-2020-4792 (IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability ...)
+ NOT-FOR-US: IBM
+CVE-2020-4791 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
+ NOT-FOR-US: IBM
+CVE-2020-4790 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4789 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...)
+ NOT-FOR-US: IBM
+CVE-2020-4788 (IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local ...)
+ {DLA-2483-1}
+ - linux 5.9.11-1
+ [buster] - linux 4.19.160-1
+ [stretch] - linux <ignored> (powerpc architectures not included in LTS)
+CVE-2020-4787 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...)
+ NOT-FOR-US: IBM
+CVE-2020-4786 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...)
+ NOT-FOR-US: IBM
+CVE-2020-4785 (IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1. ...)
+ NOT-FOR-US: IBM
CVE-2020-4784
RESERVED
-CVE-2020-4783
- RESERVED
-CVE-2020-4782
- RESERVED
-CVE-2020-4781
- RESERVED
-CVE-2020-4780
- RESERVED
-CVE-2020-4779
- RESERVED
-CVE-2020-4778
- RESERVED
+CVE-2020-4783 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4782 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4781 (An improper input validation before calling java readLine() method may ...)
+ NOT-FOR-US: IBM
+CVE-2020-4780 (OOTB build scripts does not set the secure attribute on session cookie ...)
+ NOT-FOR-US: IBM
+CVE-2020-4779 (A HTTP Verb Tampering vulnerability may impact IBM Curam Social Progra ...)
+ NOT-FOR-US: IBM
+CVE-2020-4778 (IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorith ...)
+ NOT-FOR-US: IBM
CVE-2020-4777
RESERVED
-CVE-2020-4776
- RESERVED
-CVE-2020-4775
- RESERVED
-CVE-2020-4774
- RESERVED
-CVE-2020-4773
- RESERVED
-CVE-2020-4772
- RESERVED
-CVE-2020-4771
- RESERVED
+CVE-2020-4776 (A path traversal vulnerability may impact IBM Curam Social Program Man ...)
+ NOT-FOR-US: IBM
+CVE-2020-4775 (A cross-site scripting (XSS) vulnerability may impact IBM Curam Social ...)
+ NOT-FOR-US: IBM
+CVE-2020-4774 (An XPath vulnerability may impact IBM Curam Social Program Management ...)
+ NOT-FOR-US: IBM
+CVE-2020-4773 (A cross-site request forgery (CSRF) vulnerability may impact IBM Curam ...)
+ NOT-FOR-US: IBM
+CVE-2020-4772 (An XML External Entity Injection (XXE) vulnerability may impact IBM Cu ...)
+ NOT-FOR-US: IBM
+CVE-2020-4771 (IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7. ...)
+ NOT-FOR-US: IBM
CVE-2020-4770
RESERVED
CVE-2020-4769
RESERVED
-CVE-2020-4768
- RESERVED
-CVE-2020-4767
- RESERVED
-CVE-2020-4766
- RESERVED
-CVE-2020-4765
- RESERVED
-CVE-2020-4764
- RESERVED
-CVE-2020-4763
- RESERVED
-CVE-2020-4762
- RESERVED
-CVE-2020-4761
- RESERVED
-CVE-2020-4760
- RESERVED
-CVE-2020-4759
- RESERVED
+CVE-2020-4768 (IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4767 (IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4766 (IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cau ...)
+ NOT-FOR-US: IBM
+CVE-2020-4765 (IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages ...)
+ NOT-FOR-US: IBM
+CVE-2020-4764 (IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery ...)
+ NOT-FOR-US: IBM
+CVE-2020-4763 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through ...)
+ NOT-FOR-US: IBM
+CVE-2020-4762 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4761 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4760 (IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Thi ...)
+ NOT-FOR-US: IBM
+CVE-2020-4759 (IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable ...)
+ NOT-FOR-US: IBM
CVE-2020-4758
RESERVED
-CVE-2020-4757
- RESERVED
-CVE-2020-4756
- RESERVED
-CVE-2020-4755
- RESERVED
+CVE-2020-4757 (IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulner ...)
+ NOT-FOR-US: IBM
+CVE-2020-4756 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4755 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site s ...)
+ NOT-FOR-US: IBM
CVE-2020-4754
RESERVED
CVE-2020-4753
@@ -20495,12 +62346,12 @@ CVE-2020-4751
RESERVED
CVE-2020-4750
RESERVED
-CVE-2020-4749
- RESERVED
-CVE-2020-4748
- RESERVED
-CVE-2020-4747
- RESERVED
+CVE-2020-4749 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attri ...)
+ NOT-FOR-US: IBM
+CVE-2020-4748 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site s ...)
+ NOT-FOR-US: IBM
+CVE-2020-4747 (IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a ...)
+ NOT-FOR-US: IBM
CVE-2020-4746
RESERVED
CVE-2020-4745
@@ -20511,12 +62362,12 @@ CVE-2020-4743
RESERVED
CVE-2020-4742
RESERVED
-CVE-2020-4741
- RESERVED
-CVE-2020-4740
- RESERVED
-CVE-2020-4739
- RESERVED
+CVE-2020-4741 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to store ...)
+ NOT-FOR-US: IBM
+CVE-2020-4740 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML ...)
+ NOT-FOR-US: IBM
+CVE-2020-4739 (IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, ...)
+ NOT-FOR-US: IBM
CVE-2020-4738
RESERVED
CVE-2020-4737
@@ -20527,40 +62378,40 @@ CVE-2020-4735
RESERVED
CVE-2020-4734
RESERVED
-CVE-2020-4733
- RESERVED
-CVE-2020-4732
- RESERVED
-CVE-2020-4731
- RESERVED
+CVE-2020-4733 (IBM Jazz Foundation products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2020-4732 (IBM Jazz Foundation and IBM Engineering products could allow an authen ...)
+ NOT-FOR-US: IBM
+CVE-2020-4731 (IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scri ...)
+ NOT-FOR-US: IBM
CVE-2020-4730
RESERVED
CVE-2020-4729
RESERVED
CVE-2020-4728
RESERVED
-CVE-2020-4727
- RESERVED
-CVE-2020-4726
- RESERVED
-CVE-2020-4725
- RESERVED
-CVE-2020-4724
- RESERVED
-CVE-2020-4723
- RESERVED
-CVE-2020-4722
- RESERVED
-CVE-2020-4721
- RESERVED
+CVE-2020-4727 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4726 (The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) al ...)
+ NOT-FOR-US: IBM
+CVE-2020-4725 (IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated use ...)
+ NOT-FOR-US: IBM
+CVE-2020-4724 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4723 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4722 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4721 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...)
+ NOT-FOR-US: IBM
CVE-2020-4720
RESERVED
-CVE-2020-4719
- RESERVED
-CVE-2020-4718
- RESERVED
-CVE-2020-4717
- RESERVED
+CVE-2020-4719 (The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any ...)
+ NOT-FOR-US: IBM
+CVE-2020-4718 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerabl ...)
+ NOT-FOR-US: IBM
+CVE-2020-4717 (A vulnerability exists in IBM SPSS Modeler Subscription Installer that ...)
+ NOT-FOR-US: IBM
CVE-2020-4716
RESERVED
CVE-2020-4715
@@ -20571,412 +62422,412 @@ CVE-2020-4713
RESERVED
CVE-2020-4712
RESERVED
-CVE-2020-4711
- RESERVED
+CVE-2020-4711 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote a ...)
+ NOT-FOR-US: IBM
CVE-2020-4710
RESERVED
CVE-2020-4709
RESERVED
-CVE-2020-4708
- RESERVED
-CVE-2020-4707
- RESERVED
-CVE-2020-4706
- RESERVED
-CVE-2020-4705
- RESERVED
-CVE-2020-4704
- RESERVED
-CVE-2020-4703
- RESERVED
-CVE-2020-4702
- RESERVED
-CVE-2020-4701
- RESERVED
-CVE-2020-4700
- RESERVED
-CVE-2020-4699
- RESERVED
-CVE-2020-4698
- RESERVED
-CVE-2020-4697
- RESERVED
-CVE-2020-4696
- RESERVED
-CVE-2020-4695
- RESERVED
+CVE-2020-4708 (IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some infor ...)
+ NOT-FOR-US: IBM
+CVE-2020-4707 (IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site s ...)
+ NOT-FOR-US: IBM
+CVE-2020-4706 (IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header ...)
+ NOT-FOR-US: IBM
+CVE-2020-4705 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4704 (IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2020-4703 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console ...)
+ NOT-FOR-US: IBM
+CVE-2020-4702 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...)
+ NOT-FOR-US: IBM
+CVE-2020-4701 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4700 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4699 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4698 (IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Work ...)
+ NOT-FOR-US: IBM
+CVE-2020-4697 (IBM Jazz Foundation products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2020-4696 (IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4695 (IBM API Connect V10 is impacted by insecure communications during data ...)
+ NOT-FOR-US: IBM
CVE-2020-4694
RESERVED
-CVE-2020-4693
- RESERVED
-CVE-2020-4692
- RESERVED
-CVE-2020-4691
- RESERVED
-CVE-2020-4690
- RESERVED
-CVE-2020-4689
- RESERVED
-CVE-2020-4688
- RESERVED
-CVE-2020-4687
- RESERVED
-CVE-2020-4686
- RESERVED
-CVE-2020-4685
- RESERVED
+CVE-2020-4693 (IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4692 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4691 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2020-4690 (IBM Security Guardium 11.3 contains hard-coded credentials, such as a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4689 (IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote pr ...)
+ NOT-FOR-US: IBM
+CVE-2020-4688 (IBM Security Guardium 10.6 and 11.2 could allow a local attacker to ex ...)
+ NOT-FOR-US: IBM
+CVE-2020-4687 (IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated use ...)
+ NOT-FOR-US: IBM
+CVE-2020-4686 (IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated ...)
+ NOT-FOR-US: IBM
+CVE-2020-4685 (A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4 ...)
+ NOT-FOR-US: IBM
CVE-2020-4684
RESERVED
CVE-2020-4683
RESERVED
-CVE-2020-4682
- RESERVED
-CVE-2020-4681
- RESERVED
-CVE-2020-4680
- RESERVED
-CVE-2020-4679
- RESERVED
-CVE-2020-4678
- RESERVED
+CVE-2020-4682 (IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote at ...)
+ NOT-FOR-US: IBM
+CVE-2020-4681 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2020-4680 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2020-4679 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2020-4678 (IBM Security Guardium 11.2 could allow an attacker with admin access t ...)
+ NOT-FOR-US: IBM
CVE-2020-4677
RESERVED
CVE-2020-4676
RESERVED
-CVE-2020-4675
- RESERVED
-CVE-2020-4674
- RESERVED
-CVE-2020-4673
- RESERVED
-CVE-2020-4672
- RESERVED
-CVE-2020-4671
- RESERVED
-CVE-2020-4670
- RESERVED
-CVE-2020-4669
- RESERVED
+CVE-2020-4675 (IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2020-4674 (IBM Workload Automation 9.5 stores the server path in URLs that could ...)
+ NOT-FOR-US: IBM
+CVE-2020-4673 (IBM Workload Automation 9.5 stores sensitive information in HTML comme ...)
+ NOT-FOR-US: IBM
+CVE-2020-4672 (IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site ...)
+ NOT-FOR-US: IBM
+CVE-2020-4671 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4670 (IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis ...)
+ NOT-FOR-US: IBM
+CVE-2020-4669 (IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB ...)
+ NOT-FOR-US: IBM
CVE-2020-4668
RESERVED
-CVE-2020-4667
- RESERVED
-CVE-2020-4666
- RESERVED
-CVE-2020-4665
- RESERVED
-CVE-2020-4664
- RESERVED
-CVE-2020-4663
- RESERVED
-CVE-2020-4662
- RESERVED
-CVE-2020-4661
- RESERVED
-CVE-2020-4660
- RESERVED
+CVE-2020-4667 (IBM Engineering Requirements Quality Assistant On-Premises could allow ...)
+ NOT-FOR-US: IBM
+CVE-2020-4666 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...)
+ NOT-FOR-US: IBM
+CVE-2020-4665 (IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through ...)
+ NOT-FOR-US: IBM
+CVE-2020-4664 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...)
+ NOT-FOR-US: IBM
+CVE-2020-4663 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...)
+ NOT-FOR-US: IBM
+CVE-2020-4662 (IBM Event Streams 10.0.0 could allow an authenticated user to perform ...)
+ NOT-FOR-US: IBM
+CVE-2020-4661 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4660 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
+ NOT-FOR-US: IBM
CVE-2020-4659
RESERVED
-CVE-2020-4658
- RESERVED
-CVE-2020-4657
- RESERVED
+CVE-2020-4658 (IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2020-4657 (IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition i ...)
+ NOT-FOR-US: IBM
CVE-2020-4656
RESERVED
-CVE-2020-4655
- RESERVED
-CVE-2020-4654
- RESERVED
-CVE-2020-4653
- RESERVED
+CVE-2020-4655 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4654 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...)
+ NOT-FOR-US: IBM
+CVE-2020-4653 (IBM Planning Analytics 2.0 could allow a remote attacker to conduct ph ...)
+ NOT-FOR-US: IBM
CVE-2020-4652
RESERVED
-CVE-2020-4651
- RESERVED
-CVE-2020-4650
- RESERVED
-CVE-2020-4649
- RESERVED
-CVE-2020-4648
- RESERVED
-CVE-2020-4647
- RESERVED
-CVE-2020-4646
- RESERVED
-CVE-2020-4645
- RESERVED
-CVE-2020-4644
- RESERVED
-CVE-2020-4643
- RESERVED
-CVE-2020-4642
- RESERVED
+CVE-2020-4651 (IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4650 (IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4649 (IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Worksp ...)
+ NOT-FOR-US: IBM
+CVE-2020-4648 (A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars ...)
+ NOT-FOR-US: IBM
+CVE-2020-4647 (IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through ...)
+ NOT-FOR-US: IBM
+CVE-2020-4646 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, ...)
+ NOT-FOR-US: IBM
+CVE-2020-4645 (IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cr ...)
+ NOT-FOR-US: IBM
+CVE-2020-4644 (IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remot ...)
+ NOT-FOR-US: IBM
+CVE-2020-4643 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
+CVE-2020-4642 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
CVE-2020-4641
RESERVED
-CVE-2020-4640
- RESERVED
+CVE-2020-4640 (Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 throu ...)
+ NOT-FOR-US: IBM
CVE-2020-4639
RESERVED
-CVE-2020-4638
- RESERVED
+CVE-2020-4638 (IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulner ...)
+ NOT-FOR-US: IBM
CVE-2020-4637
RESERVED
-CVE-2020-4636
- RESERVED
-CVE-2020-4635
- RESERVED
+CVE-2020-4636 (IBM Resilient OnPrem 38.2 could allow a privileged user to inject mali ...)
+ NOT-FOR-US: IBM
+CVE-2020-4635 (IBM Resilient SOAR 40 and earlier could disclose sensitive information ...)
+ NOT-FOR-US: IBM
CVE-2020-4634
RESERVED
-CVE-2020-4633
- RESERVED
-CVE-2020-4632
- RESERVED
-CVE-2020-4631
- RESERVED
+CVE-2020-4633 (IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbi ...)
+ NOT-FOR-US: IBM
+CVE-2020-4632 (IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-sid ...)
+ NOT-FOR-US: IBM
+CVE-2020-4631 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-de ...)
+ NOT-FOR-US: IBM
CVE-2020-4630
RESERVED
-CVE-2020-4629
- RESERVED
-CVE-2020-4628
- RESERVED
-CVE-2020-4627
- RESERVED
-CVE-2020-4626
- RESERVED
-CVE-2020-4625
- RESERVED
-CVE-2020-4624
- RESERVED
-CVE-2020-4623
- RESERVED
-CVE-2020-4622
- RESERVED
-CVE-2020-4621
- RESERVED
-CVE-2020-4620
- RESERVED
-CVE-2020-4619
- RESERVED
-CVE-2020-4618
- RESERVED
-CVE-2020-4617
- RESERVED
-CVE-2020-4616
- RESERVED
-CVE-2020-4615
- RESERVED
-CVE-2020-4614
- RESERVED
-CVE-2020-4613
- RESERVED
-CVE-2020-4612
- RESERVED
-CVE-2020-4611
- RESERVED
-CVE-2020-4610
- RESERVED
-CVE-2020-4609
- RESERVED
+CVE-2020-4629 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4628 (IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a re ...)
+ NOT-FOR-US: IBM
+CVE-2020-4627 (IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS ...)
+ NOT-FOR-US: IBM
+CVE-2020-4626 (IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive infor ...)
+ NOT-FOR-US: IBM
+CVE-2020-4625 (IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker ...)
+ NOT-FOR-US: IBM
+CVE-2020-4624 (IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cr ...)
+ NOT-FOR-US: IBM
+CVE-2020-4623 (IBM i2 iBase 8.9.13 could allow a local authenticated attacker to exec ...)
+ NOT-FOR-US: IBM
+CVE-2020-4622 (IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, su ...)
+ NOT-FOR-US: IBM
+CVE-2020-4621 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4620 (IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated ...)
+ NOT-FOR-US: IBM
+CVE-2020-4619 (IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in ...)
+ NOT-FOR-US: IBM
+CVE-2020-4618 (IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to ca ...)
+ NOT-FOR-US: IBM
+CVE-2020-4617 (IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request ...)
+ NOT-FOR-US: IBM
+CVE-2020-4616 (IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username i ...)
+ NOT-FOR-US: IBM
+CVE-2020-4615 (IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2020-4614 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...)
+ NOT-FOR-US: IBM
+CVE-2020-4613 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...)
+ NOT-FOR-US: IBM
+CVE-2020-4612 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4611 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4610 (IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4609 (IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8 ...)
+ NOT-FOR-US: IBM
CVE-2020-4608
RESERVED
-CVE-2020-4607
- RESERVED
-CVE-2020-4606
- RESERVED
+CVE-2020-4607 (IBM Security Secret Server (IBM Security Verify Privilege Vault Remote ...)
+ NOT-FOR-US: IBM
+CVE-2020-4606 (IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML Ext ...)
+ NOT-FOR-US: IBM
CVE-2020-4605
RESERVED
-CVE-2020-4604
- RESERVED
-CVE-2020-4603
- RESERVED
-CVE-2020-4602
- RESERVED
+CVE-2020-4604 (IBM Security Guardium Insights 2.0.2 stores user credentials in plain ...)
+ NOT-FOR-US: IBM
+CVE-2020-4603 (IBM Security Guardium Insights 2.0.1 performs an operation at a privil ...)
+ NOT-FOR-US: IBM
+CVE-2020-4602 (IBM Security Guardium Insights 2.0.2 stores user credentials in plain ...)
+ NOT-FOR-US: IBM
CVE-2020-4601
RESERVED
-CVE-2020-4600
- RESERVED
-CVE-2020-4599
- RESERVED
-CVE-2020-4598
- RESERVED
-CVE-2020-4597
- RESERVED
-CVE-2020-4596
- RESERVED
-CVE-2020-4595
- RESERVED
-CVE-2020-4594
- RESERVED
-CVE-2020-4593
- RESERVED
-CVE-2020-4592
- RESERVED
-CVE-2020-4591
- RESERVED
-CVE-2020-4590
- RESERVED
-CVE-2020-4589
- RESERVED
-CVE-2020-4588
- RESERVED
-CVE-2020-4587
- RESERVED
+CVE-2020-4600 (IBM Security Guardium Insights 2.0.2 could allow a remote attacker to ...)
+ NOT-FOR-US: IBM
+CVE-2020-4599 (IBM Security Guardium Insights 2.0.2 could allow a remote attacker to ...)
+ NOT-FOR-US: IBM
+CVE-2020-4598 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...)
+ NOT-FOR-US: IBM
+CVE-2020-4597 (IBM Security Guardium Insights 2.0.2 does not set the secure attribute ...)
+ NOT-FOR-US: IBM
+CVE-2020-4596 (IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptog ...)
+ NOT-FOR-US: IBM
+CVE-2020-4595 (IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptog ...)
+ NOT-FOR-US: IBM
+CVE-2020-4594 (IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptog ...)
+ NOT-FOR-US: IBM
+CVE-2020-4593 (IBM Security Guardium Insights 2.0.1 stores user credentials in plain ...)
+ NOT-FOR-US: IBM
+CVE-2020-4592 (IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, und ...)
+ NOT-FOR-US: IBM
+CVE-2020-4591 (IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclos ...)
+ NOT-FOR-US: IBM
+CVE-2020-4590 (IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 run ...)
+ NOT-FOR-US: IBM
+CVE-2020-4589 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4588 (IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary execut ...)
+ NOT-FOR-US: IBM
+CVE-2020-4587 (IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is ...)
+ NOT-FOR-US: IBM
CVE-2020-4586
RESERVED
CVE-2020-4585
RESERVED
-CVE-2020-4584
- RESERVED
+CVE-2020-4584 (IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive ...)
+ NOT-FOR-US: IBM
CVE-2020-4583
RESERVED
CVE-2020-4582
RESERVED
-CVE-2020-4581
- RESERVED
-CVE-2020-4580
- RESERVED
-CVE-2020-4579
- RESERVED
-CVE-2020-4578
- RESERVED
+CVE-2020-4581 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2020-4580 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2020-4579 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2020-4578 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
CVE-2020-4577
RESERVED
-CVE-2020-4576
- RESERVED
-CVE-2020-4575
- RESERVED
-CVE-2020-4574
- RESERVED
-CVE-2020-4573
- RESERVED
-CVE-2020-4572
- RESERVED
+CVE-2020-4576 (IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional co ...)
+ NOT-FOR-US: IBM
+CVE-2020-4575 (IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Vir ...)
+ NOT-FOR-US: IBM
+CVE-2020-4574 (IBM Tivoli Key Lifecycle Manager does not require that users should ha ...)
+ NOT-FOR-US: IBM
+CVE-2020-4573 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitiv ...)
+ NOT-FOR-US: IBM
+CVE-2020-4572 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote at ...)
+ NOT-FOR-US: IBM
CVE-2020-4571
RESERVED
CVE-2020-4570
RESERVED
-CVE-2020-4569
- RESERVED
-CVE-2020-4568
- RESERVED
-CVE-2020-4567
- RESERVED
-CVE-2020-4566
- RESERVED
-CVE-2020-4565
- RESERVED
-CVE-2020-4564
- RESERVED
+CVE-2020-4569 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mecha ...)
+ NOT-FOR-US: IBM
+CVE-2020-4568 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user crede ...)
+ NOT-FOR-US: IBM
+CVE-2020-4567 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate acco ...)
+ NOT-FOR-US: IBM
+CVE-2020-4566 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4565 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacke ...)
+ NOT-FOR-US: IBM
+CVE-2020-4564 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 a ...)
+ NOT-FOR-US: IBM
CVE-2020-4563
RESERVED
-CVE-2020-4562
- RESERVED
-CVE-2020-4561
- RESERVED
-CVE-2020-4560
- RESERVED
-CVE-2020-4559
- RESERVED
+CVE-2020-4562 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ NOT-FOR-US: IBM
+CVE-2020-4561 (IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all co ...)
+ NOT-FOR-US: IBM
+CVE-2020-4560 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...)
+ NOT-FOR-US: IBM
+CVE-2020-4559 (IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a de ...)
+ NOT-FOR-US: IBM
CVE-2020-4558
RESERVED
-CVE-2020-4557
- RESERVED
+CVE-2020-4557 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
+ NOT-FOR-US: IBM
CVE-2020-4556
RESERVED
-CVE-2020-4555
- RESERVED
-CVE-2020-4554
- RESERVED
-CVE-2020-4553
- RESERVED
-CVE-2020-4552
- RESERVED
-CVE-2020-4551
- RESERVED
-CVE-2020-4550
- RESERVED
-CVE-2020-4549
- RESERVED
-CVE-2020-4548
- RESERVED
-CVE-2020-4547
- RESERVED
-CVE-2020-4546
- RESERVED
-CVE-2020-4545
- RESERVED
-CVE-2020-4544
- RESERVED
+CVE-2020-4555 (IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate ...)
+ NOT-FOR-US: IBM
+CVE-2020-4554 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4553 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4552 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute ...)
+ NOT-FOR-US: IBM
+CVE-2020-4551 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4550 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4549 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute ...)
+ NOT-FOR-US: IBM
+CVE-2020-4548 (IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input ...)
+ NOT-FOR-US: IBM
+CVE-2020-4547 (IBM Jazz Foundation products could allow a remote attacker to hijack t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4546 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
+ NOT-FOR-US: IBM
+CVE-2020-4545 (IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbi ...)
+ NOT-FOR-US: IBM
+CVE-2020-4544 (IBM Jazz Foundation Products could allow a remote attacker to obtain s ...)
+ NOT-FOR-US: IBM
CVE-2020-4543
RESERVED
-CVE-2020-4542
- RESERVED
-CVE-2020-4541
- RESERVED
+CVE-2020-4542 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2020-4541 (IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site s ...)
+ NOT-FOR-US: IBM
CVE-2020-4540
RESERVED
-CVE-2020-4539
- RESERVED
+CVE-2020-4539 (IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vu ...)
+ NOT-FOR-US: IBM
CVE-2020-4538
RESERVED
CVE-2020-4537
RESERVED
-CVE-2020-4536
- RESERVED
-CVE-2020-4535
- RESERVED
-CVE-2020-4534
- RESERVED
-CVE-2020-4533
- RESERVED
-CVE-2020-4532
- RESERVED
-CVE-2020-4531
- RESERVED
-CVE-2020-4530
- RESERVED
-CVE-2020-4529
- RESERVED
-CVE-2020-4528
- RESERVED
-CVE-2020-4527
- RESERVED
-CVE-2020-4526
- RESERVED
-CVE-2020-4525
- RESERVED
-CVE-2020-4524
- RESERVED
+CVE-2020-4536 (IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain ...)
+ NOT-FOR-US: IBM
+CVE-2020-4535 (IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4534 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4533 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cr ...)
+ NOT-FOR-US: IBM
+CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process Manager (IBM ...)
+ NOT-FOR-US: IBM
+CVE-2020-4531 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
+ NOT-FOR-US: IBM
+CVE-2020-4530 (IBM Business Automation Workflow C.D.0 and IBM Business Process Manage ...)
+ NOT-FOR-US: IBM
+CVE-2020-4529 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server si ...)
+ NOT-FOR-US: IBM
+CVE-2020-4528 (IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 throug ...)
+ NOT-FOR-US: IBM
+CVE-2020-4527 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ NOT-FOR-US: IBM
+CVE-2020-4526 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
+ NOT-FOR-US: IBM
+CVE-2020-4525 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2020-4524 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+ NOT-FOR-US: IBM
CVE-2020-4523
RESERVED
-CVE-2020-4522
- RESERVED
-CVE-2020-4521
- RESERVED
-CVE-2020-4520
- RESERVED
+CVE-2020-4522 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
+ NOT-FOR-US: IBM
+CVE-2020-4521 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authe ...)
+ NOT-FOR-US: IBM
+CVE-2020-4520 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to in ...)
+ NOT-FOR-US: IBM
CVE-2020-4519
RESERVED
CVE-2020-4518
RESERVED
CVE-2020-4517
RESERVED
-CVE-2020-4516
- RESERVED
+CVE-2020-4516 (IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Work ...)
+ NOT-FOR-US: IBM
CVE-2020-4515
RESERVED
CVE-2020-4514
RESERVED
-CVE-2020-4513
- RESERVED
-CVE-2020-4512
- RESERVED
-CVE-2020-4511
- RESERVED
-CVE-2020-4510
- RESERVED
-CVE-2020-4509
- RESERVED
+CVE-2020-4513 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
+ NOT-FOR-US: IBM
+CVE-2020-4512 (IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to ex ...)
+ NOT-FOR-US: IBM
+CVE-2020-4511 (IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause ...)
+ NOT-FOR-US: IBM
+CVE-2020-4510 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity In ...)
+ NOT-FOR-US: IBM
+CVE-2020-4509 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity In ...)
+ NOT-FOR-US: IBM
CVE-2020-4508
RESERVED
CVE-2020-4507
@@ -20987,96 +62838,96 @@ CVE-2020-4505
RESERVED
CVE-2020-4504
RESERVED
-CVE-2020-4503
- RESERVED
+CVE-2020-4503 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...)
+ NOT-FOR-US: IBM
CVE-2020-4502
RESERVED
CVE-2020-4501
RESERVED
CVE-2020-4500
RESERVED
-CVE-2020-4499
- RESERVED
-CVE-2020-4498
- RESERVED
+CVE-2020-4499 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4498 (IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged use ...)
+ NOT-FOR-US: IBM
CVE-2020-4497
RESERVED
-CVE-2020-4496
- RESERVED
-CVE-2020-4495
- RESERVED
-CVE-2020-4494
- RESERVED
-CVE-2020-4493
- RESERVED
-CVE-2020-4492
- RESERVED
-CVE-2020-4491
- RESERVED
+CVE-2020-4496 (The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connect ...)
+ NOT-FOR-US: IBM
+CVE-2020-4495 (IBM Jazz Foundation and IBM Engineering products could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...)
+ NOT-FOR-US: IBM
+CVE-2020-4493 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to ...)
+ NOT-FOR-US: IBM
+CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4491 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5. ...)
+ NOT-FOR-US: IBM
CVE-2020-4490 (IBM Business Automation Workflow 18 and 19, and IBM Business Process M ...)
NOT-FOR-US: IBM
CVE-2020-4489
RESERVED
CVE-2020-4488
RESERVED
-CVE-2020-4487
- RESERVED
-CVE-2020-4486
- RESERVED
-CVE-2020-4485
- RESERVED
-CVE-2020-4484
- RESERVED
-CVE-2020-4483
- RESERVED
-CVE-2020-4482
- RESERVED
-CVE-2020-4481
- RESERVED
+CVE-2020-4487 (IBM Jazz Foundation Products could allow a remote attacker to obtain s ...)
+ NOT-FOR-US: IBM
+CVE-2020-4486 (IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to ov ...)
+ NOT-FOR-US: IBM
+CVE-2020-4485 (IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to di ...)
+ NOT-FOR-US: IBM
+CVE-2020-4484 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 coul ...)
+ NOT-FOR-US: IBM
+CVE-2020-4483 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 coul ...)
+ NOT-FOR-US: IBM
+CVE-2020-4482 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 coul ...)
+ NOT-FOR-US: IBM
+CVE-2020-4481 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is v ...)
+ NOT-FOR-US: IBM
CVE-2020-4480
RESERVED
CVE-2020-4479
RESERVED
CVE-2020-4478
RESERVED
-CVE-2020-4477
- RESERVED
-CVE-2020-4476
- RESERVED
-CVE-2020-4475
- RESERVED
+CVE-2020-4477 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensi ...)
+ NOT-FOR-US: IBM
+CVE-2020-4476 (IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through ...)
+ NOT-FOR-US: IBM
+CVE-2020-4475 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 a ...)
+ NOT-FOR-US: IBM
CVE-2020-4474
RESERVED
CVE-2020-4473
RESERVED
CVE-2020-4472
RESERVED
-CVE-2020-4471
- RESERVED
-CVE-2020-4470
- RESERVED
-CVE-2020-4469
- RESERVED
+CVE-2020-4471 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthe ...)
+ NOT-FOR-US: IBM
+CVE-2020-4470 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console ...)
+ NOT-FOR-US: IBM
+CVE-2020-4469 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
+ NOT-FOR-US: IBM
CVE-2020-4468 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
NOT-FOR-US: IBM
CVE-2020-4467 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
NOT-FOR-US: IBM
-CVE-2020-4466
- RESERVED
-CVE-2020-4465
- RESERVED
-CVE-2020-4464
- RESERVED
-CVE-2020-4463
- RESERVED
-CVE-2020-4462
- RESERVED
+CVE-2020-4466 (IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authentica ...)
+ NOT-FOR-US: IBM
+CVE-2020-4465 (IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and ...)
+ NOT-FOR-US: IBM
+CVE-2020-4464 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...)
+ NOT-FOR-US: IBM
+CVE-2020-4463 (IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XM ...)
+ NOT-FOR-US: IBM
+CVE-2020-4462 (IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and ...)
+ NOT-FOR-US: IBM
CVE-2020-4461 (IBM Security Access Manager Appliance 9.0.7.1 could allow an authentic ...)
NOT-FOR-US: IBM
CVE-2020-4460
RESERVED
-CVE-2020-4459
- RESERVED
+CVE-2020-4459 (IBM Security Verify Access 10.7 contains hard-coded credentials, such ...)
+ NOT-FOR-US: IBM
CVE-2020-4458
RESERVED
CVE-2020-4457
@@ -21089,22 +62940,22 @@ CVE-2020-4454
RESERVED
CVE-2020-4453
RESERVED
-CVE-2020-4452
- RESERVED
+CVE-2020-4452 (IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expec ...)
+ NOT-FOR-US: IBM
CVE-2020-4451
RESERVED
-CVE-2020-4450
- RESERVED
-CVE-2020-4449
- RESERVED
-CVE-2020-4448
- RESERVED
-CVE-2020-4447
- RESERVED
+CVE-2020-4450 (IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4449 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...)
+ NOT-FOR-US: IBM
+CVE-2020-4448 (IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and ...)
+ NOT-FOR-US: IBM
+CVE-2020-4447 (IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-sit ...)
+ NOT-FOR-US: IBM
CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automa ...)
NOT-FOR-US: IBM
-CVE-2020-4445
- RESERVED
+CVE-2020-4445 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...)
+ NOT-FOR-US: IBM
CVE-2020-4444
RESERVED
CVE-2020-4443
@@ -21121,18 +62972,18 @@ CVE-2020-4438
RESERVED
CVE-2020-4437
RESERVED
-CVE-2020-4436
- RESERVED
-CVE-2020-4435
- RESERVED
-CVE-2020-4434
- RESERVED
-CVE-2020-4433
- RESERVED
-CVE-2020-4432
- RESERVED
-CVE-2020-4431
- RESERVED
+CVE-2020-4436 (Certain IBM Aspera applications are vulnerable to buffer overflow afte ...)
+ NOT-FOR-US: IBM
+CVE-2020-4435 (Certain IBM Aspera applications are vulnerable to arbitrary memory cor ...)
+ NOT-FOR-US: IBM
+CVE-2020-4434 (Certain IBM Aspera applications are vulnerable to buffer overflow base ...)
+ NOT-FOR-US: IBM
+CVE-2020-4433 (Certain IBM Aspera applications are vulnerable to a stack-based buffer ...)
+ NOT-FOR-US: IBM
+CVE-2020-4432 (Certain IBM Aspera applications are vulnerable to command injection af ...)
+ NOT-FOR-US: IBM
+CVE-2020-4431 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...)
+ NOT-FOR-US: IBM
CVE-2020-4430 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a rem ...)
NOT-FOR-US: IBM
CVE-2020-4429 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 con ...)
@@ -21153,8 +63004,8 @@ CVE-2020-4422 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote at
NOT-FOR-US: IBM
CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allo ...)
NOT-FOR-US: IBM
-CVE-2020-4420
- RESERVED
+CVE-2020-4420 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
CVE-2020-4419 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cr ...)
NOT-FOR-US: IBM
CVE-2020-4418
@@ -21165,26 +63016,26 @@ CVE-2020-4416
RESERVED
CVE-2020-4415 (IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based ...)
NOT-FOR-US: IBM
-CVE-2020-4414
- RESERVED
-CVE-2020-4413
- RESERVED
+CVE-2020-4414 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2020-4413 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...)
+ NOT-FOR-US: IBM
CVE-2020-4412 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...)
NOT-FOR-US: IBM
CVE-2020-4411 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...)
NOT-FOR-US: IBM
-CVE-2020-4410
- RESERVED
-CVE-2020-4409
- RESERVED
-CVE-2020-4408
- RESERVED
+CVE-2020-4410 (IBM Jazz Foundation and IBM Engineering products could allow an authen ...)
+ NOT-FOR-US: IBM
+CVE-2020-4409 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attac ...)
+ NOT-FOR-US: IBM
+CVE-2020-4408 (The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRada ...)
+ NOT-FOR-US: IBM
CVE-2020-4407
RESERVED
-CVE-2020-4406
- RESERVED
-CVE-2020-4405
- RESERVED
+CVE-2020-4406 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...)
+ NOT-FOR-US: IBM
+CVE-2020-4405 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially se ...)
+ NOT-FOR-US: IBM
CVE-2020-4404
RESERVED
CVE-2020-4403
@@ -21193,18 +63044,18 @@ CVE-2020-4402
RESERVED
CVE-2020-4401
RESERVED
-CVE-2020-4400
- RESERVED
-CVE-2020-4399
- RESERVED
+CVE-2020-4400 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lo ...)
+ NOT-FOR-US: IBM
+CVE-2020-4399 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated ...)
+ NOT-FOR-US: IBM
CVE-2020-4398
RESERVED
-CVE-2020-4397
- RESERVED
-CVE-2020-4396
- RESERVED
-CVE-2020-4395
- RESERVED
+CVE-2020-4397 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive informati ...)
+ NOT-FOR-US: IBM
+CVE-2020-4396 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2020-4395 (IBM Security Access Manager Appliance 9.0.7 does not invalidate sessio ...)
+ NOT-FOR-US: IBM
CVE-2020-4394
RESERVED
CVE-2020-4393
@@ -21217,64 +63068,64 @@ CVE-2020-4390
RESERVED
CVE-2020-4389
RESERVED
-CVE-2020-4388
- RESERVED
-CVE-2020-4387
- RESERVED
-CVE-2020-4386
- RESERVED
-CVE-2020-4385
- RESERVED
+CVE-2020-4388 (IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of ...)
+ NOT-FOR-US: IBM
+CVE-2020-4387 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2020-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2020-4385 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentia ...)
+ NOT-FOR-US: IBM
CVE-2020-4384 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
NOT-FOR-US: IBM
-CVE-2020-4383
- RESERVED
-CVE-2020-4382
- RESERVED
-CVE-2020-4381
- RESERVED
-CVE-2020-4380
- RESERVED
+CVE-2020-4383 (IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4382 (IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4381 (IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4380 (IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. ...)
+ NOT-FOR-US: IBM
CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...)
NOT-FOR-US: IBM
CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged au ...)
NOT-FOR-US: IBM
-CVE-2020-4377
- RESERVED
-CVE-2020-4376
- RESERVED
-CVE-2020-4375
- RESERVED
+CVE-2020-4377 (IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Ent ...)
+ NOT-FOR-US: IBM
+CVE-2020-4376 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could ...)
+ NOT-FOR-US: IBM
+CVE-2020-4375 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 ...)
+ NOT-FOR-US: IBM
CVE-2020-4374
RESERVED
CVE-2020-4373
RESERVED
-CVE-2020-4372
- RESERVED
-CVE-2020-4371
- RESERVED
+CVE-2020-4372 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in pl ...)
+ NOT-FOR-US: IBM
+CVE-2020-4371 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive informatio ...)
+ NOT-FOR-US: IBM
CVE-2020-4370
RESERVED
-CVE-2020-4369
- RESERVED
+CVE-2020-4369 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive infor ...)
+ NOT-FOR-US: IBM
CVE-2020-4368
RESERVED
-CVE-2020-4367
- RESERVED
-CVE-2020-4366
- RESERVED
+CVE-2020-4367 (IBM Planning Analytics Local 2.0 uses weaker than expected cryptograph ...)
+ NOT-FOR-US: IBM
+CVE-2020-4366 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...)
+ NOT-FOR-US: IBM
CVE-2020-4365 (IBM WebSphere Application Server 8.5 is vulnerable to server-side requ ...)
NOT-FOR-US: IBM
-CVE-2020-4364
- RESERVED
-CVE-2020-4363
- RESERVED
+CVE-2020-4364 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
+ NOT-FOR-US: IBM
+CVE-2020-4363 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
CVE-2020-4362 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...)
NOT-FOR-US: IBM
-CVE-2020-4361
- RESERVED
-CVE-2020-4360
- RESERVED
+CVE-2020-4361 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ NOT-FOR-US: IBM
+CVE-2020-4360 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...)
+ NOT-FOR-US: IBM
CVE-2020-4359
RESERVED
CVE-2020-4358 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site ...)
@@ -21283,10 +63134,10 @@ CVE-2020-4357 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote a
NOT-FOR-US: IBM
CVE-2020-4356
RESERVED
-CVE-2020-4355
- RESERVED
-CVE-2020-4354
- RESERVED
+CVE-2020-4355 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2020-4354 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the device ...)
NOT-FOR-US: IBM
CVE-2020-4352 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...)
@@ -21305,24 +63156,24 @@ CVE-2020-4346 (IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management serv
NOT-FOR-US: IBM
CVE-2020-4345 (IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a s ...)
NOT-FOR-US: IBM
-CVE-2020-4344
- RESERVED
+CVE-2020-4344 (IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web ...)
+ NOT-FOR-US: IBM
CVE-2020-4343 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...)
NOT-FOR-US: IBM
-CVE-2020-4342
- RESERVED
-CVE-2020-4341
- RESERVED
-CVE-2020-4340
- RESERVED
+CVE-2020-4342 (IBM Security Secret Server 10.7 could disclose sensitive information i ...)
+ NOT-FOR-US: IBM
+CVE-2020-4341 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...)
+ NOT-FOR-US: IBM
+CVE-2020-4340 (IBM Security Secret Server prior to 10.9 could allow an attacker to by ...)
+ NOT-FOR-US: IBM
CVE-2020-4339
RESERVED
CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive informat ...)
NOT-FOR-US: IBM
-CVE-2020-4337
- RESERVED
-CVE-2020-4336
- RESERVED
+CVE-2020-4337 (IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker ...)
+ NOT-FOR-US: IBM
+CVE-2020-4336 (IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL ...)
+ NOT-FOR-US: IBM
CVE-2020-4335
RESERVED
CVE-2020-4334
@@ -21337,34 +63188,34 @@ CVE-2020-4330
RESERVED
CVE-2020-4329 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...)
NOT-FOR-US: IBM
-CVE-2020-4328
- RESERVED
-CVE-2020-4327
- RESERVED
+CVE-2020-4328 (IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection ...)
+ NOT-FOR-US: IBM
+CVE-2020-4327 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...)
+ NOT-FOR-US: IBM
CVE-2020-4326
RESERVED
CVE-2020-4325 (The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0 ...)
NOT-FOR-US: IBM
-CVE-2020-4324
- RESERVED
-CVE-2020-4323
- RESERVED
-CVE-2020-4322
- RESERVED
+CVE-2020-4324 (IBM Security Secret Server proir to 10.9 could allow a remote attacker ...)
+ NOT-FOR-US: IBM
+CVE-2020-4323 (IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4322 (IBM Security Secret Server 10.7 could allow a remote attacker to hijac ...)
+ NOT-FOR-US: IBM
CVE-2020-4321
RESERVED
-CVE-2020-4320
- RESERVED
-CVE-2020-4319
- RESERVED
-CVE-2020-4318
- RESERVED
-CVE-2020-4317
- RESERVED
-CVE-2020-4316
- RESERVED
-CVE-2020-4315
- RESERVED
+CVE-2020-4320 (IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9 ...)
+ NOT-FOR-US: IBM
+CVE-2020-4319 (IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and ...)
+ NOT-FOR-US: IBM
+CVE-2020-4318 (IBM Intelligent Operations Center for Emergency Management, Intelligen ...)
+ NOT-FOR-US: IBM
+CVE-2020-4317 (IBM Intelligent Operations Center for Emergency Management, Intelligen ...)
+ NOT-FOR-US: IBM
+CVE-2020-4316 (IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure ...)
+ NOT-FOR-US: IBM
+CVE-2020-4315 (IBM Business Automation Content Analyzer on Cloud 1.0 does not set the ...)
+ NOT-FOR-US: IBM
CVE-2020-4314
RESERVED
CVE-2020-4313
@@ -21373,38 +63224,38 @@ CVE-2020-4312 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3
NOT-FOR-US: IBM
CVE-2020-4311 (IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute ar ...)
NOT-FOR-US: IBM
-CVE-2020-4310
- RESERVED
+CVE-2020-4310 (IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are ...)
+ NOT-FOR-US: IBM
CVE-2020-4309 (IBM Content Navigator 3.0CD could disclose sensitive information to an ...)
NOT-FOR-US: IBM
CVE-2020-4308
RESERVED
-CVE-2020-4307
- RESERVED
+CVE-2020-4307 (IBM Security Guardium 11.1 could allow an attacker on the same network ...)
+ NOT-FOR-US: IBM
CVE-2020-4306 (IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cros ...)
NOT-FOR-US: IBM
-CVE-2020-4305
- RESERVED
+CVE-2020-4305 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a r ...)
+ NOT-FOR-US: IBM
CVE-2020-4304 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...)
NOT-FOR-US: IBM
CVE-2020-4303 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...)
NOT-FOR-US: IBM
-CVE-2020-4302
- RESERVED
+CVE-2020-4302 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ex ...)
+ NOT-FOR-US: IBM
CVE-2020-4301
RESERVED
-CVE-2020-4300
- RESERVED
+CVE-2020-4300 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External En ...)
+ NOT-FOR-US: IBM
CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 c ...)
NOT-FOR-US: IBM
CVE-2020-4298 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
NOT-FOR-US: IBM
-CVE-2020-4297
- RESERVED
+CVE-2020-4297 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is ...)
+ NOT-FOR-US: IBM
CVE-2020-4296
RESERVED
-CVE-2020-4295
- RESERVED
+CVE-2020-4295 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is ...)
+ NOT-FOR-US: IBM
CVE-2020-4294 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request ...)
NOT-FOR-US: IBM
CVE-2020-4293
@@ -21431,10 +63282,10 @@ CVE-2020-4283 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3,
NOT-FOR-US: IBM
CVE-2020-4282 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...)
NOT-FOR-US: IBM
-CVE-2020-4281
- RESERVED
-CVE-2020-4280
- RESERVED
+CVE-2020-4281 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is ...)
+ NOT-FOR-US: IBM
+CVE-2020-4280 (IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute a ...)
+ NOT-FOR-US: IBM
CVE-2020-4279
RESERVED
CVE-2020-4278 (IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Sp ...)
@@ -21485,14 +63336,14 @@ CVE-2020-4256
RESERVED
CVE-2020-4255
RESERVED
-CVE-2020-4254
- RESERVED
+CVE-2020-4254 (IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker t ...)
+ NOT-FOR-US: IBM
CVE-2020-4253 (IBM Content Navigator 3.0CD does not invalidate session after logout w ...)
NOT-FOR-US: IBM
CVE-2020-4252 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...)
NOT-FOR-US: IBM
-CVE-2020-4251
- RESERVED
+CVE-2020-4251 (IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site sc ...)
+ NOT-FOR-US: IBM
CVE-2020-4250
RESERVED
CVE-2020-4249 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...)
@@ -21507,8 +63358,8 @@ CVE-2020-4245 (IBM Security Identity Governance and Intelligence 5.2.6 does not
NOT-FOR-US: IBM
CVE-2020-4244 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...)
NOT-FOR-US: IBM
-CVE-2020-4243
- RESERVED
+CVE-2020-4243 (IBM Security Identity Governance and Intelligence 5.2.6 Virtual Applia ...)
+ NOT-FOR-US: IBM
CVE-2020-4242 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...)
NOT-FOR-US: IBM
CVE-2020-4241 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...)
@@ -21535,8 +63386,8 @@ CVE-2020-4231 (IBM Security Identity Governance and Intelligence 5.2.6 could all
NOT-FOR-US: IBM
CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
NOT-FOR-US: IBM
-CVE-2020-4229
- RESERVED
+CVE-2020-4229 (IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate se ...)
+ NOT-FOR-US: IBM
CVE-2020-4228
RESERVED
CVE-2020-4227
@@ -21547,8 +63398,8 @@ CVE-2020-4225
RESERVED
CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive inform ...)
NOT-FOR-US: IBM
-CVE-2020-4223
- RESERVED
+CVE-2020-4223 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cros ...)
+ NOT-FOR-US: IBM
CVE-2020-4222 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...)
NOT-FOR-US: IBM Spectrum Protect Plus
CVE-2020-4221
@@ -21561,8 +63412,8 @@ CVE-2020-4218
RESERVED
CVE-2020-4217 (The IBM Spectrum Scale 4.2 and 5.0 file system component is affected b ...)
NOT-FOR-US: IBM
-CVE-2020-4216
- RESERVED
+CVE-2020-4216 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded cr ...)
+ NOT-FOR-US: IBM
CVE-2020-4215
RESERVED
CVE-2020-4214 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...)
@@ -21607,64 +63458,64 @@ CVE-2020-4195 (IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a rem
NOT-FOR-US: IBM
CVE-2020-4194
RESERVED
-CVE-2020-4193
- RESERVED
+CVE-2020-4193 (IBM Security Guardium 11.1 uses an inadequate account lockout setting ...)
+ NOT-FOR-US: IBM
CVE-2020-4192
RESERVED
-CVE-2020-4191
- RESERVED
-CVE-2020-4190
- RESERVED
-CVE-2020-4189
- RESERVED
-CVE-2020-4188
- RESERVED
-CVE-2020-4187
- RESERVED
-CVE-2020-4186
- RESERVED
-CVE-2020-4185
- RESERVED
-CVE-2020-4184
- RESERVED
-CVE-2020-4183
- RESERVED
-CVE-2020-4182
- RESERVED
+CVE-2020-4191 (IBM Security Guardium 11.1 uses weaker than expected cryptographic alg ...)
+ NOT-FOR-US: IBM
+CVE-2020-4190 (IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credent ...)
+ NOT-FOR-US: IBM
+CVE-2020-4189 (IBM Security Guardium 11.2 discloses sensitive information in the resp ...)
+ NOT-FOR-US: IBM
+CVE-2020-4188 (IBM Security Guardium 10.6 and 11.1 may use insufficiently random numb ...)
+ NOT-FOR-US: IBM
+CVE-2020-4187 (IBM Security Guardium 11.1 could disclose sensitive information on the ...)
+ NOT-FOR-US: IBM
+CVE-2020-4186 (IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive in ...)
+ NOT-FOR-US: IBM
+CVE-2020-4185 (IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected c ...)
+ NOT-FOR-US: IBM
+CVE-2020-4184 (IBM Security Guardium 11.2 performs an operation at a privilege level ...)
+ NOT-FOR-US: IBM
+CVE-2020-4183 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2020-4182 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
CVE-2020-4181
RESERVED
-CVE-2020-4180
- RESERVED
+CVE-2020-4180 (IBM Security Guardium 11.1 could allow a remote authenticated attacker ...)
+ NOT-FOR-US: IBM
CVE-2020-4179
RESERVED
CVE-2020-4178
RESERVED
-CVE-2020-4177
- RESERVED
+CVE-2020-4177 (IBM Security Guardium 11.1 contains hard-coded credentials, such as a ...)
+ NOT-FOR-US: IBM
CVE-2020-4176
RESERVED
-CVE-2020-4175
- RESERVED
-CVE-2020-4174
- RESERVED
-CVE-2020-4173
- RESERVED
-CVE-2020-4172
- RESERVED
-CVE-2020-4171
- RESERVED
-CVE-2020-4170
- RESERVED
-CVE-2020-4169
- RESERVED
+CVE-2020-4175 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...)
+ NOT-FOR-US: IBM
+CVE-2020-4174 (IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptog ...)
+ NOT-FOR-US: IBM
+CVE-2020-4173 (IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure a ...)
+ NOT-FOR-US: IBM
+CVE-2020-4172 (IBM Security Guardium Insights 2.0.1 stores sensitive information in U ...)
+ NOT-FOR-US: IBM
+CVE-2020-4171 (IBM Security Guardium Insights 2.0.1 allows web pages to be stored loc ...)
+ NOT-FOR-US: IBM
+CVE-2020-4170 (IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site reque ...)
+ NOT-FOR-US: IBM
+CVE-2020-4169 (IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptog ...)
+ NOT-FOR-US: IBM
CVE-2020-4168
RESERVED
-CVE-2020-4167
- RESERVED
-CVE-2020-4166
- RESERVED
-CVE-2020-4165
- RESERVED
+CVE-2020-4167 (IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain ...)
+ NOT-FOR-US: IBM
+CVE-2020-4166 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...)
+ NOT-FOR-US: IBM
+CVE-2020-4165 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...)
+ NOT-FOR-US: IBM
CVE-2020-4164 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...)
NOT-FOR-US: IBM
CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under special ...)
@@ -21673,8 +63524,8 @@ CVE-2020-4162 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to
NOT-FOR-US: IBM
CVE-2020-4161 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
NOT-FOR-US: IBM
-CVE-2020-4160
- RESERVED
+CVE-2020-4160 (IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attac ...)
+ NOT-FOR-US: IBM
CVE-2020-4159
RESERVED
CVE-2020-4158
@@ -21687,10 +63538,10 @@ CVE-2020-4155
RESERVED
CVE-2020-4154
RESERVED
-CVE-2020-4153
- RESERVED
-CVE-2020-4152
- RESERVED
+CVE-2020-4153 (IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-sit ...)
+ NOT-FOR-US: IBM
+CVE-2020-4152 (IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or sec ...)
+ NOT-FOR-US: IBM
CVE-2020-4151 (IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attac ...)
NOT-FOR-US: IBM
CVE-2020-4150
@@ -21701,8 +63552,8 @@ CVE-2020-4148
RESERVED
CVE-2020-4147
RESERVED
-CVE-2020-4146
- RESERVED
+CVE-2020-4146 (IBM Security SiteProtector System 3.1.1 could allow a remote attacker ...)
+ NOT-FOR-US: IBM
CVE-2020-4145
RESERVED
CVE-2020-4144
@@ -21713,8 +63564,8 @@ CVE-2020-4142
RESERVED
CVE-2020-4141
RESERVED
-CVE-2020-4140
- RESERVED
+CVE-2020-4140 (IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site sc ...)
+ NOT-FOR-US: IBM
CVE-2020-4139
RESERVED
CVE-2020-4138
@@ -21735,16 +63586,16 @@ CVE-2020-4131
RESERVED
CVE-2020-4130
RESERVED
-CVE-2020-4129
- RESERVED
-CVE-2020-4128
- RESERVED
-CVE-2020-4127
- RESERVED
-CVE-2020-4126
- RESERVED
-CVE-2020-4125
- RESERVED
+CVE-2020-4129 (HCL Domino is susceptible to a lockout policy bypass vulnerability in ...)
+ NOT-FOR-US: HCL Domino
+CVE-2020-4128 (HCL Domino is susceptible to a lockout policy bypass vulnerability in ...)
+ NOT-FOR-US: HCL Domino
+CVE-2020-4127 (HCL Domino is susceptible to a Login CSRF vulnerability. With a valid ...)
+ NOT-FOR-US: HCL Domino
+CVE-2020-4126 (HCL iNotes is susceptible to a sensitive cookie exposure vulnerability ...)
+ NOT-FOR-US: HCL iNotes
+CVE-2020-4125 (Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious ...)
+ NOT-FOR-US: HCL
CVE-2020-4124
RESERVED
CVE-2020-4123
@@ -21785,26 +63636,26 @@ CVE-2020-4106
RESERVED
CVE-2020-4105
RESERVED
-CVE-2020-4104
- RESERVED
+CVE-2020-4104 (HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) wi ...)
+ NOT-FOR-US: HCL
CVE-2020-4103
RESERVED
-CVE-2020-4102
- RESERVED
-CVE-2020-4101
- RESERVED
-CVE-2020-4100
- RESERVED
+CVE-2020-4102 (HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due ...)
+ NOT-FOR-US: HCL Notes
+CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...)
+ NOT-FOR-US: HCL Digital Experience
+CVE-2020-4100 ("HCL Verse for Android was found to employ dynamic code loading. This ...)
+ NOT-FOR-US: HCL
CVE-2020-4099
RESERVED
CVE-2020-4098
RESERVED
-CVE-2020-4097
- RESERVED
+CVE-2020-4097 (In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fi ...)
+ NOT-FOR-US: HCL Notes
CVE-2020-4096
RESERVED
-CVE-2020-4095
- RESERVED
+CVE-2020-4095 ("BigFix Platform is storing clear text credentials within the system's ...)
+ NOT-FOR-US: HCL
CVE-2020-4094
RESERVED
CVE-2020-4093
@@ -21815,8 +63666,8 @@ CVE-2020-4091
RESERVED
CVE-2020-4090
RESERVED
-CVE-2020-4089
- RESERVED
+CVE-2020-4089 (HCL Notes is vulnerable to an information leakage vulnerability throug ...)
+ NOT-FOR-US: HCL Notes
CVE-2020-4088
RESERVED
CVE-2020-4087
@@ -21831,52 +63682,55 @@ CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage
NOT-FOR-US: HCL Connections
CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...)
NOT-FOR-US: HCL Connections
-CVE-2020-4081
- RESERVED
-CVE-2020-4080
- RESERVED
-CVE-2020-4079
- RESERVED
+CVE-2020-4081 (In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable t ...)
+ NOT-FOR-US: Digital Experience
+CVE-2020-4080 (HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting ...)
+ NOT-FOR-US: HCL
+CVE-2020-4079 (Combodo iTop is a web based IT Service Management tool. In iTop before ...)
+ NOT-FOR-US: Combodo iTop
CVE-2020-4078
RESERVED
-CVE-2020-4077
- RESERVED
-CVE-2020-4076
- RESERVED
-CVE-2020-4075
- RESERVED
-CVE-2020-4074
- RESERVED
+CVE-2020-4077 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...)
+ - electron <itp> (bug #842420)
+CVE-2020-4076 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...)
+ - electron <itp> (bug #842420)
+CVE-2020-4075 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary ...)
+ - electron <itp> (bug #842420)
+CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the aut ...)
+ NOT-FOR-US: PrestaShop
CVE-2020-4073
RESERVED
-CVE-2020-4072
- RESERVED
-CVE-2020-4071
- RESERVED
-CVE-2020-4070
- RESERVED
+CVE-2020-4072 (In generator-jhipster-kotlin version 1.6.0 log entries are created for ...)
+ NOT-FOR-US: generator-jhipster-kotlin
+CVE-2020-4071 (In django-basic-auth-ip-whitelist before 0.3.4, a potential timing att ...)
+ NOT-FOR-US: django-basic-auth-ip-whitelist
+CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is a cros ...)
+ NOT-FOR-US: w3c css-validator
CVE-2020-4069
RESERVED
-CVE-2020-4068
- RESERVED
-CVE-2020-4067
- RESERVED
-CVE-2020-4066
- RESERVED
+CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to r ...)
+ NOT-FOR-US: APNSwift
+CVE-2020-4067 (In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN ...)
+ {DSA-4711-1 DLA-2271-1}
+ - coturn 4.5.1.3-1
+ NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
+ NOTE: https://github.com/coturn/coturn/commit/170da1140797748ae85565b5a93a2e35e7b07b6a
+CVE-2020-4066 (In Limdu before 0.95, the trainBatch function has a command injection ...)
+ NOT-FOR-US: Limdu
CVE-2020-4065
RESERVED
CVE-2020-4064
RESERVED
CVE-2020-4063
RESERVED
-CVE-2020-4062
- RESERVED
-CVE-2020-4061
- RESERVED
-CVE-2020-4060
- RESERVED
-CVE-2020-4059
- RESERVED
+CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified critical ...)
+ NOT-FOR-US: Conjur Helm Chart
+CVE-2020-4061 (In October from version 1.0.319 and before version 1.0.467, pasting co ...)
+ NOT-FOR-US: October CMS
+CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free vulnera ...)
+ NOT-FOR-US: LoRa Basics Station
+CVE-2020-4059 (In mversion before 2.0.0, there is a command injection vulnerability. ...)
+ NOT-FOR-US: mversion
CVE-2020-4058
RESERVED
CVE-2020-4057
@@ -21885,72 +63739,99 @@ CVE-2020-4056
RESERVED
CVE-2020-4055
RESERVED
-CVE-2020-4054
- RESERVED
-CVE-2020-4053
- RESERVED
-CVE-2020-4052
- RESERVED
-CVE-2020-4051
- RESERVED
-CVE-2020-4050
- RESERVED
-CVE-2020-4049
- RESERVED
-CVE-2020-4048
- RESERVED
-CVE-2020-4047
- RESERVED
-CVE-2020-4046
- RESERVED
-CVE-2020-4045
- RESERVED
-CVE-2020-4044
- RESERVED
-CVE-2020-4043
- RESERVED
-CVE-2020-4042
- RESERVED
-CVE-2020-4041
- RESERVED
-CVE-2020-4040
- RESERVED
-CVE-2020-4039
- RESERVED
-CVE-2020-4038
- RESERVED
-CVE-2020-4037
- RESERVED
+CVE-2020-4054 (In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less ...)
+ {DSA-4730-1}
+ - ruby-sanitize 4.6.6-2.1 (bug #963808)
+ [stretch] - ruby-sanitize <not-affected> (Vulnerable code introduced later)
+ [jessie] - ruby-sanitize <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m
+ NOTE: Fixed by: https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9 (v5.2.1)
+ NOTE: Only in 5.0.0 removing of useless filtered elements content is done by default
+ NOTE: with: https://github.com/rgrove/sanitize/commit/faf9a0f432fda3cef29f0f8aad99d4dedf079d67 (v5.0.0)
+CVE-2020-4053 (In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path tra ...)
+ - helm-kubernetes <itp> (bug #910799)
+CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site scripting thro ...)
+ NOT-FOR-US: Wiki.js
+CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 ...)
+ - dojo 1.15.4+dfsg1-1 (bug #970000)
+ [buster] - dojo <no-dsa> (Minor issue)
+ NOTE: https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6
+ NOTE: https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301
+CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...)
+ NOT-FOR-US: SSB-DB
+CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by conn ...)
+ {DSA-4737-1 DLA-2319-1}
+ - xrdp 0.9.12-1.1 (bug #964573)
+ NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4
+ NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/e593f58a82bf79b556601ae08e9e25e366a662fb
+CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserializati ...)
+ NOT-FOR-US: phpMussel
+CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious client to ...)
+ - bareos <removed> (bug #965985)
+ [buster] - bareos <ignored> (Minor issue; workaround exists; intrusive to backport to older versions)
+ [stretch] - bareos <no-dsa> (minor issue, low priority)
+ NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752
+ NOTE: https://bugs.bareos.org/view.php?id=1250
+ NOTE: https://github.com/bareos/bareos/commit/93f2db6451a684fbb224a7d24cdd85e77b2b51fc (master)
+ NOTE: Workaround: Make sure the director will not connect to a client that can
+ NOTE: initiate connections. As a rule: every client with "Connection From Client
+ NOTE: To Director = yes" must also set "Connection From Director To Client = no".
+CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...)
+ NOT-FOR-US: Bolt CMS
+CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the preview ge ...)
+ NOT-FOR-US: Bolt CMS
+CVE-2020-4039 (SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Serv ...)
+ NOT-FOR-US: SUSI.AI
+CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...)
+ NOT-FOR-US: Node graphql-playground-html
+CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users ...)
+ - oauth2-proxy <itp> (bug #982891)
CVE-2020-4036
RESERVED
-CVE-2020-4035
- RESERVED
+CVE-2020-4035 (In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0. ...)
+ NOT-FOR-US: WatermelonDB
CVE-2020-4034
RESERVED
-CVE-2020-4033
- RESERVED
-CVE-2020-4032
- RESERVED
-CVE-2020-4031
- RESERVED
-CVE-2020-4030
- RESERVED
-CVE-2020-4029
- RESERVED
-CVE-2020-4028
- RESERVED
-CVE-2020-4027
- RESERVED
-CVE-2020-4026
- RESERVED
-CVE-2020-4025
- RESERVED
-CVE-2020-4024
- RESERVED
+CVE-2020-4033 (In FreeRDP before version 2.1.2, there is an out of bounds read in RLE ...)
+ - freerdp2 2.1.2+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
+CVE-2020-4032 (In FreeRDP before version 2.1.2, there is an integer casting vulnerabi ...)
+ - freerdp2 2.1.2+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
+CVE-2020-4031 (In FreeRDP before version 2.1.2, there is a use-after-free in gdi_Sele ...)
+ - freerdp2 2.1.2+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
+CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read in Tri ...)
+ - freerdp2 2.1.2+dfsg1-1
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
+CVE-2020-4029 (The /rest/project-templates/1.0/createshared resource in Atlassian Jir ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-4028 (Versions before 8.9.1, Various resources in Jira responded with a 404 ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-4027 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-4026 (The CustomAppsRestResource list resource in Atlassian Navigator Links ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-4025 (The attachment download resource in Atlassian Jira Server and Data Cen ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-4024 (The attachment download resource in Atlassian Jira Server and Data Cen ...)
+ NOT-FOR-US: Atlassian
CVE-2020-4023 (The review coverage resource in Atlassian Fisheye and Crucible before ...)
NOT-FOR-US: Atlassian Fisheye and Crucible
-CVE-2020-4022
- RESERVED
+CVE-2020-4022 (The attachment download resource in Atlassian Jira Server and Data Cen ...)
+ NOT-FOR-US: Atlassian
CVE-2020-4021 (Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of At ...)
NOT-FOR-US: Atlassian
CVE-2020-4020 (The file downloading functionality in the Atlassian Companion App befo ...)
@@ -21977,104 +63858,105 @@ CVE-2020-4010
RESERVED
CVE-2020-4009
RESERVED
-CVE-2020-4008
- RESERVED
+CVE-2020-4008 (The installer of the macOS Sensor for VMware Carbon Black Cloud prior ...)
+ NOT-FOR-US: VMware
CVE-2020-4007
RESERVED
-CVE-2020-4006
- RESERVED
-CVE-2020-4005
- RESERVED
-CVE-2020-4004
- RESERVED
-CVE-2020-4003
- RESERVED
-CVE-2020-4002
- RESERVED
-CVE-2020-4001
- RESERVED
-CVE-2020-4000
- RESERVED
-CVE-2020-3999
- RESERVED
-CVE-2020-3998
- RESERVED
-CVE-2020-3997
- RESERVED
-CVE-2020-3996
- RESERVED
-CVE-2020-3995
- RESERVED
-CVE-2020-3994
- RESERVED
-CVE-2020-3993
- RESERVED
-CVE-2020-3992
- RESERVED
-CVE-2020-3991
- RESERVED
-CVE-2020-3990
- RESERVED
-CVE-2020-3989
- RESERVED
-CVE-2020-3988
- RESERVED
-CVE-2020-3987
- RESERVED
-CVE-2020-3986
- RESERVED
-CVE-2020-3985
- RESERVED
-CVE-2020-3984
- RESERVED
+CVE-2020-4006 (VMware Workspace One Access, Access Connector, Identity Manager, and I ...)
+ NOT-FOR-US: VMware
+CVE-2020-4005 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...)
+ NOT-FOR-US: VMware
+CVE-2020-4004 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...)
+ NOT-FOR-US: VMware
+CVE-2020-4003 (VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4 ...)
+ NOT-FOR-US: VMware
+CVE-2020-4002 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, ...)
+ NOT-FOR-US: VMware
+CVE-2020-4001 (The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords ...)
+ NOT-FOR-US: VMware
+CVE-2020-4000 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, ...)
+ NOT-FOR-US: VMware
+CVE-2020-3999 (VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16. ...)
+ NOT-FOR-US: VMware
+CVE-2020-3998 (VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an inf ...)
+ NOT-FOR-US: VMware
+CVE-2020-3997 (VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross ...)
+ NOT-FOR-US: VMware
+CVE-2020-3996 (Velero (prior to 1.4.3 and 1.5.2) in some instances doesn&#8217;t prop ...)
+ NOT-FOR-US: Velero
+CVE-2020-3995 (In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-20 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3994 (VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a ...)
+ NOT-FOR-US: VMware
+CVE-2020-3993 (VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a sec ...)
+ NOT-FOR-US: VMware
+CVE-2020-3992 (OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6. ...)
+ NOT-FOR-US: VMware
+ NOTE: Might affect src:openslp-dfsg, but removed years ago
+CVE-2020-3991 (VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial ...)
+ NOT-FOR-US: VMware
+CVE-2020-3990 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3989 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3988 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3987 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3986 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3985 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3984 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4 ...)
+ NOT-FOR-US: VMware
CVE-2020-3983
RESERVED
-CVE-2020-3982
- RESERVED
-CVE-2020-3981
- RESERVED
-CVE-2020-3980
- RESERVED
-CVE-2020-3979
- RESERVED
+CVE-2020-3982 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3981 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...)
+ NOT-FOR-US: VMware
+CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) installers lo ...)
+ NOT-FOR-US: InstallBuilder for Qt Windows installers
CVE-2020-3978
RESERVED
-CVE-2020-3977
- RESERVED
-CVE-2020-3976
- RESERVED
-CVE-2020-3975
- RESERVED
-CVE-2020-3974
- RESERVED
-CVE-2020-3973
- RESERVED
-CVE-2020-3972
- RESERVED
-CVE-2020-3971
- RESERVED
-CVE-2020-3970
- RESERVED
-CVE-2020-3969
- RESERVED
-CVE-2020-3968
- RESERVED
-CVE-2020-3967
- RESERVED
-CVE-2020-3966
- RESERVED
-CVE-2020-3965
- RESERVED
-CVE-2020-3964
- RESERVED
-CVE-2020-3963
- RESERVED
-CVE-2020-3962
- RESERVED
-CVE-2020-3961
- RESERVED
-CVE-2020-3960
- RESERVED
+CVE-2020-3977 (VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a bro ...)
+ NOT-FOR-US: VMware
+CVE-2020-3976 (VMware ESXi and vCenter Server contain a partial denial of service vul ...)
+ NOT-FOR-US: VMware
+CVE-2020-3975 (VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior ...)
+ NOT-FOR-US: VMware
+CVE-2020-3974 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...)
+ NOT-FOR-US: VMware
+CVE-2020-3973 (The VeloCloud Orchestrator does not apply correct input validation whi ...)
+ NOT-FOR-US: VMware
+CVE-2020-3972 (VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a den ...)
+ NOT-FOR-US: VMware
+CVE-2020-3971 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3970 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3969 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3968 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3967 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3966 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3965 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3964 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3963 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3962 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3961 (VMware Horizon Client for Windows (prior to 5.4.3) contains a privileg ...)
+ NOT-FOR-US: VMware
+CVE-2020-3960 (VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-20 ...)
+ NOT-FOR-US: VMware
CVE-2020-3959 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
NOT-FOR-US: VMware
CVE-2020-3958 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...)
@@ -22123,22 +64005,22 @@ CVE-2020-3937 (SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 201912
NOT-FOR-US: SysJust Syuan-Gu-Da-Shih
CVE-2020-3936 (UltraLog Express device management interface does not properly filter ...)
NOT-FOR-US: UltraLog Express
-CVE-2020-3935 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
+CVE-2020-3935 (TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance ...)
NOT-FOR-US: Secom Co. Dr.ID
-CVE-2020-3934 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
+CVE-2020-3934 (TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance ...)
NOT-FOR-US: Secom Co. Dr.ID
-CVE-2020-3933 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...)
+CVE-2020-3933 (TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance ...)
NOT-FOR-US: Secom Co. Dr.ID
CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may ...)
NOT-FOR-US: Draytek VigorAP910C
-CVE-2020-3931
- RESERVED
-CVE-2020-3930
- RESERVED
-CVE-2020-3929
- RESERVED
-CVE-2020-3928
- RESERVED
+CVE-2020-3931 (Buffer overflow exists in Geovision Door Access Control device family, ...)
+ NOT-FOR-US: Geovision Door Access Control
+CVE-2020-3930 (GeoVision Door Access Control device family improperly stores and cont ...)
+ NOT-FOR-US: GeoVision Door Access Control
+CVE-2020-3929 (GeoVision Door Access Control device family employs shared cryptograph ...)
+ NOT-FOR-US: GeoVision Door Access Control
+CVE-2020-3928 (GeoVision Door Access Control device family is hardcoded with a root p ...)
+ NOT-FOR-US: GeoVision Door Access Control
CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...)
NOT-FOR-US: ServiSign security plugin
CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...)
@@ -22157,14 +64039,14 @@ CVE-2020-3920 (UltraLog Express device management interface does not properly pe
NOT-FOR-US: UltraLog Express
CVE-2020-3919 (A memory initialization issue was addressed with improved memory handl ...)
NOT-FOR-US: Apple
-CVE-2020-3918
- RESERVED
+CVE-2020-3918 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ NOT-FOR-US: Apple
CVE-2020-3917 (This issue was addressed with a new entitlement. This issue is fixed i ...)
NOT-FOR-US: Apple
CVE-2020-3916 (An access issue was addressed with additional sandbox restrictions. Th ...)
NOT-FOR-US: Apple
-CVE-2020-3915
- RESERVED
+CVE-2020-3915 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
CVE-2020-3914 (A memory initialization issue was addressed with improved memory handl ...)
NOT-FOR-US: Apple
CVE-2020-3913 (A permissions issue existed. This issue was addressed with improved pe ...)
@@ -22174,9 +64056,9 @@ CVE-2020-3912 (An out-of-bounds read was addressed with improved input validatio
CVE-2020-3911 (A buffer overflow was addressed with improved bounds checking. This is ...)
NOT-FOR-US: Apple
CVE-2020-3910 (A buffer overflow was addressed with improved size validation. This is ...)
- - libxml2 <undetermined>
+ NOT-FOR-US: Apple, unknown if it affects libxml2 upstream, but Apple is a black hole
CVE-2020-3909 (A buffer overflow was addressed with improved bounds checking. This is ...)
- - libxml2 <undetermined>
+ NOT-FOR-US: Apple, unknown if it affects libxml2 upstream, but Apple is a black hole
CVE-2020-3908 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2020-3907 (An out-of-bounds read was addressed with improved input validation. Th ...)
@@ -22217,12 +64099,11 @@ CVE-2020-3899 (A memory consumption issue was addressed with improved memory han
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.2-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
-CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c]
- RESERVED
+CVE-2020-3898 (A memory corruption issue was addressed with improved validation. This ...)
+ {DLA-2237-1}
- cups 2.3.1-12
[buster] - cups 2.2.10-6+deb10u3
- [stretch] - cups <no-dsa> (Minor issue)
- [jessie] - cups <no-dsa> (Minor issue)
+ [stretch] - cups 2.2.1-8+deb9u6
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1823964
NOTE: https://src.fedoraproject.org/rpms/cups/blob/c1920d09b842bd2d0611559d00d595abd8aa2424/f/cups-ppdopen-heap-overflow.patch
NOTE: https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444 (cups/ppd.c, ppdc/ppdc-source.cxx)
@@ -22233,8 +64114,8 @@ CVE-2020-3897 (A type confusion issue was addressed with improved memory handlin
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
-CVE-2020-3896
- RESERVED
+CVE-2020-3896 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ NOT-FOR-US: Apple
CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...)
{DSA-4681-1}
- webkit2gtk 2.28.0-2
@@ -22263,8 +64144,8 @@ CVE-2020-3888 (A logic issue was addressed with improved restrictions. This issu
NOT-FOR-US: Apple
CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
-CVE-2020-3886
- RESERVED
+CVE-2020-3886 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is ...)
{DSA-4681-1}
- webkit2gtk 2.28.0-2
@@ -22276,12 +64157,12 @@ CVE-2020-3884 (An injection issue was addressed with improved validation. This i
NOT-FOR-US: Apple
CVE-2020-3883 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2020-3882
- RESERVED
+CVE-2020-3882 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
CVE-2020-3881 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
-CVE-2020-3880
- RESERVED
+CVE-2020-3880 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
CVE-2020-3879
RESERVED
CVE-2020-3878 (An out-of-bounds read was addressed with improved input validation. Th ...)
@@ -22327,16 +64208,15 @@ CVE-2020-3865 (Multiple memory corruption issues were addressed with improved me
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.26.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
-CVE-2020-3864
- RESERVED
+CVE-2020-3864 (A logic issue was addressed with improved validation. This issue is fi ...)
{DSA-4627-1}
- webkit2gtk 2.26.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.26.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
-CVE-2020-3863
- RESERVED
+CVE-2020-3863 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
CVE-2020-3862 (A denial of service issue was addressed with improved memory handling. ...)
{DSA-4627-1}
- webkit2gtk 2.26.4-1
@@ -22356,16 +64236,16 @@ CVE-2020-3857 (A memory corruption issue was addressed with improved memory hand
NOT-FOR-US: Apple
CVE-2020-3856 (A memory corruption issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
-CVE-2020-3855
- RESERVED
+CVE-2020-3855 (An access issue was addressed with improved access restrictions. This ...)
+ NOT-FOR-US: Apple
CVE-2020-3854 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2020-3853 (A type confusion issue was addressed with improved memory handling. Th ...)
NOT-FOR-US: Apple
-CVE-2020-3852
- RESERVED
-CVE-2020-3851
- RESERVED
+CVE-2020-3852 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Safari
+CVE-2020-3851 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
CVE-2020-3850 (A memory corruption issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2020-3849 (A memory corruption issue was addressed with improved input validation ...)
@@ -22419,35 +64299,35 @@ CVE-2020-3826 (An out-of-bounds read was addressed with improved input validatio
CVE-2020-3825 (Multiple memory corruption issues were addressed with improved memory ...)
NOT-FOR-US: Apple
CVE-2020-3824
- RESERVED
+ REJECTED
CVE-2020-3823
- RESERVED
+ REJECTED
CVE-2020-3822
- RESERVED
+ REJECTED
CVE-2020-3821
- RESERVED
+ REJECTED
CVE-2020-3820
- RESERVED
+ REJECTED
CVE-2020-3819
- RESERVED
+ REJECTED
CVE-2020-3818
- RESERVED
+ REJECTED
CVE-2020-3817
- RESERVED
+ REJECTED
CVE-2020-3816
- RESERVED
+ REJECTED
CVE-2020-3815
- RESERVED
+ REJECTED
CVE-2020-3814
- RESERVED
+ REJECTED
CVE-2020-3813
- RESERVED
+ REJECTED
CVE-2020-3812 (qmail-verify as used in netqmail 1.06 is prone to an information discl ...)
- {DSA-4692-1}
+ {DSA-4692-1 DLA-2234-1}
- netqmail 1.06-6.2 (bug #961060)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
CVE-2020-3811 (qmail-verify as used in netqmail 1.06 is prone to a mail-address verif ...)
- {DSA-4692-1}
+ {DSA-4692-1 DLA-2234-1}
- netqmail 1.06-6.2 (bug #961060)
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8
CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT before v ...)
@@ -22456,8 +64336,8 @@ CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT bef
NOTE: https://github.com/Debian/apt/issues/111
NOTE: https://bugs.launchpad.net/bugs/1878177
NOTE: https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6
-CVE-2020-3809
- RESERVED
+CVE-2020-3809 (Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds ...)
+ NOT-FOR-US: Adobe
CVE-2020-3808 (Creative Cloud Desktop Application versions 5.0 and earlier have a tim ...)
NOT-FOR-US: Adobe
CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
@@ -22478,12 +64358,12 @@ CVE-2020-3800 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 201
NOT-FOR-US: Adobe
CVE-2020-3799 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
NOT-FOR-US: Adobe
-CVE-2020-3798
- RESERVED
+CVE-2020-3798 (Adobe Digital Editions versions 4.5.11.187212 and below have a file en ...)
+ NOT-FOR-US: Adobe
CVE-2020-3797 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
NOT-FOR-US: Adobe
-CVE-2020-3796
- RESERVED
+CVE-2020-3796 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an impro ...)
+ NOT-FOR-US: ColdFusion
CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
NOT-FOR-US: Adobe
CVE-2020-3794 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file i ...)
@@ -22538,10 +64418,10 @@ CVE-2020-3770 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photosho
NOT-FOR-US: Adobe
CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...)
NOT-FOR-US: Adobe
-CVE-2020-3768
- RESERVED
-CVE-2020-3767
- RESERVED
+CVE-2020-3768 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll se ...)
+ NOT-FOR-US: ColdFusion
+CVE-2020-3767 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insuf ...)
+ NOT-FOR-US: ColdFusion
CVE-2020-3766 (Adobe Genuine Integrity Service versions Version 6.4 and earlier have ...)
NOT-FOR-US: Adobe
CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds ...)
@@ -22657,118 +64537,121 @@ CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory corr
CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
NOT-FOR-US: Adobe
CVE-2020-3709
- RESERVED
+ REJECTED
CVE-2020-3708
- RESERVED
+ REJECTED
CVE-2020-3707
- RESERVED
+ REJECTED
CVE-2020-3706
- RESERVED
+ REJECTED
CVE-2020-3705
- RESERVED
-CVE-2020-3704
- RESERVED
-CVE-2020-3703
- RESERVED
-CVE-2020-3702
- RESERVED
-CVE-2020-3701
- RESERVED
-CVE-2020-3700
- RESERVED
-CVE-2020-3699
- RESERVED
-CVE-2020-3698
- RESERVED
+ REJECTED
+CVE-2020-3704 (u'While processing invalid connection request PDU which is nonstandard ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3703 (u'Buffer over-read issue in Bluetooth peripheral firmware due to lack ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=Bcx1GwWfiW1_Somu_GVncTAcQ@mail.gmail.com/
+ NOTE: https://lore.kernel.org/stable/20210818084859.vcs4vs3yd6zetmyt@pali/t/#mf8b430d4f19f1b939a29b6c5098fdc514fd1a928
+CVE-2020-3701 (Use after free issue while processing error notification from camx dri ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3700 (Possible out of bounds read due to a missing bounds check and could le ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3699 (Possible out of bound access while processing assoc response from host ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3698 (Out of bound write while QoS DSCP mapping due to improper input valida ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3697
- RESERVED
-CVE-2020-3696
- RESERVED
+ REJECTED
+CVE-2020-3696 (u'Use after free while installing new security rule in ipcrtr as old o ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3695
- RESERVED
-CVE-2020-3694
- RESERVED
-CVE-2020-3693
- RESERVED
-CVE-2020-3692
- RESERVED
-CVE-2020-3691
- RESERVED
-CVE-2020-3690
- RESERVED
+ REJECTED
+CVE-2020-3694 (u'Use out of range pointer issue can occur due to incorrect buffer ran ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3693 (u'Use out of range pointer issue can occur due to incorrect buffer ran ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3692 (u'Possible buffer overflow while updating output buffer for IMEI and G ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3691 (Possible out of bound memory access in audio due to integer underflow ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3690 (u'Due to an incorrect SMMU configuration, the modem crypto engine can ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3689
RESERVED
-CVE-2020-3688
- RESERVED
-CVE-2020-3687
- RESERVED
-CVE-2020-3686
- RESERVED
-CVE-2020-3685
- RESERVED
-CVE-2020-3684
- RESERVED
+CVE-2020-3688 (Possible buffer overflow while parsing mp4 clip with corrupted sample ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3687 (Local privilege escalation in admin services in Windows environment ca ...)
+ NOT-FOR-US: Qualcomm
+CVE-2020-3686 (Possible memory out of bound issue during music playback when an incor ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3685 (Pointer variable which is freed is not cleared can result in memory co ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3684 (u'QSEE reads the access permission policy for the SMEM TOC partition f ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3683
RESERVED
CVE-2020-3682
- RESERVED
-CVE-2020-3681
- RESERVED
-CVE-2020-3680
- RESERVED
+ REJECTED
+CVE-2020-3681 (Authenticated and encrypted payload MMEs can be forged and remotely se ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3680 (A race condition can occur when using the fastrpc memory mapping API. ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3679 (u'During execution after Address Space Layout Randomization is turned ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3678 (u'A buffer overflow could occur if the API is improperly used due to U ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3679
- RESERVED
-CVE-2020-3678
- RESERVED
CVE-2020-3677
RESERVED
-CVE-2020-3676
- RESERVED
-CVE-2020-3675
- RESERVED
-CVE-2020-3674
- RESERVED
-CVE-2020-3673
- RESERVED
+CVE-2020-3676 (Possible memory corruption in perfservice due to improper validation a ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3675 (u'Potential integer underflow while parsing Service Info and IPv6 link ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3674 (Information can leak into userspace due to improper transfer of data f ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3673 (u'Buffer overflow can happen as part of SIP message packet processing ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3672
RESERVED
-CVE-2020-3671
- RESERVED
-CVE-2020-3670
- RESERVED
-CVE-2020-3669
- RESERVED
-CVE-2020-3668
- RESERVED
-CVE-2020-3667
- RESERVED
-CVE-2020-3666
- RESERVED
-CVE-2020-3665
- RESERVED
-CVE-2020-3664
- RESERVED
-CVE-2020-3663
- RESERVED
-CVE-2020-3662
- RESERVED
-CVE-2020-3661
- RESERVED
-CVE-2020-3660
- RESERVED
+CVE-2020-3671 (Use-after-free issue could occur due to dangling pointer when generati ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3670 (u'Potential out of bounds read while processing downlink NAS transport ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3669 (u'Buffer Overflow issue in WLAN tcp ip verification due to usage of ou ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3668 (u'Buffer overflow while parsing PMF enabled MCBC frames due to frame l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3667 (u'Buffer Overflow in mic calculation for WPA due to copying data into ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3666 (u'Out of bounds memory access during memory copy while processing Host ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3665 (A possible buffer overflow would occur while processing command from f ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3664 (Out of bound read access in hypervisor due to an invalid read access a ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3663 (Buffer over-write may occur during fetching track decoder specific inf ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3662 (Buffer overflow can occur while parsing eac3 header while playing the ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3661 (Buffer overflow will happen while parsing mp4 clip with corrupted samp ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3660 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...)
+ NOT-FOR-US: Snapdragon
CVE-2020-3659
RESERVED
-CVE-2020-3658
- RESERVED
-CVE-2020-3657
- RESERVED
-CVE-2020-3656
- RESERVED
+CVE-2020-3658 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3657 (u'Remote code execution can happen by sending a carefully crafted POST ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3656 (Out of bound access can happen in MHI command process due to lack of c ...)
+ NOT-FOR-US: Snapdragon
CVE-2020-3655
RESERVED
-CVE-2020-3654
- RESERVED
+CVE-2020-3654 (u'Buffer overflow occurs while processing SIP message packet due to la ...)
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3653 (Possible buffer over-read in windows wlan driver function due to lack ...)
NOT-FOR-US: Snapdragon
CVE-2020-3652 (Possible buffer over-read issue in windows x86 wlan driver function wh ...)
@@ -22779,93 +64662,83 @@ CVE-2020-3650
RESERVED
CVE-2020-3649
RESERVED
-CVE-2020-3648
- RESERVED
-CVE-2020-3647
- RESERVED
-CVE-2020-3646
- RESERVED
-CVE-2020-3645
- RESERVED
+CVE-2020-3648 (u'Possible out of bound write in DSP driver code due to lack of check ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3647 (u'Potential buffer overflow when accessing npu debugfs node "off"/"log ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3644
- RESERVED
-CVE-2020-3643
- RESERVED
-CVE-2020-3642
- RESERVED
-CVE-2020-3641
- RESERVED
+CVE-2020-3646 (u'Buffer overflow seen as the destination buffer size is lesser than t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3645 (Firmware will hit assert in WLAN firmware If encrypted data length in ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3644 (u'Information disclosure issue occurs as in current logic Secure Touch ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3643 (u'Information disclosure issue can occur due to partial secure display ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3642 (Use after free issue in camera applications when used randomly over mu ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3641 (Integer overflow may occur if atom size is less than atom offset as th ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3640 (u'Resizing the usage table header before passing all the checks leads ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3639 (u'When a non standard SIP sigcomp message is received from the network ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3638 (u'An Unaligned address or size can propagate to the database due to im ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3640
- RESERVED
-CVE-2020-3639
- RESERVED
-CVE-2020-3638
- RESERVED
CVE-2020-3637
RESERVED
-CVE-2020-3636
- RESERVED
-CVE-2020-3635
- RESERVED
-CVE-2020-3634
- RESERVED
-CVE-2020-3633
- RESERVED
+CVE-2020-3636 (u'Out of bound writes happen when accessing usage_table header entry b ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3635 (Stack based overflow If the maximum number of arguments allowed per re ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3634 (u'Multiple Read overflows issue due to improper length check while dec ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check is the ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3632 (u'Incorrect validation of ring context fetched from host memory can le ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3632
- RESERVED
CVE-2020-3631
- RESERVED
-CVE-2020-3630
- RESERVED
+ REJECTED
+CVE-2020-3630 (Possibility of out of bound access while processing the responses from ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3629
- RESERVED
-CVE-2020-3628
- RESERVED
+CVE-2020-3629 (u'Stack out of bound issue occurs when making query to DSP capabilitie ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3628 (Improper access due to socket opened by the logging application withou ...)
+ NOT-FOR-US: Snapdragon
CVE-2020-3627
- RESERVED
-CVE-2020-3626
- RESERVED
-CVE-2020-3625
- RESERVED
+ REJECTED
+CVE-2020-3626 (Any application can bind to it and exercise the APIs due to no protect ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3625 (When making query to DSP capabilities, Stack out of bounds occurs due ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3624
- RESERVED
-CVE-2020-3623
- RESERVED
+CVE-2020-3624 (u'A potential buffer overflow exists due to integer overflow when pars ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3622
- RESERVED
-CVE-2020-3621
- RESERVED
-CVE-2020-3620
- RESERVED
-CVE-2020-3619
- RESERVED
-CVE-2020-3618
- RESERVED
+CVE-2020-3623 (kernel failure due to load failures while running v1 path directly via ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3617
- RESERVED
-CVE-2020-3616
- RESERVED
+CVE-2020-3622 (u'Channel name string which has been read from shared memory is potent ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3621 (u'Lack of check to ensure that the TX read index &amp; RX write index ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3620 (u'Lack of check of integer overflow while doing a round up operation f ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3619 (u'Non-secure memory is touched multiple times during TrustZone\u2019s ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3615
- RESERVED
+CVE-2020-3618 (NULL exception due to accessing bad pointer while posting events on RT ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3614
- RESERVED
-CVE-2020-3613
- RESERVED
+CVE-2020-3617 (u'Buffer over-read Issue in Q6 testbus framework due to diag packet le ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3616 (Buffer overflow in display function due to memory copy without checkin ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3615 (Valid deauth/disassoc frames is dropped in case if RMF is enabled and ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3614 (Possible buffer overflow while copying the frame to local buffer due t ...)
+ NOT-FOR-US: Snapdragon
+CVE-2020-3613 (Double free issue in kernel memory mapping due to lack of memory prote ...)
+ NOT-FOR-US: Snapdragon
CVE-2020-3612
RESERVED
-CVE-2020-3611
- RESERVED
-CVE-2020-3610
- RESERVED
+CVE-2020-3611 (u'XBL SEC clears only ZI region when loading Qualcomm-signed segments ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2020-3610 (Possibility of double free of the drawobj that is added to the drawque ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3609
RESERVED
@@ -22877,590 +64750,597 @@ CVE-2020-3606
RESERVED
CVE-2020-3605
RESERVED
-CVE-2020-3604
- RESERVED
-CVE-2020-3603
- RESERVED
-CVE-2020-3602
- RESERVED
-CVE-2020-3601
- RESERVED
-CVE-2020-3600
- RESERVED
-CVE-2020-3599
- RESERVED
-CVE-2020-3598
- RESERVED
-CVE-2020-3597
- RESERVED
-CVE-2020-3596
- RESERVED
-CVE-2020-3595
- RESERVED
-CVE-2020-3594
- RESERVED
-CVE-2020-3593
- RESERVED
-CVE-2020-3592
- RESERVED
-CVE-2020-3591
- RESERVED
-CVE-2020-3590
- RESERVED
-CVE-2020-3589
- RESERVED
-CVE-2020-3588
- RESERVED
-CVE-2020-3587
- RESERVED
-CVE-2020-3586
- RESERVED
-CVE-2020-3585
- RESERVED
+CVE-2020-3604 (Multiple vulnerabilities in Cisco Webex Network Recording Player for W ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3603 (Multiple vulnerabilities in Cisco Webex Network Recording Player for W ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3602 (A vulnerability in the CLI of Cisco StarOS operating system for Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3601 (A vulnerability in the CLI of Cisco StarOS operating system for Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3600 (A vulnerability in Cisco SD-WAN Software could allow an authenticated, ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3599 (A vulnerability in the web-based management interface of Cisco Adaptiv ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3598 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3597 (A vulnerability in the configuration restore feature of Cisco Nexus Da ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3596 (A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expr ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3595 (A vulnerability in Cisco SD-WAN Software could allow an authenticated, ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3594 (A vulnerability in Cisco SD-WAN Software could allow an authenticated, ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3593 (A vulnerability in Cisco SD-WAN Software could allow an authenticated, ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3592 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3591 (A vulnerability in the web-based management interface of the Cisco SD- ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3590 (A vulnerability in the web-based management interface of the Cisco SD- ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3589 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3588 (A vulnerability in virtualization channel messaging in Cisco Webex Mee ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3587 (A vulnerability in the web-based management interface of the Cisco SD- ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3586 (A vulnerability in the web-based management interface of Cisco DNA Spa ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3585 (A vulnerability in the TLS handler of Cisco Adaptive Security Applianc ...)
+ NOT-FOR-US: Cisco
CVE-2020-3584
RESERVED
-CVE-2020-3583
- RESERVED
-CVE-2020-3582
- RESERVED
-CVE-2020-3581
- RESERVED
-CVE-2020-3580
- RESERVED
-CVE-2020-3579
- RESERVED
-CVE-2020-3578
- RESERVED
-CVE-2020-3577
- RESERVED
+CVE-2020-3583 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3582 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3581 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3580 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3579 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3578 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3577 (A vulnerability in the ingress packet processing path of Cisco Firepow ...)
+ NOT-FOR-US: Cisco
CVE-2020-3576
RESERVED
CVE-2020-3575
RESERVED
-CVE-2020-3574
- RESERVED
-CVE-2020-3573
- RESERVED
-CVE-2020-3572
- RESERVED
-CVE-2020-3571
- RESERVED
+CVE-2020-3574 (A vulnerability in the TCP packet processing functionality of Cisco IP ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3573 (Multiple vulnerabilities in Cisco Webex Network Recording Player for W ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3572 (A vulnerability in the SSL/TLS session handler of Cisco Adaptive Secur ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3571 (A vulnerability in the ICMP ingress packet processing of Cisco Firepow ...)
+ NOT-FOR-US: Cisco
CVE-2020-3570
RESERVED
-CVE-2020-3569
- RESERVED
-CVE-2020-3568
- RESERVED
-CVE-2020-3567
- RESERVED
-CVE-2020-3566
- RESERVED
-CVE-2020-3565
- RESERVED
-CVE-2020-3564
- RESERVED
-CVE-2020-3563
- RESERVED
-CVE-2020-3562
- RESERVED
-CVE-2020-3561
- RESERVED
-CVE-2020-3560
- RESERVED
-CVE-2020-3559
- RESERVED
-CVE-2020-3558
- RESERVED
-CVE-2020-3557
- RESERVED
-CVE-2020-3556
- RESERVED
-CVE-2020-3555
- RESERVED
-CVE-2020-3554
- RESERVED
-CVE-2020-3553
- RESERVED
-CVE-2020-3552
- RESERVED
-CVE-2020-3551
- RESERVED
-CVE-2020-3550
- RESERVED
-CVE-2020-3549
- RESERVED
+CVE-2020-3569 (Multiple vulnerabilities in the Distance Vector Multicast Routing Prot ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3568 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3567 (A vulnerability in the management REST API of Cisco Industrial Network ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3566 (A vulnerability in the Distance Vector Multicast Routing Protocol (DVM ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3565 (A vulnerability in the TCP Intercept functionality of Cisco Firepower ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3564 (A vulnerability in the FTP inspection engine of Cisco Adaptive Securit ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3563 (A vulnerability in the packet processing functionality of Cisco Firepo ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3562 (A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat De ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3561 (A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive S ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3560 (A vulnerability in Cisco Aironet Access Points (APs) could allow an un ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3559 (A vulnerability in Cisco Aironet Access Point (AP) Software could allo ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3558 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3557 (A vulnerability in the host input API daemon of Cisco Firepower Manage ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3556 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3555 (A vulnerability in the SIP inspection process of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3554 (A vulnerability in the TCP packet processing of Cisco Adaptive Securit ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3553 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3552 (A vulnerability in the Ethernet packet handling of Cisco Aironet Acces ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3551 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3550 (A vulnerability in the sfmgr daemon of Cisco Firepower Management Cent ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3549 (A vulnerability in the sftunnel functionality of Cisco Firepower Manag ...)
+ NOT-FOR-US: Cisco
CVE-2020-3548
RESERVED
-CVE-2020-3547
- RESERVED
-CVE-2020-3546
- RESERVED
-CVE-2020-3545
- RESERVED
-CVE-2020-3544
- RESERVED
-CVE-2020-3543
- RESERVED
-CVE-2020-3542
- RESERVED
-CVE-2020-3541
- RESERVED
+CVE-2020-3547 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3546 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3545 (A vulnerability in Cisco FXOS Software could allow an authenticated, l ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3544 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3543 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3542 (A vulnerability in Cisco Webex Training could allow an authenticated, ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3541 (A vulnerability in the media engine component of Cisco Webex Meetings ...)
+ NOT-FOR-US: Cisco
CVE-2020-3540
RESERVED
CVE-2020-3539
RESERVED
CVE-2020-3538
RESERVED
-CVE-2020-3537
- RESERVED
-CVE-2020-3536
- RESERVED
-CVE-2020-3535
- RESERVED
+CVE-2020-3537 (A vulnerability in Cisco Jabber for Windows software could allow an au ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3536 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3535 (A vulnerability in the loading mechanism of specific DLLs in the Cisco ...)
+ NOT-FOR-US: Cisco
CVE-2020-3534
RESERVED
-CVE-2020-3533
- RESERVED
+CVE-2020-3533 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
+ NOT-FOR-US: Cisco
CVE-2020-3532
RESERVED
-CVE-2020-3531
- RESERVED
-CVE-2020-3530
- RESERVED
-CVE-2020-3529
- RESERVED
-CVE-2020-3528
- RESERVED
-CVE-2020-3527
- RESERVED
-CVE-2020-3526
- RESERVED
+CVE-2020-3531 (A vulnerability in the REST API of Cisco IoT Field Network Director (F ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3530 (A vulnerability in task group assignment for a specific CLI command in ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3529 (A vulnerability in the SSL VPN negotiation process for Cisco Adaptive ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3528 (A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3527 (A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Sw ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3526 (A vulnerability in the Common Open Policy Service (COPS) engine of Cis ...)
+ NOT-FOR-US: Cisco
CVE-2020-3525
RESERVED
-CVE-2020-3524
- RESERVED
-CVE-2020-3523
- RESERVED
-CVE-2020-3522
- RESERVED
-CVE-2020-3521
- RESERVED
-CVE-2020-3520
- RESERVED
-CVE-2020-3519
- RESERVED
-CVE-2020-3518
- RESERVED
-CVE-2020-3517
- RESERVED
-CVE-2020-3516
- RESERVED
-CVE-2020-3515
- RESERVED
-CVE-2020-3514
- RESERVED
-CVE-2020-3513
- RESERVED
-CVE-2020-3512
- RESERVED
-CVE-2020-3511
- RESERVED
-CVE-2020-3510
- RESERVED
-CVE-2020-3509
- RESERVED
-CVE-2020-3508
- RESERVED
-CVE-2020-3507
- RESERVED
-CVE-2020-3506
- RESERVED
-CVE-2020-3505
- RESERVED
-CVE-2020-3504
- RESERVED
-CVE-2020-3503
- RESERVED
-CVE-2020-3502
- RESERVED
-CVE-2020-3501
- RESERVED
-CVE-2020-3500
- RESERVED
-CVE-2020-3499
- RESERVED
-CVE-2020-3498
- RESERVED
-CVE-2020-3497
- RESERVED
-CVE-2020-3496
- RESERVED
-CVE-2020-3495
- RESERVED
-CVE-2020-3494
- RESERVED
-CVE-2020-3493
- RESERVED
-CVE-2020-3492
- RESERVED
-CVE-2020-3491
- RESERVED
-CVE-2020-3490
- RESERVED
-CVE-2020-3489
- RESERVED
-CVE-2020-3488
- RESERVED
-CVE-2020-3487
- RESERVED
-CVE-2020-3486
- RESERVED
-CVE-2020-3485
- RESERVED
-CVE-2020-3484
- RESERVED
-CVE-2020-3483
- RESERVED
-CVE-2020-3482
- RESERVED
-CVE-2020-3481
- RESERVED
-CVE-2020-3480
- RESERVED
-CVE-2020-3479
- RESERVED
-CVE-2020-3478
- RESERVED
-CVE-2020-3477
- RESERVED
-CVE-2020-3476
- RESERVED
-CVE-2020-3475
- RESERVED
-CVE-2020-3474
- RESERVED
-CVE-2020-3473
- RESERVED
-CVE-2020-3472
- RESERVED
-CVE-2020-3471
- RESERVED
-CVE-2020-3470
- RESERVED
+CVE-2020-3524 (A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3523 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3522 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3521 (A vulnerability in a specific REST API of Cisco Data Center Network Ma ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3520 (A vulnerability in Cisco Data Center Network Manager (DCNM) Software c ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3519 (A vulnerability in a specific REST API method of Cisco Data Center Net ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3518 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3517 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3516 (A vulnerability in the web server authentication of Cisco IOS XE Softw ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3515 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3514 (A vulnerability in the multi-instance feature of Cisco Firepower Threa ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3513 (Multiple vulnerabilities in the initialization routines that are execu ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3512 (A vulnerability in the PROFINET handler for Link Layer Discovery Proto ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3511 (A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3510 (A vulnerability in the Umbrella Connector component of Cisco IOS XE So ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3509 (A vulnerability in the DHCP message handler of Cisco IOS XE Software f ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3508 (A vulnerability in the IP Address Resolution Protocol (ARP) feature of ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3507 (Multiple vulnerabilities in the Cisco Discovery Protocol implementatio ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3506 (Multiple vulnerabilities in the Cisco Discovery Protocol implementatio ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3505 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3504 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3503 (A vulnerability in the file system permissions of Cisco IOS XE Softwar ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3501 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3500 (A vulnerability in the IPv6 implementation of Cisco StarOS could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3499 (A vulnerability in the licensing service of Cisco Firepower Management ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3498 (A vulnerability in Cisco Jabber software could allow an authenticated, ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3497 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3496 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3495 (A vulnerability in Cisco Jabber for Windows could allow an authenticat ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3494 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3493 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3492 (A vulnerability in the Flexible NetFlow Version 9 packet processor of ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3491 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3490 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3489 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3488 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3487 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3486 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3485 (A vulnerability in the role-based access control (RBAC) functionality ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3484 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3483 (Duo has identified and fixed an issue with the Duo Network Gateway (DN ...)
+ NOT-FOR-US: Duo
+CVE-2020-3482 (A vulnerability in the Traversal Using Relays around NAT (TURN) server ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam AntiVirus (C ...)
+ {DLA-2314-1}
+ - clamav 0.102.4+dfsg-1
+ [buster] - clamav 0.102.4+dfsg-0+deb10u1
+ NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
+CVE-2020-3480 (Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco I ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3479 (A vulnerability in the implementation of Multiprotocol Border Gateway ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3478 (A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3477 (A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3476 (A vulnerability in the CLI implementation of a specific command of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3475 (Multiple vulnerabilities in the web management framework of Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3474 (Multiple vulnerabilities in the web management framework of Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3473 (A vulnerability in task group assignment for a specific CLI command in ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings could ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3471 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3470 (Multiple vulnerabilities in the API subsystem of Cisco Integrated Mana ...)
+ NOT-FOR-US: Cisco
CVE-2020-3469
RESERVED
-CVE-2020-3468
- RESERVED
-CVE-2020-3467
- RESERVED
-CVE-2020-3466
- RESERVED
-CVE-2020-3465
- RESERVED
-CVE-2020-3464
- RESERVED
-CVE-2020-3463
- RESERVED
-CVE-2020-3462
- RESERVED
-CVE-2020-3461
- RESERVED
-CVE-2020-3460
- RESERVED
-CVE-2020-3459
- RESERVED
-CVE-2020-3458
- RESERVED
-CVE-2020-3457
- RESERVED
-CVE-2020-3456
- RESERVED
-CVE-2020-3455
- RESERVED
-CVE-2020-3454
- RESERVED
-CVE-2020-3453
- RESERVED
-CVE-2020-3452
- RESERVED
-CVE-2020-3451
- RESERVED
-CVE-2020-3450
- RESERVED
-CVE-2020-3449
- RESERVED
-CVE-2020-3448
- RESERVED
-CVE-2020-3447
- RESERVED
-CVE-2020-3446
- RESERVED
+CVE-2020-3468 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3467 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3466 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3465 (A vulnerability in Cisco IOS XE Software could allow an unauthenticate ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3464 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3463 (A vulnerability in the web-based management interface of Cisco Webex M ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3462 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3461 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3460 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3459 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3458 (Multiple vulnerabilities in the secure boot process of Cisco Adaptive ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3457 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3456 (A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3455 (A vulnerability in the secure boot process of Cisco FXOS Software coul ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3454 (A vulnerability in the Call Home feature of Cisco NX-OS Software could ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3453 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3452 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3451 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3449 (A vulnerability in the Border Gateway Protocol (BGP) additional paths ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3448 (A vulnerability in an access control mechanism of Cisco Cyber Vision C ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3447 (A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3446 (A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS ...)
+ NOT-FOR-US: Cisco
CVE-2020-3445
RESERVED
-CVE-2020-3444
- RESERVED
-CVE-2020-3443
- RESERVED
-CVE-2020-3442
- RESERVED
-CVE-2020-3441
- RESERVED
-CVE-2020-3440
- RESERVED
-CVE-2020-3439
- RESERVED
+CVE-2020-3444 (A vulnerability in the packet filtering features of Cisco SD-WAN Softw ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3443 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3442 (The DuoConnect client enables users to establish SSH connections to ho ...)
+ NOT-FOR-US: DuoConnect
+CVE-2020-3441 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3440 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3439 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ NOT-FOR-US: Cisco
CVE-2020-3438
RESERVED
-CVE-2020-3437
- RESERVED
-CVE-2020-3436
- RESERVED
-CVE-2020-3435
- RESERVED
-CVE-2020-3434
- RESERVED
-CVE-2020-3433
- RESERVED
+CVE-2020-3437 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3436 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3435 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3434 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3433 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ NOT-FOR-US: Cisco
CVE-2020-3432
RESERVED
CVE-2020-3431
RESERVED
-CVE-2020-3430
- RESERVED
-CVE-2020-3429
- RESERVED
-CVE-2020-3428
- RESERVED
-CVE-2020-3427
- RESERVED
-CVE-2020-3426
- RESERVED
-CVE-2020-3425
- RESERVED
+CVE-2020-3430 (A vulnerability in the application protocol handling features of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3429 (A vulnerability in the WPA2 and WPA3 security implementation of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3428 (A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wi ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3427 (The Windows Logon installer prior to 4.1.2 did not properly validate f ...)
+ NOT-FOR-US: Duo
+CVE-2020-3426 (A vulnerability in the implementation of the Low Power, Wide Area (LPW ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3425 (Multiple vulnerabilities in the web management framework of Cisco IOS ...)
+ NOT-FOR-US: Cisco
CVE-2020-3424
RESERVED
-CVE-2020-3423
- RESERVED
-CVE-2020-3422
- RESERVED
-CVE-2020-3421
- RESERVED
+CVE-2020-3423 (A vulnerability in the implementation of the Lua interpreter that is i ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3422 (A vulnerability in the IP Service Level Agreement (SLA) responder feat ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3421 (Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco I ...)
+ NOT-FOR-US: Cisco
CVE-2020-3420
RESERVED
-CVE-2020-3419
- RESERVED
-CVE-2020-3418
- RESERVED
-CVE-2020-3417
- RESERVED
-CVE-2020-3416
- RESERVED
-CVE-2020-3415
- RESERVED
-CVE-2020-3414
- RESERVED
-CVE-2020-3413
- RESERVED
-CVE-2020-3412
- RESERVED
-CVE-2020-3411
- RESERVED
-CVE-2020-3410
- RESERVED
-CVE-2020-3409
- RESERVED
-CVE-2020-3408
- RESERVED
-CVE-2020-3407
- RESERVED
-CVE-2020-3406
- RESERVED
-CVE-2020-3405
- RESERVED
-CVE-2020-3404
- RESERVED
-CVE-2020-3403
- RESERVED
-CVE-2020-3402
- RESERVED
-CVE-2020-3401
- RESERVED
-CVE-2020-3400
- RESERVED
-CVE-2020-3399
- RESERVED
-CVE-2020-3398
- RESERVED
-CVE-2020-3397
- RESERVED
-CVE-2020-3396
- RESERVED
+CVE-2020-3419 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3418 (A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3417 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3416 (Multiple vulnerabilities in the initialization routines that are execu ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3415 (A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Sof ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3414 (A vulnerability in the packet processing of Cisco IOS XE Software for ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of Cisco Web ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3412 (A vulnerability in the scheduled meeting template feature of Cisco Web ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3411 (A vulnerability in Cisco DNA Center software could allow an unauthenti ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3410 (A vulnerability in the Common Access Card (CAC) authentication feature ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3409 (A vulnerability in the PROFINET feature of Cisco IOS Software and Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3408 (A vulnerability in the Split DNS feature of Cisco IOS Software and Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3407 (A vulnerability in the RESTCONF and NETCONF-YANG access control list ( ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3406 (A vulnerability in the web-based management interface of the Cisco SD- ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3405 (A vulnerability in the web UI of Cisco SD-WAN vManage Software could a ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3404 (A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3403 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3402 (A vulnerability in the Java Remote Method Invocation (RMI) interface o ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3401 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3400 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3399 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3398 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3397 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3396 (A vulnerability in the file system on the pluggable USB 3.0 Solid Stat ...)
+ NOT-FOR-US: Cisco
CVE-2020-3395
RESERVED
-CVE-2020-3394
- RESERVED
-CVE-2020-3393
- RESERVED
-CVE-2020-3392
- RESERVED
-CVE-2020-3391
- RESERVED
-CVE-2020-3390
- RESERVED
-CVE-2020-3389
- RESERVED
-CVE-2020-3388
- RESERVED
-CVE-2020-3387
- RESERVED
-CVE-2020-3386
- RESERVED
-CVE-2020-3385
- RESERVED
-CVE-2020-3384
- RESERVED
-CVE-2020-3383
- RESERVED
-CVE-2020-3382
- RESERVED
-CVE-2020-3381
- RESERVED
-CVE-2020-3380
- RESERVED
-CVE-2020-3379
- RESERVED
-CVE-2020-3378
- RESERVED
-CVE-2020-3377
- RESERVED
-CVE-2020-3376
- RESERVED
-CVE-2020-3375
- RESERVED
-CVE-2020-3374
- RESERVED
-CVE-2020-3373
- RESERVED
-CVE-2020-3372
- RESERVED
-CVE-2020-3371
- RESERVED
-CVE-2020-3370
- RESERVED
-CVE-2020-3369
- RESERVED
-CVE-2020-3368
- RESERVED
-CVE-2020-3367
- RESERVED
+CVE-2020-3394 (A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Serie ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3393 (A vulnerability in the application-hosting subsystem of Cisco IOS XE S ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3392 (A vulnerability in the API of Cisco IoT Field Network Director (FND) c ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3391 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3390 (A vulnerability in Simple Network Management Protocol (SNMP) trap gene ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3389 (A vulnerability in the installation component of Cisco Hyperflex HX-Se ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3387 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3386 (A vulnerability in the REST API endpoint of Cisco Data Center Network ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3385 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3384 (A vulnerability in specific REST API endpoints of Cisco Data Center Ne ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3383 (A vulnerability in the archive utility of Cisco Data Center Network Ma ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3382 (A vulnerability in the REST API of Cisco Data Center Network Manager ( ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3381 (A vulnerability in the web management interface of Cisco SD-WAN vManag ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3380 (A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3379 (A vulnerability in Cisco SD-WAN Solution Software could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3378 (A vulnerability in the web-based management interface for Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3377 (A vulnerability in the Device Manager application of Cisco Data Center ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3376 (A vulnerability in the Device Manager application of Cisco Data Center ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3375 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3374 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3373 (A vulnerability in the IP fragment-handling implementation of Cisco Ad ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3372 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3371 (A vulnerability in the web UI of Cisco Integrated Management Controlle ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3370 (A vulnerability in URL filtering of Cisco Content Security Management ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3369 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3368 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3367 (A vulnerability in the log subscription subsystem of Cisco AsyncOS for ...)
+ NOT-FOR-US: Cisco
CVE-2020-3366
RESERVED
-CVE-2020-3365
- RESERVED
-CVE-2020-3364
- RESERVED
-CVE-2020-3363
- RESERVED
-CVE-2020-3362
- RESERVED
-CVE-2020-3361
- RESERVED
-CVE-2020-3360
- RESERVED
-CVE-2020-3359
- RESERVED
-CVE-2020-3358
- RESERVED
-CVE-2020-3357
- RESERVED
-CVE-2020-3356
- RESERVED
-CVE-2020-3355
- RESERVED
-CVE-2020-3354
- RESERVED
-CVE-2020-3353
- RESERVED
-CVE-2020-3352
- RESERVED
-CVE-2020-3351
- RESERVED
-CVE-2020-3350
- RESERVED
-CVE-2020-3349
- RESERVED
-CVE-2020-3348
- RESERVED
-CVE-2020-3347
- RESERVED
-CVE-2020-3346
- RESERVED
-CVE-2020-3345
- RESERVED
+CVE-2020-3365 (A vulnerability in the directory permissions of Cisco Enterprise NFV I ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3364 (A vulnerability in the access control list (ACL) functionality of the ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3363 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3362 (A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3361 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3360 (A vulnerability in the Web Access feature of Cisco IP Phones Series 78 ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3359 (A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE So ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3358 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3357 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3356 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3355 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3354 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3353 (A vulnerability in the syslog processing engine of Cisco Identity Serv ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3352 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3351 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3350 (A vulnerability in the endpoint software of Cisco AMP for Endpoints an ...)
+ {DLA-2314-1}
+ - clamav 0.102.4+dfsg-1
+ [buster] - clamav 0.102.4+dfsg-0+deb10u1
+ NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
+CVE-2020-3349 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3348 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3347 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3346 (A vulnerability in the web UI of Cisco Unified Communications Manager ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3345 (A vulnerability in certain web pages of Cisco Webex Meetings and Cisco ...)
+ NOT-FOR-US: Cisco
CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
NOT-FOR-US: Cisco
CVE-2020-3343 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
NOT-FOR-US: Cisco
-CVE-2020-3342
- RESERVED
+CVE-2020-3342 (A vulnerability in the software update feature of Cisco Webex Meetings ...)
+ NOT-FOR-US: Cisco
CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVirus (C ...)
{DLA-2215-1}
- clamav 0.102.3+dfsg-1
- [buster] - clamav <no-dsa> (ClamAV is updated via -updates)
- [stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
+ [buster] - clamav 0.102.3+dfsg-0~deb10u1
+ [stretch] - clamav 0.102.3+dfsg-0~deb9u1
NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
-CVE-2020-3340
- RESERVED
-CVE-2020-3339
- RESERVED
-CVE-2020-3338
- RESERVED
-CVE-2020-3337
- RESERVED
-CVE-2020-3336
- RESERVED
-CVE-2020-3335
- RESERVED
+CVE-2020-3340 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3338 (A vulnerability in the Protocol Independent Multicast (PIM) feature fo ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3337 (A vulnerability in the web server of Cisco Umbrella could allow an una ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3336 (A vulnerability in the software upgrade process of Cisco TelePresence ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3335 (A vulnerability in the key store of Cisco Application Services Engine ...)
+ NOT-FOR-US: Cisco
CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Securit ...)
NOT-FOR-US: Cisco
-CVE-2020-3333
- RESERVED
-CVE-2020-3332
- RESERVED
-CVE-2020-3331
- RESERVED
-CVE-2020-3330
- RESERVED
+CVE-2020-3333 (A vulnerability in the API of Cisco Application Services Engine Softwa ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3332 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3331 (A vulnerability in the web-based management interface of Cisco RV110W ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3330 (A vulnerability in the Telnet service of Cisco Small Business RV110W W ...)
+ NOT-FOR-US: Cisco
CVE-2020-3329 (A vulnerability in role-based access control of Cisco Integrated Manag ...)
NOT-FOR-US: Cisco
CVE-2020-3328
RESERVED
CVE-2020-3327 (A vulnerability in the ARJ archive parsing module in Clam AntiVirus (C ...)
- {DLA-2215-1}
- - clamav 0.102.3+dfsg-1
- [buster] - clamav <no-dsa> (ClamAV is updated via -updates)
- [stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
+ {DLA-2314-1 DLA-2215-1}
+ - clamav 0.102.4+dfsg-1
+ [buster] - clamav 0.102.4+dfsg-0+deb10u1
NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
+ NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
+ NOTE: Original fix from 0.102.3 was incomplete
CVE-2020-3326
RESERVED
CVE-2020-3325
RESERVED
CVE-2020-3324
RESERVED
-CVE-2020-3323
- RESERVED
-CVE-2020-3322
- RESERVED
-CVE-2020-3321
- RESERVED
-CVE-2020-3320
- RESERVED
-CVE-2020-3319
- RESERVED
+CVE-2020-3323 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3320 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3319 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
+ NOT-FOR-US: Cisco
CVE-2020-3318 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...)
NOT-FOR-US: Cisco
-CVE-2020-3317
- RESERVED
+CVE-2020-3317 (A vulnerability in the ssl_inspection component of Cisco Firepower Thr ...)
+ NOT-FOR-US: Cisco
CVE-2020-3316
RESERVED
CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
@@ -23485,8 +65365,8 @@ CVE-2020-3306 (A vulnerability in the DHCP module of Cisco Adaptive Security App
NOT-FOR-US: Cisco
CVE-2020-3305 (A vulnerability in the implementation of the Border Gateway Protocol ( ...)
NOT-FOR-US: Cisco
-CVE-2020-3304
- RESERVED
+CVE-2020-3304 (A vulnerability in the web interface of Cisco Adaptive Security Applia ...)
+ NOT-FOR-US: Cisco
CVE-2020-3303 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...)
NOT-FOR-US: Cisco
CVE-2020-3302 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
@@ -23495,58 +65375,58 @@ CVE-2020-3301 (Multiple vulnerabilities in Cisco Firepower Management Center (FM
NOT-FOR-US: Cisco
CVE-2020-3300
RESERVED
-CVE-2020-3299
- RESERVED
+CVE-2020-3299 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
+ NOT-FOR-US: Cisco
CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...)
NOT-FOR-US: Cisco
-CVE-2020-3297
- RESERVED
-CVE-2020-3296
- RESERVED
-CVE-2020-3295
- RESERVED
-CVE-2020-3294
- RESERVED
-CVE-2020-3293
- RESERVED
-CVE-2020-3292
- RESERVED
-CVE-2020-3291
- RESERVED
-CVE-2020-3290
- RESERVED
-CVE-2020-3289
- RESERVED
-CVE-2020-3288
- RESERVED
-CVE-2020-3287
- RESERVED
-CVE-2020-3286
- RESERVED
+CVE-2020-3297 (A vulnerability in session management for the web-based interface of C ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3296 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3295 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3294 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3293 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3292 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3291 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3290 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3289 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3288 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3287 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3286 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
CVE-2020-3285 (A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3) ...)
NOT-FOR-US: Cisco
-CVE-2020-3284
- RESERVED
+CVE-2020-3284 (A vulnerability in the enhanced Preboot eXecution Environment (PXE) bo ...)
+ NOT-FOR-US: Cisco
CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
NOT-FOR-US: Cisco
-CVE-2020-3282
- RESERVED
-CVE-2020-3281
- RESERVED
+CVE-2020-3282 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3281 (A vulnerability in the audit logging component of Cisco Digital Networ ...)
+ NOT-FOR-US: Cisco
CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of Cisco Unifi ...)
NOT-FOR-US: Cisco
-CVE-2020-3279
- RESERVED
-CVE-2020-3278
- RESERVED
-CVE-2020-3277
- RESERVED
-CVE-2020-3276
- RESERVED
-CVE-2020-3275
- RESERVED
-CVE-2020-3274
- RESERVED
+CVE-2020-3279 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3278 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3277 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3276 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3275 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3274 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
CVE-2020-3273 (A vulnerability in the 802.11 Generic Advertisement Service (GAS) fram ...)
NOT-FOR-US: Cisco
CVE-2020-3272 (A vulnerability in the DHCP server of Cisco Prime Network Registrar co ...)
@@ -23555,20 +65435,20 @@ CVE-2020-3271
RESERVED
CVE-2020-3270
RESERVED
-CVE-2020-3269
- RESERVED
-CVE-2020-3268
- RESERVED
-CVE-2020-3267
- RESERVED
+CVE-2020-3269 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3268 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3267 (A vulnerability in the API subsystem of Cisco Unified Contact Center E ...)
+ NOT-FOR-US: Cisco
CVE-2020-3266 (A vulnerability in the CLI of Cisco SD-WAN Solution software could all ...)
NOT-FOR-US: Cisco
CVE-2020-3265 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...)
NOT-FOR-US: Cisco
CVE-2020-3264 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...)
NOT-FOR-US: Cisco
-CVE-2020-3263
- RESERVED
+CVE-2020-3263 (A vulnerability in Cisco Webex Meetings Desktop App could allow an una ...)
+ NOT-FOR-US: Cisco
CVE-2020-3262 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
NOT-FOR-US: Cisco
CVE-2020-3261 (A vulnerability in the web-based management interface of Cisco Mobilit ...)
@@ -23577,10 +65457,10 @@ CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software co
NOT-FOR-US: Cisco
CVE-2020-3259 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
NOT-FOR-US: Cisco
-CVE-2020-3258
- RESERVED
-CVE-2020-3257
- RESERVED
+CVE-2020-3258 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3257 (Multiple vulnerabilities in the Cisco IOx application environment of C ...)
+ NOT-FOR-US: Cisco
CVE-2020-3256 (A vulnerability in the web-based management interface of Cisco Hosted ...)
NOT-FOR-US: Cisco
CVE-2020-3255 (A vulnerability in the packet processing functionality of Cisco Firepo ...)
@@ -23603,104 +65483,104 @@ CVE-2020-3247 (Multiple vulnerabilities in the REST API of Cisco UCS Director an
NOT-FOR-US: Cisco
CVE-2020-3246 (A vulnerability in the web server of Cisco Umbrella could allow an una ...)
NOT-FOR-US: Cisco
-CVE-2020-3245
- RESERVED
-CVE-2020-3244
- RESERVED
+CVE-2020-3245 (A vulnerability in the web application of Cisco Smart Software Manager ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3244 (A vulnerability in the Enhanced Charging Service (ECS) functionality o ...)
+ NOT-FOR-US: Cisco
CVE-2020-3243 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
NOT-FOR-US: Cisco
-CVE-2020-3242
- RESERVED
-CVE-2020-3241
- RESERVED
+CVE-2020-3242 (A vulnerability in the REST API of Cisco UCS Director could allow an a ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3241 (A vulnerability in the orchestration tasks of Cisco UCS Director could ...)
+ NOT-FOR-US: Cisco
CVE-2020-3240 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
NOT-FOR-US: Cisco
CVE-2020-3239 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
NOT-FOR-US: Cisco
-CVE-2020-3238
- RESERVED
-CVE-2020-3237
- RESERVED
-CVE-2020-3236
- RESERVED
-CVE-2020-3235
- RESERVED
-CVE-2020-3234
- RESERVED
-CVE-2020-3233
- RESERVED
-CVE-2020-3232
- RESERVED
-CVE-2020-3231
- RESERVED
-CVE-2020-3230
- RESERVED
-CVE-2020-3229
- RESERVED
-CVE-2020-3228
- RESERVED
-CVE-2020-3227
- RESERVED
-CVE-2020-3226
- RESERVED
-CVE-2020-3225
- RESERVED
-CVE-2020-3224
- RESERVED
-CVE-2020-3223
- RESERVED
-CVE-2020-3222
- RESERVED
-CVE-2020-3221
- RESERVED
-CVE-2020-3220
- RESERVED
-CVE-2020-3219
- RESERVED
-CVE-2020-3218
- RESERVED
-CVE-2020-3217
- RESERVED
-CVE-2020-3216
- RESERVED
-CVE-2020-3215
- RESERVED
-CVE-2020-3214
- RESERVED
-CVE-2020-3213
- RESERVED
-CVE-2020-3212
- RESERVED
-CVE-2020-3211
- RESERVED
-CVE-2020-3210
- RESERVED
-CVE-2020-3209
- RESERVED
-CVE-2020-3208
- RESERVED
-CVE-2020-3207
- RESERVED
-CVE-2020-3206
- RESERVED
-CVE-2020-3205
- RESERVED
-CVE-2020-3204
- RESERVED
-CVE-2020-3203
- RESERVED
+CVE-2020-3238 (A vulnerability in the Cisco Application Framework component of the Ci ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3237 (A vulnerability in the Cisco Application Framework component of the Ci ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3236 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3235 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3234 (A vulnerability in the virtual console authentication of Cisco IOS Sof ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3233 (A vulnerability in the web-based Local Manager interface of the Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3232 (A vulnerability in the Simple Network Management Protocol (SNMP) imple ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3231 (A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3230 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3229 (A vulnerability in Role Based Access Control (RBAC) functionality of C ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3228 (A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3227 (A vulnerability in the authorization controls for the Cisco IOx applic ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3226 (A vulnerability in the Session Initiation Protocol (SIP) library of Ci ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3225 (Multiple vulnerabilities in the implementation of the Common Industria ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3224 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3223 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3222 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3221 (A vulnerability in the Flexible NetFlow Version 9 packet processor of ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3220 (A vulnerability in the hardware crypto driver of Cisco IOS XE Software ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3219 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3218 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3217 (A vulnerability in the Topology Discovery Service of Cisco One Platfor ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3216 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3215 (A vulnerability in the Virtual Services Container of Cisco IOS XE Soft ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3214 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3213 (A vulnerability in the ROMMON of Cisco IOS XE Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3212 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3211 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3210 (A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3209 (A vulnerability in software image verification in Cisco IOS XE Softwar ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3208 (A vulnerability in the image verification feature of Cisco IOS Softwar ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3207 (A vulnerability in the processing of boot options of specific Cisco IO ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3206 (A vulnerability in the handling of IEEE 802.11w Protected Management F ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3205 (A vulnerability in the implementation of the inter-VM channel of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3204 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3203 (A vulnerability in the locally significant certificate (LSC) provision ...)
+ NOT-FOR-US: Cisco
CVE-2020-3202
RESERVED
-CVE-2020-3201
- RESERVED
-CVE-2020-3200
- RESERVED
-CVE-2020-3199
- RESERVED
-CVE-2020-3198
- RESERVED
-CVE-2020-3197
- RESERVED
+CVE-2020-3201 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3200 (A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Sof ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3199 (Multiple vulnerabilities in the Cisco IOx application environment of C ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3198 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3197 (A vulnerability in the API subsystem of Cisco Meetings App could allow ...)
+ NOT-FOR-US: Cisco
CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
NOT-FOR-US: Cisco
CVE-2020-3195 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...)
@@ -23733,8 +65613,8 @@ CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol configuratio
NOT-FOR-US: Cisco
CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco Advanc ...)
NOT-FOR-US: Cisco
-CVE-2020-3180
- RESERVED
+CVE-2020-3180 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...)
+ NOT-FOR-US: Cisco
CVE-2020-3179 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...)
NOT-FOR-US: Cisco
CVE-2020-3178 (Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Softwar ...)
@@ -23789,52 +65669,52 @@ CVE-2020-3154 (A vulnerability in the web UI of Cisco Cloud Web Security (CWS) c
NOT-FOR-US: Cisco
CVE-2020-3153 (A vulnerability in the installer component of Cisco AnyConnect Secure ...)
NOT-FOR-US: Cisco
-CVE-2020-3152
- RESERVED
-CVE-2020-3151
- RESERVED
-CVE-2020-3150
- RESERVED
+CVE-2020-3152 (A vulnerability in Cisco Connected Mobile Experiences (CMX) could allo ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3151 (A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3150 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ NOT-FOR-US: Cisco
CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network Regi ...)
NOT-FOR-US: Cisco
CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
NOT-FOR-US: Cisco
-CVE-2020-3146
- RESERVED
-CVE-2020-3145
- RESERVED
-CVE-2020-3144
- RESERVED
-CVE-2020-3143
- RESERVED
+CVE-2020-3146 (Multiple vulnerabilities in the web-based management interface of the ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3145 (Multiple vulnerabilities in the web-based management interface of the ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3144 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3143 (A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence ...)
+ NOT-FOR-US: Cisco
CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Me ...)
NOT-FOR-US: Cisco
-CVE-2020-3141
- RESERVED
-CVE-2020-3140
- RESERVED
+CVE-2020-3141 (Multiple vulnerabilities in the web management framework of Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3140 (A vulnerability in the web management interface of Cisco Prime License ...)
+ NOT-FOR-US: Cisco
CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface IP table ...)
NOT-FOR-US: Cisco
CVE-2020-3138 (A vulnerability in the upgrade component of Cisco Enterprise NFV Infra ...)
NOT-FOR-US: Cisco
-CVE-2020-3137
- RESERVED
+CVE-2020-3137 (A vulnerability in the web-based management interface of Cisco Email S ...)
+ NOT-FOR-US: Cisco
CVE-2020-3136 (A vulnerability in the web-based management interface of Cisco Jabber ...)
NOT-FOR-US: Cisco
-CVE-2020-3135
- RESERVED
+CVE-2020-3135 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
CVE-2020-3134 (A vulnerability in the zip decompression engine of Cisco AsyncOS Softw ...)
NOT-FOR-US: Cisco
-CVE-2020-3133
- RESERVED
+CVE-2020-3133 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...)
+ NOT-FOR-US: Cisco
CVE-2020-3132 (A vulnerability in the email message scanning feature of Cisco AsyncOS ...)
NOT-FOR-US: Cisco
CVE-2020-3131 (A vulnerability in the Cisco Webex Teams client for Windows could allo ...)
NOT-FOR-US: Cisco
-CVE-2020-3130
- RESERVED
+CVE-2020-3130 (A vulnerability in the web management interface of Cisco Unity Connect ...)
+ NOT-FOR-US: Cisco
CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...)
NOT-FOR-US: Cisco
CVE-2020-3128 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
@@ -23845,12 +65725,12 @@ CVE-2020-3126 (vulnerability within the Multimedia Viewer feature of Cisco Webex
NOT-FOR-US: Cisco
CVE-2020-3125 (A vulnerability in the Kerberos authentication feature of Cisco Adapti ...)
NOT-FOR-US: Cisco
-CVE-2020-3124
- RESERVED
+CVE-2020-3124 (A vulnerability in the web-based interface of Cisco Hosted Collaborati ...)
+ NOT-FOR-US: Cisco
CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...)
- clamav 0.102.2+dfsg-1 (bug #950944)
[buster] - clamav 0.102.2+dfsg-0+deb10u1
- [stretch] - clamav <no-dsa> (ClamAV is updated via -updates)
+ [stretch] - clamav 0.102.2+dfsg-0~deb9u1
[jessie] - clamav <not-affected> (Vulnerable code introduced in 0.102.x)
NOTE: https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html
CVE-2020-3122
@@ -23863,10 +65743,10 @@ CVE-2020-3119 (A vulnerability in the Cisco Discovery Protocol implementation fo
NOT-FOR-US: Cisco
CVE-2020-3118 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
NOT-FOR-US: Cisco
-CVE-2020-3117
- RESERVED
-CVE-2020-3116
- RESERVED
+CVE-2020-3117 (A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Se ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3116 (A vulnerability in the way Cisco Webex applications process Universal ...)
+ NOT-FOR-US: Cisco
CVE-2020-3115 (A vulnerability in the CLI of the Cisco SD-WAN Solution vManage softwa ...)
NOT-FOR-US: Cisco
CVE-2020-3114 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
@@ -24129,44 +66009,44 @@ CVE-2020-2986
RESERVED
CVE-2020-2985
RESERVED
-CVE-2020-2984
- RESERVED
-CVE-2020-2983
- RESERVED
-CVE-2020-2982
- RESERVED
-CVE-2020-2981
- RESERVED
+CVE-2020-2984 (Vulnerability in the Oracle Configuration Manager product of Oracle En ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2983 (Vulnerability in the Oracle Data Masking and Subsetting product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2982 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2981 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
+ NOT-FOR-US: Oracle
CVE-2020-2980
RESERVED
CVE-2020-2979
RESERVED
-CVE-2020-2978
- RESERVED
-CVE-2020-2977
- RESERVED
-CVE-2020-2976
- RESERVED
-CVE-2020-2975
- RESERVED
-CVE-2020-2974
- RESERVED
-CVE-2020-2973
- RESERVED
-CVE-2020-2972
- RESERVED
-CVE-2020-2971
- RESERVED
+CVE-2020-2978 (Vulnerability in the Oracle Database - Enterprise Edition component of ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2977 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2976 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2975 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2974 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2973 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2972 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2971 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ NOT-FOR-US: Oracle
CVE-2020-2970
RESERVED
-CVE-2020-2969
- RESERVED
-CVE-2020-2968
- RESERVED
-CVE-2020-2967
- RESERVED
-CVE-2020-2966
- RESERVED
+CVE-2020-2969 (Vulnerability in the Data Pump component of Oracle Database Server. Su ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2968 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2967 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-2966 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
CVE-2020-2965
RESERVED
CVE-2020-2964 (Vulnerability in the Oracle Financial Services Data Foundation product ...)
@@ -24233,14 +66113,12 @@ CVE-2020-2936 (Vulnerability in the Oracle Financial Services Balance Sheet Plan
CVE-2020-2935 (Vulnerability in the Oracle Financial Services Hedge Management and IF ...)
NOT-FOR-US: Oracle
CVE-2020-2934 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ {DSA-4703-1 DLA-2245-1}
- mysql-connector-java <removed>
- [stretch] - mysql-connector-java <ignored> (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Stretch)
- [jessie] - mysql-connector-java <ignored> (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Jessie)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2933 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ {DSA-4703-1 DLA-2245-1}
- mysql-connector-java <removed>
- [stretch] - mysql-connector-java <ignored> (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Stretch)
- [jessie] - mysql-connector-java <ignored> (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Jessie)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2932 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...)
NOT-FOR-US: Oracle
@@ -24270,7 +66148,7 @@ CVE-2020-2923 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2922 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #956832)
+ - mysql-5.7 <removed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2921 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
@@ -24385,9 +66263,8 @@ CVE-2020-2877 (Vulnerability in the Oracle Partner Management product of Oracle
CVE-2020-2876 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
NOT-FOR-US: Oracle
CVE-2020-2875 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ {DSA-4703-1 DLA-2245-1}
- mysql-connector-java <removed>
- [stretch] - mysql-connector-java <ignored> (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Stretch)
- [jessie] - mysql-connector-java <ignored> (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Jessie)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2874 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...)
NOT-FOR-US: Oracle
@@ -24517,17 +66394,21 @@ CVE-2020-2816 (Vulnerability in the Java SE product of Oracle Java SE (component
CVE-2020-2815 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
NOT-FOR-US: Oracle
CVE-2020-2814 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mariadb-10.3 <unfixed> (bug #961849)
+ - mariadb-10.3 1:10.3.23-1 (bug #961849)
+ [buster] - mariadb-10.3 1:10.3.23-0+deb10u1
- mariadb-10.1 <removed>
- - mysql-5.7 <unfixed> (bug #956832)
+ [stretch] - mariadb-10.1 10.1.45-0+deb9u1
+ - mysql-5.7 <removed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
NOTE: Fixed in MariaDB 10.3.23, 10.1.45
CVE-2020-2813 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...)
NOT-FOR-US: Oracle
CVE-2020-2812 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mariadb-10.3 <unfixed> (bug #961849)
+ - mariadb-10.3 1:10.3.23-1 (bug #961849)
+ [buster] - mariadb-10.3 1:10.3.23-0+deb10u1
- mariadb-10.1 <removed>
- - mysql-5.7 <unfixed> (bug #956832)
+ [stretch] - mariadb-10.1 10.1.45-0+deb9u1
+ - mysql-5.7 <removed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
NOTE: Fixed in MariaDB 10.3.23, 10.1.45
CVE-2020-2811 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
@@ -24541,7 +66422,7 @@ CVE-2020-2808 (Vulnerability in the Oracle E-Business Intelligence product of Or
CVE-2020-2807 (Vulnerability in the Oracle Marketing Encyclopedia System product of O ...)
NOT-FOR-US: Oracle
CVE-2020-2806 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #956832)
+ - mysql-5.7 <removed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2805 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
{DSA-4668-1 DSA-4662-1 DLA-2193-1}
@@ -24550,7 +66431,7 @@ CVE-2020-2805 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
- openjdk-8 8u252-b09-1
- openjdk-7 <removed>
CVE-2020-2804 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #956832)
+ - mysql-5.7 <removed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2803 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
{DSA-4668-1 DSA-4662-1 DLA-2193-1}
@@ -24587,7 +66468,7 @@ CVE-2020-2792
CVE-2020-2791 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...)
NOT-FOR-US: Oracle
CVE-2020-2790 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #956832)
+ - mysql-5.7 <removed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2789 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
NOT-FOR-US: Oracle
@@ -24612,7 +66493,7 @@ CVE-2020-2781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
- openjdk-8 8u252-b09-1
- openjdk-7 <removed>
CVE-2020-2780 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #956832)
+ - mysql-5.7 <removed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2779 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (MySQL 8 only)
@@ -24655,12 +66536,12 @@ CVE-2020-2767 (Vulnerability in the Java SE product of Oracle Java SE (component
CVE-2020-2766 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
NOT-FOR-US: Oracle
CVE-2020-2765 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #956832)
+ - mysql-5.7 <removed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2764 (Vulnerability in the Java SE product of Oracle Java SE (component: Adv ...)
NOT-FOR-US: Java Advanced Management Console
CVE-2020-2763 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #956832)
+ - mysql-5.7 <removed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2762 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
@@ -24669,8 +66550,9 @@ CVE-2020-2761 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <not-affected> (Only affects MySQL 8)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2760 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mariadb-10.3 <unfixed> (bug #961849)
- - mysql-5.7 <unfixed> (bug #956832)
+ - mariadb-10.3 1:10.3.23-1 (bug #961849)
+ [buster] - mariadb-10.3 1:10.3.23-0+deb10u1
+ - mysql-5.7 <removed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
NOTE: Fixed in MariaDB 10.3.23
CVE-2020-2759 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -24704,9 +66586,11 @@ CVE-2020-2754 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
CVE-2020-2753 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
NOT-FOR-US: Oracle
CVE-2020-2752 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
- - mariadb-10.3 <unfixed> (bug #961849)
+ - mariadb-10.3 1:10.3.23-1 (bug #961849)
+ [buster] - mariadb-10.3 1:10.3.23-0+deb10u1
- mariadb-10.1 <removed>
- - mysql-5.7 <unfixed> (bug #956832)
+ [stretch] - mariadb-10.1 10.1.45-0+deb9u1
+ - mysql-5.7 <removed> (bug #956832)
NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
NOTE: Fixed in MariaDB 10.3.23, 10.1.45
CVE-2020-2751 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
@@ -24752,7 +66636,7 @@ CVE-2020-2734 (Vulnerability in the RDBMS/Optimizer component of Oracle Database
CVE-2020-2733 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
NOT-FOR-US: Oracle
CVE-2020-2732 (A flaw was discovered in the way that the KVM hypervisor handled instr ...)
- {DSA-4667-1}
+ {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1}
- linux 5.5.13-1
NOTE: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec
NOTE: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c
@@ -24921,7 +66805,7 @@ CVE-2020-2662 (Vulnerability in the Oracle iSupport product of Oracle E-Business
CVE-2020-2661 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
NOT-FOR-US: Oracle
CVE-2020-2660 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #949994)
+ - mysql-5.7 <removed> (bug #949994)
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2659 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
{DSA-4621-1 DLA-2128-1}
@@ -25089,7 +66973,7 @@ CVE-2020-2590 (Vulnerability in the Java SE, Java SE Embedded product of Oracle
- openjdk-8 8u242-b08-1
- openjdk-7 <removed>
CVE-2020-2589 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #949994)
+ - mysql-5.7 <removed> (bug #949994)
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2588 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (MySQL 8 only)
@@ -25103,7 +66987,7 @@ CVE-2020-2585 (Vulnerability in the Java SE product of Oracle Java SE (component
[stretch] - openjfx <no-dsa> (Minor issue)
NOTE: This only affects JavaFX 8, so marking the first post 8 version as fixed
CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #949994)
+ - mysql-5.7 <removed> (bug #949994)
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
{DSA-4621-1 DSA-4605-1 DLA-2128-1}
@@ -25119,12 +67003,12 @@ CVE-2020-2580 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <not-affected> (MySQL 8 only)
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2579 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #949994)
+ - mysql-5.7 <removed> (bug #949994)
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2578 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
NOT-FOR-US: Oracle
CVE-2020-2577 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #949994)
+ - mysql-5.7 <removed> (bug #949994)
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2576 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
NOT-FOR-US: Oracle
@@ -25132,7 +67016,7 @@ CVE-2020-2575 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu
- virtualbox 6.1.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2574 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #949994)
+ - mysql-5.7 <removed> (bug #949994)
- mariadb-10.3 1:10.3.22-1
[buster] - mariadb-10.3 1:10.3.22-0+deb10u1
- mariadb-10.1 <removed>
@@ -25140,15 +67024,15 @@ CVE-2020-2574 (Vulnerability in the MySQL Client product of Oracle MySQL (compon
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
NOTE: Fixed in MariaDB: 5.5.67, 10.1.44, 10.2.31, 10.3.22, 10.4.12
CVE-2020-2573 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #949994)
+ - mysql-5.7 <removed> (bug #949994)
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2572 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #949994)
+ - mysql-5.7 <removed> (bug #949994)
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2571 (Vulnerability in the Oracle VM Server for SPARC product of Oracle Syst ...)
NOT-FOR-US: Oracle
CVE-2020-2570 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
- - mysql-5.7 <unfixed> (bug #949994)
+ - mysql-5.7 <removed> (bug #949994)
NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
CVE-2020-2569 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...)
NOT-FOR-US: Oracle
@@ -25164,8 +67048,8 @@ CVE-2020-2564 (Vulnerability in the Siebel UI Framework product of Oracle Siebel
NOT-FOR-US: Oracle
CVE-2020-2563 (Vulnerability in the Hyperion Financial Close Management product of Or ...)
NOT-FOR-US: Oracle
-CVE-2020-2562
- RESERVED
+CVE-2020-2562 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
CVE-2020-2561 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
NOT-FOR-US: Oracle
CVE-2020-2560 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...)
@@ -25262,54 +67146,54 @@ CVE-2020-2515 (Vulnerability in the Database Gateway for ODBC component of Oracl
NOT-FOR-US: Oracle
CVE-2020-2514 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
NOT-FOR-US: Oracle
-CVE-2020-2513
- RESERVED
+CVE-2020-2513 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ NOT-FOR-US: Oracle
CVE-2020-2512 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...)
NOT-FOR-US: Oracle
CVE-2020-2511 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
NOT-FOR-US: Oracle
CVE-2020-2510 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
NOT-FOR-US: Oracle
-CVE-2020-2509
- RESERVED
-CVE-2020-2508
- RESERVED
-CVE-2020-2507
- RESERVED
-CVE-2020-2506
- RESERVED
-CVE-2020-2505
- RESERVED
-CVE-2020-2504
- RESERVED
-CVE-2020-2503
- RESERVED
-CVE-2020-2502
- RESERVED
-CVE-2020-2501
- RESERVED
-CVE-2020-2500
- RESERVED
-CVE-2020-2499
- RESERVED
-CVE-2020-2498
- RESERVED
-CVE-2020-2497
- RESERVED
-CVE-2020-2496
- RESERVED
-CVE-2020-2495
- RESERVED
-CVE-2020-2494
- RESERVED
-CVE-2020-2493
- RESERVED
-CVE-2020-2492
- RESERVED
-CVE-2020-2491
- RESERVED
-CVE-2020-2490
- RESERVED
+CVE-2020-2509 (A command injection vulnerability has been reported to affect QTS and ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2508 (A command injection vulnerability has been reported to affect QTS and ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2507 (The vulnerability have been reported to affect earlier versions of QTS ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2506 (The vulnerability have been reported to affect earlier versions of QTS ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2505 (If exploited, this vulnerability could allow attackers to gain sensiti ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2504 (If exploited, this absolute path traversal vulnerability could allow a ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2503 (If exploited, this stored cross-site scripting vulnerability could all ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2502 (This cross-site scripting vulnerability in Photo Station allows remote ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2501 (A stack-based buffer overflow vulnerability has been reported to affec ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2500 (This improper access control vulnerability in Helpdesk allows attacker ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2499 (A hard-coded password vulnerability has been reported to affect earlie ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2498 (If exploited, this cross-site scripting vulnerability could allow remo ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2497 (If exploited, this cross-site scripting vulnerability could allow remo ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2496 (If exploited, this cross-site scripting vulnerability could allow remo ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2495 (If exploited, this cross-site scripting vulnerability could allow remo ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2494 (This cross-site scripting vulnerability in Music Station allows remote ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2493 (This cross-site scripting vulnerability in Multimedia Console allows r ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2492 (If exploited, the command injection vulnerability could allow remote a ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2491 (This cross-site scripting vulnerability in Photo Station allows remote ...)
+ NOT-FOR-US: QNAP
+CVE-2020-2490 (If exploited, the command injection vulnerability could allow remote a ...)
+ NOT-FOR-US: QNAP
CVE-2020-2489
RESERVED
CVE-2020-2488
@@ -25640,279 +67524,276 @@ CVE-2020-2326
RESERVED
CVE-2020-2325
RESERVED
-CVE-2020-2324
- RESERVED
-CVE-2020-2323
- RESERVED
-CVE-2020-2322
- RESERVED
-CVE-2020-2321
- RESERVED
-CVE-2020-2320
- RESERVED
-CVE-2020-2319
- RESERVED
-CVE-2020-2318
- RESERVED
-CVE-2020-2317
- RESERVED
-CVE-2020-2316
- RESERVED
-CVE-2020-2315
- RESERVED
-CVE-2020-2314
- RESERVED
-CVE-2020-2313
- RESERVED
-CVE-2020-2312
- RESERVED
-CVE-2020-2311
- RESERVED
- NOT-FOR-US: Qualcomm components for Android
-CVE-2020-2310
- RESERVED
-CVE-2020-2309
- RESERVED
-CVE-2020-2308
- RESERVED
-CVE-2020-2307
- RESERVED
-CVE-2020-2306
- RESERVED
-CVE-2020-2305
- RESERVED
-CVE-2020-2304
- RESERVED
-CVE-2020-2303
- RESERVED
-CVE-2020-2302
- RESERVED
-CVE-2020-2301
- RESERVED
-CVE-2020-2300
- RESERVED
- NOT-FOR-US: Qualcomm components for Android
-CVE-2020-2299
- RESERVED
-CVE-2020-2298
- RESERVED
-CVE-2020-2297
- RESERVED
-CVE-2020-2296
- RESERVED
-CVE-2020-2295
- RESERVED
-CVE-2020-2294
- RESERVED
-CVE-2020-2293
- RESERVED
-CVE-2020-2292
- RESERVED
-CVE-2020-2291
- RESERVED
-CVE-2020-2290
- RESERVED
-CVE-2020-2289
- RESERVED
-CVE-2020-2288
- RESERVED
-CVE-2020-2287
- RESERVED
-CVE-2020-2286
- RESERVED
-CVE-2020-2285
- RESERVED
-CVE-2020-2284
- RESERVED
-CVE-2020-2283
- RESERVED
-CVE-2020-2282
- RESERVED
-CVE-2020-2281
- RESERVED
-CVE-2020-2280
- RESERVED
-CVE-2020-2279
- RESERVED
-CVE-2020-2278
- RESERVED
-CVE-2020-2277
- RESERVED
-CVE-2020-2276
- RESERVED
-CVE-2020-2275
- RESERVED
-CVE-2020-2274
- RESERVED
-CVE-2020-2273
- RESERVED
-CVE-2020-2272
- RESERVED
-CVE-2020-2271
- RESERVED
-CVE-2020-2270
- RESERVED
-CVE-2020-2269
- RESERVED
-CVE-2020-2268
- RESERVED
-CVE-2020-2267
- RESERVED
-CVE-2020-2266
- RESERVED
-CVE-2020-2265
- RESERVED
-CVE-2020-2264
- RESERVED
- NOT-FOR-US: Qualcomm components for Android
-CVE-2020-2263
- RESERVED
-CVE-2020-2262
- RESERVED
-CVE-2020-2261
- RESERVED
-CVE-2020-2260
- RESERVED
-CVE-2020-2259
- RESERVED
-CVE-2020-2258
- RESERVED
-CVE-2020-2257
- RESERVED
-CVE-2020-2256
- RESERVED
-CVE-2020-2255
- RESERVED
-CVE-2020-2254
- RESERVED
-CVE-2020-2253
- RESERVED
-CVE-2020-2252
- RESERVED
-CVE-2020-2251
- RESERVED
-CVE-2020-2250
- RESERVED
-CVE-2020-2249
- RESERVED
-CVE-2020-2248
- RESERVED
-CVE-2020-2247
- RESERVED
-CVE-2020-2246
- RESERVED
-CVE-2020-2245
- RESERVED
-CVE-2020-2244
- RESERVED
-CVE-2020-2243
- RESERVED
-CVE-2020-2242
- RESERVED
-CVE-2020-2241
- RESERVED
-CVE-2020-2240
- RESERVED
-CVE-2020-2239
- RESERVED
-CVE-2020-2238
- RESERVED
-CVE-2020-2237
- RESERVED
-CVE-2020-2236
- RESERVED
-CVE-2020-2235
- RESERVED
-CVE-2020-2234
- RESERVED
-CVE-2020-2233
- RESERVED
-CVE-2020-2232
- RESERVED
-CVE-2020-2231
- RESERVED
-CVE-2020-2230
- RESERVED
-CVE-2020-2229
- RESERVED
-CVE-2020-2228
- RESERVED
-CVE-2020-2227
- RESERVED
-CVE-2020-2226
- RESERVED
-CVE-2020-2225
- RESERVED
-CVE-2020-2224
- RESERVED
-CVE-2020-2223
- RESERVED
-CVE-2020-2222
- RESERVED
-CVE-2020-2221
- RESERVED
-CVE-2020-2220
- RESERVED
-CVE-2020-2219
- RESERVED
-CVE-2020-2218
- RESERVED
-CVE-2020-2217
- RESERVED
-CVE-2020-2216
- RESERVED
-CVE-2020-2215
- RESERVED
-CVE-2020-2214
- RESERVED
-CVE-2020-2213
- RESERVED
-CVE-2020-2212
- RESERVED
-CVE-2020-2211
- RESERVED
-CVE-2020-2210
- RESERVED
-CVE-2020-2209
- RESERVED
-CVE-2020-2208
- RESERVED
-CVE-2020-2207
- RESERVED
-CVE-2020-2206
- RESERVED
-CVE-2020-2205
- RESERVED
-CVE-2020-2204
- RESERVED
-CVE-2020-2203
- RESERVED
-CVE-2020-2202
- RESERVED
-CVE-2020-2201
- RESERVED
-CVE-2020-2200
- RESERVED
-CVE-2020-2199
- RESERVED
-CVE-2020-2198
- RESERVED
-CVE-2020-2197
- RESERVED
-CVE-2020-2196
- RESERVED
-CVE-2020-2195
- RESERVED
-CVE-2020-2194
- RESERVED
-CVE-2020-2193
- RESERVED
-CVE-2020-2192
- RESERVED
-CVE-2020-2191
- RESERVED
-CVE-2020-2190
- RESERVED
+CVE-2020-2324 (Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2323 (Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permissio ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2322 (Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permissio ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2321 (A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Pr ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2320 (Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not ve ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2319 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a pa ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2318 (Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2317 (Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotati ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2316 (Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not esc ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2315 (Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2314 (Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencryp ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2313 (A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and e ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2312 (Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2311 (A missing permission check in Jenkins AWS Global Configuration Plugin ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2310 (Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier al ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2309 (A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1 ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2308 (A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and ear ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2307 (Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege user ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2306 (A missing permission check in Jenkins Mercurial Plugin 2.11 and earlie ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2305 (Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML p ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2304 (Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XM ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2303 (A cross-site request forgery (CSRF) vulnerability in Jenkins Active Di ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2302 (A missing permission check in Jenkins Active Directory Plugin 2.19 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2301 (Jenkins Active Directory Plugin 2.19 and earlier allows attackers to l ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2300 (Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2299 (Jenkins Active Directory Plugin 2.19 and earlier allows attackers to l ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2298 (Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2297 (Jenkins SMS Notification Plugin 1.2 and earlier stores an access token ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2296 (A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Ob ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2295 (A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cas ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2294 (Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perfor ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2293 (Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2292 (Jenkins Release Plugin 2.10.2 and earlier does not escape the release ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2291 (Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server pa ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2290 (Jenkins Active Choices Plugin 2.4 and earlier does not escape some ret ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2289 (Jenkins Active Choices Plugin 2.4 and earlier does not escape the name ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2288 (In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular exp ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2287 (Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2286 (Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2285 (A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 an ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2284 (Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure i ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2283 (Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape chan ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2282 (Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2281 (A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2280 (A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2279 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2278 (Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2277 (Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/ ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2276 (Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specifi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2275 (Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit w ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2274 (Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password u ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2273 (A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2272 (A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlie ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2271 (Jenkins Locked Files Report Plugin 1.6 and earlier does not escape loc ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2270 (Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the c ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2269 (Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape vie ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2268 (A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB P ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2267 (A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier a ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2266 (Jenkins Description Column Plugin 1.3 and earlier does not escape the ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2265 (Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2264 (Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2263 (Jenkins Radiator View Plugin 1.29 and earlier does not escape the full ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2262 (Jenkins Android Lint Plugin 2.6 and earlier does not escape the annota ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2261 (Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jen ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2260 (A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2259 (Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape t ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2258 (Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2257 (Jenkins Validating String Parameter Plugin 2.4 and earlier does not es ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2256 (Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not e ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2255 (A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and ear ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2254 (Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2253 (Jenkins Email Extension Plugin 2.75 and earlier does not perform hostn ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2252 (Jenkins Mailer Plugin 1.32 and earlier does not perform hostname valid ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2251 (Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2250 (Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores pr ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2249 (Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a web ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2248 (Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2247 (Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configu ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2246 (Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Va ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2245 (Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML pa ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2244 (Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not esca ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2243 (Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape buil ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2242 (A missing permission check in Jenkins database Plugin 1.6 and earlier ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2241 (A cross-site request forgery (CSRF) vulnerability in Jenkins database ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2240 (A cross-site request forgery (CSRF) vulnerability in Jenkins database ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2239 (Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2238 (Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the re ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2237 (A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Tes ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2236 (Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2235 (A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2234 (A missing permission check in Jenkins Pipeline Maven Integration Plugi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2233 (A missing permission check in Jenkins Pipeline Maven Integration Plugi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2232 (Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays th ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2231 (Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...)
+ - jenkins <removed>
+CVE-2020-2230 (Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...)
+ - jenkins <removed>
+CVE-2020-2229 (Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...)
+ - jenkins <removed>
+CVE-2020-2228 (Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2227 (Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2226 (Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does no ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2225 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2224 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape the nod ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2223 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape cor ...)
+ - jenkins <removed>
+CVE-2020-2222 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...)
+ - jenkins <removed>
+CVE-2020-2221 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...)
+ - jenkins <removed>
+CVE-2020-2220 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...)
+ - jenkins <removed>
+CVE-2020-2219 (Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of lin ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2218 (Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2217 (Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not e ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2216 (A missing permission check in Jenkins Zephyr for JIRA Test Management ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2215 (A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2214 (Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2213 (Jenkins White Source Plugin 19.1.1 and earlier stores credentials unen ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2212 (Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2211 (Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier doe ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2210 (Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits conf ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2209 (Jenkins TestComplete support Plugin 2.4.1 and earlier stores a passwor ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2208 (Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypte ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2207 (Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter v ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2206 (Jenkins VncRecorder Plugin 1.25 and earlier does not escape a paramete ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2205 (Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool pat ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2204 (A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 a ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2203 (A cross-site request forgery vulnerability in Jenkins Fortify on Deman ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2202 (A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 a ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2201 (Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escap ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2200 (Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2199 (Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier do ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2198 (Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redac ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2197 (Jenkins Project Inheritance Plugin 19.08.02 and earlier does not requi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2196 (Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection fo ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2195 (Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocess ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2194 (Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the dis ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2193 (Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the par ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2192 (A cross-site request forgery vulnerability in Jenkins Self-Organizing ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2191 (Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2020-2190 (Jenkins Script Security Plugin 1.72 and earlier does not correctly esc ...)
+ NOT-FOR-US: Jenkins plugin
CVE-2020-2189 (Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2188 (A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and ear ...)
@@ -25966,13 +67847,13 @@ CVE-2020-2165 (Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured
CVE-2020-2164 (Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory se ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2163 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processe ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2162 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Conten ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2161 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly e ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2160 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different repr ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job ...)
NOT-FOR-US: Jenkins CryptoMove Plugin
CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its YAML pa ...)
@@ -26082,19 +67963,19 @@ CVE-2020-2107 (Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server pa
CVE-2020-2106 (Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2105 (REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earli ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2104 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2103 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session ide ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2102 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2101 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a const ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2100 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2099 (Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses e ...)
- NOT-FOR-US: Jenkins
+ - jenkins <removed>
CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2097 (Jenkins Sounds Plugin 0.5 and earlier does not perform permission chec ...)
@@ -26114,35 +67995,35 @@ CVE-2020-2091 (A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and
CVE-2020-2090 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2089
- RESERVED
+ REJECTED
CVE-2020-2088
- RESERVED
+ REJECTED
CVE-2020-2087
- RESERVED
+ REJECTED
CVE-2020-2086
- RESERVED
+ REJECTED
CVE-2020-2085
- RESERVED
+ REJECTED
CVE-2020-2084
- RESERVED
+ REJECTED
CVE-2020-2083
- RESERVED
+ REJECTED
CVE-2020-2082
- RESERVED
+ REJECTED
CVE-2020-2081
- RESERVED
+ REJECTED
CVE-2020-2080
- RESERVED
+ REJECTED
CVE-2020-2079
- RESERVED
-CVE-2020-2078
- RESERVED
-CVE-2020-2077
- RESERVED
-CVE-2020-2076
- RESERVED
-CVE-2020-2075
- RESERVED
+ REJECTED
+CVE-2020-2078 (Passwords are stored in plain text within the configuration of SICK Pa ...)
+ NOT-FOR-US: SICK
+CVE-2020-2077 (SICK Package Analytics software up to and including version V04.0.0 ar ...)
+ NOT-FOR-US: SICK
+CVE-2020-2076 (SICK Package Analytics software up to and including version V04.0.0 ar ...)
+ NOT-FOR-US: SICK
+CVE-2020-2075 (Platform mechanism AutoIP allows remote attackers to reboot the device ...)
+ NOT-FOR-US: SICK
CVE-2020-2074
RESERVED
CVE-2020-2073
@@ -26191,68 +68072,68 @@ CVE-2020-2052
RESERVED
CVE-2020-2051
RESERVED
-CVE-2020-2050
- RESERVED
-CVE-2020-2049
- RESERVED
-CVE-2020-2048
- RESERVED
+CVE-2020-2050 (An authentication bypass vulnerability exists in the GlobalProtect SSL ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2020-2049 (A local privilege escalation vulnerability exists in Palo Alto Network ...)
+ NOT-FOR-US: Palo Alto Networks Cortex XDR Agent
+CVE-2020-2048 (An information exposure through log file vulnerability exists where th ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2020-2047
RESERVED
CVE-2020-2046
RESERVED
CVE-2020-2045
RESERVED
-CVE-2020-2044
- RESERVED
-CVE-2020-2043
- RESERVED
-CVE-2020-2042
- RESERVED
-CVE-2020-2041
- RESERVED
-CVE-2020-2040
- RESERVED
-CVE-2020-2039
- RESERVED
-CVE-2020-2038
- RESERVED
-CVE-2020-2037
- RESERVED
-CVE-2020-2036
- RESERVED
-CVE-2020-2035
- RESERVED
-CVE-2020-2034
- RESERVED
-CVE-2020-2033
- RESERVED
-CVE-2020-2032
- RESERVED
-CVE-2020-2031
- RESERVED
-CVE-2020-2030
- RESERVED
-CVE-2020-2029
- RESERVED
-CVE-2020-2028
- RESERVED
-CVE-2020-2027
- RESERVED
-CVE-2020-2026
- RESERVED
+CVE-2020-2044 (An information exposure through log file vulnerability where an admini ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2020-2043 (An information exposure through log file vulnerability where sensitive ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2020-2042 (A buffer overflow vulnerability in the PAN-OS management web interface ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2020-2041 (An insecure configuration of the appweb daemon of Palo Alto Networks P ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2020-2040 (A buffer overflow vulnerability in PAN-OS allows an unauthenticated at ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2020-2039 (An uncontrolled resource consumption vulnerability in Palo Alto Networ ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2020-2038 (An OS Command Injection vulnerability in the PAN-OS management interfa ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2020-2037 (An OS Command Injection vulnerability in the PAN-OS management interfa ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2020-2036 (A reflected cross-site scripting (XSS) vulnerability exists in the PAN ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2020-2035 (When SSL/TLS Forward Proxy Decryption mode has been configured to decr ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2020-2034 (An OS Command Injection vulnerability in the PAN-OS GlobalProtect port ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2020-2033 (When the pre-logon feature is enabled, a missing certification validat ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2020-2032 (A race condition vulnerability Palo Alto Networks GlobalProtect app on ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2020-2031 (An integer underflow vulnerability in the dnsproxyd component of the P ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2020-2030 (An OS Command Injection vulnerability in the PAN-OS management interfa ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2020-2029 (An OS Command Injection vulnerability in the PAN-OS web management int ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2020-2028 (An OS Command Injection vulnerability in PAN-OS management server allo ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2020-2027 (A buffer overflow vulnerability in the authd component of the PAN-OS m ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2020-2026 (A malicious guest compromised before a container creation (e.g. a mali ...)
+ NOT-FOR-US: Kata Containers
CVE-2020-2025 (Kata Containers before 1.11.0 on Cloud Hypervisor persists guest files ...)
NOT-FOR-US: Kata Containers
CVE-2020-2024 (An improper link resolution vulnerability affects Kata Containers vers ...)
NOT-FOR-US: Kata Containers
-CVE-2020-2023
- RESERVED
-CVE-2020-2022
- RESERVED
-CVE-2020-2021
- RESERVED
-CVE-2020-2020
- RESERVED
+CVE-2020-2023 (Kata Containers doesn't restrict containers from accessing the guest's ...)
+ NOT-FOR-US: Kata Containers
+CVE-2020-2022 (An information exposure vulnerability exists in Palo Alto Networks Pan ...)
+ NOT-FOR-US: Palo Alto Networks Panorama
+CVE-2020-2021 (When Security Assertion Markup Language (SAML) authentication is enabl ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2020-2020 (An improper handling of exceptional conditions vulnerability in Cortex ...)
+ NOT-FOR-US: Palo Alto Networks Cortex XDR Agent
CVE-2020-2019
RESERVED
CVE-2020-2018 (An authentication bypass vulnerability in the Panorama context switchi ...)
@@ -26291,10 +68172,10 @@ CVE-2020-2002 (An authentication bypass by spoofing vulnerability exists in the
NOT-FOR-US: PAN-OS
CVE-2020-2001 (An external control of path and data vulnerability in the Palo Alto Ne ...)
NOT-FOR-US: PAN-OS
-CVE-2020-2000
- RESERVED
-CVE-2020-1999
- RESERVED
+CVE-2020-2000 (An OS command injection and memory corruption vulnerability in the PAN ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2020-1999 (A vulnerability exists in the Palo Alto Network PAN-OS signature-based ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2020-1998 (An improper authorization vulnerability in PAN-OS that mistakenly uses ...)
NOT-FOR-US: PAN-OS
CVE-2020-1997 (An open redirection vulnerability in the GlobalProtect component of Pa ...)
@@ -26326,7 +68207,7 @@ CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder
CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which ...)
NOT-FOR-US: Palo Alto Networks
CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of libslirp ...)
- {DSA-4665-1}
+ {DSA-4665-1 DLA-2288-1 DLA-2262-1}
- qemu 1:4.1-2
- qemu-kvm <removed>
- libslirp 4.2.0-2
@@ -26335,8 +68216,9 @@ CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of lib
NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9bd6c5913271eabcb7768a58197ed3301fe19f2d
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed
NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed.
-CVE-2020-1982
- RESERVED
+ NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-p3hx-89v2-4r99
+CVE-2020-1982 (Certain communication between PAN-OS and cloud-delivered services inad ...)
+ NOT-FOR-US: PAN-OS
CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local ...)
NOT-FOR-US: PAN-OS
CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows a loc ...)
@@ -26352,19 +68234,34 @@ CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks Glo
CVE-2020-1975 (Missing XML validation vulnerability in the PAN-OS web interface on Pa ...)
NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2020-1974
- RESERVED
+ REJECTED
CVE-2020-1973
- RESERVED
+ REJECTED
CVE-2020-1972
- RESERVED
-CVE-2020-1971
- RESERVED
+ REJECTED
+CVE-2020-1971 (The X.509 GeneralName type is a generic type for representing differen ...)
+ {DSA-4807-1 DLA-2493-1 DLA-2492-1}
+ - openssl 1.1.1i-1
+ - openssl1.0 <removed>
+ NOTE: https://www.openssl.org/news/secadv/20201208.txt
+ NOTE: Prerequisite: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=aa0ad2011d3e7ad8a611da274ef7d9c7706e289b (OpenSSL_1_1_1-stable)
+ NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920 (OpenSSL_1_1_1-stable)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ecc76f6746cefd502c7e9000bdfa4e5d7911386 (OpenSSL_1_1_1-stable)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=41d62636fd996c031c0c7cef746476278583dc9e (OpenSSL_1_1_1-stable)
+ NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94ece6af0c89d596f9c5221b7df7d6582168c8ba (OpenSSL_1_1_1-stable)
+ NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=433974af7b188d55b1da049b84f3fdeca320cb6a (OpenSSL_1_1_1-stable)
CVE-2020-1970
- RESERVED
+ REJECTED
CVE-2020-1969
- RESERVED
-CVE-2020-1968
- RESERVED
+ REJECTED
+CVE-2020-1968 (The Raccoon attack exploits a flaw in the TLS specification which can ...)
+ {DLA-2378-1}
+ - openssl 1.1.0c-1
+ - openssl1.0 <removed>
+ NOTE: https://www.openssl.org/news/secadv/20200909.txt
+ NOTE: https://raccoon-attack.com/
+ NOTE: Fixed DH ciphersuites removed upstream in 1.1.0~pre2:
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc71f91064a3eec10310fa4cc14fe2a3fd9bc7bb (OpenSSL_1_1_0-pre2)
CVE-2020-1967 (Server or client applications that call the SSL_check_chain() function ...)
{DSA-4661-1}
- openssl 1.1.1g-1
@@ -26373,13 +68270,13 @@ CVE-2020-1967 (Server or client applications that call the SSL_check_chain() fun
- openssl1.0 <not-affected> (Only affects 1.1.1d to 1.1.1f)
NOTE: https://www.openssl.org/news/secadv/20200421.txt
CVE-2020-1966
- RESERVED
+ REJECTED
CVE-2020-1965
RESERVED
CVE-2020-1964 (It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-inc ...)
NOT-FOR-US: Apache Heron
-CVE-2020-1963
- RESERVED
+CVE-2020-1963 (Apache Ignite uses H2 database to build SQL distributed execution engi ...)
+ NOT-FOR-US: Apache Ignite
CVE-2020-1962
REJECTED
CVE-2020-1961 (Vulnerability to Server-Side Template Injection on Mail templates for ...)
@@ -26391,12 +68288,16 @@ CVE-2020-1959 (A Server-Side Template Injection was identified in Apache Syncope
CVE-2020-1958 (When LDAP authentication is enabled in Apache Druid 0.17.0, callers of ...)
- druid <itp> (bug #825797)
CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...)
- {DLA-2181-1}
- - shiro <unfixed> (bug #955018)
+ {DLA-2273-1 DLA-2181-1}
+ - shiro 1.3.2-5 (bug #955018)
+ [bullseye] - shiro 1.3.2-4+deb11u1
+ [buster] - shiro 1.3.2-4+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2
NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139
NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322
-CVE-2020-1956 (Kylin has some restful apis which will concatenate os command with the ...)
+ NOTE: Fix for CVE-2020-1957 introduces a (security sensitive) encoding issue
+ NOTE: resulting in a followup release 1.5.3.
+CVE-2020-1956 (Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restfu ...)
NOT-FOR-US: Apache Kylin
CVE-2020-1955 (CouchDB version 3.0.0 shipped with a new configuration setting that go ...)
- couchdb <removed>
@@ -26404,27 +68305,34 @@ CVE-2020-1954 (Apache CXF has the ability to integrate with JMX by registering a
NOT-FOR-US: Apache CXF
CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML ...)
- commons-configuration2 2.7-1 (bug #954713)
+ [buster] - commons-configuration2 2.2-1+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2020/03/13/1
CVE-2020-1952 (An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. W ...)
NOT-FOR-US: Apache IoTDB
CVE-2020-1951 (A carefully crafted or corrupt PSD file can cause an infinite loop in ...)
{DLA-2161-1}
- - tika <unfixed> (bug #954302)
+ - tika 1.22-2 (bug #954302)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/4
+ NOTE: https://github.com/apache/tika/commit/ab8a9ed830ec710a32e4ffdf4989aea3aaea92ef
CVE-2020-1950 (A carefully crafted or corrupt PSD file can cause excessive memory usa ...)
{DLA-2161-1}
- - tika <unfixed> (bug #954303)
+ - tika 1.22-2 (bug #954303)
[buster] - tika <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/3
+ NOTE: https://github.com/apache/tika/commit/ab8a9ed830ec710a32e4ffdf4989aea3aaea92ef
CVE-2020-1949 (Scripts in Sling CMS before 0.16.0 do not property escape the Sling Se ...)
NOT-FOR-US: Apache Sling
-CVE-2020-1948
- RESERVED
+CVE-2020-1948 (This vulnerability can affect all Dubbo users stay on version 2.7.6 or ...)
+ NOT-FOR-US: Apache Dubbo
CVE-2020-1947 (In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingS ...)
NOT-FOR-US: Apache ShardingSphere
-CVE-2020-1946
- RESERVED
+CVE-2020-1946 (In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf ...)
+ {DSA-4879-1 DLA-2615-1}
+ - spamassassin 3.4.5~pre1-1 (bug #985962)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/3
+ NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7793 (not public)
+ NOTE: https://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/Conf/Parser.pm?r1=1864416&r2=1876381&pathrev=1876381
CVE-2020-1945 (Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default tempora ...)
- ant 1.10.8-1 (low; bug #960630)
[buster] - ant <no-dsa> (Minor issue)
@@ -26438,6 +68346,7 @@ CVE-2020-1945 (Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default te
NOTE: https://github.com/apache/ant/commit/041b058c7bf10a94d56db3ca9dba38cf90ab9943 (10.8)
NOTE: https://github.com/apache/ant/commit/a8645a151bc706259fb1789ef587d05482d98612 (10.8)
NOTE: https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (10.8)
+ NOTE: Adressing CVE-2020-1945 introduces a new issue CVE-2020-11979.
CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
{DSA-4672-1}
- trafficserver 8.0.6+ds-1
@@ -26460,6 +68369,7 @@ CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken wh
- tomcat9 9.0.31-1 (bug #952437)
- tomcat8 <removed> (bug #952438)
- tomcat7 <removed> (bug #952436)
+ [stretch] - tomcat7 <ignored> (No components in libservlet3.0-java binary package are affected)
NOTE: AJP disabled in Debian in default configuration since 2008
NOTE: fixed in upstream versions 9.0.31, 8.5.51, 7.0.100
NOTE: https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
@@ -26479,20 +68389,20 @@ CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken wh
NOTE: https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645 (7.0.100)
CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with the user ...)
NOT-FOR-US: Apache Kylin
-CVE-2020-1936
- RESERVED
+CVE-2020-1936 (A cross-site scripting issue was found in Apache Ambari Views. This wa ...)
+ NOT-FOR-US: Apache Ambari
CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...)
{DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1}
- tomcat9 9.0.31-1
- tomcat8 <removed>
- tomcat7 <removed>
+ [stretch] - tomcat7 <ignored> (No components in libservlet3.0-java binary package are affected)
NOTE: https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26 (9.0.31)
NOTE: https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56 (8.5.51)
NOTE: https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d (7.0.100)
CVE-2020-1934 (In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitial ...)
+ {DSA-4757-1 DLA-2706-1}
- apache2 2.4.43-1 (low)
- [buster] - apache2 <no-dsa> (Minor issue)
- [stretch] - apache2 <no-dsa> (Minor issue)
[jessie] - apache2 <ignored> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1934
NOTE: Upstream patch: https://svn.apache.org/r1873745
@@ -26517,15 +68427,14 @@ CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 ha
CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...)
NOT-FOR-US: Apache NiFi
CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_r ...)
+ {DSA-4757-1 DLA-2706-1}
- apache2 2.4.43-1 (low)
- [buster] - apache2 <no-dsa> (Minor issue)
- [stretch] - apache2 <no-dsa> (Minor issue)
[jessie] - apache2 <ignored> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1927
NOTE: https://svn.apache.org/r1873905
NOTE: https://svn.apache.org/r1874191
-CVE-2020-1926
- RESERVED
+CVE-2020-1926 (Apache Hive cookie signature verification used a non constant time com ...)
+ NOT-FOR-US: Apache Hive
CVE-2020-1925 (Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperI ...)
NOT-FOR-US: Olingo
CVE-2020-1924
@@ -26534,84 +68443,84 @@ CVE-2020-1923
RESERVED
CVE-2020-1922
RESERVED
-CVE-2020-1921
- RESERVED
-CVE-2020-1920
- RESERVED
-CVE-2020-1919
- RESERVED
-CVE-2020-1918
- RESERVED
-CVE-2020-1917
- RESERVED
-CVE-2020-1916
- RESERVED
-CVE-2020-1915
- RESERVED
-CVE-2020-1914
- RESERVED
-CVE-2020-1913
- RESERVED
-CVE-2020-1912
- RESERVED
-CVE-2020-1911
- RESERVED
-CVE-2020-1910
- RESERVED
-CVE-2020-1909
- RESERVED
-CVE-2020-1908
- RESERVED
-CVE-2020-1907
- RESERVED
-CVE-2020-1906
- RESERVED
-CVE-2020-1905
- RESERVED
-CVE-2020-1904
- RESERVED
-CVE-2020-1903
- RESERVED
-CVE-2020-1902
- RESERVED
-CVE-2020-1901
- RESERVED
-CVE-2020-1900
- RESERVED
-CVE-2020-1899
- RESERVED
-CVE-2020-1898
- RESERVED
+CVE-2020-1921 (In the crypt function, we attempt to null terminate a buffer using the ...)
+ - hhvm <removed>
+CVE-2020-1920 (A regular expression denial of service (ReDoS) vulnerability in the va ...)
+ NOT-FOR-US: react-native
+CVE-2020-1919 (Incorrect bounds calculations in substr_compare could lead to an out-o ...)
+ - hhvm <removed>
+CVE-2020-1918 (In-memory file operations (ie: using fopen on a data URI) did not prop ...)
+ - hhvm <removed>
+CVE-2020-1917 (xbuf_format_converter, used as part of exif_read_data, was appending a ...)
+ - hhvm <removed>
+CVE-2020-1916 (An incorrect size calculation in ldap_escape may lead to an integer ov ...)
+ - hhvm <removed>
+CVE-2020-1915 (An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2020-1914 (A logic vulnerability when handling the SaveGeneratorLong instruction ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in Facebook ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2020-1912 (An out-of-bounds read/write vulnerability when executing lazily compil ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2020-1911 (A type confusion vulnerability when resolving properties of JavaScript ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2020-1910 (A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and ...)
+ NOT-FOR-US: WhatsApp
+CVE-2020-1909 (A use-after-free in a logging library in WhatsApp for iOS prior to v2. ...)
+ NOT-FOR-US: WhatsApp
+CVE-2020-1908 (Improper authorization of the Screen Lock feature in WhatsApp and What ...)
+ NOT-FOR-US: WhatsApp
+CVE-2020-1907 (A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsA ...)
+ NOT-FOR-US: WhatsApp
+CVE-2020-1906 (A buffer overflow in WhatsApp for Android prior to v2.20.130 and Whats ...)
+ NOT-FOR-US: WhatsApp
+CVE-2020-1905 (Media ContentProvider URIs used for opening attachments in other apps ...)
+ NOT-FOR-US: WhatsApp
+CVE-2020-1904 (A path validation issue in WhatsApp for iOS prior to v2.20.61 and What ...)
+ NOT-FOR-US: WhatsApp
+CVE-2020-1903 (An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for ...)
+ NOT-FOR-US: WhatsApp
+CVE-2020-1902 (A user running a quick search on a highly forwarded message on WhatsAp ...)
+ NOT-FOR-US: WhatsApp
+CVE-2020-1901 (Receiving a large text message containing URLs in WhatsApp for iOS pri ...)
+ NOT-FOR-US: WhatsApp
+CVE-2020-1900 (When unserializing an object with dynamic properties HHVM needs to pre ...)
+ - hhvm <removed>
+CVE-2020-1899 (The unserialize() function supported a type code, "S", which was meant ...)
+ - hhvm <removed>
+CVE-2020-1898 (The fb_unserialize function did not impose a depth limit for nested de ...)
+ - hhvm <removed>
CVE-2020-1897 (A use-after-free is possible due to an error in lifetime management in ...)
NOT-FOR-US: Facebook Proxygen
-CVE-2020-1896
- RESERVED
+CVE-2020-1896 (A stack overflow vulnerability in Facebook Hermes 'builtin apply' prio ...)
+ NOT-FOR-US: Facebook Hermes
CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...)
NOT-FOR-US: Instagram for Android
-CVE-2020-1894
- RESERVED
+CVE-2020-1894 (A stack write overflow in WhatsApp for Android prior to v2.20.35, What ...)
+ NOT-FOR-US: WhatsApp
CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out ...)
- hhvm <removed>
CVE-2020-1892 (Insufficient boundary checks when decoding JSON in JSON_parser allows ...)
- hhvm <removed>
-CVE-2020-1891
- RESERVED
-CVE-2020-1890
- RESERVED
-CVE-2020-1889
- RESERVED
+CVE-2020-1891 (A user controlled parameter used in video call in WhatsApp for Android ...)
+ NOT-FOR-US: WhatsApp
+CVE-2020-1890 (A URL validation issue in WhatsApp for Android prior to v2.20.11 and W ...)
+ NOT-FOR-US: WhatsApp
+CVE-2020-1889 (A security feature bypass issue in WhatsApp Desktop versions prior to ...)
+ NOT-FOR-US: WhatsApp
CVE-2020-1888 (Insufficient boundary checks when decoding JSON in handleBackslash rea ...)
- hhvm <removed>
CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions after ...)
- osquery <itp> (bug #803502)
-CVE-2020-1886
- RESERVED
+CVE-2020-1886 (A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsA ...)
+ NOT-FOR-US: WhatsApp
CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...)
NOT-FOR-US: Oculus Desktop
CVE-2020-1884
RESERVED
-CVE-2020-1883
- RESERVED
+CVE-2020-1883 (Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak v ...)
+ NOT-FOR-US: Huawei
CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...)
NOT-FOR-US: Huawei
CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)
@@ -26636,18 +68545,18 @@ CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 9.1.0.201
NOT-FOR-US: Huawei
CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...)
NOT-FOR-US: Huawei
-CVE-2020-1870 (CloudEngine 12800 products with versions of V200R019C00, V200R019C10SP ...)
- TODO: check
+CVE-2020-1870 (There is a denial of service vulnerability in some Huawei products. Du ...)
+ NOT-FOR-US: Huawei
CVE-2020-1869
RESERVED
CVE-2020-1868
RESERVED
CVE-2020-1867
RESERVED
-CVE-2020-1866
- RESERVED
-CVE-2020-1865
- RESERVED
+CVE-2020-1866 (There is an out-of-bounds read vulnerability in several products. The ...)
+ NOT-FOR-US: Huawei
+CVE-2020-1865 (There is an out-of-bounds read vulnerability in Huawei CloudEngine pro ...)
+ NOT-FOR-US: Huawei
CVE-2020-1864 (Some Huawei products have a security vulnerability due to improper aut ...)
NOT-FOR-US: Huawei
CVE-2020-1863 (Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, an ...)
@@ -26680,10 +68589,10 @@ CVE-2020-1850
RESERVED
CVE-2020-1849
RESERVED
-CVE-2020-1848
- RESERVED
-CVE-2020-1847
- RESERVED
+CVE-2020-1848 (There is a resource management error vulnerability in Jackman-AL00D ve ...)
+ NOT-FOR-US: Huawei
+CVE-2020-1847 (There is a denial of service vulnerability in some Huawei products. Th ...)
+ NOT-FOR-US: Huawei
CVE-2020-1846
RESERVED
CVE-2020-1845 (Huawei PCManager product with versions earlier than 10.0.5.53 have a l ...)
@@ -26698,18 +68607,18 @@ CVE-2020-1841 (Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00;
NOT-FOR-US: Huawei
CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...)
NOT-FOR-US: Huawei
-CVE-2020-1839
- RESERVED
-CVE-2020-1838
- RESERVED
-CVE-2020-1837
- RESERVED
-CVE-2020-1836
- RESERVED
-CVE-2020-1835
- RESERVED
-CVE-2020-1834
- RESERVED
+CVE-2020-1839 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
+ NOT-FOR-US: Huawei
+CVE-2020-1838 (HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) ...)
+ NOT-FOR-US: Huawei
+CVE-2020-1837 (ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) ...)
+ NOT-FOR-US: Huawei
+CVE-2020-1836 (HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUA ...)
+ NOT-FOR-US: Huawei
+CVE-2020-1835 (HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have ...)
+ NOT-FOR-US: Huawei
+CVE-2020-1834 (HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C0 ...)
+ NOT-FOR-US: Huawei
CVE-2020-1833 (Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) ...)
NOT-FOR-US: Huawei
CVE-2020-1832 (E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3. ...)
@@ -26726,8 +68635,8 @@ CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R
NOT-FOR-US: Huawei
CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...)
NOT-FOR-US: Huawei
-CVE-2020-1825
- RESERVED
+CVE-2020-1825 (FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of ...)
+ NOT-FOR-US: Huawei
CVE-2020-1824
RESERVED
CVE-2020-1823
@@ -26750,8 +68659,8 @@ CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R
NOT-FOR-US: Huawei
CVE-2020-1814 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...)
NOT-FOR-US: Huawei
-CVE-2020-1813
- RESERVED
+CVE-2020-1813 (HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2 ...)
+ NOT-FOR-US: Huawei
CVE-2020-1812 (HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P ...)
NOT-FOR-US: Huawei
CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...)
@@ -26760,7 +68669,7 @@ CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products.
NOT-FOR-US: Huawei
CVE-2020-1809 (HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E1 ...)
NOT-FOR-US: Huawei
-CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 wi ...)
+CVE-2020-1808 (Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI ...)
NOT-FOR-US: Huawei
CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...)
NOT-FOR-US: Huawei
@@ -26818,28 +68727,34 @@ CVE-2020-1781
RESERVED
CVE-2020-1780
RESERVED
-CVE-2020-1779
- RESERVED
-CVE-2020-1778
- RESERVED
-CVE-2020-1777
- RESERVED
-CVE-2020-1776
- RESERVED
-CVE-2020-1775
- RESERVED
+CVE-2020-1779 (When dynamic templates are used (OTRSTicketForms), admin can use OTRS ...)
+ NOT-FOR-US: OTRSTicketForms (OTRS addon)
+CVE-2020-1778 (When OTRS uses multiple backends for user authentication (with LDAP), ...)
+ - otrs2 <not-affected> (Only affects 8.x)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-16/
+CVE-2020-1777 (Agent names that participates in a chat conversation are revealed in c ...)
+ - otrs2 <not-affected> (Only affects 7.x and 8.x)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-15/
+CVE-2020-1776 (When an agent user is renamed or set to invalid the session belonging ...)
+ - otrs2 6.0.29-1
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-13/
+CVE-2020-1775 (BCC recipients in mails sent from OTRS are visible in article detail o ...)
+ - otrs2 <not-affected> (ONly affects 7.x and 8.x series)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-12/
CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported file has ...)
{DLA-2198-1}
- otrs2 6.0.28-1 (bug #959448)
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/
NOTE: Fixed in 7.0.17, 6.0.28
NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ff725cbea77f03fa296bb13f93f5b07086920342
CVE-2020-1773 (An attacker with the ability to generate session IDs or password reset ...)
- otrs2 6.0.27-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (Too intrusive to backport)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/
NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
@@ -26848,16 +68763,16 @@ CVE-2020-1773 (An attacker with the ability to generate session IDs or password
CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...)
{DLA-2198-1}
- otrs2 6.0.27-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/
NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
NOTE: OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b
NOTE: OTRS5: https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7
CVE-2020-1771 (Attacker is able craft an article with a link to the customer address ...)
- otrs2 6.0.27-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (Vulnerable code introduced in later version)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/
NOTE: Fixed in 7.0.16, 6.0.27
@@ -26865,16 +68780,16 @@ CVE-2020-1771 (Attacker is able craft an article with a link to the customer add
CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...)
{DLA-2198-1}
- otrs2 6.0.27-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/
NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
NOTE: OTRS6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95
NOTE: OTRS5: https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d
CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...)
- otrs2 6.0.27-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (https://lists.debian.org/debian-lts/2020/04/msg00040.html)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/
NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
@@ -26886,23 +68801,23 @@ CVE-2020-1768 (The external frontend system uses numerous background calls to th
CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then Agent ...)
{DLA-2079-1}
- otrs2 6.0.25-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/
NOTE: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570
CVE-2020-1766 (Due to improper handling of uploaded images it is possible in very unl ...)
{DLA-2079-1}
- otrs2 6.0.25-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-02/
NOTE: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 (OTRS6)
NOTE: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a (OTRS5)
CVE-2020-1765 (An improper control of parameters allows the spoofing of the from fiel ...)
{DLA-2079-1}
- otrs2 6.0.25-1
- [buster] - otrs2 <no-dsa> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/
NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6)
NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5)
@@ -26916,12 +68831,12 @@ CVE-2020-1763 (An out-of-bounds buffer read flaw was found in the pluto daemon o
NOTE: https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
CVE-2020-1762 (An insufficient JWT validation vulnerability was found in Kiali versio ...)
NOT-FOR-US: Kiali
-CVE-2020-1761
- RESERVED
+CVE-2020-1761 (A flaw was found in the OpenShift web console, where the access token ...)
NOT-FOR-US: OpenShift
CVE-2020-1760 (A flaw was found in the Ceph Object Gateway, where it supports request ...)
- {DLA-2171-1}
+ {DLA-2735-1 DLA-2171-1}
- ceph 14.2.9-1 (bug #956142)
+ [buster] - ceph <no-dsa> (Minor issue)
NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e
NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/8aa1f77363ec32bdc57744a143035033291ab5e1
NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/18eb4d918b27d362312c29a3bbd57a421897c0a5
@@ -26939,8 +68854,11 @@ CVE-2020-1759 (A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat O
CVE-2020-1758 (A flaw was found in Keycloak in versions before 10.0.0, where it does ...)
NOT-FOR-US: Keycloak
CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to undertow- ...)
- - undertow <unfixed>
+ - undertow 2.1.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1752770
+ NOTE: https://issues.redhat.com/browse/UNDERTOW-1464
+ NOTE: https://issues.redhat.com/browse/UNDERTOW-1671
+ NOTE: https://github.com/undertow-io/undertow/pull/871
CVE-2020-1756
RESERVED
CVE-2020-1755
@@ -26948,11 +68866,15 @@ CVE-2020-1755
CVE-2020-1754
RESERVED
CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...)
- - ansible <unfixed>
+ {DSA-4950-1}
+ - ansible 2.9.16+dfsg-1
[stretch] - ansible <not-affected> (Vulnerable code introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1811008
NOTE: https://github.com/ansible-collections/kubernetes/pull/51
+ NOTE: https://github.com/ansible/ansible/pull/71971
+ NOTE: Fixed by: https://github.com/ansible/ansible/commit/3728530c9a21c0992047d32cb02518d1b076e23d (v2.9.14rc1)
+ NOTE: Followup fix: https://github.com/ansible/ansible/commit/7529d31ba9042843ca4364459a744381728b7b4f (v2.9.15rc1)
NOTE: Fixing commit only introduces a warning about disclosure when using certain
NOTE: options.
CVE-2020-1752 (A use-after-free vulnerability introduced in glibc upstream version 2. ...)
@@ -26970,16 +68892,16 @@ CVE-2020-1751 (An out-of-bounds write vulnerability was found in glibc before 2.
[jessie] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25423
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d93769405996dfc11d216ddbe415946617b5a494
-CVE-2020-1750
- RESERVED
+CVE-2020-1750 (A flaw was found in the machine-config-operator that causes an OpenShi ...)
NOT-FOR-US: OpenShift machine-config-operator
-CVE-2020-1749 [net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup]
- RESERVED
+CVE-2020-1749 (A flaw was found in the Linux kernel's implementation of some networki ...)
+ {DLA-2241-1}
- linux 5.4.6-1
[buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.228-1
NOTE: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2
-CVE-2020-1748
- RESERVED
+CVE-2020-1748 (A flaw was found in all supported versions before wildfly-elytron-1.6. ...)
+ - wildfly <itp> (bug #752018)
CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions befor ...)
- pyyaml 5.3-2 (bug #953013)
[buster] - pyyaml <not-affected> (Loader/Constructor classes are unsafe in this version)
@@ -26987,6 +68909,7 @@ CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions
[jessie] - pyyaml <not-affected> (Loader/Constructor classes are unsafe in this version)
NOTE: https://github.com/yaml/pyyaml/pull/386
CVE-2020-1746 (A flaw was found in the Ansible Engine affecting Ansible Engine versio ...)
+ {DSA-4950-1}
- ansible 2.9.7+dfsg-1
[stretch] - ansible <not-affected> (Vulnerable code introduced later)
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
@@ -27003,19 +68926,18 @@ CVE-2020-1744 (A flaw was found in keycloak before version 9.0.1. When configuri
NOT-FOR-US: Keycloak
CVE-2020-1743
RESERVED
-CVE-2020-1742
- RESERVED
+CVE-2020-1742 (An insecure modification vulnerability flaw was found in containers us ...)
NOT-FOR-US: OpenShift jenkins-slave-base-rhel7-container
CVE-2020-1741 (A flaw was found in openshift-ansible. OpenShift Container Platform (O ...)
NOT-FOR-US: openshift-ansible
CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...)
- {DLA-2202-1}
+ {DSA-4950-1 DLA-2202-1}
- ansible 2.9.7+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193
NOTE: https://github.com/ansible/ansible/issues/67798
NOTE: https://github.com/ansible/ansible/pull/68644
CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9 ...)
- {DLA-2202-1}
+ {DSA-4950-1 DLA-2202-1}
- ansible 2.9.7+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178
NOTE: https://github.com/ansible/ansible/issues/67797
@@ -27034,10 +68956,15 @@ CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, an
NOTE: https://github.com/ansible/ansible/pull/67799
NOTE: Issue in the win_unzip module which is executed only on Windows plattform
CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using atomic_m ...)
- - ansible <unfixed>
+ - ansible <unfixed> (unimportant; bug #966663)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802124
NOTE: https://github.com/ansible/ansible/issues/67794
+ NOTE: https://github.com/ansible/ansible/pull/70221
+ NOTE: The issue will not be fixed source-wise, but to avoid the issue raised in
+ NOTE: CVE-2020-1736 one should specify a mode parameter in all file-based tasks
+ NOTE: that accept it, cf. https://github.com/ansible/ansible/commit/7eec8e4d268d6711f317583974e9e936083de636
CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is used. ...)
+ {DSA-4950-1}
- ansible 2.9.7+dfsg-1
[jessie] - ansible <not-affected> (No remote expansion in fetch module)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085
@@ -27055,7 +68982,7 @@ CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary
NOTE: Upstream considers this intended functionality and delegates it up to the
NOTE: playbook author to ensure they use the quote filter.
CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...)
- {DLA-2202-1}
+ {DSA-4950-1 DLA-2202-1}
- ansible 2.9.7+dfsg-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735
NOTE: https://github.com/ansible/ansible/issues/67791
@@ -27076,33 +69003,34 @@ CVE-2020-1730 (A flaw was found in libssh versions before 0.8.9 and before 0.9.4
NOTE: https://bugs.libssh.org/T213
NOTE: Introduced by: https://git.libssh.org/projects/libssh.git/commit/?id=84a85803b4c83b8dac03b0d0aba58b48c98253e6 (libssh-0.8.0)
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b36272eac1b36982598c10de7af0a501582de07a
-CVE-2020-1729
- RESERVED
+CVE-2020-1729 (A flaw was found in SmallRye's API through version 1.6.1. The API can ...)
NOT-FOR-US: SmallRye Config
CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, the pages ...)
NOT-FOR-US: Keycloak
-CVE-2020-1727
- RESERVED
+CVE-2020-1727 (A vulnerability was found in Keycloak before 9.0.2, where every Author ...)
NOT-FOR-US: Keycloak
CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...)
- libpod 1.6.4+dfsg1-3 (bug #961421)
NOTE: Introduced in: https://github.com/containers/libpod/commit/997c4b56ed2121726e966afe9a102ed16ba78f93 (v1.6.0-rc1)
NOTE: https://github.com/containers/libpod/pull/5168
NOTE: Fixed by: https://github.com/containers/libpod/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42 (v1.8.1-rc1)
-CVE-2020-1725
- RESERVED
+CVE-2020-1725 (A flaw was found in keycloak before version 13.0.0. In some scenarios ...)
+ NOT-FOR-US: Keycloak
CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This flaw allow ...)
NOT-FOR-US: Keycloak
-CVE-2020-1723
- RESERVED
+CVE-2020-1723 (The logout endpoint /oauth/logout?redirect=url can be abused to redire ...)
+ NOT-FOR-US: Keycloak
CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...)
- - freeipa <unfixed>
+ - freeipa 4.8.8-2 (bug #966200)
+ [buster] - freeipa <no-dsa> (Minor issue)
NOTE: https://pagure.io/freeipa/issue/8268
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793071
-CVE-2020-1721
- RESERVED
- - dogtag-pki <unfixed>
+ NOTE: https://pagure.io/freeipa/c/dbf5df4a66b68f62a9e063c43a30b46e539c603b (master)
+ NOTE: https://pagure.io/freeipa/c/089a393581aa249ddec66ce1455fff4951cdb827 (ipa-4-8)
+CVE-2020-1721 (A flaw was found in the Key Recovery Authority (KRA) Agent Service in ...)
+ - dogtag-pki 10.9.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579
+ NOTE: https://github.com/dogtagpki/pki/commit/b3514113c867c9394dd84e313c55dc66f3e846b6 (v10.9.0-a2)
CVE-2020-1720 (A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", whe ...)
{DSA-4623-1 DSA-4622-1 DLA-2105-1}
- postgresql-12 12.2-1
@@ -27112,15 +69040,13 @@ CVE-2020-1720 (A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION"
NOTE: https://www.postgresql.org/about/news/2011/
NOTE: Fixed in 12.2, 11.7, 10.12, 9.6.17, 9.5.21, and 9.4.26
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b048f558dd7c26a0c630a2cff29d3d8981eaf6b9
-CVE-2020-1719
- RESERVED
+CVE-2020-1719 (A flaw was found in wildfly. The EJBContext principle is not popped ba ...)
- wildfly <itp> (bug #752018)
CVE-2020-1718 (A flaw was found in the reset credential flow in all Keycloak versions ...)
NOT-FOR-US: Keycloak
-CVE-2020-1717
- RESERVED
-CVE-2020-1716
- RESERVED
+CVE-2020-1717 (A flaw was found in Keycloak 7.0.1. A logged in user can do an account ...)
+ NOT-FOR-US: Keycloak
+CVE-2020-1716 (A flaw was found in the ceph-ansible playbook where it contained hardc ...)
NOT-FOR-US: ceph-ansible
CVE-2020-1715
RESERVED
@@ -27144,15 +69070,14 @@ CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before v
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971
CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...)
- {DLA-2144-1}
+ {DLA-2373-1 DLA-2144-1}
- qemu 1:4.2-2 (bug #949731)
[buster] - qemu 1:3.1+dfsg-8+deb10u4
- [stretch] - qemu <postponed> (Intrusive to backport, revisit later)
- qemu-kvm <removed>
- NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html
+ NOTE: Upstream patch: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc (5.0)
NOTE: https://www.openwall.com/lists/oss-security/2020/01/23/3
-CVE-2020-1710
- RESERVED
+CVE-2020-1710 (The issue appears to be that JBoss EAP 6.4.21 does not parse the field ...)
+ NOT-FOR-US: JBoss EAP
CVE-2020-1709 (A vulnerability was found in all openshift/mediawiki 4.x.x versions pr ...)
NOT-FOR-US: openshift
CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all openshi ...)
@@ -27166,15 +69091,10 @@ CVE-2020-1705 (A vulnerability was found in openshift/template-service-broker-op
CVE-2020-1704 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
NOT-FOR-US: openshift
CVE-2020-1703
- RESERVED
- - freeipa <unfixed> (unimportant)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793049
- NOTE: Disputed by upstream, works as intended
-CVE-2020-1702
- RESERVED
+ REJECTED
+CVE-2020-1702 (A malicious container image can consume an unbounded amount of memory ...)
NOT-FOR-US: Red Hat container manager tooling
-CVE-2020-1701
- RESERVED
+CVE-2020-1701 (A flaw was found in the KubeVirt main virt-handler versions before 0.2 ...)
NOT-FOR-US: KubeVirt
CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...)
- ceph 14.2.7-1
@@ -27197,122 +69117,124 @@ CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to
NOT-FOR-US: Keycloak
CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token Proc ...)
- dogtag-pki <unfixed>
+ [bullseye] - dogtag-pki <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780707
CVE-2020-1695 (A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ...)
- resteasy <undetermined>
- - resteasy3.0 <undetermined>
+ - resteasy3.0 3.0.26-2
+ [buster] - resteasy3.0 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462
-CVE-2020-1694
- RESERVED
+ NOTE: https://github.com/resteasy/Resteasy/commit/acf15f2a8067f7e4cf5838342cecfa0b78a174fb
+CVE-2020-1694 (A flaw was found in all versions of Keycloak before 10.0.0, where the ...)
+ NOT-FOR-US: Keycloak
CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vulnerabl ...)
- NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
+ NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...)
- moodle <removed>
CVE-2020-1691
RESERVED
-CVE-2020-1690
- RESERVED
+CVE-2020-1690 (An improper authorization flaw was discovered in openstack-selinux's a ...)
NOT-FOR-US: openstack-selinux
-CVE-2020-1689
- RESERVED
-CVE-2020-1688
- RESERVED
-CVE-2020-1687
- RESERVED
-CVE-2020-1686
- RESERVED
-CVE-2020-1685
- RESERVED
-CVE-2020-1684
- RESERVED
-CVE-2020-1683
- RESERVED
-CVE-2020-1682
- RESERVED
-CVE-2020-1681
- RESERVED
-CVE-2020-1680
- RESERVED
-CVE-2020-1679
- RESERVED
-CVE-2020-1678
- RESERVED
-CVE-2020-1677
- RESERVED
-CVE-2020-1676
- RESERVED
-CVE-2020-1675
- RESERVED
+CVE-2020-1689 (On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series d ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1688 (On Juniper Networks SRX Series and NFX Series, a local authenticated u ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1687 (On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series d ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1686 (On Juniper Networks Junos OS devices, receipt of a malformed IPv6 pack ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1685 (When configuring stateless firewall filters in Juniper Networks EX4600 ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1684 (On Juniper Networks SRX Series configured with application identificat ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1683 (On Juniper Networks Junos OS devices, a specific SNMP OID poll causes ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1682 (An input validation vulnerability exists in Juniper Networks Junos OS, ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1681 (Receipt of a specifically malformed NDP packet sent from the local are ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1680 (On Juniper Networks MX Series with MS-MIC or MS-MPC card configured wi ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1679 (On Juniper Networks PTX and QFX Series devices with packet sampling co ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1678 (On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1677 (When SAML authentication is enabled, Juniper Networks Mist Cloud UI mi ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1676 (When SAML authentication is enabled, Juniper Networks Mist Cloud UI mi ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1675 (When Security Assertion Markup Language (SAML) authentication is enabl ...)
+ NOT-FOR-US: Juniper
CVE-2020-1674
- RESERVED
-CVE-2020-1673
- RESERVED
-CVE-2020-1672
- RESERVED
-CVE-2020-1671
- RESERVED
-CVE-2020-1670
- RESERVED
-CVE-2020-1669
- RESERVED
-CVE-2020-1668
- RESERVED
-CVE-2020-1667
- RESERVED
-CVE-2020-1666
- RESERVED
-CVE-2020-1665
- RESERVED
-CVE-2020-1664
- RESERVED
+ REJECTED
+CVE-2020-1673 (Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1672 (On Juniper Networks Junos OS devices configured with DHCPv6 relay enab ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1671 (On Juniper Networks Junos OS platforms configured as DHCPv6 local serv ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1670 (On Juniper Networks EX4300 Series, receipt of a stream of specific IPv ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1669 (The Juniper Device Manager (JDM) container, used by the disaggregated ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1668 (On Juniper Networks EX2300 Series, receipt of a stream of specific mul ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1667 (When DNS filtering is enabled on Juniper Networks Junos MX Series with ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1666 (The system console configuration option 'log-out-on-disconnect' In Jun ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1665 (On Juniper Networks MX Series and EX9200 Series, in a certain conditio ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1664 (A stack buffer overflow vulnerability in the device control daemon (DC ...)
+ NOT-FOR-US: Juniper
CVE-2020-1663
RESERVED
-CVE-2020-1662
- RESERVED
-CVE-2020-1661
- RESERVED
-CVE-2020-1660
- RESERVED
+CVE-2020-1662 (On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1661 (On Juniper Networks Junos OS devices configured as a DHCP forwarder, t ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1660 (When DNS filtering is enabled on Juniper Networks Junos MX Series with ...)
+ NOT-FOR-US: Juniper
CVE-2020-1659
RESERVED
CVE-2020-1658
RESERVED
-CVE-2020-1657
- RESERVED
-CVE-2020-1656
- RESERVED
-CVE-2020-1655
- RESERVED
-CVE-2020-1654
- RESERVED
-CVE-2020-1653
- RESERVED
-CVE-2020-1652
- RESERVED
-CVE-2020-1651
- RESERVED
-CVE-2020-1650
- RESERVED
-CVE-2020-1649
- RESERVED
-CVE-2020-1648
- RESERVED
-CVE-2020-1647
- RESERVED
-CVE-2020-1646
- RESERVED
-CVE-2020-1645
- RESERVED
-CVE-2020-1644
- RESERVED
-CVE-2020-1643
- RESERVED
+CVE-2020-1657 (On SRX Series devices, a vulnerability in the key-management-daemon (k ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1656 (The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd da ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1655 (When a device running Juniper Networks Junos OS with MPC7, MPC8, or MP ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1654 (On Juniper Networks SRX Series with ICAP (Internet Content Adaptation ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1653 (On Juniper Networks Junos OS devices, a stream of TCP packets sent to ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1652 (OpenNMS is accessible via port 9443 ...)
+ - opennms <itp> (bug #450615)
+CVE-2020-1651 (On Juniper Networks MX series, receipt of a stream of specific Layer 2 ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1650 (On Juniper Networks Junos MX Series with service card configured, rece ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1649 (When a device running Juniper Networks Junos OS with MPC7, MPC8, or MP ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1648 (On Juniper Networks Junos OS and Junos OS Evolved devices, processing ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1647 (On Juniper Networks SRX Series with ICAP (Internet Content Adaptation ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1646 (On Juniper Networks Junos OS and Junos OS Evolved devices, processing ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1645 (When DNS filtering is enabled on Juniper Networks Junos MX Series with ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1644 (On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1643 (Execution of the "show ospf interface extensive" or "show ospf interfa ...)
+ NOT-FOR-US: Juniper
CVE-2020-1642
RESERVED
-CVE-2020-1641
- RESERVED
-CVE-2020-1640
- RESERVED
+CVE-2020-1641 (A Race Condition vulnerability in Juniper Networks Junos OS LLDP imple ...)
+ NOT-FOR-US: Juniper
+CVE-2020-1640 (An improper use of a validation framework when processing incoming gen ...)
+ NOT-FOR-US: Juniper
CVE-2020-1639 (When an attacker sends a specific crafted Ethernet Operation, Administ ...)
NOT-FOR-US: Juniper
CVE-2020-1638 (The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and J ...)
@@ -27393,820 +69315,829 @@ CVE-2020-1601 (Certain types of malformed Path Computation Element Protocol (PCE
NOT-FOR-US: Juniper
CVE-2020-1600 (In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an ...)
NOT-FOR-US: Juniper
-CVE-2020-1599
- RESERVED
-CVE-2020-1598
- RESERVED
-CVE-2020-1597
- RESERVED
-CVE-2020-1596
- RESERVED
-CVE-2020-1595
- RESERVED
-CVE-2020-1594
- RESERVED
-CVE-2020-1593
- RESERVED
-CVE-2020-1592
- RESERVED
-CVE-2020-1591
- RESERVED
-CVE-2020-1590
- RESERVED
-CVE-2020-1589
- RESERVED
+CVE-2020-1599 (Windows Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1598 (An elevation of privilege vulnerability exists when the Windows Univer ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1597 (A denial of service vulnerability exists when ASP.NET Core improperly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1596 (A information disclosure vulnerability exists when TLS components use ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1595 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1594 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1593 (A remote code execution vulnerability exists when Windows Media Audio ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1592 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1591 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1590 (An elevation of privilege vulnerability exists when the Connected User ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1589 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1588
RESERVED
-CVE-2020-1587
- RESERVED
+CVE-2020-1587 (An elevation of privilege vulnerability exists when the Windows Ancill ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1586
RESERVED
-CVE-2020-1585
- RESERVED
-CVE-2020-1584
- RESERVED
-CVE-2020-1583
- RESERVED
-CVE-2020-1582
- RESERVED
-CVE-2020-1581
- RESERVED
-CVE-2020-1580
- RESERVED
-CVE-2020-1579
- RESERVED
-CVE-2020-1578
- RESERVED
-CVE-2020-1577
- RESERVED
-CVE-2020-1576
- RESERVED
-CVE-2020-1575
- RESERVED
-CVE-2020-1574
- RESERVED
-CVE-2020-1573
- RESERVED
+CVE-2020-1585 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1584 (An elevation of privilege vulnerability exists in the way that the dns ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1583 (An information disclosure vulnerability exists when Microsoft Word imp ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1582 (A remote code execution vulnerability exists in Microsoft Access softw ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1581 (An elevation of privilege vulnerability exists in the way that Microso ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1580 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1579 (An elevation of privilege vulnerability exists when the Windows Functi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1578 (An information disclosure vulnerability exists in the Windows kernel t ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1577 (An information disclosure vulnerability exists when DirectWrite improp ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1576 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1575 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1574 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1573 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1572
RESERVED
-CVE-2020-1571
- RESERVED
-CVE-2020-1570
- RESERVED
-CVE-2020-1569
- RESERVED
-CVE-2020-1568
- RESERVED
-CVE-2020-1567
- RESERVED
-CVE-2020-1566
- RESERVED
-CVE-2020-1565
- RESERVED
-CVE-2020-1564
- RESERVED
-CVE-2020-1563
- RESERVED
-CVE-2020-1562
- RESERVED
-CVE-2020-1561
- RESERVED
-CVE-2020-1560
- RESERVED
-CVE-2020-1559
- RESERVED
-CVE-2020-1558
- RESERVED
-CVE-2020-1557
- RESERVED
-CVE-2020-1556
- RESERVED
-CVE-2020-1555
- RESERVED
-CVE-2020-1554
- RESERVED
-CVE-2020-1553
- RESERVED
-CVE-2020-1552
- RESERVED
-CVE-2020-1551
- RESERVED
-CVE-2020-1550
- RESERVED
-CVE-2020-1549
- RESERVED
-CVE-2020-1548
- RESERVED
-CVE-2020-1547
- RESERVED
-CVE-2020-1546
- RESERVED
-CVE-2020-1545
- RESERVED
-CVE-2020-1544
- RESERVED
-CVE-2020-1543
- RESERVED
-CVE-2020-1542
- RESERVED
-CVE-2020-1541
- RESERVED
-CVE-2020-1540
- RESERVED
-CVE-2020-1539
- RESERVED
-CVE-2020-1538
- RESERVED
-CVE-2020-1537
- RESERVED
-CVE-2020-1536
- RESERVED
-CVE-2020-1535
- RESERVED
-CVE-2020-1534
- RESERVED
-CVE-2020-1533
- RESERVED
-CVE-2020-1532
- RESERVED
-CVE-2020-1531
- RESERVED
-CVE-2020-1530
- RESERVED
-CVE-2020-1529
- RESERVED
-CVE-2020-1528
- RESERVED
-CVE-2020-1527
- RESERVED
-CVE-2020-1526
- RESERVED
-CVE-2020-1525
- RESERVED
-CVE-2020-1524
- RESERVED
-CVE-2020-1523
- RESERVED
-CVE-2020-1522
- RESERVED
-CVE-2020-1521
- RESERVED
-CVE-2020-1520
- RESERVED
-CVE-2020-1519
- RESERVED
-CVE-2020-1518
- RESERVED
-CVE-2020-1517
- RESERVED
-CVE-2020-1516
- RESERVED
-CVE-2020-1515
- RESERVED
-CVE-2020-1514
- RESERVED
-CVE-2020-1513
- RESERVED
-CVE-2020-1512
- RESERVED
-CVE-2020-1511
- RESERVED
-CVE-2020-1510
- RESERVED
-CVE-2020-1509
- RESERVED
-CVE-2020-1508
- RESERVED
-CVE-2020-1507
- RESERVED
-CVE-2020-1506
- RESERVED
-CVE-2020-1505
- RESERVED
-CVE-2020-1504
- RESERVED
-CVE-2020-1503
- RESERVED
-CVE-2020-1502
- RESERVED
-CVE-2020-1501
- RESERVED
-CVE-2020-1500
- RESERVED
-CVE-2020-1499
- RESERVED
-CVE-2020-1498
- RESERVED
-CVE-2020-1497
- RESERVED
-CVE-2020-1496
- RESERVED
-CVE-2020-1495
- RESERVED
-CVE-2020-1494
- RESERVED
-CVE-2020-1493
- RESERVED
-CVE-2020-1492
- RESERVED
-CVE-2020-1491
- RESERVED
-CVE-2020-1490
- RESERVED
-CVE-2020-1489
- RESERVED
-CVE-2020-1488
- RESERVED
-CVE-2020-1487
- RESERVED
-CVE-2020-1486
- RESERVED
-CVE-2020-1485
- RESERVED
-CVE-2020-1484
- RESERVED
-CVE-2020-1483
- RESERVED
-CVE-2020-1482
- RESERVED
-CVE-2020-1481
- RESERVED
-CVE-2020-1480
- RESERVED
-CVE-2020-1479
- RESERVED
-CVE-2020-1478
- RESERVED
-CVE-2020-1477
- RESERVED
-CVE-2020-1476
- RESERVED
-CVE-2020-1475
- RESERVED
-CVE-2020-1474
- RESERVED
-CVE-2020-1473
- RESERVED
-CVE-2020-1472
- RESERVED
-CVE-2020-1471
- RESERVED
-CVE-2020-1470
- RESERVED
-CVE-2020-1469
- RESERVED
-CVE-2020-1468
- RESERVED
-CVE-2020-1467
- RESERVED
-CVE-2020-1466
- RESERVED
-CVE-2020-1465
- RESERVED
-CVE-2020-1464
- RESERVED
-CVE-2020-1463
- RESERVED
-CVE-2020-1462
- RESERVED
-CVE-2020-1461
- RESERVED
-CVE-2020-1460
- RESERVED
-CVE-2020-1459
- RESERVED
-CVE-2020-1458
- RESERVED
-CVE-2020-1457
- RESERVED
-CVE-2020-1456
- RESERVED
-CVE-2020-1455
- RESERVED
-CVE-2020-1454
- RESERVED
-CVE-2020-1453
- RESERVED
-CVE-2020-1452
- RESERVED
-CVE-2020-1451
- RESERVED
-CVE-2020-1450
- RESERVED
-CVE-2020-1449
- RESERVED
-CVE-2020-1448
- RESERVED
-CVE-2020-1447
- RESERVED
-CVE-2020-1446
- RESERVED
-CVE-2020-1445
- RESERVED
-CVE-2020-1444
- RESERVED
-CVE-2020-1443
- RESERVED
-CVE-2020-1442
- RESERVED
+CVE-2020-1571 (An elevation of privilege vulnerability exists in Windows Setup in the ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1570 (A remote code execution vulnerability exists in the way that the scrip ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1569 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1568 (A remote code execution vulnerability exists when Microsoft Edge PDF R ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1567 (A remote code execution vulnerability exists in the way that the MSHTM ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1566 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1565 (An elevation of privilege vulnerability exists when the &amp;quot;Publ ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1564 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1563 (A remote code execution vulnerability exists in Microsoft Office softw ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1562 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1561 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1560 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1559 (An elevation of privilege vulnerability exists when the Windows Storag ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1558 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1557 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1556 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1555 (A remote code execution vulnerability exists in the way that the scrip ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1554 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1553 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1552 (An elevation of privilege vulnerability exists when the Windows Work F ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1551 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1550 (An elevation of privilege vulnerability exists when the Windows CDP Us ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1549 (An elevation of privilege vulnerability exists when the Windows CDP Us ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1548 (An information disclosure vulnerability exists when the Windows WaasMe ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1547 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1546 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1545 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1544 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1543 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1542 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1541 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1540 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1539 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1538 (An elevation of privilege vulnerability exists when the Windows UPnP D ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1537 (An elevation of privilege vulnerability exists when the Windows Remote ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1536 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1535 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1534 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1533 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1532 (An elevation of privilege vulnerability exists when the Windows Instal ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1531 (An elevation of privilege vulnerability exists when the Windows Accoun ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1530 (An elevation of privilege vulnerability exists when Windows Remote Acc ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1529 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1528 (An elevation of privilege vulnerability exists when the Windows Radio ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1527 (An elevation of privilege vulnerability exists when the Windows Custom ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1526 (An elevation of privilege vulnerability exists when the Windows Networ ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1525 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1524 (An elevation of privilege vulnerability exists when the Windows Speech ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1523 (A tampering vulnerability exists when Microsoft SharePoint Server fail ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1522 (An elevation of privilege vulnerability exists when the Windows Speech ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1521 (An elevation of privilege vulnerability exists when the Windows Speech ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1520 (A remote code execution vulnerability exists when the Windows Font Dri ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1519 (An elevation of privilege vulnerability exists when the Windows UPnP D ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1518 (An elevation of privilege vulnerability exists when the Windows File S ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1517 (An elevation of privilege vulnerability exists when the Windows File S ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1516 (An elevation of privilege vulnerability exists when the Windows Work F ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1515 (An elevation of privilege vulnerability exists when the Windows Teleph ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1514 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1513 (An elevation of privilege vulnerability exists when the Windows CSC Se ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1512 (An information disclosure vulnerability exists when the Windows State ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1511 (An elevation of privilege vulnerability exists when Connected User Exp ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1510 (An information disclosure vulnerability exists when the win32k compone ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1509 (An elevation of privilege vulnerability exists in the Local Security A ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1508 (A remote code execution vulnerability exists when Windows Media Audio ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1507 (An elevation of privilege vulnerability exists in the way that Microso ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1506 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1505 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1504 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1503 (An information disclosure vulnerability exists when Microsoft Word imp ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1502 (An information disclosure vulnerability exists when Microsoft Word imp ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1501 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1500 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1499 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1498 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1497 (An information disclosure vulnerability exists when Microsoft Excel im ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1496 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1495 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1494 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1493 (An information disclosure vulnerability exists when attaching files to ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1492 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1491 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1490 (An elevation of privilege vulnerability exists when the Storage Servic ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1489 (An elevation of privilege vulnerability exists when the Windows CSC Se ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1488 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1487 (An information disclosure vulnerability exists when Media Foundation i ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1486 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1485 (An information disclosure vulnerability exists when the Windows Image ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1484 (An elevation of privilege vulnerability exists when the Windows Work F ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1483 (A remote code execution vulnerability exists in Microsoft Outlook when ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1482 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1481 (A remote code execution vulnerability exists in the ESLint extension f ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1480 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1479 (An elevation of privilege vulnerability exists when DirectX improperly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1478 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1477 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1476 (An elevation of privilege vulnerability exists when ASP.NET or .NET we ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1475 (An elevation of privilege vulnerability exists in the way that the srm ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1474 (An information disclosure vulnerability exists when the Windows Image ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1473 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1472 (An elevation of privilege vulnerability exists when an attacker establ ...)
+ {DLA-2463-1}
+ [experimental] - samba 2:4.13.2+dfsg-1
+ - samba 2:4.13.2+dfsg-2 (bug #971048)
+ [buster] - samba <no-dsa> (Has already safe defaults; can be fixed along in point release)
+ NOTE: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
+ NOTE: Originally a Microsoft only CVE but it was found that the ZeroLogon attack
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14497
+ NOTE: Mitigation: server schannel = yes; but code changes planned.
+ NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/2
+ NOTE: https://www.samba.org/samba/security/CVE-2020-1472.html
+CVE-2020-1471 (An elevation of privilege vulnerability exists when Microsoft Windows ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1470 (An elevation of privilege vulnerability exists when the Windows Work F ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1469 (A denial of service vulnerability exists when the .NET implementation ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1468 (An information disclosure vulnerability exists when the Windows GDI co ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1467 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1466 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1465 (An elevation of privilege vulnerability exists in Microsoft OneDrive t ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1464 (A spoofing vulnerability exists when Windows incorrectly validates fil ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1463 (An elevation of privilege vulnerability exists in the way that the Sha ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1462 (An information disclosure vulnerability exists when Skype for Business ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1461 (An elevation of privilege vulnerability exists when the MpSigStub.exe ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1460 (A remote code execution vulnerability exists in Microsoft SharePoint S ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1459 (An information disclosure vulnerability exists on ARM implementations ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1458 (A remote code execution vulnerability exists when Microsoft Office imp ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1457 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1456 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1455 (A denial of service vulnerability exists when Microsoft SQL Server Man ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1454 (This vulnerability is caused when SharePoint Server does not properly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1453 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1452 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1451 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1450 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1449 (A remote code execution vulnerability exists in Microsoft Project soft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1448 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1447 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1446 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1445 (An information disclosure vulnerability exists when Microsoft Office i ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1444 (A remote code execution vulnerability exists in the way Microsoft Shar ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1443 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1442 (A spoofing vulnerability exists when an Office Web Apps server does no ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1441
RESERVED
-CVE-2020-1440
- RESERVED
-CVE-2020-1439
- RESERVED
-CVE-2020-1438
- RESERVED
-CVE-2020-1437
- RESERVED
-CVE-2020-1436
- RESERVED
-CVE-2020-1435
- RESERVED
-CVE-2020-1434
- RESERVED
-CVE-2020-1433
- RESERVED
-CVE-2020-1432
- RESERVED
-CVE-2020-1431
- RESERVED
-CVE-2020-1430
- RESERVED
-CVE-2020-1429
- RESERVED
-CVE-2020-1428
- RESERVED
-CVE-2020-1427
- RESERVED
-CVE-2020-1426
- RESERVED
-CVE-2020-1425
- RESERVED
-CVE-2020-1424
- RESERVED
-CVE-2020-1423
- RESERVED
-CVE-2020-1422
- RESERVED
-CVE-2020-1421
- RESERVED
-CVE-2020-1420
- RESERVED
-CVE-2020-1419
- RESERVED
-CVE-2020-1418
- RESERVED
-CVE-2020-1417
- RESERVED
-CVE-2020-1416
- RESERVED
-CVE-2020-1415
- RESERVED
-CVE-2020-1414
- RESERVED
-CVE-2020-1413
- RESERVED
-CVE-2020-1412
- RESERVED
-CVE-2020-1411
- RESERVED
-CVE-2020-1410
- RESERVED
-CVE-2020-1409
- RESERVED
-CVE-2020-1408
- RESERVED
-CVE-2020-1407
- RESERVED
-CVE-2020-1406
- RESERVED
-CVE-2020-1405
- RESERVED
-CVE-2020-1404
- RESERVED
-CVE-2020-1403
- RESERVED
-CVE-2020-1402
- RESERVED
-CVE-2020-1401
- RESERVED
-CVE-2020-1400
- RESERVED
-CVE-2020-1399
- RESERVED
-CVE-2020-1398
- RESERVED
-CVE-2020-1397
- RESERVED
-CVE-2020-1396
- RESERVED
-CVE-2020-1395
- RESERVED
-CVE-2020-1394
- RESERVED
-CVE-2020-1393
- RESERVED
-CVE-2020-1392
- RESERVED
-CVE-2020-1391
- RESERVED
-CVE-2020-1390
- RESERVED
-CVE-2020-1389
- RESERVED
-CVE-2020-1388
- RESERVED
-CVE-2020-1387
- RESERVED
-CVE-2020-1386
- RESERVED
-CVE-2020-1385
- RESERVED
-CVE-2020-1384
- RESERVED
-CVE-2020-1383
- RESERVED
-CVE-2020-1382
- RESERVED
-CVE-2020-1381
- RESERVED
-CVE-2020-1380
- RESERVED
-CVE-2020-1379
- RESERVED
-CVE-2020-1378
- RESERVED
-CVE-2020-1377
- RESERVED
-CVE-2020-1376
- RESERVED
-CVE-2020-1375
- RESERVED
-CVE-2020-1374
- RESERVED
-CVE-2020-1373
- RESERVED
-CVE-2020-1372
- RESERVED
-CVE-2020-1371
- RESERVED
-CVE-2020-1370
- RESERVED
-CVE-2020-1369
- RESERVED
-CVE-2020-1368
- RESERVED
-CVE-2020-1367
- RESERVED
-CVE-2020-1366
- RESERVED
-CVE-2020-1365
- RESERVED
-CVE-2020-1364
- RESERVED
-CVE-2020-1363
- RESERVED
-CVE-2020-1362
- RESERVED
-CVE-2020-1361
- RESERVED
-CVE-2020-1360
- RESERVED
-CVE-2020-1359
- RESERVED
-CVE-2020-1358
- RESERVED
-CVE-2020-1357
- RESERVED
-CVE-2020-1356
- RESERVED
-CVE-2020-1355
- RESERVED
-CVE-2020-1354
- RESERVED
-CVE-2020-1353
- RESERVED
-CVE-2020-1352
- RESERVED
-CVE-2020-1351
- RESERVED
-CVE-2020-1350
- RESERVED
-CVE-2020-1349
- RESERVED
-CVE-2020-1348
- RESERVED
-CVE-2020-1347
- RESERVED
-CVE-2020-1346
- RESERVED
-CVE-2020-1345
- RESERVED
-CVE-2020-1344
- RESERVED
-CVE-2020-1343
- RESERVED
-CVE-2020-1342
- RESERVED
+CVE-2020-1440 (A tampering vulnerability exists when Microsoft SharePoint Server fail ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1439 (A remote code execution vulnerability exists in PerformancePoint Servi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1438 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1437 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1436 (A remote code execution vulnerability exists when the Windows font lib ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1435 (A remote code execution vulnerability exists in the way that the Windo ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1434 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1433 (An information disclosure vulnerability exists when Microsoft Edge PDF ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1432 (An information disclosure vulnerability exists when Skype for Business ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1431 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1430 (An elevation of privilege vulnerability exists when the Windows UPnP D ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1429 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1428 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1427 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1426 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1425 (A remoted code execution vulnerability exists in the way that Microsof ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1424 (An elevation of privilege vulnerability exists when the Windows Update ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1423 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1422 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1421 (A remote code execution vulnerability exists in Microsoft Windows that ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1420 (An information disclosure vulnerability exists when Windows Error Repo ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1419 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1418 (An elevation of privilege vulnerability exists when the Windows Diagno ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1417 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1416 (An elevation of privilege vulnerability exists in Visual Studio and Vi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1415 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1414 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1413 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1412 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1411 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1410 (A remote code execution vulnerability exists when Windows Address Book ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1409 (A remote code execution vulnerability exists in the way that DirectWri ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1408 (A remote code execution vulnerability exists when the Windows font lib ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1407 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1406 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1405 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1404 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1403 (A remote code execution vulnerability exists in the way that the VBScr ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1402 (An elevation of privilege vulnerability exists when the Windows Active ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1401 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1400 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1399 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1398 (An elevation of privilege vulnerability exists when Windows Lockscreen ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1397 (An information disclosure vulnerability exists in Windows when the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1396 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1395 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1394 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1393 (An elevation of privilege vulnerability exists when the Windows Diagno ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1392 (An elevation of privilege vulnerability exists when the Windows Delive ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1391 (An information disclosure vulnerability exists when the Windows Agent ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1390 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1389 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1388 (An elevation of privilege vulnerability exists in the way that the psm ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1387 (An elevation of privilege vulnerability exists in the way the Windows ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1386 (An information vulnerability exists when Windows Connected User Experi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1385 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1384 (An elevation of privilege vulnerability exists when the Windows Crypto ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1383 (An information disclosure vulnerability exists in RPC if the server ha ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1382 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1381 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1380 (A remote code execution vulnerability exists in the way that the scrip ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1379 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1378 (An elevation of privilege vulnerability exists when the Windows Kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1377 (An elevation of privilege vulnerability exists when the Windows Kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1376 (An elevation of privilege vulnerability exists in the way that fdSSDP. ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1375 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1374 (A remote code execution vulnerability exists in the Windows Remote Des ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1373 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1372 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1371 (An elevation of privilege vulnerability exists when the Windows Event ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1370 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1369 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1368 (An elevation of privilege vulnerability exists in the way that the Cre ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1367 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1366 (An elevation of privilege vulnerability exists when the Windows Print ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1365 (An elevation of privilege vulnerability exists when the Windows Event ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1364 (A denial of service vulnerability exists in the way that the WalletSer ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1363 (An elevation of privilege vulnerability exists when the Windows Picker ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1362 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1361 (An information disclosure vulnerability exists in the way that the Wal ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1360 (An elevation of privilege vulnerability exists when the Windows Profil ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1359 (An elevation of privilege vulnerability exists when the Windows Crypto ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1358 (An information disclosure vulnerability exists when the Windows Resour ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1357 (An elevation of privilege vulnerability exists when the Windows System ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1356 (An elevation of privilege vulnerability exists when the Windows iSCSI ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1355 (A remote code execution vulnerability exists when the Windows Font Dri ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1354 (An elevation of privilege vulnerability exists when the Windows UPnP D ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1353 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1352 (An elevation of privilege vulnerability exists when the Windows USO Co ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1351 (An information disclosure vulnerability exists when the Windows Graphi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1350 (A remote code execution vulnerability exists in Windows Domain Name Sy ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1349 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1348 (An information disclosure vulnerability exists when the Windows GDI co ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1347 (An elevation of privilege vulnerability exists when the Windows Storag ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1346 (An elevation of privilege vulnerability exists when the Windows Module ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1345 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1344 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1343 (An information disclosure vulnerability exists in Visual Studio Code L ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1342 (An information disclosure vulnerability exists when Microsoft Office s ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1341
RESERVED
-CVE-2020-1340
- RESERVED
-CVE-2020-1339
- RESERVED
-CVE-2020-1338
- RESERVED
-CVE-2020-1337
- RESERVED
-CVE-2020-1336
- RESERVED
-CVE-2020-1335
- RESERVED
-CVE-2020-1334
- RESERVED
-CVE-2020-1333
- RESERVED
-CVE-2020-1332
- RESERVED
-CVE-2020-1331
- RESERVED
-CVE-2020-1330
- RESERVED
-CVE-2020-1329
- RESERVED
+CVE-2020-1340 (A spoofing vulnerability exists when the NuGetGallery does not properl ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1339 (A remote code execution vulnerability exists when Windows Media Audio ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1338 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1337 (An elevation of privilege vulnerability exists when the Windows Print ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1336 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1335 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1334 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1333 (An elevation of privilege vulnerability exists when Group Policy Servi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1332 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1331 (A spoofing vulnerability exists when System Center Operations Manager ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1330 (An information disclosure vulnerability exists when Windows Mobile Dev ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1329 (A spoofing vulnerability exists when Microsoft Bing Search for Android ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1328
RESERVED
-CVE-2020-1327
- RESERVED
-CVE-2020-1326
- RESERVED
-CVE-2020-1325
- RESERVED
-CVE-2020-1324
- RESERVED
-CVE-2020-1323
- RESERVED
-CVE-2020-1322
- RESERVED
-CVE-2020-1321
- RESERVED
-CVE-2020-1320
- RESERVED
-CVE-2020-1319
- RESERVED
-CVE-2020-1318
- RESERVED
-CVE-2020-1317
- RESERVED
-CVE-2020-1316
- RESERVED
-CVE-2020-1315
- RESERVED
-CVE-2020-1314
- RESERVED
-CVE-2020-1313
- RESERVED
-CVE-2020-1312
- RESERVED
-CVE-2020-1311
- RESERVED
-CVE-2020-1310
- RESERVED
-CVE-2020-1309
- RESERVED
-CVE-2020-1308
- RESERVED
-CVE-2020-1307
- RESERVED
-CVE-2020-1306
- RESERVED
-CVE-2020-1305
- RESERVED
-CVE-2020-1304
- RESERVED
-CVE-2020-1303
- RESERVED
-CVE-2020-1302
- RESERVED
-CVE-2020-1301
- RESERVED
-CVE-2020-1300
- RESERVED
-CVE-2020-1299
- RESERVED
-CVE-2020-1298
- RESERVED
-CVE-2020-1297
- RESERVED
-CVE-2020-1296
- RESERVED
-CVE-2020-1295
- RESERVED
-CVE-2020-1294
- RESERVED
-CVE-2020-1293
- RESERVED
-CVE-2020-1292
- RESERVED
-CVE-2020-1291
- RESERVED
-CVE-2020-1290
- RESERVED
-CVE-2020-1289
- RESERVED
+CVE-2020-1327 (A spoofing vulnerability exists in Microsoft Azure DevOps Server when ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1326 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1325 (Azure DevOps Server and Team Foundation Services Spoofing Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1324 (An elevation of privilege (user to user) vulnerability exists in Windo ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1323 (An open redirect vulnerability exists in Microsoft SharePoint that cou ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1322 (An information disclosure vulnerability exists when Microsoft Project ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1321 (A remote code execution vulnerability exists in Microsoft Office softw ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1320 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1319 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1318 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1317 (An elevation of privilege vulnerability exists when Group Policy impro ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1316 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1315 (An information disclosure vulnerability exists when Internet Explorer ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1314 (An elevation of privilege vulnerability exists in Windows Text Service ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1313 (An elevation of privilege vulnerability exists when the Windows Update ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1312 (An elevation of privilege vulnerability exists in Windows Installer be ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1311 (An elevation of privilege vulnerability exists when Component Object M ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1310 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1309 (An elevation of privilege vulnerability exists when the Microsoft Stor ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1308 (An elevation of privilege vulnerability exists when DirectX improperly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1307 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1306 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1305 (An elevation of privilege vulnerability exists when the Windows State ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1304 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1303 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1302 (An elevation of privilege vulnerability exists in Windows Installer be ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1301 (A remote code execution vulnerability exists in the way that the Micro ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1300 (A remote code execution vulnerability exists when Microsoft Windows fa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1299 (A remote code execution vulnerability exists in Microsoft Windows that ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1298 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1297 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1296 (A vulnerability exists in the way the Windows Diagnostics &amp;amp; fe ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1295 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1294 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1293 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1292 (An elevation of privilege vulnerability exists in OpenSSH for Windows ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1291 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1290 (An information disclosure vulnerability exists when the win32k compone ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1289 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1288
RESERVED
-CVE-2020-1287
- RESERVED
-CVE-2020-1286
- RESERVED
-CVE-2020-1285
- RESERVED
-CVE-2020-1284
- RESERVED
-CVE-2020-1283
- RESERVED
-CVE-2020-1282
- RESERVED
-CVE-2020-1281
- RESERVED
-CVE-2020-1280
- RESERVED
-CVE-2020-1279
- RESERVED
-CVE-2020-1278
- RESERVED
-CVE-2020-1277
- RESERVED
-CVE-2020-1276
- RESERVED
-CVE-2020-1275
- RESERVED
-CVE-2020-1274
- RESERVED
-CVE-2020-1273
- RESERVED
-CVE-2020-1272
- RESERVED
-CVE-2020-1271
- RESERVED
-CVE-2020-1270
- RESERVED
-CVE-2020-1269
- RESERVED
-CVE-2020-1268
- RESERVED
-CVE-2020-1267
- RESERVED
-CVE-2020-1266
- RESERVED
-CVE-2020-1265
- RESERVED
-CVE-2020-1264
- RESERVED
-CVE-2020-1263
- RESERVED
-CVE-2020-1262
- RESERVED
-CVE-2020-1261
- RESERVED
-CVE-2020-1260
- RESERVED
-CVE-2020-1259
- RESERVED
-CVE-2020-1258
- RESERVED
-CVE-2020-1257
- RESERVED
-CVE-2020-1256
- RESERVED
-CVE-2020-1255
- RESERVED
-CVE-2020-1254
- RESERVED
-CVE-2020-1253
- RESERVED
-CVE-2020-1252
- RESERVED
-CVE-2020-1251
- RESERVED
-CVE-2020-1250
- RESERVED
-CVE-2020-1249
- RESERVED
-CVE-2020-1248
- RESERVED
-CVE-2020-1247
- RESERVED
-CVE-2020-1246
- RESERVED
-CVE-2020-1245
- RESERVED
-CVE-2020-1244
- RESERVED
-CVE-2020-1243
- RESERVED
-CVE-2020-1242
- RESERVED
-CVE-2020-1241
- RESERVED
-CVE-2020-1240
- RESERVED
-CVE-2020-1239
- RESERVED
-CVE-2020-1238
- RESERVED
-CVE-2020-1237
- RESERVED
-CVE-2020-1236
- RESERVED
-CVE-2020-1235
- RESERVED
-CVE-2020-1234
- RESERVED
-CVE-2020-1233
- RESERVED
-CVE-2020-1232
- RESERVED
-CVE-2020-1231
- RESERVED
-CVE-2020-1230
- RESERVED
-CVE-2020-1229
- RESERVED
-CVE-2020-1228
- RESERVED
-CVE-2020-1227
- RESERVED
-CVE-2020-1226
- RESERVED
-CVE-2020-1225
- RESERVED
-CVE-2020-1224
- RESERVED
-CVE-2020-1223
- RESERVED
-CVE-2020-1222
- RESERVED
+CVE-2020-1287 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1286 (A remote code execution vulnerability exists when the Windows Shell do ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1285 (A remote code execution vulnerability exists in the way that the Windo ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1284 (A denial of service vulnerability exists in the way that the Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1283 (A denial of service vulnerability exists when Windows improperly handl ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1282 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1281 (A remote code execution vulnerability exists when Microsoft Windows OL ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1280 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1279 (An elevation of privilege vulnerability exists when Windows Lockscreen ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1278 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1277 (An elevation of privilege vulnerability exists in Windows Installer be ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1276 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1275 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1274 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1273 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1272 (An elevation of privilege vulnerability exists in the Windows Installe ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1271 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1270 (An elevation of privilege vulnerability exists in the way that the wla ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1269 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1268 (An information disclosure vulnerability exists when a Windows service ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1267 (This security update corrects a denial of service in the Local Securit ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1266 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1265 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1264 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1263 (An information disclosure vulnerability exists in the way Windows Erro ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1262 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1261 (An information disclosure vulnerability exists in the way Windows Erro ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1260 (A remote code execution vulnerability exists in the way that the VBScr ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1259 (A security feature bypass vulnerability exists when Windows Host Guard ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1258 (An elevation of privilege vulnerability exists when DirectX improperly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1257 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1256 (An information disclosure vulnerability exists when the Windows GDI co ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1255 (An elevation of privilege vulnerability exists when the Windows Backgr ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1254 (An elevation of privilege vulnerability exists when Windows Modules In ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1253 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1252 (A remote code execution vulnerability exists when Windows improperly h ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1251 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1250 (An information disclosure vulnerability exists when the win32k compone ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1249 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1248 (A remote code execution vulnerability exists in the way that the Windo ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1247 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1246 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1245 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1244 (A denial of service vulnerability exists when Connected User Experienc ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1243 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1242 (An information disclosure vulnerability exists in the way that Microso ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1241 (A security feature bypass vulnerability exists when Windows Kernel fai ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1240 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1239 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1238 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1237 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1236 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1235 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1234 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1233 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1232 (An information disclosure vulnerability exists when Media Foundation i ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1231 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1230 (A remote code execution vulnerability exists in the way that the VBScr ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1229 (A security feature bypass vulnerability exists in Microsoft Outlook wh ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1228 (A denial of service vulnerability exists in Windows DNS when it fails ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1227 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1226 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1225 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1224 (An information disclosure vulnerability exists when Microsoft Excel im ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1223 (A remote code execution vulnerability exists when Microsoft Word for A ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1222 (An elevation of privilege vulnerability exists when the Microsoft Stor ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1221
RESERVED
-CVE-2020-1220
- RESERVED
-CVE-2020-1219
- RESERVED
-CVE-2020-1218
- RESERVED
-CVE-2020-1217
- RESERVED
-CVE-2020-1216
- RESERVED
-CVE-2020-1215
- RESERVED
-CVE-2020-1214
- RESERVED
-CVE-2020-1213
- RESERVED
-CVE-2020-1212
- RESERVED
-CVE-2020-1211
- RESERVED
-CVE-2020-1210
- RESERVED
-CVE-2020-1209
- RESERVED
-CVE-2020-1208
- RESERVED
-CVE-2020-1207
- RESERVED
-CVE-2020-1206
- RESERVED
-CVE-2020-1205
- RESERVED
-CVE-2020-1204
- RESERVED
-CVE-2020-1203
- RESERVED
-CVE-2020-1202
- RESERVED
-CVE-2020-1201
- RESERVED
-CVE-2020-1200
- RESERVED
-CVE-2020-1199
- RESERVED
-CVE-2020-1198
- RESERVED
-CVE-2020-1197
- RESERVED
-CVE-2020-1196
- RESERVED
+CVE-2020-1220 (A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1219 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1218 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1217 (An information disclosure vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1216 (A remote code execution vulnerability exists in the way that the VBScr ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1215 (A remote code execution vulnerability exists in the way that the VBScr ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1214 (A remote code execution vulnerability exists in the way that the VBScr ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1213 (A remote code execution vulnerability exists in the way that the VBScr ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1212 (An elevation of privilege vulnerability exists when an OLE Automation ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1211 (An elevation of privilege vulnerability exists in the way that the Con ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1210 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1209 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1208 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1207 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1206 (An information disclosure vulnerability exists in the way that the Mic ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1205 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1204 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1203 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1202 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1201 (An elevation of privilege vulnerability exists in the way the Windows ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1200 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1199 (An elevation of privilege vulnerability exists when the Windows Feedba ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1198 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1197 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1196 (An elevation of privilege vulnerability exists in the way that the pri ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1195 (An elevation of privilege vulnerability exists in Microsoft Edge (Chro ...)
NOT-FOR-US: Microsoft
-CVE-2020-1194
- RESERVED
-CVE-2020-1193
- RESERVED
+CVE-2020-1194 (A denial of service vulnerability exists when Windows Registry imprope ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1193 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1192 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
NOT-FOR-US: Microsoft
CVE-2020-1191 (An elevation of privilege vulnerability exists when the Windows State ...)
@@ -28225,20 +70156,20 @@ CVE-2020-1185 (An elevation of privilege vulnerability exists when the Windows S
NOT-FOR-US: Microsoft
CVE-2020-1184 (An elevation of privilege vulnerability exists when the Windows State ...)
NOT-FOR-US: Microsoft
-CVE-2020-1183
- RESERVED
-CVE-2020-1182
- RESERVED
-CVE-2020-1181
- RESERVED
-CVE-2020-1180
- RESERVED
+CVE-2020-1183 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1182 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1181 (A remote code execution vulnerability exists in Microsoft SharePoint S ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1180 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1179 (An information disclosure vulnerability exists when the Windows GDI co ...)
NOT-FOR-US: Microsoft
-CVE-2020-1178
- RESERVED
-CVE-2020-1177
- RESERVED
+CVE-2020-1178 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1177 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1176 (A remote code execution vulnerability exists when the Windows Jet Data ...)
NOT-FOR-US: Microsoft
CVE-2020-1175 (A remote code execution vulnerability exists when the Windows Jet Data ...)
@@ -28247,34 +70178,34 @@ CVE-2020-1174 (A remote code execution vulnerability exists when the Windows Jet
NOT-FOR-US: Microsoft
CVE-2020-1173 (A spoofing vulnerability exists in Microsoft Power BI Report Server in ...)
NOT-FOR-US: Microsoft
-CVE-2020-1172
- RESERVED
+CVE-2020-1172 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1171 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
NOT-FOR-US: Microsoft
-CVE-2020-1170
- RESERVED
-CVE-2020-1169
- RESERVED
+CVE-2020-1170 (An elevation of privilege vulnerability exists in Windows Defender tha ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1169 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1168
RESERVED
-CVE-2020-1167
- RESERVED
+CVE-2020-1167 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1166 (An elevation of privilege vulnerability exists when Windows improperly ...)
NOT-FOR-US: Microsoft
CVE-2020-1165 (An elevation of privilege vulnerability exists when Windows improperly ...)
NOT-FOR-US: Microsoft
CVE-2020-1164 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
NOT-FOR-US: Microsoft
-CVE-2020-1163
- RESERVED
-CVE-2020-1162
- RESERVED
+CVE-2020-1163 (An elevation of privilege vulnerability exists in Windows Defender tha ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1162 (An elevation of privilege (user to user) vulnerability exists in Windo ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1161 (A denial of service vulnerability exists when ASP.NET Core improperly ...)
NOT-FOR-US: Microsoft .NET
-CVE-2020-1160
- RESERVED
-CVE-2020-1159
- RESERVED
+CVE-2020-1160 (An information disclosure vulnerability exists when the Microsoft Wind ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1159 (An elevation of privilege vulnerability exists in the way that the Sta ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1158 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
NOT-FOR-US: Microsoft
CVE-2020-1157 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
@@ -28287,20 +70218,20 @@ CVE-2020-1154 (An elevation of privilege vulnerability exists when the Windows C
NOT-FOR-US: Microsoft
CVE-2020-1153 (A remote code execution vulnerability exists in the way that Microsoft ...)
NOT-FOR-US: Microsoft
-CVE-2020-1152
- RESERVED
+CVE-2020-1152 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1151 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
NOT-FOR-US: Microsoft
CVE-2020-1150 (A memory corruption vulnerability exists when Windows Media Foundation ...)
NOT-FOR-US: Microsoft
CVE-2020-1149 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
NOT-FOR-US: Microsoft
-CVE-2020-1148
- RESERVED
-CVE-2020-1147
- RESERVED
-CVE-2020-1146
- RESERVED
+CVE-2020-1148 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1147 (A remote code execution vulnerability exists in .NET Framework, Micros ...)
+ NOT-FOR-US: Microsoft .NET
+CVE-2020-1146 (An elevation of privilege vulnerability exists when the Microsoft Stor ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1145 (An information disclosure vulnerability exists in the way that the Win ...)
NOT-FOR-US: Microsoft
CVE-2020-1144 (An elevation of privilege vulnerability exists when the Windows State ...)
@@ -28325,16 +70256,16 @@ CVE-2020-1135 (An elevation of privilege vulnerability exists when the Windows G
NOT-FOR-US: Microsoft
CVE-2020-1134 (An elevation of privilege vulnerability exists when the Windows State ...)
NOT-FOR-US: Microsoft
-CVE-2020-1133
- RESERVED
+CVE-2020-1133 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1132 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
NOT-FOR-US: Microsoft
CVE-2020-1131 (An elevation of privilege vulnerability exists when the Windows State ...)
NOT-FOR-US: Microsoft
-CVE-2020-1130
- RESERVED
-CVE-2020-1129
- RESERVED
+CVE-2020-1130 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1129 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1128
RESERVED
CVE-2020-1127
@@ -28347,22 +70278,22 @@ CVE-2020-1124 (An elevation of privilege vulnerability exists when the Windows S
NOT-FOR-US: Microsoft
CVE-2020-1123 (A denial of service vulnerability exists when Connected User Experienc ...)
NOT-FOR-US: Microsoft
-CVE-2020-1122
- RESERVED
+CVE-2020-1122 (An elevation of privilege vulnerability exists when the Windows Langua ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1121 (An elevation of privilege vulnerability exists when Windows improperly ...)
NOT-FOR-US: Microsoft
-CVE-2020-1120
- RESERVED
-CVE-2020-1119
- RESERVED
+CVE-2020-1120 (A denial of service vulnerability exists when Connected User Experienc ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1119 (An information disclosure vulnerability exists when StartTileData.dll ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1118 (A denial of service vulnerability exists in the Windows implementation ...)
NOT-FOR-US: Microsoft
CVE-2020-1117 (A remote code execution vulnerability exists in the way that the Color ...)
NOT-FOR-US: Microsoft
CVE-2020-1116 (An information disclosure vulnerability exists when the Windows Client ...)
NOT-FOR-US: Microsoft
-CVE-2020-1115
- RESERVED
+CVE-2020-1115 (An elevation of privilege vulnerability exists when the Windows Common ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1114 (An elevation of privilege vulnerability exists when the Windows kernel ...)
NOT-FOR-US: Microsoft
CVE-2020-1113 (A security feature bypass vulnerability exists in Microsoft Windows wh ...)
@@ -28395,10 +70326,10 @@ CVE-2020-1100 (A cross-site-scripting (XSS) vulnerability exists when Microsoft
NOT-FOR-US: Microsoft
CVE-2020-1099 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
NOT-FOR-US: Microsoft
-CVE-2020-1098
- RESERVED
-CVE-2020-1097
- RESERVED
+CVE-2020-1098 (An elevation of privilege vulnerability exists when the Shell infrastr ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1097 (An information disclosure vulnerability exists when the Windows GDI co ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1096 (A remote code execution vulnerability exists when Microsoft Edge PDF R ...)
NOT-FOR-US: Microsoft
CVE-2020-1095
@@ -28409,8 +70340,8 @@ CVE-2020-1093 (A remote code execution vulnerability exists in the way that the
NOT-FOR-US: Microsoft
CVE-2020-1092 (A remote code execution vulnerability exists when Internet Explorer im ...)
NOT-FOR-US: Microsoft
-CVE-2020-1091
- RESERVED
+CVE-2020-1091 (An information disclosure vulnerability exists when the Windows GDI co ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1090 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
NOT-FOR-US: Microsoft
CVE-2020-1089
@@ -28421,18 +70352,18 @@ CVE-2020-1087 (An elevation of privilege vulnerability exists in the way that th
NOT-FOR-US: Microsoft
CVE-2020-1086 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
NOT-FOR-US: Microsoft
-CVE-2020-1085
- RESERVED
+CVE-2020-1085 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1084 (A Denial Of Service vulnerability exists when Connected User Experienc ...)
NOT-FOR-US: Microsoft
-CVE-2020-1083
- RESERVED
+CVE-2020-1083 (An information disclosure vulnerability exists when the Microsoft Wind ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1082 (An elevation of privilege vulnerability exists in Windows Error Report ...)
NOT-FOR-US: Microsoft
CVE-2020-1081 (An elevation of privilege vulnerability exists when the Windows Printe ...)
NOT-FOR-US: Microsoft
-CVE-2020-1080
- RESERVED
+CVE-2020-1080 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1079 (An elevation of privilege vulnerability exists when the Windows fails ...)
NOT-FOR-US: Microsoft
CVE-2020-1078 (An elevation of privilege vulnerability exists in Windows Installer be ...)
@@ -28443,10 +70374,10 @@ CVE-2020-1076 (A denial of service vulnerability exists when Windows improperly
NOT-FOR-US: Microsoft
CVE-2020-1075 (An information disclosure vulnerability exists when Windows Subsystem ...)
NOT-FOR-US: Microsoft
-CVE-2020-1074
- RESERVED
-CVE-2020-1073
- RESERVED
+CVE-2020-1074 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1073 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1072 (An information disclosure vulnerability exists when the Windows kernel ...)
NOT-FOR-US: Microsoft
CVE-2020-1071 (An elevation of privilege vulnerability exists when Windows improperly ...)
@@ -28477,18 +70408,18 @@ CVE-2020-1059 (A spoofing vulnerability exists when Microsoft Edge does not prop
NOT-FOR-US: Microsoft
CVE-2020-1058 (A remote code execution vulnerability exists in the way that the VBScr ...)
NOT-FOR-US: Microsoft
-CVE-2020-1057
- RESERVED
+CVE-2020-1057 (A remote code execution vulnerability exists in the way that the Chakr ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1056 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...)
NOT-FOR-US: Microsoft
CVE-2020-1055 (A cross-site-scripting (XSS) vulnerability exists when Active Director ...)
NOT-FOR-US: Microsoft
CVE-2020-1054 (An elevation of privilege vulnerability exists in Windows when the Win ...)
NOT-FOR-US: Microsoft
-CVE-2020-1053
- RESERVED
-CVE-2020-1052
- RESERVED
+CVE-2020-1053 (An elevation of privilege vulnerability exists when DirectX improperly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1052 (An elevation of privilege vulnerability exists in the way that the ssd ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1051 (A remote code execution vulnerability exists when the Windows Jet Data ...)
NOT-FOR-US: Microsoft
CVE-2020-1050 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
@@ -28497,42 +70428,42 @@ CVE-2020-1049 (A cross site scripting vulnerability exists when Microsoft Dynami
NOT-FOR-US: Microsoft
CVE-2020-1048 (An elevation of privilege vulnerability exists when the Windows Print ...)
NOT-FOR-US: Microsoft
-CVE-2020-1047
- RESERVED
-CVE-2020-1046
- RESERVED
-CVE-2020-1045
- RESERVED
-CVE-2020-1044
- RESERVED
-CVE-2020-1043
- RESERVED
-CVE-2020-1042
- RESERVED
-CVE-2020-1041
- RESERVED
-CVE-2020-1040
- RESERVED
-CVE-2020-1039
- RESERVED
-CVE-2020-1038
- RESERVED
+CVE-2020-1047 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1046 (A remote code execution vulnerability exists when Microsoft .NET Frame ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1045 (A security feature bypass vulnerability exists in the way Microsoft AS ...)
+ - dotnet-core-3.1 <itp> (bug #968921)
+CVE-2020-1044 (A security feature bypass vulnerability exists in SQL Server Reporting ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1043 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1042 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1041 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1040 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1039 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1038 (A denial of service vulnerability exists when Windows Routing Utilitie ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1037 (A remote code execution vulnerability exists in the way that the Chakr ...)
NOT-FOR-US: Microsoft
-CVE-2020-1036
- RESERVED
+CVE-2020-1036 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1035 (A remote code execution vulnerability exists in the way that the VBScr ...)
NOT-FOR-US: Microsoft
-CVE-2020-1034
- RESERVED
-CVE-2020-1033
- RESERVED
-CVE-2020-1032
- RESERVED
-CVE-2020-1031
- RESERVED
-CVE-2020-1030
- RESERVED
+CVE-2020-1034 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1033 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1032 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1031 (An information disclosure vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1030 (An elevation of privilege vulnerability exists when the Windows Print ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1029 (An elevation of privilege vulnerability exists when Connected User Exp ...)
NOT-FOR-US: Microsoft
CVE-2020-1028 (A memory corruption vulnerability exists when Windows Media Foundation ...)
@@ -28541,8 +70472,8 @@ CVE-2020-1027 (An elevation of privilege vulnerability exists in the way that th
NOT-FOR-US: Microsoft
CVE-2020-1026 (A Security Feature Bypass vulnerability exists in the MSR JavaScript C ...)
NOT-FOR-US: Microsoft
-CVE-2020-1025
- RESERVED
+CVE-2020-1025 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1024 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
NOT-FOR-US: Microsoft
CVE-2020-1023 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
@@ -28565,10 +70496,10 @@ CVE-2020-1015 (An elevation of privilege vulnerability exists in the way that th
NOT-FOR-US: Microsoft
CVE-2020-1014 (An elevation of privilege vulnerability exists in the Microsoft Window ...)
NOT-FOR-US: Microsoft
-CVE-2020-1013
- RESERVED
-CVE-2020-1012
- RESERVED
+CVE-2020-1013 (An elevation of privilege vulnerability exists when Microsoft Windows ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-1012 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
CVE-2020-1011 (An elevation of privilege vulnerability exists when the Windows System ...)
NOT-FOR-US: Microsoft
CVE-2020-1010 (An elevation of privilege vulnerability exists in Windows Block Level ...)
@@ -28595,10 +70526,10 @@ CVE-2020-1000 (An elevation of privilege vulnerability exists when the Windows k
NOT-FOR-US: Microsoft
CVE-2020-0999 (A remote code execution vulnerability exists when the Windows Jet Data ...)
NOT-FOR-US: Microsoft
-CVE-2020-0998
- RESERVED
-CVE-2020-0997
- RESERVED
+CVE-2020-0998 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-0997 (A remote code execution vulnerability exists when the Windows Camera C ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0996 (An elevation of privilege vulnerability exists when the Windows Update ...)
NOT-FOR-US: Microsoft
CVE-2020-0995 (A remote code execution vulnerability exists when the Windows Jet Data ...)
@@ -28613,14 +70544,14 @@ CVE-2020-0991 (A remote code execution vulnerability exists in Microsoft Office
NOT-FOR-US: Microsoft
CVE-2020-0990
RESERVED
-CVE-2020-0989
- RESERVED
+CVE-2020-0989 (An information disclosure vulnerability exists when Windows Mobile Dev ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0988 (A remote code execution vulnerability exists when the Windows Jet Data ...)
NOT-FOR-US: Microsoft
CVE-2020-0987 (An information disclosure vulnerability exists when the Microsoft Wind ...)
NOT-FOR-US: Microsoft
-CVE-2020-0986
- RESERVED
+CVE-2020-0986 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0985 (An elevation of privilege vulnerability exists when the Windows Update ...)
NOT-FOR-US: Microsoft
CVE-2020-0984 (An elevation of privilege vulnerability exists when the Microsoft Auto ...)
@@ -28689,8 +70620,8 @@ CVE-2020-0953 (A remote code execution vulnerability exists when the Windows Jet
NOT-FOR-US: Microsoft
CVE-2020-0952 (An information disclosure vulnerability exists when the Windows GDI co ...)
NOT-FOR-US: Microsoft
-CVE-2020-0951
- RESERVED
+CVE-2020-0951 (A security feature bypass vulnerability exists in Windows Defender App ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0950 (A memory corruption vulnerability exists when Windows Media Foundation ...)
NOT-FOR-US: Microsoft
CVE-2020-0949 (A memory corruption vulnerability exists when Windows Media Foundation ...)
@@ -28709,8 +70640,8 @@ CVE-2020-0943 (An authentication bypass vulnerability exists in Microsoft YourPh
NOT-FOR-US: Microsoft
CVE-2020-0942 (An elevation of privilege vulnerability exists when Connected User Exp ...)
NOT-FOR-US: Microsoft
-CVE-2020-0941
- RESERVED
+CVE-2020-0941 (An information disclosure vulnerability exists when the win32k compone ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0940 (An elevation of privilege vulnerability exists in the way the Windows ...)
NOT-FOR-US: Microsoft
CVE-2020-0939 (An information disclosure vulnerability exists when Media Foundation i ...)
@@ -28735,8 +70666,8 @@ CVE-2020-0930 (A cross-site-scripting (XSS) vulnerability exists when Microsoft
NOT-FOR-US: Microsoft
CVE-2020-0929 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
NOT-FOR-US: Microsoft
-CVE-2020-0928
- RESERVED
+CVE-2020-0928 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0927 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
NOT-FOR-US: Microsoft
CVE-2020-0926 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
@@ -28747,10 +70678,10 @@ CVE-2020-0924 (A cross-site-scripting (XSS) vulnerability exists when Microsoft
NOT-FOR-US: Microsoft
CVE-2020-0923 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
NOT-FOR-US: Microsoft
-CVE-2020-0922
- RESERVED
-CVE-2020-0921
- RESERVED
+CVE-2020-0922 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-0921 (An information disclosure vulnerability exists when the Microsoft Wind ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0920 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
NOT-FOR-US: Microsoft
CVE-2020-0919 (An elevation of privilege vulnerability exists in Remote Desktop App f ...)
@@ -28759,32 +70690,32 @@ CVE-2020-0918 (An elevation of privilege vulnerability exists when Windows Hyper
NOT-FOR-US: Microsoft
CVE-2020-0917 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...)
NOT-FOR-US: Microsoft
-CVE-2020-0916
- RESERVED
-CVE-2020-0915
- RESERVED
-CVE-2020-0914
- RESERVED
+CVE-2020-0916 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-0915 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-0914 (An information disclosure vulnerability exists when the Windows State ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0913 (An elevation of privilege vulnerability exists when the Windows kernel ...)
NOT-FOR-US: Microsoft
-CVE-2020-0912
- RESERVED
-CVE-2020-0911
- RESERVED
+CVE-2020-0912 (An elevation of privilege vulnerability exists when the Windows Functi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-0911 (An elevation of privilege vulnerability exists when Windows Modules In ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0910 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
NOT-FOR-US: Microsoft
CVE-2020-0909 (A denial of service vulnerability exists when Hyper-V on a Windows Ser ...)
NOT-FOR-US: Microsoft
-CVE-2020-0908
- RESERVED
+CVE-2020-0908 (A remote code execution vulnerability exists when the Windows Text Ser ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0907 (A remote code execution vulnerability exists in the way that Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2020-0906 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
NOT-FOR-US: Microsoft
CVE-2020-0905 (An remote code execution vulnerability exists in Microsoft Dynamics Bu ...)
NOT-FOR-US: Microsoft
-CVE-2020-0904
- RESERVED
+CVE-2020-0904 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0903 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Excha ...)
NOT-FOR-US: Microsoft
CVE-2020-0902 (An elevation of privilege vulnerability exists in Service Fabric File ...)
@@ -28811,16 +70742,16 @@ CVE-2020-0892 (A remote code execution vulnerability exists in Microsoft Word so
NOT-FOR-US: Microsoft
CVE-2020-0891 (This vulnerability is caused when SharePoint Server does not properly ...)
NOT-FOR-US: Microsoft
-CVE-2020-0890
- RESERVED
+CVE-2020-0890 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0889 (A remote code execution vulnerability exists when the Windows Jet Data ...)
NOT-FOR-US: Microsoft
CVE-2020-0888 (An elevation of privilege vulnerability exists when DirectX improperly ...)
NOT-FOR-US: Microsoft
CVE-2020-0887 (An elevation of privilege vulnerability exists in Windows when the Win ...)
NOT-FOR-US: Microsoft
-CVE-2020-0886
- RESERVED
+CVE-2020-0886 (An elevation of privilege vulnerability exists when the Windows Storag ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0885 (An information disclosure vulnerability exists when the Windows GDI co ...)
NOT-FOR-US: Microsoft
CVE-2020-0884 (A spoofing vulnerability exists in Microsoft Visual Studio as it inclu ...)
@@ -28835,14 +70766,14 @@ CVE-2020-0880 (An information disclosure vulnerability exists when the Windows G
NOT-FOR-US: Microsoft
CVE-2020-0879 (An information disclosure vulnerability exists in the way that the Win ...)
NOT-FOR-US: Microsoft
-CVE-2020-0878
- RESERVED
+CVE-2020-0878 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0877 (An elevation of privilege vulnerability exists in Windows when the Win ...)
NOT-FOR-US: Microsoft
CVE-2020-0876 (An information disclosure vulnerability exists when the win32k compone ...)
NOT-FOR-US: Microsoft
-CVE-2020-0875
- RESERVED
+CVE-2020-0875 (An information disclosure vulnerability exists in how splwow64.exe han ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0874 (An information disclosure vulnerability exists in the way that the Win ...)
NOT-FOR-US: Microsoft
CVE-2020-0873
@@ -28851,8 +70782,8 @@ CVE-2020-0872 (A remote code execution vulnerability exists in Application Inspe
NOT-FOR-US: Microsoft
CVE-2020-0871 (An information disclosure vulnerability exists when Windows Network Co ...)
NOT-FOR-US: Microsoft
-CVE-2020-0870
- RESERVED
+CVE-2020-0870 (An elevation of privilege vulnerability exists when the Shell infrastr ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0869 (A memory corruption vulnerability exists when Windows Media Foundation ...)
NOT-FOR-US: Microsoft
CVE-2020-0868 (An elevation of privilege vulnerability exists when the Windows Update ...)
@@ -28879,8 +70810,8 @@ CVE-2020-0858 (An elevation of privilege vulnerability exists when the &amp;quot
NOT-FOR-US: Microsoft
CVE-2020-0857 (An elevation of privilege vulnerability exists in the way that the Win ...)
NOT-FOR-US: Microsoft
-CVE-2020-0856
- RESERVED
+CVE-2020-0856 (An information disclosure vulnerability exists when Active Directory i ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0855 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
NOT-FOR-US: Microsoft
CVE-2020-0854 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...)
@@ -28913,14 +70844,14 @@ CVE-2020-0841 (An elevation of privilege vulnerability exists when Windows impro
NOT-FOR-US: Microsoft
CVE-2020-0840 (An elevation of privilege vulnerability exists when Windows improperly ...)
NOT-FOR-US: Microsoft
-CVE-2020-0839
- RESERVED
-CVE-2020-0838
- RESERVED
-CVE-2020-0837
- RESERVED
-CVE-2020-0836
- RESERVED
+CVE-2020-0839 (An elevation of privilege vulnerability exists in the way that the dns ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-0838 (An elevation of privilege vulnerability exists when NTFS improperly ch ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-0837 (A spoofing vulnerability exists when Active Directory Federation Servi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-0836 (A denial of service vulnerability exists in Windows DNS when it fails ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0835 (An elevation of privilege vulnerability exists when Windows Defender a ...)
NOT-FOR-US: Microsoft
CVE-2020-0834 (An elevation of privilege vulnerability exists when Windows improperly ...)
@@ -28981,8 +70912,8 @@ CVE-2020-0807 (A memory corruption vulnerability exists when Windows Media Found
NOT-FOR-US: Microsoft
CVE-2020-0806 (An elevation of privilege vulnerability exists in Windows Error Report ...)
NOT-FOR-US: Microsoft
-CVE-2020-0805
- RESERVED
+CVE-2020-0805 (A security feature bypass vulnerability exists when a Windows Projecte ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0804 (An elevation of privilege vulnerability exists in the way that the Win ...)
NOT-FOR-US: Microsoft
CVE-2020-0803 (An elevation of privilege vulnerability exists in the way that the Win ...)
@@ -29011,8 +70942,8 @@ CVE-2020-0792 (An elevation of privilege vulnerability exists when the Windows G
NOT-FOR-US: Microsoft
CVE-2020-0791 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
NOT-FOR-US: Microsoft
-CVE-2020-0790
- RESERVED
+CVE-2020-0790 (A local elevation of privilege vulnerability exists in how splwow64.ex ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0789 (A denial of service vulnerability exists when the Visual Studio Extens ...)
NOT-FOR-US: Microsoft
CVE-2020-0788 (An elevation of privilege vulnerability exists in Windows when the Win ...)
@@ -29027,8 +70958,8 @@ CVE-2020-0784 (An elevation of privilege vulnerability exists when DirectX impro
NOT-FOR-US: Microsoft
CVE-2020-0783 (An elevation of privilege vulnerability exists when the Windows Univer ...)
NOT-FOR-US: Microsoft
-CVE-2020-0782
- RESERVED
+CVE-2020-0782 (An elevation of privilege vulnerability exists when the Windows Crypto ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0781 (An elevation of privilege vulnerability exists when the Windows Univer ...)
NOT-FOR-US: Microsoft
CVE-2020-0780 (An elevation of privilege vulnerability exists in the way that the Win ...)
@@ -29059,18 +70990,18 @@ CVE-2020-0768 (A remote code execution vulnerability exists in the way the scrip
NOT-FOR-US: Microsoft
CVE-2020-0767 (A remote code execution vulnerability exists in the way that the Chakr ...)
NOT-FOR-US: Microsoft
-CVE-2020-0766
- RESERVED
+CVE-2020-0766 (An elevation of privilege vulnerability exists when the Microsoft Stor ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0765 (An information disclosure vulnerability exists in the Remote Desktop C ...)
NOT-FOR-US: Microsoft
-CVE-2020-0764
- RESERVED
+CVE-2020-0764 (An elevation of privilege vulnerability exists when the Windows Storag ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0763 (An elevation of privilege vulnerability exists when Windows Defender S ...)
NOT-FOR-US: Microsoft
CVE-2020-0762 (An elevation of privilege vulnerability exists when Windows Defender S ...)
NOT-FOR-US: Microsoft
-CVE-2020-0761
- RESERVED
+CVE-2020-0761 (A remote code execution vulnerability exists when Active Directory int ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0760 (A remote code execution vulnerability exists when Microsoft Office imp ...)
NOT-FOR-US: Microsoft
CVE-2020-0759 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
@@ -29155,8 +71086,8 @@ CVE-2020-0720 (An elevation of privilege vulnerability exists in Windows when th
NOT-FOR-US: Microsoft
CVE-2020-0719 (An elevation of privilege vulnerability exists in Windows when the Win ...)
NOT-FOR-US: Microsoft
-CVE-2020-0718
- RESERVED
+CVE-2020-0718 (A remote code execution vulnerability exists when Active Directory int ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0717 (An information disclosure vulnerability exists when the win32k compone ...)
NOT-FOR-US: Microsoft
CVE-2020-0716 (An information disclosure vulnerability exists when the win32k compone ...)
@@ -29263,8 +71194,8 @@ CVE-2020-0666 (An elevation of privilege vulnerability exists in the way that th
NOT-FOR-US: Microsoft
CVE-2020-0665 (An elevation of privilege vulnerability exists in Active Directory For ...)
NOT-FOR-US: Microsoft
-CVE-2020-0664
- RESERVED
+CVE-2020-0664 (An information disclosure vulnerability exists when Active Directory i ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0663 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...)
NOT-FOR-US: Microsoft
CVE-2020-0662 (A remote code execution vulnerability exists in the way that Windows h ...)
@@ -29295,8 +71226,8 @@ CVE-2020-0650 (A remote code execution vulnerability exists in Microsoft Excel s
NOT-FOR-US: Microsoft
CVE-2020-0649
RESERVED
-CVE-2020-0648
- RESERVED
+CVE-2020-0648 (An elevation of privilege vulnerability exists when the Windows RSoP S ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0647 (A spoofing vulnerability exists when Office Online does not validate o ...)
NOT-FOR-US: Microsoft
CVE-2020-0646 (A remote code execution vulnerability exists when the Microsoft .NET F ...)
@@ -29383,8 +71314,8 @@ CVE-2020-0606 (A remote code execution vulnerability exists in .NET software whe
NOT-FOR-US: Microsoft
CVE-2020-0605 (A remote code execution vulnerability exists in .NET software when the ...)
NOT-FOR-US: Microsoft
-CVE-2020-0604
- RESERVED
+CVE-2020-0604 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
+ NOT-FOR-US: Microsoft
CVE-2020-0603 (A remote code execution vulnerability exists in ASP.NET Core software ...)
NOT-FOR-US: Microsoft
CVE-2020-0602 (A denial of service vulnerability exists when ASP.NET Core improperly ...)
@@ -29393,38 +71324,38 @@ CVE-2020-0601 (A spoofing vulnerability exists in the way Windows CryptoAPI (Cry
NOT-FOR-US: Microsoft
CVE-2020-0600 (Improper buffer restrictions in firmware for some Intel(R) NUC may all ...)
NOT-FOR-US: Intel
-CVE-2020-0599
- RESERVED
+CVE-2020-0599 (Improper access control in the PMC for some Intel(R) Processors may al ...)
+ NOT-FOR-US: Intel
CVE-2020-0598 (Uncontrolled search path in the installer for the Intel(R) Binary Conf ...)
NOT-FOR-US: Intel
-CVE-2020-0597
- RESERVED
-CVE-2020-0596
- RESERVED
-CVE-2020-0595
- RESERVED
-CVE-2020-0594
- RESERVED
-CVE-2020-0593
- RESERVED
-CVE-2020-0592
- RESERVED
-CVE-2020-0591
- RESERVED
-CVE-2020-0590
- RESERVED
+CVE-2020-0597 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM ...)
+ NOT-FOR-US: Intel
+CVE-2020-0596 (Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Inte ...)
+ NOT-FOR-US: Intel
+CVE-2020-0595 (Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM vers ...)
+ NOT-FOR-US: Intel
+CVE-2020-0594 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM ...)
+ NOT-FOR-US: Intel
+CVE-2020-0593 (Improper buffer restrictions in BIOS firmware for some Intel(R) Proces ...)
+ NOT-FOR-US: Intel
+CVE-2020-0592 (Out of bounds write in BIOS firmware for some Intel(R) Processors may ...)
+ NOT-FOR-US: Intel
+CVE-2020-0591 (Improper buffer restrictions in BIOS firmware for some Intel(R) Proces ...)
+ NOT-FOR-US: Intel
+CVE-2020-0590 (Improper input validation in BIOS firmware for some Intel(R) Processor ...)
+ NOT-FOR-US: Intel
CVE-2020-0589
RESERVED
-CVE-2020-0588
- RESERVED
-CVE-2020-0587
- RESERVED
-CVE-2020-0586
- RESERVED
+CVE-2020-0588 (Improper conditions check in BIOS firmware for some Intel(R) Processor ...)
+ NOT-FOR-US: Intel
+CVE-2020-0587 (Improper conditions check in BIOS firmware for some Intel(R) Processor ...)
+ NOT-FOR-US: Intel
+CVE-2020-0586 (Improper initialization in subsystem for Intel(R) SPS versions before ...)
+ NOT-FOR-US: Intel
CVE-2020-0585
RESERVED
-CVE-2020-0584
- RESERVED
+CVE-2020-0584 (Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Seri ...)
+ NOT-FOR-US: Intel
CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart Sound Tech ...)
NOT-FOR-US: Intel
CVE-2020-0582
@@ -29441,18 +71372,17 @@ CVE-2020-0577 (Insufficient control flow for Intel(R) Modular Server MFS2600KISP
NOT-FOR-US: Intel
CVE-2020-0576 (Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module ...)
NOT-FOR-US: Intel
-CVE-2020-0575
- RESERVED
+CVE-2020-0575 (Improper buffer restrictions in the Intel(R) Unite Client for Windows* ...)
+ NOT-FOR-US: Intel
CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all ...)
NOT-FOR-US: Intel
-CVE-2020-0573
- RESERVED
-CVE-2020-0572
- RESERVED
-CVE-2020-0571
- RESERVED
-CVE-2020-0570
- RESERVED
+CVE-2020-0573 (Out of bounds read in the Intel CSI2 Host Controller driver may allow ...)
+ NOT-FOR-US: Intel
+CVE-2020-0572 (Improper input validation in the firmware for Intel(R) Server Board S2 ...)
+ NOT-FOR-US: Intel
+CVE-2020-0571 (Improper conditions check in BIOS firmware for 8th Generation Intel(R) ...)
+ NOT-FOR-US: Intel
+CVE-2020-0570 (Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5 ...)
- qtbase-opensource-src 5.12.5+dfsg-8
[buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3
[stretch] - qtbase-opensource-src <not-affected> (Only affects 5.12.0 through 5.14.0)
@@ -29460,8 +71390,7 @@ CVE-2020-0570
NOTE: https://bugreports.qt.io/browse/QTBUG-81272
NOTE: Patch: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63fb16b2df239f82a89d2bf05dd
NOTE: https://lists.qt-project.org/pipermail/development/2020-January/038534.html
-CVE-2020-0569
- RESERVED
+CVE-2020-0569 (Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windo ...)
{DSA-4617-1 DLA-2092-1}
- qtbase-opensource-src 5.12.5+dfsg-8
NOTE: Patch for 5.6.0 through 5.13.2: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404
@@ -29470,8 +71399,8 @@ CVE-2020-0568 (Race condition in the Intel(R) Driver and Support Assistant befor
NOT-FOR-US: Intel
CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before version ...)
NOT-FOR-US: Intel graphics driver for Windows
-CVE-2020-0566
- RESERVED
+CVE-2020-0566 (Improper Access Control in subsystem for Intel(R) TXE versions before ...)
+ NOT-FOR-US: Intel
CVE-2020-0565 (Uncontrolled search path in Intel(R) Graphics Drivers before version 2 ...)
NOT-FOR-US: Intel graphics driver for Windows
CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for Windows be ...)
@@ -29484,14 +71413,14 @@ CVE-2020-0561 (Improper initialization in the Intel(R) SGX SDK before v2.6.100.1
NOT-FOR-US: Intel
CVE-2020-0560 (Improper permissions in the installer for the Intel(R) Renesas Electro ...)
NOT-FOR-US: Intel
-CVE-2020-0559
- RESERVED
+CVE-2020-0559 (Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi p ...)
+ NOT-FOR-US: Intel
CVE-2020-0558 (Improper buffer restrictions in kernel mode driver for Intel(R) PROSet ...)
NOT-FOR-US: Intel
CVE-2020-0557 (Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi produc ...)
NOT-FOR-US: Intel
CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.54 may ...)
- {DSA-4647-1}
+ {DSA-4647-1 DLA-2240-1}
- bluez 5.50-1.1 (bug #953770)
NOTE: https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/
NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
@@ -29503,12 +71432,12 @@ CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.5
NOTE: Followup commits to avoid (functional) regression:
NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519
NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e
-CVE-2020-0555
- RESERVED
-CVE-2020-0554
- RESERVED
-CVE-2020-0553
- RESERVED
+CVE-2020-0555 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...)
+ NOT-FOR-US: Intel
+CVE-2020-0554 (Race condition in software installer for some Intel(R) Wireless Blueto ...)
+ NOT-FOR-US: Intel
+CVE-2020-0553 (Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bl ...)
+ NOT-FOR-US: Intel
CVE-2020-0552
RESERVED
CVE-2020-0551 (Load value injection in some Intel(R) Processors utilizing speculative ...)
@@ -29525,80 +71454,81 @@ CVE-2020-0550 (Improper data forwarding in some data cache for some Intel(R) Pro
NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling
NOTE: https://software.intel.com/security-software-guidance/insights/processors-affected-snoop-assisted-l1-data-sampling
CVE-2020-0549 (Cleanup errors in some data cache evictions for some Intel(R) Processo ...)
- - intel-microcode <unfixed>
- [buster] - intel-microcode <postponed> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
- [stretch] - intel-microcode <postponed> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
- [jessie] - intel-microcode <postponed> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
+ {DSA-4701-1 DLA-2248-1}
+ - intel-microcode 3.20200609.1
NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling
NOTE: https://cacheoutattack.com/
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authenticated ...)
- - intel-microcode <unfixed>
- [buster] - intel-microcode <postponed> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
- [stretch] - intel-microcode <postponed> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
- [jessie] - intel-microcode <postponed> (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied)
+ {DSA-4701-1 DLA-2248-1}
+ - intel-microcode 3.20200609.1
NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
CVE-2020-0547 (Incorrect default permissions in the installer for Intel(R) Data Migra ...)
NOT-FOR-US: Intel
CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Modu ...)
NOT-FOR-US: Intel
-CVE-2020-0545
- RESERVED
-CVE-2020-0544
- RESERVED
-CVE-2020-0543
- RESERVED
-CVE-2020-0542
- RESERVED
-CVE-2020-0541
- RESERVED
-CVE-2020-0540
- RESERVED
-CVE-2020-0539
- RESERVED
-CVE-2020-0538
- RESERVED
-CVE-2020-0537
- RESERVED
-CVE-2020-0536
- RESERVED
-CVE-2020-0535
- RESERVED
-CVE-2020-0534
- RESERVED
-CVE-2020-0533
- RESERVED
-CVE-2020-0532
- RESERVED
-CVE-2020-0531
- RESERVED
+CVE-2020-0545 (Integer overflow in subsystem for Intel(R) CSME versions before 11.8.7 ...)
+ NOT-FOR-US: Intel
+CVE-2020-0544 (Insufficient control flow management in the kernel mode driver for som ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
+CVE-2020-0543 (Incomplete cleanup from specific special register read operations in s ...)
+ {DSA-4701-1 DSA-4699-1 DSA-4698-1 DLA-2248-1 DLA-2242-1 DLA-2241-1}
+ - intel-microcode 3.20200609.1
+ - linux 5.6.14-2
+ NOTE: https://www.vusec.net/projects/crosstalk/
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html
+ NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling
+CVE-2020-0542 (Improper buffer restrictions in subsystem for Intel(R) CSME versions b ...)
+ NOT-FOR-US: Intel
+CVE-2020-0541 (Out-of-bounds write in subsystem for Intel(R) CSME versions before 12. ...)
+ NOT-FOR-US: Intel
+CVE-2020-0540 (Insufficiently protected credentials in Intel(R) AMT versions before 1 ...)
+ NOT-FOR-US: Intel
+CVE-2020-0539 (Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSM ...)
+ NOT-FOR-US: Intel
+CVE-2020-0538 (Improper input validation in subsystem for Intel(R) AMT versions befor ...)
+ NOT-FOR-US: Intel
+CVE-2020-0537 (Improper input validation in subsystem for Intel(R) AMT versions befor ...)
+ NOT-FOR-US: Intel
+CVE-2020-0536 (Improper input validation in the DAL subsystem for Intel(R) CSME versi ...)
+ NOT-FOR-US: Intel
+CVE-2020-0535 (Improper input validation in Intel(R) AMT versions before 11.8.76, 11. ...)
+ NOT-FOR-US: Intel
+CVE-2020-0534 (Improper input validation in the DAL subsystem for Intel(R) CSME versi ...)
+ NOT-FOR-US: Intel
+CVE-2020-0533 (Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.1 ...)
+ NOT-FOR-US: Intel
+CVE-2020-0532 (Improper input validation in subsystem for Intel(R) AMT versions befor ...)
+ NOT-FOR-US: Intel
+CVE-2020-0531 (Improper input validation in Intel(R) AMT versions before 11.8.77, 11. ...)
+ NOT-FOR-US: Intel
CVE-2020-0530 (Improper buffer restrictions in firmware for Intel(R) NUC may allow an ...)
NOT-FOR-US: Intel
-CVE-2020-0529
- RESERVED
-CVE-2020-0528
- RESERVED
-CVE-2020-0527
- RESERVED
+CVE-2020-0529 (Improper initialization in BIOS firmware for 8th, 9th and 10th Generat ...)
+ NOT-FOR-US: Intel
+CVE-2020-0528 (Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10 ...)
+ NOT-FOR-US: Intel
+CVE-2020-0527 (Insufficient control flow management in firmware for some Intel(R) Dat ...)
+ NOT-FOR-US: Intel
CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...)
NOT-FOR-US: Intel
-CVE-2020-0525
- RESERVED
-CVE-2020-0524
- RESERVED
-CVE-2020-0523
- RESERVED
-CVE-2020-0522
- RESERVED
-CVE-2020-0521
- RESERVED
+CVE-2020-0525 (Improper access control in firmware for the Intel(R) Ethernet I210 Con ...)
+ NOT-FOR-US: Intel
+CVE-2020-0524 (Improper default permissions in the firmware for the Intel(R) Ethernet ...)
+ NOT-FOR-US: Intel
+CVE-2020-0523 (Improper access control in the firmware for the Intel(R) Ethernet I210 ...)
+ NOT-FOR-US: Intel
+CVE-2020-0522 (Improper initialization in the firmware for the Intel(R) Ethernet I210 ...)
+ NOT-FOR-US: Intel
+CVE-2020-0521 (Insufficient control flow management in some Intel(R) Graphics Drivers ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before ve ...)
NOT-FOR-US: Intel
CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before versions ...)
NOT-FOR-US: Intel Graphics drivers for Windows
-CVE-2020-0518
- RESERVED
+CVE-2020-0518 (Improper access control in the Intel(R) HD Graphics Control Panel befo ...)
+ NOT-FOR-US: Intel graphics drivers for Windows
CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36. ...)
NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before version 26 ...)
@@ -29607,14 +71537,14 @@ CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R) Gr
NOT-FOR-US: Intel
CVE-2020-0514 (Improper default permissions in the installer for Intel(R) Graphics Dr ...)
NOT-FOR-US: Intel
-CVE-2020-0513
- RESERVED
-CVE-2020-0512
- RESERVED
+CVE-2020-0513 (Out of bounds write for some Intel(R) Graphics Drivers before version ...)
+ NOT-FOR-US: Intel
+CVE-2020-0512 (Uncaught exception in the system driver for some Intel(R) Graphics Dri ...)
+ NOT-FOR-US: Intel
CVE-2020-0511 (Uncaught exception in system driver for Intel(R) Graphics Drivers befo ...)
NOT-FOR-US: Intel Graphics drivers for Windows
-CVE-2020-0510
- RESERVED
+CVE-2020-0510 (Out of bounds read in some Intel(R) Graphics Drivers before versions 1 ...)
+ NOT-FOR-US: Intel
CVE-2020-0509
RESERVED
CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) Graphics D ...)
@@ -29633,782 +71563,853 @@ CVE-2020-0502 (Improper access control in Intel(R) Graphics Drivers before versi
NOT-FOR-US: Intel Graphics drivers for Windows
CVE-2020-0501 (Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100. ...)
NOT-FOR-US: Intel Graphics drivers for Windows
-CVE-2020-0500
- RESERVED
-CVE-2020-0499
- RESERVED
-CVE-2020-0498
- RESERVED
-CVE-2020-0497
- RESERVED
-CVE-2020-0496
- RESERVED
-CVE-2020-0495
- RESERVED
-CVE-2020-0494
- RESERVED
-CVE-2020-0493
- RESERVED
-CVE-2020-0492
- RESERVED
-CVE-2020-0491
- RESERVED
-CVE-2020-0490
- RESERVED
-CVE-2020-0489
- RESERVED
-CVE-2020-0488
- RESERVED
+CVE-2020-0500 (In startInputUncheckedLocked of InputMethodManager.java, there is a po ...)
+ NOT-FOR-US: Android
+CVE-2020-0499 (In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a p ...)
+ {DLA-2514-1}
+ - flac 1.3.3-2 (bug #977764)
+ [buster] - flac <no-dsa> (Minor issue)
+ NOTE: https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4
+ NOTE: https://android.googlesource.com/platform/external/flac/+/029048f823ced50f63a92e25073427ec3a9bd909%5E%21/#F0
+ NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01
+CVE-2020-0498 (In decode_packed_entry_number of codebook.c, there is a possible out o ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0497 (In canUseBiometric of BiometricServiceBase, there is a missing permiss ...)
+ NOT-FOR-US: Android
+CVE-2020-0496 (In CPDF_RenderStatus::LoadSMask of cpdf_renderstatus.cpp, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2020-0495 (In decode_Huffman of JBig2_SddProc.cpp, there is a possible out of bou ...)
+ NOT-FOR-US: Android
+CVE-2020-0494 (In ih264d_parse_ave of ih264d_sei.c, there is a possible out of bounds ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0493 (In CPDF_SampledFunc::v_Call of cpdf_sampledfunc.cpp, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2020-0492 (In BitstreamFillCache of bitstream.cpp, there is a possible out of bou ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0491 (In readBlock of MatroskaExtractor.cpp, there is a possible denial of s ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0490 (In floor1_info_unpack of floor1.c, there is a possible out of bounds r ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0489 (In Parse_data of eas_mdls.c, there is a possible out of bounds write d ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0488 (In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse ...)
+ NOT-FOR-US: Android media framework
CVE-2020-0487
- RESERVED
-CVE-2020-0486
- RESERVED
-CVE-2020-0485
- RESERVED
-CVE-2020-0484
- RESERVED
-CVE-2020-0483
- RESERVED
-CVE-2020-0482
- RESERVED
-CVE-2020-0481
- RESERVED
-CVE-2020-0480
- RESERVED
-CVE-2020-0479
- RESERVED
-CVE-2020-0478
- RESERVED
-CVE-2020-0477
- RESERVED
-CVE-2020-0476
- RESERVED
-CVE-2020-0475
- RESERVED
-CVE-2020-0474
- RESERVED
-CVE-2020-0473
- RESERVED
+ REJECTED
+CVE-2020-0486 (In openAssetFileListener of ContactsProvider2.java, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2020-0485 (In areFunctionsSupported of UsbBackend.java, there is a possible acces ...)
+ NOT-FOR-US: Android
+CVE-2020-0484 (In destroyResources of ComposerClient.h, there is possible memory corr ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0483 (In DrmManagerService::~DrmManagerService() of DrmManagerService.cpp, t ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0482 (In command of IncidentService.cpp, there is a possible out of bounds r ...)
+ NOT-FOR-US: Android
+CVE-2020-0481 (In AndroidManifest.xml, there is a possible permissions bypass. This c ...)
+ NOT-FOR-US: Android
+CVE-2020-0480 (In callUnchecked of DocumentsProvider.java, there is a possible permis ...)
+ NOT-FOR-US: Android
+CVE-2020-0479 (In callUnchecked of DocumentsProvider.java, there is a possible permis ...)
+ NOT-FOR-US: Android
+CVE-2020-0478 (In extend_frame_lowbd of restoration.c, there is a possible out of bou ...)
+ - aom <undetermined>
+ NOTE: https://android.googlesource.com/platform/external/libaom/+/816f15265cb89a02d7ce4b657de277828e71a4b1
+ NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01
+ NOTE: https://aomedia.googlesource.com/aom/+/ebba9c769be2c99d5396d0018901e9a4af5e2d2c (v1.0.0-errata1-avif)
+ TODO: check if ebba9c769be2c99d5396d0018901e9a4af5e2d2c is the needed commit
+CVE-2020-0477 (In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there ...)
+ NOT-FOR-US: Android
+CVE-2020-0476 (In onNotificationRemoved of Assistant.java, there is a possible leak o ...)
+ NOT-FOR-US: Android
+CVE-2020-0475 (In createInputConsumer of WindowManagerService.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2020-0474 (In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible us ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0473 (In updateIncomingFileConfirmNotification of BluetoothOppNotification.j ...)
+ NOT-FOR-US: Android
CVE-2020-0472
RESERVED
-CVE-2020-0471
- RESERVED
-CVE-2020-0470
- RESERVED
-CVE-2020-0469
- RESERVED
-CVE-2020-0468
- RESERVED
-CVE-2020-0467
- RESERVED
-CVE-2020-0466
- RESERVED
-CVE-2020-0465
- RESERVED
-CVE-2020-0464
- RESERVED
-CVE-2020-0463
- RESERVED
+CVE-2020-0471 (In reassemble_and_dispatch of packet_fragmenter.cc, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2020-0470 (In extend_frame_highbd of restoration.c, there is a possible out of bo ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0469 (In addEscrowToken of LockSettingsService.java, there is a possible los ...)
+ NOT-FOR-US: Android
+CVE-2020-0468 (In listen() and related functions of TelephonyRegistry.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2020-0467 (In onUserStopped of Vpn.java, there is a possible resetting of user pr ...)
+ NOT-FOR-US: Android
+CVE-2020-0466 (In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a poss ...)
+ - linux 5.8.7-1
+ [buster] - linux 4.19.146-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/52c479697c9b73f628140dcdfcd39ea302d05482
+ NOTE: https://git.kernel.org/linus/a9ed4a6560b8562b7e2e2bed9527e88001f7b682
+CVE-2020-0465 (In various methods of hid-multitouch.c, there is a possible out of bou ...)
+ - linux 5.8.7-1
+ [buster] - linux 4.19.146-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/35556bed836f8dc07ac55f69c8d17dce3e7f0e25
+ NOTE: https://git.kernel.org/linus/bce1305c0ece3dc549663605e567655dd701752c
+CVE-2020-0464 (In resolv_cache_lookup of res_cache.cpp, there is a possible side chan ...)
+ NOT-FOR-US: Android
+CVE-2020-0463 (In sdp_server_handle_client_req of sdp_server.cc, there is a possible ...)
+ NOT-FOR-US: Android
CVE-2020-0462
RESERVED
CVE-2020-0461
RESERVED
-CVE-2020-0460
- RESERVED
-CVE-2020-0459
- RESERVED
-CVE-2020-0458
- RESERVED
-CVE-2020-0457
- RESERVED
-CVE-2020-0456
- RESERVED
-CVE-2020-0455
- RESERVED
-CVE-2020-0454
- RESERVED
-CVE-2020-0453
- RESERVED
-CVE-2020-0452
- RESERVED
-CVE-2020-0451
- RESERVED
-CVE-2020-0450
- RESERVED
-CVE-2020-0449
- RESERVED
-CVE-2020-0448
- RESERVED
-CVE-2020-0447
- RESERVED
-CVE-2020-0446
- RESERVED
-CVE-2020-0445
- RESERVED
-CVE-2020-0444
- RESERVED
-CVE-2020-0443
- RESERVED
-CVE-2020-0442
- RESERVED
-CVE-2020-0441
- RESERVED
-CVE-2020-0440
- RESERVED
-CVE-2020-0439
- RESERVED
-CVE-2020-0438
- RESERVED
-CVE-2020-0437
- RESERVED
+CVE-2020-0460 (In createNameCredentialDialog of CertInstaller.java, there exists the ...)
+ NOT-FOR-US: Android
+CVE-2020-0459 (In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, th ...)
+ NOT-FOR-US: Android
+CVE-2020-0458 (In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEnc ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0457 (There is a possible out of bounds write due to a missing bounds check. ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0456 (There is a possible out of bounds write due to a missing bounds check. ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0455 (There is a possible out of bounds write due to a missing bounds check. ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0454 (In callCallbackForRequest of ConnectivityService.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2020-0453 (In updateNotification of BeamTransferManager.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2020-0452 (In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...)
+ {DSA-4786-1 DLA-2439-1}
+ - libexif 0.6.22-3
+ NOTE: https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06
+CVE-2020-0451 (In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there i ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0450 (In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds re ...)
+ NOT-FOR-US: Android
+CVE-2020-0449 (In btm_sec_disconnected of btm_sec.cc, there is a possible memory corr ...)
+ NOT-FOR-US: Android
+CVE-2020-0448 (In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2020-0447 (There is a possible out of bounds write due to a missing bounds check. ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0446 (There is a possible out of bounds write due to a missing bounds check. ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0445 (There is a possible out of bounds write due to a missing bounds check. ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0444 (In audit_free_lsm_field of auditfilter.c, there is a possible bad kfre ...)
+ - linux 5.5.13-1
+ [buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://git.kernel.org/linus/2ad3e17ebf94b7b7f3f64c050ff168f9915345eb
+CVE-2020-0443 (In LocaleList of LocaleList.java, there is a possible forced reboot du ...)
+ NOT-FOR-US: Android
+CVE-2020-0442 (In Message and toBundle of Notification.java, there is a possible UI s ...)
+ NOT-FOR-US: Android
+CVE-2020-0441 (In Message and toBundle of Notification.java, there is a possible reso ...)
+ NOT-FOR-US: Android
+CVE-2020-0440 (In createVirtualDisplay of DisplayManagerService.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2020-0439 (In generatePackageInfo of PackageManagerService.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2020-0438 (In the AIBinder_Class constructor of ibinder.cpp, there is a possible ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0437 (In CellBroadcastReceiver's intent handlers, there is a possible denial ...)
+ NOT-FOR-US: Android
CVE-2020-0436
RESERVED
CVE-2020-0435
- RESERVED
-CVE-2020-0434
- RESERVED
-CVE-2020-0433
- RESERVED
-CVE-2020-0432
- RESERVED
-CVE-2020-0431
- RESERVED
-CVE-2020-0430
- RESERVED
-CVE-2020-0429
- RESERVED
-CVE-2020-0428
- RESERVED
-CVE-2020-0427
- RESERVED
-CVE-2020-0426
- RESERVED
-CVE-2020-0425
- RESERVED
-CVE-2020-0424
- RESERVED
-CVE-2020-0423
- RESERVED
-CVE-2020-0422
- RESERVED
-CVE-2020-0421
- RESERVED
-CVE-2020-0420
- RESERVED
-CVE-2020-0419
- RESERVED
-CVE-2020-0418
- RESERVED
-CVE-2020-0417
- RESERVED
-CVE-2020-0416
- RESERVED
-CVE-2020-0415
- RESERVED
-CVE-2020-0414
- RESERVED
-CVE-2020-0413
- RESERVED
-CVE-2020-0412
- RESERVED
-CVE-2020-0411
- RESERVED
-CVE-2020-0410
- RESERVED
-CVE-2020-0409
- RESERVED
-CVE-2020-0408
- RESERVED
-CVE-2020-0407
- RESERVED
-CVE-2020-0406
- RESERVED
-CVE-2020-0405
- RESERVED
-CVE-2020-0404
- RESERVED
-CVE-2020-0403
- RESERVED
+ REJECTED
+CVE-2020-0434 (In Pixel's use of the Catpipe library, there is possible memory corrup ...)
+ NOT-FOR-US: Catpipe
+CVE-2020-0433 (In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use ...)
+ - linux 4.19.9-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2020-09-01
+ NOTE: https://git.kernel.org/linus/f5bbbbe4d63577026f908a809f22f5fd5a90ea1f
+ NOTE: https://git.kernel.org/linus/530ca2c9bd6949c72c9b5cfc330cb3dbccaa3f5b
+CVE-2020-0432 (In skb_to_mamac of networking.c, there is a possible out of bounds wri ...)
+ - linux 5.4.19-1 (unimportant)
+ [buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://git.kernel.org/linus/4d1356ac12f4d5180d0df345d85ff0ee42b89c72
+ NOTE: Staging driver, not enabled/built
+CVE-2020-0431 (In kbd_keycode of keyboard.c, there is a possible out of bounds write ...)
+ - linux 5.4.13-1
+ [buster] - linux 4.19.98-1
+ [stretch] - linux 4.9.210-1
+ NOTE: https://git.kernel.org/linus/4f3882177240a1f55e45a3d241d3121341bead78
+CVE-2020-0430 (In skb_headlen of /include/linux/skbuff.h, there is a possible out of ...)
+ - linux 4.17.8-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/58990d1ff3f7896ee341030e9a7c2e4002570683
+CVE-2020-0429 (In l2tp_session_delete and related functions of l2tp_core.c, there is ...)
+ - linux 4.14.2-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://git.kernel.org/linus/b228a94066406b6c456321d69643b0d7ce11cfa6
+ NOTE: https://git.kernel.org/linus/cdd10c9627496ad25c87ce6394e29752253c69d3
+CVE-2020-0428 (In CamX code, there is a possible use after free due to a race conditi ...)
+ NOT-FOR-US: Android on Pixel
+CVE-2020-0427 (In create_pinctrl of core.c, there is a possible out of bounds read du ...)
+ {DLA-2494-1}
+ - linux 5.4.8-1
+ [buster] - linux 4.19.98-1
+ NOTE: https://git.kernel.org/linus/be4c60b563edee3712d392aaeb0943a768df7023
+CVE-2020-0426 (In SyncManager, there is a possible permission bypass due to an unsafe ...)
+ NOT-FOR-US: Android
+CVE-2020-0425 (There is a possible way to view notifications even when the "Lockdown" ...)
+ NOT-FOR-US: Android
+CVE-2020-0424 (In send_vc of res_send.cpp, there is a possible out of bounds read due ...)
+ NOT-FOR-US: Android
+CVE-2020-0423 (In binder_release_work of binder.c, there is a possible use-after-free ...)
+ {DLA-2483-1}
+ - linux 5.9.6-1
+ [buster] - linux 4.19.160-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://git.kernel.org/linus/f3277cbfba763cd2826396521b9296de67cf1bbc
+CVE-2020-0422 (In constructImportFailureNotification of NotificationImportExportListe ...)
+ NOT-FOR-US: Android
+CVE-2020-0421 (In appendFormatV of String8.cpp, there is a possible out of bounds wri ...)
+ NOT-FOR-US: Android
+CVE-2020-0420 (In setUpdatableDriverPath of GpuService.cpp, there is a possible memor ...)
+ NOT-FOR-US: Android
+CVE-2020-0419 (In generateInfo of PackageInstallerSession.java, there is a possible l ...)
+ NOT-FOR-US: Android
+CVE-2020-0418 (In getPermissionInfosForGroup of Utils.java, there is a logic error. T ...)
+ NOT-FOR-US: Android
+CVE-2020-0417 (In setNiNotification of GpsNetInitiatedHandler.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2020-0416 (In multiple settings screens, there are possible tapjacking attacks du ...)
+ NOT-FOR-US: Android
+CVE-2020-0415 (In various locations in SystemUI, there is a possible permission bypas ...)
+ NOT-FOR-US: Android
+CVE-2020-0414 (In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0413 (In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible ou ...)
+ NOT-FOR-US: Android
+CVE-2020-0412 (In setProcessMemoryTrimLevel of ActivityManagerService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2020-0411 (In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bou ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0410 (In setNotification of SapServer.java, there is a possible permission b ...)
+ NOT-FOR-US: Android
+CVE-2020-0409 (In create of FileMap.cpp, there is a possible out of bounds write due ...)
+ NOT-FOR-US: Android
+CVE-2020-0408 (In remove of String16.cpp, there is a possible out of bounds write due ...)
+ NOT-FOR-US: Android
+CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some implem ...)
+ NOT-FOR-US: Android kernel
+CVE-2020-0406 (In libmpeg2dec, there is a possible out of bounds write due to a missi ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0405 (In NetworkStackNotifier, there is a possible permissions bypass due to ...)
+ NOT-FOR-US: Android
+CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked ...)
+ - linux 5.4.19-1
+ [buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://git.kernel.org/linus/68035c80e129c4cfec659aac4180354530b26527
+CVE-2020-0403 (In the FPC TrustZone fingerprint App, there is a possible invalid comm ...)
+ NOT-FOR-US: FPC TrustZone fingerprint App
CVE-2020-0402
RESERVED
-CVE-2020-0401
- RESERVED
-CVE-2020-0400
- RESERVED
-CVE-2020-0399
- RESERVED
-CVE-2020-0398
- RESERVED
-CVE-2020-0397
- RESERVED
-CVE-2020-0396
- RESERVED
-CVE-2020-0395
- RESERVED
-CVE-2020-0394
- RESERVED
-CVE-2020-0393
- RESERVED
-CVE-2020-0392
- RESERVED
-CVE-2020-0391
- RESERVED
-CVE-2020-0390
- RESERVED
-CVE-2020-0389
- RESERVED
-CVE-2020-0388
- RESERVED
-CVE-2020-0387
- RESERVED
-CVE-2020-0386
- RESERVED
-CVE-2020-0385
- RESERVED
-CVE-2020-0384
- RESERVED
-CVE-2020-0383
- RESERVED
-CVE-2020-0382
- RESERVED
-CVE-2020-0381
- RESERVED
-CVE-2020-0380
- RESERVED
-CVE-2020-0379
- RESERVED
-CVE-2020-0378
- RESERVED
-CVE-2020-0377
- RESERVED
-CVE-2020-0376
- RESERVED
-CVE-2020-0375
- RESERVED
-CVE-2020-0374
- RESERVED
-CVE-2020-0373
- RESERVED
-CVE-2020-0372
- RESERVED
-CVE-2020-0371
- RESERVED
-CVE-2020-0370
- RESERVED
-CVE-2020-0369
- RESERVED
-CVE-2020-0368
- RESERVED
-CVE-2020-0367
- RESERVED
-CVE-2020-0366
- RESERVED
-CVE-2020-0365
- RESERVED
-CVE-2020-0364
- RESERVED
-CVE-2020-0363
- RESERVED
-CVE-2020-0362
- RESERVED
-CVE-2020-0361
- RESERVED
-CVE-2020-0360
- RESERVED
-CVE-2020-0359
- RESERVED
-CVE-2020-0358
- RESERVED
-CVE-2020-0357
- RESERVED
-CVE-2020-0356
- RESERVED
-CVE-2020-0355
- RESERVED
-CVE-2020-0354
- RESERVED
-CVE-2020-0353
- RESERVED
-CVE-2020-0352
- RESERVED
-CVE-2020-0351
- RESERVED
-CVE-2020-0350
- RESERVED
-CVE-2020-0349
- RESERVED
-CVE-2020-0348
- RESERVED
-CVE-2020-0347
- RESERVED
-CVE-2020-0346
- RESERVED
-CVE-2020-0345
- RESERVED
-CVE-2020-0344
- RESERVED
-CVE-2020-0343
- RESERVED
-CVE-2020-0342
- RESERVED
-CVE-2020-0341
- RESERVED
-CVE-2020-0340
- RESERVED
-CVE-2020-0339
- RESERVED
-CVE-2020-0338
- RESERVED
-CVE-2020-0337
- RESERVED
-CVE-2020-0336
- RESERVED
-CVE-2020-0335
- RESERVED
-CVE-2020-0334
- RESERVED
-CVE-2020-0333
- RESERVED
-CVE-2020-0332
- RESERVED
-CVE-2020-0331
- RESERVED
-CVE-2020-0330
- RESERVED
-CVE-2020-0329
- RESERVED
-CVE-2020-0328
- RESERVED
-CVE-2020-0327
- RESERVED
-CVE-2020-0326
- RESERVED
-CVE-2020-0325
- RESERVED
-CVE-2020-0324
- RESERVED
-CVE-2020-0323
- RESERVED
-CVE-2020-0322
- RESERVED
-CVE-2020-0321
- RESERVED
-CVE-2020-0320
- RESERVED
-CVE-2020-0319
- RESERVED
-CVE-2020-0318
- RESERVED
-CVE-2020-0317
- RESERVED
-CVE-2020-0316
- RESERVED
-CVE-2020-0315
- RESERVED
-CVE-2020-0314
- RESERVED
-CVE-2020-0313
- RESERVED
-CVE-2020-0312
- RESERVED
-CVE-2020-0311
- RESERVED
-CVE-2020-0310
- RESERVED
-CVE-2020-0309
- RESERVED
-CVE-2020-0308
- RESERVED
-CVE-2020-0307
- RESERVED
-CVE-2020-0306
- RESERVED
-CVE-2020-0305
- RESERVED
-CVE-2020-0304
- RESERVED
-CVE-2020-0303
- RESERVED
-CVE-2020-0302
- RESERVED
-CVE-2020-0301
- RESERVED
-CVE-2020-0300
- RESERVED
-CVE-2020-0299
- RESERVED
-CVE-2020-0298
- RESERVED
-CVE-2020-0297
- RESERVED
-CVE-2020-0296
- RESERVED
-CVE-2020-0295
- RESERVED
-CVE-2020-0294
- RESERVED
-CVE-2020-0293
- RESERVED
-CVE-2020-0292
- RESERVED
-CVE-2020-0291
- RESERVED
-CVE-2020-0290
- RESERVED
-CVE-2020-0289
- RESERVED
-CVE-2020-0288
- RESERVED
-CVE-2020-0287
- RESERVED
-CVE-2020-0286
- RESERVED
-CVE-2020-0285
- RESERVED
-CVE-2020-0284
- RESERVED
-CVE-2020-0283
- RESERVED
-CVE-2020-0282
- RESERVED
-CVE-2020-0281
- RESERVED
-CVE-2020-0280
- RESERVED
-CVE-2020-0279
- RESERVED
-CVE-2020-0278
- RESERVED
-CVE-2020-0277
- RESERVED
-CVE-2020-0276
- RESERVED
-CVE-2020-0275
- RESERVED
-CVE-2020-0274
- RESERVED
-CVE-2020-0273
- RESERVED
-CVE-2020-0272
- RESERVED
-CVE-2020-0271
- RESERVED
-CVE-2020-0270
- RESERVED
-CVE-2020-0269
- RESERVED
-CVE-2020-0268
- RESERVED
-CVE-2020-0267
- RESERVED
-CVE-2020-0266
- RESERVED
-CVE-2020-0265
- RESERVED
-CVE-2020-0264
- RESERVED
-CVE-2020-0263
- RESERVED
-CVE-2020-0262
- RESERVED
-CVE-2020-0261
- RESERVED
-CVE-2020-0260
- RESERVED
-CVE-2020-0259
- RESERVED
-CVE-2020-0258
- RESERVED
-CVE-2020-0257
- RESERVED
-CVE-2020-0256
- RESERVED
+ NOTE: Duplicate assignment for CVE-2019-19769 (Android security informed)
+CVE-2020-0401 (In setInstallerPackageName of PackageManagerService.java, there is a m ...)
+ NOT-FOR-US: Android
+CVE-2020-0400 (In showDataRoamingNotification of NotificationMgr.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2020-0399 (In showLimitedSimFunctionWarningNotification of NotificationMgr.java, ...)
+ NOT-FOR-US: Android
+CVE-2020-0398 (In updateMwi of NotificationMgr.java, there is a possible permission b ...)
+ NOT-FOR-US: Android
+CVE-2020-0397 (In getNotificationBuilder of CarrierServiceStateTracker.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2020-0396 (In various places in Telephony, there is a possible permission bypass ...)
+ NOT-FOR-US: Android
+CVE-2020-0395 (In showNotification of EmergencyCallbackModeService.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2020-0394 (In onCreate of BluetoothPairingDialog.java, there is a possible tapjac ...)
+ NOT-FOR-US: Android
+CVE-2020-0393 (In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible ou ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0392 (In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code e ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0391 (In applyPolicy of PackageManagerService.java, there is possible arbitr ...)
+ NOT-FOR-US: Android
+CVE-2020-0390 (In the app zygote SE Policy, there is a possible permissions bypass. T ...)
+ NOT-FOR-US: Android
+CVE-2020-0389 (In createSaveNotification of RecordingService.java, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2020-0388 (In createEmergencyLocationUserNotification of GnssVisibilityControl.ja ...)
+ NOT-FOR-US: Android
+CVE-2020-0387 (In manifest files of the SmartSpace package, there is a possible tapja ...)
+ NOT-FOR-US: Android
+CVE-2020-0386 (In onCreate of RequestPermissionActivity.java, there is a possible tap ...)
+ NOT-FOR-US: Android
+CVE-2020-0385 (In Parse_insh of eas_mdls.c, there is a possible out of bounds write d ...)
+ NOT-FOR-US: Android
+CVE-2020-0384 (In Parse_art of eas_mdls.c, there is a possible out of bounds write du ...)
+ NOT-FOR-US: Android
+CVE-2020-0383 (In Parse_ins of eas_mdls.c, there is a possible out of bounds write du ...)
+ NOT-FOR-US: Android
+CVE-2020-0382 (In RunInternal of dumpstate.cpp, there is a possible user consent bypa ...)
+ NOT-FOR-US: Android
+CVE-2020-0381 (In Parse_wave of eas_mdls.c, there is a possible out of bounds write d ...)
+ NOT-FOR-US: Android
+CVE-2020-0380 (In allocExcessBits of bitalloc.c, there is a possible out of bounds wr ...)
+ NOT-FOR-US: Android
+CVE-2020-0379 (In the Bluetooth service, there is a possible spoofing attack due to a ...)
+ NOT-FOR-US: Android
+CVE-2020-0378 (In onWnmFrameReceived of PasspointManager.java, there is a missing per ...)
+ NOT-FOR-US: Android
+CVE-2020-0377 (In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible ou ...)
+ NOT-FOR-US: Android
+CVE-2020-0376 (There is a possible out of bounds read due to a missing bounds check.P ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0375 (In Telephony, there is a possible permission bypass due to a missing p ...)
+ NOT-FOR-US: Android
+CVE-2020-0374 (In NFC, there is a possible permission bypass due to an unsafe Pending ...)
+ NOT-FOR-US: Android
+CVE-2020-0373 (In SoundTriggerHwService, there is a possible out of bounds read due t ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0372 (In ActivityManager, there is a possible access to protected data due t ...)
+ NOT-FOR-US: Android
+CVE-2020-0371 (There is a possible out of bounds read due to a missing bounds check.P ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0370 (In libAACdec, there is a possible out of bounds read due to missing bo ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0369 (In libavb, there is a possible out of bounds write due to an integer o ...)
+ NOT-FOR-US: Android
+CVE-2020-0368 (In queryInternal of CallLogProvider.java, there is a possible permissi ...)
+ NOT-FOR-US: Android
+CVE-2020-0367 (There is a possible out of bounds write due to a missing bounds check. ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due to a t ...)
+ NOT-FOR-US: Android
+CVE-2020-0365 (In netd, there is a possible out of bounds read due to a missing bound ...)
+ NOT-FOR-US: Android
+CVE-2020-0364 (In libDRCdec, there is a possible out of bounds read due to a missing ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0363 (In libmedia, there is a possible resource exhaustion due to improper i ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0362 (In libstagefright, there is a possible resource exhaustion due to impr ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0361 (In libDRCdec, there is a possible information disclosure due to uninit ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0360 (In Notification Access Confirmation, there is a possible permissions b ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0359 (In GLESRenderEngine, there is a possible out of bounds read due to a b ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0358 (In SurfaceFlinger, there is a possible use after free due to a race co ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0357 (In SurfaceFlinger, there is a possible use-after-free due to improper ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0356 (In the Audio HAL, there is a possible out of bounds write due to an in ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0355 (In libFraunhoferAAC, there is a possible out of bounds read due to a m ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0354 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ NOT-FOR-US: Android
+CVE-2020-0353 (In libmp4extractor, there is a possible resource exhaustion due to a m ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0352 (In MediaProvider, there is a possible permissions bypass due to SQL in ...)
+ NOT-FOR-US: Android
+CVE-2020-0351 (In libstagefright, there is possible CPU exhaustion due to improper in ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0350 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+ NOT-FOR-US: Android
+CVE-2020-0349 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+ NOT-FOR-US: Android
+CVE-2020-0348 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+ NOT-FOR-US: Android
+CVE-2020-0347 (In iptables, there is a possible out of bounds write due to an incorre ...)
+ - linux <undetermined>
+CVE-2020-0346 (In Mediaserver, there is a possible out of bounds write due to an inte ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0345 (In DocumentsUI, there is a possible permission bypass due to a confuse ...)
+ NOT-FOR-US: Android
+CVE-2020-0344 (In MediaProvider, there is a possible permissions bypass due to SQL in ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0343 (In NetworkStatsService, there is a possible access to protected data d ...)
+ NOT-FOR-US: Android
+CVE-2020-0342 (There is a possible out of bounds write due to an incorrect bounds che ...)
+ NOT-FOR-US: Android
+CVE-2020-0341 (In DisplayManager, there is a possible permission bypass due to a miss ...)
+ NOT-FOR-US: Android
+CVE-2020-0340 (In libcodec2_soft_mp3dec, there is a possible information disclosure d ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0339 (There is a possible out of bounds read due to a missing bounds check.P ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0338 (In checkKeyIntent of AccountManagerService.java, there is a possible p ...)
+ NOT-FOR-US: Android
+CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions check du ...)
+ NOT-FOR-US: Android
+CVE-2020-0336 (In SurfaceFlinger, there is possible memory corruption due to type con ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0335 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+ NOT-FOR-US: Android
+CVE-2020-0334 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+ NOT-FOR-US: Android
+CVE-2020-0333 (In UrlQuerySanitizer, there is a possible improper input validation. T ...)
+ NOT-FOR-US: Android
+CVE-2020-0332 (In libstagefright, there is a possible dead loop due to an uncaught ex ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0331 (In Settings, there is a possible permissions bypass. This could lead t ...)
+ NOT-FOR-US: Android
+CVE-2020-0330 (In iorap, there is a possible memory corruption due to a use after fre ...)
+ NOT-FOR-US: Android
+CVE-2020-0329 (In the OMX encoder, there is a possible out of bounds read due to inva ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0328 (In the camera, there is a possible out of bounds read due to an intege ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0327 (In core networking, there is a missing permission check. This could le ...)
+ NOT-FOR-US: Android
+CVE-2020-0326 (In NFC, there is a possible out of bounds write due to uninitialized d ...)
+ NOT-FOR-US: Android
+CVE-2020-0325 (In NFC, there is a missing bounds check. This could lead to local info ...)
+ NOT-FOR-US: Android
+CVE-2020-0324 (In libsonivox, there is a possible out of bounds read due to a missing ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0323 (In libavb, there is a possible out of bounds read due to a missing bou ...)
+ NOT-FOR-US: Android
+CVE-2020-0322 (In apexd, there is a possible out of bounds read due to a missing boun ...)
+ NOT-FOR-US: Android
+CVE-2020-0321 (In the mp3 extractor, there is a possible out of bounds write due to u ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0320 (In libstagefright, there is a possible resource exhaustion due to impr ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0319 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+ NOT-FOR-US: Android
+CVE-2020-0318 (In the System UI, there is a possible system crash due to an uncaught ...)
+ NOT-FOR-US: Android
+CVE-2020-0317 (In UsageStatsManager, there is a possible access to protected data due ...)
+ NOT-FOR-US: Android
+CVE-2020-0316 (In Telephony, there is a missing permission check. This could lead to ...)
+ NOT-FOR-US: Android
+CVE-2020-0315 (In Zen Mode, there is a possible permission bypass due to an unsafe Pe ...)
+ NOT-FOR-US: Android
+CVE-2020-0314 (In AudioService, there are missing permission checks. This could lead ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0313 (In NotificationManagerService, there is a possible permission bypass d ...)
+ NOT-FOR-US: Android
+CVE-2020-0312 (In Battery Saver, there is a possible permission bypass due to an unsa ...)
+ NOT-FOR-US: Android
+CVE-2020-0311 (In InputManagerService, there is a possible permission bypass due to a ...)
+ NOT-FOR-US: Android
+CVE-2020-0310 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
+ NOT-FOR-US: Android
+CVE-2020-0309 (In the Bluetooth server, there is a possible out of bounds write due t ...)
+ NOT-FOR-US: Android
+CVE-2020-0308 (In Window Manager, there is a possible permission bypass due to an uns ...)
+ NOT-FOR-US: Android
+CVE-2020-0307 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
+ NOT-FOR-US: Android
+CVE-2020-0306 (In LLVM, there is a possible ineffective stack cookie placement due to ...)
+ - llvm-toolchain-11 <undetermined>
+ - llvm-toolchain-9 <undetermined>
+CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due to a ...)
+ - linux 5.4.13-1
+ [buster] - linux 4.19.98-1
+ [stretch] - linux 4.9.210-1
+ [jessie] - linux 3.16.84-1
+ NOTE: https://git.kernel.org/linus/68faa679b8be1a74e6663c21c3a9d25d32f1c079
+CVE-2020-0304 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
+ NOT-FOR-US: Android
+CVE-2020-0303 (In the Media extractor, there is a possible use after free due to impr ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0302 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
+ NOT-FOR-US: Android
+CVE-2020-0301 (In libstagefright, there is a possible resource exhaustion due to impr ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0300 (In NFC, there is a possible out of bounds read due to uninitialized da ...)
+ NOT-FOR-US: Android
+CVE-2020-0299 (In Bluetooth, there is a possible spoofing of bluetooth device metadat ...)
+ NOT-FOR-US: Android
+CVE-2020-0298 (In Bluetooth, there is a possible control over Bluetooth enabled state ...)
+ NOT-FOR-US: Android
+CVE-2020-0297 (In devicepolicy service, there is a possible permission bypass due to ...)
+ NOT-FOR-US: Android
+CVE-2020-0296 (In ADB server and USB server, there is a possible permission bypass du ...)
+ NOT-FOR-US: Android
+CVE-2020-0295 (In Telecom, there is a possible permission bypass due to an unsafe Pen ...)
+ NOT-FOR-US: Android
+CVE-2020-0294 (In bindWallpaperComponentLocked of WallpaperManagerService.java, there ...)
+ NOT-FOR-US: Android
+CVE-2020-0293 (In Java network APIs, there is possible access to sensitive network st ...)
+ NOT-FOR-US: Android
+CVE-2020-0292 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ NOT-FOR-US: Android
+CVE-2020-0291 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ NOT-FOR-US: Android
+CVE-2020-0290 (In PackageManager, there is a missing permission check. This could lea ...)
+ NOT-FOR-US: Android
+CVE-2020-0289 (In PackageManager, there is a missing permission check. This could lea ...)
+ NOT-FOR-US: Android
+CVE-2020-0288 (In PackageManager, there is a missing permission check. This could lea ...)
+ NOT-FOR-US: Android
+CVE-2020-0287 (In libmkvextractor, there is a possible resource exhaustion due to a m ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0286 (In Bluetooth AVRCP, there is a possible leak of audio metadata due to ...)
+ NOT-FOR-US: Android
+CVE-2020-0285 (In Telephony, there is a possible permission bypass due to a missing p ...)
+ NOT-FOR-US: Android
+CVE-2020-0284 (In Telephony, there is a possible permission bypass due to a missing p ...)
+ NOT-FOR-US: Android
+CVE-2020-0283 (There is a possible out of bounds write due to a missing bounds check. ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0282 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+ NOT-FOR-US: Android
+CVE-2020-0281 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+ NOT-FOR-US: Android
+CVE-2020-0280 (In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due to a mis ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bounds che ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0277 (In NetworkPolicyManagerService, there is a possible permissions bypass ...)
+ NOT-FOR-US: Android
+CVE-2020-0276 (In Telephony, there is a possible permission bypass due to a missing p ...)
+ NOT-FOR-US: Android
+CVE-2020-0275 (In MediaProvider, there is a possible way to access ContentResolver an ...)
+ NOT-FOR-US: Android
+CVE-2020-0274 (In the OMX parser, there is a possible information disclosure due to a ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0273 (In hwservicemanager, there is a possible out of bounds write due to fr ...)
+ NOT-FOR-US: Android
+CVE-2020-0272 (In libhwbinder, there is a possible information disclosure due to unin ...)
+ NOT-FOR-US: Android
+CVE-2020-0271 (In the Settings app, there is an insecure default value. This could le ...)
+ NOT-FOR-US: Android
+CVE-2020-0270 (In tremolo, there is a possible out of bounds read due to a missing bo ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0269 (In Android Auto Settings, there is a possible permission bypass due to ...)
+ NOT-FOR-US: Android
+CVE-2020-0268 (In NFC, there is a possible use-after-free due to a race condition. Th ...)
+ NOT-FOR-US: Android
+CVE-2020-0267 (In WindowManager, there is a possible launch of an unexpected app due ...)
+ NOT-FOR-US: Android
+CVE-2020-0266 (In factory reset protection, there is a possible FRP bypass due to a m ...)
+ NOT-FOR-US: Android
+CVE-2020-0265 (In Telephony, there are possible leaks of sensitive data due to missin ...)
+ NOT-FOR-US: Android
+CVE-2020-0264 (In libstagefright, there is a possible out of bounds write due to an i ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0263 (In the Accessibility service, there is a possible permission bypass du ...)
+ NOT-FOR-US: Android
+CVE-2020-0262 (In WiFi tethering, there is a possible attacker controlled intent due ...)
+ NOT-FOR-US: Android
+CVE-2020-0261 (In C2 flame devices, there is a possible bypass of seccomp due to a mi ...)
+ NOT-FOR-US: C2 flame devices
+CVE-2020-0260 (There is a possible out of bounds read due to an incorrect bounds chec ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2020-0259 (In android_verity_ctr of dm-android-verity.c, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2020-0258 (In stopZygoteLocked of AppZygote.java, there is an insufficient cleanu ...)
+ NOT-FOR-US: Android
+CVE-2020-0257 (In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a ...)
+ NOT-FOR-US: Android
+CVE-2020-0256 (In LoadPartitionTable of gpt.cc, there is a possible out of bounds wri ...)
+ {DLA-2549-1}
+ - gdisk 1.0.6-1
+ [buster] - gdisk <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/gptfdisk/code/ci/81c8bbee46ad6ebacf72eae70ba5147f376205a4/
+ NOTE: https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083
CVE-2020-0255
- RESERVED
-CVE-2020-0254
- RESERVED
-CVE-2020-0253
- RESERVED
-CVE-2020-0252
- RESERVED
-CVE-2020-0251
- RESERVED
-CVE-2020-0250
- RESERVED
-CVE-2020-0249
- RESERVED
-CVE-2020-0248
- RESERVED
-CVE-2020-0247
- RESERVED
-CVE-2020-0246
- RESERVED
-CVE-2020-0245
- RESERVED
-CVE-2020-0244
- RESERVED
-CVE-2020-0243
- RESERVED
-CVE-2020-0242
- RESERVED
-CVE-2020-0241
- RESERVED
-CVE-2020-0240
- RESERVED
-CVE-2020-0239
- RESERVED
-CVE-2020-0238
- RESERVED
+ REJECTED
+CVE-2020-0254 (There is a possible out of bounds read due to an incorrect bounds chec ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2020-0253 (There is a possible memory corruption due to a use after free.Product: ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2020-0252 (There is a possible memory corruption due to a use after free.Product: ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2020-0251 (There is a possible out of bounds read due to an incorrect bounds chec ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2020-0250 (In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there ...)
+ NOT-FOR-US: Android
+CVE-2020-0249 (In postInstantAppNotif of InstantAppNotifier.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2020-0248 (In postInstantAppNotif of InstantAppNotifier.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2020-0247 (In Threshold::getHistogram of ImageProcessHelper.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2020-0246 (In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missin ...)
+ NOT-FOR-US: Android
+CVE-2020-0245 (In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible ...)
+ NOT-FOR-US: Android Media framework
+CVE-2020-0244 (In writeBurstBufferBytes of SPDIFEncoder.cpp, there is a possible out ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0243 (In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-a ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0242 (In reset of NuPlayerDriver.cpp, there is a possible use-after-free due ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0241 (In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is poss ...)
+ NOT-FOR-US: Android media framework
+CVE-2020-0240 (In NewFixedDoubleArray of factory.cc, there is a possible out of bound ...)
+ NOT-FOR-US: Android
+CVE-2020-0239 (In getDocumentMetadata of DocumentsContract.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2020-0238 (In updatePreferenceIntents of AccountTypePreferenceLoader, there is a ...)
+ NOT-FOR-US: Android
CVE-2020-0237
- RESERVED
-CVE-2020-0236
- RESERVED
-CVE-2020-0235
- RESERVED
-CVE-2020-0234
- RESERVED
-CVE-2020-0233
- RESERVED
-CVE-2020-0232
- RESERVED
-CVE-2020-0231
- RESERVED
-CVE-2020-0230
- RESERVED
-CVE-2020-0229
- RESERVED
-CVE-2020-0228
- RESERVED
-CVE-2020-0227
- RESERVED
-CVE-2020-0226
- RESERVED
-CVE-2020-0225
- RESERVED
-CVE-2020-0224
- RESERVED
-CVE-2020-0223
- RESERVED
+ REJECTED
+CVE-2020-0236 (In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of- ...)
+ NOT-FOR-US: Android
+CVE-2020-0235 (In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size ...)
+ NOT-FOR-US: Pixel kernel drivers
+CVE-2020-0234 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...)
+ NOT-FOR-US: Pixel kernel drivers
+CVE-2020-0233 (In main of main.cpp, there is possible memory corruption due to a use ...)
+ NOT-FOR-US: Android
+CVE-2020-0232 (Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds ...)
+ NOT-FOR-US: Pixel kernel drivers
+CVE-2020-0231 (There is a possible out of bounds write due to an incorrect bounds che ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0230 (There is a possible out of bounds write due to an incorrect bounds che ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0229 (There is a possible out of bounds write due to an incorrect bounds che ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0228 (There is an improper configuration of recorder related service. Produc ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0227 (In onCommand of CompanionDeviceManagerService.java, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2020-0226 (In createWithSurfaceParent of Client.cpp, there is a possible out of b ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0225 (In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder. ...)
+ NOT-FOR-US: Android
+CVE-2020-0224 (In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2020-0223 (This is an unbounded write into kernel global memory, via a user-contr ...)
+ NOT-FOR-US: Pixel kernel drivers
CVE-2020-0222
RESERVED
CVE-2020-0221 (Airbrush FW's scratch memory allocator is susceptible to numeric overf ...)
NOT-FOR-US: Android
CVE-2020-0220 (In crus_afe_callback of msm-cirrus-playback.c, there is a possible out ...)
NOT-FOR-US: Android
-CVE-2020-0219
- RESERVED
-CVE-2020-0218
- RESERVED
-CVE-2020-0217
- RESERVED
-CVE-2020-0216
- RESERVED
-CVE-2020-0215
- RESERVED
-CVE-2020-0214
- RESERVED
-CVE-2020-0213
- RESERVED
-CVE-2020-0212
- RESERVED
-CVE-2020-0211
- RESERVED
-CVE-2020-0210
- RESERVED
-CVE-2020-0209
- RESERVED
-CVE-2020-0208
- RESERVED
-CVE-2020-0207
- RESERVED
-CVE-2020-0206
- RESERVED
-CVE-2020-0205
- RESERVED
-CVE-2020-0204
- RESERVED
-CVE-2020-0203
- RESERVED
-CVE-2020-0202
- RESERVED
-CVE-2020-0201
- RESERVED
-CVE-2020-0200
- RESERVED
-CVE-2020-0199
- RESERVED
-CVE-2020-0198
- RESERVED
-CVE-2020-0197
- RESERVED
-CVE-2020-0196
- RESERVED
-CVE-2020-0195
- RESERVED
-CVE-2020-0194
- RESERVED
-CVE-2020-0193
- RESERVED
-CVE-2020-0192
- RESERVED
-CVE-2020-0191
- RESERVED
-CVE-2020-0190
- RESERVED
-CVE-2020-0189
- RESERVED
-CVE-2020-0188
- RESERVED
-CVE-2020-0187
- RESERVED
-CVE-2020-0186
- RESERVED
-CVE-2020-0185
- RESERVED
-CVE-2020-0184
- RESERVED
-CVE-2020-0183
- RESERVED
-CVE-2020-0182
- RESERVED
-CVE-2020-0181
- RESERVED
-CVE-2020-0180
- RESERVED
-CVE-2020-0179
- RESERVED
-CVE-2020-0178
- RESERVED
-CVE-2020-0177
- RESERVED
-CVE-2020-0176
- RESERVED
-CVE-2020-0175
- RESERVED
-CVE-2020-0174
- RESERVED
-CVE-2020-0173
- RESERVED
-CVE-2020-0172
- RESERVED
-CVE-2020-0171
- RESERVED
-CVE-2020-0170
- RESERVED
-CVE-2020-0169
- RESERVED
-CVE-2020-0168
- RESERVED
-CVE-2020-0167
- RESERVED
-CVE-2020-0166
- RESERVED
-CVE-2020-0165
- RESERVED
-CVE-2020-0164
- RESERVED
-CVE-2020-0163
- RESERVED
-CVE-2020-0162
- RESERVED
-CVE-2020-0161
- RESERVED
-CVE-2020-0160
- RESERVED
-CVE-2020-0159
- RESERVED
-CVE-2020-0158
- RESERVED
-CVE-2020-0157
- RESERVED
-CVE-2020-0156
- RESERVED
-CVE-2020-0155
- RESERVED
-CVE-2020-0154
- RESERVED
-CVE-2020-0153
- RESERVED
-CVE-2020-0152
- RESERVED
-CVE-2020-0151
- RESERVED
-CVE-2020-0150
- RESERVED
-CVE-2020-0149
- RESERVED
-CVE-2020-0148
- RESERVED
-CVE-2020-0147
- RESERVED
-CVE-2020-0146
- RESERVED
-CVE-2020-0145
- RESERVED
-CVE-2020-0144
- RESERVED
-CVE-2020-0143
- RESERVED
-CVE-2020-0142
- RESERVED
-CVE-2020-0141
- RESERVED
-CVE-2020-0140
- RESERVED
-CVE-2020-0139
- RESERVED
-CVE-2020-0138
- RESERVED
-CVE-2020-0137
- RESERVED
-CVE-2020-0136
- RESERVED
-CVE-2020-0135
- RESERVED
-CVE-2020-0134
- RESERVED
-CVE-2020-0133
- RESERVED
-CVE-2020-0132
- RESERVED
-CVE-2020-0131
- RESERVED
-CVE-2020-0130
- RESERVED
-CVE-2020-0129
- RESERVED
-CVE-2020-0128
- RESERVED
-CVE-2020-0127
- RESERVED
-CVE-2020-0126
- RESERVED
-CVE-2020-0125
- RESERVED
-CVE-2020-0124
- RESERVED
-CVE-2020-0123
- RESERVED
-CVE-2020-0122
- RESERVED
-CVE-2020-0121
- RESERVED
-CVE-2020-0120
- RESERVED
-CVE-2020-0119
- RESERVED
-CVE-2020-0118
- RESERVED
-CVE-2020-0117
- RESERVED
-CVE-2020-0116
- RESERVED
-CVE-2020-0115
- RESERVED
-CVE-2020-0114
- RESERVED
-CVE-2020-0113
- RESERVED
+CVE-2020-0219 (In onCreate of SliceDeepLinkSpringBoard.java there is a possible insec ...)
+ NOT-FOR-US: Android
+CVE-2020-0218 (In loadSoundModel and related functions of SoundTriggerHwService.cpp, ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0217 (In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds ...)
+ NOT-FOR-US: Android
+CVE-2020-0216 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2020-0215 (In onCreate of ConfirmConnectActivity.java, there is a possible leak o ...)
+ NOT-FOR-US: Android
+CVE-2020-0214 (In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible ou ...)
+ NOT-FOR-US: Android
+CVE-2020-0213 (In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0212 (In _onBufferDestroyed of InputBufferManager.cpp, there is a possible o ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0211 (In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0210 (In removeSharedAccountAsUser of AccountManager.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2020-0209 (In multiple functions of AccountManager.java, there is a possible perm ...)
+ NOT-FOR-US: Android
+CVE-2020-0208 (In multiple functions of AccountManager.java, there is a possible perm ...)
+ NOT-FOR-US: Android
+CVE-2020-0207 (In next_marker of jdmarker.c, there is a possible out of bounds read d ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0206 (In the settings app, there is a possible app crash due to improper inp ...)
+ NOT-FOR-US: Android
+CVE-2020-0205 (In the DaalaBitReader constructor of entropy_decoder.cc, there is a po ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0204 (In InstallPackage of package.cpp, there is a possible bypass of a sign ...)
+ NOT-FOR-US: Android
+CVE-2020-0203 (In freeIsolatedUidLocked of ProcessList.java, there is a possible UID ...)
+ NOT-FOR-US: Android
+CVE-2020-0202 (In onHandleIntent of TraceService.java, there is a possible bypass of ...)
+ NOT-FOR-US: Android
+CVE-2020-0201 (In showSecurityFields of WifiConfigController.java there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2020-0200 (In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of b ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0199 (In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0198 (In exif_data_load_data_content of exif-data.c, there is a possible UBS ...)
+ {DLA-2249-1}
+ - libexif 0.6.22-2 (bug #962345)
+ [buster] - libexif 0.6.21-5.1+deb10u4
+ [stretch] - libexif 0.6.21-2+deb9u4
+ NOTE: https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
+ NOTE: https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c
+CVE-2020-0197 (In InitDataParser::parsePssh of InitDataParser.cpp, there is a possibl ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0196 (In RegisterNotificationResponse::GetEvent of register_notification_pac ...)
+ NOT-FOR-US: Android
+CVE-2020-0195 (In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0194 (In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0193 (In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_ ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0192 (In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there i ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0191 (In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0190 (In ideint_weave_blk of ideint_utils.c, there is a possible out of boun ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0189 (In ihevcd_decode() of ihevcd_decode.c, there is possible resource exha ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0188 (In onCreatePermissionRequest of SettingsSliceProvider.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2020-0187 (In engineSetMode of BaseBlockCipher.java, there is a possible incorrec ...)
+ NOT-FOR-US: Android
+CVE-2020-0186 (In hal_fd_init of hal_fd.cc, there is a possible out of bounds write d ...)
+ NOT-FOR-US: Android
+CVE-2020-0185 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2020-0184 (In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinit ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0183 (In handleMessage of BluetoothManagerService, there is an incomplete re ...)
+ NOT-FOR-US: Android
+CVE-2020-0182 (In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...)
+ {DLA-2249-1}
+ - libexif 0.6.22-1 (low)
+ [buster] - libexif 0.6.21-5.1+deb10u4
+ [stretch] - libexif 0.6.21-2+deb9u4
+ NOTE: https://github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff (0.6.22)
+ NOTE: CVE originally originally reported by Android where a different patch was shipped
+CVE-2020-0181 (In exif_data_load_data_thumbnail of exif-data.c, there is a possible d ...)
+ {DSA-4618-1 DLA-2100-1}
+ - libexif 0.6.21-6 (bug #962346)
+ NOTE: https://android.googlesource.com/platform/external/libexif/+/f6c54954cbfc25eb73d2d2902f0597c0220174a4
+ NOTE: Fixed by the patch for CVE-2019-9278
+CVE-2020-0180 (In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out o ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0179 (In doSendObjectInfo of MtpServer.cpp, there is a possible path travers ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0178 (In getAllConfigFlags of SettingsProvider.cpp, there is a possible ille ...)
+ NOT-FOR-US: Android
+CVE-2020-0177 (In connect() of PanService.java, there is a possible permissions bypas ...)
+ NOT-FOR-US: Android
+CVE-2020-0176 (In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds ...)
+ NOT-FOR-US: Android
+CVE-2020-0175 (In XMF_ReadNode of eas_xmf.c, there is possible resource exhaustion du ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0174 (In Parse_ptbl of eas_mdls.c, there is possible resource exhaustion due ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0173 (In Parse_lins of eas_mdls.c, there is possible resource exhaustion due ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0172 (In Parse_art of eas_mdls.c, there is possible resource exhaustion due ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0171 (In Parse_lart of eas_mdls.c, there is possible resource exhaustion due ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0170 (In IMY_Event of eas_imelody.c, there is possible resource exhaustion d ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0169 (In RTTTL_Event of eas_rtttl.c, there is possible resource exhaustion d ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0168 (In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c, the ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0167 (In load of ResourceTypes.cpp, there is a possible out of bounds read d ...)
+ NOT-FOR-US: Android
+CVE-2020-0166 (In multiple functions of URI.java, there is a possible escalation of p ...)
+ NOT-FOR-US: Android
+CVE-2020-0165 (In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is ...)
+ NOT-FOR-US: Android
+CVE-2020-0164 (In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is ...)
+ NOT-FOR-US: Android
+CVE-2020-0163 (In parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp, there i ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0162 (In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0161 (In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaus ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0160 (In setSyncSampleParams of SampleTable.cpp, there is possible resource ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0159 (In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds r ...)
+ NOT-FOR-US: Android
+CVE-2020-0158 (In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible o ...)
+ NOT-FOR-US: Android
+CVE-2020-0157 (In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2020-0156 (In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read ...)
+ NOT-FOR-US: Android
+CVE-2020-0155 (In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2020-0154 (In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds ...)
+ NOT-FOR-US: Android
+CVE-2020-0153 (In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible ou ...)
+ NOT-FOR-US: Android
+CVE-2020-0152 (In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0151 (In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible o ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0150 (In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2020-0149 (In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of ...)
+ NOT-FOR-US: Android
+CVE-2020-0148 (In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and b ...)
+ NOT-FOR-US: Android
+CVE-2020-0147 (In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2020-0146 (In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2020-0145 (In btm_simple_pair_complete of btm_sec.cc, there is a possible out of ...)
+ NOT-FOR-US: Android
+CVE-2020-0144 (In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bound ...)
+ NOT-FOR-US: Android
+CVE-2020-0143 (In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2020-0142 (In rw_i93_sm_format of rw_i93.c, there is a possible information discl ...)
+ NOT-FOR-US: Android
+CVE-2020-0141 (In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possib ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0140 (In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information ...)
+ NOT-FOR-US: Android
+CVE-2020-0139 (In NDEF_MsgValidate of ndef_utils.c, there is a possible out of bounds ...)
+ NOT-FOR-US: Android
+CVE-2020-0138 (In get_element_attr_rsp of btif_rc.cc, there is a possible out of boun ...)
+ NOT-FOR-US: Android
+CVE-2020-0137 (In setIPv6AddrGenMode of NetworkManagementService.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2020-0136 (In multiple locations of Parcel.cpp, there is a possible out-of-bounds ...)
+ NOT-FOR-US: Android
+CVE-2020-0135 (In dump of RollbackManagerServiceImpl.java, there is a possible backup ...)
+ NOT-FOR-US: Android
+CVE-2020-0134 (In BnDrm::onTransact of IDrm.cpp, there is a possible information disc ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0133 (In MockLocationAppPreferenceController.java, it is possible to mock th ...)
+ NOT-FOR-US: Android
+CVE-2020-0132 (In BnAAudioService::onTransact of IAAudioService.cpp, there is a possi ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0131 (In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0130 (In screencap, there is a possible command injection due to improper in ...)
+ NOT-FOR-US: Android
+CVE-2020-0129 (In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound w ...)
+ NOT-FOR-US: Android
+CVE-2020-0128 (In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds r ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0127 (In AudioStream::decode of AudioGroup.cpp, there is a possible out of b ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0126 (In multiple functions in DrmPlugin.cpp, there is a possible use after ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0125 (In mediadrm, there is a possible out of bounds read due to a missing b ...)
+ NOT-FOR-US: Android Media framework
+CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2020-0123 (There is a possible out of bounds write due to an incorrect bounds che ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2020-0122 (In the permission declaration for com.google.android.providers.gsf.per ...)
+ NOT-FOR-US: Android
+CVE-2020-0121 (In updateUidProcState of AppOpsService.java, there is a possible permi ...)
+ NOT-FOR-US: Android
+CVE-2020-0120 (In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possib ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0119 (In addOrUpdateNetworkInternal and related functions of WifiConfigManag ...)
+ NOT-FOR-US: Android
+CVE-2020-0118 (In addListener of RegionSamplingThread.cpp, there is a possible out of ...)
+ NOT-FOR-US: Android Media Framework
+CVE-2020-0117 (In aes_cmac of aes_cmac.cc, there is a possible out of bounds write du ...)
+ NOT-FOR-US: Android
+CVE-2020-0116 (In checkSystemLocationAccess of LocationAccessPolicy.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2020-0115 (In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2020-0114 (In onCreateSliceProvider of KeyguardSliceProvider.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2020-0113 (In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible ou ...)
+ NOT-FOR-US: Android Media Framework
CVE-2020-0112
RESERVED
CVE-2020-0111
@@ -30421,10 +72422,10 @@ CVE-2020-0110 (In psi_write of psi.c, there is a possible out of bounds write du
NOTE: https://git.kernel.org/linus/6fcca0fa48118e6d63733eb4644c6cd880c15b8f (5.6-rc2)
CVE-2020-0109 (In simulatePackageSuspendBroadcast of NotificationManagerService.java, ...)
NOT-FOR-US: Android
-CVE-2020-0108
- RESERVED
-CVE-2020-0107
- RESERVED
+CVE-2020-0108 (In postNotification of ServiceRecord.java, there is a possible bypass ...)
+ NOT-FOR-US: Android
+CVE-2020-0107 (In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible ...)
+ NOT-FOR-US: Android
CVE-2020-0106 (In getCellLocation of PhoneInterfaceManager.java, there is a possible ...)
NOT-FOR-US: Android
CVE-2020-0105 (In onKeyguardVisibilityChanged of key_store_service.cpp, there is a mi ...)
@@ -30439,8 +72440,8 @@ CVE-2020-0101 (In BnCrypto::onTransact of ICrypto.cpp, there is a possible infor
NOT-FOR-US: Android media framework
CVE-2020-0100 (In onTransact of IHDCP.cpp, there is a possible out of bounds read due ...)
NOT-FOR-US: Android media framework
-CVE-2020-0099
- RESERVED
+CVE-2020-0099 (In addWindow of WindowManagerService.java, there is a possible window ...)
+ NOT-FOR-US: Android
CVE-2020-0098 (In navigateUpToLocked of ActivityStack.java, there is a possible permi ...)
NOT-FOR-US: Android
CVE-2020-0097 (In various methods of PackageManagerService.java, there is a possible ...)
@@ -30449,13 +72450,14 @@ CVE-2020-0096 (In startActivities of ActivityStartController.java, there is a po
NOT-FOR-US: Android
CVE-2020-0095
RESERVED
+ NOT-FOR-US: Android Media Framework
CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possi ...)
NOT-FOR-US: Android media framework
CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a possible out o ...)
{DLA-2214-1}
- libexif 0.6.21-8
- [buster] - libexif <no-dsa> (Minor issue)
- [stretch] - libexif <no-dsa> (Minor issue)
+ [buster] - libexif 0.6.21-5.1+deb10u2
+ [stretch] - libexif 0.6.21-2+deb9u2
NOTE: https://github.com/libexif/libexif/issues/42
NOTE: https://github.com/libexif/libexif/commit/5ae5973bed1947f4d447dc80b76d5cefadd90133
CVE-2020-0092 (In setHideSensitive of NotificationStackScrollLayout.java, there is a ...)
@@ -30464,9 +72466,9 @@ CVE-2020-0091 (In mnld, an incorrect configuration in driver_cfg of mnld for met
NOT-FOR-US: Mediatek components for Android
CVE-2020-0090 (An improper authorization in the receiver component of Email.Product: ...)
NOT-FOR-US: Mediatek components for Android
-CVE-2020-0089
- RESERVED
-CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible re ...)
+CVE-2020-0089 (In the audio server, there is a missing permission check. This could l ...)
+ NOT-FOR-US: Android
+CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible reso ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...)
NOT-FOR-US: Android
@@ -30494,8 +72496,8 @@ CVE-2020-0076 (In get_auth_result of the FPC IRIS TrustZone app, there is a poss
NOT-FOR-US: Android
CVE-2020-0075 (In set_shared_key of the FPC IRIS TrustZone app, there is a possible o ...)
NOT-FOR-US: Android
-CVE-2020-0074
- RESERVED
+CVE-2020-0074 (In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is ...)
+ NOT-FOR-US: Android
CVE-2020-0073 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...)
NOT-FOR-US: Android
CVE-2020-0072 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...)
@@ -30511,6 +72513,7 @@ CVE-2020-0068 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possib
CVE-2020-0067 (In f2fs_xattr_generic_list of xattr.c, there is a possible out of boun ...)
- linux 5.5.13-1
[buster] - linux 4.19.118-1
+ [stretch] - linux <ignored> (f2fs is not supportable)
[jessie] - linux <ignored> (f2fs is not supportable)
NOTE: https://git.kernel.org/linus/688078e7f36c293dae25b338ddc9e0a2790f6e06
CVE-2020-0066 (In the netlink driver, there is a possible out of bounds write due to ...)
@@ -30585,9 +72588,8 @@ CVE-2020-0036 (In hasPermissions of PermissionMonitor.java, there is a possible
CVE-2020-0035 (In query of TelephonyProvider.java, there is a possible access to SIM ...)
NOT-FOR-US: Android
CVE-2020-0034 (In vp8_decode_frame of decodeframe.c, there is a possible out of bound ...)
- {DLA-2136-1}
+ {DLA-2829-1 DLA-2136-1}
- libvpx 1.7.0-3
- [stretch] - libvpx <no-dsa> (Minor issue)
NOTE: https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a
CVE-2020-0033 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...)
NOT-FOR-US: Android media framework
@@ -30606,8 +72608,8 @@ CVE-2020-0027 (In HidRawSensor::batch of HidRawSensor.cpp, there is a possible o
NOT-FOR-US: Android
CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp, there is possible memory corru ...)
NOT-FOR-US: Android
-CVE-2020-0025
- RESERVED
+CVE-2020-0025 (In deletePackageVersionedInternal of PackageManagerService.java, there ...)
+ NOT-FOR-US: Android
CVE-2020-0024 (In onCreate of SettingsBaseActivity.java, there is a possible unauthor ...)
NOT-FOR-US: Android
CVE-2020-0023 (In setPhonebookAccessPermission of AdapterService.java, there is a pos ...)
@@ -30618,14 +72620,14 @@ CVE-2020-0021 (In removeUnusedPackagesLPw of PackageManagerService.java, there i
NOT-FOR-US: Android
CVE-2020-0020 (In getAttributeRange of ExifInterface.java, there is a possible failur ...)
NOT-FOR-US: Android
-CVE-2020-0019
- RESERVED
+CVE-2020-0019 (In the Broadcom Nexus firmware, there is an insecure default password. ...)
+ NOT-FOR-US: Broadcom components for Android
CVE-2020-0018 (In MotionEntry::appendDescription of InputDispatcher.cpp, there is a p ...)
NOT-FOR-US: Android
CVE-2020-0017 (In multiple places, it was possible for the primary user&#8217;s dicti ...)
NOT-FOR-US: Android
-CVE-2020-0016
- RESERVED
+CVE-2020-0016 (In the Broadcom Nexus firmware, there is an insecure default password. ...)
+ NOT-FOR-US: Broadcom components for Android
CVE-2020-0015 (In onCreate of CertInstaller.java, there is a possible way to overlay ...)
NOT-FOR-US: Android
CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TOAST w ...)
@@ -30639,9 +72641,10 @@ CVE-2020-0011 (In get_auth_result of fpc_ta_hw_auth.c, there is a possible out o
CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of b ...)
NOT-FOR-US: FPC components for Android
CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...)
+ {DLA-2241-1}
- linux 5.5.13-1
[buster] - linux 4.19.118-1
- [jessie] - linux <ignored> (Driver is not enabled or supported)
+ [stretch] - linux 4.9.228-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1949
CVE-2020-0008 (In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there ...)
NOT-FOR-US: Android
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
new file mode 100644
index 0000000000..06406baf29
--- /dev/null
+++ b/data/CVE/2021.list
@@ -0,0 +1,71102 @@
+CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket transport. An ...)
+ NOT-FOR-US: PreMiD
+CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...)
+ - libsixel <unfixed>
+ [bullseye] - libsixel <no-dsa> (Minor issue)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/saitoha/libsixel/issues/158
+CVE-2021-4222
+ RESERVED
+CVE-2021-4221
+ RESERVED
+CVE-2021-46699
+ RESERVED
+CVE-2021-4220
+ REJECTED
+CVE-2021-4219
+ RESERVED
+CVE-2021-46687
+ RESERVED
+CVE-2021-46270
+ RESERVED
+CVE-2021-45730
+ RESERVED
+CVE-2021-45721
+ RESERVED
+CVE-2021-45074
+ RESERVED
+CVE-2021-41834
+ RESERVED
+CVE-2021-23163
+ RESERVED
+CVE-2021-22590
+ RESERVED
+CVE-2021-46681
+ RESERVED
+CVE-2021-46680
+ RESERVED
+CVE-2021-46679
+ RESERVED
+CVE-2021-46678
+ RESERVED
+CVE-2021-46677
+ RESERVED
+CVE-2021-46676
+ RESERVED
+CVE-2021-46675
+ RESERVED
+CVE-2021-46674
+ RESERVED
+CVE-2021-46673
+ RESERVED
+CVE-2021-46672
+ RESERVED
+CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array, and co ...)
+ - atftp 0.7.git20210915-1 (bug #1004974)
+ [bullseye] - atftp <no-dsa> (Minor issue)
+ [buster] - atftp <no-dsa> (Minor issue)
+ [stretch] - atftp <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5)
+CVE-2021-46670
+ RESERVED
+CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25638
+CVE-2021-46668 (MariaDB through 10.5.9 allows an application crash via certain long SE ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25787
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-46667 (MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an ...)
+ - mariadb-10.6 1:10.6.5-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-26350
+ NOTE: Fixed in MariaDB: 10.2.41, 10.3.32, 10.4.22, 10.5.13, 10.6.5
+CVE-2021-46666 (MariaDB before 10.6.2 allows an application crash because of mishandli ...)
+ - mariadb-10.6 <not-affected> (Fixed before initial upload to Debian)
+ - mariadb-10.5 1:10.5.11-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ NOTE: https://jira.mariadb.org/browse/MDEV-25635
+ NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2
+CVE-2021-46665 (MariaDB through 10.5.9 allows a sql_parse.cc application crash because ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25636
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-46664 (MariaDB through 10.5.9 allows an application crash in sub_select_postj ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25761
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-46663 (MariaDB through 10.5.13 allows a ha_maria::extra application crash via ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-26351
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-46662 (MariaDB through 10.5.9 allows a set_var.cc application crash via certa ...)
+ - mariadb-10.6 1:10.6.5-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25637
+ NOTE: https://jira.mariadb.org/browse/MDEV-22464
+ NOTE: Fixed in MariaDB: 10.3.32, 10.4.22, 10.5.13, 10.6.5
+CVE-2021-46661 (MariaDB through 10.5.9 allows an application crash in find_field_in_ta ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25766
+ NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43
+CVE-2021-4218
+ RESERVED
+ - linux 5.8.7-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048359
+ NOTE: Fixed by: https://git.kernel.org/linus/32927393dc1ccd60fb2bdc05b9e8e88753761469 (5.8-rc1)
+CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) a ...)
+ NOT-FOR-US: Signiant Manager+Agents
+CVE-2021-46659 (MariaDB before 10.7.2 allows an application crash because it does not ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25631
+ NOTE: Fixed in MariaDB: 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6, 10.7.2
+CVE-2021-46658 (save_window_function_values in MariaDB before 10.6.3 allows an applica ...)
+ - mariadb-10.6 <not-affected> (Fixed before initial upload to Debian)
+ - mariadb-10.5 1:10.5.11-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ NOTE: https://jira.mariadb.org/browse/MDEV-25630
+ NOTE: Fixed in MariaDB: 10.2.40, 10.3.31, 10.4.21, 10.5.12, 10.6.3
+CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application crash ...)
+ - mariadb-10.6 <not-affected> (Fixed before initial upload to Debian)
+ - mariadb-10.5 1:10.5.11-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ NOTE: https://jira.mariadb.org/browse/MDEV-25629
+ NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2
+CVE-2021-4217 [Null pointer dereference in Unicode strings code]
+ RESERVED
+ - unzip <unfixed> (unimportant)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044583
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-4216
+ RESERVED
+CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46655 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46654 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46653 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46652 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-46651 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46650 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46649 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46648 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46647 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46646 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46645 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46644 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46643 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46642 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46641 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46640 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46639 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46637 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46636 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46635 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46634 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46633 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46632 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46631 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46630 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46629 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46628 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46627 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46626 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46625 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46624 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46623 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46622 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46621 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46620 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46619 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46618 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46617 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46616 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46615 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46614 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46613 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46612 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46611 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46610 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46609 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46608 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46607 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46606 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46605 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46604 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46603 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46602 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46601 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46600 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46599 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46598 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46597 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46596 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46595 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46594 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46593 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46592 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46591 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46590 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46589 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46588 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46587 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46586 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46585 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46584 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46583 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46582 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46581 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46580 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46579 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46578 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46577 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46576 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46575 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46574 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46573 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46572 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46571 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46570 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46569 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46568 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46567 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46566 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46565 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46564 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46563 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46562 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley
+CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...)
+ NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API
+CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...)
+ NOT-FOR-US: Moxa
+CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...)
+ NOT-FOR-US: Moxa
+CVE-2021-4215
+ RESERVED
+CVE-2021-4214
+ RESERVED
+ - libpng1.6 <unfixed> (unimportant)
+ NOTE: https://github.com/glennrp/libpng/issues/302
+ NOTE: Crash in CLI package, not shipped in binary packages
+CVE-2021-4213
+ RESERVED
+ - jss <unfixed>
+ [bullseye] - jss <no-dsa> (Minor issue)
+ [buster] - jss <no-dsa> (Minor issue)
+ [stretch] - jss <postponed> (revisit when/if fix is complete)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2042900
+ NOTE: https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448
+CVE-2021-4212
+ RESERVED
+CVE-2021-4211
+ RESERVED
+CVE-2021-4210
+ RESERVED
+CVE-2021-46558 (Multiple cross-site scripting (XSS) vulnerabilities in the Add User mo ...)
+ NOT-FOR-US: Issabel
+CVE-2021-46557 (Vicidial 2.14-783a was discovered to contain a cross-site scripting (X ...)
+ NOT-FOR-US: Vicidial
+CVE-2021-46556 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46555
+ RESERVED
+CVE-2021-46554 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46553 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46552
+ RESERVED
+CVE-2021-46551
+ RESERVED
+CVE-2021-46550 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46549 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46548 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46547 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46546 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46545 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46544 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46543 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46542 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46541 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46540 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46539 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46538 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46537 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46536
+ RESERVED
+CVE-2021-46535 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46534 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46533
+ RESERVED
+CVE-2021-46532 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46531 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46530 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46529 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46528 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46527 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46526 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46525 (Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free vi ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46524 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46523 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46522 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46521 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46520 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46519 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46518 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46517 (There is an Assertion `mjs_stack_size(&amp;mjs-&gt;scopes) &gt; 0' fai ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46516 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46515 (There is an Assertion `mjs_stack_size(&amp;mjs-&gt;scopes) &gt;= scope ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46514 (There is an Assertion 'ppos != NULL &amp;&amp; mjs_is_number(*ppos)' f ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46513 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46512 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46511 (There is an Assertion `m-&gt;len &gt;= sizeof(v)' failed at src/mjs_co ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46510 (There is an Assertion `s &lt; mjs-&gt;owned_strings.buf + mjs-&gt;owne ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46509 (Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snq ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46508 (There is an Assertion `i &lt; parts_cnt' failed at src/mjs_bcode.c in ...)
+ NOT-FOR-US: Cesanta MJS
+CVE-2021-46507 (Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46506 (There is an Assertion 'v-&gt;d.lval != v' failed at src/jsiValue.c in ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46505 (Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46504 (There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5 ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46503 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/ ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46502 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/ ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46501 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortS ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46500 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_A ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46499 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_V ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46498 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_w ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46497 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_U ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46496 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_O ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46495 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Delet ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46494 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_V ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46493
+ RESERVED
+CVE-2021-46492 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Fu ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46491 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Co ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46490 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Number ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46489 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_D ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46488 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_Ar ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46487 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46486 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_Ar ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46485 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Va ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46484 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_I ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46483 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Bool ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46482 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Numb ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46481 (Jsish v3.5.0 was discovered to contain a memory leak via linenoise at ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46480 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiV ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46479
+ RESERVED
+CVE-2021-46478 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiC ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46477 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegE ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46476
+ RESERVED
+CVE-2021-46475 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46474 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiE ...)
+ NOT-FOR-US: Jsish
+CVE-2021-46473
+ RESERVED
+CVE-2021-46472
+ RESERVED
+CVE-2021-46471
+ RESERVED
+CVE-2021-46470
+ RESERVED
+CVE-2021-46469
+ RESERVED
+CVE-2021-46468
+ RESERVED
+CVE-2021-46467
+ RESERVED
+CVE-2021-46466
+ RESERVED
+CVE-2021-46465
+ RESERVED
+CVE-2021-46464
+ RESERVED
+CVE-2021-46463 (njs through 0.7.1, used in NGINX, was discovered to contain a control ...)
+ NOT-FOR-US: njs
+CVE-2021-46462 (njs through 0.7.1, used in NGINX, was discovered to contain a segmenta ...)
+ NOT-FOR-US: njs
+CVE-2021-46461 (njs through 0.7.0, used in NGINX, was discovered to contain an out-of- ...)
+ NOT-FOR-US: njs
+CVE-2021-46460
+ RESERVED
+CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL injection vulne ...)
+ NOT-FOR-US: Victor CMS
+CVE-2021-46458 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...)
+ NOT-FOR-US: Victor CMS
+CVE-2021-46457 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46456 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46455 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46454 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46453 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46452 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46451 (An SQL Injection vulnerabilty exists in Sourcecodester Online Project ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46450
+ RESERVED
+CVE-2021-46449
+ RESERVED
+CVE-2021-46448 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46447 (A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46446 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46445 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...)
+ NOT-FOR-US: H.H.G Multistore
+CVE-2021-46443
+ RESERVED
+CVE-2021-46442
+ RESERVED
+CVE-2021-46441
+ RESERVED
+CVE-2021-46440
+ RESERVED
+CVE-2021-46439
+ RESERVED
+CVE-2021-46438
+ RESERVED
+CVE-2021-46437
+ RESERVED
+CVE-2021-46436
+ RESERVED
+CVE-2021-46435
+ RESERVED
+CVE-2021-46434
+ RESERVED
+CVE-2021-46433
+ RESERVED
+CVE-2021-46432
+ RESERVED
+CVE-2021-46431
+ RESERVED
+CVE-2021-46430
+ RESERVED
+CVE-2021-46429
+ RESERVED
+CVE-2021-46428 (A Remote Code Execution (RCE) vulnerability exists in Sourcecodester S ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46427 (An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46426
+ RESERVED
+CVE-2021-46425
+ RESERVED
+CVE-2021-46424
+ RESERVED
+CVE-2021-46423
+ RESERVED
+CVE-2021-46422
+ RESERVED
+CVE-2021-46421
+ RESERVED
+CVE-2021-46420
+ RESERVED
+CVE-2021-46419
+ RESERVED
+CVE-2021-46418
+ RESERVED
+CVE-2021-46417
+ RESERVED
+CVE-2021-46416
+ RESERVED
+CVE-2021-46415
+ RESERVED
+CVE-2021-46414
+ RESERVED
+CVE-2021-46413
+ RESERVED
+CVE-2021-46412
+ RESERVED
+CVE-2021-46411
+ RESERVED
+CVE-2021-46410
+ RESERVED
+CVE-2021-46409
+ RESERVED
+CVE-2021-46408
+ RESERVED
+CVE-2021-46407
+ RESERVED
+CVE-2021-46406
+ RESERVED
+CVE-2021-46405
+ RESERVED
+CVE-2021-46404
+ RESERVED
+CVE-2021-4209
+ RESERVED
+CVE-2021-46403
+ RESERVED
+CVE-2021-4208 (The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-46402
+ RESERVED
+CVE-2021-46401
+ RESERVED
+CVE-2021-46400
+ RESERVED
+CVE-2021-46399
+ RESERVED
+CVE-2021-46398 (A Cross-Site Request Forgery vulnerability exists in Filebrowser &lt; ...)
+ NOT-FOR-US: FileBrowser
+CVE-2021-46397
+ RESERVED
+CVE-2021-46396
+ RESERVED
+CVE-2021-46395
+ RESERVED
+CVE-2021-46394
+ RESERVED
+CVE-2021-46393
+ RESERVED
+CVE-2021-46392
+ RESERVED
+CVE-2021-46391
+ RESERVED
+CVE-2021-46390
+ RESERVED
+CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...)
+ NOT-FOR-US: IIPImage High Resolution Streaming Image Server
+CVE-2021-46388 (WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affec ...)
+ NOT-FOR-US: WAGO
+CVE-2021-46387
+ RESERVED
+CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS &lt;=5.2.5 is affected by: File U ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS &lt;=5.2.5 is affected by: SQL In ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46384
+ RESERVED
+CVE-2021-46383 (https://gitee.com/mingSoft/MCMS MCMS &lt;=5.2.5 is affected by: SQL In ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46382
+ RESERVED
+CVE-2021-46381
+ RESERVED
+CVE-2021-46380
+ RESERVED
+CVE-2021-46379
+ RESERVED
+CVE-2021-46378
+ RESERVED
+CVE-2021-46377 (There is a front-end sql injection vulnerability in cszcms 1.2.9 via c ...)
+ NOT-FOR-US: cszcms
+CVE-2021-46376
+ RESERVED
+CVE-2021-46375
+ RESERVED
+CVE-2021-46374
+ RESERVED
+CVE-2021-46373
+ RESERVED
+CVE-2021-46372 (Scoold 1.47.2 is a Q&amp;A/knowledge base platform written in Java. Wh ...)
+ NOT-FOR-US: Scoold
+CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...)
+ NOT-FOR-US: antd-admin
+CVE-2021-46370
+ RESERVED
+CVE-2021-46369
+ RESERVED
+CVE-2021-46368 (TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path s ...)
+ NOT-FOR-US: TRIGONE Remote System Monitor
+CVE-2021-46367
+ RESERVED
+CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46364 (A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and be ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46363 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46362 (A Server-Side Template Injection (SSTI) vulnerability in the Registrat ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46361 (An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allo ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...)
+ NOT-FOR-US: Composr-CMS
+CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...)
+ NOT-FOR-US: FISCO-BCOS
+CVE-2021-46358
+ RESERVED
+CVE-2021-46357
+ RESERVED
+CVE-2021-46356
+ RESERVED
+CVE-2021-46355 (OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To expl ...)
+ NOT-FOR-US: OCS Inventory (not the same as ocsinventory-server)
+CVE-2021-46354 (Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version ...)
+ NOT-FOR-US: Thinfinity VirtualUI
+CVE-2021-46353
+ RESERVED
+CVE-2021-46352
+ RESERVED
+CVE-2021-46351 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4940
+CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at jerrysc ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4953
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4936
+CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECM ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4937
+CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' fa ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4961
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4941
+CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4938
+CVE-2021-46346 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4939
+CVE-2021-46345 (There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4946
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4920
+CVE-2021-46344 (There is an Assertion 'flags &amp; PARSER_PATTERN_HAS_REST_ELEMENT' fa ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4950
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4928
+CVE-2021-46343 (There is an Assertion 'context_p-&gt;token.type == LEXER_LITERAL' fail ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4947
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4921
+CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4952
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4934
+CVE-2021-46341
+ RESERVED
+CVE-2021-46340 (There is an Assertion 'context_p-&gt;stack_top_uint8 == SCAN_STACK_TRY ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4964
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4924
+CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_siz ...)
+ - iotjs <undetermined>
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4935
+CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' failed ...)
+ - iotjs <unfixed> (bug #1004288)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4943
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4933
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4900
+CVE-2021-46337 (There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser- ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4951
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4930
+CVE-2021-46336 (There is an Assertion 'opts &amp; PARSER_CLASS_LITERAL_CTOR_PRESENT' f ...)
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4949
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4927
+CVE-2021-46335 (Moddable SDK v11.5.0 was discovered to contain a NULL pointer derefere ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46334 (Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46333 (Moddable SDK v11.5.0 was discovered to contain an invalid memory acces ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46332 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46331 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46330 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46329 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46328 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46327 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46326 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...)
+ NOT-FOR-US: Moddable SDK
+CVE-2021-46325 (Espruino 2v10.246 was discovered to contain a stack buffer overflow vi ...)
+ NOT-FOR-US: Espruino
+CVE-2021-46324 (Espruino 2v11.251 was discovered to contain a stack buffer overflow vi ...)
+ NOT-FOR-US: Espruino
+CVE-2021-46323 (Espruino 2v11.251 was discovered to contain a SEGV vulnerability via s ...)
+ NOT-FOR-US: Espruino
+CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability via th ...)
+ NOT-FOR-US: Duktape
+CVE-2021-46321 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46320 (In OpenZeppelin &lt;=v4.4.0, initializer functions that are invoked se ...)
+ NOT-FOR-US: OpenZeppelin
+CVE-2021-46319 (Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR- ...)
+ NOT-FOR-US: Dlink DIR-846 Router
+CVE-2021-46318
+ RESERVED
+CVE-2021-46317
+ RESERVED
+CVE-2021-46316
+ RESERVED
+CVE-2021-46315 (Remote Command Execution (RCE) vulnerability exists in HNAP1/control/S ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46314 (A Remote Command Execution (RCE) vulnerability exists in HNAP1/control ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2039
+ NOTE: https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba
+CVE-2021-46312
+ RESERVED
+CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2038
+ NOTE: https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491
+CVE-2021-46310
+ RESERVED
+CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...)
+ NOT-FOR-US: Projectworlds Online Examination System
+CVE-2021-46306
+ RESERVED
+CVE-2021-46305
+ RESERVED
+CVE-2021-46304
+ RESERVED
+CVE-2021-46303
+ RESERVED
+CVE-2021-46302
+ RESERVED
+CVE-2021-46301
+ RESERVED
+CVE-2021-46300
+ RESERVED
+CVE-2021-46299
+ RESERVED
+CVE-2021-46298
+ RESERVED
+CVE-2021-46297
+ RESERVED
+CVE-2021-46296
+ RESERVED
+CVE-2021-46295
+ RESERVED
+CVE-2021-46294
+ RESERVED
+CVE-2021-46293
+ RESERVED
+CVE-2021-46292
+ RESERVED
+CVE-2021-46291
+ RESERVED
+CVE-2021-46290
+ RESERVED
+CVE-2021-46289
+ RESERVED
+CVE-2021-46288
+ RESERVED
+CVE-2021-46287
+ RESERVED
+CVE-2021-46286
+ RESERVED
+CVE-2021-46285
+ RESERVED
+CVE-2021-46284
+ RESERVED
+CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-44760
+ RESERVED
+CVE-2021-4207
+ RESERVED
+CVE-2021-4206
+ RESERVED
+CVE-2021-4205
+ RESERVED
+CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability discovere ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Ever ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-23209
+ RESERVED
+CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-23150
+ RESERVED
+CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ad9f151e560b016b6ad3280b48e42fa11e1a5440 (5.13-rc7)
+CVE-2021-4204 [eBPF Improper Input Validation Vulnerability]
+ RESERVED
+ - linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/4
+CVE-2021-46269
+ RESERVED
+CVE-2021-46268
+ RESERVED
+CVE-2021-46267
+ RESERVED
+CVE-2021-46266
+ RESERVED
+CVE-2021-46265 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46264 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46263 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46262 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...)
+ NOT-FOR-US: Tenda
+CVE-2021-46261
+ RESERVED
+CVE-2021-46260
+ RESERVED
+CVE-2021-46259
+ RESERVED
+CVE-2021-46258
+ RESERVED
+CVE-2021-46257
+ RESERVED
+CVE-2021-46256
+ RESERVED
+CVE-2021-46255 (eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to ...)
+ NOT-FOR-US: eyouCMS
+CVE-2021-46254
+ RESERVED
+CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post function ...)
+ NOT-FOR-US: Anchor CMS
+CVE-2021-46252 (A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of S ...)
+ NOT-FOR-US: scratch-confirmaccount-v3
+CVE-2021-46251 (A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit ...)
+ NOT-FOR-US: ScratchOAuth2
+CVE-2021-46250 (An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879 ...)
+ NOT-FOR-US: ScratchOAuth2
+CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Specific ...)
+ NOT-FOR-US: ScratchOAuth2
+CVE-2021-46248
+ RESERVED
+CVE-2021-46247 (The use of a hard-coded cryptographic key significantly increases the ...)
+ NOT-FOR-US: ASUS
+CVE-2021-46246
+ RESERVED
+CVE-2021-46245
+ RESERVED
+CVE-2021-46244 (A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1327
+ NOTE: https://github.com/advisories/GHSA-vrxh-5gxg-rmhm
+CVE-2021-46243 (An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1326
+ NOTE: https://github.com/advisories/GHSA-2rqw-mg55-mp69
+CVE-2021-46242 (HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1329
+ NOTE: https://github.com/advisories/GHSA-x9pw-hh7v-wjpf
+CVE-2021-46241
+ RESERVED
+CVE-2021-46240 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2028
+ NOTE: https://github.com/gpac/gpac/commit/31eb879ea67b3a6ff67d3211f4c6b83369d4898d
+CVE-2021-46239 (The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2026
+ NOTE: https://github.com/gpac/gpac/commit/4e1215758fa89455e8de1262df36f11740bb1bc4
+CVE-2021-46238 (GPAC v1.1.0 was discovered to contain a stack overflow via the functio ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2027
+ NOTE: https://github.com/gpac/gpac/commit/4b9736ab8c9274db5858e5bf9fe0470bc3e7b6cf
+CVE-2021-46237 (An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 v ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2033
+ NOTE: https://github.com/gpac/gpac/commit/3cc122ad664a2355cce9784f50b59c6272d43f00
+CVE-2021-46236 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2024
+ NOTE: https://github.com/gpac/gpac/commit/6a5effb57153cb05e72f6e9bd72afefc334a673d
+CVE-2021-46235
+ RESERVED
+CVE-2021-46234 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2023
+ NOTE: https://github.com/gpac/gpac/commit/70c6f6f832dccff814a19a74d87b97b3d68a4af5
+CVE-2021-46233 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46232 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46231 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46230 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46229 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46228 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46227 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46226 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46225 (A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allo ...)
+ NOT-FOR-US: libMeshb
+CVE-2021-46224
+ RESERVED
+CVE-2021-46223
+ RESERVED
+CVE-2021-46222
+ RESERVED
+CVE-2021-46221
+ RESERVED
+CVE-2021-46220
+ RESERVED
+CVE-2021-46219
+ RESERVED
+CVE-2021-46218
+ RESERVED
+CVE-2021-46217
+ RESERVED
+CVE-2021-46216
+ RESERVED
+CVE-2021-46215
+ RESERVED
+CVE-2021-46214
+ RESERVED
+CVE-2021-46213
+ RESERVED
+CVE-2021-46212
+ RESERVED
+CVE-2021-46211
+ RESERVED
+CVE-2021-46210
+ RESERVED
+CVE-2021-46209
+ RESERVED
+CVE-2021-46208
+ RESERVED
+CVE-2021-46207
+ RESERVED
+CVE-2021-46206
+ RESERVED
+CVE-2021-46205
+ RESERVED
+CVE-2021-46204 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...)
+ NOT-FOR-US: taocms
+CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...)
+ NOT-FOR-US: taocms
+CVE-2021-46202
+ RESERVED
+CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort ...)
+ NOT-FOR-US: Sourcecodester Online Resort Management System
+CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46199
+ RESERVED
+CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46197
+ RESERVED
+CVE-2021-46196
+ RESERVED
+CVE-2021-46195 (GCC v12.0 was discovered to contain an uncontrolled recursion via the ...)
+ - binutils <unfixed> (unimportant)
+ NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841
+ NOTE: binutils not covered by security support
+CVE-2021-46194
+ RESERVED
+CVE-2021-46193
+ RESERVED
+CVE-2021-46192
+ RESERVED
+CVE-2021-46191
+ RESERVED
+CVE-2021-46190
+ RESERVED
+CVE-2021-46189
+ RESERVED
+CVE-2021-46188
+ RESERVED
+CVE-2021-46187
+ RESERVED
+CVE-2021-46186
+ RESERVED
+CVE-2021-46185
+ RESERVED
+CVE-2021-46184
+ RESERVED
+CVE-2021-46183
+ RESERVED
+CVE-2021-46182
+ RESERVED
+CVE-2021-46181
+ RESERVED
+CVE-2021-46180
+ RESERVED
+CVE-2021-46179
+ RESERVED
+CVE-2021-46178
+ RESERVED
+CVE-2021-46177
+ RESERVED
+CVE-2021-46176
+ RESERVED
+CVE-2021-46175
+ RESERVED
+CVE-2021-46174
+ RESERVED
+CVE-2021-46173
+ RESERVED
+CVE-2021-46172
+ RESERVED
+CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...)
+ NOT-FOR-US: Modex
+CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...)
+ - iotjs <unfixed>
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4917
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4942/commits/5e1fdd1d1e75105b43392b4bb3996099cdc50f3d
+CVE-2021-46169 (Modex v2.11 was discovered to contain an Use-After-Free vulnerability ...)
+ NOT-FOR-US: Modex
+CVE-2021-46168 (Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() ...)
+ NOT-FOR-US: Spin
+CVE-2021-46167
+ RESERVED
+CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be compromised by vis ...)
+ NOT-FOR-US: Lens
+CVE-2021-4203 [af_unix: fix races in sk_peer_pid and sk_peer_cred accesses]
+ RESERVED
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2230
+ NOTE: https://git.kernel.org/linus/35306eb23814444bd4021f8a1c3047d3cb0c8b2b (5.15-rc4)
+CVE-2021-4202
+ RESERVED
+ - linux 5.15.5-1 (unimportant)
+ [bullseye] - linux 5.10.84-1
+ NOTE: CONFIG_NFC_NCI not enabled in Debian
+CVE-2021-23218 (When running with FIPS mode enabled, Mirantis Container Runtime 20.10. ...)
+ NOT-FOR-US: Mirantis Container Runtime
+CVE-2021-23154 (In Lens prior to 5.3.4, custom helm chart configuration creates helm c ...)
+ NOT-FOR-US: Lens
+CVE-2021-46166 (Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-46165 (Zoho ManageEngine Desktop Central before 10.0.662, during startup, lau ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-46164 (Zoho ManageEngine Desktop Central before 10.0.662 allows remote code e ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-46163 (Kentico Xperience 13.0.44 allows XSS via an XML document to the Media ...)
+ NOT-FOR-US: Kentico Xperience CMS
+CVE-2021-46162
+ RESERVED
+CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46160 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46159 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46158 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46157 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46156 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46155 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46154 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46153 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46152 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46151 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension CheckUser
+CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension UniversalLanguageSelector
+CVE-2021-46148 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension SecurePoll
+CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension MassEditRegex
+CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ NOT-FOR-US: MediaWiki extension WikiBaseMediainfo
+CVE-2021-4201 (Missing access control in ForgeRock Access Management 7.1.0 and earlie ...)
+ NOT-FOR-US: ForgeRock
+CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...)
+ NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles
+CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1
+ NOTE: https://github.com/libexpat/libexpat/issues/532
+ NOTE: https://github.com/libexpat/libexpat/pull/538
+ NOTE: https://github.com/libexpat/libexpat/commit/85ae9a2d7d0e9358f356b33977b842df8ebaec2b (R_2_4_3)
+CVE-2021-46142 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
+ {DSA-5063-1 DLA-2883-1}
+ - uriparser 0.9.6+dfsg-1
+ NOTE: https://github.com/uriparser/uriparser/issues/122
+ NOTE: https://github.com/uriparser/uriparser/commit/c0483990e6b5b454f7c8752b36760cfcb0d093f5 (uriparser-0.9.6)
+ NOTE: https://github.com/uriparser/uriparser/pull/124
+CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...)
+ {DSA-5063-1 DLA-2883-2 DLA-2883-1}
+ - uriparser 0.9.6+dfsg-1
+ NOTE: https://github.com/uriparser/uriparser/issues/121
+ NOTE: https://github.com/uriparser/uriparser/commit/987b046e41f407d17c622e580fc82a5e834b4329 (uriparser-0.9.6)
+ NOTE: https://github.com/uriparser/uriparser/commit/b1a34743bc1472e055d886e29e9b53f670eb3282 (uriparser-0.9.6)
+ NOTE: https://github.com/uriparser/uriparser/pull/124
+CVE-2021-4200
+ RESERVED
+CVE-2021-46140
+ RESERVED
+CVE-2021-46139
+ RESERVED
+CVE-2021-46138
+ RESERVED
+CVE-2021-46137
+ RESERVED
+CVE-2021-46136
+ RESERVED
+CVE-2021-46135
+ RESERVED
+CVE-2021-46134
+ RESERVED
+CVE-2021-46133
+ RESERVED
+CVE-2021-46132
+ RESERVED
+CVE-2021-46131
+ RESERVED
+CVE-2021-45722
+ RESERVED
+CVE-2021-45110
+ RESERVED
+CVE-2021-45073
+ RESERVED
+CVE-2021-44778
+ RESERVED
+CVE-2021-44468
+ RESERVED
+CVE-2021-44456
+ RESERVED
+CVE-2021-44452
+ RESERVED
+CVE-2021-43352
+ RESERVED
+CVE-2021-4199
+ RESERVED
+CVE-2021-4198
+ RESERVED
+CVE-2021-31564
+ RESERVED
+CVE-2021-23229
+ RESERVED
+CVE-2021-46130
+ RESERVED
+CVE-2021-46129
+ RESERVED
+CVE-2021-46128
+ RESERVED
+CVE-2021-46127
+ RESERVED
+CVE-2021-46126
+ RESERVED
+CVE-2021-46125
+ RESERVED
+CVE-2021-46124
+ RESERVED
+CVE-2021-46123
+ RESERVED
+CVE-2021-46122
+ RESERVED
+CVE-2021-46121
+ RESERVED
+CVE-2021-46120
+ RESERVED
+CVE-2021-46119
+ RESERVED
+CVE-2021-46118 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...)
+ NOT-FOR-US: jpress
+CVE-2021-46117 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...)
+ NOT-FOR-US: jpress
+CVE-2021-46116 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web. ...)
+ NOT-FOR-US: jpress
+CVE-2021-46115 (jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateCon ...)
+ NOT-FOR-US: jpress
+CVE-2021-46114 (jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.Produ ...)
+ NOT-FOR-US: jpress
+CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote ...)
+ NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source
+CVE-2021-46112
+ RESERVED
+CVE-2021-46111
+ RESERVED
+CVE-2021-46110 (Online Shopping Portal v3.1 was discovered to contain multiple time-ba ...)
+ NOT-FOR-US: Online Shopping Portal
+CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...)
+ NOT-FOR-US: ASUS
+CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...)
+ NOT-FOR-US: D-Link
+CVE-2021-46107
+ RESERVED
+CVE-2021-46106
+ RESERVED
+CVE-2021-46105
+ RESERVED
+CVE-2021-46104 (An issue was discovered in webp_server_go 0.4.0. There is a directory ...)
+ NOT-FOR-US: webp_server_go
+CVE-2021-46103
+ RESERVED
+CVE-2021-46102 (From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in ...)
+ NOT-FOR-US: Solana rBBP
+CVE-2021-46101 (In Git for windows through 2.34.1 when using git pull to update the lo ...)
+ NOT-FOR-US: Git for Windows
+CVE-2021-46100
+ RESERVED
+CVE-2021-46099
+ RESERVED
+CVE-2021-46098
+ RESERVED
+CVE-2021-46097 (Dolphinphp v1.5.0 contains a remote code execution vulnerability in /a ...)
+ NOT-FOR-US: Dolphinphp
+CVE-2021-46096
+ RESERVED
+CVE-2021-46095
+ RESERVED
+CVE-2021-46094
+ RESERVED
+CVE-2021-46093 (eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads ...)
+ NOT-FOR-US: eliteCMS
+CVE-2021-46092
+ RESERVED
+CVE-2021-46091
+ RESERVED
+CVE-2021-46090
+ RESERVED
+CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that can oper ...)
+ NOT-FOR-US: JeecgBoot
+CVE-2021-46088 (Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Exe ...)
+ - zabbix <undetermined>
+ NOTE: closed upstream as a "feature", then changed in 5.4 to make the attack less likely
+ NOTE: https://github.com/paalbra/zabbix-zbxsec-7
+ NOTE: https://www.zabbix.com/documentation/3.0/en/manual/config/notifications/action/operation/remote_command
+ NOTE: https://www.zabbix.com/documentation/current/en/manual/config/notifications/action/operation/remote_command#access-permissions
+CVE-2021-46087 (In jfinal_cms &gt;= 5.1 0, there is a storage XSS vulnerability in the ...)
+ NOT-FOR-US: jfinal_cms
+CVE-2021-46086 (xzs-mysql &gt;= t3.4.0 is vulnerable to Insecure Permissions. The fron ...)
+ NOT-FOR-US: xzs-mysql
+CVE-2021-46085 (OneBlog &lt;= 2.2.8 is vulnerable to Insecure Permissions. Low level a ...)
+ NOT-FOR-US: OneBlog
+CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: uscat
+CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: uscat
+CVE-2021-46082 (Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gate ...)
+ NOT-FOR-US: Moxa
+CVE-2021-46081
+ RESERVED
+CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46079 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46078 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46077
+ RESERVED
+CVE-2021-46076 (Sourcecodester Vehicle Service Management System 1.0 is vulnerable to ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46075 (A Privilege Escalation vulnerability exists in Sourcecodester Vehicle ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46074 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46073 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46072 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46071 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46070 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46069 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46068 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46067 (In Vehicle Service Management System 1.0 an attacker can steal the coo ...)
+ NOT-FOR-US: Sourcecodester Vehicle Service Management System
+CVE-2021-46066
+ RESERVED
+CVE-2021-46065 (A Cross-site scripting (XSS) vulnerability in Secondary Email Field in ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-46064
+ RESERVED
+CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template Injection ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulne ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester Computer and M ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46060
+ REJECTED
+CVE-2021-46059
+ REJECTED
+CVE-2021-46058
+ REJECTED
+CVE-2021-46057
+ RESERVED
+CVE-2021-46056
+ RESERVED
+CVE-2021-46055 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4413
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46054 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4410
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46053 (A Denial of Service vulnerability exists in Binaryen 103. The program ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4392
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46052 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4411
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2011
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the printf_c ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4391
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fi ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2013
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...)
+ - binaryen <unfixed> (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4412
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hi ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2008
+ NOTE: https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd
+CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2005
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2007
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2006
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2001
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2002
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2004
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2003
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1999
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2000
+ NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f
+CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...)
+ NOT-FOR-US: MCMS
+CVE-2021-46035
+ RESERVED
+CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...)
+ NOT-FOR-US: ForestBlog
+CVE-2021-46033 (In ForestBlog, as of 2021-12-28, File upload can bypass verification. ...)
+ NOT-FOR-US: ForestBlog
+CVE-2021-46032
+ RESERVED
+CVE-2021-46031
+ RESERVED
+CVE-2021-46030 (There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuar ...)
+ NOT-FOR-US: JavaQuarkBBS
+CVE-2021-46029
+ RESERVED
+CVE-2021-46028 (In mblog &lt;= 3.5.0 there is a CSRF vulnerability in the background a ...)
+ NOT-FOR-US: mblog
+CVE-2021-46027 (mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the backgro ...)
+ NOT-FOR-US: mysiteforme
+CVE-2021-46026 (mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting ( ...)
+ NOT-FOR-US: mysiteforme
+CVE-2021-46025 (A Cross SIte Scripting (XSS) vulnerability exists in OneBlog &lt;= 2.2 ...)
+ NOT-FOR-US: OneBlog
+CVE-2021-46024 (Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL I ...)
+ NOT-FOR-US: Projectworlds online-shopping-webvsite-in-php
+CVE-2021-46023
+ RESERVED
+CVE-2021-46022 (An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset ...)
+ - recutils <unfixed> (unimportant)
+ NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00007.html
+ NOTE: Negligible security impact
+CVE-2021-46021 (An Use-After-Free vulnerability in rec_record_destroy() at rec-record. ...)
+ - recutils <unfixed> (unimportant)
+ NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00008.html
+ NOTE: Negligible security impact
+CVE-2021-46020 (An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can ...)
+ - mruby <unfixed>
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <postponed> (revisit when/if fix is complete)
+ NOTE: https://github.com/mruby/mruby/issues/5613
+CVE-2021-46019 (An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GN ...)
+ - recutils <unfixed> (unimportant)
+ NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00009.html
+ NOTE: Negligible security impact
+CVE-2021-46018
+ RESERVED
+CVE-2021-46017
+ RESERVED
+CVE-2021-46016
+ RESERVED
+CVE-2021-46015
+ RESERVED
+CVE-2021-46014
+ RESERVED
+CVE-2021-46013 (An unrestricted file upload vulnerability exists in Sourcecodester Fre ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46012
+ REJECTED
+CVE-2021-46011
+ RESERVED
+CVE-2021-46010
+ RESERVED
+CVE-2021-46009
+ RESERVED
+CVE-2021-46008
+ RESERVED
+CVE-2021-46007
+ RESERVED
+CVE-2021-46006
+ RESERVED
+CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-46004
+ RESERVED
+CVE-2021-46003
+ RESERVED
+CVE-2021-46002
+ RESERVED
+CVE-2021-46001
+ RESERVED
+CVE-2021-46000
+ RESERVED
+CVE-2021-45999
+ RESERVED
+CVE-2021-45998 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-45997 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45996 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45995 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45994 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45993 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45992 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45991 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45990 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45989 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45988 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45987 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45986 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-45985
+ RESERVED
+CVE-2021-4197 [cgroup: Use open-time creds and namespace for migration perm checks]
+ RESERVED
+ - linux 5.15.15-1
+ NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652
+CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML ...)
+ {DSA-5037-1 DLA-2878-1}
+ - roundcube <unfixed> (bug #1003027)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (1.5.2)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (1.4.13)
+ NOTE: https://roundcube.net/news/2021/12/30/update-1.5.2-released
+ NOTE: https://roundcube.net/news/2021/12/30/security-update-1.4.13-released
+CVE-2021-45984
+ RESERVED
+CVE-2021-45983
+ RESERVED
+CVE-2021-45982
+ RESERVED
+CVE-2021-45981
+ RESERVED
+CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+ NOT-FOR-US: Foxit
+CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+ NOT-FOR-US: Foxit
+CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...)
+ NOT-FOR-US: Foxit
+CVE-2021-45977
+ RESERVED
+CVE-2021-45976
+ RESERVED
+CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerabi ...)
+ NOT-FOR-US: Acer
+CVE-2021-45974
+ RESERVED
+CVE-2021-45973
+ RESERVED
+CVE-2021-45972 (The giftrans function in giftrans 1.12.2 contains a stack-based buffer ...)
+ - giftrans <unfixed> (bug #1002739; unimportant)
+ NOTE: Negligible security impact; crash in CLI tool
+CVE-2021-45971 (An issue was discovered in SdHostDriver in Insyde InsydeH2O with kerne ...)
+ NOT-FOR-US: Insyde
+CVE-2021-45970 (An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-45969 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
+CVE-2021-45968
+ RESERVED
+CVE-2021-45967
+ RESERVED
+CVE-2021-45966
+ RESERVED
+CVE-2021-45965
+ RESERVED
+CVE-2021-45964
+ RESERVED
+CVE-2021-45963
+ RESERVED
+CVE-2021-45962
+ RESERVED
+CVE-2021-45961
+ RESERVED
+CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) pla ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1002994)
+ NOTE: https://github.com/libexpat/libexpat/issues/531
+ NOTE: https://github.com/libexpat/libexpat/pull/534
+ NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/0adcb34c49bee5b19bd29b16a578c510c23597ea (R_2_4_3)
+CVE-2021-45959
+ REJECTED
+CVE-2021-45958 (UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow ...)
+ - ujson <unfixed> (bug #1005140)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
+ NOTE: https://github.com/ultrajson/ultrajson/issues/501
+ NOTE: https://github.com/ultrajson/ultrajson/issues/502
+CVE-2021-45957 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in answer ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-935.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45956 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in print_ ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45955 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in resize ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35898
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-932.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45954 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extrac ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35861
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-931.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45953 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in extrac ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35858
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-929.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45952 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_r ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35870
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-927.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45951 (** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in check_ ...)
+ - dnsmasq <unfixed> (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35868
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-924.yaml
+ NOTE: Non issue, result of poorly automated fuzzing effort
+CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...)
+ {DSA-5038-1 DLA-2879-1}
+ - ghostscript 9.55.0~dfsg-1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7
+CVE-2021-45948 (Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-base ...)
+ - assimp 5.1.1~ds0-1
+ [bullseye] - assimp <not-affected> (Vulnerable code not present)
+ [buster] - assimp <not-affected> (Vulnerable code not present)
+ [stretch] - assimp <not-affected> (M3D format support not present)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml
+ NOTE: https://github.com/assimp/assimp/pull/4146
+ NOTE: https://github.com/assimp/assimp/commit/30f17aa2064b86c0096f0ec701b9e8ea9312fef2 (v5.1.0)
+ NOTE: Introduced by: https://github.com/assimp/assimp/commit/a622e109a0739435e3e2f05bfbedba0e8385282d (v5.1.0.rc1)
+CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from ...)
+ NOT-FOR-US: wasm3
+CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...)
+ NOT-FOR-US: wasm3
+CVE-2021-45945
+ REJECTED
+CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...)
+ {DSA-5038-1 DLA-2879-1}
+ - ghostscript 9.54.0~dfsg-5
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7861fcad13c497728189feafb41cd57b5b50ea25
+CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...)
+ {DLA-2877-1}
+ [experimental] - gdal 3.4.1~rc1+dfsg-1~exp1
+ - gdal <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993
+ NOTE: https://github.com/OSGeo/gdal/pull/4944
+ NOTE: https://github.com/OSGeo/gdal/commit/93913a849dc1d217a40dbf9d6e6a3a23c42b61a6 (master)
+ NOTE: Backport to 3.4: https://github.com/OSGeo/gdal/pull/4947
+ NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1)
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml
+CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...)
+ - openexr <unfixed>
+ [buster] - openexr <no-dsa> (Minor issue)
+ [stretch] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1209
+CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...)
+ - libbpf <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml
+ TODO: check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
+CVE-2021-45940 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...)
+ - libbpf <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40868
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1562.yaml
+ TODO: check details on fixing commit upstream, furthermore intorducing commit is only when oss-fuzz started
+CVE-2021-45939 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ NOT-FOR-US: uWebSockets
+CVE-2021-45938 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45937 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45936 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Di ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45935 (Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K: ...)
+ - libgrokj2k <unfixed>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39021
+ NOTE: Referenced fix isn't in the upstream repo
+CVE-2021-45934 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45933 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in Mqt ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45932 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in Mqt ...)
+ NOT-FOR-US: wolfMQTT
+CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ...)
+ - harfbuzz <undetermined>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml
+ NOTE: https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81 (2.9.1)
+ TODO: check correctness of commit, might not affect any Debian released version
+CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...)
+ {DLA-2895-1 DLA-2885-1}
+ - qtsvg-opensource-src 5.15.2-4 (bug #1002991)
+ [bullseye] - qtsvg-opensource-src <no-dsa> (Minor issue)
+ [buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
+ - qt4-x11 <removed>
+ [buster] - qt4-x11 <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml
+ NOTE: https://bugreports.qt.io/browse/QTBUG-96044
+ NOTE: https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620 (dev)
+ NOTE: https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670 (v6.2.2)
+ NOTE: https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc (v5.12.12)
+CVE-2021-45929 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...)
+ NOT-FOR-US: wasm3
+CVE-2021-45928 (libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other produ ...)
+ - jpeg-xl <not-affected> (Vulnerable code not present in a released Debian version; fixed before inital upload to Debian)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456
+ NOTE: https://github.com/libjxl/libjxl/issues/360
+ NOTE: https://github.com/libjxl/libjxl/pull/365
+ NOTE: Introduced by: https://github.com/libjxl/libjxl/pull/205 (v0.6)
+ NOTE: Fixed by: https://github.com/libjxl/libjxl/commit/1c05e110d69b457696366fb4e762057b6855349b (v0.6)
+CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...)
+ - mdbtools <undetermined>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187
+ TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
+CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...)
+ - mdbtools <undetermined>
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972
+ TODO: check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?
+CVE-2021-4196
+ RESERVED
+CVE-2021-4195
+ RESERVED
+CVE-2021-45732 (Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded cre ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information ...)
+ NOT-FOR-US: Netgear
+CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw d ...)
+ NOT-FOR-US: Bitmask Riseup VPN
+CVE-2021-4194 (bookstack is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: bookstack
+CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0
+ NOTE: Fixed by: https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b (v8.2.3950)
+CVE-2021-4192 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22
+ NOTE: Fixed by: https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952 (v8.2.3949)
+CVE-2021-4191
+ RESERVED
+CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. ...)
+ NOT-FOR-US: Studio 42 elFinder
+CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811
+CVE-2021-4189 [ftplib should not use the host from the PASV response]
+ RESERVED
+ {DLA-2919-1}
+ - python3.10 <not-affected> (Fixed before initial upload to Debian unstable)
+ - python3.9 3.9.7-1
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ [stretch] - python3.5 <no-dsa> (Minor issue)
+ - python2.7 <unfixed>
+ [bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
+ [buster] - python2.7 <no-dsa> (Minor issue)
+ NOTE: https://bugs.python.org/issue43285
+ NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)
+ NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)
+ NOTE: https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)
+ NOTE: https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036020
+CVE-2021-45918
+ RESERVED
+CVE-2021-45917 (The server-request receiver function of Shockwall system has an improp ...)
+ NOT-FOR-US: Shockwall system
+CVE-2021-45916 (The programming function of Shockwall system has an improper input val ...)
+ NOT-FOR-US: Shockwall system
+CVE-2021-45915
+ RESERVED
+CVE-2021-45914
+ RESERVED
+CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28
+ NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8
+CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2. ...)
+ NOT-FOR-US: ControlUp Real-Time Agent
+CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...)
+ NOT-FOR-US: ControlUp Real-Time Agent
+CVE-2021-44775
+ RESERVED
+CVE-2021-44465
+ RESERVED
+CVE-2021-4187 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <not-affected> (Vulnerable code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e
+ NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441 (v8.2.3923)
+CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
+ - gif2apng <removed> (bug #1002687)
+CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
+ - gif2apng <removed> (bug #1002667)
+CVE-2021-45909 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...)
+ - gif2apng <removed> (bug #1002668)
+CVE-2021-45908 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...)
+ - gif2apng <removed> (bug #1002669; unimportant)
+ NOTE: Negligible security impact
+CVE-2021-45907 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...)
+ - gif2apng <removed> (bug #1002669; unimportant)
+ NOTE: Negligible security impact
+CVE-2021-45906 (OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web interface of ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-45902
+ RESERVED
+CVE-2021-45901 (The password-reset form in ServiceNow Orlando provides different respo ...)
+ NOT-FOR-US: ServiceNow Orlando
+CVE-2021-45900
+ RESERVED
+CVE-2021-45899 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserializatio ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-45898 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusio ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-45897 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code executi ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-45896 (Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an ...)
+ NOT-FOR-US: Nokia FastMile 3TG00118ABAD52 devices
+CVE-2021-45895 (Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows ...)
+ NOT-FOR-US: Netgen Tags Bundle
+CVE-2021-45894
+ RESERVED
+CVE-2021-45893
+ RESERVED
+CVE-2021-45892
+ RESERVED
+CVE-2021-45891
+ RESERVED
+CVE-2021-45890 (basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authenti ...)
+ NOT-FOR-US: AuthGuard
+CVE-2021-45889
+ RESERVED
+CVE-2021-45888
+ RESERVED
+CVE-2021-45887
+ RESERVED
+CVE-2021-45886
+ RESERVED
+CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.2.2 th ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...)
+ - wireshark 3.6.0-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737
+CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745
+CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17754
+CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of se ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755
+CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801
+CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...)
+ - wireshark 3.6.2-1
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/5429
+CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based a ...)
+ - brave-browser <itp> (bug #864795)
+CVE-2021-45883
+ RESERVED
+CVE-2021-45882
+ RESERVED
+CVE-2021-45881
+ RESERVED
+CVE-2021-45880
+ RESERVED
+CVE-2021-45879
+ RESERVED
+CVE-2021-45878
+ RESERVED
+CVE-2021-45877
+ RESERVED
+CVE-2021-45876
+ RESERVED
+CVE-2021-45875
+ RESERVED
+CVE-2021-45874
+ RESERVED
+CVE-2021-45873
+ RESERVED
+CVE-2021-45872
+ RESERVED
+CVE-2021-45871
+ RESERVED
+CVE-2021-45870
+ RESERVED
+CVE-2021-45869
+ RESERVED
+CVE-2021-45868
+ RESERVED
+CVE-2021-45867
+ RESERVED
+CVE-2021-45866
+ RESERVED
+CVE-2021-45865
+ RESERVED
+CVE-2021-45864
+ RESERVED
+CVE-2021-45863
+ RESERVED
+CVE-2021-45862
+ RESERVED
+CVE-2021-45861
+ RESERVED
+CVE-2021-45860
+ RESERVED
+CVE-2021-45859
+ RESERVED
+CVE-2021-45858
+ RESERVED
+CVE-2021-45857
+ RESERVED
+CVE-2021-45856 (Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buf ...)
+ NOT-FOR-US: Accu-Time Systems MAXIMUS
+CVE-2021-45855
+ RESERVED
+CVE-2021-45854
+ RESERVED
+CVE-2021-45853
+ RESERVED
+CVE-2021-45852
+ RESERVED
+CVE-2021-45851
+ RESERVED
+CVE-2021-45850
+ RESERVED
+CVE-2021-45849
+ RESERVED
+CVE-2021-45848
+ RESERVED
+CVE-2021-45847 (Several missing input validations in the 3MF parser component of Slic3 ...)
+ - slic3r <unfixed>
+ NOTE: https://github.com/slic3r/Slic3r/issues/5118
+ NOTE: https://github.com/slic3r/Slic3r/issues/5119
+ NOTE: https://github.com/slic3r/Slic3r/issues/5120
+CVE-2021-45846 (A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker ...)
+ - slic3r <unfixed>
+ NOTE: https://github.com/slic3r/Slic3r/issues/5117
+CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS comma ...)
+ - freecad <unfixed>
+ [stretch] - freecad <not-affected> (Vulnerable code introduced in 0.17)
+ NOTE: https://github.com/FreeCAD/FreeCAD/pull/5306
+ NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/169eb655f30180b95e5923be2eb3bc4de6e02406
+ NOTE: https://tracker.freecad.org/view.php?id=4810
+CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter from Fre ...)
+ - freecad <unfixed> (bug #1005747)
+ NOTE: https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6 (0.20)
+ NOTE: https://tracker.freecad.org/view.php?id=4809
+CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (X ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-45842
+ RESERVED
+CVE-2021-45841
+ RESERVED
+CVE-2021-45840
+ RESERVED
+CVE-2021-45839
+ RESERVED
+CVE-2021-45838
+ RESERVED
+CVE-2021-45837
+ RESERVED
+CVE-2021-45836
+ RESERVED
+CVE-2021-45835
+ RESERVED
+CVE-2021-45834
+ RESERVED
+CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1313
+ NOTE: https://github.com/advisories/GHSA-x57p-jwp6-4v79
+CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1315
+ NOTE: https://github.com/advisories/GHSA-hvh7-f5p9-68g8
+CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1990
+ NOTE: https://github.com/gpac/gpac/commit/4613a35362e15a6df90453bd632d083645e5a765
+CVE-2021-45830 (A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1314
+ NOTE: https://github.com/advisories/GHSA-5h2h-fjjr-x9m2
+CVE-2021-45829 (HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/HDFGroup/hdf5/issues/1317
+ NOTE: https://github.com/advisories/GHSA-23gx-cm6v-952g
+CVE-2021-45828
+ RESERVED
+CVE-2021-45827
+ RESERVED
+CVE-2021-45826
+ RESERVED
+CVE-2021-45825
+ RESERVED
+CVE-2021-45824
+ RESERVED
+CVE-2021-45823
+ RESERVED
+CVE-2021-45822
+ RESERVED
+CVE-2021-45821
+ RESERVED
+CVE-2021-45820
+ RESERVED
+CVE-2021-45819
+ RESERVED
+CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability wh ...)
+ NOT-FOR-US: SAFARI Montage
+CVE-2021-45817
+ REJECTED
+CVE-2021-45816
+ RESERVED
+CVE-2021-45815 (Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Script ...)
+ NOT-FOR-US: Quectel UC20 UMTS/HSPA+ UC20
+CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attack ...)
+ NOT-FOR-US: Nettmp NNT
+CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vu ...)
+ NOT-FOR-US: SLICAN WebCTI
+CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site ...)
+ NOT-FOR-US: NUUO Network Video Recorder NVRsolo
+CVE-2021-45811
+ RESERVED
+CVE-2021-45810
+ RESERVED
+CVE-2021-45809
+ RESERVED
+CVE-2021-45808 (jpress v4.2.0 allows users to register an account by default. With the ...)
+ NOT-FOR-US: jpress
+CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via io.jpress.web.adm ...)
+ NOT-FOR-US: jpress
+CVE-2021-45806 (jpress v4.2.0 admin panel provides a function through which attackers ...)
+ NOT-FOR-US: jpress
+CVE-2021-45805
+ RESERVED
+CVE-2021-45804
+ RESERVED
+CVE-2021-45803 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...)
+ NOT-FOR-US: MartDevelopers iResturant
+CVE-2021-45802 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...)
+ NOT-FOR-US: MartDevelopers iResturant
+CVE-2021-45801
+ RESERVED
+CVE-2021-45800
+ RESERVED
+CVE-2021-45799
+ RESERVED
+CVE-2021-45798
+ RESERVED
+CVE-2021-45797
+ RESERVED
+CVE-2021-45796
+ RESERVED
+CVE-2021-45795
+ RESERVED
+CVE-2021-45794
+ RESERVED
+CVE-2021-45793
+ RESERVED
+CVE-2021-45792
+ RESERVED
+CVE-2021-45791
+ RESERVED
+CVE-2021-45790 (An arbitrary file upload vulnerability was found in Metersphere v1.15. ...)
+ NOT-FOR-US: Metersphere
+CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere v1.15.4, ...)
+ NOT-FOR-US: Metersphere
+CVE-2021-45788 (Time-based SQL Injection vulnerabilities were found in Metersphere v1. ...)
+ NOT-FOR-US: Metersphere
+CVE-2021-45787
+ RESERVED
+CVE-2021-45786
+ RESERVED
+CVE-2021-45785
+ RESERVED
+CVE-2021-45784
+ RESERVED
+CVE-2021-45783
+ RESERVED
+CVE-2021-45782
+ REJECTED
+CVE-2021-45781
+ REJECTED
+CVE-2021-45780
+ REJECTED
+CVE-2021-45779
+ REJECTED
+CVE-2021-45778
+ REJECTED
+CVE-2021-45777
+ RESERVED
+CVE-2021-45776
+ RESERVED
+CVE-2021-45775
+ REJECTED
+CVE-2021-45774
+ REJECTED
+CVE-2021-45773 (A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec ...)
+ NOT-FOR-US: lib60870
+CVE-2021-45772
+ RESERVED
+CVE-2021-45771
+ RESERVED
+CVE-2021-45770
+ RESERVED
+CVE-2021-45769 (A NULL pointer dereference in AcseConnection_parseMessage at src/mms/i ...)
+ NOT-FOR-US: libiec61850
+CVE-2021-45768
+ RESERVED
+CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1982
+ NOTE: https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde
+CVE-2021-45766
+ RESERVED
+CVE-2021-45765
+ RESERVED
+CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1971
+ NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb
+CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1974
+ NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec
+CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1978
+ NOTE: https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788
+CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address derefe ...)
+ NOT-FOR-US: ROPium
+CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1966
+ NOTE: https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea
+CVE-2021-45759
+ RESERVED
+CVE-2021-45758
+ RESERVED
+CVE-2021-45757
+ RESERVED
+CVE-2021-45756
+ RESERVED
+CVE-2021-45755
+ RESERVED
+CVE-2021-45754
+ RESERVED
+CVE-2021-45753
+ RESERVED
+CVE-2021-45752
+ RESERVED
+CVE-2021-45751
+ RESERVED
+CVE-2021-45750
+ RESERVED
+CVE-2021-45749
+ RESERVED
+CVE-2021-45748
+ RESERVED
+CVE-2021-45747
+ RESERVED
+CVE-2021-45746
+ RESERVED
+CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.1 ...)
+ NOT-FOR-US: Bludit
+CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.1 ...)
+ NOT-FOR-US: Bludit
+CVE-2021-45743
+ RESERVED
+CVE-2021-45742 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a comm ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45741 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45740 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45739 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45738 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a com ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45737 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45736 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45735 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45734 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-45733 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a com ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-4180
+ RESERVED
+ - tripleo-heat-templates <removed>
+ NOTE: https://bugs.launchpad.net/tripleo/+bug/1955397
+CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...)
+ NOT-FOR-US: Rust crate lru
+CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45718 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45717 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45716 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45715 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45714 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45713 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...)
+ NOT-FOR-US: Rust crate rusqlite
+CVE-2021-45712 (An issue was discovered in the rust-embed crate before 6.3.0 for Rust. ...)
+ NOT-FOR-US: Rust crate rust-embed
+CVE-2021-45711 (An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 fo ...)
+ NOT-FOR-US: Rust crate simple_asn1
+CVE-2021-45710 (An issue was discovered in the tokio crate before 1.8.4, and 1.9.x thr ...)
+ - rust-tokio <unfixed>
+ [bullseye] - rust-tokio <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0124.html
+ NOTE: https://github.com/tokio-rs/tokio/issues/4225
+CVE-2021-45709 (An issue was discovered in the crypto2 crate through 2021-10-08 for Ru ...)
+ NOT-FOR-US: Rust crate crypto2
+CVE-2021-45708 (An issue was discovered in the abomonation crate through 2021-10-17 fo ...)
+ NOT-FOR-US: Rust crate abomonation
+CVE-2021-45707 (An issue was discovered in the nix crate before 0.20.2, 0.21.x before ...)
+ - rust-nix 0.23.0-1
+ [bullseye] - rust-nix <no-dsa> (Minor issue)
+ [buster] - rust-nix <not-affected> (Introduced in 0.16)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html
+CVE-2021-45706 (An issue was discovered in the zeroize_derive crate before 1.1.1 for R ...)
+ NOT-FOR-US: Rust crate zeroize_derive
+CVE-2021-45705 (An issue was discovered in the nanorand crate before 0.6.1 for Rust. T ...)
+ NOT-FOR-US: Rust crate nanorand
+CVE-2021-45704 (An issue was discovered in the metrics-util crate before 0.7.0 for Rus ...)
+ NOT-FOR-US: Rust crate metrics-util
+CVE-2021-45703 (An issue was discovered in the tectonic_xdv crate before 0.1.12 for Ru ...)
+ NOT-FOR-US: Rust crate tectonic_xdv
+CVE-2021-45702 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...)
+ NOT-FOR-US: Rust crate tremor-script
+CVE-2021-45701 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...)
+ NOT-FOR-US: Rust crate tremor-script
+CVE-2021-45700 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Attac ...)
+ NOT-FOR-US: Rust crate ckb
+CVE-2021-45699 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Remot ...)
+ NOT-FOR-US: Rust crate ckb
+CVE-2021-45698 (An issue was discovered in the ckb crate before 0.40.0 for Rust. A get ...)
+ NOT-FOR-US: Rust crate ckb
+CVE-2021-45697 (An issue was discovered in the molecule crate before 0.7.2 for Rust. A ...)
+ NOT-FOR-US: Rust crate molecule
+CVE-2021-45696 (An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. ...)
+ - rust-sha2 <not-affected> (Only affetced 0.9.7, never uploaded to the archive)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0100.html
+CVE-2021-45695 (An issue was discovered in the mopa crate through 2021-06-01 for Rust. ...)
+ NOT-FOR-US: Rust crate mopa
+CVE-2021-45694 (An issue was discovered in the rdiff crate through 2021-02-03 for Rust ...)
+ NOT-FOR-US: Rust crate rdiff
+CVE-2021-45693 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+ NOT-FOR-US: Rust crate messagepack-rs
+CVE-2021-45692 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+ NOT-FOR-US: Rust crate messagepack-rs
+CVE-2021-45691 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+ NOT-FOR-US: Rust crate messagepack-rs
+CVE-2021-45690 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...)
+ NOT-FOR-US: Rust crate messagepack-rs
+CVE-2021-45689 (An issue was discovered in the gfx-auxil crate through 2021-01-07 for ...)
+ NOT-FOR-US: Rust crate gfx-auxil
+CVE-2021-45688 (An issue was discovered in the ash crate before 0.33.1 for Rust. util: ...)
+ NOT-FOR-US: Rust crate ash
+CVE-2021-45687 (An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. ...)
+ NOT-FOR-US: Rust crate raw-cpuid
+CVE-2021-45686 (An issue was discovered in the csv-sniffer crate through 2021-01-05 fo ...)
+ NOT-FOR-US: Rust crate csv-sniffer
+CVE-2021-45685 (An issue was discovered in the columnar crate through 2021-01-07 for R ...)
+ NOT-FOR-US: Rust crate columnar
+CVE-2021-45684 (An issue was discovered in the flumedb crate through 2021-01-07 for Ru ...)
+ NOT-FOR-US: Rust crate flumedb
+CVE-2021-45683 (An issue was discovered in the binjs_io crate through 2021-01-03 for R ...)
+ NOT-FOR-US: Rust crate binjs
+CVE-2021-45682 (An issue was discovered in the bronzedb-protocol crate through 2021-01 ...)
+ NOT-FOR-US: Rust crate bronzedb-protocol
+CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.2 for ...)
+ NOT-FOR-US: Rust crate derive-com-impl
+CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust. ...)
+ NOT-FOR-US: Rust crate vec-const
+CVE-2021-45111
+ RESERVED
+CVE-2021-45071
+ RESERVED
+CVE-2021-44547
+ RESERVED
+CVE-2021-44476
+ RESERVED
+CVE-2021-44475
+ RESERVED
+CVE-2021-44461
+ RESERVED
+CVE-2021-44460
+ RESERVED
+CVE-2021-4178
+ RESERVED
+ NOT-FOR-US: fabric8io/kubernetes-client
+ NOTE: https://github.com/fabric8io/kubernetes-client/issues/3653
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034388
+CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message Containing ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4176 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-26947
+ RESERVED
+CVE-2021-23186
+ RESERVED
+CVE-2021-23178
+ RESERVED
+CVE-2021-23176
+ RESERVED
+CVE-2021-23166
+ RESERVED
+CVE-2021-4174
+ RESERVED
+CVE-2021-4173 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <not-affected> (Vulnerable code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766
+ NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04 (v8.2.3902)
+CVE-2021-4172 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-4171 (calibre-web is vulnerable to Business Logic Errors ...)
+ NOT-FOR-US: calibre-web
+CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45677 (Certain NETGEAR devices are affected by stored XSS. This affects GS108 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45676 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45675 (Certain NETGEAR devices are affected by stored XSS. This affects R6120 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45674 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45673 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45672 (Certain NETGEAR devices are affected by Stored XSS. This affects D6200 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45671 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45670 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45669 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45668 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45667 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45666 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45665 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45664 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45663 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45662 (NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45661 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45660 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45659 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45658 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45657 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45656 (Certain NETGEAR devices are affected by server-side injection. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45655 (NETGEAR R6400 devices before 1.0.1.70 are affected by server-side inje ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45654 (NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of s ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45653 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45652 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45651 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45650 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45649 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45648 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45647 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45646 (NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45645 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45644 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45643 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45642 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45641 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45640 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45639 (Certain NETGEAR devices are affected by reflected XSS. This affects CB ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45638 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45637 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45636 (NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based bu ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45635 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45634 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45633 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45632 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45631 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45630 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45629 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45628 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45627 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45626 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45625 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45624 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45623 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45622 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45621 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45620 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45619 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45618 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45617 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45616 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45615 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45614 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45613 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45612 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45611 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45610 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45609 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45608 (Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital d ...)
+ NOT-FOR-US: D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices
+CVE-2021-45607 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45606 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45605 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45604 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45603 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45602 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45601 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45600 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45599 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45598 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45597 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45596 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45595 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45594 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45593 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45592 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45591 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45590 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45589 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45588 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45587 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45586 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45585 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45584 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45583 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45582 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45581 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45580 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45579 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45578 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45577 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45576 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45575 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45574 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45573 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45572 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45571 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45570 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45569 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45568 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45567 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45566 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45565 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45564 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45563 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45562 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45561 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45560 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45559 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45558 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45557 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45556 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45555 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45554 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45553 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45552 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45551 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45550 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45549 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45548 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45547 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45546 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45545 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45544 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45543 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45542 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45541 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45540 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45539 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45538 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45537 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45536 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45535 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45534 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45533 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45532 (NETGEAR R8000 devices before 1.0.4.76 are affected by command injectio ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45531 (NETGEAR D6220 devices before 1.0.0.76 are affected by command injectio ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45530 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45529 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45528 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45527 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45526 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45525 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45524 (NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflo ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45523 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflo ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45522 (NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded pas ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45521 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45520 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45519 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45518 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45517 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45516 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45515 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45514 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45513 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45512 (Certain NETGEAR devices are affected by weak cryptography. This affect ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45511 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45510 (NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45509 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45508 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45507 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45506 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45505 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45504 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45503 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45502 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45501 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45500 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45499 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45498 (NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45497 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45496 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45495 (NETGEAR D7000 devices before 1.0.1.68 are affected by authentication b ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45494 (Certain NETGEAR devices are affected by an attacker's ability to read ...)
+ NOT-FOR-US: Netgear
+CVE-2021-45493 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2021-4170 (calibre-web is vulnerable to Improper Neutralization of Input During W ...)
+ NOT-FOR-US: calibre-web
+CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-45492
+ RESERVED
+CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-45491
+ RESERVED
+CVE-2021-45490
+ RESERVED
+CVE-2021-45489 (In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employ ...)
+ NOT-FOR-US: NetBSD
+CVE-2021-45488 (In NetBSD through 9.2, there is an information leak in the TCP ISN (IS ...)
+ NOT-FOR-US: NetBSD
+CVE-2021-45487 (In NetBSD through 9.2, the IPv4 ID generation algorithm does not use a ...)
+ NOT-FOR-US: NetBSD
+CVE-2021-45486 (In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4 ...)
+ - linux 5.10.38-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://arxiv.org/pdf/2112.09604.pdf
+ NOTE: https://git.kernel.org/linus/aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba (5.13-rc1)
+CVE-2021-45485 (In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6 ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://arxiv.org/pdf/2112.09604.pdf
+ NOTE: https://git.kernel.org/linus/62f20e068ccc50d6ab66fdb72ba90da2b9418c99 (5.14-rc1)
+CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation algorithm emplo ...)
+ NOT-FOR-US: NetBSD
+CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Fram ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Cont ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0
+CVE-2021-4167
+ RESERVED
+CVE-2021-45479
+ RESERVED
+CVE-2021-45478
+ RESERVED
+CVE-2021-45477
+ RESERVED
+CVE-2021-45476
+ RESERVED
+CVE-2021-45475
+ RESERVED
+CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035
+ NOTE: https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 (v8.2.3884)
+CVE-2021-4165
+ RESERVED
+CVE-2021-4164 (calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: calibre-web
+CVE-2021-4163
+ RESERVED
+CVE-2021-4162 (archivy is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: archivy
+CVE-2021-45474 (In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporte ...)
+ NOT-FOR-US: FileImporter MediaWiki extension
+ NOTE: https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e
+ NOTE: https://phabricator.wikimedia.org/T296605
+CVE-2021-45473 (In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which ...)
+ NOT-FOR-US: WikiBase MediaWiki extension
+ NOTE: https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d
+ NOTE: https://phabricator.wikimedia.org/T294693
+CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because an extern ...)
+ NOT-FOR-US: WikiBase MediaWiki extension
+ NOTE: https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd
+ NOTE: https://phabricator.wikimedia.org/T297570
+CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to edit En ...)
+ NOT-FOR-US: EntitySchema MediaWiki extension
+ NOTE: https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9
+ NOTE: https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c
+ NOTE: https://phabricator.wikimedia.org/T296578
+CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...)
+ NOT-FOR-US: cve-search
+CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...)
+ NOT-FOR-US: Moxa
+CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235
+CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...)
+ NOT-FOR-US: Imperva Web Application Firewall
+CVE-2021-45467
+ RESERVED
+CVE-2021-45466
+ RESERVED
+CVE-2021-45465
+ RESERVED
+CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro ...)
+ - openssl 1.1.1m-1
+ [bullseye] - openssl <no-dsa> (Minor issue)
+ [buster] - openssl <no-dsa> (Minor issue)
+ [stretch] - openssl <ignored> (This is MIPS-specific and we don't support MIPS for stretch-security)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb (OpenSSL_1_1_1m)
+ NOTE: https://mta.openssl.org/pipermail/openssl-announce/2022-January/000214.html
+ NOTE: https://www.openssl.org/news/secadv/20220128.txt
+CVE-2021-4159 [bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()]
+ RESERVED
+ - linux 5.7.6-1
+ NOTE: Fixed by: https://git.kernel.org/linus/294f2fc6da27620a506e6c050241655459ccd6bd (5.7-rc1)
+CVE-2021-45464 [hypervisor escape and host code execution]
+ RESERVED
+ - kvmtool <unfixed>
+ NOTE: https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/
+CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a pathnam ...)
+ - gegl 1:0.4.34-1 (bug #1002661)
+ [bullseye] - gegl <no-dsa> (Minor issue)
+ [buster] - gegl <no-dsa> (Minor issue)
+ [stretch] - gegl <no-dsa> (Minor issue; can be fixed later)
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34)
+ NOTE: Followup: https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb (GEGL_0_4_34)
+CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. ...)
+ NOT-FOR-US: Open5GS
+CVE-2021-4158 [NULL pointer dereference in pci_write() in hw/acpi/pcihp.c]
+ RESERVED
+ - qemu 1:6.2+dfsg-2
+ [bullseye] - qemu <not-affected> (Vulnerable code introduced later)
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035002
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/770
+ NOTE: Introduced in: https://gitlab.com/qemu-project/qemu/-/commit/b32bd763a1ca929677e22ae1c51cb3920921bdce (v6.0.0-rc0)
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg03692.html
+CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...)
+ NOT-FOR-US: FreePBX
+CVE-2021-45460 (A vulnerability has been identified in SICAM PQ Analyzer (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-4157 [pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()]
+ RESERVED
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://git.kernel.org/linus/ed34695e15aba74f45247f1ee2cf7e09d449f925 (5.13-rc1)
+CVE-2021-4156 [heap out-of-bounds read in src/flac.c in flac_buffer_copy]
+ RESERVED
+ - libsndfile <unfixed>
+ [bullseye] - libsndfile <no-dsa> (Minor issue)
+ [buster] - libsndfile <no-dsa> (Minor issue)
+ [stretch] - libsndfile <no-dsa> (Minor issue)
+ NOTE: https://github.com/libsndfile/libsndfile/issues/731
+ NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1)
+CVE-2021-4155
+ RESERVED
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813
+ NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/1
+CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...)
+ NOT-FOR-US: Node windows
+CVE-2021-4154 (A use-after-free flaw was found in cgroup1_parse_param in kernel/cgrou ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/3b0462726e7ef281c35a7a4ae33e93ee2bc9975b (5.14-rc2)
+CVE-2021-4153
+ RESERVED
+CVE-2021-4152
+ RESERVED
+CVE-2021-4151
+ RESERVED
+CVE-2021-45458 (Apache Kylin provides encryption classes PasswordPlaceholderConfigurer ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-45457 (In Apache Kylin, Cross-origin requests with credentials are allowed to ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-45456 (Apache kylin checks the legitimacy of the project before executing som ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-45455
+ RESERVED
+CVE-2021-45454
+ RESERVED
+CVE-2021-45453
+ RESERVED
+CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...)
+ - python-django 2:3.2.11-1 (bug #1003113)
+ [bullseye] - python-django <postponed> (Minor issue; fix in next update)
+ [buster] - python-django <postponed> (Minor issue; fix in next update)
+ [stretch] - python-django <postponed> (Minor issue; fix in next update)
+ NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
+ NOTE: https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b (3.2.11)
+ NOTE: https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1 (2.2.26)
+CVE-2021-4150 [Block subsystem mishandles reference counts]
+ RESERVED
+ - linux 5.15.3-1
+ NOTE: https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7)
+CVE-2021-4149 [Improper lock operation in btrfs]
+ RESERVED
+ - linux 5.14.16-1
+ NOTE: https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6)
+CVE-2021-4148 [Improper implementation of block_invalidatepage() allows users to crash the kernel]
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://lkml.org/lkml/2021/9/17/1037
+ NOTE: https://lkml.org/lkml/2021/9/12/323
+CVE-2021-4147 [deadlock and crash in libxl driver]
+ RESERVED
+ - libvirt 7.10.0-2 (bug #1002535)
+ [bullseye] - libvirt <no-dsa> (Minor issue)
+ [buster] - libvirt <no-dsa> (Minor issue)
+ [stretch] - libvirt <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
+ NOTE: https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d
+ NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340
+CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...)
+ NOT-FOR-US: pimcore
+CVE-2021-4145 (A NULL pointer dereference issue was found in the block mirror layer o ...)
+ - qemu 1:6.2+dfsg-1
+ [bullseye] - qemu <not-affected> (Vulnerable code introduced later)
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/d44dae1a7cf782ec9235746ebb0e6c1a20dd7288 (v6.1.0-rc0)
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd (v6.2.0-rc0)
+CVE-2021-4144 (TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 2 ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...)
+ - mbedtls <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/cae590905363747d26fb5617b71bd567541a2f39 (mbedtls-3.1.0)
+CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv ...)
+ - mbedtls <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/c423acbe0f7957d8ef1e6036c2429c9f79c6f05e (mbedtls-2.28.0)
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/4c224fe3ccbe527a2b7d55a927f1f09511ff1b83 (mbedtls-2.28.0)
+CVE-2021-45449 (Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitiv ...)
+ NOT-FOR-US: Docker Desktop on Windows
+CVE-2021-45448
+ RESERVED
+CVE-2021-45447
+ RESERVED
+CVE-2021-45446
+ RESERVED
+CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...)
+ NOT-FOR-US: Unisys
+CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...)
+ {DSA-5078-1 DLA-2926-1}
+ - zsh 5.8.1-1
+ NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/
+ NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/
+ NOTE: https://sourceforge.net/p/zsh/code/ci/bdc4d70a7e033b754e68a8659a037ea0fc5f38de/
+CVE-2021-45443
+ RESERVED
+CVE-2021-4143 (Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutto ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2021-45442 (A link following denial-of-service vulnerability in Trend Micro Worry- ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-45441 (A origin validation error vulnerability in Trend Micro Apex One (on-pr ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-45440 (A unnecessary privilege vulnerability in Trend Micro Apex One and Tren ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-45439
+ RESERVED
+CVE-2021-45438
+ RESERVED
+CVE-2021-45437
+ RESERVED
+CVE-2021-45436
+ RESERVED
+CVE-2021-45435 (An SQL Injection vulnerability exists in Sourcecodester Simple Cold St ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-45434
+ RESERVED
+CVE-2021-45433
+ RESERVED
+CVE-2021-45432
+ RESERVED
+CVE-2021-45431
+ RESERVED
+CVE-2021-45430
+ RESERVED
+CVE-2021-45429 (A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 6 ...)
+ - yara <unfixed>
+ [stretch] - yara <no-dsa> (Minor issue)
+ NOTE: https://github.com/VirusTotal/yara/issues/1616
+ NOTE: https://github.com/VirusTotal/yara/commit/a36b497926b141624ea673111a101e9ddd7ac2eb (v4.2.0-rc1)
+CVE-2021-45428 (TLR-2005KSH is affected by an incorrect access control vulnerability. ...)
+ NOT-FOR-US: TLR-2005KSH
+CVE-2021-45427 (Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated ar ...)
+ NOT-FOR-US: Emerson
+CVE-2021-45426
+ RESERVED
+CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 an ...)
+ NOT-FOR-US: SAFARI Montage
+CVE-2021-45424
+ RESERVED
+CVE-2021-45423
+ RESERVED
+CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...)
+ NOT-FOR-US: Reprise License Manager
+CVE-2021-45421 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...)
+ NOT-FOR-US: Emerson
+CVE-2021-45420 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...)
+ NOT-FOR-US: Emerson
+CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Validation. ...)
+ NOT-FOR-US: Nova 360 Cabinet
+CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via ...)
+ NOT-FOR-US: Nova 360 Cabinet
+CVE-2021-45417 (AIDE before 0.17.4 allows local users to obtain root privileges via cr ...)
+ {DSA-5051-1 DLA-2894-1}
+ - aide 0.17.4-1
+ NOTE: https://github.com/aide/aide/commit/175d1f2626f4500b4fc5ecb7167bba9956b174bc (v0.17.4)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/3
+CVE-2021-45416 (Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 ...)
+ NOT-FOR-US: RosarioSIS
+CVE-2021-45415
+ RESERVED
+CVE-2021-45414
+ RESERVED
+CVE-2021-45413
+ RESERVED
+CVE-2021-45412
+ RESERVED
+CVE-2021-45411 (In Sourcecodetester Printable Staff ID Card Creator System 1.0 after c ...)
+ NOT-FOR-US: Sourcecodetester
+CVE-2021-45410
+ RESERVED
+CVE-2021-45409
+ RESERVED
+CVE-2021-45408 (Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-45407
+ RESERVED
+CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to ...)
+ NOT-FOR-US: SalonERP
+CVE-2021-45405
+ RESERVED
+CVE-2021-45404
+ RESERVED
+CVE-2021-45403
+ RESERVED
+CVE-2021-45402 (The check_alu_op() function in kernel/bpf/verifier.c in the Linux kern ...)
+ - linux 5.15.15-1
+ [bullseye] - linux 5.10.92-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/3cf2b61eb06765e27fec6799292d9fb46d0b7e60
+ NOTE: https://git.kernel.org/linus/b1a7288dedc6caf9023f2676b4f5ed34cf0d4029
+ NOTE: https://git.kernel.org/linus/e572ff80f05c33cd0cb4860f864f5c9c044280b6
+CVE-2021-45401 (A Command injection vulnerability exists in Tenda AC10U AC1200 Smart D ...)
+ NOT-FOR-US: Tenda
+CVE-2021-45400
+ RESERVED
+CVE-2021-45399
+ RESERVED
+CVE-2021-45398
+ RESERVED
+CVE-2021-45397
+ RESERVED
+CVE-2021-45396
+ RESERVED
+CVE-2021-45395
+ RESERVED
+CVE-2021-45394 (An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can ...)
+ NOT-FOR-US: PHP HTML2PDF
+CVE-2021-45393
+ RESERVED
+CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
+ NOT-FOR-US: Tenda
+CVE-2021-45391 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...)
+ NOT-FOR-US: Tenda
+CVE-2021-45390
+ RESERVED
+CVE-2021-45389 (StarWind SAN &amp; NAS build 1578 and StarWind Command Center Build 68 ...)
+ NOT-FOR-US: StarWind
+CVE-2021-45388
+ REJECTED
+CVE-2021-45387 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c ...)
+ - tcpreplay 4.4.0-1 (unimportant)
+ NOTE: https://github.com/appneta/tcpreplay/issues/687
+ NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45386 (tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c ...)
+ - tcpreplay 4.4.0-1 (unimportant)
+ NOTE: https://github.com/appneta/tcpreplay/issues/687
+ NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/46cf964a7db636da76abeebf10482acf6f682a87 (v4.4.0)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45385 (A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021 ...)
+ NOT-FOR-US: ffjpeg
+CVE-2021-45384
+ RESERVED
+CVE-2021-45383
+ RESERVED
+CVE-2021-45382 (A Remote Command Execution (RCE) vulnerability exists in all series H/ ...)
+ NOT-FOR-US: D-Link
+CVE-2021-45381
+ RESERVED
+CVE-2021-45380 (AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_h ...)
+ NOT-FOR-US: AppCMS
+CVE-2021-45378
+ RESERVED
+CVE-2021-45377
+ RESERVED
+CVE-2021-45376
+ RESERVED
+CVE-2021-45375
+ RESERVED
+CVE-2021-45374
+ RESERVED
+CVE-2021-45373
+ RESERVED
+CVE-2021-45372
+ RESERVED
+CVE-2021-45371
+ RESERVED
+CVE-2021-45370
+ RESERVED
+CVE-2021-45369
+ RESERVED
+CVE-2021-45368
+ RESERVED
+CVE-2021-45367
+ RESERVED
+CVE-2021-45366
+ RESERVED
+CVE-2021-45365
+ RESERVED
+CVE-2021-45364 (** DISPUTED ** A Code Execution vulnerability exists in Statamic Versi ...)
+ NOT-FOR-US: Statamic
+CVE-2021-45363
+ RESERVED
+CVE-2021-45362
+ RESERVED
+CVE-2021-45361
+ RESERVED
+CVE-2021-45360
+ RESERVED
+CVE-2021-45359
+ RESERVED
+CVE-2021-45358
+ RESERVED
+CVE-2021-45357 (Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the ...)
+ - piwigo <removed>
+CVE-2021-45356
+ RESERVED
+CVE-2021-45355
+ RESERVED
+CVE-2021-45354
+ RESERVED
+CVE-2021-45353
+ RESERVED
+CVE-2021-45352
+ RESERVED
+CVE-2021-45351
+ RESERVED
+CVE-2021-45350
+ RESERVED
+CVE-2021-45349
+ RESERVED
+CVE-2021-45348 (An Arbitrary File Deletion vulnerability exists in SourceCodester Atte ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-45347 (An Incorrect Access Control vulnerability exists in zzcms 8.2, which l ...)
+ NOT-FOR-US: zzcms
+CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and ...)
+ - sqlite3 <unfixed> (bug #1005974)
+ NOTE: https://github.com/guyinatuxedo/sqlite3_record_leaking
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054793
+CVE-2021-45345
+ RESERVED
+CVE-2021-45344
+ RESERVED
+CVE-2021-45343 (In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of ...)
+ {DSA-5077-1 DLA-2908-1}
+ - librecad 2.1.3-3 (bug #1004518)
+ NOTE: https://github.com/LibreCAD/LibreCAD/issues/1468
+ NOTE: https://github.com/LibreCAD/LibreCAD/pull/1469
+ NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/5771425808bd16e78e1c6f28728c0712c47316f7
+CVE-2021-45342 (A buffer overflow vulnerability in CDataList of the jwwlib component o ...)
+ {DSA-5077-1 DLA-2908-1}
+ - librecad 2.1.3-3 (bug #1004518)
+ NOTE: https://github.com/LibreCAD/LibreCAD/issues/1464
+ NOTE: https://github.com/LibreCAD/LibreCAD/pull/1465
+ NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/4edcbe72679f95cb60979c77a348c1522a20b0f4
+CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib component o ...)
+ {DSA-5077-1 DLA-2908-1}
+ - librecad 2.1.3-3 (bug #1004518)
+ NOTE: https://github.com/LibreCAD/LibreCAD/issues/1462
+ NOTE: https://github.com/LibreCAD/LibreCAD/pull/1463
+ NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/f3502963eaf379a429bc9da73c1224c5db649997
+CVE-2021-45340 (In Libsixel prior to and including v1.10.3, a NULL pointer dereference ...)
+ - libsixel <unfixed> (bug #1004377)
+ [bullseye] - libsixel <no-dsa> (Minor issue)
+ [buster] - libsixel <no-dsa> (Minor issue)
+ [stretch] - libsixel <no-dsa> (Minor issue)
+ NOTE: https://github.com/libsixel/libsixel/issues/51
+ NOTE: Fixed by: https://github.com/libsixel/libsixel/pull/52
+CVE-2021-45339 (Privilege escalation vulnerability in Avast Antivirus prior to 20.4 al ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45338 (Multiple privilege escalation vulnerabilities in Avast Antivirus prior ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45337 (Privilege escalation vulnerability in the Self-Defense driver of Avast ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45336 (Privilege escalation vulnerability in the Sandbox component of Avast A ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45335 (Sandbox component in Avast Antivirus prior to 20.4 has an insecure per ...)
+ NOT-FOR-US: Avast Antivirus
+CVE-2021-45334 (Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL ...)
+ NOT-FOR-US: Sourcecodester Online Thesis Archiving System
+CVE-2021-45333
+ RESERVED
+CVE-2021-45332
+ RESERVED
+CVE-2021-45331 (An Authentication Bypass vulnerability exists in Gitea before 1.5.0, w ...)
+ - gitea <removed>
+CVE-2021-45330 (An issue exsits in Gitea through 1.15.7, which could let a malicious u ...)
+ - gitea <removed>
+CVE-2021-45329 (Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 ...)
+ - gitea <removed>
+CVE-2021-45328 (Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (' ...)
+ - gitea <removed>
+CVE-2021-45327 (Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on ...)
+ - gitea <removed>
+CVE-2021-45326 (Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before ...)
+ - gitea <removed>
+CVE-2021-45325 (Server Side Request Forgery (SSRF) vulneraility exists in Gitea before ...)
+ - gitea <removed>
+CVE-2021-45324
+ RESERVED
+CVE-2021-45323
+ RESERVED
+CVE-2021-45322
+ RESERVED
+CVE-2021-45321
+ RESERVED
+CVE-2021-45320
+ RESERVED
+CVE-2021-45319
+ RESERVED
+CVE-2021-45318
+ RESERVED
+CVE-2021-45317
+ RESERVED
+CVE-2021-45316
+ RESERVED
+CVE-2021-45315
+ RESERVED
+CVE-2021-45314
+ RESERVED
+CVE-2021-45313
+ RESERVED
+CVE-2021-45312
+ RESERVED
+CVE-2021-45311
+ RESERVED
+CVE-2021-45310 (Sangoma Technologies Corporation Switchvox Version 102409 is affected ...)
+ NOT-FOR-US: Sangoma Technologies Corporation Switchvox
+CVE-2021-45309
+ RESERVED
+CVE-2021-45308
+ RESERVED
+CVE-2021-45307
+ RESERVED
+CVE-2021-45306
+ RESERVED
+CVE-2021-45305
+ RESERVED
+CVE-2021-45304
+ RESERVED
+CVE-2021-45303
+ RESERVED
+CVE-2021-45302
+ RESERVED
+CVE-2021-45301
+ RESERVED
+CVE-2021-45300
+ RESERVED
+CVE-2021-45299
+ RESERVED
+CVE-2021-45298
+ RESERVED
+CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1973
+ NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770
+CVE-2021-45296
+ RESERVED
+CVE-2021-45295
+ RESERVED
+CVE-2021-45294
+ RESERVED
+CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to an Inv ...)
+ - binaryen 104-1 (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4384
+ NOTE: https://github.com/WebAssembly/binaryen/pull/4388
+ NOTE: https://github.com/WebAssembly/binaryen/commit/b1f6298ed8756bdc3336429c04b92ba58d000b49 (version_104)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1958
+ NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6
+CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1955
+ NOTE: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc
+CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to an asse ...)
+ - binaryen 104-1 (unimportant)
+ NOTE: https://github.com/WebAssembly/binaryen/issues/4383
+ NOTE: https://github.com/WebAssembly/binaryen/pull/4389
+ NOTE: https://github.com/WebAssembly/binaryen/commit/62d83d5fcad015ce52f0f3122eab9df1c629cafb (version_104)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1972
+ NOTE: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d
+CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1956
+ NOTE: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3
+CVE-2021-45287
+ RESERVED
+CVE-2021-45286 (Directory Traversal vulnerability exists in ZZCMS 2021 via the skin pa ...)
+ NOT-FOR-US: ZZCMS
+CVE-2021-45285
+ RESERVED
+CVE-2021-45284
+ RESERVED
+CVE-2021-45283
+ RESERVED
+CVE-2021-45282
+ RESERVED
+CVE-2021-45281 (QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: QuickBox Pro
+CVE-2021-45280
+ RESERVED
+CVE-2021-45279
+ RESERVED
+CVE-2021-45278
+ RESERVED
+CVE-2021-45277
+ RESERVED
+CVE-2021-45276
+ RESERVED
+CVE-2021-45275
+ RESERVED
+CVE-2021-45274
+ RESERVED
+CVE-2021-45273
+ RESERVED
+CVE-2021-45272
+ RESERVED
+CVE-2021-45271
+ RESERVED
+CVE-2021-45270
+ RESERVED
+CVE-2021-45269
+ RESERVED
+CVE-2021-45268 (** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exist ...)
+ NOT-FOR-US: Backdrop CMS
+CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1965
+ NOTE: https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487
+CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0 via the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1985
+ NOTE: https://github.com/gpac/gpac/commit/76b9e3f578a056fee07a4b317f5b36a83d01810e
+CVE-2021-45265
+ RESERVED
+CVE-2021-45264
+ RESERVED
+CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1975
+ NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9
+CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1980
+ NOTE: https://github.com/gpac/gpac/commit/ef86a8eba3b166b885dec219066dd3a47501e03a
+CVE-2021-45261 (An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anoth ...)
+ - patch <unfixed> (unimportant)
+ NOTE: https://savannah.gnu.org/bugs/?61685
+ NOTE: Negligible security impact
+CVE-2021-45260 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the l ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1979
+ NOTE: https://github.com/gpac/gpac/issues/1977
+ NOTE: https://github.com/gpac/gpac/commit/5e5e9c48b1a61e3844e9fbe26292305ab4c06d04
+ NOTE: Reported twice upstream, fix is in issue 1977 - identical report in issue 1979
+CVE-2021-45259 (An Invalid pointer reference vulnerability exists in gpac 1.1.0 via th ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1986
+ NOTE: https://github.com/gpac/gpac/commit/654c796482c2609aa736315f9273d6c5912e0a29
+CVE-2021-45258 (A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_de ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1970
+ NOTE: https://github.com/gpac/gpac/commit/47a26a32c9a2cd630c48517c3e6ab2fa5f6a26ad
+CVE-2021-45257 (An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...)
+ - nasm <unfixed> (unimportant)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392790
+ NOTE: Negligible security impact
+CVE-2021-45256 (A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via a ...)
+ - nasm <unfixed> (unimportant)
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392789
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...)
+ NOT-FOR-US: Video Sharing Website
+CVE-2021-45254
+ RESERVED
+CVE-2021-45253 (The id parameter in view_storage.php from Simple Cold Storage Manageme ...)
+ NOT-FOR-US: Simple Cold Storage Management System
+CVE-2021-45252 (Multiple SQL injection vulnerabilities are found on Simple Forum-Discu ...)
+ NOT-FOR-US: Simple Forum-Discussion System
+CVE-2021-45251
+ RESERVED
+CVE-2021-45250
+ RESERVED
+CVE-2021-45249
+ RESERVED
+CVE-2021-45248
+ RESERVED
+CVE-2021-45247
+ RESERVED
+CVE-2021-45246
+ RESERVED
+CVE-2021-45245
+ RESERVED
+CVE-2021-45244
+ RESERVED
+CVE-2021-45243
+ RESERVED
+CVE-2021-45242
+ RESERVED
+CVE-2021-45241
+ RESERVED
+CVE-2021-45240
+ RESERVED
+CVE-2021-45239
+ RESERVED
+CVE-2021-45238
+ RESERVED
+CVE-2021-45237
+ RESERVED
+CVE-2021-45236
+ RESERVED
+CVE-2021-45235
+ RESERVED
+CVE-2021-45234
+ RESERVED
+CVE-2021-4142
+ RESERVED
+ NOT-FOR-US: Red Hat Satellite / Candlepin
+CVE-2021-4141
+ RESERVED
+CVE-2021-4140
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2021-4140
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2021-4140
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2021-4140
+CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-4138
+ RESERVED
+ - geckodriver <itp> (bug #989456)
+CVE-2021-45233
+ RESERVED
+CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses two fra ...)
+ NOT-FOR-US: Apache APISIX Dashboard
+CVE-2021-45231 (A link following privilege escalation vulnerability in Trend Micro Ape ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific case ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-45229
+ RESERVED
+CVE-2021-45228
+ RESERVED
+CVE-2021-45227
+ RESERVED
+CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45224 (An issue was discovered in COINS Construction Cloud 11.12. In several ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45223 (An issue was discovered in COINS Construction Cloud 11.12. Due to insu ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45222 (An issue was discovered in COINS Construction Cloud 11.12. Due to logi ...)
+ NOT-FOR-US: COINS Construction Cloud
+CVE-2021-45221
+ RESERVED
+CVE-2021-45220
+ RESERVED
+CVE-2021-45219
+ RESERVED
+CVE-2021-45218
+ RESERVED
+CVE-2021-45217
+ RESERVED
+CVE-2021-45216
+ RESERVED
+CVE-2021-45215
+ RESERVED
+CVE-2021-45214
+ RESERVED
+CVE-2021-45213
+ RESERVED
+CVE-2021-45212
+ RESERVED
+CVE-2021-45211
+ RESERVED
+CVE-2021-45210
+ RESERVED
+CVE-2021-45209
+ RESERVED
+CVE-2021-45208
+ RESERVED
+CVE-2021-45207
+ RESERVED
+CVE-2021-45206
+ RESERVED
+CVE-2021-45205
+ RESERVED
+CVE-2021-45204
+ RESERVED
+CVE-2021-45203
+ RESERVED
+CVE-2021-45202
+ RESERVED
+CVE-2021-45201
+ RESERVED
+CVE-2021-45200
+ RESERVED
+CVE-2021-45199
+ RESERVED
+CVE-2021-45198
+ RESERVED
+CVE-2021-45197
+ RESERVED
+CVE-2021-45196
+ RESERVED
+CVE-2021-45195
+ RESERVED
+CVE-2021-45194
+ RESERVED
+CVE-2021-45193
+ RESERVED
+CVE-2021-45192
+ RESERVED
+CVE-2021-45191
+ RESERVED
+CVE-2021-45190
+ RESERVED
+CVE-2021-45189
+ RESERVED
+CVE-2021-45188
+ RESERVED
+CVE-2021-45187
+ RESERVED
+CVE-2021-45186
+ RESERVED
+CVE-2021-45185
+ RESERVED
+CVE-2021-45184
+ RESERVED
+CVE-2021-45183
+ RESERVED
+CVE-2021-45182
+ RESERVED
+CVE-2021-45181
+ RESERVED
+CVE-2021-45180
+ RESERVED
+CVE-2021-45179
+ RESERVED
+CVE-2021-45178
+ RESERVED
+CVE-2021-45177
+ RESERVED
+CVE-2021-45176
+ RESERVED
+CVE-2021-45175
+ RESERVED
+CVE-2021-45174
+ RESERVED
+CVE-2021-45173
+ RESERVED
+CVE-2021-45172
+ RESERVED
+CVE-2021-45171
+ RESERVED
+CVE-2021-45170
+ RESERVED
+CVE-2021-45169
+ RESERVED
+CVE-2021-45168
+ RESERVED
+CVE-2021-45167
+ RESERVED
+CVE-2021-45166
+ RESERVED
+CVE-2021-45165
+ RESERVED
+CVE-2021-45164
+ RESERVED
+CVE-2021-45163
+ RESERVED
+CVE-2021-45162
+ RESERVED
+CVE-2021-45161
+ RESERVED
+CVE-2021-45160
+ RESERVED
+CVE-2021-45159
+ RESERVED
+CVE-2021-45158
+ RESERVED
+CVE-2021-45157
+ RESERVED
+CVE-2021-45156
+ RESERVED
+CVE-2021-45155
+ RESERVED
+CVE-2021-45154
+ RESERVED
+CVE-2021-45153
+ RESERVED
+CVE-2021-45152
+ RESERVED
+CVE-2021-45151
+ RESERVED
+CVE-2021-45150
+ RESERVED
+CVE-2021-45149
+ RESERVED
+CVE-2021-45148
+ RESERVED
+CVE-2021-45147
+ RESERVED
+CVE-2021-45146
+ RESERVED
+CVE-2021-45145
+ RESERVED
+CVE-2021-45144
+ RESERVED
+CVE-2021-45143
+ RESERVED
+CVE-2021-45142
+ RESERVED
+CVE-2021-45141
+ RESERVED
+CVE-2021-45140
+ RESERVED
+CVE-2021-45139
+ RESERVED
+CVE-2021-45138
+ RESERVED
+CVE-2021-45137
+ RESERVED
+CVE-2021-45136
+ RESERVED
+CVE-2021-45135
+ RESERVED
+CVE-2021-45134
+ RESERVED
+CVE-2021-45133
+ RESERVED
+CVE-2021-45132
+ RESERVED
+CVE-2021-45131
+ RESERVED
+CVE-2021-45130
+ RESERVED
+CVE-2021-45129
+ RESERVED
+CVE-2021-45128
+ RESERVED
+CVE-2021-45127
+ RESERVED
+CVE-2021-45126
+ RESERVED
+CVE-2021-45125
+ RESERVED
+CVE-2021-45124
+ RESERVED
+CVE-2021-45123
+ RESERVED
+CVE-2021-45122
+ RESERVED
+CVE-2021-45121
+ RESERVED
+CVE-2021-45120
+ RESERVED
+CVE-2021-45119
+ RESERVED
+CVE-2021-45118
+ RESERVED
+CVE-2021-45117
+ RESERVED
+CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
+ - python-django 2:3.2.11-1 (bug #1003113)
+ [bullseye] - python-django <postponed> (Minor issue; fix in next update)
+ [buster] - python-django <postponed> (Minor issue; fix in next update)
+ [stretch] - python-django <postponed> (Minor issue; fix in next update)
+ NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
+ NOTE: https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (3.2.11)
+ NOTE: https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a (2.2.26)
+CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...)
+ - python-django 2:3.2.11-1 (bug #1003113)
+ [bullseye] - python-django <postponed> (Minor issue; fix in next update)
+ [buster] - python-django <postponed> (Minor issue; fix in next update)
+ [stretch] - python-django <postponed> (Minor issue; fix in next update)
+ NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/
+ NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11)
+ NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26)
+CVE-2021-45106 (A vulnerability has been identified in SICAM TOOLBOX II (All versions) ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...)
+ NOT-FOR-US: Emerson
+CVE-2021-44462
+ RESERVED
+CVE-2021-4137
+ RESERVED
+CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1 (bug #1002534)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <not-affected> (Vulnerable code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938
+ NOTE: Introduced by: https://github.com/vim/vim/commit/2949cfdbe4335b9abcfeda1be4dfc52090ee1df6 (v8.2.2257)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847)
+CVE-2021-4135
+ RESERVED
+ - linux 5.15.15-1 (unimportant)
+ [bullseye] - linux 5.10.92-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6)
+ NOTE: CONFIG_NETDEVSIM is not set in Debian
+CVE-2021-4134 (The Fancy Product Designer WordPress plugin is vulnerable to SQL Injec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-4129
+ RESERVED
+CVE-2021-4128
+ RESERVED
+CVE-2021-4127
+ RESERVED
+CVE-2021-4126
+ RESERVED
+ {DSA-5034-1 DLA-2874-1}
+ - thunderbird 1:91.4.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126
+CVE-2021-26264 (A specially crafted script could cause the DeltaV Distributed Control ...)
+ NOT-FOR-US: DeltaV Distributed Control System Controllers
+CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...)
+ NOT-FOR-US: Philips
+CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a he ...)
+ NOT-FOR-US: WECON LeviStudioU
+CVE-2021-23138 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a st ...)
+ NOT-FOR-US: WECON LeviStudioU
+CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access cont ...)
+ - glewlwyd 2.6.1-1
+ [bullseye] - glewlwyd <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - glewlwyd <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1)
+CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...)
+ {DSA-5024-1 DLA-2852-1}
+ - apache-log4j2 2.17.0-1 (bug #1001891)
+ NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230
+CVE-2021-31566 [symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive]
+ RESERVED
+ - libarchive 3.5.2-1 (bug #1001990)
+ [bullseye] - libarchive <no-dsa> (Minor issue)
+ [buster] - libarchive <no-dsa> (Minor issue)
+ NOTE: https://github.com/libarchive/libarchive/issues/1566
+ NOTE: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2)
+ NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2)
+CVE-2021-23177 [extracting a symlink with ACLs modifies ACLs of target]
+ RESERVED
+ - libarchive 3.5.2-1 (bug #1001986)
+ [bullseye] - libarchive <no-dsa> (Minor issue)
+ [buster] - libarchive <no-dsa> (Minor issue)
+ NOTE: https://github.com/libarchive/libarchive/issues/1565
+ NOTE: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2)
+CVE-2021-45104
+ RESERVED
+CVE-2021-45103
+ RESERVED
+CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x befor ...)
+ - condor <not-affected> (Only affects 9.0.0 and above)
+ NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/
+CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...)
+ - condor <unfixed> (bug #1002540)
+ [stretch] - condor <ignored> (Patch is too destructive to backport it; Patch does not apply cleanly. Too many calls in patch, not existed in this version of the software)
+ NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/
+ NOTE: https://github.com/htcondor/htcondor/commit/8b311dee6dee6be518e65381e020fb74848b552b (V8_8_14)
+CVE-2021-45099 (** DISPUTED ** The addon.stdin service in addon-ssh (aka Home Assistan ...)
+ NOT-FOR-US: Home Assistant Community Add-on: SSH & Web Terminal
+CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is possible to by ...)
+ - suricata 1:6.0.4-1
+ [bullseye] - suricata <no-dsa> (Minor issue)
+ [buster] - suricata <no-dsa> (Minor issue)
+ [stretch] - suricata <no-dsa> (Minor issue)
+ NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
+ NOTE: https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df
+ NOTE: https://redmine.openinfosecfoundation.org/issues/4710
+CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in ...)
+ NOT-FOR-US: NIME Server
+CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external X ...)
+ NOT-FOR-US: KNIME Analytics Platform
+CVE-2021-45094
+ RESERVED
+CVE-2021-45093
+ RESERVED
+CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...)
+ NOT-FOR-US: Thinfinity VirtualUI
+CVE-2021-45091 (Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access ...)
+ NOT-FOR-US: Stormshield Endpoint Security
+CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code executio ...)
+ NOT-FOR-US: Stormshield Endpoint Security
+CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...)
+ NOT-FOR-US: Stormshield Endpoint Security
+CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
+ - epiphany-browser 41.2-1
+ [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
+CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
+ - epiphany-browser 41.2-1
+ [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
+CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
+ - epiphany-browser 41.2-1
+ [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
+CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
+ {DSA-5042-1}
+ - epiphany-browser 41.2-1
+ [stretch] - epiphany-browser <ignored> (WebKit browser, not covered by security support in stretch)
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
+ NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045
+CVE-2021-45084
+ RESERVED
+CVE-2021-45083 (An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler ...)
+ - cobbler <removed>
+CVE-2021-45082 (An issue was discovered in Cobbler before 3.3.1. In the templar.py fil ...)
+ - cobbler <removed>
+CVE-2021-45081 (An issue was discovered in Cobbler through 3.3.1. Routines in several ...)
+ - cobbler <removed>
+CVE-2021-45080
+ RESERVED
+CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...)
+ {DSA-5056-1 DLA-2909-1}
+ - strongswan 5.9.5-1
+ NOTE: https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html
+ NOTE: Patches: https://download.strongswan.org/security/CVE-2021-45079/
+CVE-2021-45078 (stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows ...)
+ - binutils 2.37.50.20220106-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28694
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
+ NOTE: binutils not covered by security support
+CVE-2021-4125
+ RESERVED
+ NOT-FOR-US: OpenShift metering hive containers
+CVE-2021-42550 (In logback version 1.2.7 and prior versions, an attacker with the requ ...)
+ - logback 1:1.2.8-1
+ [bullseye] - logback <no-dsa> (Minor issue)
+ [buster] - logback <no-dsa> (Minor issue)
+ [stretch] - logback <no-dsa> (Minor issue)
+ NOTE: https://jira.qos.ch/browse/LOGBACK-1591
+ NOTE: https://github.com/qos-ch/logback/commit/21d772f2bc2ed780b01b4fe108df7e29707763f1 (v_1.2.8)
+CVE-2021-44771
+ REJECTED
+CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input During ...)
+ - janus <unfixed> (unimportant)
+ NOTE: https://huntr.dev/bounties/a6ca142e-60aa-4d6f-b231-5d1bcd1b7190
+ NOTE: https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d
+ NOTE: Issues only in janus-demos built from src:janus
+CVE-2021-4123 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4122 [decryption through LUKS2 reencryption crash recovery]
+ RESERVED
+ {DSA-5070-1}
+ - cryptsetup 2:2.4.3-1 (bug #1003686)
+ [buster] - cryptsetup <not-affected> (Vulnerable code not present; does not support online LUKS2 reencryption)
+ [stretch] - cryptsetup <not-affected> (Vulnerable code not present; does not support LUKS2)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2032401
+ NOTE: https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c
+ NOTE: 2.4 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/de98f011418c62e7b825a8ce3256e8fcdc84756e
+ NOTE: 2.3 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/60addcffa6794c29dccf33d8db5347f24b75f2fc
+CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-23151
+ REJECTED
+CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...)
+ - linux 5.15.15-1 (unimportant)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/cifsd-team/ksmbd/issues/550
+ NOTE: https://github.com/cifsd-team/ksmbd/pull/551
+ NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2
+ NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1.
+CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/
+CVE-2021-45070
+ RESERVED
+CVE-2021-45069
+ RESERVED
+CVE-2021-45068 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45067 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45066
+ RESERVED
+CVE-2021-45065
+ RESERVED
+CVE-2021-45064 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45063 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45062 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45061 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45060 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45059 (Adobe InDesign version 16.4 (and earlier) is affected by a use-after-f ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45058 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45057 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45056 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45055 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45054 (Adobe InCopy version 16.4 (and earlier) is affected by a use-after-fre ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45053 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45052 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-45051 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-4120 (snapd 2.54.2 fails to perform sufficient validation of snap content in ...)
+ - snapd <unfixed>
+ [bullseye] - snapd 2.49-1+deb11u1
+ NOTE: https://bugs.launchpad.net/snapd/+bug/1949368
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/18/2
+CVE-2021-45050
+ RESERVED
+CVE-2021-45049
+ RESERVED
+CVE-2021-45048
+ RESERVED
+CVE-2021-45047
+ RESERVED
+CVE-2021-45046 (It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ...)
+ {DSA-5022-1}
+ - apache-log4j2 2.16.0-1 (bug #1001729)
+ [stretch] - apache-log4j2 <not-affected> (JndiLookup class has been removed)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/4
+ NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3221
+ NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/
+CVE-2021-45045
+ RESERVED
+CVE-2021-45044
+ RESERVED
+CVE-2021-44768
+ RESERVED
+CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-sit ...)
+ NOT-FOR-US: DIAEnergie
+CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...)
+ NOT-FOR-US: DIAEnergie
+CVE-2021-4119 (bookstack is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: bookstack
+CVE-2021-4118 (pytorch-lightning is vulnerable to Deserialization of Untrusted Data ...)
+ NOT-FOR-US: pytorch-lightning
+CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-4115 (There is a flaw in polkit which can allow an unprivileged user to caus ...)
+ [experimental] - policykit-1 0.120-6
+ - policykit-1 0.105-32 (bug #1005784)
+ [bullseye] - policykit-1 <no-dsa> (Minor issue)
+ [buster] - policykit-1 <not-affected> (Vulnerable code not present, patch introducing issue not backported)
+ [stretch] - policykit-1 <not-affected> (Vulnerable code not present, patch introducing issue not backported)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2007534
+ NOTE: https://securitylab.github.com/advisories/GHSL-2021-077-polkit/
+ NOTE: Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7
+ NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
+ NOTE: Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38
+ NOTE: Debian backported 0.113 commits in 0.105-26
+CVE-2021-4114
+ REJECTED
+CVE-2021-4113
+ REJECTED
+CVE-2021-4112
+ RESERVED
+ NOT-FOR-US: Ansible Tower
+CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...)
+ NOT-FOR-US: DIAEnergie
+CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...)
+ NOT-FOR-US: DIAEnergie
+CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ directory traver ...)
+ NOT-FOR-US: HD-Network Real-time Monitoring System
+CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8 ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-45041 (SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL i ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference ...)
+ - mruby 3.0.0-2 (bug #1001768)
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <postponed> (revisit when/if fix is complete)
+ NOTE: https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20
+ NOTE: https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34
+CVE-2021-4109
+ RESERVED
+CVE-2021-4108 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-45040
+ RESERVED
+CVE-2021-45039
+ RESERVED
+CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ {DSA-5021-1}
+ - mediawiki 1:1.35.5-1
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T297574
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-45037
+ RESERVED
+CVE-2021-45036
+ RESERVED
+CVE-2021-45035
+ RESERVED
+CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
+ NOT-FOR-US: Siemens
+CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
+ NOT-FOR-US: Siemens
+CVE-2021-45032
+ RESERVED
+CVE-2021-45031
+ RESERVED
+CVE-2021-45030
+ RESERVED
+CVE-2021-45029 (Groovy Code Injection &amp; SpEL Injection which lead to Remote Code E ...)
+ NOT-FOR-US: Apache ShenYu
+CVE-2021-45028
+ RESERVED
+CVE-2021-45027
+ RESERVED
+CVE-2021-45026
+ RESERVED
+CVE-2021-45025
+ RESERVED
+CVE-2021-45024
+ RESERVED
+CVE-2021-45023
+ RESERVED
+CVE-2021-45022
+ RESERVED
+CVE-2021-45021
+ RESERVED
+CVE-2021-45020
+ RESERVED
+CVE-2021-45019
+ RESERVED
+CVE-2021-45018 (Cross Site Scripting (XSS) vulnerability exists in Catfish &lt;=6.3.0 ...)
+ NOT-FOR-US: CatFish (not same as src:catfish)
+CVE-2021-45017 (Cross Site Request Forgery (CSRF) vulnerability exits in Catfish &lt;= ...)
+ NOT-FOR-US: CatFish (not same as src:catfish)
+CVE-2021-45016
+ RESERVED
+CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\inclu ...)
+ NOT-FOR-US: taocms
+CVE-2021-45014 (There is an upload sql injection vulnerability in the background of ta ...)
+ NOT-FOR-US: taocms
+CVE-2021-45013
+ RESERVED
+CVE-2021-45012
+ RESERVED
+CVE-2021-45011
+ RESERVED
+CVE-2021-45010
+ RESERVED
+CVE-2021-45009
+ RESERVED
+CVE-2021-45008 (Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability ...)
+ NOT-FOR-US: Plesk CMS
+CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulne ...)
+ NOT-FOR-US: Plesk
+CVE-2021-45006
+ RESERVED
+CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow w ...)
+ - mujs <unfixed>
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704749 (not public)
+ NOTE: http://git.ghostscript.com/?p=mujs.git;h=df8559e7bdbc6065276e786217eeee70f28fce66 (1.2.0)
+CVE-2021-45004
+ RESERVED
+CVE-2021-45003 (Laundry Booking Management System 1.0 (Latest) and previous versions a ...)
+ NOT-FOR-US: Laundry Booking Management System
+CVE-2021-45002
+ RESERVED
+CVE-2021-45001
+ RESERVED
+CVE-2021-45000
+ RESERVED
+CVE-2021-44999
+ RESERVED
+CVE-2021-44998
+ RESERVED
+CVE-2021-44997
+ RESERVED
+CVE-2021-44996
+ RESERVED
+CVE-2021-44995
+ RESERVED
+CVE-2021-44994 (There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0' ...)
+ - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4894
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4944
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4895
+CVE-2021-44993 (There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at ...)
+ - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4876
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878
+CVE-2021-44992 (There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at ...)
+ - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4875
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4879
+CVE-2021-44991
+ RESERVED
+CVE-2021-44990
+ RESERVED
+CVE-2021-44989
+ RESERVED
+CVE-2021-44988 (Jerryscript v3.0.0 and below was discovered to contain a stack overflo ...)
+ - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4891
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899
+CVE-2021-44987
+ RESERVED
+CVE-2021-44986
+ RESERVED
+CVE-2021-44985
+ RESERVED
+CVE-2021-44984
+ RESERVED
+CVE-2021-44983 (In taocms 3.0.1 after logging in to the background, there is an Arbitr ...)
+ NOT-FOR-US: taocms
+CVE-2021-44982
+ RESERVED
+CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a variable w ...)
+ NOT-FOR-US: QuickBox Pro
+CVE-2021-44980
+ RESERVED
+CVE-2021-44979
+ RESERVED
+CVE-2021-44978 (iCMS &lt;= 8.0.0 allows users to add and render a comtom template, whi ...)
+ NOT-FOR-US: iCMS
+CVE-2021-44977 (In iCMS &lt;=8.0.0, a directory traversal vulnerability allows an atta ...)
+ NOT-FOR-US: iCMS
+CVE-2021-44976
+ RESERVED
+CVE-2021-44975
+ RESERVED
+CVE-2021-44974
+ RESERVED
+CVE-2021-44973
+ RESERVED
+CVE-2021-44972
+ RESERVED
+CVE-2021-44971 (Multiple Tenda devices are affected by authentication bypass, such as ...)
+ NOT-FOR-US: Tenda
+CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) v ...)
+ NOT-FOR-US: MiniCMS
+CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...)
+ NOT-FOR-US: Taocms
+CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 ...)
+ NOT-FOR-US: IOBit Advanced SystemCare
+CVE-2021-44967
+ RESERVED
+CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...)
+ NOT-FOR-US: PHPGURUKUL Employee Record Management System
+CVE-2021-44965 (Directory traversal vulnerability in /admin/includes/* directory for P ...)
+ NOT-FOR-US: PHPGURUKUL Employee Record Management System
+CVE-2021-44964
+ RESERVED
+CVE-2021-44963
+ RESERVED
+CVE-2021-44962
+ RESERVED
+CVE-2021-44961
+ RESERVED
+CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...)
+ - svgpp <unfixed>
+ [bullseye] - svgpp <no-dsa> (Minor issue)
+ [buster] - svgpp <no-dsa> (Minor issue)
+ NOTE: https://github.com/svgpp/svgpp/issues/101
+CVE-2021-44959
+ RESERVED
+CVE-2021-44958
+ RESERVED
+CVE-2021-44957 (Global buffer overflow vulnerability exist in ffjpeg through 01.01.202 ...)
+ NOT-FOR-US: ffjpeg
+CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg through ...)
+ NOT-FOR-US: ffjpeg
+CVE-2021-44955
+ RESERVED
+CVE-2021-44954
+ RESERVED
+CVE-2021-44953
+ RESERVED
+CVE-2021-44952
+ RESERVED
+CVE-2021-44951
+ RESERVED
+CVE-2021-44950
+ RESERVED
+CVE-2021-44949 (glFusion CMS 1.7.9 is affected by an access control vulnerability via ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-44948
+ REJECTED
+CVE-2021-44947
+ RESERVED
+CVE-2021-44946
+ RESERVED
+CVE-2021-44945
+ RESERVED
+CVE-2021-44944
+ RESERVED
+CVE-2021-44943
+ RESERVED
+CVE-2021-44942 (glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-44941
+ RESERVED
+CVE-2021-44940
+ RESERVED
+CVE-2021-44939
+ RESERVED
+CVE-2021-44938
+ RESERVED
+CVE-2021-44937 (glFusion CMS v1.7.9 is affected by an arbitrary user registration vuln ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-44936
+ RESERVED
+CVE-2021-44935 (glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vul ...)
+ NOT-FOR-US: glFusion CMS
+CVE-2021-44934
+ RESERVED
+CVE-2021-44933
+ RESERVED
+CVE-2021-44932
+ RESERVED
+CVE-2021-44931
+ RESERVED
+CVE-2021-44930
+ RESERVED
+CVE-2021-44929
+ RESERVED
+CVE-2021-44928
+ RESERVED
+CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1960
+ NOTE: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92
+CVE-2021-44926 (A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in t ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1961
+ NOTE: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e
+CVE-2021-44925 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1967
+ NOTE: https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2
+CVE-2021-44924 (An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log func ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1959
+ NOTE: https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497
+CVE-2021-44923 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1962
+ NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229
+CVE-2021-44922 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the B ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1969
+ NOTE: https://github.com/gpac/gpac/issues/1968
+ NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a
+CVE-2021-44921 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1964
+ NOTE: https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2
+CVE-2021-44920 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1957
+ NOTE: https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4
+CVE-2021-44919 (A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_a ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1963
+ NOTE: https://github.com/gpac/gpac/issues/1962
+ NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229
+CVE-2021-44918 (A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the g ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1968
+ NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a
+CVE-2021-44917 (A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d ...)
+ - gnuplot 5.4.2+dfsg2-2 (unimportant; bug #1002539)
+ NOTE: https://sourceforge.net/p/gnuplot/bugs/2474/
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/8938dfc937348f1d4e7b3d6ef6d44209b1d89473/ (master)
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/acab14de21e323254507fca85f964e471258ac82/ (master)
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/4cc2a4c83bc95470caa525cda52fba683e95bbb9/ (master)
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/7285b0c578a067d8d9fe0566ccefaee131f62087/ (branch-5-4-stable)
+ NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/bac7cf51333242999ecb66883fd6076168ec3441/ (branch-5-4-stable)
+ NOTE: Crash in CLI tool, negligible security impact
+CVE-2021-44916 (Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a ...)
+ NOT-FOR-US: Open-AudIT
+CVE-2021-44915
+ RESERVED
+CVE-2021-44914
+ RESERVED
+CVE-2021-44913
+ RESERVED
+CVE-2021-44912 (In XE 1.116, when uploading the Normal button, there is no restriction ...)
+ NOT-FOR-US: XE
+CVE-2021-44911 (XE before 1.11.6 is vulnerable to Unrestricted file upload via modules ...)
+ NOT-FOR-US: XE
+CVE-2021-44910
+ RESERVED
+CVE-2021-44909
+ RESERVED
+CVE-2021-44908
+ RESERVED
+CVE-2021-44907
+ RESERVED
+CVE-2021-44906
+ RESERVED
+CVE-2021-44905
+ RESERVED
+CVE-2021-44904
+ RESERVED
+CVE-2021-44903 (Micro-Star International (MSI) Center Pro &lt;= 2.0.16.0 is vulnerable ...)
+ NOT-FOR-US: Micro-Star International (MSI) Center Pro
+CVE-2021-44902
+ RESERVED
+CVE-2021-44901 (Micro-Star International (MSI) Dragon Center &lt;= 2.0.116.0 is vulner ...)
+ NOT-FOR-US: Micro-Star International (MSI) Dragon Center
+CVE-2021-44900 (Micro-Star International (MSI) App Player &lt;= 4.280.1.6309 is vulner ...)
+ NOT-FOR-US: Micro-Star International (MSI) App Player
+CVE-2021-44899 (Micro-Star International (MSI) Center &lt;= 1.0.31.0 is vulnerable to ...)
+ NOT-FOR-US: Micro-Star International (MSI) Center
+CVE-2021-44898
+ RESERVED
+CVE-2021-44897
+ RESERVED
+CVE-2021-44896 (DMP Roadmap before 3.0.4 allows XSS. ...)
+ NOT-FOR-US: DMP Roadmap
+CVE-2021-44895
+ RESERVED
+CVE-2021-44894
+ RESERVED
+CVE-2021-44893
+ RESERVED
+CVE-2021-44892 (A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x v ...)
+ NOT-FOR-US: ThinkPHP
+CVE-2021-44891
+ RESERVED
+CVE-2021-44890
+ RESERVED
+CVE-2021-44889
+ RESERVED
+CVE-2021-44888
+ RESERVED
+CVE-2021-44887
+ RESERVED
+CVE-2021-44886 (In Zammad 5.0.2, agents can configure "out of office" periods and subs ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-44885
+ RESERVED
+CVE-2021-44884
+ RESERVED
+CVE-2021-44883
+ RESERVED
+CVE-2021-44882 (D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a ...)
+ NOT-FOR-US: D-Link
+CVE-2021-44881 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...)
+ NOT-FOR-US: D-Link
+CVE-2021-44880 (D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-44879 (In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, ...)
+ - linux 5.16.7-1
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/12/1
+ NOTE: Fixed by: https://git.kernel.org/linus/9056d6489f5a41cfbb67f719d2c0ce61ead72d9f (5.17-rc1)
+CVE-2021-44878 (Pac4j v5.1 and earlier allows (by default) clients to accept and succe ...)
+ NOT-FOR-US: Pac4j
+CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...)
+ NOT-FOR-US: Dalmark Systems Systeam
+CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
+ NOT-FOR-US: Dalmark Systems Systeam
+CVE-2021-44875 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
+ NOT-FOR-US: Dalmark Systems Systeam
+CVE-2021-44874 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure de ...)
+ NOT-FOR-US: Dalmark Systems Systeam
+CVE-2021-44873
+ RESERVED
+CVE-2021-44872
+ RESERVED
+CVE-2021-44871
+ RESERVED
+CVE-2021-44870
+ RESERVED
+CVE-2021-44869
+ RESERVED
+CVE-2021-44868 (A problem was found in ming-soft MCMS v5.1. There is a sql injection v ...)
+ NOT-FOR-US: ming-soft MCMS
+CVE-2021-44867
+ RESERVED
+CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...)
+ NOT-FOR-US: Online-Movie-Ticket-Booking-System
+CVE-2021-44865
+ RESERVED
+CVE-2021-44864 (TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buff ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-44863
+ RESERVED
+CVE-2021-44862
+ RESERVED
+CVE-2021-44861
+ RESERVED
+CVE-2021-44860 (An out-of-bounds read vulnerability exists when reading a TIF file usi ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44859 (An out-of-bounds read vulnerability exists when reading a TGA file usi ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44858 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ {DSA-5021-1 DLA-2847-1}
+ - mediawiki 1:1.35.5-1
+ [buster] - mediawiki 1:1.31.16-1+deb10u2
+ NOTE: https://phabricator.wikimedia.org/T297322
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44857 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
+ {DSA-5021-1}
+ - mediawiki 1:1.35.5-1
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T297322
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44856 [Title blocked in AbuseFilter can be created via Special:ChangeContentModel]
+ RESERVED
+ - mediawiki 1:1.35.5-1
+ [bullseye] - mediawiki <postponed> (Minor issue)
+ [buster] - mediawiki <postponed> (Minor issue)
+ [stretch] - mediawiki <postponed> (Minor issue)
+ NOTE: https://phabricator.wikimedia.org/T271037
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44855 [Blind Stored XSS in VisualEditor media dialog]
+ RESERVED
+ - mediawiki 1:1.35.5-1
+ [bullseye] - mediawiki <postponed> (Minor issue)
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T293589
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44854 [REST API incorrectly publicly caches autocomplete search results from private wikis]
+ RESERVED
+ - mediawiki 1:1.35.5-1
+ [bullseye] - mediawiki <postponed> (Minor issue)
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T292763
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/
+CVE-2021-44853
+ RESERVED
+CVE-2021-44852 (An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1. ...)
+ NOT-FOR-US: Biostar RACING GT Evo
+CVE-2021-44851
+ RESERVED
+CVE-2021-44850 (On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot i ...)
+ NOT-FOR-US: Xilinx Zynq-7000 SoC device
+CVE-2021-44849
+ RESERVED
+CVE-2021-44848 (In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns dif ...)
+ NOT-FOR-US: Cibele Thinfinity VirtualUI
+CVE-2021-44847 (A stack-based buffer overflow in handle_request function in DHT.c in t ...)
+ - libtoxcore 0.2.13-1 (bug #1001711)
+ [bullseye] - libtoxcore <no-dsa> (Minor issue)
+ [buster] - libtoxcore <no-dsa> (Minor issue)
+ NOTE: https://github.com/TokTok/c-toxcore/pull/1718
+ NOTE: https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/
+ NOTE: Introduced by: https://github.com/TokTok/c-toxcore/commit/71260e38e8d12547b0e55916daf6cadd72f52e19 (v0.1.9)
+ NOTE: Fixed by: https://github.com/TokTok/c-toxcore/commit/1b02bad36864fdfc36694e3f96d2dc6c58a891e4 (v0.2.13)
+CVE-2021-44846
+ RESERVED
+CVE-2021-44845
+ RESERVED
+CVE-2021-44844
+ RESERVED
+CVE-2021-44843
+ RESERVED
+CVE-2021-44842
+ RESERVED
+CVE-2021-44841
+ RESERVED
+CVE-2021-44840 (An issue was discovered in Delta RM 1.2. Using an privileged account, ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44839 (An issue was discovered in Delta RM 1.2. It is possible to request a n ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44837 (An issue was discovered in Delta RM 1.2. It is possible for an unprivi ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44836 (An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/r ...)
+ NOT-FOR-US: Delta RM
+CVE-2021-44835
+ RESERVED
+CVE-2021-44834
+ RESERVED
+CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an attacker to r ...)
+ NOT-FOR-US: Snow Inventory Java Scanner
+CVE-2021-4105
+ RESERVED
+CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...)
+ NOT-FOR-US: CLI for Amazon AWS OpenSearch
+CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...)
+ {DLA-2905-1}
+ - apache-log4j1.2 1.2.17-11
+ [bullseye] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
+ [buster] - apache-log4j1.2 <no-dsa> (Minor issue; JMSAppender not configured to be used by default)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/1
+ NOTE: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
+ NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2
+CVE-2021-4103 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...)
+ NOT-FOR-US: vditor
+CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fi ...)
+ {DLA-2870-1}
+ - apache-log4j2 2.17.1-1 (bug #1002813)
+ [bullseye] - apache-log4j2 <no-dsa> (Minor issue; requires attacker with permissions to modify the logging configuration file)
+ [buster] - apache-log4j2 <no-dsa> (Minor issue; requires attacker with permissions to modify the logging configuration file)
+ NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3293
+ NOTE: https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143
+ NOTE: https://github.com/apache/logging-log4j2/commit/05db5f9527254632b59aed2a1d78a32c5ab74f16 (log4j-2.17.1-rc1)
+ NOTE: Fixed in 2.17.1, 2.12.4 and 2.3.2
+CVE-2021-44831
+ RESERVED
+CVE-2021-44830
+ RESERVED
+CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in AFI W ...)
+ NOT-FOR-US: AFI WebACMS
+CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...)
+ NOT-FOR-US: ARM
+CVE-2021-44827
+ RESERVED
+CVE-2021-44826
+ RESERVED
+CVE-2021-44825
+ RESERVED
+CVE-2021-44824
+ RESERVED
+CVE-2021-44823
+ RESERVED
+CVE-2021-44822
+ RESERVED
+CVE-2021-44821
+ RESERVED
+CVE-2021-44820
+ RESERVED
+CVE-2021-44819
+ RESERVED
+CVE-2021-44818
+ RESERVED
+CVE-2021-44817
+ RESERVED
+CVE-2021-44816
+ RESERVED
+CVE-2021-44815
+ RESERVED
+CVE-2021-44814
+ RESERVED
+CVE-2021-44813
+ RESERVED
+CVE-2021-44812
+ RESERVED
+CVE-2021-44811
+ RESERVED
+CVE-2021-44810
+ RESERVED
+CVE-2021-44809
+ RESERVED
+CVE-2021-44808
+ RESERVED
+CVE-2021-44807
+ RESERVED
+CVE-2021-44806
+ RESERVED
+CVE-2021-44805
+ RESERVED
+CVE-2021-44804
+ RESERVED
+CVE-2021-44803
+ RESERVED
+CVE-2021-44802
+ RESERVED
+CVE-2021-44801
+ RESERVED
+CVE-2021-44800
+ RESERVED
+CVE-2021-44799
+ RESERVED
+CVE-2021-44798
+ RESERVED
+CVE-2021-44797
+ RESERVED
+CVE-2021-44796
+ RESERVED
+CVE-2021-4102 (Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4101 (Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.466 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4100 (Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.11 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4099 (Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4098 (Insufficient data validation in Mojo in Google Chrome prior to 96.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...)
+ NOT-FOR-US: phpservermon
+CVE-2021-4096
+ RESERVED
+CVE-2021-44795 (Single Connect does not perform an authorization check when using the ...)
+ NOT-FOR-US: Single Connect
+CVE-2021-44794 (Single Connect does not perform an authorization check when using the ...)
+ NOT-FOR-US: Single Connect
+CVE-2021-44793 (Single Connect does not perform an authorization check when using the ...)
+ NOT-FOR-US: Single Connect
+CVE-2021-44792 (Single Connect does not perform an authorization check when using the ...)
+ NOT-FOR-US: Kron Single Connect
+CVE-2021-44791
+ RESERVED
+CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...)
+ {DSA-5035-1 DLA-2907-1}
+ - apache2 2.4.52-1
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790
+ NOTE: Fixed by: https://svn.apache.org/r1896039
+CVE-2021-4095
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/
+ NOTE: https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2031194
+CVE-2021-4094
+ RESERVED
+CVE-2021-4093 (A flaw was found in the KVM's AMD code for supporting the Secure Encry ...)
+ - linux 5.14.16-1
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/95e16b4792b0429f1933872f743410f00e590c55 (5.15-rc7)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584
+CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: yetiforcecrm
+CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...)
+ - 389-ds-base <unfixed>
+ [stretch] - 389-ds-base <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307
+ NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4)
+CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in the ...)
+ - linux 5.15.5-1
+ [bullseye] - linux <not-affected> (Vulnerable code introduced later)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025101
+ NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2)
+CVE-2021-44789
+ RESERVED
+CVE-2021-44788
+ RESERVED
+CVE-2021-44787
+ RESERVED
+CVE-2021-44786
+ RESERVED
+CVE-2021-44785
+ RESERVED
+CVE-2021-44784
+ RESERVED
+CVE-2021-44783
+ RESERVED
+CVE-2021-44782
+ RESERVED
+CVE-2021-44781
+ RESERVED
+CVE-2021-44780
+ RESERVED
+CVE-2021-44764
+ RESERVED
+CVE-2021-4089 (snipe-it is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-37408
+ RESERVED
+CVE-2021-31565
+ RESERVED
+CVE-2021-26261
+ RESERVED
+CVE-2021-26255
+ RESERVED
+CVE-2021-23189
+ RESERVED
+CVE-2021-23175 (NVIDIA GeForce Experience contains a vulnerability in user authorizati ...)
+ NOT-FOR-US: NVIDIA GeForce Experience
+CVE-2021-23171
+ RESERVED
+CVE-2021-23170
+ RESERVED
+CVE-2021-23148
+ RESERVED
+CVE-2021-44759
+ RESERVED
+CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO extensio ...)
+ NOT-FOR-US: McAfee
+CVE-2021-4087
+ RESERVED
+CVE-2021-4086
+ RESERVED
+CVE-2021-4085
+ RESERVED
+CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-4083 (A read-after-free memory flaw was found in the Linux kernel's garbage ...)
+ - linux 5.15.5-2
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4)
+CVE-2021-4082 (pimcore is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-44758
+ RESERVED
+CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Centr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44756
+ RESERVED
+CVE-2021-44755
+ RESERVED
+CVE-2021-44754
+ RESERVED
+CVE-2021-44753
+ RESERVED
+CVE-2021-44752
+ RESERVED
+CVE-2021-44751
+ RESERVED
+CVE-2021-44750
+ RESERVED
+CVE-2021-44749
+ RESERVED
+CVE-2021-44748
+ RESERVED
+CVE-2021-44747
+ RESERVED
+CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior ...)
+ NOT-FOR-US: UNIVERGE
+CVE-2021-44745
+ RESERVED
+CVE-2021-44744
+ RESERVED
+CVE-2021-44743 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44742 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44741 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44740 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44545
+ RESERVED
+CVE-2021-44457
+ RESERVED
+CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...)
+ NOT-FOR-US: Intel
+CVE-2021-43351
+ RESERVED
+CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...)
+ NOT-FOR-US: Crater
+CVE-2021-26946
+ RESERVED
+CVE-2021-26254
+ RESERVED
+CVE-2021-23188
+ RESERVED
+CVE-2021-23168
+ RESERVED
+CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...)
+ NOT-FOR-US: Intel
+CVE-2021-23145
+ RESERVED
+CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
+ - rainloop 1.14.0-1 (bug #962629)
+ [buster] - rainloop <no-dsa> (Minor issue)
+ NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872
+CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...)
+ - linux 5.15.15-1
+ [bullseye] - linux 5.10.92-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030747
+CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory condi ...)
+ [experimental] - mbedtls 2.28.0-0.1
+ - mbedtls 2.28.0-0.3 (bug #1002631)
+ NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
+ NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12)
+CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when ...)
+ {DSA-5080-1}
+ - snapd <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
+CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...)
+ {DSA-5080-1}
+ - snapd <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2
+CVE-2021-44729
+ RESERVED
+CVE-2021-44728
+ RESERVED
+CVE-2021-44727
+ RESERVED
+CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...)
+ NOT-FOR-US: KNIME Server
+CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...)
+ NOT-FOR-US: KNIME Server
+CVE-2021-44724
+ RESERVED
+CVE-2021-44723
+ RESERVED
+CVE-2021-44722
+ RESERVED
+CVE-2021-44721
+ RESERVED
+CVE-2021-44720
+ RESERVED
+CVE-2021-44719
+ RESERVED
+CVE-2021-44718
+ RESERVED
+CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operat ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.17 1.17.5-1
+ - golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/50057
+ NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ
+ NOTE: https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee (go1.17.5)
+ NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.16.12)
+CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.17 1.17.5-1
+ - golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ - golang-golang-x-net 1:0.0+git20211209.491a49a+dfsg-1
+ - golang-golang-x-net-dev <removed>
+ [stretch] - golang-golang-x-net-dev <postponed> (Limited support in stretch)
+ NOTE: https://github.com/golang/go/issues/50058
+ NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ
+ NOTE: https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5)
+ NOTE: https://github.com/golang/go/commit/d0aebe3e74fe14799f97ddd3f01129697c6a290a (go1.16.12)
+ NOTE: https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70
+CVE-2021-44715 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44714 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44713 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44712 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44711 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44710 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44709 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44708 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44707 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44706 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44705 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44704 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44703 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44702 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44701 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44700 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44699 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44698 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44696
+ RESERVED
+CVE-2021-44695
+ RESERVED
+CVE-2021-44694
+ RESERVED
+CVE-2021-44693
+ RESERVED
+CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4078 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4077
+ RESERVED
+CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
+ RESERVED
+ {DSA-5025-1}
+ - tang 11-1
+ [buster] - tang <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/latchset/tang/pull/81
+ NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8)
+ NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11)
+CVE-2021-44692 (BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the ...)
+ NOT-FOR-US: BuddyBoss Platform
+CVE-2021-44691
+ RESERVED
+CVE-2021-44690
+ RESERVED
+CVE-2021-44689
+ RESERVED
+CVE-2021-44688
+ RESERVED
+CVE-2021-44687
+ RESERVED
+CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vulnerable ...)
+ - calibre 5.33.0+dfsg-1
+ [bullseye] - calibre <no-dsa> (Minor issue)
+ [buster] - calibre <no-dsa> (Minor issue)
+ [stretch] - calibre <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/calibre/+bug/1951979
+ NOTE: https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0)
+CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches Aren' ...)
+ NOT-FOR-US: git-it
+CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...)
+ NOT-FOR-US: naholyr github-todos
+CVE-2021-44683
+ RESERVED
+CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44681 (An issue (5 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44680 (An issue (4 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44679 (An issue (3 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44678 (An issue (2 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44677 (An issue (1 of 6) was discovered in Veritas Enterprise Vault through 1 ...)
+ NOT-FOR-US: Veritas
+CVE-2021-44676 (Zoho ManageEngine Access Manager Plus before 4203 allows anyone to vie ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vuln ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-4074 (The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...)
+ NOT-FOR-US: elgg
+CVE-2021-4071
+ RESERVED
+CVE-2021-44674 (An information exposure issue has been discovered in Opmantek Open-Aud ...)
+ NOT-FOR-US: Open-AudIT
+CVE-2021-44673
+ RESERVED
+CVE-2021-44672
+ RESERVED
+CVE-2021-44671
+ RESERVED
+CVE-2021-44670
+ RESERVED
+CVE-2021-44669
+ RESERVED
+CVE-2021-44668
+ RESERVED
+CVE-2021-44667
+ RESERVED
+CVE-2021-44666
+ RESERVED
+CVE-2021-44665
+ RESERVED
+CVE-2021-44664
+ RESERVED
+CVE-2021-44663
+ RESERVED
+CVE-2021-44662
+ RESERVED
+CVE-2021-44661
+ RESERVED
+CVE-2021-44660
+ RESERVED
+CVE-2021-44659 (Adding a new pipeline in GoCD server version 21.3.0 has a functionalit ...)
+ NOT-FOR-US: GoCD server
+CVE-2021-44658
+ RESERVED
+CVE-2021-44657 (In StackStorm versions prior to 3.6.0, the jinja interpreter was not r ...)
+ NOT-FOR-US: StackStorm
+CVE-2021-44656
+ RESERVED
+CVE-2021-44655 (Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQ ...)
+ NOT-FOR-US: Online Pre-owned/Used Car Showroom Management System
+CVE-2021-44654
+ RESERVED
+CVE-2021-44653 (Online Magazine Management System 1.0 contains a SQL injection authent ...)
+ NOT-FOR-US: Online Magazine Management System
+CVE-2021-44652 (Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote co ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44651 (Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote co ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44650 (Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote co ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter while gen ...)
+ - python-django-cms <itp> (bug #516183)
+CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulner ...)
+ - gdk-pixbuf <unfixed>
+ [buster] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
+ [stretch] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136
+ NOTE: https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/
+ NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/b88f1ce91a610a4e491a4ad6352183791e78afac (2.39.2)
+CVE-2021-44647 (Lua 5.4.4 and 5.4.2 are affected by SEGV by type confusion in funcname ...)
+ - lua5.4 5.4.4-1 (bug #1004189)
+ NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00195.html
+ NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00204.html
+ NOTE: Fixed by: https://github.com/lua/lua/commit/1de95e97ef65632a88e08b6184bd9d1ceba7ec2f
+ TODO: check older versions if issue is present, reproducer do not crash, but needs inspection of the code yet
+CVE-2021-44646
+ RESERVED
+CVE-2021-44645
+ RESERVED
+CVE-2021-44644
+ RESERVED
+CVE-2021-44643
+ RESERVED
+CVE-2021-44642
+ RESERVED
+CVE-2021-44641
+ RESERVED
+CVE-2021-44640
+ RESERVED
+CVE-2021-44639
+ RESERVED
+CVE-2021-44638
+ RESERVED
+CVE-2021-44637
+ RESERVED
+CVE-2021-44636
+ RESERVED
+CVE-2021-44635
+ RESERVED
+CVE-2021-44634
+ RESERVED
+CVE-2021-44633
+ RESERVED
+CVE-2021-44632
+ RESERVED
+CVE-2021-44631
+ RESERVED
+CVE-2021-44630
+ RESERVED
+CVE-2021-44629
+ RESERVED
+CVE-2021-44628
+ RESERVED
+CVE-2021-44627
+ RESERVED
+CVE-2021-44626
+ RESERVED
+CVE-2021-44625
+ RESERVED
+CVE-2021-44624
+ RESERVED
+CVE-2021-44623
+ RESERVED
+CVE-2021-44622
+ RESERVED
+CVE-2021-44621
+ RESERVED
+CVE-2021-44620
+ RESERVED
+CVE-2021-44619
+ RESERVED
+CVE-2021-44618
+ RESERVED
+CVE-2021-44617
+ RESERVED
+CVE-2021-44616
+ RESERVED
+CVE-2021-44615
+ RESERVED
+CVE-2021-44614
+ RESERVED
+CVE-2021-44613
+ RESERVED
+CVE-2021-44612
+ RESERVED
+CVE-2021-44611
+ RESERVED
+CVE-2021-44610
+ RESERVED
+CVE-2021-44609
+ RESERVED
+CVE-2021-44608
+ RESERVED
+CVE-2021-44607
+ RESERVED
+CVE-2021-44606
+ RESERVED
+CVE-2021-44605
+ RESERVED
+CVE-2021-44604
+ RESERVED
+CVE-2021-44603
+ RESERVED
+CVE-2021-44602
+ RESERVED
+CVE-2021-44601
+ RESERVED
+CVE-2021-44600 (The password parameter on Simple Online Mens Salon Management System ( ...)
+ NOT-FOR-US: Simple Online Mens Salon Management System (MSMS)
+CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 system a ...)
+ NOT-FOR-US: Online Enrollment Management System
+CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scripting ...)
+ NOT-FOR-US: Attendance Management System
+CVE-2021-44597
+ RESERVED
+CVE-2021-44596
+ RESERVED
+CVE-2021-44595
+ RESERVED
+CVE-2021-44594
+ RESERVED
+CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...)
+ NOT-FOR-US: Simple College Website
+CVE-2021-44592
+ RESERVED
+CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...)
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/235
+CVE-2021-44590 (In libming 0.4.8, a memory exhaustion vulnerability exist in the funct ...)
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/236
+CVE-2021-44589
+ RESERVED
+CVE-2021-44588
+ RESERVED
+CVE-2021-44587
+ RESERVED
+CVE-2021-44586 (An issue was discovered in dst-admin v1.3.0. The product has an unauth ...)
+ NOT-FOR-US: dst-admin
+CVE-2021-44585
+ RESERVED
+CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...)
+ NOT-FOR-US: emlog
+CVE-2021-44583
+ RESERVED
+CVE-2021-44582
+ RESERVED
+CVE-2021-44581
+ RESERVED
+CVE-2021-44580
+ RESERVED
+CVE-2021-44579
+ RESERVED
+CVE-2021-44578
+ RESERVED
+CVE-2021-44577 (Two heap-overflow vulnerabilities exist in openSUSE libsolv through 13 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/428
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44576 (Two memory vulnerabilities exists in openSUSE libsolv through 13 Dec 2 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/426
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44575 (Two heap-overflow vulnerabilities exists in openSUSE libsolv through 1 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/427
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44574 (A heap-overflow vulnerability exists in openSUSE libsolv through 13 De ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/429
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44573 (Two heap overflow vulnerabilities exist in oenSUSE libsolv through 13 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/430
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44572
+ RESERVED
+CVE-2021-44571 (A heap overflow vulnerability exisfts in openSUSE libsolv through 13 D ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/421
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44570 (Two heap-overflow vulnerabilities exists in openSUSE/libsolv through 1 ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/424
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44569 (A heap-buffer openSUSE libsolv through 13 Dec 2020 exists in the solve ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/423
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv th ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/425
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Issue is fixed in the testcase; negligible security impact
+CVE-2021-44567
+ RESERVED
+CVE-2021-44566
+ RESERVED
+CVE-2021-44565
+ RESERVED
+CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101 product, ...)
+ NOT-FOR-US: SYNC2101
+CVE-2021-44563
+ RESERVED
+CVE-2021-44562
+ RESERVED
+CVE-2021-44561
+ RESERVED
+CVE-2021-44560
+ RESERVED
+CVE-2021-44559
+ RESERVED
+CVE-2021-44558
+ RESERVED
+CVE-2021-44557 (National Library of the Netherlands multiNER &lt;= c0440948057afc6e3d6 ...)
+ NOT-FOR-US: National Library of the Netherlands multiNER
+CVE-2021-44556 (National Library of the Netherlands digger &lt; 6697d1269d981e35e11f24 ...)
+ NOT-FOR-US: National Library of the Netherlands digger
+CVE-2021-44555
+ RESERVED
+CVE-2021-44554 (Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate ...)
+ NOT-FOR-US: Thinfinity VirtualUI
+CVE-2021-44553
+ RESERVED
+CVE-2021-44552
+ RESERVED
+CVE-2021-44551
+ RESERVED
+CVE-2021-44550
+ RESERVED
+CVE-2021-4070
+ RESERVED
+CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of ...)
+ NOT-FOR-US: Apache Sling
+CVE-2021-4069 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/
+ NOTE: https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 (v8.2.3741)
+CVE-2021-44548 (An Improper Input Validation vulnerability in DataImportHandler of Apa ...)
+ - lucene-solr <not-affected> (Issue only affects Windows)
+ NOTE: https://issues.apache.org/jira/browse/SOLR-15826
+CVE-2021-4068 (Insufficient data validation in new tab page in Google Chrome prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4067 (Use after free in window manager in Google Chrome on ChromeOS prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4066 (Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4065 (Use after free in autofill in Google Chrome prior to 96.0.4664.93 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4064 (Use after free in screen capture in Google Chrome on ChromeOS prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4063 (Use after free in developer tools in Google Chrome prior to 96.0.4664. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4062 (Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4061 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4060
+ RESERVED
+CVE-2021-4059 (Insufficient data validation in loader in Google Chrome prior to 96.0. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4058 (Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4057 (Use after free in file API in Google Chrome prior to 96.0.4664.93 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4056 (Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowe ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4055 (Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4054 (Incorrect security UI in autofill in Google Chrome prior to 96.0.4664. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4053 (Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4052 (Use after free in web apps in Google Chrome prior to 96.0.4664.93 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-4051
+ RESERVED
+CVE-2021-44543 (An XSS vulnerability was found in Privoxy which was fixed in cgi_error ...)
+ {DLA-2844-1}
+ - privoxy 3.0.33-1
+ [bullseye] - privoxy 3.0.32-2+deb11u1
+ [buster] - privoxy <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409cbf4ab8bf2d79be204bd4e81a00d85 (v_3_0_33)
+CVE-2021-44542 (A memory leak vulnerability was found in Privoxy when handling errors. ...)
+ - privoxy 3.0.33-1
+ [bullseye] - privoxy 3.0.32-2+deb11u1
+ [buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
+ [stretch] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08996116cbcea55cd3fc6c2a558e499a (v_3_0_33)
+CVE-2021-44541 (A vulnerability was found in Privoxy which was fixed in process_encryp ...)
+ - privoxy 3.0.33-1
+ [bullseye] - privoxy 3.0.32-2+deb11u1
+ [buster] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
+ [stretch] - privoxy <not-affected> (Vulnerable code introduced in 3.0.29)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0509c58045b26463844188e07c5e87c74ea21044 (v_3_0_33)
+CVE-2021-44540 (A vulnerability was found in Privoxy which was fixed in get_url_spec_p ...)
+ {DLA-2844-1}
+ - privoxy 3.0.33-1
+ [bullseye] - privoxy 3.0.32-2+deb11u1
+ [buster] - privoxy <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33)
+CVE-2021-43353 (The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Reque ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2021-44539
+ RESERVED
+CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...)
+ {DSA-5034-1 DLA-2874-1}
+ - element-web <itp> (bug #866502)
+ - olm 3.2.8~dfsg-1 (bug #1001664)
+ [bullseye] - olm <no-dsa> (Minor issue)
+ [buster] - olm <not-affected> (Vulnerable code introduced later)
+ - thunderbird 1:91.4.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-44538
+ NOTE: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk/
+ NOTE: Introduced by: https://gitlab.matrix.org/matrix-org/olm/-/commit/39a1ee0b18f0fced6d7bc293cc9a46ea70ec9e96 (3.1.4)
+ NOTE: Fixed by: https://gitlab.matrix.org/matrix-org/olm/-/commit/c23ce70fc66c26db5839ddb5a3b46d4c3d3abed6 (3.2.8)
+CVE-2021-44537 (ownCloud owncloud/client before 2.9.2 allows Resource Injection by a s ...)
+ - owncloud-client <unfixed>
+ NOTE: https://owncloud.com/security-advisories/cve-2021-44537/
+CVE-2021-44536
+ RESERVED
+CVE-2021-44535
+ RESERVED
+CVE-2021-44534
+ RESERVED
+CVE-2021-44533 [Incorrect handling of certificate subject and issuer fields]
+ RESERVED
+ - nodejs <unfixed> (bug #1004177)
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#incorrect-handling-of-certificate-subject-and-issuer-fields-medium-cve-2021-44533
+ NOTE: https://github.com/nodejs/node/commit/8c2db2c86baff110a1d905ed1e0dd4e1c4fd2dd1 (v12.x)
+CVE-2021-44532 [Certificate Verification Bypass via String Injection]
+ RESERVED
+ - nodejs <unfixed> (bug #1004177)
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#certificate-verification-bypass-via-string-injection-medium-cve-2021-44532
+ NOTE: https://github.com/nodejs/node/commit/19873abfb24dce75ffff042efe76dc5633052677 (v12.x)
+CVE-2021-44531 [Improper handling of URI Subject Alternative Names]
+ RESERVED
+ - nodejs <unfixed> (bug #1004177)
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#improper-handling-of-uri-subject-alternative-names-medium-cve-2021-44531
+ NOTE: https://github.com/nodejs/node/commit/e0fe6a635e5929a364986a6c39dc3585b9ddcd85 (v12.x)
+ NOTE: https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2 (v12.x)
+CVE-2021-44530 (An injection vulnerability exists in a third-party library used in Uni ...)
+ NOT-FOR-US: UniFi Network
+CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud Services Applia ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-44528 (A open redirect vulnerability exists in Action Pack &gt;= 6.0.0 that c ...)
+ - rails <unfixed> (bug #1001817)
+ [buster] - rails <not-affected> (Vulnerable code introduced later)
+ [stretch] - rails <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/5
+ NOTE: https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815 (master)
+ NOTE: https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107 (v6.1.4.2)
+ NOTE: https://github.com/rails/rails/commit/fd6a64fef1d0f7f40a8d4b046da882e83163299c (v6.0.4.2)
+ NOTE: Introduced by: https://github.com/rails/rails/commit/07ec8062e605ba4e9bd153e1d264b02ac4ab8a0f (v6.0.0.beta1)
+CVE-2021-44527 (A vulnerability found in UniFi Switch firmware Version 5.43.35 and ear ...)
+ NOT-FOR-US: UniFi Switch firmware
+CVE-2021-44526 (Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44525 (Zoho ManageEngine PAM360 before build 5303 allows attackers to modify ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-44524 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
+ NOT-FOR-US: SiPass
+CVE-2021-44523 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
+ NOT-FOR-US: SiPass
+CVE-2021-44522 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
+ NOT-FOR-US: SiPass
+CVE-2021-44477
+ RESERVED
+CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, an ...)
+ - lapack 3.10.0-2 (bug #1001902)
+ [bullseye] - lapack <no-dsa> (Minor issue)
+ [buster] - lapack <no-dsa> (Minor issue)
+ [stretch] - lapack <no-dsa> (Minor issue)
+ - openblas 0.3.18+ds-1
+ [bullseye] - openblas <no-dsa> (Minor issue)
+ [buster] - openblas <no-dsa> (Minor issue)
+ [stretch] - openblas <no-dsa> (Minor issue)
+ NOTE: https://github.com/Reference-LAPACK/lapack/pull/625
+ NOTE: https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
+ NOTE: https://github.com/JuliaLang/julia/issues/42415
+ NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41 (v0.3.18)
+ NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c (v0.3.18)
+ NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7 (v0.3.18)
+ NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7 (v0.3.18)
+CVE-2021-4047
+ RESERVED
+ NOT-FOR-US: Red Hat OpenShift 4.9 incomplete fix for CVE-2021-39242
+CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the passw ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-44521 (When running Apache Cassandra with the following configuration: enable ...)
+ - cassandra <itp> (bug #585905)
+CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an att ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-4045
+ RESERVED
+CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...)
+ [experimental] - openssl 3.0.1-1
+ - openssl <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openssl.org/news/secadv/20211214.txt
+CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/d7a534cb-df7a-48ba-8ce3-46b1551a9c47
+ NOTE: https://github.com/gpac/gpac/issues/2092
+ NOTE: https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db
+CVE-2021-4042
+ RESERVED
+CVE-2021-4041 [Improper shell escaping in ansible-runner]
+ RESERVED
+ - ansible-runner 2.1.1-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028074
+ NOTE: https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd (2.1.0)
+CVE-2021-4040
+ RESERVED
+ NOT-FOR-US: Red Hat AMQ Broker
+CVE-2021-4039
+ RESERVED
+CVE-2021-44520
+ RESERVED
+CVE-2021-44519
+ RESERVED
+CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...)
+ NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for Android
+CVE-2021-44517
+ RESERVED
+CVE-2021-44516
+ RESERVED
+CVE-2021-44515 (Zoho ManageEngine Desktop Central is vulnerable to authentication bypa ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-44514 (OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles a ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 2.3.0 a ...)
+ - tmate-ssh-server <unfixed> (bug #1001225)
+ [bullseye] - tmate-ssh-server <no-dsa> (Minor issue)
+ NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388
+CVE-2021-44512 (World-writable permissions on the /tmp/tmate/sessions directory in tma ...)
+ - tmate-ssh-server <unfixed> (bug #1001225)
+ [bullseye] - tmate-ssh-server <no-dsa> (Minor issue)
+ NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388
+CVE-2021-44511
+ RESERVED
+CVE-2021-44510
+ RESERVED
+CVE-2021-44509
+ RESERVED
+CVE-2021-44508
+ RESERVED
+CVE-2021-44507
+ RESERVED
+CVE-2021-44506
+ RESERVED
+CVE-2021-44505
+ RESERVED
+CVE-2021-44504
+ RESERVED
+CVE-2021-44503
+ RESERVED
+CVE-2021-44502
+ RESERVED
+CVE-2021-44501
+ RESERVED
+CVE-2021-44500
+ RESERVED
+CVE-2021-44499
+ RESERVED
+CVE-2021-44498
+ RESERVED
+CVE-2021-44497
+ RESERVED
+CVE-2021-44496
+ RESERVED
+CVE-2021-44495
+ RESERVED
+CVE-2021-44494
+ RESERVED
+CVE-2021-44493
+ RESERVED
+CVE-2021-44492
+ RESERVED
+CVE-2021-44491
+ RESERVED
+CVE-2021-44490
+ RESERVED
+CVE-2021-44489
+ RESERVED
+CVE-2021-44488
+ RESERVED
+CVE-2021-44487
+ RESERVED
+CVE-2021-44486
+ RESERVED
+CVE-2021-44485
+ RESERVED
+CVE-2021-44484
+ RESERVED
+CVE-2021-44483
+ RESERVED
+CVE-2021-44482
+ RESERVED
+CVE-2021-44481
+ RESERVED
+CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who ...)
+ NOT-FOR-US: Wokka Lokka Q50 devices
+CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wlength ...)
+ NOT-FOR-US: NXP Kinetis K82 devices
+CVE-2021-44478
+ RESERVED
+CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...)
+ NOT-FOR-US: McAfee
+CVE-2021-44470
+ RESERVED
+CVE-2021-4037 [security regression for CVE-2018-13405]
+ RESERVED
+ - linux 5.14.6-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027239
+ NOTE: https://git.kernel.org/linus/01ea173e103edd5ec41acec65b9261b87e123fc2 (5.12-rc1)
+CVE-2021-4036
+ RESERVED
+CVE-2021-37409
+ RESERVED
+CVE-2021-37405
+ RESERVED
+CVE-2021-33847
+ RESERVED
+CVE-2021-26950
+ RESERVED
+CVE-2021-26258
+ RESERVED
+CVE-2021-26257
+ RESERVED
+CVE-2021-26251
+ RESERVED
+CVE-2021-23223
+ RESERVED
+CVE-2021-23179
+ RESERVED
+CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...)
+ NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-44451 (Apache Superset up to and including 1.3.2 allowed for registered datab ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44449 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44448 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44447 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44446 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44445 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44444 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44443 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44442 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44441 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44440 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44439 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44438 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44437 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44436 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44435 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44434 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44433 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44432 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link
+CVE-2021-4035 (A stored cross site scripting have been identified at the comments in ...)
+ NOT-FOR-US: Wocu Monitoring
+CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-33843 (Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configur ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link
+CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link
+CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device. ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link+
+CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can ...)
+ NOT-FOR-US: Fresenius Kabi Agilia Link
+CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant MasterMed
+CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...)
+ NOT-FOR-US: Agilia Link+
+CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...)
+ NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard)
+CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...)
+ NOT-FOR-US: Serva
+CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...)
+ NOT-FOR-US: Pinkie
+CVE-2021-44427 (An unauthenticated SQL Injection vulnerability in Rosario Student Info ...)
+ NOT-FOR-US: Rosario Student Information System
+CVE-2021-44426
+ RESERVED
+CVE-2021-44425
+ RESERVED
+CVE-2021-44424
+ RESERVED
+CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP file usi ...)
+ NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer
+CVE-2021-44422 (An Improper Input Validation Vulnerability exists when reading a BMP f ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44421
+ RESERVED
+CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...)
+ - python-django 2:3.2.10-1
+ [bullseye] - python-django 2:2.2.25-1~deb11u1
+ [buster] - python-django <no-dsa> (Minor issue)
+ [stretch] - python-django <not-affected> (Vulnerable code not present; path converters added later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1
+ NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
+ NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10)
+ NOTE: https://github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7 (2.2.25)
+CVE-2021-44419 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44418 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44417 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44416 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44415 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44414 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44413 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44412 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44411 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44410 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44409 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44408 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44407 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44406 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44405 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44404 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44403 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44402 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44401 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44400 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44399 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44398 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44397 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44396 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44395 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44394
+ RESERVED
+CVE-2021-44393 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44392 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44391 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44390 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44389 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44388 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44387 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44386 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44385 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44384 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44383 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44382 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44381 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44380 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44379 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44378 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44377 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44376 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44375
+ RESERVED
+CVE-2021-44374 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44373 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44372 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44371 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44370 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44369 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44368 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44367 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44366
+ RESERVED
+CVE-2021-44365 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44364 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44363 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44362 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44361 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44360 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44359 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44358 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...)
+ NOT-FOR-US: Reolink
+CVE-2021-44357
+ RESERVED
+CVE-2021-44356
+ RESERVED
+CVE-2021-44355
+ RESERVED
+CVE-2021-44354
+ RESERVED
+CVE-2021-4034 (A local privilege escalation vulnerability was found on polkit's pkexe ...)
+ {DSA-5059-1 DLA-2899-1}
+ - policykit-1 0.105-31.1
+ NOTE: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
+ NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/11
+CVE-2021-4033 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: kimai2
+CVE-2021-44353
+ RESERVED
+CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...)
+ NOT-FOR-US: Tenda
+CVE-2021-44351 (An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /na ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x &lt;=5.1.22 via ...)
+ NOT-FOR-US: ThinkPHP5
+CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
+ NOT-FOR-US: TuziCMS
+CVE-2021-44348 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...)
+ NOT-FOR-US: TuziCMS
+CVE-2021-44347 (SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Con ...)
+ NOT-FOR-US: TuziCMS
+CVE-2021-44346
+ RESERVED
+CVE-2021-44345
+ RESERVED
+CVE-2021-44344
+ RESERVED
+CVE-2021-44343
+ RESERVED
+CVE-2021-44342
+ RESERVED
+CVE-2021-44341
+ RESERVED
+CVE-2021-44340
+ RESERVED
+CVE-2021-44339
+ RESERVED
+CVE-2021-44338
+ RESERVED
+CVE-2021-44337
+ RESERVED
+CVE-2021-44336
+ RESERVED
+CVE-2021-44335
+ RESERVED
+CVE-2021-44334
+ RESERVED
+CVE-2021-44333
+ RESERVED
+CVE-2021-44332
+ RESERVED
+CVE-2021-44331
+ RESERVED
+CVE-2021-44330
+ RESERVED
+CVE-2021-44329
+ RESERVED
+CVE-2021-44328
+ RESERVED
+CVE-2021-44327
+ RESERVED
+CVE-2021-44326
+ RESERVED
+CVE-2021-44325
+ RESERVED
+CVE-2021-44324
+ RESERVED
+CVE-2021-44323
+ RESERVED
+CVE-2021-44322
+ RESERVED
+CVE-2021-44321
+ RESERVED
+CVE-2021-44320
+ RESERVED
+CVE-2021-44319
+ RESERVED
+CVE-2021-44318
+ RESERVED
+CVE-2021-44317 (In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us ...)
+ NOT-FOR-US: Bus Pass Management System
+CVE-2021-44316
+ RESERVED
+CVE-2021-44315 (In Bus Pass Management System v1.0, Directory Listing/Browsing is enab ...)
+ NOT-FOR-US: Bus Pass Management System
+CVE-2021-44314
+ RESERVED
+CVE-2021-44313
+ RESERVED
+CVE-2021-44312
+ RESERVED
+CVE-2021-44311
+ RESERVED
+CVE-2021-44310
+ RESERVED
+CVE-2021-44309
+ RESERVED
+CVE-2021-44308
+ RESERVED
+CVE-2021-44307
+ RESERVED
+CVE-2021-44306
+ RESERVED
+CVE-2021-44305
+ RESERVED
+CVE-2021-44304
+ RESERVED
+CVE-2021-44303
+ RESERVED
+CVE-2021-44302 (BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection v ...)
+ NOT-FOR-US: BaiCloud-cms
+CVE-2021-44301
+ RESERVED
+CVE-2021-44300
+ RESERVED
+CVE-2021-44299 (A reflected cross-site scripting (XSS) vulnerability in \lib\packages\ ...)
+ NOT-FOR-US: Navigate CMS
+CVE-2021-44298
+ RESERVED
+CVE-2021-44297
+ RESERVED
+CVE-2021-44296
+ RESERVED
+CVE-2021-44295
+ RESERVED
+CVE-2021-44294
+ RESERVED
+CVE-2021-44293
+ RESERVED
+CVE-2021-44292
+ RESERVED
+CVE-2021-44291
+ RESERVED
+CVE-2021-44290
+ RESERVED
+CVE-2021-44289
+ RESERVED
+CVE-2021-44288
+ RESERVED
+CVE-2021-44287
+ RESERVED
+CVE-2021-44286
+ RESERVED
+CVE-2021-44285
+ RESERVED
+CVE-2021-44284
+ RESERVED
+CVE-2021-44283
+ RESERVED
+CVE-2021-44282
+ RESERVED
+CVE-2021-44281
+ RESERVED
+CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection vulner ...)
+ NOT-FOR-US: attendance management system
+CVE-2021-44279 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-44278 (Librenms 21.11.0 is affected by a path manipulation vulnerability in i ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-44277 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-44276
+ RESERVED
+CVE-2021-44275
+ RESERVED
+CVE-2021-44274
+ RESERVED
+CVE-2021-44273 (e2guardian v5.4.x &lt;= v5.4.3r is affected by missing SSL certificate ...)
+ - e2guardian 5.3.5-3 (bug #1003125)
+ [bullseye] - e2guardian <no-dsa> (Minor issue)
+ [buster] - e2guardian <no-dsa> (Minor issue)
+ [stretch] - e2guardian <no-dsa> (Minor issue; can be fixed later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/23/2
+ NOTE: https://github.com/e2guardian/e2guardian/issues/707
+ NOTE: Fixed by: https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2
+CVE-2021-44272
+ RESERVED
+CVE-2021-44271
+ RESERVED
+CVE-2021-44270
+ RESERVED
+CVE-2021-44269
+ RESERVED
+CVE-2021-44268
+ RESERVED
+CVE-2021-44267
+ RESERVED
+CVE-2021-44266
+ RESERVED
+CVE-2021-44265
+ RESERVED
+CVE-2021-44264
+ RESERVED
+CVE-2021-44263 (Gurock TestRail before 7.2.4 mishandles HTML escaping. ...)
+ NOT-FOR-US: Gurock TestRail
+CVE-2021-44262
+ RESERVED
+CVE-2021-44261
+ RESERVED
+CVE-2021-44260
+ RESERVED
+CVE-2021-44259
+ RESERVED
+CVE-2021-44258
+ RESERVED
+CVE-2021-44257
+ RESERVED
+CVE-2021-44256
+ RESERVED
+CVE-2021-44255 (Authenticated remote code execution in MotionEye &lt;= 0.42.1 and Moti ...)
+ NOT-FOR-US: MotionEye
+CVE-2021-44254
+ RESERVED
+CVE-2021-44253
+ RESERVED
+CVE-2021-44252
+ RESERVED
+CVE-2021-44251
+ RESERVED
+CVE-2021-44250
+ RESERVED
+CVE-2021-44249 (Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Ti ...)
+ NOT-FOR-US: Online Motorcycle (Bike) Rental System
+CVE-2021-44248
+ RESERVED
+CVE-2021-44247 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...)
+ NOT-FOR-US: Totolink
+CVE-2021-44246 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...)
+ NOT-FOR-US: Totolink
+CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...)
+ NOT-FOR-US: Sourcecodester COVID 19 Testing Management System (CTMS)
+CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...)
+ NOT-FOR-US: Sourcecodester Logistic Hub Parcel's Management System
+CVE-2021-44243
+ RESERVED
+CVE-2021-44242
+ RESERVED
+CVE-2021-44241
+ RESERVED
+CVE-2021-44240
+ RESERVED
+CVE-2021-44239
+ RESERVED
+CVE-2021-44238
+ RESERVED
+CVE-2021-44237
+ RESERVED
+CVE-2021-44236
+ RESERVED
+CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in arch/ ...)
+ - linux <not-affected> (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7)
+ NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7)
+CVE-2021-4031
+ RESERVED
+CVE-2021-4030
+ RESERVED
+CVE-2021-4029
+ RESERVED
+CVE-2021-4028 [use-after-free in RDMA listen()]
+ RESERVED
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027201
+ NOTE: https://git.kernel.org/linus/bc0bdc5afaa740d782fbf936aaeebd65e5c2921d (5.15-rc4)
+CVE-2021-4027
+ RESERVED
+CVE-2021-4026 (bookstack is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: bookstack
+CVE-2021-4025
+ RESERVED
+CVE-2021-44235 (Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700 ...)
+ NOT-FOR-US: SAP
+CVE-2021-44234 (SAP Business One - version 10.0, extended log stores information that ...)
+ NOT-FOR-US: SAP
+CVE-2021-44233 (SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, doe ...)
+ NOT-FOR-US: SAP
+CVE-2021-44232 (SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insu ...)
+ NOT-FOR-US: SAP
+CVE-2021-44231 (Internally used text extraction reports allow an attacker to inject co ...)
+ NOT-FOR-US: SAP
+CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows ha ...)
+ NOT-FOR-US: Burp Suite (different from src:burp)
+CVE-2021-44229
+ RESERVED
+CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ...)
+ {DSA-5020-1 DLA-2842-1}
+ - apache-log4j2 2.15.0-1 (bug #1001478)
+ - apache-log4j1.2 <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
+ NOTE: https://github.com/apache/logging-log4j2/pull/608
+ NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day/
+ NOTE: https://issues.apache.org/jira/browse/LOG4J2-3198
+ NOTE: https://github.com/apache/logging-log4j2/commit/c77b3cb39312b83b053d23a2158b99ac7de44dd3
+ NOTE: The lookup is performed *after* formatting the message, which includes the user input. Hence
+ NOTE: the vulnerability can still be triggered using a ParametrizedMessage.
+CVE-2021-4024 (A flaw was found in podman. The `podman machine` function (used to cre ...)
+ - libpod 3.4.3+ds1-1 (bug #1000844)
+ [bullseye] - libpod <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2026675
+ NOTE: https://twitter.com/discordianfish/status/1463462371675066371
+ NOTE: https://github.com/containers/podman/pull/12283
+ NOTE: Introduced by: https://github.com/containers/podman/commit/7ef3981abe2412727840a2886489a08c03a05299 (v3.3.0-rc1)
+ NOTE: Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48 (main)
+ NOTE: Fixed by: https://github.com/containers/podman/commit/57c5e2246efeaf2fef820a482241f1cc43960c7a (v3.4.3)
+CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ...)
+ - mailman <removed>
+ [buster] - mailman <no-dsa> (Minor issue)
+ [stretch] - mailman <no-dsa> (Minor issue; can be fixed with the next DLA)
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1952384
+ NOTE: Patch: https://launchpadlibrarian.net/570827498/patch.txt
+ NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694
+ NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt
+CVE-2021-44226
+ RESERVED
+CVE-2021-4023
+ RESERVED
+CVE-2021-4022
+ RESERVED
+CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...)
+ - keepalived 1:2.2.4-0.2
+ [bullseye] - keepalived 1:2.1.5-0.2+deb11u1
+ [buster] - keepalived <no-dsa> (Minor issue)
+ [stretch] - keepalived <no-dsa> (Minor issue)
+ NOTE: https://github.com/acassen/keepalived/pull/2063
+ NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d
+CVE-2021-44224 (A crafted URI sent to httpd configured as a forward proxy (ProxyReques ...)
+ {DSA-5035-1 DLA-2907-1}
+ - apache2 2.4.52-1
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224
+ NOTE: Fixed by: https://svn.apache.org/r1895955
+ NOTE: Fixed by: https://svn.apache.org/r1896044
+CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin header. T ...)
+ - wordpress 5.8.1+dfsg1-1
+ [bullseye] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
+ [buster] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
+ [stretch] - wordpress <no-dsa> (Minor issue; workarounds/mitigation for older versions can be implemented)
+ NOTE: WordPress 5.8 introduces a new "Update URI" plugin header. Further mitigation
+ NOTE: options documented in:
+ NOTE: https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
+ NOTE: https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/
+CVE-2021-44222
+ RESERVED
+CVE-2021-44221
+ RESERVED
+CVE-2021-4021
+ RESERVED
+ - radare2 <unfixed>
+ NOTE: https://github.com/radareorg/radare2/issues/19436
+CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input During ...)
+ - janus 0.11.5-4 (unimportant; bug #1000831)
+ NOTE: https://huntr.dev/bounties/9814baa8-7bdd-4e31-a132-d9d15653409e/
+ NOTE: https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd
+ NOTE: Issues only in janus-demos built from src:janus
+CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92
+ NOTE: https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 (v8.2.3669)
+CVE-2021-44220
+ RESERVED
+CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database. ...)
+ NOT-FOR-US: Gin-Vue-Admin
+CVE-2021-44218
+ RESERVED
+CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting ...)
+ NOT-FOR-US: Ericsson
+CVE-2021-44216
+ RESERVED
+CVE-2021-44215
+ RESERVED
+CVE-2021-44214
+ RESERVED
+CVE-2021-44213
+ RESERVED
+CVE-2021-44212
+ RESERVED
+CVE-2021-44211
+ RESERVED
+CVE-2021-44210
+ RESERVED
+CVE-2021-44209
+ RESERVED
+CVE-2021-44208
+ RESERVED
+CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. ...)
+ NOT-FOR-US: Acclaim USAHERDS
+CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability in Acron ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44204 (Local privilege escalation via named pipe due to improper access contr ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44201 (Cross-site scripting (XSS) was possible in notification pop-ups. The f ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44200 (Self cross-site scripting (XSS) was possible on devices page. The foll ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44199 (DLL hijacking could lead to denial of service. The following products ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The following ...)
+ NOT-FOR-US: Acronis
+CVE-2021-44197
+ RESERVED
+CVE-2021-44196
+ RESERVED
+CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...)
+ NOT-FOR-US: Rapid7 Insight Agent
+CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-4014
+ RESERVED
+CVE-2021-4013
+ RESERVED
+CVE-2021-4012
+ RESERVED
+CVE-2021-44195
+ RESERVED
+CVE-2021-44194
+ RESERVED
+CVE-2021-44193
+ RESERVED
+CVE-2021-44192
+ RESERVED
+CVE-2021-44191
+ RESERVED
+CVE-2021-44190
+ RESERVED
+CVE-2021-44189
+ RESERVED
+CVE-2021-44188
+ RESERVED
+CVE-2021-44187 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44186 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44185 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44184
+ RESERVED
+CVE-2021-44183 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44182 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44181 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44180 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44179 (Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory c ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44178 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44177 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44176 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-44175
+ RESERVED
+CVE-2021-44174
+ RESERVED
+CVE-2021-44173
+ RESERVED
+CVE-2021-44172
+ RESERVED
+CVE-2021-44171
+ RESERVED
+CVE-2021-44170
+ RESERVED
+CVE-2021-44169
+ RESERVED
+CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-44167
+ RESERVED
+CVE-2021-44166
+ RESERVED
+CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44164 (Chain Sea ai chatbot system&#8217;s file upload function has insuffici ...)
+ NOT-FOR-US: Chain Sea
+CVE-2021-44163 (Chain Sea ai chatbot backend has improper filtering of special charact ...)
+ NOT-FOR-US: Chain Sea
+CVE-2021-44162 (Chain Sea ai chatbot system&#8217;s specific file download function ha ...)
+ NOT-FOR-US: Chain Sea
+CVE-2021-44161 (Changing MOTP (Mobile One Time Password) system&#8217;s specific funct ...)
+ NOT-FOR-US: MOTP (Mobile One Time Password) system&
+CVE-2021-44160 (Carinal Tien Hospital Health Report System&#8217;s login page has impr ...)
+ NOT-FOR-US: Carinal Tien Hospital Health Report System&
+CVE-2021-44159 (4MOSAn GCB Doctor&#8217;s file upload function has improper user privi ...)
+ NOT-FOR-US: 4MOSAn GCB Doctor
+CVE-2021-44158 (ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflo ...)
+ NOT-FOR-US: ASUS
+CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
+ {DSA-5027-1 DLA-2869-1}
+ - xorg-server 2:1.20.13-3
+ - xwayland 2:21.1.4-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c79fc3cee26d83cda0f84ae56d5979f768
+CVE-2021-4010 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
+ {DSA-5027-1}
+ - xorg-server 2:1.20.13-3
+ [stretch] - xorg-server <not-affected> (Vulnerable code introduced later)
+ - xwayland 2:21.1.4-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21
+CVE-2021-4009 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
+ {DSA-5027-1 DLA-2869-1}
+ - xorg-server 2:1.20.13-3
+ - xwayland 2:21.1.4-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b5196750099ae6ae582e1f46bd0a6dad29550e02
+CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...)
+ {DSA-5027-1 DLA-2869-1}
+ - xorg-server 2:1.20.13-3
+ - xwayland 2:21.1.4-1
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html
+ NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60
+CVE-2021-4007 (Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local ...)
+ NOT-FOR-US: Rapid7 Insight Agent
+CVE-2021-4006
+ RESERVED
+CVE-2021-4005 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-44157
+ RESERVED
+CVE-2021-44156
+ RESERVED
+CVE-2021-44155 (An issue was discovered in /goform/login_process in Reprise RLM 14.2. ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44154 (An issue was discovered in Reprise RLM 14.2. By using an admin account ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44153 (An issue was discovered in Reprise RLM 14.2. When editing the license ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44152 (An issue was discovered in Reprise RLM 14.2. Because /goform/change_pa ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44151 (An issue was discovered in Reprise RLM 14.2. As the session cookies ar ...)
+ NOT-FOR-US: Reprise RLM
+CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...)
+ NOT-FOR-US: tusdotnet
+CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...)
+ NOT-FOR-US: Linaro/OP-TEE OP-TEE
+CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...)
+ NOT-FOR-US: GL.iNet
+CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...)
+ NOT-FOR-US: Claris
+CVE-2021-44146
+ RESERVED
+CVE-2021-44145 (In the TransformXML processor of Apache NiFi before 1.15.1 an authenti ...)
+ NOT-FOR-US: Apache NiFi
+CVE-2021-44144 (Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with ...)
+ NOT-FOR-US: Croatia Control Asterix
+CVE-2021-4004
+ RESERVED
+CVE-2021-4003
+ RESERVED
+CVE-2021-4002 [hugetlbfs: flush TLBs correctly after huge_pmd_unshare]
+ RESERVED
+ - linux 5.15.5-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/25/1
+ NOTE: https://git.kernel.org/linus/a4a118f2eead1d6c49e00765de89878288d4b890
+CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unc ...)
+ - isync 1.4.4-1 (bug #999804)
+ [bullseye] - isync <not-affected> (Vulnerable code introduced later)
+ [buster] - isync <not-affected> (Vulnerable code introduced later)
+ [stretch] - isync <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/2
+CVE-2021-44142 (The Samba vfs_fruit module uses extended file attributes (EA, xattr) t ...)
+ {DSA-5071-1}
+ - samba <unfixed> (bug #1004693)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-44142.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14914
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-244/
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-245/
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-246/
+CVE-2021-44141 (All versions of Samba prior to 4.15.5 are vulnerable to a malicious cl ...)
+ - samba <unfixed> (bug #1004692)
+ [bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ [buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-44141.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14911
+CVE-2021-44140 (Remote attackers may delete arbitrary files in a system hosting a JSPW ...)
+ - jspwiki <removed>
+CVE-2021-44139
+ RESERVED
+CVE-2021-44138
+ RESERVED
+CVE-2021-44137
+ RESERVED
+CVE-2021-44136
+ RESERVED
+CVE-2021-44135
+ RESERVED
+CVE-2021-44134
+ RESERVED
+CVE-2021-44133
+ RESERVED
+CVE-2021-44132
+ RESERVED
+CVE-2021-44131
+ RESERVED
+CVE-2021-44130
+ RESERVED
+CVE-2021-44129
+ RESERVED
+CVE-2021-44128
+ RESERVED
+CVE-2021-44127
+ RESERVED
+CVE-2021-44126
+ RESERVED
+CVE-2021-44125
+ RESERVED
+CVE-2021-44124
+ RESERVED
+CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerability. To ...)
+ {DSA-5028-1 DLA-2867-1}
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a (master)
+ NOTE: https://git.spip.net/spip/spip/commit/97e2888e9c92ad4bd68e8f80079583249714fbfa (v4.0.1)
+ NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
+CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...)
+ {DSA-5028-1 DLA-2867-1}
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db
+ NOTE: https://git.spip.net/spip/spip/commit/fea5b5b4507cc9c0b9e91bbfbf34fe40b0bea805 (v3.2.12)
+ NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
+CVE-2021-44121
+ REJECTED
+CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...)
+ {DSA-5028-1 DLA-2867-1}
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81
+ NOTE: https://git.spip.net/spip/spip/commit/361cc26080d1377bc55d2cb80736e5cfaf5fd242 (v3.2.12)
+ NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
+CVE-2021-44119
+ RESERVED
+CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ...)
+ {DSA-5028-1 DLA-2867-1}
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba
+ NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a
+ NOTE: https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357
+ NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html
+CVE-2021-44117
+ RESERVED
+CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS &lt;=0.12 ...)
+ NOT-FOR-US: Anchor CMS
+CVE-2021-44115
+ RESERVED
+CVE-2021-44114 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stoc ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-44113
+ RESERVED
+CVE-2021-44112
+ RESERVED
+CVE-2021-44111 (A Directory Traversal vulnerability exists in S-Cart 6.7 via download ...)
+ NOT-FOR-US: S-Cart
+CVE-2021-44110
+ RESERVED
+CVE-2021-44109
+ RESERVED
+CVE-2021-44108
+ RESERVED
+CVE-2021-44107
+ RESERVED
+CVE-2021-44106
+ RESERVED
+CVE-2021-44105
+ RESERVED
+CVE-2021-44104
+ RESERVED
+CVE-2021-44103
+ RESERVED
+CVE-2021-44102
+ RESERVED
+CVE-2021-44101
+ RESERVED
+CVE-2021-44100
+ RESERVED
+CVE-2021-44099
+ RESERVED
+CVE-2021-44098
+ RESERVED
+CVE-2021-44097
+ RESERVED
+CVE-2021-44096
+ RESERVED
+CVE-2021-44095
+ RESERVED
+CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plugin dow ...)
+ NOT-FOR-US: zrlog
+CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...)
+ NOT-FOR-US: zrlog
+CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...)
+ NOT-FOR-US: code-projects Pharmacy Management
+CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...)
+ NOT-FOR-US: Sourcecodester Multi Restaurant Table Reservation System
+CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...)
+ NOT-FOR-US: Sourcecodester Online Reviewer System
+CVE-2021-44089
+ RESERVED
+CVE-2021-44088
+ RESERVED
+CVE-2021-44087
+ RESERVED
+CVE-2021-44086
+ RESERVED
+CVE-2021-44085
+ RESERVED
+CVE-2021-44084
+ RESERVED
+CVE-2021-44083
+ RESERVED
+CVE-2021-44082
+ RESERVED
+CVE-2021-44081
+ RESERVED
+CVE-2021-44080
+ RESERVED
+CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...)
+ - linux 5.15.5-1
+ [bullseye] - linux 5.10.84-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/353050be4c19e102178ccc05988101887c25ae53
+CVE-2021-4000 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3999 [Off-by-one buffer overflow/underflow in getcwd()]
+ RESERVED
+ - glibc 2.33-4
+ [bullseye] - glibc <no-dsa> (Minor issue)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28769
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=472e799a5f2102bc0c3206dbd5a801765fceb39c
+CVE-2021-3998 [Unexpected return value from realpath() for too long results]
+ RESERVED
+ - glibc 2.33-4
+ [bullseye] - glibc <no-dsa> (Minor issue)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28770
+ NOTE: https://patchwork.sourceware.org/project/glibc/patch/20220113055920.3155918-1-siddhesh@sourceware.org/
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee8d5e33adb284601c00c94687bc907e10aec9bb
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5
+CVE-2021-3997 [Uncontrolled recursion in systemd's systemd-tmpfiles]
+ RESERVED
+ - systemd 250.2-1 (bug #1003467)
+ [bullseye] - systemd <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - systemd <ignored> (Minor issue; not exploitable before upstream commit e535840)
+ [stretch] - systemd <ignored> (Minor issue; utility segfault; not exploitable before upstream commit e535840, PoC doesn't segfault on stretch)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024639
+ NOTE: https://github.com/systemd/systemd/pull/22070
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/2
+ NOTE: Exploitable after (but present before): https://github.com/systemd/systemd/commit/e5358401b5df8d395e99815b7a69b8424887472c (v242-rc1)
+ NOTE: PoC still crashes on jessie/215-17+deb8u14
+ NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/3bac86abfa1b1720180840ffb9d06b3d54841c11
+ NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/84ced330020c0bae57bd4628f1f44eec91304e69
+ NOTE: Fixed by: https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
+CVE-2021-44079 (In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, ...)
+ NOT-FOR-US: Wazuh
+CVE-2021-3996
+ RESERVED
+ {DSA-5055-1}
+ - util-linux 2.37.3-1
+ [buster] - util-linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - util-linux <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/util-linux/util-linux/commit/5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34-rc1)
+ NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b (v2.37.3)
+ NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2
+CVE-2021-3995
+ RESERVED
+ {DSA-5055-1}
+ - util-linux 2.37.3-1
+ [buster] - util-linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - util-linux <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/util-linux/util-linux/commit/5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34-rc1)
+ NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929 (v2.37.3)
+ NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2
+CVE-2021-3994 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
+ NOT-FOR-US: django-helpdesk
+CVE-2021-3993 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3992 (kimai2 is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: kimai2
+CVE-2021-44078 (An issue was discovered in split_region in uc.c in Unicorn Engine befo ...)
+ NOT-FOR-US: Unicorn Engine
+CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-3991
+ RESERVED
+CVE-2021-3990 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3989 (showdoc is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3988
+ RESERVED
+CVE-2021-3987
+ RESERVED
+CVE-2021-3986
+ RESERVED
+CVE-2021-44076
+ RESERVED
+CVE-2021-44075
+ RESERVED
+CVE-2021-44074
+ RESERVED
+CVE-2021-44073
+ RESERVED
+CVE-2021-44072
+ RESERVED
+CVE-2021-44071
+ RESERVED
+CVE-2021-44070
+ RESERVED
+CVE-2021-44069
+ RESERVED
+CVE-2021-44068
+ RESERVED
+CVE-2021-44067
+ RESERVED
+CVE-2021-44066
+ RESERVED
+CVE-2021-44065
+ RESERVED
+CVE-2021-44064
+ RESERVED
+CVE-2021-44063
+ RESERVED
+CVE-2021-44062
+ RESERVED
+CVE-2021-44061
+ RESERVED
+CVE-2021-44060
+ RESERVED
+CVE-2021-44059
+ RESERVED
+CVE-2021-44058
+ RESERVED
+CVE-2021-44057
+ RESERVED
+CVE-2021-44056
+ RESERVED
+CVE-2021-44055
+ RESERVED
+CVE-2021-44054
+ RESERVED
+CVE-2021-44053
+ RESERVED
+CVE-2021-44052
+ RESERVED
+CVE-2021-44051
+ RESERVED
+CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...)
+ NOT-FOR-US: CA Network Flow Analysis (NFA)
+CVE-2021-44049 (CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 20 ...)
+ NOT-FOR-US: CyberArk Endpoint Privilege Manager (EPM)
+CVE-2021-44048 (An out-of-bounds write vulnerability exists when reading a TIF file us ...)
+ NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer
+CVE-2021-44047 (A use-after-free vulnerability exists when reading a DWF/DWFX file usi ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44046 (An out-of-bounds write vulnerability exists when reading U3D files in ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44045 (An out-of-bounds write vulnerability exists when reading a DGN file us ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44044 (An out-of-bounds write vulnerability exists when reading a JPG file us ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-44043 (An issue was discovered in UiPath App Studio 21.4.4. There is a persis ...)
+ NOT-FOR-US: UiPath
+CVE-2021-44042 (An issue was discovered in UiPath Assistant 21.4.4. User-controlled da ...)
+ NOT-FOR-US: UiPath
+CVE-2021-44041 (UiPath Assistant 21.4.4 will load and execute attacker controlled data ...)
+ NOT-FOR-US: UiPath
+CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ NOT-FOR-US: kimai2
+CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1 (bug #1001896)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a
+ NOTE: https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655 (v8.2.3625)
+CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ NOT-FOR-US: kimai2
+CVE-2021-44040
+ RESERVED
+CVE-2021-44039
+ RESERVED
+CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...)
+ - quagga <removed>
+ [buster] - quagga <no-dsa> (Minor issue)
+ [stretch] - quagga <postponed> (revisit when/if fixed upstream)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1191890
+ NOTE: Debian installed systemd unit files install the problematic redhat/*.service
+ NOTE: files with the unsafe chmod/chown calls in the Debian packaging.
+CVE-2021-44037 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 allo ...)
+ NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
+CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 has ...)
+ NOT-FOR-US: Team Password Manager (aka TeamPasswordManager)
+CVE-2021-44035 (Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads ...)
+ NOT-FOR-US: Wolters Kluwer TeamMate AM
+CVE-2021-3982 [Distributions using CAP_SYS_NICE in gnome-shell may be exposed to privilege escalation]
+ RESERVED
+ - gnome-shell <not-affected> (Debian packaging does not set cap_sys_nice+ep on gnome-shell binary)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024174
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/4711
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284
+CVE-2021-3981 [Incorrect permission in grub.cfg allow unprivileged user to read the file content]
+ RESERVED
+ - grub2 <unfixed> (bug #1001414)
+ [bullseye] - grub2 <not-affected> (Vulnerable code introduced later)
+ [buster] - grub2 <not-affected> (Vulnerable code introduced later)
+ [stretch] - grub2 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024170
+ NOTE: Introduced by: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=ab2e53c8a196a595e50f1c836bf756b9db1ae68d (grub-2.06-rc1)
+ NOTE: https://lists.gnu.org/archive/html/grub-devel/2021-12/msg00013.html
+CVE-2021-3980 (elgg is vulnerable to Exposure of Private Personal Information to an U ...)
+ - elgg <itp> (bug #526197)
+CVE-2021-3979 [ceph: Ceph volume does not honour osd_dmcrypt_key_size]
+ RESERVED
+ - ceph <unfixed>
+ [bullseye] - ceph <no-dsa> (Minor issue)
+ [buster] - ceph <no-dsa> (Minor issue)
+ [stretch] - ceph <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/5
+CVE-2021-44034
+ RESERVED
+CVE-2021-44033 (In Ionic Identity Vault before 5.0.5, the protection mechanism for inv ...)
+ NOT-FOR-US: Ionic Identity Vault
+CVE-2021-44032
+ RESERVED
+CVE-2021-44031 (An issue was discovered in Quest KACE Desktop Authority before 11.2. / ...)
+ NOT-FOR-US: Quest KACE Desktop Authority
+CVE-2021-44030 (Quest KACE Desktop Authority before 11.2 allows XSS because it does no ...)
+ NOT-FOR-US: Quest KACE Desktop Authority
+CVE-2021-44029 (An issue was discovered in Quest KACE Desktop Authority before 11.2. T ...)
+ NOT-FOR-US: Quest KACE Desktop Authority
+CVE-2021-44028 (XXE can occur in Quest KACE Desktop Authority before 11.2 because the ...)
+ NOT-FOR-US: Quest KACE Desktop Authority
+CVE-2021-44027
+ RESERVED
+CVE-2021-44024 (A link following denial-of-service vulnerability in Trend Micro Apex O ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44023 (A link following denial-of-service (DoS) vulnerability in the Trend Mi ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44022 (A reachable assertion vulnerability in Trend Micro Apex One could allo ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44021 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44020 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-44019 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3978
+ RESERVED
+CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: invoiceninja
+CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+ NOT-FOR-US: JT2Go / Siemens
+CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+ NOT-FOR-US: JT2Go / Siemens
+CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44013 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44012 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44011 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44010 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44009 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44008 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44007 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44006 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44005 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44004 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44003 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions), Solid Edg ...)
+ NOT-FOR-US: JT2Go / Siemens
+CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...)
+ - guacamole-client <unfixed>
+ [stretch] - guacamole-client <not-affected> (SAML is not supported)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/7
+CVE-2021-3976 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: kimai2
+CVE-2021-3975 [segmentation fault during VM shutdown can lead to vdsm hung]
+ RESERVED
+ - libvirt 7.6.0-1
+ [bullseye] - libvirt <no-dsa> (Minor issue)
+ [buster] - libvirt <no-dsa> (Minor issue)
+ [stretch] - libvirt <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024326
+ NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 (v7.1.0-rc2)
+CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...)
+ {DSA-5013-1 DLA-2840-1}
+ - roundcube 1.5.0+dfsg.1-1 (bug #1000156)
+ NOTE: https://github.com/roundcube/roundcubemail/issues/8193
+ NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17)
+CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potentia ...)
+ {DSA-5013-1 DLA-2840-1}
+ - roundcube 1.5.0+dfsg.1-1 (bug #1000156)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12)
+ NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17)
+CVE-2021-43998 (HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 temp ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-43997 (Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU p ...)
+ NOT-FOR-US: Amazon FreeRTOS
+CVE-2021-43996 (The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Lar ...)
+ NOT-FOR-US: Laravel Ignition component
+CVE-2021-43995
+ RESERVED
+CVE-2021-43994
+ RESERVED
+CVE-2021-43993
+ RESERVED
+CVE-2021-43992
+ RESERVED
+CVE-2021-43991 (The Kentico Xperience CMS version 13.0 &#8211; 13.0.43 is vulnerable t ...)
+ NOT-FOR-US: Kentico Xperience CMS
+CVE-2021-43990
+ RESERVED
+CVE-2021-43989 (mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, wh ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-43988
+ RESERVED
+CVE-2021-43987 (An additional, nondocumented administrative account exists in mySCADA ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-43986
+ RESERVED
+CVE-2021-43985 (An unauthenticated remote attacker can access mySCADA myPRO Versions 8 ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-43984 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmw ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-43983 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to mult ...)
+ NOT-FOR-US: WECON LeviStudioU
+CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to ...)
+ NOT-FOR-US: Delta
+CVE-2021-43981 (mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-43980
+ RESERVED
+CVE-2021-43979 (** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 ...)
+ NOT-FOR-US: Styra Open Policy Agent (OPA) Gatekeeper
+CVE-2021-43978 (Allegro WIndows 3.3.4152.0, embeds software administrator database cre ...)
+ NOT-FOR-US: Allegro WIndows
+CVE-2021-43977 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows X ...)
+ NOT-FOR-US: SmarterTools
+CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wi ...)
+ - linux 5.15.15-2
+ NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/
+CVE-2021-43975 (In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in driver ...)
+ - linux 5.15.5-2
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/
+CVE-2021-43974 (An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg en ...)
+ NOT-FOR-US: SysAid ITIL
+CVE-2021-43973 (An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysA ...)
+ NOT-FOR-US: SysAid ITIL
+CVE-2021-43972 (An unrestricted file copy vulnerability in /UserSelfServiceSettings.js ...)
+ NOT-FOR-US: SysAid ITIL
+CVE-2021-43971 (A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITI ...)
+ NOT-FOR-US: SysAid ITIL
+CVE-2021-43970
+ RESERVED
+CVE-2021-43969
+ RESERVED
+CVE-2021-43968
+ RESERVED
+CVE-2021-43967
+ RESERVED
+CVE-2021-43966
+ RESERVED
+CVE-2021-43965
+ RESERVED
+CVE-2021-43964
+ RESERVED
+CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. ...)
+ NOT-FOR-US: Couchbase Sync Gateway
+CVE-2021-43962
+ RESERVED
+CVE-2021-43961
+ RESERVED
+CVE-2021-43960 (** DISPUTED ** Lorensbergs Connect2 3.13.7647.20190 is affected by an ...)
+ NOT-FOR-US: Lorensbergs Connect2
+CVE-2021-3974 (vim is vulnerable to Use After Free ...)
+ - vim 2:8.2.3995-1 (bug #1001897)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4
+ NOTE: https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 (v8.2.3612)
+CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1 (bug #1001899)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e
+ NOTE: https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 (v8.2.3611)
+CVE-2021-3972
+ RESERVED
+CVE-2021-3971
+ RESERVED
+CVE-2021-3970
+ RESERVED
+CVE-2021-3969
+ RESERVED
+CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1 (bug #1001900)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <not-affected> (Vulnerable code not present)
+ NOTE: https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528/
+ NOTE: https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69 (v8.2.3610)
+CVE-2021-43959
+ RESERVED
+CVE-2021-43958
+ RESERVED
+CVE-2021-43957
+ RESERVED
+CVE-2021-43956
+ RESERVED
+CVE-2021-43955
+ RESERVED
+CVE-2021-43954
+ RESERVED
+CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43952 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43951 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43950 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43949 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43948 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43947 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43945
+ RESERVED
+CVE-2021-43944
+ RESERVED
+CVE-2021-43943
+ RESERVED
+CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
+ NOT-FOR-US: Atlassian Confluence
+CVE-2021-43939
+ RESERVED
+CVE-2021-43938
+ RESERVED
+CVE-2021-43937
+ RESERVED
+CVE-2021-43936 (The software allows the attacker to upload or transfer files of danger ...)
+ NOT-FOR-US: Distributed Data Systems
+CVE-2021-43935 (The impacted products, when configured to use SSO, are affected by an ...)
+ NOT-FOR-US: Hillrom
+CVE-2021-43934
+ RESERVED
+CVE-2021-43933
+ RESERVED
+CVE-2021-43932
+ RESERVED
+CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but the im ...)
+ NOT-FOR-US: Distributed Data Systems
+CVE-2021-43930
+ RESERVED
+CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...)
+ NOT-FOR-US: Synology
+CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...)
+ NOT-FOR-US: Synology
+CVE-2021-43927 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-43926 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-43925 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-43924
+ RESERVED
+CVE-2021-43923
+ RESERVED
+CVE-2021-43922
+ RESERVED
+CVE-2021-43921
+ RESERVED
+CVE-2021-43920
+ RESERVED
+CVE-2021-43919
+ RESERVED
+CVE-2021-43918
+ RESERVED
+CVE-2021-43917
+ RESERVED
+CVE-2021-43916
+ RESERVED
+CVE-2021-43915
+ RESERVED
+CVE-2021-43914
+ RESERVED
+CVE-2021-43913
+ RESERVED
+CVE-2021-43912
+ RESERVED
+CVE-2021-43911
+ RESERVED
+CVE-2021-43910
+ RESERVED
+CVE-2021-43909
+ RESERVED
+CVE-2021-43908 (Visual Studio Code Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43907 (Visual Studio Code WSL Extension Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43906
+ RESERVED
+CVE-2021-43905 (Microsoft Office app Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43904
+ RESERVED
+CVE-2021-43903
+ RESERVED
+CVE-2021-43902
+ RESERVED
+CVE-2021-43901
+ RESERVED
+CVE-2021-43900
+ RESERVED
+CVE-2021-43899 (Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43898
+ RESERVED
+CVE-2021-43897
+ RESERVED
+CVE-2021-43896 (Microsoft PowerShell Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43895
+ RESERVED
+CVE-2021-43894
+ RESERVED
+CVE-2021-43893 (Windows Encrypting File System (EFS) Elevation of Privilege Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43892 (Microsoft BizTalk ESB Toolkit Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43891 (Visual Studio Code Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43890 (Windows AppX Installer Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43889 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43888 (Microsoft Defender for IoT Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43887
+ RESERVED
+CVE-2021-43886
+ RESERVED
+CVE-2021-43885
+ RESERVED
+CVE-2021-43884
+ RESERVED
+CVE-2021-43883 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43882 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43881
+ RESERVED
+CVE-2021-43880 (Windows Mobile Device Management Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43879
+ RESERVED
+CVE-2021-43878
+ RESERVED
+CVE-2021-43877 (ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: .NET core
+CVE-2021-43876 (Microsoft SharePoint Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43875 (Microsoft Office Graphics Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43874
+ RESERVED
+CVE-2021-43873
+ RESERVED
+CVE-2021-43872
+ RESERVED
+CVE-2021-43871
+ RESERVED
+CVE-2021-43870
+ RESERVED
+CVE-2021-43869
+ RESERVED
+CVE-2021-43868
+ RESERVED
+CVE-2021-43867
+ RESERVED
+CVE-2021-43866
+ RESERVED
+CVE-2021-43865
+ RESERVED
+CVE-2021-43864
+ RESERVED
+CVE-2021-43863 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...)
+ NOT-FOR-US: Nextcloud Android app
+CVE-2021-43862 (jQuery Terminal Emulator is a plugin for creating command line interpr ...)
+ NOT-FOR-US: jQuery Terminal Emulator
+CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that uses ...)
+ - node-mermaid 8.13.8+~cs10.4.16-1
+ [bullseye] - node-mermaid <no-dsa> (Minor issue)
+ NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v
+ NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83
+CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework. ...)
+ {DSA-5049-1}
+ - flatpak 1.12.3-1
+ [buster] - flatpak <ignored> (Intrusive and risky to backport)
+ [stretch] - flatpak <ignored> (Intrusive and risky to backport)
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
+ NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
+ NOTE: https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee
+ NOTE: https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451
+ NOTE: https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042
+CVE-2021-43859 (XStream is an open source java library to serialize objects to XML and ...)
+ {DLA-2924-1}
+ - libxstream-java <unfixed>
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
+ NOTE: https://x-stream.github.io/CVE-2021-43859.html
+ NOTE: https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846
+CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage. Prior to v ...)
+ NOT-FOR-US: MinIO
+CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy prior to ...)
+ NOT-FOR-US: Gerapy
+CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-43855 (Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-43854 (NLTK (Natural Language Toolkit) is a suite of open source Python modul ...)
+ - nltk 3.6.7-1 (bug #1002623)
+ [bullseye] - nltk <no-dsa> (Minor issue)
+ [buster] - nltk <no-dsa> (Minor issue)
+ [stretch] - nltk <no-dsa> (Minor issue)
+ NOTE: https://github.com/nltk/nltk/security/advisories/GHSA-f8m6-h2c7-8h9x
+ NOTE: https://github.com/nltk/nltk/issues/2866
+ NOTE: https://github.com/nltk/nltk/pull/2869
+ NOTE: https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 (3.6.6)
+CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available for Mic ...)
+ NOT-FOR-US: Ajax.NET Professional
+CVE-2021-43852 (OroPlatform is a PHP Business Application Platform. In affected versio ...)
+ NOT-FOR-US: OroPlatform
+CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2021-43850 (Discourse is an open source platform for community discussion. In affe ...)
+ NOT-FOR-US: Discourse
+CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single and simpl ...)
+ NOT-FOR-US: cordova-plugin-fingerprint-aio
+CVE-2021-43848 (h2o is an open source http server. In code prior to the `8c0eca3` comm ...)
+ - h2o <not-affected> (Vulnerable code not yet uploaded)
+ NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4
+ NOTE: Introduced by: https://github.com/h2o/h2o/commit/93af1383b248e9284ba5f63211b4fbb4c828d060
+ NOTE: Fixed by: https://github.com/h2o/h2o/commit/8c0eca3d9bc1f08e7c6bdf57645f3d54aed7d844
+CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prior to H ...)
+ NOT-FOR-US: HumHub Social Network Kit Enterprise
+CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...)
+ NOT-FOR-US: solidus_frontend
+CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh
+ NOTE: https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859
+ NOTE: https://github.com/pjsip/pjproject/pull/2924
+CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weather, a ...)
+ NOT-FOR-US: MSEdgeRedirect
+CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...)
+ NOT-FOR-US: jsx-slack
+CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for applica ...)
+ NOT-FOR-US: XWiki
+CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...)
+ NOT-FOR-US: Discourse Message Bus middleware
+CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...)
+ NOT-FOR-US: Cronos
+CVE-2021-43838 (jsx-slack is a library for building JSON objects for Slack Block Kit s ...)
+ NOT-FOR-US: jsx-slack
+CVE-2021-43837 (vault-cli is a configurable command-line interface tool (and python li ...)
+ NOT-FOR-US: Hashicorp vault-cli
+CVE-2021-43836 (Sulu is an open-source PHP content management system based on the Symf ...)
+ NOT-FOR-US: Sulu
+CVE-2021-43835 (Sulu is an open-source PHP content management system based on the Symf ...)
+ NOT-FOR-US: Sulu
+CVE-2021-43834 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
+ NOT-FOR-US: eLabFTW
+CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research teams. In v ...)
+ NOT-FOR-US: eLabFTW
+CVE-2021-43832 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
+ NOT-FOR-US: Spinnaker
+CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...)
+ NOT-FOR-US: gradio
+CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...)
+ NOT-FOR-US: OpenProject
+CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Security ...)
+ NOT-FOR-US: PatrOwl
+CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating Security ...)
+ NOT-FOR-US: PatrOwl
+CVE-2021-43827 (discourse-footnote is a library providing footnotes for posts in Disco ...)
+ NOT-FOR-US: discourse-footnote
+CVE-2021-43826
+ RESERVED
+CVE-2021-43825
+ RESERVED
+CVE-2021-43824
+ RESERVED
+CVE-2021-43823 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...)
+ NOT-FOR-US: Sourcegraph
+CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP Content Reposi ...)
+ NOT-FOR-US: Jackalope Doctrine-DBAL
+CVE-2021-43821 (Opencast is an Open Source Lecture Capture &amp; Video Management for ...)
+ NOT-FOR-US: Opencast
+CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is used i ...)
+ - seafile-server <itp> (bug #865830)
+ NOTE: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8
+ NOTE: https://github.com/haiwen/seafile-server/pull/520
+CVE-2021-43819
+ RESERVED
+CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...)
+ {DSA-5043-1 DLA-2871-1}
+ - lxml 4.7.1-1 (bug #1001885)
+ NOTE: https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8
+ NOTE: https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5)
+ NOTE: https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 (lxml-4.6.5)
+CVE-2021-43817 (Collabora Online is a collaborative online office suite based on Libre ...)
+ NOT-FOR-US: Collabora Online
+CVE-2021-43816 (containerd is an open source container runtime. On installations using ...)
+ - containerd 1.5.9~ds1-1
+ [bullseye] - containerd <not-affected> (Vulnerable code introduced in 1.5.0)
+ NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c
+ NOTE: Fixed by: https://github.com/containerd/containerd/commit/1407cab509ff0d96baa4f0eb6ff9980270e6e620
+CVE-2021-43815 (Grafana is an open-source platform for monitoring and observability. G ...)
+ - grafana <removed>
+CVE-2021-43814 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
+ NOT-FOR-US: Rizin
+CVE-2021-43813 (Grafana is an open-source platform for monitoring and observability. G ...)
+ - grafana <removed>
+CVE-2021-43812 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+ NOT-FOR-US: Auth0 Next.js SDK
+CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...)
+ NOT-FOR-US: Sockeye
+CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...)
+ NOT-FOR-US: Admidio
+CVE-2021-43809 (`Bundler` is a package for managing application dependencies in Ruby. ...)
+ - rubygems 3.3.5-1
+ NOTE: https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43
+ NOTE: https://github.com/rubygems/rubygems/commit/90b1ed8b9f8b636aa8c913f7b5a764a2e03d179c (v3.3.0)
+ NOTE: https://github.com/rubygems/rubygems/pull/5142
+CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...)
+ - php-laravel-framework 6.20.14+dfsg-3 (bug #1001333)
+ [bullseye] - php-laravel-framework <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw
+ NOTE: https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b (v6.20.42)
+CVE-2021-43807 (Opencast is an Open Source Lecture Capture &amp; Video Management for ...)
+ NOT-FOR-US: Opencast
+CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceability of ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
+ NOT-FOR-US: Solidus
+CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9
+ NOTE: https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e
+CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...)
+ NOT-FOR-US: next.js
+CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...)
+ - etherpad-lite <itp> (bug #576998)
+CVE-2021-43801 (Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8 ...)
+ NOT-FOR-US: Mercurius
+CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, dire ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-43799 (Zulip is an open-source team collaboration tool. Zulip Server installs ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...)
+ - grafana <removed>
+CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...)
+ - netty <unfixed> (bug #1001437)
+ [bullseye] - netty <no-dsa> (Minor issue)
+ [buster] - netty <no-dsa> (Minor issue)
+ [stretch] - netty <no-dsa> (Minor issue)
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
+ NOTE: https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 (netty-4.1.71.Final)
+CVE-2021-43796
+ RESERVED
+CVE-2021-43795 (Armeria is an open source microservice framework. In affected versions ...)
+ NOT-FOR-US: Armeria
+CVE-2021-43794 (Discourse is an open source discussion platform. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-43793 (Discourse is an open source discussion platform. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-43792 (Discourse is an open source discussion platform. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-43791 (Zulip is an open source group chat application that combines real-time ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-43790 (Lucet is a native WebAssembly compiler and runtime. There is a bug in ...)
+ NOT-FOR-US: Lucet
+CVE-2021-43789 (PrestaShop is an Open Source e-commerce web application. Versions of P ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-43788 (Nodebb is an open source Node.js based forum software. Prior to v1.18. ...)
+ NOT-FOR-US: Nodebb
+CVE-2021-43787 (Nodebb is an open source Node.js based forum software. In affected ver ...)
+ NOT-FOR-US: Nodebb
+CVE-2021-43786 (Nodebb is an open source Node.js based forum software. In affected ver ...)
+ NOT-FOR-US: Nodebb
+CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker componen ...)
+ NOT-FOR-US: @joeattardi/emoji-button
+CVE-2021-43784 (runc is a CLI tool for spawning and running containers on Linux accord ...)
+ {DLA-2841-1}
+ - runc 1.0.3+ds1-1
+ [bullseye] - runc <ignored> (Minor issue; not exploitable in 1.0.0)
+ [buster] - runc <ignored> (Minor issue; not exploitable in 1.0.0)
+ NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/1
+ NOTE: Fixed by: https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae
+CVE-2021-43783 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...)
+ NOT-FOR-US: @backstage/plugin-scaffolder-backend
+CVE-2021-43782 (Tuleap is a Libre and Open Source tool for end to end traceability of ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for Invenio, a ...)
+ NOT-FOR-US: Invenio-Drafts-Resources
+CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...)
+ NOT-FOR-US: Redash
+CVE-2021-43779 (GLPI is an open source IT Asset Management, issue tracking system and ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI inst ...)
+ NOT-FOR-US: GLPI plugin
+CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...)
+ NOT-FOR-US: Redash
+CVE-2021-43776 (Backstage is an open platform for building developer portals. In affec ...)
+ NOT-FOR-US: Backstage
+CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment trackin ...)
+ NOT-FOR-US: Aim
+CVE-2021-3967
+ RESERVED
+CVE-2021-3966
+ RESERVED
+CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...)
+ NOT-FOR-US: HP
+CVE-2021-43774
+ RESERVED
+CVE-2021-43773
+ RESERVED
+CVE-2021-43772 (Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability th ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3964 (elgg is vulnerable to Authorization Bypass Through User-Controlled Key ...)
+ - elgg <itp> (bug #526197)
+CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: kimai2
+CVE-2021-3962 (A flaw was found in ImageMagick where it did not properly sanitize cer ...)
+ - imagemagick <not-affected> (Specific to 7.x)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/4446
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c75673b4525e
+CVE-2021-43770
+ RESERVED
+CVE-2021-43769
+ RESERVED
+CVE-2021-43768
+ RESERVED
+CVE-2021-43767
+ RESERVED
+CVE-2021-43766
+ RESERVED
+CVE-2021-43765 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43764 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43763 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43762 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43761 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43760
+ RESERVED
+CVE-2021-43759
+ RESERVED
+CVE-2021-43758
+ RESERVED
+CVE-2021-43757
+ RESERVED
+CVE-2021-43756
+ RESERVED
+CVE-2021-43755
+ RESERVED
+CVE-2021-43754
+ RESERVED
+CVE-2021-43753
+ RESERVED
+CVE-2021-43752 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43751
+ RESERVED
+CVE-2021-43750 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43749 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43748 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43747 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3958 (Due to improper sanitization iPack SCADA Automation software suffers f ...)
+ NOT-FOR-US: iPack SCADA Automation
+CVE-2021-43745
+ RESERVED
+CVE-2021-43744
+ RESERVED
+CVE-2021-43743
+ RESERVED
+CVE-2021-43742
+ RESERVED
+CVE-2021-43741
+ RESERVED
+CVE-2021-43740
+ RESERVED
+CVE-2021-43739
+ RESERVED
+CVE-2021-43738
+ RESERVED
+CVE-2021-43737
+ RESERVED
+CVE-2021-43736
+ RESERVED
+CVE-2021-43735
+ RESERVED
+CVE-2021-43734 (kkFileview v4.0.0 has arbitrary file read through a directory traversa ...)
+ NOT-FOR-US: kkFileview
+CVE-2021-43733
+ RESERVED
+CVE-2021-43732
+ RESERVED
+CVE-2021-43731
+ RESERVED
+CVE-2021-43730
+ RESERVED
+CVE-2021-43729
+ RESERVED
+CVE-2021-43728
+ RESERVED
+CVE-2021-43727
+ RESERVED
+CVE-2021-43726
+ RESERVED
+CVE-2021-43725
+ RESERVED
+CVE-2021-43724
+ RESERVED
+CVE-2021-43723
+ RESERVED
+CVE-2021-43722
+ RESERVED
+CVE-2021-43721
+ RESERVED
+CVE-2021-43720
+ RESERVED
+CVE-2021-43719
+ RESERVED
+CVE-2021-43718
+ RESERVED
+CVE-2021-43717
+ RESERVED
+CVE-2021-43716
+ RESERVED
+CVE-2021-43715
+ RESERVED
+CVE-2021-43714
+ RESERVED
+CVE-2021-43713
+ RESERVED
+CVE-2021-43712
+ RESERVED
+CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-43710
+ RESERVED
+CVE-2021-43709
+ RESERVED
+CVE-2021-43708
+ RESERVED
+CVE-2021-43707
+ RESERVED
+CVE-2021-43706
+ RESERVED
+CVE-2021-43705
+ RESERVED
+CVE-2021-43704
+ RESERVED
+CVE-2021-43703 (An Incorrect Access Control vulnerability exists in zzcms less than or ...)
+ NOT-FOR-US: zzcms
+CVE-2021-43702
+ RESERVED
+CVE-2021-43701
+ RESERVED
+CVE-2021-43700
+ RESERVED
+CVE-2021-43699
+ RESERVED
+CVE-2021-43698 (phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripti ...)
+ NOT-FOR-US: phpWhois
+CVE-2021-43697 (Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a C ...)
+ NOT-FOR-US: Workerman-ThinkPHP-Redis
+CVE-2021-43696 (twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerab ...)
+ NOT-FOR-US: twmap
+CVE-2021-43695 (issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vu ...)
+ NOT-FOR-US: issabelPBX
+CVE-2021-43694
+ RESERVED
+CVE-2021-43693 (vesta 0.9.8-24 is affected by a file inclusion vulnerability in file w ...)
+ NOT-FOR-US: Vesta Control Panel
+CVE-2021-43692 (youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross ...)
+ NOT-FOR-US: youtube-php-mirroring
+CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation vulnerability in f ...)
+ NOT-FOR-US: tripexpress
+CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: YurunProxy
+CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by a Cross Site Scriptin ...)
+ NOT-FOR-US: thinkphp manage
+CVE-2021-43688
+ RESERVED
+CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: nZEDb
+CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...)
+ - libretime <itp> (bug #888687)
+CVE-2021-43684
+ RESERVED
+CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
+ NOT-FOR-US: pictshare
+CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site ...)
+ NOT-FOR-US: ThinkPHP BJY Blog
+CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulne ...)
+ NOT-FOR-US: SakuraPanel
+CVE-2021-43680
+ RESERVED
+CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...)
+ NOT-FOR-US: ecshop
+CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...)
+ NOT-FOR-US: Wechat-php-sdk
+CVE-2021-43677 (Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerabili ...)
+ NOT-FOR-US: Fluxbb
+CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...)
+ NOT-FOR-US: matyhtf framework
+CVE-2021-43675 (Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: Lychee-v3
+CVE-2021-43674 (** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a p ...)
+ NOT-FOR-US: ThinkUp
+CVE-2021-43673 (dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: dzzoffice
+CVE-2021-43672
+ RESERVED
+CVE-2021-43671
+ RESERVED
+CVE-2021-43670
+ RESERVED
+CVE-2021-43669 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...)
+ NOT-FOR-US: HyperLedger
+CVE-2021-43668 (Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a s ...)
+ - golang-github-go-ethereum <itp> (bug #890541)
+ NOTE: https://github.com/ethereum/go-ethereum/issues/23866
+CVE-2021-43667 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...)
+ NOT-FOR-US: HyperLedger
+CVE-2021-43666
+ RESERVED
+CVE-2021-43665
+ RESERVED
+CVE-2021-43664
+ RESERVED
+CVE-2021-43663
+ RESERVED
+CVE-2021-43662
+ RESERVED
+CVE-2021-43661
+ RESERVED
+CVE-2021-43660
+ RESERVED
+CVE-2021-43659
+ RESERVED
+CVE-2021-43658
+ RESERVED
+CVE-2021-43657
+ RESERVED
+CVE-2021-43656
+ RESERVED
+CVE-2021-43655
+ RESERVED
+CVE-2021-43654
+ RESERVED
+CVE-2021-43653
+ RESERVED
+CVE-2021-43652
+ RESERVED
+CVE-2021-43651
+ RESERVED
+CVE-2021-43650
+ RESERVED
+CVE-2021-43649
+ RESERVED
+CVE-2021-43648
+ RESERVED
+CVE-2021-43647
+ RESERVED
+CVE-2021-43646
+ RESERVED
+CVE-2021-43645
+ RESERVED
+CVE-2021-43644
+ RESERVED
+CVE-2021-43643
+ RESERVED
+CVE-2021-43642
+ RESERVED
+CVE-2021-43641
+ RESERVED
+CVE-2021-43640
+ RESERVED
+CVE-2021-43639
+ RESERVED
+CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL ...)
+ NOT-FOR-US: Amazon
+CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler ...)
+ NOT-FOR-US: Amazon
+CVE-2021-43636
+ RESERVED
+CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...)
+ NOT-FOR-US: Codex
+CVE-2021-43634
+ RESERVED
+CVE-2021-43633
+ RESERVED
+CVE-2021-43632
+ RESERVED
+CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: Projectworlds Hospital Management System
+CVE-2021-43630 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: Projectworlds Hospital Management System
+CVE-2021-43629 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: Projectworlds Hospital Management System
+CVE-2021-43628 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: Projectworlds Hospital Management System
+CVE-2021-43627
+ RESERVED
+CVE-2021-43626
+ RESERVED
+CVE-2021-43625
+ RESERVED
+CVE-2021-43624
+ RESERVED
+CVE-2021-43623
+ RESERVED
+CVE-2021-43622
+ RESERVED
+CVE-2021-43621
+ RESERVED
+CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for Rust. Se ...)
+ NOT-FOR-US: Rust crate fruity
+CVE-2021-43619
+ RESERVED
+CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...)
+ {DLA-2837-1}
+ - gmp 2:6.2.1+dfsg-3 (bug #994405)
+ [bullseye] - gmp 2:6.2.1+dfsg-1+deb11u1
+ [buster] - gmp <no-dsa> (Minor issue)
+ NOTE: https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
+ NOTE: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
+CVE-2021-43617 (Laravel Framework through 8.70.2 does not sufficiently block the uploa ...)
+ - php-laravel-framework 6.20.14+dfsg-3 (bug #1002728)
+ [bullseye] - php-laravel-framework <no-dsa> (Can be fixed via point release)
+ NOTE: https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b
+CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: kimai2
+CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...)
+ - npm <unfixed>
+ [bullseye] - npm <no-dsa> (Minor issue)
+ [buster] - npm <no-dsa> (Minor issue)
+ NOTE: https://github.com/npm/cli/issues/2701
+CVE-2021-43615 (An issue was discovered in HddPassword in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
+CVE-2021-43614
+ RESERVED
+CVE-2021-43613
+ RESERVED
+CVE-2021-43612 [crash in SONMP decoder]
+ RESERVED
+ - lldpd 1.0.13-1
+ [bullseye] - lldpd 1.0.11-1+deb11u1
+ [buster] - lldpd <no-dsa> (Minor issue)
+ [stretch] - lldpd <no-dsa> (Minor issue)
+ NOTE: https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7 (1.0.13)
+CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...)
+ NOT-FOR-US: Belledonne Belle-sip
+CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...)
+ NOT-FOR-US: Belledonne Belle-sip
+CVE-2021-43609
+ RESERVED
+CVE-2021-43608 (Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of o ...)
+ - php-doctrine-dbal <not-affected> (Vulnerable code introduced in 3.0.0)
+ NOTE: Bug was introduced in 3.0.0, and fixed in experimental in 3.1.4+dfsg-1 and
+ NOTE: only present in experimental suite.
+ NOTE: https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
+CVE-2021-43607
+ RESERVED
+CVE-2021-43606
+ RESERVED
+CVE-2021-43605
+ RESERVED
+CVE-2021-43604
+ RESERVED
+CVE-2021-43603
+ RESERVED
+CVE-2021-43602
+ RESERVED
+CVE-2021-43601
+ RESERVED
+CVE-2021-43600
+ RESERVED
+CVE-2021-43599
+ RESERVED
+CVE-2021-43598
+ RESERVED
+CVE-2021-43597
+ RESERVED
+CVE-2021-43596
+ RESERVED
+CVE-2021-43595
+ RESERVED
+CVE-2021-43594
+ RESERVED
+CVE-2021-43593
+ RESERVED
+CVE-2021-43592
+ RESERVED
+CVE-2021-43591
+ RESERVED
+CVE-2021-43590
+ RESERVED
+CVE-2021-43589 (Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior ...)
+ NOT-FOR-US: EMC
+CVE-2021-43588 (Dell EMC Data Protection Central version 19.5 contains an Improper Inp ...)
+ NOT-FOR-US: EMC
+CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, ...)
+ NOT-FOR-US: Dell
+CVE-2021-43586
+ RESERVED
+CVE-2021-43585
+ RESERVED
+CVE-2021-43584
+ RESERVED
+CVE-2021-43583
+ RESERVED
+CVE-2021-3956
+ RESERVED
+CVE-2021-3955
+ RESERVED
+CVE-2021-3954
+ RESERVED
+CVE-2021-3953
+ RESERVED
+CVE-2021-3952
+ RESERVED
+CVE-2021-3951
+ RESERVED
+CVE-2021-43582 (A Use-After-Free Remote Vulnerability exists when reading a DWG file u ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43581 (An Out-of-Bounds Read vulnerability exists when reading a U3D file usi ...)
+ NOT-FOR-US: Open Design Alliance PRC SDK
+CVE-2021-43580
+ RESERVED
+CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC &lt;= 1.9 ...)
+ - htmldoc 1.9.13-1 (unimportant)
+ [bullseye] - htmldoc 1.9.11-4+deb11u1
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b (v1.9.13)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/453
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-3950 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
+ NOT-FOR-US: django-helpdesk
+CVE-2021-43578 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-43577 (Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not confi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-43576 (Jenkins pom2config Plugin 1.2 and earlier does not configure its XML p ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-42744 (Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive informatio ...)
+ NOT-FOR-US: Philips
+CVE-2021-26262 (Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorre ...)
+ NOT-FOR-US: Philips
+CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outs ...)
+ NOT-FOR-US: Philips
+CVE-2021-3949
+ RESERVED
+CVE-2021-3948 (An incorrect default permissions vulnerability was found in the mig-co ...)
+ NOT-FOR-US: Migration Toolkit for Containers
+CVE-2021-3947 (A stack-buffer-overflow was found in QEMU in the NVME component. The f ...)
+ - qemu 1:6.2+dfsg-1
+ [bullseye] - qemu <not-affected> (Vulnerable code introduced later)
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2021869
+ NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/f432fdfa1215bc3a00468b2e711176be279b0fd2 (v6.0.0-rc0)
+ NOTE: https://lore.kernel.org/qemu-devel/20211111153125.2258176-1-philmd@redhat.com/
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/e2c57529c9306e4c9aac75d9879f6e7699584a22 (v6.2.0-rc3)
+CVE-2021-3946
+ RESERVED
+CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...)
+ NOT-FOR-US: django-helpdesk
+CVE-2021-3944 (bookstack is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: bookstack
+CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
+ - moodle <removed>
+CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...)
+ NOT-FOR-US: KNX ETS6
+CVE-2021-43574 (** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 ...)
+ - atmailopen <removed>
+CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...)
+ NOT-FOR-US: Realtek
+CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (aka starkb ...)
+ NOT-FOR-US: Stark bank libraries
+CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library (ecdsa-nod ...)
+ NOT-FOR-US: Stark bank libraries
+CVE-2021-43570 (The verify function in the Stark Bank Java ECDSA library (ecdsa-java) ...)
+ NOT-FOR-US: Stark bank libraries
+CVE-2021-43569 (The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet ...)
+ NOT-FOR-US: Stark bank libraries
+CVE-2021-43568 (The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elix ...)
+ NOT-FOR-US: Stark bank libraries
+CVE-2021-43567
+ RESERVED
+CVE-2021-43566 (All versions of Samba prior to 4.13.16 are vulnerable to a malicious c ...)
+ - samba <unfixed> (bug #1004691)
+ [bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ [buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-43566.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13979
+CVE-2021-43565 [x/crypto/ssh: empty plaintext packet causes panic]
+ RESERVED
+ - golang-go.crypto 1:0.0~git20211202.5770296-1
+ [stretch] - golang-go.crypto <postponed> (Limited support in stretch)
+ NOTE: https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083
+ NOTE: https://github.com/golang/go/issues/49932
+CVE-2021-43564 (An issue was discovered in the jobfair (aka Job Fair) extension before ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2021-43563 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2021-43562 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2021-43561 (An XSS issue was discovered in the google_for_jobs (aka Google for Job ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2021-43560 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
+ - moodle <removed>
+CVE-2021-43559 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
+ - moodle <removed>
+CVE-2021-43558 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...)
+ - moodle <removed>
+CVE-2021-3942
+ RESERVED
+CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri ...)
+ NOT-FOR-US: Apache Apisix
+CVE-2021-3941
+ RESERVED
+ - openexr <unfixed>
+ [stretch] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1153
+ NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/a0cfa81153b2464b864c5fe39a53cb03339092ed
+CVE-2021-3940
+ RESERVED
+CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a s ...)
+ NOT-FOR-US: FATEK WinProladder
+CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validat ...)
+ NOT-FOR-US: mySCADA myDESIGNER
+CVE-2021-43554 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an ...)
+ NOT-FOR-US: FATEK WinProladder
+CVE-2021-43553 (PI Vision could disclose information to a user with insufficient privi ...)
+ NOT-FOR-US: OSIsoft
+CVE-2021-43552 (The use of a hard-coded cryptographic key significantly increases the ...)
+ NOT-FOR-US: Philips
+CVE-2021-43551 (A remote attacker with write access to PI Vision could inject code int ...)
+ NOT-FOR-US: OSIsoft
+CVE-2021-43550 (The use of a broken or risky cryptographic algorithm is an unnecessary ...)
+ NOT-FOR-US: Philips
+CVE-2021-43549 (A remote authenticated attacker with write access to a PI Server could ...)
+ NOT-FOR-US: OSIsoft
+CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives ...)
+ NOT-FOR-US: Philips
+CVE-2021-43547
+ RESERVED
+CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43546
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546
+CVE-2021-43545 (Using the Location API in a loop could have caused severe application ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43545
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43545
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43545
+CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have searche ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544
+CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43543
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543
+CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43542
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542
+CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43541
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43541
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43541
+CVE-2021-43540 (WebExtensions with the correct permissions were able to create and ins ...)
+ - firefox 95.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540
+CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43539
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539
+CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43538
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538
+CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43537
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537
+CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 95.0-1
+ - firefox-esr 91.4.0esr-1
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43536
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536
+CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 93.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-43535
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535
+CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43534
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43534
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43534
+CVE-2021-43533 (When parsing internationalized domain names, high bits of the characte ...)
+ - firefox 94.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43533
+CVE-2021-43532 (The 'Copy Image Link' context menu action would copy the final image U ...)
+ - firefox 94.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43532
+CVE-2021-43531 (When a user loaded a Web Extensions context menu, the Web Extension co ...)
+ - firefox 94.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43531
+CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for Android resul ...)
+ - firefox 94.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530
+CVE-2021-43529
+ RESERVED
+ {DSA-5034-1 DLA-2874-1}
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501
+CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition area. T ...)
+ {DSA-5034-1 DLA-2874-1}
+ - thunderbird 1:91.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528
+CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a ...)
+ {DSA-5016-1 DLA-2836-1}
+ - nss 2:3.73-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/4
+ NOTE: https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH)
+ NOTE: https://hg.mozilla.org/projects/nss/rev/dea71cbef9e03636f37c6cb120f8deccce6e17dd (NSS_3_68_1_BRANCH)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/#CVE-2021-43527
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1737470 (not yet public)
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
+ NOTE: https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html
+CVE-2021-43526
+ RESERVED
+CVE-2021-43525
+ RESERVED
+CVE-2021-43524
+ RESERVED
+CVE-2021-43523 (In uClibc and uClibc-ng before 1.0.39, incorrect handling of special c ...)
+ - uclibc <unfixed> (unimportant)
+ - uclibc-ng <itp> (bug #811275)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/09/1
+ NOTE: https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174
+CVE-2021-43522 (An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 20 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-3939 (Ubuntu-specific modifications to accountsservice (in patch file debian ...)
+ - accountsservice <not-affected> (Ubuntu specific patch)
+ NOTE: https://ubuntu.com/security/CVE-2021-3939
+CVE-2021-3938 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-3937
+ RESERVED
+CVE-2021-3936
+ RESERVED
+CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...)
+ {DLA-2922-1}
+ - pgbouncer 1.16.1-1
+ [bullseye] - pgbouncer <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - pgbouncer <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://www.pgbouncer.org/2021/11/pgbouncer-1-16-1
+ NOTE: https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_1_16_1
+ NOTE: https://github.com/pgbouncer/pgbouncer/commit/e4453c9151a2f5af0a9cb049b302a3f9f9654453 (v1.16.1)
+CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...)
+ NOT-FOR-US: ohmyzsh
+CVE-2021-3933
+ RESERVED
+ - openexr <unfixed>
+ [stretch] - openexr <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912
+ NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17
+CVE-2021-43521
+ RESERVED
+CVE-2021-43520
+ RESERVED
+CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...)
+ - lua5.4 5.4.4-1 (bug #1000228)
+ [bullseye] - lua5.4 <no-dsa> (Minor issue)
+ - lua5.3 <unfixed>
+ [bullseye] - lua5.3 <no-dsa> (Minor issue)
+ [buster] - lua5.3 <no-dsa> (Minor issue)
+ [stretch] - lua5.3 <no-dsa> (Minor issue)
+ - lua5.2 <unfixed>
+ [bullseye] - lua5.2 <no-dsa> (Minor issue)
+ [buster] - lua5.2 <no-dsa> (Minor issue)
+ [stretch] - lua5.2 <no-dsa> (Minor issue)
+ - lua5.1 <unfixed>
+ [bullseye] - lua5.1 <no-dsa> (Minor issue)
+ [buster] - lua5.1 <no-dsa> (Minor issue)
+ [stretch] - lua5.1 <no-dsa> (Minor issue)
+ - lua50 <not-affected> (Vulnerable code not present)
+ NOTE: http://lua-users.org/lists/lua-l/2021-10/msg00123.html
+ NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00015.html
+ NOTE: Fixed by: https://github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868
+CVE-2021-43518 (Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. ...)
+ - teeworlds <unfixed>
+ [bullseye] - teeworlds <no-dsa> (Minor issue)
+ [buster] - teeworlds <no-dsa> (Minor issue)
+ NOTE: https://github.com/teeworlds/teeworlds/issues/2981
+ NOTE: https://github.com/teeworlds/teeworlds/pull/3018
+ NOTE: https://github.com/teeworlds/teeworlds/commit/91e5492d4c210f82f1ca6b43a73417fef5463368
+ NOTE: https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/
+CVE-2021-43517
+ RESERVED
+CVE-2021-43516
+ RESERVED
+CVE-2021-43515
+ RESERVED
+CVE-2021-43514
+ RESERVED
+CVE-2021-43513
+ RESERVED
+CVE-2021-43512
+ RESERVED
+CVE-2021-43511
+ RESERVED
+CVE-2021-43510 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43509 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43508
+ RESERVED
+CVE-2021-43507
+ RESERVED
+CVE-2021-43506
+ RESERVED
+CVE-2021-43505
+ RESERVED
+CVE-2021-43504
+ RESERVED
+CVE-2021-43503
+ RESERVED
+CVE-2021-43502
+ RESERVED
+CVE-2021-43501
+ RESERVED
+CVE-2021-43500
+ RESERVED
+CVE-2021-43499
+ RESERVED
+CVE-2021-43498
+ RESERVED
+CVE-2021-43497
+ RESERVED
+CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...)
+ NOT-FOR-US: Clustering
+CVE-2021-43495 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...)
+ NOT-FOR-US: AlquistManager
+CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...)
+ NOT-FOR-US: OpenCV-REST-API
+CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...)
+ NOT-FOR-US: ServerManagement
+CVE-2021-43492 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...)
+ NOT-FOR-US: AlquistManager
+CVE-2021-43491
+ RESERVED
+CVE-2021-43490
+ RESERVED
+CVE-2021-43489
+ RESERVED
+CVE-2021-43488
+ RESERVED
+CVE-2021-43487
+ RESERVED
+CVE-2021-43486
+ RESERVED
+CVE-2021-43485
+ RESERVED
+CVE-2021-43484
+ RESERVED
+CVE-2021-43483
+ RESERVED
+CVE-2021-43482
+ RESERVED
+CVE-2021-43481
+ RESERVED
+CVE-2021-43480
+ RESERVED
+CVE-2021-43479
+ RESERVED
+CVE-2021-43478
+ RESERVED
+CVE-2021-43477
+ RESERVED
+CVE-2021-43476
+ RESERVED
+CVE-2021-43475
+ RESERVED
+CVE-2021-43474
+ RESERVED
+CVE-2021-43473
+ RESERVED
+CVE-2021-43472
+ RESERVED
+CVE-2021-43471 (In Canon LBP223 printers, the System Manager Mode login does not requi ...)
+ NOT-FOR-US: Canon
+CVE-2021-43470
+ RESERVED
+CVE-2021-43469 (VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulner ...)
+ NOT-FOR-US: VINGA
+CVE-2021-43468
+ RESERVED
+CVE-2021-43467
+ RESERVED
+CVE-2021-43466 (In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with spe ...)
+ NOT-FOR-US: thymeleaf-spring5
+CVE-2021-43465
+ RESERVED
+CVE-2021-43464
+ RESERVED
+CVE-2021-43463
+ RESERVED
+CVE-2021-43462
+ RESERVED
+CVE-2021-43461
+ RESERVED
+CVE-2021-43460
+ RESERVED
+CVE-2021-43459
+ RESERVED
+CVE-2021-43458
+ RESERVED
+CVE-2021-43457
+ RESERVED
+CVE-2021-43456
+ RESERVED
+CVE-2021-43455
+ RESERVED
+CVE-2021-43454
+ RESERVED
+CVE-2021-43453
+ RESERVED
+CVE-2021-43452
+ RESERVED
+CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee Record Manag ...)
+ NOT-FOR-US: PHPGURUKUL
+CVE-2021-43450
+ RESERVED
+CVE-2021-43449
+ RESERVED
+CVE-2021-43448
+ RESERVED
+CVE-2021-43447
+ RESERVED
+CVE-2021-43446
+ RESERVED
+CVE-2021-43445
+ RESERVED
+CVE-2021-43444
+ RESERVED
+CVE-2021-43443
+ RESERVED
+CVE-2021-43442
+ RESERVED
+CVE-2021-43441 (An HTML Injection Vulnerability in iOrder 1.0 allows the remote attack ...)
+ NOT-FOR-US: iOrder
+CVE-2021-43440 (Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 a ...)
+ NOT-FOR-US: iOrder
+CVE-2021-43439 (RCE in Add Review Function in iResturant 1.0 Allows remote attacker to ...)
+ NOT-FOR-US: iResturant
+CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to ...)
+ NOT-FOR-US: iResturant
+CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...)
+ NOT-FOR-US: sourcecodetester Engineers Online Portal
+CVE-2021-43436 (MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payl ...)
+ NOT-FOR-US: MartDevelopers Inc iResturant
+CVE-2021-43435
+ RESERVED
+CVE-2021-43434
+ RESERVED
+CVE-2021-43433
+ RESERVED
+CVE-2021-43432
+ RESERVED
+CVE-2021-43431
+ RESERVED
+CVE-2021-43430
+ RESERVED
+CVE-2021-43429
+ RESERVED
+CVE-2021-43428
+ RESERVED
+CVE-2021-43427
+ RESERVED
+CVE-2021-43426
+ RESERVED
+CVE-2021-43425
+ RESERVED
+CVE-2021-43424
+ RESERVED
+CVE-2021-43423
+ RESERVED
+CVE-2021-43422
+ RESERVED
+CVE-2021-43421
+ RESERVED
+CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43419
+ RESERVED
+CVE-2021-43418
+ RESERVED
+CVE-2021-43417
+ RESERVED
+CVE-2021-43416
+ RESERVED
+CVE-2021-43415 (HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, w ...)
+ - nomad <undetermined>
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
+ TODO: check
+CVE-2021-43414 (An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of ...)
+ - hurd 1:0.9.git20210404-9
+CVE-2021-43413 (An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pa ...)
+ - hurd 1:0.9.git20210404-9
+CVE-2021-43412 (An issue was discovered in GNU Hurd before 0.9 20210404-9. libports ac ...)
+ - hurd 1:0.9.git20210404-9
+CVE-2021-43411 (An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying ...)
+ - hurd 1:0.9.git20210404-9
+CVE-2021-43410 (Apache Airavata Django Portal allows CRLF log injection because of lac ...)
+ NOT-FOR-US: Apache Airavata
+CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: twill
+CVE-2021-43409 (The &#8220;WPO365 | LOGIN&#8221; WordPress plugin (up to and including ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-43408 (The "Duplicate Post" WordPress plugin up to and including version 1.1. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-43407
+ RESERVED
+CVE-2021-43406 (An issue was discovered in FusionPBX before 4.5.30. The fax_post_size ...)
+ NOT-FOR-US: FusionPBX
+CVE-2021-43405 (An issue was discovered in FusionPBX before 4.5.30. The fax_extension ...)
+ NOT-FOR-US: FusionPBX
+CVE-2021-43404 (An issue was discovered in FusionPBX before 4.5.30. The FAX file name ...)
+ NOT-FOR-US: FusionPBX
+CVE-2021-43403 (An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php ...)
+ NOT-FOR-US: FusionPBX
+CVE-2021-43402
+ RESERVED
+CVE-2021-43401
+ RESERVED
+CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...)
+ - qemu 1:6.2+dfsg-1
+ [bullseye] - qemu <postponed> (Minor issue)
+ [buster] - qemu <postponed> (Minor issue)
+ [stretch] - qemu <postponed> (Fix along with a future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020588
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/546
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8 (v6.2.0-rc0)
+CVE-2021-3929 [nvme: DMA reentrancy issue leads to use-after-free]
+ RESERVED
+ - qemu <unfixed>
+ [stretch] - qemu <postponed> (Fix along with a future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020298
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/556
+ NOTE: Proposed patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...)
+ - bluez 5.62-1 (bug #998626)
+ [bullseye] - bluez <no-dsa> (Minor issue; can be fixed in point release)
+ [buster] - bluez <no-dsa> (Minor issue; can be fixed in point release)
+ [stretch] - bluez <ignored> (invasive patch, requires post-stretch revamps)
+ NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=93b64d9ca8a2bb663e37904d4b2c702c58a36e4f (5.40)
+ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 (5.62)
+CVE-2021-43399 (The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-s ...)
+ NOT-FOR-US: yubihsm-shell
+CVE-2021-43398 (** DISPUTED ** Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a ti ...)
+ - libcrypto++ <unfixed> (unimportant; bug #1000227)
+ NOTE: https://github.com/weidai11/cryptopp/issues/1080
+ NOTE: As per upstream believed to be the expected behaviour:
+ NOTE: https://github.com/weidai11/cryptopp/issues/1080#issuecomment-996492222
+CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate their priv ...)
+ NOT-FOR-US: LiquidFiles
+CVE-2021-43395
+ RESERVED
+CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, ...)
+ NOT-FOR-US: Unisys
+CVE-2021-43393
+ RESERVED
+CVE-2021-43392
+ RESERVED
+CVE-2021-43396 (** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka ...)
+ - glibc 2.32-5 (unimportant; bug #998622)
+ [buster] - glibc <not-affected> (Vulnerable code not present)
+ [stretch] - glibc <not-affected> (Vulnerable code not present)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28524
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d
+ NOTE: Introduced by the fix for CVE-2021-3326 / BZ#27256: https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888
+ NOTE: No security impact per upstream assessment
+CVE-2021-43391 (An Out-of-Bounds Read vulnerability exists when reading a DXF file usi ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43390 (An Out-of-Bounds Write vulnerability exists when reading a DGN file us ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. There is a ...)
+ {DLA-2843-1}
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1
+ NOTE: https://git.kernel.org/linus/1f3e2e97c003f80c4b087092b225c8787ff91e4d
+CVE-2021-43388 (Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store ...)
+ NOT-FOR-US: Unisys Cargo Mobile Application
+CVE-2021-43387
+ RESERVED
+CVE-2021-43386
+ RESERVED
+CVE-2021-43385
+ RESERVED
+CVE-2021-43384
+ RESERVED
+CVE-2021-43383
+ RESERVED
+CVE-2021-43382
+ RESERVED
+CVE-2021-43381
+ RESERVED
+CVE-2021-43380
+ RESERVED
+CVE-2021-43379
+ RESERVED
+CVE-2021-43378
+ RESERVED
+CVE-2021-43377
+ RESERVED
+CVE-2021-43376
+ RESERVED
+CVE-2021-43375
+ RESERVED
+CVE-2021-43374
+ RESERVED
+CVE-2021-43373
+ RESERVED
+CVE-2021-43372
+ RESERVED
+CVE-2021-43371
+ RESERVED
+CVE-2021-43370
+ RESERVED
+CVE-2021-43369
+ RESERVED
+CVE-2021-43368
+ RESERVED
+CVE-2021-43367
+ RESERVED
+CVE-2021-43366
+ RESERVED
+CVE-2021-43365
+ RESERVED
+CVE-2021-43364
+ RESERVED
+CVE-2021-43363
+ RESERVED
+CVE-2021-43362
+ RESERVED
+CVE-2021-43361
+ RESERVED
+CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule&#8217;s serialization functi ...)
+ NOT-FOR-US: Sunnet eHRD
+CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allows a re ...)
+ NOT-FOR-US: Sunnet eHRD
+CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...)
+ NOT-FOR-US: Sunnet eHRD
+CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
+ NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582)
+CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3995-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
+ NOTE: Fixed by: https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (v8.2.3581)
+CVE-2021-43357
+ RESERVED
+CVE-2021-43350 (An unauthenticated Apache Traffic Control Traffic Ops user can send a ...)
+ NOT-FOR-US: Apache Traffic Control
+CVE-2021-43349
+ RESERVED
+CVE-2021-43348
+ RESERVED
+CVE-2021-43347
+ RESERVED
+CVE-2021-43346
+ RESERVED
+CVE-2021-43345
+ RESERVED
+CVE-2021-43344
+ RESERVED
+CVE-2021-43343
+ RESERVED
+CVE-2021-43342
+ RESERVED
+CVE-2021-43341
+ RESERVED
+CVE-2021-43340
+ RESERVED
+CVE-2021-43339 (In Ericsson Network Location before 2021-07-31, it is possible for an ...)
+ NOT-FOR-US: Ericsson
+CVE-2021-43338
+ REJECTED
+CVE-2021-43337 (SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On ...)
+ - slurm-wlm <not-affected> (Affects only 21.08 series; vulnerable code introduced later)
+ NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html
+ NOTE: https://www.schedmd.com/news.php?id=256
+CVE-2021-42743
+ RESERVED
+CVE-2021-3926
+ RESERVED
+CVE-2021-3925
+ RESERVED
+CVE-2021-33845
+ RESERVED
+CVE-2021-31559
+ RESERVED
+CVE-2021-26253
+ RESERVED
+CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF file us ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43335
+ RESERVED
+CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Grou ...)
+ NOT-FOR-US: BuddyBoss
+CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...)
+ NOT-FOR-US: Datalogic
+CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...)
+ - mailman <removed> (bug #1000367)
+ [buster] - mailman <no-dsa> (Minor issue)
+ [stretch] - mailman <no-dsa> (Minor issue)
+ NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1949403
+CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user ...)
+ - mailman <removed> (bug #1000367)
+ [buster] - mailman <no-dsa> (Minor issue)
+ [stretch] - mailman <no-dsa> (Minor issue)
+ NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1949401
+CVE-2021-43330
+ RESERVED
+CVE-2021-43329
+ RESERVED
+CVE-2021-43328
+ RESERVED
+CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices. With a VCC ...)
+ NOT-FOR-US: Renesas
+CVE-2021-43326 (Automox Agent before 32 on Windows incorrectly sets permissions on a t ...)
+ NOT-FOR-US: Automox Agent
+CVE-2021-43325 (Automox Agent 33 on Windows incorrectly sets permissions on a temporar ...)
+ NOT-FOR-US: Automox Agent
+CVE-2021-43324 (LibreNMS through 21.10.2 allows XSS via a widget title. ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-43323 (An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
+CVE-2021-43322
+ RESERVED
+CVE-2021-43321
+ RESERVED
+CVE-2021-43320
+ REJECTED
+CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is vulne ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-43318
+ RESERVED
+CVE-2021-43317
+ RESERVED
+CVE-2021-43316
+ RESERVED
+CVE-2021-43315
+ RESERVED
+CVE-2021-43314
+ RESERVED
+CVE-2021-43313
+ RESERVED
+CVE-2021-43312
+ RESERVED
+CVE-2021-43311
+ RESERVED
+CVE-2021-43310
+ RESERVED
+CVE-2021-43309
+ RESERVED
+CVE-2021-43308
+ RESERVED
+CVE-2021-43307
+ RESERVED
+CVE-2021-43306
+ RESERVED
+CVE-2021-43305
+ RESERVED
+CVE-2021-43304
+ RESERVED
+CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
+CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...)
+ NOT-FOR-US: GoAhead Web Server
+CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 a ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Restricte ...)
+ NOT-FOR-US: Grav CMS
+CVE-2021-23222
+ RESERVED
+ {DSA-5007-1 DSA-5006-1 DLA-2817-1}
+ - postgresql-14 14.1-1
+ - postgresql-13 <unfixed>
+ - postgresql-11 <removed>
+ - postgresql-9.6 <removed>
+ NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d83cdfdca9d918bbbd6bb209139b94c954da7228 (REL9_6_24)
+CVE-2021-23214
+ RESERVED
+ {DSA-5007-1 DSA-5006-1 DLA-2817-1}
+ - postgresql-14 14.1-1
+ - postgresql-13 <unfixed>
+ - postgresql-11 <removed>
+ - postgresql-9.6 <removed>
+ NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=046c2c846b741a12e7fd61d8d86bf324a20e3dfc (REL9_6_24)
+CVE-2021-43296 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-43295 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-43294 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-43293 (Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote au ...)
+ NOT-FOR-US: Sonatype
+CVE-2021-43292
+ RESERVED
+CVE-2021-43291
+ RESERVED
+CVE-2021-43290
+ RESERVED
+CVE-2021-43289
+ RESERVED
+CVE-2021-43288
+ RESERVED
+CVE-2021-43287
+ RESERVED
+CVE-2021-43286
+ RESERVED
+CVE-2021-43285
+ RESERVED
+CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through 1.0.3. The r ...)
+ NOT-FOR-US: Victure WR1200 devices
+CVE-2021-43283 (An issue was discovered on Victure WR1200 devices through 1.0.3. A com ...)
+ NOT-FOR-US: Victure WR1200 devices
+CVE-2021-43282 (An issue was discovered on Victure WR1200 devices through 1.0.3. The d ...)
+ NOT-FOR-US: Victure WR1200 devices
+CVE-2021-43281 (MyBB before 1.8.29 allows Remote Code Injection by an admin with the " ...)
+ NOT-FOR-US: MyBB
+CVE-2021-43280 (A stack-based buffer overflow vulnerability exists in the DWF file rea ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43279 (An out-of-bounds write vulnerability exists in the U3D file reading pr ...)
+ NOT-FOR-US: Open Design Alliance PRC SDK
+CVE-2021-43278 (An Out-of-bounds Read vulnerability exists in the OBJ file reading pro ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43277 (An out-of-bounds read vulnerability exists in the U3D file reading pro ...)
+ NOT-FOR-US: Open Design Alliance PRC SDK
+CVE-2021-43276 (An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA ...)
+ NOT-FOR-US: Open Design Alliance ODA Viewer
+CVE-2021-43275 (A Use After Free vulnerability exists in the DGN file reading procedur ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43274 (A Use After Free Vulnerability exists in the Open Design Alliance Draw ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43273 (An Out-of-bounds Read vulnerability exists in the DGN file reading pro ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-43272 (An improper handling of exceptional conditions vulnerability exists in ...)
+ NOT-FOR-US: Open Design Alliance ODA Viewer
+CVE-2021-43271
+ RESERVED
+CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...)
+ NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus)
+CVE-2021-43269 (In Code42 app before 8.8.0, eval injection allows an attacker to chang ...)
+ NOT-FOR-US: Code42 app
+CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE component ...)
+ NOT-FOR-US: Wind River VxWorks
+CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...)
+ - mahara <removed>
+CVE-2021-43265 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag s ...)
+ - mahara <removed>
+CVE-2021-43264 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the ...)
+ - mahara <removed>
+CVE-2021-43263
+ RESERVED
+CVE-2021-43262
+ RESERVED
+CVE-2021-43261
+ RESERVED
+CVE-2021-43260
+ RESERVED
+CVE-2021-43259
+ RESERVED
+CVE-2021-43258
+ RESERVED
+CVE-2021-43257
+ RESERVED
+CVE-2021-3923
+ RESERVED
+CVE-2021-3922
+ RESERVED
+CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...)
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/fa40d9734a57bcbfa79a280189799f76c88f7bb0 (5.15)
+CVE-2021-43256 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43255 (Microsoft Office Trust Center Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43254
+ RESERVED
+CVE-2021-43253
+ RESERVED
+CVE-2021-43252
+ RESERVED
+CVE-2021-43251
+ RESERVED
+CVE-2021-43250
+ RESERVED
+CVE-2021-43249
+ RESERVED
+CVE-2021-43248 (Windows Digital Media Receiver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43247 (Windows TCP/IP Driver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43246 (Windows Hyper-V Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43245 (Windows Digital TV Tuner Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43244 (Windows Kernel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43243 (VP9 Video Extensions Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43242 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43241
+ RESERVED
+CVE-2021-43240 (NTFS Set Short Name Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43239 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43238 (Windows Remote Access Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43237 (Windows Setup Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43236 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43235 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43234 (Windows Fax Service Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43233 (Remote Desktop Client Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43232 (Windows Event Tracing Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43231 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43230 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43229 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43228 (SymCrypt Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43227 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43226 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43225 (Bot Framework SDK Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43224 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43223 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43222 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43221 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43220 (Microsoft Edge for iOS Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43219 (DirectX Graphics Kernel File Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43218
+ RESERVED
+CVE-2021-43217 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43216 (Microsoft Local Security Authority Server (lsasrv) Information Disclos ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43215 (iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Ex ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43214 (Web Media Extensions Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43213
+ RESERVED
+CVE-2021-43212
+ RESERVED
+CVE-2021-43211 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43210
+ RESERVED
+CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-43206
+ RESERVED
+CVE-2021-43205
+ RESERVED
+CVE-2021-43204 (A improper control of a resource through its lifetime in Fortinet Fort ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of Input Du ...)
+ NOT-FOR-US: Grav CMS
+CVE-2021-3919
+ RESERVED
+CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...)
+ NOT-FOR-US: JetBrains Ktor
+CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is m ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project could t ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in the Agent ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43199 (In JetBrains TeamCity before 2021.1.2, permission checks in the Create ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43198 (In JetBrains TeamCity before 2021.1.2, stored XSS is possible. ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43197 (In JetBrains TeamCity before 2021.1.2, email notifications could inclu ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43196 (In JetBrains TeamCity before 2021.1, information disclosure via the Do ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43195 (In JetBrains TeamCity before 2021.1.2, some HTTP security headers were ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43194 (In JetBrains TeamCity before 2021.1.2, user enumeration was possible. ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43193 (In JetBrains TeamCity before 2021.1.2, remote code execution via the a ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-43192 (In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking i ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43191 (JetBrains YouTrack Mobile before 2021.2, is missing the security scree ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43190 (In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43189 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43188 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43187 (In JetBrains YouTrack Mobile before 2021.2, the client-side cache on i ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43186 (JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43185 (JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header in ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43184 (In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. ...)
+ NOT-FOR-US: JetBrains YouTrack
+CVE-2021-43183 (In JetBrains Hub before 2021.1.13690, the authentication throttling me ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-43182 (In JetBrains Hub before 2021.1.13415, a DoS via user information is po ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-43181 (In JetBrains Hub before 2021.1.13690, stored XSS is possible. ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-43180 (In JetBrains Hub before 2021.1.13690, information disclosure via avata ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-43179
+ RESERVED
+CVE-2021-43178
+ RESERVED
+CVE-2021-43177
+ RESERVED
+CVE-2021-43176 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...)
+ NOT-FOR-US: GOautodial API
+CVE-2021-43175 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...)
+ NOT-FOR-US: GOautodial API
+CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...)
+ - node-json-schema 0.4.0+~7.0.9-1 (bug #999765)
+ [bullseye] - node-json-schema 0.3.0+~7.0.6-1+deb11u1
+ [buster] - node-json-schema <no-dsa> (Minor issue)
+ NOTE: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 (v0.4.0)
+CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...)
+ {DSA-5041-1}
+ - routinator <itp> (bug #929024)
+ - cfrpki 1.4.0-1
+ NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
+ NOTE: https://github.com/NLnetLabs/routinator/pull/667
+CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can be dela ...)
+ {DSA-5041-1 DSA-5033-1}
+ - routinator <itp> (bug #929024)
+ - cfrpki 1.4.0-1
+ - fort-validator 1.5.3-1
+ - rpki-client 7.5-1
+ NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
+ NOTE: https://github.com/NLnetLabs/routinator/pull/666
+ NOTE: https://github.com/NLnetLabs/routinator/pull/612
+CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRD ...)
+ - routinator <itp> (bug #929024)
+ - fort-validator <unfixed>
+ [bullseye] - fort-validator <postponed> (Minor issue, revisit when fixed upstream)
+ - cfrpki <unfixed>
+ [bullseye] - cfrpki <postponed> (Minor issue, revisit when fixed upstream)
+ - rpki-client 7.5-1
+ NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt
+ NOTE: https://github.com/NLnetLabs/routinator/pull/665
+CVE-2021-3917
+ RESERVED
+ NOT-FOR-US: coreos-installer
+CVE-2021-43171
+ RESERVED
+CVE-2021-43170
+ RESERVED
+CVE-2021-43169
+ RESERVED
+CVE-2021-43168
+ RESERVED
+CVE-2021-43167
+ RESERVED
+CVE-2021-43166
+ RESERVED
+CVE-2021-43165
+ RESERVED
+CVE-2021-43164
+ RESERVED
+CVE-2021-43163
+ RESERVED
+CVE-2021-43162
+ RESERVED
+CVE-2021-43161
+ RESERVED
+CVE-2021-43160
+ RESERVED
+CVE-2021-43159
+ RESERVED
+CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability ...)
+ NOT-FOR-US: ProjectWorlds Online Shopping System PHP
+CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL inj ...)
+ NOT-FOR-US: ProjectWorlds Online Shopping System PHP
+CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in adm ...)
+ NOT-FOR-US: ProjectWorlds Online Book Store PHP
+CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injecti ...)
+ NOT-FOR-US: ProjectWorlds Online Book Store PHP
+CVE-2021-43154
+ RESERVED
+CVE-2021-43153
+ RESERVED
+CVE-2021-43152
+ RESERVED
+CVE-2021-43151
+ RESERVED
+CVE-2021-43150
+ RESERVED
+CVE-2021-43149
+ RESERVED
+CVE-2021-43148
+ RESERVED
+CVE-2021-43147
+ RESERVED
+CVE-2021-43146
+ RESERVED
+CVE-2021-43145 (With certain LDAP configurations, Zammad 5.0.1 was found to be vulnera ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-43144
+ RESERVED
+CVE-2021-43143
+ RESERVED
+CVE-2021-43142
+ RESERVED
+CVE-2021-43141 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simp ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43140 (SQL Injection vulnerability exists in Sourcecodester. Simple Subscript ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43139
+ RESERVED
+CVE-2021-43138
+ RESERVED
+CVE-2021-43137 (Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulne ...)
+ NOT-FOR-US: hostel management system
+CVE-2021-43136 (An authentication bypass issue in FormaLMS &lt;= 2.4.4 allows an attac ...)
+ NOT-FOR-US: FormaLMS
+CVE-2021-43135
+ RESERVED
+CVE-2021-43134
+ RESERVED
+CVE-2021-43133
+ RESERVED
+CVE-2021-43132
+ RESERVED
+CVE-2021-43131
+ RESERVED
+CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester Customer Relat ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-43129
+ RESERVED
+CVE-2021-43128
+ RESERVED
+CVE-2021-43127
+ RESERVED
+CVE-2021-43126
+ RESERVED
+CVE-2021-43125
+ RESERVED
+CVE-2021-43124
+ RESERVED
+CVE-2021-43123
+ RESERVED
+CVE-2021-43122
+ RESERVED
+CVE-2021-43121
+ RESERVED
+CVE-2021-43120
+ RESERVED
+CVE-2021-43119
+ RESERVED
+CVE-2021-43118
+ RESERVED
+CVE-2021-43117 (fastadmin v1.2.1 is affected by a file upload vulnerability which allo ...)
+ NOT-FOR-US: fastadmin
+CVE-2021-43116
+ RESERVED
+CVE-2021-43115
+ RESERVED
+CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...)
+ {DSA-5033-1}
+ - fort-validator 1.5.2-1
+CVE-2021-43113 (iTextPDF in iText 7 and up to 7.1.17 allows command injection via a Co ...)
+ NOT-FOR-US: iText
+CVE-2021-43112
+ RESERVED
+CVE-2021-43111
+ RESERVED
+CVE-2021-43110
+ RESERVED
+CVE-2021-43109
+ RESERVED
+CVE-2021-43108
+ RESERVED
+CVE-2021-43107
+ RESERVED
+CVE-2021-43106 (A Header Injection vulnerability exists in Compass Plus TranzWare Onli ...)
+ NOT-FOR-US: Compass Plus TranzWare
+CVE-2021-43105
+ RESERVED
+CVE-2021-43104
+ RESERVED
+CVE-2021-43103
+ RESERVED
+CVE-2021-43102
+ RESERVED
+CVE-2021-43101
+ RESERVED
+CVE-2021-43100
+ RESERVED
+CVE-2021-43099
+ RESERVED
+CVE-2021-43098
+ RESERVED
+CVE-2021-43097
+ RESERVED
+CVE-2021-43096
+ RESERVED
+CVE-2021-43095
+ RESERVED
+CVE-2021-43094
+ RESERVED
+CVE-2021-43093
+ RESERVED
+CVE-2021-43092
+ RESERVED
+CVE-2021-43091
+ RESERVED
+CVE-2021-43090
+ RESERVED
+CVE-2021-43089
+ RESERVED
+CVE-2021-43088
+ RESERVED
+CVE-2021-43087
+ RESERVED
+CVE-2021-43086
+ RESERVED
+CVE-2021-43085
+ RESERVED
+CVE-2021-43084
+ RESERVED
+CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
+ NOT-FOR-US: bookstack
+CVE-2021-43083 (Apache PLC4X - PLC4C (Only the C language implementation was effected) ...)
+ NOT-FOR-US: Apache PLC4X
+CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
+ - trafficserver 9.1.1+ds-1
+ [bullseye] - trafficserver <not-affected> (Vulnerable code not present, introduced in 9.x)
+ [buster] - trafficserver <not-affected> (Vulnerable code not present, introduced in 9.x)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/pull/8475
+ NOTE: https://github.com/apache/trafficserver/commit/02b17dbe3cff71ffd31577d872e077531124d207 (master)
+ NOTE: CVE description is wrong, this doesn't affect 8.1, only 9.x/master:
+ NOTE: Introduced with https://github.com/apache/trafficserver/commit/5e2385b666b4176be0f64fbadfbfae42094db396 (9.1.0-rc0)
+CVE-2021-3915 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...)
+ NOT-FOR-US: bookstack
+CVE-2021-43081
+ RESERVED
+CVE-2021-43080
+ RESERVED
+CVE-2021-43079
+ RESERVED
+CVE-2021-43078
+ RESERVED
+CVE-2021-43077
+ RESERVED
+CVE-2021-43076
+ RESERVED
+CVE-2021-43075
+ RESERVED
+CVE-2021-43074
+ RESERVED
+CVE-2021-43073 (A improper neutralization of special elements used in an os command (' ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43072
+ RESERVED
+CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6. ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43070
+ RESERVED
+CVE-2021-43069
+ RESERVED
+CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator version 6.4.0 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor in Fortin ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43066
+ RESERVED
+CVE-2021-43065 (A incorrect permission assignment for critical resource in Fortinet Fo ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43063 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43062 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-43061
+ RESERVED
+CVE-2021-43060
+ RESERVED
+CVE-2021-43059
+ RESERVED
+CVE-2021-43058 (An open redirect vulnerability exists in Replicated Classic versions p ...)
+ NOT-FOR-US: Replicated
+CVE-2021-3914
+ RESERVED
+CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A use-after ...)
+ - linux 5.14.9-1
+ [bullseye] - linux <not-affected> (Vulnerable code introduced later)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/a3727a8bac0a9e77c70820655fd8715523ba3db7 (5.15-rc3)
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2229
+CVE-2021-43055 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43054 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43053 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43052 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire ...)
+ NOT-FOR-US: Spotfire Server component of TIBCO
+CVE-2021-43050 (The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConne ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43049 (The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43048 (The Interior Server and Gateway Server components of TIBCO Software In ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43047 (The Interior Server and Gateway Server components of TIBCO Software In ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43046 (The Interior Server and Gateway Server components of TIBCO Software In ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5.14.15 ...)
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6)
+CVE-2021-43045 (A vulnerability in the .NET SDK of Apache Avro allows an attacker to a ...)
+ NOT-FOR-US: Apache Avro
+CVE-2021-3913
+ RESERVED
+CVE-2021-43044 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43043 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43042 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43041 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43040 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43039 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43038 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43037 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43036 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43035 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43034 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-43033 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-3912 (OctoRPKI tries to load the entire contents of a repository in memory, ...)
+ {DSA-5041-1}
+ - routinator <itp> (bug #929024)
+ - cfrpki 1.4.0-1
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g9wh-3vrx-r7hg
+CVE-2021-3911 (If the ROA that a repository returns contains too many bits for the IP ...)
+ {DSA-5041-1}
+ - cfrpki 1.4.0-1
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-w6ww-fmfx-2x22
+CVE-2021-3910 (OctoRPKI crashes when encountering a repository that returns an invali ...)
+ {DSA-5041-1}
+ - cfrpki 1.4.0-1
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j
+CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing for a slo ...)
+ {DSA-5041-1 DSA-5033-1}
+ - routinator <itp> (bug #929024)
+ - cfrpki 1.4.0-1
+ - fort-validator 1.5.3-1
+ - rpki-client 7.5-1
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244
+CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain, allowing for ...)
+ {DSA-5041-1}
+ - cfrpki 1.4.0-1
+ - routinator <itp> (bug #929024)
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq
+CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..", this a ...)
+ {DSA-5041-1 DSA-5033-1}
+ - cfrpki 1.4.0-1
+ - fort-validator 1.5.3-1
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh
+CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...)
+ NOT-FOR-US: bookstack
+CVE-2021-43032 (In XenForo through 2.2.7, a threat actor with access to the admin pane ...)
+ NOT-FOR-US: XenForo
+CVE-2021-43031
+ RESERVED
+CVE-2021-43030 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43029 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43028 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43027
+ RESERVED
+CVE-2021-43026 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43025 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43024 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43023 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43022 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43021 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43020
+ RESERVED
+CVE-2021-43019 (Adobe Creative Cloud version 5.5 (and earlier) are affected by a privi ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43018
+ RESERVED
+CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by an Appl ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43016 (Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43015 (Adobe InCopy version 16.4 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43014
+ RESERVED
+CVE-2021-43013 (Adobe Media Encoder version 15.4.1 (and earlier) are affected by a mem ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43012 (Adobe Prelude version 10.1 (and earlier) are affected by a memory corr ...)
+ NOT-FOR-US: Adobe
+CVE-2021-43011 (Adobe Prelude version 10.1 (and earlier) are affected by a memory corr ...)
+ NOT-FOR-US: Adobe
+CVE-2021-3905 [External triggered memory leak in Open vSwitch while processing fragmented packets]
+ RESERVED
+ - openvswitch <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/openvswitch/ovs-issues/issues/226
+ NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/640d4db788eda96bb904abcfc7de2327107bafe1 (v2.16.0)
+ NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349
+CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web Page ...)
+ NOT-FOR-US: Grav CMS
+CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3565-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
+ NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
+ NOTE: PoC crashes starting with https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 (v8.2.0149)
+CVE-2021-43010
+ RESERVED
+CVE-2021-43009
+ RESERVED
+CVE-2021-43008
+ RESERVED
+CVE-2021-43007
+ RESERVED
+CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...)
+ NOT-FOR-US: AmZetta Amzetta zPortal DVM Tools
+CVE-2021-43005
+ RESERVED
+CVE-2021-43004
+ RESERVED
+CVE-2021-43003 (Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL ...)
+ NOT-FOR-US: Amzetta
+CVE-2021-43002 (Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handle ...)
+ NOT-FOR-US: Amzetta
+CVE-2021-43001
+ RESERVED
+CVE-2021-43000 (Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL ...)
+ NOT-FOR-US: Amzetta
+CVE-2021-42999
+ RESERVED
+CVE-2021-42998
+ RESERVED
+CVE-2021-42997
+ RESERVED
+CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...)
+ NOT-FOR-US: Donglify
+CVE-2021-42995
+ RESERVED
+CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...)
+ NOT-FOR-US: Donglify
+CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...)
+ NOT-FOR-US: FlexiHub For Windows
+CVE-2021-42992
+ RESERVED
+CVE-2021-42991
+ RESERVED
+CVE-2021-42990 (FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x2 ...)
+ NOT-FOR-US: FlexiHub For Windows
+CVE-2021-42989
+ RESERVED
+CVE-2021-42988 (Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler ...)
+ NOT-FOR-US: Eltima USB Network Gate
+CVE-2021-42987 (Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler ...)
+ NOT-FOR-US: Eltima USB Network Gate
+CVE-2021-42986 (NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Han ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42985
+ RESERVED
+CVE-2021-42984
+ RESERVED
+CVE-2021-42983 (NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Hand ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42982
+ RESERVED
+CVE-2021-42981
+ RESERVED
+CVE-2021-42980 (NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0 ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42979 (NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42978
+ RESERVED
+CVE-2021-42977 (NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Ha ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42976 (NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Han ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42975
+ RESERVED
+CVE-2021-42974
+ RESERVED
+CVE-2021-42973 (NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x2200 ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42972 (NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001 ...)
+ NOT-FOR-US: NoMachine
+CVE-2021-42971
+ RESERVED
+CVE-2021-42970
+ RESERVED
+CVE-2021-42969
+ RESERVED
+CVE-2021-42968
+ RESERVED
+CVE-2021-42967
+ RESERVED
+CVE-2021-42966
+ RESERVED
+CVE-2021-42965
+ RESERVED
+CVE-2021-42964
+ RESERVED
+CVE-2021-42963
+ RESERVED
+CVE-2021-42962
+ RESERVED
+CVE-2021-42961
+ RESERVED
+CVE-2021-42960
+ RESERVED
+CVE-2021-42959
+ RESERVED
+CVE-2021-42958
+ RESERVED
+CVE-2021-42957
+ RESERVED
+CVE-2021-42956 (Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.21 ...)
+ NOT-FOR-US: Zoho
+CVE-2021-42955 (Zoho Remote Access Plus Server Windows Desktop binary fixed in version ...)
+ NOT-FOR-US: Zoho
+CVE-2021-42954 (Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1. ...)
+ NOT-FOR-US: Zoho
+CVE-2021-42953
+ RESERVED
+CVE-2021-42952
+ RESERVED
+CVE-2021-42951
+ RESERVED
+CVE-2021-42950
+ RESERVED
+CVE-2021-42949
+ RESERVED
+CVE-2021-42948
+ RESERVED
+CVE-2021-42947
+ RESERVED
+CVE-2021-42946
+ RESERVED
+CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclass ...)
+ NOT-FOR-US: ZZCMS
+CVE-2021-42944
+ RESERVED
+CVE-2021-42943
+ RESERVED
+CVE-2021-42942
+ RESERVED
+CVE-2021-42941
+ RESERVED
+CVE-2021-42940 (A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 v ...)
+ NOT-FOR-US: Projeqtor
+CVE-2021-42939
+ RESERVED
+CVE-2021-42938
+ RESERVED
+CVE-2021-42937
+ RESERVED
+CVE-2021-42936
+ RESERVED
+CVE-2021-42935
+ RESERVED
+CVE-2021-42934
+ RESERVED
+CVE-2021-42933
+ RESERVED
+CVE-2021-42932
+ RESERVED
+CVE-2021-42931
+ RESERVED
+CVE-2021-42930
+ RESERVED
+CVE-2021-42929
+ RESERVED
+CVE-2021-42928
+ RESERVED
+CVE-2021-42927
+ RESERVED
+CVE-2021-42926
+ RESERVED
+CVE-2021-42925
+ RESERVED
+CVE-2021-42924
+ RESERVED
+CVE-2021-42923
+ RESERVED
+CVE-2021-42922
+ RESERVED
+CVE-2021-42921
+ RESERVED
+CVE-2021-42920
+ RESERVED
+CVE-2021-42919
+ RESERVED
+CVE-2021-42918
+ RESERVED
+CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attacker ...)
+ - kodi 2:19.3+dfsg1-1 (bug #998419)
+ [bullseye] - kodi 2:19.1+dfsg2-2+deb11u1
+ [buster] - kodi <no-dsa> (Minor issue)
+ [stretch] - kodi <postponed> (no point in fixing this when the more severe CVE-2017-5982 is ignored)
+ - xbmc <removed>
+ NOTE: https://github.com/xbmc/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237
+ NOTE: https://github.com/xbmc/xbmc/issues/20305
+ NOTE: https://github.com/xbmc/xbmc/pull/20306
+CVE-2021-42916
+ RESERVED
+CVE-2021-42915
+ RESERVED
+CVE-2021-42914
+ RESERVED
+CVE-2021-42913 (The SyncThru Web Service on Samsung SCX-6x55X printers allows an attac ...)
+ NOT-FOR-US: SyncThru Web Service on Samsung SCX-6x55X printers
+CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...)
+ NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617
+CVE-2021-42911
+ RESERVED
+CVE-2021-42910
+ RESERVED
+CVE-2021-42909
+ RESERVED
+CVE-2021-42908
+ RESERVED
+CVE-2021-42907
+ RESERVED
+CVE-2021-42906
+ RESERVED
+CVE-2021-42905
+ RESERVED
+CVE-2021-42904
+ RESERVED
+CVE-2021-42903
+ RESERVED
+CVE-2021-42902
+ RESERVED
+CVE-2021-42901
+ RESERVED
+CVE-2021-42900
+ RESERVED
+CVE-2021-42899
+ RESERVED
+CVE-2021-42898
+ RESERVED
+CVE-2021-42897
+ RESERVED
+CVE-2021-42896
+ RESERVED
+CVE-2021-42895
+ RESERVED
+CVE-2021-42894
+ RESERVED
+CVE-2021-42893
+ RESERVED
+CVE-2021-42892
+ RESERVED
+CVE-2021-42891
+ RESERVED
+CVE-2021-42890
+ RESERVED
+CVE-2021-42889
+ RESERVED
+CVE-2021-42888
+ RESERVED
+CVE-2021-42887
+ RESERVED
+CVE-2021-42886
+ RESERVED
+CVE-2021-42885
+ RESERVED
+CVE-2021-42884
+ RESERVED
+CVE-2021-42883
+ RESERVED
+CVE-2021-42882
+ RESERVED
+CVE-2021-42881
+ RESERVED
+CVE-2021-42880
+ RESERVED
+CVE-2021-42879
+ RESERVED
+CVE-2021-42878
+ RESERVED
+CVE-2021-42877
+ RESERVED
+CVE-2021-42876
+ RESERVED
+CVE-2021-42875
+ RESERVED
+CVE-2021-42874
+ RESERVED
+CVE-2021-42873
+ RESERVED
+CVE-2021-42872
+ RESERVED
+CVE-2021-42871
+ RESERVED
+CVE-2021-42870
+ RESERVED
+CVE-2021-42869
+ RESERVED
+CVE-2021-42868
+ RESERVED
+CVE-2021-42867
+ RESERVED
+CVE-2021-42866
+ RESERVED
+CVE-2021-42865
+ RESERVED
+CVE-2021-42864
+ RESERVED
+CVE-2021-42863
+ RESERVED
+CVE-2021-42862
+ RESERVED
+CVE-2021-42861
+ RESERVED
+CVE-2021-42860
+ RESERVED
+CVE-2021-42859
+ RESERVED
+CVE-2021-42858
+ RESERVED
+CVE-2021-42857
+ RESERVED
+CVE-2021-42856
+ RESERVED
+CVE-2021-42855
+ RESERVED
+CVE-2021-42854
+ RESERVED
+CVE-2021-42853
+ RESERVED
+CVE-2021-3902
+ RESERVED
+CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-42852
+ RESERVED
+CVE-2021-42851
+ RESERVED
+CVE-2021-42850
+ RESERVED
+CVE-2021-42849
+ RESERVED
+CVE-2021-42848
+ RESERVED
+CVE-2021-3899
+ RESERVED
+CVE-2021-3898
+ RESERVED
+CVE-2021-3897
+ RESERVED
+CVE-2021-42847 (Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write t ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-42846
+ RESERVED
+CVE-2021-42845
+ RESERVED
+CVE-2021-42844
+ RESERVED
+CVE-2021-42843
+ RESERVED
+CVE-2021-42842
+ RESERVED
+CVE-2021-42841 (Insta HMS before 12.4.10 is vulnerable to XSS because of improper vali ...)
+ NOT-FOR-US: Insta HMS
+CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-42839 (Grand Vice info Co. webopac7 file upload function fails to filter spec ...)
+ NOT-FOR-US: Grand Vice info Co. webopac7 file upload function
+CVE-2021-42838 (Grand Vice info Co. webopac7 book search field parameter does not prop ...)
+ NOT-FOR-US: Grand Vice info Co. webopac7 book search field parameter
+CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-20210930. Af ...)
+ NOT-FOR-US: Talend Data Catalog
+CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...)
+ - golang-github-tidwall-gjson <unfixed> (bug #1000225)
+ NOTE: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
+ NOTE: https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
+ NOTE: https://github.com/tidwall/gjson/issues/236
+ NOTE: https://github.com/tidwall/gjson/issues/237
+CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081-e362d ...)
+ NOT-FOR-US: Plex Media Server
+CVE-2021-42834
+ RESERVED
+CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in AquaView versio ...)
+ NOT-FOR-US: AquaView
+CVE-2021-42832
+ RESERVED
+CVE-2021-42831
+ RESERVED
+CVE-2021-42830
+ RESERVED
+CVE-2021-42829
+ RESERVED
+CVE-2021-42828
+ RESERVED
+CVE-2021-42827
+ RESERVED
+CVE-2021-42826
+ RESERVED
+CVE-2021-42825
+ RESERVED
+CVE-2021-42824
+ RESERVED
+CVE-2021-42823
+ RESERVED
+CVE-2021-42822
+ RESERVED
+CVE-2021-42821
+ RESERVED
+CVE-2021-42820
+ RESERVED
+CVE-2021-42819
+ RESERVED
+CVE-2021-42818
+ RESERVED
+CVE-2021-42817
+ RESERVED
+CVE-2021-42816
+ RESERVED
+CVE-2021-42815
+ RESERVED
+CVE-2021-42814
+ RESERVED
+CVE-2021-42813
+ RESERVED
+CVE-2021-3896
+ REJECTED
+CVE-2021-42812
+ RESERVED
+CVE-2021-42811
+ RESERVED
+CVE-2021-42810 (A flaw in the previous versions of the product may allow an authentica ...)
+ NOT-FOR-US: Thales SafeNet Agent
+CVE-2021-42809 (Improper Access Control of Dynamically-Managed Code Resources (DLL) in ...)
+ NOT-FOR-US: ThalesThales Sentinel Protection Installer
+CVE-2021-42808 (Improper Access Control in Thales Sentinel Protection Installer could ...)
+ NOT-FOR-US: Thales Sentinel Protection Installer
+CVE-2021-42807
+ RESERVED
+CVE-2021-42806
+ RESERVED
+CVE-2021-42805
+ RESERVED
+CVE-2021-42804
+ RESERVED
+CVE-2021-42803
+ RESERVED
+CVE-2021-42802
+ RESERVED
+CVE-2021-42801
+ RESERVED
+CVE-2021-42800
+ RESERVED
+CVE-2021-42799
+ RESERVED
+CVE-2021-42798
+ RESERVED
+CVE-2021-42797
+ RESERVED
+CVE-2021-42796
+ RESERVED
+CVE-2021-42795
+ RESERVED
+CVE-2021-42794
+ RESERVED
+CVE-2021-42793
+ RESERVED
+CVE-2021-42792
+ RESERVED
+CVE-2021-42791 (An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP req ...)
+ NOT-FOR-US: VeridiumID
+CVE-2021-42790
+ RESERVED
+CVE-2021-42789
+ RESERVED
+CVE-2021-42788
+ RESERVED
+CVE-2021-42787
+ RESERVED
+CVE-2021-42786
+ RESERVED
+CVE-2021-42785 (Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allo ...)
+ NOT-FOR-US: TightVNC Viewer
+CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in debug_po ...)
+ NOT-FOR-US: D-Link
+CVE-2021-42782
+ RESERVED
+CVE-2021-42781
+ RESERVED
+CVE-2021-42780
+ RESERVED
+CVE-2021-42779
+ RESERVED
+CVE-2021-42778
+ RESERVED
+CVE-2021-42777
+ RESERVED
+CVE-2021-42776 (CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE ...)
+ NOT-FOR-US: CloverDX Server
+CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
+ NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager
+CVE-2021-42774 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
+ NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager
+CVE-2021-42773 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
+ NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager
+CVE-2021-42772 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...)
+ NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager
+CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary ...)
+ {DSA-5018-1 DLA-2790-1}
+ - python-babel 2.8.0+dfsg.1-7 (bug #987824)
+ NOTE: https://www.tenable.com/security/research/tra-2021-14
+ NOTE: https://github.com/python-babel/babel/pull/782
+CVE-2021-42770 (A Cross-site scripting (XSS) vulnerability was discovered in OPNsense ...)
+ NOT-FOR-US: OPNsense
+CVE-2021-42769
+ RESERVED
+CVE-2021-42768
+ RESERVED
+CVE-2021-42767
+ RESERVED
+CVE-2021-42766 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...)
+ NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol
+CVE-2021-42765 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...)
+ NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol
+CVE-2021-42764 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...)
+ NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol
+CVE-2021-42763 (Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive In ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allow ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=231479
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
+CVE-2021-42761
+ RESERVED
+CVE-2021-42760 (A improper neutralization of special elements used in an sql command ( ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP version 8. ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42758 (An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 a ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of FortiOS befo ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42756
+ RESERVED
+CVE-2021-42755
+ RESERVED
+CVE-2021-42754 (An improper control of generation of code vulnerability [CWE-94] in Fo ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-42753 (An improper limitation of a pathname to a restricted directory ('Path ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42752 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-42751
+ RESERVED
+CVE-2021-42750
+ RESERVED
+CVE-2021-42749 (In Beaver Themer, attackers can bypass conditional logic controls (for ...)
+ NOT-FOR-US: Beaver
+CVE-2021-42748 (In Beaver Builder through 2.5.0.3, attackers can bypass the visibility ...)
+ NOT-FOR-US: Beaver
+CVE-2021-42747
+ RESERVED
+CVE-2021-42745
+ RESERVED
+CVE-2021-3895
+ RESERVED
+CVE-2021-23192 [dcerpc requests don't check all fragments against the first auth_state]
+ RESERVED
+ {DSA-5003-1}
+ - samba 2:4.13.14+dfsg-1
+ [buster] - samba <not-affected> (Vulnerable code introduced later)
+ [stretch] - samba <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14875
+ NOTE: https://www.samba.org/samba/security/CVE-2021-23192.html
+CVE-2021-XXXX [RUSTSEC-2020-0159: Potential segfault in localtime_r invocations]
+ - rust-chrono <unfixed> (bug #996913)
+ [bullseye] - rust-chrono <no-dsa> (Minor issue)
+ [buster] - rust-chrono <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0159.html
+ NOTE: https://github.com/chronotope/chrono/issues/499
+CVE-2021-42742
+ RESERVED
+CVE-2021-42741
+ RESERVED
+CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows command inject ...)
+ - node-shell-quote 1.7.3+~1.7.1-1 (bug #998418)
+ NOTE: https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe (1.7.3)
+CVE-2021-42739 (The firewire subsystem in the Linux kernel through 5.14.13 has a buffe ...)
+ {DLA-2843-1}
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://seclists.org/oss-sec/2021/q2/46
+ NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/
+CVE-2021-42738 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42737 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42736
+ RESERVED
+CVE-2021-42735
+ RESERVED
+CVE-2021-42734
+ RESERVED
+CVE-2021-42733 (Adobe Prelude version 10.1 (and earlier) is affected by an improper in ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42732
+ RESERVED
+CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42730
+ RESERVED
+CVE-2021-42729
+ RESERVED
+CVE-2021-42728
+ RESERVED
+CVE-2021-42727 (Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42726 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42725 (Adobe Experience Manager version 6.5.9.0 (and earlier) are affected by ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42724
+ RESERVED
+CVE-2021-42723 (Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42722
+ RESERVED
+CVE-2021-42721 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42720
+ RESERVED
+CVE-2021-42719
+ RESERVED
+CVE-2021-42718
+ RESERVED
+CVE-2021-3894 [sctp: local DoS: unprivileged user can cause BUG()]
+ RESERVED
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014970
+CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...)
+ {DSA-5023-1}
+ - modsecurity 3.0.6-1
+ [bullseye] - modsecurity <no-dsa> (Minor issue; does not have connector packages in Debian)
+ [buster] - modsecurity <no-dsa> (Minor issue; does not have connector packages in Debian)
+ - modsecurity-apache 2.9.5-1
+ [stretch] - modsecurity-apache <postponed> (revisit when/if fixed upstream)
+ NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2647
+ NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/
+ NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/41918335fa4c74fba46a986771a5a6cb457070c4 (v2.9.5)
+ NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/ac79c1c29b7e6323e26cc984ad4f76ef62c731cd (v3.0.6)
+CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...)
+ - libstb <unfixed>
+ [bullseye] - libstb <no-dsa> (Minor issue)
+ [buster] - libstb <no-dsa> (Minor issue)
+ NOTE: https://github.com/nothings/stb/issues/1166
+ NOTE: https://github.com/nothings/stb/issues/1225
+ NOTE: https://github.com/nothings/stb/pull/1223
+CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR ...)
+ - libstb <unfixed>
+ [bullseye] - libstb <no-dsa> (Minor issue)
+ [buster] - libstb <no-dsa> (Minor issue)
+ NOTE: https://github.com/nothings/stb/issues/1224
+ NOTE: https://github.com/nothings/stb/pull/1223
+CVE-2021-42714 (Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a T ...)
+ NOT-FOR-US: Splashtop Remote Client
+CVE-2021-42713 (Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a T ...)
+ NOT-FOR-US: Splashtop Remote Client
+CVE-2021-42712 (Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Direc ...)
+ NOT-FOR-US: Splashtop Streamer
+CVE-2021-42711 (Barracuda Network Access Client before 5.2.2 creates a Temporary File ...)
+ NOT-FOR-US: Barracuda Network Access Client
+CVE-2021-42710
+ RESERVED
+CVE-2021-42709
+ RESERVED
+CVE-2021-42708
+ RESERVED
+CVE-2021-42707 (PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds ...)
+ NOT-FOR-US: PLC Editor
+CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...)
+ NOT-FOR-US: Advantech
+CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...)
+ NOT-FOR-US: PLC Editor
+CVE-2021-42704
+ RESERVED
+CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...)
+ NOT-FOR-US: Advantech
+CVE-2021-42702
+ RESERVED
+CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...)
+ NOT-FOR-US: AzeoTech
+CVE-2021-42700
+ RESERVED
+CVE-2021-42699 (The affected product is vulnerable to cookie information being transmi ...)
+ NOT-FOR-US: AzeoTech
+CVE-2021-42698 (Project files are stored memory objects in the form of binary serializ ...)
+ NOT-FOR-US: AzeoTech
+CVE-2021-42697 (Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhausti ...)
+ NOT-FOR-US: Akka HTTP
+CVE-2021-42696
+ RESERVED
+CVE-2021-42695
+ RESERVED
+CVE-2021-42694 (An issue was discovered in the character definitions of the Unicode Sp ...)
+ NOT-FOR-US: Unicode spec
+CVE-2021-42693
+ RESERVED
+CVE-2021-42692
+ RESERVED
+CVE-2021-42691
+ RESERVED
+CVE-2021-42690
+ RESERVED
+CVE-2021-42689
+ RESERVED
+CVE-2021-42688 (An Integer Overflow vulnerability exists in Accops HyWorks Windows Cli ...)
+ NOT-FOR-US: Accops HyWorks Windows Client
+CVE-2021-42687 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
+ NOT-FOR-US: Accops HyWorks Windows Client
+CVE-2021-42686 (An Integer Overflow exists in Accops HyWorks Windows Client prior to v ...)
+ NOT-FOR-US: Accops HyWorks Windows Client
+CVE-2021-42685 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
+ NOT-FOR-US: Accops HyWorks DVM Tools
+CVE-2021-42684
+ RESERVED
+CVE-2021-42683 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...)
+ NOT-FOR-US: Accops HyWorks Windows Client
+CVE-2021-42682 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...)
+ NOT-FOR-US: Accops HyWorks DVM Tools
+CVE-2021-42681 (A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools pri ...)
+ NOT-FOR-US: Accops HyWorks DVM Tools
+CVE-2021-42680
+ RESERVED
+CVE-2021-42679
+ RESERVED
+CVE-2021-42678
+ RESERVED
+CVE-2021-42677
+ RESERVED
+CVE-2021-42676
+ RESERVED
+CVE-2021-42675
+ RESERVED
+CVE-2021-42674
+ RESERVED
+CVE-2021-42673
+ RESERVED
+CVE-2021-42672
+ RESERVED
+CVE-2021-42671 (An incorrect access control vulnerability exists in Sourcecodester Eng ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42670 (A SQL injection vulnerability exists in Sourcecodester Engineers Onlin ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42669 (A file upload vulnerability exists in Sourcecodester Engineers Online ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42668 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42667 (A SQL Injection vulnerability exists in Sourcecodester Online Event Bo ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42666 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42665 (An SQL Injection vulnerability exists in Sourcecodester Engineers Onli ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42664 (A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecod ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42663 (An HTML injection vulnerability exists in Sourcecodester Online Event ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42662 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42661
+ RESERVED
+CVE-2021-42660
+ RESERVED
+CVE-2021-42659
+ RESERVED
+CVE-2021-42658
+ RESERVED
+CVE-2021-42657
+ RESERVED
+CVE-2021-42656
+ RESERVED
+CVE-2021-42655
+ RESERVED
+CVE-2021-42654
+ RESERVED
+CVE-2021-42653
+ RESERVED
+CVE-2021-42652
+ RESERVED
+CVE-2021-42651
+ RESERVED
+CVE-2021-42650 (Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9 ...)
+ NOT-FOR-US: Portainer
+CVE-2021-42649
+ RESERVED
+CVE-2021-42648
+ RESERVED
+CVE-2021-42647
+ RESERVED
+CVE-2021-42646
+ RESERVED
+CVE-2021-42645
+ RESERVED
+CVE-2021-42644
+ RESERVED
+CVE-2021-42643
+ RESERVED
+CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42640 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42639 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42638 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitiz ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42637 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-contr ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42636
+ RESERVED
+CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcode ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42634
+ RESERVED
+CVE-2021-42633 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42632
+ RESERVED
+CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes a ...)
+ NOT-FOR-US: PrinterLogic Web Stack
+CVE-2021-42630
+ RESERVED
+CVE-2021-42629
+ RESERVED
+CVE-2021-42628
+ RESERVED
+CVE-2021-42627
+ RESERVED
+CVE-2021-42626
+ RESERVED
+CVE-2021-42625
+ RESERVED
+CVE-2021-42624 (A local buffer overflow vulnerability exists in the latest version of ...)
+ NOT-FOR-US: Miniftpd
+CVE-2021-42623
+ RESERVED
+CVE-2021-42622
+ RESERVED
+CVE-2021-42621
+ RESERVED
+CVE-2021-42620
+ RESERVED
+CVE-2021-42619
+ RESERVED
+CVE-2021-42618
+ RESERVED
+CVE-2021-42617
+ RESERVED
+CVE-2021-42616
+ RESERVED
+CVE-2021-42615
+ RESERVED
+CVE-2021-42614
+ RESERVED
+CVE-2021-42613
+ RESERVED
+CVE-2021-42612
+ RESERVED
+CVE-2021-42611
+ RESERVED
+CVE-2021-42610
+ RESERVED
+CVE-2021-42609
+ RESERVED
+CVE-2021-42608
+ RESERVED
+CVE-2021-42607
+ RESERVED
+CVE-2021-42606
+ RESERVED
+CVE-2021-42605
+ RESERVED
+CVE-2021-42604
+ RESERVED
+CVE-2021-42603
+ RESERVED
+CVE-2021-42602
+ RESERVED
+CVE-2021-42601
+ RESERVED
+CVE-2021-42600
+ RESERVED
+CVE-2021-42599
+ RESERVED
+CVE-2021-42598
+ RESERVED
+CVE-2021-42597
+ RESERVED
+CVE-2021-42596
+ RESERVED
+CVE-2021-42595
+ RESERVED
+CVE-2021-42594
+ RESERVED
+CVE-2021-42593
+ RESERVED
+CVE-2021-42592
+ RESERVED
+CVE-2021-42591
+ RESERVED
+CVE-2021-42590
+ RESERVED
+CVE-2021-42589
+ RESERVED
+CVE-2021-42588
+ RESERVED
+CVE-2021-42587
+ RESERVED
+CVE-2021-42586
+ RESERVED
+CVE-2021-42585
+ RESERVED
+CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...)
+ NOT-FOR-US: Convos-Chat
+CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy ...)
+ NOT-FOR-US: Max Mazurov Maddy
+CVE-2021-42582
+ RESERVED
+CVE-2021-42581
+ RESERVED
+CVE-2021-42580 (Sourcecodester Online Learning System 2.0 is vunlerable to sql injecti ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42579
+ RESERVED
+CVE-2021-42578
+ RESERVED
+CVE-2021-42577
+ RESERVED
+CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Py ...)
+ - golang-github-microcosm-cc-bluemonday 1.0.16-1
+ [bullseye] - golang-github-microcosm-cc-bluemonday <no-dsa> (Minor issue)
+ NOTE: https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/
+CVE-2021-42575 (The OWASP Java HTML Sanitizer before 20211018.1 does not properly enfo ...)
+ NOT-FOR-US: OWASP HTML Sanitizer
+CVE-2021-42574 (An issue was discovered in the Bidirectional Algorithm in the Unicode ...)
+ - rustc <unfixed>
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/01/1
+ NOTE: https://github.com/rust-lang/rust/commit/dd61274930ec0cd17711fab52d2bc9ad3e9053de (1.56.1)
+CVE-2021-42573
+ RESERVED
+CVE-2021-42572
+ RESERVED
+CVE-2021-42571
+ RESERVED
+CVE-2021-42570
+ RESERVED
+CVE-2021-42569
+ RESERVED
+CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers ...)
+ NOT-FOR-US: Sonatype
+CVE-2021-42567 (Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST ...)
+ NOT-FOR-US: Apereo CAS
+CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...)
+ NOT-FOR-US: myfactory.FMS
+CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...)
+ NOT-FOR-US: myfactory.FMS
+CVE-2021-42564 (An open redirect through HTML injection in confidential messages in Cr ...)
+ NOT-FOR-US: Cryptshare Server
+CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...)
+ NOT-FOR-US: NI Service Locator
+CVE-2021-3893
+ RESERVED
+CVE-2021-42562 (An issue was discovered in CALDERA 2.8.1. It does not properly segrega ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the Human pl ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42560 (An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42559 (An issue was discovered in CALDERA 2.8.1. It contains multiple startup ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42558 (An issue was discovered in CALDERA 2.8.1. It contains multiple reflect ...)
+ NOT-FOR-US: CALDERA
+CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...)
+ NOT-FOR-US: Jeedom
+CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...)
+ NOT-FOR-US: Rasa X
+CVE-2021-42555 (Pexip Infinity before 26.2 allows temporary remote Denial of Service ( ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2021-42554 (An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05. ...)
+ NOT-FOR-US: Insyde
+CVE-2021-3892
+ REJECTED
+CVE-2021-26247 (As an unauthenticated remote user, visit "http://&lt;CACTI_SERVER&gt;/ ...)
+ - cacti 0.8.7i-1
+ NOTE: Fixed by: https://github.com/Cacti/cacti/commit/d94dbd985054ef1ba14278a932c67e3145ebb14b (0.8.7h)
+ NOTE: Addressed again as a side-note in the same issue and fix for CVE-2021-3816
+ NOTE: https://github.com/Cacti/cacti/issues/1882
+ NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1)
+CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management permissio ...)
+ - cacti 1.2.1+ds1-1
+ [stretch] - cacti <postponed> (Minor issue; stored XSS requires prior admin access)
+ NOTE: https://github.com/Cacti/cacti/issues/1882
+CVE-2021-42553
+ RESERVED
+CVE-2021-42552
+ RESERVED
+CVE-2021-42551 (Cross-site Scripting (XSS) vulnerability in the search functionality o ...)
+ NOT-FOR-US: AlCoda NetBiblio WebOPAC
+CVE-2021-42549 (Insufficient Input Validation in the search functionality of Wordpress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-42548 (Insufficient Input Validation in the search functionality of Wordpress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-42547 (Insufficient Input Validation in the search functionality of Wordpress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-42546 (Insufficient Input Validation in the search functionality of Wordpress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-42545 (An insufficient session expiration vulnerability exists in Business-DN ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on Business-DNA So ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42543 (The affected application uses specific functions that could be abused ...)
+ NOT-FOR-US: AzeoTech
+CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...)
+ NOT-FOR-US: Emerson
+CVE-2021-42541
+ RESERVED
+CVE-2021-42540 (The affected product is vulnerable to a unsanitized extract folder for ...)
+ NOT-FOR-US: Emerson
+CVE-2021-42539 (The affected product is vulnerable to a missing permission validation ...)
+ NOT-FOR-US: Emerson
+CVE-2021-42538 (The affected product is vulnerable to a parameter injection via passph ...)
+ NOT-FOR-US: Emerson
+CVE-2021-42537
+ RESERVED
+CVE-2021-42536 (The affected product is vulnerable to a disclosure of peer username an ...)
+ NOT-FOR-US: Emerson
+CVE-2021-42535
+ RESERVED
+CVE-2021-42534 (The affected product&#8217;s web application does not properly neutral ...)
+ NOT-FOR-US: Trane
+CVE-2021-42533
+ RESERVED
+CVE-2021-42532
+ RESERVED
+CVE-2021-42531
+ RESERVED
+CVE-2021-42530
+ RESERVED
+CVE-2021-42529
+ RESERVED
+CVE-2021-42528
+ RESERVED
+CVE-2021-42527
+ RESERVED
+CVE-2021-42526
+ RESERVED
+CVE-2021-42525 (Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42524 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-3891
+ RESERVED
+CVE-2021-3890
+ RESERVED
+CVE-2021-3889 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...)
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://huntr.dev/bounties/efb3e261-3f7d-4a45-8114-e0ace6b21516/
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8)
+CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset ...)
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://huntr.dev/bounties/722b3acb-792b-4429-a98d-bb80efb8938d/
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/c78e186739b50d156cb3da5d08d70294f0490853 (v0.8)
+CVE-2021-3887
+ RESERVED
+CVE-2021-42523
+ RESERVED
+CVE-2021-42522
+ RESERVED
+CVE-2021-42521
+ RESERVED
+CVE-2021-42520
+ RESERVED
+CVE-2021-42519
+ RESERVED
+CVE-2021-42518
+ RESERVED
+CVE-2021-42517
+ RESERVED
+CVE-2021-42516
+ RESERVED
+CVE-2021-42515
+ RESERVED
+CVE-2021-42514
+ RESERVED
+CVE-2021-42513
+ RESERVED
+CVE-2021-42512
+ RESERVED
+CVE-2021-42511
+ RESERVED
+CVE-2021-42510
+ RESERVED
+CVE-2021-42509
+ RESERVED
+CVE-2021-42508
+ RESERVED
+CVE-2021-42507
+ RESERVED
+CVE-2021-42506
+ RESERVED
+CVE-2021-42505
+ RESERVED
+CVE-2021-42504
+ RESERVED
+CVE-2021-42503
+ RESERVED
+CVE-2021-42502
+ RESERVED
+CVE-2021-42501
+ RESERVED
+CVE-2021-42500
+ RESERVED
+CVE-2021-42499
+ RESERVED
+CVE-2021-42498
+ RESERVED
+CVE-2021-42497
+ RESERVED
+CVE-2021-42496
+ RESERVED
+CVE-2021-42495
+ RESERVED
+CVE-2021-42494
+ RESERVED
+CVE-2021-42493
+ RESERVED
+CVE-2021-42492
+ RESERVED
+CVE-2021-42491
+ RESERVED
+CVE-2021-42490
+ RESERVED
+CVE-2021-42489
+ RESERVED
+CVE-2021-42488
+ RESERVED
+CVE-2021-42487
+ RESERVED
+CVE-2021-42486
+ RESERVED
+CVE-2021-42485
+ RESERVED
+CVE-2021-42484
+ RESERVED
+CVE-2021-42483
+ RESERVED
+CVE-2021-42482
+ RESERVED
+CVE-2021-42481
+ RESERVED
+CVE-2021-42480
+ RESERVED
+CVE-2021-42479
+ RESERVED
+CVE-2021-42478
+ RESERVED
+CVE-2021-42477
+ RESERVED
+CVE-2021-42476
+ RESERVED
+CVE-2021-42475
+ RESERVED
+CVE-2021-42474
+ RESERVED
+CVE-2021-42473
+ RESERVED
+CVE-2021-42472
+ RESERVED
+CVE-2021-42471
+ RESERVED
+CVE-2021-42470
+ RESERVED
+CVE-2021-42469
+ RESERVED
+CVE-2021-42468
+ RESERVED
+CVE-2021-42467
+ RESERVED
+CVE-2021-42466
+ RESERVED
+CVE-2021-42465
+ RESERVED
+CVE-2021-42464
+ RESERVED
+CVE-2021-42463
+ RESERVED
+CVE-2021-42462
+ RESERVED
+CVE-2021-42461
+ RESERVED
+CVE-2021-42460
+ RESERVED
+CVE-2021-42459
+ RESERVED
+CVE-2021-42458
+ RESERVED
+CVE-2021-42457
+ RESERVED
+CVE-2021-42456
+ RESERVED
+CVE-2021-42455
+ RESERVED
+CVE-2021-42454
+ RESERVED
+CVE-2021-42453
+ RESERVED
+CVE-2021-42452
+ RESERVED
+CVE-2021-42451
+ RESERVED
+CVE-2021-42450
+ RESERVED
+CVE-2021-42449
+ RESERVED
+CVE-2021-42448
+ RESERVED
+CVE-2021-42447
+ RESERVED
+CVE-2021-42446
+ RESERVED
+CVE-2021-42445
+ RESERVED
+CVE-2021-42444
+ RESERVED
+CVE-2021-42443
+ RESERVED
+CVE-2021-42442
+ RESERVED
+CVE-2021-42441
+ RESERVED
+CVE-2021-42440
+ RESERVED
+CVE-2021-42439
+ RESERVED
+CVE-2021-42438
+ RESERVED
+CVE-2021-42437
+ RESERVED
+CVE-2021-42436
+ RESERVED
+CVE-2021-42435
+ RESERVED
+CVE-2021-42434
+ RESERVED
+CVE-2021-42433
+ RESERVED
+CVE-2021-42432
+ RESERVED
+CVE-2021-42431
+ RESERVED
+CVE-2021-42430
+ RESERVED
+CVE-2021-42429
+ RESERVED
+CVE-2021-42428
+ RESERVED
+CVE-2021-42427
+ RESERVED
+CVE-2021-42426
+ RESERVED
+CVE-2021-42425
+ RESERVED
+CVE-2021-42424
+ RESERVED
+CVE-2021-42423
+ RESERVED
+CVE-2021-42422
+ RESERVED
+CVE-2021-42421
+ RESERVED
+CVE-2021-42420
+ RESERVED
+CVE-2021-42419
+ RESERVED
+CVE-2021-42418
+ RESERVED
+CVE-2021-42417
+ RESERVED
+CVE-2021-42416
+ RESERVED
+CVE-2021-42415
+ RESERVED
+CVE-2021-42414
+ RESERVED
+CVE-2021-42413
+ RESERVED
+CVE-2021-42412
+ RESERVED
+CVE-2021-42411
+ RESERVED
+CVE-2021-42410
+ RESERVED
+CVE-2021-42409
+ RESERVED
+CVE-2021-42408
+ RESERVED
+CVE-2021-42407
+ RESERVED
+CVE-2021-42406
+ RESERVED
+CVE-2021-42405
+ RESERVED
+CVE-2021-42404
+ RESERVED
+CVE-2021-42403
+ RESERVED
+CVE-2021-42402
+ RESERVED
+CVE-2021-42401
+ RESERVED
+CVE-2021-42400
+ RESERVED
+CVE-2021-42399
+ RESERVED
+CVE-2021-42398
+ RESERVED
+CVE-2021-42397
+ RESERVED
+CVE-2021-42396
+ RESERVED
+CVE-2021-42395
+ RESERVED
+CVE-2021-42394
+ RESERVED
+CVE-2021-42393
+ RESERVED
+CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...)
+ {DSA-5076-1 DLA-2923-1}
+ - h2database 2.1.210-1 (bug #1003894)
+ NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
+ NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
+ NOTE: Fixed by https://github.com/h2database/h2database/commit/41dd2a4cf89da9dd18239debbf73f88da6184ec7
+ NOTE: https://github.com/h2database/h2database/commit/956c6241868332c5b440f5d55ea8fdc1e51ae4fd
+CVE-2021-42391
+ RESERVED
+CVE-2021-42390
+ RESERVED
+CVE-2021-42389
+ RESERVED
+CVE-2021-42388
+ RESERVED
+CVE-2021-42387
+ RESERVED
+CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42385 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42384 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42383 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42382 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42381 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42380 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42379 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42378 (A use-after-free in Busybox's awk applet leads to denial of service an ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <postponed> (Minor issue, requires passing arbitrary awk program, no identified patch)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42377 (An attacker-controlled pointer free in Busybox's hush applet leads to ...)
+ - busybox <unfixed> (bug #999567)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ [stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+CVE-2021-42376 (A NULL pointer dereference in Busybox's hush applet leads to denial of ...)
+ - busybox <unfixed> (unimportant; bug #999567)
+ [stretch] - busybox <not-affected> (CONFIG_HUSH is not set)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-42375 (An incorrect handling of a special element in Busybox's ash applet lea ...)
+ - busybox <unfixed> (unimportant; bug #999567)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-42374 (An out-of-bounds heap read in Busybox's unlzma applet leads to informa ...)
+ - busybox <unfixed> (unimportant; bug #999567)
+ [stretch] - busybox <not-affected> (Vulnerable code introduced later)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+ NOTE: Crash in CLI tool with information leak
+ NOTE: Introduced by https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 (1_27_0)
+ NOTE: https://git.busybox.net/busybox/commit/?id=04f052c56ded5ab6a904e3a264a73dc0412b2e78
+CVE-2021-42373 (A NULL pointer dereference in Busybox's man applet leads to denial of ...)
+ - busybox <unfixed> (unimportant; bug #999567)
+ NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-42372 (A shell command injection in the HW Events SNMP community in XoruX LPA ...)
+ NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD
+CVE-2021-42371 (lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD ...)
+ NOT-FOR-US: XoruX LPAR2RRD
+CVE-2021-42370 (A password mismanagement situation exists in XoruX LPAR2RRD and STOR2R ...)
+ NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD
+CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows ...)
+ NOT-FOR-US: Imagicle Application Suite
+CVE-2021-42368
+ RESERVED
+CVE-2021-42367 (The Variation Swatches for WooCommerce WordPress plugin is vulnerable ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42366
+ RESERVED
+CVE-2021-42365 (The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42364 (The Stetic WordPress plugin is vulnerable to Cross-Site Request Forger ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42363 (The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42361 (The Contact Form Email WordPress plugin is vulnerable to Stored Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42360 (On sites that also had the Elementor plugin for WordPress installed, i ...)
+ NOT-FOR-US: Elementor plugin for WordPress
+CVE-2021-42359 (WP DSGVO Tools (GDPR) &lt;= 3.1.23 had an AJAX action, &#8216;admin-di ...)
+ NOT-FOR-US: WP DSGVO Tools (GDPR)
+CVE-2021-42358 (The Contact Form With Captcha WordPress plugin is vulnerable to Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-42357 (When using Apache Knox SSO prior to 1.6.1, a request could be crafted ...)
+ NOT-FOR-US: Apache Knox
+CVE-2021-42356
+ RESERVED
+CVE-2021-42355
+ RESERVED
+CVE-2021-42354
+ RESERVED
+CVE-2021-42353
+ RESERVED
+CVE-2021-42352
+ RESERVED
+CVE-2021-42351
+ RESERVED
+CVE-2021-42350
+ RESERVED
+CVE-2021-42349
+ RESERVED
+CVE-2021-42348
+ RESERVED
+CVE-2021-42347
+ RESERVED
+CVE-2021-42346
+ RESERVED
+CVE-2021-42345
+ RESERVED
+CVE-2021-42344
+ RESERVED
+CVE-2021-42343 (An issue was discovered in the Dask distributed package before 2021.10 ...)
+ - dask.distributed 2021.09.1+ds.1-2
+ [bullseye] - dask.distributed <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - dask.distributed <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://github.com/dask/distributed/pull/5427
+ NOTE: https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
+CVE-2021-42342 (An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the fi ...)
+ NOT-FOR-US: Embedthis GoAhead
+CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of strlen() t ...)
+ - openrc <not-affected> (Introduced in 0.44)
+ NOTE: https://github.com/OpenRC/openrc/issues/459
+ NOTE: https://github.com/OpenRC/openrc/pull/462
+ NOTE: https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204
+CVE-2021-3886
+ RESERVED
+CVE-2021-3885
+ RESERVED
+CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...)
+ {DSA-5009-1}
+ - tomcat9 9.0.54-1
+ [buster] - tomcat9 <not-affected> (Vulnerable code introduced later)
+ - tomcat8 <removed>
+ [stretch] - tomcat8 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/1
+ NOTE: https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47 (9.0.54)
+ NOTE: https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a (8.5.72)
+ NOTE: Fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63362 introduced the memory leak.
+CVE-2021-3884
+ RESERVED
+CVE-2021-3883
+ RESERVED
+CVE-2021-42339
+ RESERVED
+CVE-2021-42338 (4MOSAn GCB Doctor&#8217;s login page has improper validation of Cookie ...)
+ NOT-FOR-US: 4MOSAn GCB Doctor
+CVE-2021-42337 (The permission control of AIFU cashier management salary query functio ...)
+ NOT-FOR-US: AIFU cashier management salary
+CVE-2021-42336 (The learning history page of the Easytest is vulnerable by permission ...)
+ NOT-FOR-US: Easytest
+CVE-2021-42335 (Easytest bulletin board management function of online learning platfor ...)
+ NOT-FOR-US: Easytest
+CVE-2021-42334 (The Easytest contains SQL injection vulnerabilities. After obtaining a ...)
+ NOT-FOR-US: Easytest
+CVE-2021-42333 (The Easytest contains SQL injection vulnerabilities. After obtaining u ...)
+ NOT-FOR-US: Easytest
+CVE-2021-42332 (The &#8220;List View&#8221; function of ShinHer StudyOnline System is ...)
+ NOT-FOR-US: ShinHer StudyOnline System
+CVE-2021-42331 (The &#8220;Study Edit&#8221; function of ShinHer StudyOnline System do ...)
+ NOT-FOR-US: ShinHer StudyOnline System
+CVE-2021-42330 (The &#8220;Teacher Edit&#8221; function of ShinHer StudyOnline System ...)
+ NOT-FOR-US: ShinHer StudyOnline System
+CVE-2021-42329 (The &#8220;List_Add&#8221; function of message board of ShinHer StudyO ...)
+ NOT-FOR-US: ShinHer StudyOnline System
+CVE-2021-42328
+ RESERVED
+CVE-2021-42327 (dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...)
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ [buster] - linux <not-affected> (Vulnerability introduced later)
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://lists.freedesktop.org/archives/amd-gfx/2021-October/070170.html
+CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...)
+ {DLA-2787-1}
+ - redmine <unfixed> (bug #998417)
+ NOTE: https://www.redmine.org/news/133
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/21209
+CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbM ...)
+ NOT-FOR-US: Froxlor
+CVE-2021-42324
+ RESERVED
+CVE-2021-42323 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42322 (Visual Studio Code Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42321 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42320 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42319 (Visual Studio Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42318
+ RESERVED
+CVE-2021-42317
+ RESERVED
+CVE-2021-42316 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42315 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42314 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42313 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42312 (Microsoft Defender for IOT Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42311 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42310 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42309 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42307
+ RESERVED
+CVE-2021-42306 (Azure Active Directory Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42304 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42303 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42302 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42301 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42300 (Azure Sphere Tampering Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42299 (Microsoft Surface Pro 3 Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42298 (Microsoft Defender Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42295 (Visual Basic for Applications Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42294 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42293 (Microsoft Jet Red Database Engine and Access Connectivity Engine Eleva ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42292 (Microsoft Excel Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42291 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42290
+ RESERVED
+CVE-2021-42289
+ RESERVED
+CVE-2021-42288 (Windows Hello Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42287 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42286 (Windows Core Shell SI Host Extension Framework for Composable Shell El ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42285 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42284 (Windows Hyper-V Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42283 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42282 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42281
+ RESERVED
+CVE-2021-42280 (Windows Feedback Hub Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42279 (Chakra Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42278 (Active Directory Domain Services Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42277 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42276 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42275 (Microsoft COM for Windows Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42274 (Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vul ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-42273
+ RESERVED
+CVE-2021-42272 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42271 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42270 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42269 (Adobe Animate version 21.0.9 (and earlier) are affected by a use-after ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42268 (Adobe Animate version 21.0.9 (and earlier) is affected by a Null point ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42267 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42266 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-42265
+ RESERVED
+CVE-2021-42264
+ RESERVED
+CVE-2021-42263
+ RESERVED
+CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session authoriza ...)
+ - ledgersmb <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/
+ NOTE: https://ledgersmb.org/content/security-advisory-cve-2021-3882-non-secure-session-cookie
+CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read ...)
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://huntr.dev/bounties/540fd115-7de4-4e19-a918-5ee61f5157c1/
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8)
+CVE-2021-3880
+ RESERVED
+CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-42262
+ RESERVED
+CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...)
+ NOT-FOR-US: Revisor Video Management System (VMS)
+CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...)
+ - tinyxml 2.6.2-6
+ [bullseye] - tinyxml <no-dsa> (Minor issue)
+ [buster] - tinyxml <no-dsa> (Minor issue)
+ [stretch] - tinyxml <no-dsa> (Minor issue; can be fixed with the next DLA)
+ NOTE: https://sourceforge.net/p/tinyxml/bugs/141/
+ NOTE: https://sourceforge.net/p/tinyxml/git/merge-requests/1/
+CVE-2021-42259
+ RESERVED
+CVE-2021-42258 (BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL i ...)
+ NOT-FOR-US: BQE BillQuick Web Suite
+CVE-2021-42257 (check_smart before 6.9.1 allows unintended drive access by an unprivil ...)
+ NOT-FOR-US: check_smart Icinga plugin
+CVE-2021-42256
+ RESERVED
+CVE-2021-3878 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
+ NOT-FOR-US: CoreNLP
+CVE-2021-42255
+ RESERVED
+CVE-2021-42254 (BeyondTrust Privilege Management prior to version 21.6 creates a Tempo ...)
+ NOT-FOR-US: BeyondTrust Privilege Management
+CVE-2021-42253
+ RESERVED
+CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/ ...)
+ {DLA-2785-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/b49a0e69a7b1a68c8d3f64097d06dabb770fec96 (5.15-rc1)
+CVE-2021-42251
+ RESERVED
+CVE-2021-42250 (Improper output neutralization for Logs. A specific Apache Superset HT ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-42249
+ RESERVED
+CVE-2021-42248
+ RESERVED
+CVE-2021-42247
+ RESERVED
+CVE-2021-42246
+ RESERVED
+CVE-2021-42245
+ RESERVED
+CVE-2021-42244
+ RESERVED
+CVE-2021-42243
+ RESERVED
+CVE-2021-42242
+ RESERVED
+CVE-2021-42241
+ RESERVED
+CVE-2021-42240
+ RESERVED
+CVE-2021-42239
+ RESERVED
+CVE-2021-42238
+ RESERVED
+CVE-2021-42237 (Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnera ...)
+ NOT-FOR-US: Sitecore
+CVE-2021-42236
+ RESERVED
+CVE-2021-42235
+ RESERVED
+CVE-2021-42234
+ RESERVED
+CVE-2021-42233
+ RESERVED
+CVE-2021-42232
+ RESERVED
+CVE-2021-42231
+ RESERVED
+CVE-2021-42230
+ RESERVED
+CVE-2021-42229
+ RESERVED
+CVE-2021-42228 (A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor ...)
+ NOT-FOR-US: KindEditor
+CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...)
+ NOT-FOR-US: KindEditor
+CVE-2021-42226
+ RESERVED
+CVE-2021-42225
+ RESERVED
+CVE-2021-42224 (SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via ...)
+ NOT-FOR-US: IFSC Code Finder Project
+CVE-2021-42223 (Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking M ...)
+ NOT-FOR-US: Online DJ Booking Management System
+CVE-2021-42222
+ RESERVED
+CVE-2021-42221
+ RESERVED
+CVE-2021-42220 (A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 1 ...)
+ - dolibarr <removed>
+CVE-2021-42219
+ RESERVED
+CVE-2021-42218
+ RESERVED
+CVE-2021-42217
+ RESERVED
+CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via ...)
+ NOT-FOR-US: AnonAddy
+CVE-2021-42215
+ RESERVED
+CVE-2021-42214
+ RESERVED
+CVE-2021-42213
+ RESERVED
+CVE-2021-42212
+ RESERVED
+CVE-2021-42211
+ RESERVED
+CVE-2021-42210
+ RESERVED
+CVE-2021-42209
+ RESERVED
+CVE-2021-42208
+ RESERVED
+CVE-2021-42207
+ RESERVED
+CVE-2021-42206
+ RESERVED
+CVE-2021-42205
+ RESERVED
+CVE-2021-42204
+ RESERVED
+CVE-2021-42203
+ RESERVED
+CVE-2021-42202
+ RESERVED
+CVE-2021-42201
+ RESERVED
+CVE-2021-42200
+ RESERVED
+CVE-2021-42199
+ RESERVED
+CVE-2021-42198
+ RESERVED
+CVE-2021-42197
+ RESERVED
+CVE-2021-42196
+ RESERVED
+CVE-2021-42195
+ RESERVED
+CVE-2021-42194
+ RESERVED
+CVE-2021-42193
+ RESERVED
+CVE-2021-42192
+ RESERVED
+CVE-2021-42191
+ RESERVED
+CVE-2021-42190
+ RESERVED
+CVE-2021-42189
+ RESERVED
+CVE-2021-42188
+ RESERVED
+CVE-2021-42187
+ RESERVED
+CVE-2021-42186
+ RESERVED
+CVE-2021-42185
+ RESERVED
+CVE-2021-42184
+ RESERVED
+CVE-2021-42183
+ RESERVED
+CVE-2021-42182
+ RESERVED
+CVE-2021-42181
+ RESERVED
+CVE-2021-42180
+ RESERVED
+CVE-2021-42179
+ RESERVED
+CVE-2021-42178
+ RESERVED
+CVE-2021-42177
+ RESERVED
+CVE-2021-42176
+ RESERVED
+CVE-2021-42175
+ RESERVED
+CVE-2021-42174
+ RESERVED
+CVE-2021-42173
+ RESERVED
+CVE-2021-42172
+ RESERVED
+CVE-2021-42171
+ RESERVED
+CVE-2021-42170
+ RESERVED
+CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite ...)
+ NOT-FOR-US: Dynamic Tax Bracket in PHP using SQLite Free Source Code
+CVE-2021-42168 (Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sha ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-42167
+ RESERVED
+CVE-2021-42166
+ RESERVED
+CVE-2021-42165
+ RESERVED
+CVE-2021-42164
+ RESERVED
+CVE-2021-42163
+ RESERVED
+CVE-2021-42162
+ RESERVED
+CVE-2021-42161
+ RESERVED
+CVE-2021-42160
+ RESERVED
+CVE-2021-42159
+ RESERVED
+CVE-2021-42158
+ RESERVED
+CVE-2021-42157
+ RESERVED
+CVE-2021-42156
+ RESERVED
+CVE-2021-42155
+ RESERVED
+CVE-2021-42154
+ RESERVED
+CVE-2021-42153
+ RESERVED
+CVE-2021-42152
+ RESERVED
+CVE-2021-42151
+ RESERVED
+CVE-2021-42150
+ RESERVED
+CVE-2021-42149
+ RESERVED
+CVE-2021-42148
+ RESERVED
+CVE-2021-3877
+ RESERVED
+CVE-2021-42147
+ RESERVED
+CVE-2021-42146
+ RESERVED
+CVE-2021-42145
+ RESERVED
+CVE-2021-42144
+ RESERVED
+CVE-2021-42143
+ RESERVED
+CVE-2021-42142
+ RESERVED
+CVE-2021-42141
+ RESERVED
+CVE-2021-42140
+ RESERVED
+CVE-2021-42139 (Deno Standard Modules before 0.107.0 allows Code Injection via an untr ...)
+ NOT-FOR-US: Deno
+CVE-2021-42138 (A user of a machine protected by SafeNet Agent for Windows Logon may l ...)
+ NOT-FOR-US: SafeNet
+CVE-2021-42137 (An issue was discovered in Zammad before 5.0.1. In some cases, there i ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42136
+ RESERVED
+CVE-2021-42135 (HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an u ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a compon ...)
+ NOT-FOR-US: Django Unicorn, different from src:unicorn
+CVE-2021-3876
+ RESERVED
+CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3565-1 (bug #996593)
+ [bullseye] - vim <not-affected> (Vulnerable feature and code introduced later)
+ [buster] - vim <not-affected> (Vulnerable feature and code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable feature and code introduced later)
+ NOTE: https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53/
+ NOTE: Search from cursor position introduced in: https://github.com/vim/vim/commit/04db26b36000a4677b95403ec94bd11f6cc73975 (v8.2.3110)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f (v8.2.3489)
+CVE-2021-42133 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42132 (A command Injection vulnerability exists in Ivanti Avalanche before 6. ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42131 (A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 a ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42130 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42129 (A command injection vulnerability exists in Ivanti Avalanche before 6. ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42128 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42127 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42126 (An improper authorization control vulnerability exists in Ivanti Avala ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42125 (An unrestricted file upload vulnerability exists in Ivanti Avalanche b ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42124 (An improper access control vulnerability exists in Ivanti Avalanche be ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-42123 (Unrestricted File Upload in Web Applications operating on Business-DNA ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42122 (Insufficient Input Validation in Web Applications operating on Busines ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42121 (Insufficient Input Validation in Web Applications operating on Busines ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42120 (Insufficient Input Validation in Web Applications operating on Busines ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42119 (Persistent Cross Site Scripting in Web Applications operating on Busin ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42118 (Persistent Cross Site Scripting in Web Applications operating on Busin ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42117 (Insufficient Input Validation in Web Applications operating on Busines ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42116 (Incorrect Access Control in Web Applications operating on Business-DNA ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42115 (Missing HTTPOnly flag in Web Applications operating on Business-DNA So ...)
+ NOT-FOR-US: Business-DNA Solutions
+CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability ...)
+ NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith)
+ NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
+ NOTE: https://comsec.ethz.ch/research/dram/blacksmith/
+CVE-2021-42113 (An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH ...)
+ NOT-FOR-US: Insyde
+CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...)
+ - limesurvey <itp> (bug #472802)
+CVE-2021-42111 (An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 fo ...)
+ NOT-FOR-US: RCDevs OpenOTP app
+CVE-2021-42110 (An issue was discovered in Allegro Windows (formerly Popsy Windows) be ...)
+ NOT-FOR-US: Allegro Windows
+CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...)
+ NOT-FOR-US: bookstack
+CVE-2021-3873
+ RESERVED
+CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...)
+ NOT-FOR-US: VITEC Exterity IPTV products
+CVE-2021-42108 (Unnecessary privilege vulnerabilities in the Web Console of Trend Micr ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42107 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42106 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42105 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42104 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42103 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42102 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42101 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3565-1
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8
+ NOTE: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b
+CVE-2021-3871
+ RESERVED
+CVE-2021-3870
+ RESERVED
+CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed ...)
+ {DSA-4984-1}
+ - flatpak 1.12.1-1 (bug #995935)
+ [buster] - flatpak <ignored> (Not exploitable with Debian buster kernel, intrusive to backport; requires updated libseccomp)
+ [stretch] - flatpak <ignored> (Difficult to exploit)
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
+ NOTE: Sourcewise fixed in 1.12.0-1 already, but 1.12.1-1 adds stricter dependency
+ NOTE: to libseccomp 2.5.2 so that CVE-2021-41133 is fully prevented.
+ NOTE: https://github.com/flatpak/flatpak/commit/e26ac7586c392b5eb35ff4609fe232c52523b2cf
+ NOTE: https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48
+ NOTE: https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca
+ NOTE: https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330
+ NOTE: https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f
+ NOTE: https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36
+ NOTE: https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999
+ NOTE: https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf
+ NOTE: Regression followups:
+ NOTE: https://github.com/flatpak/flatpak/commit/d419fa67038370e4f4c3ce8c3b5f672d4876cfc8
+ NOTE: https://github.com/flatpak/flatpak/commit/3fc8c672676ae016f8e7cc90481b2feecbad9861
+CVE-2021-42100
+ RESERVED
+CVE-2021-42099 (Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file- ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...)
+ NOT-FOR-US: Devolutions
+CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...)
+ {DSA-4991-1 DLA-2791-1}
+ - mailman <removed>
+ NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1947640
+ NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4
+ NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694
+ NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt
+CVE-2021-42096 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A cer ...)
+ {DSA-4991-1 DLA-2791-1}
+ - mailman <removed>
+ NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873
+ NOTE: https://bugs.launchpad.net/mailman/+bug/1947639
+ NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4
+CVE-2021-42095 (Xshell before 7.0.0.76 allows attackers to cause a crash by triggering ...)
+ NOT-FOR-US: NetSarang Xshell
+CVE-2021-42094 (An issue was discovered in Zammad before 4.1.1. Command Injection can ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42093 (An issue was discovered in Zammad before 4.1.1. An admin can execute c ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42092 (An issue was discovered in Zammad before 4.1.1. Stored XSS may occur v ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42091 (An issue was discovered in Zammad before 4.1.1. SSRF can occur via Git ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42090 (An issue was discovered in Zammad before 4.1.1. The Form functionality ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42089 (An issue was discovered in Zammad before 4.1.1. The REST API discloses ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42088 (An issue was discovered in Zammad before 4.1.1. The Chat functionality ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42087 (An issue was discovered in Zammad before 4.1.1. An admin can discover ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42086 (An issue was discovered in Zammad before 4.1.1. An Agent account can m ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42085 (An issue was discovered in Zammad before 4.1.1. There is stored XSS vi ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker with valid ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
+ NOT-FOR-US: CoreNLP
+CVE-2021-42083
+ RESERVED
+CVE-2021-42082
+ RESERVED
+CVE-2021-42081
+ RESERVED
+CVE-2021-42080
+ RESERVED
+CVE-2021-42079
+ RESERVED
+CVE-2021-42078 (PHP Event Calendar through 2021-11-04 allows persistent cross-site scr ...)
+ NOT-FOR-US: PHP Event Calendar
+CVE-2021-42077 (PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstr ...)
+ NOT-FOR-US: PHP Event Calendar
+CVE-2021-42076 (An issue was discovered in Barrier before 2.3.4. An attacker can cause ...)
+ NOT-FOR-US: Barrier
+CVE-2021-42075 (An issue was discovered in Barrier before 2.3.4. The barriers componen ...)
+ NOT-FOR-US: Barrier
+CVE-2021-42074 (An issue was discovered in Barrier before 2.3.4. An unauthenticated at ...)
+ NOT-FOR-US: Barrier
+CVE-2021-42073 (An issue was discovered in Barrier before 2.4.0. An attacker can enter ...)
+ NOT-FOR-US: Barrier
+CVE-2021-42072 (An issue was discovered in Barrier before 2.4.0. The barriers componen ...)
+ NOT-FOR-US: Barrier
+CVE-2021-42071 (In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can ach ...)
+ NOT-FOR-US: Visual Tools DVR VX16
+CVE-2021-42070 (When a user opens manipulated Jupiter Tessellation (.jt) file received ...)
+ NOT-FOR-US: SAP
+CVE-2021-42069 (When a user opens manipulated Tagged Image File Format (.tif) file rec ...)
+ NOT-FOR-US: SAP
+CVE-2021-42068 (When a user opens a manipulated GIF (.gif) file received from untruste ...)
+ NOT-FOR-US: SAP
+CVE-2021-42067 (In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 71 ...)
+ NOT-FOR-US: SAP
+CVE-2021-42066 (SAP Business One - version 10.0, allows an admin user to view DB passw ...)
+ NOT-FOR-US: SAP
+CVE-2021-42065
+ RESERVED
+CVE-2021-42064 (If configured to use an Oracle database and if a query is created usin ...)
+ NOT-FOR-US: SAP
+CVE-2021-42063 (A security vulnerability has been discovered in the SAP Knowledge Ware ...)
+ NOT-FOR-US: SAP
+CVE-2021-42062 (SAP ERP HCM Portugal does not perform necessary authorization checks f ...)
+ NOT-FOR-US: SAP
+CVE-2021-42061 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ...)
+ NOT-FOR-US: SAP
+CVE-2021-3868
+ RESERVED
+CVE-2021-3867
+ RESERVED
+CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...)
+ - zulip-server <itp> (bug #800052)
+ NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6
+CVE-2021-42060 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.4 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-42059 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-42058
+ RESERVED
+CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The ev ...)
+ NOT-FOR-US: Obsidian Dataview
+CVE-2021-42056
+ RESERVED
+CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insec ...)
+ NOT-FOR-US: ASUSTek ZenBook Pro Due 15 UX582 laptop firmware
+CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule ...)
+ NOT-FOR-US: ACCEL-PPP
+CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via compone ...)
+ NOT-FOR-US: Django Unicorn, different from src:unicorn
+CVE-2021-42052
+ RESERVED
+CVE-2021-42051 (An issue was discovered in AbanteCart before 1.3.2. Any low-privileged ...)
+ NOT-FOR-US: AbanteCart
+CVE-2021-42050 (An issue was discovered in AbanteCart before 1.3.2. It allows DOM Base ...)
+ NOT-FOR-US: AbanteCart
+CVE-2021-42049 (An issue was discovered in the Translate extension in MediaWiki throug ...)
+ NOT-FOR-US: Translate MediaWiki extension
+CVE-2021-42048 (An issue was discovered in the Growth extension in MediaWiki through 1 ...)
+ NOT-FOR-US: Growth MediaWiki extension
+CVE-2021-42047 (An issue was discovered in the Growth extension in MediaWiki through 1 ...)
+ NOT-FOR-US: Growth MediaWiki extension
+CVE-2021-42046 (An issue was discovered in the GlobalWatchlist extension in MediaWiki ...)
+ NOT-FOR-US: GlobalWatchlist MediaWiki extension
+CVE-2021-42045 (An issue was discovered in SecurePoll in the Growth extension in Media ...)
+ NOT-FOR-US: SecurePoll MediaWiki extension
+CVE-2021-42044 (An issue was discovered in the Mentor dashboard in the GrowthExperimen ...)
+ NOT-FOR-US: GrowthExperiments MediaWiki extension
+CVE-2021-42043 (An issue was discovered in Special:MediaSearch in the MediaSearch exte ...)
+ NOT-FOR-US: MediaSearch MediaWiki extension
+CVE-2021-42042 (An issue was discovered in SpecialEditGrowthConfig in the GrowthExperi ...)
+ NOT-FOR-US: GrowthExperiments MediaWiki extension
+CVE-2021-42041 (An issue was discovered in CentralAuth in MediaWiki through 1.36.2. Th ...)
+ NOT-FOR-US: CentralAuth MediaWiki extension
+CVE-2021-42040 (An issue was discovered in MediaWiki through 1.36.2. A parser function ...)
+ NOT-FOR-US: Loops MediaWiki extension
+CVE-2021-3865
+ RESERVED
+CVE-2021-42039
+ RESERVED
+CVE-2021-42038
+ RESERVED
+CVE-2021-42037
+ RESERVED
+CVE-2021-42036
+ RESERVED
+CVE-2021-42035
+ RESERVED
+CVE-2021-42034
+ RESERVED
+CVE-2021-42033
+ RESERVED
+CVE-2021-42032
+ RESERVED
+CVE-2021-42031
+ RESERVED
+CVE-2021-42030
+ RESERVED
+CVE-2021-42029
+ RESERVED
+CVE-2021-42028
+ RESERVED
+CVE-2021-42027 (A vulnerability has been identified in SINUMERIK Edge (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42026 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42025 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42024 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42023 (A vulnerability has been identified in ModelSim Simulation (All versio ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42022 (A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Packa ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA Server ( ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42020
+ RESERVED
+CVE-2021-42019
+ RESERVED
+CVE-2021-42018
+ RESERVED
+CVE-2021-42017
+ RESERVED
+CVE-2021-42016
+ RESERVED
+CVE-2021-42015 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-42014
+ RESERVED
+CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4 ...)
+ - apache2 2.4.51-1
+ [bullseye] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49/2.4.50)
+ [buster] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49/2.4.50)
+ [stretch] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49/2.4.50)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/07/6
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1
+CVE-2021-3864 [descendant's dumpable setting with certain SUID binaries]
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/20/2
+CVE-2021-42012 (A stack-based buffer overflow vulnerability in Trend Micro Apex One, A ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-42011 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-42010
+ RESERVED
+CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...)
+ NOT-FOR-US: Apache Traffic Control
+CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: icecoder
+CVE-2021-3861 (The RNDIS USB device class includes a buffer overflow vulnerability. Z ...)
+ NOT-FOR-US: zephyr-rtos
+CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...)
+ NOT-FOR-US: JFrog Artifactory
+CVE-2021-3859
+ RESERVED
+ - undertow <undetermined>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010378
+ TODO: check details
+CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/19d1532a187669ce86d5a2696eb7275310070793 (5.14-rc7)
+CVE-2021-42007
+ RESERVED
+CVE-2021-42006 (An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 ...)
+ - libgclib 0.12.7+ds-2 (bug #996591)
+ [bullseye] - libgclib <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpertea/gclib/issues/11
+CVE-2021-42005
+ RESERVED
+CVE-2021-42004
+ RESERVED
+CVE-2021-42003
+ RESERVED
+CVE-2021-42002 (Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-42001
+ RESERVED
+CVE-2021-42000 (When a password reset or password change flow with an authentication p ...)
+ NOT-FOR-US: pingidentity
+CVE-2021-41999
+ RESERVED
+CVE-2021-41998
+ RESERVED
+CVE-2021-41997
+ RESERVED
+CVE-2021-41996
+ RESERVED
+CVE-2021-41995
+ RESERVED
+CVE-2021-41994
+ RESERVED
+CVE-2021-41993
+ RESERVED
+CVE-2021-41992
+ RESERVED
+CVE-2021-41991 (The in-memory certificate cache in strongSwan before 5.9.4 has a remot ...)
+ {DSA-4989-1 DLA-2788-1}
+ - strongswan 5.9.4-1
+ NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html
+CVE-2021-41990 (The gmp plugin in strongSwan before 5.9.4 has a remote integer overflo ...)
+ {DSA-4989-1}
+ - strongswan 5.9.4-1
+ [stretch] - strongswan <not-affected> (The vulnerable code was introduced later in version 5.6.1)
+ NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
+CVE-2021-41989
+ RESERVED
+CVE-2021-41988
+ RESERVED
+CVE-2021-41987
+ RESERVED
+CVE-2021-41986
+ RESERVED
+CVE-2021-41985
+ RESERVED
+CVE-2021-41984
+ RESERVED
+CVE-2021-41983
+ RESERVED
+CVE-2021-41982
+ RESERVED
+CVE-2021-41981
+ RESERVED
+CVE-2021-41980
+ RESERVED
+CVE-2021-41979
+ RESERVED
+CVE-2021-41978
+ RESERVED
+CVE-2021-41977
+ RESERVED
+CVE-2021-41976 (Tad Uploader edit book list function is vulnerable to authorization by ...)
+ NOT-FOR-US: Tad Uploader
+CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thus remo ...)
+ NOT-FOR-US: TadTools
+CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...)
+ NOT-FOR-US: Tad Book3
+CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: snipe-it
+CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: chaskiq
+CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
+ NOT-FOR-US: Apache MINA
+CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-3856
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2021-3855
+ RESERVED
+CVE-2021-3854
+ RESERVED
+CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist]
+ - rust-nix 0.19.0-2 (bug #995562)
+ [bullseye] - rust-nix <no-dsa> (Minor issue)
+ [buster] - rust-nix <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html
+ NOTE: https://github.com/nix-rust/nix/issues/1541
+CVE-2021-41970
+ RESERVED
+CVE-2021-41969
+ RESERVED
+CVE-2021-41968
+ RESERVED
+CVE-2021-41967
+ RESERVED
+CVE-2021-41966
+ RESERVED
+CVE-2021-41965
+ RESERVED
+CVE-2021-41964
+ RESERVED
+CVE-2021-41963
+ RESERVED
+CVE-2021-41962 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehi ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41961
+ RESERVED
+CVE-2021-41960
+ RESERVED
+CVE-2021-41959
+ RESERVED
+CVE-2021-41958
+ RESERVED
+CVE-2021-41957
+ RESERVED
+CVE-2021-41956
+ RESERVED
+CVE-2021-41955
+ RESERVED
+CVE-2021-41954
+ RESERVED
+CVE-2021-41953
+ RESERVED
+CVE-2021-41952
+ RESERVED
+CVE-2021-41951 (ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Si ...)
+ NOT-FOR-US: ResourceSpace
+CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 ...)
+ NOT-FOR-US: ResourceSpace
+CVE-2021-41949
+ RESERVED
+CVE-2021-41948
+ RESERVED
+CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...)
+ NOT-FOR-US: Subrion CMS
+CVE-2021-41946
+ RESERVED
+CVE-2021-41945
+ RESERVED
+CVE-2021-41944
+ RESERVED
+CVE-2021-41943
+ RESERVED
+CVE-2021-41942
+ RESERVED
+CVE-2021-41941
+ RESERVED
+CVE-2021-41940
+ RESERVED
+CVE-2021-41939
+ RESERVED
+CVE-2021-41938
+ RESERVED
+CVE-2021-41937
+ RESERVED
+CVE-2021-41936
+ RESERVED
+CVE-2021-41935
+ RESERVED
+CVE-2021-41934
+ RESERVED
+CVE-2021-41933
+ RESERVED
+CVE-2021-41932
+ RESERVED
+CVE-2021-41931 (The Company's Recruitment Management System in id=2 of the parameter f ...)
+ NOT-FOR-US: Company's Recruitment Management System
+CVE-2021-41930 (Cross site scripting (XSS) vulnerability in Sourcecodester Online Covi ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41929 (Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Mana ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41928 (SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41927
+ RESERVED
+CVE-2021-41926
+ RESERVED
+CVE-2021-41925
+ RESERVED
+CVE-2021-41924
+ RESERVED
+CVE-2021-41923
+ RESERVED
+CVE-2021-41922
+ RESERVED
+CVE-2021-41921
+ RESERVED
+CVE-2021-41920 (webTareas version 2.4 and earlier allows an unauthenticated user to pe ...)
+ NOT-FOR-US: webTareas
+CVE-2021-41919 (webTareas version 2.4 and earlier allows an authenticated user to arbi ...)
+ NOT-FOR-US: webTareas
+CVE-2021-41918 (webTareas version 2.4 and earlier allows an authenticated user to inje ...)
+ NOT-FOR-US: webTareas
+CVE-2021-41917 (webTareas version 2.4 and earlier allows an authenticated user to stor ...)
+ NOT-FOR-US: webTareas
+CVE-2021-41916 (A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version ...)
+ NOT-FOR-US: webTareas
+CVE-2021-41915
+ RESERVED
+CVE-2021-41914
+ RESERVED
+CVE-2021-41913
+ RESERVED
+CVE-2021-41912
+ RESERVED
+CVE-2021-41911
+ RESERVED
+CVE-2021-41910
+ RESERVED
+CVE-2021-41909
+ RESERVED
+CVE-2021-41908
+ RESERVED
+CVE-2021-41907
+ RESERVED
+CVE-2021-41906
+ RESERVED
+CVE-2021-41905
+ RESERVED
+CVE-2021-41904
+ RESERVED
+CVE-2021-41903
+ RESERVED
+CVE-2021-41902
+ RESERVED
+CVE-2021-41901
+ RESERVED
+CVE-2021-41900
+ RESERVED
+CVE-2021-41899
+ RESERVED
+CVE-2021-41898
+ RESERVED
+CVE-2021-41897
+ RESERVED
+CVE-2021-41896
+ RESERVED
+CVE-2021-41895
+ RESERVED
+CVE-2021-41894
+ RESERVED
+CVE-2021-41893
+ RESERVED
+CVE-2021-41892
+ RESERVED
+CVE-2021-41891
+ RESERVED
+CVE-2021-41890
+ RESERVED
+CVE-2021-41889
+ RESERVED
+CVE-2021-41888
+ RESERVED
+CVE-2021-41887
+ RESERVED
+CVE-2021-41886
+ RESERVED
+CVE-2021-41885
+ RESERVED
+CVE-2021-41884
+ RESERVED
+CVE-2021-41883
+ RESERVED
+CVE-2021-41882
+ RESERVED
+CVE-2021-41881
+ RESERVED
+CVE-2021-41880
+ RESERVED
+CVE-2021-41879
+ RESERVED
+CVE-2021-41878 (A reflected cross-site scripting (XSS) vulnerability exists in the i-P ...)
+ NOT-FOR-US: i-Panel Administration System
+CVE-2021-41877
+ RESERVED
+CVE-2021-41876
+ RESERVED
+CVE-2021-41875
+ RESERVED
+CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...)
+ NOT-FOR-US: Portainer
+CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...)
+ NOT-FOR-US: Penguin Aurora TV Box 41502
+CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...)
+ NOT-FOR-US: Skyworth Digital Technology Penguin Aurora Box 41502
+CVE-2021-41871 (An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper ...)
+ NOT-FOR-US: Socomec
+CVE-2021-41870 (An issue was discovered in the firmware update form in Socomec REMOTE ...)
+ NOT-FOR-US: Socomec
+CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...)
+ - onionshare <undetermined>
+ TODO: check details, exact fixing commits unclear
+CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...)
+ - onionshare <undetermined>
+ TODO: check details, exact fixing commits unclear
+CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...)
+ NOT-FOR-US: MyBB
+CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: chaskiq
+CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...)
+ NOT-FOR-US: GROWI
+CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...)
+ - nomad <not-affected> (Only affects 1.1.x)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311
+ NOTE: https://github.com/hashicorp/nomad/issues/11243
+ NOTE: https://github.com/hashicorp/nomad/pull/11257
+CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...)
+ {DLA-2843-1}
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a
+CVE-2021-41863
+ RESERVED
+CVE-2021-41862 (AviatorScript through 5.2.7 allows code execution via an expression th ...)
+ NOT-FOR-US: AviatorScript
+CVE-2021-41861 (The Telegram application 7.5.0 through 7.8.0 for Android does not prop ...)
+ NOT-FOR-US: Telegram for Android
+CVE-2021-41860
+ RESERVED
+CVE-2021-41859
+ RESERVED
+CVE-2021-41858
+ RESERVED
+CVE-2021-41857
+ RESERVED
+CVE-2021-41856
+ RESERVED
+CVE-2021-41855
+ RESERVED
+CVE-2021-41854
+ RESERVED
+CVE-2021-41853
+ RESERVED
+CVE-2021-41852
+ RESERVED
+CVE-2021-41851
+ RESERVED
+CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository adodb/a ...)
+ {DLA-2912-1}
+ - libphp-adodb <unfixed> (bug #1004376)
+ NOTE: https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29
+ NOTE: https://github.com/ADOdb/ADOdb/issues/793
+CVE-2021-3849
+ RESERVED
+CVE-2021-41850
+ RESERVED
+CVE-2021-41849
+ RESERVED
+CVE-2021-41848
+ RESERVED
+CVE-2021-41847 (An issue was discovered in 3xLogic Infinias Access Control through 6.7 ...)
+ NOT-FOR-US: 3xLogic
+CVE-2021-41846
+ RESERVED
+CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret Server ...)
+ NOT-FOR-US: ThycoticCentrify Secret Server
+CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and sanit ...)
+ NOT-FOR-US: Crocoblock JetEngine
+CVE-2021-41843 (An authenticated SQL injection issue in the calendar search function o ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41841 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41840 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41839 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41838 (An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41837 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...)
+ NOT-FOR-US: Insyde
+CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to una ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-3848 (An arbitrary file creation by privilege escalation vulnerability in Tr ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3847 [low-privileged user privileges escalation]
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3
+CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dangerou ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or Path ...)
+ NOT-FOR-US: ws-scrcpy
+CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...)
+ NOT-FOR-US: Apache OpenOffice
+CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...)
+ NOT-FOR-US: Apache OpenOffice
+CVE-2021-41830 (It is possible for an attacker to manipulate signed documents and macr ...)
+ NOT-FOR-US: Apache OpenOffice
+CVE-2021-3844
+ RESERVED
+CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity ...)
+ - nltk 3.6.7-1 (bug #1003142)
+ [bullseye] - nltk <no-dsa> (Minor issue)
+ [buster] - nltk <no-dsa> (Minor issue)
+ [stretch] - nltk <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a/
+ NOTE: https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d (3.6.6)
+CVE-2021-3841
+ RESERVED
+CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41828 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41827 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41826 (PlaceOS Authentication Service before 1.29.10.0 allows app/controllers ...)
+ NOT-FOR-US: PlaceOS Authentication Service
+CVE-2021-41825 (Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection ...)
+ NOT-FOR-US: Verint Workforce Optimization (WFO)
+CVE-2021-41824 (Craft CMS before 3.7.14 allows CSV injection. ...)
+ NOT-FOR-US: Craft CMS
+CVE-2021-41823
+ RESERVED
+CVE-2021-41822
+ RESERVED
+CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer U ...)
+ NOT-FOR-US: Wazuh
+CVE-2021-41820
+ RESERVED
+CVE-2021-41819 (CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ...)
+ {DSA-5067-1 DSA-5066-1 DLA-2853-1}
+ - ruby3.0 <unfixed> (bug #1002995)
+ - ruby2.7 2.7.5-1
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
+ NOTE: https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/
+ NOTE: Fixed by: https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5 (v0.3.1)
+CVE-2021-41818
+ RESERVED
+CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ...)
+ {DSA-5067-1 DSA-5066-1 DLA-2853-1}
+ - ruby3.0 <unfixed> (bug #1002995)
+ - ruby2.7 2.7.5-1
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9
+ NOTE: https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
+ NOTE: Fixed by: https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0 (v3.2.2)
+ NOTE: Followups to mimic previous behaviour:
+ NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2)
+ NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2)
+CVE-2021-41816 (CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integ ...)
+ {DSA-5067-1}
+ - ruby3.0 <unfixed> (bug #1002995)
+ - ruby2.7 2.7.5-1
+ - ruby2.5 <not-affected> (Vulnerable code introduced later)
+ - ruby2.3 <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed in Ruby 3.0.3, 2.7.5
+ NOTE: https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/
+ NOTE: Introduced by: https://github.com/ruby/cgi/commit/3a62e20f76ea42ff0b4d45f2952479eab266ae1c (v0.1.0)
+ NOTE: Fixed by: https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a (v0.3.1)
+CVE-2021-41815
+ RESERVED
+CVE-2021-41814
+ RESERVED
+CVE-2021-41813
+ RESERVED
+CVE-2021-41812
+ RESERVED
+CVE-2021-41811
+ RESERVED
+CVE-2021-41810
+ RESERVED
+CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...)
+ NOT-FOR-US: M-Files Server
+CVE-2021-41808 (In M-Files Server product with versions before 21.11.10775.0, enabling ...)
+ NOT-FOR-US: M-Files Server
+CVE-2021-41807 (Lack of rate limiting in M-Files Server and M-Files Web products with ...)
+ NOT-FOR-US: M-Files Server
+CVE-2021-41806
+ RESERVED
+CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...)
+ - consul <not-affected> (Only affects Consul Enterprise)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871
+CVE-2021-41804
+ RESERVED
+CVE-2021-41803
+ RESERVED
+CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-41801 (The ReplaceText extension through 1.41 for MediaWiki has Incorrect Acc ...)
+ {DSA-4979-1}
+ - mediawiki 1:1.35.4-1
+ [stretch] - mediawiki <not-affected> (The vulnerable code was introduced later)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
+ NOTE: https://phabricator.wikimedia.org/T279090
+CVE-2021-41800 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...)
+ {DSA-4979-1}
+ - mediawiki 1:1.35.4-1
+ [stretch] - mediawiki <not-affected> (The vulnerable code was introduced later)
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
+ NOTE: https://phabricator.wikimedia.org/T284419
+ NOTE: Fixed by https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874
+CVE-2021-41799 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...)
+ {DSA-4979-1 DLA-2779-1}
+ - mediawiki 1:1.35.4-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
+ NOTE: https://phabricator.wikimedia.org/T290379
+CVE-2021-41798 (MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages a ...)
+ {DSA-4979-1 DLA-2779-1}
+ - mediawiki 1:1.35.4-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/
+ NOTE: https://phabricator.wikimedia.org/T285515
+CVE-2021-41797
+ REJECTED
+CVE-2021-41796
+ REJECTED
+CVE-2021-41795 (The Safari app extension bundled with 1Password for Mac 7.7.0 through ...)
+ NOT-FOR-US: 1Password
+CVE-2021-41794 (ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a ...)
+ NOT-FOR-US: Open5GS
+CVE-2021-41793
+ RESERVED
+CVE-2021-41792 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...)
+ NOT-FOR-US: Hyland org.alfresco:alfresco-content-services
+CVE-2021-41791 (An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 a ...)
+ NOT-FOR-US: Hyland org.alfresco:share and Hyland org.alfresco:community-share
+CVE-2021-41790 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...)
+ NOT-FOR-US: Hyland org.alfresco:alfresco-content-services
+CVE-2021-41789 (In wifi driver, there is a possible system crash due to a missing vali ...)
+ NOT-FOR-US: Mediatek devices
+CVE-2021-41788 (MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-3840 (A dependency confusion vulnerability was reported in the Antilles open ...)
+ NOT-FOR-US: Antilles
+CVE-2021-41787
+ RESERVED
+CVE-2021-41786
+ RESERVED
+CVE-2021-41785
+ RESERVED
+CVE-2021-41784
+ RESERVED
+CVE-2021-41783
+ RESERVED
+CVE-2021-41782
+ RESERVED
+CVE-2021-41781
+ RESERVED
+CVE-2021-41780
+ RESERVED
+CVE-2021-41779
+ RESERVED
+CVE-2021-41778
+ RESERVED
+CVE-2021-41777
+ RESERVED
+CVE-2021-41776
+ RESERVED
+CVE-2021-41775
+ RESERVED
+CVE-2021-41774
+ RESERVED
+CVE-2021-41773 (A flaw was found in a change made to path normalization in Apache HTTP ...)
+ - apache2 2.4.50-1
+ [bullseye] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
+ [buster] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
+ [stretch] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41773
+ NOTE: Fixed by: https://svn.apache.org/r1893775
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/05/2
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1
+CVE-2021-3839
+ RESERVED
+CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reade ...)
+ - golang-1.17 1.17.3-1
+ - golang-1.16 1.16.10-1
+ - golang-1.15 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+ - golang-1.11 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+ - golang-1.8 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+ - golang-1.7 <not-affected> (Vulnerable code introduced later in go1.16beta1)
+ NOTE: https://github.com/golang/go/issues/48085
+ NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc
+ NOTE: Introduced in: https://github.com/golang/go/commit/1296ee6b4f9058be75c799513ccb488d2f2dd085 (go1.16beta1)
+ NOTE: https://github.com/golang/go/commit/b212ba68296b503b395e7d1838ca72a19030a6bf (go1.17.3)
+ NOTE: https://github.com/golang/go/commit/88407a8dd98411f1730907dc8a69b99488af0052 (go1.16.10)
+CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16 ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.17 1.17.3-1
+ - golang-1.16 1.16.10-1
+ - golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/48990
+ NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc
+ NOTE: https://github.com/golang/go/commit/4a842985bf3f71d93a2b1340d9d6685bebc12b6b (go1.17.3)
+ NOTE: https://github.com/golang/go/commit/d19c5bdb24e093a2d5097b7623284eb02726cede (go1.16.10)
+CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing valida ...)
+ NOT-FOR-US: Ping Identity PingFederate
+CVE-2021-3838
+ RESERVED
+CVE-2021-41769 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU v ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41768
+ RESERVED
+CVE-2021-41767 (Apache Guacamole 1.3.0 and older may incorrectly include a private tun ...)
+ - guacamole-client <unfixed>
+ [stretch] - guacamole-client <end-of-life> (unmaintained stretch-only package)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/6
+CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization ...)
+ NOT-FOR-US: openwhyd
+CVE-2021-41766 (Apache Karaf allows monitoring of applications and the Java runtime by ...)
+ - apache-karaf <itp> (bug #881297)
+CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External Entity R ...)
+ - dbeaver <itp> (bug #680987)
+ NOTE: https://github.com/dbeaver/dbeaver/commit/4debf8f25184b7283681ed3fb5e9e887d9d4fe22
+CVE-2021-3835 (Buffer overflow in usb device class. Zephyr versions &gt;= v2.6.0 cont ...)
+ NOT-FOR-US: zephyr-rtos
+CVE-2021-3834 (Integria IMS in its 5.0.92 version does not filter correctly some fiel ...)
+ NOT-FOR-US: Integria IMS
+CVE-2021-3833 (Integria IMS login check uses a loose comparator ("==") to compare the ...)
+ NOT-FOR-US: Integria IMS
+CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Exec ...)
+ NOT-FOR-US: Integria IMS
+CVE-2021-3831 (gnuboard5 is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: gnuboard5
+CVE-2021-41765 (A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of R ...)
+ NOT-FOR-US: ResourceSpace
+CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in Streama up ...)
+ NOT-FOR-US: Streama
+CVE-2021-41763
+ RESERVED
+CVE-2021-41762
+ RESERVED
+CVE-2021-41761
+ RESERVED
+CVE-2021-41760
+ RESERVED
+CVE-2021-41759
+ RESERVED
+CVE-2021-41758
+ RESERVED
+CVE-2021-41757
+ RESERVED
+CVE-2021-41756
+ RESERVED
+CVE-2021-41755
+ RESERVED
+CVE-2021-41754
+ RESERVED
+CVE-2021-41753 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41752
+ RESERVED
+CVE-2021-41751
+ RESERVED
+CVE-2021-41750
+ RESERVED
+CVE-2021-41749
+ RESERVED
+CVE-2021-41748
+ REJECTED
+CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...)
+ NOT-FOR-US: Csdn APP
+CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. ...)
+ NOT-FOR-US: Yonyou TurboCRM
+CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...)
+ NOT-FOR-US: yongyou PLM
+CVE-2021-41743
+ RESERVED
+CVE-2021-41742
+ RESERVED
+CVE-2021-41741
+ RESERVED
+CVE-2021-41740
+ RESERVED
+CVE-2021-41739
+ RESERVED
+CVE-2021-41738
+ RESERVED
+CVE-2021-41737
+ RESERVED
+CVE-2021-41736
+ RESERVED
+CVE-2021-41735
+ RESERVED
+CVE-2021-41734
+ RESERVED
+CVE-2021-41733 (Oppia 3.1.4 does not verify that certain URLs are valid before navigat ...)
+ NOT-FOR-US: Oppia
+CVE-2021-41732 (** DISPUTED ** An issue was discovered in zeek version 4.1.0. There is ...)
+ - zeek <unfixed> (unimportant)
+ NOTE: https://github.com/zeek/zeek/issues/1798
+ NOTE: Disputed validitity of the security issue
+CVE-2021-41731
+ RESERVED
+CVE-2021-41730
+ RESERVED
+CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerab ...)
+ NOT-FOR-US: BaiCloud-cms
+CVE-2021-41728 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41727
+ RESERVED
+CVE-2021-41726
+ RESERVED
+CVE-2021-41725
+ RESERVED
+CVE-2021-41724
+ RESERVED
+CVE-2021-41723
+ RESERVED
+CVE-2021-41722
+ RESERVED
+CVE-2021-41721
+ RESERVED
+CVE-2021-41720
+ REJECTED
+CVE-2021-41719
+ RESERVED
+CVE-2021-41718
+ RESERVED
+CVE-2021-41717
+ RESERVED
+CVE-2021-41716 (Maharashtra State Electricity Board Mahavitara Android Application 8.2 ...)
+ NOT-FOR-US: Maharashtra State Electricity Board Mahavitara Android Application
+CVE-2021-41715
+ RESERVED
+CVE-2021-41714
+ RESERVED
+CVE-2021-41713
+ RESERVED
+CVE-2021-41712
+ RESERVED
+CVE-2021-41711
+ RESERVED
+CVE-2021-41710
+ RESERVED
+CVE-2021-41709
+ RESERVED
+CVE-2021-41708
+ RESERVED
+CVE-2021-41707
+ RESERVED
+CVE-2021-41706
+ RESERVED
+CVE-2021-41705
+ RESERVED
+CVE-2021-41704
+ RESERVED
+CVE-2021-41703
+ RESERVED
+CVE-2021-41702
+ RESERVED
+CVE-2021-41701
+ RESERVED
+CVE-2021-41700
+ RESERVED
+CVE-2021-41699
+ RESERVED
+CVE-2021-41698
+ RESERVED
+CVE-2021-41697 (A reflected Cross Site Scripting (XSS) vulnerability exists in Premium ...)
+ NOT-FOR-US: Premiumdatingscript
+CVE-2021-41696 (An authentication bypass (account takeover) vulnerability exists in Pr ...)
+ NOT-FOR-US: Premiumdatingscript
+CVE-2021-41695 (An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 v ...)
+ NOT-FOR-US: Premiumdatingscript
+CVE-2021-41694 (An Incorrect Access Control vulnerability exists in Premiumdatingscrip ...)
+ NOT-FOR-US: Premiumdatingscript
+CVE-2021-41693
+ RESERVED
+CVE-2021-41692
+ RESERVED
+CVE-2021-41691
+ RESERVED
+CVE-2021-41690
+ RESERVED
+CVE-2021-41689
+ RESERVED
+CVE-2021-41688
+ RESERVED
+CVE-2021-41687
+ RESERVED
+CVE-2021-41686
+ RESERVED
+CVE-2021-41685
+ RESERVED
+CVE-2021-41684
+ RESERVED
+CVE-2021-41683
+ RESERVED
+CVE-2021-41682
+ RESERVED
+CVE-2021-41681
+ RESERVED
+CVE-2021-41680
+ RESERVED
+CVE-2021-41679 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+ NOT-FOR-US: openSIS
+CVE-2021-41678 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+ NOT-FOR-US: openSIS
+CVE-2021-41677 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+ NOT-FOR-US: openSIS
+CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...)
+ NOT-FOR-US: oretnom23 Pharmacy Point of Sale System
+CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosyo Syst ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41673
+ RESERVED
+CVE-2021-41672
+ RESERVED
+CVE-2021-41671
+ RESERVED
+CVE-2021-41670
+ RESERVED
+CVE-2021-41669
+ RESERVED
+CVE-2021-41668
+ RESERVED
+CVE-2021-41667
+ RESERVED
+CVE-2021-41666
+ RESERVED
+CVE-2021-41665
+ RESERVED
+CVE-2021-41664
+ RESERVED
+CVE-2021-41663
+ RESERVED
+CVE-2021-41662
+ RESERVED
+CVE-2021-41661
+ RESERVED
+CVE-2021-41660 (SQL injection vulnerability in Sourcecodester Patient Appointment Sche ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41659 (SQL injection vulnerability in Sourcecodester Banking System v1 by ore ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41658 (Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41657
+ RESERVED
+CVE-2021-41656
+ RESERVED
+CVE-2021-41655
+ RESERVED
+CVE-2021-41654
+ RESERVED
+CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-41652
+ RESERVED
+CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...)
+ NOT-FOR-US: Raymart DG / Ahmed Helal Hotel-mgmt-system
+CVE-2021-41650
+ RESERVED
+CVE-2021-41649 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...)
+ NOT-FOR-US: PuneethReddyHC online-shopping-system
+CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...)
+ NOT-FOR-US: PuneethReddyHC online-shopping-system
+CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...)
+ NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App
+CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Onl ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Bud ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in Sourcecodester Onli ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Chu ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41642
+ RESERVED
+CVE-2021-41641
+ RESERVED
+CVE-2021-41640
+ RESERVED
+CVE-2021-41639
+ RESERVED
+CVE-2021-41638
+ RESERVED
+CVE-2021-41637
+ RESERVED
+CVE-2021-41636
+ RESERVED
+CVE-2021-41635
+ RESERVED
+CVE-2021-41634
+ RESERVED
+CVE-2021-41633
+ RESERVED
+CVE-2021-41632
+ RESERVED
+CVE-2021-41631
+ RESERVED
+CVE-2021-41630
+ RESERVED
+CVE-2021-41629
+ RESERVED
+CVE-2021-41628
+ RESERVED
+CVE-2021-41627
+ RESERVED
+CVE-2021-41626
+ RESERVED
+CVE-2021-41625
+ RESERVED
+CVE-2021-41624
+ RESERVED
+CVE-2021-41623
+ RESERVED
+CVE-2021-41622
+ RESERVED
+CVE-2021-41621
+ RESERVED
+CVE-2021-41620
+ RESERVED
+CVE-2021-41619 (An issue was discovered in Gradle Enterprise before 2021.1.2. There is ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-41618
+ RESERVED
+CVE-2021-41616 (Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intende ...)
+ NOT-FOR-US: Apache DB DdlUtils
+CVE-2021-3830 (btcpayserver is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: btcpayserver
+CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...)
+ - openssh 1:8.7p1-1 (bug #995130)
+ [bullseye] - openssh <no-dsa> (Minor issue)
+ [buster] - openssh <no-dsa> (Minor issue)
+ [stretch] - openssh <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/26/1
+ NOTE: https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455
+ NOTE: https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde
+CVE-2021-41615
+ RESERVED
+CVE-2021-41614
+ RESERVED
+CVE-2021-41613
+ RESERVED
+CVE-2021-41612
+ RESERVED
+CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When ...)
+ - squid 5.2-1
+ [bullseye] - squid <not-affected> (Vulnerable code introduced later)
+ [buster] - squid <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r
+ NOTE: Fixed by: http://www.squid-cache.org/Versions/v5/changesets/squid-5-533b4359f16cf9ed15a6d709a57a4b06e4222cfe.patch
+CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: openwhyd
+CVE-2021-41610
+ REJECTED
+CVE-2021-41609 (SQL injection in the ID parameter of the UploadedImageDisplay.aspx end ...)
+ NOT-FOR-US: SelectSurvey.NET
+CVE-2021-41608 (A file disclosure vulnerability in the UploadedImageDisplay.aspx endpo ...)
+ NOT-FOR-US: SelectSurvey.NET
+CVE-2021-41607
+ RESERVED
+CVE-2021-41606
+ RESERVED
+CVE-2021-41605
+ RESERVED
+CVE-2021-41604
+ RESERVED
+CVE-2021-41603
+ RESERVED
+CVE-2021-41602
+ RESERVED
+CVE-2021-41601
+ RESERVED
+CVE-2021-41600
+ RESERVED
+CVE-2021-41599 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-41598 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-41594
+ RESERVED
+CVE-2021-41593 (Lightning Labs lnd before 0.13.3-beta allows loss of funds because of ...)
+ NOT-FOR-US: Lightning Labs lnd
+CVE-2021-41592 (Blockstream c-lightning through 0.10.1 allows loss of funds because of ...)
+ NOT-FOR-US: Blockstream c-lightning
+CVE-2021-41591 (ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC ex ...)
+ NOT-FOR-US: ACINQ Eclair
+CVE-2021-41590 (In Gradle Enterprise through 2021.3, probing of the server-side networ ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-41589 (In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node be ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-41588 (In Gradle Enterprise before 2021.1.3, a crafted request can trigger de ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-41587 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-41586 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-3828 (nltk is vulnerable to Inefficient Regular Expression Complexity ...)
+ - nltk 3.6.5-1 (bug #995226)
+ [bullseye] - nltk <no-dsa> (Minor issue)
+ [buster] - nltk <no-dsa> (Minor issue)
+ [stretch] - nltk <no-dsa> (Minor issue)
+ NOTE: https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6
+ NOTE: https://github.com/nltk/nltk/pull/2816
+CVE-2021-41585 (Improper Input Validation vulnerability in accepting socket connection ...)
+ - trafficserver <not-affected> (Only affects FreeBSD)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/pull/8456/
+ NOTE: https://github.com/apache/trafficserver/commit/268b540edae0b3e51d033795a4dd7404a5756a93 (master)
+ NOTE: https://github.com/apache/trafficserver/commit/2b078741ecf14cbc7f5773b3e14ef0c1d3cf4cfb (8.1.x)
+CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a ...)
+ NOT-FOR-US: Gradle Enterprise
+CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...)
+ NOT-FOR-US: vpn-user-portal
+CVE-2021-41582
+ RESERVED
+CVE-2021-41581 (x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints. ...)
+ - libressl <itp> (bug #754513)
+ NOTE: Affected code not present in any OpenSSL version in Bullseye/Buster/Stretch
+CVE-2021-41580 (** DISPUTED ** The passport-oauth2 package before 1.6.1 for Node.js mi ...)
+ NOT-FOR-US: Node passport-oauth2
+CVE-2021-41579 (LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass ...)
+ NOT-FOR-US: LCDS LAquis SCADA
+CVE-2021-41578 (mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks ...)
+ NOT-FOR-US: mySCADA myDESIGNER
+CVE-2021-41577
+ RESERVED
+CVE-2021-41576
+ RESERVED
+CVE-2021-41575
+ RESERVED
+CVE-2021-41574
+ RESERVED
+CVE-2021-41573 (Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows info ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-3827
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2021-41572
+ RESERVED
+CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper that do ...)
+ NOT-FOR-US: Apache Pulsar
+CVE-2021-41570
+ RESERVED
+CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Th ...)
+ NOT-FOR-US: SAS/Intrnet
+CVE-2021-3826
+ RESERVED
+CVE-2021-41568 (Tad Web is vulnerable to authorization bypass, thus remote attackers c ...)
+ NOT-FOR-US: Tad Web
+CVE-2021-41567 (The new add subject parameter of Tad Uploader view book list function ...)
+ NOT-FOR-US: Tad Uploader
+CVE-2021-41566 (The file extension of the TadTools file upload function fails to filte ...)
+ NOT-FOR-US: TadTools
+CVE-2021-41565 (TadTools special page parameter does not properly restrict the input o ...)
+ NOT-FOR-US: TadTools
+CVE-2021-41564 (Tad Honor viewing book list function is vulnerable to authorization by ...)
+ NOT-FOR-US: Tad Honor
+CVE-2021-41563 (Tad Book3 editing book function does not filter special characters. Un ...)
+ NOT-FOR-US: Tad Book3
+CVE-2021-41562 (A vulnerability in Snow Snow Agent for Windows allows a non-admin user ...)
+ NOT-FOR-US: Snow Snow Agent for Windows
+CVE-2021-41561 (Improper Input Validation vulnerability in Parquet-MR of Apache Parque ...)
+ NOT-FOR-US: Apache Parquet
+CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk software is ...)
+ NOT-FOR-US: LiderAhenk
+CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...)
+ NOT-FOR-US: OpenVPN Access Server
+CVE-2021-3823 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: jsoneditor
+CVE-2021-41560 (OpenCATS through 0.9.6 allows remote attackers to execute arbitrary co ...)
+ NOT-FOR-US: OpenCATS
+CVE-2021-41559
+ RESERVED
+CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...)
+ NOT-FOR-US: set_user extension for Postgres
+CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site ...)
+ NOT-FOR-US: Sofico
+CVE-2021-41556
+ RESERVED
+CVE-2021-41555 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...)
+ NOT-FOR-US: ARCHIBUS Web Central
+CVE-2021-41554 (** UNSUPPORTED WHEN ASSIGNED ** ARCHIBUS Web Central 21.3.3.815 (a ver ...)
+ NOT-FOR-US: ARCHIBUS Web Central
+CVE-2021-41553 (** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a ...)
+ NOT-FOR-US: ARCHIBUS Web Central
+CVE-2021-41552 (CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injec ...)
+ NOT-FOR-US: CommScope
+CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...)
+ NOT-FOR-US: Leostream Connection Broker
+CVE-2021-41550 (Leostream Connection Broker 9.0.40.17 allows administrator to upload a ...)
+ NOT-FOR-US: Leostream Connection Broker
+CVE-2021-41549
+ RESERVED
+CVE-2021-41548
+ RESERVED
+CVE-2021-41547 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41545
+ RESERVED
+CVE-2021-41544
+ RESERVED
+CVE-2021-41543
+ RESERVED
+CVE-2021-41542
+ RESERVED
+CVE-2021-41541
+ RESERVED
+CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41538 (A vulnerability has been identified in NX 1953 Series (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41535 (A vulnerability has been identified in NX 1953 Series (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41534 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41533 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-41532 (In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to O ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if ...)
+ - routinator <itp> (bug #929024)
+ NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-41531.txt
+CVE-2021-41530 (Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, ...)
+ NOT-FOR-US: Forcepoint NGFW Engine
+CVE-2021-41529
+ RESERVED
+CVE-2021-41528
+ RESERVED
+CVE-2021-41527
+ RESERVED
+CVE-2021-41526
+ RESERVED
+CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...)
+ NOT-FOR-US: FlexNet
+CVE-2021-3821
+ RESERVED
+CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: Nodejs inflect
+ NOTE: https://github.com/pksunkara/inflect
+CVE-2021-41524 (While fuzzing the 2.4.49 httpd, a new null pointer dereference was det ...)
+ - apache2 2.4.50-1
+ [bullseye] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
+ [buster] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
+ [stretch] - apache2 <not-affected> (Vulnerable code not present, only affects 2.4.49)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41524
+ NOTE: Fixed by: https://svn.apache.org/r1893655
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/05/1
+CVE-2021-3819 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3818 (grav is vulnerable to Reliance on Cookies without Validation and Integ ...)
+ NOT-FOR-US: Grav CMS
+CVE-2021-3817 (wbce_cms is vulnerable to Improper Neutralization of Special Elements ...)
+ NOT-FOR-US: wbce_cms
+CVE-2021-41523
+ RESERVED
+CVE-2021-41522
+ RESERVED
+CVE-2021-41521
+ RESERVED
+CVE-2021-41520
+ RESERVED
+CVE-2021-41519
+ RESERVED
+CVE-2021-41518
+ RESERVED
+CVE-2021-41517
+ RESERVED
+CVE-2021-41516
+ RESERVED
+CVE-2021-41515
+ RESERVED
+CVE-2021-41514
+ RESERVED
+CVE-2021-41513
+ RESERVED
+CVE-2021-41512
+ RESERVED
+CVE-2021-41511 (The username and password field of login in Lodging Reservation Manage ...)
+ NOT-FOR-US: Lodging Reservation Management System
+CVE-2021-41510
+ RESERVED
+CVE-2021-41509
+ RESERVED
+CVE-2021-41508
+ RESERVED
+CVE-2021-41507
+ RESERVED
+CVE-2021-41506
+ RESERVED
+CVE-2021-41505
+ RESERVED
+CVE-2021-41504 (** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41503 (** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41502
+ RESERVED
+CVE-2021-41501
+ RESERVED
+CVE-2021-41500 (Incomplete string comparison vulnerability exits in cvxopt.org cvxop & ...)
+ - cvxopt 1.2.7+dfsg-1
+ [bullseye] - cvxopt <no-dsa> (Minor issue)
+ [buster] - cvxopt <no-dsa> (Minor issue)
+ [stretch] - cvxopt <no-dsa> (Minor issue)
+ NOTE: https://github.com/cvxopt/cvxopt/issues/193
+CVE-2021-41499 (Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo &lt; ...)
+ - python-pyo 1.0.4-1
+ [stretch] - python-pyo <no-dsa> (Minor issue)
+ NOTE: https://github.com/belangeo/pyo/issues/222
+ NOTE: https://github.com/belangeo/pyo/commit/e7e6d2880469b523e4c41f0da2087a6a3eec4a45 (1.0.4)
+CVE-2021-41498 (Buffer overflow in ajaxsoundstudio.com Pyo &amp;lt and 1.03 in the Ser ...)
+ - python-pyo 1.0.4-1
+ [stretch] - python-pyo <no-dsa> (Minor issue)
+ NOTE: https://github.com/belangeo/pyo/issues/221
+ NOTE: https://github.com/belangeo/pyo/commit/017702c73332a8560c8554a36250a6da587a2418 (1.0.4)
+CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in RaRe-Techn ...)
+ NOT-FOR-US: RaRe-Technologies bounter
+CVE-2021-41496 (** DISPUTED ** Buffer overflow in the array_from_pyobj function of for ...)
+ - numpy <unfixed>
+ [bullseye] - numpy <no-dsa> (Minor issue)
+ NOTE: https://github.com/numpy/numpy/issues/19000
+ NOTE: https://github.com/numpy/numpy/pull/20630
+ NOTE: https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2
+CVE-2021-41495 (** DISPUTED ** Null Pointer Dereference vulnerability exists in numpy. ...)
+ - numpy <unfixed>
+ [bullseye] - numpy <no-dsa> (Minor issue)
+ NOTE: https://github.com/numpy/numpy/issues/19038
+ TODO: check for classification/severity
+CVE-2021-41494
+ RESERVED
+CVE-2021-41493
+ RESERVED
+CVE-2021-41492 (Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41491
+ RESERVED
+CVE-2021-41490
+ RESERVED
+CVE-2021-41489
+ RESERVED
+CVE-2021-41488
+ RESERVED
+CVE-2021-41487
+ RESERVED
+CVE-2021-41486
+ RESERVED
+CVE-2021-41485
+ RESERVED
+CVE-2021-41484
+ RESERVED
+CVE-2021-41483
+ RESERVED
+CVE-2021-41482
+ RESERVED
+CVE-2021-41481
+ RESERVED
+CVE-2021-41480
+ RESERVED
+CVE-2021-41479
+ RESERVED
+CVE-2021-41478
+ RESERVED
+CVE-2021-41477
+ RESERVED
+CVE-2021-41476
+ RESERVED
+CVE-2021-41475
+ RESERVED
+CVE-2021-41474
+ RESERVED
+CVE-2021-41473
+ RESERVED
+CVE-2021-41472 (SQL injection vulnerability in Sourcecodester Simple Membership System ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41471 (SQL injection vulnerability in Sourcecodester South Gate Inn Online Re ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-41470
+ RESERVED
+CVE-2021-41469
+ RESERVED
+CVE-2021-41468
+ RESERVED
+CVE-2021-41467 (Cross-site scripting (XSS) vulnerability in application/controllers/dr ...)
+ NOT-FOR-US: JustWriting
+CVE-2021-41466
+ RESERVED
+CVE-2021-41465 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+ NOT-FOR-US: concrete5-legacy
+CVE-2021-41464 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+ NOT-FOR-US: concrete5-legacy
+CVE-2021-41463 (Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/a ...)
+ NOT-FOR-US: concrete5-legacy
+CVE-2021-41462 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+ NOT-FOR-US: concrete5-legacy
+CVE-2021-41461 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...)
+ NOT-FOR-US: concrete5-legacy
+CVE-2021-41460
+ RESERVED
+CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
+ - gpac <unfixed>
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/issues/1912
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339
+CVE-2021-41458
+ RESERVED
+CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...)
+ - gpac <unfixed>
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/issues/1909
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619
+CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...)
+ - gpac <unfixed>
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/issues/1911
+ NOTE: Fixed by: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e
+CVE-2021-41455
+ RESERVED
+CVE-2021-41454
+ RESERVED
+CVE-2021-41453
+ RESERVED
+CVE-2021-41452
+ RESERVED
+CVE-2021-41451 (A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 al ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35, RAX38, and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-41448
+ RESERVED
+CVE-2021-41447
+ RESERVED
+CVE-2021-41446
+ RESERVED
+CVE-2021-41445 (A reflected cross-site-scripting attack in web application of D-Link D ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41444
+ RESERVED
+CVE-2021-41443
+ RESERVED
+CVE-2021-41442 (An HTTP smuggling attack in the web application of D-Link DIR-X1860 be ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41441 (A DoS attack in the web application of D-Link DIR-X1860 before v1.10WW ...)
+ NOT-FOR-US: D-Link
+CVE-2021-41440
+ RESERVED
+CVE-2021-41439
+ RESERVED
+CVE-2021-41438
+ RESERVED
+CVE-2021-41437
+ RESERVED
+CVE-2021-41436 (An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX ...)
+ NOT-FOR-US: ASUS
+CVE-2021-41435 (A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapt ...)
+ NOT-FOR-US: ASUS
+CVE-2021-41434
+ RESERVED
+CVE-2021-41433
+ RESERVED
+CVE-2021-41432
+ RESERVED
+CVE-2021-41431
+ RESERVED
+CVE-2021-41430
+ RESERVED
+CVE-2021-41429
+ RESERVED
+CVE-2021-41428
+ REJECTED
+CVE-2021-41427 (Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) v ...)
+ NOT-FOR-US: Beeline Smart Box
+CVE-2021-41426 (Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery ( ...)
+ NOT-FOR-US: Beeline Smart Box
+CVE-2021-41425
+ RESERVED
+CVE-2021-41424
+ RESERVED
+CVE-2021-41423
+ RESERVED
+CVE-2021-41422
+ RESERVED
+CVE-2021-41421
+ RESERVED
+CVE-2021-41420
+ RESERVED
+CVE-2021-41419
+ RESERVED
+CVE-2021-41418
+ RESERVED
+CVE-2021-41417
+ RESERVED
+CVE-2021-41416
+ RESERVED
+CVE-2021-41415
+ RESERVED
+CVE-2021-41414
+ RESERVED
+CVE-2021-41413
+ RESERVED
+CVE-2021-41412
+ RESERVED
+CVE-2021-41411
+ RESERVED
+CVE-2021-41410
+ RESERVED
+CVE-2021-41409
+ RESERVED
+CVE-2021-41408
+ RESERVED
+CVE-2021-41407
+ RESERVED
+CVE-2021-41406
+ RESERVED
+CVE-2021-41405
+ RESERVED
+CVE-2021-41404
+ RESERVED
+CVE-2021-41403
+ RESERVED
+CVE-2021-41402
+ RESERVED
+CVE-2021-41401
+ RESERVED
+CVE-2021-41400
+ RESERVED
+CVE-2021-41399
+ RESERVED
+CVE-2021-41398
+ RESERVED
+CVE-2021-41397
+ RESERVED
+CVE-2021-41396
+ RESERVED
+CVE-2021-41395 (Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to contro ...)
+ NOT-FOR-US: Teleport
+CVE-2021-41394 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...)
+ NOT-FOR-US: Teleport
+CVE-2021-41393 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...)
+ NOT-FOR-US: Teleport
+CVE-2021-41392 (static/main-preload.js in Boost Note through 0.22.0 allows remote comm ...)
+ NOT-FOR-US: BoostNote
+CVE-2021-41391 (In Ericsson ECM before 18.0, it was observed that Security Management ...)
+ NOT-FOR-US: Ericsson ECM
+CVE-2021-41390 (In Ericsson ECM before 18.0, it was observed that Security Provider En ...)
+ NOT-FOR-US: Ericsson ECM
+CVE-2021-41389
+ RESERVED
+CVE-2021-41388 (Netskope client prior to 89.x on macOS is impacted by a local privileg ...)
+ NOT-FOR-US: Netskope
+CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation b ...)
+ - seatd <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E
+CVE-2021-41386
+ RESERVED
+CVE-2021-41385 (The third party intelligence connector in Securonix SNYPR 6.3.1 Build ...)
+ NOT-FOR-US: third party intelligence connector in Securonix SNYPR
+CVE-2021-41384
+ RESERVED
+CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute ...)
+ NOT-FOR-US: Netgear
+CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server managem ...)
+ NOT-FOR-US: Plastic SCM
+CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory Traversal. ...)
+ NOT-FOR-US: Payara Micro Community
+CVE-2021-3816 (Cacti 1.1.38 allows authenticated users with User Management permissio ...)
+ - cacti 1.2.1+ds1-1
+ [stretch] - cacti <not-affected> (user_group_admin.php not present, added in 1.0)
+ NOTE: https://github.com/Cacti/cacti/issues/1882
+ NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1)
+CVE-2021-41380 (** DISPUTED ** RealVNC Viewer 6.21.406 allows remote VNC servers to ca ...)
+ NOT-FOR-US: RealVNC
+CVE-2021-41379 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41378 (Windows NTFS Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41377 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41376 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41375 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41374 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41373 (FSLogix Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41372 (Power BI Report Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41371 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41370 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41369
+ RESERVED
+CVE-2021-41368 (Microsoft Access Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41367 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41366 (Credential Security Support Provider Protocol (CredSSP) Elevation of P ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41365 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41364
+ RESERVED
+CVE-2021-41363 (Intune Management Extension Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41362
+ RESERVED
+CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41360 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41359
+ RESERVED
+CVE-2021-41358
+ RESERVED
+CVE-2021-41357 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41356 (Windows Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41355 (.NET Core and Visual Studio Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft .NET
+CVE-2021-41354 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41353 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41352 (SCOM Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41351 (Microsoft Edge (Chrome based) Spoofing on IE Mode ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41350 (Microsoft Exchange Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41349 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41348 (Microsoft Exchange Server Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41347 (Windows AppX Deployment Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41346 (Console Window Host Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41345 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41344 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41343 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41342 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41341
+ RESERVED
+CVE-2021-41340 (Windows Graphics Component Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41339 (Microsoft DWM Core Library Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41338 (Windows AppContainer Firewall Rules Security Feature Bypass Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41337 (Active Directory Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41336 (Windows Kernel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41335 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41334 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41333 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41332 (Windows Print Spooler Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41331 (Windows Media Audio Decoder Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41330 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-41329 (Datalust Seq before 2021.2.6259 allows users (with view filters applie ...)
+ NOT-FOR-US: Datalust Seq
+CVE-2021-41328
+ RESERVED
+CVE-2021-41327
+ RESERVED
+CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles p ...)
+ NOT-FOR-US: MISP
+CVE-2021-41325 (Broken access control for user creation in Pydio Cells 2.2.9 allows re ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Pydio Ce ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...)
+ NOT-FOR-US: Pydio Cells
+CVE-2021-41322 (Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin ...)
+ NOT-FOR-US: Poly VVX 400/410
+CVE-2021-41321
+ RESERVED
+CVE-2021-41320 (A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4 ...)
+ NOT-FOR-US: Wallstreet Suite TRM
+CVE-2021-41319
+ RESERVED
+CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...)
+ NOT-FOR-US: Progress WhatsUp Gold
+CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...)
+ NOT-FOR-US: XSS Hunter Express
+CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...)
+ NOT-FOR-US: Device42 Main Appliance
+CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize user i ...)
+ NOT-FOR-US: Device42 Remote Collector
+CVE-2021-3815 (utils.js is vulnerable to Improperly Controlled Modification of Object ...)
+ NOT-FOR-US: fabiocaccamo/utils.js
+CVE-2021-3814
+ RESERVED
+CVE-2021-3813 (Improper Privilege Management in GitHub repository chatwoot/chatwoot p ...)
+ NOT-FOR-US: chatwoot
+CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41311 (Affected versions of Atlassian Jira Server and Data Center allow attac ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41309 (Affected versions of Atlassian Jira Server and Data Center allow a use ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41306 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41305 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-41304 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: adminlte
+CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: adminlte
+CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: code-server
+CVE-2021-3809
+ RESERVED
+CVE-2021-3808
+ RESERVED
+CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity ...)
+ - node-ansi-regex 5.0.1-1 (bug #994568)
+ [bullseye] - node-ansi-regex 5.0.1-1~deb11u1
+ [buster] - node-ansi-regex 3.0.0-1+deb10u1
+ [stretch] - node-ansi-regex <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
+ NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1)
+CVE-2021-3806 (A path traversal vulnerability on Pardus Software Center's "extractArc ...)
+ NOT-FOR-US: Pardus Software Center
+CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...)
+ - node-object-path 0.11.8-1
+ [bullseye] - node-object-path 0.11.5-3+deb11u1
+ [buster] - node-object-path <no-dsa> (Minor issue)
+ [stretch] - node-object-path <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053
+ NOTE: https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6
+CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...)
+ - shiro <unfixed>
+ [bullseye] - shiro <no-dsa> (Minor issue)
+ [buster] - shiro <no-dsa> (Minor issue)
+ [stretch] - shiro <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1
+CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in clear-te ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41301 (ECOA BAS controller is vulnerable to configuration disclosure when dir ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41300 (ECOA BAS controller&#8217;s special page displays user account and pas ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41299 (ECOA BAS controller is vulnerable to hard-coded credentials within its ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41298 (ECOA BAS controller is vulnerable to insecure direct object references ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41297 (ECOA BAS controller is vulnerable to weak access control mechanism all ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41296 (ECOA BAS controller uses weak set of default administrative credential ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41295 (ECOA BAS controller has a Cross-Site Request Forgery vulnerability, th ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41294 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41293 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41292 (ECOA BAS controller suffers from an authentication bypass vulnerabilit ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content disclosure v ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and path trav ...)
+ NOT-FOR-US: ECOA BAS controller
+CVE-2021-41289 (ASUS P453UJ contains the Improper Restriction of Operations within the ...)
+ NOT-FOR-US: ASUS
+CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerable to ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41287
+ RESERVED
+CVE-2021-41286 (Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authent ...)
+ NOT-FOR-US: Omikron MultiCash Desktop
+CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: NervJS Taro
+CVE-2021-41285 (Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escal ...)
+ NOT-FOR-US: Ballistix MOD Utility
+CVE-2021-41284
+ RESERVED
+CVE-2021-41283
+ RESERVED
+CVE-2021-41282
+ RESERVED
+CVE-2021-41281 (Synapse is a package for Matrix homeservers written in Python 3/Twiste ...)
+ - matrix-synapse 1.47.1-1 (bug #1000451)
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c
+ NOTE: https://github.com/matrix-org/synapse/commit/91f2bd0907f1d05af67166846988e49644eb650c
+CVE-2021-41280 (Sharetribe Go is a source available marketplace software. In affected ...)
+ NOT-FOR-US: Sharetribe Go
+CVE-2021-41279 (BaserCMS is an open source content management system with a focus on J ...)
+ NOT-FOR-US: BaserCMS
+CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing necessary ...)
+ NOT-FOR-US: EdgeX
+CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...)
+ NOT-FOR-US: Metabase
+CVE-2021-41276 (Tuleap is a Libre and Open Source tool for end to end traceability of ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-41275 (spree_auth_devise is an open source library which provides authenticat ...)
+ NOT-FOR-US: spree_auth_devise
+CVE-2021-41274 (solidus_auth_devise provides authentication services for the Solidus w ...)
+ NOT-FOR-US: solidus_auth_devise
+CVE-2021-41273 (Pterodactyl is an open-source game server management panel built with ...)
+ NOT-FOR-US: Pterodactyl
+CVE-2021-41272 (Besu is an Ethereum client written in Java. Starting in version 21.10. ...)
+ NOT-FOR-US: Hyperledger Besu
+CVE-2021-41271 (Discourse is a platform for community discussion. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data structur ...)
+ - symfony 4.4.19+dfsg-3
+ [bullseye] - symfony <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - symfony <not-affected> (Vulnerable code and support for csv_escape_formulas introduced in 4.1)
+ [stretch] - symfony <not-affected> (Vulnerable code and support for csv_escape_formulas introduced in 4.1)
+ NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x
+ NOTE: https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8 (v4.4.35)
+ NOTE: https://symfony.com/blog/cve-2021-41270-prevent-csv-injection-via-formulas
+CVE-2021-41269 (cron-utils is a Java library to define, parse, validate, migrate crons ...)
+ NOT-FOR-US: cron-utils Java library
+CVE-2021-41268 (Symfony/SecurityBundle is the security system for Symfony, a PHP frame ...)
+ - symfony <not-affected> (Vulnerable code never in released version in unstable)
+ NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr
+ NOTE: https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc (v5.3.12)
+CVE-2021-41267 (Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP fr ...)
+ - symfony <not-affected> (Vulnerable code never in released version in unstable)
+ NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
+ NOTE: https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487 (v5.3.12)
+CVE-2021-41266 (Minio console is a graphical user interface for the for MinIO operator ...)
+ NOT-FOR-US: Minio console
+CVE-2021-41265 (Flask-AppBuilder is a development framework built on top of Flask. Ver ...)
+ - flask-appbuilder <itp> (bug #998029)
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-m3rf-7m4w-r66q
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/releases/tag/v3.3.4
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/eba517aab121afa3f3f2edb011ec6bc4efd61fbc (3.3.4)
+CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract development. In ...)
+ NOT-FOR-US: OpenZeppelin Contracts
+CVE-2021-41263 (rails_multisite provides multi-db support for Rails applications. In a ...)
+ NOT-FOR-US: rails_multisite
+CVE-2021-41262 (Galette is a membership management web application built for non profi ...)
+ - galette <removed>
+CVE-2021-41261 (Galette is a membership management web application built for non profi ...)
+ - galette <removed>
+CVE-2021-41260 (Galette is a membership management web application built for non profi ...)
+ - galette <removed>
+CVE-2021-41259 (Nim is a systems programming language with a focus on efficiency, expr ...)
+ - nim <unfixed>
+ [bullseye] - nim <no-dsa> (Minor issue)
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <no-dsa> (Minor issue)
+ NOTE: https://github.com/nim-lang/security/security/advisories/GHSA-3gg2-rw3q-qwgc
+CVE-2021-41258 (Kirby is an open source file structured CMS. In affected versions Kirb ...)
+ NOT-FOR-US: Kirby
+CVE-2021-41257
+ RESERVED
+CVE-2021-41256 (nextcloud news-android is an Android client for the Nextcloud news/fee ...)
+ NOT-FOR-US: nextcloud news-android App
+CVE-2021-41255
+ RESERVED
+CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running ...)
+ NOT-FOR-US: kustomize-controller
+CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v ...)
+ - zydis 3.2.1-1 (bug #999431)
+ NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g
+ NOTE: Fixed by: https://github.com/zyantific/zydis/commit/55dd08c210722aed81b38132f5fd4a04ec1943b5 (master)
+ NOTE: Fixed by: https://github.com/zyantific/zydis/commit/330b259583ade789886ce11af2ebcd030097dcbf (v3.2.1)
+CVE-2021-41252 (Kirby is an open source file structured CMS ### Impact Kirby's writer ...)
+ NOT-FOR-US: Kirby
+CVE-2021-41251 (@sap-cloud-sdk/core contains the core functionality of the SAP Cloud S ...)
+ NOT-FOR-US: SAP
+CVE-2021-41250 (Python discord bot is the community bot for the Python Discord communi ...)
+ NOT-FOR-US: Python discord bot
+CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL focused ...)
+ NOT-FOR-US: GraphQL Playground
+CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, GraphQL IDE ...)
+ NOT-FOR-US: GraphiQL
+CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...)
+ - jupyterhub 2.0.0+ds1-1
+ NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7
+ NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27
+CVE-2021-41246 (Express OpenID Connect is express JS middleware implementing sign on f ...)
+ NOT-FOR-US: Express OpenID Connect
+CVE-2021-41245
+ RESERVED
+CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...)
+ - grafana <removed>
+CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command Injection V ...)
+ NOT-FOR-US: baserCMS
+CVE-2021-41242 (OpenOlat is a web-basedlearning management system. A path traversal vu ...)
+ NOT-FOR-US: OpenOlat
+CVE-2021-41241
+ RESERVED
+CVE-2021-41240
+ RESERVED
+CVE-2021-41239
+ RESERVED
+CVE-2021-41238 (Hangfire is an open source system to perform background job processing ...)
+ NOT-FOR-US: Hangfire
+CVE-2021-41237
+ RESERVED
+CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In affected versio ...)
+ NOT-FOR-US: OroPlatform
+CVE-2021-41235
+ RESERVED
+CVE-2021-41234
+ RESERVED
+CVE-2021-41233
+ RESERVED
+CVE-2021-41232 (Thunderdome is an open source agile planning poker tool in the theme o ...)
+ NOT-FOR-US: Thunderdome
+CVE-2021-41231
+ RESERVED
+CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affected ve ...)
+ NOT-FOR-US: Pomerium
+CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...)
+ {DLA-2827-1}
+ - bluez 5.62-2 (bug #1000262)
+ [bullseye] - bluez <no-dsa> (Minor issue)
+ [buster] - bluez <no-dsa> (Minor issue)
+ NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq
+ NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d939483328489fb835bb425d36f7c7c73d52c388 (4.0)
+ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e79417ed7185b150a056d4eb3a1ab528b91d2fc0
+CVE-2021-41228 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41227 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41226 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41225 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41224 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41223 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41222 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41221 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41220 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41219 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41218 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41217 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41216 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41215 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41214 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41213 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41212 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41211 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41210 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41209 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41208 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41207 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41206 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41205 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41204 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41203 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41202 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41201 (TensorFlow is an open source platform for machine learning. In affeced ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41200 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41199 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41198 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41197 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41196 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41195 (TensorFlow is an open source platform for machine learning. In affecte ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps new use ...)
+ NOT-FOR-US: FirstUseAuthenticator for JupyterHub
+CVE-2021-41193
+ RESERVED
+CVE-2021-41192 (Redash is a package for data visualization and sharing. If an admin se ...)
+ NOT-FOR-US: Redash
+CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. ...)
+ NOT-FOR-US: Roblox-Purchasing-Hub
+CVE-2021-41190 (The OCI Distribution Spec project defines an API protocol to facilitat ...)
+ NOT-FOR-US: OCI Distribution Specification
+ NOTE: Issue in the OCI Distribution Specification. Software mitigations are applied to
+ NOTE: containerd/1.5.8~ds1-1 and golang-github-opencontainers-image-spec/1.0.2-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/10
+ NOTE: https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
+ NOTE: https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh
+CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...)
+ NOT-FOR-US: DSpace
+CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...)
+ NOT-FOR-US: Shopware
+CVE-2021-41187 (DHIS 2 is an information system for data capture, management, validati ...)
+ NOT-FOR-US: DHIS
+CVE-2021-41186 (Fluentd collects events from various data sources and writes them to f ...)
+ - fluentd <itp> (bug #926692)
+CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...)
+ NOT-FOR-US: Mycodo
+CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+ - jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
+ [stretch] - jqueryui <no-dsa> (Minor issue)
+ NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
+ NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
+CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+ {DLA-2889-1}
+ - drupal7 <removed>
+ - jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
+ [stretch] - jqueryui <no-dsa> (Minor issue)
+ NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
+ NOTE: https://bugs.jqueryui.com/ticket/15284
+ NOTE: https://github.com/jquery/jquery-ui/pull/1953
+ NOTE: https://www.drupal.org/sa-core-2022-001
+CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+ {DLA-2889-1}
+ - drupal7 <removed>
+ - jqueryui 1.13.0+dfsg-1
+ [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
+ [stretch] - jqueryui <no-dsa> (Minor issue)
+ NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
+ NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
+ NOTE: https://www.drupal.org/sa-core-2022-002
+CVE-2021-41181
+ RESERVED
+CVE-2021-41180
+ RESERVED
+CVE-2021-41179 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-41178 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-41177 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...)
+ NOT-FOR-US: Pterodactyl
+CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central locatio ...)
+ NOT-FOR-US: Pi-hole
+CVE-2021-41174 (Grafana is an open-source platform for monitoring and observability. I ...)
+ - grafana <removed>
+CVE-2021-41173 (Go Ethereum is the official Golang implementation of the Ethereum prot ...)
+ - golang-github-go-ethereum <itp> (bug #890541)
+CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for ...)
+ NOT-FOR-US: AntSword plugin for Redis
+CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...)
+ NOT-FOR-US: eLabFTW
+CVE-2021-41170 (neoan3-apps/template is a neoan3 minimal template engine. Versions pri ...)
+ NOT-FOR-US: neoan3-apps/template
+CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...)
+ NOT-FOR-US: Sulu
+CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser used ...)
+ NOT-FOR-US: Snudown
+CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...)
+ NOT-FOR-US: modern-async
+CVE-2021-41166 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...)
+ NOT-FOR-US: Nextcloud Android app
+CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...)
+ - ckeditor <unfixed> (bug #999909)
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ [stretch] - ckeditor <no-dsa> (Minor issue)
+ NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0)
+CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions ...)
+ - ckeditor <unfixed> (bug #999909)
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ [stretch] - ckeditor <no-dsa> (Minor issue)
+ NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0)
+CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...)
+ NOT-FOR-US: Discourse
+CVE-2021-41162
+ RESERVED
+CVE-2021-41161
+ RESERVED
+CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
+ - freerdp2 2.4.1+dfsg1-1 (bug #1001062)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg
+ NOTE: https://github.com/FreeRDP/FreeRDP/pull/7349
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/217e0caa181fc1690cf84dd6a3ba1a4f90c02692
+CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
+ - freerdp2 2.4.1+dfsg1-1 (bug #1001061)
+ [bullseye] - freerdp2 <no-dsa> (Minor issue)
+ [buster] - freerdp2 <no-dsa> (Minor issue)
+ - freerdp <removed>
+ [stretch] - freerdp <no-dsa> (Minor issue)
+ NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/d39a7ba5c38e3ba3b99b1558dc2ab0970cbfb0c5 (Stable 2.0 backports)
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/f0b44da67c09488178000725ff9f2729ccfdf9fe
+CVE-2021-41158 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
+ - freeswitch <itp> (bug #389591)
+ NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4
+CVE-2021-41157 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
+ - freeswitch <itp> (bug #389591)
+ NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj
+CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In affected ...)
+ NOT-FOR-US: anuko/timetracker
+CVE-2021-41155 (Tuleap is a Free &amp; Open Source Suite to improve management of soft ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-41154 (Tuleap is a Free &amp; Open Source Suite to improve management of soft ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...)
+ NOT-FOR-US: Rust evm crate
+CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...)
+ NOT-FOR-US: OpenOlat
+CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...)
+ NOT-FOR-US: Backstage
+CVE-2021-41150 (Tough provides a set of Rust libraries and tools for using and generat ...)
+ NOT-FOR-US: Tough
+CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and generat ...)
+ NOT-FOR-US: Tough
+CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-41146 (qutebrowser is an open source keyboard-focused browser with a minimal ...)
+ - qutebrowser <not-affected> (Only affects Windows)
+ NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm
+ NOTE: https://github.com/qutebrowser/qutebrowser/commit/8f46ba3f6dc7b18375f7aa63c48a1fe461190430
+ NOTE: Additional hardening for potential similar issues on Linux were added, but
+ NOTE: are not fixing a security vulnerability.
+CVE-2021-41145 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
+ - freeswitch <itp> (bug #389591)
+ NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
+CVE-2021-41144
+ RESERVED
+CVE-2021-41143
+ RESERVED
+CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...)
+ NOT-FOR-US: Tuleap
+CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...)
+ - pjproject <removed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc
+ NOTE: https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196
+CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...)
+ NOT-FOR-US: Discourse plugin
+CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...)
+ NOT-FOR-US: Frontier
+CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users ...)
+ NOT-FOR-US: Minio
+CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...)
+ - puma 5.5.2-1
+ [stretch] - puma <no-dsa> (Minor issue)
+ NOTE: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
+ NOTE: https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f
+CVE-2021-41135 (The Cosmos-SDK is a framework for building blockchain applications in ...)
+ NOT-FOR-US: Cosmos-SDK
+CVE-2021-41134 (nbdime provides tools for diffing and merging of Jupyter Notebooks. In ...)
+ - nbdime <itp> (bug #975509)
+CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...)
+ NOT-FOR-US: OMERO.web
+CVE-2021-41131 (python-tuf is a Python reference implementation of The Update Framewor ...)
+ - python-tuf <itp> (bug #934151)
+CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...)
+ NOT-FOR-US: Extensible Service Proxy
+CVE-2021-41129 (Pterodactyl is an open-source game server management panel built with ...)
+ NOT-FOR-US: Pterodactyl
+CVE-2021-41128 (Hygeia is an application for collecting and processing personal and ca ...)
+ NOT-FOR-US: Hygeia
+CVE-2021-41127 (Rasa is an open source machine learning framework to automate text-and ...)
+ NOT-FOR-US: Rasa
+CVE-2021-41126 (October is a Content Management System (CMS) and web platform built on ...)
+ NOT-FOR-US: October CMS
+CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for Python. ...)
+ - python-scrapy 2.5.1-1
+ [bullseye] - python-scrapy <no-dsa> (Minor issue)
+ [buster] - python-scrapy <no-dsa> (Minor issue)
+ [stretch] - python-scrapy <no-dsa> (Minor issue)
+ NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498
+CVE-2021-41124 (Scrapy-splash is a library which provides Scrapy and JavaScript integr ...)
+ NOT-FOR-US: Scrapy-splash
+CVE-2021-41123 (Survey Solutions is a survey management and data collection system. In ...)
+ NOT-FOR-US: Survey Solutions
+CVE-2021-41122 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...)
+ NOT-FOR-US: Vyper
+CVE-2021-41121 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...)
+ NOT-FOR-US: Vyper
+CVE-2021-41120 (sylius/paypal-plugin is a paypal plugin for the Sylius development pla ...)
+ NOT-FOR-US: sylius/paypal-plugin
+CVE-2021-41119
+ RESERVED
+CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...)
+ NOT-FOR-US: DynamicPageList3 MediaWiki Extension
+CVE-2021-41117 (keypair is a a RSA PEM key generator written in javascript. keypair im ...)
+ NOT-FOR-US: keypair
+CVE-2021-41116 (Composer is an open source dependency manager for the PHP language. In ...)
+ - composer <not-affected> (Only affects Windows)
+ NOTE: https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf
+ NOTE: https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa
+CVE-2021-41115 (Zulip is an open source team chat server. In affected versions Zulip a ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-41114 (TYPO3 is an open source PHP based web content management system releas ...)
+ NOT-FOR-US: Typo3
+CVE-2021-41113 (TYPO3 is an open source PHP based web content management system releas ...)
+ NOT-FOR-US: Typo3
+CVE-2021-41112
+ RESERVED
+CVE-2021-41111
+ RESERVED
+CVE-2021-41110 (cwlviewer is a web application to view and share Common Workflow Langu ...)
+ NOT-FOR-US: cwlviewer
+CVE-2021-41109 (Parse Server is an open source backend that can be deployed to any inf ...)
+ NOT-FOR-US: Parse Server
+CVE-2021-41108
+ RESERVED
+CVE-2021-41107
+ RESERVED
+CVE-2021-41106 (JWT is a library to work with JSON Web Token and JSON Web Signature. P ...)
+ NOT-FOR-US: PHP lcobucci/jwt
+CVE-2021-41105 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
+ - freeswitch <itp> (bug #389591)
+ NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36
+CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...)
+ NOT-FOR-US: ESPHome
+CVE-2021-41103 (containerd is an open source container runtime with an emphasis on sim ...)
+ {DSA-5002-1}
+ - containerd 1.5.7~ds1-1
+ NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
+ NOTE: https://github.com/containerd/containerd/commit/403846c9540f5bfdaf1fe5349cce5fd3bc60f507 (v1.4.11)
+ NOTE: https://github.com/containerd/containerd/commit/38532c6ed7bb9dd683ba9eaca62dd7cce0330cbb (v1.4.11)
+ NOTE: https://github.com/containerd/containerd/commit/0b1bde38546a9283a52cf4970e01fd0f09b0ac4a (v1.4.11)
+CVE-2021-41102
+ RESERVED
+CVE-2021-41101 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
+ NOT-FOR-US: wire-server
+CVE-2021-41100 (Wire-server is the backing server for the open source wire secure mess ...)
+ NOT-FOR-US: wire-server
+CVE-2021-41099 (Redis is an open source, in-memory database that persists on disk. An ...)
+ {DSA-5001-1 DLA-2810-1}
+ - redis 5:6.0.16-1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph
+CVE-2021-41098 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...)
+ - ruby-nokogiri <not-affected> (jruby implementation not shiped)
+ NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h
+ NOTE: https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d
+CVE-2021-41097 (aurelia-path is part of the Aurelia platform and contains utilities fo ...)
+ NOT-FOR-US: Aurelia
+CVE-2021-41096 (Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 a ...)
+ NOT-FOR-US: Rucky for Android
+CVE-2021-41095 (Discourse is an open source discussion platform. There is a cross-site ...)
+ NOT-FOR-US: Discourse
+CVE-2021-41094 (Wire is an open source secure messenger. Users of Wire by Bund may byp ...)
+ NOT-FOR-US: Wire by Bund
+CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if the a ...)
+ NOT-FOR-US: Wire iOS
+CVE-2021-41092 (Docker CLI is the command line interface for the docker container runt ...)
+ - docker.io 20.10.10+dfsg1-1 (bug #998292)
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
+ [buster] - docker.io <no-dsa> (Minor issue)
+ NOTE: https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
+ NOTE: https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
+CVE-2021-41091 (Moby is an open-source project created by Docker to enable software co ...)
+ - docker.io 20.10.10+dfsg1-1
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
+ [buster] - docker.io <no-dsa> (Minor issue)
+ NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
+ NOTE: https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
+CVE-2021-41090 (Grafana Agent is a telemetry collector for sending metrics, logs, and ...)
+ NOT-FOR-US: Grafana Agent
+CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...)
+ - docker.io 20.10.10+dfsg1-1
+ [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1
+ [buster] - docker.io <no-dsa> (Minor issue)
+ NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
+CVE-2021-41088 (Elvish is a programming language and interactive shell, combined into ...)
+ - elvish 0.14.0-1
+ [buster] - elvish <no-dsa> (Minor issue)
+ NOTE: https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r
+ NOTE: https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5
+CVE-2021-41087 (in-toto-golang is a go implementation of the in-toto framework to prot ...)
+ NOT-FOR-US: in-toto Go implementation (different from src:in-toto)
+CVE-2021-41086 (jsuites is an open source collection of common required javascript web ...)
+ NOT-FOR-US: jsuites
+CVE-2021-41085
+ RESERVED
+CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected version ...)
+ NOT-FOR-US: Http4s
+CVE-2021-41083 (Dada Mail is a web-based e-mail list management system. In affected ve ...)
+ NOT-FOR-US: Dada Mail
+CVE-2021-41082 (Discourse is a platform for community discussion. In affected versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-41081 (Zoho ManageEngine Network Configuration Manager before &#65279;&#65279 ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41080 (Zoho ManageEngine Network Configuration Manager before &#65279;&#65279 ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10. ...)
+ {DSA-4986-1 DLA-2764-1}
+ - tomcat9 9.0.53-1
+ - tomcat8 <removed>
+ NOTE: https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E
+ NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44)
+ NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64)
+CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity ...)
+ - node-nth-check 2.0.1-1
+ [bullseye] - node-nth-check <no-dsa> (Minor issue)
+ [buster] - node-nth-check <no-dsa> (Minor issue)
+ [stretch] - node-nth-check <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726 (v2.0.1)
+ NOTE: https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0/
+ NOTE: https://github.com/advisories/GHSA-rp65-9cf3-cjxr
+CVE-2021-3802 (A vulnerability found in udisks2. This flaw allows an attacker to inpu ...)
+ {DLA-2809-1}
+ - udisks2 2.9.4-1
+ [bullseye] - udisks2 2.9.2-2+deb11u1
+ [buster] - udisks2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649
+ NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
+ NOTE: https://github.com/storaged-project/udisks/commit/38d90a433bda0fc0f2a409f6baa12c3958893571 (udisks-2.9.4)
+CVE-2021-41078 (Nameko through 2.13.0 can be tricked into performing arbitrary code ex ...)
+ NOT-FOR-US: Nameko
+CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression Complexity ...)
+ - node-prismjs 1.25.0+dfsg-1
+ [bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u1
+ NOTE: https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9
+CVE-2021-41077 (The activation process in Travis CI, for certain 2021-09-03 through 20 ...)
+ NOT-FOR-US: Travis CI
+CVE-2021-41076
+ REJECTED
+CVE-2021-41075 (The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vu ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-41074
+ RESERVED
+CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 ...)
+ {DSA-4978-1}
+ - linux 5.14.6-2
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2
+CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...)
+ {DSA-4987-1 DLA-2789-1}
+ - squashfs-tools 1:4.5-3 (bug #994262)
+ NOTE: Prerequisites:
+ NOTE: https://github.com/plougher/squashfs-tools/commit/80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36
+ NOTE: https://github.com/plougher/squashfs-tools/commit/1993a4e7aeda04962bf26e84c15fba8b58837e10
+ NOTE: https://github.com/plougher/squashfs-tools/commit/9938154174756ee48a94ea0b076397a2944b028d
+ NOTE: Fixed by: https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd
+ NOTE: Followup fix: https://github.com/plougher/squashfs-tools/commit/19fcc9365dcdb2c22d232d42d11012940df64b7c
+ NOTE: https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405
+CVE-2021-41071
+ REJECTED
+CVE-2021-41070
+ REJECTED
+CVE-2021-41069
+ RESERVED
+CVE-2021-41068
+ RESERVED
+CVE-2021-41067 (An issue was discovered in Listary through 6. Improper implementation ...)
+ NOT-FOR-US: Listary
+CVE-2021-41066 (An issue was discovered in Listary through 6. When Listary is configur ...)
+ NOT-FOR-US: Listary
+CVE-2021-41065 (An issue was discovered in Listary through 6. An attacker can create a ...)
+ NOT-FOR-US: Listary
+CVE-2021-41064
+ RESERVED
+CVE-2021-41063 (SQL injection vulnerability was discovered in Aanderaa GeoView Webserv ...)
+ NOT-FOR-US: Aanderaa GeoView Webservice
+CVE-2021-41062
+ RESERVED
+CVE-2021-41061 (In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee8201 ...)
+ NOT-FOR-US: RIOT-OS
+CVE-2021-41060
+ RESERVED
+CVE-2021-41059
+ RESERVED
+CVE-2021-41058
+ RESERVED
+CVE-2021-41057 (In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles s ...)
+ NOT-FOR-US: WIBU
+CVE-2021-41056
+ RESERVED
+CVE-2021-41055 (Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a ...)
+ {DSA-5064-1}
+ - python-nbxmpp 2.0.4-1
+ [buster] - python-nbxmpp <not-affected> (Vulnerable code not present)
+ [stretch] - python-nbxmpp <not-affected> (Vulnerable code introduced later (modules added in v1.0.0))
+ NOTE: https://dev.gajim.org/gajim/gajim/-/issues/10638
+ NOTE: https://dev.gajim.org/gajim/python-nbxmpp/-/commit/8a626829d7c4b14077f764e61b1d1e867d21413f
+ NOTE: Fix in python-nbxmpp, and gajim 1.3.3 bumps depends on required nbxmpp version.
+CVE-2021-41053
+ RESERVED
+CVE-2021-41052
+ RESERVED
+CVE-2021-41051
+ RESERVED
+CVE-2021-41050
+ RESERVED
+CVE-2021-41049
+ RESERVED
+CVE-2021-41048
+ RESERVED
+CVE-2021-41047
+ RESERVED
+CVE-2021-41046
+ RESERVED
+CVE-2021-41045
+ RESERVED
+CVE-2021-41044
+ RESERVED
+CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other confirm ...)
+ - tcpslice <unfixed> (bug #1003190)
+ [bullseye] - tcpslice <no-dsa> (Minor issue)
+ [buster] - tcpslice <no-dsa> (Minor issue)
+ [stretch] - tcpslice <no-dsa> (Minor issue)
+ NOTE: https://github.com/the-tcpdump-group/tcpslice/issues/11
+ NOTE: https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a (tcpslice-1.5)
+CVE-2021-41042
+ RESERVED
+CVE-2021-41041
+ RESERVED
+CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoA ...)
+ NOT-FOR-US: Eclipse Wakaama
+CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...)
+ - mosquitto <unfixed> (bug #1001028)
+ [buster] - mosquitto <not-affected> (Vulnerable code introduced later)
+ [stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314
+ NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/9d6a73f9f72005c2f19a262f15d28327eedea91f (v2.0.12)
+CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior ...)
+ NOT-FOR-US: Eclipse Theia
+CVE-2021-41037
+ RESERVED
+CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...)
+ - paho.mqtt.c <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/eclipse/paho.mqtt.embedded-c/issues/96
+CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...)
+ NOT-FOR-US: Eclipse OpenJ9
+CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...)
+ NOT-FOR-US: Eclipse Che
+CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...)
+ NOT-FOR-US: Eclipse Equinox
+CVE-2021-41032
+ RESERVED
+CVE-2021-41031
+ RESERVED
+CVE-2021-41030 (An authentication bypass by capture-replay vulnerability [CWE-294] in ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41029 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41028 (A combination of a use of hard-coded cryptographic key vulnerability [ ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41026
+ RESERVED
+CVE-2021-41025 (Multiple vulnerabilities in the authentication mechanism of confd in F ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41024 (A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41023 (A unprotected storage of credentials in Fortinet FortiSIEM Windows Age ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-41022 (A improper privilege management in Fortinet FortiSIEM Windows Agent ve ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-41021 (A privilege escalation vulnerability in FortiNAC versions 8.8.8 and be ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41020
+ RESERVED
+CVE-2021-41019 (An improper validation of certificate with host mismatch [CWE-297] vul ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-41018 (A improper neutralization of special elements used in an os command (' ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some web API co ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41016 (A improper neutralization of special elements used in a command ('comm ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41015 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41014 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41013 (An improper access control vulnerability [CWE-284] in FortiWeb version ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-41012
+ RESERVED
+CVE-2021-41011 (LINE client for iOS before 11.15.0 might expose authentication informa ...)
+ NOT-FOR-US: LINE client for iOS
+CVE-2021-41010
+ RESERVED
+CVE-2021-41009
+ RESERVED
+CVE-2021-41008
+ RESERVED
+CVE-2021-41007
+ RESERVED
+CVE-2021-41006
+ RESERVED
+CVE-2021-41005
+ RESERVED
+CVE-2021-41004
+ RESERVED
+CVE-2021-41003
+ RESERVED
+CVE-2021-41002
+ RESERVED
+CVE-2021-41001
+ RESERVED
+CVE-2021-41000
+ RESERVED
+CVE-2021-40999 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40998 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40997 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40996 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40995 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40994 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40993 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40992 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40991 (A remote disclosure of sensitive information vulnerability was discove ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40990 (A remote disclosure of sensitive information vulnerability was discove ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40989 (A local escalation of privilege vulnerability was discovered in Aruba ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40988 (A remote directory traversal vulnerability was discovered in Aruba Cle ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40987 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-3800
+ RESERVED
+CVE-2021-40985 (Buffer overflow vulnerability in htmldoc before 1.9.12, allows attacke ...)
+ - htmldoc 1.9.13-1 (unimportant)
+ [bullseye] - htmldoc 1.9.11-4+deb11u1
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/444
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43 (v1.9.13)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-40984
+ RESERVED
+CVE-2021-40983
+ RESERVED
+CVE-2021-40982
+ RESERVED
+CVE-2021-40981 (ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain p ...)
+ NOT-FOR-US: ASUS ROG Armoury Crate Lite
+CVE-2021-40980
+ RESERVED
+CVE-2021-40979
+ RESERVED
+CVE-2021-40978 (** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory t ...)
+ - python-mkdocs <unfixed> (unimportant)
+ NOTE: https://github.com/mkdocs/mkdocs/issues/2601
+CVE-2021-40977
+ RESERVED
+CVE-2021-40976
+ RESERVED
+CVE-2021-40975 (Cross-site scripting (XSS) vulnerability in application/modules/admin/ ...)
+ NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
+CVE-2021-40974
+ RESERVED
+CVE-2021-40973 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ - spotweb <removed> (unimportant)
+ NOTE: https://github.com/spotweb/spotweb/issues/711
+ NOTE: Issue only in the installer
+CVE-2021-40972 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ - spotweb <removed> (unimportant)
+ NOTE: https://github.com/spotweb/spotweb/issues/711
+ NOTE: Issue only in the installer
+CVE-2021-40971 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ - spotweb <removed> (unimportant)
+ NOTE: https://github.com/spotweb/spotweb/issues/711
+ NOTE: Issue only in the installer
+CVE-2021-40970 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ - spotweb <removed> (unimportant)
+ NOTE: https://github.com/spotweb/spotweb/issues/711
+ NOTE: Issue only in the installer
+CVE-2021-40969 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ - spotweb <removed> (unimportant)
+ NOTE: https://github.com/spotweb/spotweb/issues/711
+ NOTE: Issue only in the installer
+CVE-2021-40968 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...)
+ - spotweb <removed> (unimportant)
+ NOTE: https://github.com/spotweb/spotweb/issues/711
+ NOTE: Issue only in the installer
+CVE-2021-40967
+ RESERVED
+CVE-2021-40966 (A Stored XSS exists in TinyFileManager All version up to and including ...)
+ NOT-FOR-US: TinyFileManager
+CVE-2021-40965 (A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileMa ...)
+ NOT-FOR-US: TinyFileManager
+CVE-2021-40964 (A Path Traversal vulnerability exists in TinyFileManager all version u ...)
+ NOT-FOR-US: TinyFileManager
+CVE-2021-40963
+ RESERVED
+CVE-2021-40962
+ RESERVED
+CVE-2021-40961
+ RESERVED
+CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...)
+ NOT-FOR-US: Galera WebTemplate
+CVE-2021-40959
+ RESERVED
+CVE-2021-40958
+ RESERVED
+CVE-2021-40957
+ RESERVED
+CVE-2021-40956
+ RESERVED
+CVE-2021-40955
+ RESERVED
+CVE-2021-40954
+ RESERVED
+CVE-2021-40953
+ RESERVED
+CVE-2021-40952
+ RESERVED
+CVE-2021-40951
+ RESERVED
+CVE-2021-40950
+ RESERVED
+CVE-2021-40949
+ RESERVED
+CVE-2021-40948
+ RESERVED
+CVE-2021-40947
+ RESERVED
+CVE-2021-40946
+ RESERVED
+CVE-2021-40945
+ RESERVED
+CVE-2021-40944
+ RESERVED
+CVE-2021-40943
+ RESERVED
+CVE-2021-40942
+ RESERVED
+CVE-2021-40941
+ RESERVED
+CVE-2021-40940
+ RESERVED
+CVE-2021-40939
+ RESERVED
+CVE-2021-40938
+ RESERVED
+CVE-2021-40937
+ RESERVED
+CVE-2021-40936
+ RESERVED
+CVE-2021-40935
+ RESERVED
+CVE-2021-40934
+ RESERVED
+CVE-2021-40933
+ RESERVED
+CVE-2021-40932
+ RESERVED
+CVE-2021-40931
+ RESERVED
+CVE-2021-40930
+ RESERVED
+CVE-2021-40929
+ RESERVED
+CVE-2021-40928 (Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta d ...)
+ NOT-FOR-US: FlexTV
+CVE-2021-40927 (Cross-site scripting (XSS) vulnerability in callback.php in Spotify-fo ...)
+ NOT-FOR-US: Spotify-for-Alfred
+CVE-2021-40926 (Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in g ...)
+ - php-getid3 1.9.21+dfsg-1 (unimportant)
+ NOTE: https://github.com/JamesHeinrich/getID3/issues/341
+ NOTE: https://github.com/JamesHeinrich/getID3/commit/0163ba96f7fc64765e499847c2373b1f994797c5 (v1.9.21)
+ NOTE: XSS issue in demo file
+CVE-2021-40925 (Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php ...)
+ NOT-FOR-US: infaveo-helpdesk
+CVE-2021-40924 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...)
+ NOT-FOR-US: Pixeline Bugs
+CVE-2021-40923 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...)
+ NOT-FOR-US: Pixeline Bugs
+CVE-2021-40922 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...)
+ NOT-FOR-US: Pixeline Bugs
+CVE-2021-40921 (Cross-site scripting (XSS) vulnerability in _contactform.inc.php in De ...)
+ NOT-FOR-US: Detector
+CVE-2021-40920
+ RESERVED
+CVE-2021-40919
+ RESERVED
+CVE-2021-40918
+ RESERVED
+CVE-2021-40917
+ RESERVED
+CVE-2021-40916
+ RESERVED
+CVE-2021-40915
+ RESERVED
+CVE-2021-40914
+ RESERVED
+CVE-2021-40913
+ RESERVED
+CVE-2021-40912
+ RESERVED
+CVE-2021-40911
+ RESERVED
+CVE-2021-40910
+ RESERVED
+CVE-2021-40909 (Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD wi ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purchase Or ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40907 (SQL injection vulnerability in Sourcecodester Storage Unit Rental Mana ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40906
+ RESERVED
+CVE-2021-40905
+ RESERVED
+CVE-2021-40904
+ RESERVED
+CVE-2021-40903
+ RESERVED
+CVE-2021-40902
+ RESERVED
+CVE-2021-40901
+ RESERVED
+CVE-2021-40900
+ RESERVED
+CVE-2021-40899
+ RESERVED
+CVE-2021-40898
+ RESERVED
+CVE-2021-40897
+ RESERVED
+CVE-2021-40896
+ RESERVED
+CVE-2021-40895
+ RESERVED
+CVE-2021-40894
+ RESERVED
+CVE-2021-40893
+ RESERVED
+CVE-2021-40892
+ RESERVED
+CVE-2021-40891
+ RESERVED
+CVE-2021-40890
+ RESERVED
+CVE-2021-40889 (CMSUno version 1.7.2 is affected by a PHP code execution vulnerability ...)
+ NOT-FOR-US: CMSUno
+CVE-2021-40888 (Projectsend version r1295 is affected by Cross Site Scripting (XSS) du ...)
+ NOT-FOR-US: Projectsend
+CVE-2021-40887 (Projectsend version r1295 is affected by a directory traversal vulnera ...)
+ NOT-FOR-US: Projectsend
+CVE-2021-40886 (Projectsend version r1295 is affected by a directory traversal vulnera ...)
+ NOT-FOR-US: Projectsend
+CVE-2021-40885
+ RESERVED
+CVE-2021-40884 (Projectsend version r1295 is affected by sensitive information disclos ...)
+ NOT-FOR-US: Projectsend
+CVE-2021-40883 (A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via ...)
+ NOT-FOR-US: emlog
+CVE-2021-40882 (A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via ...)
+ - piwigo <removed>
+CVE-2021-40881 (An issue in the BAT file parameters of PublicCMS v4.0 allows attackers ...)
+ NOT-FOR-US: PublicCMS
+CVE-2021-40880
+ RESERVED
+CVE-2021-40879
+ RESERVED
+CVE-2021-40878
+ RESERVED
+CVE-2021-40877
+ RESERVED
+CVE-2021-40876
+ RESERVED
+CVE-2021-40875 (Improper Access Control in Gurock TestRail versions &lt; 7.2.0.3014 re ...)
+ NOT-FOR-US: Gurock TestRail
+CVE-2021-40874 [RESTServer pwdConfirm always returns true with Combination + Kerberos]
+ RESERVED
+ [experimental] - lemonldap-ng 2.0.14~exp+ds-1
+ - lemonldap-ng <unfixed> (bug #1005302)
+ [bullseye] - lemonldap-ng <no-dsa> (Minor issue)
+ [buster] - lemonldap-ng <no-dsa> (Minor issue)
+ [stretch] - lemonldap-ng <no-dsa> (Minor issue)
+ NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612
+ NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/66946e8f754812b375768c2124937137c856fe0c
+CVE-2021-40873 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...)
+ NOT-FOR-US: Softing Industrial Automation
+CVE-2021-40872 (An issue was discovered in Softing Industrial Automation uaToolkit Emb ...)
+ NOT-FOR-US: Softing Industrial Automation
+CVE-2021-40871 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...)
+ NOT-FOR-US: Softing Industrial Automation
+CVE-2021-40870 (An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.192 ...)
+ NOT-FOR-US: Aviatrix Controller
+CVE-2021-40869
+ RESERVED
+CVE-2021-40868 (In Cloudron 6.2, the returnTo parameter on the login page is vulnerabl ...)
+ NOT-FOR-US: Cloudron
+CVE-2021-40867 (Certain NETGEAR smart switches are affected by an authentication hijac ...)
+ NOT-FOR-US: Netgear
+CVE-2021-40866 (Certain NETGEAR smart switches are affected by a remote admin password ...)
+ NOT-FOR-US: Netgear
+CVE-2021-3799 (grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI ...)
+ NOT-FOR-US: Grav CMS
+CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buff ...)
+ {DLA-2820-1}
+ - atftp 0.7.git20210915-1 (bug #994895)
+ [bullseye] - atftp 0.7.git20120829-3.3+deb11u1
+ [buster] - atftp 0.7.git20120829-3.2~deb10u2
+ NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/
+CVE-2021-3798 [Soft token does not check if an EC key is valid]
+ RESERVED
+ - opencryptoki <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780
+ NOTE: Introduced with: https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3 (v3.15.0)
+ NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0
+CVE-2021-40865 (An Unsafe Deserialization vulnerability exists in the worker services ...)
+ NOT-FOR-US: Apache Storm
+CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison ...)
+ NOT-FOR-US: Hestia Control Panel
+CVE-2021-3796 (vim is vulnerable to Use After Free ...)
+ {DLA-2876-1}
+ - vim 2:8.2.3455-1 (bug #994497)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/
+ NOTE: https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 (v8.2.3428)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1
+CVE-2021-3795 (semver-regex is vulnerable to Inefficient Regular Expression Complexit ...)
+ NOT-FOR-US: Node semver-regex
+CVE-2021-3794 (vuelidate is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: vuelidate for Vue.js
+CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFIC ...)
+ NOT-FOR-US: Translate plugin for ONLYOFFICE Document Server
+CVE-2021-40863
+ RESERVED
+CVE-2021-40862 (HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoi ...)
+ NOT-FOR-US: HashiCorp Terraform Enterprise
+CVE-2021-40861 (A SQL Injection in the custom filter query component in Genesys intell ...)
+ NOT-FOR-US: Genesys
+CVE-2021-40860 (A SQL Injection in the custom filter query component in Genesys intell ...)
+ NOT-FOR-US: Genesys
+CVE-2021-40859 (Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B dev ...)
+ NOT-FOR-US: Auerswald
+CVE-2021-40858 (Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Discl ...)
+ NOT-FOR-US: Auerswald COMpact 5500R devices
+CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation ...)
+ NOT-FOR-US: Auerswald COMpact 5500R devices
+CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...)
+ NOT-FOR-US: Auerswald
+CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before ...)
+ NOT-FOR-US: EU Technical Specifications for Digital COVID Certificates
+CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...)
+ NOT-FOR-US: AnyDesk
+CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-40852 (TCMAN GIM is affected by an open redirect vulnerability. This vulnerab ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-40851 (TCMAN GIM is vulnerable to a lack of authorization in all available we ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-40850 (TCMAN GIM is vulnerable to a SQL injection vulnerability inside severa ...)
+ NOT-FOR-US: TCMAN GIM
+CVE-2021-40849 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account a ...)
+ - mahara <removed>
+CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV ...)
+ - mahara <removed>
+CVE-2021-40847 (The update process of the Circle Parental Control Service on various N ...)
+ NOT-FOR-US: Netgear
+CVE-2021-40846
+ RESERVED
+CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, ca ...)
+ NOT-FOR-US: Zenitel
+CVE-2021-40844
+ RESERVED
+CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe deseria ...)
+ NOT-FOR-US: Proofpoint
+CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...)
+ NOT-FOR-US: Proofpoint
+CVE-2021-40841 (A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 all ...)
+ NOT-FOR-US: LiveConfig
+CVE-2021-40840 (A Stored XSS issue exists in the admin/users user administration form ...)
+ NOT-FOR-US: LiveConfig
+CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...)
+ - python-rencode 1.0.6-2
+ [bullseye] - python-rencode <no-dsa> (Minor issue)
+ [buster] - python-rencode <no-dsa> (Minor issue)
+ [stretch] - python-rencode <no-dsa> (Minor issue)
+ NOTE: https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
+ NOTE: https://github.com/aresch/rencode/pull/29
+CVE-2021-40838
+ RESERVED
+CVE-2021-40837 (A vulnerability affecting F-Secure antivirus engine before Capricorn u ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...)
+ NOT-FOR-US: Safe Browser for iOS
+CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...)
+ NOT-FOR-US: F-secure
+CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-40831 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...)
+ NOT-FOR-US: AWS IoT Device SDK
+CVE-2021-40830 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...)
+ NOT-FOR-US: AWS IoT Device SDK
+CVE-2021-40829 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...)
+ NOT-FOR-US: AWS IoT Device SDK
+CVE-2021-40828 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...)
+ NOT-FOR-US: AWS IoT Device SDK
+CVE-2021-40827 (Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) ...)
+ - clementine <unfixed> (unimportant)
+ NOTE: https://voidsec.com/advisories/cve-2021-40827/
+ NOTE: Bogus report with hardly useful details whether affects clementine/gstreamer, but
+ NOTE: regardless just a crash in a CLI tool
+CVE-2021-40826 (Clementine Music Player through 1.3.1 is vulnerable to a User Mode Wri ...)
+ - clementine <unfixed> (unimportant)
+ NOTE: https://voidsec.com/advisories/cve-2021-40826/
+ NOTE: Bogus report with hardly useful details whether affects clementine/gstreamer, but
+ NOTE: regardless just a crash in a CLI tool
+CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software prior to 1.1 ...)
+ NOT-FOR-US: nLight ECLYPSE (nECY) system Controllers
+CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...)
+ NOT-FOR-US: matrix-android-sdk2
+CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...)
+ - element-web <itp> (bug #866502)
+ - node-matrix-js-sdk <unfixed> (bug #994213)
+ [bullseye] - node-matrix-js-sdk <no-dsa> (Minor issue)
+ [buster] - node-matrix-js-sdk <no-dsa> (Minor issue)
+ NOTE: https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/
+ NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 (v12.4.1)
+CVE-2021-40822
+ RESERVED
+CVE-2021-40821
+ RESERVED
+CVE-2021-40820
+ RESERVED
+CVE-2021-40819
+ RESERVED
+CVE-2021-3793 (An improper access control vulnerability was reported in some Motorola ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3792 (Some device communications in some Motorola-branded Binatone Hubble Ca ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3791 (An information disclosure vulnerability was reported in some Motorola- ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3790 (A buffer overflow was reported in the local web server of some Motorol ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3789 (An information disclosure vulnerability was reported in some Motorola- ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3788 (An exposed debug interface was reported in some Motorola-branded Binat ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3787 (A vulnerability was reported in some Motorola-branded Binatone Hubble ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3786 (A potential vulnerability in the SMI callback function used in CSME co ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ NOT-FOR-US: yourls
+CVE-2021-3784
+ RESERVED
+CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...)
+ NOT-FOR-US: yourls
+CVE-2021-3782
+ RESERVED
+CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was ...)
+ {DSA-4972-1}
+ - ghostscript 9.53.3~dfsg-8 (bug #994011)
+ [buster] - ghostscript <not-affected> (Vulnerable code introduced later)
+ [stretch] - ghostscript <not-affected> (Vulnerable code introduced later)
+ NOTE: https://twitter.com/ducnt_/status/1434534373416574983
+ NOTE: https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704342
+ NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20
+CVE-2021-40817
+ RESERVED
+CVE-2021-40816
+ RESERVED
+CVE-2021-40815
+ RESERVED
+CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulner ...)
+ NOT-FOR-US: PrestaShop addon
+CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...)
+ NOT-FOR-US: Element-IT HTTP Commander
+CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...)
+ - libgd2 <unfixed>
+ [bullseye] - libgd2 <no-dsa> (Minor issue)
+ [buster] - libgd2 <no-dsa> (Minor issue)
+ [stretch] - libgd2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/libgd/libgd/issues/750#issuecomment-914872385
+ NOTE: https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9
+CVE-2021-40811
+ RESERVED
+CVE-2021-40810
+ RESERVED
+CVE-2021-40809 (An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An ...)
+ NOT-FOR-US: Jamf Pro
+CVE-2021-40808
+ RESERVED
+CVE-2021-40807
+ RESERVED
+CVE-2021-40806
+ RESERVED
+CVE-2021-40805
+ RESERVED
+CVE-2021-40804
+ RESERVED
+CVE-2021-40803
+ RESERVED
+CVE-2021-40802
+ RESERVED
+CVE-2021-40801
+ RESERVED
+CVE-2021-40800
+ RESERVED
+CVE-2021-40799
+ RESERVED
+CVE-2021-40798
+ RESERVED
+CVE-2021-40797 (An issue was discovered in the routes middleware in OpenStack Neutron ...)
+ - neutron 2:19.0.0-1 (unimportant; bug #994202)
+ [bullseye] - neutron 2:17.2.1-0+deb11u1
+ [buster] - neutron 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1
+ NOTE: https://launchpad.net/bugs/1942179
+ NOTE: neutron-api in Debian is served over UWSGI, cf. https://bugs.debian.org/994202
+ NOTE: and so serves the requests and stops the process.
+CVE-2021-40796
+ RESERVED
+CVE-2021-40795
+ RESERVED
+CVE-2021-40794
+ RESERVED
+CVE-2021-40793
+ RESERVED
+CVE-2021-40792
+ RESERVED
+CVE-2021-40791
+ RESERVED
+CVE-2021-40790
+ RESERVED
+CVE-2021-40789
+ RESERVED
+CVE-2021-40788
+ RESERVED
+CVE-2021-40787
+ RESERVED
+CVE-2021-40786
+ RESERVED
+CVE-2021-40785
+ RESERVED
+CVE-2021-40784 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40783 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40782
+ RESERVED
+CVE-2021-40781
+ RESERVED
+CVE-2021-40780
+ RESERVED
+CVE-2021-40779
+ RESERVED
+CVE-2021-40778
+ RESERVED
+CVE-2021-40777
+ RESERVED
+CVE-2021-40776
+ RESERVED
+CVE-2021-40775 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40774 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40773 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40772 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40771 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40770 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40769
+ RESERVED
+CVE-2021-40768
+ RESERVED
+CVE-2021-40767
+ RESERVED
+CVE-2021-40766
+ RESERVED
+CVE-2021-40765
+ RESERVED
+CVE-2021-40764
+ RESERVED
+CVE-2021-40763
+ RESERVED
+CVE-2021-40762
+ RESERVED
+CVE-2021-40761 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40760 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40759 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40758 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40757 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40756 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40755 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40754 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40753 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40752 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40751 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40750
+ RESERVED
+CVE-2021-40749
+ RESERVED
+CVE-2021-40748
+ RESERVED
+CVE-2021-40747
+ RESERVED
+CVE-2021-40746
+ RESERVED
+CVE-2021-40745 (Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Trav ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40744
+ RESERVED
+CVE-2021-40743
+ RESERVED
+CVE-2021-40742
+ RESERVED
+CVE-2021-40741
+ RESERVED
+CVE-2021-40740
+ RESERVED
+CVE-2021-40739
+ RESERVED
+CVE-2021-40738
+ RESERVED
+CVE-2021-40737
+ RESERVED
+CVE-2021-40736
+ RESERVED
+CVE-2021-40735
+ RESERVED
+CVE-2021-40734
+ RESERVED
+CVE-2021-40733 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40730 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40727
+ RESERVED
+CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40723
+ RESERVED
+CVE-2021-40722 (AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and bel ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40721 (Adobe Connect version 11.2.3 (and earlier) is affected by a reflected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40719 (Adobe Connect version 11.2.3 (and earlier) is affected by a Deserializ ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40718
+ RESERVED
+CVE-2021-40717
+ RESERVED
+CVE-2021-40716 (XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40715 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40714 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40713 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40712 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40711 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40710 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40709 (Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40708 (Adobe Genuine Service versions 7.3 (and earlier) are affected by a pri ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40707
+ RESERVED
+CVE-2021-40706
+ RESERVED
+CVE-2021-40705
+ RESERVED
+CVE-2021-40704
+ RESERVED
+CVE-2021-40703 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40702 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40701 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40700 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40699
+ RESERVED
+CVE-2021-40698
+ RESERVED
+CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-40696
+ REJECTED
+CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...)
+ - moodle <removed>
+CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site ...)
+ - moodle <removed>
+CVE-2021-40693 (An authentication bypass risk was identified in the external database ...)
+ - moodle <removed>
+CVE-2021-40692 (Insufficient capability checks made it possible for teachers to downlo ...)
+ - moodle <removed>
+CVE-2021-40691 (A session hijack risk was identified in the Shibboleth authentication ...)
+ - moodle <removed>
+CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
+ {DSA-5010-1 DLA-2767-1}
+ - libxml-security-java 2.1.7-1 (bug #994569)
+ NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc
+CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...)
+ - peertube <itp> (bug #950821)
+CVE-2021-40689
+ RESERVED
+CVE-2021-40688
+ RESERVED
+CVE-2021-40687
+ RESERVED
+CVE-2021-40686
+ RESERVED
+CVE-2021-40685
+ RESERVED
+CVE-2021-40684 (Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R ...)
+ NOT-FOR-US: Talend ESB Runtime
+CVE-2021-XXXX [jwe cbc tag computation error]
+ - rhonabwy 0.9.13-4 (bug #993866)
+ [bullseye] - rhonabwy 0.9.13-3+deb11u1
+ NOTE: https://github.com/babelouest/rhonabwy/commit/996d935540c2c171c7678f14b8178d9ce87db9ac (v1.0.0)
+CVE-2021-XXXX [jws alg:none signature verification issue]
+ - rhonabwy 0.9.13-4 (bug #993866)
+ [bullseye] - rhonabwy 0.9.13-3+deb11u1
+ NOTE: https://github.com/babelouest/rhonabwy/commit/ff9ecad4c9a031c8369acde67ea52d558899e51e (v1.0.0)
+CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer ov ...)
+ - glewlwyd 2.5.2-3 (bug #993867)
+ [bullseye] - glewlwyd 2.5.2-2+deb11u1
+ [buster] - glewlwyd <not-affected> (Vulnerable code for FIDO2 signature validation introduced later)
+ NOTE: https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2
+CVE-2021-40683 (In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4 ...)
+ NOT-FOR-US: Akamai EAA (Enterprise Application Access) Client
+CVE-2021-40682
+ RESERVED
+CVE-2021-3779
+ RESERVED
+CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ {DLA-2876-1}
+ - vim 2:8.2.3455-1 (bug #994498)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273
+ NOTE: https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f (v8.2.3409)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1
+CVE-2021-3777 (nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: nodejs-tmpl
+CVE-2021-40681
+ RESERVED
+CVE-2021-40680
+ RESERVED
+CVE-2021-40679
+ RESERVED
+CVE-2021-40678
+ RESERVED
+CVE-2021-40677
+ RESERVED
+CVE-2021-40676
+ RESERVED
+CVE-2021-40675
+ RESERVED
+CVE-2021-40674 (An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyV ...)
+ NOT-FOR-US: Wuzhi CMS
+CVE-2021-40673
+ RESERVED
+CVE-2021-40672
+ RESERVED
+CVE-2021-40671
+ RESERVED
+CVE-2021-40670 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...)
+ NOT-FOR-US: Wuzhi CMS
+CVE-2021-40669 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...)
+ NOT-FOR-US: Wuzhi CMS
+CVE-2021-40668
+ RESERVED
+CVE-2021-40667
+ RESERVED
+CVE-2021-40666
+ RESERVED
+CVE-2021-40665
+ RESERVED
+CVE-2021-40664
+ RESERVED
+CVE-2021-40663
+ RESERVED
+CVE-2021-40662
+ RESERVED
+CVE-2021-40661
+ RESERVED
+CVE-2021-40660
+ RESERVED
+CVE-2021-40659
+ RESERVED
+CVE-2021-40658
+ RESERVED
+CVE-2021-40657
+ RESERVED
+CVE-2021-40656
+ RESERVED
+CVE-2021-40655 (An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Ve ...)
+ NOT-FOR-US: D-Link
+CVE-2021-40654 (An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An ...)
+ NOT-FOR-US: D-Link
+CVE-2021-40653
+ RESERVED
+CVE-2021-40652
+ RESERVED
+CVE-2021-40651 (OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vu ...)
+ NOT-FOR-US: OS4Ed OpenSIS Community
+CVE-2021-40650
+ RESERVED
+CVE-2021-40649
+ RESERVED
+CVE-2021-40648
+ RESERVED
+CVE-2021-40647
+ RESERVED
+CVE-2021-40646
+ RESERVED
+CVE-2021-40645
+ RESERVED
+CVE-2021-40644
+ RESERVED
+CVE-2021-40643
+ RESERVED
+CVE-2021-40642
+ RESERVED
+CVE-2021-40641
+ RESERVED
+CVE-2021-40640
+ RESERVED
+CVE-2021-40639 (Improper access control in Jfinal CMS 5.1.0 allows attackers to access ...)
+ NOT-FOR-US: Jfinal CMS
+CVE-2021-40638
+ RESERVED
+CVE-2021-40637
+ RESERVED
+CVE-2021-40636
+ RESERVED
+CVE-2021-40635
+ RESERVED
+CVE-2021-40634
+ RESERVED
+CVE-2021-40633
+ RESERVED
+CVE-2021-40632
+ RESERVED
+CVE-2021-40631
+ RESERVED
+CVE-2021-40630
+ RESERVED
+CVE-2021-40629
+ RESERVED
+CVE-2021-40628
+ RESERVED
+CVE-2021-40627
+ RESERVED
+CVE-2021-40626
+ RESERVED
+CVE-2021-40625
+ RESERVED
+CVE-2021-40624
+ RESERVED
+CVE-2021-40623
+ RESERVED
+CVE-2021-40622
+ RESERVED
+CVE-2021-40621
+ RESERVED
+CVE-2021-40620
+ RESERVED
+CVE-2021-40619
+ RESERVED
+CVE-2021-40618 (An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1 ...)
+ NOT-FOR-US: openSIS
+CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community Edition ver ...)
+ NOT-FOR-US: openSIS
+CVE-2021-40616
+ RESERVED
+CVE-2021-40615
+ RESERVED
+CVE-2021-40614
+ RESERVED
+CVE-2021-40613
+ RESERVED
+CVE-2021-40612 (An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without au ...)
+ NOT-FOR-US: Opmantek Open-AudIT
+CVE-2021-40611
+ RESERVED
+CVE-2021-40610
+ RESERVED
+CVE-2021-40609
+ RESERVED
+CVE-2021-40608
+ RESERVED
+CVE-2021-40607
+ RESERVED
+CVE-2021-40606
+ RESERVED
+CVE-2021-40605
+ RESERVED
+CVE-2021-40604
+ RESERVED
+CVE-2021-40603
+ RESERVED
+CVE-2021-40602
+ RESERVED
+CVE-2021-40601
+ RESERVED
+CVE-2021-40600
+ RESERVED
+CVE-2021-40599
+ RESERVED
+CVE-2021-40598
+ RESERVED
+CVE-2021-40597
+ RESERVED
+CVE-2021-40596 (SQL injection vulnerability in Login.php in sourcecodester Online Lear ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40594
+ RESERVED
+CVE-2021-40593
+ RESERVED
+CVE-2021-40592
+ RESERVED
+CVE-2021-40591
+ RESERVED
+CVE-2021-40590
+ RESERVED
+CVE-2021-40589
+ RESERVED
+CVE-2021-40588
+ RESERVED
+CVE-2021-40587
+ RESERVED
+CVE-2021-40586
+ RESERVED
+CVE-2021-40585
+ RESERVED
+CVE-2021-40584
+ RESERVED
+CVE-2021-40583
+ RESERVED
+CVE-2021-40582
+ RESERVED
+CVE-2021-40581
+ RESERVED
+CVE-2021-40580
+ RESERVED
+CVE-2021-40579 (https://www.sourcecodester.com/ Online Enrollment Management System in ...)
+ NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code
+CVE-2021-40578 (Authenticated Blind &amp; Error-based SQL injection vulnerability was ...)
+ NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code
+CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1904
+ NOTE: https://github.com/gpac/gpac/commit/ad18ece95fa064efc0995c4ab2c985f77fb166ec
+CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1905
+ NOTE: https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858
+CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1897
+ NOTE: https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb
+CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1891
+ NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a
+CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1893
+ NOTE: https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109
+CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1895
+ NOTE: https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340
+CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1899
+ NOTE: https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302
+CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1890
+ NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a
+CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1900
+ NOTE: https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30
+CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1889
+ NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816
+CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1887
+ NOTE: https://github.com/gpac/gpac/commit/96047e0e6166407c40cc19f4e94fb35cd7624391
+CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1902
+ NOTE: https://github.com/gpac/gpac/commit/893fb99b606eebfae46cde151846a980e689039b
+CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1898
+ NOTE: https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618
+CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1892
+ NOTE: https://github.com/gpac/gpac/commit/5ce0c906ed8599d218036b18b78e8126a496f137
+CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1901
+ NOTE: https://github.com/gpac/gpac/commit/5dd71c7201a3e5cf40732d585bfb21c906c171d3
+CVE-2021-40561
+ RESERVED
+CVE-2021-40560
+ RESERVED
+CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1886
+ NOTE: https://github.com/gpac/gpac/commit/70607fc71a671cf48a05e013a4e411429373dce7
+CVE-2021-40558
+ RESERVED
+CVE-2021-40557
+ RESERVED
+CVE-2021-40556
+ RESERVED
+CVE-2021-40555
+ RESERVED
+CVE-2021-40554
+ RESERVED
+CVE-2021-40553
+ RESERVED
+CVE-2021-40552
+ RESERVED
+CVE-2021-40551
+ RESERVED
+CVE-2021-40550
+ RESERVED
+CVE-2021-40549
+ RESERVED
+CVE-2021-40548
+ RESERVED
+CVE-2021-40547
+ RESERVED
+CVE-2021-40546
+ RESERVED
+CVE-2021-40545
+ RESERVED
+CVE-2021-40544
+ RESERVED
+CVE-2021-40543 (Opensis-Classic Version 8.0 is affected by a SQL injection vulnerabili ...)
+ NOT-FOR-US: openSIS
+CVE-2021-40542 (Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). ...)
+ NOT-FOR-US: openSIS
+CVE-2021-40541 (PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the pr ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info ...)
+ - ulfius 2.7.1-2 (bug #993851)
+ [bullseye] - ulfius 2.7.1-1+deb11u1
+ [buster] - ulfius 2.5.2-4+deb10u1
+ NOTE: https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa
+CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnera ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40538
+ RESERVED
+CVE-2021-40537 (Server Side Request Forgery (SSRF) vulnerability exists in owncloud/us ...)
+ - owncloud <removed>
+CVE-2021-40536
+ RESERVED
+CVE-2021-40535
+ RESERVED
+CVE-2021-40534
+ RESERVED
+CVE-2021-40533
+ RESERVED
+CVE-2021-40532 (Telegram Web K Alpha before 0.7.2 mishandles the characters in a docum ...)
+ NOT-FOR-US: tweb
+ NOTE: https://github.com/morethanwords/tweb
+CVE-2021-40531 (Sketch before 75 allows library feeds to be used to bypass file quaran ...)
+ NOT-FOR-US: Sketch collaborative design (Mac or Web app)
+ NOTE: sketch.com, not the sketch package in Debian.
+CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows plaintext re ...)
+ - libcrypto++ 8.6.0-1 (bug #993841)
+ [bullseye] - libcrypto++ <no-dsa> (Minor issue)
+ [buster] - libcrypto++ <no-dsa> (Minor issue)
+ [stretch] - libcrypto++ <no-dsa> (Minor issue)
+ NOTE: https://eprint.iacr.org/2021/923
+ NOTE: https://github.com/weidai11/cryptopp/issues/1059
+ NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
+ NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
+ NOTE: https://github.com/weidai11/cryptopp/commit/bee8e8ca6658 (CRYPTOPP_8_6_0)
+CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in Thunder ...)
+ - botan 2.18.1+dfsg-3 (bug #993840)
+ [bullseye] - botan <no-dsa> (Minor issue)
+ [buster] - botan <no-dsa> (Minor issue)
+ - botan1.10 <removed>
+ [stretch] - botan1.10 <ignored> (Affected function encrypt(...) has changed drastically. Backport is too instrusive to backport)
+ NOTE: https://eprint.iacr.org/2021/923
+ NOTE: https://github.com/randombit/botan/pull/2790
+ NOTE: Fixed by: https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2
+ NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
+ NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
+CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...)
+ - libgcrypt20 1.9.4-2
+ [bullseye] - libgcrypt20 <no-dsa> (Minor issue)
+ [buster] - libgcrypt20 <no-dsa> (Minor issue)
+ [stretch] - libgcrypt20 <no-dsa> (Minor issue)
+ NOTE: https://eprint.iacr.org/2021/923
+ NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
+ NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2
+ NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e8b7f10be275bcedb5fc05ed4837a89bfd605c61 (1.9.x)
+ NOTE: Related to CVE-2021-33560, but not a duplicate. Unfortunately scope of CVE-2021-33560 and
+ NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560 referring to the blinding
+ NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on
+ NOTE: a query).
+CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the "com. ...)
+ NOT-FOR-US: "com.onepeloton.erlich" mobile application
+CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...)
+ NOT-FOR-US: Peleton
+CVE-2021-40525 (Apache James ManagedSieve implementation alongside with the file stora ...)
+ NOT-FOR-US: Apache James
+CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...)
+ NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch
+CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to infer ...)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3
+ NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html
+ TODO: fill in tracking details
+CVE-2021-3772 [Invalid chunks may be used to remotely remove existing associations]
+ RESERVED
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000694
+CVE-2021-3771
+ RESERVED
+CVE-2021-40524 (In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism ...)
+ - pure-ftpd 1.0.50-1 (bug #993810)
+ [bullseye] - pure-ftpd <no-dsa> (Minor issue)
+ [buster] - pure-ftpd <no-dsa> (Minor issue)
+ [stretch] - pure-ftpd <no-dsa> (Minor issue)
+ NOTE: https://github.com/jedisct1/pure-ftpd/pull/158
+CVE-2021-40523 (In Contiki 3.0, Telnet option negotiation is mishandled. During negoti ...)
+ NOT-FOR-US: Contiki
+CVE-2021-40522
+ RESERVED
+CVE-2021-40521 (Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Executi ...)
+ NOT-FOR-US: Airangel
+CVE-2021-40520 (Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials ...)
+ NOT-FOR-US: Airangel
+CVE-2021-40519 (Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database ...)
+ NOT-FOR-US: Airangel
+CVE-2021-40518 (Airangel HSMX Gateway devices through 5.2.04 allow CSRF. ...)
+ NOT-FOR-US: Airangel
+CVE-2021-40517 (Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored C ...)
+ NOT-FOR-US: Airangel
+CVE-2021-40516 (WeeChat before 3.2.1 allows remote attackers to cause a denial of serv ...)
+ {DLA-2770-1}
+ - weechat 3.2.1-1 (bug #993803)
+ [bullseye] - weechat <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - weechat <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b
+CVE-2021-40515
+ RESERVED
+CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim 2:8.2.3455-1 (bug #994076)
+ [bullseye] - vim 2:8.2.2434-3+deb11u1
+ [buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <not-affected> (Vulnerable code not present)
+ NOTE: https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/
+ NOTE: Fixed by: https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 (v8.2.3402)
+ NOTE: Followup fix for introduced memory leak: https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e (v8.2.3403)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1
+CVE-2021-3769 (# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` t ...)
+ NOT-FOR-US: ohmyzsh
+CVE-2021-40514
+ RESERVED
+CVE-2021-40513
+ RESERVED
+CVE-2021-40512
+ RESERVED
+CVE-2021-40511
+ RESERVED
+CVE-2021-40510
+ RESERVED
+CVE-2021-40509 (ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. ...)
+ NOT-FOR-US: JForum2
+CVE-2021-3768 (bookstack is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: bookstack
+CVE-2021-3767 (bookstack is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: bookstack
+CVE-2021-40508
+ RESERVED
+CVE-2021-40507
+ RESERVED
+CVE-2021-40506
+ RESERVED
+CVE-2021-40505
+ RESERVED
+CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled Modification of Ob ...)
+ NOT-FOR-US: Node objection.js
+CVE-2021-3765 (validator.js is vulnerable to Inefficient Regular Expression Complexit ...)
+ - validator.js <removed>
+ [stretch] - validator.js <postponed> (Minor issue, ReDOS, partial fix, no rdeps)
+ NOTE: https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1 (13.7.0)
+ NOTE: partial fix, only applies to chars==null
+CVE-2021-40504 (A certain template role in SAP NetWeaver Application Server for ABAP a ...)
+ NOT-FOR-US: SAP
+CVE-2021-40503 (An information disclosure vulnerability exists in SAP GUI for Windows ...)
+ NOT-FOR-US: SAP
+CVE-2021-40502 (SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not pe ...)
+ NOT-FOR-US: SAP
+CVE-2021-40501 (SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not p ...)
+ NOT-FOR-US: SAP
+CVE-2021-40500 (SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - ...)
+ NOT-FOR-US: SAP
+CVE-2021-40499 (Client-side printing services SAP Cloud Print Manager and SAPSprint fo ...)
+ NOT-FOR-US: SAP
+CVE-2021-40498 (A vulnerability has been identified in SAP SuccessFactors Mobile Appli ...)
+ NOT-FOR-US: SAP
+CVE-2021-40497 (SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, a ...)
+ NOT-FOR-US: SAP
+CVE-2021-40496 (SAP Internet Communication framework (ICM) - versions 700, 701, 702, 7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-40495 (There are multiple Denial-of Service vulnerabilities in SAP NetWeaver ...)
+ NOT-FOR-US: SAP
+CVE-2021-40494 (A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI throu ...)
+ NOT-FOR-US: AdaptiveScale LXDUI
+CVE-2021-40493 (Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injecti ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40492 (A reflected XSS vulnerability exists in multiple pages in version 22 o ...)
+ NOT-FOR-US: Gibbon application
+CVE-2021-40489 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40488 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40487 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40486 (Microsoft Word Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40485 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40484 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40483 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40482 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40481 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40480 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40479 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40478 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40477 (Windows Event Tracing Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40476 (Windows AppContainer Elevation Of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40475 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40474 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40473 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40472 (Microsoft Excel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40471 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40470 (DirectX Graphics Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40469 (Windows DNS Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40468 (Windows Bind Filter Driver Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40467 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40466 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40465 (Windows Text Shaping Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40464 (Windows Nearby Sharing Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40463 (Windows NAT Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40462 (Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Exec ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40461 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40460 (Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40459
+ RESERVED
+CVE-2021-40458
+ RESERVED
+CVE-2021-40457 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40456 (Windows AD FS Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40455 (Windows Installer Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40453 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40452 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40451
+ RESERVED
+CVE-2021-40450 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40449 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40448 (Microsoft Accessibility Insights for Android Information Disclosure Vu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40446
+ RESERVED
+CVE-2021-40445
+ RESERVED
+CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40442 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40441 (Windows Media Center Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-3764 [DoS in ccp_run_aes_gcm_cmd() function]
+ RESERVED
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997467
+ NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4)
+CVE-2021-3763
+ RESERVED
+ NOT-FOR-US: Red Hat AMQ Broker
+CVE-2021-3762
+ RESERVED
+ NOT-FOR-US: Quay/clair
+CVE-2021-40439 (Apache OpenOffice has a dependency on expat software. Versions prior t ...)
+ NOT-FOR-US: Apache OpenOffice
+CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the request ...)
+ {DSA-4982-1 DLA-2776-1}
+ - apache2 2.4.49-1
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-40438
+ NOTE: Minimal fix: https://github.com/apache/httpd/commit/496c863776c68bd08cdbeb7d8fa5935ba63b76c2 (2.4.x)
+ NOTE: Future-proof follow-up: https://github.com/apache/httpd/commit/d4901cb32133bc0e59ad193a29d1665597080d67 (2.4.x)
+ NOTE: Regression fix #1: https://github.com/apache/httpd/commit/6e768a811c59ca6a0769b72681aaef381823339f (2.4.x)
+ NOTE: Regression fix #2: https://github.com/apache/httpd/commit/81a8b0133b46c4cf7dfc4b5476ad46eb34aa0a5c (2.4.x)
+CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate addresses ...)
+ - inetutils 2:2.2-1 (bug #993476)
+ [bullseye] - inetutils <no-dsa> (Minor issue)
+ [buster] - inetutils <no-dsa> (Minor issue)
+ [stretch] - inetutils <no-dsa> (Minor issue)
+ NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html
+ NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd
+CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/
+CVE-2021-40437
+ RESERVED
+CVE-2021-40436
+ RESERVED
+CVE-2021-40435
+ RESERVED
+CVE-2021-40434
+ RESERVED
+CVE-2021-40433
+ RESERVED
+CVE-2021-40432
+ RESERVED
+CVE-2021-40431
+ RESERVED
+CVE-2021-40430
+ RESERVED
+CVE-2021-40429
+ RESERVED
+CVE-2021-40428
+ RESERVED
+CVE-2021-40427
+ RESERVED
+CVE-2021-40426
+ RESERVED
+CVE-2021-40425
+ RESERVED
+CVE-2021-40424
+ RESERVED
+CVE-2021-40423 (A denial of service vulnerability exists in the cgiserver.cgi API comm ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40422
+ RESERVED
+CVE-2021-40421
+ RESERVED
+CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
+ NOT-FOR-US: DaVinci Resolve
+CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service as a jo ...)
+ NOT-FOR-US: DaVinci Resolve
+CVE-2021-40416 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40415 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40414 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40413 (An incorrect default permission vulnerability exists in the cgiserver. ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40412 (An OScommand injection vulnerability exists in the device network sett ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40411 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40410 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40409 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40408 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40407 (An OS command injection vulnerability exists in the device network set ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40406 (A denial of service vulnerability exists in the cgiserver.cgi session ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40405
+ RESERVED
+CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...)
+ NOT-FOR-US: Reolink
+CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-place r ...)
+ - gerbv <unfixed>
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417
+ NOTE: https://github.com/gerbv/gerbv/issues/82
+ NOTE: Proposed patch: https://github.com/gerbv/gerbv/commit/387f07b163cc30cd95e9bedf53bc07e7b38cc318
+CVE-2021-40402
+ RESERVED
+ - gerbv <unfixed>
+ NOTE: https://github.com/gerbv/gerbv/issues/80
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416
+CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture definiti ...)
+ - gerbv <unfixed>
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415
+ NOTE: https://github.com/gerbv/gerbv/commit/68ee18945bcf68ff964c42f12af79c5c0e2f4069
+ NOTE: https://github.com/gerbv/gerbv/issues/81
+CVE-2021-40400
+ RESERVED
+ - gerbv <unfixed>
+ NOTE: https://github.com/gerbv/gerbv/issues/79
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413
+CVE-2021-40399
+ RESERVED
+CVE-2021-40398
+ RESERVED
+CVE-2021-40397 (A privilege escalation vulnerability exists in the installation of Adv ...)
+ NOT-FOR-US: Advantech
+CVE-2021-40396 (A privilege escalation vulnerability exists in the installation of Adv ...)
+ NOT-FOR-US: Advantech
+CVE-2021-40395
+ REJECTED
+CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
+ - gerbv 2.8.1-1
+ [bullseye] - gerbv <no-dsa> (Minor issue)
+ [buster] - gerbv <no-dsa> (Minor issue)
+ [stretch] - gerbv <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1405
+ NOTE: https://github.com/advisories/GHSA-936x-jwpc-5p28
+ NOTE: https://github.com/gerbv/gerbv/commit/8d7e005f8783d92de74192af21303619bef7541f (v2.8.1-rc.1)
+CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...)
+ - gerbv 2.8.2-1
+ [bullseye] - gerbv <no-dsa> (Minor issue)
+ [buster] - gerbv <no-dsa> (Minor issue)
+ [stretch] - gerbv <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404
+ NOTE: https://github.com/advisories/GHSA-w67q-2hr6-7cjf
+ NOTE: https://github.com/gerbv/gerbv/commit/4d12b696aed19fbcc115fe83aa7597b7c42ba8d6 (v2.8.2-rc.1)
+CVE-2021-40392
+ RESERVED
+CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...)
+ {DLA-2839-1}
+ - gerbv 2.7.1-1
+ [bullseye] - gerbv 2.7.0-2+deb11u1
+ [buster] - gerbv <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1402
+ NOTE: https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e
+ NOTE: https://github.com/gerbv/gerbv/issues/30
+CVE-2021-40390
+ RESERVED
+CVE-2021-40389 (A privilege escalation vulnerability exists in the installation of Adv ...)
+ NOT-FOR-US: Advantech
+CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ Manager Se ...)
+ NOT-FOR-US: Advantech
+CVE-2021-40387 (An issue was discovered in the server software in Kaseya Unitrends Bac ...)
+ NOT-FOR-US: Kaseya Unitrends Backup Software
+CVE-2021-40386
+ RESERVED
+CVE-2021-40385 (An issue was discovered in the server software in Kaseya Unitrends Bac ...)
+ NOT-FOR-US: Kaseya Unitrends Backup Software
+CVE-2021-40384
+ RESERVED
+CVE-2021-40383
+ RESERVED
+CVE-2021-40382 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...)
+ NOT-FOR-US: Compro devices
+CVE-2021-40381 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...)
+ NOT-FOR-US: Compro devices
+CVE-2021-40380 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...)
+ NOT-FOR-US: Compro devices
+CVE-2021-40379 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...)
+ NOT-FOR-US: Compro devices
+CVE-2021-40378 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...)
+ NOT-FOR-US: Compro devices
+CVE-2021-40377 (SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The ap ...)
+ NOT-FOR-US: SmarterTools
+CVE-2021-40376
+ RESERVED
+CVE-2021-40375
+ RESERVED
+CVE-2021-40374
+ RESERVED
+CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP c ...)
+ NOT-FOR-US: playSMS
+CVE-2021-40372
+ RESERVED
+CVE-2021-40371 (Gridpro Request Management for Windows Azure Pack before 2.0.7912 allo ...)
+ NOT-FOR-US: Gridpro Request Management for Windows Azure Pack
+CVE-2021-40370
+ RESERVED
+CVE-2021-40369 (A carefully crafted plugin link invocation could trigger an XSS vulner ...)
+ - jspwiki <removed>
+CVE-2021-40368
+ RESERVED
+CVE-2021-40367
+ RESERVED
+CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWM module) (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40365
+ RESERVED
+CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40362
+ RESERVED
+CVE-2021-40361
+ RESERVED
+CVE-2021-40360 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40359 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40357 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40356 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40355 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-40354 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitt ...)
+ {DSA-5041-1}
+ - cfrpki 1.3.0-1 (bug #994572)
+ NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9
+ NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422
+CVE-2021-3760 (A flaw was found in the Linux kernel. A use-after-free vulnerability i ...)
+ {DLA-2843-1}
+ - linux 5.14.16-1 (unimportant)
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/2
+ NOTE: https://git.kernel.org/linus/1b1499a817c90fd1ce9453a2c98d2a01cca0e775 (5.15-rc6)
+ NOTE: CONFIG_NFC_NCI is not set in Debian
+CVE-2021-40353 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...)
+ NOT-FOR-US: openSIS
+CVE-2021-40352 (OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Re ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-40351
+ RESERVED
+CVE-2021-40350 (webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows at ...)
+ NOT-FOR-US: Christie Digital DWU850-GS V06.46 devices
+CVE-2021-40349 (e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack th ...)
+ NOT-FOR-US: e7d Speed Test
+CVE-2021-40348 (Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code inj ...)
+ NOT-FOR-US: Uyuni / Spacewalk (Red Hat)
+CVE-2021-40347 (An issue was discovered in views/list.py in GNU Mailman Postorius befo ...)
+ {DSA-4970-1}
+ - postorius 1.3.5-1 (bug #993746)
+ NOTE: https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b
+ NOTE: https://phabricator.wikimedia.org/T289798
+CVE-2021-40346 (An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_heade ...)
+ {DSA-4968-1}
+ - haproxy 2.2.16-3
+ [buster] - haproxy <not-affected> (Vulnerable code not present)
+ [stretch] - haproxy <not-affected> (Vulnerable code not present)
+ NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html
+ NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95
+CVE-2021-40345 (An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets sec ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom Includes sec ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file permissions ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-40342
+ RESERVED
+CVE-2021-40341
+ RESERVED
+CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne applicati ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne application due ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40338 (Hitachi Energy LinkOne product, has a vulnerability due to a web serve ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40336
+ RESERVED
+CVE-2021-40335
+ RESERVED
+CVE-2021-40334 (Missing Handler vulnerability in the proprietary management protocol ( ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-40332
+ RESERVED
+CVE-2021-3759 [unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks]
+ RESERVED
+ - linux 5.15.3-1
+ NOTE: https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/
+CVE-2021-3758 (bookstack is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ NOT-FOR-US: bookstack
+CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Object Pr ...)
+ NOT-FOR-US: Node immer
+ NOTE: https://github.com/immerjs/immer
+CVE-2021-40331
+ RESERVED
+CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow ...)
+ - libmysofa 1.2.1~dfsg0-1
+ [bullseye] - libmysofa <no-dsa> (Minor issue)
+ [buster] - libmysofa <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/
+ NOTE: https://github.com/hoene/libmysofa/commit/890400ebd092c574707d0c132124f8ff047e20e1 (v1.2.1)
+CVE-2021-3755
+ REJECTED
+CVE-2021-3754
+ RESERVED
+CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7
+CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel&#8217;s Bluetooth ...)
+ - linux 5.15.3-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4
+CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a repository ...)
+ - git 1:2.30.1-1
+ [bullseye] - git <no-dsa> (Minor issue)
+ [buster] - git <no-dsa> (Minor issue)
+ [stretch] - git <no-dsa> (Minor issue)
+ NOTE: https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473
+CVE-2021-40329 (The Authentication API in Ping Identity PingFederate before 10.3 misha ...)
+ NOT-FOR-US: Ping Identity PingFederate
+CVE-2021-3751 (libmobi is vulnerable to Out-of-bounds Write ...)
+ - libmobi <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://huntr.dev/bounties/fcb4383c-bc27-4b89-bfce-6b041f0cb769/
+ NOTE: https://github.com/bfabiszewski/libmobi/commit/ab5bf0e37e540eac682a14e628853b918626e72b (v0.7)
+CVE-2021-40328
+ RESERVED
+CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incor ...)
+ NOT-FOR-US: Trusted Firmware-M (TF-M)
+CVE-2021-40326
+ RESERVED
+CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...)
+ - cobbler <removed>
+CVE-2021-40324 (Cobbler before 3.3.0 allows arbitrary file write operations via upload ...)
+ - cobbler <removed>
+CVE-2021-40323 (Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code E ...)
+ - cobbler <removed>
+CVE-2021-40322
+ RESERVED
+CVE-2021-40321
+ RESERVED
+CVE-2021-40320
+ RESERVED
+CVE-2021-3750 [hcd-ehci: DMA reentrancy issue leads to use-after-free]
+ RESERVED
+ - qemu <unfixed>
+ [bullseye] - qemu <no-dsa> (Minor issue)
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <postponed> (Fix along with a future DLA)
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/541
+ NOTE: Fix for whole class of DMA MMIO reentrancy issues: https://gitlab.com/qemu-project/qemu/-/issues/556
+ NOTE: Patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity ...)
+ - node-axios 0.21.3+dfsg-1
+ [bullseye] - node-axios 0.21.1+dfsg-1+deb11u1
+ [buster] - node-axios 0.17.1+dfsg-2+deb10u1
+ NOTE: https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/
+ NOTE: https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
+ NOTE: https://github.com/axios/axios/pull/3980
+CVE-2021-3748 [virtio-net: heap use-after-free in virtio_net_receive_rcu]
+ RESERVED
+ {DSA-4980-1}
+ - qemu 1:6.1+dfsg-6 (bug #993401)
+ [stretch] - qemu <postponed> (Fix along with a future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1998514
+CVE-2021-40319
+ RESERVED
+CVE-2021-40318
+ RESERVED
+CVE-2021-40317
+ RESERVED
+CVE-2021-40316
+ RESERVED
+CVE-2021-40315
+ RESERVED
+CVE-2021-40314
+ RESERVED
+CVE-2021-40313 (Piwigo v11.5 was discovered to contain a SQL injection vulnerability v ...)
+ - piwigo <removed>
+CVE-2021-40312
+ RESERVED
+CVE-2021-40311
+ RESERVED
+CVE-2021-40310 (OpenSIS Community Edition version 8.0 is affected by a cross-site scri ...)
+ NOT-FOR-US: OpenSIS
+CVE-2021-40309 (A SQL injection vulnerability exists in the Take Attendance functional ...)
+ NOT-FOR-US: OpenSIS
+CVE-2021-40308
+ RESERVED
+CVE-2021-40307
+ RESERVED
+CVE-2021-40306
+ RESERVED
+CVE-2021-40305
+ RESERVED
+CVE-2021-40304
+ RESERVED
+CVE-2021-40303
+ RESERVED
+CVE-2021-40302
+ RESERVED
+CVE-2021-40301
+ RESERVED
+CVE-2021-40300
+ RESERVED
+CVE-2021-40299
+ RESERVED
+CVE-2021-40298
+ RESERVED
+CVE-2021-40297
+ RESERVED
+CVE-2021-40296
+ RESERVED
+CVE-2021-40295
+ RESERVED
+CVE-2021-40294
+ RESERVED
+CVE-2021-40293
+ RESERVED
+CVE-2021-40292 (A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2 ...)
+ NOT-FOR-US: DzzOffice
+CVE-2021-40291
+ RESERVED
+CVE-2021-40290
+ RESERVED
+CVE-2021-40289
+ RESERVED
+CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-40287
+ RESERVED
+CVE-2021-40286
+ RESERVED
+CVE-2021-40285
+ RESERVED
+CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow whi ...)
+ NOT-FOR-US: D-Link
+CVE-2021-40283
+ RESERVED
+CVE-2021-40282 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 202 ...)
+ NOT-FOR-US: zzcms
+CVE-2021-40281 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...)
+ NOT-FOR-US: zzcms
+CVE-2021-40280 (An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 ...)
+ NOT-FOR-US: zzcms
+CVE-2021-40279 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...)
+ NOT-FOR-US: zzcms
+CVE-2021-40278
+ RESERVED
+CVE-2021-40277
+ RESERVED
+CVE-2021-40276
+ RESERVED
+CVE-2021-40275
+ RESERVED
+CVE-2021-40274
+ RESERVED
+CVE-2021-40273
+ RESERVED
+CVE-2021-40272
+ RESERVED
+CVE-2021-40271
+ RESERVED
+CVE-2021-40270
+ RESERVED
+CVE-2021-40269
+ RESERVED
+CVE-2021-40268
+ RESERVED
+CVE-2021-40267
+ RESERVED
+CVE-2021-40266
+ RESERVED
+CVE-2021-40265
+ RESERVED
+CVE-2021-40264
+ RESERVED
+CVE-2021-40263
+ RESERVED
+CVE-2021-40262
+ RESERVED
+CVE-2021-40261 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-40260 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-40259
+ RESERVED
+CVE-2021-40258
+ RESERVED
+CVE-2021-40257
+ RESERVED
+CVE-2021-40256
+ RESERVED
+CVE-2021-40255
+ RESERVED
+CVE-2021-40254
+ RESERVED
+CVE-2021-40253
+ RESERVED
+CVE-2021-40252
+ RESERVED
+CVE-2021-40251
+ RESERVED
+CVE-2021-40250
+ RESERVED
+CVE-2021-40249
+ RESERVED
+CVE-2021-40248
+ RESERVED
+CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-40246
+ RESERVED
+CVE-2021-40245
+ RESERVED
+CVE-2021-40244
+ RESERVED
+CVE-2021-40243
+ RESERVED
+CVE-2021-40242
+ RESERVED
+CVE-2021-40241
+ RESERVED
+CVE-2021-40240
+ RESERVED
+CVE-2021-40239 (A Buffer Overflow vulnerability exists in the latest version of Minift ...)
+ NOT-FOR-US: Miniftpd
+CVE-2021-40238 (A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel ...)
+ NOT-FOR-US: Webuzo
+CVE-2021-40237
+ RESERVED
+CVE-2021-40236
+ RESERVED
+CVE-2021-40235
+ RESERVED
+CVE-2021-40234
+ RESERVED
+CVE-2021-40233
+ RESERVED
+CVE-2021-40232
+ RESERVED
+CVE-2021-40231
+ RESERVED
+CVE-2021-40230
+ RESERVED
+CVE-2021-40229
+ RESERVED
+CVE-2021-40228
+ RESERVED
+CVE-2021-40227
+ RESERVED
+CVE-2021-40226
+ RESERVED
+CVE-2021-40225
+ RESERVED
+CVE-2021-40224
+ RESERVED
+CVE-2021-40223 (Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitiz ...)
+ NOT-FOR-US: Rittal CMC PU III Web management
+CVE-2021-40222 (Rittal CMC PU III Web management Version affected: V3.11.00_2. Version ...)
+ NOT-FOR-US: Rittal CMC PU III Web management
+CVE-2021-40221
+ RESERVED
+CVE-2021-40220
+ RESERVED
+CVE-2021-40219
+ RESERVED
+CVE-2021-40218
+ RESERVED
+CVE-2021-40217
+ RESERVED
+CVE-2021-40216
+ RESERVED
+CVE-2021-40215
+ RESERVED
+CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wal ...)
+ NOT-FOR-US: Gibbon
+CVE-2021-40213
+ RESERVED
+CVE-2021-40212
+ RESERVED
+CVE-2021-40211
+ RESERVED
+CVE-2021-40210
+ RESERVED
+CVE-2021-40209
+ RESERVED
+CVE-2021-40208
+ RESERVED
+CVE-2021-40207
+ RESERVED
+CVE-2021-40206
+ RESERVED
+CVE-2021-40205
+ RESERVED
+CVE-2021-40204
+ RESERVED
+CVE-2021-40203
+ RESERVED
+CVE-2021-40202
+ RESERVED
+CVE-2021-40201
+ RESERVED
+CVE-2021-40200
+ RESERVED
+CVE-2021-40199
+ RESERVED
+CVE-2021-40198
+ RESERVED
+CVE-2021-40197
+ RESERVED
+CVE-2021-40196
+ RESERVED
+CVE-2021-40195
+ RESERVED
+CVE-2021-40194
+ RESERVED
+CVE-2021-40193
+ RESERVED
+CVE-2021-40192
+ RESERVED
+CVE-2021-40191 (Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due ...)
+ NOT-FOR-US: Dzzoffice
+CVE-2021-40190
+ RESERVED
+CVE-2021-40189 (PHPFusion 9.03.110 is affected by a remote code execution vulnerabilit ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2021-40188 (PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerabili ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2021-40187
+ RESERVED
+CVE-2021-40186
+ RESERVED
+CVE-2021-40185
+ RESERVED
+CVE-2021-40184
+ RESERVED
+CVE-2021-40183
+ RESERVED
+CVE-2021-40182
+ RESERVED
+CVE-2021-40181
+ RESERVED
+CVE-2021-40180
+ RESERVED
+CVE-2021-40179
+ RESERVED
+CVE-2021-40178 (Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the L ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40177 (Zoho ManageEngine Log360 before Build 5225 allows remote code executio ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40176 (Zoho ManageEngine Log360 before Build 5225 allows stored XSS. ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40175 (Zoho ManageEngine Log360 before Build 5219 allows unrestricted file up ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40174 (Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for di ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40173 (Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40172 (Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on pro ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-40171 (The absence of notifications regarding an ongoing RF jamming attack in ...)
+ NOT-FOR-US: SecuritasHome home alarm system
+CVE-2021-40170 (An RF replay attack vulnerability in the SecuritasHome home alarm syst ...)
+ NOT-FOR-US: SecuritasHome home alarm system
+CVE-2021-40169
+ RESERVED
+CVE-2021-40168
+ RESERVED
+CVE-2021-40167 (A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40166
+ RESERVED
+CVE-2021-40165
+ RESERVED
+CVE-2021-40164
+ RESERVED
+CVE-2021-40163
+ RESERVED
+CVE-2021-40162
+ RESERVED
+CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution through m ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40160 (A maliciously crafted PDF file prior to 9.0.7 may be forced to read be ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40158 (A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-3747 (The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, acciden ...)
+ NOT-FOR-US: Multipass
+CVE-2021-40154 (NXP LPC55S69 devices before A3 have a buffer over-read via a crafted w ...)
+ NOT-FOR-US: NXP LPC55S69 devices
+CVE-2021-40152
+ RESERVED
+CVE-2021-40151
+ RESERVED
+CVE-2021-3746 (A flaw was found in the libtpms code that may cause access beyond the ...)
+ - libtpms 0.9.1-1
+ NOTE: https://github.com/stefanberger/libtpms/commit/1fb6cd9b8df05b5d6e381b31215193d6ada969df (v0.6.6)
+ NOTE: https://github.com/stefanberger/libtpms/commit/ea62fd9679f8c6fc5e79471b33cfbd8227bfed72 (v0.6.6)
+ NOTE: https://github.com/stefanberger/libtpms/commit/aaef222e8682cc2e0f9ea7124220c5fe44fab62b (v0.8.5)
+ NOTE: https://github.com/stefanberger/libtpms/commit/33a03986e0a09dde439985e0312d1c8fb3743aab (v0.8.5)
+ NOTE: https://github.com/stefanberger/libtpms/commit/034a5c02488cf7f0048e130177fc71c9e626e135 (v0.9.0)
+ NOTE: https://github.com/stefanberger/libtpms/commit/17255da54cf8354d02369f1323dc50cfb87e2bf4 (v0.9.0)
+CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Dangero ...)
+ NOT-FOR-US: flatcore-cms
+CVE-2021-3744 [crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()]
+ RESERVED
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000627
+ NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4)
+CVE-2021-40153 (squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the file ...)
+ {DSA-4967-1 DLA-2752-1}
+ [experimental] - squashfs-tools 1:4.5-1
+ - squashfs-tools 1:4.5-2
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
+ NOTE: https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646 (4.5)
+ NOTE: https://github.com/plougher/squashfs-tools/issues/72
+CVE-2021-40150
+ RESERVED
+CVE-2021-40149
+ RESERVED
+CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due to a miss ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-3743
+ RESERVED
+ {DSA-4978-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.openwall.net/netdev/2021/08/17/124
+ NOTE: https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117
+CVE-2021-3742
+ RESERVED
+CVE-2021-3741
+ RESERVED
+CVE-2021-3740
+ RESERVED
+CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerabili ...)
+ NOT-FOR-US: EmTec ZOC
+CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in the Any2 ...)
+ NOT-FOR-US: Apache Any23
+CVE-2021-3738 [crash in dsdb stack]
+ RESERVED
+ {DSA-5003-1}
+ - samba 2:4.13.14+dfsg-1
+ [buster] - samba <no-dsa> (Minor issue; affects Samba as AD DC)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468
+ NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html
+CVE-2021-3737 [client can enter an infinite loop on a 100 Continue response from the server]
+ RESERVED
+ {DLA-2808-1}
+ [experimental] - python3.9 3.9.6-1
+ - python3.9 3.9.7-1
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ - python3.4 <removed>
+ NOTE: https://bugs.python.org/issue44022
+ NOTE: https://github.com/python/cpython/pull/25916
+ NOTE: https://github.com/python/cpython/pull/26503
+ NOTE: https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)
+ NOTE: https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)
+ NOTE: https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)
+ NOTE: https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)
+ NOTE: https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)
+ NOTE: Needs the "Improve the regression test" followup:
+ NOTE: https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)
+ NOTE: https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)
+ NOTE: https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)
+ NOTE: https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)
+ NOTE: https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14
+CVE-2021-3736 [uninitialized kernel stack may lead to information disclosure]
+ RESERVED
+ - linux 5.14.6-1 (unimportant)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995570
+CVE-2021-40145 (** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (a ...)
+ - libgd2 <unfixed>
+ [bullseye] - libgd2 <no-dsa> (Minor issue)
+ [buster] - libgd2 <no-dsa> (Minor issue)
+ [stretch] - libgd2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/libgd/libgd/issues/700
+ NOTE: https://github.com/libgd/libgd/pull/713
+ NOTE: https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af
+CVE-2021-40144
+ RESERVED
+CVE-2021-40143 (Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HT ...)
+ NOT-FOR-US: Sonatype
+CVE-2021-40142 (In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, re ...)
+ NOT-FOR-US: OPC Foundation Local Discovery Server (LDS)
+CVE-2021-40141
+ RESERVED
+CVE-2021-40140
+ RESERVED
+CVE-2021-40139
+ RESERVED
+CVE-2021-40138
+ RESERVED
+CVE-2021-40137
+ RESERVED
+CVE-2021-40136
+ RESERVED
+CVE-2021-40135
+ RESERVED
+CVE-2021-40134
+ RESERVED
+CVE-2021-40133
+ RESERVED
+CVE-2021-40132
+ RESERVED
+CVE-2021-40131 (A vulnerability in the web-based management interface of Cisco Common ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40130 (A vulnerability in the web application of Cisco Common Services Platfo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40129 (A vulnerability in the configuration dashboard of Cisco Common Service ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40128 (A vulnerability in the account activation feature of Cisco Webex Meeti ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40127 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40126 (A vulnerability in the web-based dashboard of Cisco Umbrella could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40125 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40124 (A vulnerability in the Network Access Manager (NAM) module of Cisco An ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40123 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40122 (A vulnerability in an API of the Call Bridge feature of Cisco Meeting ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40121 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40120 (A vulnerability in the web-based management interface of certain Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40119 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40118 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40117 (A vulnerability in SSL/TLS message handler for Cisco Adaptive Security ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in Snort rules ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40115 (A vulnerability in Cisco Webex Video Mesh could allow an unauthenticat ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the way the ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface of the ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface of the ...)
+ NOT-FOR-US: Cisco
+CVE-2021-40111 (In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we ...)
+ NOT-FOR-US: Apache James
+CVE-2021-40110 (In Apache James, using Jazzer fuzzer, we identified that an IMAP user ...)
+ NOT-FOR-US: Apache James
+CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can a ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40108 (An issue was discovered in Concrete CMS through 8.5.5. The Calendar is ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40107
+ RESERVED
+CVE-2021-40106 (An issue was discovered in Concrete CMS through 8.5.5. There is unauth ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40105 (An issue was discovered in Concrete CMS through 8.5.5. There is XSS vi ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40104 (An issue was discovered in Concrete CMS through 8.5.5. There is an SVG ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40103 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40101 (An issue was discovered in Concrete CMS before 8.5.7. The Dashboard al ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. Fetching the up ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40098 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40097 (An issue was discovered in Concrete CMS through 8.5.5. Authenticated p ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-40096 (A cross-site scripting (XSS) vulnerability in integration configuratio ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40095 (An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40094 (A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. I ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40093 (A cross-site scripting (XSS) vulnerability in integration configuratio ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40092 (A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40091 (An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. ...)
+ NOT-FOR-US: SquaredUp for SCOM
+CVE-2021-40090
+ RESERVED
+CVE-2021-40089 (An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Pu ...)
+ NOT-FOR-US: PrimeKey
+CVE-2021-40088 (An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode ca ...)
+ NOT-FOR-US: PrimeKey
+CVE-2021-40087 (An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit log ...)
+ NOT-FOR-US: PrimeKey
+CVE-2021-40086 (An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the ...)
+ NOT-FOR-US: PrimeKey
+CVE-2021-40085 (An issue was discovered in OpenStack Neutron before 16.4.1, 17.x befor ...)
+ {DSA-4983-1 DLA-2781-1}
+ - neutron 2:18.1.0-3 (bug #993398)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/31/2
+ NOTE: https://launchpad.net/bugs/1939733
+CVE-2021-40082
+ RESERVED
+CVE-2021-40081
+ RESERVED
+CVE-2021-3739
+ RESERVED
+ {DSA-4978-1}
+ - linux 5.14.6-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/25/3
+CVE-2021-3735 [ahci: deadlock issue leads to denial of service]
+ RESERVED
+ - qemu <unfixed>
+ [bullseye] - qemu <no-dsa> (Minor issue)
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <postponed> (Fix along with a future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, triggerab ...)
+ [experimental] - knot-resolver 5.4.1-1
+ - knot-resolver 5.4.1-2 (bug #991463)
+ [bullseye] - knot-resolver <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - knot-resolver <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169
+ NOTE: Introduced by https://gitlab.nic.cz/knot/knot-resolver/-/commit/7107faebc72c14c864622128a20a9b39fe94d733 (5.3.1)
+CVE-2021-3734 (yourls is vulnerable to Improper Restriction of Rendered UI Layers or ...)
+ NOT-FOR-US: yourls
+CVE-2021-40080
+ RESERVED
+CVE-2021-40079
+ RESERVED
+CVE-2021-40078
+ RESERVED
+CVE-2021-40077
+ RESERVED
+CVE-2021-40076
+ RESERVED
+CVE-2021-40075
+ RESERVED
+CVE-2021-40074
+ RESERVED
+CVE-2021-40073
+ RESERVED
+CVE-2021-40072
+ RESERVED
+CVE-2021-40071
+ RESERVED
+CVE-2021-40070
+ RESERVED
+CVE-2021-40069
+ RESERVED
+CVE-2021-40068
+ RESERVED
+CVE-2021-40067 (The access controls on the Mobility read-write API improperly validate ...)
+ NOT-FOR-US: Mobility
+CVE-2021-40066 (The access controls on the Mobility read-only API improperly validate ...)
+ NOT-FOR-US: Mobility
+CVE-2021-40065
+ RESERVED
+CVE-2021-40064
+ RESERVED
+CVE-2021-40063
+ RESERVED
+CVE-2021-40062
+ RESERVED
+CVE-2021-40061
+ RESERVED
+CVE-2021-40060
+ RESERVED
+CVE-2021-40059
+ RESERVED
+CVE-2021-40058
+ RESERVED
+CVE-2021-40057
+ RESERVED
+CVE-2021-40056
+ RESERVED
+CVE-2021-40055
+ RESERVED
+CVE-2021-40054
+ RESERVED
+CVE-2021-40053
+ RESERVED
+CVE-2021-40052
+ RESERVED
+CVE-2021-40051
+ RESERVED
+CVE-2021-40050
+ RESERVED
+CVE-2021-40049
+ RESERVED
+CVE-2021-40048
+ RESERVED
+CVE-2021-40047
+ RESERVED
+CVE-2021-40046
+ RESERVED
+CVE-2021-40045 (There is a vulnerability of signature verification mechanism failure i ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40044 (There is a permission verification vulnerability in the Bluetooth modu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40043
+ RESERVED
+CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40040
+ RESERVED
+CVE-2021-40039 (There is a Null pointer dereference vulnerability in the camera module ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40038 (There is a Double free vulnerability in the AOD module in smartphones. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40037 (There is a Vulnerability of accessing resources using an incompatible ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40036
+ RESERVED
+CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error with ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40034
+ RESERVED
+CVE-2021-40033 (There is an information exposure vulnerability on several Huawei Produ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40030
+ RESERVED
+CVE-2021-40029 (There is a Buffer overflow vulnerability due to a boundary error with ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40028 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40027 (The bone voice ID TA has a vulnerability in calculating the buffer len ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40026 (There is a Heap-based buffer overflow vulnerability in the AOD module ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40025 (The eID module has a vulnerability that causes the memory to be used w ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40024
+ RESERVED
+CVE-2021-40023
+ RESERVED
+CVE-2021-40022 (The weaver module has a vulnerability in parameter type verification,S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40021 (The eID module has an out-of-bounds memory write vulnerability,Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40020 (There is an Out-of-bounds array read vulnerability in the security sto ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40019
+ RESERVED
+CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40017
+ RESERVED
+CVE-2021-40016
+ RESERVED
+CVE-2021-40015 (There is a race condition vulnerability in the binder driver subsystem ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40013
+ RESERVED
+CVE-2021-40012
+ RESERVED
+CVE-2021-40011 (There is an Uncontrolled resource consumption vulnerability in the dis ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40010 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40009 (There is an Out-of-bounds write vulnerability in the AOD module in sma ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40008 (There is a memory leak vulnerability in CloudEngine 12800 V200R019C00S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD V100R005C10SP ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40006 (The fingerprint module has a security risk of brute force cracking. Su ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40005 (The distributed data service component has a vulnerability in data acc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40004 (The cellular module has a vulnerability in permission management. Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40003 (HwPCAssistant has a path traversal vulnerability. Successful exploitat ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40002 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40001 (The CaasKit module has a path traversal vulnerability. Successful expl ...)
+ NOT-FOR-US: Huawei
+CVE-2021-40000 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39999
+ RESERVED
+CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for multiple ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39997 (There is a vulnerability of unstrict input parameter verification in t ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39996 (There is a Heap-based buffer overflow vulnerability with the NFC modul ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39994 (There is an arbitrary address access vulnerability with the product li ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39993 (There is an Integer overflow vulnerability with ACPU in smartphones. S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39992 (There is an improper security permission configuration vulnerability o ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39991 (There is an unauthorized rewriting vulnerability with the memory acces ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39990 (The screen lock module has a Stack-based Buffer Overflow vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39989 (The HwNearbyMain module has a Exposure of Sensitive Information to an ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39988 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39987 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39986 (There is an unauthorized rewriting vulnerability with the memory acces ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39985 (The HwNearbyMain module has a Improper Validation of Array Index vulne ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39984 (Huawei idap module has a Out-of-bounds Read vulnerability.Successful e ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39983 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39982 (Phone Manager application has a Improper Privilege Management vulnerab ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39981 (Chang Lian application has a vulnerability which can be maliciously ex ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39980 (Telephony application has a Exposure of Sensitive Information to an Un ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39979 (HHEE system has a Code Injection vulnerability.Successful exploitation ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39978 (Telephony application has a SQL Injection vulnerability.Successful exp ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39977 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39976 (There is a privilege escalation vulnerability in CloudEngine 5800 V200 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39975 (Hilinksvc has a Data Processing Errors vulnerability.Successful exploi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39974 (There is an Out-of-bounds read in Smartphones.Successful exploitation ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39973 (There is a Null pointer dereference in Smartphones.Successful exploita ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39972 (MyHuawei-App has a Exposure of Sensitive Information to an Unauthorize ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39971 (Password vault has a External Control of System or Configuration Setti ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39970 (HwPCAssistant has a Improper Input Validation vulnerability.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39969 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39968 (Changlian Blocklist has a Business Logic Errors vulnerability .Success ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39967 (There is a Vulnerability of obtaining broadcast information improperly ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39966 (There is an Uninitialized AOD driver structure in Smartphones.Successf ...)
+ NOT-FOR-US: Huawei
+CVE-2021-39965
+ RESERVED
+CVE-2021-39964
+ RESERVED
+CVE-2021-39963
+ RESERVED
+CVE-2021-39962
+ RESERVED
+CVE-2021-39961
+ RESERVED
+CVE-2021-39960
+ RESERVED
+CVE-2021-39959
+ RESERVED
+CVE-2021-39958
+ RESERVED
+CVE-2021-39957
+ RESERVED
+CVE-2021-39956
+ RESERVED
+CVE-2021-39955
+ RESERVED
+CVE-2021-39954
+ RESERVED
+CVE-2021-39953
+ RESERVED
+CVE-2021-39952
+ RESERVED
+CVE-2021-39951
+ RESERVED
+CVE-2021-39950
+ RESERVED
+CVE-2021-39949
+ RESERVED
+CVE-2021-39948
+ RESERVED
+CVE-2021-39947
+ RESERVED
+CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...)
+ - gitlab <unfixed>
+CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...)
+ - gitlab <unfixed>
+CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...)
+ - gitlab <unfixed>
+ TODO: reach out for details
+CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
+ - gitlab <unfixed>
+CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...)
+ - gitlab <unfixed>
+CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab Runner af ...)
+ - gitlab-ci-multi-runner <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630
+ NOTE: https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/
+CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since version ...)
+ - gitlab <unfixed>
+CVE-2021-39937 (A collision in access memoization logic in all versions of GitLab CE/E ...)
+ - gitlab <unfixed>
+CVE-2021-39936 (Improper access control in GitLab CE/EE affecting all versions startin ...)
+ - gitlab <unfixed>
+CVE-2021-39935 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39934 (Improper access control allows any project member to retrieve the serv ...)
+ - gitlab <unfixed>
+CVE-2021-39933 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39932 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39931 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and 14.3.6, b ...)
+ - gitlab <unfixed>
+CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4 ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17651
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-07.html
+CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html
+CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE versions betwe ...)
+ - gitlab <unfixed>
+CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...)
+ {DSA-5019-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <not-affected> (Vulnerable code not present)
+ [stretch] - wireshark <not-affected> (Vulnerable code not present)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17649
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-08.html
+CVE-2021-39925 (Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3 ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark 2.6.20-0+deb10u2
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17635
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-09.html
+CVE-2021-39924 (Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17677
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-10.html
+CVE-2021-39923 (Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17684
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-11.html
+CVE-2021-39922 (Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 an ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17636
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-12.html
+CVE-2021-39921 (NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3 ...)
+ {DSA-5019-1 DLA-2849-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17703
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-14.html
+CVE-2021-39920 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3 ...)
+ {DSA-5019-1}
+ - wireshark 3.6.0-1
+ [buster] - wireshark <not-affected> (IPPUSB dissector added in 3.4)
+ [stretch] - wireshark <not-affected> (IPPUSB dissector added in 3.4)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html
+CVE-2021-39919 (In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, a ...)
+ - gitlab <unfixed>
+CVE-2021-39918 (Incorrect Authorization in GitLab EE affecting all versions starting f ...)
+ - gitlab <unfixed>
+CVE-2021-39917 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39916 (Lack of an access control check in the External Status Check feature a ...)
+ - gitlab <unfixed>
+CVE-2021-39915 (Improper access control in the GraphQL API in GitLab CE/EE affecting a ...)
+ - gitlab <unfixed>
+CVE-2021-39914 (A regular expression denial of service issue in GitLab versions 8.13 t ...)
+ - gitlab <unfixed>
+CVE-2021-39913 (Accidental logging of system root password in the migration log in all ...)
+ - gitlab <unfixed>
+CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE starting ...)
+ - gitlab <unfixed>
+CVE-2021-39911 (An improper access control flaw in GitLab CE/EE since version 13.9 exp ...)
+ - gitlab <unfixed>
+CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-39908
+ RESERVED
+CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...)
+ - gitlab <unfixed>
+CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...)
+ - gitlab <unfixed>
+CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE API since ...)
+ - gitlab <unfixed>
+CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in GitLab ...)
+ - gitlab <unfixed>
+CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a privileged user, ...)
+ - gitlab <unfixed>
+CVE-2021-39902 (Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user wi ...)
+ - gitlab <unfixed>
+CVE-2021-39901 (In all versions of GitLab CE/EE since version 11.10, an admin of a gro ...)
+ - gitlab <unfixed>
+CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 10.8 all ...)
+ - gitlab <unfixed>
+CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical access to a ...)
+ - gitlab <unfixed>
+CVE-2021-39898 (In all versions of GitLab CE/EE since version 10.6, a project export l ...)
+ - gitlab <unfixed>
+CVE-2021-39897 (Improper access control in GitLab CE/EE version 10.5 and above allowed ...)
+ - gitlab <unfixed>
+CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin uses ...)
+ - gitlab <unfixed>
+CVE-2021-39895 (In all versions of GitLab CE/EE since version 8.0, an attacker can set ...)
+ - gitlab <unfixed>
+CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vul ...)
+ - gitlab <unfixed>
+CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...)
+ - gitlab <unfixed>
+CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...)
+ [experimental] - gitlab 14.6.4+ds1-1
+ - gitlab <unfixed>
+ NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/28440
+CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...)
+ - gitlab <unfixed>
+CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...)
+ - gitlab <unfixed>
+CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...)
+ - gitlab <not-affected> (Specific to Enterprise Edition)
+CVE-2021-39888 (In all versions of GitLab EE since version 13.10, a specific API endpo ...)
+ - gitlab <not-affected> (Specific to Enterprise Edition)
+CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab Flavored Mar ...)
+ - gitlab <unfixed>
+CVE-2021-39886 (Permissions rules were not applied while issues were moved between pro ...)
+ - gitlab <unfixed>
+CVE-2021-39885 (A Stored XSS in merge request creation page in Gitlab EE version 13.5 ...)
+ - gitlab <not-affected> (Specific to Enterprise Edition)
+CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint discloses ...)
+ - gitlab <not-affected> (Specific to Enterprise Edition)
+CVE-2021-39883 (Improper authorization checks in GitLab EE &gt; 13.11 allows subgroup ...)
+ - gitlab <not-affected> (Specific to Enterprise Edition)
+CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous users c ...)
+ - gitlab <unfixed>
+CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the application may ...)
+ - gitlab <unfixed>
+CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...)
+ - gitlab <unfixed>
+ - ruby-apollo-upload-server <unfixed>
+ TODO: reach out for details
+CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...)
+ - gitlab <unfixed>
+CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jira inte ...)
+ - gitlab <unfixed>
+CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...)
+ - gitlab <unfixed>
+CVE-2021-39876
+ RESERVED
+CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to ...)
+ - gitlab <unfixed>
+CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...)
+ - gitlab <unfixed>
+CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content spoofing vulne ...)
+ - gitlab <unfixed>
+CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an improper access ...)
+ - gitlab <unfixed>
+CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an instance that h ...)
+ - gitlab <unfixed>
+CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an instance that ...)
+ - gitlab <unfixed>
+CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project exports may ...)
+ - gitlab <unfixed>
+CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an authenticated l ...)
+ - gitlab <unfixed>
+CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vu ...)
+ - gitlab <unfixed>
+CVE-2021-39866 (A business logic error in the project deletion process in GitLab 13.6 ...)
+ - gitlab <unfixed>
+CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39863 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39862 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39861 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39860 (Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 ( ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39859
+ RESERVED
+CVE-2021-39858 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39857 (Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39856 (Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39855 (Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39854 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39853 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39852 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39851 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39850 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39849 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39848
+ RESERVED
+CVE-2021-39847 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-ba ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39846 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39845 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39844 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39843 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39842 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39841 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39840 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39839 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39838 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39837 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39836 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39835 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39834 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39833 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39832 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39831 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39830 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39829 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39828 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a p ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39827 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39826 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39825 (Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and e ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39824 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39823 (Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and e ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39822
+ RESERVED
+CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39820
+ RESERVED
+CVE-2021-39819 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39818 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39817 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39816 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-39815
+ RESERVED
+CVE-2021-39814
+ RESERVED
+CVE-2021-39813
+ RESERVED
+CVE-2021-39812
+ RESERVED
+CVE-2021-39811
+ RESERVED
+CVE-2021-39810
+ RESERVED
+CVE-2021-39809
+ RESERVED
+CVE-2021-39808
+ RESERVED
+CVE-2021-39807
+ RESERVED
+CVE-2021-39806
+ RESERVED
+CVE-2021-39805
+ RESERVED
+CVE-2021-39804
+ RESERVED
+CVE-2021-39803
+ RESERVED
+CVE-2021-39802
+ RESERVED
+CVE-2021-39801
+ RESERVED
+CVE-2021-39800
+ RESERVED
+CVE-2021-39799
+ RESERVED
+CVE-2021-39798
+ RESERVED
+CVE-2021-39797
+ RESERVED
+CVE-2021-39796
+ RESERVED
+CVE-2021-39795
+ RESERVED
+CVE-2021-39794
+ RESERVED
+CVE-2021-39793
+ RESERVED
+CVE-2021-39792
+ RESERVED
+CVE-2021-39791
+ RESERVED
+CVE-2021-39790
+ RESERVED
+CVE-2021-39789
+ RESERVED
+CVE-2021-39788
+ RESERVED
+CVE-2021-39787
+ RESERVED
+CVE-2021-39786
+ RESERVED
+CVE-2021-39785
+ RESERVED
+CVE-2021-39784
+ RESERVED
+CVE-2021-39783
+ RESERVED
+CVE-2021-39782
+ RESERVED
+CVE-2021-39781
+ RESERVED
+CVE-2021-39780
+ RESERVED
+CVE-2021-39779
+ RESERVED
+CVE-2021-39778
+ RESERVED
+CVE-2021-39777
+ RESERVED
+CVE-2021-39776
+ RESERVED
+CVE-2021-39775
+ RESERVED
+CVE-2021-39774
+ RESERVED
+CVE-2021-39773
+ RESERVED
+CVE-2021-39772
+ RESERVED
+CVE-2021-39771
+ RESERVED
+CVE-2021-39770
+ RESERVED
+CVE-2021-39769
+ RESERVED
+CVE-2021-39768
+ RESERVED
+CVE-2021-39767
+ RESERVED
+CVE-2021-39766
+ RESERVED
+CVE-2021-39765
+ RESERVED
+CVE-2021-39764
+ RESERVED
+CVE-2021-39763
+ RESERVED
+CVE-2021-39762
+ RESERVED
+CVE-2021-39761
+ RESERVED
+CVE-2021-39760
+ RESERVED
+CVE-2021-39759
+ RESERVED
+CVE-2021-39758
+ RESERVED
+CVE-2021-39757
+ RESERVED
+CVE-2021-39756
+ RESERVED
+CVE-2021-39755
+ RESERVED
+CVE-2021-39754
+ RESERVED
+CVE-2021-39753
+ RESERVED
+CVE-2021-39752
+ RESERVED
+CVE-2021-39751
+ RESERVED
+CVE-2021-39750
+ RESERVED
+CVE-2021-39749
+ RESERVED
+CVE-2021-39748
+ RESERVED
+CVE-2021-39747
+ RESERVED
+CVE-2021-39746
+ RESERVED
+CVE-2021-39745
+ RESERVED
+CVE-2021-39744
+ RESERVED
+CVE-2021-39743
+ RESERVED
+CVE-2021-39742
+ RESERVED
+CVE-2021-39741
+ RESERVED
+CVE-2021-39740
+ RESERVED
+CVE-2021-39739
+ RESERVED
+CVE-2021-39738
+ RESERVED
+CVE-2021-39737
+ RESERVED
+CVE-2021-39736
+ RESERVED
+CVE-2021-39735
+ RESERVED
+CVE-2021-39734
+ RESERVED
+CVE-2021-39733
+ RESERVED
+CVE-2021-39732
+ RESERVED
+CVE-2021-39731
+ RESERVED
+CVE-2021-39730
+ RESERVED
+CVE-2021-39729
+ RESERVED
+CVE-2021-39728
+ RESERVED
+CVE-2021-39727
+ RESERVED
+CVE-2021-39726
+ RESERVED
+CVE-2021-39725
+ RESERVED
+CVE-2021-39724
+ RESERVED
+CVE-2021-39723
+ RESERVED
+CVE-2021-39722
+ RESERVED
+CVE-2021-39721
+ RESERVED
+CVE-2021-39720
+ RESERVED
+CVE-2021-39719
+ RESERVED
+CVE-2021-39718
+ RESERVED
+CVE-2021-39717
+ RESERVED
+CVE-2021-39716
+ RESERVED
+CVE-2021-39715
+ RESERVED
+CVE-2021-39714
+ RESERVED
+CVE-2021-39713
+ RESERVED
+CVE-2021-39712
+ RESERVED
+CVE-2021-39711
+ RESERVED
+CVE-2021-39710
+ RESERVED
+CVE-2021-39709
+ RESERVED
+CVE-2021-39708
+ RESERVED
+CVE-2021-39707
+ RESERVED
+CVE-2021-39706
+ RESERVED
+CVE-2021-39705
+ RESERVED
+CVE-2021-39704
+ RESERVED
+CVE-2021-39703
+ RESERVED
+CVE-2021-39702
+ RESERVED
+CVE-2021-39701
+ RESERVED
+CVE-2021-39700
+ RESERVED
+CVE-2021-39699
+ RESERVED
+CVE-2021-39698
+ RESERVED
+CVE-2021-39697
+ RESERVED
+CVE-2021-39696
+ RESERVED
+CVE-2021-39695
+ RESERVED
+CVE-2021-39694
+ RESERVED
+CVE-2021-39693
+ RESERVED
+CVE-2021-39692
+ RESERVED
+CVE-2021-39691
+ RESERVED
+CVE-2021-39690
+ RESERVED
+CVE-2021-39689
+ RESERVED
+CVE-2021-39688 (In TBD of TBD, there is a possible out of bounds read due to TBD. This ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39687 (In HandleTransactionIoEvent of actuator_driver.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-39686
+ RESERVED
+CVE-2021-39685
+ RESERVED
+ {DSA-5050-1}
+ - linux 5.15.5-2
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4
+CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39683 (In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39682 (In mgm_alloc_page of memory_group_manager.c, there is a possible out o ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39681 (In delete_protocol of main.c, there is a possible arbitrary code execu ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39680 (In sec_SHA256_Transform of sha256_core.c, there is a possible way to r ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39679 (In init of vendor_graphicbuffer_meta.cpp, there is a possible use afte ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39678 (In &lt;TBD&gt; of &lt;TBD&gt;, there is a possible bypass of Factory R ...)
+ NOT-FOR-US: Pixel
+CVE-2021-39677 (In startVideoStream() there is a possibility of an OOB Read in the hea ...)
+ NOT-FOR-US: Android
+CVE-2021-39676 (In writeThrowable of AndroidFuture.java, there is a possible parcel se ...)
+ NOT-FOR-US: Android
+CVE-2021-39675 (In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds writ ...)
+ NOT-FOR-US: Android
+CVE-2021-39674 (In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , the ...)
+ NOT-FOR-US: Android
+CVE-2021-39673
+ RESERVED
+CVE-2021-39672 (In fastboot, there is a possible secure boot bypass due to a configura ...)
+ NOT-FOR-US: Android
+CVE-2021-39671 (In code generated by aidl_const_expressions.cpp, there is a possible o ...)
+ NOT-FOR-US: Android
+CVE-2021-39670
+ RESERVED
+CVE-2021-39669 (In onCreate of InstallCaCertificateWarning.java, there is a possible w ...)
+ NOT-FOR-US: Android
+CVE-2021-39668 (In onActivityViewReady of DetailDialog.kt, there is a possible Intent ...)
+ NOT-FOR-US: Android
+CVE-2021-39667
+ RESERVED
+CVE-2021-39666 (In extract of MediaMetricsItem.h, there is a possible out of bounds re ...)
+ NOT-FOR-US: Android
+CVE-2021-39665 (In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bo ...)
+ NOT-FOR-US: Android
+CVE-2021-39664 (In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2021-39663 (In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, ther ...)
+ NOT-FOR-US: Android
+CVE-2021-39662 (In checkUriPermission of MediaProvider.java , there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-39661
+ RESERVED
+CVE-2021-39660
+ RESERVED
+CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-39658 (ismsEx service is a vendor service in unisoc equipment&#12290;ismsEx s ...)
+ NOT-FOR-US: Android
+CVE-2021-39657 (In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out ...)
+ - linux 5.10.12-1
+ [buster] - linux 4.19.171-1
+ [stretch] - linux 4.9.258-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
+ NOTE: https://git.kernel.org/linus/35fc4cd34426c242ab015ef280853b7bff101f48 (5.11-rc4)
+CVE-2021-39656 (In __configfs_open_file of file.c, there is a possible use-after-free ...)
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
+ NOTE: https://git.kernel.org/linus/14fbbc8297728e880070f7b077b3301a8c698ef9 (5.12-rc3)
+CVE-2021-39655 (Product: AndroidVersions: Android kernelAndroid ID: A-192641593Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39654
+ RESERVED
+CVE-2021-39653 (In (TBD) of (TBD), there is a possible way to boot with a hidden debug ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39652 (In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds wri ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39651 (In TBD of TBD, there is a possible way to access PIN protected setting ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39650 (In (TBD) of (TBD), there is a possible out of bounds write due to a mi ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39649 (In regmap_exit of regmap.c, there is a possible use-after-free due to ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39648 (In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclos ...)
+ - linux 5.10.9-1
+ [buster] - linux 4.19.171-1
+ [stretch] - linux 4.9.258-1
+ NOTE: https://git.kernel.org/linus/64e6bbfff52db4bf6785fab9cffab850b2de6870
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
+CVE-2021-39647 (In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_ ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39646 (Product: AndroidVersions: Android kernelAndroid ID: A-201537251Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39645 (Product: AndroidVersions: Android kernelAndroid ID: A-199805112Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39644 (Product: AndroidVersions: Android kernelAndroid ID: A-199809304Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39643 (In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39642 (In synchronous_process_io_entries of lwis_ioctl.c, there is a possible ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39641 (Product: AndroidVersions: Android kernelAndroid ID: A-126949257Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39640 (In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39639 (In TBD of fvp.c, there is a possible way to glitch CPU behavior due to ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39638 (In periodic_io_work_func of lwis_periodic_io.c, there is a possible ou ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39637 (In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there i ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-39636 (In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possib ...)
+ - linux 4.16.5-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01
+CVE-2021-39635 (ims_ex is a vendor system service used to manage VoLTE in unisoc devic ...)
+ NOT-FOR-US: Android
+CVE-2021-39634 (In fs/eventpoll.c, there is a possible use after free. This could lead ...)
+ - linux 5.8.14-1
+ [buster] - linux 4.19.152-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://source.android.com/security/bulletin/2022-01-01
+ NOTE: https://git.kernel.org/linus/f8d4f44df056c5b504b0d49683fb7279218fd207 (5.9-rc8)
+CVE-2021-39633 (In gre_handle_offloads of ip_gre.c, there is a possible page fault due ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://source.android.com/security/bulletin/2022-01-01
+ NOTE: https://git.kernel.org/linus/1d011c4803c72f3907eccfc1ec63caefb852fcbf (5.14)
+CVE-2021-39632 (In inotify_cb of events.cpp, there is a possible out of bounds write d ...)
+ NOT-FOR-US: Android
+CVE-2021-39631 (In clear_data_dlg_text of strings.xml, there is a possible situation w ...)
+ NOT-FOR-US: Android
+CVE-2021-39630 (In executeRequest of OverlayManagerService.java, there is a possible w ...)
+ NOT-FOR-US: Android
+CVE-2021-39629 (In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-39628 (In StatusBar.java, there is a possible disclosure of notification cont ...)
+ NOT-FOR-US: Android
+CVE-2021-39627 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...)
+ NOT-FOR-US: Android
+CVE-2021-39624
+ RESERVED
+CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...)
+ NOT-FOR-US: Android
+CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset Protection ...)
+ NOT-FOR-US: Android
+CVE-2021-39621 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-39620 (In ipcSetDataReference of Parcel.cpp, there is a possible way to corru ...)
+ NOT-FOR-US: Android
+CVE-2021-39619 (In updatePackageMappingsData of UsageStatsService.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-39617
+ RESERVED
+CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 ...)
+ NOT-FOR-US: Android
+CVE-2021-3733 [Denial of service when identifying crafted invalid RFCs]
+ RESERVED
+ {DLA-2808-1}
+ - python3.9 3.9.7-1
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ NOTE: https://bugs.python.org/issue43075
+ NOTE: https://github.com/python/cpython/pull/24391
+ NOTE: https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)
+ NOTE: https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)
+ NOTE: https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)
+ NOTE: https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)
+ NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)
+CVE-2021-3732 [overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files]
+ RESERVED
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249
+ NOTE: https://git.kernel.org/linus/427215d85e8d1476da1a86b8d67aceb485eb3631
+CVE-2021-39615 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSR-500N version 1.02 contains ...)
+ NOT-FOR-US: D-Link
+CVE-2021-39614 (D-Link DVX-2000MS contains hard-coded credentials for undocumented use ...)
+ NOT-FOR-US: D-Link
+CVE-2021-39613 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DVG-3104MS version 1.0.2.0.3, 1 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-39612
+ RESERVED
+CVE-2021-39611
+ RESERVED
+CVE-2021-39610
+ RESERVED
+CVE-2021-39609 (Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 v ...)
+ NOT-FOR-US: FlatCore-CMS
+CVE-2021-39608 (Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 ...)
+ NOT-FOR-US: FlatCore-CMS
+CVE-2021-39607
+ RESERVED
+CVE-2021-39606
+ RESERVED
+CVE-2021-39605
+ RESERVED
+CVE-2021-39604
+ RESERVED
+CVE-2021-39603
+ RESERVED
+CVE-2021-39602 (A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd fu ...)
+ NOT-FOR-US: Miniftpd
+CVE-2021-39601
+ RESERVED
+CVE-2021-39600
+ RESERVED
+CVE-2021-39599 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS ...)
+ NOT-FOR-US: CXUUCMS
+CVE-2021-39598 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/145
+CVE-2021-39597 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/143
+CVE-2021-39596 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/146
+CVE-2021-39595 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/141
+CVE-2021-39594 (Other An issue was discovered in swftools through 20200710. A NULL poi ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/142
+CVE-2021-39593 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/139
+CVE-2021-39592 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/138
+CVE-2021-39591 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/135
+CVE-2021-39590 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/137
+CVE-2021-39589 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/132
+CVE-2021-39588 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/131
+CVE-2021-39587 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/129
+CVE-2021-39586
+ RESERVED
+CVE-2021-39585 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/133
+CVE-2021-39584 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/130
+CVE-2021-39583 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/136
+CVE-2021-39582 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/122
+CVE-2021-39581
+ RESERVED
+CVE-2021-39580
+ RESERVED
+CVE-2021-39579 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/125
+CVE-2021-39578
+ RESERVED
+CVE-2021-39577 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/121
+CVE-2021-39576
+ RESERVED
+CVE-2021-39575 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/128
+CVE-2021-39574 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/124
+CVE-2021-39573
+ RESERVED
+CVE-2021-39572
+ RESERVED
+CVE-2021-39571
+ RESERVED
+CVE-2021-39570
+ RESERVED
+CVE-2021-39569 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/114
+CVE-2021-39568
+ RESERVED
+CVE-2021-39567
+ RESERVED
+CVE-2021-39566
+ RESERVED
+CVE-2021-39565
+ RESERVED
+CVE-2021-39564 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/116
+CVE-2021-39563 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/115
+CVE-2021-39562 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/98
+CVE-2021-39561 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/102
+CVE-2021-39560
+ RESERVED
+CVE-2021-39559 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/101
+CVE-2021-39558 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/106
+CVE-2021-39557 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/97
+CVE-2021-39556 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/105
+CVE-2021-39555 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/99
+CVE-2021-39554 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/100
+CVE-2021-39553 (An issue was discovered in swftools through 20200710. A NULL pointer d ...)
+ - swftools <removed>
+ [stretch] - swftools <no-dsa> (Minor issue)
+ NOTE: https://github.com/matthiaskramm/swftools/issues/103
+CVE-2021-39552 (An issue was discovered in sela through 20200412. file::WavFile::readF ...)
+ NOT-FOR-US: sela
+CVE-2021-39551 (An issue was discovered in sela through 20200412. file::SelaFile::read ...)
+ NOT-FOR-US: sela
+CVE-2021-39550 (An issue was discovered in sela through 20200412. file::SelaFile::read ...)
+ NOT-FOR-US: sela
+CVE-2021-39549 (An issue was discovered in sela through 20200412. A NULL pointer deref ...)
+ NOT-FOR-US: sela
+CVE-2021-39548 (An issue was discovered in sela through 20200412. A NULL pointer deref ...)
+ NOT-FOR-US: sela
+CVE-2021-39547 (An issue was discovered in sela through 20200412. A NULL pointer deref ...)
+ NOT-FOR-US: sela
+CVE-2021-39546 (An issue was discovered in sela through 20200412. rice::RiceDecoder::p ...)
+ NOT-FOR-US: sela
+CVE-2021-39545 (An issue was discovered in sela through 20200412. A NULL pointer deref ...)
+ NOT-FOR-US: sela
+CVE-2021-39544 (An issue was discovered in sela through 20200412. file::WavFile::write ...)
+ NOT-FOR-US: sela
+CVE-2021-39543 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...)
+ NOT-FOR-US: pdftools
+CVE-2021-39542 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...)
+ NOT-FOR-US: pdftools
+CVE-2021-39541 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...)
+ NOT-FOR-US: pdftools
+CVE-2021-39540 (An issue was discovered in pdftools through 20200714. A stack-buffer-o ...)
+ NOT-FOR-US: pdftools
+CVE-2021-39539 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...)
+ NOT-FOR-US: pdftools
+CVE-2021-39538 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...)
+ NOT-FOR-US: pdftools
+CVE-2021-39537 (An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in ca ...)
+ - ncurses <unfixed> (unimportant)
+ NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
+ NOTE: Negligible security impact
+CVE-2021-39536 (An issue was discovered in libxsmm through v1.16.1-93. The JIT code ha ...)
+ - libxsmm <unfixed> (bug #996098)
+ NOTE: https://github.com/hfp/libxsmm/issues/402
+ NOTE: https://github.com/hfp/libxsmm/commit/d6984918886d4bd6be241ff3e6af799f4aba3375
+ NOTE: https://github.com/hfp/libxsmm/commit/c24027d07eef23411a56958e52afad5ee6db6393
+CVE-2021-39535 (An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer ...)
+ - libxsmm <unfixed> (bug #996098)
+ NOTE: https://github.com/hfp/libxsmm/issues/398
+ NOTE: https://github.com/hfp/libxsmm/commit/d6984918886d4bd6be241ff3e6af799f4aba3375
+CVE-2021-39534 (An issue was discovered in libslax through v0.22.1. slaxIsCommentStart ...)
+ - libslax <itp> (bug #766210)
+CVE-2021-39533 (An issue was discovered in libslax through v0.22.1. slaxLexer() in sla ...)
+ - libslax <itp> (bug #766210)
+CVE-2021-39532 (An issue was discovered in libslax through v0.22.1. A NULL pointer der ...)
+ - libslax <itp> (bug #766210)
+CVE-2021-39531 (An issue was discovered in libslax through v0.22.1. slaxLexer() in sla ...)
+ - libslax <itp> (bug #766210)
+CVE-2021-39530 (An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39529
+ RESERVED
+CVE-2021-39528 (An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MAT ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39527 (An issue was discovered in libredwg through v0.10.1.3751. appinfo_priv ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39526
+ RESERVED
+CVE-2021-39525 (An issue was discovered in libredwg through v0.10.1.3751. bit_read_fix ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39524
+ RESERVED
+CVE-2021-39523 (An issue was discovered in libredwg through v0.10.1.3751. A NULL point ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39522 (An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len( ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39521 (An issue was discovered in libredwg through v0.10.1.3751. A NULL point ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-39520 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/34
+CVE-2021-39519 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/28
+CVE-2021-39518 (An issue was discovered in libjpeg through 2020021. LineBuffer::FetchR ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/35
+CVE-2021-39517 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/33
+CVE-2021-39516 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/42
+CVE-2021-39515 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/37
+CVE-2021-39514 (An issue was discovered in libjpeg through 2020021. An uncaught floati ...)
+ - libjpeg 0.0~git20200925.f145908-1
+ NOTE: https://github.com/thorfdbg/libjpeg/issues/36
+CVE-2021-39513
+ RESERVED
+CVE-2021-39512
+ RESERVED
+CVE-2021-39511
+ RESERVED
+CVE-2021-39510 (An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wirele ...)
+ NOT-FOR-US: D-Link
+CVE-2021-39509 (An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B01 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-39508
+ RESERVED
+CVE-2021-39507
+ RESERVED
+CVE-2021-39506
+ RESERVED
+CVE-2021-39505
+ RESERVED
+CVE-2021-39504
+ RESERVED
+CVE-2021-39503 (PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is ...)
+ NOT-FOR-US: PHPMyWind
+CVE-2021-39502
+ RESERVED
+CVE-2021-39501 (EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect ...)
+ NOT-FOR-US: EyouCMS
+CVE-2021-39500 (Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of i ...)
+ NOT-FOR-US: EyouCMS
+CVE-2021-39499 (A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouC ...)
+ NOT-FOR-US: EyouCMS
+CVE-2021-39498
+ RESERVED
+CVE-2021-39497 (eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...)
+ NOT-FOR-US: EyouCMS
+CVE-2021-39496 (Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...)
+ NOT-FOR-US: EyouCMS
+CVE-2021-39495
+ RESERVED
+CVE-2021-39494
+ RESERVED
+CVE-2021-39493
+ RESERVED
+CVE-2021-39492
+ RESERVED
+CVE-2021-39491
+ RESERVED
+CVE-2021-39490
+ RESERVED
+CVE-2021-39489
+ RESERVED
+CVE-2021-39488
+ RESERVED
+CVE-2021-39487
+ RESERVED
+CVE-2021-39486 (A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2. ...)
+ NOT-FOR-US: Gila CMS
+CVE-2021-39485
+ RESERVED
+CVE-2021-39484
+ RESERVED
+CVE-2021-39483
+ RESERVED
+CVE-2021-39482
+ RESERVED
+CVE-2021-39481
+ RESERVED
+CVE-2021-39480 (Bingrep v0.8.5 was discovered to contain a memory allocation failure w ...)
+ NOT-FOR-US: bingrep
+CVE-2021-39479
+ RESERVED
+CVE-2021-39478
+ RESERVED
+CVE-2021-39477
+ RESERVED
+CVE-2021-39476
+ RESERVED
+CVE-2021-39475
+ RESERVED
+CVE-2021-39474 (Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported a ...)
+ NOT-FOR-US: Docsis UBC1319BA00 Router
+CVE-2021-39473
+ RESERVED
+CVE-2021-39472
+ RESERVED
+CVE-2021-39471
+ RESERVED
+CVE-2021-39470
+ RESERVED
+CVE-2021-39469
+ RESERVED
+CVE-2021-39468
+ RESERVED
+CVE-2021-39467
+ RESERVED
+CVE-2021-39466
+ RESERVED
+CVE-2021-39465
+ RESERVED
+CVE-2021-39464
+ RESERVED
+CVE-2021-39463
+ RESERVED
+CVE-2021-39462
+ RESERVED
+CVE-2021-39461
+ RESERVED
+CVE-2021-39460
+ RESERVED
+CVE-2021-39459 (Remote code execution in the modules component in Yakamara Media Redax ...)
+ NOT-FOR-US: Yakamara Media Redaxo CMS
+CVE-2021-39458 (Triggering an error page of the import process in Yakamara Media Redax ...)
+ NOT-FOR-US: Yakamara Media Redaxo CMS
+CVE-2021-39457
+ RESERVED
+CVE-2021-39456
+ RESERVED
+CVE-2021-39455
+ RESERVED
+CVE-2021-39454
+ RESERVED
+CVE-2021-39453
+ RESERVED
+CVE-2021-39452
+ RESERVED
+CVE-2021-39451
+ RESERVED
+CVE-2021-39450
+ RESERVED
+CVE-2021-39449
+ RESERVED
+CVE-2021-39448
+ RESERVED
+CVE-2021-39447
+ RESERVED
+CVE-2021-39446
+ RESERVED
+CVE-2021-39445
+ RESERVED
+CVE-2021-39444
+ RESERVED
+CVE-2021-39443
+ RESERVED
+CVE-2021-39442
+ RESERVED
+CVE-2021-39441
+ RESERVED
+CVE-2021-39440
+ RESERVED
+CVE-2021-39439
+ RESERVED
+CVE-2021-39438
+ RESERVED
+CVE-2021-39437
+ RESERVED
+CVE-2021-39436
+ RESERVED
+CVE-2021-39435
+ RESERVED
+CVE-2021-39434
+ RESERVED
+CVE-2021-39433 (A local file inclusion (LFI) vulnerability exists in version BIQS IT B ...)
+ NOT-FOR-US: BIQS IT Biqs-drive
+CVE-2021-39432
+ RESERVED
+CVE-2021-39431
+ RESERVED
+CVE-2021-39430
+ RESERVED
+CVE-2021-39429
+ RESERVED
+CVE-2021-39428
+ RESERVED
+CVE-2021-39427
+ RESERVED
+CVE-2021-39426
+ RESERVED
+CVE-2021-39425
+ RESERVED
+CVE-2021-39424
+ RESERVED
+CVE-2021-39423
+ RESERVED
+CVE-2021-39422
+ RESERVED
+CVE-2021-39421
+ RESERVED
+CVE-2021-39420 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0. ...)
+ NOT-FOR-US: VFront
+CVE-2021-39419
+ RESERVED
+CVE-2021-39418
+ RESERVED
+CVE-2021-39417
+ RESERVED
+CVE-2021-39416 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote C ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-39415
+ RESERVED
+CVE-2021-39414
+ RESERVED
+CVE-2021-39413 (Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel ...)
+ NOT-FOR-US: SEO Panel
+CVE-2021-39412 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGuruk ...)
+ NOT-FOR-US: PHPGurukul Shopping
+CVE-2021-39411 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGuruku ...)
+ NOT-FOR-US: PHPGurukul Hospital Management System
+CVE-2021-39410
+ RESERVED
+CVE-2021-39409
+ RESERVED
+CVE-2021-39408
+ RESERVED
+CVE-2021-39407
+ RESERVED
+CVE-2021-39406
+ RESERVED
+CVE-2021-39405
+ RESERVED
+CVE-2021-39404 (MaianAffiliate v1.0 allows an authenticated administrative user to sav ...)
+ NOT-FOR-US: MaianAffiliate
+CVE-2021-39403
+ RESERVED
+CVE-2021-39402 (MaianAffiliate v.1.0 is suffers from code injection by adding a new pr ...)
+ NOT-FOR-US: MaianAffiliate
+CVE-2021-39401
+ RESERVED
+CVE-2021-39400
+ RESERVED
+CVE-2021-39399
+ RESERVED
+CVE-2021-39398
+ RESERVED
+CVE-2021-39397
+ RESERVED
+CVE-2021-39396
+ RESERVED
+CVE-2021-39395
+ RESERVED
+CVE-2021-39394
+ RESERVED
+CVE-2021-39393
+ RESERVED
+CVE-2021-39392 (The management tool in MyLittleBackup up to and including 1.7 allows r ...)
+ NOT-FOR-US: MyLittleBackup
+CVE-2021-39391 (Cross Site Scripting (XSS) vulnerability exists in the admin panel in ...)
+ NOT-FOR-US: Beego
+CVE-2021-39390
+ RESERVED
+CVE-2021-39389
+ RESERVED
+CVE-2021-39388
+ RESERVED
+CVE-2021-39387
+ RESERVED
+CVE-2021-39386
+ RESERVED
+CVE-2021-39385
+ RESERVED
+CVE-2021-39384
+ RESERVED
+CVE-2021-39383
+ RESERVED
+CVE-2021-39382
+ RESERVED
+CVE-2021-39381
+ RESERVED
+CVE-2021-39380
+ RESERVED
+CVE-2021-39379 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...)
+ NOT-FOR-US: openSIS
+CVE-2021-39378 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...)
+ NOT-FOR-US: openSIS
+CVE-2021-39377 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...)
+ NOT-FOR-US: openSIS
+CVE-2021-39376 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...)
+ NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR)
+CVE-2021-39375 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...)
+ NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR)
+CVE-2021-39374
+ RESERVED
+CVE-2021-39373 (Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers t ...)
+ NOT-FOR-US: Samsung
+CVE-2021-39372
+ RESERVED
+CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an ...)
+ {DLA-2754-1}
+ - pywps 4.5.0-1
+ [bullseye] - pywps <no-dsa> (Minor issue)
+ [buster] - pywps <no-dsa> (Minor issue)
+ NOTE: https://github.com/geopython/OWSLib/issues/790
+ NOTE: https://github.com/geopython/pywps/pull/616
+CVE-2021-39370
+ RESERVED
+CVE-2021-39369
+ RESERVED
+CVE-2021-39368 (Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter ...)
+ NOT-FOR-US: Canon Oce Print Exec Workgroup
+CVE-2021-39367 (Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. ...)
+ NOT-FOR-US: Canon Oce Print Exec Workgroup
+CVE-2021-39366
+ RESERVED
+CVE-2021-39365 (In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certifi ...)
+ {DSA-4964-1 DLA-2762-1}
+ - grilo 0.3.13-1.1 (bug #992971)
+ NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+ NOTE: https://gitlab.gnome.org/GNOME/grilo/-/issues/146
+CVE-2021-39364
+ RESERVED
+CVE-2021-39363
+ RESERVED
+CVE-2021-39362 (An XSS issue was discovered in ReCaptcha Solver 5.7. A response from A ...)
+ NOT-FOR-US: ReCaptcha Solver
+CVE-2021-39361 (In GNOME evolution-rss through 0.3.96, network-soup.c does not enable ...)
+ - evolution-rss <unfixed> (bug #996590)
+ [bullseye] - evolution-rss <no-dsa> (Minor issue)
+ [buster] - evolution-rss <no-dsa> (Minor issue)
+ [stretch] - evolution-rss <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+ NOTE: https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11
+CVE-2021-39360 (In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS ...)
+ - libzapojit <unfixed> (bug #993538)
+ [bullseye] - libzapojit <no-dsa> (Minor issue)
+ [buster] - libzapojit <no-dsa> (Minor issue)
+ [stretch] - libzapojit <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+ NOTE: https://gitlab.gnome.org/GNOME/libzapojit/-/issues/4
+CVE-2021-39359 (In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS ...)
+ - libgda5 <unfixed> (bug #993592)
+ [bullseye] - libgda5 <no-dsa> (Minor issue)
+ [buster] - libgda5 <no-dsa> (Minor issue)
+ [stretch] - libgda5 <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+ NOTE: https://gitlab.gnome.org/GNOME/libgda/-/issues/249
+CVE-2021-39358 (In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable T ...)
+ - gfbgraph 0.2.5-1 (bug #993537)
+ [bullseye] - gfbgraph <no-dsa> (Minor issue)
+ [buster] - gfbgraph <no-dsa> (Minor issue)
+ [stretch] - gfbgraph <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
+ NOTE: https://gitlab.gnome.org/GNOME/libgfbgraph/-/issues/17
+CVE-2021-3731 (LedgerSMB does not sufficiently guard against being wrapped by other s ...)
+ {DSA-4962-1}
+ - ledgersmb 1.6.9+ds-2.1 (bug #992817)
+ NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking
+CVE-2021-39357 (The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39356 (The Content Staging WordPress plugin is vulnerable to Stored Cross-Sit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39354 (The Easy Digital Downloads WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39353 (The Easy Registration Forms WordPress plugin is vulnerable to Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39352 (The Catch Themes Demo Import WordPress plugin is vulnerable to arbitra ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated SQL i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39349 (The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39346 (The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39343 (The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39341 (The OptinMonster WordPress plugin is vulnerable to sensitive informati ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39340 (The Notification WordPress plugin is vulnerable to Stored Cross-Site S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39337 (The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39336 (The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Sc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cros ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39333 (The Hashthemes Demo Importer Plugin &lt;= 1.1.1 for WordPress containe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39331
+ RESERVED
+CVE-2021-39330
+ REJECTED
+CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39326
+ RESERVED
+CVE-2021-39325 (The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Sit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39324
+ RESERVED
+CVE-2021-39323
+ RESERVED
+CVE-2021-39322 (The Easy Social Icons plugin &lt;= 3.0.8 for WordPress echoes out the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerabl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39320 (The underConstruction plugin &lt;= 1.18 for WordPress echoes out the r ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39319 (The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerabl ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39318 (The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-S ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39317 (A WordPress plugin and several WordPress themes developed by AccessPre ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39316 (The Zoomsounds plugin &lt;= 6.45 for WordPress allows arbitrary files, ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-39315 (The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39314 (The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39313 (The Simple Image Gallery WordPress plugin is vulnerable to Reflected C ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39312 (The True Ranker plugin &lt;= 2.2.2 for WordPress allows arbitrary file ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39311 (The link-list-manager WordPress plugin is vulnerable to Reflected Cros ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39310 (The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Sit ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39309 (The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerabl ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39308 (The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlin ...)
+ NOT-FOR-US: PDFTron WebViewer UI
+CVE-2021-39306 (A stack buffer overflow was discovered on Realtek RTL8195AM device bef ...)
+ NOT-FOR-US: Realtek
+CVE-2021-39305
+ RESERVED
+CVE-2021-39304 (Proofpoint Enterprise Protection before 8.12.0-2108090000 allows secur ...)
+ NOT-FOR-US: Proofpoint
+CVE-2021-3730 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka P ...)
+ NOT-FOR-US: Jamf Pro
+CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...)
+ NOT-FOR-US: MISP
+CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39298 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...)
+ NOT-FOR-US: HP
+CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...)
+ NOT-FOR-US: OpenBMC
+CVE-2021-39295
+ RESERVED
+CVE-2021-3727 (# Vulnerability in `rand-quote` and `hitokoto` plugins **Description** ...)
+ NOT-FOR-US: ohmyzsh
+CVE-2021-3726 (# Vulnerability in `title` function **Description**: the `title` funct ...)
+ NOT-FOR-US: ohmyzsh
+CVE-2021-3725 (Vulnerability in dirhistory plugin Description: the widgets that go ba ...)
+ NOT-FOR-US: ohmyzsh
+CVE-2021-3724
+ RESERVED
+ NOT-FOR-US: Red Hat Serverless
+CVE-2021-23161
+ RESERVED
+ NOT-FOR-US: Red Hat Serverless
+CVE-2021-23156
+ RESERVED
+ NOT-FOR-US: Red Hat Serverless
+CVE-2021-39294
+ RESERVED
+CVE-2021-39293 (In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.17 1.17.1-1
+ - golang-1.16 1.16.8-1
+ - golang-1.15 1.15.15-2
+ [bullseye] - golang-1.15 1.15.15-1~deb11u1
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/47801
+ NOTE: https://github.com/golang/go/commit/1dd24caf08985066b309af6bc461780c73e05c35 (1.17.1)
+ NOTE: https://github.com/golang/go/commit/6c480017ae600b2c90a264a922e041df04dfa785 (1.16.8)
+CVE-2021-39292
+ RESERVED
+CVE-2021-3723 (A command injection vulnerability was reported in the Integrated Manag ...)
+ NOT-FOR-US: IBM
+CVE-2021-3722
+ RESERVED
+CVE-2021-3721
+ RESERVED
+CVE-2021-3720 (An information disclosure vulnerability was reported in the Time Weath ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3719 (A potential vulnerability in the SMI callback function that saves and ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3718 (A denial of service vulnerability was reported in some ThinkPad models ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-39291 (Certain NetModule devices allow credentials via GET parameters to CLI- ...)
+ NOT-FOR-US: NetModule devices
+CVE-2021-39290 (Certain NetModule devices allow Limited Session Fixation via PHPSESSID ...)
+ NOT-FOR-US: NetModule devices
+CVE-2021-39289 (Certain NetModule devices have Insecure Password Handling (cleartext o ...)
+ NOT-FOR-US: NetModule devices
+CVE-2021-39288
+ RESERVED
+CVE-2021-39287
+ RESERVED
+CVE-2021-39286 (Webrecorder pywb before 2.6.0 allows XSS because it does not ensure th ...)
+ NOT-FOR-US: Webrecorder pywb
+CVE-2021-39285 (A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8 ...)
+ NOT-FOR-US: Versa
+CVE-2021-39284
+ RESERVED
+CVE-2021-39283 (liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <ignored> (Minor issue)
+ [stretch] - liblivemedia <ignored> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021969.html
+CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <ignored> (Minor issue)
+ [stretch] - liblivemedia <ignored> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021970.html
+CVE-2021-39281
+ RESERVED
+CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to execute a ...)
+ NOT-FOR-US: Korenix JetWave devices
+CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via /forms/ ...)
+ NOT-FOR-US: MOXA
+CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import menu. T ...)
+ NOT-FOR-US: MOXA
+CVE-2021-39277
+ RESERVED
+CVE-2021-39276
+ RESERVED
+CVE-2021-39275 (ap_escape_quotes() may write beyond the end of a buffer when given mal ...)
+ {DSA-4982-1 DLA-2776-1}
+ - apache2 2.4.49-1
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-39275
+ NOTE: https://github.com/apache/httpd/commit/d8bce6f575abb29997bba358b31842bf757776c6 (trunk)
+ NOTE: https://github.com/apache/httpd/commit/e0fec7d48dab1924c5a6b48819ce1cf420733f62 (trunk)
+ NOTE: https://github.com/apache/httpd/commit/8f09caf9945f3c80563bc4a776b04fbba239ca71 (trunk)
+ NOTE: https://github.com/apache/httpd/commit/c69d4cc90c0e27703030b3ff09f91bf4dcbcfd51 (2.4.x)
+ NOTE: https://github.com/apache/httpd/commit/ac62c7e7436560cf4f7725ee586364ce95c07804 (2.4.x)
+CVE-2021-3717
+ RESERVED
+ - wildfly <itp> (bug #752018)
+CVE-2021-39274 (In XeroSecurity Sn1per 9.0 (free version), insecure directory permissi ...)
+ NOT-FOR-US: XeroSecurity Sn1per
+CVE-2021-39273 (In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) ...)
+ NOT-FOR-US: XeroSecurity Sn1per
+CVE-2021-39272 (Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption i ...)
+ - fetchmail 6.4.22-1 (bug #993163)
+ [bullseye] - fetchmail <no-dsa> (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist)
+ [buster] - fetchmail <no-dsa> (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist)
+ [stretch] - fetchmail <no-dsa> (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist)
+ NOTE: https://www.fetchmail.info/fetchmail-SA-2021-02.txt
+CVE-2021-39271 (OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code ex ...)
+ NOT-FOR-US: OrbiTeam BSCW Classic
+CVE-2021-39270 (In Ping Identity RSA SecurID Integration Kit before 3.2, user imperson ...)
+ NOT-FOR-US: Ping Identity RSA SecurID Integration Kit
+CVE-2021-39269
+ RESERVED
+CVE-2021-39268 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-39267 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-39266
+ RESERVED
+CVE-2021-39265
+ RESERVED
+CVE-2021-39264
+ RESERVED
+CVE-2021-39263 (A crafted NTFS image can trigger a heap-based buffer overflow, caused ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39262 (A crafted NTFS image can cause an out-of-bounds access in ntfs_decompr ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39261 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_co ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39260 (A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_s ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39259 (A crafted NTFS image can trigger an out-of-bounds access, caused by an ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39258 (A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find a ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39257 (A crafted NTFS image with an unallocated bitmap can lead to a endless ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39256 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_in ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39255 (A crafted NTFS image can trigger an out-of-bounds read, caused by an i ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39254 (A crafted NTFS image can cause an integer overflow in memmove, leading ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39253 (A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_ ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39252 (A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39251 (A crafted NTFS image can cause a NULL pointer dereference in ntfs_exte ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-39250 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...)
+ NOT-FOR-US: Invision Community
+CVE-2021-39249 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...)
+ NOT-FOR-US: Invision Community
+CVE-2021-39248 (Open edX through Lilac.1 allows XSS in common/static/common/js/discuss ...)
+ NOT-FOR-US: Open edX
+CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, ...)
+ - zint <not-affected> (Introduced and fixed between 2.9.1 and 2.10.0)
+ NOTE: https://sourceforge.net/p/zint/code/ci/9b02cd52214e80f945bff41fc94bc1e17e15810c/
+ NOTE: https://sourceforge.net/p/zint/tickets/232/
+ NOTE: Introduced in https://sourceforge.net/p/zint/code/ci/6274140c73aa39c42271644ef8c9b4551ca06fc2/
+CVE-2021-39246 (Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlatio ...)
+ NOT-FOR-US: Tor Browser
+CVE-2021-3716 [NBD_OPT_STRUCTURED_REPLY injection on STARTTLS]
+ RESERVED
+ - nbdkit 1.26.5-1
+ [bullseye] - nbdkit <no-dsa> (Minor issue)
+ [buster] - nbdkit <not-affected> (Vulnerable code introduced later)
+ [stretch] - nbdkit <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/libguestfs/nbdkit/commit/eaa4c6e9a2c4bdb71aefdd4b1d865e7a9af606a8 (v1.11.8)
+ NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00077.html
+CVE-2021-3715
+ RESERVED
+ - linux 5.5.17-1
+ [buster] - linux 4.19.118-1
+ [stretch] - linux 4.9.228-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/07/1
+ NOTE: https://git.kernel.org/linus/ef299cc3fa1a9e1288665a9fdc8bff55629fd359 (5.6)
+CVE-2021-3714
+ RESERVED
+CVE-2021-39245 (Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, ...)
+ NOT-FOR-US: Altus
+CVE-2021-39244 (Authenticated Semi-Blind Command Injection (via Parameter Injection) e ...)
+ NOT-FOR-US: Altus
+CVE-2021-39243 (Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, ...)
+ NOT-FOR-US: Altus
+CVE-2021-39242 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...)
+ {DSA-4960-1}
+ - haproxy 2.2.16-1
+ [buster] - haproxy <not-affected> (Vulnerable code introduced later)
+ [stretch] - haproxy <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
+ NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=b5d2b9e154d78e4075db163826c5e0f6d31b2ab1
+CVE-2021-39241 (An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.1 ...)
+ {DSA-4960-1}
+ - haproxy 2.2.16-1
+ [buster] - haproxy <not-affected> (Vulnerable code introduced later)
+ [stretch] - haproxy <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
+ NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=89265224d314a056d77d974284802c1b8a0dc97f
+CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...)
+ {DSA-4960-1}
+ - haproxy 2.2.16-1
+ [buster] - haproxy <not-affected> (Vulnerable code introduced later)
+ [stretch] - haproxy <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html
+ NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=4b8852c70d8c4b7e225e24eb58258a15eb54c26e
+ NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8
+CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions up to 4. ...)
+ NOT-FOR-US: Apache Jena
+CVE-2021-39238 (Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise Pag ...)
+ NOT-FOR-US: HP
+CVE-2021-39237 (Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide ...)
+ NOT-FOR-US: HP
+CVE-2021-39236 (In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-39235 (In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-39234 (In Apache Ozone versions prior to 1.2.0, Authenticated users knowing t ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-39233 (In Apache Ozone versions prior to 1.2.0, Container related Datanode re ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-39232 (In Apache Ozone versions prior to 1.2.0, certain admin related SCM com ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-39231 (In Apache Ozone versions prior to 1.2.0, Various internal server-to-se ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) d ...)
+ {DSA-4980-1 DLA-2753-1}
+ - qemu 1:6.1+dfsg-2 (bug #992727)
+ [buster] - qemu <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1994640
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/13b250b12ad3c59114a6a17d59caf073ce45b33a
+CVE-2021-39230 (Butter is a system usability utility. Due to a kernel error the JPNS k ...)
+ NOT-FOR-US: Butter
+CVE-2021-39229 (Apprise is an open source library which allows you to send a notificat ...)
+ NOT-FOR-US: Apprise
+CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vulnerab ...)
+ NOT-FOR-US: Tremor event processing (different from Vorbis Tremor)
+CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for Apache ...)
+ NOT-FOR-US: ZRender
+CVE-2021-39226 (Grafana is an open source data visualization platform. In affected ver ...)
+ - grafana <removed>
+CVE-2021-39225 (Nextcloud is an open-source, self-hosted productivity platform. A miss ...)
+ NOT-FOR-US: Nextcloud Deck
+CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+ NOT-FOR-US: Nextcloud OfficeOnline
+CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+ NOT-FOR-US: Nextcloud Richdocuments
+CVE-2021-39222 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...)
+ NOT-FOR-US: Nextcloud Contacts
+CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...)
+ NOT-FOR-US: Nextcloud Mail
+CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. Wasmtim ...)
+ NOT-FOR-US: wasmtime
+CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. In Wasm ...)
+ NOT-FOR-US: wasmtime
+CVE-2021-39217
+ RESERVED
+CVE-2021-39216 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. In Wasm ...)
+ NOT-FOR-US: wasmtime
+CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...)
+ - jitsi-meet <itp> (bug #760485)
+CVE-2021-39214 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...)
+ - mitmproxy <unfixed> (bug #994570)
+ [bullseye] - mitmproxy <no-dsa> (Minor issue)
+ [buster] - mitmproxy <no-dsa> (Minor issue)
+ [stretch] - mitmproxy <no-dsa> (Minor issue)
+ NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38
+CVE-2021-39213 (GLPI is a free Asset and IT management software package. Starting in v ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary distri ...)
+ - imagemagick <unfixed> (bug #996588)
+ [bullseye] - imagemagick <no-dsa> (Minor issue)
+ [buster] - imagemagick <no-dsa> (Minor issue)
+ [stretch] - imagemagick <no-dsa> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e
+CVE-2021-39211 (GLPI is a free Asset and IT management software package. Starting in v ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2021-39210 (GLPI is a free Asset and IT management software package. In versions p ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2021-39209 (GLPI is a free Asset and IT management software package. In versions p ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2021-39208 (SharpCompress is a fully managed C# library to deal with many compress ...)
+ NOT-FOR-US: SharpCompress
+CVE-2021-39207 (parlai is a framework for training and evaluating AI models on a varie ...)
+ NOT-FOR-US: Facebook ParlAI
+CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
+ NOT-FOR-US: Pomerium
+CVE-2021-39205 (Jitsi Meet is an open source video conferencing application. Versions ...)
+ - jitsi-meet <itp> (bug #760485)
+CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
+ NOT-FOR-US: Pomerium
+CVE-2021-39203 (WordPress is a free and open-source content management system written ...)
+ - wordpress <not-affected> (Only affects 5.8 beta 1; vulnerable code introduced later)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-qxvw-qxm9-qvg6
+CVE-2021-39202 (WordPress is a free and open-source content management system written ...)
+ - wordpress <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297
+CVE-2021-39201 (WordPress is a free and open-source content management system written ...)
+ {DSA-4985-1}
+ - wordpress 5.8.1+dfsg1-1 (bug #994059)
+ [stretch] - wordpress <not-affected> (Vulnerable code added later)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v
+CVE-2021-39200 (WordPress is a free and open-source content management system written ...)
+ - wordpress 5.8.1+dfsg1-1 (bug #994060)
+ [bullseye] - wordpress 5.7.3+dfsg1-0+deb11u1
+ [buster] - wordpress <not-affected> (Vulnerable code introduced later in 5.2)
+ [stretch] - wordpress <not-affected> (Vulnerable code added later)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5
+CVE-2021-39199 (remark-html is an open source nodejs library which compiles Markdown t ...)
+ NOT-FOR-US: Node remark-html
+CVE-2021-39198 (OroCRM is an open source Client Relationship Management (CRM) applicat ...)
+ NOT-FOR-US: OroCRM
+CVE-2021-39197 (better_errors is an open source replacement for the standard Rails err ...)
+ - ruby-better-errors <itp> (bug #739168)
+CVE-2021-39196 (pcapture is an open source dumpcap web service interface . In affected ...)
+ NOT-FOR-US: pcapture
+CVE-2021-39195 (Misskey is an open source, decentralized microblogging platform. In af ...)
+ NOT-FOR-US: Misskey
+CVE-2021-39194 (kaml is an open source implementation of the YAML format with support ...)
+ NOT-FOR-US: kaml
+CVE-2021-39193 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...)
+ NOT-FOR-US: Frontier
+CVE-2021-39192 (Ghost is a Node.js content management system. An error in the implemen ...)
+ NOT-FOR-US: Ghost CMS
+CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+ - libapache2-mod-auth-openidc 2.4.9.4-1 (bug #993648)
+ [bullseye] - libapache2-mod-auth-openidc <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/03e6bfb446f4e3f27c003d30d6a433e5dd8e2b3d
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/issues/672
+CVE-2021-39190
+ RESERVED
+CVE-2021-39189 (Pimcore is an open source data &amp; experience management platform. I ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-39188
+ RESERVED
+CVE-2021-39187 (Parse Server is an open source backend that can be deployed to any inf ...)
+ NOT-FOR-US: Parse Server
+CVE-2021-39186 (GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior ...)
+ NOT-FOR-US: Miraheze
+CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services. In h ...)
+ NOT-FOR-US: Https4s
+CVE-2021-39184 (Electron is a framework for writing cross-platform desktop application ...)
+ - electron <itp> (bug #842420)
+CVE-2021-39183 (Owncast is an open source, self-hosted live video streaming and chat s ...)
+ NOT-FOR-US: Owncast
+CVE-2021-39182 (EnroCrypt is a Python module for encryption and hashing. Prior to vers ...)
+ NOT-FOR-US: EnroCrypt
+CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior to ver ...)
+ NOT-FOR-US: OpenOlat
+CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...)
+ NOT-FOR-US: OpenOLAT
+CVE-2021-39179 (DHIS 2 is an information system for data capture, management, validati ...)
+ NOT-FOR-US: DHIS 2
+CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...)
+ NOT-FOR-US: next.js
+CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...)
+ NOT-FOR-US: geyser
+CVE-2021-39176 (detect-character-encoding is a package for detecting character encodin ...)
+ NOT-FOR-US: detect-character-encoding
+ NOTE: NPM addon - https://github.com/sonicdoe/detect-character-encoding
+CVE-2021-39175 (HedgeDoc is a platform to write and share markdown. In versions prior ...)
+ NOT-FOR-US: hedgedoc
+CVE-2021-39174 (Cachet is an open source status page system. Prior to version 2.5.1, a ...)
+ - cachet <itp> (bug #851177)
+CVE-2021-39173 (Cachet is an open source status page system. Prior to version 2.5.1 au ...)
+ - cachet <itp> (bug #851177)
+CVE-2021-39172 (Cachet is an open source status page system. Prior to version 2.5.1, a ...)
+ - cachet <itp> (bug #851177)
+CVE-2021-39171 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...)
+ NOT-FOR-US: Node passport-saml
+CVE-2021-39170 (Pimcore is an open source data &amp; experience management platform. P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-39169 (Misskey is a decentralized microblogging platform. In versions of Miss ...)
+ NOT-FOR-US: Misskey
+CVE-2021-39168 (OpenZepplin is a library for smart contract development. In affected v ...)
+ NOT-FOR-US: OpenZeppelin
+CVE-2021-39167 (OpenZepplin is a library for smart contract development. In affected v ...)
+ NOT-FOR-US: OpenZeppelin
+CVE-2021-39166 (Pimcore is an open source data &amp; experience management platform. P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-39165 (Cachet is an open source status page. With Cachet prior to and includi ...)
+ - cachet <itp> (bug #851177)
+CVE-2021-39164 (Matrix is an ecosystem for open federated Instant Messaging and Voice ...)
+ - matrix-synapse 1.41.1-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q
+ NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1)
+CVE-2021-39163 (Matrix is an ecosystem for open federated Instant Messaging and Voice ...)
+ - matrix-synapse 1.41.1-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2
+ NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1)
+CVE-2021-39162 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...)
+ NOT-FOR-US: Pomerium
+CVE-2021-39161 (Discourse is an open source platform for community discussion. In affe ...)
+ NOT-FOR-US: Discourse
+CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...)
+ NOT-FOR-US: nbgitpuller
+CVE-2021-39159 (BinderHub is a kubernetes-based cloud service that allows users to sha ...)
+ NOT-FOR-US: BinderHub
+CVE-2021-39158 (NVCaffe's python required dependencies list used to contain `gfortran` ...)
+ NOT-FOR-US: NVCaffe
+CVE-2021-39157 (detect-character-encoding is an open source character encoding inspect ...)
+ NOT-FOR-US: detect-character-encoding
+CVE-2021-39156 (Istio is an open source platform for providing a uniform way to integr ...)
+ NOT-FOR-US: Istio
+CVE-2021-39155 (Istio is an open source platform for providing a uniform way to integr ...)
+ NOT-FOR-US: Istio
+CVE-2021-39154 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68
+ NOTE: https://x-stream.github.io/CVE-2021-39154.html
+CVE-2021-39153 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v
+ NOTE: https://x-stream.github.io/CVE-2021-39153.html
+CVE-2021-39152 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2
+ NOTE: https://x-stream.github.io/CVE-2021-39152.html
+CVE-2021-39151 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4
+ NOTE: https://x-stream.github.io/CVE-2021-39151.html
+CVE-2021-39150 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp
+ NOTE: https://x-stream.github.io/CVE-2021-39150.html
+CVE-2021-39149 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x
+ NOTE: https://x-stream.github.io/CVE-2021-39149.html
+CVE-2021-39148 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2
+ NOTE: https://x-stream.github.io/CVE-2021-39148.html
+CVE-2021-39147 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc
+ NOTE: https://x-stream.github.io/CVE-2021-39147.html
+CVE-2021-39146 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f
+ NOTE: https://x-stream.github.io/CVE-2021-39146.html
+CVE-2021-39145 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v
+ NOTE: https://x-stream.github.io/CVE-2021-39145.html
+CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
+ NOTE: https://x-stream.github.io/CVE-2021-39144.html
+CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
+ NOT-FOR-US: Spinnaker
+CVE-2021-39142
+ RESERVED
+CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2
+ NOTE: https://x-stream.github.io/CVE-2021-39141.html
+CVE-2021-39140 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc
+ NOTE: https://x-stream.github.io/CVE-2021-39140.html
+CVE-2021-39139 (XStream is a simple library to serialize objects to XML and back again ...)
+ {DSA-5004-1 DLA-2769-1}
+ - libxstream-java 1.4.18-1 (bug #998054)
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44
+ NOTE: https://x-stream.github.io/CVE-2021-39139.html
+CVE-2021-39138 (Parse Server is an open source backend that can be deployed to any inf ...)
+ NOT-FOR-US: Parse Server
+CVE-2021-39137 (go-ethereum is the official Go implementation of the Ethereum protocol ...)
+ NOT-FOR-US: go-ethereum
+CVE-2021-39136 (baserCMS is an open source content management system with a focus on J ...)
+ NOT-FOR-US: baserCMS
+CVE-2021-39135 (`@npmcli/arborist`, the library that calculates dependency trees and m ...)
+ [experimental] - npm 7.24.0+ds-1
+ - npm 7.24.0+ds-2 (bug #993405)
+ [bullseye] - npm <no-dsa> (Minor issue)
+ [buster] - npm <no-dsa> (Minor issue)
+ NOTE: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2
+CVE-2021-39134 (`@npmcli/arborist`, the library that calculates dependency trees and m ...)
+ [experimental] - npm 7.24.0+ds-1
+ - npm 7.24.0+ds-2 (bug #993407)
+ [bullseye] - npm <no-dsa> (Minor issue)
+ [buster] - npm <no-dsa> (Minor issue)
+ NOTE: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc
+CVE-2021-39133 (Rundeck is an open source automation service with a web console, comma ...)
+ NOT-FOR-US: Rundeck
+CVE-2021-39132 (Rundeck is an open source automation service with a web console, comma ...)
+ NOT-FOR-US: Rundeck
+CVE-2021-39131 (ced detects character encoding using Google&#8217;s compact_enc_det li ...)
+ NOT-FOR-US: Node ced
+CVE-2021-39130
+ RESERVED
+CVE-2021-39129
+ RESERVED
+CVE-2021-39128 (Affected versions of Atlassian Jira Server or Data Center using the Ji ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39127 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39126 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39125 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39124 (The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassi ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39123 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39122 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39121 (Affected versions of Atlassian Jira Server and Data Center allow authe ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39120
+ RESERVED
+CVE-2021-39119 (Affected versions of Atlassian Jira Server and Data Center allow users ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39118 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39117 (The AssociateFieldToScreens page in Atlassian Jira Server and Data Cen ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39116 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39115 (Affected versions of Atlassian Jira Service Management Server and Data ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39114
+ RESERVED
+CVE-2021-39113 (Affected versions of Atlassian Jira Server and Data Center allow anony ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39112 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39111 (The Editor plugin in Atlassian Jira Server and Data Center before vers ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39110
+ RESERVED
+CVE-2021-39109 (The renderWidgetResource resource in Atlasian Atlasboard before versio ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-39108
+ RESERVED
+CVE-2021-39107
+ RESERVED
+CVE-2021-39106
+ RESERVED
+CVE-2021-39105
+ RESERVED
+CVE-2021-39104
+ RESERVED
+CVE-2021-39103
+ RESERVED
+CVE-2021-39102
+ RESERVED
+CVE-2021-39101
+ RESERVED
+CVE-2021-39100
+ RESERVED
+CVE-2021-39099
+ RESERVED
+CVE-2021-39098
+ RESERVED
+CVE-2021-39097
+ RESERVED
+CVE-2021-39096
+ RESERVED
+CVE-2021-39095
+ RESERVED
+CVE-2021-39094
+ RESERVED
+CVE-2021-39093
+ RESERVED
+CVE-2021-39092
+ RESERVED
+CVE-2021-39091
+ RESERVED
+CVE-2021-39090
+ RESERVED
+CVE-2021-39089
+ RESERVED
+CVE-2021-39088
+ RESERVED
+CVE-2021-39087
+ RESERVED
+CVE-2021-39086
+ RESERVED
+CVE-2021-39085
+ RESERVED
+CVE-2021-39084
+ RESERVED
+CVE-2021-39083
+ RESERVED
+CVE-2021-39082
+ RESERVED
+CVE-2021-39081
+ RESERVED
+CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android appli ...)
+ NOT-FOR-US: IBM
+CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to version ...)
+ NOT-FOR-US: IBM
+CVE-2021-39078
+ RESERVED
+CVE-2021-39077
+ RESERVED
+CVE-2021-39076
+ RESERVED
+CVE-2021-39075
+ RESERVED
+CVE-2021-39074
+ RESERVED
+CVE-2021-39073
+ RESERVED
+CVE-2021-39072
+ RESERVED
+CVE-2021-39071
+ RESERVED
+CVE-2021-39070 (IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the ad ...)
+ NOT-FOR-US: IBM
+CVE-2021-39069
+ RESERVED
+CVE-2021-39068
+ RESERVED
+CVE-2021-39067
+ RESERVED
+CVE-2021-39066 (IBM Financial Transaction Manager 3.2.4 does not invalidate session an ...)
+ NOT-FOR-US: IBM
+CVE-2021-39065 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2021-39064 (IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authenti ...)
+ NOT-FOR-US: IBM
+CVE-2021-39063 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin ...)
+ NOT-FOR-US: IBM
+CVE-2021-39062
+ RESERVED
+CVE-2021-39061
+ RESERVED
+CVE-2021-39060
+ RESERVED
+CVE-2021-39059
+ RESERVED
+CVE-2021-39058 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...)
+ NOT-FOR-US: IBM
+CVE-2021-39057 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to s ...)
+ NOT-FOR-US: IBM
+CVE-2021-39056 (The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (E ...)
+ NOT-FOR-US: IBM
+CVE-2021-39055
+ RESERVED
+CVE-2021-39054 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2021-39053 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2021-39052 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2021-39051
+ RESERVED
+CVE-2021-39050 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...)
+ NOT-FOR-US: IBM
+CVE-2021-39049 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...)
+ NOT-FOR-US: IBM
+CVE-2021-39048 (IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based ...)
+ NOT-FOR-US: IBM
+CVE-2021-39047
+ RESERVED
+CVE-2021-39046
+ RESERVED
+CVE-2021-39045
+ RESERVED
+CVE-2021-39044 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site re ...)
+ NOT-FOR-US: IBM
+CVE-2021-39043
+ RESERVED
+CVE-2021-39042
+ RESERVED
+CVE-2021-39041
+ RESERVED
+CVE-2021-39040
+ RESERVED
+CVE-2021-39039
+ RESERVED
+CVE-2021-39038
+ RESERVED
+CVE-2021-39037
+ RESERVED
+CVE-2021-39036
+ RESERVED
+CVE-2021-39035
+ RESERVED
+CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...)
+ NOT-FOR-US: IBM
+CVE-2021-39033
+ RESERVED
+CVE-2021-39032 (IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potential ...)
+ NOT-FOR-US: IBM
+CVE-2021-39031 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 c ...)
+ NOT-FOR-US: IBM
+CVE-2021-39030
+ RESERVED
+CVE-2021-39029
+ RESERVED
+CVE-2021-39028
+ RESERVED
+CVE-2021-39027
+ RESERVED
+CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...)
+ NOT-FOR-US: IBM
+CVE-2021-39025
+ RESERVED
+CVE-2021-39024
+ RESERVED
+CVE-2021-39023
+ RESERVED
+CVE-2021-39022
+ RESERVED
+CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...)
+ NOT-FOR-US: IBM
+CVE-2021-39020
+ RESERVED
+CVE-2021-39019
+ RESERVED
+CVE-2021-39018
+ RESERVED
+CVE-2021-39017
+ RESERVED
+CVE-2021-39016
+ RESERVED
+CVE-2021-39015
+ RESERVED
+CVE-2021-39014
+ RESERVED
+CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could ...)
+ NOT-FOR-US: IBM
+CVE-2021-39012
+ RESERVED
+CVE-2021-39011
+ RESERVED
+CVE-2021-39010
+ RESERVED
+CVE-2021-39009
+ RESERVED
+CVE-2021-39008
+ RESERVED
+CVE-2021-39007
+ RESERVED
+CVE-2021-39006
+ RESERVED
+CVE-2021-39005
+ RESERVED
+CVE-2021-39004
+ RESERVED
+CVE-2021-39003
+ RESERVED
+CVE-2021-39002 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2021-39001
+ RESERVED
+CVE-2021-39000 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to ob ...)
+ NOT-FOR-US: IBM
+CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain sensitive info ...)
+ NOT-FOR-US: IBM
+CVE-2021-38998
+ RESERVED
+CVE-2021-38997
+ RESERVED
+CVE-2021-38996
+ RESERVED
+CVE-2021-38995
+ RESERVED
+CVE-2021-38994
+ RESERVED
+CVE-2021-38993
+ RESERVED
+CVE-2021-38992
+ RESERVED
+CVE-2021-38991 (IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local ...)
+ NOT-FOR-US: IBM
+CVE-2021-38990 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
+ NOT-FOR-US: IBM
+CVE-2021-38989
+ RESERVED
+CVE-2021-38988
+ RESERVED
+CVE-2021-38987
+ RESERVED
+CVE-2021-38986
+ RESERVED
+CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+ NOT-FOR-US: IBM
+CVE-2021-38984 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...)
+ NOT-FOR-US: IBM
+CVE-2021-38983 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...)
+ NOT-FOR-US: IBM
+CVE-2021-38982 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerabl ...)
+ NOT-FOR-US: IBM
+CVE-2021-38981 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
+ NOT-FOR-US: IBM
+CVE-2021-38980 (IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle ...)
+ NOT-FOR-US: IBM
+CVE-2021-38979 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-w ...)
+ NOT-FOR-US: IBM
+CVE-2021-38978 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
+ NOT-FOR-US: IBM
+CVE-2021-38977 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set ...)
+ NOT-FOR-US: IBM
+CVE-2021-38976 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user ...)
+ NOT-FOR-US: IBM
+CVE-2021-38975 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
+ NOT-FOR-US: IBM
+CVE-2021-38974 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
+ NOT-FOR-US: IBM
+CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+ NOT-FOR-US: IBM
+CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...)
+ NOT-FOR-US: IBM
+CVE-2021-38971
+ RESERVED
+CVE-2021-38970
+ RESERVED
+CVE-2021-38969
+ RESERVED
+CVE-2021-38968
+ RESERVED
+CVE-2021-38967 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged use ...)
+ NOT-FOR-US: IBM
+CVE-2021-38966 (IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site script ...)
+ NOT-FOR-US: IBM
+CVE-2021-38965 (IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remo ...)
+ NOT-FOR-US: IBM
+CVE-2021-38964
+ RESERVED
+CVE-2021-38963
+ RESERVED
+CVE-2021-38962
+ RESERVED
+CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerab ...)
+ NOT-FOR-US: IBM
+CVE-2021-38960 (IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated use ...)
+ NOT-FOR-US: IBM
+CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...)
+ NOT-FOR-US: IBM
+CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...)
+ NOT-FOR-US: IBM
+CVE-2021-38957 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sens ...)
+ NOT-FOR-US: IBM
+CVE-2021-38956 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sens ...)
+ NOT-FOR-US: IBM
+CVE-2021-38955
+ RESERVED
+CVE-2021-38954
+ RESERVED
+CVE-2021-38953
+ RESERVED
+CVE-2021-38952
+ RESERVED
+CVE-2021-38951 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
+CVE-2021-38950 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...)
+ NOT-FOR-US: IBM
+CVE-2021-38949 (IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials ...)
+ NOT-FOR-US: IBM
+CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML Externa ...)
+ NOT-FOR-US: IBM
+CVE-2021-38947 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...)
+ NOT-FOR-US: IBM
+CVE-2021-38946
+ RESERVED
+CVE-2021-38945
+ RESERVED
+CVE-2021-38944
+ RESERVED
+CVE-2021-38943
+ RESERVED
+CVE-2021-38942
+ RESERVED
+CVE-2021-38941
+ RESERVED
+CVE-2021-38940
+ RESERVED
+CVE-2021-38939
+ RESERVED
+CVE-2021-38938
+ RESERVED
+CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...)
+ NOT-FOR-US: IBM
+CVE-2021-38936
+ RESERVED
+CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...)
+ NOT-FOR-US: IBM
+CVE-2021-38934
+ RESERVED
+CVE-2021-38933
+ RESERVED
+CVE-2021-38932
+ RESERVED
+CVE-2021-38931 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-38930
+ RESERVED
+CVE-2021-38929
+ RESERVED
+CVE-2021-38928
+ RESERVED
+CVE-2021-38927
+ RESERVED
+CVE-2021-38926 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2021-38925 (IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 ...)
+ NOT-FOR-US: IBM
+CVE-2021-38924
+ RESERVED
+CVE-2021-38923 (IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain ac ...)
+ NOT-FOR-US: IBM
+CVE-2021-38922
+ RESERVED
+CVE-2021-38921 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than ex ...)
+ NOT-FOR-US: IBM
+CVE-2021-38920
+ RESERVED
+CVE-2021-38919
+ RESERVED
+CVE-2021-38918 (IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a spec ...)
+ NOT-FOR-US: IBM
+CVE-2021-38917 (IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-38916
+ RESERVED
+CVE-2021-38915 (IBM Data Risk Manager 2.0.6 stores user credentials in plain clear tex ...)
+ NOT-FOR-US: IBM
+CVE-2021-38914
+ RESERVED
+CVE-2021-38913
+ RESERVED
+CVE-2021-38912
+ RESERVED
+CVE-2021-38911 (IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in p ...)
+ NOT-FOR-US: IBM
+CVE-2021-38910
+ RESERVED
+CVE-2021-38909 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...)
+ NOT-FOR-US: IBM
+CVE-2021-38908
+ RESERVED
+CVE-2021-38907
+ RESERVED
+CVE-2021-38906
+ RESERVED
+CVE-2021-38905
+ RESERVED
+CVE-2021-38904
+ RESERVED
+CVE-2021-38903
+ RESERVED
+CVE-2021-38902
+ RESERVED
+CVE-2021-38901 (IBM Spectrum Protect Operations Center 7.1, under special configuratio ...)
+ NOT-FOR-US: IBM
+CVE-2021-38900 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...)
+ NOT-FOR-US: IBM
+CVE-2021-38899 (IBM Cloud Pak for Data 2.5 could allow a local user with special privi ...)
+ NOT-FOR-US: IBM
+CVE-2021-38898
+ RESERVED
+CVE-2021-38897
+ RESERVED
+CVE-2021-38896 (IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scrip ...)
+ NOT-FOR-US: IBM
+CVE-2021-38895 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cr ...)
+ NOT-FOR-US: IBM
+CVE-2021-38894 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remot ...)
+ NOT-FOR-US: IBM
+CVE-2021-38893 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...)
+ NOT-FOR-US: IBM
+CVE-2021-38892
+ REJECTED
+ NOT-FOR-US: IBM
+CVE-2021-38891 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than ...)
+ NOT-FOR-US: IBM
+CVE-2021-38890 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequat ...)
+ NOT-FOR-US: IBM
+CVE-2021-38889
+ RESERVED
+CVE-2021-38888
+ RESERVED
+CVE-2021-38887 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...)
+ NOT-FOR-US: IBM
+CVE-2021-38886
+ RESERVED
+CVE-2021-38885
+ RESERVED
+CVE-2021-38884
+ RESERVED
+CVE-2021-38883 (IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Bus ...)
+ NOT-FOR-US: IBM
+CVE-2021-38882 (IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admi ...)
+ NOT-FOR-US: IBM
+CVE-2021-38881
+ RESERVED
+CVE-2021-38880
+ RESERVED
+CVE-2021-38879
+ RESERVED
+CVE-2021-38878
+ RESERVED
+CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...)
+ NOT-FOR-US: IBM
+CVE-2021-38876 (IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vu ...)
+ NOT-FOR-US: IBM
+CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerabl ...)
+ NOT-FOR-US: IBM
+CVE-2021-38874
+ RESERVED
+CVE-2021-38873 (IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. ...)
+ NOT-FOR-US: IBM
+CVE-2021-38872
+ RESERVED
+CVE-2021-38871
+ RESERVED
+CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vu ...)
+ NOT-FOR-US: IBM
+CVE-2021-38869
+ RESERVED
+CVE-2021-38868
+ RESERVED
+CVE-2021-38867
+ RESERVED
+CVE-2021-38866
+ RESERVED
+CVE-2021-38865
+ RESERVED
+CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensit ...)
+ NOT-FOR-US: IBM
+CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...)
+ NOT-FOR-US: IBM
+CVE-2021-38862 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...)
+ NOT-FOR-US: IBM
+CVE-2021-38861
+ RESERVED
+CVE-2021-38860
+ RESERVED
+CVE-2021-38859
+ RESERVED
+CVE-2021-3712 (ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ...)
+ {DSA-4963-1 DLA-2774-1 DLA-2766-1}
+ - openssl 1.1.1l-1
+ - openssl1.0 <removed>
+ NOTE: https://www.openssl.org/news/secadv/20210824.txt
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d9d838ddc0ed083fb4c26dd067e71aad7c65ad16 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=174ba8048a7f2f5e1fca31cfb93b1730d9db8300 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f54e57406ca17731b9ade3afd561d3c652e07f2 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23446958685a593d4d9434475734b99138902ed2 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8393de42498f8be75cf0353f5c9f906a43a748d2 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4de66925203ca99189c842136ec4a623137ea447 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bb4d2ed4091408404e18b3326e3df67848ef63d0 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2d0e5d4a4a5d4332325b5e5cea492fad2be633e1 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8c74c9d1ade0fbdab5b815ddb747351b8b839641 (OpenSSL_1_1_1l)
+CVE-2021-3711 (In order to decrypt SM2 encrypted data an application is expected to c ...)
+ {DSA-4963-1}
+ - openssl 1.1.1l-1
+ [stretch] - openssl <not-affected> (support for SM2 decryption added in 1.1.1-pre3)
+ - openssl1.0 <not-affected> (Vulnerability does not affect 1.0.2 series)
+ NOTE: https://www.openssl.org/news/secadv/20210824.txt
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=733fa41c3fc4bcac37f94aa917f7242420f8a5a6 (OpenSSL_1_1_1l)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=515ac8b5e544dd713a2b4cabfc54b722d122c218 (OpenSSL_1_1_1l)
+CVE-2021-38858
+ RESERVED
+CVE-2021-38857
+ RESERVED
+CVE-2021-38856
+ RESERVED
+CVE-2021-38855
+ RESERVED
+CVE-2021-38854
+ RESERVED
+CVE-2021-38853
+ RESERVED
+CVE-2021-38852
+ RESERVED
+CVE-2021-38851
+ RESERVED
+CVE-2021-38850
+ RESERVED
+CVE-2021-38849
+ RESERVED
+CVE-2021-38848
+ RESERVED
+CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary file up ...)
+ NOT-FOR-US: S-Cart
+CVE-2021-38846
+ RESERVED
+CVE-2021-38845
+ RESERVED
+CVE-2021-38844
+ RESERVED
+CVE-2021-38843
+ RESERVED
+CVE-2021-38842
+ RESERVED
+CVE-2021-38841 (Remote Code Execution can occur in Simple Water Refilling Station Mana ...)
+ NOT-FOR-US: Simple Water Refilling Station Management System
+CVE-2021-38840 (SQL Injection can occur in Simple Water Refilling Station Management S ...)
+ NOT-FOR-US: Simple Water Refilling Station Management System
+CVE-2021-38839
+ RESERVED
+CVE-2021-38838
+ RESERVED
+CVE-2021-38837
+ RESERVED
+CVE-2021-38836
+ RESERVED
+CVE-2021-38835
+ RESERVED
+CVE-2021-38834
+ RESERVED
+CVE-2021-38833 (SQL injection vulnerability in PHPGurukul Apartment Visitors Managemen ...)
+ NOT-FOR-US: PHPGurukul Apartment Visitors Management System (AVMS)
+CVE-2021-38832
+ RESERVED
+CVE-2021-38831
+ RESERVED
+CVE-2021-38830
+ RESERVED
+CVE-2021-38829
+ RESERVED
+CVE-2021-38828
+ RESERVED
+CVE-2021-38827
+ RESERVED
+CVE-2021-38826
+ RESERVED
+CVE-2021-38825
+ RESERVED
+CVE-2021-38824
+ RESERVED
+CVE-2021-38823 (The IceHrm 30.0.0 OS website was found vulnerable to Session Managemen ...)
+ NOT-FOR-US: IceHrm
+CVE-2021-38822 (A Stored Cross Site Scripting vulnerability via Malicious File Upload ...)
+ NOT-FOR-US: IceHrm
+CVE-2021-38821
+ RESERVED
+CVE-2021-38820
+ RESERVED
+CVE-2021-38819
+ RESERVED
+CVE-2021-38818
+ RESERVED
+CVE-2021-38817
+ RESERVED
+CVE-2021-38816
+ RESERVED
+CVE-2021-38815
+ RESERVED
+CVE-2021-38814
+ RESERVED
+CVE-2021-38813
+ RESERVED
+CVE-2021-38812
+ RESERVED
+CVE-2021-38811
+ RESERVED
+CVE-2021-38810
+ RESERVED
+CVE-2021-38809
+ RESERVED
+CVE-2021-38808
+ RESERVED
+CVE-2021-38807
+ RESERVED
+CVE-2021-38806
+ RESERVED
+CVE-2021-38805
+ RESERVED
+CVE-2021-38804
+ RESERVED
+CVE-2021-38803
+ RESERVED
+CVE-2021-38802
+ RESERVED
+CVE-2021-38801
+ RESERVED
+CVE-2021-38800
+ RESERVED
+CVE-2021-38799
+ RESERVED
+CVE-2021-38798
+ RESERVED
+CVE-2021-38797
+ RESERVED
+CVE-2021-38796
+ RESERVED
+CVE-2021-38795
+ RESERVED
+CVE-2021-38794
+ RESERVED
+CVE-2021-38793
+ RESERVED
+CVE-2021-38792
+ RESERVED
+CVE-2021-38791
+ RESERVED
+CVE-2021-38790
+ RESERVED
+CVE-2021-38789 (Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect acce ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38788 (The Background service in Allwinner R818 SoC Android Q SDK V1.0 is use ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38787 (There is an integer overflow in the ION driver "/dev/ion" of Allwinner ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38786 (There is a NULL pointer dereference in media/libcedarc/vdecoder of All ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38785 (There is a NULL pointer deference in the Allwinner R818 SoC Android Q ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38784 (There is a NULL pointer dereference in the syscall open_exec function ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38783 (There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK ...)
+ NOT-FOR-US: Allwinner Android Q SDK
+CVE-2021-38782
+ RESERVED
+CVE-2021-38781
+ RESERVED
+CVE-2021-38780
+ RESERVED
+CVE-2021-38779
+ RESERVED
+CVE-2021-38778
+ RESERVED
+CVE-2021-38777
+ RESERVED
+CVE-2021-38776
+ RESERVED
+CVE-2021-38775
+ RESERVED
+CVE-2021-38774
+ RESERVED
+CVE-2021-38773
+ RESERVED
+CVE-2021-38772
+ RESERVED
+CVE-2021-38771
+ RESERVED
+CVE-2021-38770
+ RESERVED
+CVE-2021-38769
+ RESERVED
+CVE-2021-38768
+ RESERVED
+CVE-2021-38767
+ RESERVED
+CVE-2021-38766
+ RESERVED
+CVE-2021-38765
+ RESERVED
+CVE-2021-38764
+ RESERVED
+CVE-2021-38763
+ RESERVED
+CVE-2021-38762
+ RESERVED
+CVE-2021-38761
+ RESERVED
+CVE-2021-38760
+ RESERVED
+CVE-2021-38759 (Raspberry Pi OS through 5.10 has the raspberry default password for th ...)
+ NOT-FOR-US: Raspberry Pi OS
+CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...)
+ NOT-FOR-US: Directory traversal in Online Catering Reservation System
+CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2021-38756 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2021-38755 (Unauthenticated doctor entry deletion in Hospital Management System in ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2021-38754 (SQL Injection vulnerability in Hospital Management System due to lack ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2021-38753 (An unrestricted file upload on Simple Image Gallery Web App can be exp ...)
+ NOT-FOR-US: Simple Image Gallery Web App
+CVE-2021-38752 (A cross-site scripting (XSS) vulnerability in Online Catering Reservat ...)
+ NOT-FOR-US: Online Catering Reservation System
+CVE-2021-38751 (A HTTP Host header attack exists in ExponentCMS 2.6 and below in /expo ...)
+ NOT-FOR-US: ExponentCMS
+CVE-2021-38750
+ RESERVED
+CVE-2021-38749
+ RESERVED
+CVE-2021-38748
+ RESERVED
+CVE-2021-38747
+ RESERVED
+CVE-2021-38746
+ RESERVED
+CVE-2021-38745
+ RESERVED
+CVE-2021-38744
+ RESERVED
+CVE-2021-38743
+ RESERVED
+CVE-2021-38742
+ RESERVED
+CVE-2021-38741
+ RESERVED
+CVE-2021-38740
+ RESERVED
+CVE-2021-38739
+ RESERVED
+CVE-2021-38738
+ RESERVED
+CVE-2021-38737
+ RESERVED
+CVE-2021-38736
+ RESERVED
+CVE-2021-38735
+ RESERVED
+CVE-2021-38734
+ RESERVED
+CVE-2021-38733
+ RESERVED
+CVE-2021-38732
+ RESERVED
+CVE-2021-38731
+ RESERVED
+CVE-2021-38730
+ RESERVED
+CVE-2021-38729
+ RESERVED
+CVE-2021-38728
+ RESERVED
+CVE-2021-38727 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2021-38726
+ RESERVED
+CVE-2021-38725 (Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/co ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2021-38724
+ RESERVED
+CVE-2021-38723 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2021-38722
+ RESERVED
+CVE-2021-38721 (FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2021-38720
+ RESERVED
+CVE-2021-38719
+ RESERVED
+CVE-2021-38718
+ RESERVED
+CVE-2021-38717
+ RESERVED
+CVE-2021-38716
+ RESERVED
+CVE-2021-38715
+ RESERVED
+CVE-2021-38714 (In Plib through 1.85, there is an integer overflow vulnerability that ...)
+ {DLA-2775-1}
+ - plib 1.8.5-10 (bug #992973)
+ [bullseye] - plib 1.8.5-8+deb11u1
+ [buster] - plib <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/plib/bugs/55/
+CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. ...)
+ NOT-FOR-US: imgURL
+CVE-2021-38712 (OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents ...)
+ NOT-FOR-US: OneNav
+CVE-2021-38710 (** DISPUTED ** Static (Persistent) XSS Vulnerability exists in version ...)
+ NOT-FOR-US: Yclas
+CVE-2021-38709 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...)
+ NOT-FOR-US: ocProducts Composr CMS
+CVE-2021-38708 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...)
+ NOT-FOR-US: ocProducts Composr CMS
+CVE-2021-3710 (An information disclosure via path traversal was discovered in apport/ ...)
+ NOT-FOR-US: Apport
+CVE-2021-3709 (Function check_attachment_for_errors() in file data/general-hooks/ubun ...)
+ NOT-FOR-US: Apport
+CVE-2021-38711 (In gitit before 0.15.0.0, the Export feature can be exploited to leak ...)
+ - gitit <unfixed> (bug #992297)
+ [bullseye] - gitit <no-dsa> (Minor issue)
+ [buster] - gitit <no-dsa> (Minor issue)
+ [stretch] - gitit <no-dsa> (Minor issue)
+ NOTE: https://github.com/jgm/gitit/commit/eed32638f4f6e3b2f4b8a9a04c4b72001acf9ad8
+CVE-2021-38707 (Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7 ...)
+ NOT-FOR-US: ClinicCases
+CVE-2021-38706 (messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL inject ...)
+ NOT-FOR-US: ClinicCases
+CVE-2021-38705 (ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A ...)
+ NOT-FOR-US: ClinicCases
+CVE-2021-38704 (Multiple reflected cross-site scripting (XSS) vulnerabilities in Clini ...)
+ NOT-FOR-US: ClinicCases
+CVE-2021-38703 (Wireless devices running certain Arcadyan-derived firmware (such as KP ...)
+ NOT-FOR-US: Wireless devices running certain Arcadyan-derived firmware
+CVE-2021-3708 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...)
+ NOT-FOR-US: D-Link
+CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...)
+ NOT-FOR-US: D-Link
+CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 a ...)
+ NOT-FOR-US: Cyberoam NetGenie C0101B1-20141120-NG11VO devices
+CVE-2021-38701 (Certain Motorola Solutions Avigilon devices allow XSS in the administr ...)
+ NOT-FOR-US: Motorola Solutions Avigilon devices
+CVE-2021-38700
+ RESERVED
+CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashb ...)
+ NOT-FOR-US: TastyIgniter
+CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allow ...)
+ - consul <unfixed>
+ [bullseye] - consul <no-dsa> (Minor issue)
+ [buster] - consul <no-dsa> (Minor issue)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
+ NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15)
+CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...)
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
+CVE-2021-38696 (SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerabi ...)
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
+CVE-2021-38695 (SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scr ...)
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
+CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. ...)
+ NOT-FOR-US: SoftVibe SARABAN for INFOMA
+CVE-2021-38693
+ RESERVED
+CVE-2021-38692 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38691 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38690 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38689 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38688 (An improper authentication vulnerability has been reported to affect A ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38685 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38683
+ RESERVED
+CVE-2021-38682 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38681 (A reflected cross-site scripting (XSS) vulnerability has been reported ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38680 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38679 (An improper authentication vulnerability has been reported to affect Q ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38678 (An open redirect vulnerability has been reported to affect QNAP device ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38677 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38676
+ RESERVED
+CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-38674 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag ...)
+ NOT-FOR-US: adminlte
+CVE-2021-38673
+ RESERVED
+CVE-2021-38672 (Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38670
+ RESERVED
+CVE-2021-38669 (Microsoft Edge (Chromium-based) Tampering Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38668
+ RESERVED
+CVE-2021-38667 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38666 (Remote Desktop Client Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38665 (Remote Desktop Protocol Client Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38664
+ RESERVED
+CVE-2021-38663 (Windows exFAT File System Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38662 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38661 (HEVC Video Extensions Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38659 (Microsoft Office Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38658 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38657 (Microsoft Office Graphics Component Information Disclosure Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38656 (Microsoft Word Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38655 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38654 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38653 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38652 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38651 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38650 (Microsoft Office Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38649 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38648 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38647 (Open Management Infrastructure Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38646 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38645 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38644 (Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38643
+ RESERVED
+CVE-2021-38642 (Microsoft Edge for iOS Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38641 (Microsoft Edge for Android Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38640
+ RESERVED
+CVE-2021-38639 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38638 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38637 (Windows Storage Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38636 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38635 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38634 (Microsoft Windows Update Client Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38633 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38632 (BitLocker Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38631 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38630 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38629 (Windows Ancillary Function Driver for WinSock Information Disclosure V ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38628 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38627
+ RESERVED
+CVE-2021-38626 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38625 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38624 (Windows Key Storage Provider Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-38623 (The deferred_image_processing (aka Deferred image processing) extensio ...)
+ NOT-FOR-US: deferred_image_processing (aka Deferred image processing) extension for TYPO3
+CVE-2021-38622
+ RESERVED
+CVE-2021-38621 (The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index ...)
+ NOT-FOR-US: Agora Flat Server
+CVE-2021-38620
+ RESERVED
+CVE-2021-38619 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...)
+ NOT-FOR-US: openBaraza HCM
+CVE-2021-38618 (In GFOS Workforce Management 4.8.272.1, the login page of application ...)
+ NOT-FOR-US: GFOS Workforce Management
+CVE-2021-38617 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ us ...)
+ NOT-FOR-US: Eigen
+CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{us ...)
+ NOT-FOR-US: Eigen
+CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...)
+ NOT-FOR-US: Eigen
+CVE-2021-3705 (Potential security vulnerabilities have been discovered on a certain H ...)
+ NOT-FOR-US: HP
+CVE-2021-3704 (Potential security vulnerabilities have been discovered on a certain H ...)
+ NOT-FOR-US: HP
+CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is u ...)
+ - polipo <removed>
+ [buster] - polipo <ignored> (Minor issue)
+ [stretch] - polipo <ignored> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/28/2
+CVE-2021-38613 (The assets/index.php Image Upload feature of the NASCENT RemKon Device ...)
+ NOT-FOR-US: NASCENT RemKon Device Manager
+CVE-2021-38612 (In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulner ...)
+ NOT-FOR-US: NASCENT RemKon Device Manager
+CVE-2021-38611 (A command-injection vulnerability in the Image Upload function of the ...)
+ NOT-FOR-US: NASCENT RemKon Device Manager
+CVE-2021-38610
+ RESERVED
+CVE-2021-38609
+ RESERVED
+CVE-2021-38608 (Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.73 ...)
+ NOT-FOR-US: Tranquil WAPT Enterprise
+CVE-2021-38607 (Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated u ...)
+ NOT-FOR-US: Crocoblock JetEngine
+CVE-2021-38606 (reNgine through 0.5 relies on a predictable directory name. ...)
+ NOT-FOR-US: reNgine
+CVE-2021-38605
+ RESERVED
+CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/s ...)
+ - glibc <not-affected> (Vulnerability introduced as side effect of the CVE-2021-33574 fix)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
+CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Informati ...)
+ - pluxml <unfixed>
+ [buster] - pluxml <ignored> (Minor issue)
+ [stretch] - pluxml <no-dsa> (Minor issue)
+CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content ...)
+ - pluxml <unfixed>
+ [buster] - pluxml <ignored> (Minor issue)
+ [stretch] - pluxml <no-dsa> (Minor issue)
+CVE-2021-38601
+ RESERVED
+CVE-2021-38600
+ RESERVED
+CVE-2021-38599 (WAL-G before 1.1, when a non-libsodium build (e.g., one of the officia ...)
+ NOT-FOR-US: WAL-G
+CVE-2021-38598 (OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows ...)
+ - neutron 2:18.1.0-2
+ [bullseye] - neutron 2:17.2.1-0+deb11u1
+ [buster] - neutron <ignored> (Minor issue, not backported to rocky branch)
+ [stretch] - neutron <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/17/4
+ NOTE: https://launchpad.net/bugs/1938670
+ NOTE: https://review.opendev.org/c/openstack/neutron/+/785917/
+CVE-2021-38597 (wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...)
+ - wolfssl 5.0.0-1 (bug #992174)
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
+ NOTE: https://github.com/wolfSSL/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093
+CVE-2021-38596
+ RESERVED
+CVE-2021-38595
+ RESERVED
+CVE-2021-38594
+ RESERVED
+CVE-2021-38593 (Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::c ...)
+ - qtbase-opensource-src <not-affected> (Vulnerable code introduced later)
+ - qtbase-opensource-src-gles <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml
+ NOTE: https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 (6.1)
+ NOTE: https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd (6.2)
+ NOTE: https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c (dev)
+ NOTE: Introduced by https://github.com/qt/qtbase/commit/6869d2463a2e0d71bd04dbc82f5d6ef4933dc510 (6.0)
+CVE-2021-38592 (Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called fro ...)
+ NOT-FOR-US: Wasm3
+CVE-2021-38591 (An issue was discovered on LG mobile devices with Android OS P and Q s ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-38590 (In cPanel before 96.0.8, weak permissions on web stats can lead to inf ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38589 (In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly re ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38588 (In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the in ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38587 (In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creat ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38586 (In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operatio ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38585 (The WHM Locale Upload feature in cPanel before 98.0.1 allows unseriali ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38584 (The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attac ...)
+ NOT-FOR-US: cPanel
+CVE-2021-38583 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...)
+ NOT-FOR-US: openBaraza HCM
+CVE-2021-38582
+ RESERVED
+CVE-2021-38581
+ RESERVED
+CVE-2021-38580
+ RESERVED
+CVE-2021-38579
+ RESERVED
+CVE-2021-38578
+ RESERVED
+CVE-2021-38577
+ RESERVED
+CVE-2021-38576 (A BIOS bug in firmware for a particular PC model leaves the Platform a ...)
+ - edk2 <undetermined>
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3499 (private)
+CVE-2021-38575 (NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. ...)
+ - edk2 2021.08-1
+ [bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
+ NOTE: https://edk2.groups.io/g/devel/message/76198
+ NOTE: https://github.com/tianocore/edk2/pull/1698
+CVE-2021-38574 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38573 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38572 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38571 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38570 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38569 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38568 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-38567 (An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Read ...)
+ NOT-FOR-US: Foxit
+CVE-2021-38566 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
+ NOT-FOR-US: Foxit
+CVE-2021-38565 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
+ NOT-FOR-US: Foxit
+CVE-2021-38564 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
+ NOT-FOR-US: Foxit
+CVE-2021-38563 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...)
+ NOT-FOR-US: Foxit
+CVE-2021-3703
+ RESERVED
+ NOT-FOR-US: Red Hat Serverless
+CVE-2021-3702
+ RESERVED
+ - ansible-runner <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/0e9aa8a97e7832ef9a1553ef2908632a32d2b8c4
+ NOTE: Introduced in https://github.com/ansible/ansible-runner/commit/93e95a3df9021a38010386d07df121392d249253
+CVE-2021-3701
+ RESERVED
+ - ansible-runner 2.1.1-1
+ NOTE: https://github.com/ansible/ansible-runner/issues/738
+ NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89
+CVE-2021-3700
+ RESERVED
+ - usbredir 0.11.0-1
+ [bullseye] - usbredir <no-dsa> (Minor issue)
+ [buster] - usbredir <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba75120e00ebebbf1d5a1f7220ab (usbredir-0.11.0)
+CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4. ...)
+ - request-tracker5 <unfixed> (bug #995167)
+ - request-tracker4 4.4.4+dfsg-3 (bug #995175)
+ [bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1
+ [buster] - request-tracker4 4.4.3-2+deb10u1
+ [stretch] - request-tracker4 <no-dsa> (Minor issue)
+ NOTE: https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c (rt-5.0.2)
+ NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.4.5)
+ NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.2.17)
+CVE-2021-38561
+ RESERVED
+CVE-2021-38560 (Ivanti Service Manager 2021.1 allows reflected XSS via the appName par ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php ...)
+ - hoteldruid 3.0.3-1
+ [bullseye] - hoteldruid <no-dsa> (Minor issue)
+ [buster] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <no-dsa> (Minor issue)
+CVE-2021-38558
+ RESERVED
+CVE-2021-38557 (raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as ...)
+ NOT-FOR-US: RaspAP
+CVE-2021-38556 (includes/configure_client.php in RaspAP 2.6.6 allows attackers to exec ...)
+ NOT-FOR-US: RaspAP
+CVE-2021-38555 (An XML external entity (XXE) injection vulnerability was discovered in ...)
+ NOT-FOR-US: Apache Any23
+CVE-2021-38554 (HashiCorp Vault and Vault Enterprise&#8217;s UI erroneously cached and ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-38553 (HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized a ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-38552
+ RESERVED
+CVE-2021-38551
+ RESERVED
+CVE-2021-38550
+ RESERVED
+CVE-2021-38549 (MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific ...)
+ NOT-FOR-US: MIRACASE MHUB500 USB splitters
+CVE-2021-38548 (JBL Go 2 devices through 2021-08-09 allow remote attackers to recover ...)
+ NOT-FOR-US: JBL Go 2 devices
+CVE-2021-38547 (Logitech Z120 and S120 speakers through 2021-08-09 allow remote attack ...)
+ NOT-FOR-US: Logitech
+CVE-2021-38546 (CREATIVE Pebble devices through 2021-08-09 allow remote attackers to r ...)
+ NOT-FOR-US: CREATIVE Pebble devices
+CVE-2021-38545 (Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain speci ...)
+ NOT-FOR-US: Raspberry Pi hardware
+CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote att ...)
+ NOT-FOR-US: Sony SRS-XB33 and SRS-XB43 devices
+CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certain spec ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-38542 (Apache James prior to release 3.6.1 is vulnerable to a buffering attac ...)
+ NOT-FOR-US: Apache James
+CVE-2021-38541
+ RESERVED
+CVE-2021-3699
+ RESERVED
+CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When ...)
+ - rust-tar 0.4.37-1 (bug #992173)
+ [bullseye] - rust-tar <no-dsa> (Minor issue)
+ [buster] - rust-tar <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0080.html
+ NOTE: https://github.com/alexcrichton/tar-rs/issues/238
+CVE-2021-38540 (The variable import endpoint was not protected by authentication in Ai ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-38539 (Certain NETGEAR devices are affected by privilege escalation. This aff ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38538 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38537 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38536 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38535 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38534 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38533 (NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38532 (NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect confi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38531 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38530 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38529 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38528 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38527 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38526 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38525 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38524 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38523 (NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based bu ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38522 (NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based bu ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38521 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38520 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38519 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38518 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38517 (Certain NETGEAR devices are affected by out-of-bounds reads and writes ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38516 (Certain NETGEAR devices are affected by lack of access control at the ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38515 (Certain NETGEAR devices are affected by denial of service. This affect ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38514 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38513 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2021-38512 (An issue was discovered in the actix-http crate before 3.0.0-beta.9 fo ...)
+ NOT-FOR-US: Rust crate actix-http
+CVE-2021-38510 (The executable file warning was not presented when downloading .inetlo ...)
+ - firefox <not-affected> (Only affects Mac OSX)
+ - firefox-esr <not-affected> (Only affects Mac OSX)
+ - thunderbird <not-affected> (Only affects Mac OSX)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38510
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510
+CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38509
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509
+CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38508
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508
+CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38507
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507
+CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38506
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38506
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38506
+CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud Clipbo ...)
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38505
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505
+CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38504
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504
+CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...)
+ {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1}
+ - firefox 94.0-1
+ - firefox-esr 91.3.0esr-1
+ - thunderbird 1:91.3.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38503
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503
+CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...)
+ {DSA-5034-1 DLA-2874-1}
+ [experimental] - thunderbird 1:91.2.0-1
+ - thunderbird 1:91.2.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502
+CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...)
+ - firefox 93.0-1
+ - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
+ - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38501
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501
+CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...)
+ {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1}
+ - firefox 93.0-1
+ - firefox-esr 91.2.0esr-1
+ [experimental] - thunderbird 1:91.2.0-1
+ - thunderbird 1:91.2.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38500
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38500
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38500
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38500
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38500
+CVE-2021-38499 (Mozilla developers reported memory safety bugs present in Firefox 92. ...)
+ - firefox 93.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38499
+CVE-2021-38498 (During process shutdown, a document could have caused a use-after-free ...)
+ - firefox 93.0-1
+ - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
+ - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38498
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38498
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38498
+CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text valida ...)
+ - firefox 93.0-1
+ - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
+ - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38497
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497
+CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while ...)
+ {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1}
+ - firefox 93.0-1
+ - firefox-esr 91.2.0esr-1
+ [experimental] - thunderbird 1:91.2.0-1
+ - thunderbird 1:91.2.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38496
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38496
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38496
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38496
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38496
+CVE-2021-38495 (Mozilla developers reported memory safety bugs present in Thunderbird ...)
+ - thunderbird <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/#CVE-2021-38495
+CVE-2021-38494 (Mozilla developers reported memory safety bugs present in Firefox 91. ...)
+ - firefox 92.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494
+CVE-2021-38493 (Mozilla developers reported memory safety bugs present in Firefox 91 a ...)
+ {DSA-4973-1 DSA-4969-1 DLA-2757-1 DLA-2756-1}
+ - firefox 92.0-1
+ - firefox-esr 78.14.0esr-1
+ - thunderbird 1:78.14.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38493
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38493
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38493
+CVE-2021-38492 (When delegating navigations to the operating system, Firefox would acc ...)
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38492
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38492
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38492
+CVE-2021-38491 (Mixed-content checks were unable to analyze opaque origins which led t ...)
+ - firefox 92.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38491
+CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponential ent ...)
+ NOT-FOR-US: Altova MobileTogether Server
+CVE-2021-38489
+ RESERVED
+CVE-2021-38488 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38487
+ RESERVED
+CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38485 (The affected product is vulnerable to improper input validation in the ...)
+ NOT-FOR-US: Emerson
+CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38483
+ RESERVED
+CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 we ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38481 (The scheduler service running on a specific TCP port enables the user ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38480 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38479 (Many API function codes receive raw pointers remotely from the user an ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38478 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38477 (There are multiple API function codes that permit reading and writing ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38476 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 au ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38475 (The database connection to the server is performed by calling a specif ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38474 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38473 (The affected product&#8217;s code base doesn&#8217;t properly control ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38472 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ma ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38471 (There are multiple API function codes that permit data writing to any ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38470 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38469 (Many of the services used by the affected product do not specify full ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38468 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38467 (A specific function code receives a raw pointer supplied by the user a ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38466 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38465 (The webinstaller is a Golang web server executable that enables the ge ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38464 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38463 (The affected product does not properly control the allocation of resou ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38462 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...)
+ NOT-FOR-US: InHand Networks IR615 Router
+CVE-2021-38461 (The affected product uses a hard-coded blowfish key for encryption/dec ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ NOT-FOR-US: Moxa
+CVE-2021-38459 (The data of a network capture of the initial handshake phase can be us ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ NOT-FOR-US: Moxa
+CVE-2021-38457 (The server permits communication without any authentication procedure, ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38456 (A use of hard-coded password vulnerability in the Moxa MXview Network ...)
+ NOT-FOR-US: Moxa
+CVE-2021-38455 (The affected product&#8217;s OS Service does not verify any given para ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ NOT-FOR-US: Moxa
+CVE-2021-38453 (Some API functions allow interaction with the registry, which includes ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Management s ...)
+ NOT-FOR-US: Moxa
+CVE-2021-38451 (The affected product&#8217;s proprietary protocol CSC allows for calli ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38450 (The affected controllers do not properly sanitize the input containing ...)
+ NOT-FOR-US: Trane
+CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...)
+ NOT-FOR-US: AUVESY
+CVE-2021-38448 (The affected controllers do not properly sanitize the input containing ...)
+ NOT-FOR-US: Trane
+CVE-2021-38447
+ RESERVED
+CVE-2021-38446
+ RESERVED
+CVE-2021-38445
+ RESERVED
+CVE-2021-38444
+ RESERVED
+CVE-2021-38443
+ RESERVED
+CVE-2021-38442 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38441
+ RESERVED
+CVE-2021-38440 (FATEK Automation WinProladder versions 3.30 and prior is vulnerable to ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38439
+ RESERVED
+CVE-2021-38438 (A use after free vulnerability in FATEK Automation WinProladder versio ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38437
+ RESERVED
+CVE-2021-38436 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38435
+ RESERVED
+CVE-2021-38434 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38433
+ RESERVED
+CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...)
+ NOT-FOR-US: FATEK Automation Communication Server
+CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...)
+ NOT-FOR-US: Advantech
+CVE-2021-38430 (FATEK Automation WinProladder versions 3.30 and prior proper validatio ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38429
+ RESERVED
+CVE-2021-38428 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38427
+ RESERVED
+CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
+ NOT-FOR-US: FATEK Automation
+CVE-2021-38425
+ RESERVED
+CVE-2021-38424 (The tag interface of Delta Electronics DIALink versions 1.2.4.0 and pr ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38423
+ RESERVED
+CVE-2021-38422 (Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38421 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-38420 (Delta Electronics DIALink versions 1.2.4.0 and prior default permissio ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38419 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-38418 (Delta Electronics DIALink versions 1.2.4.0 and prior runs by default o ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38417
+ RESERVED
+CVE-2021-38416 (Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38415 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-38414
+ RESERVED
+CVE-2021-38413 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...)
+ NOT-FOR-US: Digi PortServer TS
+CVE-2021-38411 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38410
+ RESERVED
+CVE-2021-38409 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAccess Ver ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2021-38407 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
+ NOT-FOR-US: Delta Electronic
+CVE-2021-38405
+ RESERVED
+CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
+ NOT-FOR-US: Delta Electronic
+CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics DIALink
+CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...)
+ NOT-FOR-US: Delta Electronic
+CVE-2021-38401 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-38400 (An attacker with physical access to Boston Scientific Zoom Latitude Mo ...)
+ NOT-FOR-US: Boston Scientific Zoom Latitude Model 3120
+CVE-2021-38399
+ RESERVED
+CVE-2021-38398 (The affected device uses off-the-shelf software components that contai ...)
+ NOT-FOR-US: Boston Scientific
+CVE-2021-38397
+ RESERVED
+CVE-2021-38396 (The programmer installation utility does not perform a cryptographic a ...)
+ NOT-FOR-US: Boston Scientific
+CVE-2021-38395
+ RESERVED
+CVE-2021-38394 (An attacker with physical access to the device can extract the binary ...)
+ NOT-FOR-US: Boston Scientific
+CVE-2021-38393 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-38392 (A skilled attacker with physical access to the affected device can gai ...)
+ NOT-FOR-US: Boston Scientific
+CVE-2021-38391 (A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_H ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-38389 (Advantech WebAccess versions 9.02 and prior are vulnerable to a stack- ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to the intern ...)
+ NOT-FOR-US: Central Dogma
+CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...)
+ NOT-FOR-US: Contiki
+CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows remote ...)
+ NOT-FOR-US: Contiki
+CVE-2021-38385 (Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship ...)
+ {DSA-4961-1}
+ - tor 0.4.5.10-1
+ [stretch] - tor <end-of-life> (See DSA 4644)
+ NOTE: https://blog.torproject.org/node/2062
+ NOTE: https://bugs.torproject.org/tpo/core/tor/40078
+CVE-2021-38384 (Serverless Offline 8.0.0 returns a 403 HTTP status code for a route th ...)
+ NOT-FOR-US: Serverless Offline
+CVE-2021-38383 (OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_ ...)
+ NOT-FOR-US: OwnTone
+CVE-2021-38382 (Live555 through 1.08 does not handle Matroska and Ogg files properly. ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <ignored> (Minor issue)
+ [stretch] - liblivemedia <no-dsa> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021959.html
+ NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06]
+CVE-2021-38381 (Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sendi ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <ignored> (Minor issue)
+ [stretch] - liblivemedia <no-dsa> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021961.html
+ NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09]
+CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 stream, ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <ignored> (Minor issue)
+ [stretch] - liblivemedia <no-dsa> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021954.html
+ NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]
+CVE-2021-38379 (The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permi ...)
+ NOT-FOR-US: CFEngine Enterprise
+CVE-2021-38378 (OX App Suite 7.10.5 allows Information Exposure because a caching mech ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-38377 (OX App Suite through 7.10.5 allows XSS via JavaScript code in an ancho ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-38376 (OX App Suite through 7.10.5 has Incorrect Access Control for retrieval ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-38375 (OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-38374 (OX App Suite through through 7.10.5 allows XSS via a crafted snippet t ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not hon ...)
+ - kmail <unfixed>
+ [bullseye] - kmail <no-dsa> (Minor issue)
+ [buster] - kmail <no-dsa> (Minor issue)
+ NOTE: https://bugs.kde.org/show_bug.cgi?id=423423
+ NOTE: https://nostarttls.secvuln.info
+CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new folders ...)
+ - trojita <itp> (bug #795701)
+CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection ...)
+ - exim4 <unfixed> (bug #992172)
+ [bullseye] - exim4 <no-dsa> (Minor issue)
+ [buster] - exim4 <no-dsa> (Minor issue)
+ [stretch] - exim4 <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://nostarttls.secvuln.info
+ NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt
+CVE-2021-38370 (In Alpine through 2.24, untagged responses from an IMAP server are acc ...)
+ - alpine 2.25+dfsg1-1 (bug #992171)
+ [bullseye] - alpine <no-dsa> (Minor issue)
+ [buster] - alpine <no-dsa> (Minor issue)
+ [stretch] - alpine <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://nostarttls.secvuln.info
+CVE-2021-38369
+ RESERVED
+CVE-2021-38368
+ RESERVED
+CVE-2021-38367
+ RESERVED
+CVE-2021-38366 (Sitecore through 10.1, when Update Center is enabled, allows remote au ...)
+ NOT-FOR-US: Sitecore
+CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remo ...)
+ NOT-FOR-US: Winner (aka ToneWinner) desktop speakers
+CVE-2021-3698 [authenticates with revoked certificates]
+ RESERVED
+ - cockpit 260-1
+ [bullseye] - cockpit <no-dsa> (Minor issue)
+ [buster] - cockpit <not-affected> (Vulnerable code not present, introduced in 208)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149
+ NOTE: Needs sssd 2.6.1
+ NOTE: https://cockpit-project.org/blog/cockpit-260.html
+CVE-2021-3697
+ RESERVED
+CVE-2021-3696
+ RESERVED
+CVE-2021-3695
+ RESERVED
+CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in sysusers ...)
+ - opensysusers 0.6-3 (bug #992058)
+ [bullseye] - opensysusers <no-dsa> (Minor issue; if fixed upstream address via point release)
+CVE-2021-38364
+ RESERVED
+CVE-2021-38363
+ RESERVED
+CVE-2021-38362
+ RESERVED
+CVE-2021-38361 (The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cro ...)
+ NOT-FOR-US: WordPess plugin
+CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38356 (The NextScripts: Social Networks Auto-Poster &lt;= 4.3.20 WordPress pl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to Reflecte ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38353 (The Dropdown and scrollable Text WordPress plugin is vulnerable to Ref ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38352 (The Feedify &#8211; Web Push Notifications WordPress plugin is vulnera ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38351 (The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38350 (The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38349 (The Integration of Moneybird for WooCommerce WordPress plugin is vulne ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected Cross-S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38346 (The Brizy Page Builder plugin &lt;= 2.3.11 for WordPress allowed authe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38345 (The Brizy Page Builder plugin &lt;= 2.3.11 for WordPress used an incor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38344 (The Brizy Page Builder plugin &lt;= 2.3.11 for WordPress was vulnerabl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38343 (The Nested Pages WordPress plugin &lt;= 3.1.15 was vulnerable to an Op ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38342 (The Nested Pages WordPress plugin &lt;= 3.1.15 was vulnerable to Cross ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38341 (The WooCommerce Payment Gateway Per Category WordPress plugin is vulne ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38340 (The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38339 (The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflect ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38338 (The Border Loading Bar WordPress plugin is vulnerable to Reflected Cro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38337 (The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38336 (The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38335 (The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflect ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38334 (The WP Design Maps &amp; Places WordPress plugin is vulnerable to Refl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38333 (The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Sit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38332 (The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vuln ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38331 (The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Sc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38330 (The Yet Another bol.com Plugin WordPress plugin is vulnerable to Refle ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38329 (The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38328 (The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38327 (The YouTube Video Inserter WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38326 (The Post Title Counter WordPress plugin is vulnerable to Reflected Cro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38325 (The User Activation Email WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38324 (The SP Rental Manager WordPress plugin is vulnerable to SQL Injection ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38323 (The RentPress WordPress plugin is vulnerable to Reflected Cross-Site S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38322 (The Twitter Friends Widget WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38321 (The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38320 (The simpleSAMLphp Authentication WordPress plugin is vulnerable to Ref ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38319 (The More From Google WordPress plugin is vulnerable to Reflected Cross ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38318 (The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cros ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38317 (The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38316 (The WP Academic People List WordPress plugin is vulnerable to Reflecte ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38315 (The SP Project &amp; Document Manager WordPress plugin is vulnerable t ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-38314 (The Gutenberg Template Library &amp; Redux Framework plugin &lt;= 4.2. ...)
+ NOT-FOR-US: Gutenberg Template Library
+CVE-2021-38313
+ RESERVED
+CVE-2021-38312 (The Gutenberg Template Library &amp; Redux Framework plugin &lt;= 4.2. ...)
+ NOT-FOR-US: Gutenberg Template Library
+CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops exist in ...)
+ NOT-FOR-US: Contiki
+CVE-2021-38310
+ RESERVED
+CVE-2021-38309
+ RESERVED
+CVE-2021-38308
+ RESERVED
+CVE-2021-38307
+ RESERVED
+CVE-2021-38306 (Network Attached Storage on LG N1T1*** 10124 devices allows an unauthe ...)
+ NOT-FOR-US: LG
+CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...)
+ NOT-FOR-US: 23andMe Yamale
+CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...)
+ NOT-FOR-US: National Instruments NI-PAL driver
+CVE-2021-38303 (A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0 ...)
+ NOT-FOR-US: Sureline SUREedge Migrator
+CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. ...)
+ NOT-FOR-US: Newsletter extension for TYPO3
+CVE-2021-38301
+ RESERVED
+CVE-2021-38300 (arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [stretch] - linux <ignored> (mips not supported in LTS)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/5
+ NOTE: https://lore.kernel.org/bpf/20210915160437.4080-1-piotras@gmail.com/
+CVE-2021-38299 (Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An ...)
+ NOT-FOR-US: FIDO2/Webauthn Support for PHP
+CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XX ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via la ...)
+ - golang-1.17 1.17.2-1
+ - golang-1.16 1.16.9-1
+ - golang-1.15 1.15.15-5
+ [bullseye] - golang-1.15 1.15.15-1~deb11u2
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <not-affected> (Vulnerable code not present)
+ - golang-1.7 <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/golang/go/commit/77f2750f4398990eed972186706f160631d7dae4
+ NOTE: https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A
+ NOTE: https://github.com/golang/go/issues/48797
+CVE-2021-38296
+ RESERVED
+CVE-2021-38295 (In Apache CouchDB, a malicious user with permission to create document ...)
+ - couchdb <removed>
+CVE-2021-3694 (LedgerSMB does not sufficiently HTML-encode error messages sent to the ...)
+ {DSA-4962-1}
+ - ledgersmb 1.6.9+ds-2.1 (bug #992817)
+ NOTE: https://ledgersmb.org/cve-2021-3694-cross-site-scripting
+CVE-2021-3693 (LedgerSMB does not check the origin of HTML fragments merged into the ...)
+ {DSA-4962-1}
+ - ledgersmb 1.6.9+ds-2.1 (bug #992817)
+ NOTE: https://ledgersmb.org/cve-2021-3693-cross-site-scripting
+CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...)
+ - yii <itp> (bug #597899)
+CVE-2021-38294 (A Command Injection vulnerability exists in the getTopologyHistory ser ...)
+ NOT-FOR-US: Apache Storm
+CVE-2021-38293
+ RESERVED
+CVE-2021-38292
+ RESERVED
+CVE-2021-38291 (FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...)
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
+ - ffmpeg 7:4.4.1-1 (unimportant)
+ NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e01d306c647b5827102260b885faa223b646d2d1
+ NOTE: https://trac.ffmpeg.org/ticket/9312
+ NOTE: Negligible security impact
+CVE-2021-38290 (A host header attack vulnerability exists in FUEL CMS 1.5.0 through fu ...)
+ NOT-FOR-US: FUEL CMS
+CVE-2021-38289
+ RESERVED
+CVE-2021-38288
+ RESERVED
+CVE-2021-38287
+ RESERVED
+CVE-2021-38286
+ RESERVED
+CVE-2021-38285
+ RESERVED
+CVE-2021-38284
+ RESERVED
+CVE-2021-38283 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...)
+ NOT-FOR-US: Wipro Holmes Orchestrator
+CVE-2021-38282
+ RESERVED
+CVE-2021-38281
+ RESERVED
+CVE-2021-38280
+ RESERVED
+CVE-2021-38279
+ RESERVED
+CVE-2021-38278
+ RESERVED
+CVE-2021-38277
+ RESERVED
+CVE-2021-38276
+ RESERVED
+CVE-2021-38275
+ RESERVED
+CVE-2021-38274
+ RESERVED
+CVE-2021-38273
+ RESERVED
+CVE-2021-38272
+ RESERVED
+CVE-2021-38271
+ RESERVED
+CVE-2021-38270
+ RESERVED
+CVE-2021-38269
+ RESERVED
+CVE-2021-38268
+ RESERVED
+CVE-2021-38267
+ RESERVED
+CVE-2021-38266
+ RESERVED
+CVE-2021-38265
+ RESERVED
+CVE-2021-38264
+ RESERVED
+CVE-2021-38263
+ RESERVED
+CVE-2021-38262
+ RESERVED
+CVE-2021-38261
+ RESERVED
+CVE-2021-38260 (NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow ...)
+ NOT-FOR-US: NXP MCUXpresso SDK
+CVE-2021-38259
+ RESERVED
+CVE-2021-38258 (NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow ...)
+ NOT-FOR-US: NXP MCUXpresso SDK
+CVE-2021-38257
+ RESERVED
+CVE-2021-38256
+ RESERVED
+CVE-2021-38255
+ RESERVED
+CVE-2021-38254
+ RESERVED
+CVE-2021-38253
+ RESERVED
+CVE-2021-38252
+ RESERVED
+CVE-2021-38251
+ RESERVED
+CVE-2021-38250
+ RESERVED
+CVE-2021-38249
+ RESERVED
+CVE-2021-38248
+ RESERVED
+CVE-2021-38247
+ RESERVED
+CVE-2021-38246
+ RESERVED
+CVE-2021-38245
+ RESERVED
+CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability exits in ...)
+ NOT-FOR-US: cbioportal
+CVE-2021-38243
+ RESERVED
+CVE-2021-38242
+ RESERVED
+CVE-2021-38241
+ RESERVED
+CVE-2021-38240
+ RESERVED
+CVE-2021-38239
+ RESERVED
+CVE-2021-38238
+ RESERVED
+CVE-2021-38237
+ RESERVED
+CVE-2021-38236
+ RESERVED
+CVE-2021-38235
+ RESERVED
+CVE-2021-38234
+ RESERVED
+CVE-2021-38233
+ RESERVED
+CVE-2021-38232
+ RESERVED
+CVE-2021-38231
+ RESERVED
+CVE-2021-38230
+ RESERVED
+CVE-2021-38229
+ RESERVED
+CVE-2021-38228
+ RESERVED
+CVE-2021-38227
+ RESERVED
+CVE-2021-38226
+ RESERVED
+CVE-2021-38225
+ RESERVED
+CVE-2021-38224
+ RESERVED
+CVE-2021-38223
+ RESERVED
+CVE-2021-38222
+ RESERVED
+CVE-2021-38221
+ RESERVED
+CVE-2021-38220
+ RESERVED
+CVE-2021-38219
+ RESERVED
+CVE-2021-38218
+ RESERVED
+CVE-2021-38217
+ RESERVED
+CVE-2021-38216
+ RESERVED
+CVE-2021-38215
+ RESERVED
+CVE-2021-38214
+ RESERVED
+CVE-2021-38213
+ RESERVED
+CVE-2021-38212
+ RESERVED
+CVE-2021-38211
+ RESERVED
+CVE-2021-38210
+ RESERVED
+CVE-2021-3691
+ RESERVED
+CVE-2021-3690 [buffer leak on incoming websocket PONG message may lead to DoS]
+ RESERVED
+ - undertow 2.2.10-1
+ NOTE: https://issues.redhat.com/browse/UNDERTOW-1935
+CVE-2021-38209 (net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.1 ...)
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://git.kernel.org/linus/2671fa4dc0109d3fb581bc3078fdf17b5d9080f6
+CVE-2021-38208 (net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local un ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba
+CVE-2021-38207 (drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before ...)
+ - linux 5.10.46-1
+ [buster] - linux <ignored> (Not applicable to any release architecture)
+ [stretch] - linux <ignored> (Not applicable to any release architecture)
+ NOTE: https://git.kernel.org/linus/c364df2489b8ef2f5e3159b1dff1ff1fdb16040d
+CVE-2021-38206 (The mac80211 subsystem in the Linux kernel before 5.12.13, when a devi ...)
+ - linux 5.10.46-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48
+CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel befo ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37
+CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allow ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1 (unimportant)
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/b5fdf5c6e6bee35837e160c00ac89327bdad031b
+CVE-2021-38203 (btrfs in the Linux kernel before 5.13.4 allows attackers to cause a de ...)
+ - linux 5.14.6-1
+ [bullseye] - linux <not-affected> (Vulnerability introduced later)
+ [buster] - linux <not-affected> (Vulnerability introduced later)
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://git.kernel.org/linus/1cb3db1cf383a3c7dbda1aa0ce748b0958759947
+CVE-2021-38202 (fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote a ...)
+ - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/7b08cf62b1239a4322427d677ea9363f0ab677c6
+CVE-2021-38201 (net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attac ...)
+ - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c
+CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on ...)
+ - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc
+CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c
+CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/b1bd5cba3306691c771d558e94baa73e8b0b96b7
+CVE-2021-38197 (unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Director ...)
+ NOT-FOR-US: Go unarr
+CVE-2021-38196 (An issue was discovered in the better-macro crate through 2021-07-22 f ...)
+ NOT-FOR-US: Rust crate better macto
+CVE-2021-38195 (An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rus ...)
+ NOT-FOR-US: Rust crate libsecp256k1
+CVE-2021-38194 (An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rus ...)
+ NOT-FOR-US: Rust crate ark-r1cs-std
+CVE-2021-38192 (An issue was discovered in the prost-types crate before 0.8.0 for Rust ...)
+ NOT-FOR-US: Rust crate prost-types
+CVE-2021-38190 (An issue was discovered in the nalgebra crate before 0.27.1 for Rust. ...)
+ NOT-FOR-US: Rust crate nalgebra
+CVE-2021-38189 (An issue was discovered in the lettre crate before 0.9.6 for Rust. In ...)
+ NOT-FOR-US: Rust crate lettre
+CVE-2021-38188 (An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. ...)
+ NOT-FOR-US: Rust crate iced-x86
+CVE-2021-38187 (An issue was discovered in the anymap crate through 0.12.1 for Rust. I ...)
+ - rust-anymap <unfixed> (bug #992046)
+ [bullseye] - rust-anymap <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0065.html
+CVE-2021-38186 (An issue was discovered in the comrak crate before 0.10.1 for Rust. It ...)
+ NOT-FOR-US: Rust crate comrak
+CVE-2021-38185 (GNU cpio through 2.13 allows attackers to execute arbitrary code via a ...)
+ - cpio 2.13+dfsg-5 (bug #992045)
+ [bullseye] - cpio <no-dsa> (Minor issue)
+ [buster] - cpio <no-dsa> (Minor issue)
+ [stretch] - cpio <no-dsa> (Minor issue)
+ NOTE: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b
+ NOTE: https://github.com/fangqyi/cpiopwn
+ NOTE: https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html
+ NOTE: https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00002.html
+ NOTE: Regression: https://bugs.debian.org/992098
+ NOTE: Regression fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8
+ NOTE: Regression #2: https://bugs.debian.org/992192
+ NOTE: Regression #2 fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1
+CVE-2021-38184
+ RESERVED
+CVE-2021-38183 (SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently enc ...)
+ NOT-FOR-US: SAP
+CVE-2021-38182 (Due to insufficient input validation of Kyma, authenticated users can ...)
+ NOT-FOR-US: Kyma
+CVE-2021-38181 (SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, ...)
+ NOT-FOR-US: SAP
+CVE-2021-38180 (SAP Business One - version 10.0, allows an attacker to inject formulas ...)
+ NOT-FOR-US: SAP
+CVE-2021-38179 (Debug function of Admin UI of SAP Business One Integration is enabled ...)
+ NOT-FOR-US: SAP
+CVE-2021-38178 (The software logistics system of SAP NetWeaver AS ABAP and ABAP Platfo ...)
+ NOT-FOR-US: SAP
+CVE-2021-38177 (SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null poin ...)
+ NOT-FOR-US: SAP
+CVE-2021-38176 (Due to improper input sanitization, an authenticated user with certain ...)
+ NOT-FOR-US: SAP
+CVE-2021-38175 (SAP Analysis for Microsoft Office - version 2.8, allows an attacker wi ...)
+ NOT-FOR-US: SAP
+CVE-2021-38174 (When a user opens manipulated files received from untrusted sources in ...)
+ NOT-FOR-US: SAP
+CVE-2021-3689 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...)
+ - yii <itp> (bug #597899)
+CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mishandlin ...)
+ {DLA-2755-1}
+ - btrbk 0.27.1-2
+ [bullseye] - btrbk 0.27.1-1.1+deb11u1
+ [buster] - btrbk 0.27.1-1+deb10u1
+ NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2)
+ NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1)
+CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially ...)
+ NOT-FOR-US: perM
+CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...)
+ {DSA-4998-1 DSA-4990-1 DLA-2818-1}
+ - ffmpeg 7:4.4.1-1
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6
+CVE-2021-38170
+ RESERVED
+CVE-2021-38169 (Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and ...)
+ NOT-FOR-US: Roxy-WI
+CVE-2021-38168 (Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_ ...)
+ NOT-FOR-US: Roxy-WI
+CVE-2021-38167 (Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unaut ...)
+ NOT-FOR-US: Roxy-WI
+CVE-2021-38164 (SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - ...)
+ NOT-FOR-US: SAP
+CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22 ...)
+ NOT-FOR-US: SAP
+CVE-2021-38161 (Improper Authentication vulnerability in TLS origin verification of Ap ...)
+ - trafficserver 9.1.0+ds-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: Mark first 9.x version as the fixed version as workaround, the issue does
+ NOTE: not affect the 9.x series.
+ NOTE: https://github.com/apache/trafficserver/commit/feefc5e4abc5011dfad5dcfef3f22998faf6e2d4 (8.1.x)
+ NOTE: but reverted pot 8.1.3 in https://github.com/apache/trafficserver/commit/bbbf80d75105313b51153c7fde0bf0edc8cf7783
+CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is a ...)
+ {DSA-4978-1}
+ - linux 5.14.6-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+CVE-2021-38159 (In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0 ...)
+ NOT-FOR-US: Progress MOVEit Transfer
+CVE-2021-38158
+ RESERVED
+CVE-2021-38157 (** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before ...)
+ NOT-FOR-US: LeoStream Connection Broker
+CVE-2021-38156 (In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboar ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...)
+ - keystone 2:19.0.0-3 (bug #992070)
+ [bullseye] - keystone 2:18.0.0-3+deb11u1
+ [buster] - keystone <no-dsa> (Minor issue)
+ [stretch] - keystone <end-of-life> (Keystone not supported in stretch)
+ NOTE: https://launchpad.net/bugs/1688137
+CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, whic ...)
+ {DSA-4953-1 DLA-2736-1}
+ [experimental] - lynx 2.9.0dev.9-1
+ - lynx 2.9.0dev.6-3 (bug #991971)
+ [bullseye] - lynx 2.9.0dev.6-3~deb11u1
+ NOTE: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
+ NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9
+ NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
+CVE-2021-38160 (** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel be ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46
+CVE-2021-38154 (Certain Canon devices manufactured in 2012 through 2020 (such as image ...)
+ NOT-FOR-US: Canon
+CVE-2021-38153 (Some components in Apache Kafka use `Arrays.equals` to validate a pass ...)
+ - kafka <itp> (bug #786460)
+CVE-2021-38152 (index.php/appointment/insert_patient_add_appointment in Chikitsa Patie ...)
+ NOT-FOR-US: Chikitsa Patient Management System
+CVE-2021-38151 (index.php/appointment/todos in Chikitsa Patient Management System 2.0. ...)
+ NOT-FOR-US: Chikitsa Patient Management System
+CVE-2021-38150 (When an attacker manages to get access to the local memory, or the mem ...)
+ NOT-FOR-US: SAP
+CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 a ...)
+ NOT-FOR-US: Chikitsa Patient Management System
+CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...)
+ NOT-FOR-US: Obsidian
+CVE-2021-38147 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...)
+ NOT-FOR-US: Wipro Holmes Orchestrator
+CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...)
+ NOT-FOR-US: Wipro Holmes Orchestrator
+CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...)
+ NOT-FOR-US: Form Tools
+CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-privileged ...)
+ NOT-FOR-US: Form Tools
+CVE-2021-38143 (An issue was discovered in Form Tools through 3.0.20. When an administ ...)
+ NOT-FOR-US: Form Tools
+CVE-2021-38142 (Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and ...)
+ NOT-FOR-US: Barco MirrorOp Windows Sender
+CVE-2021-38141
+ RESERVED
+CVE-2021-38140 (The set_user extension module before 2.0.1 for PostgreSQL allows a pot ...)
+ NOT-FOR-US: set_user extension for Postgres
+CVE-2021-38139
+ RESERVED
+CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vend ...)
+ NOT-FOR-US: OneNav
+CVE-2021-38137 (Corero SecureWatch Managed Services 9.7.2.0020 does not correctly chec ...)
+ NOT-FOR-US: Corero SecureWatch Managed Services
+CVE-2021-38136 (Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path T ...)
+ NOT-FOR-US: Corero SecureWatch Managed Services
+CVE-2021-3688
+ RESERVED
+ NOT-FOR-US: Red Hat JBoss Core Services HTTP Server
+CVE-2021-38135
+ RESERVED
+CVE-2021-38134
+ RESERVED
+CVE-2021-38133
+ RESERVED
+CVE-2021-38132
+ RESERVED
+CVE-2021-38131
+ RESERVED
+CVE-2021-38130 (A potential Information leakage vulnerability has been identified in v ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38128
+ RESERVED
+CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38126 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38125
+ RESERVED
+CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38123 (Open Redirect vulnerability in Micro Focus Network Automation, affecti ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-38122
+ RESERVED
+CVE-2021-38121
+ RESERVED
+CVE-2021-38120
+ RESERVED
+CVE-2021-38119
+ RESERVED
+CVE-2021-38118
+ RESERVED
+CVE-2021-38117
+ RESERVED
+CVE-2021-38116
+ RESERVED
+CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...)
+ - libgd2 <unfixed> (bug #991912)
+ [bullseye] - libgd2 <no-dsa> (Minor issue)
+ [buster] - libgd2 <no-dsa> (Minor issue)
+ [stretch] - libgd2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/libgd/libgd/issues/697
+ NOTE: https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032
+CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...)
+ {DSA-4998-1 DSA-4990-1 DLA-2742-1}
+ - ffmpeg 7:4.4.1-1
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1
+CVE-2021-3687
+ RESERVED
+CVE-2021-3686
+ RESERVED
+CVE-2021-3685
+ RESERVED
+CVE-2021-3684
+ RESERVED
+CVE-2021-3683 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...)
+ NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif)
+CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, a ...)
+ NOT-FOR-US: Amazon AWS client for Windows
+CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...)
+ NOT-FOR-US: DEF CON 27 badge
+CVE-2021-38110 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...)
+ NOT-FOR-US: Corel WordPerfect
+CVE-2021-38109 (Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Rea ...)
+ NOT-FOR-US: Corel DrawStandard
+CVE-2021-38108 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...)
+ NOT-FOR-US: Corel WordPerfect
+CVE-2021-38107 (CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Ou ...)
+ NOT-FOR-US: Corel DrawStandard
+CVE-2021-38106 (UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+ NOT-FOR-US: Corel Presentations
+CVE-2021-38105 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+ NOT-FOR-US: Corel Presentations
+CVE-2021-38104 (IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+ NOT-FOR-US: Corel Presentations
+CVE-2021-38103 (IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+ NOT-FOR-US: Corel Presentations
+CVE-2021-38102 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...)
+ NOT-FOR-US: Corel Presentations
+CVE-2021-38101 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...)
+ NOT-FOR-US: Corel PhotoPaint Standard
+CVE-2021-38100 (Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bou ...)
+ NOT-FOR-US: Corel PhotoPaint Standard
+CVE-2021-38099 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...)
+ NOT-FOR-US: Corel PhotoPaint Standard
+CVE-2021-38098 (Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerabilit ...)
+ NOT-FOR-US: Corel PDF Fusion
+CVE-2021-38097 (Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnera ...)
+ NOT-FOR-US: Corel PDF Fusion
+CVE-2021-38096 (Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds ...)
+ NOT-FOR-US: Corel PDF Fusion
+CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...)
+ NOT-FOR-US: Planview Spigit
+CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in libavfilter ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+ NOTE: https://trac.ffmpeg.org/ticket/8263
+ NOTE: Negligible security impact
+CVE-2021-38093 (Integer Overflow vulnerability in function filter_robert in libavfilte ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+ NOTE: https://trac.ffmpeg.org/ticket/8263
+ NOTE: Negligible security impact
+CVE-2021-38092 (Integer Overflow vulnerability in function filter_prewitt in libavfilt ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+ NOTE: https://trac.ffmpeg.org/ticket/8263
+CVE-2021-38091 (Integer Overflow vulnerability in function filter16_sobel in libavfilt ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+ NOTE: https://trac.ffmpeg.org/ticket/8263
+CVE-2021-38090 (Integer Overflow vulnerability in function filter16_roberts in libavfi ...)
+ - ffmpeg 7:4.3-2 (unimportant)
+ [stretch] - ffmpeg <not-affected> (vulnerable code is not present)
+ NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23
+ NOTE: https://trac.ffmpeg.org/ticket/8263
+CVE-2021-38089
+ REJECTED
+CVE-2021-3682 (A flaw was found in the USB redirector device emulation of QEMU in ver ...)
+ {DSA-4980-1 DLA-2753-1}
+ - qemu 1:6.0+dfsg-3 (bug #991911)
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/491
+ NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/b2d1fe67d09d2b6c7da647fbcea6ca0148c206d3 (v1.4.0-rc0)
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/5e796671e6b8d5de4b0b423dce1b3eba144a92c9 (v6.1.0-rc2)
+CVE-2021-38088 (Acronis Cyber Protect 15 for Windows prior to build 27009 allowed loca ...)
+ NOT-FOR-US: Acronis Cyber Protect
+CVE-2021-38087 (Reflected cross-site scripting (XSS) was possible on the login page in ...)
+ NOT-FOR-US: Acronis Cyber Protect
+CVE-2021-38086 (Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis ...)
+ NOT-FOR-US: Acronis Cyber Protect
+CVE-2021-38085 (The Canon TR150 print driver through 3.71.2.10 is vulnerable to a priv ...)
+ NOT-FOR-US: Canon
+CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail Server b ...)
+ - courier <unfixed> (bug #989375)
+ [bullseye] - courier <no-dsa> (Minor issue)
+ [buster] - courier <no-dsa> (Minor issue)
+ [stretch] - courier <postponed> (Minor issue, include in next update)
+ NOTE: https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583
+ NOTE: https://sourceforge.net/p/courier/mailman/message/37329216/
+ NOTE: https://sourceforge.net/p/courier/courier-libs.git/ci/97ed62b17a2616c758d09105b5a14dd1038cff6f/ (1.1.5)
+CVE-2021-38083
+ RESERVED
+CVE-2021-38082
+ RESERVED
+CVE-2021-38081
+ RESERVED
+CVE-2021-38080
+ RESERVED
+CVE-2021-38079
+ RESERVED
+CVE-2021-38078
+ RESERVED
+CVE-2021-38077
+ RESERVED
+CVE-2021-38076
+ RESERVED
+CVE-2021-38075
+ RESERVED
+CVE-2021-38074
+ RESERVED
+CVE-2021-38073
+ RESERVED
+CVE-2021-38072
+ RESERVED
+CVE-2021-38071
+ RESERVED
+CVE-2021-38070
+ RESERVED
+CVE-2021-38069
+ RESERVED
+CVE-2021-38068
+ RESERVED
+CVE-2021-38067
+ RESERVED
+CVE-2021-38066
+ RESERVED
+CVE-2021-38065
+ RESERVED
+CVE-2021-38064
+ RESERVED
+CVE-2021-38063
+ RESERVED
+CVE-2021-38062
+ RESERVED
+CVE-2021-38061
+ RESERVED
+CVE-2021-38060
+ RESERVED
+CVE-2021-38059
+ RESERVED
+CVE-2021-38058
+ RESERVED
+CVE-2021-38057
+ RESERVED
+CVE-2021-38056
+ RESERVED
+CVE-2021-38055
+ RESERVED
+CVE-2021-38054
+ RESERVED
+CVE-2021-38053
+ RESERVED
+CVE-2021-38052
+ RESERVED
+CVE-2021-38051
+ RESERVED
+CVE-2021-38050
+ RESERVED
+CVE-2021-38049
+ RESERVED
+CVE-2021-38048
+ RESERVED
+CVE-2021-38047
+ RESERVED
+CVE-2021-38046
+ RESERVED
+CVE-2021-38045
+ RESERVED
+CVE-2021-38044
+ RESERVED
+CVE-2021-38043
+ RESERVED
+CVE-2021-38042
+ RESERVED
+CVE-2021-38041
+ RESERVED
+CVE-2021-38040
+ RESERVED
+CVE-2021-38039
+ RESERVED
+CVE-2021-38038
+ RESERVED
+CVE-2021-38037
+ RESERVED
+CVE-2021-38036
+ RESERVED
+CVE-2021-38035
+ RESERVED
+CVE-2021-38034
+ RESERVED
+CVE-2021-38033
+ RESERVED
+CVE-2021-38032
+ RESERVED
+CVE-2021-38031
+ RESERVED
+CVE-2021-38030
+ RESERVED
+CVE-2021-38029
+ RESERVED
+CVE-2021-38028
+ RESERVED
+CVE-2021-38027
+ RESERVED
+CVE-2021-38026
+ RESERVED
+CVE-2021-38025
+ RESERVED
+CVE-2021-38024
+ RESERVED
+CVE-2021-38023
+ RESERVED
+CVE-2021-38022 (Inappropriate implementation in WebAuthentication in Google Chrome pri ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38021 (Inappropriate implementation in referrer in Google Chrome prior to 96. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38020 (Insufficient policy enforcement in contacts picker in Google Chrome on ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38019 (Insufficient policy enforcement in CORS in Google Chrome prior to 96.0 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38018 (Inappropriate implementation in navigation in Google Chrome prior to 9 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38017 (Insufficient policy enforcement in iframe sandbox in Google Chrome pri ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38016 (Insufficient policy enforcement in background fetch in Google Chrome p ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38015 (Inappropriate implementation in input in Google Chrome prior to 96.0.4 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38014 (Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38013 (Heap buffer overflow in fingerprint recognition in Google Chrome on Ch ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38012 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38011 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38010 (Inappropriate implementation in service workers in Google Chrome prior ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38009 (Inappropriate implementation in cache in Google Chrome prior to 96.0.4 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38008 (Use after free in media in Google Chrome prior to 96.0.4664.45 allowed ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38007 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38006 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38005 (Use after free in loader in Google Chrome prior to 96.0.4664.45 allowe ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38002 (Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38001 (Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-38000 (Insufficient validation of untrusted input in Intents in Google Chrome ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37999 (Insufficient data validation in New Tab Page in Google Chrome prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37998 (Use after free in Garbage Collection in Google Chrome prior to 95.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37997 (Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allow ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37996 (Insufficient validation of untrusted input Downloads in Google Chrome ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37995 (Inappropriate implementation in WebApp Installer in Google Chrome prio ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37994 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37993 (Use after free in PDF Accessibility in Google Chrome prior to 95.0.463 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37992 (Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37991 (Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote att ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37990 (Inappropriate implementation in WebView in Google Chrome on Android pr ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37989 (Inappropriate implementation in Blink in Google Chrome prior to 95.0.4 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37988 (Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37987 (Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37986 (Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.5 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37985 (Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37984 (Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37983 (Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 all ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37982 (Use after free in Incognito in Google Chrome prior to 95.0.4638.54 all ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37981 (Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 al ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37980 (Inappropriate implementation in Sandbox in Google Chrome prior to 94.0 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37979 (heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37978 (Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37977 (Use after free in Garbage Collection in Google Chrome prior to 94.0.46 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37976 (Inappropriate implementation in Memory in Google Chrome prior to 94.0. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37975 (Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37974 (Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37973 (Use after free in Portals in Google Chrome prior to 94.0.4606.61 allow ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37972 (Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.460 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37971 (Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37970 (Use after free in File System API in Google Chrome prior to 94.0.4606. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37969 (Inappropriate implementation in Google Updater in Google Chrome on Win ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37968 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37967 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37966 (Inappropriate implementation in Compositing in Google Chrome on Androi ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37965 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37964 (Inappropriate implementation in ChromeOS Networking in Google Chrome o ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37963 (Side-channel information leakage in DevTools in Google Chrome prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37962 (Use after free in Performance Manager in Google Chrome prior to 94.0.4 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37961 (Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 all ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37960
+ REJECTED
+CVE-2021-37959 (Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37958 (Inappropriate implementation in Navigation in Google Chrome on Windows ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37957 (Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowe ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37956 (Use after free in Offline use in Google Chrome on Android prior to 94. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-37955
+ RESERVED
+CVE-2021-37954
+ RESERVED
+CVE-2021-37953
+ RESERVED
+CVE-2021-37952
+ RESERVED
+CVE-2021-37951
+ RESERVED
+CVE-2021-37950
+ RESERVED
+CVE-2021-37949
+ RESERVED
+CVE-2021-37948
+ RESERVED
+CVE-2021-37947
+ RESERVED
+CVE-2021-37946
+ RESERVED
+CVE-2021-37945
+ RESERVED
+CVE-2021-37944
+ RESERVED
+CVE-2021-37943
+ RESERVED
+CVE-2021-37942
+ RESERVED
+CVE-2021-37941 (A local privilege escalation issue was found with the APM Java agent, ...)
+ NOT-FOR-US: Elastic APM Java agent
+CVE-2021-37940 (An information disclosure via GET request server-side request forgery ...)
+ NOT-FOR-US: Workplace Search GHES integration
+CVE-2021-37939 (It was discovered that Kibana&#8217;s JIRA connector &amp; IBM Resilie ...)
+ NOT-FOR-US: IBM
+CVE-2021-37938 (It was discovered that on Windows operating systems specifically, Kiba ...)
+ - kibana <itp> (bug #700337)
+CVE-2021-37937
+ RESERVED
+CVE-2021-37936
+ RESERVED
+CVE-2021-37935 (An information disclosure vulnerability in the login page of Huntflow ...)
+ NOT-FOR-US: Huntflow Enterprise
+CVE-2021-37934 (Due to insufficient server-side login-attempt limit enforcement, a vul ...)
+ NOT-FOR-US: Huntflow Enterprise
+CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...)
+ NOT-FOR-US: Huntflow Enterprise
+CVE-2021-37932
+ RESERVED
+CVE-2021-3681
+ RESERVED
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1989407
+ TODO: check, needs verifying the affected ansible/ansible-base components
+CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a
+CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-37931 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37930 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37929 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37928 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37927 (Zoho ManageEngine ADManager Plus version 7110 and prior allows account ...)
+ NOT-FOR-US: Zoho ManageEngine ADManager Plus
+CVE-2021-37926 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37925 (Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Aut ...)
+ NOT-FOR-US: Zoho ManageEngine ADManager Plus
+CVE-2021-37924 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37923 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37922 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37921 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37920 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37919 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37918 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37917
+ RESERVED
+CVE-2021-37916 (Joplin before 2.0.9 allows XSS via button and form in the note body. ...)
+ NOT-FOR-US: Joplin
+CVE-2021-37915 (An issue was discovered on the Grandstream HT801 Analog Telephone Adap ...)
+ NOT-FOR-US: Grandstream
+CVE-2021-37914 (In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled an ...)
+ NOT-FOR-US: Argo Workflows
+CVE-2021-37913 (The HGiga OAKlouds mobile portal does not filter special characters of ...)
+ NOT-FOR-US: HGiga OAKlouds mobile portal
+CVE-2021-37912 (The HGiga OAKlouds mobile portal does not filter special characters of ...)
+ NOT-FOR-US: HGiga OAKlouds mobile portal
+CVE-2021-37911 (The management interface of BenQ smart wireless conference projector d ...)
+ NOT-FOR-US: BenQ smart wireless conference projector
+CVE-2021-37910 (ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has i ...)
+ NOT-FOR-US: ASUS routers
+CVE-2021-37909 (WriteRegistry function in TSSServiSign component does not filter and v ...)
+ NOT-FOR-US: TSSServiSignAdapter Windows
+CVE-2021-37908
+ RESERVED
+CVE-2021-37907
+ RESERVED
+CVE-2021-37906
+ RESERVED
+CVE-2021-37905
+ RESERVED
+CVE-2021-37904
+ RESERVED
+CVE-2021-37903
+ RESERVED
+CVE-2021-37902
+ RESERVED
+CVE-2021-37901
+ RESERVED
+CVE-2021-37900
+ RESERVED
+CVE-2021-37899
+ RESERVED
+CVE-2021-37898
+ RESERVED
+CVE-2021-37897
+ RESERVED
+CVE-2021-37896
+ RESERVED
+CVE-2021-37895
+ RESERVED
+CVE-2021-37894
+ RESERVED
+CVE-2021-37893
+ RESERVED
+CVE-2021-37892
+ RESERVED
+CVE-2021-37891
+ RESERVED
+CVE-2021-37890
+ RESERVED
+CVE-2021-37889
+ RESERVED
+CVE-2021-37888
+ RESERVED
+CVE-2021-37887
+ RESERVED
+CVE-2021-37886
+ RESERVED
+CVE-2021-37885
+ RESERVED
+CVE-2021-37884
+ RESERVED
+CVE-2021-37883
+ RESERVED
+CVE-2021-37882
+ RESERVED
+CVE-2021-37881
+ RESERVED
+CVE-2021-37880
+ RESERVED
+CVE-2021-37879
+ RESERVED
+CVE-2021-37878
+ RESERVED
+CVE-2021-37877
+ RESERVED
+CVE-2021-37876
+ RESERVED
+CVE-2021-37875
+ RESERVED
+CVE-2021-37874
+ RESERVED
+CVE-2021-37873
+ RESERVED
+CVE-2021-37872
+ RESERVED
+CVE-2021-37871
+ RESERVED
+CVE-2021-37870
+ RESERVED
+CVE-2021-37869
+ RESERVED
+CVE-2021-37868
+ RESERVED
+CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...)
+ NOT-FOR-US: Mattermost Boards plugin
+CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...)
+ NOT-FOR-US: Mattermost Boards plugin
+CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...)
+ - mattermost-server <itp> (bug #823556)
+ NOTE: https://cve.report/CVE-2021-37865 (MMSA-2021-0081)
+CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...)
+ - mattermost-server <itp> (bug #823556)
+ NOTE: https://cve.report/CVE-2021-37864 (MMSA-2021-0076)
+CVE-2021-37863 (Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...)
+ - mattermost-server <itp> (bug #823556)
+ NOTE: https://cve.report/CVE-2021-37863 (MMSA-2021-0075)
+CVE-2021-37862 (Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...)
+ - mattermost-server <itp> (bug #823556)
+ NOTE: https://cve.report/CVE-2021-37862 (MMSA-2021-0074)
+CVE-2021-37861 (Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's pas ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...)
+ - mattermost-server <itp> (bug #823556)
+CVE-2021-37858
+ REJECTED
+CVE-2021-37857
+ REJECTED
+CVE-2021-37856
+ REJECTED
+CVE-2021-37855
+ REJECTED
+CVE-2021-37854
+ REJECTED
+CVE-2021-37853
+ REJECTED
+CVE-2021-37852 (ESET products for Windows allows untrusted process to impersonate the ...)
+ NOT-FOR-US: ESET
+CVE-2021-37851
+ RESERVED
+CVE-2021-37850 (ESET was made aware of a vulnerability in its consumer and business pr ...)
+ NOT-FOR-US: ESET
+CVE-2021-37849
+ RESERVED
+CVE-2021-37848 (common/password.c in Pengutronix barebox through 2021.07.0 leaks timin ...)
+ NOT-FOR-US: Pengutronix Barebox
+CVE-2021-37847 (crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing ...)
+ NOT-FOR-US: Pengutronix Barebox
+CVE-2021-37846
+ RESERVED
+CVE-2021-37845
+ RESERVED
+ - citadel <removed>
+ [buster] - citadel <ignored> (Minor issue)
+ [stretch] - citadel <postponed> (Minor issue, revisit when fixed upstream)
+ NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259
+ NOTE: https://nostarttls.secvuln.info/
+ NOTE: CVE-2020-29547 and CVE-2021-37845 seem like dupes
+CVE-2021-37844
+ RESERVED
+CVE-2021-3677 [Memory disclosure in certain queries]
+ RESERVED
+ - postgresql-13 13.4-1
+ [bullseye] - postgresql-13 13.4-0+deb11u1
+ - postgresql-11 <removed>
+ [buster] - postgresql-11 11.13-0+deb10u1
+ NOTE: https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/
+CVE-2021-3676
+ RESERVED
+CVE-2021-3675
+ RESERVED
+CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remote att ...)
+ NOT-FOR-US: resolution SAML SSO apps for Atlassian products
+CVE-2021-37842 (metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensiti ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-37841 (Docker Desktop before 3.6.0 suffers from incorrect access control. If ...)
+ NOT-FOR-US: Docker Desktop on Windows
+CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) in ...)
+ NOT-FOR-US: aaPanel
+CVE-2021-37839
+ RESERVED
+CVE-2021-3674
+ RESERVED
+CVE-2021-3673 (A vulnerability was found in Radare2 in version 5.3.1. Improper input ...)
+ - radare2 5.5.0+dfsg-1
+ NOTE: https://github.com/radareorg/radare2/issues/18923
+ NOTE: https://github.com/radareorg/radare2/commit/d7ea20fb2e1433ebece9f004d87ad8f2377af23d
+CVE-2021-37838
+ RESERVED
+CVE-2021-37837
+ RESERVED
+CVE-2021-37836
+ RESERVED
+CVE-2021-37835
+ RESERVED
+CVE-2021-37834
+ RESERVED
+CVE-2021-37833 (A reflected cross-site scripting (XSS) vulnerability exists in multipl ...)
+ - hoteldruid 3.0.3-1 (bug #991910)
+ [bullseye] - hoteldruid <no-dsa> (Minor issue)
+ [buster] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <no-dsa> (Minor issue)
+ NOTE: https://github.com/dievus/CVE-2021-37833
+CVE-2021-37832 (A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid w ...)
+ - hoteldruid 3.0.3-1 (bug #991910)
+ [bullseye] - hoteldruid <no-dsa> (Minor issue)
+ [buster] - hoteldruid <no-dsa> (Minor issue)
+ [stretch] - hoteldruid <no-dsa> (Minor issue)
+ NOTE: https://github.com/dievus/CVE-2021-37832
+CVE-2021-37831
+ RESERVED
+CVE-2021-37830
+ RESERVED
+CVE-2021-37829
+ RESERVED
+CVE-2021-37828
+ RESERVED
+CVE-2021-37827
+ RESERVED
+CVE-2021-37826
+ RESERVED
+CVE-2021-37825
+ RESERVED
+CVE-2021-37824
+ RESERVED
+CVE-2021-37823
+ RESERVED
+CVE-2021-37822
+ RESERVED
+CVE-2021-37821
+ RESERVED
+CVE-2021-37820
+ RESERVED
+CVE-2021-37819
+ RESERVED
+CVE-2021-37818
+ RESERVED
+CVE-2021-37817
+ RESERVED
+CVE-2021-37816
+ RESERVED
+CVE-2021-37815
+ RESERVED
+CVE-2021-37814
+ RESERVED
+CVE-2021-37813
+ RESERVED
+CVE-2021-37812
+ RESERVED
+CVE-2021-37811
+ RESERVED
+CVE-2021-37810
+ RESERVED
+CVE-2021-37809
+ RESERVED
+CVE-2021-37808 (SQL Injection vulnerabilities exist in https://phpgurukul.com News Por ...)
+ NOT-FOR-US: PHPGurukul
+CVE-2021-37807 (An SQL Injection vulneraility exists in https://phpgurukul.com Online ...)
+ NOT-FOR-US: PHPGurukul
+CVE-2021-37806 (An SQL Injection vulnerability exists in https://phpgurukul.com Vehicl ...)
+ NOT-FOR-US: PHPGurukul
+CVE-2021-37805 (A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodes ...)
+ NOT-FOR-US: Sourcecodeste Vehicle Parking Management System
+CVE-2021-37804
+ RESERVED
+CVE-2021-37803 (An SQL Injection vulnerability exists in Sourcecodester Online Covid V ...)
+ NOT-FOR-US: Sourcecodester Online Covid Vaccination Scheduler System
+CVE-2021-37802
+ RESERVED
+CVE-2021-37801
+ RESERVED
+CVE-2021-37800
+ RESERVED
+CVE-2021-37799
+ RESERVED
+CVE-2021-37798
+ RESERVED
+CVE-2021-37797
+ RESERVED
+CVE-2021-37796
+ RESERVED
+CVE-2021-37795
+ RESERVED
+CVE-2021-37794 (A stored cross-site scripting (XSS) vulnerability exists in FileBrowse ...)
+ NOT-FOR-US: FileBrowser
+CVE-2021-37793
+ RESERVED
+CVE-2021-37792
+ RESERVED
+CVE-2021-37791
+ RESERVED
+CVE-2021-37790
+ RESERVED
+CVE-2021-37789
+ RESERVED
+CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could all ...)
+ NOT-FOR-US: Gurock TestRail
+CVE-2021-37787
+ RESERVED
+CVE-2021-37786 (Certain Federal Office of Information Technology Systems and Telecommu ...)
+ NOT-FOR-US: Covid certificate app in Switzerland.
+CVE-2021-37785
+ RESERVED
+CVE-2021-37784
+ RESERVED
+CVE-2021-37783
+ RESERVED
+CVE-2021-37782
+ RESERVED
+CVE-2021-37781
+ RESERVED
+CVE-2021-37780
+ RESERVED
+CVE-2021-37779
+ RESERVED
+CVE-2021-37778
+ RESERVED
+CVE-2021-37777 (Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR ...)
+ NOT-FOR-US: Gila CMS
+CVE-2021-37776
+ RESERVED
+CVE-2021-37775
+ RESERVED
+CVE-2021-37774
+ RESERVED
+CVE-2021-37773
+ RESERVED
+CVE-2021-37772
+ RESERVED
+CVE-2021-37771
+ RESERVED
+CVE-2021-37770
+ RESERVED
+CVE-2021-37769
+ RESERVED
+CVE-2021-37768
+ RESERVED
+CVE-2021-37767
+ RESERVED
+CVE-2021-37766
+ RESERVED
+CVE-2021-37765
+ RESERVED
+CVE-2021-37764
+ RESERVED
+CVE-2021-37763
+ RESERVED
+CVE-2021-37762 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37761 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37760 (A Session ID leak in the audit log in Graylog before 4.1.2 allows atta ...)
+ - graylog2 <itp> (bug #652273)
+CVE-2021-37759 (A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows ...)
+ - graylog2 <itp> (bug #652273)
+CVE-2021-37758
+ RESERVED
+CVE-2021-37757
+ RESERVED
+CVE-2021-37756
+ RESERVED
+CVE-2021-37755
+ RESERVED
+CVE-2021-37754
+ RESERVED
+CVE-2021-37753
+ RESERVED
+CVE-2021-37752
+ RESERVED
+CVE-2021-37751
+ RESERVED
+CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before ...)
+ {DLA-2771-1}
+ - krb5 1.18.3-7 (bug #992607)
+ [bullseye] - krb5 1.18.3-6+deb11u1
+ [buster] - krb5 1.17-3+deb10u3
+ NOTE: https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
+CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16 ...)
+ NOT-FOR-US: Hexagon GeoMedia WebMap
+CVE-2021-37748 (Multiple buffer overflows in the limited configuration shell (/sbin/gs ...)
+ NOT-FOR-US: Grandstream
+CVE-2021-37747
+ RESERVED
+CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3.18.0, ...)
+ - claws-mail 3.18.0-1 (bug #991722)
+ [bullseye] - claws-mail <no-dsa> (Minor issue)
+ [buster] - claws-mail <no-dsa> (Minor issue)
+ [stretch] - claws-mail <no-dsa> (Minor issue)
+ - sylpheed <unfixed> (bug #991723)
+ [bullseye] - sylpheed <no-dsa> (Minor issue)
+ [buster] - sylpheed <no-dsa> (Minor issue)
+ [stretch] - sylpheed <no-dsa> (Minor issue)
+ NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431
+CVE-2021-3672 (A flaw was found in c-ares library, where a missing input validation c ...)
+ {DSA-4954-1 DLA-2738-1}
+ - c-ares 1.17.1-1.1 (bug #992053)
+ [bullseye] - c-ares 1.17.1-1+deb11u1
+ NOTE: https://c-ares.haxx.se/adv_20210810.html
+ NOTE: https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83
+ NOTE: https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14
+CVE-2021-37745
+ RESERVED
+CVE-2021-37744
+ RESERVED
+CVE-2021-37743 (app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored X ...)
+ NOT-FOR-US: MISP
+CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.14 ...)
+ NOT-FOR-US: MISP
+CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vul ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-37740
+ RESERVED
+CVE-2021-37739 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was discove ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37737 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37736 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37733 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37732 (A remote arbitrary command execution vulnerability was discovered in H ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37731 (A local path traversal vulnerability was discovered in Aruba SD-WAN So ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37730 (A remote arbitrary command execution vulnerability was discovered in H ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37729 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37728 (A remote path traversal vulnerability was discovered in Aruba Operatin ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37727 (A remote arbitrary command execution vulnerability was discovered in H ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37726 (A remote buffer overflow vulnerability was discovered in HPE Aruba Ins ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37725 (A remote cross-site request forgery (csrf) vulnerability was discovere ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37724 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37723 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37722 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37721 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37720 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37719 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37718 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37717 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37716 (A remote buffer overflow vulnerability was discovered in Aruba SD-WAN ...)
+ NOT-FOR-US: Aruba
+CVE-2021-37715 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
+ NOT-FOR-US: Aruba
+CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos server ...)
+ - heimdal 7.7.0+dfsg-3 (bug #996586)
+ [bullseye] - heimdal <no-dsa> (Minor issue)
+ [buster] - heimdal <no-dsa> (Minor issue)
+ [stretch] - heimdal <no-dsa> (Minor issue)
+ - samba 2:4.13.13+dfsg-1
+ [bullseye] - samba 2:4.13.13+dfsg-1~deb11u1
+ [buster] - samba <no-dsa> (Minor issue)
+ [stretch] - samba <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2013080
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14770
+ NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
+ NOTE: Followup: https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a
+ NOTE: "Equivalent" issue for CVE-2021-37750 for the MIT krb5 vulnerability.
+ NOTE: Fixed by (Samba): https://gitlab.com/samba-team/samba/-/commit/0cb4b939f192376bf5e33637863a91a20f74c5a5
+CVE-2021-3670
+ RESERVED
+CVE-2021-37714 (jsoup is a Java library for working with HTML. Those using jsoup versi ...)
+ - jsoup 1.14.2-1 (bug #992590)
+ [bullseye] - jsoup <no-dsa> (Minor issue)
+ [buster] - jsoup <no-dsa> (Minor issue)
+ [stretch] - jsoup <no-dsa> (Minor issue)
+ NOTE: https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c
+CVE-2021-37713 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...)
+ - node-tar <not-affected> (Only affects node-tar on Windows)
+ NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh
+CVE-2021-37712 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...)
+ {DSA-5008-1}
+ - node-tar 6.1.11+~cs11.3.10-1 (bug #993981)
+ [stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p
+CVE-2021-37711 (Versions prior to 6.4.3.1 contain an authenticated server-side request ...)
+ NOT-FOR-US: Shopware
+CVE-2021-37710 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-37709 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984
+ NOTE: https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865
+CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...)
+ NOT-FOR-US: OneFuzz
+CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...)
+ NOT-FOR-US: PhpFastCache
+CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...)
+ NOT-FOR-US: Discourse
+CVE-2021-37702 (Pimcore is an open source data &amp; experience management platform. P ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-37701 (The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, an ...)
+ {DSA-5008-1}
+ - node-tar 6.1.7+~cs11.3.10-1
+ [stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc
+CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown objects. ...)
+ NOT-FOR-US: Node paste-markdown
+CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...)
+ NOT-FOR-US: next.js
+CVE-2021-37698 (Icinga is a monitoring system which checks the availability of network ...)
+ {DLA-2816-1}
+ - icinga2 2.13.1-1
+ [bullseye] - icinga2 <no-dsa> (Minor issue)
+ [buster] - icinga2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-cxfm-8j5v-5qr2
+ NOTE: https://icinga.com/blog/2021/08/19/icinga-2-13-1-security-release/
+ NOTE: https://github.com/Icinga/icinga2/commit/8910abc5882774c067dfc22cdf8bf8b830257608 (v2.12.6)
+ NOTE: https://github.com/Icinga/icinga2/commit/bf535969ac23962b65b72ea3893c6b384e1d3218 (v2.12.6)
+ NOTE: https://github.com/Icinga/icinga2/commit/d7133ae4298d133a088b25c9a71ffeb1f8164a8d (v2.12.6)
+ NOTE: https://github.com/Icinga/icinga2/commit/6db8795ca4b6a853f49615279f068d4cf2b42087 (v2.12.6)
+ NOTE: https://github.com/Icinga/icinga2/commit/b7dd909a30367a4b8389e9362f05a856bbd7b081 (v2.12.6)
+CVE-2021-37697 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
+ NOT-FOR-US: tmerc-cogs
+CVE-2021-37696 (tmerc-cogs are a collection of open source plugins for the Red Discord ...)
+ NOT-FOR-US: tmerc-cogs
+CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...)
+ {DLA-2813-1}
+ - ckeditor 4.16.2+dfsg-1 (bug #992290)
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
+ NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
+CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...)
+ NOT-FOR-US: @asyncapi/java-spring-cloud-stream-template
+CVE-2021-37693 (Discourse is an open-source platform for community discussion. In Disc ...)
+ NOT-FOR-US: Discourse
+CVE-2021-37692 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37691 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37690 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37689 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37688 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37687 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37686 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37685 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37684 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37683 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37682 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37681 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37680 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37679 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37678 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37677 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37676 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37675 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37674 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37673 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37672 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37671 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37670 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37669 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37668 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37667 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37666 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37665 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37664 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37663 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37662 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37661 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37660 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37659 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37658 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37657 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37656 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37655 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37654 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37653 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37652 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37651 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37650 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37649 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37648 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37647 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37646 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37645 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37644 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37643 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37642 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37641 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37640 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37639 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37638 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37637 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37636 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37635 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-37634 (Leafkit is a templating language with Swift-inspired syntax. Versions ...)
+ NOT-FOR-US: Leafkit
+CVE-2021-37633 (Discourse is an open source discussion platform. In versions prior to ...)
+ NOT-FOR-US: Discourse
+CVE-2021-37632 (SuperMartijn642's Config Lib is a library used by a number of mods for ...)
+ NOT-FOR-US: SuperMartijn642's Config Lib (lib for Minecraft)
+CVE-2021-37631 (Deck is an open source kanban style organization tool aimed at persona ...)
+ NOT-FOR-US: Nextcloud Deck
+CVE-2021-37630 (Nextcloud Circles is an open source social network built for the nextc ...)
+ NOT-FOR-US: Nextcloud Cirles
+CVE-2021-37629 (Nextcloud Richdocuments is an open source collaborative office suite. ...)
+ NOT-FOR-US: Nextcloud Richdocuments
+CVE-2021-37628 (Nextcloud Richdocuments is an open source collaborative office suite. ...)
+ NOT-FOR-US: Nextcloud Richdocuments
+CVE-2021-37627 (Contao is an open source CMS that allows creation of websites and scal ...)
+ NOT-FOR-US: Contao CMS
+CVE-2021-37626 (Contao is an open source CMS that allows you to create websites and sc ...)
+ NOT-FOR-US: Contao CMS
+CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4 ...)
+ NOT-FOR-US: Skytable
+CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
+ - freeswitch <itp> (bug #389591)
+ NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
+CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq
+ NOTE: https://github.com/Exiv2/exiv2/pull/1790
+CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv
+ NOTE: https://github.com/Exiv2/exiv2/pull/1788
+CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg
+ NOTE: https://github.com/Exiv2/exiv2/pull/1778
+CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <ignored> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728
+ NOTE: https://github.com/Exiv2/exiv2/pull/1769
+CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
+ NOTE: https://github.com/Exiv2/exiv2/pull/1752
+CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2
+ NOTE: https://github.com/Exiv2/exiv2/pull/1759
+CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
+ - nextcloud-desktop <not-affected> (Doesn't affect Nextcloud client as shipped in Debian)
+ NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
+CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
+ NOTE: https://github.com/Exiv2/exiv2/pull/1758
+CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w
+ NOTE: https://github.com/Exiv2/exiv2/pull/1758
+CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...)
+ NOT-FOR-US: MOVEit Transfer
+CVE-2021-37613 (Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-37612
+ RESERVED
+CVE-2021-37611
+ RESERVED
+CVE-2021-37610
+ RESERVED
+CVE-2021-37609
+ RESERVED
+CVE-2021-37608 (Unrestricted Upload of File with Dangerous Type vulnerability in Apach ...)
+ NOT-FOR-US: Apache OFBiz
+CVE-2021-37607
+ RESERVED
+CVE-2021-3669 [reading /proc/sysvipc/shm does not scale with large shared memory segment counts]
+ RESERVED
+ - linux 5.15.3-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1986473
+CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...)
+ NOT-FOR-US: Meow hash
+CVE-2021-37605 (In version 6.5 Microchip MiWi software and all previous versions inclu ...)
+ NOT-FOR-US: Microchip MiWi
+CVE-2021-37604 (In version 6.5 of Microchip MiWi software and all previous versions in ...)
+ NOT-FOR-US: Microchip MiWi
+CVE-2021-37603
+ RESERVED
+CVE-2021-37602
+ RESERVED
+CVE-2021-37599 (The exporter/Login.aspx login form in the Exporter in Nuance Winscribe ...)
+ NOT-FOR-US: Nuance
+CVE-2021-3668
+ RESERVED
+CVE-2021-37600 (** DISPUTED ** An integer overflow in util-linux through 2.37.1 can po ...)
+ - util-linux 2.36.1-8 (low; bug #991619)
+ [buster] - util-linux <no-dsa> (Minor issue)
+ [stretch] - util-linux <no-dsa> (Minor issue)
+ NOTE: https://github.com/karelzak/util-linux/issues/1395
+ NOTE: https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
+CVE-2021-37598 (WP Cerber before 8.9.3 allows bypass of /wp-json access control via a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-37597 (WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-37596 (Telegram Web K Alpha 0.6.1 allows XSS via a document name. ...)
+ NOT-FOR-US: Telegram Web K Alpha
+CVE-2021-37595 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...)
+ - freerdp2 <not-affected> (Windows-specific)
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9
+CVE-2021-37594 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...)
+ - freerdp2 <not-affected> (Windows-specific)
+ NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9
+CVE-2021-37593 (PEEL Shopping version 9.4.0 allows remote SQL injection. A public user ...)
+ NOT-FOR-US: PEEL Shopping
+CVE-2021-37592 (Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a cl ...)
+ - suricata 1:6.0.4-1
+ [bullseye] - suricata <no-dsa> (Minor issue)
+ [buster] - suricata <no-dsa> (Minor issue)
+ [stretch] - suricata <no-dsa> (Minor issue)
+ NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942
+ NOTE: https://redmine.openinfosecfoundation.org/issues/4569 (not public)
+CVE-2021-37591
+ RESERVED
+CVE-2021-37590
+ RESERVED
+CVE-2021-37589
+ RESERVED
+CVE-2021-37588 (In Charm 0.43, any two users can collude to achieve the ability to dec ...)
+ NOT-FOR-US: Charm
+CVE-2021-37587 (In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 dat ...)
+ NOT-FOR-US: Charm
+CVE-2021-37586 (The PowerPlay Web component of Mitel Interaction Recording Multitenanc ...)
+ NOT-FOR-US: Mitel
+CVE-2021-37585
+ RESERVED
+CVE-2021-37584 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37583 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37582
+ RESERVED
+CVE-2021-37581
+ RESERVED
+CVE-2021-37580 (A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in S ...)
+ NOT-FOR-US: Apache ShenYu Admin
+CVE-2021-37579 (The Dubbo Provider will check the incoming request and the correspondi ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-3667
+ RESERVED
+ - libvirt 7.6.0-1 (bug #991594)
+ [bullseye] - libvirt <no-dsa> (Minor issue)
+ [buster] - libvirt <no-dsa> (Minor issue)
+ [stretch] - libvirt <not-affected> (Introduced in 4.1)
+ NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 (v7.6.0-rc1)
+ NOTE: Introduced in https://libvirt.org/git/?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129
+CVE-2021-37578 (Apache jUDDI uses several classes related to Java's Remote Method Invo ...)
+ NOT-FOR-US: Apache jUDDI
+CVE-2021-37577
+ RESERVED
+CVE-2021-37575
+ RESERVED
+CVE-2021-37574
+ RESERVED
+CVE-2021-37573 (A reflected cross-site scripting (XSS) vulnerability in the web server ...)
+ NOT-FOR-US: TTiny Java Web Server and Servlet Container (TJWS)
+CVE-2021-37572 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37571 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37570 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37569 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37568 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37567 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37566 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37565 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37564 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37563 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37562 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37561 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37560 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-37559
+ RESERVED
+CVE-2021-37558 (A SQL injection vulnerability in a MediaWiki script in Centreon before ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-37557 (A SQL injection vulnerability in image generation in Centreon before 2 ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-37556 (A SQL injection vulnerability in reporting export in Centreon before 2 ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell a ...)
+ NOT-FOR-US: TX9 Automatic Food Dispenser
+CVE-2021-37554 (In JetBrains YouTrack before 2021.3.21051, a user could see boards wit ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37553 (In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37552 (In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37551 (In JetBrains YouTrack before 2021.2.16363, system user passwords were ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37550 (In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons wer ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37549 (In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37548 (In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37547 (In JetBrains TeamCity before 2020.2.4, insufficient checks during file ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37546 (In JetBrains TeamCity before 2021.1, an insecure key generation mechan ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37545 (In JetBrains TeamCity before 2021.1.1, insufficient authentication che ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37544 (In JetBrains TeamCity before 2020.2.4, there was an insecure deseriali ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37543 (In JetBrains RubyMine before 2021.1.1, code execution without user con ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37542 (In JetBrains TeamCity before 2020.2.3, XSS was possible. ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37541 (In JetBrains Hub before 2021.1.13402, HTML injection in the password r ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP f ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-37539 (Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestri ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...)
+ NOT-FOR-US: Node body-parser-xml
+CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...)
+ {DSA-4978-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <ignored> (powerpc architectures not included in LTS)
+ NOTE: https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3)
+CVE-2021-37538 (Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-37537
+ RESERVED
+CVE-2021-37536
+ RESERVED
+CVE-2021-37535 (SAP NetWeaver Application Server Java (JMS Connector Service) - versio ...)
+ NOT-FOR-US: SAP
+CVE-2021-37534 (app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when ...)
+ NOT-FOR-US: MISP
+CVE-2021-37533
+ RESERVED
+CVE-2021-37532 (SAP Business One version - 10, due to improper input validation, allow ...)
+ NOT-FOR-US: SAP
+CVE-2021-37531 (SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2021-37530 (A denial of service vulnerabiity exists in fig2dev through 3.28a due t ...)
+ - fig2dev 1:3.2.8b-1
+ [bullseye] - fig2dev <no-dsa> (Minor issue)
+ [buster] - fig2dev <no-dsa> (Minor issue)
+ [stretch] - fig2dev <no-dsa> (Minor issue)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/126/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/ff103511e49c44c83fc58e2092aa37e9019a3a9f/
+CVE-2021-37529 (A double-free vulnerability exists in fig2dev through 3.28a is affecte ...)
+ - fig2dev 1:3.2.8b-1
+ [bullseye] - fig2dev <no-dsa> (Minor issue)
+ [buster] - fig2dev <no-dsa> (Minor issue)
+ [stretch] - fig2dev <no-dsa> (Minor issue)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/125/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/899ea1277387ca9e9853bf61d29b7419d5692691/
+CVE-2021-37528
+ RESERVED
+CVE-2021-37527
+ RESERVED
+CVE-2021-37526
+ RESERVED
+CVE-2021-37525
+ RESERVED
+CVE-2021-37524
+ RESERVED
+CVE-2021-37523
+ RESERVED
+CVE-2021-37522
+ RESERVED
+CVE-2021-37521
+ RESERVED
+CVE-2021-37520
+ RESERVED
+CVE-2021-37519
+ RESERVED
+CVE-2021-37518
+ RESERVED
+CVE-2021-37517
+ RESERVED
+CVE-2021-37516
+ RESERVED
+CVE-2021-37515
+ RESERVED
+CVE-2021-37514
+ RESERVED
+CVE-2021-37513
+ RESERVED
+CVE-2021-37512
+ RESERVED
+CVE-2021-37511
+ RESERVED
+CVE-2021-37510
+ RESERVED
+CVE-2021-37509
+ RESERVED
+CVE-2021-37508
+ RESERVED
+CVE-2021-37507
+ RESERVED
+CVE-2021-37506
+ RESERVED
+CVE-2021-37505
+ RESERVED
+CVE-2021-37504
+ RESERVED
+CVE-2021-37503
+ RESERVED
+CVE-2021-37502
+ RESERVED
+CVE-2021-37501
+ RESERVED
+CVE-2021-37500
+ RESERVED
+CVE-2021-37499
+ RESERVED
+CVE-2021-37498
+ RESERVED
+CVE-2021-37497
+ RESERVED
+CVE-2021-37496
+ RESERVED
+CVE-2021-37495
+ RESERVED
+CVE-2021-37494
+ RESERVED
+CVE-2021-37493
+ RESERVED
+CVE-2021-37492
+ RESERVED
+CVE-2021-37491
+ RESERVED
+CVE-2021-37490
+ RESERVED
+CVE-2021-37489
+ RESERVED
+CVE-2021-37488
+ RESERVED
+CVE-2021-37487
+ RESERVED
+CVE-2021-37486
+ RESERVED
+CVE-2021-37485
+ RESERVED
+CVE-2021-37484
+ RESERVED
+CVE-2021-37483
+ RESERVED
+CVE-2021-37482
+ RESERVED
+CVE-2021-37481
+ RESERVED
+CVE-2021-37480
+ RESERVED
+CVE-2021-37479
+ RESERVED
+CVE-2021-37478 (In NavigateCMS version 2.9.4 and below, function `block` is vulnerable ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-37477 (In NavigateCMS version 2.9.4 and below, function in `structure.php` is ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-37476 (In NavigateCMS version 2.9.4 and below, function in `product.php` is v ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-37475 (In NavigateCMS version 2.9.4 and below, function in `templates.php` is ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-37474
+ RESERVED
+CVE-2021-37473 (In NavigateCMS version 2.9.4 and below, function in `product.php` is v ...)
+ NOT-FOR-US: NavigateCMS
+CVE-2021-37472
+ RESERVED
+CVE-2021-37471 (Cradlepoint IBR900-600 devices running versions &lt; 7.21.10 are vulne ...)
+ NOT-FOR-US: Cradlepoint
+CVE-2021-37470 (In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists ...)
+ NOT-FOR-US: NCH
+CVE-2021-37469 (In NCH WebDictate v2.13 and earlier, authenticated users can abuse log ...)
+ NOT-FOR-US: NCH
+CVE-2021-37468 (NCH Reflect CRM 3.01 allows local users to discover cleartext user acc ...)
+ NOT-FOR-US: NCH
+CVE-2021-37467 (In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploa ...)
+ NOT-FOR-US: NCH
+CVE-2021-37466 (In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (refle ...)
+ NOT-FOR-US: NCH
+CVE-2021-37465 (In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflec ...)
+ NOT-FOR-US: NCH
+CVE-2021-37464 (In NCH Quorum v2.03 and earlier, XSS exists via Conference Description ...)
+ NOT-FOR-US: NCH
+CVE-2021-37463 (In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (sto ...)
+ NOT-FOR-US: NCH
+CVE-2021-37462 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37461 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37460 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37459 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37458 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37457 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37456 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37455 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37454 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37453 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...)
+ NOT-FOR-US: NCH
+CVE-2021-37452 (NCH Quorum v2.03 and earlier allows local users to discover cleartext ...)
+ NOT-FOR-US: NCH
+CVE-2021-37451 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...)
+ NOT-FOR-US: NCH
+CVE-2021-37450 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...)
+ NOT-FOR-US: NCH
+CVE-2021-37449 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...)
+ NOT-FOR-US: NCH
+CVE-2021-37448 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...)
+ NOT-FOR-US: NCH
+CVE-2021-37447 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...)
+ NOT-FOR-US: NCH
+CVE-2021-37446 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...)
+ NOT-FOR-US: NCH
+CVE-2021-37445 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...)
+ NOT-FOR-US: NCH
+CVE-2021-37444 (NCH IVM Attendant v5.12 and earlier suffers from a directory traversal ...)
+ NOT-FOR-US: NCH
+CVE-2021-37443 (NCH IVM Attendant v5.12 and earlier allows path traversal via the logd ...)
+ NOT-FOR-US: NCH
+CVE-2021-37442 (NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile ...)
+ NOT-FOR-US: NCH
+CVE-2021-37441 (NCH Axon PBX v2.22 and earlier allows path traversal for file deletion ...)
+ NOT-FOR-US: NCH
+CVE-2021-37440 (NCH Axon PBX v2.22 and earlier allows path traversal for file disclosu ...)
+ NOT-FOR-US: NCH
+CVE-2021-37439 (NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vu ...)
+ NOT-FOR-US: NCH
+CVE-2021-37438
+ REJECTED
+CVE-2021-37437
+ RESERVED
+CVE-2021-37436 (Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, ...)
+ NOT-FOR-US: Amazon Echo
+CVE-2021-37435
+ RESERVED
+CVE-2021-37434
+ RESERVED
+CVE-2021-37433
+ RESERVED
+CVE-2021-37432
+ RESERVED
+CVE-2021-37431
+ RESERVED
+CVE-2021-37430
+ RESERVED
+CVE-2021-37429
+ RESERVED
+CVE-2021-37428
+ RESERVED
+CVE-2021-37427
+ RESERVED
+CVE-2021-37426
+ RESERVED
+CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such a ...)
+ NOT-FOR-US: Altova MobileTogether Server
+CVE-2021-37424 (ManageEngine ADSelfService Plus before 6112 is vulnerable to domain us ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-37423 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to l ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to S ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37420 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-37419 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-37418
+ REJECTED
+CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAP ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnera ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authe ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37414 (Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-37413
+ RESERVED
+CVE-2021-37412 (The TechRadar app 1.1 for Confluence Server allows XSS via the Title f ...)
+ NOT-FOR-US: TechRadar app for Confluence Server
+CVE-2021-37411
+ RESERVED
+CVE-2021-3665
+ RESERVED
+CVE-2021-3664 (url-parse is vulnerable to URL Redirection to Untrusted Site ...)
+ - node-url-parse 1.5.3-1 (bug #991577)
+ [buster] - node-url-parse <no-dsa> (Minor issue)
+ [stretch] - node-url-parse <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://huntr.dev/bounties/1625557993985-unshiftio/url-parse/
+ NOTE: https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0
+CVE-2021-26250
+ RESERVED
+CVE-2021-23208
+ RESERVED
+CVE-2021-23183
+ RESERVED
+CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers t ...)
+ - prosody 0.11.9-2
+ [buster] - prosody <no-dsa> (Minor issue)
+ [stretch] - prosody <not-affected> (Vulnerable code not present)
+ NOTE: https://prosody.im/security/advisory_20210722/
+CVE-2021-37404
+ RESERVED
+CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Authent ...)
+ NOT-FOR-US: firefly-iii
+CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to ...)
+ NOT-FOR-US: HP
+CVE-2021-3661
+ RESERVED
+CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-3660
+ RESERVED
+ - cockpit 254-1
+ [bullseye] - cockpit <ignored> (Minor issue)
+ [buster] - cockpit <ignored> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980688
+CVE-2021-37401 (An attacker may obtain the user credentials from file servers, backup ...)
+ NOT-FOR-US: IDEC
+CVE-2021-37400 (An attacker may obtain the user credentials from the communication bet ...)
+ NOT-FOR-US: IDEC
+CVE-2021-37399
+ RESERVED
+CVE-2021-37398
+ RESERVED
+CVE-2021-37397
+ RESERVED
+CVE-2021-37396
+ RESERVED
+CVE-2021-37395
+ RESERVED
+CVE-2021-37394 (In RPCMS v1.8 and below, attackers can interact with API and change va ...)
+ NOT-FOR-US: RPCMS
+CVE-2021-37393 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...)
+ NOT-FOR-US: RPCMS
+CVE-2021-37392 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...)
+ NOT-FOR-US: RPCMS
+CVE-2021-37391 (A user without privileges in Chamilo LMS 1.11.14 can send an invitatio ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-37390 (A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/socia ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-37389 (Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/ ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr paramet ...)
+ NOT-FOR-US: D-Link
+CVE-2021-37387
+ RESERVED
+CVE-2021-37386
+ RESERVED
+CVE-2021-37385
+ RESERVED
+CVE-2021-37384
+ RESERVED
+CVE-2021-37383
+ RESERVED
+CVE-2021-37382
+ RESERVED
+CVE-2021-37381 (Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access ...)
+ NOT-FOR-US: Southsoft GMIS
+CVE-2021-37380
+ RESERVED
+CVE-2021-37379
+ RESERVED
+CVE-2021-37378
+ RESERVED
+CVE-2021-37377
+ RESERVED
+CVE-2021-37376
+ RESERVED
+CVE-2021-37375
+ RESERVED
+CVE-2021-37374
+ RESERVED
+CVE-2021-37373
+ RESERVED
+CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure file up ...)
+ NOT-FOR-US: Online Student Admission System
+CVE-2021-37371 (Online Student Admission System 1.0 is affected by an unauthenticated ...)
+ NOT-FOR-US: Online Student Admission System
+CVE-2021-37370
+ RESERVED
+CVE-2021-37369
+ RESERVED
+CVE-2021-37368
+ RESERVED
+CVE-2021-37367 (CTparental before 4.45.07 is affected by a code execution vulnerabilit ...)
+ NOT-FOR-US: CTparental
+CVE-2021-37366 (CTparental before 4.45.03 is vulnerable to cross-site request forgery ...)
+ NOT-FOR-US: CTparental
+CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) ...)
+ NOT-FOR-US: CTparental
+CVE-2021-37364 (OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default ...)
+ NOT-FOR-US: OpenClinic
+CVE-2021-37363 (An Insecure Permissions issue exists in Gestionale Open 11.00.00. A lo ...)
+ NOT-FOR-US: Gestionale Open
+CVE-2021-37362
+ RESERVED
+CVE-2021-37361
+ RESERVED
+CVE-2021-37360
+ RESERVED
+CVE-2021-37359
+ RESERVED
+CVE-2021-37358 (SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers t ...)
+ NOT-FOR-US: SEACMS
+CVE-2021-37357
+ RESERVED
+CVE-2021-37356
+ RESERVED
+CVE-2021-37355
+ RESERVED
+CVE-2021-37354 (Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer ov ...)
+ NOT-FOR-US: Xerox
+CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before version 5.8. ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37351 (Nagios XI before version 5.8.5 is vulnerable to insecure permissions a ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37350 (Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerab ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37349 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37348 (Nagios XI before version 5.8.5 is vulnerable to local file inclusion t ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37347 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37346 (Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remo ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37345 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37344 (Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote c ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37343 (A path traversal vulnerability exists in Nagios XI below version 5.8.5 ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37342
+ RESERVED
+CVE-2021-37341
+ RESERVED
+CVE-2021-37340
+ RESERVED
+CVE-2021-37339
+ RESERVED
+CVE-2021-37338
+ RESERVED
+CVE-2021-37337
+ RESERVED
+CVE-2021-37336
+ RESERVED
+CVE-2021-37335
+ RESERVED
+CVE-2021-37334 (Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vu ...)
+ NOT-FOR-US: Umbraco Forms
+CVE-2021-37333 (Laravel Booking System Booking Core 2.0 is vulnerable to Session Manag ...)
+ NOT-FOR-US: Laravel Booking System Booking Core
+CVE-2021-37332
+ RESERVED
+CVE-2021-37331 (Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Acc ...)
+ NOT-FOR-US: Laravel Booking System Booking Core
+CVE-2021-37330 (Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Sc ...)
+ NOT-FOR-US: Laravel Booking System Booking Core
+CVE-2021-37329
+ RESERVED
+CVE-2021-37328
+ RESERVED
+CVE-2021-37327
+ RESERVED
+CVE-2021-37326 (NetSarang Xshell 7 before Build 0077 includes unintended code strings ...)
+ NOT-FOR-US: NetSarang Xshell
+CVE-2021-37325
+ RESERVED
+CVE-2021-37324
+ RESERVED
+CVE-2021-37323
+ RESERVED
+CVE-2021-37322 (GCC c++filt v2.26 was discovered to contain a use-after-free vulnerabi ...)
+ - binutils 2.27.51.20161102-1 (unimportant)
+ NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188
+ NOTE: binutils not covered by security support
+CVE-2021-37321
+ RESERVED
+CVE-2021-37320
+ RESERVED
+CVE-2021-37319
+ RESERVED
+CVE-2021-37318
+ RESERVED
+CVE-2021-37317
+ RESERVED
+CVE-2021-37316
+ RESERVED
+CVE-2021-37315
+ RESERVED
+CVE-2021-37314
+ RESERVED
+CVE-2021-37313
+ RESERVED
+CVE-2021-37312
+ RESERVED
+CVE-2021-37311
+ RESERVED
+CVE-2021-37310
+ RESERVED
+CVE-2021-37309
+ RESERVED
+CVE-2021-37308
+ RESERVED
+CVE-2021-37307
+ RESERVED
+CVE-2021-37306
+ RESERVED
+CVE-2021-37305
+ RESERVED
+CVE-2021-37304
+ RESERVED
+CVE-2021-37303
+ RESERVED
+CVE-2021-37302
+ RESERVED
+CVE-2021-37301
+ RESERVED
+CVE-2021-37300
+ RESERVED
+CVE-2021-37299
+ RESERVED
+CVE-2021-37298 (Laravel v5.1 was discovered to contain a deserialization vulnerability ...)
+ - php-laravel-framework <undetermined>
+ NOTE: https://github.com/Stakcery/happywd/issues/1
+ TODO: check, unclear status of report to upstream
+CVE-2021-37297
+ RESERVED
+CVE-2021-37296
+ RESERVED
+CVE-2021-37295
+ RESERVED
+CVE-2021-37294
+ RESERVED
+CVE-2021-37293
+ RESERVED
+CVE-2021-37292
+ RESERVED
+CVE-2021-37291
+ RESERVED
+CVE-2021-37290
+ RESERVED
+CVE-2021-37289
+ RESERVED
+CVE-2021-37288
+ RESERVED
+CVE-2021-37287
+ RESERVED
+CVE-2021-37286
+ RESERVED
+CVE-2021-37285
+ RESERVED
+CVE-2021-37284
+ RESERVED
+CVE-2021-37283
+ RESERVED
+CVE-2021-37282
+ RESERVED
+CVE-2021-37281
+ RESERVED
+CVE-2021-37280
+ RESERVED
+CVE-2021-37279
+ RESERVED
+CVE-2021-37278
+ RESERVED
+CVE-2021-37277
+ RESERVED
+CVE-2021-37276
+ RESERVED
+CVE-2021-37275
+ RESERVED
+CVE-2021-37274 (Kingdee KIS Professional Edition has a privilege escalation vulnerabil ...)
+ NOT-FOR-US: Kingdee KIS Professional Edition
+CVE-2021-37273 (A Denial of Service issue exists in China Telecom Corporation EPON Tia ...)
+ NOT-FOR-US: Tianyi Gateway
+CVE-2021-37272
+ RESERVED
+CVE-2021-37271 (Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, w ...)
+ NOT-FOR-US: UEditor
+CVE-2021-37270 (There is an unauthorized access vulnerability in the CMS Enterprise We ...)
+ NOT-FOR-US: CMS Enterprise Website Construction System
+CVE-2021-37269
+ RESERVED
+CVE-2021-37268
+ RESERVED
+CVE-2021-37267 (Cross Site Scripting (XSS) vulnerability exists in all versions of Kin ...)
+ NOT-FOR-US: KindEditor
+CVE-2021-37266
+ RESERVED
+CVE-2021-37265
+ RESERVED
+CVE-2021-37264
+ RESERVED
+CVE-2021-37263
+ RESERVED
+CVE-2021-37262 (JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Den ...)
+ NOT-FOR-US: JFinal_cms
+CVE-2021-37261
+ RESERVED
+CVE-2021-37260
+ RESERVED
+CVE-2021-37259
+ RESERVED
+CVE-2021-37258
+ RESERVED
+CVE-2021-37257
+ RESERVED
+CVE-2021-37256
+ RESERVED
+CVE-2021-37255
+ RESERVED
+CVE-2021-37254 (In M-Files Web product with versions before 20.10.9524.1 and 20.10.944 ...)
+ NOT-FOR-US: M-Files
+CVE-2021-37253 (** DISPUTED ** M-Files Web before 20.10.9524.1 allows a denial of serv ...)
+ NOT-FOR-US: M-Files Web
+CVE-2021-37252
+ RESERVED
+CVE-2021-37251
+ RESERVED
+CVE-2021-37250
+ RESERVED
+CVE-2021-37249
+ RESERVED
+CVE-2021-37248
+ RESERVED
+CVE-2021-37247
+ RESERVED
+CVE-2021-37246
+ RESERVED
+CVE-2021-37245
+ RESERVED
+CVE-2021-37244
+ RESERVED
+CVE-2021-37243
+ RESERVED
+CVE-2021-37242
+ RESERVED
+CVE-2021-37241
+ RESERVED
+CVE-2021-37240
+ RESERVED
+CVE-2021-37239
+ RESERVED
+CVE-2021-37238
+ RESERVED
+CVE-2021-37237
+ RESERVED
+CVE-2021-37236
+ RESERVED
+CVE-2021-37235
+ RESERVED
+CVE-2021-37234
+ RESERVED
+CVE-2021-37233
+ RESERVED
+CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...)
+ - atomicparsley 20210715.151551.e7ad03a-1 (bug #993366)
+ [bullseye] - atomicparsley <no-dsa> (Minor issue)
+ [buster] - atomicparsley <no-dsa> (Minor issue)
+ [stretch] - atomicparsley <no-dsa> (Minor issue)
+ - gtkpod <unfixed> (bug #993376)
+ [bullseye] - gtkpod <ignored> (Minor issue)
+ [buster] - gtkpod <ignored> (Minor issue)
+ [stretch] - gtkpod <ignored> (Minor issue)
+ NOTE: https://github.com/wez/atomicparsley/commit/d72ccf06c98259d7261e0f3ac4fd8717778782c1
+ NOTE: https://github.com/wez/atomicparsley/issues/32
+CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499 ...)
+ - atomicparsley 20210715.151551.e7ad03a-1 (bug #993372)
+ [bullseye] - atomicparsley <no-dsa> (Minor issue)
+ [buster] - atomicparsley <no-dsa> (Minor issue)
+ [stretch] - atomicparsley <no-dsa> (Minor issue)
+ - gtkpod <unfixed> (bug #993375)
+ [bullseye] - gtkpod <ignored> (Minor issue)
+ [buster] - gtkpod <ignored> (Minor issue)
+ [stretch] - gtkpod <ignored> (Minor issue)
+ NOTE: https://github.com/wez/atomicparsley/issues/30
+ NOTE: https://github.com/wez/atomicparsley/pull/31#issue-687280335
+CVE-2021-37230
+ RESERVED
+CVE-2021-37229
+ RESERVED
+CVE-2021-37228
+ RESERVED
+CVE-2021-37227
+ RESERVED
+CVE-2021-37226
+ RESERVED
+CVE-2021-37225
+ RESERVED
+CVE-2021-37224
+ RESERVED
+CVE-2021-37223 (Nagios Enterprises NagiosXI &lt;= 5.8.4 contains a Server-Side Request ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow remote at ...)
+ NOT-FOR-US: RCDCAP
+CVE-2021-37221 (A file upload vulnerability exists in Sourcecodester Customer Relation ...)
+ NOT-FOR-US: Sourcecodester Customer Relationship Management System
+CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cached col ...)
+ - mupdf 1.17.0+ds1-2 (bug #991402)
+ [buster] - mupdf <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - mupdf <not-affected> (Vulnerable code not present)
+ NOTE: http://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703791
+ NOTE: On Stretch, an earlier version of the code exits early instead of crashing.
+CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows no ...)
+ - consul <unfixed>
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024
+CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server ...)
+ - nomad <unfixed>
+ [bullseye] - nomad <no-dsa> (Minor issue)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023
+ NOTE: https://github.com/hashicorp/nomad/pull/11089 (main)
+ NOTE: https://github.com/hashicorp/nomad/commit/768d7c72a77e9c0415d92900753fc83e8822145a (release-1.1.4)
+ NOTE: https://github.com/hashicorp/nomad/commit/61a922afcf12784281757402c8e0b61686ff855d (release-1.0.11)
+CVE-2021-37217
+ RESERVED
+CVE-2021-3659 [NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c]
+ RESERVED
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://git.kernel.org/linus/1165affd484889d4986cf3b724318935a0b120d8
+CVE-2021-3658
+ RESERVED
+ - bluez 5.61-1 (bug #991596)
+ [bullseye] - bluez <no-dsa> (Minor issue)
+ [buster] - bluez <no-dsa> (Minor issue)
+ [stretch] - bluez <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d04eb02f9bad8795297210ef80e262be16ea8f07 (5.51)
+ NOTE: Fixed by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055
+CVE-2021-37216 (QSAN Storage Manager header page parameters does not filter special ch ...)
+ NOT-FOR-US: QSAN Storage Manager
+CVE-2021-37215 (The employee management page of Flygo contains an Insecure Direct Obje ...)
+ NOT-FOR-US: Flygo
+CVE-2021-37214 (The employee management page of Flygo contains Insecure Direct Object ...)
+ NOT-FOR-US: Flygo
+CVE-2021-37213 (The check-in record page of Flygo contains Insecure Direct Object Refe ...)
+ NOT-FOR-US: Flygo
+CVE-2021-37212 (The bulletin function of Flygo contains Insecure Direct Object Referen ...)
+ NOT-FOR-US: Flygo
+CVE-2021-37211 (The bulletin function of Flygo does not filter special characters whil ...)
+ NOT-FOR-US: Flygo
+CVE-2021-37210
+ RESERVED
+CVE-2021-37209
+ RESERVED
+CVE-2021-37208
+ RESERVED
+CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37205 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37204 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37203 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37202 (A vulnerability has been identified in NX 1980 Series (All versions &l ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37201 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions), ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37198 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37197 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37196 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37195 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37194 (A vulnerability has been identified in COMOS V10.2 (All versions only ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37193 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37192 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37191 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37190 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37189 (An issue was discovered on Digi TransPort Gateway devices through 5.2. ...)
+ NOT-FOR-US: Digi TransPort Gateway devices
+CVE-2021-37188 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...)
+ NOT-FOR-US: Digi TransPort devices
+CVE-2021-37187 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...)
+ NOT-FOR-US: Digi TransPort devices
+CVE-2021-37186 (A vulnerability has been identified in LOGO! CMR2020 (All versions &lt ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37185 (A vulnerability has been identified in SIMATIC Drive Controller family ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37184 (A vulnerability has been identified in Industrial Edge Management (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37183 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37182
+ RESERVED
+CVE-2021-37181 (A vulnerability has been identified in Cerberus DMS V4.0 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37180 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37179 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37178 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37177 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37176 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37175 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37174 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37173 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37172 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...)
+ NOT-FOR-US: Siemens
+CVE-2021-37171
+ RESERVED
+CVE-2021-37170
+ RESERVED
+CVE-2021-37169
+ RESERVED
+CVE-2021-37168
+ RESERVED
+CVE-2021-37167 (An insecure permissions issue was discovered in HMI3 Control Panel in ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37166 (A buffer overflow issue leading to denial of service was discovered in ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37165 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37164 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37163 (An insecure permissions issue was discovered in HMI3 Control Panel in ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37162 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37161 (A buffer overflow issue was discovered in the HMI3 Control Panel conta ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37160 (A firmware validation issue was discovered in HMI3 Control Panel in Sw ...)
+ NOT-FOR-US: Swisslog Healthcare Nexus Panel
+CVE-2021-37158 (An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021- ...)
+ NOT-FOR-US: OpenGamePanel
+CVE-2021-37157 (An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021- ...)
+ NOT-FOR-US: OpenGamePanel
+CVE-2021-37156 (Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon ...)
+ - redmine <not-affected> (Only affected 4.2.0 and 4.2.1 upstream)
+ NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ NOTE: https://github.com/redmine/redmine/commit/ee0d822517154878a2ad33be66b820c6b68d077b
+CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure ou ...)
+ - wolfssl 5.0.0-1 (bug #991443)
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
+ NOTE: https://github.com/wolfSSL/wolfssl/pull/3990
+ NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
+CVE-2021-37154 (In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementa ...)
+ NOT-FOR-US: ForgeRock Access Management (AM)
+CVE-2021-37153 (ForgeRock Access Management (AM) before 7.0.2, when configured with Ac ...)
+ NOT-FOR-US: ForgeRock Access Management (AM)
+CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 befor ...)
+ NOT-FOR-US: Sonatype
+CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...)
+ NOT-FOR-US: CyberArk Identity
+CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate ...)
+ - isync 1.4.4-1
+ [bullseye] - isync 1.3.0-2.2+deb11u1
+ [buster] - isync <no-dsa> (Minor issue)
+ [stretch] - isync <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/1
+CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel throu ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html
+CVE-2021-37150
+ RESERVED
+CVE-2021-37149 (Improper Input Validation vulnerability in header parsing of Apache Tr ...)
+ - trafficserver 9.1.1+ds-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/pull/8458/
+ NOTE: https://github.com/apache/trafficserver/commit/2addc8ca71449ceac0d5b80172460ee09c938f5e (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/commit/83c89f3d217d473ecb000b68c910c0f183c3a355 (master)
+CVE-2021-37148 (Improper input validation vulnerability in header parsing of Apache Tr ...)
+ - trafficserver 9.1.1+ds-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/pull/8457/
+ NOTE: https://github.com/apache/trafficserver/commit/6e5070118a20772a30c3fccee2cf1c44f0a21fc0 (master)
+ NOTE: https://github.com/apache/trafficserver/commit/e2c9ac217f24dc3e91ff2c9f52b52093e8fb32d5 (8.1.x)
+CVE-2021-37147 (Improper input validation vulnerability in header parsing of Apache Tr ...)
+ - trafficserver 9.1.1+ds-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11
+ NOTE: https://github.com/apache/trafficserver/commit/64f25678bfbbd1433cce703e3c43bcc49a53de56 (master)
+ NOTE: https://github.com/apache/trafficserver/commit/5cad961c87cb07fbb8fa6890685d9878a169378d (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/pull/8460
+CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...)
+ [experimental] - ros-ros-comm 1.15.13+ds1-1
+ - ros-ros-comm 1.15.13+ds1-2
+ [bullseye] - ros-ros-comm 1.15.9+ds1-7+deb11u1
+ [buster] - ros-ros-comm <no-dsa> (Minor issue)
+ [stretch] - ros-ros-comm <no-dsa> (Minor issue)
+ NOTE: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446
+ NOTE: https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447
+ NOTE: https://github.com/ros/ros_comm/pull/2185
+ NOTE: https://github.com/ros/ros_comm/commit/41a956c092b2f15405945f40f43dea09516df202 (1.15.12)
+ NOTE: https://github.com/ros/ros_comm/pull/2186
+ NOTE: https://github.com/ros/ros_comm/commit/71ff62670d15eeec39efd16c3ec4d19b6db8380a (1.14.12)
+CVE-2021-37145 (** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in a ...)
+ NOT-FOR-US: Poly (formerly Polycom)
+CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in ...)
+ NOT-FOR-US: CSZ CMS
+CVE-2021-37143
+ RESERVED
+CVE-2021-37142
+ RESERVED
+CVE-2021-37141
+ RESERVED
+CVE-2021-37140
+ RESERVED
+CVE-2021-3656 [KVM: nSVM: always intercept VMLOAD/VMSAVE when nested]
+ RESERVED
+ {DSA-4978-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
+CVE-2021-37139
+ RESERVED
+CVE-2021-37138
+ RESERVED
+CVE-2021-37137 (The Snappy frame decoder function doesn't restrict the chunk length wh ...)
+ - netty <unfixed>
+ [bullseye] - netty <no-dsa> (Minor issue)
+ [buster] - netty <no-dsa> (Minor issue)
+ [stretch] - netty <no-dsa> (Minor issue)
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
+ NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final)
+CVE-2021-37136 (The Bzip2 decompression decoder function doesn't allow setting size re ...)
+ - netty <unfixed>
+ [bullseye] - netty <no-dsa> (Minor issue)
+ [buster] - netty <no-dsa> (Minor issue)
+ [stretch] - netty <no-dsa> (Minor issue)
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
+ NOTE: Fixed by: https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020 (netty-4.1.68.Final)
+CVE-2021-37135
+ RESERVED
+CVE-2021-37134 (Location-related APIs exists a Race Condition vulnerability.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37133 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37132 (PackageManagerService has a Permissions, Privileges, and Access Contro ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager NetEco a ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37128 (HwPCAssistant has a Path Traversal vulnerability .Successful exploitat ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37127 (There is a signature management vulnerability in some huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37126 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37125 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product. Because ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060 before ...)
+ NOT-FOR-US: Hero-CT060
+CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei products. An a ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37121 (There is a Configuration defects in Smartphone.Successful exploitation ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37120 (There is a Double free vulnerability in Smartphone.Successful exploita ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37119 (There is a Service logic vulnerability in Smartphone.Successful exploi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37118 (The HwNearbyMain module has a Improper Handling of Exceptional Conditi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37117 (There is a Service logic vulnerability in Smartphone.Successful exploi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37116 (PCManager has a Weaknesses Introduced During Design vulnerability .Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37115 (There is an unauthorized rewriting vulnerability with the memory acces ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37114 (There is an Out-of-bounds read vulnerability in Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37113 (There is a Privilege escalation vulnerability with the file system com ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37112 (Hisuite module has a External Control of System or Configuration Setti ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37111 (There is a Memory leakage vulnerability in Smartphone.Successful explo ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37110 (There is a Timing design defects in Smartphone.Successful exploitation ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37109 (There is a security protection bypass vulnerability with the modem.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37108
+ RESERVED
+CVE-2021-37107 (There is an improper memory access permission configuration on ACPU.Su ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37106 (There is a command injection vulnerability in CMA service module of Fu ...)
+ NOT-FOR-US: FusionCompute (Huawei)
+CVE-2021-37105 (There is an improper file upload control vulnerability in FusionComput ...)
+ NOT-FOR-US: FusionCompute (Huawei)
+CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI P40 ver ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37103
+ RESERVED
+CVE-2021-37102 (There is a command injection vulnerability in CMA service module of Fu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37101 (There is an improper authorization vulnerability in AIS-BW50-00 9.0.6. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37100 (There is a Improper Authentication vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37099 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37098 (Hilinksvc service exists a Data Processing Errors vulnerability .Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37097 (There is a Code Injection vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37096 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37095 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37094 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37093 (There is a Improper Access Control vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37092 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37091 (There is a Permissions,Privileges,and Access Controls vulnerability in ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37090 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37089 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37088 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37087 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37086 (There is a Improper Preservation of Permissions vulnerability in Huawe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37085 (There is a Encoding timing vulnerability in Huawei Smartphone.Successf ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37084 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37083 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37082 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37081 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37080 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37079 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37078 (There is a Uncaught Exception vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37077 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37076 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37075 (There is a Credentials Management Errors vulnerability in Huawei Smart ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37074 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37073 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37072 (There is a Incorrect Calculation of Buffer Size vulnerability in Huawe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37071 (There is a Business Logic Errors vulnerability in Huawei Smartphone.Su ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37070 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37069 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37068 (There is a Resource Management Errors vulnerability in Huawei Smartpho ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37067 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37066 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37065 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37064 (There is a Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37063 (There is a Cryptographic Issues vulnerability in Huawei Smartphone.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37062 (There is a Improper Validation of Array Index vulnerability in Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37061 (There is a Uncontrolled Resource Consumption vulnerability in Huawei S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37060 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37059 (There is a Weaknesses Introduced During Design ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-37058 (There is a Permissions,Privileges,and Access Controls vulnerability in ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37057 (There is a Improper Validation of Array Index vulnerability in Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37056 (There is an Improper permission control vulnerability in Huawei Smartp ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37055 (There is a Logic bypass vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37054 (There is an Identity spoofing and authentication bypass vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37053 (There is a Service logic vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37052 (There is an Exception log vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37051 (There is an Out-of-bounds read vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37050 (There is a Missing sensitive data encryption vulnerability in Huawei S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37049 (There is a Heap-based buffer overflow vulnerability in Huawei Smartpho ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37048 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37047 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37046 (There is a Memory leak vulnerability with the codec detection module i ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37045 (There is an UAF vulnerability in Huawei Smartphone.Successful exploita ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37044 (There is a Permission control vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37043 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37042 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37041 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37040 (There is a Parameter injection vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37039 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37038 (There is an Improper access control vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37037 (There is an Invalid address access vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37036 (There is an information leakage vulnerability in FusionCompute 6.5.1, ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37035 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37034 (There is an Unstandardized field names in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37033 (There is an Injection attack vulnerability in Huawei Smartphone.Succes ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37032 (There is a Bypass vulnerability in Huawei Smartphone.Successful exploi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37031 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37030 (There is an Improper permission vulnerability in Huawei Smartphone.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37029 (There is an Identity verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q product. Whe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37027
+ RESERVED
+CVE-2021-37026 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37025 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37024 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37023 (There is a Improper Access Control vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37022 (There is a Heap-based Buffer Overflow vulnerability in Huawei Smartpho ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37021 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37020 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37019 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37018 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37017 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37016 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37015 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37014 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37013 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37012 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37011 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37010 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37009 (There is a Configuration vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37008 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37007 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37006 (There is a Improper Preservation of Permissions vulnerability in Huawe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37005 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37004 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37003 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37002 (There is a Memory out-of-bounds access vulnerability in Huawei Smartph ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37001 (There is a Register tampering vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-37000
+ RESERVED
+CVE-2021-36999 (There is a Buffer overflow vulnerability in Huawei Smartphone.Successf ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36998 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36997 (There is a Low memory error in Huawei Smartphone due to the unlimited ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36996 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36995 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36994 (There is a issue that trustlist strings being repeatedly inserted into ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36993 (There is a Memory leaks vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36992 (There is a Public key verification vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36991 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36990 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36989 (There is a Kernel crash vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36988 (There is a Parameter verification issue in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36987 (There is a issue that nodes in the linked list being freed for multipl ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36986 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36985 (There is a Code injection vulnerability in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-36984
+ RESERVED
+CVE-2021-36983 (replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to ...)
+ NOT-FOR-US: ReplaySorcery
+CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...)
+ NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices
+CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java deserial ...)
+ NOT-FOR-US: SerNet verinice
+CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.10.46-3
+ [buster] - linux 4.19.208-1
+CVE-2021-3654 [novnc allows open redirection]
+ RESERVED
+ - nova 2:23.0.2-3 (bug #991441)
+ [bullseye] - nova <no-dsa> (Minor issue)
+ [buster] - nova <no-dsa> (Minor issue)
+ [stretch] - nova <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/nova/+bug/1927677
+ NOTE: Errata: https://www.openwall.com/lists/oss-security/2021/09/27/1
+CVE-2021-26263
+ RESERVED
+CVE-2021-23203
+ RESERVED
+CVE-2021-23184
+ RESERVED
+CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-f ...)
+ - openvswitch 2.15.0+ds1-10 (bug #991308)
+ [bullseye] - openvswitch <no-dsa> (Minor issue)
+ [buster] - openvswitch <not-affected> (Vulnerable code not present, introduced in 2.11)
+ [stretch] - openvswitch <not-affected> (Vulnerable code not present, introduced in 2.11)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml
+ NOTE: https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f
+ NOTE: https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3
+ NOTE: https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35
+ NOTE: https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2
+ NOTE: https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575
+ NOTE: https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2
+ NOTE: Introduced in: https://github.com/openvswitch/ovs/commit/418a7a84245f5fbe589dd1267463fc9ba27a1dd6
+CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (cal ...)
+ NOT-FOR-US: Unicorn Engine
+CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer ...)
+ - qpdf 10.1.0-1
+ [buster] - qpdf <no-dsa> (Minor issue)
+ [stretch] - qpdf <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml
+ NOTE: Fixed by: https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5 (release-qpdf-10.1.0)
+CVE-2021-36977 (matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based bu ...)
+ - libmatio <not-affected> (Vulnerable code not yet present)
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2021-440.yaml
+CVE-2021-36976 (libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (ca ...)
+ - libarchive <unfixed> (bug #991442)
+ [bullseye] - libarchive <no-dsa> (Minor issue)
+ [buster] - libarchive <no-dsa> (Minor issue)
+ [stretch] - libarchive <not-affected> (Vulnerable code introduced by 47bb818 in version 3.4.1)
+ NOTE: https://github.com/libarchive/libarchive/issues/1554
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml
+CVE-2021-36975 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36974 (Windows SMB Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36973 (Windows Redirected Drive Buffering System Elevation of Privilege Vulne ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36971
+ RESERVED
+CVE-2021-36970 (Windows Print Spooler Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36969 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36968 (Windows DNS Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36967 (Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36966 (Windows Subsystem for Linux Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36965 (Windows WLAN AutoConfig Service Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36964 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36963 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36962 (Windows Installer Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36961 (Windows Installer Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36960 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36959 (Windows Authenticode Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36958 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36957 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36956 (Azure Sphere Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36955 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36954 (Windows Bind Filter Driver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36953 (Windows TCP/IP Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36952 (Visual Studio Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36951
+ RESERVED
+CVE-2021-36950 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36949 (Microsoft Azure Active Directory Connect Authentication Bypass Vulnera ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36948 (Windows Update Medic Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36947 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36946 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36945 (Windows 10 Update Assistant Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36944
+ RESERVED
+CVE-2021-36943 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36942 (Windows LSA Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36941 (Microsoft Word Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36940 (Microsoft SharePoint Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36939
+ RESERVED
+CVE-2021-36938 (Windows Cryptographic Primitives Library Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36937 (Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36936 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36935
+ RESERVED
+CVE-2021-36934 (Windows Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36933 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36931 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36930 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36929 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36928 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36927 (Windows Digital TV Tuner device registration application Elevation of ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-36925 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...)
+ NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
+CVE-2021-36924 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...)
+ NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
+CVE-2021-36923 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...)
+ NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
+CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...)
+ NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio
+CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...)
+ NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices
+CVE-2021-36920 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36918
+ RESERVED
+CVE-2021-36917 (WordPress Hide My WP plugin (versions &lt;= 6.2.3) can be deactivated ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress plugin (ve ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36915
+ RESERVED
+CVE-2021-36914
+ RESERVED
+CVE-2021-36913
+ RESERVED
+CVE-2021-36912
+ RESERVED
+CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPres ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36910
+ RESERVED
+CVE-2021-36909 (Authenticated Database Reset vulnerability in WordPress WP Reset PRO P ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36908 (Cross-Site Request Forgery (CSRF) vulnerability leading to Database Re ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36907
+ RESERVED
+CVE-2021-36906
+ RESERVED
+CVE-2021-36905
+ RESERVED
+CVE-2021-36904
+ RESERVED
+CVE-2021-36903
+ RESERVED
+CVE-2021-36902
+ RESERVED
+CVE-2021-36901
+ RESERVED
+CVE-2021-36900
+ RESERVED
+CVE-2021-36899
+ RESERVED
+CVE-2021-36898
+ RESERVED
+CVE-2021-36897
+ RESERVED
+CVE-2021-36896
+ RESERVED
+CVE-2021-36895
+ RESERVED
+CVE-2021-36894
+ RESERVED
+CVE-2021-36893
+ RESERVED
+CVE-2021-36892
+ RESERVED
+CVE-2021-36891
+ RESERVED
+CVE-2021-36890
+ RESERVED
+CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabiliti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading to full ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36887 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36886 (Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36885 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36884 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability disc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36883
+ RESERVED
+CVE-2021-36882
+ RESERVED
+CVE-2021-36881
+ RESERVED
+CVE-2021-36880 (Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36879 (Unauthenticated Privilege Escalation vulnerability in WordPress uListi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36878 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36877 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36876 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPres ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36875 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36874 (Authenticated Insecure Direct Object References (IDOR) vulnerability i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36868
+ RESERVED
+CVE-2021-36867
+ RESERVED
+CVE-2021-36866
+ RESERVED
+CVE-2021-36865
+ RESERVED
+CVE-2021-36864
+ RESERVED
+CVE-2021-36863
+ RESERVED
+CVE-2021-36862
+ RESERVED
+CVE-2021-36861
+ RESERVED
+CVE-2021-36860
+ RESERVED
+CVE-2021-36859
+ RESERVED
+CVE-2021-36858
+ RESERVED
+CVE-2021-36857
+ RESERVED
+CVE-2021-36856
+ RESERVED
+CVE-2021-36855
+ RESERVED
+CVE-2021-36854
+ RESERVED
+CVE-2021-36853
+ RESERVED
+CVE-2021-36852
+ RESERVED
+CVE-2021-36851
+ RESERVED
+CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media Fil ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36849
+ RESERVED
+CVE-2021-36848
+ RESERVED
+CVE-2021-36847
+ RESERVED
+CVE-2021-36846
+ RESERVED
+CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36844
+ RESERVED
+CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability discover ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36842
+ RESERVED
+CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36840
+ RESERVED
+CVE-2021-36839
+ RESERVED
+CVE-2021-36838
+ RESERVED
+CVE-2021-36837
+ RESERVED
+CVE-2021-36836
+ RESERVED
+CVE-2021-36835
+ RESERVED
+CVE-2021-36834
+ RESERVED
+CVE-2021-36833
+ RESERVED
+CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin &#821 ...)
+ NOT-FOR-US: Wordpress plugins
+CVE-2021-36831
+ RESERVED
+CVE-2021-36830
+ RESERVED
+CVE-2021-36829
+ RESERVED
+CVE-2021-36828
+ RESERVED
+CVE-2021-36827
+ RESERVED
+CVE-2021-36826
+ RESERVED
+CVE-2021-36825
+ RESERVED
+CVE-2021-36824
+ RESERVED
+CVE-2021-36823 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-36822
+ RESERVED
+CVE-2021-36821
+ RESERVED
+CVE-2021-36820
+ RESERVED
+CVE-2021-36819
+ RESERVED
+CVE-2021-36818
+ RESERVED
+CVE-2021-36817
+ RESERVED
+CVE-2021-36816
+ RESERVED
+CVE-2021-36815
+ RESERVED
+CVE-2021-36814
+ RESERVED
+CVE-2021-36813
+ RESERVED
+CVE-2021-36812
+ RESERVED
+CVE-2021-36811
+ RESERVED
+CVE-2021-36810
+ RESERVED
+CVE-2021-36809
+ RESERVED
+CVE-2021-36808 (A local attacker could bypass the app password using a race condition ...)
+ NOT-FOR-US: Sophos
+CVE-2021-36807 (An authenticated user could potentially execute code via an SQLi vulne ...)
+ NOT-FOR-US: Sophos
+CVE-2021-36806
+ RESERVED
+CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...)
+ NOT-FOR-US: Akaunting
+CVE-2021-36804 (Akaunting version 2.1.12 and earlier suffers from a password reset spo ...)
+ NOT-FOR-US: Akaunting
+CVE-2021-36803 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...)
+ NOT-FOR-US: Akaunting
+CVE-2021-36802 (Akaunting version 2.1.12 and earlier suffers from a denial-of-service ...)
+ NOT-FOR-US: Akaunting
+CVE-2021-36801 (Akaunting version 2.1.12 and earlier suffers from an authentication by ...)
+ NOT-FOR-US: Akaunting
+CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injection iss ...)
+ NOT-FOR-US: Akaunting
+CVE-2021-36799 (** UNSUPPORTED WHEN ASSIGNED ** KNX ETS5 through 5.7.6 uses the hard-c ...)
+ NOT-FOR-US: KNX ETS5
+CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team Server ...)
+ NOT-FOR-US: HelpSystems Cobalt Strike
+CVE-2021-36797 (** DISPUTED ** In Victron Energy Venus OS through 2.72, root access is ...)
+ NOT-FOR-US: Victron Energy Venus OS
+CVE-2021-36796
+ RESERVED
+CVE-2021-36795 (A permission issue in the Cohesity Linux agent may allow privilege esc ...)
+ NOT-FOR-US: Cohesity
+CVE-2021-36794 (In Siren Investigate before 11.1.4, when enabling the cluster feature ...)
+ NOT-FOR-US: Siren Investigate
+CVE-2021-36793 (The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, ...)
+ NOT-FOR-US: routes (aka Extbase Yaml Routes) extension for TYPO3
+CVE-2021-36792 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has ...)
+ NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3
+CVE-2021-36791 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...)
+ NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3
+CVE-2021-36790 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...)
+ NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3
+CVE-2021-36789 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...)
+ NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3
+CVE-2021-36788 (The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows ...)
+ NOT-FOR-US: yoast_seo (aka Yoast SEO) extension for TYPO3
+CVE-2021-36787 (The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 al ...)
+ NOT-FOR-US: femanager extension for TYPO3
+CVE-2021-36786 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...)
+ NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3
+CVE-2021-36785 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...)
+ NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3
+CVE-2021-36784
+ RESERVED
+CVE-2021-36783
+ RESERVED
+CVE-2021-36782
+ RESERVED
+CVE-2021-36781 (A Incorrect Default Permissions vulnerability in the parsec package of ...)
+ NOT-FOR-US: Parsec
+CVE-2021-36780 (A Improper Access Control vulnerability in longhorn of SUSE Longhorn a ...)
+ NOT-FOR-US: Longhorn
+CVE-2021-36779 (A Improper Access Control vulnerability inf SUSE Longhorn allows any w ...)
+ NOT-FOR-US: Longhorn
+CVE-2021-36778
+ RESERVED
+CVE-2021-36777
+ RESERVED
+CVE-2021-36776
+ RESERVED
+CVE-2021-36775
+ RESERVED
+CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...)
+ {DSA-4978-1 DLA-2843-1 DLA-2785-1}
+ - linux 5.14.6-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1
+CVE-2021-36774 (Apache Kylin allows users to read data from other database systems usi ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...)
+ - ublock-origin 1.37.0+dfsg-1 (bug #991386)
+ [bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1
+ [buster] - ublock-origin 1.37.0+dfsg-1~deb10u1
+ [stretch] - ublock-origin <no-dsa> (Minor issue)
+ - umatrix <unfixed> (bug #991344)
+ [buster] - umatrix <no-dsa> (Minor issue)
+ NOTE: https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc
+CVE-2021-36772 (Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. ...)
+ NOT-FOR-US: Zoho
+CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. ...)
+ NOT-FOR-US: Zoho
+CVE-2021-36770 (Encode.pm, as distributed in Perl through 5.34.0, allows local users t ...)
+ - libencode-perl 3.08-2
+ [bullseye] - libencode-perl 3.08-1+deb11u1
+ [buster] - libencode-perl <not-affected> (Vulnerable code introduced later)
+ [stretch] - libencode-perl <not-affected> (Vulnerable code introduced later)
+ - perl 5.32.1-5
+ [bullseye] - perl 5.32.1-4+deb11u1
+ [buster] - perl <not-affected> (Vulnerable code introduced later)
+ [stretch] - perl <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/dankogai/p5-encode/commit/9c5f5a307863b66da3701f6c7d13139aa20179b8 (3.05)
+ NOTE: Fixed by: https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74 (3.12)
+ NOTE: Introduced by: https://github.com/Perl/perl5/commit/8ced1423dbb2a874f2d95e9c5c4c46960c2bf318 (v5.32.0-RC0)
+ NOTE: Fixed by: https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9
+CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...)
+ [experimental] - telegram-desktop 2.9.0+ds-1
+ - telegram-desktop 2.9.2+ds-1 (bug #991493)
+ [bullseye] - telegram-desktop <no-dsa> (Minor issue)
+ [buster] - telegram-desktop <no-dsa> (Minor issue)
+ NOTE: https://mtpsym.github.io/
+CVE-2021-36768
+ RESERVED
+CVE-2021-3652 [CRYPT password hash with asterisk allows any bind attempt to succeed]
+ RESERVED
+ - 389-ds-base 1.4.4.17-1 (bug #991405)
+ [bullseye] - 389-ds-base <no-dsa> (Minor issue)
+ [buster] - 389-ds-base <no-dsa> (Minor issue)
+ [stretch] - 389-ds-base <no-dsa> (Minor issue)
+ NOTE: https://github.com/389ds/389-ds-base/issues/4817
+ NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master)
+ NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x)
+CVE-2021-36767 (In Digi RealPort through 4.10.490, authentication relies on a challeng ...)
+ NOT-FOR-US: Digi RealPort
+CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...)
+ NOT-FOR-US: Concrete5
+CVE-2021-36765 (In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests ma ...)
+ NOT-FOR-US: CODESYS EtherNetIP
+CVE-2021-36764 (In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Derefe ...)
+ NOT-FOR-US: CODESYS Gateway
+CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or directories are ac ...)
+ NOT-FOR-US: CODESYS V3 web server
+CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack through ...)
+ NOT-FOR-US: HCC Embedded InterNiche NicheStack
+CVE-2021-36761
+ RESERVED
+CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...)
+ NOT-FOR-US: WSO2
+CVE-2021-36759
+ RESERVED
+CVE-2021-3651
+ RESERVED
+CVE-2021-36758 (1Password Connect server before 1.2 is missing validation checks, perm ...)
+ NOT-FOR-US: 1Password
+CVE-2021-36757
+ RESERVED
+CVE-2021-36756 (CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate ...)
+ NOT-FOR-US: CFEngine Enterprise
+CVE-2021-36755 (Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via ...)
+ NOT-FOR-US: Nightscout Web Monitor
+CVE-2021-36754 (PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to cra ...)
+ - pdns <not-affected> (Vulnerable code introduced in 4.5.0)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/26/2
+CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current working d ...)
+ NOT-FOR-US: sharkdp BAT
+CVE-2021-36752
+ RESERVED
+CVE-2021-36751 (ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such ...)
+ NOT-FOR-US: ENC DataVault
+CVE-2021-36750 (ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, ma ...)
+ NOT-FOR-US: ENC
+CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...)
+ - druid <itp> (bug #825797)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1
+CVE-2021-3650
+ RESERVED
+CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity ...)
+ NOT-FOR-US: chatwoot
+CVE-2021-36748 (A SQL Injection issue in the list controller of the Prestahome Blog (a ...)
+ NOT-FOR-US: Prestahome Blog
+CVE-2021-36747 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...)
+ NOT-FOR-US: Blackboard Learn
+CVE-2021-36746 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...)
+ NOT-FOR-US: Blackboard Learn
+CVE-2021-36745 (A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerPr ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-36744 (Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a dire ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-36743
+ RESERVED
+CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex One, Ape ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-36741 (An improper input validation vulnerability in Trend Micro Apex One, Ap ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3648
+ REJECTED
+CVE-2021-3647 (URI.js is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: URI.js
+CVE-2021-3646 (btcpayserver is vulnerable to Improper Neutralization of Input During ...)
+ NOT-FOR-US: btcpayserver
+CVE-2021-3645 (merge is vulnerable to Improperly Controlled Modification of Object Pr ...)
+ NOT-FOR-US: Node viking04/merge
+CVE-2021-3644
+ RESERVED
+ - wildfly <itp> (bug #752018)
+CVE-2021-36739 (The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCB ...)
+ NOT-FOR-US: Apache Pluto MVCBean JSP portlet
+CVE-2021-36738 (The input fields in the JSP version of the Apache Pluto Applicant MVCB ...)
+ NOT-FOR-US: Apache Pluto Applicant MVCBean CDI portlet
+CVE-2021-36737 (The input fields of the Apache Pluto UrlTestPortlet are vulnerable to ...)
+ NOT-FOR-US: Apache Pluto UrlTestPortlet
+CVE-2021-36736
+ REJECTED
+CVE-2021-36735
+ REJECTED
+CVE-2021-36734
+ REJECTED
+CVE-2021-36733
+ RESERVED
+CVE-2021-36732
+ RESERVED
+CVE-2021-36731
+ RESERVED
+CVE-2021-36730
+ RESERVED
+CVE-2021-36729
+ RESERVED
+CVE-2021-36728
+ RESERVED
+CVE-2021-36727
+ RESERVED
+CVE-2021-36740 (Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL a ...)
+ - varnish 6.5.2-1 (bug #991040)
+ [stretch] - varnish <ignored> (HTTP/2 support is marked experimental in 5.0 and enabling is not recommended, code is quite different)
+ NOTE: https://varnish-cache.org/security/VSV00007.html
+ NOTE: https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf (6.0.8)
+ NOTE: https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be (6.5.2)
+CVE-2021-36726
+ RESERVED
+CVE-2021-36725
+ RESERVED
+CVE-2021-36724 (ForeScout - SecureConnector Local Service DoS - A low privilaged user ...)
+ NOT-FOR-US: ForeScout - SecureConnector
+CVE-2021-36723 (Emuse - eServices / eNvoice Exposure Of Private Personal Information d ...)
+ NOT-FOR-US: Emuse - eServices / eNvoice
+CVE-2021-36722 (Emuse - eServices / eNvoice SQL injection can be used in various ways ...)
+ NOT-FOR-US: Emuse - eServices / eNvoice
+CVE-2021-36721 (Sysaid API User Enumeration - Attacker sending requests to specific ap ...)
+ NOT-FOR-US: Sysaid API
+CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to :/blocking.php?u ...)
+ NOT-FOR-US: PineApp - Mail Secure
+CVE-2021-36719 (PineApp - Mail Secure - The attacker must be logged in as a user to th ...)
+ NOT-FOR-US: PineApp - Mail Secure
+CVE-2021-36718 (SYNEL - eharmonynew / Synel Reports - The attacker can log in to the s ...)
+ NOT-FOR-US: SYNEL - eharmonynew / Synel Reports
+CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vulnerabi ...)
+ NOT-FOR-US: Synerion TimeNet
+CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...)
+ NOT-FOR-US: Node is-email
+CVE-2021-3643
+ RESERVED
+CVE-2021-38193 (An issue was discovered in the ammonia crate before 3.1.0 for Rust. XS ...)
+ - rust-ammonia 3.1.2-1 (bug #991497)
+ NOTE: https://github.com/rust-ammonia/ammonia/commit/4b8426b89b861d9bea20e126576b0febb9d13515
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0074.html
+CVE-2021-38191 (An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon ...)
+ - rust-tokio <not-affected> (Introduced in 0.3.0)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0072.html
+ NOTE: https://github.com/tokio-rs/tokio/issues/3929
+ NOTE: https://github.com/tokio-rs/tokio/pull/3934
+ NOTE: https://github.com/tokio-rs/tokio/pull/3934/commits/84394949228d11d1f68925e26f36c435946b9d11
+CVE-2021-36715
+ RESERVED
+CVE-2021-36714
+ RESERVED
+CVE-2021-36713
+ RESERVED
+CVE-2021-36712
+ RESERVED
+CVE-2021-36711
+ RESERVED
+CVE-2021-36710
+ RESERVED
+CVE-2021-36709
+ RESERVED
+CVE-2021-36708 (In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in th ...)
+ NOT-FOR-US: ProLink
+CVE-2021-36707 (In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in th ...)
+ NOT-FOR-US: ProLink
+CVE-2021-36706 (In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the ...)
+ NOT-FOR-US: ProLink
+CVE-2021-36705 (In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the a ...)
+ NOT-FOR-US: ProLink
+CVE-2021-36704
+ RESERVED
+CVE-2021-36703 (The "blog title" field in the "Settings" menu "config" page of "dashbo ...)
+ NOT-FOR-US: htmly
+CVE-2021-36702 (The "content" field in the "regular post" page of the "add content" me ...)
+ NOT-FOR-US: htmly
+CVE-2021-36701 (In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on ...)
+ NOT-FOR-US: htmly
+CVE-2021-36700
+ RESERVED
+CVE-2021-36699
+ RESERVED
+CVE-2021-36698 (Pandora FMS through 755 allows XSS via a new Event Filter with a craft ...)
+ NOT-FOR-US: Pandora FMS
+CVE-2021-36697 (With an admin account, the .htaccess file in Artica Pandora FMS &lt;=7 ...)
+ NOT-FOR-US: Pandora FMS
+CVE-2021-36696 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
+ NOT-FOR-US: Deskpro
+CVE-2021-36695 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...)
+ NOT-FOR-US: Deskpro
+CVE-2021-36694
+ RESERVED
+CVE-2021-36693
+ RESERVED
+CVE-2021-36692 (libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/c ...)
+ - jpeg-xl <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/libjxl/libjxl/issues/308
+ NOTE: https://github.com/libjxl/libjxl/pull/313
+ NOTE: https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b (v0.5)
+CVE-2021-36691 (libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image ...)
+ - jpeg-xl <unfixed>
+ NOTE: https://github.com/libjxl/libjxl/issues/422
+ NOTE: Special case of https://github.com/libjxl/libjxl/issues/762
+CVE-2021-36690 (** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...)
+ - sqlite3 3.36.0-2 (unimportant)
+ [stretch] - sqlite3 <not-affected> (vulnerable code is not present)
+ NOTE: https://www.sqlite.org/forum/forumpost/718c0a8d17
+CVE-2021-36689
+ RESERVED
+CVE-2021-36688
+ RESERVED
+CVE-2021-36687
+ RESERVED
+CVE-2021-36686
+ RESERVED
+CVE-2021-36685
+ RESERVED
+CVE-2021-36684
+ RESERVED
+CVE-2021-36683
+ RESERVED
+CVE-2021-36682
+ RESERVED
+CVE-2021-36681
+ RESERVED
+CVE-2021-36680
+ RESERVED
+CVE-2021-36679
+ RESERVED
+CVE-2021-36678
+ RESERVED
+CVE-2021-36677
+ RESERVED
+CVE-2021-36676
+ RESERVED
+CVE-2021-36675
+ RESERVED
+CVE-2021-36674
+ RESERVED
+CVE-2021-36673
+ RESERVED
+CVE-2021-36672
+ RESERVED
+CVE-2021-36671
+ RESERVED
+CVE-2021-36670
+ RESERVED
+CVE-2021-36669
+ RESERVED
+CVE-2021-36668
+ RESERVED
+CVE-2021-36667
+ RESERVED
+CVE-2021-36666
+ RESERVED
+CVE-2021-36665
+ RESERVED
+CVE-2021-36664
+ RESERVED
+CVE-2021-36663
+ RESERVED
+CVE-2021-36662
+ RESERVED
+CVE-2021-36661
+ RESERVED
+CVE-2021-36660
+ RESERVED
+CVE-2021-36659
+ RESERVED
+CVE-2021-36658
+ RESERVED
+CVE-2021-36657
+ RESERVED
+CVE-2021-36656
+ RESERVED
+CVE-2021-36655
+ RESERVED
+CVE-2021-36654 (CMSuno 1.7 is vulnerable to an authenticated stored cross site scripti ...)
+ NOT-FOR-US: CMSuno
+CVE-2021-36653
+ RESERVED
+CVE-2021-36652
+ RESERVED
+CVE-2021-36651
+ RESERVED
+CVE-2021-36650
+ RESERVED
+CVE-2021-36649
+ RESERVED
+CVE-2021-36648
+ RESERVED
+CVE-2021-36647
+ RESERVED
+CVE-2021-36646
+ RESERVED
+CVE-2021-36645
+ RESERVED
+CVE-2021-36644
+ RESERVED
+CVE-2021-36643
+ RESERVED
+CVE-2021-36642
+ RESERVED
+CVE-2021-36641
+ RESERVED
+CVE-2021-36640
+ RESERVED
+CVE-2021-36639
+ RESERVED
+CVE-2021-36638
+ RESERVED
+CVE-2021-36637
+ RESERVED
+CVE-2021-36636
+ RESERVED
+CVE-2021-36635
+ RESERVED
+CVE-2021-36634
+ RESERVED
+CVE-2021-36633
+ RESERVED
+CVE-2021-36632
+ RESERVED
+CVE-2021-36631
+ RESERVED
+CVE-2021-36630
+ RESERVED
+CVE-2021-36629
+ RESERVED
+CVE-2021-36628
+ RESERVED
+CVE-2021-36627
+ RESERVED
+CVE-2021-36626
+ RESERVED
+CVE-2021-36625
+ RESERVED
+CVE-2021-36624 (Sourcecodester Phone Shop Sales Managements System version 1.0 suffers ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-36623 (Arbitrary File Upload in Sourcecodester Phone Shop Sales Management Sy ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-36622 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affect ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-36621 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulner ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-36620
+ RESERVED
+CVE-2021-36619
+ RESERVED
+CVE-2021-36618
+ RESERVED
+CVE-2021-36617
+ RESERVED
+CVE-2021-36616
+ RESERVED
+CVE-2021-36615
+ RESERVED
+CVE-2021-36614
+ RESERVED
+CVE-2021-36613
+ RESERVED
+CVE-2021-36612
+ RESERVED
+CVE-2021-36611
+ RESERVED
+CVE-2021-36610
+ RESERVED
+CVE-2021-36609
+ RESERVED
+CVE-2021-36608
+ RESERVED
+CVE-2021-36607
+ RESERVED
+CVE-2021-36606
+ RESERVED
+CVE-2021-36605 (engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is ...)
+ NOT-FOR-US: engineercms
+CVE-2021-36604
+ RESERVED
+CVE-2021-36603
+ RESERVED
+CVE-2021-36602
+ RESERVED
+CVE-2021-36601 (GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: GetSimpleCMS
+CVE-2021-36600
+ RESERVED
+CVE-2021-36599
+ RESERVED
+CVE-2021-36598
+ RESERVED
+CVE-2021-36597
+ RESERVED
+CVE-2021-36596
+ RESERVED
+CVE-2021-36595
+ RESERVED
+CVE-2021-36594
+ RESERVED
+CVE-2021-36593
+ RESERVED
+CVE-2021-36592
+ RESERVED
+CVE-2021-36591
+ RESERVED
+CVE-2021-36590
+ RESERVED
+CVE-2021-36589
+ RESERVED
+CVE-2021-36588
+ RESERVED
+CVE-2021-36587
+ RESERVED
+CVE-2021-36586
+ RESERVED
+CVE-2021-36585
+ RESERVED
+CVE-2021-36584 (An issue was discovered in GPAC 1.0.1. There is a heap-based buffer ov ...)
+ - gpac <unfixed> (bug #991965)
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1842
+ NOTE: https://github.com/gpac/gpac/commit/13442ec1c401a4181ba6d7f79c27df6054c817c7
+CVE-2021-36583
+ RESERVED
+CVE-2021-36582 (In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., ...)
+ NOT-FOR-US: Kooboo CMS
+CVE-2021-36581 (Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possib ...)
+ NOT-FOR-US: Kooboo CMS
+CVE-2021-36580
+ RESERVED
+CVE-2021-36579
+ RESERVED
+CVE-2021-36578
+ RESERVED
+CVE-2021-36577
+ RESERVED
+CVE-2021-36576
+ RESERVED
+CVE-2021-36575
+ RESERVED
+CVE-2021-36574
+ RESERVED
+CVE-2021-36573
+ RESERVED
+CVE-2021-36572
+ RESERVED
+CVE-2021-36571
+ RESERVED
+CVE-2021-36570
+ RESERVED
+CVE-2021-36569
+ RESERVED
+CVE-2021-36568
+ RESERVED
+CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...)
+ NOT-FOR-US: ThinkPHP
+CVE-2021-36566
+ RESERVED
+CVE-2021-36565
+ RESERVED
+CVE-2021-36564 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...)
+ NOT-FOR-US: ThinkPHP
+CVE-2021-36563 (The CheckMK management web console (versions 1.5.0 to 2.0.0) does not ...)
+ - check-mk <removed>
+CVE-2021-36562
+ RESERVED
+CVE-2021-36561
+ RESERVED
+CVE-2021-36560 (Phone Shop Sales Managements System using PHP with Source Code 1.0 is ...)
+ NOT-FOR-US: Phone Shop Sales Managements System
+CVE-2021-36559
+ RESERVED
+CVE-2021-36558
+ RESERVED
+CVE-2021-36557
+ RESERVED
+CVE-2021-36556
+ RESERVED
+CVE-2021-36555
+ RESERVED
+CVE-2021-36554
+ RESERVED
+CVE-2021-36553
+ RESERVED
+CVE-2021-36552
+ RESERVED
+CVE-2021-36551 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...)
+ - tikiwiki <removed>
+CVE-2021-36550 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...)
+ - tikiwiki <removed>
+CVE-2021-36549
+ RESERVED
+CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component /admin/in ...)
+ NOT-FOR-US: Monstra CMS
+CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component /codebase ...)
+ NOT-FOR-US: Mara CMS
+CVE-2021-36546
+ RESERVED
+CVE-2021-36545
+ RESERVED
+CVE-2021-36544
+ RESERVED
+CVE-2021-36543 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDo ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-36542 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocu ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-36541
+ RESERVED
+CVE-2021-36540
+ RESERVED
+CVE-2021-36539
+ RESERVED
+CVE-2021-36538
+ RESERVED
+CVE-2021-36537
+ RESERVED
+CVE-2021-36536
+ RESERVED
+CVE-2021-36535
+ RESERVED
+CVE-2021-36534
+ RESERVED
+CVE-2021-36533
+ RESERVED
+CVE-2021-36532
+ RESERVED
+CVE-2021-36531 (ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLI ...)
+ NOT-FOR-US: ngiflib
+CVE-2021-36530 (ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NG ...)
+ NOT-FOR-US: ngiflib
+CVE-2021-36529
+ RESERVED
+CVE-2021-36528
+ RESERVED
+CVE-2021-36527
+ RESERVED
+CVE-2021-36526
+ RESERVED
+CVE-2021-36525
+ RESERVED
+CVE-2021-36524
+ RESERVED
+CVE-2021-36523
+ RESERVED
+CVE-2021-36522
+ RESERVED
+CVE-2021-36521
+ RESERVED
+CVE-2021-36520
+ RESERVED
+CVE-2021-36519
+ RESERVED
+CVE-2021-36518
+ RESERVED
+CVE-2021-36517
+ RESERVED
+CVE-2021-36516
+ RESERVED
+CVE-2021-36515
+ RESERVED
+CVE-2021-36514
+ RESERVED
+CVE-2021-36513 (An issue was discovered in function sofia_handle_sip_i_notify in sofia ...)
+ - freeswitch <itp> (bug #389591)
+CVE-2021-36512 (An issue was discovered in function scanallsubs in src/sbbs3/scansubs. ...)
+ NOT-FOR-US: Synchronet BBS
+CVE-2021-36511
+ RESERVED
+CVE-2021-36510
+ RESERVED
+CVE-2021-36509
+ RESERVED
+CVE-2021-36508
+ RESERVED
+CVE-2021-36507
+ RESERVED
+CVE-2021-36506
+ RESERVED
+CVE-2021-36505
+ RESERVED
+CVE-2021-36504
+ RESERVED
+CVE-2021-36503
+ RESERVED
+CVE-2021-36502
+ RESERVED
+CVE-2021-36501
+ RESERVED
+CVE-2021-36500
+ RESERVED
+CVE-2021-36499
+ RESERVED
+CVE-2021-36498
+ RESERVED
+CVE-2021-36497
+ RESERVED
+CVE-2021-36496
+ RESERVED
+CVE-2021-36495
+ RESERVED
+CVE-2021-36494
+ RESERVED
+CVE-2021-36493
+ RESERVED
+CVE-2021-36492
+ RESERVED
+CVE-2021-36491
+ RESERVED
+CVE-2021-36490
+ RESERVED
+CVE-2021-36489
+ RESERVED
+CVE-2021-36488
+ RESERVED
+CVE-2021-36487
+ RESERVED
+CVE-2021-36486
+ RESERVED
+CVE-2021-36485
+ RESERVED
+CVE-2021-36484
+ RESERVED
+CVE-2021-36483 (DevExpress.XtraReports.UI through v21.1 allows attackers to execute ar ...)
+ NOT-FOR-US: DevExpress.XtraReports.UI
+CVE-2021-36482
+ RESERVED
+CVE-2021-36481
+ RESERVED
+CVE-2021-36480
+ RESERVED
+CVE-2021-36479
+ RESERVED
+CVE-2021-36478
+ RESERVED
+CVE-2021-36477
+ RESERVED
+CVE-2021-36476
+ RESERVED
+CVE-2021-36475
+ RESERVED
+CVE-2021-36474
+ RESERVED
+CVE-2021-36473
+ RESERVED
+CVE-2021-36472
+ RESERVED
+CVE-2021-36471
+ RESERVED
+CVE-2021-36470
+ RESERVED
+CVE-2021-36469
+ RESERVED
+CVE-2021-36468
+ RESERVED
+CVE-2021-36467
+ RESERVED
+CVE-2021-36466
+ RESERVED
+CVE-2021-36465
+ RESERVED
+CVE-2021-36464
+ RESERVED
+CVE-2021-36463
+ RESERVED
+CVE-2021-36462
+ RESERVED
+CVE-2021-36461
+ RESERVED
+CVE-2021-36460
+ RESERVED
+CVE-2021-36459
+ RESERVED
+CVE-2021-36458
+ RESERVED
+CVE-2021-36457
+ RESERVED
+CVE-2021-36456
+ RESERVED
+CVE-2021-36455 (SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quick ...)
+ NOT-FOR-US: Naviwebs Navigate CMS
+CVE-2021-36454 (Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 ...)
+ NOT-FOR-US: Naviwebs Navigate CMS
+CVE-2021-36453
+ RESERVED
+CVE-2021-36452
+ RESERVED
+CVE-2021-36451
+ RESERVED
+CVE-2021-36450 (Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the co ...)
+ NOT-FOR-US: Verint
+CVE-2021-36449
+ RESERVED
+CVE-2021-36448
+ RESERVED
+CVE-2021-36447
+ RESERVED
+CVE-2021-36446
+ RESERVED
+CVE-2021-36445
+ RESERVED
+CVE-2021-36444
+ RESERVED
+CVE-2021-36443
+ RESERVED
+CVE-2021-36442
+ RESERVED
+CVE-2021-36441
+ RESERVED
+CVE-2021-36440 (Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to ...)
+ NOT-FOR-US: ShowDoc
+CVE-2021-36439
+ RESERVED
+CVE-2021-36438
+ RESERVED
+CVE-2021-36437
+ RESERVED
+CVE-2021-36436
+ RESERVED
+CVE-2021-36435
+ RESERVED
+CVE-2021-36434
+ RESERVED
+CVE-2021-36433
+ RESERVED
+CVE-2021-36432
+ RESERVED
+CVE-2021-36431
+ RESERVED
+CVE-2021-36430
+ RESERVED
+CVE-2021-36429
+ RESERVED
+CVE-2021-36428
+ RESERVED
+CVE-2021-36427
+ RESERVED
+CVE-2021-36426
+ RESERVED
+CVE-2021-36425
+ RESERVED
+CVE-2021-36424
+ RESERVED
+CVE-2021-36423
+ RESERVED
+CVE-2021-36422
+ RESERVED
+CVE-2021-36421
+ RESERVED
+CVE-2021-36420
+ RESERVED
+CVE-2021-3642 (A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final ...)
+ NOT-FOR-US: WildFly Elytron
+CVE-2021-36419
+ RESERVED
+CVE-2021-36418
+ RESERVED
+CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1846
+ NOTE: https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30
+CVE-2021-36416
+ RESERVED
+CVE-2021-36415
+ RESERVED
+CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1840
+ NOTE: https://github.com/gpac/gpac/commit/6007c7145eb0fcd29fe05b6e5983a065b42c6b21
+CVE-2021-36413
+ RESERVED
+CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...)
+ - gpac <unfixed>
+ NOTE: https://github.com/gpac/gpac/issues/1838
+ NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e
+CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
+ [stretch] - libde265 <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libde265/issues/302
+CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
+ [stretch] - libde265 <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libde265/issues/301
+CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
+ [stretch] - libde265 <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libde265/issues/300
+CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...)
+ - libde265 <unfixed>
+ [bullseye] - libde265 <no-dsa> (Minor issue)
+ [buster] - libde265 <no-dsa> (Minor issue)
+ [stretch] - libde265 <no-dsa> (Minor issue)
+ NOTE: https://github.com/strukturag/libde265/issues/299
+CVE-2021-36407
+ RESERVED
+CVE-2021-36406
+ RESERVED
+CVE-2021-36405
+ RESERVED
+CVE-2021-36404
+ RESERVED
+CVE-2021-36403
+ RESERVED
+CVE-2021-36402
+ RESERVED
+CVE-2021-36401
+ RESERVED
+CVE-2021-36400
+ RESERVED
+CVE-2021-36399
+ RESERVED
+CVE-2021-36398
+ RESERVED
+CVE-2021-36397
+ RESERVED
+CVE-2021-36396
+ RESERVED
+CVE-2021-36395
+ RESERVED
+CVE-2021-36394
+ RESERVED
+CVE-2021-36393
+ RESERVED
+CVE-2021-36392
+ RESERVED
+CVE-2021-36391
+ RESERVED
+CVE-2021-36390
+ RESERVED
+CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and download upl ...)
+ NOT-FOR-US: Yellowfin
+CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and download use ...)
+ NOT-FOR-US: Yellowfin
+CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulne ...)
+ NOT-FOR-US: Yellowfin
+CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...)
+ - fetchmail 6.4.16-4 (unimportant)
+ NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
+ NOTE: Fixed by: https://gitlab.com/fetchmail/fetchmail/-/commit/c546c8299243a10a7b85c638e0e61396ecd5d8b5 (RELEASE_6-4-20)
+ NOTE: Regression fix: https://gitlab.com/fetchmail/fetchmail/-/commit/d3db2da1d13bd2419370ad96defb92eecb17064c (RELEASE_6-4-21)
+ NOTE: Negligible security impact
+CVE-2021-36385 (A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remot ...)
+ NOT-FOR-US: Cerner Mobile Care
+CVE-2021-36384
+ RESERVED
+CVE-2021-36383 (Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0 ...)
+ NOT-FOR-US: Xen Orchestra
+CVE-2021-36382 (Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an unauthenticat ...)
+ NOT-FOR-US: Edifecs
+CVE-2021-36380 (Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command I ...)
+ NOT-FOR-US: Sunhillo SureLine
+CVE-2021-36379
+ REJECTED
+CVE-2021-36378
+ RESERVED
+CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname ...)
+ - fossil 1:2.15.2-1
+ [buster] - fossil <no-dsa> (Minor issue)
+ [stretch] - fossil <no-dsa> (Minor issue)
+ NOTE: https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036
+CVE-2021-36376 (dandavison delta before 0.8.3 on Windows resolves an executable's path ...)
+ NOT-FOR-US: dandavison delta
+CVE-2021-36375
+ RESERVED
+CVE-2021-36374 (When reading a specially crafted ZIP archive, or a derived formats, an ...)
+ - ant 1.10.11-1 (unimportant)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/6
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-36373 (When reading a specially crafted TAR archive an Apache Ant build can b ...)
+ - ant 1.10.11-1 (unimportant)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/5
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-36372 (In Apache Ozone versions prior to 1.2.0, Initially generated block tok ...)
+ NOT-FOR-US: Apache Ozone
+CVE-2021-36371 (Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allo ...)
+ NOT-FOR-US: Emissary-Ingress (formerly Ambassador API Gateway)
+CVE-2021-36370 (An issue was discovered in Midnight Commander through 4.8.26. When est ...)
+ - mc 3:4.8.27-1 (bug #993404)
+ [bullseye] - mc <no-dsa> (Minor issue)
+ [buster] - mc <no-dsa> (Minor issue)
+ [stretch] - mc <no-dsa> (Minor issue)
+ NOTE: https://github.com/MidnightCommander/mc/commit/9235d3c232d13ad7f973346077c9cf2eaa77dc5f
+CVE-2021-36369
+ RESERVED
+CVE-2021-36368
+ RESERVED
+CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session even if i ...)
+ - putty 0.75-3 (bug #990901)
+ [bullseye] - putty <no-dsa> (Minor issue)
+ [buster] - putty <no-dsa> (Minor issue)
+ [stretch] - putty <no-dsa> (Minor issue)
+ NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa
+CVE-2021-36366 (Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-36365 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairm ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-36364 (Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards. ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-36363 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-36362
+ RESERVED
+CVE-2021-36361
+ RESERVED
+CVE-2021-36360
+ RESERVED
+CVE-2021-36359 (OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remo ...)
+ NOT-FOR-US: OrbiTeam BSCW Classic
+CVE-2021-36358
+ RESERVED
+CVE-2021-36357 (An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() ...)
+ NOT-FOR-US: OpenPOWER firwmware
+CVE-2021-36356 (KRAMER VIAware through August 2021 allows remote attackers to execute ...)
+ NOT-FOR-US: KRAMER VIAware
+CVE-2021-36355
+ RESERVED
+CVE-2021-36354
+ RESERVED
+CVE-2021-36353
+ RESERVED
+CVE-2021-36352 (Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Inf ...)
+ NOT-FOR-US: Care2x Hospital Information Management
+CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Information ...)
+ NOT-FOR-US: Care2x Open Source Hospital Information Management
+CVE-2021-3640 [Linux kernel: UAF in sco_send_frame function]
+ RESERVED
+ - linux 5.15.3-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1
+CVE-2021-3639 [Prevent redirect to URLs that begin with '///']
+ RESERVED
+ - libapache2-mod-auth-mellon 0.18.0-1 (bug #991730)
+ [bullseye] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
+ [buster] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
+ NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5
+CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authenticati ...)
+ NOT-FOR-US: Dell
+CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...)
+ NOT-FOR-US: EMC
+CVE-2021-36348 (iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnera ...)
+ NOT-FOR-US: Dell
+CVE-2021-36347 (iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82. ...)
+ NOT-FOR-US: Dell
+CVE-2021-36346 (Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service v ...)
+ NOT-FOR-US: Dell
+CVE-2021-36345
+ RESERVED
+CVE-2021-36344
+ RESERVED
+CVE-2021-36343 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36342 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive ...)
+ NOT-FOR-US: Dell
+CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...)
+ NOT-FOR-US: EMC
+CVE-2021-36339 (The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented us ...)
+ NOT-FOR-US: EMC
+CVE-2021-36338 (Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege ...)
+ NOT-FOR-US: Unisphere for PowerMax
+CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support insecure Tr ...)
+ NOT-FOR-US: Dell
+CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a deserializati ...)
+ NOT-FOR-US: Dell
+CVE-2021-36335 (Dell EMC CloudLink 7.1 and all prior versions contain an Improper Inpu ...)
+ NOT-FOR-US: EMC
+CVE-2021-36334 (Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula In ...)
+ NOT-FOR-US: EMC
+CVE-2021-36333 (Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflo ...)
+ NOT-FOR-US: EMC
+CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javas ...)
+ NOT-FOR-US: EMC
+CVE-2021-36331
+ RESERVED
+CVE-2021-36330 (Dell EMC Streaming Data Platform versions before 1.3 contain an Insuff ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36329 (Dell EMC Streaming Data Platform versions before 1.3 contain an Indire ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36328 (Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Inj ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36327 (Dell EMC Streaming Data Platform versions before 1.3 contain a Server ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36326 (Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL ...)
+ NOT-FOR-US: Dell EMC Streaming Data Platform
+CVE-2021-36325 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36324 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36323 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36322 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a ...)
+ NOT-FOR-US: Dell
+CVE-2021-36321 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an ...)
+ NOT-FOR-US: Dell
+CVE-2021-36320 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an ...)
+ NOT-FOR-US: Dell
+CVE-2021-36319 (Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain ...)
+ NOT-FOR-US: Dell
+CVE-2021-36318 (Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text ...)
+ NOT-FOR-US: EMC
+CVE-2021-36317 (Dell EMC Avamar Server version 19.4 contains a plain-text password sto ...)
+ NOT-FOR-US: EMC
+CVE-2021-36316 (Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 conta ...)
+ NOT-FOR-US: EMC
+CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This may all ...)
+ NOT-FOR-US: EMC
+CVE-2021-36314 (Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary Fil ...)
+ NOT-FOR-US: EMC
+CVE-2021-36313 (Dell EMC CloudLink 7.1 and all prior versions contain an OS command in ...)
+ NOT-FOR-US: EMC
+CVE-2021-36312 (Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Pas ...)
+ NOT-FOR-US: EMC
+CVE-2021-36311 (Dell EMC Networker versions prior to 19.5 contain an Improper Authoriz ...)
+ NOT-FOR-US: EMC
+CVE-2021-36310 (Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x &amp; 10.5 ...)
+ NOT-FOR-US: Dell
+CVE-2021-36309 (Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensi ...)
+ NOT-FOR-US: Dell
+CVE-2021-36308 (Networking OS10, versions prior to October 2021 with Smart Fabric Serv ...)
+ NOT-FOR-US: Dell
+CVE-2021-36307 (Networking OS10, versions prior to October 2021 with RESTCONF API enab ...)
+ NOT-FOR-US: Dell
+CVE-2021-36306 (Networking OS10, versions prior to October 2021 with RESTCONF API enab ...)
+ NOT-FOR-US: Dell
+CVE-2021-36305 (Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data ...)
+ NOT-FOR-US: Dell
+CVE-2021-36304
+ RESERVED
+CVE-2021-36303
+ RESERVED
+CVE-2021-36302 (All Dell EMC Integrated System for Microsoft Azure Stack Hub versions ...)
+ NOT-FOR-US: EMC
+CVE-2021-36301 (Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version ...)
+ NOT-FOR-US: Dell
+CVE-2021-36300 (iDRAC9 versions prior to 5.00.00.00 contain an improper input validati ...)
+ NOT-FOR-US: Dell
+CVE-2021-36299 (Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and ...)
+ NOT-FOR-US: Dell
+CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptograph ...)
+ NOT-FOR-US: EMC
+CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...)
+ NOT-FOR-US: SupportAssist Client (Dell)
+CVE-2021-36296 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+ NOT-FOR-US: Dell
+CVE-2021-36295 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+ NOT-FOR-US: Dell
+CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
+ NOT-FOR-US: Dell
+CVE-2021-36293
+ RESERVED
+CVE-2021-36292
+ RESERVED
+CVE-2021-36291
+ RESERVED
+CVE-2021-36290
+ RESERVED
+CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensi ...)
+ NOT-FOR-US: Dell
+CVE-2021-36288
+ RESERVED
+CVE-2021-36287
+ RESERVED
+CVE-2021-36286 (Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions ...)
+ NOT-FOR-US: Dell SupportAssist Client Consumer
+CVE-2021-36285 (Dell BIOS contains an Improper Restriction of Excessive Authentication ...)
+ NOT-FOR-US: Dell
+CVE-2021-36284 (Dell BIOS contains an Improper Restriction of Excessive Authentication ...)
+ NOT-FOR-US: Dell
+CVE-2021-36283 (Dell BIOS contains an improper input validation vulnerability. A local ...)
+ NOT-FOR-US: Dell
+CVE-2021-36282 (Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of un ...)
+ NOT-FOR-US: EMC
+CVE-2021-36281 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...)
+ NOT-FOR-US: EMC
+CVE-2021-36280 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...)
+ NOT-FOR-US: EMC
+CVE-2021-36279 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...)
+ NOT-FOR-US: EMC
+CVE-2021-36278 (Dell EMC PowerScale OneFS versions 8.2.x and 9.1.0.x contain an insert ...)
+ NOT-FOR-US: EMC
+CVE-2021-36277 (Dell Command Update, Dell Update, and Alienware Update versions prior ...)
+ NOT-FOR-US: Dell
+CVE-2021-36276 (Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insuffic ...)
+ NOT-FOR-US: Dell
+CVE-2021-36275
+ RESERVED
+CVE-2021-36274
+ RESERVED
+CVE-2021-36273
+ RESERVED
+CVE-2021-36272
+ RESERVED
+CVE-2021-36271
+ RESERVED
+CVE-2021-36270
+ RESERVED
+CVE-2021-36269
+ RESERVED
+CVE-2021-36268
+ RESERVED
+CVE-2021-36267
+ RESERVED
+CVE-2021-36266
+ RESERVED
+CVE-2021-36265
+ RESERVED
+CVE-2021-36264
+ RESERVED
+CVE-2021-36263
+ RESERVED
+CVE-2021-36262
+ RESERVED
+CVE-2021-36261
+ RESERVED
+CVE-2021-36260 (A command injection vulnerability in the web server of some Hikvision ...)
+ NOT-FOR-US: Hikvision
+CVE-2021-36259
+ RESERVED
+CVE-2021-36258
+ RESERVED
+CVE-2021-36257
+ RESERVED
+CVE-2021-36256
+ RESERVED
+CVE-2021-36255
+ RESERVED
+CVE-2021-36254
+ RESERVED
+CVE-2021-36253
+ RESERVED
+CVE-2021-36252
+ RESERVED
+CVE-2021-36251
+ RESERVED
+CVE-2021-36250
+ RESERVED
+CVE-2021-36249
+ RESERVED
+CVE-2021-36248
+ RESERVED
+CVE-2021-36247
+ RESERVED
+CVE-2021-36246
+ RESERVED
+CVE-2021-36245
+ RESERVED
+CVE-2021-36244
+ RESERVED
+CVE-2021-36243
+ RESERVED
+CVE-2021-36242
+ RESERVED
+CVE-2021-36241
+ RESERVED
+CVE-2021-36240
+ RESERVED
+CVE-2021-36239
+ RESERVED
+CVE-2021-36238
+ RESERVED
+CVE-2021-36237
+ RESERVED
+CVE-2021-36236
+ RESERVED
+CVE-2021-3638 [ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write]
+ RESERVED
+ {DSA-4980-1}
+ - qemu 1:6.1+dfsg-6 (bug #992726)
+ [buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1979858
+ NOTE: https://lore.kernel.org/qemu-devel/CAA8xKjXkDwPYxSAeRb+2mfHRrbiL_kh9unVkemFXLfF68UXePA@mail.gmail.com
+CVE-2021-36235 (An issue was discovered in Ivanti Workspace Control before 10.6.30.0. ...)
+ NOT-FOR-US: Ivanti
+CVE-2021-36234 (Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 all ...)
+ NOT-FOR-US: MIK.starlight
+CVE-2021-36233 (The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5 ...)
+ NOT-FOR-US: MIK.starlight
+CVE-2021-36232 (Improper Authorization in multiple functions in MIK.starlight 7.9.5.24 ...)
+ NOT-FOR-US: MIK.starlight
+CVE-2021-36231 (Deserialization of untrusted data in multiple functions in MIK.starlig ...)
+ NOT-FOR-US: MIK.starlight
+CVE-2021-36230 (HashiCorp Terraform Enterprise releases up to v202106-1 did not proper ...)
+ NOT-FOR-US: Terraform Enterprise
+CVE-2021-36229
+ RESERVED
+CVE-2021-36228
+ RESERVED
+CVE-2021-36227
+ RESERVED
+CVE-2021-36226
+ RESERVED
+CVE-2021-36225
+ RESERVED
+CVE-2021-36224
+ RESERVED
+CVE-2021-36223
+ RESERVED
+CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) ...)
+ {DSA-4944-1}
+ - krb5 1.18.3-6 (bug #991365)
+ [stretch] - krb5 <not-affected> (Vulnerable code (k5memdup0()) introduced later)
+ NOTE: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
+ NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007
+CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.16 1.16.7-1
+ - golang-1.15 1.15.15-1 (bug #991961)
+ [bullseye] - golang-1.15 1.15.15-1~deb11u1
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/46866
+ NOTE: https://github.com/golang/go/commit/b7a85e0003cedb1b48a1fd3ae5b746ec6330102e (master)
+ NOTE: https://github.com/golang/go/commit/accf363d5da864521c90b152fb734f3f15e00521 (release-branch.go1.16)
+ NOTE: https://github.com/golang/go/commit/ba93baa74a52d57ae79313313ea990cc791ef50e (release-branch.go1.15)
+CVE-2021-36220
+ RESERVED
+CVE-2021-36219 (An issue was discovered in SKALE sgxwallet 1.58.3. The provided input ...)
+ NOT-FOR-US: SKALE sgxwallet
+CVE-2021-36218 (An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GC ...)
+ NOT-FOR-US: SKALE sgxwallet
+CVE-2021-36217
+ REJECTED
+CVE-2021-36216 (LINE for Windows 6.2.1.2289 and before allows arbitrary code execution ...)
+ NOT-FOR-US: LINE for Windows
+CVE-2021-36215 (LINE client for iOS 10.21.3 and before allows address bar spoofing due ...)
+ NOT-FOR-US: LINE client for iOS
+CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script with speci ...)
+ NOT-FOR-US: LINE client for iOS
+CVE-2021-36213 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default de ...)
+ - consul <not-affected> (Only applies to 1.9 and later)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855
+ NOTE: https://github.com/hashicorp/consul/pull/10619
+CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored X ...)
+ NOT-FOR-US: MISP
+CVE-2021-3637 (A flaw was found in keycloak-model-infinispan in keycloak versions bef ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-36211
+ RESERVED
+CVE-2021-36210
+ RESERVED
+CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was possible du ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-36208
+ RESERVED
+CVE-2021-36207
+ RESERVED
+CVE-2021-36206
+ RESERVED
+CVE-2021-36205
+ RESERVED
+CVE-2021-36204
+ RESERVED
+CVE-2021-36203
+ RESERVED
+CVE-2021-36202
+ RESERVED
+CVE-2021-36201
+ RESERVED
+CVE-2021-36200
+ RESERVED
+CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some ...)
+ NOT-FOR-US: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc.
+CVE-2021-36198 (Successful exploitation of this vulnerability could allow an unauthori ...)
+ NOT-FOR-US: Sensormatic Electronics, LLC
+CVE-2021-36197
+ RESERVED
+CVE-2021-36196
+ RESERVED
+CVE-2021-36195 (Multiple command injection vulnerabilities in the command line interpr ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers of FortiW ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36193 (Multiple stack-based buffer overflows in the command line interpreter ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36191 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36190 (A unintended proxy or intermediary ('confused deputy') in Fortinet For ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36189 (A missing encryption of sensitive data in Fortinet FortiClientEMS vers ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36188 (A improper neutralization of input during web page generation ('cross- ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36187 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0 ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36186 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, vers ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36185 (A improper neutralization of special elements used in an OS command (' ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36184 (A improper neutralization of Special Elements used in an SQL Command ( ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36183 (An improper authorization vulnerability [CWE-285] in FortiClient for W ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36182 (A Improper neutralization of special elements used in a command ('Comm ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36181 (A concurrent execution using shared resource with improper Synchroniza ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36180 (Multiple improper neutralization of special elements used in a command ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36178 (A insufficiently protected credentials in Fortinet FortiSDNConnector v ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36177 (An improper access control vulnerability [CWE-284] in FortiAuthenticat ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36176 (Multiple uncontrolled resource consumption vulnerabilities in the web ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in FortiWeb ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36174 (A memory allocation with excessive size value vulnerability in the lic ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36173 (A heap-based buffer overflow in the firmware signature verification fu ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36172 (An improper restriction of XML external entity reference vulnerability ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36171
+ RESERVED
+CVE-2021-36170 (An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM a ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-36169 (A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
+ NOT-FOR-US: Fortinet
+CVE-2021-36167 (An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windo ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-36166
+ RESERVED
+CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...)
+ NOT-FOR-US: RICON Industrial Cellular Router
+CVE-2021-36164
+ RESERVED
+CVE-2021-36163 (In Apache Dubbo, users may choose to use the Hessian protocol. The Hes ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-36162 (Apache Dubbo supports various rules to support configuration override ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-36161 (Some component in Dubbo will try to print the formated string of the i ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...)
+ {DSA-4982-1 DLA-2768-1}
+ - apache2 2.4.49-1
+ [stretch] - apache2 <not-affected> (Vulnerable module not present)
+ - uwsgi <unfixed> (unimportant)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160
+ NOTE: https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b
+ NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg}
+ NOTE: packages which are provided by src:apache2 itself.
+ NOTE: Regression report: https://bz.apache.org/bugzilla/show_bug.cgi?id=65616
+ NOTE: Regression patch: https://github.com/apache/httpd/commit/8966e290a6e947fad0289bf4e243b0b552e13726 (2.4.x)
+CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...)
+ NOT-FOR-US: libfetch
+CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...)
+ - xrdp <not-affected> (xrdp as packaged in Alpine)
+CVE-2021-36157 (An issue was discovered in Grafana Cortex through 1.9.0. The header va ...)
+ NOT-FOR-US: Grafana Cortex
+CVE-2021-36156 (An issue was discovered in Grafana Loki through 2.2.1. The header valu ...)
+ NOT-FOR-US: Grafana Loki
+CVE-2021-36155 (LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates ...)
+ NOT-FOR-US: gRPC Swift
+CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remot ...)
+ NOT-FOR-US: gRPC Swift
+CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1. ...)
+ NOT-FOR-US: gRPC Swift
+CVE-2021-36152 (Apache Gobblin trusts all certificates used for LDAP connections in Go ...)
+ NOT-FOR-US: Apache Gobblin
+CVE-2021-36151 (In Apache Gobblin, the Hadoop token is written to a temp file that is ...)
+ NOT-FOR-US: Apache Gobblin
+CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...)
+ NOT-FOR-US: OpenShift
+CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation in versi ...)
+ - linux 5.4.19-1
+ [buster] - linux 4.19.98-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1976946
+CVE-2021-3634 (A flaw has been found in libssh in versions prior to 0.9.6. The SSH pr ...)
+ {DSA-4965-1}
+ - libssh 0.9.6-1 (bug #993046)
+ [buster] - libssh <not-affected> (Vulnerable code not present)
+ [stretch] - libssh <not-affected> (Vulnerable code not present)
+ NOTE: https://www.libssh.org/security/advisories/CVE-2021-3634.txt
+ NOTE: https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/
+ NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063 (libssh-0.9.6)
+CVE-2021-36150 (SilverStripe Framework through 4.8.1 allows XSS. ...)
+ NOT-FOR-US: SilverStripe CMS
+CVE-2021-36149
+ RESERVED
+CVE-2021-36148 (An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervis ...)
+ NOT-FOR-US: ACRN
+CVE-2021-36147 (An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw ...)
+ NOT-FOR-US: ACRN
+CVE-2021-36146 (ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereferen ...)
+ NOT-FOR-US: ACRN
+CVE-2021-36145 (The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use- ...)
+ NOT-FOR-US: ACRN
+CVE-2021-36144 (The polling timer handler in ACRN before 2.5 has a use-after-free for ...)
+ NOT-FOR-US: ACRN
+CVE-2021-36143 (ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer ...)
+ NOT-FOR-US: ACRN
+CVE-2021-36142
+ RESERVED
+CVE-2021-36141
+ RESERVED
+CVE-2021-36140
+ RESERVED
+CVE-2021-36139
+ RESERVED
+CVE-2021-36138
+ RESERVED
+CVE-2021-36137
+ RESERVED
+CVE-2021-36136
+ RESERVED
+CVE-2021-36135
+ RESERVED
+CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...)
+ NOT-FOR-US: McAfee
+CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...)
+ NOT-FOR-US: OP-TEE
+CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...)
+ NOT-FOR-US: FileImport MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36131 (An XSS issue was discovered in the SportsTeams extension in MediaWiki ...)
+ NOT-FOR-US: SportsTeams MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36130 (An XSS issue was discovered in the SocialProfile extension in MediaWik ...)
+ NOT-FOR-US: SocialProfile MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36129 (An issue was discovered in the Translate extension in MediaWiki throug ...)
+ NOT-FOR-US: Translate MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36128 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...)
+ NOT-FOR-US: CentralAuth MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36127 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...)
+ NOT-FOR-US: CentralAuth MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36126 (An issue was discovered in the AbuseFilter extension in MediaWiki thro ...)
+ NOT-FOR-US: AbuseFilter MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36125 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...)
+ NOT-FOR-US: CentralAuth MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-36124 (An issue was discovered in Echo ShareCare 8.15.5. It does not perform ...)
+ NOT-FOR-US: Echo ShareCare
+CVE-2021-36123 (An issue was discovered in Echo ShareCare 8.15.5. The TextReader featu ...)
+ NOT-FOR-US: Echo ShareCare
+CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile featur ...)
+ NOT-FOR-US: Echo ShareCare
+CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The file-upload feat ...)
+ NOT-FOR-US: Echo ShareCare
+CVE-2021-3633 (A DLL preloading vulnerability was reported in Lenovo Driver Managemen ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-36120
+ RESERVED
+CVE-2021-36119
+ RESERVED
+CVE-2021-36118
+ RESERVED
+CVE-2021-36117
+ RESERVED
+CVE-2021-36116
+ RESERVED
+CVE-2021-36115
+ RESERVED
+CVE-2021-36114
+ RESERVED
+CVE-2021-36113
+ RESERVED
+CVE-2021-36112
+ RESERVED
+CVE-2021-36111
+ RESERVED
+CVE-2021-36110
+ RESERVED
+CVE-2021-36109
+ RESERVED
+CVE-2021-36108
+ RESERVED
+CVE-2021-36107
+ RESERVED
+CVE-2021-36106
+ RESERVED
+CVE-2021-36105
+ RESERVED
+CVE-2021-36104
+ RESERVED
+CVE-2021-36103
+ RESERVED
+CVE-2021-36102
+ RESERVED
+CVE-2021-36101
+ RESERVED
+CVE-2021-36100
+ RESERVED
+CVE-2021-36099
+ RESERVED
+CVE-2021-36098
+ RESERVED
+CVE-2021-36097 (Agents are able to lock the ticket without the "Owner" permission. Onc ...)
+ - otrs <not-affected> (OTRS 8.x specific)
+ NOTE: znuny forked from OTRS with 6.x, but this issue is specific to OTRS 8.x
+CVE-2021-36096 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...)
+ - otrs2 <undetermined> (bug #993846)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+ NOTE: CVE-2021-36096 is an update from the original CVE-2021-21440.
+ TODO: check, 6.1.2-1 claims to fix the issue through the znuny codebase
+CVE-2021-36095 (Malicious attacker is able to find out valid user logins by using the ...)
+ - otrs2 <undetermined> (bug #993846)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-18/
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+CVE-2021-36094 (It's possible to craft a request for appointment edit screen, which co ...)
+ - otrs2 <undetermined> (bug #993846)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-17/
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+ TODO: check, 6.1.2-1 claims to fix the issue through the znuny codebase
+CVE-2021-36093 (It's possible to create an email which can be stuck while being proces ...)
+ - otrs2 <undetermined> (bug #993846)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-16/
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+CVE-2021-36092 (It's possible to create an email which contains specially crafted link ...)
+ - otrs2 <undetermined>
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-15/
+ NOTE: Unclear whether this affects Znuny, they could not reproduce it:
+ NOTE: https://github.com/znuny/Znuny/issues/105#issuecomment-894013730
+CVE-2021-36091 (Agents are able to list appointments in the calendars without required ...)
+ - otrs2 6.0.32-6 (bug #991593)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/
+ NOTE: https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+CVE-2021-3632
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2021-36090 (When reading a specially crafted ZIP archive, Compress can be made to ...)
+ - libcommons-compress-java 1.21-1 (bug #991041)
+ [bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
+ [buster] - libcommons-compress-java <no-dsa> (Minor issue)
+ [stretch] - libcommons-compress-java <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/4
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ef5d70b625000e38404194aaab311b771c44efda
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f
+CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...)
+ - libgrokj2k 9.5.0-1 (bug #990525)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml
+CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in f ...)
+ NOT-FOR-US: Fluent Bit
+CVE-2021-36087 (The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in e ...)
+ - libsepol 3.3-1 (bug #990526)
+ [bullseye] - libsepol <no-dsa> (Minor issue)
+ [buster] - libsepol <no-dsa> (Minor issue)
+ [stretch] - libsepol <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675
+ NOTE: https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml
+CVE-2021-36086 (The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_clas ...)
+ - libsepol 3.3-1 (bug #990526)
+ [bullseye] - libsepol <no-dsa> (Minor issue)
+ [buster] - libsepol <no-dsa> (Minor issue)
+ [stretch] - libsepol <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
+ NOTE: https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml
+CVE-2021-36085 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...)
+ - libsepol 3.3-1 (bug #990526)
+ [bullseye] - libsepol <no-dsa> (Minor issue)
+ [buster] - libsepol <no-dsa> (Minor issue)
+ [stretch] - libsepol <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124
+ NOTE: https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml
+CVE-2021-36084 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...)
+ - libsepol 3.3-1 (bug #990526)
+ [bullseye] - libsepol <no-dsa> (Minor issue)
+ [buster] - libsepol <no-dsa> (Minor issue)
+ [stretch] - libsepol <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
+ NOTE: https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml
+CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overf ...)
+ [experimental] - kimageformats 5.83.0-1
+ - kimageformats 5.78.0-5 (bug #990527)
+ [buster] - kimageformats <no-dsa> (Minor issue)
+ [stretch] - kimageformats <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml
+ NOTE: https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f
+CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in processClientServer ...)
+ - ndpi 4.0-1 (bug #990528)
+ [buster] - ndpi <not-affected> (Vulnerable code not present)
+ [stretch] - ndpi <not-affected> (Vulnerable code added later)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml
+ NOTE: https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3
+CVE-2021-36081 (Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-fr ...)
+ - tesseract <unfixed> (bug #990529)
+ [bullseye] - tesseract <no-dsa> (Minor issue)
+ [buster] - tesseract <no-dsa> (Minor issue)
+ [stretch] - tesseract <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698
+ NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml
+ NOTE: https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55
+CVE-2021-36080 (GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_ ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-3631 [insecure sVirt label generation]
+ RESERVED
+ - libvirt 7.6.0-1 (bug #990709)
+ [bullseye] - libvirt <no-dsa> (Minor issue)
+ [buster] - libvirt <no-dsa> (Minor issue)
+ [stretch] - libvirt <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/libvirt/libvirt/-/issues/153
+ NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2 (v7.5.0)
+CVE-2021-36079 (Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36078 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36077 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36076 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36075 (Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overfl ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36074 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36073 (Adobe Bridge version 11.1 (and earlier) is affected by a heap-based bu ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36072 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36071 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36070 (Adobe Media Encoder version 15.1 (and earlier) is affected by an impro ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36069 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36068 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36067 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36066 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36065 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36064 (XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Under ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36063 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36062 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36061 (Adobe Connect version 11.2.2 (and earlier) is affected by a secure des ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36060
+ RESERVED
+CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36057 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-wh ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36056 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36055 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-af ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36054 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36053 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36052 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36051 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36049 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36048 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36047 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36046 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36045 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36044 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36043 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36042 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36041 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36040 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36039 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36038 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36037 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36036
+ RESERVED
+CVE-2021-36035 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36034 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36033 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36032 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36031 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36030 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36029 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36028 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36027 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36026 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36025 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36024 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36023
+ RESERVED
+CVE-2021-36022 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36021
+ RESERVED
+CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36019 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36018 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36017 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36016 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36015 (Adobe Media Encoder version 15.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36014 (Adobe Media Encoder version 15.2 (and earlier) is affected by an unini ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36013 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36012 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...)
+ NOT-FOR-US: Magento
+CVE-2021-36011 (Adobe Illustrator version 25.2.3 (and earlier) is affected by a potent ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36010 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36009 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an memor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36008 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Use-a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36007 (Adobe Prelude version 10.0 (and earlier) are affected by an uninitiali ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36006 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36005 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36004 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36003 (Adobe Audition version 14.2 (and earlier) is affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36002 (Adobe Captivate version 11.5.5 (and earlier) is affected by an Creatio ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36001 (Adobe Character Animator version 4.2 (and earlier) is affected by an o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-36000 (Adobe Character Animator version 4.2 (and earlier) is affected by a me ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35999 (Adobe Prelude version 10.0 (and earlier) is affected by a memory corru ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35998
+ RESERVED
+CVE-2021-35997 (Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35996 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35995 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Imp ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35994 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35993 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35992 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitiali ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35990 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35989 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35988 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35987 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35986 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35985 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35984 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35983 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35982 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-35980
+ RESERVED
+CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...)
+ NOT-FOR-US: Digi RealPort
+CVE-2021-35978 (An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ...)
+ NOT-FOR-US: Digi TransPort devices
+CVE-2021-35977 (An issue was discovered in Digi RealPort for Windows through 4.8.488.0 ...)
+ NOT-FOR-US: Digi RealPort
+CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...)
+ NOT-FOR-US: Plesk Obsidian
+CVE-2021-35975
+ RESERVED
+CVE-2021-35974
+ RESERVED
+CVE-2021-35973 (NETGEAR WAC104 devices before 1.0.4.15 are affected by an authenticati ...)
+ NOT-FOR-US: Netgear
+CVE-2021-35972
+ RESERVED
+CVE-2021-35971 (Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 be ...)
+ NOT-FOR-US: Veeam
+CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-ma ...)
+ NOT-FOR-US: Coral
+CVE-2021-35969 (Pexip Infinity before 26 allows temporary remote Denial of Service (ab ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2021-35968 (The directory list page parameter of the Orca HCM digital learning pla ...)
+ NOT-FOR-US: Orca HCM digital learning platform
+CVE-2021-35967 (The directory page parameter of the Orca HCM digital learning platform ...)
+ NOT-FOR-US: Orca HCM digital learning platform
+CVE-2021-35966 (The specific function of the Orca HCM digital learning platform does n ...)
+ NOT-FOR-US: Orca HCM digital learning platform
+CVE-2021-35965 (The Orca HCM digital learning platform uses a weak factory default adm ...)
+ NOT-FOR-US: Orca HCM digital learning platform
+CVE-2021-35964 (The management page of the Orca HCM digital learning platform does not ...)
+ NOT-FOR-US: Orca HCM digital learning platform
+CVE-2021-35963 (The specific parameter of upload function of the Orca HCM digital lear ...)
+ NOT-FOR-US: Orca HCM digital learning platform
+CVE-2021-35962 (Specific page parameters in Dr. ID Door Access Control and Personnel A ...)
+ NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system
+CVE-2021-35961 (Dr. ID Door Access Control and Personnel Attendance Management system ...)
+ NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system
+CVE-2021-35960
+ RESERVED
+CVE-2021-35959 (In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folde ...)
+ NOT-FOR-US: Plone
+CVE-2021-35958 (** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-35957 (Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not a ...)
+ NOT-FOR-US: Stormshield Endpoint Security Evolution
+CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of AKCP se ...)
+ NOT-FOR-US: AKCP sensorProbe
+CVE-2021-35955 (Contao &gt;=4.0.0 allows backend XSS via HTML attributes to an HTML fi ...)
+ NOT-FOR-US: Contao CMS
+CVE-2021-35954
+ RESERVED
+CVE-2021-35953
+ RESERVED
+CVE-2021-35952
+ RESERVED
+CVE-2021-35951
+ RESERVED
+CVE-2021-35950
+ RESERVED
+CVE-2021-35949 (The shareinfo controller in the ownCloud Server before 10.8.0 allows a ...)
+ - owncloud <removed>
+CVE-2021-35948 (Session fixation on password protected public links in the ownCloud Se ...)
+ - owncloud <removed>
+CVE-2021-35947 (The public share controller in the ownCloud server before version 10.8 ...)
+ - owncloud <removed>
+CVE-2021-35946 (A receiver of a federated share with access to the database with ownCl ...)
+ - owncloud <removed>
+CVE-2021-35945 (Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer O ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-35944 (Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Ov ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-35943 (Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Co ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...)
+ - glibc 2.31-13 (bug #990542)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28011
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c
+CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book Live Du ...)
+ NOT-FOR-US: Western Digital
+CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::D ...)
+ {DSA-5032-1 DLA-2702-1}
+ - djvulibre 3.5.27.1-12
+ NOTE: https://sourceforge.net/p/djvu/bugs/302/
+ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/
+CVE-2021-3629
+ RESERVED
+ - undertow <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1977362
+CVE-2021-3628 (OpenKM Community Edition in its 6.3.10 version is vulnerable to authen ...)
+ NOT-FOR-US: OpenKM
+CVE-2021-3627
+ RESERVED
+CVE-2021-35940 (An out-of-bounds array read in the apr_time_exp*() functions was fixed ...)
+ - apr 1.7.0-7 (bug #992789)
+ [bullseye] - apr 1.7.0-6+deb11u1
+ [buster] - apr <not-affected> (Vulnerable code re-introduced in 1.7.0)
+ [stretch] - apr <not-affected> (Vulnerable code re-introduced in 1.7.0)
+ NOTE: The issue exists because the CVE-2017-12613 fix was not carried forward
+ NOTE: in the APR 1.7.x branch and hence version 1.7.0 regressed from 1.6.3
+ NOTE: and so vulnerable to the same issue.
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/23/1
+ NOTE: http://svn.apache.org/viewvc?view=revision&revision=1891198
+ NOTE: https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
+CVE-2021-35939 [checks for unsafe symlinks are not performed for intermediary directories]
+ RESERVED
+ - rpm <unfixed> (bug #990543)
+ [bullseye] - rpm <ignored> (Minor issue)
+ [buster] - rpm <ignored> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964129
+CVE-2021-35938 [races with chown/chmod/capabilities calls during installation]
+ RESERVED
+ - rpm <unfixed> (bug #990543)
+ [bullseye] - rpm <ignored> (Minor issue)
+ [buster] - rpm <ignored> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964114
+CVE-2021-35937 [TOCTOU race in checks for unsafe symlinks]
+ RESERVED
+ - rpm <unfixed> (bug #990543)
+ [bullseye] - rpm <ignored> (Minor issue)
+ [buster] - rpm <ignored> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964125
+CVE-2021-35936 (If remote logging is not used, the worker (in the case of CeleryExecut ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-3626 (The Windows version of Multipass before 1.7.0 allowed any local proces ...)
+ NOT-FOR-US: Multipass
+CVE-2021-3625 (Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions &gt;= v2.5.0 ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-35935
+ RESERVED
+CVE-2021-35934
+ RESERVED
+CVE-2021-35933
+ RESERVED
+CVE-2021-35932
+ RESERVED
+CVE-2021-35931
+ RESERVED
+CVE-2021-35930
+ RESERVED
+CVE-2021-35929
+ RESERVED
+CVE-2021-35928
+ RESERVED
+CVE-2021-35927
+ RESERVED
+CVE-2021-35926
+ RESERVED
+CVE-2021-35925
+ RESERVED
+CVE-2021-35924
+ RESERVED
+CVE-2021-35923
+ RESERVED
+CVE-2021-35922
+ RESERVED
+CVE-2021-35921
+ RESERVED
+CVE-2021-35920
+ RESERVED
+CVE-2021-35919
+ RESERVED
+CVE-2021-35918
+ RESERVED
+CVE-2021-35917
+ RESERVED
+CVE-2021-35916
+ RESERVED
+CVE-2021-35915
+ RESERVED
+CVE-2021-35914
+ RESERVED
+CVE-2021-35913
+ RESERVED
+CVE-2021-35912
+ RESERVED
+CVE-2021-35911
+ RESERVED
+CVE-2021-35910
+ RESERVED
+CVE-2021-35909
+ RESERVED
+CVE-2021-35908
+ RESERVED
+CVE-2021-35907
+ RESERVED
+CVE-2021-35906
+ RESERVED
+CVE-2021-35905
+ RESERVED
+CVE-2021-35904
+ RESERVED
+CVE-2021-35903
+ RESERVED
+CVE-2021-35902
+ RESERVED
+CVE-2021-35901
+ RESERVED
+CVE-2021-35900
+ RESERVED
+CVE-2021-35899
+ RESERVED
+CVE-2021-35898
+ RESERVED
+CVE-2021-35897
+ RESERVED
+CVE-2021-35896
+ RESERVED
+CVE-2021-35895
+ RESERVED
+CVE-2021-35894
+ RESERVED
+CVE-2021-35893
+ RESERVED
+CVE-2021-35892
+ RESERVED
+CVE-2021-35891
+ RESERVED
+CVE-2021-35890
+ RESERVED
+CVE-2021-35889
+ RESERVED
+CVE-2021-35888
+ RESERVED
+CVE-2021-35887
+ RESERVED
+CVE-2021-35886
+ RESERVED
+CVE-2021-35885
+ RESERVED
+CVE-2021-35884
+ RESERVED
+CVE-2021-35883
+ RESERVED
+CVE-2021-35882
+ RESERVED
+CVE-2021-35881
+ RESERVED
+CVE-2021-35880
+ RESERVED
+CVE-2021-35879
+ RESERVED
+CVE-2021-35878
+ RESERVED
+CVE-2021-35877
+ RESERVED
+CVE-2021-35876
+ RESERVED
+CVE-2021-35875
+ RESERVED
+CVE-2021-35874
+ RESERVED
+CVE-2021-35873
+ RESERVED
+CVE-2021-35872
+ RESERVED
+CVE-2021-35871
+ RESERVED
+CVE-2021-35870
+ RESERVED
+CVE-2021-35869
+ RESERVED
+CVE-2021-35868
+ RESERVED
+CVE-2021-35867
+ RESERVED
+CVE-2021-35866
+ RESERVED
+CVE-2021-35865
+ RESERVED
+CVE-2021-35864
+ RESERVED
+CVE-2021-35863
+ RESERVED
+CVE-2021-35862
+ RESERVED
+CVE-2021-35861
+ RESERVED
+CVE-2021-35860
+ RESERVED
+CVE-2021-35859
+ RESERVED
+CVE-2021-35858
+ RESERVED
+CVE-2021-35857
+ RESERVED
+CVE-2021-35856
+ RESERVED
+CVE-2021-35855
+ RESERVED
+CVE-2021-35854
+ RESERVED
+CVE-2021-35853
+ RESERVED
+CVE-2021-35852
+ RESERVED
+CVE-2021-35851
+ RESERVED
+CVE-2021-35850
+ RESERVED
+CVE-2021-35849
+ RESERVED
+CVE-2021-35848
+ RESERVED
+CVE-2021-35847
+ RESERVED
+CVE-2021-35846
+ RESERVED
+CVE-2021-35845
+ RESERVED
+CVE-2021-35844
+ RESERVED
+CVE-2021-35843
+ RESERVED
+CVE-2021-35842
+ RESERVED
+CVE-2021-35841
+ RESERVED
+CVE-2021-35840
+ RESERVED
+CVE-2021-35839
+ RESERVED
+CVE-2021-35838
+ RESERVED
+CVE-2021-35837
+ RESERVED
+CVE-2021-35836
+ RESERVED
+CVE-2021-35835
+ RESERVED
+CVE-2021-35834
+ RESERVED
+CVE-2021-35833
+ RESERVED
+CVE-2021-35832
+ RESERVED
+CVE-2021-35831
+ RESERVED
+CVE-2021-35830
+ RESERVED
+CVE-2021-35829
+ RESERVED
+CVE-2021-35828
+ RESERVED
+CVE-2021-35827
+ RESERVED
+CVE-2021-35826
+ RESERVED
+CVE-2021-35825
+ RESERVED
+CVE-2021-35824
+ RESERVED
+CVE-2021-35823
+ RESERVED
+CVE-2021-35822
+ RESERVED
+CVE-2021-35821
+ RESERVED
+CVE-2021-35820
+ RESERVED
+CVE-2021-35819
+ RESERVED
+CVE-2021-35818
+ RESERVED
+CVE-2021-35817
+ RESERVED
+CVE-2021-35816
+ RESERVED
+CVE-2021-35815
+ RESERVED
+CVE-2021-35814
+ RESERVED
+CVE-2021-35813
+ RESERVED
+CVE-2021-35812
+ RESERVED
+CVE-2021-35811
+ RESERVED
+CVE-2021-35810
+ RESERVED
+CVE-2021-35809
+ RESERVED
+CVE-2021-35808
+ RESERVED
+CVE-2021-35807
+ RESERVED
+CVE-2021-35806
+ RESERVED
+CVE-2021-35805
+ RESERVED
+CVE-2021-35804
+ RESERVED
+CVE-2021-35803
+ RESERVED
+CVE-2021-35802
+ RESERVED
+CVE-2021-35801
+ RESERVED
+CVE-2021-35800
+ RESERVED
+CVE-2021-35799
+ RESERVED
+CVE-2021-35798
+ RESERVED
+CVE-2021-35797
+ RESERVED
+CVE-2021-35796
+ RESERVED
+CVE-2021-35795
+ RESERVED
+CVE-2021-35794
+ RESERVED
+CVE-2021-35793
+ RESERVED
+CVE-2021-35792
+ RESERVED
+CVE-2021-35791
+ RESERVED
+CVE-2021-35790
+ RESERVED
+CVE-2021-35789
+ RESERVED
+CVE-2021-35788
+ RESERVED
+CVE-2021-35787
+ RESERVED
+CVE-2021-35786
+ RESERVED
+CVE-2021-35785
+ RESERVED
+CVE-2021-35784
+ RESERVED
+CVE-2021-35783
+ RESERVED
+CVE-2021-35782
+ RESERVED
+CVE-2021-35781
+ RESERVED
+CVE-2021-35780
+ RESERVED
+CVE-2021-35779
+ RESERVED
+CVE-2021-35778
+ RESERVED
+CVE-2021-35777
+ RESERVED
+CVE-2021-35776
+ RESERVED
+CVE-2021-35775
+ RESERVED
+CVE-2021-35774
+ RESERVED
+CVE-2021-35773
+ RESERVED
+CVE-2021-35772
+ RESERVED
+CVE-2021-35771
+ RESERVED
+CVE-2021-35770
+ RESERVED
+CVE-2021-35769
+ RESERVED
+CVE-2021-35768
+ RESERVED
+CVE-2021-35767
+ RESERVED
+CVE-2021-35766
+ RESERVED
+CVE-2021-35765
+ RESERVED
+CVE-2021-35764
+ RESERVED
+CVE-2021-35763
+ RESERVED
+CVE-2021-35762
+ RESERVED
+CVE-2021-35761
+ RESERVED
+CVE-2021-35760
+ RESERVED
+CVE-2021-35759
+ RESERVED
+CVE-2021-35758
+ RESERVED
+CVE-2021-35757
+ RESERVED
+CVE-2021-35756
+ RESERVED
+CVE-2021-35755
+ RESERVED
+CVE-2021-35754
+ RESERVED
+CVE-2021-35753
+ RESERVED
+CVE-2021-35752
+ RESERVED
+CVE-2021-35751
+ RESERVED
+CVE-2021-35750
+ RESERVED
+CVE-2021-35749
+ RESERVED
+CVE-2021-35748
+ RESERVED
+CVE-2021-35747
+ RESERVED
+CVE-2021-35746
+ RESERVED
+CVE-2021-35745
+ RESERVED
+CVE-2021-35744
+ RESERVED
+CVE-2021-35743
+ RESERVED
+CVE-2021-35742
+ RESERVED
+CVE-2021-35741
+ RESERVED
+CVE-2021-35740
+ RESERVED
+CVE-2021-35739
+ RESERVED
+CVE-2021-35738
+ RESERVED
+CVE-2021-35737
+ RESERVED
+CVE-2021-35736
+ RESERVED
+CVE-2021-35735
+ RESERVED
+CVE-2021-35734
+ RESERVED
+CVE-2021-35733
+ RESERVED
+CVE-2021-35732
+ RESERVED
+CVE-2021-35731
+ RESERVED
+CVE-2021-35730
+ RESERVED
+CVE-2021-35729
+ RESERVED
+CVE-2021-35728
+ RESERVED
+CVE-2021-35727
+ RESERVED
+CVE-2021-35726
+ RESERVED
+CVE-2021-35725
+ RESERVED
+CVE-2021-35724
+ RESERVED
+CVE-2021-35723
+ RESERVED
+CVE-2021-35722
+ RESERVED
+CVE-2021-35721
+ RESERVED
+CVE-2021-35720
+ RESERVED
+CVE-2021-35719
+ RESERVED
+CVE-2021-35718
+ RESERVED
+CVE-2021-35717
+ RESERVED
+CVE-2021-35716
+ RESERVED
+CVE-2021-35715
+ RESERVED
+CVE-2021-35714
+ RESERVED
+CVE-2021-35713
+ RESERVED
+CVE-2021-35712
+ RESERVED
+CVE-2021-35711
+ RESERVED
+CVE-2021-35710
+ RESERVED
+CVE-2021-35709
+ RESERVED
+CVE-2021-35708
+ RESERVED
+CVE-2021-35707
+ RESERVED
+CVE-2021-35706
+ RESERVED
+CVE-2021-35705
+ RESERVED
+CVE-2021-35704
+ RESERVED
+CVE-2021-35703
+ RESERVED
+CVE-2021-35702
+ RESERVED
+CVE-2021-35701
+ RESERVED
+CVE-2021-35700
+ RESERVED
+CVE-2021-35699
+ RESERVED
+CVE-2021-35698
+ RESERVED
+CVE-2021-35697
+ RESERVED
+CVE-2021-35696
+ RESERVED
+CVE-2021-35695
+ RESERVED
+CVE-2021-35694
+ RESERVED
+CVE-2021-35693
+ RESERVED
+CVE-2021-35692
+ RESERVED
+CVE-2021-35691
+ RESERVED
+CVE-2021-35690
+ RESERVED
+CVE-2021-35689
+ RESERVED
+CVE-2021-35688
+ RESERVED
+CVE-2021-35687 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35686 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35685
+ RESERVED
+CVE-2021-35684
+ RESERVED
+CVE-2021-35683 (Vulnerability in the Oracle Essbase Administration Services product of ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35682
+ RESERVED
+CVE-2021-35681
+ RESERVED
+CVE-2021-35680
+ RESERVED
+CVE-2021-35679
+ RESERVED
+CVE-2021-35678
+ RESERVED
+CVE-2021-35677
+ RESERVED
+CVE-2021-35676
+ RESERVED
+CVE-2021-35675
+ RESERVED
+CVE-2021-35674
+ RESERVED
+CVE-2021-35673
+ RESERVED
+CVE-2021-35672
+ RESERVED
+CVE-2021-35671
+ RESERVED
+CVE-2021-35670
+ RESERVED
+CVE-2021-35669
+ RESERVED
+CVE-2021-35668
+ RESERVED
+CVE-2021-35667
+ RESERVED
+CVE-2021-35666 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35665 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35664
+ RESERVED
+CVE-2021-35663
+ RESERVED
+CVE-2021-35662 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35661 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35660 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35659 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35658 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35657 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35656 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35655 (Vulnerability in the Essbase Administration Services product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35654 (Vulnerability in the Essbase Administration Services product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35653 (Vulnerability in the Essbase Administration Services product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35652 (Vulnerability in the Essbase Administration Services product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35651 (Vulnerability in the Essbase Administration Services product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35650 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle Secure Global Desktop
+CVE-2021-35649 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle Secure Global Desktop
+CVE-2021-35648 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35647 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35646 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35645 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35644 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35643 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35642 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35640 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35639 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35638 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35637 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35636 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35635 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35634 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35631 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35630 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35629 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35628 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35627 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35626 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35625 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35624 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+ - mysql-5.7 <removed>
+CVE-2021-35623 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35622 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35621 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35620 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35619 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35618 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35617 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35616 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35615
+ RESERVED
+CVE-2021-35614
+ RESERVED
+CVE-2021-35613 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35612 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35611 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35610 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35609 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35608 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35607 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35606 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35605
+ RESERVED
+CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 <removed>
+ [bullseye] - mariadb-10.5 <no-dsa> (Minor issue)
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 <no-dsa> (Minor issue)
+ - mysql-8.0 <unfixed>
+ - mysql-5.7 <removed>
+ NOTE: Fixed in MariaDB: 10.5.13, 10.3.32
+CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35602 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35601 (Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack prod ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35600
+ RESERVED
+CVE-2021-35599 (Vulnerability in the Zero Downtime DB Migration to Cloud component of ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35598 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35597 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35596 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35595 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35594 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35593 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35592 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35591 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35590 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35589 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DLA-2814-1}
+ - openjdk-8 8u312-b07-1
+CVE-2021-35587 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35585 (Vulnerability in the Oracle Incentive Compensation product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35584 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35583 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <not-affected> (Windows-specific)
+CVE-2021-35582 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35581 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35579
+ RESERVED
+CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35577 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35576 (Vulnerability in the Oracle Database Enterprise Edition Unified Audit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35575 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35574 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35573 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35572 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35571 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35570 (Vulnerability in the Oracle Mobile Field Service product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5000-1 DLA-2814-1}
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle E-Bus ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...)
+ - openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
+ - openjdk-17 17.0.1+12-1
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35555
+ RESERVED
+CVE-2021-35554 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35553 (Vulnerability in the PeopleSoft Enterprise CS Student Records product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-5000-2 DSA-5000-1 DLA-2814-1}
+ - openjdk-11 11.0.13+8-1
+ - openjdk-8 8u312-b07-1
+CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35548
+ RESERVED
+CVE-2021-35547
+ RESERVED
+CVE-2021-35546 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35545 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.28-dfsg-1
+CVE-2021-35544
+ RESERVED
+CVE-2021-35543 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35542 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.28-dfsg-1
+CVE-2021-35541 (Vulnerability in the PeopleSoft Enterprise SCM product of Oracle Peopl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35540 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.28-dfsg-1
+CVE-2021-35539 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35538 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox <not-affected> (Windows-specific)
+CVE-2021-35537 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-35536 (Vulnerability in the Oracle Deal Management product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-35535 (Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/ ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-35534 (Insufficient security control vulnerability in internal database acces ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-35533 (Improper Input Validation vulnerability in the APDU parser in the Bidi ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-35532
+ RESERVED
+CVE-2021-35531
+ RESERVED
+CVE-2021-35530
+ RESERVED
+CVE-2021-35529 (Insufficiently Protected Credentials vulnerability in client environme ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-35528 (Improper Access Control vulnerability in the application authenticatio ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-35527 (Password autocomplete vulnerability in the web application password fi ...)
+ NOT-FOR-US: Hitachi ABB Power Grids eSOMS
+CVE-2021-35526 (Backup file without encryption vulnerability is found in Hitachi ABB P ...)
+ NOT-FOR-US: Hitachi ABB Power Grids System Data Manager
+CVE-2021-3624 [buffer-overflow caused by integer-overflow in foveon_load_camf()]
+ RESERVED
+ - dcraw <unfixed> (bug #984761)
+ [bullseye] - dcraw <no-dsa> (Minor issue)
+ [buster] - dcraw <no-dsa> (Minor issue)
+ [stretch] - dcraw <no-dsa> (Minor issue)
+CVE-2021-3623 [out-of-bounds access when trying to resume the state of the vTPM]
+ RESERVED
+ - libtpms 0.9.1-1 (bug #990522)
+ NOTE: https://github.com/stefanberger/libtpms/pull/223
+ NOTE: https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263
+ NOTE: https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809
+ NOTE: https://github.com/stefanberger/libtpms/commit/2e6173c273ca14adb11386db4e47622552b1c00e
+CVE-2021-35525 (PostSRSd before 1.11 allows a denial of service (subprocess hang) if P ...)
+ - postsrsd 1.10-2 (bug #990439)
+ [buster] - postsrsd <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - postsrsd <no-dsa> (Minor issue)
+ NOTE: https://bugs.gentoo.org/793674
+ NOTE: https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2
+CVE-2021-35524
+ RESERVED
+CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe conf ...)
+ NOT-FOR-US: Securepoint
+CVE-2021-35522 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...)
+ NOT-FOR-US: IDEMIA
+CVE-2021-35521 (A path traversal in Thrift command handlers in IDEMIA Morpho Wave Comp ...)
+ NOT-FOR-US: IDEMIA
+CVE-2021-35520 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...)
+ NOT-FOR-US: IDEMIA
+CVE-2021-35519
+ RESERVED
+CVE-2021-35518
+ RESERVED
+CVE-2021-35517 (When reading a specially crafted TAR archive, Compress can be made to ...)
+ - libcommons-compress-java 1.21-1 (bug #991041)
+ [bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
+ [buster] - libcommons-compress-java <no-dsa> (Minor issue)
+ [stretch] - libcommons-compress-java <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/3
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=d0af873e77d16f41edfef7b69da5c8c35c96a650
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=7ce1b0796d6cbe1f41b969583bd49f33ae0efef0
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f
+CVE-2021-35516 (When reading a specially crafted 7Z archive, Compress can be made to a ...)
+ - libcommons-compress-java 1.21-1 (bug #991041)
+ [bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
+ [buster] - libcommons-compress-java <no-dsa> (Minor issue)
+ [stretch] - libcommons-compress-java <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/2
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=26924e96c7730db014c310757e11c9359db07f3e
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=c51de6cfaec75b21566374158f25e1734c3a94cb
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=0aba8b8fd8053ae323f15d736d1762b2161c76a6
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=60d551a748236d7f4651a4ae88d5a351f7c5754b
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=bf5a5346ae04b9d2a5b0356ca75f11dcc8d94789
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=5761493cbaf7a7d608a3b68f4d61aaa822dbeb4f
+ NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ae2b27cc011f47f0289cb24a11f2d4f1db711f8a
+CVE-2021-35515 (When reading a specially crafted 7Z archive, the construction of the l ...)
+ - libcommons-compress-java 1.21-1 (bug #991041)
+ [bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
+ [buster] - libcommons-compress-java <no-dsa> (Minor issue)
+ [stretch] - libcommons-compress-java <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/1
+ NOTE: Fixed by https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=3fe6b42110dc56d0d6fe0aaf80cfecb8feea5321
+CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the t ...)
+ NOT-FOR-US: Narou
+CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when the antiscript feature is used. ...)
+ - node-mermaid 8.7.0+ds+~cs27.17.17-3 (bug #990449)
+ NOTE: https://github.com/mermaid-js/mermaid/issues/2122
+ NOTE: https://github.com/mermaid-js/mermaid/pull/2123
+CVE-2021-35512 (An SSRF issue was discovered in Zoho ManageEngine Applications Manager ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-35511
+ RESERVED
+CVE-2021-35510
+ RESERVED
+CVE-2021-35509
+ RESERVED
+CVE-2021-35508 (NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to ex ...)
+ NOT-FOR-US: TeraRecon AQNetClient
+CVE-2021-35507
+ RESERVED
+CVE-2021-35506 (Afian FileRun 2021.03.26 allows XSS when an administrator encounters a ...)
+ NOT-FOR-US: Afian FileRun
+CVE-2021-35505 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...)
+ NOT-FOR-US: Afian FileRun
+CVE-2021-35504 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...)
+ NOT-FOR-US: Afian FileRun
+CVE-2021-35503 (Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For ...)
+ NOT-FOR-US: Afian FileRun
+CVE-2021-35502 (app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp ...)
+ NOT-FOR-US: MISP
+CVE-2021-3622 (A flaw was found in the hivex library. This flaw allows an attacker to ...)
+ - hivex 1.3.21-1 (bug #991860)
+ [bullseye] - hivex <no-dsa> (Minor issue)
+ [buster] - hivex <no-dsa> (Minor issue)
+ [stretch] - hivex <no-dsa> (Minor issue)
+ NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html
+ NOTE: https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255
+CVE-2021-35501 (PandoraFMS &lt;=7.54 allows Stored XSS by placing a payload in the nam ...)
+ NOT-FOR-US: PandoraFMS
+CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable to s ...)
+ {DLA-2758-1}
+ - sssd 2.5.2-1 (bug #992710)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
+ NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe
+ NOTE: Introduced by https://github.com/SSSD/sssd/commit/e157b9f6cb370e1b94bcac2044d26ad66d640fba (v1.13.91)
+CVE-2021-3620
+ RESERVED
+ - ansible <unfixed>
+ [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ - ansible-base <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767
+CVE-2021-35500 (The Data Virtualization Server component of TIBCO Software Inc.'s TIBC ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus cont ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35495 (The Scheduler Connection component of TIBCO Software Inc.'s TIBCO Jasp ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35494 (The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-35493 (The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO ...)
+ NOT-FOR-US: WebFOCUS
+CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...)
+ NOT-FOR-US: Rapid7 Velociraptor
+CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, ...)
+ NOT-FOR-US: Wowza Streaming Engine
+CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...)
+ NOT-FOR-US: Wowza Streaming Engine
+CVE-2021-35490 (Thruk before 2.44 allows XSS for a quick command. ...)
+ NOT-FOR-US: Thruk
+CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&amp;host={HOSTN ...)
+ NOT-FOR-US: Thruk
+CVE-2021-35488 (Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&amp;titl ...)
+ NOT-FOR-US: Thruk
+CVE-2021-35487
+ RESERVED
+CVE-2021-35486
+ RESERVED
+CVE-2021-35485
+ RESERVED
+CVE-2021-35484
+ RESERVED
+CVE-2021-35483
+ RESERVED
+CVE-2021-35482 (An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4. ...)
+ NOT-FOR-US: Barco MirrorOp Windows Sender
+CVE-2021-35481
+ RESERVED
+CVE-2021-35480
+ RESERVED
+CVE-2021-35479 (Nagios Log Server before 2.1.9 contains Stored XSS in the custom colum ...)
+ NOT-FOR-US: Nagios Log Server
+CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown ...)
+ NOT-FOR-US: Nagios Log Server
+CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...)
+ {DLA-2785-1}
+ - linux 5.10.46-4
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
+CVE-2021-35476
+ RESERVED
+CVE-2021-35475 (SAS Environment Manager 2.5 allows XSS through the Name field when cre ...)
+ NOT-FOR-US: SAS Environment Manager
+CVE-2021-3618
+ RESERVED
+ - nginx <unfixed> (bug #991328)
+ [bullseye] - nginx <no-dsa> (Minor issue)
+ [buster] - nginx <no-dsa> (Minor issue)
+ [stretch] - nginx <no-dsa> (Minor issue)
+ - vsftpd <unfixed> (bug #991329)
+ [bullseye] - vsftpd <no-dsa> (Minor issue)
+ [buster] - vsftpd <no-dsa> (Minor issue)
+ [stretch] - vsftpd <no-dsa> (Minor issue)
+ [experimental] - sendmail 8.16.1-1
+ - sendmail <unfixed> (bug #991331)
+ [bullseye] - sendmail <no-dsa> (Minor issue)
+ [buster] - sendmail <no-dsa> (Minor issue)
+ [stretch] - sendmail <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975623
+ NOTE: https://alpaca-attack.com/
+ NOTE: Generic TLS protocol issue, some applications have released mitigations:
+ NOTE: nginx: http://hg.nginx.org/nginx/rev/ec1071830799
+ NOTE: vsftpd: https://security.appspot.com/vsftpd/Changelog.txt (3.0.4)
+ NOTE: * Close the control connection after 10 unknown commands pre-login.
+ NOTE: * Reject any TLS ALPN advertisement that's not 'ftp'.
+ NOTE: * Add ssl_sni_hostname option to require a match on incoming SNI hostname.
+ NOTE: sendmail: Fixed in 3.16.1: https://marc.info/?l=sendmail-announce&m=159394546814125&w=2
+ NOTE: exim4 has config option: https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html
+CVE-2021-3617 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3616 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3615 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3614 (A vulnerability was reported on some Lenovo Notebook systems that coul ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache ...)
+ {DSA-4957-1}
+ - trafficserver 8.1.1+ds-1.1 (bug #990303)
+ NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/commit/5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b (master)
+ NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x)
+CVE-2021-35473 [Access token lifetime is not verified with OAuth2 Handler]
+ RESERVED
+ - lemonldap-ng 2.0.11+ds-4
+ [buster] - lemonldap-ng <not-affected> (OAuth2 Handler introduced later)
+ [stretch] - lemonldap-ng <not-affected> (OAuth2 Handler introduced later)
+ NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549
+CVE-2021-35472 (An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache ...)
+ {DSA-4943-1}
+ - lemonldap-ng 2.0.11+ds-4
+ [stretch] - lemonldap-ng <not-affected> (Vulnerable code not present; updateSession doesn't use in-memory cache)
+ NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539
+CVE-2021-35471
+ RESERVED
+CVE-2021-35470
+ RESERVED
+CVE-2021-35469 (The Lexmark Printer Software G2, G3 and G4 Installation Packages have ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-35468
+ RESERVED
+CVE-2021-35467
+ RESERVED
+CVE-2021-35466
+ RESERVED
+CVE-2021-35465 (Certain Arm products before 2021-08-23 do not properly consider the ef ...)
+ NOT-FOR-US: ARM
+CVE-2021-35464 (ForgeRock AM server before 7.0 has a Java deserialization vulnerabilit ...)
+ NOT-FOR-US: ForgeRock
+CVE-2021-35463 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...)
+ NOT-FOR-US: Liferay
+CVE-2021-35462
+ RESERVED
+CVE-2021-35461
+ RESERVED
+CVE-2021-35460
+ RESERVED
+CVE-2021-35459
+ RESERVED
+CVE-2021-35458 (Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in pro ...)
+ NOT-FOR-US: Online Pet Shop We App
+CVE-2021-35457
+ RESERVED
+CVE-2021-35456 (Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and s ...)
+ NOT-FOR-US: Online Pet Shop We App
+CVE-2021-35455
+ RESERVED
+CVE-2021-35454
+ RESERVED
+CVE-2021-35453
+ RESERVED
+CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...)
+ - libde265 <unfixed>
+ NOTE: https://github.com/strukturag/libde265/issues/298
+CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenti ...)
+ NOT-FOR-US: Teradici PCoIP Management Console-Enterprise
+CVE-2021-35450 (A Server Side Template Injection in the Entando Admin Console 6.3.9 an ...)
+ NOT-FOR-US: Entando Admin Console
+CVE-2021-35449 (The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driv ...)
+ NOT-FOR-US: Lexmark
+CVE-2021-35448 (Emote Interactive Remote Mouse 3.008 on Windows allows attackers to ex ...)
+ NOT-FOR-US: Emote Interactive Remote Mouse on Windows
+CVE-2021-35447
+ RESERVED
+CVE-2021-35446
+ RESERVED
+CVE-2021-35445
+ RESERVED
+CVE-2021-35444
+ RESERVED
+CVE-2021-35443
+ RESERVED
+CVE-2021-35442
+ RESERVED
+CVE-2021-35441
+ RESERVED
+CVE-2021-35440 (Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for ...)
+ NOT-FOR-US: Smashing
+CVE-2021-35439
+ RESERVED
+CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-re ...)
+ - phpipam <itp> (bug #731713)
+ NOTE: https://github.com/phpipam/phpipam/issues/3351
+CVE-2021-35437
+ RESERVED
+CVE-2021-35436
+ RESERVED
+CVE-2021-35435
+ RESERVED
+CVE-2021-35434
+ RESERVED
+CVE-2021-35433
+ RESERVED
+CVE-2021-35432
+ RESERVED
+CVE-2021-35431
+ RESERVED
+CVE-2021-35430
+ RESERVED
+CVE-2021-35429
+ RESERVED
+CVE-2021-35428
+ RESERVED
+CVE-2021-35427
+ RESERVED
+CVE-2021-35426
+ RESERVED
+CVE-2021-35425
+ RESERVED
+CVE-2021-35424
+ RESERVED
+CVE-2021-35423
+ RESERVED
+CVE-2021-35422
+ RESERVED
+CVE-2021-35421
+ RESERVED
+CVE-2021-35420
+ RESERVED
+CVE-2021-35419
+ RESERVED
+CVE-2021-35418
+ RESERVED
+CVE-2021-35417
+ RESERVED
+CVE-2021-35416
+ RESERVED
+CVE-2021-35415 (A stored cross-site scripting (XSS) vulnerability allows attackers to ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-35414 (Chamilo LMS v1.11.x was discovered to contain a SQL injection via the ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-35413 (A remote code execution (RCE) vulnerability in course_intro_pdf_import ...)
+ NOT-FOR-US: Chamilo LMS
+CVE-2021-35412
+ RESERVED
+CVE-2021-35411
+ RESERVED
+CVE-2021-35410
+ RESERVED
+CVE-2021-35409
+ RESERVED
+CVE-2021-35408
+ RESERVED
+CVE-2021-35407
+ RESERVED
+CVE-2021-35406
+ RESERVED
+CVE-2021-35405
+ RESERVED
+CVE-2021-35404
+ RESERVED
+CVE-2021-35403
+ RESERVED
+CVE-2021-35402
+ RESERVED
+CVE-2021-35401
+ RESERVED
+CVE-2021-35400
+ RESERVED
+CVE-2021-35399
+ RESERVED
+CVE-2021-35398
+ RESERVED
+CVE-2021-35397 (A path traversal vulnerability in the static router for Drogon from 1. ...)
+ NOT-FOR-US: Drogon
+CVE-2021-35396
+ RESERVED
+CVE-2021-35395 (Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web se ...)
+ NOT-FOR-US: Realtek Jungle SDK
+CVE-2021-35394 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic t ...)
+ NOT-FOR-US: Realtek Jungle SDK
+CVE-2021-35393 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...)
+ NOT-FOR-US: Realtek Jungle SDK
+CVE-2021-35392 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...)
+ NOT-FOR-US: Realtek Jungle SDK
+CVE-2021-35391
+ RESERVED
+CVE-2021-35390
+ RESERVED
+CVE-2021-35389
+ RESERVED
+CVE-2021-35388
+ RESERVED
+CVE-2021-35387
+ RESERVED
+CVE-2021-35386
+ RESERVED
+CVE-2021-35385
+ RESERVED
+CVE-2021-35384
+ RESERVED
+CVE-2021-35383
+ RESERVED
+CVE-2021-35382
+ RESERVED
+CVE-2021-35381
+ RESERVED
+CVE-2021-35380 (A Directory Traversal vulnerability exists in Solari di Udine TermTalk ...)
+ NOT-FOR-US: Solari di Udine TermTalk Server (TTServer)
+CVE-2021-35379
+ RESERVED
+CVE-2021-35378
+ RESERVED
+CVE-2021-35377
+ RESERVED
+CVE-2021-35376
+ RESERVED
+CVE-2021-35375
+ RESERVED
+CVE-2021-35374
+ RESERVED
+CVE-2021-35373
+ RESERVED
+CVE-2021-35372
+ RESERVED
+CVE-2021-35371
+ RESERVED
+CVE-2021-35370
+ RESERVED
+CVE-2021-35369
+ RESERVED
+CVE-2021-35368 (OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1 ...)
+ - modsecurity-crs 3.3.2-1 (bug #992000)
+ [bullseye] - modsecurity-crs 3.3.0-1+deb11u1
+ [buster] - modsecurity-crs 3.1.0-1+deb10u2
+ [stretch] - modsecurity-crs <no-dsa> (Minor issue)
+ NOTE: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/
+ NOTE: https://github.com/coreruleset/coreruleset/pull/2143
+ NOTE: https://github.com/coreruleset/coreruleset/commit/132c19c8f21c8cd4d3cd484d4f34ef786ee39b05 (v3.4-dev)
+ NOTE: Introduced by https://github.com/coreruleset/coreruleset/commit/b3995e5d332be9f2445ee91b6e1366440bdbe109 (v3.0.0-rc2)
+CVE-2021-35367
+ RESERVED
+CVE-2021-35366
+ RESERVED
+CVE-2021-35365
+ RESERVED
+CVE-2021-35364
+ RESERVED
+CVE-2021-35363
+ RESERVED
+CVE-2021-35362
+ RESERVED
+CVE-2021-35361 (A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/l ...)
+ NOT-FOR-US: dotCMS
+CVE-2021-35360 (A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/c ...)
+ NOT-FOR-US: dotCMS
+CVE-2021-35359
+ RESERVED
+CVE-2021-35358 (A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Im ...)
+ NOT-FOR-US: dotCMS
+CVE-2021-35357
+ RESERVED
+CVE-2021-35356
+ RESERVED
+CVE-2021-35355
+ RESERVED
+CVE-2021-35354
+ RESERVED
+CVE-2021-35353
+ RESERVED
+CVE-2021-35352
+ RESERVED
+CVE-2021-35351
+ RESERVED
+CVE-2021-35350
+ RESERVED
+CVE-2021-35349
+ RESERVED
+CVE-2021-35348
+ RESERVED
+CVE-2021-35347
+ RESERVED
+CVE-2021-35346 (tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-35345
+ RESERVED
+CVE-2021-35344 (tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-35343 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-35342 (The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x b ...)
+ NOT-FOR-US: Northern.tech
+CVE-2021-35341
+ RESERVED
+CVE-2021-35340
+ RESERVED
+CVE-2021-35339
+ RESERVED
+CVE-2021-35338
+ RESERVED
+CVE-2021-35337 (Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable t ...)
+ NOT-FOR-US: Sourcecodester Phone Shop Sales Managements System
+CVE-2021-35336 (Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Ac ...)
+ NOT-FOR-US: Tieline IP Audio Gateway
+CVE-2021-35335
+ RESERVED
+CVE-2021-35334
+ RESERVED
+CVE-2021-35333
+ RESERVED
+CVE-2021-35332
+ RESERVED
+CVE-2021-35331 (** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehl ...)
+ - tcl8.6 <unfixed> (unimportant)
+ NOTE: https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2
+ NOTE: https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280
+ NOTE: https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222
+ NOTE: https://sqlite.org/forum/info/7dcd751996c93ec9
+ NOTE: Various other sources would embedd a copy as well, but the security impact of
+ NOTE: the issue tself for tcl is disputed in its significance.
+CVE-2021-35330
+ RESERVED
+CVE-2021-35329
+ RESERVED
+CVE-2021-35328
+ RESERVED
+CVE-2021-35327 (A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B2020091 ...)
+ NOT-FOR-US: TOTOLINK A720R A720R_Firmware
+CVE-2021-35326 (A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B2 ...)
+ NOT-FOR-US: TOTOLINK A720R router firmware
+CVE-2021-35325 (A stack overflow in the checkLoginUser function of TOTOLINK A720R A720 ...)
+ NOT-FOR-US: TOTOLINK A720R A720R_Firmware
+CVE-2021-35324 (A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Fir ...)
+ NOT-FOR-US: TOTOLINK A720R A720R_Firmware
+CVE-2021-35323 (Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via t ...)
+ NOT-FOR-US: bludit
+CVE-2021-35322
+ RESERVED
+CVE-2021-35321
+ RESERVED
+CVE-2021-35320
+ RESERVED
+CVE-2021-35319
+ RESERVED
+CVE-2021-35318
+ RESERVED
+CVE-2021-35317
+ RESERVED
+CVE-2021-35316
+ RESERVED
+CVE-2021-35315
+ RESERVED
+CVE-2021-35314
+ RESERVED
+CVE-2021-35313
+ REJECTED
+CVE-2021-35312 (A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. ...)
+ NOT-FOR-US: Amica Prodigy
+CVE-2021-35311
+ RESERVED
+CVE-2021-35310
+ RESERVED
+CVE-2021-35309
+ RESERVED
+CVE-2021-35308
+ RESERVED
+CVE-2021-35307 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...)
+ NOT-FOR-US: Bento4
+CVE-2021-35306 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...)
+ NOT-FOR-US: Bento4
+CVE-2021-35305
+ RESERVED
+CVE-2021-35304
+ RESERVED
+CVE-2021-35303 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-35302 (Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0. ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-35301 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote att ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-35300 (Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0. ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-35299 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...)
+ - zammad <itp> (bug #841355)
+CVE-2021-35297 (Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remo ...)
+ NOT-FOR-US: Scalabium dBase Viewer
+CVE-2021-35296 (An issue in the administrator authentication panel of PTCL HG150-Ub v3 ...)
+ NOT-FOR-US: PTCL HG150-Ub
+CVE-2021-35295
+ RESERVED
+CVE-2021-35294
+ RESERVED
+CVE-2021-35293
+ RESERVED
+CVE-2021-35292
+ RESERVED
+CVE-2021-35291
+ RESERVED
+CVE-2021-35290
+ RESERVED
+CVE-2021-35289
+ RESERVED
+CVE-2021-35288
+ RESERVED
+CVE-2021-35287
+ RESERVED
+CVE-2021-35286
+ RESERVED
+CVE-2021-35285
+ RESERVED
+CVE-2021-35284
+ RESERVED
+CVE-2021-35283
+ RESERVED
+CVE-2021-35282
+ RESERVED
+CVE-2021-35281
+ RESERVED
+CVE-2021-35280
+ RESERVED
+CVE-2021-35279
+ RESERVED
+CVE-2021-35278
+ RESERVED
+CVE-2021-35277
+ RESERVED
+CVE-2021-35276
+ RESERVED
+CVE-2021-35275
+ RESERVED
+CVE-2021-35274
+ RESERVED
+CVE-2021-35273
+ RESERVED
+CVE-2021-35272
+ RESERVED
+CVE-2021-35271
+ RESERVED
+CVE-2021-35270
+ RESERVED
+CVE-2021-35269 (NTFS-3G versions &lt; 2021.8.22, when a specially crafted NTFS attribu ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-35268 (In NTFS-3G versions &lt; 2021.8.22, when a specially crafted NTFS inod ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-35267 (NTFS-3G versions &lt; 2021.8.22, a stack buffer overflow can occur whe ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-35266 (In NTFS-3G versions &lt; 2021.8.22, when a specially crafted NTFS inod ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-35265 (A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS be ...)
+ NOT-FOR-US: MaxSite CMS
+CVE-2021-35264
+ RESERVED
+CVE-2021-35263
+ RESERVED
+CVE-2021-35262
+ RESERVED
+CVE-2021-35261
+ RESERVED
+CVE-2021-35260
+ RESERVED
+CVE-2021-35259
+ RESERVED
+CVE-2021-35258
+ RESERVED
+CVE-2021-35257
+ RESERVED
+CVE-2021-35256
+ RESERVED
+CVE-2021-35255
+ RESERVED
+CVE-2021-35254
+ RESERVED
+CVE-2021-35253
+ RESERVED
+CVE-2021-35252
+ RESERVED
+CVE-2021-35251
+ RESERVED
+CVE-2021-35250
+ RESERVED
+CVE-2021-35249
+ RESERVED
+CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35246
+ RESERVED
+CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35244 (The "Log alert to a file" action within action management enables any ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35243 (The HTTP PUT and DELETE methods were enabled in the Web Help Desk web ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35242 (Serv-U server responds with valid CSRFToken when the request contains ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35241
+ RESERVED
+CVE-2021-35240 (A security researcher stored XSS via a Help Server setting. This affec ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35239 (A security researcher found a user with Orion map manage rights could ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through URL POST ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35237 (A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left ...)
+ NOT-FOR-US: Kiwi Syslog Server
+CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7 ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server ...)
+ NOT-FOR-US: Kiwi Syslog Server
+CVE-2021-35234 (Numerous exposed dangerous functions within Orion Core has allows for ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35233 (The HTTP TRACK &amp; TRACE methods were enabled in Kiwi Syslog Server ...)
+ NOT-FOR-US: Kiwi Syslog Server
+CVE-2021-35232 (Hard coded credentials discovered in SolarWinds Web Help Desk product. ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...)
+ NOT-FOR-US: Kiwi Syslog Server Installation Wizard
+CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...)
+ NOT-FOR-US: Kiwi CatTools Installation Wizard
+CVE-2021-35229
+ RESERVED
+CVE-2021-35228 (This vulnerability occurred due to missing input sanitization for one ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35226
+ RESERVED
+CVE-2021-35225 (Each authenticated Orion Platform user in a MSP (Managed Service Provi ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35224
+ RESERVED
+CVE-2021-35223 (The Serv-U File Server allows for events such as user login failures t ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35222 (This vulnerability allows attackers to impersonate users and perform a ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35221 (Improper Access Control Tampering Vulnerability using ImportAlert func ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35220 (Command Injection vulnerability in EmailWebPage API which can lead to ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerabilit ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35218 (Deserialization of Untrusted Data in the Web Console Chart Endpoint ca ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35217 (Insecure Deseralization of untrusted data remote code execution vulner ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution vulne ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35214 (The vulnerability in SolarWinds Pingdom can be described as a failure ...)
+ NOT-FOR-US: Solarwinds
+CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was discovered in ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-35211 (Microsoft discovered a remote code execution (RCE) vulnerability in th ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-3613 (OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitra ...)
+ NOT-FOR-US: OpenVPN Connect
+CVE-2021-35210 (Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x be ...)
+ NOT-FOR-US: Contao CMS
+CVE-2021-35209 (An issue was discovered in ProxyServlet.java in the /proxy servlet in ...)
+ NOT-FOR-US: Zimbra
+CVE-2021-35208 (An issue was discovered in ZmMailMsgView.js in the Calendar Invite com ...)
+ NOT-FOR-US: Zimbra
+CVE-2021-35207 (An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.1 ...)
+ NOT-FOR-US: Zimbra
+CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects. ...)
+ NOT-FOR-US: Gitpod
+CVE-2021-35205 (NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redire ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35204 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Si ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35203 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Rea ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35202 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypa ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35201 (NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35200 (NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to a ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35199 (NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-S ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35198 (NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-S ...)
+ NOT-FOR-US: NETSCOUT
+CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and ...)
+ {DSA-4979-1 DLA-2779-1}
+ - mediawiki 1:1.35.3-1
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/
+ NOTE: https://phabricator.wikimedia.org/T280226
+CVE-2021-35196 (** DISPUTED ** Manuskript through 0.12.0 allows remote attackers to ex ...)
+ - manuskript <unfixed> (bug #990366)
+ [bullseye] - manuskript <no-dsa> (Minor issue)
+ [buster] - manuskript <no-dsa> (Minor issue)
+ NOTE: https://github.com/olivierkes/manuskript/issues/891
+CVE-2021-35195
+ RESERVED
+CVE-2021-35194
+ RESERVED
+CVE-2021-35193 (Patterson Application Service in Patterson Eaglesoft 18 through 21 acc ...)
+ NOT-FOR-US: Patterson Eaglesoft
+CVE-2021-35192
+ RESERVED
+CVE-2021-35191
+ RESERVED
+CVE-2021-35190
+ RESERVED
+CVE-2021-35189
+ RESERVED
+CVE-2021-35188
+ RESERVED
+CVE-2021-35187
+ RESERVED
+CVE-2021-35186
+ RESERVED
+CVE-2021-35185
+ RESERVED
+CVE-2021-35184
+ RESERVED
+CVE-2021-35183
+ RESERVED
+CVE-2021-35182
+ RESERVED
+CVE-2021-35181
+ RESERVED
+CVE-2021-35180
+ RESERVED
+CVE-2021-35179
+ RESERVED
+CVE-2021-35178
+ RESERVED
+CVE-2021-35177
+ RESERVED
+CVE-2021-35176
+ RESERVED
+CVE-2021-35175
+ RESERVED
+CVE-2021-35174
+ RESERVED
+CVE-2021-35173
+ RESERVED
+CVE-2021-35172
+ RESERVED
+CVE-2021-35171
+ RESERVED
+CVE-2021-35170
+ RESERVED
+CVE-2021-35169
+ RESERVED
+CVE-2021-35168
+ RESERVED
+CVE-2021-35167
+ RESERVED
+CVE-2021-35166
+ RESERVED
+CVE-2021-35165
+ RESERVED
+CVE-2021-35164
+ RESERVED
+CVE-2021-35163
+ RESERVED
+CVE-2021-35162
+ RESERVED
+CVE-2021-35161
+ RESERVED
+CVE-2021-35160
+ RESERVED
+CVE-2021-35159
+ RESERVED
+CVE-2021-35158
+ RESERVED
+CVE-2021-35157
+ RESERVED
+CVE-2021-35156
+ RESERVED
+CVE-2021-35155
+ RESERVED
+CVE-2021-35154
+ RESERVED
+CVE-2021-35153
+ RESERVED
+CVE-2021-35152
+ RESERVED
+CVE-2021-35151
+ RESERVED
+CVE-2021-35150
+ RESERVED
+CVE-2021-35149
+ RESERVED
+CVE-2021-35148
+ RESERVED
+CVE-2021-35147
+ RESERVED
+CVE-2021-35146
+ RESERVED
+CVE-2021-35145
+ RESERVED
+CVE-2021-35144
+ RESERVED
+CVE-2021-35143
+ RESERVED
+CVE-2021-35142
+ RESERVED
+CVE-2021-35141
+ RESERVED
+CVE-2021-35140
+ RESERVED
+CVE-2021-35139
+ RESERVED
+CVE-2021-35138
+ RESERVED
+CVE-2021-35137
+ RESERVED
+CVE-2021-35136
+ RESERVED
+CVE-2021-35135
+ RESERVED
+CVE-2021-35134
+ RESERVED
+CVE-2021-35133
+ RESERVED
+CVE-2021-35132
+ RESERVED
+CVE-2021-35131
+ RESERVED
+CVE-2021-35130
+ RESERVED
+CVE-2021-35129
+ RESERVED
+CVE-2021-35128
+ RESERVED
+CVE-2021-35127
+ RESERVED
+CVE-2021-35126
+ RESERVED
+CVE-2021-35125
+ RESERVED
+CVE-2021-35124
+ RESERVED
+CVE-2021-35123
+ RESERVED
+CVE-2021-35122
+ RESERVED
+CVE-2021-35121
+ RESERVED
+CVE-2021-35120
+ RESERVED
+CVE-2021-35119
+ RESERVED
+CVE-2021-35118
+ RESERVED
+CVE-2021-35117
+ RESERVED
+CVE-2021-35116
+ RESERVED
+CVE-2021-35115
+ RESERVED
+CVE-2021-35114
+ RESERVED
+CVE-2021-35113
+ RESERVED
+CVE-2021-35112
+ RESERVED
+CVE-2021-35111
+ RESERVED
+CVE-2021-35110
+ RESERVED
+CVE-2021-35109
+ RESERVED
+CVE-2021-35108
+ RESERVED
+CVE-2021-35107
+ RESERVED
+CVE-2021-35106
+ RESERVED
+CVE-2021-35105
+ RESERVED
+CVE-2021-35104
+ RESERVED
+CVE-2021-35103
+ RESERVED
+CVE-2021-35102
+ RESERVED
+CVE-2021-35101
+ RESERVED
+CVE-2021-35100
+ RESERVED
+CVE-2021-35099
+ RESERVED
+CVE-2021-35098
+ RESERVED
+CVE-2021-35097
+ RESERVED
+CVE-2021-35096
+ RESERVED
+CVE-2021-35095
+ RESERVED
+CVE-2021-35094
+ RESERVED
+CVE-2021-35093 (Possible memory corruption in BT controller when it receives an oversi ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35092
+ RESERVED
+CVE-2021-35091
+ RESERVED
+CVE-2021-35090
+ RESERVED
+CVE-2021-35089
+ RESERVED
+CVE-2021-35088
+ RESERVED
+CVE-2021-35087
+ RESERVED
+CVE-2021-35086
+ RESERVED
+CVE-2021-35085
+ RESERVED
+CVE-2021-35084
+ RESERVED
+CVE-2021-35083
+ RESERVED
+CVE-2021-35082
+ RESERVED
+CVE-2021-35081
+ RESERVED
+CVE-2021-35080
+ RESERVED
+CVE-2021-35079
+ RESERVED
+CVE-2021-35078
+ RESERVED
+CVE-2021-35077 (Possible use after free scenario in compute offloads to DSP while mult ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35076
+ RESERVED
+CVE-2021-35075 (Possible null pointer dereference due to lack of WDOG structure valida ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35074 (Possible integer overflow due to improper fragment datatype while calc ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35073
+ RESERVED
+CVE-2021-35072
+ RESERVED
+CVE-2021-35071
+ RESERVED
+CVE-2021-35070
+ RESERVED
+CVE-2021-35069 (Improper validation of data length received from DMA buffer can lead t ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35068 (Lack of null check while freeing the device information buffer in the ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay the sam ...)
+ NOT-FOR-US: Meross MSG100 devices
+CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.10.46-3
+ [buster] - linux 4.19.208-1
+ NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/
+CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.13 ...)
+ NOT-FOR-US: ConnectWise Automate
+CVE-2021-35065
+ RESERVED
+CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege escalation thro ...)
+ NOT-FOR-US: KramerAV VIAWare
+CVE-2021-35063 (Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion." ...)
+ [experimental] - suricata 1:6.0.3-1~exp1
+ - suricata 1:6.0.1-3 (bug #990835)
+ [buster] - suricata <no-dsa> (Minor issue)
+ [stretch] - suricata <no-dsa> (Minor issue)
+ NOTE: https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489
+CVE-2021-35062 (A Shell Metacharacter Injection vulnerability in result.php in DRK Ode ...)
+ NOT-FOR-US: DRK Odenwaldkreis Testerfassung
+CVE-2021-35061 (Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkre ...)
+ NOT-FOR-US: DRK Odenwaldkreis Testerfassung
+CVE-2021-35060 (/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthe ...)
+ NOT-FOR-US: OpenWay WAY4 ACS
+CVE-2021-35059 (OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enrol ...)
+ NOT-FOR-US: OpenWay WAY4 ACS
+CVE-2021-35058
+ RESERVED
+CVE-2021-35057
+ RESERVED
+CVE-2021-35056 (Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an un ...)
+ NOT-FOR-US: Unisys
+CVE-2021-35055 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-35054 (Minecraft before 1.17.1, when online-mode=false is configured, allows ...)
+ NOT-FOR-US: Minecraft
+CVE-2021-3611 [QEMU: intel-hda: segmentation fault due to stack overflow]
+ RESERVED
+ - qemu <unfixed> (bug #990562)
+ [bullseye] - qemu <no-dsa> (Minor issue)
+ [buster] - qemu <not-affected> (Vulnerable code introduced later)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1907497
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/542
+ NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10 (v5.0.0-rc0)
+ NOTE: Proposed fix: https://lore.kernel.org/qemu-devel/20211218160912.1591633-1-philmd@redhat.com/
+CVE-2021-3610 [heap-based buffer overflow in ReadTIFFImage() in coders/tiff.c]
+ RESERVED
+ - imagemagick <not-affected> (Specific to Imagemagick 7)
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3
+CVE-2021-35053 (Possible system denial of service in case of arbitrary changing Firefo ...)
+ NOT-FOR-US: Kaspersky
+CVE-2021-35052 (A component in Kaspersky Password Manager could allow an attacker to e ...)
+ NOT-FOR-US: Kaspersky
+CVE-2021-35051
+ RESERVED
+CVE-2021-35050 (User credentials stored in a recoverable format within Fidelis Network ...)
+ NOT-FOR-US: Fidelis
+CVE-2021-35049 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...)
+ NOT-FOR-US: Fidelis
+CVE-2021-35048 (Vulnerability in Fidelis Network and Deception CommandPost enables una ...)
+ NOT-FOR-US: Fidelis
+CVE-2021-35047 (Vulnerability in the CommandPost, Collector, and Sensor components of ...)
+ NOT-FOR-US: Fidelis
+CVE-2021-35046 (A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS w ...)
+ NOT-FOR-US: Ice Hrm
+CVE-2021-35045 (Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows ...)
+ NOT-FOR-US: Ice Hrm
+CVE-2021-35044
+ RESERVED
+CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using ...)
+ NOT-FOR-US: OWASP AntiSamy
+CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...)
+ - python-django <not-affected> (Vulnerable code introduced in 3.1)
+ NOTE: https://www.djangoproject.com/weblog/2021/jul/01/security-releases/
+ NOTE: Issue did affect only the experimental version and fixed in 2:3.2.5-1
+CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing w ...)
+ NOT-FOR-US: FISCO-BCOS
+CVE-2021-3609
+ RESERVED
+ {DSA-4941-1 DLA-2714-1 DLA-2713-1}
+ - linux 5.10.46-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/19/1
+CVE-2021-35040
+ RESERVED
+CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Signatur ...)
+ {DLA-2785-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/3
+ NOTE: https://git.kernel.org/linus/0c18f29aae7ce3dadd26d8ee3505d07cc982df75
+CVE-2021-35038
+ RESERVED
+CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnera ...)
+ NOT-FOR-US: Jamf Pro
+CVE-2021-35036
+ RESERVED
+CVE-2021-35035 (A cleartext storage of sensitive information vulnerability in the Zyxe ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35034 (An insufficient session expiration vulnerability in the CGI program of ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35031 (A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XG ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8 firmwar ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35029 (An authentication bypasss vulnerability in the web-based management in ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35028 (A command injection vulnerability in the CGI program of the Zyxel VPN2 ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35027 (A directory traversal vulnerability in the web server of the Zyxel VPN ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-35026
+ RESERVED
+CVE-2021-35025
+ RESERVED
+CVE-2021-35024
+ RESERVED
+CVE-2021-35023
+ RESERVED
+CVE-2021-35022
+ RESERVED
+CVE-2021-35021
+ RESERVED
+CVE-2021-35020
+ RESERVED
+CVE-2021-35019
+ RESERVED
+CVE-2021-35018
+ RESERVED
+CVE-2021-35017
+ RESERVED
+CVE-2021-35016
+ RESERVED
+CVE-2021-35015
+ RESERVED
+CVE-2021-35014
+ RESERVED
+CVE-2021-35013
+ RESERVED
+CVE-2021-35012
+ RESERVED
+CVE-2021-35011
+ RESERVED
+CVE-2021-35010
+ RESERVED
+CVE-2021-35009
+ RESERVED
+CVE-2021-35008
+ RESERVED
+CVE-2021-35007
+ RESERVED
+CVE-2021-35006
+ RESERVED
+CVE-2021-35005 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: TeamViewer
+CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-35002
+ RESERVED
+CVE-2021-35001
+ RESERVED
+CVE-2021-35000
+ RESERVED
+CVE-2021-34999
+ RESERVED
+CVE-2021-34998 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Panda Security Free Antivirus
+CVE-2021-34997 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34996 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34995 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34994 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34993 (This vulnerability allows remote attackers to bypass authentication on ...)
+ NOT-FOR-US: Commvault CommCell
+CVE-2021-34992 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Orckestra C1 CMS
+CVE-2021-34991 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34990
+ RESERVED
+CVE-2021-34989
+ RESERVED
+CVE-2021-34988
+ RESERVED
+CVE-2021-34987
+ RESERVED
+CVE-2021-34986
+ RESERVED
+CVE-2021-34985 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley ContextCapture
+CVE-2021-34984 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley ContextCapture
+CVE-2021-34983
+ RESERVED
+CVE-2021-34982
+ RESERVED
+CVE-2021-34981 [Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability]
+ RESERVED
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-1223/
+ NOTE: https://git.kernel.org/linus/3cfdf8fcaafa62a4123f92eb0f4a72650da3a479 (5.14-rc1)
+CVE-2021-34980 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34979 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34978 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34977 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34976
+ RESERVED
+CVE-2021-34975
+ RESERVED
+CVE-2021-34974
+ RESERVED
+CVE-2021-34973
+ RESERVED
+CVE-2021-34972
+ RESERVED
+CVE-2021-34971
+ RESERVED
+CVE-2021-34970
+ RESERVED
+CVE-2021-34969
+ RESERVED
+CVE-2021-34968
+ RESERVED
+CVE-2021-34967
+ RESERVED
+CVE-2021-34966
+ RESERVED
+CVE-2021-34965
+ RESERVED
+CVE-2021-34964
+ RESERVED
+CVE-2021-34963
+ RESERVED
+CVE-2021-34962
+ RESERVED
+CVE-2021-34961
+ RESERVED
+CVE-2021-34960
+ RESERVED
+CVE-2021-34959
+ RESERVED
+CVE-2021-34958
+ RESERVED
+CVE-2021-34957
+ RESERVED
+CVE-2021-34956
+ RESERVED
+CVE-2021-34955
+ RESERVED
+CVE-2021-34954
+ RESERVED
+CVE-2021-34953
+ RESERVED
+CVE-2021-34952
+ RESERVED
+CVE-2021-34951
+ RESERVED
+CVE-2021-34950
+ RESERVED
+CVE-2021-34949
+ RESERVED
+CVE-2021-34948
+ RESERVED
+CVE-2021-34947
+ RESERVED
+CVE-2021-34946 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34945 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34944 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34943 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34942 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34941 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34940 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34939 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34938 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34937 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34936 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34935 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34934 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34933 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34932 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34931 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34930 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34929 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34928 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34927 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34926 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34925 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34924 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34923 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34922 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34921 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34920 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34919 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34918 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34917 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34916 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34915 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34914 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34913 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34912 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34911 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34910 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34909 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34908 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34907 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34906 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34905 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34904 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34903 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34902 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34901 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34900 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34899 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34898 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34897 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34896 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34895 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34894 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34893 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34892 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34891 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34890 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34889 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34888 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34887 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34886 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34885 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34884 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34883 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34882 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34881 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34880 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34879 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34878 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34877 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34876 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34875 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34874 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34873 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34872 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34871 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Bentley View
+CVE-2021-34870 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34869 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34868 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34867 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34866 (This vulnerability allows local attackers to escalate privileges on af ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed by: https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14)
+CVE-2021-34865 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
+CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34862 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34861 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: TeamViewer
+CVE-2021-34858 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: TeamViewer
+CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34855 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34854 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34851 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34850 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34849 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34848 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34847 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34846 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34845 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34844 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34843 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34842 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34841 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34840 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34839 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34838 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34837 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34836 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34835 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34834 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34833 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34832 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PDF Reader
+CVE-2021-34831 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-34830 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34829 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34828 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-3608 [pvrdma: uninitialized memory unmap in pvrdma_ring_init()]
+ RESERVED
+ - qemu 1:5.2+dfsg-11 (bug #990563)
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=66ae37d8cc313f89272e711174a846a229bcdbd3
+CVE-2021-3607 [pvrdma: unchecked malloc size due to integer overflow in init_dev_ring()]
+ RESERVED
+ - qemu 1:5.2+dfsg-11 (bug #990564)
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349
+CVE-2021-3606 (OpenVPN before version 2.5.3 on Windows allows local users to load arb ...)
+ - openvpn <not-affected> (Windows-specific)
+CVE-2021-34826
+ RESERVED
+CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches withou ...)
+ - quassel 1:0.14.0-1 (bug #990567)
+ [bullseye] - quassel <no-dsa> (Minor issue)
+ [buster] - quassel <no-dsa> (Minor issue)
+ [stretch] - quassel <no-dsa> (Minor issue)
+ NOTE: https://github.com/quassel/quassel/pull/581
+ NOTE: https://bugs.quassel-irc.org/issues/1728
+ NOTE: '--require-ssl' flag added in https://github.com/quassel/quassel/pull/43
+CVE-2021-34824 (Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely explo ...)
+ NOT-FOR-US: Istio
+CVE-2021-34823 (The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 fo ...)
+ NOT-FOR-US: ON24 ScreenShare
+CVE-2021-34822
+ RESERVED
+CVE-2021-34821 (Cross Site Scripting (XSS) vulnerability exists in AAT Novus Managemen ...)
+ NOT-FOR-US: AAT Novus Management System
+CVE-2021-34820 (Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP ...)
+ NOT-FOR-US: Novus HTTP Server
+CVE-2021-34819
+ RESERVED
+CVE-2021-34818
+ RESERVED
+CVE-2021-34817 (A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1 ...)
+ - etherpad-lite <itp> (bug #576998)
+CVE-2021-34816 (An Argument Injection issue in the plugin management of Etherpad 1.8.1 ...)
+ - etherpad-lite <itp> (bug #576998)
+CVE-2021-34815 (CheckSec Canopy before 3.5.2 allows XSS attacks against the login page ...)
+ NOT-FOR-US: CheckSec Canopy
+CVE-2021-34814 (Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control ...)
+ NOT-FOR-US: Proofpoint
+CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...)
+ [experimental] - olm 3.2.3~dfsg-1
+ - olm 3.2.3~dfsg-3 (bug #989997)
+ [bullseye] - olm <no-dsa> (Minor issue)
+ [buster] - olm <no-dsa> (Minor issue)
+ NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901b
+ NOTE: https://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3
+ NOTE: https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-libolm
+CVE-2021-34812 (Use of hard-coded credentials vulnerability in php component in Synolo ...)
+ NOT-FOR-US: Synology
+CVE-2021-34811 (Server-Side Request Forgery (SSRF) vulnerability in task management co ...)
+ NOT-FOR-US: Synology
+CVE-2021-34810 (Improper privilege management vulnerability in cgi component in Synolo ...)
+ NOT-FOR-US: Synology
+CVE-2021-34809 (Improper neutralization of special elements used in a command ('Comman ...)
+ NOT-FOR-US: Synology
+CVE-2021-34808 (Server-Side Request Forgery (SSRF) vulnerability in cgi component in S ...)
+ NOT-FOR-US: Synology
+CVE-2021-34807 (An open redirect vulnerability exists in the /preauth Servlet in Zimbr ...)
+ NOT-FOR-US: Zimbra
+CVE-2021-34806
+ RESERVED
+CVE-2021-34805 (An issue was discovered in FAUST iServer before 9.0.019.019.7. For eac ...)
+ NOT-FOR-US: FAUST iServer
+CVE-2021-34804
+ RESERVED
+CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...)
+ NOT-FOR-US: TeamViewer
+CVE-2021-34802 (A failure in resetting the security context in some transaction action ...)
+ NOT-FOR-US: Neo4j
+CVE-2021-34801 (Valine 1.4.14 allows remote attackers to cause a denial of service (ap ...)
+ NOT-FOR-US: Valine
+CVE-2021-34800 (Sensitive information could be logged. The following products are affe ...)
+ NOT-FOR-US: Acronis
+CVE-2021-34799
+ RESERVED
+CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL pointer. ...)
+ {DSA-4982-1 DLA-2776-1}
+ - apache2 2.4.49-1
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-34798
+ NOTE: https://github.com/apache/httpd/commit/fa7b2a5250e54363b3a6c8ac3aaa7de4e8da9b2e (candidate-2.4.49-rc1)
+CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...)
+ NOT-FOR-US: Secure 8 (Evalos)
+CVE-2021-34797 (Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log ...)
+ NOT-FOR-US: Apache Geode
+CVE-2021-34796
+ RESERVED
+CVE-2021-34795 (Multiple vulnerabilities in the web-based management interface of the ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34794 (A vulnerability in the Simple Network Management Protocol version 3 (S ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34793 (A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appli ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34792 (A vulnerability in the memory management of Cisco Adaptive Security Ap ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34791 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34790 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34789 (A vulnerability in the web-based management interface of Cisco Tetrati ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34788 (A vulnerability in the shared library loading mechanism of Cisco AnyCo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34787 (A vulnerability in the identity-based firewall (IDFW) rule processing ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34786 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34785 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34784 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34783 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34782 (A vulnerability in the API endpoints for Cisco DNA Center could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34781 (A vulnerability in the processing of SSH connections for multi-instanc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34780 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34779 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34778 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34777 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34776 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34775 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34774 (A vulnerability in the web-based management interface of Cisco Common ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34773 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34772 (A vulnerability in the web-based management interface of Cisco Orbital ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34771 (A vulnerability in the Cisco IOS XR Software CLI could allow an authen ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34770 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34769 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34768 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34767 (A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Co ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34766 (A vulnerability in the web UI of Cisco Smart Software Manager On-Prem ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34765 (A vulnerability in the web UI for Cisco Nexus Insights could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34764 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34763 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34762 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34761 (A vulnerability in Cisco Firepower Threat Defense (FTD) Software could ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34760 (A vulnerability in the web-based management interface of Cisco TelePre ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34759 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34758 (A vulnerability in the memory management of Cisco TelePresence Collabo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34757 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34756 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34755 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34754 (Multiple vulnerabilities in the payload inspection for Ethernet Indust ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34753
+ RESERVED
+CVE-2021-34752
+ RESERVED
+CVE-2021-34751
+ RESERVED
+CVE-2021-34750
+ RESERVED
+CVE-2021-34749 (A vulnerability in Server Name Identification (SNI) request filtering ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34748 (A vulnerability in the web-based management interface of Cisco Intersi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34747
+ RESERVED
+CVE-2021-34746 (A vulnerability in the TACACS+ authentication, authorization and accou ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34745 (A vulnerability in the AppDynamics .NET Agent for Windows could allow ...)
+ NOT-FOR-US: .NET Agent for Windows
+CVE-2021-34744 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34743 (A vulnerability in the application integration feature of Cisco Webex ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34742 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34741 (A vulnerability in the email scanning algorithm of Cisco AsyncOS softw ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34740 (A vulnerability in the WLAN Control Protocol (WCP) implementation for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34739 (A vulnerability in the web-based management interface of multiple Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34738 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34737 (A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34736 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34735 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34734 (A vulnerability in the Link Layer Discovery Protocol (LLDP) implementa ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34733 (A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34732 (A vulnerability in the web-based management interface of Cisco Prime C ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34731 (A vulnerability in the web-based management interface of Cisco Prime A ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34730 (A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34729 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco I ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34728 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34727 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34726 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34725 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34724 (A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34723 (A vulnerability in a specific CLI command that is run on Cisco IOS XE ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34722 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34721 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34720 (A vulnerability in the IP Service Level Agreements (IP SLA) responder ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34719 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34718 (A vulnerability in the SSH Server process of Cisco IOS XR Software cou ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34717
+ RESERVED
+CVE-2021-34716 (A vulnerability in the web-based management interface of Cisco Express ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34715 (A vulnerability in the image verification function of Cisco Expressway ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34714 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34713 (A vulnerability in the Layer 2 punt code of Cisco IOS XR Software runn ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34712 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34711 (A vulnerability in the debug shell of Cisco IP Phone software could al ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34710 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34709 (Multiple vulnerabilities in image verification checks of Cisco Network ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34708 (Multiple vulnerabilities in image verification checks of Cisco Network ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34707 (A vulnerability in the REST API of Cisco Evolved Programmable Network ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34706 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP) service ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34704 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP) message pa ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34701 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage Software ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34699 (A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34698 (A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Se ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34697 (A vulnerability in the Protection Against Distributed Denial of Servic ...)
+ NOT-FOR-US: Cisco
+CVE-2021-34696 (A vulnerability in the access control list (ACL) programming of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-3605 (There's a flaw in OpenEXR's rleUncompress functionality in versions pr ...)
+ {DLA-2732-1}
+ - openexr 2.5.7-1 (bug #990899)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268 (master)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3204008c0bd4c8d7599a052b304d1b44c4511283 (v2.5)
+ NOTE: not to be confused with CVE-2020-11760 whose fix is similar but applied around 10 lines above, in the other branch of the 'if'
+CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can result in ...)
+ - libphp-phpmailer <unfixed> (bug #991666)
+ [bullseye] - libphp-phpmailer <no-dsa> (Minor issue)
+ [buster] - libphp-phpmailer <no-dsa> (Minor issue)
+ [stretch] - libphp-phpmailer <postponed> (Minor issue, fix along with next DLA)
+ NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/
+ NOTE: https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 (v6.5.0)
+CVE-2021-3602 [Host environment variables leaked in build container when using chroot isolation]
+ RESERVED
+ - golang-github-containers-buildah <unfixed>
+ [bullseye] - golang-github-containers-buildah <no-dsa> (Minor issue)
+ NOTE: https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj
+ NOTE: https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0 (main)
+ NOTE: https://github.com/containers/buildah/commit/23c478b815fb93c094070baa336bcb6a27c01683 (release-1.21)
+ NOTE: https://github.com/containers/buildah/commit/f4f2a7fc78fa4f12e2f6e6c4ab450aae0d182f3e (release-1.19)
+CVE-2021-34695
+ RESERVED
+CVE-2021-34694
+ RESERVED
+CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...)
+ {DSA-4941-1 DLA-2714-1 DLA-2713-1}
+ - linux 5.10.46-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1
+ NOTE: https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693
+ NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/
+CVE-2021-34692 (iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. ...)
+ NOT-FOR-US: iDrive RemotePC
+CVE-2021-34691 (iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remo ...)
+ NOT-FOR-US: iDrive RemotePC
+CVE-2021-34690 (iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. ...)
+ NOT-FOR-US: iDrive RemotePC
+CVE-2021-34689 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...)
+ NOT-FOR-US: iDrive RemotePC
+CVE-2021-34688 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...)
+ NOT-FOR-US: iDrive RemotePC
+CVE-2021-34687 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...)
+ NOT-FOR-US: iDrive RemotePC
+CVE-2021-3601
+ RESERVED
+ - openssl1.0 <removed>
+ [stretch] - openssl1.0 <ignored> (Minor issue, upstream does not want to change the behavior in this old version)
+ - openssl 1.1.0b-2
+ NOTE: Only affects 1.0.2
+ NOTE: https://github.com/openssl/openssl/issues/5236
+CVE-2021-34686
+ RESERVED
+CVE-2021-34685 (UploadService in Hitachi Vantara Pentaho Business Analytics through 9. ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-34684 (Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unaut ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-34683 (An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-docum ...)
+ NOT-FOR-US: EXCELLENT INFOTEK CORPORATION
+CVE-2021-34682 (Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack agains ...)
+ NOT-FOR-US: Receita Federal IRPF 2021 1.7
+CVE-2021-3600
+ RESERVED
+ {DLA-2785-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/23/1
+CVE-2021-3599 (A potential vulnerability in the SMI callback function used to access ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-34681
+ RESERVED
+CVE-2021-34680
+ RESERVED
+CVE-2021-34679 (Thycotic Password Reset Server before 5.3.0 allows credential disclosu ...)
+ NOT-FOR-US: Thycotic Password Reset Server
+CVE-2021-34678
+ RESERVED
+CVE-2021-34677
+ RESERVED
+CVE-2021-34676 (Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel r ...)
+ NOT-FOR-US: Basix NEX-Forms
+CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for stored ...)
+ NOT-FOR-US: Basix NEX-Forms
+CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...)
+ {DLA-2701-1}
+ - openexr 2.5.7-1 (bug #990450)
+ [bullseye] - openexr <no-dsa> (Minor issue)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1 (master)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e2667ae1a3ff8a9fce730e61129868b326abb3f5 (2.5)
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0)
+CVE-2021-3597
+ RESERVED
+ - undertow <unfixed> (bug #989861)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1970930
+CVE-2021-34674
+ RESERVED
+CVE-2021-34673
+ RESERVED
+CVE-2021-34672
+ RESERVED
+CVE-2021-34671
+ RESERVED
+CVE-2021-34670
+ RESERVED
+CVE-2021-34669
+ RESERVED
+CVE-2021-34668 (The WordPress Real Media Library WordPress plugin is vulnerable to Sto ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34667 (The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34666 (The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34665 (The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34664 (The Moova for WooCommerce WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34663 (The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34662
+ RESERVED
+CVE-2021-34661 (The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Reques ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-34660 (The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-S ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-34659 (The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Re ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34658 (The Simple Popup Newsletter WordPress plugin is vulnerable to Reflecte ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34657 (The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34656 (The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34655 (The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34654 (The Custom Post Type Relations WordPress plugin is vulnerable to Refle ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34653 (The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34652 (The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34651 (The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34650 (The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Sc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34649 (The Simple Behance Portfolio WordPress plugin is vulnerable to Reflect ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34648 (The Ninja Forms WordPress plugin is vulnerable to arbitrary email send ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34647 (The Ninja Forms WordPress plugin is vulnerable to sensitive informatio ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34646 (Versions up to, and including, 5.4.3, of the Booster for WooCommerce W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34645 (The Shopping Cart &amp; eCommerce Store WordPress plugin is vulnerable ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34644 (The Multiplayer Games WordPress plugin is vulnerable to Reflected Cros ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34643 (The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34642 (The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34641 (The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scrip ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34640 (The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34639 (Authenticated File Upload in WordPress Download Manager &lt;= 3.1.24 a ...)
+ NOT-FOR-US: WordPress Download Manager
+CVE-2021-34638 (Authenticated Directory Traversal in WordPress Download Manager &lt;= ...)
+ NOT-FOR-US: WordPress Download Manager
+CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34636 (The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Req ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34633 (The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Reques ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34632 (The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34631 (The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Fo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34630 (In the Pro and Enterprise versions of GTranslate &lt; 2.8.65, the gtra ...)
+ NOT-FOR-US: GTranslate (Pro and Enterprise versions)
+CVE-2021-34629 (The SendGrid WordPress plugin is vulnerable to authorization bypass vi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34628 (The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Re ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34627 (A vulnerability in the getSelectedMimeTypesByRole function of the WP U ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34626 (A vulnerability in the deleteCustomType function of the WP Upload Rest ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34625 (A vulnerability in the saveCustomType function of the WP Upload Restri ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34624 (A vulnerability in the file uploader component found in the ~/src/Clas ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34623 (A vulnerability in the image uploader component found in the ~/src/Cla ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34622 (A vulnerability in the user profile update component found in the ~/sr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34621 (A vulnerability in the user registration component found in the ~/src/ ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34620 (The WP Fluent Forms plugin &lt; 3.6.67 for WordPress is vulnerable to ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34619 (The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross- ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-34618 (A remote denial of service (DoS) vulnerability was discovered in some ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34617 (A remote cross-site scripting (XSS) vulnerability was discovered in so ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34616 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34615 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34614 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34613 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34612 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34611 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34610 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34609 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...)
+ NOT-FOR-US: Aruba
+CVE-2021-34608
+ RESERVED
+CVE-2021-34607
+ RESERVED
+CVE-2021-34606
+ RESERVED
+CVE-2021-34605
+ RESERVED
+CVE-2021-34604
+ RESERVED
+CVE-2021-34603
+ RESERVED
+CVE-2021-34602
+ RESERVED
+CVE-2021-34601
+ RESERVED
+CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...)
+ NOT-FOR-US: Telenot CompasX
+CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
+ NOT-FOR-US: Phoenix
+CVE-2021-34597 (Improper Input Validation vulnerability in PC Worx Automation Suite of ...)
+ NOT-FOR-US: Phoenix Contact
+CVE-2021-34596 (A crafted request may cause a read access to an uninitialized pointer ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34595 (A crafted request with invalid offsets may cause an out-of-bounds read ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34594 (TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before ...)
+ NOT-FOR-US: TwinCAT OPC UA Server in TF6100 and TS6100
+CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versio ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34592
+ RESERVED
+CVE-2021-34591
+ RESERVED
+CVE-2021-34590
+ RESERVED
+CVE-2021-34589
+ RESERVED
+CVE-2021-34588
+ RESERVED
+CVE-2021-34587
+ RESERVED
+CVE-2021-34586 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34585 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34584 (Crafted web server requests can be utilised to read partial stack or h ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34583 (Crafted web server requests may cause a heap-based buffer overflow and ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-34582 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
+ NOT-FOR-US: Phoenix
+CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in ...)
+ NOT-FOR-US: WAGO
+CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 &lt;= 2.9.0 an unauthenticated user can ...)
+ NOT-FOR-US: MB connect line
+CVE-2021-34579
+ RESERVED
+CVE-2021-34578 (This vulnerability allows an attacker who has access to the WBM to rea ...)
+ NOT-FOR-US: WAGO
+CVE-2021-34577
+ RESERVED
+CVE-2021-34576 (In Kaden PICOFLUX Air in all known versions an information exposure th ...)
+ NOT-FOR-US: Kaden PICOFLUX Air
+CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions &lt;= 2.8.0 ...)
+ NOT-FOR-US: MB connect line
+CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions &lt;= 2.8.0 ...)
+ NOT-FOR-US: MB connect line
+CVE-2021-34573 (In Enbra EWM in Version 1.7.29 together with several tested wireless M ...)
+ NOT-FOR-US: Enbra EWM
+CVE-2021-34572 (Enbra EWM 1.7.29 does not check for or detect replay attacks sent by w ...)
+ NOT-FOR-US: Enbra EWM
+CVE-2021-34571 (Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in ...)
+ NOT-FOR-US: Enbra
+CVE-2021-34570 (Multiple Phoenix Contact PLCnext control devices in versions prior to ...)
+ NOT-FOR-US: Phoenix Contact PLCnext control devices
+CVE-2021-34569
+ RESERVED
+CVE-2021-34568
+ RESERVED
+CVE-2021-34567
+ RESERVED
+CVE-2021-34566
+ RESERVED
+CVE-2021-34565 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telne ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-34564 (Any cookie-stealing vulnerabilities within the application or browser ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-34563 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly att ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-34562 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject a ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-34561 (In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.8 serious issue exists ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.9 a form contains a pa ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.8 a vulnerability may ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-3596 [NULL pointer dereference in ReadSVGImage() in coders/svg.c]
+ RESERVED
+ - imagemagick 8:6.9.11.57+dfsg-1
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27f314e2e6eb44b661e65008ce1ce46b85a5628b
+CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP network ...)
+ {DLA-2753-1}
+ - libslirp 4.6.1-1 (bug #989996)
+ [bullseye] - libslirp 4.4.0-1+deb11u2
+ - qemu 1:4.1-2
+ [buster] - qemu <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f17948137155f025f7809fdc38576d5d2451c3d (v4.6.0)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30 (v4.6.0)
+ NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP network ...)
+ {DLA-2753-1}
+ - libslirp 4.6.1-1 (bug #989995)
+ [bullseye] - libslirp 4.4.0-1+deb11u2
+ - qemu 1:4.1-2
+ [buster] - qemu <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824 (v4.6.0)
+ NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+CVE-2021-3593 (An invalid pointer initialization issue was found in the SLiRP network ...)
+ - libslirp 4.6.1-1 (bug #989994)
+ [bullseye] - libslirp 4.4.0-1+deb11u2
+ - qemu 1:4.1-2
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b (v4.6.0)
+ NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP network ...)
+ - libslirp 4.6.1-1 (bug #989993)
+ [bullseye] - libslirp 4.4.0-1+deb11u2
+ - qemu 1:4.1-2
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <ignored> (Introduces a regression. See Debian bug #994080)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 (v4.6.0)
+ NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c (v4.6.0)
+ NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed.
+ NOTE: The patch introduced a regression, see Debian bug #994080 for more information.
+CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly assert t ...)
+ - golang-1.16 1.16.6-1
+ - golang-1.15 1.15.9-6
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies)
+ NOTE: https://github.com/golang/go/issues/47143
+ NOTE: https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x)
+ NOTE: key_agreement.go also bundled in various other packages
+CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...)
+ {DLA-2785-1}
+ - linux 5.10.46-4
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3
+CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial ...)
+ - opendmarc 1.4.0~beta1+dfsg-6 (bug #990001)
+ [buster] - opendmarc <not-affected> (Vulnerable code not present)
+ [stretch] - opendmarc <not-affected> (Vulnerable code (multi-value-From:) introduced later)
+ NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/179
+ NOTE: https://github.com/trusteddomainproject/OpenDMARC/pull/178
+CVE-2021-34554
+ RESERVED
+CVE-2021-34553 (Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote au ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager
+CVE-2021-34552 (Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ...)
+ {DLA-2716-1}
+ - pillow 8.1.2+dfsg-0.3 (bug #991293)
+ [buster] - pillow <no-dsa> (Minor issue, mitigated by FORTIFY_SOURCE)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow
+ NOTE: https://github.com/python-pillow/Pillow/pull/5567
+ NOTE: https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f (8.3.0)
+CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution if lang ...)
+ - libphp-phpmailer <not-affected> (Windows-specific)
+CVE-2021-34550 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The ...)
+ {DSA-4932-1}
+ - tor 0.4.5.9-1 (bug #990000)
+ [stretch] - tor <end-of-life> (See DSA 4644)
+ NOTE: https://blog.torproject.org/node/2041
+CVE-2021-34549 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Has ...)
+ {DSA-4932-1}
+ - tor 0.4.5.9-1 (bug #990000)
+ [stretch] - tor <end-of-life> (See DSA 4644)
+ NOTE: https://blog.torproject.org/node/2041
+CVE-2021-34548 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An ...)
+ {DSA-4932-1}
+ - tor 0.4.5.9-1 (bug #990000)
+ [stretch] - tor <end-of-life> (See DSA 4644)
+ NOTE: https://blog.torproject.org/node/2041
+ NOTE: https://bugs.torproject.org/tpo/core/tor/40389
+CVE-2021-34547 (PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user a ...)
+ NOT-FOR-US: PRTG Network Monitor
+CVE-2021-34546 (An unauthenticated attacker with physical access to a computer with Ne ...)
+ NOT-FOR-US: NetSetMan Pro
+CVE-2021-34545
+ RESERVED
+CVE-2021-34544 (An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2 ...)
+ NOT-FOR-US: Solar-Log
+CVE-2021-34543 (The web administration server in Solar-Log 500 before 2.8.2 Build 52 d ...)
+ NOT-FOR-US: Solar-Log
+CVE-2021-34542
+ RESERVED
+CVE-2021-34541
+ RESERVED
+CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...)
+ NOT-FOR-US: CubeCoders AMP
+CVE-2021-34538
+ RESERVED
+CVE-2021-34537 (Windows Bluetooth Driver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34536 (Storage Spaces Controller Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34535 (Remote Desktop Client Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34534 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34533 (Windows Graphics Component Font Parsing Remote Code Execution Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34532 (ASP.NET Core and Visual Studio Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34531
+ RESERVED
+CVE-2021-34530 (Windows Graphics Component Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34529 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34528 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34527 (Windows Print Spooler Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34526
+ RESERVED
+CVE-2021-34525 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34524 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34523 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34522 (Microsoft Defender Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34521 (Raw Image Extension Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34520 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34519 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34518 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34517 (Microsoft SharePoint Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34516 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34515
+ RESERVED
+CVE-2021-34514 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34513 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34512 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34511 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34510 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34509 (Storage Spaces Controller Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34508 (Windows Kernel Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34507 (Windows Remote Assistance Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34506
+ RESERVED
+CVE-2021-34505
+ RESERVED
+CVE-2021-34504 (Windows Address Book Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34503 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34502
+ RESERVED
+CVE-2021-34501 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34500 (Windows Kernel Memory Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34499 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34498 (Windows GDI Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34497 (Windows MSHTML Platform Remote Code Execution Vulnerability This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34496 (Windows GDI Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34495
+ RESERVED
+CVE-2021-34494 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34493 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34492 (Windows Certificate Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34491 (Win32k Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34490 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34489 (DirectWrite Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34488 (Windows Console Driver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34485 (.NET Core and Visual Studio Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34484 (Windows User Profile Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34483 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34482
+ RESERVED
+CVE-2021-34481 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34480 (Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34479 (Microsoft Visual Studio Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34478 (Microsoft Office Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34477 (Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34476 (Bowser.sys Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34475
+ RESERVED
+CVE-2021-34474 (Dynamics Business Central Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34473 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34472
+ RESERVED
+CVE-2021-34471 (Microsoft Windows Defender Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34470 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34469 (Microsoft Office Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34468 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34467 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34466 (Windows Hello Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34465
+ RESERVED
+CVE-2021-34464 (Microsoft Defender Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34463
+ RESERVED
+CVE-2021-34462 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34461 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34460 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34459 (Windows AppContainer Elevation Of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34458 (Windows Kernel Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34457 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34456 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34455 (Windows File History Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34454 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34453 (Microsoft Exchange Server Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34452 (Microsoft Word Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34451 (Microsoft Office Online Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34450 (Windows Hyper-V Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34449 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34448 (Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34447 (Windows MSHTML Platform Remote Code Execution Vulnerability This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34446 (Windows HTML Platforms Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34445 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34444 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34443
+ RESERVED
+CVE-2021-34442 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34441 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34440 (GDI+ Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34439 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-34438 (Windows Font Driver Host Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-3591
+ REJECTED
+CVE-2021-3590
+ RESERVED
+ - foreman <itp> (bug #663101)
+CVE-2021-3589
+ RESERVED
+ NOT-FOR-US: Foreman Ansible
+CVE-2021-34437
+ RESERVED
+CVE-2021-34436 (In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default ...)
+ NOT-FOR-US: Eclipse Theia
+CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a ...)
+ NOT-FOR-US: Eclipse Theia
+CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...)
+ - mosquitto <unfixed> (bug #993400)
+ [buster] - mosquitto <not-affected> (Vulnerable code introduced later)
+ [stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324
+CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3 ...)
+ NOT-FOR-US: Eclipse Californium
+CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash ...)
+ - mosquitto 2.0.8-1
+ [buster] - mosquitto <ignored> (Vulnerable code is not accessible in version 1.x)
+ [stretch] - mosquitto <ignored> (Vulnerable code is not accessible in version 1.x)
+ NOTE: https://github.com/eclipse/mosquitto/commit/9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141
+CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...)
+ - mosquitto 2.0.11-1
+ [bullseye] - mosquitto <no-dsa> (Minor issue)
+ [buster] - mosquitto <not-affected> (Vulnerable code introduced later)
+ [stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
+ NOTE: https://mosquitto.org/blog/2021/06/version-2-0-11-released/
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191
+CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C ...)
+ NOT-FOR-US: Eclipse TinyDTLS
+CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 &amp; 11.0.1-1 ...)
+ - jetty9 9.4.39-3 (bug #991188)
+ [buster] - jetty9 <not-affected> (Vulnerable code was introduced in version 9.4.37)
+ [stretch] - jetty9 <not-affected> (Vulnerable code was introduced in version 9.4.37)
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
+ NOTE: Fixed by https://github.com/eclipse/jetty.project/pull/6477
+CVE-2021-34428 (For Eclipse Jetty versions &lt;= 9.4.40, &lt;= 10.0.2, &lt;= 11.0.2, i ...)
+ {DSA-4949-1}
+ - jetty9 9.4.39-2 (bug #990578)
+ [stretch] - jetty9 <not-affected> (vulnerable code is not present)
+ - jetty8 <removed>
+ - jetty <removed>
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
+ NOTE: https://github.com/eclipse/jetty.project/issues/6277
+ NOTE: https://github.com/eclipse/jetty.project/commit/087f486b4461746b4ded45833887b3ccb136ee85 (jetty-9.4.x)
+CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query ...)
+ NOT-FOR-US: Eclipse BIRT
+CVE-2021-34426 (A vulnerability was discovered in the Keybase Client for Windows befor ...)
+ NOT-FOR-US: Keybase Client for Windows
+CVE-2021-34425 (The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, L ...)
+ NOT-FOR-US: Zoom
+CVE-2021-34424 (A vulnerability was discovered in the Zoom Client for Meetings (for An ...)
+ NOT-FOR-US: Zoom
+CVE-2021-34423 (A buffer overflow vulnerability was discovered in Zoom Client for Meet ...)
+ NOT-FOR-US: Zoom
+CVE-2021-34422 (The Keybase Client for Windows before version 5.7.0 contains a path tr ...)
+ NOT-FOR-US: Keybase Client for Windows
+CVE-2021-34421 (The Keybase Client for Android before version 5.8.0 and the Keybase Cl ...)
+ NOT-FOR-US: Keybase Client for Android and iOS
+CVE-2021-34420 (The Zoom Client for Meetings for Windows installer before version 5.5. ...)
+ NOT-FOR-US: Zoom Client for Meetings for Windows installer
+CVE-2021-34419 (In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, ...)
+ NOT-FOR-US: Zoom Client for Meetings for Ubuntu Linux
+CVE-2021-34418 (The login routine of the web console in the Zoom On-Premise Meeting Co ...)
+ NOT-FOR-US: Zoom
+CVE-2021-34417 (The network proxy page on the web portal for the Zoom On-Premise Meeti ...)
+ NOT-FOR-US: Zoom
+CVE-2021-34416 (The network address administrative settings web portal for the Zoom on ...)
+ NOT-FOR-US: Zoom on-premise Meeting Connector
+CVE-2021-34415 (The Zone Controller service in the Zoom On-Premise Meeting Connector C ...)
+ NOT-FOR-US: Zoom On-Premise Meeting Connector Controller
+CVE-2021-34414 (The network proxy page on the web portal for the Zoom on-premise Meeti ...)
+ NOT-FOR-US: Zoom On-Premise Meeting Connector Controller
+CVE-2021-34413 (All versions of the Zoom Plugin for Microsoft Outlook for MacOS before ...)
+ NOT-FOR-US: Zoom Plugin for Microsoft Outlook for MacOS
+CVE-2021-34412 (During the installation process for all versions of the Zoom Client fo ...)
+ NOT-FOR-US: Zoom Client for Meetings for Windows
+CVE-2021-34411 (During the installation process forZoom Rooms for Conference Room for ...)
+ NOT-FOR-US: Zoom
+CVE-2021-34410 (A user-writable application bundle unpacked during the install for all ...)
+ NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac
+CVE-2021-34409 (It was discovered that the installation packages of the Zoom Client fo ...)
+ NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac
+CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions before versio ...)
+ NOT-FOR-US: Zoom Client for Meetings for Windows
+CVE-2021-34407
+ REJECTED
+CVE-2021-34406 (NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34405 (NVIDIA Linux distributions contain a vulnerability in TrustZone&#8217; ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34404 (Android images for T210 provided by NVIDIA contain a vulnerability in ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34403 (NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, whi ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34402 (NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, w ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34401 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVG ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34400 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34399 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34398 (NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34397 (Bootloader contains a vulnerability in NVIDIA MB2, which may cause fre ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34396 (Bootloader contains a vulnerability in access permission settings wher ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34395 (Trusty TLK contains a vulnerability in its access permission settings ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34394 (Trusty contains a vulnerability in the NVIDIA OTE protocol that is pre ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34393 (Trusty contains a vulnerability in TSEC TA which deserializes the inco ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34392 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34391 (Trusty contains a vulnerability in the NVIDIA TLK kernel function wher ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34390 (Trusty contains a vulnerability in the NVIDIA TLK kernel function wher ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34389 (Trusty contains a vulnerability in NVIDIA OTE protocol message parsing ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34388 (Bootloader contains a vulnerability in NVIDIA TegraBoot where a potent ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34387 (The ARM TrustZone Technology on which Trusty is based on contains a vu ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34386 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34385 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...)
+ NOT-FOR-US: Trusty TLK (NVIDIA)
+CVE-2021-34384 (Bootloader contains a vulnerability in NVIDIA MB2 where a potential he ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34383 (Bootloader contains a vulnerability in NVIDIA MB2 where a potential he ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34382 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel&#8217;s t ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34381 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34380 (Bootloader contains a vulnerability in NVIDIA MB2 where potential heap ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-34379 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34378 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34377 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34376 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34375 (Trusty contains a vulnerability in all trusted applications (TAs) wher ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34374 (Trusty contains a vulnerability in command handlers where the length o ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34373 (Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVID ...)
+ NOT-FOR-US: rusty TLK (NVIDIA)
+CVE-2021-34372 (Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver c ...)
+ NOT-FOR-US: Trusty
+CVE-2021-34371 (Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI se ...)
+ NOT-FOR-US: Neo4j
+CVE-2021-34370 (** DISPUTED ** Accela Civic Platform through 20.1 allows ssoAdapter/lo ...)
+ NOT-FOR-US: Accela Civic Platform
+CVE-2021-34369 (** DISPUTED ** portlets/contact/ref/refContactDetail.do in Accela Civi ...)
+ NOT-FOR-US: Accela Civic Platform
+CVE-2021-34368
+ REJECTED
+CVE-2021-34367
+ REJECTED
+CVE-2021-34366
+ REJECTED
+CVE-2021-34365
+ REJECTED
+CVE-2021-34364 (The Refined GitHub browser extension before 21.6.8 might allow XSS via ...)
+ NOT-FOR-US: Refined GitHub browser extension
+CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows Path ...)
+ - thefuck 3.29-0.3 (bug #989989)
+ [buster] - thefuck <no-dsa> (Minor issue)
+ [stretch] - thefuck <no-dsa> (Minor issue)
+ NOTE: https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31)
+ NOTE: https://github.com/nvbn/thefuck/pull/1206
+CVE-2021-34362 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34361
+ RESERVED
+CVE-2021-34360
+ RESERVED
+CVE-2021-34359
+ RESERVED
+CVE-2021-34358 (We have already fixed this vulnerability in the following versions of ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34357 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34356 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34355 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34354 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34353
+ RESERVED
+CVE-2021-34352 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34351 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34350
+ RESERVED
+CVE-2021-34349 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34348 (A command injection vulnerability has been reported to affect QNAP dev ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34347
+ RESERVED
+CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34345 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...)
+ - bluez 5.55-3.1 (bug #989700)
+ [buster] - bluez <not-affected> (Vulnerable code introduced later)
+ [stretch] - bluez <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/bluez/bluez/issues/70
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548
+ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3a40bef49305f8327635b81ac8be52a3ca063d5a (5.56)
+CVE-2021-34342
+ RESERVED
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/205
+CVE-2021-34341
+ RESERVED
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/204
+CVE-2021-34340
+ RESERVED
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/203
+CVE-2021-34339
+ RESERVED
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/202
+CVE-2021-34338
+ RESERVED
+ - ming <removed>
+ NOTE: https://github.com/libming/libming/issues/201
+CVE-2021-34337 [password checking timing attack in administrative REST API]
+ RESERVED
+ - mailman3 <unfixed> (bug #1004934)
+ [bullseye] - mailman3 <no-dsa> (Minor issue)
+ [buster] - mailman3 <no-dsa> (Minor issue; will be fixed via point release)
+ NOTE: Fixed by: https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51 (3.3.5b1)
+CVE-2021-34336
+ RESERVED
+CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #992707)
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984
+ NOTE: https://github.com/Exiv2/exiv2/pull/1750
+CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #992706)
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p
+ NOTE: https://github.com/Exiv2/exiv2/pull/1766
+CVE-2021-34333 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34332 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34331 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34330 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34329 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34328 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34327 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34326 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34325 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34324 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34323 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34322 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34321 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34320 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34319 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34318 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34317 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34316 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34315 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34314 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34313 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34312 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34311 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34310 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34309 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34308 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34307 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34306 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34305 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34304 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34303 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34302 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34301 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34300 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34299 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34298 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34297 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34296 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34295 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34294 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34293 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34292 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-34291 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2) ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-3586
+ RESERVED
+ NOT-FOR-US: Maistra
+CVE-2021-3585
+ RESERVED
+ - tripleo-heat-templates <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968247
+CVE-2021-3584 (A server side remote code execution vulnerability was found in Foreman ...)
+ - foreman <itp> (bug #663101)
+CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnerable t ...)
+ - ansible <unfixed>
+ [bullseye] - ansible <no-dsa> (Minor issue)
+ [buster] - ansible <no-dsa> (Minor issue)
+ - ansible-base <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412
+ NOTE: https://github.com/ansible/ansible/commit/4c8c40fd3d4a58defdc80e7d22aa8d26b731353e.patch
+CVE-2021-34290
+ RESERVED
+CVE-2021-34289
+ RESERVED
+CVE-2021-34288
+ RESERVED
+CVE-2021-34287
+ RESERVED
+CVE-2021-34286
+ RESERVED
+CVE-2021-34285
+ RESERVED
+CVE-2021-34284
+ RESERVED
+CVE-2021-34283
+ RESERVED
+CVE-2021-34282
+ RESERVED
+CVE-2021-34281
+ RESERVED
+CVE-2021-34280 (Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer ...)
+ NOT-FOR-US: Polaris Office
+CVE-2021-34279
+ RESERVED
+CVE-2021-34278
+ RESERVED
+CVE-2021-34277
+ RESERVED
+CVE-2021-34276
+ RESERVED
+CVE-2021-34275
+ RESERVED
+CVE-2021-34274
+ RESERVED
+CVE-2021-34273 (A security flaw in the 'owned' function of a smart contract implementa ...)
+ NOT-FOR-US: BTC2X
+CVE-2021-34272 (A security flaw in the 'owned' function of a smart contract implementa ...)
+ NOT-FOR-US: RobotCoin
+CVE-2021-34271
+ RESERVED
+CVE-2021-34270 (An integer overflow in the mintToken function of a smart contract impl ...)
+ NOT-FOR-US: Doftcoin
+CVE-2021-34269
+ RESERVED
+CVE-2021-34268 (An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM ...)
+ NOT-FOR-US: STMicroelectronics
+CVE-2021-34267 (An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM3 ...)
+ NOT-FOR-US: STMicroelectronics
+CVE-2021-34266
+ RESERVED
+CVE-2021-34265
+ RESERVED
+CVE-2021-34264
+ RESERVED
+CVE-2021-34263
+ RESERVED
+CVE-2021-34262 (A buffer overflow vulnerability in the USBH_ParseEPDesc() function of ...)
+ NOT-FOR-US: STMicroelectronics
+CVE-2021-34261 (An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middle ...)
+ NOT-FOR-US: STMicroelectronics
+CVE-2021-34260 (A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() funct ...)
+ NOT-FOR-US: STMicroelectronics
+CVE-2021-34259 (A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of ...)
+ NOT-FOR-US: STMicroelectronics
+CVE-2021-34258
+ RESERVED
+CVE-2021-34257
+ RESERVED
+CVE-2021-34256
+ RESERVED
+CVE-2021-34255
+ RESERVED
+CVE-2021-34254 (Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to ins ...)
+ NOT-FOR-US: Umbraco CMS
+CVE-2021-34253
+ RESERVED
+CVE-2021-34252
+ RESERVED
+CVE-2021-34251
+ RESERVED
+CVE-2021-34250
+ RESERVED
+CVE-2021-34249
+ RESERVED
+CVE-2021-34248
+ RESERVED
+CVE-2021-34247
+ RESERVED
+CVE-2021-34246
+ RESERVED
+CVE-2021-34245
+ RESERVED
+CVE-2021-34244 (A cross site request forgery (CSRF) vulnerability was discovered in Ic ...)
+ NOT-FOR-US: Ice Hrm
+CVE-2021-34243 (A stored cross site scripting (XSS) vulnerability was discovered in Ic ...)
+ NOT-FOR-US: Ice Hrm
+CVE-2021-34242
+ RESERVED
+CVE-2021-34241
+ RESERVED
+CVE-2021-34240
+ RESERVED
+CVE-2021-34239
+ RESERVED
+CVE-2021-34238
+ RESERVED
+CVE-2021-34237
+ RESERVED
+CVE-2021-34236
+ RESERVED
+CVE-2021-34235 (Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The co ...)
+ NOT-FOR-US: Tokheim Profleet DiaLOG
+CVE-2021-34234
+ RESERVED
+CVE-2021-34233
+ RESERVED
+CVE-2021-34232
+ RESERVED
+CVE-2021-34231
+ RESERVED
+CVE-2021-34230
+ RESERVED
+CVE-2021-34229
+ RESERVED
+CVE-2021-34228 (Cross-site scripting in parent_control.htm in TOTOLINK A3002R version ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-34227
+ RESERVED
+CVE-2021-34226
+ RESERVED
+CVE-2021-34225
+ RESERVED
+CVE-2021-34224
+ RESERVED
+CVE-2021-34223 (Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1. ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-34222
+ RESERVED
+CVE-2021-34221
+ RESERVED
+CVE-2021-34220 (Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1. ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-34219
+ RESERVED
+CVE-2021-34218 (Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-34217
+ RESERVED
+CVE-2021-34216
+ RESERVED
+CVE-2021-34215 (Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1 ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-34214
+ RESERVED
+CVE-2021-34213
+ RESERVED
+CVE-2021-34212
+ RESERVED
+CVE-2021-34211
+ RESERVED
+CVE-2021-34210
+ RESERVED
+CVE-2021-34209
+ RESERVED
+CVE-2021-34208
+ RESERVED
+CVE-2021-34207 (Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20 ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2021-34206
+ RESERVED
+CVE-2021-34205
+ RESERVED
+CVE-2021-34204 (D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Cre ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34203 (D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34202 (There are multiple out-of-bounds vulnerabilities in some processes of ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34201 (D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are ...)
+ NOT-FOR-US: D-Link
+CVE-2021-34200
+ RESERVED
+CVE-2021-34199
+ RESERVED
+CVE-2021-34198
+ RESERVED
+CVE-2021-34197
+ RESERVED
+CVE-2021-34196
+ RESERVED
+CVE-2021-34195
+ RESERVED
+CVE-2021-34194
+ RESERVED
+CVE-2021-34193
+ RESERVED
+CVE-2021-34192
+ RESERVED
+CVE-2021-34191
+ RESERVED
+CVE-2021-34190 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...)
+ NOT-FOR-US: Issabel PBX
+CVE-2021-34189
+ RESERVED
+CVE-2021-34188
+ RESERVED
+CVE-2021-34187 (main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Inj ...)
+ NOT-FOR-US: Chamilo
+CVE-2021-34186
+ RESERVED
+CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by an ou ...)
+ NOT-FOR-US: Miniaudio
+CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could cause a b ...)
+ NOT-FOR-US: Miniaudio
+CVE-2021-34183
+ REJECTED
+CVE-2021-34182
+ RESERVED
+CVE-2021-34181
+ RESERVED
+CVE-2021-34180
+ RESERVED
+CVE-2021-34179
+ RESERVED
+CVE-2021-34178
+ RESERVED
+CVE-2021-34177
+ RESERVED
+CVE-2021-34176
+ RESERVED
+CVE-2021-34175
+ RESERVED
+CVE-2021-34174 (A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Any wir ...)
+ NOT-FOR-US: Broadcom
+CVE-2021-34173 (An attacker can cause a Denial of Service and kernel panic in v4.2 and ...)
+ NOT-FOR-US: Espressif
+CVE-2021-34172
+ RESERVED
+CVE-2021-34171
+ RESERVED
+CVE-2021-34170 (Bandai Namco FromSoftware Dark Souls III allows remote attackers to ex ...)
+ NOT-FOR-US: Bandai
+CVE-2021-34169
+ RESERVED
+CVE-2021-34168
+ RESERVED
+CVE-2021-34167
+ RESERVED
+CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1. ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-34164
+ RESERVED
+CVE-2021-34163
+ RESERVED
+CVE-2021-34162
+ RESERVED
+CVE-2021-34161
+ RESERVED
+CVE-2021-34160
+ RESERVED
+CVE-2021-34159
+ RESERVED
+CVE-2021-34158
+ RESERVED
+CVE-2021-34157
+ RESERVED
+CVE-2021-34156
+ RESERVED
+CVE-2021-34155
+ RESERVED
+CVE-2021-34154
+ RESERVED
+CVE-2021-34153
+ RESERVED
+CVE-2021-34152
+ RESERVED
+CVE-2021-34151
+ RESERVED
+CVE-2021-34150 (The Bluetooth Classic implementation on Bluetrum AB5301A devices with ...)
+ NOT-FOR-US: Bluetrum
+CVE-2021-34149 (The Bluetooth Classic implementation on the Texas Instruments CC256XCQ ...)
+ NOT-FOR-US: Texas Instruments CC256XCQFN-EM
+CVE-2021-34148 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...)
+ NOT-FOR-US: Cypress
+CVE-2021-34147 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...)
+ NOT-FOR-US: Cypress
+CVE-2021-34146 (The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB do ...)
+ NOT-FOR-US: Cypress
+CVE-2021-34145 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...)
+ NOT-FOR-US: Cypress
+CVE-2021-34144 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SD ...)
+ NOT-FOR-US: Zhuhai Jieli
+CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_ ...)
+ NOT-FOR-US: Zhuhai Jieli
+CVE-2021-34142
+ RESERVED
+CVE-2021-34141 (An incomplete string comparison in the numpy.core component in NumPy b ...)
+ - numpy <unfixed>
+ [bullseye] - numpy <no-dsa> (Minor issue)
+ NOTE: https://github.com/numpy/numpy/issues/18993
+ NOTE: https://github.com/numpy/numpy/commit/eeef9d4646103c3b1afd3085f1393f2b3f9575b2 (v1.23.0.dev0)
+CVE-2021-34140
+ RESERVED
+CVE-2021-34139
+ RESERVED
+CVE-2021-34138
+ RESERVED
+CVE-2021-34137
+ RESERVED
+CVE-2021-34136
+ RESERVED
+CVE-2021-34135
+ RESERVED
+CVE-2021-34134
+ RESERVED
+CVE-2021-34133
+ RESERVED
+CVE-2021-34132
+ RESERVED
+CVE-2021-34131
+ RESERVED
+CVE-2021-34130
+ RESERVED
+CVE-2021-34129 (LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary f ...)
+ NOT-FOR-US: LaikeTui
+CVE-2021-34128 (LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary ...)
+ NOT-FOR-US: LaikeTui
+CVE-2021-34127
+ RESERVED
+CVE-2021-34126
+ RESERVED
+CVE-2021-34125
+ RESERVED
+CVE-2021-34124
+ RESERVED
+CVE-2021-34123
+ RESERVED
+CVE-2021-34122
+ RESERVED
+CVE-2021-34121
+ RESERVED
+CVE-2021-34120
+ RESERVED
+CVE-2021-34119
+ RESERVED
+CVE-2021-34118
+ RESERVED
+CVE-2021-34117
+ RESERVED
+CVE-2021-34116
+ RESERVED
+CVE-2021-34115
+ RESERVED
+CVE-2021-34114
+ RESERVED
+CVE-2021-34113
+ RESERVED
+CVE-2021-34112
+ RESERVED
+CVE-2021-34111
+ RESERVED
+CVE-2021-34110 (WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowin ...)
+ NOT-FOR-US: WinWaste.NET
+CVE-2021-34109
+ RESERVED
+CVE-2021-34108
+ RESERVED
+CVE-2021-34107
+ RESERVED
+CVE-2021-34106
+ RESERVED
+CVE-2021-34105
+ RESERVED
+CVE-2021-34104
+ RESERVED
+CVE-2021-34103
+ RESERVED
+CVE-2021-34102
+ RESERVED
+CVE-2021-34101
+ RESERVED
+CVE-2021-34100
+ RESERVED
+CVE-2021-34099
+ RESERVED
+CVE-2021-34098
+ RESERVED
+CVE-2021-34097
+ RESERVED
+CVE-2021-34096
+ RESERVED
+CVE-2021-34095
+ RESERVED
+CVE-2021-34094
+ RESERVED
+CVE-2021-34093
+ RESERVED
+CVE-2021-34092
+ RESERVED
+CVE-2021-34091
+ RESERVED
+CVE-2021-34090
+ RESERVED
+CVE-2021-34089
+ RESERVED
+CVE-2021-34088
+ RESERVED
+CVE-2021-34087 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...)
+ NOT-FOR-US: Ultimaker
+CVE-2021-34086 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...)
+ NOT-FOR-US: Ultimaker
+CVE-2021-34085
+ RESERVED
+CVE-2021-34084
+ RESERVED
+CVE-2021-34083
+ RESERVED
+CVE-2021-34082
+ RESERVED
+CVE-2021-34081
+ RESERVED
+CVE-2021-34080
+ RESERVED
+CVE-2021-34079
+ RESERVED
+CVE-2021-34078
+ RESERVED
+CVE-2021-34077
+ RESERVED
+CVE-2021-34076
+ RESERVED
+CVE-2021-34075 (In Artica Pandora FMS &lt;=754 in the File Manager component, there is ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2021-34074 (PandoraFMS &lt;=7.54 allows arbitrary file upload, it leading to remot ...)
+ NOT-FOR-US: PandoraFMS
+CVE-2021-34073 (A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gad ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2021-34072
+ RESERVED
+CVE-2021-34071 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-34070 (Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denia ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-34069 (Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denia ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-34068 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-34067 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-34066 (An issue was discovered in EdgeGallery/developer before v1.0. There is ...)
+ NOT-FOR-US: EdgeGallery/developer
+CVE-2021-34065
+ RESERVED
+CVE-2021-34064
+ RESERVED
+CVE-2021-34063
+ RESERVED
+CVE-2021-34062
+ RESERVED
+CVE-2021-34061
+ RESERVED
+CVE-2021-34060
+ RESERVED
+CVE-2021-34059
+ RESERVED
+CVE-2021-34058
+ RESERVED
+CVE-2021-34057
+ RESERVED
+CVE-2021-34056
+ RESERVED
+CVE-2021-34055
+ RESERVED
+CVE-2021-34054
+ RESERVED
+CVE-2021-34053
+ RESERVED
+CVE-2021-34052
+ RESERVED
+CVE-2021-34051
+ RESERVED
+CVE-2021-34050
+ RESERVED
+CVE-2021-34049
+ RESERVED
+CVE-2021-34048
+ RESERVED
+CVE-2021-34047
+ RESERVED
+CVE-2021-34046
+ RESERVED
+CVE-2021-34045
+ RESERVED
+CVE-2021-34044
+ RESERVED
+CVE-2021-34043
+ RESERVED
+CVE-2021-34042
+ RESERVED
+CVE-2021-34041
+ RESERVED
+CVE-2021-34040
+ RESERVED
+CVE-2021-34039
+ RESERVED
+CVE-2021-34038
+ RESERVED
+CVE-2021-34037
+ RESERVED
+CVE-2021-34036
+ RESERVED
+CVE-2021-34035
+ RESERVED
+CVE-2021-34034
+ RESERVED
+CVE-2021-34033
+ RESERVED
+CVE-2021-34032
+ RESERVED
+CVE-2021-34031
+ RESERVED
+CVE-2021-34030
+ RESERVED
+CVE-2021-34029
+ RESERVED
+CVE-2021-34028
+ RESERVED
+CVE-2021-34027
+ RESERVED
+CVE-2021-34026
+ RESERVED
+CVE-2021-34025
+ RESERVED
+CVE-2021-34024
+ RESERVED
+CVE-2021-34023
+ RESERVED
+CVE-2021-34022
+ RESERVED
+CVE-2021-34021
+ RESERVED
+CVE-2021-34020
+ RESERVED
+CVE-2021-34019
+ RESERVED
+CVE-2021-34018
+ RESERVED
+CVE-2021-34017
+ RESERVED
+CVE-2021-34016
+ RESERVED
+CVE-2021-34015
+ RESERVED
+CVE-2021-34014
+ RESERVED
+CVE-2021-34013
+ RESERVED
+CVE-2021-34012
+ RESERVED
+CVE-2021-34011
+ RESERVED
+CVE-2021-34010
+ RESERVED
+CVE-2021-34009
+ RESERVED
+CVE-2021-34008
+ RESERVED
+CVE-2021-34007
+ RESERVED
+CVE-2021-34006
+ RESERVED
+CVE-2021-34005
+ RESERVED
+CVE-2021-34004
+ RESERVED
+CVE-2021-34003
+ RESERVED
+CVE-2021-34002
+ RESERVED
+CVE-2021-34001
+ RESERVED
+CVE-2021-34000
+ RESERVED
+CVE-2021-33999
+ RESERVED
+CVE-2021-33998
+ RESERVED
+CVE-2021-33997
+ RESERVED
+CVE-2021-33996
+ RESERVED
+CVE-2021-33995
+ RESERVED
+CVE-2021-33994
+ RESERVED
+CVE-2021-33993
+ RESERVED
+CVE-2021-33992
+ RESERVED
+CVE-2021-33991
+ RESERVED
+CVE-2021-33990
+ RESERVED
+CVE-2021-33989
+ RESERVED
+CVE-2021-33988 (Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2 ...)
+ NOT-FOR-US: Microweber CMS
+CVE-2021-33987
+ RESERVED
+CVE-2021-33986
+ RESERVED
+CVE-2021-33985
+ RESERVED
+CVE-2021-33984
+ RESERVED
+CVE-2021-33983
+ RESERVED
+CVE-2021-33982 (An insufficient session expiration vulnerability exists in the "Fish | ...)
+ NOT-FOR-US: "Fish | Hunt FL" iOS app
+CVE-2021-33981 (An insecure, direct object vulnerability in hunting/fishing license re ...)
+ NOT-FOR-US: "Fish | Hunt FL" iOS app
+CVE-2021-33980
+ RESERVED
+CVE-2021-33979
+ RESERVED
+CVE-2021-33978
+ RESERVED
+CVE-2021-33977
+ RESERVED
+CVE-2021-33976
+ RESERVED
+CVE-2021-33975
+ RESERVED
+CVE-2021-33974
+ RESERVED
+CVE-2021-33973
+ RESERVED
+CVE-2021-33972
+ RESERVED
+CVE-2021-33971
+ RESERVED
+CVE-2021-33970
+ RESERVED
+CVE-2021-33969
+ RESERVED
+CVE-2021-33968
+ RESERVED
+CVE-2021-33967
+ RESERVED
+CVE-2021-33966 (Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...)
+ - spotweb <removed>
+ [buster] - spotweb <no-dsa> (Minor issue)
+ [stretch] - spotweb <postponed> (Minor issue; possible reflected XSS with unconclusive PoC "proof")
+ NOTE: https://packetstormsecurity.com/files/162731/Spotweb-Develop-1.4.9-Cross-Site-Scripting.html
+CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router web interface
+CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-33961
+ RESERVED
+CVE-2021-33960
+ RESERVED
+CVE-2021-33959
+ RESERVED
+CVE-2021-33958
+ RESERVED
+CVE-2021-33957
+ RESERVED
+CVE-2021-33956
+ RESERVED
+CVE-2021-33955
+ RESERVED
+CVE-2021-33954
+ RESERVED
+CVE-2021-33953
+ RESERVED
+CVE-2021-33952
+ RESERVED
+CVE-2021-33951
+ RESERVED
+CVE-2021-33950
+ RESERVED
+CVE-2021-33949
+ RESERVED
+CVE-2021-33948
+ RESERVED
+CVE-2021-33947
+ RESERVED
+CVE-2021-33946
+ RESERVED
+CVE-2021-33945 (RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN ...)
+ NOT-FOR-US: RICOH
+CVE-2021-33944
+ RESERVED
+CVE-2021-33943
+ RESERVED
+CVE-2021-33942
+ RESERVED
+CVE-2021-33941
+ RESERVED
+CVE-2021-33940
+ RESERVED
+CVE-2021-33939
+ RESERVED
+CVE-2021-33938 (Buffer overflow vulnerability in function prune_to_recommended in src/ ...)
+ - libsolv 0.7.17-1
+ [buster] - libsolv <no-dsa> (Minor issue)
+ [stretch] - libsolv <no-dsa> (Minor issue)
+ NOTE: https://github.com/openSUSE/libsolv/issues/420
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+CVE-2021-33937
+ RESERVED
+CVE-2021-33936
+ RESERVED
+CVE-2021-33935
+ RESERVED
+CVE-2021-33934
+ RESERVED
+CVE-2021-33933
+ RESERVED
+CVE-2021-33932
+ RESERVED
+CVE-2021-33931
+ RESERVED
+CVE-2021-33930 (Buffer overflow vulnerability in function pool_installable_whatprovide ...)
+ - libsolv 0.7.17-1
+ [buster] - libsolv <no-dsa> (Minor issue)
+ [stretch] - libsolv <no-dsa> (Minor issue)
+ NOTE: https://github.com/openSUSE/libsolv/issues/417
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+CVE-2021-33929 (Buffer overflow vulnerability in function pool_disabled_solvable in sr ...)
+ - libsolv 0.7.17-1
+ [buster] - libsolv <no-dsa> (Minor issue)
+ [stretch] - libsolv <no-dsa> (Minor issue)
+ NOTE: https://github.com/openSUSE/libsolv/issues/417
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+CVE-2021-33928 (Buffer overflow vulnerability in function pool_installable in src/repo ...)
+ - libsolv 0.7.17-1
+ [buster] - libsolv <no-dsa> (Minor issue)
+ [stretch] - libsolv <no-dsa> (Minor issue)
+ NOTE: https://github.com/openSUSE/libsolv/issues/417
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+CVE-2021-33927
+ RESERVED
+CVE-2021-33926
+ RESERVED
+CVE-2021-33925
+ RESERVED
+CVE-2021-33924 (Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 i ...)
+ NOT-FOR-US: Confluent Ansible
+CVE-2021-33923 (Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5 ...)
+ NOT-FOR-US: Confluent Ansible
+CVE-2021-33922
+ RESERVED
+CVE-2021-33921
+ RESERVED
+CVE-2021-33920
+ RESERVED
+CVE-2021-33919
+ RESERVED
+CVE-2021-33918
+ RESERVED
+CVE-2021-33917
+ RESERVED
+CVE-2021-33916
+ RESERVED
+CVE-2021-33915
+ RESERVED
+CVE-2021-33914
+ RESERVED
+CVE-2021-33913 (libspf2 before 1.2.11 has a heap-based buffer overflow that might allo ...)
+ {DLA-2890-1}
+ - libspf2 1.2.10-7.1
+ [bullseye] - libspf2 1.2.10-7.1~deb11u1
+ [buster] - libspf2 1.2.10-7.1~deb10u1
+ NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure
+ NOTE: https://github.com/shevek/libspf2/pull/35
+ NOTE: https://github.com/shevek/libspf2/commit/f06fef6cede4c4cb42f2c617496e6041782d7070
+CVE-2021-33912 (libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that ...)
+ {DLA-2890-1}
+ - libspf2 1.2.10-7.1
+ [bullseye] - libspf2 1.2.10-7.1~deb11u1
+ [buster] - libspf2 1.2.10-7.1~deb10u1
+ NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure
+ NOTE: https://github.com/shevek/libspf2/pull/35
+ NOTE: https://github.com/shevek/libspf2/commit/28faf4624a6a371b11afdb9820078d3b0ee3803d
+CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote code execut ...)
+ NOT-FOR-US: Zoho
+CVE-2021-33910 (basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 ...)
+ {DSA-4942-1 DLA-2715-1}
+ - systemd 247.3-6
+ NOTE: https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt
+ NOTE: Introduced by: https://github.com/systemd/systemd/commit/7410616cd9dbbec97cf98d75324da5cda2b2f7a2 (v220)
+ NOTE: Fixed by: https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9
+ NOTE: Fixed by: https://github.com/systemd/systemd/commit/4e2544c30bfb95e7cb4d1551ba066b1a56520ad6 (comment fix)
+ NOTE: https://github.com/systemd/systemd/pull/20256
+CVE-2021-33909 (fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 do ...)
+ {DSA-4941-1 DLA-2714-1 DLA-2713-1}
+ - linux 5.10.46-2
+ NOTE: https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
+ NOTE: https://git.kernel.org/linus/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
+CVE-2021-33908
+ RESERVED
+CVE-2021-3587
+ REJECTED
+CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in the pvrdma device]
+ RESERVED
+ - qemu 1:5.2+dfsg-11 (bug #990565)
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html
+CVE-2021-33907 (The Zoom Client for Meetings for Windows in all versions before 5.3.0 ...)
+ NOT-FOR-US: Zoom Client for Meetings for Windows
+CVE-2021-33906
+ RESERVED
+CVE-2021-33905
+ RESERVED
+CVE-2021-33904 (** DISPUTED ** In Accela Civic Platform through 21.1, the security/hos ...)
+ NOT-FOR-US: Accela Civic Platform
+CVE-2021-33903 (In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, ...)
+ NOT-FOR-US: LANCOM
+CVE-2021-33902
+ RESERVED
+CVE-2021-33901
+ RESERVED
+CVE-2021-33900 (While investigating DIRSTUDIO-1219 it was noticed that configured Star ...)
+ - apache-directory-studio <itp> (bug #733044)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/24/1
+CVE-2021-33899
+ RESERVED
+CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize( ...)
+ NOT-FOR-US: Invoice Ninja
+CVE-2021-33897
+ RESERVED
+CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (o ...)
+ - dino-im 0.2.0-3
+ [buster] - dino-im <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/2
+ NOTE: https://github.com/dino/dino/commit/0c8d25b7a3e7a10a506f1e19b868fe9b0c761495 (master)
+ NOTE: https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994 (v0.2.1)
+CVE-2021-33895 (ETINET BACKBOX E4.09 and H4.09 mismanages password access control. Whe ...)
+ NOT-FOR-US: ETINET
+CVE-2021-33894 (In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before ...)
+ NOT-FOR-US: Progress MOVEit
+CVE-2021-33893
+ RESERVED
+CVE-2021-33892
+ RESERVED
+CVE-2021-33891
+ RESERVED
+CVE-2021-33890
+ RESERVED
+CVE-2021-33889 (OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overfl ...)
+ NOT-FOR-US: OpenThread wpantund
+CVE-2021-33888
+ RESERVED
+CVE-2021-33887 (Insufficient verification of data authenticity in Peloton TTR01 up to ...)
+ NOT-FOR-US: Peloton TTR01
+CVE-2021-33886 (An improper sanitization of input vulnerability in B. Braun SpaceCom2 ...)
+ NOT-FOR-US: B. Braun SpaceCom2
+CVE-2021-33885 (An Insufficient Verification of Data Authenticity vulnerability in B. ...)
+ NOT-FOR-US: B. Braun SpaceCom2
+CVE-2021-33884 (An Unrestricted Upload of File with Dangerous Type vulnerability in B. ...)
+ NOT-FOR-US: B. Braun SpaceCom2
+CVE-2021-33883 (A Cleartext Transmission of Sensitive Information vulnerability in B. ...)
+ NOT-FOR-US: B. Braun SpaceCom2
+CVE-2021-33882 (A Missing Authentication for Critical Function vulnerability in B. Bra ...)
+ NOT-FOR-US: B. Braun SpaceCom2
+CVE-2021-33881 (On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a w ...)
+ NOT-FOR-US: NXP
+CVE-2021-33880 (The aaugustin websockets library before 9.1 for Python has an Observab ...)
+ - python-websockets 9.1-1 (bug #989561)
+ [buster] - python-websockets <not-affected> (Vulnerable code introduced in 8.0)
+ [stretch] - python-websockets <not-affected> (Vulnerable code introduced in 8.0)
+ NOTE: https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0
+CVE-2021-33879 (Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure ...)
+ NOT-FOR-US: Tencent
+CVE-2021-33878
+ RESERVED
+CVE-2021-33877
+ RESERVED
+CVE-2021-33876
+ RESERVED
+CVE-2021-33875
+ RESERVED
+CVE-2021-33874
+ RESERVED
+CVE-2021-33873
+ RESERVED
+CVE-2021-33872
+ RESERVED
+CVE-2021-33871
+ RESERVED
+CVE-2021-33870
+ RESERVED
+CVE-2021-33869
+ RESERVED
+CVE-2021-33868
+ RESERVED
+CVE-2021-33867
+ RESERVED
+CVE-2021-33866
+ RESERVED
+CVE-2021-33865
+ RESERVED
+CVE-2021-33864
+ RESERVED
+CVE-2021-33863
+ RESERVED
+CVE-2021-33862
+ RESERVED
+CVE-2021-33861
+ RESERVED
+CVE-2021-33860
+ RESERVED
+CVE-2021-33859
+ RESERVED
+CVE-2021-33858
+ RESERVED
+CVE-2021-33857
+ RESERVED
+CVE-2021-33856
+ RESERVED
+CVE-2021-33855
+ RESERVED
+CVE-2021-33854
+ RESERVED
+CVE-2021-33853
+ RESERVED
+CVE-2021-33852
+ RESERVED
+CVE-2021-33851
+ RESERVED
+CVE-2021-33850 (There is a Cross-Site Scripting vulnerability in Microsoft Clarity ver ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33849 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...)
+ NOT-FOR-US: Zoho
+CVE-2021-3581 (Buffer Access with Incorrect Length Value in zephyr. Zephyr versions & ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions handled ...)
+ {DSA-4933-1 DLA-2760-1}
+ - nettle 3.7.3-1 (bug #989631)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1967983
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
+CVE-2021-33844
+ RESERVED
+CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...)
+ NOT-FOR-US: Circutor SGE-PLC1000 firmware
+CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle so ...)
+ NOT-FOR-US: SGE-PLC1000 device
+CVE-2021-23210
+ RESERVED
+CVE-2021-23172
+ RESERVED
+CVE-2021-23159
+ RESERVED
+CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...)
+ NOT-FOR-US: Luca
+CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...)
+ NOT-FOR-US: Luca
+CVE-2021-33838 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...)
+ NOT-FOR-US: Luca
+CVE-2021-33837
+ RESERVED
+CVE-2021-33836
+ RESERVED
+CVE-2021-33835
+ RESERVED
+CVE-2021-33834
+ RESERVED
+CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...)
+ {DLA-2915-1}
+ - connman 1.36-2.2 (bug #989662)
+ [buster] - connman 1.36-2.1~deb10u2
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/09/1
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
+CVE-2021-33832
+ RESERVED
+CVE-2021-33831 (api/account/register in the TH Wildau COVID-19 Contact Tracing applica ...)
+ NOT-FOR-US: TH Wildau COVID-19 Contact Tracing App (Germany)
+CVE-2021-33830
+ RESERVED
+CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...)
+ {DLA-2813-1}
+ - ckeditor 4.16.0+dfsg-2
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
+ NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed
+CVE-2021-33828 (The files_antivirus component before 1.0.0 for ownCloud mishandles the ...)
+ - owncloud <removed>
+CVE-2021-33827 (The files_antivirus component before 1.0.0 for ownCloud allows OS Comm ...)
+ - owncloud <removed>
+CVE-2021-33826
+ RESERVED
+CVE-2021-33825
+ RESERVED
+CVE-2021-33824 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...)
+ NOT-FOR-US: MOXA
+CVE-2021-33823 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...)
+ NOT-FOR-US: MOXA
+CVE-2021-33822 (An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22 ...)
+ NOT-FOR-US: 4GEE ROUTER HH70VB
+CVE-2021-33821
+ RESERVED
+CVE-2021-33820 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...)
+ NOT-FOR-US: UniFi Protect G3 FLEX Camera
+CVE-2021-33819
+ RESERVED
+CVE-2021-33818 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...)
+ NOT-FOR-US: UniFi Protect G3 FLEX Camera
+CVE-2021-33817
+ RESERVED
+CVE-2021-33816 (The website builder module in Dolibarr 13.0.2 allows remote PHP code e ...)
+ - dolibarr <removed>
+CVE-2021-33815 (dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-boun ...)
+ [experimental] - ffmpeg <unfixed>
+ - ffmpeg <not-affected> (Vulnerable code not present, introduced in cc85ca1cb34)
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777
+CVE-2021-33814
+ RESERVED
+CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to c ...)
+ {DLA-2712-1 DLA-2696-1}
+ - libjdom2-intellij-java <unfixed> (bug #990673)
+ [bullseye] - libjdom2-intellij-java <no-dsa> (Minor issue)
+ [buster] - libjdom2-intellij-java <no-dsa> (Minor issue)
+ - libjdom2-java 2.0.6-2.1 (bug #990671)
+ [buster] - libjdom2-java <no-dsa> (Minor issue)
+ - libjdom1-java 1.1.3-2.1 (bug #990672)
+ [buster] - libjdom1-java <no-dsa> (Minor issue)
+ NOTE: https://github.com/hunterhacker/jdom/pull/188
+ NOTE: https://alephsecurity.com/vulns/aleph-2021003
+ NOTE: Fixed by: https://github.com/hunterhacker/jdom/commit/bd3ab78370098491911d7fe9d7a43b97144a234e
+ NOTE: Possible regression impact: https://github.com/hunterhacker/jdom/pull/188#issuecomment-872685011
+ NOTE: Improved regression with: https://github.com/hunterhacker/jdom/commit/dd4f3c2fc7893edd914954c73eb577f925a7d361
+ NOTE: https://github.com/hunterhacker/jdom/commit/07f316957b59d305f04c7bdb26292852bcbc2eb5
+CVE-2021-33812
+ RESERVED
+CVE-2021-33811
+ RESERVED
+CVE-2021-33810
+ RESERVED
+CVE-2021-33809
+ RESERVED
+CVE-2021-33808
+ RESERVED
+CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/d ...)
+ NOT-FOR-US: Cartadis Gespage
+CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...)
+ - isync 1.3.0-2.2 (bug #989564)
+ [buster] - isync 1.3.0-2.2~deb10u1
+ [stretch] - isync <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/1
+CVE-2021-33806 (The BDew BdLib library before 1.16.1.7 for Minecraft allows remote cod ...)
+ NOT-FOR-US: BDew BdLib library
+CVE-2021-33805
+ REJECTED
+CVE-2021-3577 (An unauthenticated remote code execution vulnerability was reported in ...)
+ NOT-FOR-US: Binatone
+CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in Bitdefender End ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3575 [heap-buffer-overflow in color.c may lead to DoS]
+ RESERVED
+ - openjpeg2 <unfixed> (bug #989775)
+ [bullseye] - openjpeg2 <no-dsa> (Minor issue)
+ [buster] - openjpeg2 <no-dsa> (Minor issue)
+ [stretch] - openjpeg2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1347
+CVE-2021-3574
+ RESERVED
+CVE-2021-33804
+ RESERVED
+CVE-2021-33803
+ RESERVED
+CVE-2021-33802
+ RESERVED
+CVE-2021-33801
+ RESERVED
+CVE-2021-33800 (In Druid 1.2.3, visiting the path with parameter in a certain function ...)
+ NOT-FOR-US: Alibaba Druid
+CVE-2021-33799
+ RESERVED
+CVE-2021-33798
+ RESERVED
+CVE-2021-33797
+ RESERVED
+CVE-2021-33796
+ RESERVED
+CVE-2021-3573 (A use-after-free in function hci_sock_bound_ioctl() of the Linux kerne ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2
+CVE-2021-33795 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorr ...)
+ NOT-FOR-US: Foxit
+CVE-2021-33794 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow informat ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-33793 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...)
+ NOT-FOR-US: Foxit
+CVE-2021-3572 (A flaw was found in python-pip in the way it handled Unicode separator ...)
+ - python-pip 20.3.4-2
+ [buster] - python-pip <no-dsa> (Minor issue)
+ [stretch] - python-pip <postponed> (Minor issue. Fix along with next DLA)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1926957
+ NOTE: https://github.com/pypa/pip/pull/9827
+ NOTE: https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e (21.1)
+CVE-2021-33791
+ REJECTED
+CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package. When pt ...)
+ - linuxptp 3.1-2.1 (bug #990749)
+ [buster] - linuxptp <not-affected> (Vulnerable code introduced later, transparent clock implementation in v2.0)
+ [stretch] - linuxptp <not-affected> (Vulnerable code introduced later, transparent clock implementation in v2.0)
+ NOTE: https://github.com/richardcochran/linuxptp/commit/d61d77e163dbee247819f3d88593ba111577af15 (master)
+ NOTE: https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20 (v3.1.1)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1
+CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package. A missi ...)
+ {DSA-4938-1 DLA-2723-1}
+ - linuxptp 3.1-2.1 (bug #990748)
+ NOTE: https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab (master)
+ NOTE: https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca (v3.1.1)
+ NOTE: https://github.com/richardcochran/linuxptp/commit/c15da0756d9b0ad9c0b9307c4a8685b490b76485 (v1.9.3)
+ NOTE: https://github.com/richardcochran/linuxptp/commit/7795df89dd4f94e0f55959dc61a85535d0f01cae (v1.8.1)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1
+CVE-2021-33790 (The RebornCore library before 4.7.3 allows remote code execution becau ...)
+ NOT-FOR-US: RebornCore
+CVE-2021-33789
+ RESERVED
+CVE-2021-33788 (Windows LSA Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33787
+ RESERVED
+CVE-2021-33786 (Windows LSA Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33785 (Windows AF_UNIX Socket Provider Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33784 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33783 (Windows SMB Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33782 (Windows Authenticode Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33781 (Azure AD Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33780 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33779 (Windows ADFS Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33778 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33777 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33776 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33775 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33774 (Windows Event Tracing Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33773 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33772 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33771 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33770
+ RESERVED
+CVE-2021-33769
+ RESERVED
+CVE-2021-33768 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33767 (Open Enclave SDK Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33766 (Microsoft Exchange Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33765 (Windows Installer Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33764 (Windows Key Distribution Center Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33763 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33762 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33761 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33760 (Media Foundation Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33759 (Windows Desktop Bridge Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33758 (Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33757 (Windows Security Account Manager Remote Protocol Security Feature Bypa ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33756 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33755 (Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33754 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33753 (Microsoft Bing Search Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33752 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33751 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33750 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33749 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33748
+ RESERVED
+CVE-2021-33747
+ RESERVED
+CVE-2021-33746 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33745 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33744 (Windows Secure Kernel Mode Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33743 (Windows Projected File System Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33742 (Windows MSHTML Platform Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33741 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33740 (Windows Media Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-33739 (Microsoft DWM Core Library Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-3569 (A stack corruption bug was found in libtpms in versions before 0.7.2 a ...)
+ - libtpms 0.8.2-1
+ NOTE: https://github.com/stefanberger/libtpms/commit/505ef841c00b4c096b1977c667cb957bec3a1d8b (v0.8.0)
+ NOTE: https://github.com/stefanberger/libtpms/commit/40cfe134c017d3aeaaed05ce71eaf9bfbe556b16 (v0.7.2)
+CVE-2021-3568
+ RESERVED
+CVE-2021-3567
+ RESERVED
+ - caribou 0.4.21-7.1 (bug #980061)
+ [buster] - caribou <not-affected> (Security impact only with cinnamon-screensaver >= 4.2)
+ [stretch] - caribou <not-affected> (Security impact only with cinnamon-screensaver >= 4.2)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/caribou/+bug/1912060
+ NOTE: https://gitlab.gnome.org/GNOME/caribou/-/merge_requests/3
+ NOTE: https://gitlab.gnome.org/GNOME/caribou/-/commit/d41c8e44b12222a290eaca16703406b113a630c6
+CVE-2021-33738 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-33737 (A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33736 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33735 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33734 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33733 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33732 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33731 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33730 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33729 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33728 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33727 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33726 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33725 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33724 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33723 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33722 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33721 (A vulnerability has been identified in SINEC NMS (All versions &lt; V1 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33720 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33719 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33718 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ NOT-FOR-US: Mendix Applications
+CVE-2021-33717 (A vulnerability has been identified in JT2Go (All versions &lt; V13.2. ...)
+ NOT-FOR-US: JT2Go
+CVE-2021-33716 (A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33714 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33713 (A vulnerability has been identified in JT Utilities (All versions &lt; ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33712 (A vulnerability has been identified in Mendix SAML Module (All version ...)
+ NOT-FOR-US: Mendix SAML Module
+CVE-2021-33711 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-33708 (Due to insufficient input validation in Kyma, authenticated users can ...)
+ NOT-FOR-US: Kyma
+CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to redirect ...)
+ NOT-FOR-US: SAP
+CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be modified by ...)
+ NOT-FOR-US: InfraBox
+CVE-2021-33705 (The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.4 ...)
+ NOT-FOR-US: SAP
+CVE-2021-33704 (The Service Layer of SAP Business One, version - 10.0, allows an authe ...)
+ NOT-FOR-US: SAP
+CVE-2021-33703 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30 ...)
+ NOT-FOR-US: NetWeaver
+CVE-2021-33702 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10 ...)
+ NOT-FOR-US: NetWeaver
+CVE-2021-33701 (DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1 ...)
+ NOT-FOR-US: SAP
+CVE-2021-33700 (SAP Business One, version - 10.0, allows a local attacker with access ...)
+ NOT-FOR-US: SAP
+CVE-2021-33699 (Task Hijacking is a vulnerability that affects the applications runnin ...)
+ NOT-FOR-US: Android
+CVE-2021-33698 (SAP Business One, version - 10.0, allows an attacker with business aut ...)
+ NOT-FOR-US: SAP
+CVE-2021-33697 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...)
+ NOT-FOR-US: SAP
+CVE-2021-33696 (SAP BusinessObjects Business Intelligence Platform (Crystal Report), v ...)
+ NOT-FOR-US: SAP
+CVE-2021-33695 (Potentially, SAP Cloud Connector, version - 2.0 communication with the ...)
+ NOT-FOR-US: SAP
+CVE-2021-33694 (SAP Cloud Connector, version - 2.0, does not sufficiently encode user- ...)
+ NOT-FOR-US: SAP
+CVE-2021-33693 (SAP Cloud Connector, version - 2.0, allows an authenticated administra ...)
+ NOT-FOR-US: SAP
+CVE-2021-33692 (SAP Cloud Connector, version - 2.0, allows the upload of zip files as ...)
+ NOT-FOR-US: SAP
+CVE-2021-33691 (NWDI Notification Service versions - 7.31, 7.40, 7.50, does not suffic ...)
+ NOT-FOR-US: SAP
+CVE-2021-33690 (Server-Side Request Forgery (SSRF) vulnerability has been detected in ...)
+ NOT-FOR-US: SAP
+CVE-2021-33689 (When user with insufficient privileges tries to access any application ...)
+ NOT-FOR-US: SAP
+CVE-2021-33688 (SAP Business One allows an attacker with business privileges to execut ...)
+ NOT-FOR-US: SAP
+CVE-2021-33687 (SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30 ...)
+ NOT-FOR-US: SAP
+CVE-2021-33686 (Under certain conditions, SAP Business One version - 10.0, allows an u ...)
+ NOT-FOR-US: SAP
+CVE-2021-33685 (SAP Business One version - 10.0 allows low-level authorized attacker t ...)
+ NOT-FOR-US: SAP
+CVE-2021-33684 (SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2021-33683 (SAP Web Dispatcher and Internet Communication Manager (ICM), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-33682 (SAP Lumira Server version 2.4 does not sufficiently encode user contro ...)
+ NOT-FOR-US: SAP
+CVE-2021-33681 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-33680 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-33679 (The SAP BusinessObjects BI Platform version - 420 allows an attacker, ...)
+ NOT-FOR-US: SAP
+CVE-2021-33678 (A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), ...)
+ NOT-FOR-US: SAP
+CVE-2021-33677 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, ...)
+ NOT-FOR-US: SAP
+CVE-2021-33676 (A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-33675 (Under certain conditions, SAP Contact Center - version 700, does not s ...)
+ NOT-FOR-US: SAP
+CVE-2021-33674 (Under certain conditions, SAP Contact Center - version 700, does not s ...)
+ NOT-FOR-US: SAP
+CVE-2021-33673 (Under certain conditions, SAP Contact Center - version 700,does not su ...)
+ NOT-FOR-US: SAP
+CVE-2021-33672 (Due to missing encoding in SAP Contact Center's Communication Desktop ...)
+ NOT-FOR-US: SAP
+CVE-2021-33671 (SAP NetWeaver Guided Procedures (Administration Workset), versions - 7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-33670 (SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - ...)
+ NOT-FOR-US: SAP
+CVE-2021-33669 (Under certain conditions, SAP Mobile SDK Certificate Provider allows a ...)
+ NOT-FOR-US: SAP
+CVE-2021-33668 (Due to improper input sanitization, specially crafted LDAP queries can ...)
+ NOT-FOR-US: SAP
+CVE-2021-33667 (Under certain conditions, SAP Business Objects Web Intelligence (BI La ...)
+ NOT-FOR-US: SAP
+CVE-2021-33666 (When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it ...)
+ NOT-FOR-US: SAP
+CVE-2021-33665 (SAP NetWeaver Application Server ABAP (Applications based on SAP GUI f ...)
+ NOT-FOR-US: SAP
+CVE-2021-33664 (SAP NetWeaver Application Server ABAP (Applications based on Web Dynpr ...)
+ NOT-FOR-US: SAP
+CVE-2021-33663 (SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - ...)
+ NOT-FOR-US: SAP
+CVE-2021-33662 (Under certain conditions, the installation of SAP Business One, versio ...)
+ NOT-FOR-US: SAP
+CVE-2021-33661 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-33660 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-33659 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-33658
+ RESERVED
+CVE-2021-33657
+ RESERVED
+CVE-2021-33656
+ RESERVED
+CVE-2021-33655
+ RESERVED
+CVE-2021-33654
+ RESERVED
+CVE-2021-33653
+ RESERVED
+CVE-2021-33652
+ RESERVED
+CVE-2021-33651
+ RESERVED
+CVE-2021-33650
+ RESERVED
+CVE-2021-33649
+ RESERVED
+CVE-2021-33648
+ RESERVED
+CVE-2021-33647
+ RESERVED
+CVE-2021-33646
+ RESERVED
+CVE-2021-33645
+ RESERVED
+CVE-2021-33644
+ RESERVED
+CVE-2021-33643
+ RESERVED
+CVE-2021-33642
+ RESERVED
+CVE-2021-33641
+ RESERVED
+CVE-2021-33640
+ RESERVED
+CVE-2021-33639
+ RESERVED
+CVE-2021-33638
+ RESERVED
+CVE-2021-33637
+ RESERVED
+CVE-2021-33636
+ RESERVED
+CVE-2021-33635
+ RESERVED
+CVE-2021-33634
+ RESERVED
+CVE-2021-33633
+ RESERVED
+CVE-2021-33632
+ RESERVED
+CVE-2021-33631
+ RESERVED
+CVE-2021-33630
+ RESERVED
+CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when building co ...)
+ NOT-FOR-US: isula-build
+CVE-2021-33628
+ RESERVED
+CVE-2021-33627 (An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServ ...)
+ NOT-FOR-US: Insyde
+CVE-2021-33626 (A vulnerability exists in SMM (System Management Mode) branch that reg ...)
+ NOT-FOR-US: Insyde
+CVE-2021-33625 (An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting H ...)
+ NOT-FOR-US: Insyde
+CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...)
+ {DLA-2785-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1
+CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...)
+ - node-trim-newlines 3.0.0+~3.0.0-1
+ [bullseye] - node-trim-newlines <no-dsa> (Minor issue)
+ [buster] - node-trim-newlines <no-dsa> (Minor issue)
+ [stretch] - node-trim-newlines <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/advisories/GHSA-7p7h-4mm5-852v
+CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, h ...)
+ [experimental] - singularity-container 3.9.4+ds2-1
+ - singularity-container <unfixed> (bug #990201)
+ NOTE: https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622-
+CVE-2021-33621
+ RESERVED
+CVE-2021-33619
+ RESERVED
+CVE-2021-33618 (Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstr ...)
+ - dolibarr <removed>
+CVE-2021-33617 (Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/ ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-33616
+ RESERVED
+CVE-2021-33615
+ RESERVED
+CVE-2021-33620 (Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause ...)
+ {DSA-4924-1 DLA-2685-1}
+ - squid 4.13-10
+ - squid3 <removed>
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch
+CVE-2021-33614
+ RESERVED
+CVE-2021-33613
+ RESERVED
+CVE-2021-33612
+ RESERVED
+CVE-2021-33611 (Missing output sanitization in test sources in org.webjars.bowergithub ...)
+ NOT-FOR-US: vaadin-menu-bar
+CVE-2021-33610
+ RESERVED
+CVE-2021-33609 (Missing check in DataCommunicator class in com.vaadin:vaadin-server ve ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-33608
+ RESERVED
+CVE-2021-33607
+ RESERVED
+CVE-2021-33606
+ RESERVED
+CVE-2021-33605 (Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow ver ...)
+ NOT-FOR-US: com.vaadin:vaadin-checkbox-flow
+CVE-2021-33604 (URL encoding error in development mode handler in com.vaadin:flow-serv ...)
+ NOT-FOR-US: com.vaadin:flow-server
+CVE-2021-33603 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33602 (A vulnerability affecting the F-Secure Antivirus engine was discovered ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33601 (A vulnerability was discovered in the web user interface of F-Secure I ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33600 (A denial-of-service (DoS) vulnerability was discovered in the web user ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33599 (A vulnerability affecting F-Secure Antivirus engine was discovered whe ...)
+ NOT-FOR-US: F-Secure Antivirus
+CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all versions ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33597 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33596 (Showing the legitimate URL in the address bar while loading the conten ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33595 (A address bar spoofing vulnerability was discovered in Safe Browser fo ...)
+ NOT-FOR-US: Safe Browser for iOS
+CVE-2021-33594 (An address bar spoofing vulnerability was discovered in Safe Browser f ...)
+ NOT-FOR-US: Safe Browser for Android
+CVE-2021-33593 (Whale browser for iOS before 1.14.0 has an inconsistent user interface ...)
+ NOT-FOR-US: Whale browser for iOS
+CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arb ...)
+ NOT-FOR-US: NAVER Toolbar
+CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...)
+ NOT-FOR-US: Naver Comic Viewer
+CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...)
+ NOT-FOR-US: GattLib
+CVE-2021-33589
+ RESERVED
+CVE-2021-33588
+ RESERVED
+CVE-2021-33587 (The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure t ...)
+ - node-css-what 5.0.1-1 (bug #989264)
+ [bullseye] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series)
+ [buster] - node-css-what <ignored> (Minor issue, intrusive to backport fixes to older series)
+ [stretch] - node-css-what <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655
+ NOTE: https://github.com/fb55/css-what/releases/tag/v5.0.1
+CVE-2021-33585
+ RESERVED
+CVE-2021-33584
+ RESERVED
+CVE-2021-33583 (REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa pas ...)
+ NOT-FOR-US: REINER
+CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of s ...)
+ - cyrus-imapd 3.4.2-1 (bug #993433)
+ [bullseye] - cyrus-imapd 3.2.6-2+deb11u1
+ [buster] - cyrus-imapd 3.0.8-6+deb10u6
+ [stretch] - cyrus-imapd <no-dsa> (Minor issue; can be fixed via point release)
+ - cyrus-imapd-2.4 <removed>
+ NOTE: https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released
+ NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/0fb658f1727f4446f7f33adcc428ba4c9eeabe3e (master)
+ NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/f63695609c88a3f76129499bb49fb82e8155fb32 (master)
+ NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/833c22bd7de5bbb591c2cb3705c9983b6d2b1fee (master)
+CVE-2021-33581
+ RESERVED
+CVE-2021-33580 (User controlled `request.getHeader("Referer")`, `request.getRequestURL ...)
+ NOT-FOR-US: Apache Roller
+CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to co ...)
+ - inspircd 3.8.1-2 (bug #989144)
+ [buster] - inspircd <not-affected> (Vulnerable code not present)
+ [stretch] - inspircd <not-affected> (Vulnerable code not present)
+ NOTE: https://docs.inspircd.org/security/2021-01/
+ NOTE: https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d
+CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...)
+ {DLA-2742-1}
+ - ffmpeg 7:4.3-2
+ [buster] - ffmpeg <postponed> (Wait for 4.1.9)
+ NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532
+CVE-2021-33579
+ RESERVED
+CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities ...)
+ NOT-FOR-US: Echo ShareCare
+CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...)
+ NOT-FOR-US: Cleo LexiCom
+CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...)
+ NOT-FOR-US: Cleo LexiCom
+CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...)
+ NOT-FOR-US: ruby-jss gem
+CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions 2.32 ...)
+ [experimental] - glibc 2.32-0experimental0
+ - glibc 2.32-1 (bug #989147)
+ [bullseye] - glibc <no-dsa> (Minor issue)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27896
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091
+ NOTE: When fixing this issue the fix needs to be applied such that CVE-2021-38604
+ NOTE: is not opened, CVE-2021-38604 information:
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641
+ NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
+CVE-2021-33573
+ RESERVED
+CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...)
+ NOT-FOR-US: F-Secure
+CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ...)
+ {DLA-2676-1}
+ - python-django 2:2.2.24-1 (bug #989394)
+ [buster] - python-django <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
+ NOTE: https://github.com/django/django/commit/e1d787f1b36d13b95187f8f425425ae1b98da188 (main)
+ NOTE: https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc (2.2.24)
+CVE-2021-33570 (Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG e ...)
+ NOT-FOR-US: Postbird
+CVE-2021-33569
+ RESERVED
+CVE-2021-33568
+ RESERVED
+CVE-2021-33567
+ RESERVED
+CVE-2021-33566
+ RESERVED
+CVE-2021-33565
+ RESERVED
+CVE-2021-3565 (A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3 ...)
+ - tpm2-tools 5.0-2 (bug #989148)
+ [buster] - tpm2-tools <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964427
+ NOTE: https://github.com/tpm2-software/tpm2-tools/issues/2738
+ NOTE: https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515
+CVE-2021-33564 (An argument injection vulnerability in the Dragonfly gem before 1.4.0 ...)
+ NOT-FOR-US: Dragonfly gem
+CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password strength po ...)
+ NOT-FOR-US: Koel
+CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer befor ...)
+ NOT-FOR-US: Shopizer
+CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer before 2 ...)
+ NOT-FOR-US: Shopizer
+CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...)
+ {DLA-2691-1}
+ - libgcrypt20 1.8.7-6
+ [buster] - libgcrypt20 1.8.4-5+deb10u1
+ NOTE: https://dev.gnupg.org/T5328
+ NOTE: https://eprint.iacr.org/2021/923.pdf
+ NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320 (1.9.x)
+ NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=707c3c5c511ee70ad0e39ec613471f665305fbea (1.8.x)
+ NOTE: See notes on CVE-2021-40528 on the confusion about swapping of scope of
+ NOTE: CVE-2021-40528 and CVE-2021-33560.
+CVE-2021-33559
+ RESERVED
+CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive information vi ...)
+ - boa <removed>
+CVE-2021-33557 (An XSS issue was discovered in manage_custom_field_edit_page.php in Ma ...)
+ - mantis <removed>
+CVE-2021-33556
+ RESERVED
+CVE-2021-33555 (In PEPPERL+FUCHS WirelessHART-Gateway &lt;= 3.0.7 the filename paramet ...)
+ NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway
+CVE-2021-33554 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33553 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33552 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33551 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33550 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33549 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33548 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33547 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33546 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33545 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33544 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33543 (Multiple camera devices by UDP Technology, Geutebr&#252;ck and other v ...)
+ NOT-FOR-US: UDP Technology
+CVE-2021-33542 (Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 ...)
+ NOT-FOR-US: Phoenix
+CVE-2021-33541 (Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all vers ...)
+ NOT-FOR-US: Phoenix
+CVE-2021-33540 (In certain devices of the Phoenix Contact AXL F BK and IL BK product f ...)
+ NOT-FOR-US: Phoenix
+CVE-2021-33539 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33538 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33537 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33536 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33535 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33534 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33533 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33532 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33531 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33530 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33529 (In Weidmueller Industrial WLAN devices in multiple versions the usage ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33528 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...)
+ NOT-FOR-US: Weidmueller Industrial WLAN devices
+CVE-2021-33527 (In MB connect line mbDIALUP versions &lt;= 3.9R0.0 a low privileged lo ...)
+ NOT-FOR-US: MB connect line
+CVE-2021-33526 (In MB connect line mbDIALUP versions &lt;= 3.9R0.0 a low privileged lo ...)
+ NOT-FOR-US: MB connect line
+CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (b ...)
+ NOT-FOR-US: EyesOfNetwork (EON) eonweb
+CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI device in ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1
+CVE-2021-33524
+ RESERVED
+CVE-2021-33523
+ RESERVED
+CVE-2021-33522
+ RESERVED
+CVE-2021-33521
+ RESERVED
+CVE-2021-33520
+ RESERVED
+CVE-2021-33519
+ RESERVED
+CVE-2021-33518
+ RESERVED
+CVE-2021-33517
+ RESERVED
+CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x befo ...)
+ [experimental] - gupnp 1.2.7-1
+ - gupnp <unfixed> (bug #989098)
+ [bullseye] - gupnp <no-dsa> (Minor issue)
+ [buster] - gupnp <no-dsa> (Minor issue)
+ [stretch] - gupnp <no-dsa> (Minor issue)
+ NOTE: https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536
+ NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/issues/24
+ NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/05e964d48322ff23a65c6026d656e4494ace6ff9 (gupnp-1.0)
+ NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac (master)
+CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows STARTTLS comman ...)
+ - dovecot 1:2.3.13+dfsg1-2 (bug #990566)
+ [bullseye] - dovecot <postponed> (Minor issue, fix along with next update)
+ [buster] - dovecot <postponed> (Minor issue, fix along with next update)
+ [stretch] - dovecot <not-affected> (Vulnerable code (smtp_server_command queue) introduced later)
+ NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/2
+CVE-2021-33514 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2021-33513 (Plone through 5.2.4 allows XSS via the inline_diff methods in Products ...)
+ NOT-FOR-US: Plone
+CVE-2021-33512 (Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by up ...)
+ NOT-FOR-US: Plone
+CVE-2021-33511 (Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo ...)
+ NOT-FOR-US: Plone
+CVE-2021-33510 (Plone through 5.2.4 allows remote authenticated managers to conduct SS ...)
+ NOT-FOR-US: Plone
+CVE-2021-33509 (Plone through 5.2.4 allows remote authenticated managers to perform di ...)
+ NOT-FOR-US: Plone
+CVE-2021-33508 (Plone through 5.2.4 allows XSS via a full name that is mishandled duri ...)
+ NOT-FOR-US: Plone
+CVE-2021-33507 (Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService b ...)
+ NOT-FOR-US: Zope Products.CMFCore (as used in Plone)
+CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure tha ...)
+ NOT-FOR-US: jitsi-meet-prosody
+CVE-2021-33505 (A local malicious user can circumvent the Falco detection engine throu ...)
+ - falco <itp> (bug #842306)
+CVE-2021-33504
+ RESERVED
+CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided with a ...)
+ - python-urllib3 1.26.5-1~exp1 (bug #989848)
+ [buster] - python-urllib3 <no-dsa> (Minor issue)
+ [stretch] - python-urllib3 <ignored> (Intrusive to backport)
+ NOTE: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
+ NOTE: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec
+CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...)
+ - node-got 11.8.1+~cs53.13.17-3 (bug #989258)
+ [buster] - node-got <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1
+ NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103
+CVE-2021-33501 (Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Exec ...)
+ NOT-FOR-US: Overwolf
+CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...)
+ - putty <not-affected> (Windows-specific)
+CVE-2021-33499 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2021-33498 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2021-3563
+ RESERVED
+ - keystone <unfixed> (bug #989998)
+ [bullseye] - keystone <no-dsa> (Minor issue)
+ [buster] - keystone <no-dsa> (Minor issue)
+ [stretch] - keystone <end-of-life> (Keystone is not supported in stretch)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1962908
+ NOTE: https://bugs.launchpad.net/keystone/+bug/1901891
+CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for de ...)
+ NOT-FOR-US: Dutchcoders transfer.sh
+CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. ...)
+ NOT-FOR-US: Dutchcoders transfer.sh
+CVE-2021-33495 (OX App Suite 7.10.5 allows XSS via an OX Chat system message. ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33494 (OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33493 (The middleware component in OX App Suite through 7.10.5 allows Code In ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33492 (OX App Suite 7.10.5 allows XSS via an OX Chat room name. ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33491 (OX App Suite through 7.10.5 allows Directory Traversal via ../ in an O ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33490 (OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shar ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33489 (OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33488 (chat in OX App Suite 7.10.5 has Improper Input Validation. A user can ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-33487
+ RESERVED
+CVE-2021-33486 (All versions of the CODESYS V3 Runtime Toolkit for VxWorks from versio ...)
+ NOT-FOR-US: CODESYS V3 Runtime Toolkit for VxWorks
+CVE-2021-33485 (CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffe ...)
+ NOT-FOR-US: CODESYS Control Runtime
+CVE-2021-3562
+ RESERVED
+CVE-2021-33484 (An issue was discovered in CommentsService.ashx in OnyakTech Comments ...)
+ NOT-FOR-US: OnyakTech Comments Pro DNN Module
+CVE-2021-33483 (An issue was discovered in CommentsService.ashx in OnyakTech Comments ...)
+ NOT-FOR-US: OnyakTech Comments Pro DNN Module
+CVE-2021-33482
+ RESERVED
+CVE-2021-33478 (The TrustZone implementation in certain Broadcom MediaxChange firmware ...)
+ NOT-FOR-US: Broadcom
+CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bound ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.8-3
+ [buster] - fig2dev 1:3.2.7a-5+deb10u4
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/116/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/
+ NOTE: Depends on CVE-2019-19797 fix
+CVE-2021-3560 (It was found that polkit could be tricked into bypassing the credentia ...)
+ - policykit-1 0.105-31 (bug #989429)
+ [buster] - policykit-1 <not-affected> (Vulnerable code introduced later)
+ [stretch] - policykit-1 <not-affected> (Vulnerable code introduced later)
+ NOTE: Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38
+ NOTE: Debian backported 0.113 commits in 0.105-26
+ NOTE: Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 (0.119)
+ NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1961710
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/03/1
+ NOTE: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
+CVE-2021-33476
+ RESERVED
+CVE-2021-33475
+ RESERVED
+CVE-2021-33474
+ RESERVED
+CVE-2021-33473
+ RESERVED
+CVE-2021-33472
+ RESERVED
+CVE-2021-33471
+ RESERVED
+CVE-2021-33470 (COVID19 Testing Management System 1.0 is vulnerable to SQL Injection v ...)
+ NOT-FOR-US: COVID19 Testing Management System
+CVE-2021-33469 (COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scri ...)
+ NOT-FOR-US: COVID19 Testing Management System
+CVE-2021-33468
+ RESERVED
+CVE-2021-33467
+ RESERVED
+CVE-2021-33466
+ RESERVED
+CVE-2021-33465
+ RESERVED
+CVE-2021-33464
+ RESERVED
+CVE-2021-33463
+ RESERVED
+CVE-2021-33462
+ RESERVED
+CVE-2021-33461
+ RESERVED
+CVE-2021-33460
+ RESERVED
+CVE-2021-33459
+ RESERVED
+CVE-2021-33458
+ RESERVED
+CVE-2021-33457
+ RESERVED
+CVE-2021-33456
+ RESERVED
+CVE-2021-33455
+ RESERVED
+CVE-2021-33454
+ RESERVED
+CVE-2021-33453
+ RESERVED
+CVE-2021-33452
+ RESERVED
+CVE-2021-33451
+ RESERVED
+CVE-2021-33450
+ RESERVED
+CVE-2021-33449
+ RESERVED
+CVE-2021-33448
+ RESERVED
+CVE-2021-33447
+ RESERVED
+CVE-2021-33446
+ RESERVED
+CVE-2021-33445
+ RESERVED
+CVE-2021-33444
+ RESERVED
+CVE-2021-33443
+ RESERVED
+CVE-2021-33442
+ RESERVED
+CVE-2021-33441
+ RESERVED
+CVE-2021-33440
+ RESERVED
+CVE-2021-33439
+ RESERVED
+CVE-2021-33438
+ RESERVED
+CVE-2021-33437
+ RESERVED
+CVE-2021-33436
+ RESERVED
+CVE-2021-33435
+ RESERVED
+CVE-2021-33434
+ RESERVED
+CVE-2021-33433
+ RESERVED
+CVE-2021-33432
+ RESERVED
+CVE-2021-33431
+ RESERVED
+CVE-2021-33430 (** DISPUTED ** A Buffer Overflow vulnerability exists in NumPy 1.9.x i ...)
+ - numpy 1:1.21.4-2
+ [bullseye] - numpy <no-dsa> (Minor issue)
+ NOTE: https://github.com/numpy/numpy/issues/18939
+ NOTE: https://github.com/numpy/numpy/pull/18989
+ NOTE: https://github.com/numpy/numpy/commit/16f7824b4d935b6aee98298ca4123d57174a6f2e (v1.22.0.dev0)
+CVE-2021-33429
+ RESERVED
+CVE-2021-33428
+ RESERVED
+CVE-2021-33427
+ RESERVED
+CVE-2021-33426
+ RESERVED
+CVE-2021-33425 (A stored cross-site scripting (XSS) vulnerability was discovered in th ...)
+ NOT-FOR-US: OpenWRT LuCI
+CVE-2021-33424
+ RESERVED
+CVE-2021-33423
+ RESERVED
+CVE-2021-33422
+ RESERVED
+CVE-2021-33421
+ RESERVED
+CVE-2021-33420
+ RESERVED
+CVE-2021-33419
+ RESERVED
+CVE-2021-33418
+ RESERVED
+CVE-2021-33417
+ RESERVED
+CVE-2021-33416
+ RESERVED
+CVE-2021-33415
+ RESERVED
+CVE-2021-33414
+ RESERVED
+CVE-2021-33413
+ RESERVED
+CVE-2021-33412
+ RESERVED
+CVE-2021-33411
+ RESERVED
+CVE-2021-33410
+ RESERVED
+CVE-2021-33409
+ RESERVED
+CVE-2021-33408 (Local File Inclusion vulnerability in Ab Initio Control&gt;Center befo ...)
+ NOT-FOR-US: Ab Initio
+CVE-2021-33407
+ RESERVED
+CVE-2021-33406
+ RESERVED
+CVE-2021-33405
+ RESERVED
+CVE-2021-33404
+ RESERVED
+CVE-2021-33403 (An integer overflow in the transfer function of a smart contract imple ...)
+ NOT-FOR-US: Lancer
+CVE-2021-33402
+ RESERVED
+CVE-2021-33401
+ RESERVED
+CVE-2021-33400
+ RESERVED
+CVE-2021-33399
+ RESERVED
+CVE-2021-33398
+ RESERVED
+CVE-2021-33397
+ RESERVED
+CVE-2021-33396
+ RESERVED
+CVE-2021-33395
+ RESERVED
+CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does not gener ...)
+ NOT-FOR-US: Cubecart
+CVE-2021-33393 (lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/bac ...)
+ NOT-FOR-US: IPFire
+CVE-2021-33392
+ RESERVED
+CVE-2021-33391
+ RESERVED
+CVE-2021-33390
+ RESERVED
+CVE-2021-33389
+ RESERVED
+CVE-2021-33388
+ RESERVED
+CVE-2021-33387
+ RESERVED
+CVE-2021-33386
+ RESERVED
+CVE-2021-33385
+ RESERVED
+CVE-2021-33384
+ RESERVED
+CVE-2021-33383
+ RESERVED
+CVE-2021-33382
+ RESERVED
+CVE-2021-33381
+ RESERVED
+CVE-2021-33380
+ RESERVED
+CVE-2021-33379
+ RESERVED
+CVE-2021-33378
+ RESERVED
+CVE-2021-33377
+ RESERVED
+CVE-2021-33376
+ RESERVED
+CVE-2021-33375
+ RESERVED
+CVE-2021-33374
+ RESERVED
+CVE-2021-33373
+ RESERVED
+CVE-2021-33372
+ RESERVED
+CVE-2021-33371
+ RESERVED
+CVE-2021-33370
+ RESERVED
+CVE-2021-33369
+ RESERVED
+CVE-2021-33368
+ RESERVED
+CVE-2021-33367
+ RESERVED
+CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...)
+ - gpac <unfixed> (unimportant)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/0a85029d694f992f3631e2f249e4999daee15cbf
+ NOTE: https://github.com/gpac/gpac/issues/1785
+ NOTE: Negligible security impact
+CVE-2021-33365 (Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0. ...)
+ - gpac <unfixed> (unimportant)
+ NOTE: https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5
+ NOTE: https://github.com/gpac/gpac/issues/1784
+ NOTE: Negligible security impact
+CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 ...)
+ - gpac <unfixed> (unimportant)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7
+ NOTE: https://github.com/gpac/gpac/issues/1783
+ NOTE: Negligible security impact
+CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allo ...)
+ - gpac <unfixed> (unimportant)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/ec64c7b8966d7e4642d12debb888be5acf18efb9
+ NOTE: https://github.com/gpac/gpac/issues/1786
+ NOTE: Negligible security impact
+CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function in MP4B ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d
+ NOTE: https://github.com/gpac/gpac/issues/1780
+CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...)
+ - gpac <unfixed> (unimportant)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/a51f951b878c2b73c1d8e2f1518c7cdc5fb82c3f
+ NOTE: https://github.com/gpac/gpac/issues/1782
+ NOTE: Negligible security impact
+CVE-2021-33360
+ RESERVED
+CVE-2021-33359 (A vulnerability exists in gowitness &lt; 2.3.6 that allows an unauthen ...)
+ NOT-FOR-US: gowitness
+CVE-2021-33358 (Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interfac ...)
+ NOT-FOR-US: RaspAP
+CVE-2021-33357 (A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET param ...)
+ NOT-FOR-US: RaspAP
+CVE-2021-33356 (Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 c ...)
+ NOT-FOR-US: RaspAP
+CVE-2021-33355
+ RESERVED
+CVE-2021-33354
+ RESERVED
+CVE-2021-33353
+ RESERVED
+CVE-2021-33352
+ RESERVED
+CVE-2021-33351
+ RESERVED
+CVE-2021-33350
+ RESERVED
+CVE-2021-33349
+ RESERVED
+CVE-2021-33348 (An issue was discovered in JFinal framework v4.9.10 and below. The "se ...)
+ NOT-FOR-US: JFinal
+CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...)
+ NOT-FOR-US: JPress
+CVE-2021-33346 (There is an arbitrary password modification vulnerability in a D-LINK ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-33345
+ RESERVED
+CVE-2021-33344
+ RESERVED
+CVE-2021-33343
+ RESERVED
+CVE-2021-33342
+ RESERVED
+CVE-2021-33341
+ RESERVED
+CVE-2021-33340
+ RESERVED
+CVE-2021-33339 (Cross-site scripting (XSS) vulnerability in the Fragment module in Lif ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33338 (The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay D ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33337 (Cross-site scripting (XSS) vulnerability in the Document Library modul ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33336 (Cross-site scripting (XSS) vulnerability in the Journal module's add a ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33335 (Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3 ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33334 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33333 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33332 (Cross-site scripting (XSS) vulnerability in the Portlet Configuration ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33331 (Open redirect vulnerability in the Notifications module in Liferay Por ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33330 (Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pac ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33329
+ RESERVED
+CVE-2021-33328 (Cross-site scripting (XSS) vulnerability in the Asset module's edit vo ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33327 (The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3 ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33326 (Cross-site scripting (XSS) vulnerability in the Frontend JS module in ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33325 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33324 (The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay D ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33323 (The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33322 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pa ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33321 (Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33320 (The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP ...)
+ NOT-FOR-US: Liferay
+CVE-2021-33319
+ RESERVED
+CVE-2021-33318
+ RESERVED
+CVE-2021-33317
+ RESERVED
+CVE-2021-33316
+ RESERVED
+CVE-2021-33315
+ RESERVED
+CVE-2021-33314
+ RESERVED
+CVE-2021-33313
+ RESERVED
+CVE-2021-33312
+ RESERVED
+CVE-2021-33311
+ RESERVED
+CVE-2021-33310
+ RESERVED
+CVE-2021-33309
+ RESERVED
+CVE-2021-33308
+ RESERVED
+CVE-2021-33307
+ RESERVED
+CVE-2021-33306
+ RESERVED
+CVE-2021-33305
+ RESERVED
+CVE-2021-33304
+ RESERVED
+CVE-2021-33303
+ RESERVED
+CVE-2021-33302
+ RESERVED
+CVE-2021-33301
+ RESERVED
+CVE-2021-33300
+ RESERVED
+CVE-2021-33299
+ RESERVED
+CVE-2021-33298
+ RESERVED
+CVE-2021-33297
+ RESERVED
+CVE-2021-33296
+ RESERVED
+CVE-2021-33295
+ RESERVED
+CVE-2021-33294
+ RESERVED
+CVE-2021-33293
+ RESERVED
+CVE-2021-33292
+ RESERVED
+CVE-2021-33291
+ RESERVED
+CVE-2021-33290
+ RESERVED
+CVE-2021-33289 (In NTFS-3G versions &lt; 2021.8.22, when a specially crafted MFT secti ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-33288
+ RESERVED
+CVE-2021-33287 (In NTFS-3G versions &lt; 2021.8.22, when specially crafted NTFS attrib ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-33286 (In NTFS-3G versions &lt; 2021.8.22, when a specially crafted unicode s ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-33285 (In NTFS-3G versions &lt; 2021.8.22, when a specially crafted NTFS attr ...)
+ {DSA-4971-1 DLA-2819-1}
+ [experimental] - ntfs-3g 1:2021.8.22-1
+ - ntfs-3g 1:2021.8.22-2 (bug #988386)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1
+ NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
+CVE-2021-33284
+ RESERVED
+CVE-2021-33283
+ RESERVED
+CVE-2021-33282
+ RESERVED
+CVE-2021-33281
+ RESERVED
+CVE-2021-33280
+ RESERVED
+CVE-2021-33279
+ RESERVED
+CVE-2021-33278
+ RESERVED
+CVE-2021-33277
+ RESERVED
+CVE-2021-33276
+ RESERVED
+CVE-2021-33275
+ RESERVED
+CVE-2021-33274 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33273
+ RESERVED
+CVE-2021-33272
+ RESERVED
+CVE-2021-33271 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33270 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33269 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33268 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33267 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33266 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33265 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33264
+ RESERVED
+CVE-2021-33263
+ RESERVED
+CVE-2021-33262
+ RESERVED
+CVE-2021-33261
+ RESERVED
+CVE-2021-33260
+ RESERVED
+CVE-2021-33259 (Several web interfaces in D-Link DIR-868LW 1.12b have no authenticatio ...)
+ NOT-FOR-US: D-Link
+CVE-2021-33258
+ RESERVED
+CVE-2021-33257
+ RESERVED
+CVE-2021-33256 (** DISPUTED ** A CSV injection vulnerability on the login panel of Man ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-33255
+ RESERVED
+CVE-2021-33254
+ RESERVED
+CVE-2021-33253
+ RESERVED
+CVE-2021-33252
+ RESERVED
+CVE-2021-33251
+ RESERVED
+CVE-2021-33250
+ RESERVED
+CVE-2021-33249
+ RESERVED
+CVE-2021-33248
+ RESERVED
+CVE-2021-33247
+ RESERVED
+CVE-2021-33246
+ RESERVED
+CVE-2021-33245
+ RESERVED
+CVE-2021-33244
+ RESERVED
+CVE-2021-33243
+ RESERVED
+CVE-2021-33242
+ RESERVED
+CVE-2021-33241
+ RESERVED
+CVE-2021-33240
+ RESERVED
+CVE-2021-33239
+ RESERVED
+CVE-2021-33238
+ RESERVED
+CVE-2021-33237
+ RESERVED
+CVE-2021-33236
+ RESERVED
+CVE-2021-33235
+ RESERVED
+CVE-2021-33234
+ RESERVED
+CVE-2021-33233
+ RESERVED
+CVE-2021-33232
+ RESERVED
+CVE-2021-33231
+ RESERVED
+CVE-2021-33230
+ RESERVED
+CVE-2021-33229
+ RESERVED
+CVE-2021-33228
+ RESERVED
+CVE-2021-33227
+ RESERVED
+CVE-2021-33226
+ RESERVED
+CVE-2021-33225
+ RESERVED
+CVE-2021-33224
+ RESERVED
+CVE-2021-33223
+ RESERVED
+CVE-2021-33222
+ RESERVED
+CVE-2021-33221 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33220 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33219 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33218 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33217 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33216 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33215 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...)
+ NOT-FOR-US: CommScope Ruckus IoT Controller
+CVE-2021-33214 (In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could ...)
+ NOT-FOR-US: HMS Ewon eCatcher
+CVE-2021-33213 (An SSRF vulnerability in the "Upload from URL" feature in Elements-IT ...)
+ NOT-FOR-US: Elements-IT HTTP Commander
+CVE-2021-33212 (A Cross-site scripting (XSS) vulnerability in the "View in Browser" fe ...)
+ NOT-FOR-US: Elements-IT HTTP Commander
+CVE-2021-33211 (A Directory Traversal vulnerability in the Unzip feature in Elements-I ...)
+ NOT-FOR-US: Elements-IT HTTP Commander
+CVE-2021-33210 (An issue was discovered in Fimer Aurora Vision before 2.97.10. An atta ...)
+ NOT-FOR-US: Fimer Aurora
+CVE-2021-33209 (An issue was discovered in Fimer Aurora Vision before 2.97.10. The res ...)
+ NOT-FOR-US: Fimer Aurora
+CVE-2021-33208
+ RESERVED
+CVE-2021-33207
+ RESERVED
+CVE-2021-33206
+ RESERVED
+CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of privileges ...)
+ NOT-FOR-US: Western Digital
+CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...)
+ - libvirt <not-affected> (Vulnerable code never in a released version)
+ NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1)
+ NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/f1b08901f7ae7557f79d83bdac33cc0bd79d1437 (v6.10.0-rc1)
+CVE-2021-3558
+ RESERVED
+ - moodle <removed>
+CVE-2021-3557 (A flaw was found in argocd. Any unprivileged user is able to deploy ar ...)
+ NOT-FOR-US: Argo CD
+CVE-2021-3556
+ REJECTED
+CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.5.1 fo ...)
+ - pg-partman 4.5.1-1 (bug #988917)
+ [buster] - pg-partman <no-dsa> (Minor issue)
+ [stretch] - pg-partman <no-dsa> (Minor issue)
+ NOTE: https://github.com/pgpartman/pg_partman/commit/0b6565ad378c358f8a6cd1d48ddc482eb7f854d3
+CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ...)
+ {DLA-2676-1}
+ - python-django 2:2.2.24-1 (bug #989394)
+ [buster] - python-django <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1
+ NOTE: https://github.com/django/django/commit/46572de2e92fdeaf047f80c44d52269e54ad68db (main)
+ NOTE: https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90 (2.2.24)
+CVE-2021-33202
+ RESERVED
+CVE-2021-33201
+ RESERVED
+CVE-2021-33200 (kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces inco ...)
+ - linux 5.10.40-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/27/1
+ NOTE: Issue introduced due to fixes applied for CVE-2021-29155
+CVE-2021-33199 (In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.p ...)
+ NOT-FOR-US: Expression Engine
+CVE-2021-33198 (In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic fo ...)
+ - golang-1.16 1.16.5-1
+ - golang-1.15 1.15.9-5
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <not-affected> (Vulnerable code introduced later)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/golang/go/issues/45910
+ NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
+ NOTE: Introduced by https://github.com/golang/go/commit/e4ba40030f9ba4b61bb28dbf78bb41a7b14e6788 (go1.13beta1)
+CVE-2021-33197 (In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ...)
+ - golang-1.16 1.16.5-1
+ - golang-1.15 1.15.9-5
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <postponed> (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies)
+ NOTE: https://github.com/golang/go/issues/46313
+ NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
+ NOTE: https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 (1.15)
+CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafte ...)
+ {DLA-2892-1 DLA-2891-1}
+ - golang-1.16 1.16.5-1 (bug #989492)
+ - golang-1.15 1.15.9-4
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/46242
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912
+ NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
+ NOTE: https://github.com/golang/go/commit/c92adf420a3d9a5510f9aea382d826f0c9216a10 (1.15)
+ NOTE: Incomplete fix, cf. CVE-2021-39293
+CVE-2021-33195 (Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS looku ...)
+ - golang-1.16 1.16.5-1
+ - golang-1.15 1.15.9-5
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue; will be fixed via point release)
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <postponed> (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies)
+ NOTE: https://github.com/golang/go/issues/46241
+ NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI
+ NOTE: https://github.com/golang/go/commit/31d60cda1f58b7558fc5725d2b9e4531655d980e (1.15)
+CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ...)
+ - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-4
+ - golang-golang-x-net-dev <removed>
+ [stretch] - golang-golang-x-net-dev <no-dsa> (Limited support in stretch)
+ NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ
+ NOTE: https://github.com/golang/go/issues/46288
+ TODO: check completeness
+CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...)
+ - apache2 2.4.48-4
+ [bullseye] - apache2 2.4.48-3.1+deb11u1
+ [buster] - apache2 <postponed> (Revisit when a suitable backport is available for 2.4.38)
+ [stretch] - apache2 <postponed> (Revisit when a suitable backport is available for 2.4.25)
+ NOTE: https://portswigger.net/research/http2
+ NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-33193
+CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...)
+ NOT-FOR-US: Apache Jena Fuseki
+CVE-2021-33191 (From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements a ...)
+ NOT-FOR-US: Apache NiFi
+CVE-2021-33190 (In Apache APISIX Dashboard version 2.6, we changed the default value o ...)
+ NOT-FOR-US: Apache APISIX Dashboard
+CVE-2021-33481 (A stack-based buffer overflow vulnerability was discovered in gocr thr ...)
+ - gocr <unfixed> (unimportant)
+ NOTE: https://sourceforge.net/p/jocr/bugs/42/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-33480 (An use-after-free vulnerability was discovered in gocr through 0.53-20 ...)
+ - gocr <unfixed> (unimportant)
+ NOTE: https://sourceforge.net/p/jocr/bugs/40/
+ NOTE: https://sourceforge.net/p/jocr/bugs/41/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-33479 (A stack-based buffer overflow vulnerability was discovered in gocr thr ...)
+ - gocr <unfixed> (unimportant)
+ NOTE: https://sourceforge.net/p/jocr/bugs/39/
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-33477 (rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (po ...)
+ {DLA-2683-1 DLA-2682-1 DLA-2681-1 DLA-2671-1}
+ - rxvt <removed>
+ - rxvt-unicode 9.22-11 (bug #988763)
+ [buster] - rxvt-unicode 9.22-6+deb10u1
+ - mrxvt <removed>
+ - eterm 0.9.6-6.1 (bug #989041)
+ [buster] - eterm 0.9.6-5+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/17/1
+ NOTE: Mentioned first in: https://www.openwall.com/lists/oss-security/2017/05/01/20
+ NOTE: Fixed by: http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
+ NOTE: Disabled problematic code in: http://cvs.schmorp.de/rxvt-unicode/src/command.C?view=log#rev1.585
+CVE-2021-33189
+ RESERVED
+CVE-2021-33188
+ RESERVED
+CVE-2021-33187
+ RESERVED
+CVE-2021-3555
+ RESERVED
+CVE-2021-33186 (SerenityOS in test-crypto.cpp contains a stack buffer overflow which c ...)
+ NOT-FOR-US: SerenityOS
+CVE-2021-33185 (SerenityOS contains a buffer overflow in the set_range test in TestBit ...)
+ NOT-FOR-US: SerenityOS
+CVE-2021-33184 (Server-Side request forgery (SSRF) vulnerability in task management co ...)
+ NOT-FOR-US: Synology
+CVE-2021-33183 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ NOT-FOR-US: Synology
+CVE-2021-33182 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ NOT-FOR-US: Synology
+CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi component i ...)
+ NOT-FOR-US: Synology
+CVE-2021-33180 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prior to 1 ...)
+ - nagvis 1:1.9.29-1
+ [bullseye] - nagvis <no-dsa> (Minor issue)
+ [buster] - nagvis <no-dsa> (Minor issue)
+ [stretch] - nagvis <no-dsa> (Minor issue)
+ TODO: check, affects nagvis plugin used in Nagios XI and should be fixed in 2.0.9, https://www.synopsys.com/blogs/software-security/cyrc-advisory-nagios-xi/
+CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...)
+ NOT-FOR-US: VerneMQ MQTT Broker
+CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...)
+ NOT-FOR-US: EMQ X Broker
+CVE-2021-33174
+ RESERVED
+CVE-2021-33173
+ RESERVED
+CVE-2021-33172
+ RESERVED
+CVE-2021-33171
+ RESERVED
+CVE-2021-33170
+ RESERVED
+CVE-2021-33169
+ RESERVED
+CVE-2021-33168
+ RESERVED
+CVE-2021-33167
+ RESERVED
+CVE-2021-33166 (Incorrect default permissions for the Intel(R) RXT for Chromebook appl ...)
+ NOT-FOR-US: Intel
+CVE-2021-33165
+ RESERVED
+CVE-2021-33164
+ RESERVED
+CVE-2021-33163
+ RESERVED
+CVE-2021-33162
+ RESERVED
+CVE-2021-33161
+ RESERVED
+CVE-2021-33160
+ RESERVED
+CVE-2021-33159
+ RESERVED
+CVE-2021-33158
+ RESERVED
+CVE-2021-33157
+ RESERVED
+CVE-2021-33156
+ RESERVED
+CVE-2021-33155 (Improper input validation in firmware for some Intel(R) Wireless Bluet ...)
+ - firmware-nonfree <undetermined>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00604.html
+ TODO: check in which firmware versions fixed
+CVE-2021-33154
+ RESERVED
+CVE-2021-33153
+ RESERVED
+CVE-2021-33152
+ RESERVED
+CVE-2021-33151
+ RESERVED
+CVE-2021-33150
+ RESERVED
+CVE-2021-33149
+ RESERVED
+CVE-2021-33148
+ RESERVED
+CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...)
+ NOT-FOR-US: Intel
+CVE-2021-33146
+ RESERVED
+CVE-2021-33145
+ RESERVED
+CVE-2021-33144
+ RESERVED
+CVE-2021-33143
+ RESERVED
+CVE-2021-33142
+ RESERVED
+CVE-2021-33141
+ RESERVED
+CVE-2021-33140
+ RESERVED
+CVE-2021-33139 (Improper conditions check in firmware for some Intel(R) Wireless Bluet ...)
+ - firmware-nonfree <undetermined>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00604.html
+ TODO: check in which firmware versions fixed
+CVE-2021-33138
+ RESERVED
+CVE-2021-33137 (Out-of-bounds write in the Intel(R) Kernelflinger project may allow an ...)
+ NOT-FOR-US: Intel
+CVE-2021-33136
+ RESERVED
+CVE-2021-33135
+ RESERVED
+CVE-2021-33134
+ RESERVED
+CVE-2021-33133
+ RESERVED
+CVE-2021-33132
+ RESERVED
+CVE-2021-33131
+ RESERVED
+CVE-2021-33130
+ RESERVED
+CVE-2021-33129 (Incorrect default permissions in the software installer for the Intel( ...)
+ NOT-FOR-US: Intel
+CVE-2021-33128
+ RESERVED
+CVE-2021-33127
+ RESERVED
+CVE-2021-33126
+ RESERVED
+CVE-2021-33125
+ RESERVED
+CVE-2021-33124
+ RESERVED
+CVE-2021-33123
+ RESERVED
+CVE-2021-33122
+ RESERVED
+CVE-2021-33121
+ RESERVED
+CVE-2021-33120 (Out of bounds read under complex microarchitectural condition in memor ...)
+ - intel-microcode <unfixed>
+ [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+ [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00589.html
+CVE-2021-33119 (Improper access control in the Intel(R) RealSense(TM) DCM before versi ...)
+ NOT-FOR-US: Intel
+CVE-2021-33118 (Improper access control in the software installer for the Intel(R) Ser ...)
+ NOT-FOR-US: Intel
+CVE-2021-33117
+ RESERVED
+CVE-2021-33116
+ RESERVED
+CVE-2021-33115 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in UE ...)
+ NOT-FOR-US: Intel
+CVE-2021-33114 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...)
+ NOT-FOR-US: Intel
+CVE-2021-33113 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...)
+ NOT-FOR-US: Intel
+CVE-2021-33112
+ RESERVED
+CVE-2021-33111
+ RESERVED
+CVE-2021-33110 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...)
+ NOT-FOR-US: Intel
+CVE-2021-33109
+ RESERVED
+CVE-2021-33108
+ RESERVED
+CVE-2021-33107 (Insufficiently protected credentials in USB provisioning for Intel(R) ...)
+ NOT-FOR-US: Intel
+CVE-2021-33106 (Integer overflow in the Safestring library maintained by Intel(R) may ...)
+ NOT-FOR-US: Intel
+CVE-2021-33105 (Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM ...)
+ NOT-FOR-US: Intel
+CVE-2021-33104
+ RESERVED
+CVE-2021-33103
+ RESERVED
+CVE-2021-33102
+ RESERVED
+CVE-2021-33101 (Uncontrolled search path in the Intel(R) GPA software before version 2 ...)
+ NOT-FOR-US: Intel
+CVE-2021-33100
+ RESERVED
+CVE-2021-33099
+ RESERVED
+CVE-2021-33098 (Improper input validation in the Intel(R) Ethernet ixgbe driver for Li ...)
+ - linux 5.10.46-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/63e39d29b3da02e901349f6cd71159818a4737a6 (5.13-rc4)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html
+CVE-2021-33097 (Time-of-check time-of-use vulnerability in the Crypto API Toolkit for ...)
+ NOT-FOR-US: Intel
+CVE-2021-33096 (Improper isolation of shared resources in network on chip for the Inte ...)
+ NOT-FOR-US: Intel
+CVE-2021-33095 (Unquoted search path in the installer for the Intel(R) NUC M15 Laptop ...)
+ NOT-FOR-US: Intel
+CVE-2021-33094 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...)
+ NOT-FOR-US: Intel
+CVE-2021-33093 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...)
+ NOT-FOR-US: Intel
+CVE-2021-33092 (Incorrect default permissions in the installer for the Intel(R) NUC M1 ...)
+ NOT-FOR-US: Intel
+CVE-2021-33091 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...)
+ NOT-FOR-US: Intel
+CVE-2021-33090 (Incorrect default permissionsin the software installer for the Intel(R ...)
+ NOT-FOR-US: Intel
+CVE-2021-33089 (Improper access control in the software installer for the Intel(R) NUC ...)
+ NOT-FOR-US: Intel
+CVE-2021-33088 (Incorrect default permissions in the installer for the Intel(R) NUC M1 ...)
+ NOT-FOR-US: Intel
+CVE-2021-33087 (Improper authentication in the installer for the Intel(R) NUC M15 Lapt ...)
+ NOT-FOR-US: Intel
+CVE-2021-33086 (Out-of-bounds write in firmware for some Intel(R) NUCs may allow an au ...)
+ NOT-FOR-US: Intel
+CVE-2021-33085
+ RESERVED
+CVE-2021-33084
+ RESERVED
+CVE-2021-33083
+ RESERVED
+CVE-2021-33082
+ RESERVED
+CVE-2021-33081
+ RESERVED
+CVE-2021-33080
+ RESERVED
+CVE-2021-33079
+ RESERVED
+CVE-2021-33078
+ RESERVED
+CVE-2021-33077
+ RESERVED
+CVE-2021-33076
+ RESERVED
+CVE-2021-33075
+ RESERVED
+CVE-2021-33074
+ RESERVED
+CVE-2021-33073 (Uncontrolled resource consumption in the Intel(R) Distribution of Open ...)
+ NOT-FOR-US: Intel
+CVE-2021-33072
+ RESERVED
+CVE-2021-33071 (Incorrect default permissions in the installer for the Intel(R) oneAPI ...)
+ NOT-FOR-US: Intel
+CVE-2021-33070
+ RESERVED
+CVE-2021-33069
+ RESERVED
+CVE-2021-33068 (Null pointer dereference in subsystem for Intel(R) AMT before versions ...)
+ NOT-FOR-US: Intel
+CVE-2021-33067
+ RESERVED
+CVE-2021-33066
+ RESERVED
+CVE-2021-33065
+ RESERVED
+CVE-2021-33064
+ RESERVED
+CVE-2021-33063 (Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP ...)
+ NOT-FOR-US: Intel
+CVE-2021-33062 (Incorrect default permissions in the software installer for the Intel( ...)
+ NOT-FOR-US: Intel
+CVE-2021-33061 (Insufficient control flow management for the Intel(R) 82599 Ethernet C ...)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html
+ TODO: check, might affect the src:linux ixgbe driver
+CVE-2021-33060
+ RESERVED
+CVE-2021-33059 (Improper input validation in the Intel(R) Administrative Tools for Int ...)
+ NOT-FOR-US: Intel
+CVE-2021-33058 (Improper access control in the installer Intel(R)Administrative Tools ...)
+ NOT-FOR-US: Intel
+CVE-2021-33057
+ RESERVED
+CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and other prod ...)
+ NOT-FOR-US: Belledonne Belle-sip
+CVE-2021-33055 (Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticat ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...)
+ {DSA-5029-1 DLA-2707-1}
+ - sogo 5.1.1-1 (bug #989479)
+ NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html
+ NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
+ NOTE: https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html
+ NOTE: https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html
+ NOTE: Introduced by: https://github.com/inverse-inc/sogo/commit/5487f34b9ee9b9639e3f1d4a7abf4fad2d240d66 (SOGo-2.0.5)
+ NOTE: Fixed by: https://github.com/inverse-inc/sogo/commit/e53636564680ac0df11ec898304bc442908ba746 (SOGo-5.1.1)
+ NOTE: CVE is assigned for the SOGo vulnerability regarding the lasso usage.
+CVE-2021-33053
+ RESERVED
+CVE-2021-33052
+ RESERVED
+CVE-2021-33051
+ RESERVED
+CVE-2021-33050
+ RESERVED
+CVE-2021-33049
+ RESERVED
+CVE-2021-33048
+ RESERVED
+CVE-2021-33047
+ RESERVED
+CVE-2021-33046 (Some Dahua products have access control vulnerability in the password ...)
+ NOT-FOR-US: Dahua
+CVE-2021-33045 (The identity authentication bypass vulnerability found in some Dahua p ...)
+ NOT-FOR-US: Dahua
+CVE-2021-33044 (The identity authentication bypass vulnerability found in some Dahua p ...)
+ NOT-FOR-US: Dahua
+CVE-2021-3554 (Improper Access Control vulnerability in the patchesUpdate API as impl ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3553 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-3552 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-33043
+ RESERVED
+CVE-2021-33042
+ RESERVED
+CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...)
+ NOT-FOR-US: vmd
+CVE-2021-33040 (managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows X ...)
+ NOT-FOR-US: FuturePress EPub.js
+CVE-2021-33039
+ RESERVED
+CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...)
+ {DSA-4922-1}
+ - hyperkitty 1.3.4-4 (bug #989183)
+ NOTE: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa
+ NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380
+ NOTE: https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/
+CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5 ...)
+ {DSA-4952-1 DLA-2733-1}
+ - tomcat9 9.0.43-2 (bug #991046)
+ [bullseye] - tomcat9 9.0.43-2~deb11u1
+ - tomcat8 <removed>
+ NOTE: https://github.com/apache/tomcat/commit/45d70a86a901cbd534f8f570bed2aec9f7f7b88e (9.0.47)
+ NOTE: https://github.com/apache/tomcat/commit/05f9e8b00f5d9251fcd3c95dcfd6cf84177f46c8 (9.0.47)
+ NOTE: https://github.com/apache/tomcat/commit/a2c3dc4c96168743ac0bab613709a5bbdaec41d0 (9.0.47)
+ NOTE: https://github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc (8.5.67)
+ NOTE: https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b (8.5.67)
+ NOTE: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67)
+CVE-2021-33036
+ RESERVED
+CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the contents as ...)
+ - libreoffice 1:4.3.1-1
+ NOTE: OpenOffice fixed this in https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56
+ NOTE: Libreoffice fixed in this 2014 with https://github.com/LibreOffice/core/commit/d4e64d030092984077021a9af9d281cd64c476bf ...
+CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3
+CVE-2021-33032 (A Remote Code Execution (RCE) vulnerability in the WebUI component of ...)
+ NOT-FOR-US: eQ-3 HomeMatic CCU2
+CVE-2021-33031 (In LabCup before &lt;v2_next_18022, it is possible to use the save API ...)
+ NOT-FOR-US: LabCup
+CVE-2021-33030
+ RESERVED
+CVE-2021-33029
+ RESERVED
+CVE-2021-33028
+ RESERVED
+CVE-2021-33027 (Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy i ...)
+ - singularity-container <not-affected> (Only affects Enterprise version)
+CVE-2021-33033 (The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genop ...)
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/ad5d07f4a9cd671233ae20983848874731102c08
+CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on Pickle ...)
+ - flask-caching <unfixed> (unimportant; bug #988916)
+ NOTE: https://github.com/sh4nks/flask-caching/pull/209
+ NOTE: Negligible security impact
+CVE-2021-33025
+ RESERVED
+CVE-2021-33024
+ RESERVED
+CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-b ...)
+ NOT-FOR-US: Advantech WebAccess
+CVE-2021-33022
+ RESERVED
+CVE-2021-33021
+ RESERVED
+CVE-2021-33020
+ RESERVED
+CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics DOPSo ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-33018
+ RESERVED
+CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.0 ...)
+ NOT-FOR-US: Philips
+CVE-2021-33016
+ RESERVED
+CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
+ NOT-FOR-US: Cscape
+CVE-2021-33014
+ RESERVED
+CVE-2021-33013
+ RESERVED
+CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...)
+ NOT-FOR-US: Rockwell
+CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series, ...)
+ NOT-FOR-US: JTEKT Corporation
+CVE-2021-33010
+ RESERVED
+CVE-2021-33009
+ RESERVED
+CVE-2021-33008
+ RESERVED
+CVE-2021-33007 (A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 a ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-33006
+ RESERVED
+CVE-2021-33005
+ RESERVED
+CVE-2021-33004 (The affected product is vulnerable to memory corruption condition due ...)
+ NOT-FOR-US: WebAccess HMI Designer
+CVE-2021-33003 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-33002 (Opening a maliciously crafted project file may cause an out-of-bounds ...)
+ NOT-FOR-US: WebAccess HMI Designer
+CVE-2021-33001
+ RESERVED
+CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...)
+ NOT-FOR-US: WebAccess HMI Designer
+CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while ...)
+ NOT-FOR-US: Suitelink
+CVE-2021-32998 (The FANUC R-30iA and R-30iB series controllers are vulnerable to an ou ...)
+ NOT-FOR-US: FANUC
+CVE-2021-32997
+ RESERVED
+CVE-2021-32996 (The FANUC R-30iA and R-30iB series controllers are vulnerable to integ ...)
+ NOT-FOR-US: FANUC
+CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
+ NOT-FOR-US: Cscape
+CVE-2021-32994
+ RESERVED
+CVE-2021-32993 (IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded ...)
+ NOT-FOR-US: Philips
+CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not properly ...)
+ NOT-FOR-US: FATEK Automation WinProladder
+CVE-2021-32991 (Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-32990 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...)
+ NOT-FOR-US: FATEK Automation WinProladder
+CVE-2021-32989
+ RESERVED
+CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...)
+ NOT-FOR-US: FATEK Automation WinProladder
+CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing command ...)
+ NOT-FOR-US: Suitelink
+CVE-2021-32986
+ RESERVED
+CVE-2021-32985
+ RESERVED
+CVE-2021-32984
+ RESERVED
+CVE-2021-32983 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-32982
+ RESERVED
+CVE-2021-32981
+ RESERVED
+CVE-2021-32980
+ RESERVED
+CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing commands ...)
+ NOT-FOR-US: Suitelink
+CVE-2021-32978
+ RESERVED
+CVE-2021-32977
+ RESERVED
+CVE-2021-32976
+ RESERVED
+CVE-2021-32975 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...)
+ NOT-FOR-US: Cscape
+CVE-2021-32974
+ RESERVED
+CVE-2021-32973
+ RESERVED
+CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...)
+ NOT-FOR-US: Panasonic
+CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing command ...)
+ NOT-FOR-US: Suitelink
+CVE-2021-32970
+ RESERVED
+CVE-2021-32969
+ RESERVED
+CVE-2021-32968
+ RESERVED
+CVE-2021-32967 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-32966
+ RESERVED
+CVE-2021-32965
+ RESERVED
+CVE-2021-32964
+ RESERVED
+CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing commands ...)
+ NOT-FOR-US: Suitelink
+CVE-2021-32962
+ RESERVED
+CVE-2021-32961
+ RESERVED
+CVE-2021-32960
+ RESERVED
+CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing comman ...)
+ NOT-FOR-US: Suitelink
+CVE-2021-32958
+ RESERVED
+CVE-2021-32957
+ RESERVED
+CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...)
+ NOT-FOR-US: Advantech WebAccess/SCADA
+CVE-2021-32955 (Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestrict ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a ...)
+ NOT-FOR-US: Advantech WebAccess/SCADA
+CVE-2021-32953
+ RESERVED
+CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper aut ...)
+ NOT-FOR-US: WebAccess/NMS
+CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32949
+ RESERVED
+CVE-2021-32948 (An out-of-bounds write issue exists in the DWG file-reading procedure ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32947 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...)
+ NOT-FOR-US: FATEK Automation FvDesigner
+CVE-2021-32946 (An improper check for unusual or exceptional conditions issue exists w ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32945
+ RESERVED
+CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading procedure in the ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer overflow, w ...)
+ NOT-FOR-US: WebAccess/SCADA
+CVE-2021-32942 (The vulnerability could expose cleartext credentials from AVEVA InTouc ...)
+ NOT-FOR-US: AVEVA InTouch Runtime
+CVE-2021-32941
+ RESERVED
+CVE-2021-32940 (An out-of-bounds read issue exists in the DWG file-recovering procedur ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32939 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...)
+ NOT-FOR-US: FATEK Automation FvDesigner
+CVE-2021-32938 (Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-o ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32937
+ RESERVED
+CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering procedu ...)
+ NOT-FOR-US: Open Design Alliance
+CVE-2021-32935
+ RESERVED
+CVE-2021-32934
+ RESERVED
+CVE-2021-32933
+ RESERVED
+CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...)
+ NOT-FOR-US: Advantech
+CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5. ...)
+ NOT-FOR-US: FATEK Automation FvDesigner
+CVE-2021-32930 (The affected product&#8217;s configuration is vulnerable due to missin ...)
+ NOT-FOR-US: Advantech
+CVE-2021-32929
+ RESERVED
+CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prio ...)
+ NOT-FOR-US: Sentinel LDK Run-Time Environment installer
+CVE-2021-32927
+ RESERVED
+CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...)
+ NOT-FOR-US: Rockwell Automation
+CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when ...)
+ - dogtag-pki 10.10.6-1 (bug #991665)
+ [bullseye] - dogtag-pki <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971
+ NOTE: https://github.com/dogtagpki/pki/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548
+ NOTE: https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6
+ NOTE: https://github.com/dogtagpki/pki/commit/5b09fcaff11d33010469e695ef365a91c91674b5
+CVE-2021-3550 (A DLL search path vulnerability was reported in Lenovo PCManager, prio ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-32925 (admin/user_import.php in Chamilo 1.11.x reads XML data without disabli ...)
+ NOT-FOR-US: Chamilo
+CVE-2021-32924 (Invision Community (aka IPS Community Suite) before 4.6.0 allows eval- ...)
+ NOT-FOR-US: Invision Community (aka IPS Community Suite)
+CVE-2021-32923 (HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-exp ...)
+ NOT-FOR-US: HashiCorp Vault and Vault Enterprise
+CVE-2021-32922
+ RESERVED
+CVE-2021-32921 (An issue was discovered in Prosody before 0.11.9. It does not use a co ...)
+ {DSA-4916-1 DLA-2687-1}
+ - prosody 0.11.9-1 (bug #988668)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
+ NOTE: https://prosody.im/security/advisory_20210512.txt
+ NOTE: https://hg.prosody.im/trunk/rev/c98aebe601f9
+ NOTE: https://hg.prosody.im/trunk/rev/13b84682518e
+ NOTE: https://hg.prosody.im/trunk/rev/6f56170ea986
+CVE-2021-32920 (Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood ...)
+ {DSA-4916-1}
+ - prosody 0.11.9-1 (bug #988668)
+ [stretch] - prosody <ignored> (Fix is consisting of many patches. Not appliable. Ingored)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
+ NOTE: https://prosody.im/security/advisory_20210512.txt
+ NOTE: https://hg.prosody.im/trunk/rev/55ef50d6cf65
+ NOTE: https://hg.prosody.im/trunk/rev/5a484bd050a7
+ NOTE: https://hg.prosody.im/trunk/rev/aaf9c6b6d18d
+CVE-2021-32919 (An issue was discovered in Prosody before 0.11.9. The undocumented dia ...)
+ {DSA-4916-1}
+ - prosody 0.11.9-1 (bug #988668)
+ [stretch] - prosody <not-affected> (Vulnerable code (=dwd) introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
+ NOTE: https://prosody.im/security/advisory_20210512.txt
+ NOTE: https://hg.prosody.im/trunk/rev/6be890ca492e
+ NOTE: https://hg.prosody.im/trunk/rev/d0e9ffccdef9
+CVE-2021-32918 (An issue was discovered in Prosody before 0.11.9. Default settings are ...)
+ {DSA-4916-1}
+ - prosody 0.11.9-1 (bug #988668)
+ [stretch] - prosody <ignored> (Fix is consisting of many patches. Not appliable. Ingored)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
+ NOTE: https://prosody.im/security/advisory_20210512.txt
+ NOTE: https://hg.prosody.im/trunk/rev/db8e41eb6eff
+ NOTE: https://hg.prosody.im/trunk/rev/b0d8920ed5e5
+ NOTE: https://hg.prosody.im/trunk/rev/929de6ade6b6
+ NOTE: https://hg.prosody.im/trunk/rev/63fd4c8465fb
+ NOTE: https://hg.prosody.im/trunk/rev/1937b3c3efb5
+ NOTE: https://hg.prosody.im/trunk/rev/3413fea9e6db
+CVE-2021-32917 (An issue was discovered in Prosody before 0.11.9. The proxy65 componen ...)
+ {DSA-4916-1 DLA-2687-1}
+ - prosody 0.11.9-1 (bug #988668)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1
+ NOTE: https://prosody.im/security/advisory_20210512.txt
+ NOTE: https://hg.prosody.im/trunk/rev/65dcc175ef5b
+CVE-2021-32916
+ RESERVED
+CVE-2021-32915
+ RESERVED
+CVE-2021-32914
+ RESERVED
+CVE-2021-32913
+ RESERVED
+CVE-2021-32912
+ RESERVED
+CVE-2021-32911
+ RESERVED
+CVE-2021-32910
+ RESERVED
+CVE-2021-32909
+ RESERVED
+CVE-2021-32908
+ RESERVED
+CVE-2021-32907
+ RESERVED
+CVE-2021-32906
+ RESERVED
+CVE-2021-32905
+ RESERVED
+CVE-2021-32904
+ RESERVED
+CVE-2021-32903
+ RESERVED
+CVE-2021-32902
+ RESERVED
+CVE-2021-32901
+ RESERVED
+CVE-2021-32900
+ RESERVED
+CVE-2021-32899
+ RESERVED
+CVE-2021-32898
+ RESERVED
+CVE-2021-32897
+ RESERVED
+CVE-2021-32896
+ RESERVED
+CVE-2021-32895
+ RESERVED
+CVE-2021-32894
+ RESERVED
+CVE-2021-32893
+ RESERVED
+CVE-2021-32892
+ RESERVED
+CVE-2021-32891
+ RESERVED
+CVE-2021-32890
+ RESERVED
+CVE-2021-32889
+ RESERVED
+CVE-2021-32888
+ RESERVED
+CVE-2021-32887
+ RESERVED
+CVE-2021-32886
+ RESERVED
+CVE-2021-32885
+ RESERVED
+CVE-2021-32884
+ RESERVED
+CVE-2021-32883
+ RESERVED
+CVE-2021-32882
+ RESERVED
+CVE-2021-32881
+ RESERVED
+CVE-2021-32880
+ RESERVED
+CVE-2021-32879
+ RESERVED
+CVE-2021-32878
+ RESERVED
+CVE-2021-32877
+ RESERVED
+CVE-2021-32876
+ RESERVED
+CVE-2021-32875
+ RESERVED
+CVE-2021-32874
+ RESERVED
+CVE-2021-32873
+ RESERVED
+CVE-2021-32872
+ RESERVED
+CVE-2021-32871
+ RESERVED
+CVE-2021-32870
+ RESERVED
+CVE-2021-32869
+ RESERVED
+CVE-2021-32868
+ RESERVED
+CVE-2021-32867
+ RESERVED
+CVE-2021-32866
+ RESERVED
+CVE-2021-32865
+ RESERVED
+CVE-2021-32864
+ RESERVED
+CVE-2021-32863
+ RESERVED
+CVE-2021-32862
+ RESERVED
+CVE-2021-32861
+ RESERVED
+CVE-2021-32860
+ RESERVED
+CVE-2021-32859
+ RESERVED
+CVE-2021-32858
+ RESERVED
+CVE-2021-32857
+ RESERVED
+CVE-2021-32856
+ RESERVED
+CVE-2021-32855
+ RESERVED
+CVE-2021-32854
+ RESERVED
+CVE-2021-32853
+ RESERVED
+CVE-2021-32852
+ RESERVED
+CVE-2021-32851
+ RESERVED
+CVE-2021-32850
+ RESERVED
+CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...)
+ NOT-FOR-US: Gerapy
+CVE-2021-32848
+ RESERVED
+CVE-2021-32847
+ RESERVED
+CVE-2021-32846
+ RESERVED
+CVE-2021-32845
+ RESERVED
+CVE-2021-32844
+ RESERVED
+CVE-2021-32843
+ RESERVED
+CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
+ - mono <not-affected> (Vulnerable code not yet uploaded)
+ NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
+ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3)
+ NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b
+CVE-2021-32841 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...)
+ - mono <not-affected> (Vulnerable code not yet uploaded)
+ NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
+ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3)
+ NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b
+CVE-2021-32840 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior ...)
+ - mono <not-affected> (Vulnerable code not yet uploaded)
+ NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/
+ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3)
+ NOTE: CVE refers to the commit for the test case:
+ NOTE: https://github.com/icsharpcode/SharpZipLib/commit/a0e96de70b5264f4c919b09253b1522bc7a221cc
+ NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b
+CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sqlparse ...)
+ - sqlparse 0.4.2-1 (bug #994841)
+ [bullseye] - sqlparse <no-dsa> (Minor issue)
+ [buster] - sqlparse <not-affected> (Vulnerable code introduced later)
+ [stretch] - sqlparse <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf
+ NOTE: Introduced by: https://github.com/andialbrecht/sqlparse/commit/1499cffcd7c4d635b4297b44d48fb4fe94cf988e (0.4.0)
+ NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb (0.4.2)
+CVE-2021-32838 (Flask-RESTX (pypi package flask-restx) is a community driven fork of F ...)
+ NOT-FOR-US: Flask restx
+CVE-2021-32837
+ RESERVED
+CVE-2021-32836 (ZStack is open source IaaS(infrastructure as a service) software. In Z ...)
+ NOT-FOR-US: ZStack
+CVE-2021-32835 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...)
+ NOT-FOR-US: Eclipse Keti
+CVE-2021-32834 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...)
+ NOT-FOR-US: Eclipse Keti
+CVE-2021-32833 (Emby Server is a personal media server with apps on many devices. In E ...)
+ NOT-FOR-US: Emby Server
+CVE-2021-32832 (Rocket.Chat is an open-source fully customizable communications platfo ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2021-32831 (Total.js framework (npm package total.js) is a framework for Node.js p ...)
+ NOT-FOR-US: Total.js
+CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont ...)
+ NOT-FOR-US: Node @diez/generation
+CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...)
+ NOT-FOR-US: ZStack
+CVE-2021-32828
+ RESERVED
+CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...)
+ NOT-FOR-US: MockServer
+CVE-2021-32826 (Proxyee-Down is open source proxy software. An attacker being able to ...)
+ NOT-FOR-US: Proxyee-Down
+CVE-2021-32825 (bblfshd is an open source self-hosted server for source code parsing. ...)
+ NOT-FOR-US: bblfshd
+CVE-2021-32824
+ RESERVED
+CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potential deni ...)
+ - ruby-bindata <unfixed> (bug #990577)
+ [bullseye] - ruby-bindata <no-dsa> (Minor issue)
+ [buster] - ruby-bindata <no-dsa> (Minor issue)
+ [stretch] - ruby-bindata <no-dsa> (Minor issue)
+ NOTE: https://github.com/dmendel/bindata/commit/d99f050b88337559be2cb35906c1f8da49531323
+ NOTE: https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency
+ NOTE: https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18-
+CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for Handlebars. ...)
+ NOT-FOR-US: Node hbs
+CVE-2021-32821
+ RESERVED
+CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...)
+ NOT-FOR-US: Express-handlebars
+CVE-2021-32819 (Squirrelly is a template engine implemented in JavaScript that works o ...)
+ NOT-FOR-US: Squirrelly
+CVE-2021-32818 (haml-coffee is a JavaScript templating solution. haml-coffee mixes pur ...)
+ NOT-FOR-US: haml-coffee
+CVE-2021-32817 (express-hbs is an Express handlebars template engine. express-hbs mixe ...)
+ NOT-FOR-US: express-hbs
+CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for the Pro ...)
+ NOT-FOR-US: ProtonMail Web Client
+CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #992705)
+ [bullseye] - exiv2 <ignored> (Minor issue)
+ [buster] - exiv2 <ignored> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m
+ NOTE: https://github.com/Exiv2/exiv2/pull/1739
+CVE-2021-32814 (Skytable is a NoSQL database with automated snapshots and TLS. Version ...)
+ NOT-FOR-US: Skytable
+CVE-2021-32813 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...)
+ NOT-FOR-US: Traefik
+CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps (iOS and A ...)
+ NOT-FOR-US: Monkshu
+CVE-2021-32811 (Zope is an open-source web application server. Zope versions prior to ...)
+ NOT-FOR-US: zope
+ NOTE: only affects specific versions using Python3 with options enabled.
+CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for building task ...)
+ - firefox 93.0-1
+ - firefox-esr <not-affected> (Only affect Firefox 91 not in any supported suite in vulnerable version)
+ - thunderbird <not-affected> (Only affects Thunderbird 91 not in any supported suite in vulnerable version)
+ - rust-crossbeam-deque 0.7.4-1 (bug #993146)
+ [bullseye] - rust-crossbeam-deque <no-dsa> (Minor issue)
+ [buster] - rust-crossbeam-deque <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0093.html
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-32810
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-32810
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-32810
+CVE-2021-32809 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...)
+ - ckeditor 4.16.2+dfsg-1 (bug #992291)
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ [stretch] - ckeditor <no-dsa> (Minor issue)
+ NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg
+ NOTE: https://github.com/ckeditor/ckeditor4/commit/f6856decd5992b2b07945292416bb113d5f7ff82 (v4.16.2)
+ NOTE: Introduced by https://github.com/ckeditor/ckeditor4/commit/ca0851c7a14f616a0c4cda905816aa87ca399efb (v4.5.2)
+CVE-2021-32808 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...)
+ - ckeditor 4.16.2+dfsg-1 (bug #992292)
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <not-affected> (Vulnerable code introduced later)
+ [stretch] - ckeditor <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c
+ NOTE: https://github.com/ckeditor/ckeditor4/commit/0cb59313c834c94cec4c4d4c114b6ecb0270e21a (v4.16.2)
+ NOTE: Introduced by https://github.com/ckeditor/ckeditor4/commit/72428a762271d5e54a609a7913356a6d309c895d (v4.13.0)
+CVE-2021-32807 (The module `AccessControl` defines security policies for Python code u ...)
+ NOT-FOR-US: Zope AccessControl
+CVE-2021-32806 (Products.isurlinportal is a replacement for isURLInPortal method in Pl ...)
+ NOT-FOR-US: Plone
+CVE-2021-32805 (Flask-AppBuilder is an application development framework, built on top ...)
+ - flask-appbuilder <itp> (bug #998029)
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-624f-cqvr-3qw4
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/6af28521589599b1dbafd6313256229ee9a4fa74 (v3.3.2)
+CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4 ...)
+ - node-tar 6.1.7+~cs11.3.10-1 (bug #992111)
+ [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1
+ [buster] - node-tar 4.4.6+ds1-3+deb10u1
+ [stretch] - node-tar <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9
+ NOTE: https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4
+CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4 ...)
+ - node-tar 6.1.7+~cs11.3.10-1 (bug #992110)
+ [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1
+ [buster] - node-tar 4.4.6+ds1-3+deb10u1
+ [stretch] - node-tar <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw
+ NOTE: https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
+CVE-2021-32802 (Nextcloud server is an open source, self hosted personal cloud. Nextcl ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32801 (Nextcloud server is an open source, self hosted personal cloud. In aff ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32800 (Nextcloud server is an open source, self hosted personal cloud. In aff ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32799
+ RESERVED
+CVE-2021-32798 (The Jupyter notebook is a web-based notebook environment for interacti ...)
+ - jupyter-notebook 6.4.3-1 (bug #992704)
+ [bullseye] - jupyter-notebook <no-dsa> (Minor issue)
+ [buster] - jupyter-notebook <no-dsa> (Minor issue)
+ [stretch] - jupyter-notebook <no-dsa> (Minor issue)
+ NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797
+ NOTE: https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5
+CVE-2021-32797 (JupyterLab is a user interface for Project Jupyter which will eventual ...)
+ - jupyterlab <itp> (bug #934258)
+CVE-2021-32796 (xmldom is an open source pure JavaScript W3C standard-based (XML DOM L ...)
+ - node-xmldom 0.7.3-1 (bug #991612)
+ [bullseye] - node-xmldom <ignored> (Minor issue, too intrusive to backport)
+ [buster] - node-xmldom <ignored> (Minor issue, too intrusive to backport)
+ NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q
+ NOTE: https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b
+CVE-2021-32795 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...)
+ NOT-FOR-US: ArchiSteamFarm
+CVE-2021-32794 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...)
+ NOT-FOR-US: ArchiSteamFarm
+CVE-2021-32793 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...)
+ NOT-FOR-US: Pi-hole
+CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+ - libapache2-mod-auth-openidc 2.4.9-1 (bug #991580)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 (v2.4.9)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 (v2.4.9)
+CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+ - libapache2-mod-auth-openidc 2.4.9-1 (bug #991581)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c (v2.4.9)
+CVE-2021-32790 (Woocommerce is an open source eCommerce plugin for WordPress. An SQL i ...)
+ NOT-FOR-US: Woocommerce
+CVE-2021-32789 (woocommerce-gutenberg-products-block is a feature plugin for WooCommer ...)
+ NOT-FOR-US: woocommerce-gutenberg-products-block
+CVE-2021-32788 (Discourse is an open source discussion platform. In versions prior to ...)
+ NOT-FOR-US: Discourse
+CVE-2021-32787 (Sourcegraph is a code search and navigation engine. Sourcegraph before ...)
+ NOT-FOR-US: Sourcegraph
+CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+ - libapache2-mod-auth-openidc 2.4.9-1 (bug #991582)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544 (v2.4.9)
+CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for the Apa ...)
+ - libapache2-mod-auth-openidc 2.4.9-1 (bug #991583)
+ [buster] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ [stretch] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 (v2.4.9)
+CVE-2021-32784
+ RESERVED
+CVE-2021-32783 (Contour is a Kubernetes ingress controller using Envoy proxy. In Conto ...)
+ NOT-FOR-US: Countour
+CVE-2021-32782 (Nextcloud Circles is an open source social network built for the nextc ...)
+ NOT-FOR-US: Nextcloud Circles
+CVE-2021-32781 (Envoy is an open source L7 proxy and communication bus designed for la ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-32780 (Envoy is an open source L7 proxy and communication bus designed for la ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-32779 (Envoy is an open source L7 proxy and communication bus designed for la ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-32778 (Envoy is an open source L7 proxy and communication bus designed for la ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-32777 (Envoy is an open source L7 proxy and communication bus designed for la ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-32776 (Combodo iTop is a web based IT Service Management tool. In versions pr ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2021-32775 (Combodo iTop is a web based IT Service Management tool. In versions pr ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2021-32774 (DataDump is a MediaWiki extension that provides dumps of wikis. Prior ...)
+ NOT-FOR-US: DataDump MediaWiki extension
+CVE-2021-32773 (Racket is a general-purpose programming language and an ecosystem for ...)
+ [experimental] - racket 8.2+dfsg1-1
+ - racket 7.9+dfsg1-2 (bug #991327)
+ [buster] - racket <no-dsa> (Minor issue)
+ [stretch] - racket <no-dsa> (Minor issue)
+ NOTE: https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c
+CVE-2021-32772 (Poddycast is a podcast app made with Electron. Prior to version 0.8.1, ...)
+ NOT-FOR-US: Poddycast
+CVE-2021-32771
+ RESERVED
+CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...)
+ NOT-FOR-US: Gatsby
+CVE-2021-32769 (Micronaut is a JVM-based, full stack Java framework designed for build ...)
+ NOT-FOR-US: Micronaut
+CVE-2021-32768 (TYPO3 is an open source PHP based web content management system releas ...)
+ NOT-FOR-US: Typo 3
+CVE-2021-32767 (TYPO3 is an open source PHP based web content management system. In ve ...)
+ NOT-FOR-US: Typo 3
+CVE-2021-32766 (Nextcloud Text is an open source plaintext editing application which s ...)
+ NOT-FOR-US: Nextcloud Text
+CVE-2021-32765 (Hiredis is a minimalistic C client library for the Redis database. In ...)
+ {DLA-2783-1}
+ - hiredis 0.14.1-2 (unimportant)
+ NOTE: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2
+ NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e (v1.0.1)
+ NOTE: Only a hardening for insecure libcs:
+ NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e#commitcomment-57544143
+CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse versions ...)
+ NOT-FOR-US: Discourse
+CVE-2021-32763 (OpenProject is open-source, web-based project management software. In ...)
+ NOT-FOR-US: OpenProject
+CVE-2021-32762 (Redis is an open source, in-memory database that persists on disk. The ...)
+ {DSA-5001-1 DLA-2810-1}
+ - redis 5:6.0.16-1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr
+CVE-2021-32761 (Redis is an in-memory database that persists on disk. A vulnerability ...)
+ {DLA-2717-2 DLA-2717-1}
+ - redis 5:6.0.15-1 (bug #991375)
+ [buster] - redis 5:5.0.14-1+deb10u1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj
+CVE-2021-32760 (containerd is a container runtime. A bug was found in containerd versi ...)
+ - containerd 1.4.5~ds1-2
+ NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w
+CVE-2021-32759 (OpenMage magento-lts is an alternative to the Magento CE official rele ...)
+ NOT-FOR-US: Magento
+CVE-2021-32758 (OpenMage Magento LTS is an alternative to the Magento CE official rele ...)
+ NOT-FOR-US: Magento
+CVE-2021-32757
+ RESERVED
+CVE-2021-32756 (ManageIQ is an open-source management platform. In versions prior to j ...)
+ NOT-FOR-US: ManageIQ
+CVE-2021-32755 (Wire is a collaboration platform. wire-ios-transport handles authentic ...)
+ NOT-FOR-US: wire-ios (iOS version of Wire)
+CVE-2021-32754 (FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2. ...)
+ NOT-FOR-US: FlowDroid
+CVE-2021-32753 (EdgeX Foundry is an open source project for building a common open fra ...)
+ NOT-FOR-US: EdgeX Foundry
+CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in the Cra ...)
+ NOT-FOR-US: Ether Logs
+CVE-2021-32751 (Gradle is a build tool with a focus on build automation. In versions p ...)
+ - gradle <unfixed>
+ [bullseye] - gradle <ignored> (Minor issue)
+ [buster] - gradle <ignored> (Minor issue)
+ [stretch] - gradle <no-dsa> (Minor issue)
+ NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8
+CVE-2021-32750 (MuWire is a file publishing and networking tool that protects the iden ...)
+ NOT-FOR-US: MuWire
+CVE-2021-32749 (fail2ban is a daemon to ban hosts that cause multiple authentication e ...)
+ - fail2ban 0.11.2-2
+ [buster] - fail2ban <no-dsa> (Minor issue, can be fixed in point release)
+ [stretch] - fail2ban <no-dsa> (Minor issue, can be fixed after fix of regression)
+ NOTE: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
+ NOTE: https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9 (0.9)
+ NOTE: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844 (0.10, 0.11, 1.0)
+ NOTE: Fix introduces regression for installations with mail command from the bsd-mailx package:
+ NOTE: https://github.com/fail2ban/fail2ban/issues/3059
+CVE-2021-32748 (Nextcloud Richdocuments in an open source self hosted online office. N ...)
+ NOT-FOR-US: Nextcloud Richdocuments
+CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface, framework, an ...)
+ [experimental] - icingaweb2 2.8.3-1~exp1
+ - icingaweb2 2.8.4-1 (bug #991116)
+ [buster] - icingaweb2 <no-dsa> (Minor issue)
+ [stretch] - icingaweb2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx
+ NOTE: https://github.com/Icinga/icingaweb2/commit/ffe8741c66af6ea085514a35ec878093b991875c (v2.8.3)
+CVE-2021-32746 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
+ [experimental] - icingaweb2 2.8.3-1~exp1
+ - icingaweb2 2.8.4-1 (bug #991116)
+ [buster] - icingaweb2 <no-dsa> (Minor issue)
+ [stretch] - icingaweb2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43
+ NOTE: https://github.com/Icinga/icingaweb2/commit/80875d91bbfa52553fe7bb2c1a32a9814880d9c1 (v2.8.3)
+CVE-2021-32745 (Collabora Online is a collaborative online office suite. A reflected X ...)
+ NOT-FOR-US: Collabora Online
+CVE-2021-32744 (Collabora Online is a collaborative online office suite. In versions p ...)
+ NOT-FOR-US: Collabora Online
+CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...)
+ {DLA-2816-1}
+ [experimental] - icinga2 2.12.5-1~exp1
+ - icinga2 2.12.5-1 (bug #991494)
+ [bullseye] - icinga2 <no-dsa> (Minor issue)
+ [buster] - icinga2 <no-dsa> (Minor issue)
+ NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
+ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7
+ NOTE: https://github.com/Icinga/icinga2/commit/843353ab69f79b3abfeb38ac249b05e1944369ab (v2.12.5)
+CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug ...)
+ NOT-FOR-US: Vapor
+CVE-2021-32741 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32740 (Addressable is an alternative implementation to the URI implementation ...)
+ - ruby-addressable 2.7.0-2 (bug #990791)
+ [stretch] - ruby-addressable <no-dsa> (Minor issue)
+ NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
+ NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76
+CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...)
+ {DLA-2816-1}
+ [experimental] - icinga2 2.12.5-1~exp1
+ - icinga2 2.12.5-1 (bug #991494)
+ [bullseye] - icinga2 <no-dsa> (Minor issue)
+ [buster] - icinga2 <no-dsa> (Minor issue)
+ NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/
+ NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5
+ NOTE: https://github.com/Icinga/icinga2/commit/b5b83fa51564662ff2e78d7529ff77e1085d4522 (v2.12.5)
+CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...)
+ NOT-FOR-US: js-stellar-sdk
+CVE-2021-32737 (Sulu is an open-source PHP content management system based on the Symf ...)
+ NOT-FOR-US: Sulu
+CVE-2021-32736 (think-helper defines a set of helper functions for ThinkJS. In version ...)
+ NOT-FOR-US: think-helper
+CVE-2021-32735 (Kirby is a content management system. In Kirby CMS versions 3.5.5 and ...)
+ NOT-FOR-US: Kirby
+CVE-2021-32734 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32733 (Nextcloud Text is a collaborative document editing application that us ...)
+ NOT-FOR-US: Nextcloud Text
+CVE-2021-32732 (### Impact It's possible to know if a user has or not an account in a ...)
+ NOT-FOR-US: XWiki
+CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-32728 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
+ {DSA-4974-1}
+ - nextcloud-desktop 3.3.1-1
+ NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5
+ NOTE: https://github.com/nextcloud/desktop/pull/3338
+CVE-2021-32727 (Nextcloud Android Client is the Android client for Nextcloud. Clients ...)
+ NOT-FOR-US: Nextcloud Android Client
+CVE-2021-32726 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32725 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32724 (check-spelling is a github action which provides CI spell checking. In ...)
+ NOT-FOR-US: Github
+CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before 1.24.0 a ...)
+ NOT-FOR-US: Prism
+CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb705 ...)
+ NOT-FOR-US: GlobalNewFiles MediaWiki extension
+CVE-2021-32721 (PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux ...)
+ NOT-FOR-US: PowerMux
+CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. In vers ...)
+ NOT-FOR-US: Sylius
+CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
+ - rabbitmq-server 3.9.4-1 (bug #990524)
+ [bullseye] - rabbitmq-server <no-dsa> (Minor issue)
+ [buster] - rabbitmq-server <no-dsa> (Minor issue)
+ [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x
+ NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/f01f0f2d840b98128cdb7ff966d8234b06ef7c75 (master)
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/51df93b45fb05f935456f09b88e7554e0b36317f (v3.9.0-beta.1)
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/08beb82e9ab8923ded88ece2800cd80971e2bd05 (v3.8.18)
+CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...)
+ - rabbitmq-server 3.9.4-1 (bug #990524)
+ [bullseye] - rabbitmq-server <no-dsa> (Minor issue)
+ [buster] - rabbitmq-server <no-dsa> (Minor issue)
+ [stretch] - rabbitmq-server <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772
+ NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/a8dffdf7de9793a76fc4685c89b968d8eddca4ca (v3.9.0-beta.1)
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/a7373585faeac0aaede5a9c245094d8022e81299 (v3.8.17-rc.1)
+CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions prior to 6. ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32716 (Shopware is an open source eCommerce platform. In versions prior to 6. ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32715 (hyper is an HTTP library for rust. hyper's HTTP/1 server code had a fl ...)
+ - rust-hyper <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0078.html
+ NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c
+CVE-2021-32714 (hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper ...)
+ - rust-hyper <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0079.html
+ NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9
+CVE-2021-32713 (Shopware is an open source eCommerce platform. Versions prior to 5.6.1 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32712 (Shopware is an open source eCommerce platform. Versions prior to 5.6.1 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32711 (Shopware is an open source eCommerce platform. Versions prior to 6.3.5 ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32710 (Shopware is an open source eCommerce platform. Potential session hijac ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32709 (Shopware is an open source eCommerce platform. Creation of order credi ...)
+ NOT-FOR-US: Shopware
+CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The whitespa ...)
+ - php-league-flysystem 1.1.3-4 (bug #990288)
+ NOTE: https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm
+CVE-2021-32707 (Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6 ...)
+ NOT-FOR-US: Nextcloud Mail
+CVE-2021-32706 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...)
+ NOT-FOR-US: Pi-hole
+CVE-2021-32705 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32704 (DHIS 2 is an information system for data capture, management, validati ...)
+ NOT-FOR-US: DHIS 2
+CVE-2021-32703 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
+ NOT-FOR-US: Auth0 Next.js SDK
+CVE-2021-32701 (ORY Oathkeeper is an Identity &amp; Access Proxy (IAP) and Access Cont ...)
+ NOT-FOR-US: ORY Oathkeeper
+CVE-2021-32700 (Ballerina is an open source programming language and platform for clou ...)
+ NOT-FOR-US: Ballerina
+CVE-2021-32699 (Wings is the control plane software for the open source Pterodactyl ga ...)
+ NOT-FOR-US: Wings
+CVE-2021-32698 (eLabFTW is an open source electronic lab notebook for research labs. T ...)
+ NOT-FOR-US: eLabFTW
+CVE-2021-32697 (neos/forms is an open source framework to build web forms. By crafting ...)
+ NOT-FOR-US: neos/forms
+CVE-2021-32696 (The npm package "striptags" is an implementation of PHP's strip_tags i ...)
+ NOT-FOR-US: Node striptags
+CVE-2021-32695 (Nextcloud Android app is the Android client for Nextcloud. In versions ...)
+ NOT-FOR-US: Nextcloud Android app
+CVE-2021-32694 (Nextcloud Android app is the Android client for Nextcloud. In versions ...)
+ NOT-FOR-US: Nextcloud Android app
+CVE-2021-32693 (Symfony is a PHP framework for web and console applications and a set ...)
+ - symfony <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq
+ NOTE: Fixed by: https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728 (v5.3.2)
+ NOTE: https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one
+CVE-2021-32692
+ RESERVED
+CVE-2021-32691 (Apollos Apps is an open source platform for launching church-related a ...)
+ NOT-FOR-US: Apollo Apps
+CVE-2021-32690 (Helm is a tool for managing Charts (packages of pre-configured Kuberne ...)
+ - helm-kubernetes <itp> (bug #910799)
+CVE-2021-32689 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...)
+ NOT-FOR-US: Nextcloud Talk
+CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32687 (Redis is an open source, in-memory database that persists on disk. An ...)
+ {DSA-5001-1 DLA-2810-1}
+ - redis 5:6.0.16-1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q
+CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DSA-4999-1}
+ - asterisk 1:16.16.1~dfsg-2 (bug #991931)
+ [stretch] - asterisk <not-affected> (Vulnerable code not present)
+ - pjproject <removed>
+ [stretch] - pjproject <no-dsa> (Minor issue; https://people.debian.org/~abhijith/upload/CVE-2021-32686.patch)
+ - ring <unfixed>
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr
+ NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd
+ NOTE: https://github.com/pjsip/pjproject/pull/2716
+CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...)
+ NOT-FOR-US: tEnvoy
+CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...)
+ NOT-FOR-US: Create Magento app
+CVE-2021-32683 (wire-webapp is the web version of Wire, an open-source messenger. A cr ...)
+ NOT-FOR-US: wire-webapp
+CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...)
+ NOT-FOR-US: elFinder
+CVE-2021-32681 (Wagtail is an open source content management system built on Django. A ...)
+ NOT-FOR-US: Wagtail
+CVE-2021-32680 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32679 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32678 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ based on ...)
+ - fastapi 0.70.0-1 (bug #990582)
+ [bullseye] - fastapi <no-dsa> (Minor issue)
+ NOTE: https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7
+ NOTE: https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d (0.65.2)
+CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...)
+ NOT-FOR-US: Nextcloud Talk
+CVE-2021-32675 (Redis is an open source, in-memory database that persists on disk. Whe ...)
+ {DSA-5001-1 DLA-2810-1}
+ - redis 5:6.0.16-1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p
+CVE-2021-32674 (Zope is an open-source web application server. This advisory extends t ...)
+ NOT-FOR-US: Zope
+CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot ...)
+ NOT-FOR-US: reg-keygen-git-hash-plugin
+CVE-2021-32672 (Redis is an open source, in-memory database that persists on disk. Whe ...)
+ {DSA-5001-1 DLA-2810-1}
+ - redis 5:6.0.16-1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm
+CVE-2021-32671 (Flarum is a forum software for building communities. Flarum's translat ...)
+ NOT-FOR-US: Flarum
+CVE-2021-32670 (Datasette is an open source multi-tool for exploring and publishing da ...)
+ NOT-FOR-US: Datasette
+CVE-2021-32669 (TYPO3 is an open source PHP based web content management system. Versi ...)
+ NOT-FOR-US: Typo 3
+CVE-2021-32668 (TYPO3 is an open source PHP based web content management system. Versi ...)
+ NOT-FOR-US: Typo 3
+CVE-2021-32667 (TYPO3 is an open source PHP based web content management system. Versi ...)
+ NOT-FOR-US: Typo 3
+CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...)
+ NOT-FOR-US: wire-ios (iOS version of Wire)
+CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...)
+ NOT-FOR-US: wire-ios (iOS version of Wire)
+CVE-2021-32664 (Combodo iTop is an open source web based IT Service Management tool. I ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2021-32663 (iTop is an open source web based IT Service Management tool. In affect ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2021-32662 (Backstage is an open platform for building developer portals, and tech ...)
+ NOT-FOR-US: Backstage
+CVE-2021-32661 (Backstage is an open platform for building developer portals. In versi ...)
+ NOT-FOR-US: Backstage
+CVE-2021-32660 (Backstage is an open platform for building developer portals, and tech ...)
+ NOT-FOR-US: Backstage
+CVE-2021-32659 (Matrix-appservice-bridge is the bridging service for the Matrix commun ...)
+ NOT-FOR-US: Matrix-appservice-bridge
+CVE-2021-32658 (Nextcloud Android is the Android client for the Nextcloud open source ...)
+ NOT-FOR-US: Nextcloud client for Android
+CVE-2021-32657 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32656 (Nextcloud Server is a Nextcloud package that handles data storage. A v ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32655 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32654 (Nextcloud Server is a Nextcloud package that handles data storage. In ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32653 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32652 (Nextcloud Mail is a mail app for the Nextcloud platform. A missing per ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-32651 (OneDev is a development operations platform. If the LDAP external auth ...)
+ NOT-FOR-US: OneDev
+CVE-2021-32650 (October CMS is a self-hosted content management system (CMS) platform ...)
+ NOT-FOR-US: October CMS
+CVE-2021-32649 (October CMS is a self-hosted content management system (CMS) platform ...)
+ NOT-FOR-US: October CMS
+CVE-2021-32648 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...)
+ NOT-FOR-US: October CMS
+CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected versions ...)
+ NOT-FOR-US: Emissary
+CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides automatic voice ...)
+ NOT-FOR-US: Roomer
+CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller for the ...)
+ NOT-FOR-US: Teancy multi-tenant
+CVE-2021-32644 (Ampache is an open source web based audio/video streaming application ...)
+ - ampache <removed>
+CVE-2021-32643 (Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` ca ...)
+ NOT-FOR-US: Http4s
+CVE-2021-32642 (radsecproxy is a generic RADIUS proxy that supports both UDP and TLS ( ...)
+ - radsecproxy 1.8.2-4 (unimportant)
+ NOTE: https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af
+ NOTE: Only affects example script
+CVE-2021-32641 (auth0-lock is Auth0's signin solution. Versions of nauth0-lock before ...)
+ NOT-FOR-US: auth0-lock
+CVE-2021-32640 (ws is an open source WebSocket client and server library for Node.js. ...)
+ - node-ws 7.4.2+~cs18.0.8-2
+ [buster] - node-ws 1.1.0+ds1.e6ddaae4-5+deb10u1
+ [stretch] - node-ws <no-dsa> (Minor issue)
+ NOTE: https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693
+ NOTE: https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
+CVE-2021-32639 (Emissary is a P2P-based, data-driven workflow engine. Emissary version ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32638 (Github's CodeQL action is provided to run CodeQL-based code scanning o ...)
+ NOT-FOR-US: Github
+CVE-2021-32637 (Authelia is a a single sign-on multi-factor portal for web apps. This ...)
+ NOT-FOR-US: Authelia
+CVE-2021-32636
+ RESERVED
+CVE-2021-32635 (Singularity is an open source container platform. In verions 3.7.2 and ...)
+ - singularity-container <not-affected> (Vulnerable code introduced in 3.7.2)
+ NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jq42-hfch-42f3
+ NOTE: https://github.com/hpcng/singularity/commit/cd298aaeb7698fb692689e2e1b49972c94bfa440
+CVE-2021-32634 (Emissary is a distributed, peer-to-peer, data-driven workflow framewor ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32633 (Zope is an open-source web application server. In Zope versions prior ...)
+ NOT-FOR-US: Zope
+CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...)
+ NOT-FOR-US: Pajbot
+CVE-2021-32631 (Common is a package of common modules that can be accessed by NIMBLE s ...)
+ NOT-FOR-US: NIMBLE
+CVE-2021-32630 (Admidio is a free, open source user management system for websites of ...)
+ NOT-FOR-US: Admidio
+CVE-2021-32629 (Cranelift is an open-source code generator maintained by Bytecode Alli ...)
+ NOT-FOR-US: Cranelift
+CVE-2021-32628 (Redis is an open source, in-memory database that persists on disk. An ...)
+ {DSA-5001-1}
+ - redis 5:6.0.16-1
+ [stretch] - redis <no-dsa> (Minor issue; invasive patch)
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr
+CVE-2021-32627 (Redis is an open source, in-memory database that persists on disk. In ...)
+ {DSA-5001-1}
+ - redis 5:6.0.16-1
+ [stretch] - redis <no-dsa> (Minor issue; invasive patch)
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v
+CVE-2021-32626 (Redis is an open source, in-memory database that persists on disk. In ...)
+ {DSA-5001-1 DLA-2810-1}
+ - redis 5:6.0.16-1
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c
+CVE-2021-32625 (Redis is an open source (BSD licensed), in-memory data structure store ...)
+ - redis 5:6.0.14-1 (bug #989351)
+ [buster] - redis <not-affected> (Vulnerable code not present)
+ [stretch] - redis <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/redis/redis/pull/9011
+ NOTE: https://github.com/redis/redis/commit/1ddecf1958924b178b76a31d989ef1e05af81964
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq
+ NOTE: CVE is result of incomplete fix by CVE-2021-29477.
+CVE-2021-32624 (Keystone 5 is an open source CMS platform to build Node.js application ...)
+ NOT-FOR-US: Keystone CMS
+CVE-2021-32623 (Opencast is a free and open source solution for automated video captur ...)
+ NOT-FOR-US: Opencast
+CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip ...)
+ NOT-FOR-US: Matrix-React-SDK
+CVE-2021-32621 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-32620 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-32619 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...)
+ NOT-FOR-US: Deno
+CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...)
+ NOT-FOR-US: Flask-Security-Too
+CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #988731)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
+ NOTE: https://github.com/Exiv2/exiv2/pull/1657
+CVE-2021-32616 (1CDN is open-source file sharing software. In 1CDN before commit f88a2 ...)
+ NOT-FOR-US: 1CDN
+CVE-2021-3549 (An out of bounds flaw was found in GNU binutils objdump utility versio ...)
+ - binutils 2.37-3 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27294
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7
+ NOTE: binutils not covered by security support
+CVE-2021-32615 (Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Inj ...)
+ - piwigo <removed>
+CVE-2021-32614 (A flaw was found in dmg2img through 20170502. fill_mishblk() does not ...)
+ - dmg2img <unfixed> (unimportant; bug #989008)
+ NOTE: https://github.com/Lekensteyn/dmg2img/issues/11
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability in the p ...)
+ - radare2 5.5.0+dfsg-1 (bug #989067)
+ NOTE: https://github.com/radareorg/radare2/issues/18679
+ NOTE: https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc
+CVE-2021-32612 (The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android d ...)
+ NOT-FOR-US: VeryFitPro
+CVE-2021-32611 (A NULL pointer dereference vulnerability exists in eXcall_api.c in Ant ...)
+ - libexosip2 <removed>
+ [buster] - libexosip2 <no-dsa> (Minor issue)
+ [stretch] - libexosip2 <no-dsa> (Minor issue)
+ NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054
+CVE-2021-32610 (In Archive_Tar before 1.4.14, symlinks can refer to targets outside of ...)
+ {DLA-2721-1}
+ - drupal7 <removed>
+ - php-pear <unfixed> (bug #991541)
+ [bullseye] - php-pear <no-dsa> (Minor issue)
+ [buster] - php-pear <no-dsa> (Minor issue)
+ [stretch] - php-pear <no-dsa> (Minor issue)
+ NOTE: https://www.drupal.org/sa-core-2021-004
+ NOTE: https://pear.php.net/package/Archive_Tar/download/1.4.14/
+ NOTE: https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 (1.4.14)
+CVE-2021-32609 (Apache Superset up to and including 1.1 does not sanitize titles corre ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-32608 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...)
+ NOT-FOR-US: Smartstore
+CVE-2021-32607 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...)
+ NOT-FOR-US: Smartstore
+CVE-2021-3547 (OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middl ...)
+ - openvpn3 <itp> (bug #904044)
+CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrar ...)
+ NOT-FOR-US: zzzcms
+CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-32603 (A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiM ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32602 (An improper neutralization of input during web page generation vulnera ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32601
+ RESERVED
+CVE-2021-32600 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-32599
+ RESERVED
+CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32597 (Multiple improper neutralization of input during web page generation ( ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...)
+ NOT-FOR-US: FortiPortal
+CVE-2021-32595 (Multiple uncontrolled resource consumption vulnerabilities in the web ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface of Fort ...)
+ NOT-FOR-US: FortiPortal
+CVE-2021-32593
+ RESERVED
+CVE-2021-32592 (An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32591 (A missing cryptographic steps vulnerability in the function that encry ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...)
+ NOT-FOR-US: FortiPortal
+CVE-2021-32589
+ RESERVED
+CVE-2021-32588 (A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-32587 (An improper access control vulnerability in FortiManager and FortiAnal ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-32586
+ RESERVED
+CVE-2021-32585
+ RESERVED
+CVE-2021-32584
+ RESERVED
+CVE-2021-32583
+ RESERVED
+CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A blind ...)
+ NOT-FOR-US: ConnectWise Automate
+CVE-2021-32581 (Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Im ...)
+ NOT-FOR-US: Acronis
+CVE-2021-32580 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
+ NOT-FOR-US: Acronis
+CVE-2021-32579 (Acronis True Image prior to 2021 Update 4 for Windows and Acronis True ...)
+ NOT-FOR-US: Acronis
+CVE-2021-32578 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
+ NOT-FOR-US: Acronis
+CVE-2021-32577 (Acronis True Image prior to 2021 Update 5 for Windows allowed local pr ...)
+ NOT-FOR-US: Acronis
+CVE-2021-32576 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...)
+ NOT-FOR-US: Acronis
+CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/i ...)
+ - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/16
+CVE-2021-3545 (An information disclosure vulnerability was found in the virtio vhost- ...)
+ {DSA-4980-1}
+ - qemu 1:6.1+dfsg-1 (bug #989042)
+ [buster] - qemu <not-affected> (Only minimal support present and not installed in binary packages)
+ [stretch] - qemu <not-affected> (The vulnerable code was introduced later)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01153.html
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/121841b2
+CVE-2021-3544 (Several memory leaks were found in the virtio vhost-user GPU device (v ...)
+ {DSA-4980-1}
+ - qemu 1:6.1+dfsg-1 (bug #989042)
+ [buster] - qemu <not-affected> (Only minimal support present and not installed in binary packages)
+ [stretch] - qemu <not-affected> (The vulnerable code was introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958935
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01151.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01157.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01152.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/86dd8fac
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b9f79858
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b7afebcf
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f6091d86
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/63736af5
+CVE-2021-3548 (A flaw was found in dmg2img through 20170502. dmg2img did not validate ...)
+ - dmg2img <unfixed> (unimportant)
+ NOTE: https://github.com/Lekensteyn/dmg2img/issues/9
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-3543 (A flaw null pointer dereference in the Nitro Enclaves kernel driver wa ...)
+ - linux 5.10.38-1 (unimportant)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/f1ce3986baa62cffc3c5be156994de87524bab99
+ NOTE: nitro_enclaves not enabled in Debian binary builds
+CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networ ...)
+ - nomad 0.12.10+dfsg1-3 (bug #990581)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296
+CVE-2021-32574 (HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy prox ...)
+ - consul <unfixed> (bug #991719)
+ [bullseye] - consul <no-dsa> (Minor issue)
+ [buster] - consul <not-affected> (Only affects 1.3.0 and later)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
+ NOTE: https://github.com/hashicorp/consul/pull/10619
+CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node.js all ...)
+ NOT-FOR-US: Node express-cart
+CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...)
+ NOT-FOR-US: Speco Web Viewer
+CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...)
+ NOT-FOR-US: OSS-RC
+CVE-2021-32570
+ RESERVED
+CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...)
+ NOT-FOR-US: OSS-RC
+CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...)
+ NOT-FOR-US: mrdoc
+CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...)
+ {DSA-4957-1}
+ - trafficserver 8.1.1+ds-1.1 (bug #990303)
+ NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master)
+ NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x)
+CVE-2021-32566 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...)
+ {DSA-4957-1}
+ - trafficserver 8.1.1+ds-1.1 (bug #990303)
+ NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master)
+ NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x)
+CVE-2021-32565 (Invalid values in the Content-Length header sent to Apache Traffic Ser ...)
+ {DSA-4957-1}
+ - trafficserver 8.1.1+ds-1.1 (bug #990303)
+ NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/commit/668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca (master)
+ NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x)
+CVE-2021-32564
+ RESERVED
+CVE-2021-32562
+ RESERVED
+CVE-2021-32561 (OctoPrint before 1.6.0 allows XSS because API error messages include t ...)
+ NOT-FOR-US: OctoPrint
+CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect access c ...)
+ NOT-FOR-US: OctoPrint
+CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...)
+ NOT-FOR-US: pywin32
+CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x ...)
+ {DSA-4999-1 DLA-2729-1}
+ - asterisk 1:16.16.1~dfsg-2 (bug #991710)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-008.html
+CVE-2021-32557 (It was discovered that the process_report() function in data/whoopsie- ...)
+ NOT-FOR-US: Apport
+CVE-2021-32556 (It was discovered that the get_modified_conffiles() function in backen ...)
+ NOT-FOR-US: Apport
+CVE-2021-32555 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32554 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32553 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32552 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32551 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32550 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32549 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32548 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py would follow ...)
+ NOT-FOR-US: Apport
+CVE-2021-32546
+ RESERVED
+CVE-2021-32545 (Pexip Infinity before 26 allows remote denial of service because of mi ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...)
+ NOT-FOR-US: igt+
+CVE-2021-32543 (The CTS Web transaction system related to authentication management is ...)
+ NOT-FOR-US: CTS Web transaction system
+CVE-2021-32542 (The parameters of the specific functions in the CTS Web trading system ...)
+ NOT-FOR-US: CTS Web trading system
+CVE-2021-32541 (The CTS Web transaction system related to authentication and session m ...)
+ NOT-FOR-US: CTS Web transaction system
+CVE-2021-32540 (Add announcement function in the 101EIP system does not filter special ...)
+ NOT-FOR-US: 101EIP system
+CVE-2021-32539 (Add event in calendar function in the 101EIP system does not filter sp ...)
+ NOT-FOR-US: 101EIP system
+CVE-2021-32538 (ARTWARE CMS parameter of image upload function does not filter the typ ...)
+ NOT-FOR-US: ARTWARE CMS
+CVE-2021-32537 (Realtek HAD contains a driver crashed vulnerability which allows local ...)
+ NOT-FOR-US: Realtek
+CVE-2021-32536 (The login page in the MCUsystem does not filter with special character ...)
+ NOT-FOR-US: MCUsystem
+CVE-2021-32535 (The vulnerability of hard-coded default credentials in QSAN SANOS allo ...)
+ NOT-FOR-US: QSAN SANOS
+CVE-2021-32534 (QSAN SANOS factory reset function does not filter special parameters. ...)
+ NOT-FOR-US: QSAN SANOS
+CVE-2021-32533 (The QSAN SANOS setting page does not filter special parameters. Remote ...)
+ NOT-FOR-US: QSAN SANOS
+CVE-2021-32532 (Path traversal vulnerability in back-end analysis function in QSAN XEV ...)
+ NOT-FOR-US: QSAN XEVO
+CVE-2021-32531 (OS command injection vulnerability in Init function in QSAN XEVO allow ...)
+ NOT-FOR-US: QSAN XEVO
+CVE-2021-32530 (OS command injection vulnerability in Array function in QSAN XEVO allo ...)
+ NOT-FOR-US: QSAN XEVO
+CVE-2021-32529 (Command injection vulnerability in QSAN XEVO, SANOS allows remote unau ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32528 (Observable behavioral discrepancy vulnerability in QSAN Storage Manage ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32527 (Path traversal vulnerability in QSAN Storage Manager allows remote una ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32526 (Incorrect permission assignment for critical resource vulnerability in ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32525 (The same hard-coded password in QSAN Storage Manager's in the firmware ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32524 (Command injection vulnerability in QSAN Storage Manager allows remote ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32523 (Improper authorization vulnerability in QSAN Storage Manager allows re ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32522 (Improper restriction of excessive authentication attempts vulnerabilit ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32521 (Use of MAC address as an authenticated password in QSAN Storage Manage ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32520 (Use of hard-coded cryptographic key vulnerability in QSAN Storage Mana ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32519 (Use of password hash with insufficient computational effort vulnerabil ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32518 (A vulnerability in share_link in QSAN Storage Manager allows remote at ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32517 (Improper access control vulnerability in share_link in QSAN Storage Ma ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32516 (Path traversal vulnerability in share_link in QSAN Storage Manager all ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32515 (Directory listing vulnerability in share_link in QSAN Storage Manager ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32514 (Improper access control vulnerability in FirmwareUpgrade in QSAN Stora ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32513 (QsanTorture in QSAN Storage Manager does not filter special parameters ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32512 (QuickInstall in QSAN Storage Manager does not filter special parameter ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32511 (QSAN Storage Manager through directory listing vulnerability in ViewBr ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32510 (QSAN Storage Manager through directory listing vulnerability in antivi ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32509 (Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage M ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32508 (Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32507 (Absolute Path Traversal vulnerability in FileDownload in QSAN Storage ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32506 (Absolute Path Traversal vulnerability in GetImage in QSAN Storage Mana ...)
+ NOT-FOR-US: QSAN
+CVE-2021-32505
+ RESERVED
+CVE-2021-32504
+ RESERVED
+CVE-2021-32503
+ RESERVED
+CVE-2021-32502
+ RESERVED
+CVE-2021-32501
+ RESERVED
+CVE-2021-32500
+ RESERVED
+CVE-2021-32499 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
+ NOT-FOR-US: SICK SOPAS ET
+CVE-2021-32498 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...)
+ NOT-FOR-US: SICK SOPAS ET
+CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 allows attackers to wrap any execut ...)
+ NOT-FOR-US: SICK SOPAS ET
+CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...)
+ NOT-FOR-US: SICK Visionary-S CX
+CVE-2021-32495
+ RESERVED
+CVE-2021-32494
+ RESERVED
+CVE-2021-32489 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
+ NOT-FOR-US: Yubico yubihsm-shell
+CVE-2021-32488
+ RESERVED
+CVE-2021-32487 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
+ NOT-FOR-US: modem 2G RRM
+CVE-2021-32486 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
+ NOT-FOR-US: modem 2G RRM
+CVE-2021-32485 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
+ NOT-FOR-US: modem 2G RRM
+CVE-2021-32484 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...)
+ NOT-FOR-US: modem 2G RRM
+CVE-2021-32483 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...)
+ NOT-FOR-US: Cloudera Manager
+CVE-2021-32482 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the ...)
+ NOT-FOR-US: Cloudera Manager
+CVE-2021-32481 (Cloudera Hue 4.6.0 allows XSS via the type parameter. ...)
+ NOT-FOR-US: Cloudera Hue
+CVE-2021-32480
+ RESERVED
+CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17 ...)
+ - thunar 4.16.8-1 (bug #988394)
+ [buster] - thunar <no-dsa> (Minor issue)
+ [stretch] - thunar <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/09/2
+ NOTE: Fixed by: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
+ NOTE: Regression fix: https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
+ NOTE: Regression: https://gitlab.xfce.org/xfce/thunar/-/issues/575
+CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio vhost-use ...)
+ {DSA-4980-1}
+ - qemu 1:6.1+dfsg-1 (bug #989042)
+ [buster] - qemu <not-affected> (Only minimal support present and not installed in binary packages)
+ [stretch] - qemu <not-affected> (The vulnerable code was introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958978
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01154.html
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/9f22893a
+CVE-2021-3542
+ REJECTED
+CVE-2021-32493 (A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overfl ...)
+ {DSA-5032-1 DLA-2667-1}
+ - djvulibre 3.5.28-2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424
+ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #3 / Patch12)
+CVE-2021-32492 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds rea ...)
+ {DSA-5032-1 DLA-2667-1}
+ - djvulibre 3.5.28-2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410
+ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #1 / Patch10)
+CVE-2021-32491 (A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow ...)
+ {DSA-5032-1 DLA-2667-1}
+ - djvulibre 3.5.28-2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409
+ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #5 / Patch9)
+CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds wri ...)
+ {DSA-5032-1 DLA-2667-1}
+ - djvulibre 3.5.28-2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408
+ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #4 / Patch8)
+CVE-2021-3541 (A flaw was found in libxml2. Exponential entity expansion attack its p ...)
+ {DLA-2669-1}
+ - libxml2 2.9.10+dfsg-6.7 (bug #988603)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950515
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently private)
+ NOTE: https://blog.hartwork.org/posts/cve-2021-3541-parameter-laughs-fixed-in-libxml2-2-9-11/
+CVE-2021-32479
+ RESERVED
+CVE-2021-32478
+ RESERVED
+CVE-2021-32477
+ RESERVED
+CVE-2021-32476
+ RESERVED
+CVE-2021-32475
+ RESERVED
+CVE-2021-32474
+ RESERVED
+CVE-2021-32473
+ RESERVED
+CVE-2021-32472
+ RESERVED
+CVE-2021-32471 (Insufficient input validation in the Marvin Minsky 1967 implementation ...)
+ NOT-FOR-US: Marvin Minsky 1967 implementation of the Universal Turing Machine
+CVE-2021-32470 (Craft CMS before 3.6.13 has an XSS vulnerability. ...)
+ NOT-FOR-US: Craft CMS
+CVE-2021-32469 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-32468 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-32467 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...)
+ NOT-FOR-US: Netgear
+CVE-2021-32466 (An uncontrolled search path element privilege escalation vulnerability ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32465 (An incorrect permission preservation vulnerability in Trend Micro Apex ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32464 (An incorrect permission assignment privilege escalation vulnerability ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32463 (An incorrect permission assignment denial-of-service vulnerability in ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32462 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32461 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32460 (The Trend Micro Maximum Security 2021 (v17) consumer product is vulner ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32459 (Trend Micro Home Network Security version 6.6.604 and earlier contains ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32458 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32457 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
+ NOT-FOR-US: SITEL CAP/PRX firmware
+CVE-2021-32455 (SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access ...)
+ NOT-FOR-US: SITEL CAP/PRX firmware
+CVE-2021-32454 (SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded passwor ...)
+ NOT-FOR-US: SITEL CAP/PRX firmware
+CVE-2021-32453 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...)
+ NOT-FOR-US: SITEL CAP/PRX firmware
+CVE-2021-3540 (By abusing the 'install rpm info detail' command, an attacker can esca ...)
+ NOT-FOR-US: Ivanti MobileIron Core
+CVE-2021-32452
+ RESERVED
+CVE-2021-32451
+ RESERVED
+CVE-2021-32450
+ RESERVED
+CVE-2021-32449
+ RESERVED
+CVE-2021-32448
+ RESERVED
+CVE-2021-32447
+ RESERVED
+CVE-2021-32446
+ RESERVED
+CVE-2021-32445
+ RESERVED
+CVE-2021-32444
+ RESERVED
+CVE-2021-32443
+ RESERVED
+CVE-2021-32442
+ RESERVED
+CVE-2021-32441
+ RESERVED
+CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to ca ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011
+ NOTE: https://github.com/gpac/gpac/issues/1772
+CVE-2021-32439 (Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0. ...)
+ - gpac <unfixed>
+ [stretch] - gpac <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae
+ NOTE: https://github.com/gpac/gpac/issues/1774
+CVE-2021-32438 (The gf_media_export_filters function in GPAC 1.0.1 allows attackers to ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/00194f5fe462123f70b0bae7987317b52898b868
+ NOTE: https://github.com/gpac/gpac/issues/1769
+CVE-2021-32437 (The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to caus ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e
+ NOTE: https://github.com/gpac/gpac/issues/1770
+CVE-2021-32436
+ RESERVED
+CVE-2021-32435
+ RESERVED
+CVE-2021-32434
+ RESERVED
+CVE-2021-32433
+ RESERVED
+CVE-2021-32432
+ RESERVED
+CVE-2021-32431
+ RESERVED
+CVE-2021-32430
+ RESERVED
+CVE-2021-32429
+ RESERVED
+CVE-2021-32428
+ RESERVED
+CVE-2021-32427
+ RESERVED
+CVE-2021-32426 (In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary Ja ...)
+ NOT-FOR-US: TrendNet TW100-S4W1CA
+CVE-2021-32425
+ RESERVED
+CVE-2021-32424 (In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session contr ...)
+ NOT-FOR-US: TrendNet TW100-S4W1CA
+CVE-2021-32423
+ RESERVED
+CVE-2021-32422
+ RESERVED
+CVE-2021-32421
+ RESERVED
+CVE-2021-32420
+ RESERVED
+CVE-2021-32419
+ RESERVED
+CVE-2021-32418
+ RESERVED
+CVE-2021-32417
+ RESERVED
+CVE-2021-32416
+ RESERVED
+CVE-2021-32415
+ RESERVED
+CVE-2021-32414
+ RESERVED
+CVE-2021-32413
+ RESERVED
+CVE-2021-32412
+ RESERVED
+CVE-2021-32411
+ RESERVED
+CVE-2021-32410
+ RESERVED
+CVE-2021-32409
+ RESERVED
+CVE-2021-32408
+ RESERVED
+CVE-2021-32407
+ RESERVED
+CVE-2021-32406
+ RESERVED
+CVE-2021-32405
+ RESERVED
+CVE-2021-32404
+ RESERVED
+CVE-2021-32403 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...)
+ NOT-FOR-US: Intelbras Router RF 301K Firmware
+CVE-2021-32402 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...)
+ NOT-FOR-US: Intelbras Router RF 301K Firmware
+CVE-2021-32401
+ RESERVED
+CVE-2021-32400
+ RESERVED
+CVE-2021-32399 (net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a r ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/2
+CVE-2021-32398
+ RESERVED
+CVE-2021-32397
+ RESERVED
+CVE-2021-32396
+ RESERVED
+CVE-2021-32395
+ RESERVED
+CVE-2021-32394
+ RESERVED
+CVE-2021-32393
+ RESERVED
+CVE-2021-32392
+ RESERVED
+CVE-2021-32391
+ RESERVED
+CVE-2021-32390
+ RESERVED
+CVE-2021-32389
+ RESERVED
+CVE-2021-32388
+ RESERVED
+CVE-2021-32387
+ RESERVED
+CVE-2021-32386
+ RESERVED
+CVE-2021-32385
+ RESERVED
+CVE-2021-32384
+ RESERVED
+CVE-2021-32383
+ RESERVED
+CVE-2021-32382
+ RESERVED
+CVE-2021-32381
+ RESERVED
+CVE-2021-32380
+ RESERVED
+CVE-2021-32379
+ RESERVED
+CVE-2021-32378
+ RESERVED
+CVE-2021-32377
+ RESERVED
+CVE-2021-32376
+ RESERVED
+CVE-2021-32375
+ RESERVED
+CVE-2021-32374
+ RESERVED
+CVE-2021-32373
+ RESERVED
+CVE-2021-32372
+ RESERVED
+CVE-2021-32371
+ RESERVED
+CVE-2021-32370
+ RESERVED
+CVE-2021-32369
+ RESERVED
+CVE-2021-32368
+ RESERVED
+CVE-2021-32367
+ RESERVED
+CVE-2021-32366
+ RESERVED
+CVE-2021-32365
+ RESERVED
+CVE-2021-32364
+ RESERVED
+CVE-2021-32363
+ RESERVED
+CVE-2021-32362
+ RESERVED
+CVE-2021-32361
+ RESERVED
+CVE-2021-32360
+ RESERVED
+CVE-2021-32359
+ RESERVED
+CVE-2021-32358
+ RESERVED
+CVE-2021-32357
+ RESERVED
+CVE-2021-32356
+ RESERVED
+CVE-2021-32355
+ RESERVED
+CVE-2021-32354
+ RESERVED
+CVE-2021-32353
+ RESERVED
+CVE-2021-32352
+ RESERVED
+CVE-2021-32351
+ RESERVED
+CVE-2021-32350
+ RESERVED
+CVE-2021-32349
+ RESERVED
+CVE-2021-32348
+ RESERVED
+CVE-2021-32347
+ RESERVED
+CVE-2021-32346
+ RESERVED
+CVE-2021-32345
+ RESERVED
+CVE-2021-32344
+ RESERVED
+CVE-2021-32343
+ RESERVED
+CVE-2021-32342
+ RESERVED
+CVE-2021-32341
+ RESERVED
+CVE-2021-32340
+ RESERVED
+CVE-2021-32339
+ RESERVED
+CVE-2021-32338
+ RESERVED
+CVE-2021-32337
+ RESERVED
+CVE-2021-32336
+ RESERVED
+CVE-2021-32335
+ RESERVED
+CVE-2021-32334
+ RESERVED
+CVE-2021-32333
+ RESERVED
+CVE-2021-32332
+ RESERVED
+CVE-2021-32331
+ RESERVED
+CVE-2021-32330
+ RESERVED
+CVE-2021-32329
+ RESERVED
+CVE-2021-32328
+ RESERVED
+CVE-2021-32327
+ RESERVED
+CVE-2021-32326
+ RESERVED
+CVE-2021-32325
+ RESERVED
+CVE-2021-32324
+ RESERVED
+CVE-2021-32323
+ RESERVED
+CVE-2021-32322
+ RESERVED
+CVE-2021-32321
+ RESERVED
+CVE-2021-32320
+ RESERVED
+CVE-2021-32319
+ RESERVED
+CVE-2021-32318
+ RESERVED
+CVE-2021-32317
+ RESERVED
+CVE-2021-32316
+ RESERVED
+CVE-2021-32315
+ RESERVED
+CVE-2021-32314
+ RESERVED
+CVE-2021-32313
+ RESERVED
+CVE-2021-32312
+ RESERVED
+CVE-2021-32311
+ RESERVED
+CVE-2021-32310
+ RESERVED
+CVE-2021-32309
+ RESERVED
+CVE-2021-32308
+ RESERVED
+CVE-2021-32307
+ RESERVED
+CVE-2021-32306
+ RESERVED
+CVE-2021-32305 (WebSVN before 2.6.1 allows remote attackers to execute arbitrary comma ...)
+ - websvn <removed>
+CVE-2021-32304
+ RESERVED
+CVE-2021-32303
+ RESERVED
+CVE-2021-32302
+ RESERVED
+CVE-2021-32301
+ RESERVED
+CVE-2021-32300
+ RESERVED
+CVE-2021-32299 (An issue was discovered in pbrt through 20200627. A stack-buffer-overf ...)
+ NOT-FOR-US: pbrt
+CVE-2021-32298 (An issue was discovered in libiff through 20190123. A global-buffer-ov ...)
+ NOT-FOR-US: libiff
+CVE-2021-32297 (An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow ...)
+ NOT-FOR-US: LIEF
+CVE-2021-32296
+ RESERVED
+CVE-2021-32295
+ RESERVED
+CVE-2021-32294 (An issue was discovered in libgig through 20200507. A heap-buffer-over ...)
+ - libgig <unfixed>
+ [bullseye] - libgig <ignored> (Minor issue)
+ [buster] - libgig <ignored> (Minor issue)
+ [stretch] - libgig <postponed> (Minor issue, revisit when/if fixed upstream)
+ NOTE: https://github.com/drbye78/libgig/issues/1
+CVE-2021-32293
+ RESERVED
+CVE-2021-32292
+ RESERVED
+CVE-2021-32291
+ RESERVED
+CVE-2021-32290
+ RESERVED
+CVE-2021-32289 (An issue was discovered in heif through through v3.6.2. A NULL pointer ...)
+ NOT-FOR-US: Nokia HEIF implementation (different from libheif)
+CVE-2021-32288 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...)
+ NOT-FOR-US: Nokia HEIF implementation (different from libheif)
+CVE-2021-32287 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...)
+ NOT-FOR-US: Nokia HEIF implementation (different from libheif)
+CVE-2021-32286 (An issue was discovered in hcxtools through 6.1.6. A global-buffer-ove ...)
+ - hcxtools 6.2.4-1 (bug #994790)
+ [bullseye] - hcxtools <no-dsa> (Minor issue)
+ NOTE: https://github.com/ZerBea/hcxtools/issues/155
+ NOTE: https://github.com/ZerBea/hcxtools/commit/e6505ddc262bc3254b39844895ebac70861001d2 (6.1.2)
+CVE-2021-32285 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...)
+ NOT-FOR-US: Gravity
+CVE-2021-32284 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...)
+ NOT-FOR-US: Gravity
+CVE-2021-32283 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...)
+ NOT-FOR-US: Gravity
+CVE-2021-32282 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...)
+ NOT-FOR-US: Gravity
+CVE-2021-32281 (An issue was discovered in gravity through 0.8.1. A heap-buffer-overfl ...)
+ NOT-FOR-US: Gravity
+CVE-2021-32280 (An issue was discovered in fig2dev before 3.2.8.. A NULL pointer deref ...)
+ {DLA-2778-1}
+ - fig2dev 1:3.2.7b-5 (bug #960736)
+ [buster] - fig2dev <no-dsa> (Minor issue)
+ - transfig <removed>
+ NOTE: https://sourceforge.net/p/mcj/tickets/107/
+ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/
+CVE-2021-32279
+ RESERVED
+CVE-2021-32278 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...)
+ {DLA-2792-1}
+ - faad2 2.10.0-1
+ NOTE: https://github.com/knik0/faad2/issues/62
+ NOTE: https://github.com/knik0/faad2/commit/e19a5e491354e0e4664d02b796dacee28fb2521e (2_10_0)
+CVE-2021-32277 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...)
+ {DLA-2792-1}
+ - faad2 2.10.0-1
+ NOTE: https://github.com/knik0/faad2/issues/59
+ NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0)
+CVE-2021-32276 (An issue was discovered in faad2 through 2.10.0. A NULL pointer derefe ...)
+ {DLA-2792-1}
+ - faad2 2.10.0-1
+ NOTE: https://github.com/knik0/faad2/issues/58
+ NOTE: https://github.com/knik0/faad2/commit/b58840121d1827b4b6c7617e2431589af1776ddc (2_10_0)
+CVE-2021-32275 (An issue was discovered in faust through v2.30.5. A NULL pointer deref ...)
+ - faust <unfixed> (unimportant)
+ NOTE: https://github.com/grame-cncm/faust/issues/482
+ NOTE: Negligible security impact
+CVE-2021-32274 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...)
+ {DLA-2792-1}
+ - faad2 2.10.0-1
+ NOTE: https://github.com/knik0/faad2/issues/60
+ NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0)
+CVE-2021-32273 (An issue was discovered in faad2 through 2.10.0. A stack-buffer-overfl ...)
+ - faad2 2.10.0-1
+ [stretch] - faad2 <not-affected> (Vulnerable code not present, introduced in 2.8.2)
+ NOTE: https://github.com/knik0/faad2/issues/56
+ NOTE: https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f (2_10_0)
+CVE-2021-32272 (An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow ...)
+ - faad2 2.10.0-1
+ [stretch] - faad2 <not-affected> (Vulnerable code not present, introduced in 2.8.2)
+ NOTE: https://github.com/knik0/faad2/issues/57
+ NOTE: https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24 (2_10_0)
+CVE-2021-32271 (An issue was discovered in gpac through 20200801. A stack-buffer-overf ...)
+ - gpac 1.0.1+dfsg1-2
+ NOTE: https://github.com/gpac/gpac/commit/71f1d75eaf71f47944ddbd9356fb498ca252b19a (v1.0.1)
+ NOTE: https://github.com/gpac/gpac/issues/1575
+CVE-2021-32270 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/issues/1586
+ NOTE: https://github.com/gpac/gpac/commit/362fc486b5c0eea04f26793d5623f6a9272bd85a (v1.0.1)
+CVE-2021-32269 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...)
+ - gpac 1.0.1+dfsg1-2
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/issues/1574
+ NOTE: https://github.com/gpac/gpac/commit/fc4d8f594acfd97fc750403cca734671bb623afc (v1.0.1)
+CVE-2021-32268 (Buffer overflow vulnerability in function gf_fprintf in os_file.c in g ...)
+ - gpac 1.0.1+dfsg1-2
+ NOTE: https://github.com/gpac/gpac/issues/1587
+ NOTE: https://github.com/gpac/gpac/commit/388ecce75d05e11fc8496aa4857b91245007d26e (v1.0.1)
+CVE-2021-32267
+ RESERVED
+CVE-2021-32266
+ RESERVED
+CVE-2021-32265 (An issue was discovered in Bento4 through v1.6.0-637. A global-buffer- ...)
+ NOT-FOR-US: Bento4
+CVE-2021-32264
+ RESERVED
+CVE-2021-32263 (ok-file-formats through 2021-04-29 has a heap-based buffer overflow in ...)
+ NOT-FOR-US: ok-file-formats
+CVE-2021-32262
+ RESERVED
+CVE-2021-32261
+ RESERVED
+CVE-2021-32260
+ RESERVED
+CVE-2021-32259
+ REJECTED
+CVE-2021-32258
+ RESERVED
+CVE-2021-32257
+ RESERVED
+CVE-2021-32256
+ RESERVED
+CVE-2021-32255
+ RESERVED
+CVE-2021-32254
+ RESERVED
+CVE-2021-32253
+ RESERVED
+CVE-2021-32252
+ RESERVED
+CVE-2021-32251
+ RESERVED
+CVE-2021-32250
+ RESERVED
+CVE-2021-32249
+ RESERVED
+CVE-2021-32248
+ RESERVED
+CVE-2021-32247
+ RESERVED
+CVE-2021-32246
+ RESERVED
+CVE-2021-32245 (In PageKit v1.0.18, a user can upload SVG files in the file upload por ...)
+ NOT-FOR-US: PageKit CMS
+CVE-2021-32244 (Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to ...)
+ - moodle <removed>
+CVE-2021-32243 (FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). ...)
+ NOT-FOR-US: FOGProject
+CVE-2021-32242
+ RESERVED
+CVE-2021-32241
+ RESERVED
+CVE-2021-32240
+ RESERVED
+CVE-2021-32239
+ RESERVED
+CVE-2021-32238 (Epic Games / Psyonix Rocket League &lt;=1.95 is affected by Buffer Ove ...)
+ NOT-FOR-US: Epic Games / Psyonix Rocket League
+CVE-2021-32237
+ RESERVED
+CVE-2021-32236
+ RESERVED
+CVE-2021-32235
+ RESERVED
+CVE-2021-32234 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows r ...)
+ NOT-FOR-US: SmarterTools
+CVE-2021-32233 (SmarterTools SmarterMail before Build 7776 allows XSS. ...)
+ NOT-FOR-US: SmarterTools SmarterMail
+CVE-2021-32232
+ RESERVED
+CVE-2021-32231
+ RESERVED
+CVE-2021-32230
+ RESERVED
+CVE-2021-32229
+ RESERVED
+CVE-2021-32228
+ RESERVED
+CVE-2021-32227
+ RESERVED
+CVE-2021-32226
+ RESERVED
+CVE-2021-32225
+ RESERVED
+CVE-2021-32224
+ RESERVED
+CVE-2021-32223
+ RESERVED
+CVE-2021-32222
+ RESERVED
+CVE-2021-32221
+ RESERVED
+CVE-2021-32220
+ RESERVED
+CVE-2021-32219
+ RESERVED
+CVE-2021-32218
+ RESERVED
+CVE-2021-32217
+ RESERVED
+CVE-2021-32216
+ RESERVED
+CVE-2021-32215
+ RESERVED
+CVE-2021-32214
+ RESERVED
+CVE-2021-32213
+ RESERVED
+CVE-2021-32212
+ RESERVED
+CVE-2021-32211
+ RESERVED
+CVE-2021-32210
+ RESERVED
+CVE-2021-32209
+ RESERVED
+CVE-2021-32208
+ RESERVED
+CVE-2021-32207
+ RESERVED
+CVE-2021-32206
+ RESERVED
+CVE-2021-32205
+ RESERVED
+CVE-2021-32204
+ RESERVED
+CVE-2021-32203
+ RESERVED
+CVE-2021-32202 (In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by ...)
+ NOT-FOR-US: CS-Cart
+CVE-2021-32201
+ RESERVED
+CVE-2021-32200
+ RESERVED
+CVE-2021-32199
+ RESERVED
+CVE-2021-32198 (EmTec ZOC through 8.02.4 allows remote servers to cause a denial of se ...)
+ NOT-FOR-US: EmTec ZOC
+CVE-2021-32197
+ RESERVED
+CVE-2021-32196
+ RESERVED
+CVE-2021-32195
+ RESERVED
+CVE-2021-32194
+ RESERVED
+CVE-2021-32193
+ RESERVED
+CVE-2021-32192
+ RESERVED
+CVE-2021-32191
+ RESERVED
+CVE-2021-32190
+ RESERVED
+CVE-2021-32189
+ RESERVED
+CVE-2021-32188
+ RESERVED
+CVE-2021-32187
+ RESERVED
+CVE-2021-32186
+ RESERVED
+CVE-2021-32185
+ RESERVED
+CVE-2021-32184
+ RESERVED
+CVE-2021-32183
+ RESERVED
+CVE-2021-32182
+ RESERVED
+CVE-2021-32181
+ RESERVED
+CVE-2021-32180
+ RESERVED
+CVE-2021-32179
+ RESERVED
+CVE-2021-32178
+ RESERVED
+CVE-2021-32177
+ RESERVED
+CVE-2021-32176
+ RESERVED
+CVE-2021-32175
+ RESERVED
+CVE-2021-32174
+ RESERVED
+CVE-2021-32173
+ RESERVED
+CVE-2021-32172 (Maian Cart v3.8 contains a preauthorization remote code execution (RCE ...)
+ NOT-FOR-US: Maian Cart
+CVE-2021-32171
+ RESERVED
+CVE-2021-32170
+ RESERVED
+CVE-2021-32169
+ RESERVED
+CVE-2021-32168
+ RESERVED
+CVE-2021-32167
+ RESERVED
+CVE-2021-32166
+ RESERVED
+CVE-2021-32165
+ RESERVED
+CVE-2021-32164
+ RESERVED
+CVE-2021-32163
+ RESERVED
+CVE-2021-32162
+ RESERVED
+CVE-2021-32161
+ RESERVED
+CVE-2021-32160
+ RESERVED
+CVE-2021-32159
+ RESERVED
+CVE-2021-32158
+ RESERVED
+CVE-2021-32157
+ RESERVED
+CVE-2021-32156
+ RESERVED
+CVE-2021-32155
+ RESERVED
+CVE-2021-32154
+ RESERVED
+CVE-2021-32153
+ RESERVED
+CVE-2021-32152
+ RESERVED
+CVE-2021-32151
+ RESERVED
+CVE-2021-32150
+ RESERVED
+CVE-2021-32149
+ RESERVED
+CVE-2021-32148
+ RESERVED
+CVE-2021-32147
+ RESERVED
+CVE-2021-32146
+ RESERVED
+CVE-2021-32145
+ RESERVED
+CVE-2021-32144
+ RESERVED
+CVE-2021-32143
+ RESERVED
+CVE-2021-32142
+ RESERVED
+CVE-2021-32141
+ RESERVED
+CVE-2021-32140
+ RESERVED
+CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to c ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
+ [buster] - ccextractor <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e
+ NOTE: https://github.com/gpac/gpac/issues/1768
+CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a d ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b
+ NOTE: https://github.com/gpac/gpac/issues/1767
+CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4Box in ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca
+ NOTE: https://github.com/gpac/gpac/issues/1766
+CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0. ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed
+ NOTE: https://github.com/gpac/gpac/issues/1765
+CVE-2021-32135 (The trak_box_size function in GPAC 1.0.1 allows attackers to cause a d ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/b8f8b202d4fc23eb0ab4ce71ae96536ca6f5d3f8
+ NOTE: https://github.com/gpac/gpac/issues/1757
+CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <ignored> (Minor issue)
+ [stretch] - gpac <ignored> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <not-affected> (Vulnerable code introduced later)
+ [buster] - ccextractor <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01
+ NOTE: https://github.com/gpac/gpac/issues/1756
+CVE-2021-32133
+ RESERVED
+CVE-2021-32132 (The abst_box_size function in GPAC 1.0.1 allows attackers to cause a d ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <ignored> (Minor issue)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/e74be5976a6fee059c638050a237893f7e9a3b23
+ NOTE: https://github.com/gpac/gpac/issues/1753
+CVE-2021-32131
+ RESERVED
+CVE-2021-32130
+ RESERVED
+CVE-2021-32129
+ RESERVED
+CVE-2021-32128
+ RESERVED
+CVE-2021-32127
+ RESERVED
+CVE-2021-32126
+ RESERVED
+CVE-2021-32125
+ RESERVED
+CVE-2021-32124
+ RESERVED
+CVE-2021-32123
+ RESERVED
+CVE-2021-32122 (Certain NETGEAR devices are affected by CSRF. This affects EX3700 befo ...)
+ NOT-FOR-US: Netgear
+CVE-2021-32121
+ RESERVED
+CVE-2021-32120
+ RESERVED
+CVE-2021-32119
+ RESERVED
+CVE-2021-32118
+ RESERVED
+CVE-2021-32117
+ RESERVED
+CVE-2021-32116
+ RESERVED
+CVE-2021-32115
+ RESERVED
+CVE-2021-32114
+ RESERVED
+CVE-2021-32113
+ RESERVED
+CVE-2021-32112
+ RESERVED
+CVE-2021-32111
+ RESERVED
+CVE-2021-32110
+ RESERVED
+CVE-2021-32109
+ RESERVED
+CVE-2021-32108
+ RESERVED
+CVE-2021-32107
+ RESERVED
+CVE-2021-32106 (In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified i ...)
+ NOT-FOR-US: ICEcoder
+CVE-2021-32105
+ RESERVED
+CVE-2021-32104 (A SQL injection vulnerability exists (with user privileges) in interfa ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-32103 (A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-32102 (A SQL injection vulnerability exists (with user privileges) in library ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-32101 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect acces ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-32100 (A remote file inclusion vulnerability exists in Artica Pandora FMS 742 ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2021-32099 (A SQL injection vulnerability in the pandora_console component of Arti ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2021-32098 (Artica Pandora FMS 742 allows unauthenticated attackers to perform Pha ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2021-32097
+ RESERVED
+CVE-2021-32096 (The ConsoleAction component of U.S. National Security Agency (NSA) Emi ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32095 (U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authentic ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32094 (U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authentic ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32093 (The ConfigFileAction component of U.S. National Security Agency (NSA) ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32092 (A Cross-site scripting (XSS) vulnerability in the DocumentAction compo ...)
+ NOT-FOR-US: NSA Emissary
+CVE-2021-32091 (A Cross-site scripting (XSS) vulnerability exists in StackLift LocalSt ...)
+ NOT-FOR-US: StackList LocalStack
+CVE-2021-32090 (The dashboard component of StackLift LocalStack 0.12.6 allows attacker ...)
+ NOT-FOR-US: StackList LocalStack
+CVE-2021-32089 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on Zebra (form ...)
+ NOT-FOR-US: Zebra
+CVE-2021-32088
+ RESERVED
+CVE-2021-32087
+ RESERVED
+CVE-2021-32086
+ RESERVED
+CVE-2021-32085
+ RESERVED
+CVE-2021-32084
+ RESERVED
+CVE-2021-32083
+ RESERVED
+CVE-2021-32082
+ RESERVED
+CVE-2021-32081
+ RESERVED
+CVE-2021-32080
+ RESERVED
+CVE-2021-32079
+ RESERVED
+CVE-2021-32078 (An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/perso ...)
+ - linux 5.14.6-1 (unimportant)
+ NOTE: https://kirtikumarar.com/CVE-2021-32078.txt
+ NOTE: https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1)
+CVE-2021-3539 (EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site ...)
+ NOT-FOR-US: EspoCRM
+CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from commit ...)
+ - golang-github-satori-go.uuid <not-affected> (Vulnerable code introduced later and not in any released version)
+ NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
+ NOTE: Possibly introduced by: https://github.com/satori/go.uuid/commit/0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c
+ NOTE: Fixed by: https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45
+ NOTE: https://github.com/satori/go.uuid/issues/73
+CVE-2021-32077 (Primary Source Verification in VerityStream MSOW Solutions before 3.1. ...)
+ NOT-FOR-US: VerityStream MSOW Solutions
+CVE-2021-32076 (Access Restriction Bypass via referrer spoof was discovered in SolarWi ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-32075 (Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization. ...)
+ NOT-FOR-US: Re-Logic Terraria
+CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows a ...)
+ NOT-FOR-US: HashiCorp vault-action (aka Vault GitHub Action)
+CVE-2021-32073 (DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote at ...)
+ NOT-FOR-US: DedeCMS
+CVE-2021-32072 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
+ NOT-FOR-US: Mitel
+CVE-2021-32071 (The MiCollab Client service in Mitel MiCollab before 9.3 could allow a ...)
+ NOT-FOR-US: Mitel
+CVE-2021-32070 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
+ NOT-FOR-US: Mitel
+CVE-2021-32069 (The AWV component of Mitel MiCollab before 9.3 could allow an attacker ...)
+ NOT-FOR-US: Mitel
+CVE-2021-32068 (The AWV and MiCollab Client Service components in Mitel MiCollab befor ...)
+ NOT-FOR-US: Mitel
+CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...)
+ NOT-FOR-US: Mitel
+CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
+ {DSA-5066-1 DLA-2780-1}
+ - ruby2.7 2.7.4-1 (bug #990815)
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ - jruby <unfixed>
+ [buster] - jruby <no-dsa> (Minor issue)
+ [stretch] - jruby <no-dsa> (Minor issue)
+ NOTE: https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/
+ NOTE: https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a (2.7)
+CVE-2021-32065
+ RESERVED
+CVE-2021-32064
+ RESERVED
+CVE-2021-32063
+ RESERVED
+CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x ...)
+ [experimental] - mapserver 7.6.3-1~exp1
+ - mapserver 7.6.2-2 (bug #988208)
+ [bullseye] - mapserver <ignored> (Minor issue; #988224)
+ [buster] - mapserver <no-dsa> (Minor issue; will be fixed via point release)
+ [stretch] - mapserver <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/mapserver/mapserver/issues/6313
+ NOTE: https://github.com/MapServer/MapServer/pull/6314
+ NOTE: https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732 (branch-7-6)
+ NOTE: https://github.com/mapserver/mapserver/commit/7db7cbb26b6bc6e651db268e9536836a56e6825a (branch-7-2)
+ NOTE: https://github.com/mapserver/mapserver/commit/82a3eb5f6c8f75cedd095b909cc4990f3d8a99e1 (branch-7-0)
+ NOTE: Fixed in 7.0.8, 7.2.3, 7.4.5, 7.6.3
+CVE-2021-3537 (A vulnerability found in libxml2 in versions before 2.9.11 shows that ...)
+ {DLA-2653-1}
+ - libxml2 2.9.10+dfsg-6.6 (bug #988123)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u2
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/244
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/245
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61
+CVE-2021-3536 (A flaw was found in Wildfly in versions before 23.0.2.Final while crea ...)
+ - wildfly <itp> (bug #752018)
+CVE-2021-3535 (Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting ...)
+ NOT-FOR-US: Rapid7
+CVE-2021-32061 (S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket ...)
+ NOT-FOR-US: S3Scanner
+CVE-2021-32060
+ RESERVED
+CVE-2021-32059
+ RESERVED
+CVE-2021-32058
+ RESERVED
+CVE-2021-32057
+ RESERVED
+CVE-2021-32056 (Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remo ...)
+ - cyrus-imapd 3.2.6-2
+ [buster] - cyrus-imapd <not-affected> (Vulnerable code introduced in the 3.2.x series)
+ [stretch] - cyrus-imapd <not-affected> (Vulnerable code introduced in the 3.2.x series)
+ NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995
+ NOTE: https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released
+CVE-2021-32054 (Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers ...)
+ NOT-FOR-US: Firely/Incendi Spark
+CVE-2021-32053 (JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e. ...)
+ NOT-FOR-US: HAPI FHIR
+CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 ( ...)
+ - python-django 2:2.2.22-1 (bug #988136; unimportant)
+ NOTE: https://www.djangoproject.com/weblog/2021/may/06/security-releases/
+ NOTE: Only an issue in combination with python3.9 3.9.5+
+CVE-2021-32051 (Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via ...)
+ NOT-FOR-US: Hexagon G!nius Auskunftsportal
+CVE-2021-32050
+ RESERVED
+CVE-2021-32049
+ RESERVED
+CVE-2021-32048
+ RESERVED
+CVE-2021-32047
+ RESERVED
+CVE-2021-32046
+ RESERVED
+CVE-2021-32045
+ RESERVED
+CVE-2021-32044
+ RESERVED
+CVE-2021-32043
+ RESERVED
+CVE-2021-32042
+ RESERVED
+CVE-2021-32041
+ RESERVED
+CVE-2021-32040
+ RESERVED
+CVE-2021-32039 (Users with appropriate file access may be able to access unencrypted u ...)
+ NOT-FOR-US: MongoDB VSCode Extension
+CVE-2021-32038
+ RESERVED
+CVE-2021-32037 (An authorized user may trigger an invariant which may result in denial ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-59071
+CVE-2021-32036 (An authenticated user without any specific authorizations may be able ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-59294
+CVE-2021-32035
+ RESERVED
+CVE-2021-32034
+ RESERVED
+CVE-2021-32033 (Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in ...)
+ NOT-FOR-US: Protectimus SLIM NFC
+CVE-2021-32032 (In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated ...)
+ NOT-FOR-US: Trusted Firmware-M
+CVE-2021-32031
+ RESERVED
+CVE-2021-32055 (Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through ...)
+ - mutt 2.0.5-4.1 (bug #988106)
+ [buster] - mutt <not-affected> (Vulnerable code introduced later)
+ [stretch] - mutt <not-affected> (Vulnerable code introduced later)
+ - neomutt 20201127+dfsg.1-1.2 (bug #988107)
+ [buster] - neomutt <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5
+ NOTE: https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc
+ NOTE: imap_qresync not enabled by default and considered an experimental feature
+CVE-2021-32030 (The administrator application on ASUS GT-AC2900 devices before 3.0.0.4 ...)
+ NOT-FOR-US: ASUS
+CVE-2021-32029 (A flaw was found in postgresql. Using an UPDATE ... RETURNING command ...)
+ {DSA-4915-1}
+ - postgresql-13 13.3-1
+ - postgresql-11 <removed>
+ - postgresql-9.6 <removed>
+ [stretch] - postgresql-9.6 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3 (REL_13_3)
+CVE-2021-32028 (A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO ...)
+ {DSA-4915-1 DLA-2662-1}
+ - postgresql-13 13.3-1
+ - postgresql-11 <removed>
+ - postgresql-9.6 <removed>
+ NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4a8656a7ee0c155b0249376af58eb3fc3a90415f (REL_13_3)
+CVE-2021-32027 (A flaw was found in postgresql in versions before 13.3, before 12.7, b ...)
+ {DSA-4915-1 DLA-2662-1}
+ - postgresql-13 13.3-1
+ - postgresql-11 <removed>
+ - postgresql-9.6 <removed>
+ NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/
+ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb (REL_13_3)
+CVE-2021-3534
+ REJECTED
+CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR ...)
+ - ansible <unfixed>
+ [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ - ansible-base <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956477
+CVE-2021-32026
+ RESERVED
+CVE-2021-32025
+ RESERVED
+CVE-2021-32024 (A remote code execution vulnerability in the BMP image codec of BlackB ...)
+ NOT-FOR-US: BlackBerry
+CVE-2021-32023 (An elevation of privilege vulnerability in the message broker of Black ...)
+ NOT-FOR-US: BlackBerry
+CVE-2021-32022 (A low privileged delete vulnerability using CEF RPC server of BlackBer ...)
+ NOT-FOR-US: BlackBerry
+CVE-2021-32021 (A denial of service vulnerability in the message broker of BlackBerry ...)
+ NOT-FOR-US: BlackBerry
+CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insuffici ...)
+ NOT-FOR-US: kernel in Amazon Web Services FreeRTOS
+CVE-2021-32019 (There is missing input validation of host names displayed in OpenWrt b ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-32018 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP A ...)
+ NOT-FOR-US: JUMP AMS
+CVE-2021-32017 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...)
+ NOT-FOR-US: JUMP AMS
+CVE-2021-32016 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...)
+ NOT-FOR-US: JUMP AMS
+CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated mal ...)
+ NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware
+CVE-2021-32014 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...)
+ NOT-FOR-US: SheetJS
+CVE-2021-32013 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...)
+ NOT-FOR-US: SheetJS
+CVE-2021-32012 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...)
+ NOT-FOR-US: SheetJS
+CVE-2021-3532 (A flaw was found in Ansible where the secret information present in as ...)
+ - ansible <unfixed>
+ [bullseye] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ [buster] - ansible <postponed> (Minor issue, revisit when/if fixed upstream)
+ - ansible-base <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956464
+CVE-2021-3531 (A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...)
+ - ceph 14.2.21-1 (bug #988890)
+ [buster] - ceph <no-dsa> (Minor issue)
+ [stretch] - ceph <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/5
+ NOTE: Nautilus: https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e
+ NOTE: Octopus: https://github.com/ceph/ceph/commit/b87e64e3206210580f4a6df2d77f9ae3f1033039
+ NOTE: Pacific: https://github.com/ceph/ceph/commit/bf06990ab41d7ac299e4441ad9cd434e926a18e7
+CVE-2021-3530 (A flaw was discovered in GNU libiberty within demangle_path() in rust- ...)
+ - binutils <unfixed> (unimportant)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1925348
+ NOTE: binutils not covered by security support
+CVE-2021-32011
+ RESERVED
+CVE-2021-32010
+ RESERVED
+CVE-2021-32009
+ RESERVED
+CVE-2021-32008
+ RESERVED
+CVE-2021-32007
+ RESERVED
+CVE-2021-32006
+ RESERVED
+CVE-2021-32005
+ RESERVED
+CVE-2021-32004 (This issue affects: Secomea GateManager All versions prior to 9.6. Imp ...)
+ NOT-FOR-US: Secomea GateManager
+CVE-2021-32003 (Unprotected Transport of Credentials vulnerability in SiteManager prov ...)
+ NOT-FOR-US: Secomea SiteManager
+CVE-2021-32002 (Improper Access Control vulnerability in web service of Secomea SiteMa ...)
+ NOT-FOR-US: Secomea SiteManager
+CVE-2021-32001 (A Missing Encryption of Sensitive Data vulnerability in k3s, kde2 of S ...)
+ NOT-FOR-US: Rancher
+CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-ma ...)
+ NOT-FOR-US: clone-master-clean-up in SUSE Linux Enterprise Server
+CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...)
+ NOT-FOR-US: Rancher
+CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...)
+ - inn2 <not-affected> (SuSE-specific packaging issue)
+CVE-2021-31997 (a UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...)
+ - postorius <not-affected> (SuSE-specific packaging issue)
+CVE-2021-31996 (An issue was discovered in the algorithmica crate through 2021-03-07 f ...)
+ NOT-FOR-US: Rust crate algorithmica
+CVE-2021-3529 (A flaw was found in noobaa-core in versions before 5.7.0. This flaw re ...)
+ NOT-FOR-US: noobaa
+CVE-2021-31995
+ RESERVED
+CVE-2021-31994
+ RESERVED
+CVE-2021-31993
+ RESERVED
+CVE-2021-31992
+ RESERVED
+CVE-2021-31991
+ RESERVED
+CVE-2021-31990
+ RESERVED
+CVE-2021-31989 (A user with permission to log on to the machine hosting the AXIS Devic ...)
+ NOT-FOR-US: AXIS
+CVE-2021-31988 (A user controlled parameter related to SMTP test functionality is not ...)
+ NOT-FOR-US: AXIS
+CVE-2021-31987 (A user controlled parameter related to SMTP test functionality is not ...)
+ NOT-FOR-US: AXIS
+CVE-2021-31986 (User controlled parameters related to SMTP notifications are not corre ...)
+ NOT-FOR-US: AXIS
+CVE-2021-31985 (Microsoft Defender Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31984 (Power BI Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31983 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31982
+ RESERVED
+CVE-2021-31981
+ RESERVED
+CVE-2021-31980 (Microsoft Intune Management Extension Remote Code Execution Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31979 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31978 (Microsoft Defender Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31977 (Windows Hyper-V Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31976 (Server for NFS Information Disclosure Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31975 (Server for NFS Information Disclosure Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31974 (Server for NFS Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31973 (Windows GPSVC Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31972 (Event Tracing for Windows Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31971 (Windows HTML Platform Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31970 (Windows TCP/IP Driver Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31969 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31968 (Windows Remote Desktop Services&#194; Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31967 (VP9 Video Extensions Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31966 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31965 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31964 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31963 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31962 (Kerberos AppContainer Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31961 (Windows InstallService Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31960 (Windows Bind Filter Driver Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31959 (Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31958 (Windows NTLM Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31957 (ASP.NET Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31956 (Windows NTFS Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31955 (Windows Kernel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31954 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31953 (Windows Filter Manager Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31952 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31951 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31950 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31949 (Microsoft Outlook Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31948 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31947 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31946 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31945 (Paint 3D Remote Code Execution Vulnerability This CVE ID is unique fro ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31944 (3D Viewer Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31943 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31942 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31941 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31940 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31939 (Microsoft Excel Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31938 (Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vul ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31937
+ RESERVED
+CVE-2021-31936 (Microsoft Accessibility Insights for Web Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31935 (OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-31934 (OX App Suite 7.10.4 and earlier allows XSS via a crafted contact objec ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-31933 (A remote code execution vulnerability exists in Chamilo through 1.11.1 ...)
+ NOT-FOR-US: Chamilo
+CVE-2021-31932 (Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentic ...)
+ NOT-FOR-US: Nokia
+CVE-2021-31931
+ RESERVED
+CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...)
+ NOT-FOR-US: Concerto
+CVE-2021-31929 (Annex Cloud Loyalty Experience Platform &lt;2021.1.0.1 allows any auth ...)
+ NOT-FOR-US: Annex Cloud Loyalty Experience Platform
+CVE-2021-31928 (Annex Cloud Loyalty Experience Platform &lt;2021.1.0.1 allows any auth ...)
+ NOT-FOR-US: Annex Cloud Loyalty Experience Platform
+CVE-2021-31927 (An Insecure Direct Object Reference (IDOR) vulnerability in Annex Clou ...)
+ NOT-FOR-US: Annex Cloud Loyalty Experience Platform
+CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1. ...)
+ NOT-FOR-US: CubeCoders AMP
+CVE-2021-31925 (Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thu ...)
+ NOT-FOR-US: Pexip
+CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the p ...)
+ - pam-u2f 1.1.0-1.1 (bug #987545)
+ [buster] - pam-u2f <not-affected> (Vulnerable code not present)
+ [stretch] - pam-u2f <not-affected> (Vulnerable code not present)
+ NOTE: https://www.yubico.com/support/security-advisories/ysa-2021-03
+ NOTE: https://github.com/Yubico/pam-u2f/commit/6059b057dd9b6d0164fc16f9422c0d728f902bb5 (pam_u2f-1.1.1)
+ NOTE: https://github.com/Yubico/pam-u2f/issues/175
+ NOTE: Support for PIN verification introduced in 1.1.0.
+CVE-2021-31923 (Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling vi ...)
+ NOT-FOR-US: Ping Identity PingAccess
+CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffi ...)
+ NOT-FOR-US: Pulse Secure
+CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...)
+ NOT-FOR-US: noobaa
+CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ...)
+ {DLA-2753-1}
+ - qemu 1:5.2+dfsg-11 (bug #988157)
+ [buster] - qemu <no-dsa> (Minor issue)
+ NOTE: Initial patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html
+ NOTE: Revisited: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c
+CVE-2021-3526
+ REJECTED
+CVE-2021-3525
+ REJECTED
+CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...)
+ {DLA-2735-1}
+ - ceph 14.2.21-1 (bug #988889)
+ [buster] - ceph <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674
+ NOTE: Fixed by: https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1
+CVE-2021-3523
+ RESERVED
+CVE-2021-31921 (Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploita ...)
+ NOT-FOR-US: Istio
+CVE-2021-31920 (Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable v ...)
+ NOT-FOR-US: Istio
+CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When ...)
+ NOT-FOR-US: Rust crate rkyv
+CVE-2021-31918 (A flaw was found in tripleo-ansible version as shipped in Red Hat Open ...)
+ NOT-FOR-US: tripleo-ansible
+CVE-2021-31917 (A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1. ...)
+ NOT-FOR-US: Infinispan
+CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in list_devices in ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/1
+CVE-2021-31915 (In JetBrains TeamCity before 2020.2.4, OS command injection leading to ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31914 (In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execu ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31913 (In JetBrains TeamCity before 2020.2.3, insufficient checks of the redi ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31912 (In JetBrains TeamCity before 2020.2.3, account takeover was potentiall ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31911 (In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on s ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31910 (In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31909 (In JetBrains TeamCity before 2020.2.3, argument injection leading to r ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31908 (In JetBrains TeamCity before 2020.2.3, stored XSS was possible on seve ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31907 (In JetBrains TeamCity before 2020.2.2, permission checks for changing ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31906 (In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31905 (In JetBrains YouTrack before 2020.6.8801, information disclosure in an ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31904 (In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31903 (In JetBrains YouTrack before 2021.1.9819, a pull request's title was s ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31902 (In JetBrains YouTrack before 2020.6.6600, access control during the ex ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31901 (In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31900 (In JetBrains Code With Me bundled to the compatible IDE versions befor ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31899 (In JetBrains Code With Me bundled to the compatible IDEs before versio ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31898 (In JetBrains WebStorm before 2021.1, HTTP requests were used instead o ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31897 (In JetBrains WebStorm before 2021.1, code execution without user confi ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-31896
+ RESERVED
+CVE-2021-31895 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31894 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31893 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse MyCondition ( ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31891 (A vulnerability has been identified in Desigo CC (All versions with OI ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31890 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31889 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31888 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31887 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31886 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31885 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31884 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31883 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31882 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31881 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31880
+ RESERVED
+CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a ...)
+ - wget <unfixed> (bug #988209)
+ [bullseye] - wget <no-dsa> (Minor issue)
+ [buster] - wget <no-dsa> (Minor issue)
+ [stretch] - wget <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
+CVE-2021-31878 (An issue was discovered in PJSIP in Asterisk before 16.19.1 and before ...)
+ - asterisk <not-affected> (Vulnerability introduced in 16.17.0)
+ NOTE: http://downloads.asterisk.org/pub/security/AST-2021-007.html
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29381
+CVE-2021-31877
+ REJECTED
+CVE-2021-31876 (Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the rep ...)
+ - bitcoin <unfixed>
+ NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876
+ NOTE: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html
+CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSO ...)
+ NOT-FOR-US: Cesanta MongooseOS mJS
+CVE-2021-31874 (Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, ...)
+ NOT-FOR-US: Zoho
+CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in the malloc ...)
+ {DLA-2695-1}
+ - klibc 2.0.8-6 (bug #989505)
+ [buster] - klibc 2.0.6-1+deb10u1
+ NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
+CVE-2021-31872 (An issue was discovered in klibc before 2.0.9. Multiple possible integ ...)
+ {DLA-2695-1}
+ - klibc 2.0.8-6 (bug #989505)
+ [buster] - klibc 2.0.6-1+deb10u1
+ NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
+CVE-2021-31871 (An issue was discovered in klibc before 2.0.9. An integer overflow in ...)
+ {DLA-2695-1}
+ - klibc 2.0.8-6 (bug #989505)
+ [buster] - klibc 2.0.6-1+deb10u1
+ NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
+CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in the c ...)
+ {DLA-2695-1}
+ - klibc 2.0.8-6 (bug #989505)
+ [buster] - klibc 2.0.6-1+deb10u1
+ NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1
+CVE-2021-3521
+ RESERVED
+ - rpm <unfixed>
+ [bullseye] - rpm <no-dsa> (Minor issue)
+ [buster] - rpm <no-dsa> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://github.com/rpm-software-management/rpm/pull/1788
+CVE-2021-3520 (There's a flaw in lz4. An attacker who submits a crafted file to an ap ...)
+ {DSA-4919-1 DLA-2657-1}
+ - lz4 1.9.3-2 (bug #987856)
+ NOTE: https://github.com/lz4/lz4/pull/972
+ NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
+CVE-2021-31869 (Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injec ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-31868 (Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users o ...)
+ NOT-FOR-US: Rapid7 Nexpose
+CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier suffers from ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-3519 (A vulnerability was reported in some Lenovo Desktop models that could ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...)
+ {DLA-2658-1}
+ - redmine <unfixed> (bug #990792)
+ NOTE: https://www.redmine.org/news/131
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20854
+CVE-2021-31865 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...)
+ {DLA-2658-1}
+ - redmine <unfixed> (bug #990792)
+ NOTE: https://www.redmine.org/news/131
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20946
+CVE-2021-31864 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...)
+ {DLA-2658-1}
+ - redmine <unfixed> (bug #990792)
+ NOTE: https://www.redmine.org/news/131
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20970
+CVE-2021-31863 (Insufficient input validation in the Git repository integration of Red ...)
+ {DLA-2658-1}
+ - redmine <unfixed> (bug #990792)
+ NOTE: https://www.redmine.org/news/131
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20962
+CVE-2021-31862 (SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter withou ...)
+ NOT-FOR-US: SysAid
+CVE-2021-31861
+ RESERVED
+CVE-2021-31860
+ RESERVED
+CVE-2021-31859 (Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 ...)
+ NOT-FOR-US: Ysoft SafeQ
+CVE-2021-31858
+ RESERVED
+CVE-2021-31857 (In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, att ...)
+ NOT-FOR-US: Zoho ManageEngine Password Manager Pro
+CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 ...)
+ NOT-FOR-US: Layer Meshery
+CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages ...)
+ - kf5-messagelib 4:20.08.3-5 (bug #989438)
+ [buster] - kf5-messagelib <no-dsa> (Minor issue)
+ [stretch] - kf5-messagelib <no-dsa> (Minor issue)
+ - kdepim4 <removed>
+ [stretch] - kdepim4 <no-dsa> (Minor issue)
+ NOTE: https://kde.org/info/security/advisory-20210429-1.txt
+ NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799
+CVE-2021-31854 (A command Injection Vulnerability in McAfee Agent (MA) for Windows pri ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31851 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31850 (A denial-of-service vulnerability in Database Security (DBS) prior to ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31849 (SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO e ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31848 (Cross site scripting (XSS) vulnerability in McAfee Data Loss Preventio ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31847 (Improper access control vulnerability in the repair process for McAfee ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31846
+ RESERVED
+CVE-2021-31845 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) D ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31844 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) E ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31843 (Improper privileges management vulnerability in McAfee Endpoint Securi ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31842 (XML Entity Expansion injection vulnerability in McAfee Endpoint Securi ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31841 (A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5 ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent for Window ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31838 (A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4. ...)
+ NOT-FOR-US: MVISION EDR (MVEDR)
+CVE-2021-31837 (Memory corruption vulnerability in the driver file component in McAfee ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31836 (Improper privilege management vulnerability in maconfig for McAfee Age ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrat ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31833 (Potential product security bypass vulnerability in McAfee Application ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...)
+ NOT-FOR-US: McAfee
+CVE-2021-31830 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ NOT-FOR-US: McAfee
+CVE-2021-3518 (There's a flaw in libxml2 in versions before 2.9.11. An attacker who i ...)
+ {DLA-2653-1}
+ - libxml2 2.9.10+dfsg-6.6 (bug #987737)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u2
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7
+CVE-2021-3517 (There is a flaw in the xml entity encoding functionality of libxml2 in ...)
+ {DLA-2653-1}
+ - libxml2 2.9.10+dfsg-6.6 (bug #987738)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u2
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2
+CVE-2021-3516 (There's a flaw in libxml2's xmllint in versions before 2.9.11. An atta ...)
+ {DLA-2653-1}
+ - libxml2 2.9.10+dfsg-6.6 (bug #987739)
+ [buster] - libxml2 2.9.4+dfsg1-7+deb10u2
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539
+CVE-2021-3515 (A shell injection flaw was found in pglogical in versions before 2.3.4 ...)
+ - pglogical 2.3.3-3 (bug #988735)
+ [buster] - pglogical <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1954112
+ NOTE: https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5
+CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated attacke ...)
+ - 389-ds-base 1.4.4.11-2 (bug #988727)
+ [stretch] - 389-ds-base <no-dsa> (Minor issue)
+ NOTE: https://github.com/389ds/389-ds-base/issues/4711
+CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...)
+ {DLA-2690-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4
+CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...)
+ NOT-FOR-US: OpenDistro for Elasticsearch
+CVE-2021-31827 (In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vuln ...)
+ NOT-FOR-US: Progress MOVEit Transfer
+CVE-2021-31825
+ RESERVED
+CVE-2021-31824
+ RESERVED
+CVE-2021-31823
+ RESERVED
+CVE-2021-31822 (When Octopus Tentacle is installed on a Linux operating system, the sy ...)
+ NOT-FOR-US: Octopus Tentacle
+CVE-2021-31821 (When the Windows Tentacle docker image starts up it logs all the comma ...)
+ NOT-FOR-US: Octopus Tentacle
+CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...)
+ NOT-FOR-US: Octopus Server
+CVE-2021-31819 (In Halibut versions prior to 4.4.7 there is a deserialisation vulnerab ...)
+ NOT-FOR-US: Octopus
+CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL ...)
+ NOT-FOR-US: Octopus Server
+CVE-2021-31817 (When configuring Octopus Server if it is configured with an external S ...)
+ NOT-FOR-US: Octopus Server
+CVE-2021-31816 (When configuring Octopus Server if it is configured with an external S ...)
+ NOT-FOR-US: Octopus Server
+CVE-2021-3513
+ NOT-FOR-US: Keycloak
+CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on A ...)
+ NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications)
+CVE-2021-31814 (In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a ...)
+ NOT-FOR-US: Stormshield
+CVE-2021-31813 (Zoho ManageEngine Applications Manager before 15130 is vulnerable to S ...)
+ NOT-FOR-US: Zoho
+CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an infinite ...)
+ - libpdfbox2-java 2.0.24-1 (bug #991526)
+ [bullseye] - libpdfbox2-java <no-dsa> (Minor issue)
+ [buster] - libpdfbox2-java <no-dsa> (Minor issue)
+ - libpdfbox-java <unfixed> (bug #991527)
+ [bullseye] - libpdfbox-java <no-dsa> (Minor issue)
+ [buster] - libpdfbox-java <no-dsa> (Minor issue)
+ [stretch] - libpdfbox-java <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/1
+ NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33
+CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMem ...)
+ - libpdfbox2-java 2.0.24-1 (bug #991526)
+ [bullseye] - libpdfbox2-java <no-dsa> (Minor issue)
+ [buster] - libpdfbox2-java <no-dsa> (Minor issue)
+ - libpdfbox-java <unfixed> (bug #991527)
+ [bullseye] - libpdfbox-java <no-dsa> (Minor issue)
+ [buster] - libpdfbox-java <no-dsa> (Minor issue)
+ [stretch] - libpdfbox-java <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2
+ NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33
+CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...)
+ {DSA-5066-1 DLA-2780-1}
+ - ruby2.7 2.7.4-1 (bug #990815)
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ - jruby <unfixed>
+ [buster] - jruby <no-dsa> (Minor issue)
+ [stretch] - jruby <no-dsa> (Minor issue)
+ NOTE: https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
+ NOTE: https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 (2.7)
+CVE-2021-31809
+ RESERVED
+CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
+ {DSA-4924-1 DLA-2685-1}
+ - squid 4.13-10 (bug #989043)
+ - squid3 <removed>
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
+CVE-2021-31807 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An ...)
+ {DSA-4924-1 DLA-2685-1}
+ - squid 4.13-10 (bug #989043)
+ - squid3 <removed>
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
+CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
+ {DSA-4924-1 DLA-2685-1}
+ - squid 4.13-10 (bug #989043)
+ - squid3 <removed>
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
+CVE-2021-31805
+ RESERVED
+CVE-2021-31826 (Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointe ...)
+ {DSA-4905-1}
+ - shibboleth-sp 3.2.2+dfsg1-1 (bug #987608)
+ NOTE: https://shibboleth.net/community/advisories/secadv_20210426.txt
+ NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-927
+ NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=5a47c3b9378f4c49392dd4d15189b70956f9f2ec
+CVE-2021-31804 (LeoCAD before 21.03 sometimes allows a use-after-free during the openi ...)
+ - leocad <unfixed> (unimportant)
+ NOTE: https://github.com/leozide/leocad/issues/645
+ NOTE: https://github.com/leozide/leocad/commit/233affe3fcdc851fa82cb058871bddd0046e1c87
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-31803 (cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SE ...)
+ NOT-FOR-US: cPanel
+CVE-2021-31802 (NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow tha ...)
+ NOT-FOR-US: Netgear
+CVE-2021-31801
+ RESERVED
+CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py in Impac ...)
+ - impacket 0.9.22-2 (bug #988141)
+ [buster] - impacket <no-dsa> (Minor issue)
+ [stretch] - impacket <no-dsa> (Minor issue)
+ NOTE: https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f
+CVE-2021-31799 (In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...)
+ {DSA-5066-1 DLA-2780-1}
+ - ruby2.7 2.7.4-1 (bug #990815)
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ NOTE: Introduced in (rdoc): https://github.com/ruby/rdoc/commit/4a8b7bed7cd5647db92c620bc6f33e4c309d2212 (v3.11)
+ NOTE: Fixed in (rdoc): https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7 (v6.3.1)
+ NOTE: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/
+ NOTE: https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e (master)
+ NOTE: https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522 (2.7)
+CVE-2021-31798 (The effective key space used to encrypt the cache in CyberArk Credenti ...)
+ NOT-FOR-US: CyberArk
+CVE-2021-31797 (The user identification mechanism used by CyberArk Credential Provider ...)
+ NOT-FOR-US: CyberArk
+CVE-2021-31796 (An inadequate encryption vulnerability discovered in CyberArk Credenti ...)
+ NOT-FOR-US: CyberArk
+CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for th ...)
+ NOT-FOR-US: PowerVR GPU kernel driver (OOT)
+CVE-2021-31794 (Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP Use ...)
+ NOT-FOR-US: Directum
+CVE-2021-31793 (An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that ...)
+ NOT-FOR-US: NightOwl WDB-20-V2 WDB-20-V2_20190314 devices
+CVE-2021-31792 (XSS in the client account page in SuiteCRM before 7.11.19 allows an at ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-31791 (In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext passw ...)
+ NOT-FOR-US: Sentry KM
+CVE-2021-31790
+ RESERVED
+CVE-2021-31789
+ RESERVED
+CVE-2021-31788
+ RESERVED
+CVE-2021-31787 (The Bluetooth Classic implementation on Actions ATS2815 chipsets does ...)
+ NOT-FOR-US: Bluetooth Classic implementation on Actions ATS2815 chipsets
+CVE-2021-31786 (The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2 ...)
+ NOT-FOR-US: Actions ATS
+CVE-2021-31785 (The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 ch ...)
+ NOT-FOR-US: Actions ATS
+CVE-2021-31784 (An out-of-bounds write vulnerability exists in the file-reading proced ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-31783 (show_default.php in the LocalFilesEditor extension before 11.4.0.1 for ...)
+ NOT-FOR-US: Piwigo extension
+CVE-2021-31782
+ RESERVED
+CVE-2021-31781
+ RESERVED
+CVE-2021-31780 (In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing grou ...)
+ NOT-FOR-US: MISP
+CVE-2021-31779 (The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows ...)
+ NOT-FOR-US: Typo3 extension
+CVE-2021-31778 (The media2click (aka 2 Clicks for External Media) extension 1.x before ...)
+ NOT-FOR-US: Typo3 extension
+CVE-2021-31777 (The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x be ...)
+ NOT-FOR-US: Typo3 extension
+CVE-2021-31776 (Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search p ...)
+ NOT-FOR-US: Aviatrix VPN Client
+CVE-2021-31775
+ RESERVED
+CVE-2021-31774
+ RESERVED
+CVE-2021-31773
+ RESERVED
+CVE-2021-31772
+ RESERVED
+CVE-2021-31771
+ REJECTED
+CVE-2021-31770
+ RESERVED
+CVE-2021-31769 (MyQ Server in MyQ X Smart before 8.2 allows remote code execution by u ...)
+ NOT-FOR-US: MyQ
+CVE-2021-31768
+ RESERVED
+CVE-2021-31767
+ RESERVED
+CVE-2021-31766
+ RESERVED
+CVE-2021-31765
+ RESERVED
+CVE-2021-31764
+ RESERVED
+CVE-2021-31763
+ RESERVED
+CVE-2021-31762 (Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to creat ...)
+ - webmin <removed>
+CVE-2021-31761 (Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to ac ...)
+ - webmin <removed>
+CVE-2021-31760 (Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achie ...)
+ - webmin <removed>
+CVE-2021-31759
+ RESERVED
+CVE-2021-31758 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...)
+ NOT-FOR-US: Tenda AC11 devices
+CVE-2021-31757 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...)
+ NOT-FOR-US: Tenda AC11 devices
+CVE-2021-31756 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...)
+ NOT-FOR-US: Tenda AC11 devices
+CVE-2021-31755 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...)
+ NOT-FOR-US: Tenda AC11 devices
+CVE-2021-31754
+ RESERVED
+CVE-2021-31753
+ RESERVED
+CVE-2021-31752
+ RESERVED
+CVE-2021-31751
+ RESERVED
+CVE-2021-31750
+ RESERVED
+CVE-2021-31749
+ RESERVED
+CVE-2021-31748
+ RESERVED
+CVE-2021-31747 (Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in upd ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2021-31746 (Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2021-31745 (Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2021-31744
+ RESERVED
+CVE-2021-31743
+ RESERVED
+CVE-2021-31742
+ RESERVED
+CVE-2021-31741
+ RESERVED
+CVE-2021-31740
+ RESERVED
+CVE-2021-31739
+ RESERVED
+CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. ...)
+ NOT-FOR-US: Adiscon LogAnalyzer
+CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerabili ...)
+ NOT-FOR-US: emlog
+CVE-2021-31736
+ RESERVED
+CVE-2021-31735
+ RESERVED
+CVE-2021-31734
+ RESERVED
+CVE-2021-31733
+ RESERVED
+CVE-2021-31732
+ RESERVED
+CVE-2021-31731 (A directory traversal issue in KiteCMS 1.1.1 allows remote administrat ...)
+ NOT-FOR-US: KiteCMS
+CVE-2021-31730
+ RESERVED
+CVE-2021-31729
+ RESERVED
+CVE-2021-31728 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...)
+ NOT-FOR-US: MalwareFox AntiMalware
+CVE-2021-31727 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...)
+ NOT-FOR-US: MalwareFox AntiMalware
+CVE-2021-31726 (Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_ ...)
+ NOT-FOR-US: Akuvox
+CVE-2021-31725
+ RESERVED
+CVE-2021-31724
+ RESERVED
+CVE-2021-31723
+ RESERVED
+CVE-2021-31722
+ RESERVED
+CVE-2021-31721 (Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image ...)
+ NOT-FOR-US: Chevereto
+CVE-2021-31720
+ RESERVED
+CVE-2021-31719
+ RESERVED
+CVE-2021-31718 (The server in npupnp before 4.1.4 is affected by DNS rebinding in the ...)
+ NOT-FOR-US: npupnp
+CVE-2021-31717
+ RESERVED
+CVE-2021-31716
+ RESERVED
+CVE-2021-31715
+ RESERVED
+CVE-2021-31714
+ RESERVED
+CVE-2021-31713
+ RESERVED
+CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a j ...)
+ NOT-FOR-US: react-draft-wysiwyg
+CVE-2021-31711
+ RESERVED
+CVE-2021-31710
+ RESERVED
+CVE-2021-31709
+ RESERVED
+CVE-2021-31708
+ RESERVED
+CVE-2021-31707
+ RESERVED
+CVE-2021-31706
+ RESERVED
+CVE-2021-31705
+ RESERVED
+CVE-2021-31704
+ RESERVED
+CVE-2021-31703 (Frontier ichris through 5.18 allows users to upload malicious executab ...)
+ NOT-FOR-US: Frontier ichris
+CVE-2021-31702 (Frontier ichris through 5.18 mishandles making a DNS request for the h ...)
+ NOT-FOR-US: Frontier ichris
+CVE-2021-31701 (Mintty before 3.4.7 mishandles Bracketed Paste Mode. ...)
+ NOT-FOR-US: Mintty
+CVE-2021-31700
+ RESERVED
+CVE-2021-31699
+ RESERVED
+CVE-2021-31698 (Quectel EG25-G devices through 202006130814 allow executing arbitrary ...)
+ NOT-FOR-US: Quectel EG25-G devices
+CVE-2021-31697
+ RESERVED
+CVE-2021-31696
+ RESERVED
+CVE-2021-31695
+ RESERVED
+CVE-2021-31694
+ RESERVED
+CVE-2021-31693
+ RESERVED
+CVE-2021-31692
+ RESERVED
+CVE-2021-31691
+ RESERVED
+CVE-2021-31690
+ RESERVED
+CVE-2021-31689
+ RESERVED
+CVE-2021-31688
+ RESERVED
+CVE-2021-31687
+ RESERVED
+CVE-2021-31686
+ RESERVED
+CVE-2021-31685
+ RESERVED
+CVE-2021-31684 (A vulnerability was discovered in the indexOf function of JSONParserBy ...)
+ - json-smart <unfixed> (unimportant)
+ NOTE: https://github.com/netplex/json-smart-v2/issues/67
+ NOTE: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5
+ NOTE: Security impact disputed by upstream
+CVE-2021-31683
+ RESERVED
+CVE-2021-31682 (The login portal for the Automated Logic WebCTRL/WebCTRL OEM web appli ...)
+ NOT-FOR-US: Automated Logic WebCTRL/WebCTRL OEM web application
+CVE-2021-31681
+ RESERVED
+CVE-2021-31680
+ RESERVED
+CVE-2021-31679
+ RESERVED
+CVE-2021-31678
+ RESERVED
+CVE-2021-31677
+ RESERVED
+CVE-2021-31676
+ RESERVED
+CVE-2021-31675
+ RESERVED
+CVE-2021-31674
+ RESERVED
+CVE-2021-31673
+ RESERVED
+CVE-2021-31672
+ RESERVED
+CVE-2021-31671 (pgsync before 0.6.7 is affected by Information Disclosure of sensitive ...)
+ NOT-FOR-US: pgsync
+CVE-2021-31670
+ RESERVED
+CVE-2021-31669
+ RESERVED
+CVE-2021-31668
+ RESERVED
+CVE-2021-31667
+ RESERVED
+CVE-2021-31666
+ RESERVED
+CVE-2021-31665
+ RESERVED
+CVE-2021-31664 (RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-31663 (RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-31662 (RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-31661 (RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-31660 (RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-31659 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is v ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-31658 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is a ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-31657
+ RESERVED
+CVE-2021-31656
+ RESERVED
+CVE-2021-31655 (Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2 ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-31654
+ RESERVED
+CVE-2021-31653
+ RESERVED
+CVE-2021-31652
+ RESERVED
+CVE-2021-31651
+ RESERVED
+CVE-2021-31650
+ RESERVED
+CVE-2021-31649 (In applications using jfinal 4.9.08 and below, there is a deserializat ...)
+ NOT-FOR-US: jfinal
+CVE-2021-31648
+ RESERVED
+CVE-2021-31647
+ RESERVED
+CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the password rec ...)
+ NOT-FOR-US: Gestsup
+CVE-2021-31645
+ RESERVED
+CVE-2021-31644
+ RESERVED
+CVE-2021-31643 (An XSS vulnerability exists in several IoT devices from CHIYU Technolo ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31642 (A denial of service condition exists after an integer overflow in seve ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31641 (An unauthenticated XSS vulnerability exists in several IoT devices fro ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31640
+ RESERVED
+CVE-2021-31639
+ RESERVED
+CVE-2021-31638
+ RESERVED
+CVE-2021-31637
+ RESERVED
+CVE-2021-31636
+ RESERVED
+CVE-2021-31635
+ RESERVED
+CVE-2021-31634
+ RESERVED
+CVE-2021-31633
+ RESERVED
+CVE-2021-31632 (b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulne ...)
+ NOT-FOR-US: b2evolution CMS
+CVE-2021-31631 (b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request ...)
+ NOT-FOR-US: b2evolution CMS
+CVE-2021-31630 (Command Injection in Open PLC Webserver v3 allows remote attackers to ...)
+ NOT-FOR-US: Open PLC webserver
+CVE-2021-31629
+ RESERVED
+CVE-2021-31628
+ RESERVED
+CVE-2021-31627 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...)
+ NOT-FOR-US: Tenda
+CVE-2021-31626
+ RESERVED
+CVE-2021-31625
+ RESERVED
+CVE-2021-31624 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...)
+ NOT-FOR-US: Tenda
+CVE-2021-31623
+ RESERVED
+CVE-2021-31622
+ RESERVED
+CVE-2021-31621
+ RESERVED
+CVE-2021-31620
+ RESERVED
+CVE-2021-31619
+ RESERVED
+CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol checks rec ...)
+ {DSA-4937-1 DLA-2706-1}
+ [experimental] - apache2 2.4.48-1
+ - apache2 2.4.46-5 (bug #989562)
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
+ NOTE: https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4
+ NOTE: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759
+CVE-2021-31617 (In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8. ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...)
+ NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware
+CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...)
+ NOTE: Bluetooth protocol issue
+CVE-2021-31614
+ RESERVED
+CVE-2021-31613 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X ...)
+ NOT-FOR-US: Zhuhai Jieli
+CVE-2021-31612 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices do ...)
+ NOT-FOR-US: Zhuhai Jieli
+CVE-2021-31611 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X ...)
+ NOT-FOR-US: Zhuhai Jieli
+CVE-2021-31610 (The Bluetooth Classic implementation on AB32VG1 devices does not prope ...)
+ NOT-FOR-US: Bluetrum
+CVE-2021-31609 (The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and e ...)
+ NOT-FOR-US: Silicon Labs Bluetooth
+CVE-2021-31608
+ RESERVED
+CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...)
+ {DLA-2815-1}
+ - salt 3002.6+dfsg1-2 (bug #987496)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/
+ NOTE: Introduced by: https://gitlab.com/saltstack/open/salt/-/commit/1343078d03613e33eec9e5ec5095d2e0b0aa2e59 (v2016.9)
+ NOTE: Combined fix and regression fix: https://salsa.debian.org/salt-team/salt/-/commit/71f7f30851f9609bfda5a1b0f5b115d2743372cd
+CVE-2021-31606 (furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to ...)
+ NOT-FOR-US: openvpn-monitor
+CVE-2021-31605 (furlongm openvpn-monitor through 1.1.3 allows %0a command injection vi ...)
+ NOT-FOR-US: openvpn-monitor
+CVE-2021-31604 (furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an ar ...)
+ NOT-FOR-US: openvpn-monitor
+CVE-2021-31603
+ RESERVED
+CVE-2021-31602 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-31601 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-31600 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-31599 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+ {DLA-2705-1}
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/28/
+CVE-2021-31597 (The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL c ...)
+ - node-xmlhttprequest-ssl <unfixed>
+ [buster] - node-xmlhttprequest-ssl <ignored> (Minor issue, should possibly be removed from stable as well)
+ [stretch] - node-xmlhttprequest-ssl <no-dsa> (Minor issue)
+ NOTE: https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2
+ NOTE: https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt
+CVE-2021-31596
+ RESERVED
+CVE-2021-31595
+ RESERVED
+CVE-2021-31594
+ RESERVED
+CVE-2021-31593
+ RESERVED
+CVE-2021-31592
+ RESERVED
+CVE-2021-31591
+ RESERVED
+CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtok ...)
+ NOT-FOR-US: PwnDoc
+CVE-2021-31589 (A cross-site scripting (XSS) vulnerability has been reported and confi ...)
+ NOT-FOR-US: BeyondTrust
+CVE-2021-31588
+ RESERVED
+CVE-2021-31587
+ RESERVED
+CVE-2021-31586 (Accellion Kiteworks before 7.4.0 allows an authenticated user to perfo ...)
+ NOT-FOR-US: Accellion Kiteworks
+CVE-2021-31585 (Accellion Kiteworks before 7.3.1 allows a user with Admin privileges t ...)
+ NOT-FOR-US: Accellion Kiteworks
+CVE-2021-31584 (Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGC ...)
+ NOT-FOR-US: Sipwise
+CVE-2021-31583 (Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform v ...)
+ NOT-FOR-US: Sipwise
+CVE-2021-31582
+ RESERVED
+CVE-2021-31581 (The restricted shell provided by Akkadian Provisioning Manager Engine ...)
+ NOT-FOR-US: Akkadian Provisioning Manager Engine (PME)
+CVE-2021-31580 (The restricted shell provided by Akkadian Provisioning Manager Engine ...)
+ NOT-FOR-US: Akkadian Provisioning Manager Engine (PME)
+CVE-2021-31579 (Akkadian Provisioning Manager Engine (PME) ships with a hard-coded cre ...)
+ NOT-FOR-US: Akkadian Provisioning Manager Engine (PME)
+CVE-2021-31578
+ RESERVED
+CVE-2021-31577
+ RESERVED
+CVE-2021-31576
+ RESERVED
+CVE-2021-31575
+ RESERVED
+CVE-2021-31574
+ RESERVED
+CVE-2021-31573
+ RESERVED
+CVE-2021-3512 (Improper access control vulnerability in Buffalo broadband routers (BH ...)
+ NOT-FOR-US: Buffalo
+CVE-2021-3511 (Disclosure of sensitive information to an unauthorized user vulnerabil ...)
+ NOT-FOR-US: Buffalo
+CVE-2021-31572 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...)
+ NOT-FOR-US: Amazon Web Services FreeRTOS kernel
+CVE-2021-31571 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...)
+ NOT-FOR-US: Amazon Web Services FreeRTOS kernel
+CVE-2021-31570
+ RESERVED
+CVE-2021-31569
+ RESERVED
+CVE-2021-31568
+ RESERVED
+CVE-2021-31557
+ RESERVED
+CVE-2021-31556 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...)
+ NOT-FOR-US: MediaWiki extension OAuth
+CVE-2021-31555 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...)
+ NOT-FOR-US: MediaWiki extension OAuth
+CVE-2021-31554 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31553 (An issue was discovered in the CheckUser extension for MediaWiki throu ...)
+ NOT-FOR-US: MediaWiki extension CheckUser
+CVE-2021-31552 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31551 (An issue was discovered in the PageForms extension for MediaWiki throu ...)
+ NOT-FOR-US: MediaWiki extension PageForms
+CVE-2021-31550 (An issue was discovered in the CommentBox extension for MediaWiki thro ...)
+ NOT-FOR-US: MediaWiki extension CommentBox
+CVE-2021-31549 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31548 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31547 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31546 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31545 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...)
+ NOT-FOR-US: MediaWiki extension AbuseFilter
+CVE-2021-31544
+ RESERVED
+CVE-2021-31543
+ RESERVED
+CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...)
+ {DLA-2651-1}
+ - python-django 2:2.2.21-1 (bug #988053)
+ [buster] - python-django <no-dsa> (Minor issue)
+ NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/
+ NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main)
+ NOTE: https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d (2.2.21)
+CVE-2021-31541
+ RESERVED
+CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default installation) has i ...)
+ NOT-FOR-US: Wowza Streaming Engine
+CVE-2021-31539 (Wowza Streaming Engine before 4.8.8.01 (in a default installation) has ...)
+ NOT-FOR-US: Wowza Streaming Engine
+CVE-2021-31538 (LANCOM R&amp;S Unified Firewall (UF) devices running LCOS FX 10.5 allo ...)
+ NOT-FOR-US: LANCOM
+CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (a ...)
+ NOT-FOR-US: SIS-REWE Go
+CVE-2021-31536
+ RESERVED
+CVE-2021-31535 (LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a ...)
+ {DSA-4920-1 DLA-2666-1}
+ - libx11 2:1.7.1-1 (bug #988737)
+ NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/2
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/3
+ NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt
+ NOTE: https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/
+CVE-2021-31534
+ RESERVED
+CVE-2021-31533
+ RESERVED
+CVE-2021-31532 (NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 ...)
+ NOT-FOR-US: NXP
+CVE-2021-31531 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to S ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-31530 (Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to I ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-31529
+ RESERVED
+CVE-2021-31528
+ RESERVED
+CVE-2021-31527
+ RESERVED
+CVE-2021-31526
+ RESERVED
+CVE-2021-31525 (net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote a ...)
+ - golang-1.16 1.16.4-1
+ - golang-1.15 1.15.9-2
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, DoS, requires rebuilding reverse-dependencies)
+ - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-3
+ - golang-golang-x-net-dev <removed>
+ [stretch] - golang-golang-x-net-dev <no-dsa> (Limited support in stretch)
+ NOTE: https://github.com/golang/go/issues/45710
+ NOTE: https://github.com/golang/go/issues/45711 (1.15 backport)
+ NOTE: https://github.com/golang/go/issues/45712 (1.16 backport)
+ NOTE: https://go-review.googlesource.com/c/net/+/313069
+ NOTE: golang: introduced by https://github.com/golang/go/commit/ae080c1aecb129a3230e7afecdb4a16ad3da9b3c (go1.5beta1)
+ NOTE: golang-golang-x-net: introduced by https://github.com/golang/net/commit/5916dcb167ed985a5b9e6871fbfd74848a4c170b
+CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found in Ope ...)
+ - openexr <unfixed> (unimportant)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947591
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31221
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31228
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/930
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2f01a253db2bc82724405a16c76783c38c67ba05
+ NOTE: Only affects exrcheck, which isn't built into the binary packages
+CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...)
+ {DLA-2701-1}
+ - openexr 2.5.7-1 (bug #992703)
+ [bullseye] - openexr <no-dsa> (Minor issue)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/894
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5)
+CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...)
+ {DLA-2701-1}
+ - openexr 2.5.7-1
+ [bullseye] - openexr <ignored> (Minor issue, might change ABI)
+ [buster] - openexr <ignored> (Minor issue, might change ABI)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/901
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0e08c959c5459e2ffd3b81b654c3ce8b71a4b42c (v3.0.0-beta)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (v2.5.5)
+ NOTE: Depends on https://github.com/AcademySoftwareFoundation/openexr/commit/de27156b77896aeef5b1c99edbca2bc4fa784b51 (v2.3.0)
+CVE-2021-23169 (A heap-buffer overflow was found in the copyIntoFrameBuffer function o ...)
+ - openexr 2.5.4-2 (bug #988240)
+ [buster] - openexr <not-affected> (Vulnerable code not present)
+ [stretch] - openexr <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28051
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e
+CVE-2021-31524
+ RESERVED
+CVE-2021-31522 (Kylin can receive user input and load any class through Class.forName( ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...)
+ - ceph 14.2.21-1 (bug #988888)
+ [buster] - ceph <not-affected> (Vulnerable code introduced later)
+ [stretch] - ceph <not-affected> (Vulnerable code introduced later)
+ NOTE: Nautilus: https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca
+ NOTE: Octopus: https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b
+ NOTE: Pacific: https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/4
+ NOTE: In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly
+ NOTE: cookie, introducing the specific CVE-2021-3509 issue.
+CVE-2021-31521 (Trend Micro InterScan Web Security Virtual Appliance version 6.5 was f ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-31520 (A weak session token authentication bypass vulnerability in Trend Micr ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-31519 (An incorrect permission vulnerability in the product installer folders ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-31518 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-31517 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3508 (A flaw was found in PDFResurrect in version 0.22b. There is an infinit ...)
+ - pdfresurrect <unfixed> (unimportant)
+ NOTE: https://github.com/enferex/pdfresurrect/issues/17
+ NOTE: https://github.com/enferex/pdfresurrect/commit/7e35d1806e111fd28610ccc86bb33f54792ac370
+ NOTE: Hang in CLI tool, no security impact
+CVE-2021-3507 (A heap buffer overflow was found in the floppy disk emulator of QEMU u ...)
+ - qemu <unfixed> (bug #987410)
+ [bullseye] - qemu <no-dsa> (Minor issue)
+ [buster] - qemu <no-dsa> (Minor issue)
+ [stretch] - qemu <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c ...)
+ {DLA-2690-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux <ignored> (f2fs is not supportable)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2
+ NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuchao0@huawei.com/
+CVE-2021-34557 (XScreenSaver 5.45 can be bypassed if the machine has more than ten dis ...)
+ - xscreensaver 5.45+dfsg1-2 (bug #989508)
+ [buster] - xscreensaver <no-dsa> (Minor issue)
+ [stretch] - xscreensaver <postponed> (Minor issue, fix along with next dla)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/2
+ NOTE: https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
+CVE-2021-31523 (The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_ ...)
+ - xscreensaver 5.45+dfsg1-2 (bug #987149)
+ [buster] - xscreensaver <not-affected> (Vulnerability introduced later)
+ [stretch] - xscreensaver <not-affected> (Vulnerability introduced later)
+ NOTE: Fixed upstream in 6.00 (no public version control): https://twitter.com/jwz/status/1383503845217554444
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/17/1
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2174
+ NOTE: Only in 5.44+dfsg1-1 net_raw capability was added to sonar executable via postinst
+ NOTE: and so exposing the vulnerability.
+CVE-2021-3505 (A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implem ...)
+ - libtpms 0.8.0~dev1-1
+ NOTE: https://github.com/stefanberger/libtpms/issues/183
+ NOTE: https://github.com/stefanberger/libtpms/commit/625171be0c8225824740b5d0fb7e8562f6a1c6a8 (v0.8.0)
+ NOTE: https://github.com/stefanberger/libtpms/commit/c1f7bf55099fcd427715aa65e130475c6e836a6b (v0.8.0)
+CVE-2021-3504 (A flaw was found in the hivex library in versions before 1.3.20. It is ...)
+ {DSA-4913-1 DLA-2656-1}
+ - hivex 1.3.20-1 (bug #988024)
+ NOTE: https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html
+ NOTE: https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381
+CVE-2021-3503
+ RESERVED
+ - wildfly <itp> (bug #752018)
+CVE-2021-31516 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Vector 35 Binary Ninja
+CVE-2021-31515 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Vector 35 Binary Ninja
+CVE-2021-31514 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31513 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31512 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31511 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31510 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31509 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31508 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31507 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31506 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31505 (This vulnerability allows attackers with physical access to escalate p ...)
+ NOT-FOR-US: Arlo Q Plus
+CVE-2021-31504 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31503 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31502 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31501 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31500 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31499 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31498 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31497 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31496 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31495 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31494 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31493 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31492 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31491 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31490 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31489 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31488 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31487 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31486 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31485 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31484 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31483 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31482 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31481 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31480 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31479 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31478 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: OpenText Brava! Desktop
+CVE-2021-31477 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: GE Reason RPV311 14A03
+CVE-2021-31476 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31475 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-31474 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-31473 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31472 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31471 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31470 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31469 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31468 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31467 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31466 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31465 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31464 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31463 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31462 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31461 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31460 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31459 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31458 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31457 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31456 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31455 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31454 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31453 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31452 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31451 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31450 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31449 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31448 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31447 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31446 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31445 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31444 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31443 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31442 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31441 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges on af ...)
+ - linux 5.10.38-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/10bf4e83167cc68595b85fd73bb91e8f2c086e36
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-503/
+CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Synology
+CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31436 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31435 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31434 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31433 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2021-31432 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31431 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31430 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31429 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31428 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31427 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31426 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31425 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31424 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31423 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31422 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31421 (This vulnerability allows local attackers to delete arbitrary files on ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31420 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31419 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31418 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-31417 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-3501 (A flaw was found in the Linux kernel in versions before 5.12. The valu ...)
+ - linux 5.10.38-1
+ [buster] - linux <not-affected> (Vulnerability introduced later)
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://git.kernel.org/linus/04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a
+CVE-2021-31416
+ RESERVED
+CVE-2021-31415
+ RESERVED
+CVE-2021-31414 (The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studi ...)
+ NOT-FOR-US: vscode-rpm-spec extension for Visual Studio Code
+CVE-2021-31413
+ RESERVED
+CVE-2021-31412 (Improper sanitization of path in default RouteNotFoundError view in co ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31411 (Insecure temporary directory usage in frontend build functionality of ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31410 (Overly relaxed configuration of frontend resources server in Vaadin De ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31409 (Unsafe validation RegEx in EmailValidator component in com.vaadin:vaad ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31408 (Authentication.logout() helper in com.vaadin:flow-client versions 5.0. ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31407 (Vulnerability in OSGi integration in com.vaadin:flow-server versions 1 ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31406 (Non-constant-time comparison of CSRF tokens in endpoint request handle ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31405 (Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-t ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31404 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-31403 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...)
+ NOT-FOR-US: Vaadin
+CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present in a ...)
+ - avahi <unfixed> (bug #986018)
+ [bullseye] - avahi <no-dsa> (Minor issue)
+ [buster] - avahi <not-affected> (Vulnerable code introduced later)
+ [stretch] - avahi <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/lathiat/avahi/issues/338
+ NOTE: Fixed by: https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c
+ NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8)
+CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in ...)
+ {DSA-5032-1 DLA-2667-1}
+ - djvulibre 3.5.28-2 (bug #988215)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685
+ NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch
+ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #2 / Patch11) (fixed differently)
+CVE-2021-31402 (The dio package 4.0.0 for Dart allows CRLF injection if the attacker c ...)
+ NOT-FOR-US: dio package for Dart
+CVE-2021-31401 (An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterN ...)
+ NOT-FOR-US: HCC embedded InterNiche
+CVE-2021-31400 (An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embe ...)
+ NOT-FOR-US: HCC embedded InterNiche
+CVE-2021-31399 (On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the ...)
+ NOT-FOR-US: On 2N Access Unit devices
+CVE-2021-31398
+ RESERVED
+CVE-2021-31397
+ RESERVED
+CVE-2021-31396
+ RESERVED
+CVE-2021-31395
+ RESERVED
+CVE-2021-31394
+ RESERVED
+CVE-2021-31393
+ RESERVED
+CVE-2021-31392
+ RESERVED
+CVE-2021-31391
+ RESERVED
+CVE-2021-31390
+ RESERVED
+CVE-2021-31389
+ RESERVED
+CVE-2021-31388
+ RESERVED
+CVE-2021-31387
+ RESERVED
+CVE-2021-31386 (A Protection Mechanism Failure vulnerability in the J-Web HTTP service ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31385 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31384 (Due to a Missing Authorization weakness and Insufficient Granularity o ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31383 (In Point to MultiPoint (P2MP) scenarios within established sessions be ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31382 (On PTX1000 System, PTX10002-60C System, after upgrading to an affected ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31381 (A configuration weakness in the JBoss Application Server (AppSvr) comp ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31380 (A configuration weakness in the JBoss Application Server (AppSvr) comp ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31379 (An Incorrect Behavior Order vulnerability in the MAP-E automatic tunne ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31378 (In broadband environments, including but not limited to Enhanced Subsc ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31377 (An Incorrect Permission Assignment for Critical Resource vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31376 (An Improper Input Validation vulnerability in Packet Forwarding Engine ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31375 (An Improper Input Validation vulnerability in routing process daemon ( ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31374 (On Juniper Networks Junos OS and Junos OS Evolved devices processing a ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31373 (A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Netwo ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31372 (An Improper Input Validation vulnerability in J-Web of Juniper Network ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31371 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal com ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31370 (An Incomplete List of Disallowed Inputs vulnerability in Packet Forwar ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31369 (On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31368 (An Uncontrolled Resource Consumption vulnerability in the kernel of Ju ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31367 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31366 (An Unchecked Return Value vulnerability in the authd (authentication d ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31365 (An Uncontrolled Resource Consumption vulnerability in Juniper Networks ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31364 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31363 (In an MPLS P2MP environment a Loop with Unreachable Exit Condition vul ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31362 (A Protection Mechanism Failure vulnerability in RPD (routing protocol ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31361 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31360 (An improper privilege management vulnerability in the Juniper Networks ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31359 (A local privilege escalation vulnerability in Juniper Networks Junos O ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31358 (A command injection vulnerability in sftp command processing on Junipe ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31357 (A command injection vulnerability in tcpdump command processing on Jun ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31356 (A command injection vulnerability in command processing on Juniper Net ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31355 (A persistent cross-site scripting (XSS) vulnerability in the captive p ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31354 (An Out Of Bounds (OOB) access vulnerability in the handling of respons ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31353 (An Improper Handling of Exceptional Conditions vulnerability in Junipe ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31352 (An Information Exposure vulnerability in Juniper Networks SRC Series d ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31351 (An Improper Check for Unusual or Exceptional Conditions in packet proc ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31350 (An Improper Privilege Management vulnerability in the gRPC framework, ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31349 (The usage of an internal HTTP header created an authentication bypass ...)
+ NOT-FOR-US: Juniper
+CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+ {DLA-2705-1}
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/27/
+CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+ {DLA-2705-1}
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/27/
+CVE-2021-31346 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31345 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31344 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020 before 2020 ...)
+ NOT-FOR-US: Solid Edge
+CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020 before 20 ...)
+ NOT-FOR-US: Solid Edge
+CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results in an e ...)
+ NOT-FOR-US: Mendix Database Replication
+CVE-2021-31340 (A vulnerability has been identified in SIMATIC RF166C (All versions &g ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer Module (A ...)
+ NOT-FOR-US: Mendix Excel Importer Module
+CVE-2021-31338 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...)
+ NOT-FOR-US: SINEMA Remote Connect Client
+CVE-2021-31337 (The Telnet service of the SIMATIC HMI Comfort Panels system component ...)
+ NOT-FOR-US: Siemens
+CVE-2021-31336
+ RESERVED
+CVE-2021-31335
+ RESERVED
+CVE-2021-31334
+ RESERVED
+CVE-2021-31333
+ RESERVED
+CVE-2021-31332
+ RESERVED
+CVE-2021-31331
+ RESERVED
+CVE-2021-31330
+ RESERVED
+CVE-2021-31329 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "P ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-31328
+ RESERVED
+CVE-2021-31327 (Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Fi ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-31326
+ RESERVED
+CVE-2021-31325
+ RESERVED
+CVE-2021-31324 (The unprivileged user portal part of CentOS Web Panel is affected by a ...)
+ NOT-FOR-US: CentOS Web Panel
+CVE-2021-31323 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow/
+CVE-2021-31322 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-heap-buffer-overflow/
+CVE-2021-31321 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie 0.1+dfsg-2 (bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow/
+CVE-2021-31320 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradientcolortable-heap-buffer-overflow/
+CVE-2021-31319 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-integer-overflow/
+CVE-2021-31318 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion/
+CVE-2021-31317 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie 0.1+dfsg-2 (bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion/
+CVE-2021-31316 (The unprivileged user portal part of CentOS Web Panel is affected by a ...)
+ NOT-FOR-US: CentOS Web Panel
+CVE-2021-31315 (Telegram Android &lt;7.1.0 (2090), Telegram iOS &lt;7.1, and Telegram ...)
+ - rlottie <not-affected> (Doesn't affect rlottie as packaged in Debian, bug #988885)
+ NOTE: https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/
+CVE-2021-31314
+ RESERVED
+CVE-2021-31313
+ RESERVED
+CVE-2021-31312
+ RESERVED
+CVE-2021-31311
+ RESERVED
+CVE-2021-31310
+ RESERVED
+CVE-2021-31309
+ RESERVED
+CVE-2021-31308
+ RESERVED
+CVE-2021-31307
+ RESERVED
+CVE-2021-31306
+ RESERVED
+CVE-2021-31305
+ RESERVED
+CVE-2021-31304
+ RESERVED
+CVE-2021-31303
+ RESERVED
+CVE-2021-31302
+ RESERVED
+CVE-2021-31301
+ RESERVED
+CVE-2021-31300
+ RESERVED
+CVE-2021-31299
+ RESERVED
+CVE-2021-31298
+ RESERVED
+CVE-2021-31297
+ RESERVED
+CVE-2021-31296
+ RESERVED
+CVE-2021-31295
+ RESERVED
+CVE-2021-31294
+ RESERVED
+CVE-2021-31293
+ RESERVED
+CVE-2021-31292 (An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows att ...)
+ {DSA-4958-1 DLA-2750-1}
+ - exiv2 0.27.3-3.1 (bug #991706)
+ [bullseye] - exiv2 0.27.3-3+deb11u1
+ NOTE: https://github.com/Exiv2/exiv2/issues/1530
+ NOTE: https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0
+ NOTE: In older releases affected code is in src/crwimage.cpp
+CVE-2021-31291
+ REJECTED
+CVE-2021-31290
+ RESERVED
+CVE-2021-31289
+ RESERVED
+CVE-2021-31288
+ RESERVED
+CVE-2021-31287
+ RESERVED
+CVE-2021-31286
+ RESERVED
+CVE-2021-31285
+ RESERVED
+CVE-2021-31284
+ RESERVED
+CVE-2021-31283
+ RESERVED
+CVE-2021-31282
+ RESERVED
+CVE-2021-31281
+ RESERVED
+CVE-2021-31280
+ RESERVED
+CVE-2021-31279
+ RESERVED
+CVE-2021-31278
+ RESERVED
+CVE-2021-31277
+ RESERVED
+CVE-2021-31276
+ RESERVED
+CVE-2021-31275
+ RESERVED
+CVE-2021-31274 (In LibreNMS &lt; 21.3.0, a stored XSS vulnerability was identified in ...)
+ NOT-FOR-US: LibreNMS
+CVE-2021-31273
+ RESERVED
+CVE-2021-31272 (SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c cont ...)
+ NOT-FOR-US: SerenityOS
+CVE-2021-31271
+ RESERVED
+CVE-2021-31270
+ RESERVED
+CVE-2021-31269
+ RESERVED
+CVE-2021-31268
+ RESERVED
+CVE-2021-31267
+ RESERVED
+CVE-2021-31266
+ RESERVED
+CVE-2021-31265
+ RESERVED
+CVE-2021-31264
+ RESERVED
+CVE-2021-31263
+ RESERVED
+CVE-2021-31262 (The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cau ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987280)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50
+ NOTE: https://github.com/gpac/gpac/issues/1738
+CVE-2021-31261 (The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to rea ...)
+ - gpac 1.0.1+dfsg1-4 (unimportant; bug #987280)
+ NOTE: https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65
+ NOTE: https://github.com/gpac/gpac/issues/1737
+ NOTE: Negligible security impact
+CVE-2021-31260 (The MergeTrack function in GPAC 1.0.1 allows attackers to cause a deni ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987280)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9
+ NOTE: https://github.com/gpac/gpac/issues/1736
+CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allo ...)
+ - gpac <not-affected> (Vulnerable code was introduced later)
+ NOTE: https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8
+ NOTE: https://github.com/gpac/gpac/issues/1735
+ NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1)
+CVE-2021-31258 (The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987280)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e
+ NOTE: https://github.com/gpac/gpac/issues/1706
+CVE-2021-31257 (The HintFile function in GPAC 1.0.1 allows attackers to cause a denial ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987280)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0
+ NOTE: https://github.com/gpac/gpac/issues/1734
+CVE-2021-31256 (Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0. ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987280; unimportant)
+ NOTE: https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e
+ NOTE: https://github.com/gpac/gpac/issues/1705
+ NOTE: Negligible security impact
+CVE-2021-31255 (Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987280)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5
+ NOTE: https://github.com/gpac/gpac/issues/1733
+CVE-2021-31254 (Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 ...)
+ - gpac <not-affected> (Vulnerable code was introduced later)
+ NOTE: https://github.com/gpac/gpac/commit/8986422c21fbd9a7bf6561cae65aae42077447e8
+ NOTE: https://github.com/gpac/gpac/issues/1703
+ NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1)
+CVE-2021-31253
+ RESERVED
+CVE-2021-31252 (An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-4 ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31251 (An authentication bypass in telnet server in BF-430 and BF431 232/422 ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31250 (Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31249 (A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450 ...)
+ NOT-FOR-US: CHIYU Technology
+CVE-2021-31248
+ RESERVED
+CVE-2021-31247
+ RESERVED
+CVE-2021-31246
+ RESERVED
+CVE-2021-31245 (omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares ...)
+ NOT-FOR-US: openmptcprouter-vps-admin
+CVE-2021-31244
+ RESERVED
+CVE-2021-31243
+ RESERVED
+CVE-2021-31242
+ RESERVED
+CVE-2021-31241
+ RESERVED
+CVE-2021-31240
+ RESERVED
+CVE-2021-31239
+ RESERVED
+CVE-2021-31238
+ RESERVED
+CVE-2021-31237
+ RESERVED
+CVE-2021-31236
+ RESERVED
+CVE-2021-31235
+ RESERVED
+CVE-2021-31234
+ RESERVED
+CVE-2021-31233
+ RESERVED
+CVE-2021-31232 (The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosu ...)
+ NOT-FOR-US: CNCF Cortex
+CVE-2021-31231 (The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metric ...)
+ NOT-FOR-US: Grafana Enterprise Metrics and Metrics Enterprise
+CVE-2021-31230
+ RESERVED
+CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+ {DLA-2705-1}
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/26/
+CVE-2021-31228 (An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnera ...)
+ NOT-FOR-US: HCC embedded InterNiche
+CVE-2021-31227 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...)
+ NOT-FOR-US: HCC embedded InterNiche
+CVE-2021-31226 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...)
+ NOT-FOR-US: HCC embedded InterNiche
+CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not currentl ...)
+ NOT-FOR-US: SES Evolution
+CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing security pol ...)
+ NOT-FOR-US: SES Evolution
+CVE-2021-31223 (SES Evolution before 2.1.0 allows reading some parts of a security pol ...)
+ NOT-FOR-US: SES Evolution
+CVE-2021-31222 (SES Evolution before 2.1.0 allows updating some parts of a security po ...)
+ NOT-FOR-US: SES Evolution
+CVE-2021-31221 (SES Evolution before 2.1.0 allows deleting some parts of a security po ...)
+ NOT-FOR-US: SES Evolution
+CVE-2021-31220 (SES Evolution before 2.1.0 allows modifying security policies by lever ...)
+ NOT-FOR-US: SES Evolution
+CVE-2021-31219
+ RESERVED
+CVE-2021-31218
+ RESERVED
+CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-31216 (Siren Investigate before 11.1.1 contains a server side request forgery ...)
+ NOT-FOR-US: Siren Investigate
+CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...)
+ {DLA-2886-1}
+ - slurm-wlm 20.11.7+really20.11.4-2 (bug #988439)
+ - slurm-llnl <removed>
+ [buster] - slurm-llnl <no-dsa> (Minor issue)
+ NOTE: https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7)
+ NOTE: Initially already fixed in 20.11.7-1 (the tracker would do the right thing)
+ NOTE: but the unstable upload invalidated the changelog 20.11.7-1 so use 20.11.7+really20.11.4-2
+ NOTE: for consistency with BTS.
+CVE-2021-3499 (A vulnerability was found in OVN Kubernetes in versions up to and incl ...)
+ NOT-FOR-US: Openshift/ovn-kubernetes
+CVE-2021-31214 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31213 (Visual Studio Code Remote Containers Extension Remote Code Execution V ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31212
+ RESERVED
+CVE-2021-31211 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31210
+ RESERVED
+CVE-2021-31209 (Microsoft Exchange Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31208 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31207 (Microsoft Exchange Server Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31206 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31205 (Windows SMB Client Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31204 (.NET and Visual Studio Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31203
+ RESERVED
+CVE-2021-31202
+ RESERVED
+CVE-2021-31201 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31200 (Common Utilities Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31199 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31198 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31197
+ RESERVED
+CVE-2021-31196 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31195 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31194 (OLE Automation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31193 (Windows SSDP Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31192 (Windows Media Foundation Core Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31191 (Windows Projected File System FS Filter Driver Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31190 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31189
+ RESERVED
+CVE-2021-31188 (Windows Graphics Component Elevation of Privilege Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31187 (Windows WalletService Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31186 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31185 (Windows Desktop Bridge Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31184 (Microsoft Windows Infrared Data Association (IrDA) Information Disclos ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31183 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31182 (Microsoft Bluetooth Driver Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31181 (Microsoft SharePoint Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31180 (Microsoft Office Graphics Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31179 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31178 (Microsoft Office Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31177 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31176 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31175 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31174 (Microsoft Excel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31173 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31172 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31171 (Microsoft SharePoint Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31170 (Windows Graphics Component Elevation of Privilege Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31169 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31168 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31167 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31166 (HTTP Protocol Stack Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31165 (Windows Container Manager Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-31164 (Apache Unomi prior to version 1.5.5 allows CRLF log injection because ...)
+ NOT-FOR-US: Apache Unomi
+CVE-2021-31163
+ RESERVED
+CVE-2021-31162 (In the standard library in Rust before 1.52.0, a double free can occur ...)
+ - rustc 1.53.0+dfsg1-1
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/83618
+ NOTE: https://github.com/rust-lang/rust/pull/83629
+ NOTE: https://github.com/rust-lang/rust/commit/542f441d445026d0996eebee9ddddee98f5dc3e5
+CVE-2021-31161
+ RESERVED
+CVE-2021-31160 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-31159 (Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-31157
+ RESERVED
+CVE-2021-31156
+ RESERVED
+CVE-2021-31155 (Failure to normalize the umask in please before 0.4 allows a local att ...)
+ - rust-pleaser 0.4.1-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
+CVE-2021-31154 (pleaseedit in please before 0.4 uses predictable temporary filenames i ...)
+ - rust-pleaser 0.4.1-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
+CVE-2021-31153 (please before 0.4 allows a local unprivileged attacker to gain knowled ...)
+ - rust-pleaser 0.4.1-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1
+CVE-2021-31152 (Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request ...)
+ NOT-FOR-US: Multilaser Router AC1200
+CVE-2021-31151
+ REJECTED
+CVE-2021-31150
+ REJECTED
+CVE-2021-31149
+ REJECTED
+CVE-2021-31148
+ REJECTED
+CVE-2021-31147
+ REJECTED
+CVE-2021-31146
+ REJECTED
+CVE-2021-31145
+ REJECTED
+CVE-2021-31144
+ REJECTED
+CVE-2021-31143
+ REJECTED
+CVE-2021-31142
+ REJECTED
+CVE-2021-31141
+ REJECTED
+CVE-2021-31140
+ REJECTED
+CVE-2021-31139
+ REJECTED
+CVE-2021-31138
+ REJECTED
+CVE-2021-31137
+ REJECTED
+CVE-2021-31136
+ REJECTED
+CVE-2021-31135
+ REJECTED
+CVE-2021-31134
+ REJECTED
+CVE-2021-31133
+ REJECTED
+CVE-2021-31132
+ REJECTED
+CVE-2021-31131
+ REJECTED
+CVE-2021-31130
+ REJECTED
+CVE-2021-31129
+ REJECTED
+CVE-2021-31128
+ REJECTED
+CVE-2021-31127
+ REJECTED
+CVE-2021-31126
+ REJECTED
+CVE-2021-31125
+ REJECTED
+CVE-2021-31124
+ REJECTED
+CVE-2021-31123
+ REJECTED
+CVE-2021-31122
+ REJECTED
+CVE-2021-31121
+ REJECTED
+CVE-2021-31120
+ REJECTED
+CVE-2021-31119
+ REJECTED
+CVE-2021-31118
+ REJECTED
+CVE-2021-31117
+ REJECTED
+CVE-2021-31116
+ REJECTED
+CVE-2021-31115
+ REJECTED
+CVE-2021-31114
+ REJECTED
+CVE-2021-31113
+ REJECTED
+CVE-2021-31112
+ REJECTED
+CVE-2021-31111
+ REJECTED
+CVE-2021-31110
+ REJECTED
+CVE-2021-31109
+ REJECTED
+CVE-2021-31108
+ REJECTED
+CVE-2021-31107
+ REJECTED
+CVE-2021-31106
+ REJECTED
+CVE-2021-31105
+ REJECTED
+CVE-2021-31104
+ REJECTED
+CVE-2021-31103
+ REJECTED
+CVE-2021-31102
+ REJECTED
+CVE-2021-31101
+ REJECTED
+CVE-2021-31100
+ REJECTED
+CVE-2021-31099
+ REJECTED
+CVE-2021-31098
+ REJECTED
+CVE-2021-31097
+ REJECTED
+CVE-2021-31096
+ REJECTED
+CVE-2021-31095
+ REJECTED
+CVE-2021-31094
+ REJECTED
+CVE-2021-31093
+ REJECTED
+CVE-2021-31092
+ REJECTED
+CVE-2021-31091
+ REJECTED
+CVE-2021-31090
+ REJECTED
+CVE-2021-31089
+ REJECTED
+CVE-2021-31088
+ REJECTED
+CVE-2021-31087
+ REJECTED
+CVE-2021-31086
+ REJECTED
+CVE-2021-31085
+ REJECTED
+CVE-2021-31084
+ REJECTED
+CVE-2021-31083
+ REJECTED
+CVE-2021-31082
+ REJECTED
+CVE-2021-31081
+ REJECTED
+CVE-2021-31080
+ REJECTED
+CVE-2021-31079
+ REJECTED
+CVE-2021-31078
+ REJECTED
+CVE-2021-31077
+ REJECTED
+CVE-2021-31076
+ REJECTED
+CVE-2021-31075
+ REJECTED
+CVE-2021-31074
+ REJECTED
+CVE-2021-31073
+ REJECTED
+CVE-2021-31072
+ REJECTED
+CVE-2021-31071
+ REJECTED
+CVE-2021-31070
+ REJECTED
+CVE-2021-31069
+ REJECTED
+CVE-2021-31068
+ REJECTED
+CVE-2021-31067
+ REJECTED
+CVE-2021-31066
+ REJECTED
+CVE-2021-31065
+ REJECTED
+CVE-2021-31064
+ REJECTED
+CVE-2021-31063
+ REJECTED
+CVE-2021-31062
+ REJECTED
+CVE-2021-31061
+ REJECTED
+CVE-2021-31060
+ REJECTED
+CVE-2021-31059
+ REJECTED
+CVE-2021-31058
+ REJECTED
+CVE-2021-31057
+ REJECTED
+CVE-2021-31056
+ REJECTED
+CVE-2021-31055
+ REJECTED
+CVE-2021-31054
+ REJECTED
+CVE-2021-31053
+ REJECTED
+CVE-2021-31052
+ REJECTED
+CVE-2021-31051
+ REJECTED
+CVE-2021-31050
+ REJECTED
+CVE-2021-31049
+ REJECTED
+CVE-2021-31048
+ REJECTED
+CVE-2021-31047
+ REJECTED
+CVE-2021-31046
+ REJECTED
+CVE-2021-31045
+ REJECTED
+CVE-2021-31044
+ REJECTED
+CVE-2021-31043
+ REJECTED
+CVE-2021-31042
+ REJECTED
+CVE-2021-31041
+ REJECTED
+CVE-2021-31040
+ REJECTED
+CVE-2021-31039
+ REJECTED
+CVE-2021-31038
+ REJECTED
+CVE-2021-31037
+ REJECTED
+CVE-2021-31036
+ REJECTED
+CVE-2021-31035
+ REJECTED
+CVE-2021-31034
+ REJECTED
+CVE-2021-31033
+ REJECTED
+CVE-2021-31032
+ REJECTED
+CVE-2021-31031
+ REJECTED
+CVE-2021-31030
+ REJECTED
+CVE-2021-31029
+ REJECTED
+CVE-2021-31028
+ REJECTED
+CVE-2021-31027
+ REJECTED
+CVE-2021-31026
+ REJECTED
+CVE-2021-31025
+ REJECTED
+CVE-2021-31024
+ REJECTED
+CVE-2021-31023
+ REJECTED
+CVE-2021-31022
+ REJECTED
+CVE-2021-31021
+ REJECTED
+CVE-2021-31020
+ REJECTED
+CVE-2021-31019
+ REJECTED
+CVE-2021-31018
+ REJECTED
+CVE-2021-31017
+ REJECTED
+CVE-2021-31016
+ REJECTED
+CVE-2021-31015
+ REJECTED
+CVE-2021-31014
+ REJECTED
+CVE-2021-31013
+ REJECTED
+CVE-2021-31012
+ REJECTED
+CVE-2021-31011
+ REJECTED
+CVE-2021-31010
+ REJECTED
+CVE-2021-31009
+ REJECTED
+CVE-2021-31008
+ REJECTED
+CVE-2021-31007
+ REJECTED
+CVE-2021-31006
+ REJECTED
+CVE-2021-31005
+ REJECTED
+CVE-2021-31004
+ REJECTED
+CVE-2021-31003
+ REJECTED
+CVE-2021-31002
+ REJECTED
+CVE-2021-31001
+ REJECTED
+CVE-2021-31000
+ REJECTED
+CVE-2021-30999
+ REJECTED
+CVE-2021-30998
+ REJECTED
+CVE-2021-30997
+ REJECTED
+CVE-2021-30996 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30995 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30994
+ REJECTED
+CVE-2021-30993 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30992 (This issue was addressed with improved handling of file metadata. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30991 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30990 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30989
+ REJECTED
+CVE-2021-30988 (Description: A permissions issue was addressed with improved validatio ...)
+ NOT-FOR-US: Apple
+CVE-2021-30987 (An access issue was addressed with improved access restrictions. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30986 (A device configuration issue was addressed with an updated configurati ...)
+ NOT-FOR-US: Apple
+CVE-2021-30985 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30984 (A race condition was addressed with improved state handling. This issu ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30983 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30982 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30981 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30980 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30979 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30978
+ REJECTED
+CVE-2021-30977 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30976 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30975 (This issue was addressed by disabling execution of JavaScript when vie ...)
+ NOT-FOR-US: Apple
+CVE-2021-30974
+ REJECTED
+CVE-2021-30973 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30972
+ REJECTED
+CVE-2021-30971 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30970 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30969 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2021-30968 (A validation issue related to hard link behavior was addressed with im ...)
+ NOT-FOR-US: Apple
+CVE-2021-30967 (Description: A permissions issue was addressed with improved validatio ...)
+ NOT-FOR-US: Apple
+CVE-2021-30966 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30965 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30964 (An inherited permissions issue was addressed with additional restricti ...)
+ NOT-FOR-US: Apple
+CVE-2021-30963 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30962
+ REJECTED
+CVE-2021-30961 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30960 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30959 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30958 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30957 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30956
+ REJECTED
+CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30953 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30952 (An integer overflow was addressed with improved input validation. This ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30951 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30950 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30949 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30948 (An inconsistent user interface issue was addressed with improved state ...)
+ NOT-FOR-US: Apple
+CVE-2021-30947 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30946 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30945 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30944
+ REJECTED
+CVE-2021-30943
+ REJECTED
+CVE-2021-30942 (Description: A memory corruption issue in the processing of ICC profil ...)
+ NOT-FOR-US: Apple
+CVE-2021-30941 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30940 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30939 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30938 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30937 (A memory corruption vulnerability was addressed with improved locking. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30936 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30935 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2021-30933
+ REJECTED
+CVE-2021-30932 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30931 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30930 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30929 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30928
+ REJECTED
+CVE-2021-30927 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30926 (Description: A memory corruption issue in the processing of ICC profil ...)
+ NOT-FOR-US: Apple
+CVE-2021-30925
+ REJECTED
+CVE-2021-30924 (A denial of service issue was addressed with improved state handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30923 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30922
+ REJECTED
+CVE-2021-30921
+ REJECTED
+CVE-2021-30920 (A permissions issue was addressed with improved validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30919 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30918 (A Lock Screen issue was addressed with improved state management. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30917 (A memory corruption issue existed in the processing of ICC profiles. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30916 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30915 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30914 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2021-30913 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30912 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30911 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30910 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30909 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30908 (An authentication issue was addressed with improved state management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30907 (An integer overflow was addressed through improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30906 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30905 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30904 (A sync issue was addressed with improved state validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30903 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30902 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30901 (Multiple out-of-bounds write issues were addressed with improved bound ...)
+ NOT-FOR-US: Apple
+CVE-2021-30900 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30899 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30898
+ REJECTED
+CVE-2021-30897 (An issue existed in the specification for the resource timing API. The ...)
+ NOT-FOR-US: Apple
+CVE-2021-30896 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30895 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30894 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2021-30893
+ REJECTED
+CVE-2021-30892 (An inherited permissions issue was addressed with additional restricti ...)
+ NOT-FOR-US: Apple
+CVE-2021-30891
+ REJECTED
+CVE-2021-30890 (A logic issue was addressed with improved state management. This issue ...)
+ {DSA-5031-1 DSA-5030-1}
+ - webkit2gtk 2.34.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30889 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30888 (An information leakage issue was addressed. This issue is fixed in iOS ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30887 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-5031-1 DSA-5030-1}
+ - webkit2gtk 2.34.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30886 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30885
+ REJECTED
+CVE-2021-30884 (The issue was resolved with additional restrictions on CSS compositing ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30883 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30882 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30881 (An input validation issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30880 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30879 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30878
+ REJECTED
+CVE-2021-30877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30876 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30875 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30874 (An authorization issue was addressed with improved state management. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30873 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30872
+ REJECTED
+CVE-2021-30871 (This issue was addressed with a new entitlement. This issue is fixed i ...)
+ NOT-FOR-US: Apple
+CVE-2021-30870 (A logic issue existed in the handling of document loads. This issue wa ...)
+ NOT-FOR-US: Apple
+CVE-2021-30869 (A type confusion issue was addressed with improved state handling. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30868 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30867 (The issue was addressed with improved authentication. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30866 (A user privacy issue was addressed by removing the broadcast MAC addre ...)
+ NOT-FOR-US: Apple
+CVE-2021-30865 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30864 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30863 (This issue was addressed by improving Face ID anti-spoofing models. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30862 (A validation issue was addressed with improved input sanitization. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30861 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30860 (An integer overflow was addressed with improved input validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30859 (A type confusion issue was addressed with improved state handling. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30858 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0005.html
+CVE-2021-30857 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30856
+ REJECTED
+CVE-2021-30855 (A validation issue existed in the handling of symlinks. This issue was ...)
+ NOT-FOR-US: Apple
+CVE-2021-30854 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30853 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30852 (A type confusion issue was addressed with improved memory handling. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30851 (A memory corruption vulnerability was addressed with improved locking. ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0006.html
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=227988
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/27/4
+CVE-2021-30850 (An access issue was addressed with improved access restrictions. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30849 (Multiple memory corruption issues were addressed with improved memory ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0006.html
+CVE-2021-30848 (A memory corruption issue was addressed with improved memory handling. ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0006.html
+CVE-2021-30847 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30846 (A memory corruption issue was addressed with improved memory handling. ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.0-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0006.html
+CVE-2021-30845 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30844 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30843 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30842 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30841 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30840 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30839
+ RESERVED
+CVE-2021-30838 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30837 (A memory consumption issue was addressed with improved memory handling ...)
+ NOT-FOR-US: Apple
+CVE-2021-30836 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30835 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30834 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30833 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30832 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30831 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30830 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30829 (A URI parsing issue was addressed with improved parsing. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30828 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30827 (A permissions issue existed. This issue was addressed with improved pe ...)
+ NOT-FOR-US: Apple
+CVE-2021-30826 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30825 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30824 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30823 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30822
+ RESERVED
+CVE-2021-30821 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30820 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30819 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30818 (A type confusion issue was addressed with improved state handling. Thi ...)
+ {DSA-4996-1 DSA-4995-1}
+ - webkit2gtk 2.34.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.1-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30817 (A permissions issue was addressed with improved validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30816 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30815 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30814 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2021-30813 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30812
+ RESERVED
+CVE-2021-30811 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30810 (An authorization issue was addressed with improved state management. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30809 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4976-1 DSA-4975-1}
+ - webkit2gtk 2.32.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0007.html
+CVE-2021-30808 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30807 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30806
+ RESERVED
+CVE-2021-30805 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2021-30804 (A permissions issue was addressed with improved validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30803 (A permissions issue was addressed with improved validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30802 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30801
+ RESERVED
+CVE-2021-30800 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30799 (Multiple memory corruption issues were addressed with improved memory ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30798 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30797 (This issue was addressed with improved checks. This issue is fixed in ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30796 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30795 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30794
+ RESERVED
+CVE-2021-30793 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30792 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30791 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30790 (An information disclosure issue was addressed by removing the vulnerab ...)
+ NOT-FOR-US: Apple
+CVE-2021-30789 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30788 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30787 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30786 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30785 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30784 (Multiple issues were addressed with improved logic. This issue is fixe ...)
+ NOT-FOR-US: Apple
+CVE-2021-30783 (An access issue was addressed with improved access restrictions. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30782 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30781 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30780 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30779 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30778 (This issue was addressed with improved entitlements. This issue is fix ...)
+ NOT-FOR-US: Apple
+CVE-2021-30777 (An injection issue was addressed with improved validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30776 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30775 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30774 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30773 (An issue in code signature validation was addressed with improved chec ...)
+ NOT-FOR-US: Apple
+CVE-2021-30772 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30771
+ RESERVED
+CVE-2021-30770 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30769 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30768 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30767 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30766 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30765 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30764 (Processing a maliciously crafted file may lead to arbitrary code execu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30763 (An input validation issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2021-30762 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4681-1}
+ - webkit2gtk 2.28.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.28.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30761 (A memory corruption issue was addressed with improved state management ...)
+ {DSA-4558-1}
+ - webkit2gtk 2.26.1-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.26.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30760 (An integer overflow was addressed through improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30759 (A stack overflow was addressed with improved input validation. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30758 (A type confusion issue was addressed with improved state handling. Thi ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.2-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.2-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30757 (This issue was addressed by enabling hardened runtime. This issue is f ...)
+ NOT-FOR-US: Apple
+CVE-2021-30756 (A local attacker may be able to view Now Playing information from the ...)
+ NOT-FOR-US: Apple
+CVE-2021-30755 (Processing a maliciously crafted font may result in the disclosure of ...)
+ NOT-FOR-US: Apple
+CVE-2021-30754
+ RESERVED
+CVE-2021-30753 (Processing a maliciously crafted font may result in the disclosure of ...)
+ NOT-FOR-US: Apple
+CVE-2021-30752 (Processing a maliciously crafted image may lead to arbitrary code exec ...)
+ NOT-FOR-US: Apple
+CVE-2021-30751 (This issue was addressed with improved data protection. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30750 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30749 (Multiple memory corruption issues were addressed with improved memory ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30748 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30747
+ RESERVED
+CVE-2021-30746 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30745
+ RESERVED
+CVE-2021-30744 (Description: A cross-origin issue with iframe elements was addressed w ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30743 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-30742 (A memory consumption issue was addressed with improved memory handling ...)
+ NOT-FOR-US: Apple
+CVE-2021-30741 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30740 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30739 (A local attacker may be able to elevate their privileges. This issue i ...)
+ NOT-FOR-US: Apple
+CVE-2021-30738 (A malicious application may be able to overwrite arbitrary files. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30737 (A memory corruption issue in the ASN.1 decoder was addressed by removi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30736 (A buffer overflow was addressed with improved size validation. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30735 (A malicious application may be able to execute arbitrary code with ker ...)
+ NOT-FOR-US: Apple
+CVE-2021-30734 (Multiple memory corruption issues were addressed with improved memory ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30733 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30732
+ RESERVED
+CVE-2021-30731 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30730
+ RESERVED
+CVE-2021-30729 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30728 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30727 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30726 (A malicious application may be able to execute arbitrary code with ker ...)
+ NOT-FOR-US: Apple
+CVE-2021-30725 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30724 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30723 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2021-30722 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2021-30721 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2021-30720 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30719 (A local user may be able to cause unexpected system termination or rea ...)
+ NOT-FOR-US: Apple
+CVE-2021-30718 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30717 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30716 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30715 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30714 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
+CVE-2021-30713 (A permissions issue was addressed with improved validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30712 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30711
+ RESERVED
+CVE-2021-30710 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30709 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30708 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-30707 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30706 (Processing a maliciously crafted image may lead to disclosure of user ...)
+ NOT-FOR-US: Apple
+CVE-2021-30705 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30704 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30703 (A double free issue was addressed with improved memory management. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30702 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30701 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30700 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30699 (A window management issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30698 (A null pointer dereference was addressed with improved input validatio ...)
+ NOT-FOR-US: Apple
+CVE-2021-30697 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30696 (An attacker in a privileged network position may be able to misreprese ...)
+ NOT-FOR-US: Apple
+CVE-2021-30695 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30694 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2021-30693 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30692 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2021-30691 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
+CVE-2021-30690 (Multiple issues in apache were addressed by updating apache to version ...)
+ NOT-FOR-US: Apple
+CVE-2021-30689 (A logic issue was addressed with improved state management. This issue ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30688 (A malicious application may be able to break out of its sandbox. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30687 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30686 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30685 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30684 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30683 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-30682 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4923-1}
+ - webkit2gtk 2.32.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.0-2
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30681 (A validation issue existed in the handling of symlinks. This issue was ...)
+ NOT-FOR-US: Apple
+CVE-2021-30680 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30679 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ NOT-FOR-US: Apple
+CVE-2021-30678 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30677 (This issue was addressed with improved environment sanitization. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30676 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30675 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30674 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30673 (An access issue was addressed with improved access restrictions. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30672 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-30671 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30670
+ RESERVED
+CVE-2021-30669 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30668 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30667 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30666 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ {DSA-4558-1}
+ - webkit2gtk 2.26.1-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.26.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30665 (A memory corruption issue was addressed with improved state management ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30664 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-30663 (An integer overflow was addressed with improved input validation. This ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30662 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30661 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-30660 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30659 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30658 (This issue was addressed with improved handling of file metadata. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-30657 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30656 (An access issue was addressed with improved memory management. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-30655 (An application may be able to execute arbitrary code with system privi ...)
+ NOT-FOR-US: Apple
+CVE-2021-30654 (This issue was addressed by removing additional entitlements. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2021-30653 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-30652 (A race condition was addressed with additional validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-30651
+ RESERVED
+CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...)
+ NOT-FOR-US: Symantec
+CVE-2021-30649
+ RESERVED
+CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management ...)
+ NOT-FOR-US: Symantec
+CVE-2021-30647
+ RESERVED
+CVE-2021-30646
+ RESERVED
+CVE-2021-30645
+ RESERVED
+CVE-2021-30644
+ RESERVED
+CVE-2021-30643
+ RESERVED
+CVE-2021-30642 (An input validation flaw in the Symantec Security Analytics web UI 7.2 ...)
+ NOT-FOR-US: Symantec
+CVE-2021-XXXX [out of bounds reads in ASF demuxer]
+ - gst-plugins-ugly1.0 1.18.4-2
+ [buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u1
+ [stretch] - gst-plugins-ugly1.0 1.10.4-1+deb9u1
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/3aba7d1e625554b2407bc77b3d09b4928b937d5f (master)
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29 (1.18.4)
+CVE-2021-3522 (GStreamer before 1.18.4 may perform an out-of-bounds read when handlin ...)
+ {DSA-4903-1 DLA-2641-1}
+ - gst-plugins-base1.0 1.18.4-2
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee (master)
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 (1.18.4)
+ NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0001.html
+CVE-2021-XXXX [Catch overflows in AVC/HEVC NAL unit length calculations]
+ - gst-plugins-bad1.0 1.18.4-2
+ [buster] - gst-plugins-bad1.0 1.14.4-1+deb10u2
+ [stretch] - gst-plugins-bad1.0 1.10.4-1+deb9u2
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/0cfbf7ad91c7f121192c8ce135769f8eb276c41d (1.18-branch)
+CVE-2021-XXXX [stack corruption when handling files with more than 64 audio channels]
+ - gst-libav1.0 1.18.4-2
+ [buster] - gst-libav1.0 1.15.0.1+git20180723+db823502-2+deb10u1
+ [stretch] - gst-libav1.0 1.10.4-1+deb9u1
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/dcea8baa14a5fc3b796d876baaf2f238546ba2b1 (master)
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/a339f8f9641382b92b43e6d146bdc5d87a9704f8 (1.18.4)
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/issues/92
+CVE-2021-3498 (GStreamer before 1.18.4 might cause heap corruption when parsing certa ...)
+ {DSA-4900-1}
+ [experimental] - gst-plugins-good1.0 1.18.4-1
+ - gst-plugins-good1.0 1.18.4-2 (bug #986911)
+ [stretch] - gst-plugins-good1.0 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0003.html
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0
+ NOTE: Introduced by: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/f279bc5336dda19741a5996a108da42dd3201366
+CVE-2021-3497 (GStreamer before 1.18.4 might access already-freed memory in error cod ...)
+ {DSA-4900-1 DLA-2640-1}
+ [experimental] - gst-plugins-good1.0 1.18.4-1
+ - gst-plugins-good1.0 1.18.4-2 (bug #986910)
+ NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0002.html
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3
+CVE-2021-3496 (A heap-based buffer overflow was found in jhead in version 3.06 in Get ...)
+ - jhead 1:3.04-6 (bug #986923; unimportant)
+ NOTE: https://github.com/Matthias-Wandel/jhead/issues/33
+ NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behav ...)
+ {DSA-4937-1 DLA-2706-1}
+ [experimental] - apache2 2.4.48-1
+ - apache2 2.4.46-6
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1966743
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65238
+ NOTE: https://github.com/apache/httpd/commit/eb986059aa5aa0b6c1d52714ea83e3dd758afdd1
+CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker ...)
+ {DSA-4952-1 DLA-2733-1}
+ - tomcat9 9.0.43-2 (bug #991046)
+ [bullseye] - tomcat9 9.0.43-2~deb11u1
+ [buster] - tomcat9 9.0.31-1~deb10u6
+ - tomcat8 <removed>
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65224
+ NOTE: https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434 (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56 (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862 (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43 (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0 (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945 (9.0.46)
+ NOTE: https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100 (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822 (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972 (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38 (8.5.66)
+ NOTE: https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375 (8.5.66)
+ NOTE: Fix for CVE-2021-30640 introduced a regression:
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
+CVE-2021-30639 (A vulnerability in Apache Tomcat allows an attacker to remotely trigge ...)
+ - tomcat9 <not-affected> (Vulnerable code introduced later in 9.0.44)
+ - tomcat8 <removed>
+ [stretch] - tomcat8 <not-affected> (Vulnerable code was introduced later)
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65203
+ NOTE: https://github.com/apache/tomcat/commit/8ece47c4a9fb9349e8862c84358a4dd23c643a24 (9.0.45)
+ NOTE: https://github.com/apache/tomcat/commit/411caf29ac1c16e6ac291b6e5543b2371dbd25e2 (8.5.65)
+CVE-2021-30638 (Information Exposure vulnerability in context asset handling of Apache ...)
+ NOT-FOR-US: Apache Tapestry
+CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...)
+ NOT-FOR-US: htmly
+CVE-2021-30636 (In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corrup ...)
+ NOT-FOR-US: MediaTek LinkIt SDK
+CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager
+CVE-2021-30634
+ RESERVED
+CVE-2021-30633 (Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.8 ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30632 (Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allow ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30631
+ REJECTED
+CVE-2021-30630 (Inappropriate implementation in Blink in Google Chrome prior to 93.0.4 ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30629 (Use after free in Permissions in Google Chrome prior to 93.0.4577.82 a ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30628 (Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30627 (Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30626 (Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.45 ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30625 (Use after free in Selection API in Google Chrome prior to 93.0.4577.82 ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30624 (Chromium: CVE-2021-30624 Use after free in Autofill ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30623 (Chromium: CVE-2021-30623 Use after free in Bookmarks ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30622 (Chromium: CVE-2021-30622 Use after free in WebApp Installs ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30621 (Chromium: CVE-2021-30621 UI Spoofing in Autofill ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30620 (Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30619 (Chromium: CVE-2021-30619 UI Spoofing in Autofill ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30618 (Chromium: CVE-2021-30618 Inappropriate implementation in DevTools ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30617 (Chromium: CVE-2021-30617 Policy bypass in Blink ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30616 (Chromium: CVE-2021-30616 Use after free in Media ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30615 (Chromium: CVE-2021-30615 Cross-origin data leak in Navigation ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30614 (Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30613 (Chromium: CVE-2021-30613 Use after free in Base internals ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30612 (Chromium: CVE-2021-30612 Use after free in WebRTC ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30611 (Chromium: CVE-2021-30611 Use after free in WebRTC ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30610 (Chromium: CVE-2021-30610 Use after free in Extensions API ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30609 (Chromium: CVE-2021-30609 Use after free in Sign-In ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30608 (Chromium: CVE-2021-30608 Use after free in Web Share ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30607 (Chromium: CVE-2021-30607 Use after free in Permissions ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30606 (Chromium: CVE-2021-30606 Use after free in Blink ...)
+ - chromium 93.0.4577.82-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30605 (Inappropriate implementation in the ChromeOS Readiness Tool installer ...)
+ NOT-FOR-US: ChromeOS Readiness Tool installer on Windows
+CVE-2021-30604 (Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowe ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30603 (Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30602 (Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allow ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30601 (Use after free in Extensions API in Google Chrome prior to 92.0.4515.1 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30600 (Use after free in Printing in Google Chrome prior to 92.0.4515.159 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30599 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30598 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30597 (Use after free in Browser UI in Google Chrome on Chrome prior to 92.0. ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30596 (Incorrect security UI in Navigation in Google Chrome on Android prior ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30595
+ RESERVED
+CVE-2021-30594 (Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30593 (Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.13 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30592 (Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515. ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30591 (Use after free in File System API in Google Chrome prior to 92.0.4515. ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30590 (Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515. ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30589 (Insufficient validation of untrusted input in Sharing in Google Chrome ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30588 (Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30587 (Inappropriate implementation in Compositing in Google Chrome prior to ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30586 (Use after free in dialog box handling in Windows in Google Chrome prio ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30585 (Use after free in sensor handling in Google Chrome on Windows prior to ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30584 (Incorrect security UI in Downloads in Google Chrome on Android prior t ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30583 (Insufficient policy enforcement in image handling in iOS in Google Chr ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30582 (Inappropriate implementation in Animation in Google Chrome prior to 92 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30581 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30580 (Insufficient policy enforcement in Android intents in Google Chrome pr ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30579 (Use after free in UI framework in Google Chrome prior to 92.0.4515.107 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30578 (Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30577 (Insufficient policy enforcement in Installer in Google Chrome prior to ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30576 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30575 (Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.10 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30574 (Use after free in protocol handling in Google Chrome prior to 92.0.451 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30573 (Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30572 (Use after free in Autofill in Google Chrome prior to 92.0.4515.107 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30571 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30570
+ RESERVED
+CVE-2021-30569 (Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allow ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30568 (Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30567 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30566 (Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515. ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30565 (Out of bounds write in Tab Groups in Google Chrome on Linux and Chrome ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30564 (Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30563 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30562 (Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 al ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30561 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30560 (Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30559 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30558
+ RESERVED
+CVE-2021-30557 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 al ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30556 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30555 (Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allo ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30554 (Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowe ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30553 (Use after free in Network service in Google Chrome prior to 91.0.4472. ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30552 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30551 (Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30550 (Use after free in Accessibility in Google Chrome prior to 91.0.4472.10 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30549 (Use after free in Spell check in Google Chrome prior to 91.0.4472.101 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30548 (Use after free in Loader in Google Chrome prior to 91.0.4472.101 allow ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ...)
+ {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1}
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ - firefox 90.0-1
+ - firefox-esr 78.12.0esr-1
+ - thunderbird 1:78.12.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-30547
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-30547
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-30547
+CVE-2021-30546 (Use after free in Autofill in Google Chrome prior to 91.0.4472.101 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30545 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30544 (Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allo ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30543 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30542 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30541 (Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30540 (Incorrect security UI in payments in Google Chrome on Android prior to ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30539 (Insufficient policy enforcement in content security policy in Google C ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30538 (Insufficient policy enforcement in content security policy in Google C ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30537 (Insufficient policy enforcement in cookies in Google Chrome prior to 9 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30536 (Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowe ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30535 (Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a re ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ - icu 67.1-7
+ [buster] - icu <not-affected> (Vulnerable code introduced later)
+ [stretch] - icu <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1194899 (restricted)
+ NOTE: Bugfix: https://github.com/unicode-org/icu/pull/1698/commits/e450fa50fc242282551f56b941dc93b9a8a0bcbb
+ NOTE: Backports: https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2842864
+ NOTE: Introduced by: https://github.com/unicode-org/icu/commit/596647c0c34bf19d90d7c90d4f3827876fef688f (release-66-preview)
+ NOTE: Fixed by: https://github.com/unicode-org/icu/commit/2dc5bea9061b4fb05cd03e21b775dd944a0eb81d
+CVE-2021-30534 (Insufficient policy enforcement in iFrameSandbox in Google Chrome prio ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30533 (Insufficient policy enforcement in PopupBlocker in Google Chrome prior ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30532 (Insufficient policy enforcement in Content Security Policy in Google C ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30531 (Insufficient policy enforcement in Content Security Policy in Google C ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30530 (Out of bounds memory access in WebAudio in Google Chrome prior to 91.0 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30529 (Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30528 (Use after free in WebAuthentication in Google Chrome on Android prior ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30527 (Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30526 (Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30525 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 all ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30524 (Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allo ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30523 (Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowe ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30522 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allo ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30521 (Heap buffer overflow in Autofill in Google Chrome on Android prior to ...)
+ - chromium 93.0.4577.82-1 (bug #990079)
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30520 (Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 al ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30519 (Use after free in Payments in Google Chrome prior to 90.0.4430.212 all ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30518 (Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.443 ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30517 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30516 (Heap buffer overflow in History in Google Chrome prior to 90.0.4430.21 ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30515 (Use after free in File API in Google Chrome prior to 90.0.4430.212 all ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30514 (Use after free in Autofill in Google Chrome prior to 90.0.4430.212 all ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30513 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30512 (Use after free in Notifications in Google Chrome prior to 90.0.4430.21 ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30511 (Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.2 ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30510 (Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30509 (Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.2 ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30508 (Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.443 ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30507 (Inappropriate implementation in Offline in Google Chrome on Android pr ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30506 (Incorrect security UI in Web App Installs in Google Chrome on Android ...)
+ {DSA-4917-1}
+ - chromium 90.0.4430.212-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-30505
+ RESERVED
+CVE-2021-30504 (In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual Studio C ...)
+ NOT-FOR-US: GLSL Linting extension for Visual Studio Code
+CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) ...)
+ NOT-FOR-US: vscode-ghc-simple extension for Visual Studio Code
+CVE-2021-3495 (An incorrect access control flaw was found in the kiali-operator in ve ...)
+ NOT-FOR-US: kiali-operator
+CVE-2021-3494 (A smart proxy that provides a restful API to various sub-systems of th ...)
+ - foreman <itp> (bug #663101)
+CVE-2021-3493 (The overlayfs implementation in the linux kernel did not properly vali ...)
+ - linux 5.10.38-1
+ [stretch] - linux <not-affected> (Unprivileged users cannot mount overlayfs)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
+CVE-2021-30501 (An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in ...)
+ - upx-ucl <unfixed> (unimportant)
+ NOTE: https://github.com/upx/upx/issues/486
+ NOTE: https://github.com/upx/upx/pull/487
+ NOTE: https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46
+CVE-2021-30500 (Null pointer dereference was found in upx PackLinuxElf::canUnpack() in ...)
+ - upx-ucl <unfixed> (unimportant)
+ NOTE: https://github.com/upx/upx/issues/485
+ NOTE: https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc
+CVE-2021-30499 (A flaw was found in libcaca. A buffer overflow of export.c in function ...)
+ - libcaca <unfixed> (bug #987278)
+ [bullseye] - libcaca <no-dsa> (Minor issue)
+ [buster] - libcaca <no-dsa> (Minor issue)
+ [stretch] - libcaca <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/cacalabs/libcaca/issues/54
+CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c in fun ...)
+ - libcaca <unfixed> (bug #987278)
+ [bullseye] - libcaca <no-dsa> (Minor issue)
+ [buster] - libcaca <no-dsa> (Minor issue)
+ [stretch] - libcaca <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/cacalabs/libcaca/issues/53
+CVE-2021-30497
+ RESERVED
+CVE-2021-30496 (The Telegram app 7.6.2 for iOS allows remote authenticated users to ca ...)
+ NOT-FOR-US: Telegram for iOS
+CVE-2021-30495
+ RESERVED
+CVE-2021-30494 (Multiple system services installed alongside the Razer Synapse 3 softw ...)
+ NOT-FOR-US: Razer Synapse 3 software suite
+CVE-2021-30493 (Multiple system services installed alongside the Razer Synapse 3 softw ...)
+ NOT-FOR-US: Razer Synapse 3 software suite
+CVE-2021-30492
+ RESERVED
+CVE-2021-30491
+ RESERVED
+CVE-2021-30490
+ RESERVED
+CVE-2021-30489
+ RESERVED
+CVE-2021-30488
+ RESERVED
+CVE-2021-30487 (In the topic moving API in Zulip Server 3.x before 3.4, organization a ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-30486 (SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via ...)
+ NOT-FOR-US: SysAid
+CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...)
+ {DLA-2705-1}
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/25
+CVE-2021-30484
+ RESERVED
+CVE-2021-30483 (isomorphic-git before 1.8.2 allows Directory Traversal via a crafted r ...)
+ NOT-FOR-US: isomorphic-git
+CVE-2021-30482 (In JetBrains UpSource before 2020.1.1883, application passwords were n ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is installed ...)
+ NOT-FOR-US: Valve Steam
+ NOTE: Debian ships an installer as src:steam, but it auto-updates whenever Steam
+ NOTE: is started, so nothing really to be updated there
+CVE-2021-3492 (Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux ...)
+ - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1
+ NOTE: Debian does not include the (not yet upstream accepted) shiftfs
+CVE-2021-3491 (The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT li ...)
+ - linux 5.10.38-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/13
+ NOTE: https://git.kernel.org/linus/d1f82808877bb10d3deee7cf3374a4eb3fb582db
+CVE-2021-3490 (The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in th ...)
+ - linux 5.10.38-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/11
+CVE-2021-3489 (The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel di ...)
+ - linux 5.10.38-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/10
+CVE-2021-30480 (Zoom Chat through 2021-04-09 on Windows and macOS allows certain remot ...)
+ NOT-FOR-US: Zoom Chat
+CVE-2021-3488
+ RESERVED
+CVE-2021-30479 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-30478 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-30477 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...)
+ - zulip-server <itp> (bug #800052)
+CVE-2021-30476 (HashiCorp Terraform&#8217;s Vault Provider (terraform-provider-vault) ...)
+ NOT-FOR-US: HashiCorp Terraform Vault Provider
+CVE-2021-3487 (There's a flaw in the BFD library of binutils in versions before 2.36. ...)
+ - binutils 2.37-3 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26946
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=647cebce12a6b0a26960220caff96ff38978cf24
+ NOTE: binutils not covered by security support
+CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible to in ...)
+ - glpi <removed>
+ NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS
+CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buf ...)
+ [experimental] - aom 3.2.0-1~exp1
+ - aom 3.2.0-1
+ NOTE: https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2999
+CVE-2021-30474 (aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use ...)
+ [experimental] - aom 3.2.0-1~exp1
+ - aom 3.2.0-1
+ NOTE: https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3000
+CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...)
+ [experimental] - aom 3.2.0-1~exp1
+ - aom 3.2.0-1 (bug #988211)
+ NOTE: https://aomedia.googlesource.com/aom/+/d0cac70b542c38accd916f8afd13592d34c48963%5E%21/
+ NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998
+CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in Pdf ...)
+ - libpodofo <unfixed> (bug #986794)
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
+ [buster] - libpodofo <no-dsa> (Minor issue)
+ [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://sourceforge.net/p/podofo/tickets/132/
+CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in Pd ...)
+ - libpodofo <unfixed> (bug #986793)
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
+ [buster] - libpodofo <no-dsa> (Minor issue)
+ [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://sourceforge.net/p/podofo/tickets/131/
+CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...)
+ - libpodofo <unfixed> (bug #986792)
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
+ [buster] - libpodofo <no-dsa> (Minor issue)
+ [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://sourceforge.net/p/podofo/tickets/130/
+CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...)
+ - libpodofo <unfixed> (bug #986791)
+ [bullseye] - libpodofo <no-dsa> (Minor issue)
+ [buster] - libpodofo <no-dsa> (Minor issue)
+ [stretch] - libpodofo <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://sourceforge.net/p/podofo/tickets/129/
+CVE-2021-30468 (A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows ...)
+ NOT-FOR-US: Apache CXF
+CVE-2021-30467
+ RESERVED
+CVE-2021-30466
+ RESERVED
+CVE-2021-30465 (runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Dire ...)
+ - runc 1.0.0~rc93+ds1-5 (bug #988768)
+ [stretch] - runc <no-dsa> (Intrusive to backport fix)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/2
+ NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r
+ NOTE: Initial patch in -4, but revised patch was applied only in -5
+CVE-2021-30464 (OMICRON StationGuard before 1.10 allows remote attackers to cause a de ...)
+ NOT-FOR-US: OMICRON StationGuard
+CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers to gain privileges by creati ...)
+ NOT-FOR-US: VestaCP
+CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate privileges ...)
+ NOT-FOR-US: VestaCP
+CVE-2021-30461 (A remote code execution issue was discovered in the web UI of VoIPmoni ...)
+ NOT-FOR-US: VoIPmonitor
+CVE-2021-30460
+ RESERVED
+CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolba ...)
+ NOT-FOR-US: Jazzband Django Debug Toolbar
+CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x ...)
+ - mediawiki 1:1.35.2-1
+ [buster] - mediawiki <not-affected> (Only applies to 1.35 and later)
+ [stretch] - mediawiki <not-affected> (Only applies to 1.35 and later)
+ NOTE: https://phabricator.wikimedia.org/T279451
+CVE-2021-30457 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...)
+ NOT-FOR-US: Rust crate id-map
+CVE-2021-30456 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...)
+ NOT-FOR-US: Rust crate id-map
+CVE-2021-30455 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...)
+ NOT-FOR-US: Rust crate id-map
+CVE-2021-30454 (An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. ...)
+ NOT-FOR-US: Rust crate outer_cgi
+CVE-2021-30453
+ RESERVED
+CVE-2021-30452
+ RESERVED
+CVE-2021-30451
+ RESERVED
+CVE-2021-30450
+ RESERVED
+CVE-2021-30449
+ RESERVED
+CVE-2021-30448
+ RESERVED
+CVE-2021-30447
+ RESERVED
+CVE-2021-30446
+ RESERVED
+CVE-2021-30445
+ RESERVED
+CVE-2021-30444
+ RESERVED
+CVE-2021-30443
+ RESERVED
+CVE-2021-30442
+ RESERVED
+CVE-2021-30441
+ RESERVED
+CVE-2021-30440
+ RESERVED
+CVE-2021-30439
+ RESERVED
+CVE-2021-30438
+ RESERVED
+CVE-2021-30437
+ RESERVED
+CVE-2021-30436
+ RESERVED
+CVE-2021-30435
+ RESERVED
+CVE-2021-30434
+ RESERVED
+CVE-2021-30433
+ RESERVED
+CVE-2021-30432
+ RESERVED
+CVE-2021-30431
+ RESERVED
+CVE-2021-30430
+ RESERVED
+CVE-2021-30429
+ RESERVED
+CVE-2021-30428
+ RESERVED
+CVE-2021-30427
+ RESERVED
+CVE-2021-30426
+ RESERVED
+CVE-2021-30425
+ RESERVED
+CVE-2021-30424
+ RESERVED
+CVE-2021-30423
+ RESERVED
+CVE-2021-30422
+ RESERVED
+CVE-2021-30421
+ RESERVED
+CVE-2021-30420
+ RESERVED
+CVE-2021-30419
+ RESERVED
+CVE-2021-30418
+ RESERVED
+CVE-2021-30417
+ RESERVED
+CVE-2021-30416
+ RESERVED
+CVE-2021-30415
+ RESERVED
+CVE-2021-30414
+ RESERVED
+CVE-2021-30413
+ RESERVED
+CVE-2021-30412
+ RESERVED
+CVE-2021-30411
+ RESERVED
+CVE-2021-30410
+ RESERVED
+CVE-2021-30409
+ RESERVED
+CVE-2021-30408
+ RESERVED
+CVE-2021-30407
+ RESERVED
+CVE-2021-30406
+ RESERVED
+CVE-2021-30405
+ RESERVED
+CVE-2021-30404
+ RESERVED
+CVE-2021-30403
+ RESERVED
+CVE-2021-30402
+ RESERVED
+CVE-2021-30401
+ RESERVED
+CVE-2021-30400
+ RESERVED
+CVE-2021-30399
+ RESERVED
+CVE-2021-30398
+ RESERVED
+CVE-2021-30397
+ RESERVED
+CVE-2021-30396
+ RESERVED
+CVE-2021-30395
+ RESERVED
+CVE-2021-30394
+ RESERVED
+CVE-2021-30393
+ RESERVED
+CVE-2021-30392
+ RESERVED
+CVE-2021-30391
+ RESERVED
+CVE-2021-30390
+ RESERVED
+CVE-2021-30389
+ RESERVED
+CVE-2021-30388
+ RESERVED
+CVE-2021-30387
+ RESERVED
+CVE-2021-30386
+ RESERVED
+CVE-2021-30385
+ RESERVED
+CVE-2021-30384
+ RESERVED
+CVE-2021-30383
+ RESERVED
+CVE-2021-30382
+ RESERVED
+CVE-2021-30381
+ RESERVED
+CVE-2021-30380
+ RESERVED
+CVE-2021-30379
+ RESERVED
+CVE-2021-30378
+ RESERVED
+CVE-2021-30377
+ RESERVED
+CVE-2021-30376
+ RESERVED
+CVE-2021-30375
+ RESERVED
+CVE-2021-30374
+ RESERVED
+CVE-2021-30373
+ RESERVED
+CVE-2021-30372
+ RESERVED
+CVE-2021-30371
+ RESERVED
+CVE-2021-30370
+ RESERVED
+CVE-2021-30369
+ RESERVED
+CVE-2021-30368
+ RESERVED
+CVE-2021-30367
+ RESERVED
+CVE-2021-30366
+ RESERVED
+CVE-2021-30365
+ RESERVED
+CVE-2021-30364
+ RESERVED
+CVE-2021-30363
+ RESERVED
+CVE-2021-30362
+ RESERVED
+CVE-2021-30361
+ RESERVED
+CVE-2021-30360 (Users have access to the directory where the installation repair occur ...)
+ NOT-FOR-US: Check Point
+CVE-2021-30359 (The Harmony Browse and the SandBlast Agent for Browsers installers mus ...)
+ NOT-FOR-US: Harmony Browse and the SandBlast Agent for Browsers installers
+CVE-2021-30358 (Mobile Access Portal Native Applications who's path is defined by the ...)
+ NOT-FOR-US: Mobile Access Portal Native Applications
+CVE-2021-30357 (SSL Network Extender Client for Linux before build 800008302 reveals p ...)
+ NOT-FOR-US: SSL Network Extender Client
+CVE-2021-30356 (A denial of service vulnerability was reported in Check Point Identity ...)
+ NOT-FOR-US: Check Point Identity Agent
+CVE-2021-30355 (Amazon Kindle e-reader prior to and including version 5.13.4 improperl ...)
+ NOT-FOR-US: Amazon Kindle e-reader
+CVE-2021-30354 (Amazon Kindle e-reader prior to and including version 5.13.4 contains ...)
+ NOT-FOR-US: Amazon Kindle e-reader
+CVE-2021-30353 (Improper validation of function pointer type with actual function sign ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30352
+ RESERVED
+CVE-2021-30351 (An out of bound memory access can occur due to improper validation of ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30350
+ RESERVED
+CVE-2021-30349
+ RESERVED
+CVE-2021-30348 (Improper validation of LLM utility timers availability can lead to den ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30347
+ RESERVED
+CVE-2021-30346
+ RESERVED
+CVE-2021-30345
+ RESERVED
+CVE-2021-30344
+ RESERVED
+CVE-2021-30343
+ RESERVED
+CVE-2021-30342
+ RESERVED
+CVE-2021-30341
+ RESERVED
+CVE-2021-30340
+ RESERVED
+CVE-2021-30339
+ RESERVED
+CVE-2021-30338
+ RESERVED
+CVE-2021-30337 (Possible use after free when process shell memory is freed using IOCTL ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30336 (Possible out of bound read due to lack of domain input validation whil ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30335 (Possible assertion in QOS request due to improper validation when mult ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30334
+ RESERVED
+CVE-2021-30333
+ RESERVED
+CVE-2021-30332
+ RESERVED
+CVE-2021-30331
+ RESERVED
+CVE-2021-30330 (Possible null pointer dereference due to improper validation of APE cl ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30329
+ RESERVED
+CVE-2021-30328
+ RESERVED
+CVE-2021-30327
+ RESERVED
+CVE-2021-30326 (Possible assertion due to improper size validation while processing th ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30325 (Possible out of bound access of DCI resources due to lack of validatio ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30324 (Possible out of bound write due to lack of boundary check for the maxi ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30323 (Improper validation of maximum size of data write to EFS file can lead ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30322 (Possible out of bounds write due to improper validation of number of G ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check during ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-30320
+ RESERVED
+CVE-2021-30319 (Possible integer overflow due to improper validation of command length ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30318 (Improper validation of input when provisioning the HDCP key can lead t ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30317 (Improper validation of program headers containing ELF metadata can lea ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30316 (Possible out of bound memory access due to improper boundary check whi ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor can lea ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-30314 (Lack of validation for third party application accessing the service c ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30313 (Use after free condition can occur in wired connectivity due to a race ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30312 (Improper authentication of sub-frames of a multicast AMSDU frame can l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30311 (Possible heap overflow due to lack of index validation before allocati ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30310 (Possible buffer overflow due to Improper validation of received CF-ACK ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30309 (Improper size validation of QXDM commands can lead to memory corruptio ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30308 (Possible buffer overflow while printing the HARQ memory partition deta ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30307 (Possible denial of service due to improper validation of DNS response ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30306 (Possible buffer over read due to improper buffer allocation for file l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30305 (Possible out of bound access due to lack of validation of page offset ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30304 (Possible buffer out of bound read can occur due to improper validation ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-30303 (Possible buffer overflow due to lack of buffer length check when segme ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30302 (Improper authentication of EAP WAPI EAPOL frames from unauthenticated ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30301 (Possible denial of service due to out of memory while processing RRC a ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex data for th ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30299
+ RESERVED
+CVE-2021-30298 (Possible out of bound access due to improper validation of item size a ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30297 (Possible out of bound read due to improper validation of packet length ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30296
+ RESERVED
+CVE-2021-30295 (Possible heap overflow due to improper validation of local variable wh ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30294 (Potential null pointer dereference in KGSL GPU auxiliary command due t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30293 (Possible assertion due to lack of input validation in PUSCH configurat ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30292 (Possible memory corruption due to lack of validation of client data us ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30291 (Possible memory corruption due to lack of validation of client data us ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30290 (Possible null pointer dereference due to race condition between timeli ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-30289 (Possible buffer overflow due to lack of range check while processing a ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30288 (Possible stack overflow due to improper length check of TLV while copy ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30287 (Possible assertion due to improper validation of symbols configured fo ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30286
+ RESERVED
+CVE-2021-30285 (Improper validation of memory region in Hypervisor can lead to incorre ...)
+ NOT-FOR-US: Qualcomm
+CVE-2021-30284 (Possible information exposure and denial of service due to NAS not dro ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30283 (Possible denial of service due to improper handling of debug register ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30282 (Possible out of bound write in RAM partition table due to improper val ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30281
+ RESERVED
+CVE-2021-30280
+ RESERVED
+CVE-2021-30279 (Possible access control violation while setting current permission for ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30278 (Improper input validation in TrustZone memory transfer interface can l ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30277
+ RESERVED
+CVE-2021-30276 (Improper access control while doing XPU re-configuration dynamically c ...)
+ NOT-FOR-US: Android
+CVE-2021-30275 (Possible integer overflow in page alignment interface due to lack of a ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30274 (Possible integer overflow in access control initialization interface d ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30273 (Possible assertion due to improper handling of IPV6 packet with invali ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30272 (Possible null pointer dereference in thread cache operation handler du ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30271 (Possible null pointer dereference in trap handler due to lack of threa ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30270 (Possible null pointer dereference in thread profile trap handler due t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30269 (Possible null pointer dereference due to lack of TLB validation for us ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30268 (Possible heap Memory Corruption Issue due to lack of input validation ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30267 (Possible integer overflow to buffer overflow due to improper input val ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30266 (Possible use after free due to improper memory validation when initial ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30265 (Possible memory corruption due to improper validation of memory addres ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30264 (Possible use after free due improper validation of reference from call ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30263 (Possible race condition can occur due to lack of synchronization mecha ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30262 (Improper validation of a socket state when socket events are being sen ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30261 (Possible integer and heap overflow due to lack of input command size v ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur due to im ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30259 (Possible out of bound access due to improper validation of function ta ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30258 (Possible buffer overflow due to improper size calculation of payload r ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30257 (Possible out of bound read or write in VR service due to lack of valid ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30256 (Possible stack overflow due to improper validation of camera name leng ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30255 (Possible buffer overflow due to improper input validation in PDM DIAG ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30254 (Possible buffer overflow due to improper input validation in factory c ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-30253
+ RESERVED
+CVE-2021-30252
+ RESERVED
+CVE-2021-30251
+ RESERVED
+CVE-2021-30250
+ RESERVED
+CVE-2021-30249
+ RESERVED
+CVE-2021-30248
+ RESERVED
+CVE-2021-30247
+ RESERVED
+CVE-2021-30246 (In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA ...)
+ NOT-FOR-US: Node jsrasign
+CVE-2021-30245 (The project received a report that all versions of Apache OpenOffice t ...)
+ NOT-FOR-US: Apache OpenOffice, equivalent to CVE-2021-25631
+CVE-2021-3485 (An Improper Input Validation vulnerability in the Product Update featu ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-30244
+ RESERVED
+CVE-2021-30243
+ RESERVED
+CVE-2021-30242
+ RESERVED
+CVE-2021-30241
+ RESERVED
+CVE-2021-30240
+ RESERVED
+CVE-2021-30239
+ RESERVED
+CVE-2021-30238
+ RESERVED
+CVE-2021-30237
+ RESERVED
+CVE-2021-30236
+ RESERVED
+CVE-2021-30235
+ RESERVED
+CVE-2021-30234 (The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30233 (The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 r ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30232 (The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF- ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30231 (The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 rou ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30230 (The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30229 (The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30228 (The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao W ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1 router
+CVE-2021-30227 (Cross Site Scripting (XSS) vulnerability in the article comments featu ...)
+ NOT-FOR-US: emlog
+CVE-2021-30226
+ RESERVED
+CVE-2021-30225
+ RESERVED
+CVE-2021-30224 (Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attacke ...)
+ NOT-FOR-US: Rukovoditel
+CVE-2021-30223
+ RESERVED
+CVE-2021-30222
+ RESERVED
+CVE-2021-30221
+ RESERVED
+CVE-2021-30220
+ RESERVED
+CVE-2021-30219 (samurai 1.2 has a NULL pointer dereference in printstatus() function i ...)
+ NOT-FOR-US: samurai
+CVE-2021-30218 (samurai 1.2 has a NULL pointer dereference in writefile() in util.c vi ...)
+ NOT-FOR-US: samurai
+CVE-2021-30217
+ RESERVED
+CVE-2021-30216
+ REJECTED
+CVE-2021-30215
+ RESERVED
+CVE-2021-30214 (Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injecti ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30213 (Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-sit ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30212 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30211 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30210
+ RESERVED
+CVE-2021-30209 (Textpattern V4.8.4 contains an arbitrary file upload vulnerability whe ...)
+ NOT-FOR-US: Textpattern CMS
+CVE-2021-30208
+ RESERVED
+CVE-2021-30207
+ RESERVED
+CVE-2021-30206
+ RESERVED
+CVE-2021-30205
+ RESERVED
+CVE-2021-30204
+ RESERVED
+CVE-2021-30203
+ RESERVED
+CVE-2021-30202
+ RESERVED
+CVE-2021-30201 (An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6. ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30200
+ RESERVED
+CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Derefe ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/b2db2f99b4c30f96e17b9a14537c776da6cb5dca
+ NOTE: https://github.com/gpac/gpac/issues/1728
+CVE-2021-30198
+ RESERVED
+CVE-2021-30197
+ RESERVED
+CVE-2021-30196
+ RESERVED
+CVE-2021-30195 (CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validatio ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30194 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30193 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30192 (CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Se ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30191 (CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Chec ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30190 (CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30189 (CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflo ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30188 (CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30187 (CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralizati ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30186 (CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer O ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host header in a ...)
+ NOT-FOR-US: CERN Indico
+CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...)
+ - gnuchess <unfixed> (bug #986801)
+ [bullseye] - gnuchess <no-dsa> (Minor issue)
+ [buster] - gnuchess <no-dsa> (Minor issue)
+ [stretch] - gnuchess <postponed> (Minor issue in a game; can be fixed in next update)
+ NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
+ NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html
+CVE-2021-30183 (Cleartext storage of sensitive information in multiple versions of Oct ...)
+ NOT-FOR-US: Octopus Server
+CVE-2021-30182
+ RESERVED
+CVE-2021-30181 (Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which wi ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-30180 (Apache Dubbo prior to 2.7.9 support Tag routing which will enable a cu ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-30179 (Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic call ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-3484
+ RESERVED
+CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This issue al ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf
+CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...)
+ - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/919f4ebc598701670e80e31573a58f1f2d2bf918
+CVE-2021-30177 (There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User R ...)
+ NOT-FOR-US: PHP-Nuke
+CVE-2021-30176 (The ZEROF Expert pro/2.0 application for mobile devices allows SQL Inj ...)
+ NOT-FOR-US: ZEROF Expert
+CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /Handle ...)
+ NOT-FOR-US: ZEROF Web Server
+CVE-2021-30174 (RiyaLab CloudISO event item is added, special characters in specific f ...)
+ NOT-FOR-US: RiyaLab CloudISO
+CVE-2021-30173 (Local File Inclusion vulnerability of the omni-directional communicati ...)
+ NOT-FOR-US: omni-directional communication system
+CVE-2021-30172 (Special characters of picture preview page in the Quan-Fang-Wei-Tong-X ...)
+ NOT-FOR-US: Quan-Fang-Wei-Tong-Xun system
+CVE-2021-30171 (Special characters of ERP POS news page are not filtered in users&#821 ...)
+ NOT-FOR-US: ERP POS
+CVE-2021-30170 (Special characters of ERP POS customer profile page are not filtered i ...)
+ NOT-FOR-US: ERP POS
+CVE-2021-30169 (The sensitive information of webcam device is not properly protected. ...)
+ NOT-FOR-US: LILIN
+CVE-2021-30168 (The sensitive information of webcam device is not properly protected. ...)
+ NOT-FOR-US: LILIN
+CVE-2021-30167 (The manage users profile services of the network camera device allows ...)
+ NOT-FOR-US: LILIN
+CVE-2021-30166 (The NTP Server configuration function of the IP camera device is not v ...)
+ NOT-FOR-US: LILIN
+CVE-2021-30165 (The default administrator account &amp; password of the EDIMAX wireles ...)
+ NOT-FOR-US: EDIMAX
+CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...)
+ {DLA-2658-1}
+ - redmine <unfixed> (bug #986800)
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/19975
+CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...)
+ {DLA-2658-1}
+ - redmine <unfixed> (bug #986800)
+ NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20819
+CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-26948
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/410
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-26259
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/417
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-26252
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/412
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-23206
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/416
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-23191
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/415
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-23180
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/418
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-23165
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/413
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f
+CVE-2021-23158
+ RESERVED
+ {DSA-4928-1 DLA-2700-1}
+ - htmldoc 1.9.11-4 (unimportant; bug #989437)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/414
+ NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-30160
+ RESERVED
+CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1 DLA-2648-1}
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T272386
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
+CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1 DLA-2648-1}
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T277009
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/670546
+CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1}
+ - mediawiki 1:1.35.2-1
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T278058
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674085
+CVE-2021-30156 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ - mediawiki <not-affected> (Not a security issue on release branches, only affected master)
+ NOTE: https://phabricator.wikimedia.org/T276306
+ NOTE: CVE description is wrong
+CVE-2021-30155 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1 DLA-2648-1}
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T270988
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
+CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...)
+ {DSA-4889-1}
+ - mediawiki 1:1.35.2-1
+ [stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
+ NOTE: https://phabricator.wikimedia.org/T278014
+ NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674083/
+CVE-2021-30153
+ RESERVED
+ - mediawiki 1:1.35.2-1
+ [buster] - mediawiki <not-affected> (Vulnerable code not present)
+ [stretch] - mediawiki <not-affected> (Vulnerable code not present)
+ NOTE: https://phabricator.wikimedia.org/T270453
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
+CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through ...)
+ {DSA-4889-1 DLA-2648-1}
+ - mediawiki 1:1.35.2-1
+ NOTE: https://phabricator.wikimedia.org/T270713
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html
+CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...)
+ - ruby-sidekiq <unfixed> (bug #987354)
+ [bullseye] - ruby-sidekiq <no-dsa> (Minor issue)
+ [buster] - ruby-sidekiq <no-dsa> (Minor issue)
+ [stretch] - ruby-sidekiq <no-dsa> (Minor issue)
+ NOTE: https://github.com/mperham/sidekiq/issues/4852
+ NOTE: https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8
+CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script. ...)
+ NOT-FOR-US: Composr
+CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files. ...)
+ NOT-FOR-US: Composr
+CVE-2021-30148
+ RESERVED
+CVE-2021-30147 (DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as addi ...)
+ NOT-FOR-US: DMA Softlab Radius Manager
+CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library f ...)
+ - seafile-client <unfixed> (bug #987282)
+ [bullseye] - seafile-client <no-dsa> (Minor issue)
+ [buster] - seafile-client <no-dsa> (Minor issue)
+ NOTE: https://github.com/Security-AVS/CVE-2021-30146
+CVE-2021-30145 (A format string vulnerability in mpv through 0.33.0 allows user-assist ...)
+ - mpv 0.32.0-3 (bug #986839)
+ [buster] - mpv <no-dsa> (Minor issue)
+ [stretch] - mpv <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/mpv-player/mpv/commit/cb3fa04bcb2ba9e0d25788480359157208c13e0b
+CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...)
+ NOT-FOR-US: GLPI plugin
+CVE-2021-30143
+ RESERVED
+CVE-2021-30142
+ RESERVED
+CVE-2021-30141 (** DISPUTED ** Module/Settings/UserExport.php in Friendica through 202 ...)
+ NOT-FOR-US: Friendica
+CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" functionali ...)
+ NOT-FOR-US: LiquidFiles
+CVE-2021-30139 (In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a b ...)
+ NOT-FOR-US: Alpine Linux apk-tools
+CVE-2021-30138
+ REJECTED
+CVE-2021-30137 (Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarsha ...)
+ NOT-FOR-US: Axios Assyst
+CVE-2021-30136
+ RESERVED
+CVE-2021-30135
+ RESERVED
+CVE-2021-30134
+ RESERVED
+CVE-2021-30133 (A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, C ...)
+ NOT-FOR-US: CloverDX
+CVE-2021-30132 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...)
+ NOT-FOR-US: Cloudera Manager
+CVE-2021-30131
+ RESERVED
+CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...)
+ - phpseclib 1.0.19-3
+ [stretch] - phpseclib <not-affected> (Only affects 3.x branch)
+ - php-phpseclib 2.0.30-2
+ [stretch] - php-phpseclib <not-affected> (Only affects 3.x branch)
+ - php-phpseclib3 3.0.7-1
+ NOTE: https://github.com/phpseclib/phpseclib/pull/1635#issuecomment-826994890
+ NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/cc32cd2e95b18a0c0118bbf1928327675c9e64a9 (v3.0 / RSA::SIGNATURE_RELAXED_PKCS1)
+ NOTE: According to upstream, 1.x and 2.x are not vulnerable, the fix on these branches only backports more exhaustive PKCS#1 v1.5 support (functional change)
+ NOTE: According to upstream, 1.x and 2.x have the problem described as "incompatibility issue in phpseclib v1, v2, v3 (strict mode)'s RSA PKCS#1 v1.5
+ NOTE: signature verification suffering from rejecting valid signatures whose encoded message uses implicit hash algorithm's NULL parameter." but
+ NOTE: this is not considered as a security problem.
+CVE-2021-30129 (A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to ...)
+ NOT-FOR-US: Apache Mina SSHD
+CVE-2021-30128 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version ...)
+ NOT-FOR-US: Apache OFBiz
+CVE-2021-30127 (TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the adm ...)
+ NOT-FOR-US: Terramaster
+CVE-2021-30126 (Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyon ...)
+ NOT-FOR-US: Lightmeter ControlCenter
+CVE-2021-30125 (Jamf Pro before 10.28.0 allows XSS related to inventory history, aka P ...)
+ NOT-FOR-US: Jamf Pro
+CVE-2021-30124 (The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1 ...)
+ NOT-FOR-US: vscode-phpmd (aka PHP Mess Detector) extension for Visual Studio Code
+CVE-2021-30123 (FFmpeg &lt;=4.3 contains a buffer overflow vulnerability in libavcodec ...)
+ - ffmpeg <not-affected> (Only affects 4.4 development branches)
+ NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f
+ NOTE: https://trac.ffmpeg.org/ticket/8845
+ NOTE: https://trac.ffmpeg.org/ticket/8863
+ NOTE: CVE description is wrong, this landed in 4.4 only
+ NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468
+CVE-2021-30122
+ RESERVED
+CVE-2021-30121 (Authenticated local file inclusion in Kaseya VSA &lt; v9.5.6 ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30120 (Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requiremen ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30119 (Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7. ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30118 (Kaseya VSA before 9.5.5 allows remote code execution. ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30117 (SQL injection exists in Kaseya VSA before 9.5.6. ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30116 (Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in ...)
+ NOT-FOR-US: Kaseya
+CVE-2021-30115
+ RESERVED
+CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...)
+ NOT-FOR-US: Web-School ERP
+CVE-2021-30113 (A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Even ...)
+ NOT-FOR-US: Web-School ERP
+CVE-2021-30112 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...)
+ NOT-FOR-US: Web-School ERP
+CVE-2021-30111 (A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Eve ...)
+ NOT-FOR-US: Web-School ERP
+CVE-2021-30110 (dttray.exe in Greyware Automation Products Inc Domain Time II before 5 ...)
+ NOT-FOR-US: Greyware
+CVE-2021-30109 (Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under c ...)
+ NOT-FOR-US: Froala Editor
+CVE-2021-30108 (Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vu ...)
+ NOT-FOR-US: Feehi CMS
+CVE-2021-30107
+ RESERVED
+CVE-2021-30106
+ RESERVED
+CVE-2021-30105
+ RESERVED
+CVE-2021-30104
+ RESERVED
+CVE-2021-30103
+ RESERVED
+CVE-2021-30102
+ RESERVED
+CVE-2021-30101
+ RESERVED
+CVE-2021-30100
+ RESERVED
+CVE-2021-30099
+ RESERVED
+CVE-2021-30098
+ RESERVED
+CVE-2021-30097
+ RESERVED
+CVE-2021-30096
+ RESERVED
+CVE-2021-30095
+ RESERVED
+CVE-2021-30094
+ RESERVED
+CVE-2021-30093
+ RESERVED
+CVE-2021-30092
+ RESERVED
+CVE-2021-30091
+ RESERVED
+CVE-2021-30090
+ RESERVED
+CVE-2021-30089
+ RESERVED
+CVE-2021-30088
+ RESERVED
+CVE-2021-30087
+ RESERVED
+CVE-2021-30086 (Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese ...)
+ NOT-FOR-US: KindEditor
+CVE-2021-30085
+ RESERVED
+CVE-2021-30084
+ RESERVED
+CVE-2021-30083 (An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vuln ...)
+ NOT-FOR-US: Mediat
+CVE-2021-30082 (An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vu ...)
+ NOT-FOR-US: Gris CMS
+CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL Injection ...)
+ NOT-FOR-US: emlog
+CVE-2021-30080
+ RESERVED
+CVE-2021-30079
+ RESERVED
+CVE-2021-30078
+ RESERVED
+CVE-2021-30077
+ RESERVED
+CVE-2021-30076
+ RESERVED
+CVE-2021-30075
+ RESERVED
+CVE-2021-30074 (docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the s ...)
+ NOT-FOR-US: docsify
+CVE-2021-30073
+ RESERVED
+CVE-2021-30072 (An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. ...)
+ NOT-FOR-US: D-Link
+CVE-2021-30071
+ RESERVED
+CVE-2021-30070
+ RESERVED
+CVE-2021-30069
+ RESERVED
+CVE-2021-30068
+ RESERVED
+CVE-2021-30067
+ RESERVED
+CVE-2021-30066
+ RESERVED
+CVE-2021-30065
+ RESERVED
+CVE-2021-30064
+ RESERVED
+CVE-2021-30063
+ RESERVED
+CVE-2021-30062
+ RESERVED
+CVE-2021-30061
+ RESERVED
+CVE-2021-30060
+ RESERVED
+CVE-2021-30059
+ RESERVED
+CVE-2021-30058 (Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30057 (A stored HTML injection vulnerability exists in Knowage Suite version ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30056 (Knowage Suite before 7.4 is vulnerable to reflected cross-site scripti ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30055 (A SQL injection vulnerability in Knowage Suite version 7.1 exists in t ...)
+ NOT-FOR-US: Knowage Suite
+CVE-2021-30054
+ RESERVED
+CVE-2021-30053
+ RESERVED
+CVE-2021-30052
+ RESERVED
+CVE-2021-30051
+ RESERVED
+CVE-2021-30050
+ RESERVED
+CVE-2021-30049 (SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /Ke ...)
+ NOT-FOR-US: SysAid
+CVE-2021-30048 (Directory Traversal in the fileDownload function in com/java2nb/common ...)
+ NOT-FOR-US: Novel-plus
+CVE-2021-30047
+ RESERVED
+CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...)
+ NOT-FOR-US: VIGRA Computer Vision Library
+CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...)
+ NOT-FOR-US: SerenityOS
+CVE-2021-30044 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-30043
+ RESERVED
+CVE-2021-30042 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name" ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-30041
+ RESERVED
+CVE-2021-30040
+ RESERVED
+CVE-2021-30039 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "B ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-30038
+ RESERVED
+CVE-2021-30037
+ RESERVED
+CVE-2021-30036
+ RESERVED
+CVE-2021-30035
+ RESERVED
+CVE-2021-30034 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons fiel ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-30033
+ RESERVED
+CVE-2021-30032
+ RESERVED
+CVE-2021-30031
+ REJECTED
+CVE-2021-30030 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name fie ...)
+ NOT-FOR-US: Remote Clinic
+CVE-2021-30029
+ RESERVED
+CVE-2021-30028
+ RESERVED
+CVE-2021-30027 (md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger us ...)
+ - md4c 0.4.7-2 (bug #987799)
+ NOTE: https://github.com/mity/md4c/issues/155
+ NOTE: https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19
+CVE-2021-30026
+ RESERVED
+CVE-2021-30025
+ RESERVED
+CVE-2021-30024
+ RESERVED
+CVE-2021-30023
+ RESERVED
+CVE-2021-30022 (There is a integer overflow in media_tools/av_parsers.c in the gf_avc_ ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
+ NOTE: https://github.com/gpac/gpac/issues/1720
+CVE-2021-30021
+ RESERVED
+CVE-2021-30020 (In the function gf_hevc_read_pps_bs_internal function in media_tools/a ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
+ NOTE: https://github.com/gpac/gpac/issues/1722
+CVE-2021-30019 (In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0 ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/22774aa9e62f586319c8f107f5bae950fed900bc
+ NOTE: https://github.com/gpac/gpac/issues/1723
+CVE-2021-30018
+ RESERVED
+CVE-2021-30017
+ RESERVED
+CVE-2021-30016
+ RESERVED
+CVE-2021-30015 (There is a Null Pointer Dereference in function filter_core/filter_pck ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/13dad7d5ef74ca2e6fe4010f5b03eb12e9bbe0ec
+ NOTE: https://github.com/gpac/gpac/issues/1719
+CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the hevc_pa ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <no-dsa> (Minor issue)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788
+ NOTE: https://github.com/gpac/gpac/issues/1721
+CVE-2021-30013
+ RESERVED
+CVE-2021-30012
+ RESERVED
+CVE-2021-30011
+ RESERVED
+CVE-2021-30010
+ RESERVED
+CVE-2021-30009
+ RESERVED
+CVE-2021-30008
+ RESERVED
+CVE-2021-30007
+ RESERVED
+CVE-2021-30006 (In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to informa ...)
+ - intellij-idea <itp> (bug #747616)
+CVE-2021-30005 (In JetBrains PyCharm before 2020.3.4, local code execution was possibl ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-30004 (In wpa_supplicant and hostapd 2.9, forging attacks may occur because A ...)
+ - wpa <unfixed> (unimportant)
+ NOTE: https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15
+ NOTE: Issue only affects the "internal" TLS implementation (CONFIG_TLS=internal)
+ NOTE: but Debian builds with CONFIG_TLS=openssl
+CVE-2021-30003 (An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. Ther ...)
+ NOT-FOR-US: Nokia G-120W-F 3FE46606AGAB91 devices
+CVE-2021-30001
+ RESERVED
+CVE-2021-30000 (An issue was discovered in LATRIX 0.6.0. SQL injection in the txtacces ...)
+ NOT-FOR-US: LATRIX
+CVE-2021-29999 (An issue was discovered in Wind River VxWorks through 6.8. There is a ...)
+ NOT-FOR-US: Wind River VxWorks
+CVE-2021-29998 (An issue was discovered in Wind River VxWorks before 6.5. There is a p ...)
+ NOT-FOR-US: Wind River VxWorks
+CVE-2021-29997 (An issue was discovered in Wind River VxWorks 7 before 21.03. A specia ...)
+ NOT-FOR-US: Helix ALM
+CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...)
+ NOT-FOR-US: marktext
+CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in CloverD ...)
+ NOT-FOR-US: CloverDX
+CVE-2021-29994 (Cloudera Hue 4.6.0 allows XSS. ...)
+ NOT-FOR-US: Cloudera Hue
+CVE-2021-29993 (Firefox for Android allowed navigations through the `intent://` protoc ...)
+ - firefox <not-affected> (Specific to Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-29993
+CVE-2021-29992
+ RESERVED
+CVE-2021-29991 (Firefox incorrectly accepted a newline in a HTTP/3 header, interpretti ...)
+ - firefox 91.0.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/#CVE-2021-29991
+CVE-2021-29990 (Mozilla developers and community members reported memory safety bugs p ...)
+ - firefox 91.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29990
+CVE-2021-29989 (Mozilla developers reported memory safety bugs present in Firefox 90 a ...)
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
+ - firefox 91.0-1
+ - firefox-esr 78.13.0esr-1
+ - thunderbird 1:78.13.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29989
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29989
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29989
+CVE-2021-29988 (Firefox incorrectly treated an inline list-item element as a block ele ...)
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
+ - firefox 91.0-1
+ - firefox-esr 78.13.0esr-1
+ - thunderbird 1:78.13.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29988
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29988
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29988
+CVE-2021-29987 (After requesting multiple permissions, and closing the first permissio ...)
+ - firefox 91.0-1
+ - thunderbird <not-affected> (Thunderbird 78.x not affected, only TB91)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29987
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29987
+CVE-2021-29986 (A suspected race condition when calling getaddrinfo led to memory corr ...)
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
+ - firefox 91.0-1
+ - firefox-esr 78.13.0esr-1
+ - thunderbird 1:78.13.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29986
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29986
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29986
+CVE-2021-29985 (A use-after-free vulnerability in media channels could have led to mem ...)
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
+ - firefox 91.0-1
+ - firefox-esr 78.13.0esr-1
+ - thunderbird 1:78.13.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29985
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29985
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29985
+CVE-2021-29984 (Instruction reordering resulted in a sequence of instructions that wou ...)
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
+ - firefox 91.0-1
+ - firefox-esr 78.13.0esr-1
+ - thunderbird 1:78.13.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29984
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29984
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29984
+CVE-2021-29983 (Firefox for Android could get stuck in fullscreen mode and not exit it ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29983
+CVE-2021-29982 (Due to incorrect JIT optimization, we incorrectly interpreted data fro ...)
+ - firefox 91.0-1
+ - thunderbird <not-affected> (Thunderbird 78.x not affected, only TB91)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29982
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29982
+CVE-2021-29981 (An issue present in lowering/register allocation could have led to obs ...)
+ - firefox 91.0-1
+ - thunderbird <not-affected> (Thunderbird 78.x not affected, only TB91)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29981
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29981
+CVE-2021-29980 (Uninitialized memory in a canvas object could have caused an incorrect ...)
+ {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1}
+ - firefox 91.0-1
+ - firefox-esr 78.13.0esr-1
+ - thunderbird 1:78.13.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29980
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29980
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29980
+CVE-2021-29979 (Hubs Cloud allows users to download shared content, specifically HTML ...)
+ NOT-FOR-US: Hubs Cloud
+CVE-2021-29978 (Multiple low security issues were discovered and fixed in a security a ...)
+ NOT-FOR-US: Mozilla VPN
+CVE-2021-29977 (Mozilla developers reported memory safety bugs present in Firefox 89. ...)
+ - firefox 90.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977
+CVE-2021-29976 (Mozilla developers reported memory safety bugs present in code shared ...)
+ {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1}
+ - firefox 90.0-1
+ - firefox-esr 78.12.0esr-1
+ - thunderbird 1:78.12.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29976
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29976
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29976
+CVE-2021-29975 (Through a series of DOM manipulations, a message, over which the attac ...)
+ - firefox 90.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29975
+CVE-2021-29974 (When network partitioning was enabled, e.g. as a result of Enhanced Tr ...)
+ - firefox 90.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29974
+CVE-2021-29973 (Password autofill was enabled without user interaction on insecure web ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29973
+CVE-2021-29972 (A use-after-free vulnerability was found via testing, and traced to an ...)
+ - firefox 90.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29972
+CVE-2021-29971 (If a user had granted a permission to a webpage and saved that grant, ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29971
+CVE-2021-29970 (A malicious webpage could have triggered a use-after-free, memory corr ...)
+ {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1}
+ - firefox 90.0-1
+ - firefox-esr 78.12.0esr-1
+ - thunderbird 1:78.12.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29970
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29970
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29970
+CVE-2021-29969 (If Thunderbird was configured to use STARTTLS for an IMAP connection, ...)
+ {DSA-4940-1 DLA-2711-1}
+ - thunderbird 1:78.12.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29969
+CVE-2021-29968 (When drawing text onto a canvas with WebRender disabled, an out of bou ...)
+ - firefox <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-27/#CVE-2021-29968
+CVE-2021-29967 (Mozilla developers reported memory safety bugs present in Firefox 88 a ...)
+ {DSA-4927-1 DSA-4925-1 DLA-2679-1 DLA-2673-1}
+ - firefox-esr 78.11.0esr-1
+ - firefox 89.0-1
+ - thunderbird 1:78.11.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29967
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29967
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29967
+CVE-2021-29966 (Mozilla developers reported memory safety bugs present in Firefox 88. ...)
+ - firefox 89.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29966
+CVE-2021-29965 (A malicious website that causes an HTTP Authentication dialog to be sp ...)
+ - firefox <not-affected> (Android-specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29965
+CVE-2021-29964 (A locally-installed hostile program could send `WM_COPYDATA` messages ...)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - firefox <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29964
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29964
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29964
+CVE-2021-29963 (Address bar search suggestions in private browsing mode were re-using ...)
+ - firefox <not-affected> (Android-specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29963
+CVE-2021-29962 (Firefox for Android would become unstable and hard-to-recover when a w ...)
+ - firefox <not-affected> (Android-specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29962
+CVE-2021-29961 (When styling and rendering an oversized `&lt;select&gt;` element, Fire ...)
+ - firefox 89.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29961
+CVE-2021-29960 (Firefox used to cache the last filename used for printing a file. When ...)
+ - firefox 89.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29960
+CVE-2021-29959 (When a user has already allowed a website to access microphone and cam ...)
+ - firefox 89.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29959
+CVE-2021-29958 (When a download was initiated, the client did not check whether it was ...)
+ - firefox <not-affected> (Only affects Firefox for iOS)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29958
+CVE-2021-29957 (If a MIME encoded email contains an OpenPGP inline signed or encrypted ...)
+ {DSA-4927-1 DLA-2679-1}
+ - thunderbird 1:78.10.2-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29957
+CVE-2021-29956 (OpenPGP secret keys that were imported using Thunderbird version 78.8. ...)
+ {DSA-4927-1 DLA-2679-1}
+ - thunderbird 1:78.10.2-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-22/#CVE-2021-29956
+CVE-2021-29955 (A transient execution vulnerability, named Floating Point Value Inject ...)
+ {DSA-4874-1 DLA-2607-1}
+ - firefox 87.0-1
+ - firefox-esr 78.9.0esr-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-29955
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-29955
+CVE-2021-29954 (Proxy functionality built into Hubs Cloud&#8217;s Reticulum software a ...)
+ NOT-FOR-US: Hubs Cloud
+CVE-2021-29953 (A malicious webpage could have forced a Firefox for Android user into ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29953
+CVE-2021-29952 (When Web Render components were destructed, a race condition could hav ...)
+ - firefox 88.0.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29952
+CVE-2021-29951 (The Mozilla Maintenance Service granted SERVICE_START access to BUILTI ...)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-18/#CVE-2021-29951
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-19/#CVE-2021-29951
+CVE-2021-29950 (Thunderbird unprotects a secret OpenPGP key prior to using it for a de ...)
+ {DSA-4876-1 DLA-2609-1}
+ - thunderbird 1:78.9.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-17/#CVE-2021-29950
+CVE-2021-29949 (When loading the shared library that provides the OTR protocol impleme ...)
+ {DSA-4897-1 DLA-2632-1}
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-29949
+CVE-2021-29948 (Signatures are written to disk before and read during verification, wh ...)
+ {DSA-4897-1 DLA-2632-1}
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29948
+CVE-2021-29947 (Mozilla developers and community members reported memory safety bugs p ...)
+ - firefox 88.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29947
+CVE-2021-29946 (Ports that were written as an integer overflow above the bounds of a 1 ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29946
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29946
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29946
+CVE-2021-29945 (The WebAssembly JIT could miscalculate the size of a return type, whic ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-29945
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29945
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29945
+CVE-2021-29944 (Lack of escaping allowed HTML injection when a webpage was viewed in R ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-29944
+CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a webca ...)
+ {DLA-2689-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
+CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. ...)
+ {DSA-4958-1 DLA-2750-1}
+ - exiv2 0.27.5-1 (bug #986888)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/issues/1522
+ NOTE: https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da
+ NOTE: https://github.com/Exiv2/exiv2/commit/cac151ec052d44da3dc779e9e4028e581acb128a
+CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg file]
+ RESERVED
+ {DLA-2895-1 DLA-2885-1}
+ - qtsvg-opensource-src 5.15.2-3 (bug #986798)
+ [buster] - qtsvg-opensource-src <no-dsa> (Minor issue)
+ - qt4-x11 <removed>
+ [buster] - qt4-x11 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1931444
+ NOTE: https://bugreports.qt.io/browse/QTBUG-91507
+ NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=bfd6ee0d8cf34b63d32adf10ed93daa0086b359f (qt/qtsvg/dev)
+ NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=0fa522904d65b73d48d5fadf690131e9ebb58d2a (qt/qtsvg/6.0)
+ NOTE: https://codereview.qt-project.org/gitweb?p=qt%2Fqtsvg.git;a=commit;h=9f7ccbfc68d20d0dc2ddc1e7dee5572dcf7dcd48 (qt/qtsvg/6.1)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31668
+ NOTE: https://codereview.qt-project.org/c/qt/qtsvg/+/337587
+CVE-2021-29943 (When using ConfigurableInternodeAuthHadoopPlugin for authentication, A ...)
+ - lucene-solr <not-affected> (Vulnerable functionality not yet present)
+CVE-2021-29942 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...)
+ NOT-FOR-US: reorder crate
+CVE-2021-29941 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...)
+ NOT-FOR-US: reorder crate
+CVE-2021-29940 (An issue was discovered in the through crate through 2021-02-18 for Ru ...)
+ NOT-FOR-US: Rust crate through
+CVE-2021-29939 (An issue was discovered in the stackvector crate through 2021-02-19 fo ...)
+ - rust-stackvector 1.0.6-3 (bug #986808)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0048.html
+CVE-2021-29938 (An issue was discovered in the slice-deque crate through 2021-02-19 fo ...)
+ NOT-FOR-US: Rust crate slice-deque
+CVE-2021-29937 (An issue was discovered in the telemetry crate through 2021-02-17 for ...)
+ NOT-FOR-US: Rust crate telemetry
+CVE-2021-29936 (An issue was discovered in the adtensor crate through 2021-01-11 for R ...)
+ NOT-FOR-US: Rust crate adtensor
+CVE-2021-29935 (An issue was discovered in the rocket crate before 0.4.7 for Rust. uri ...)
+ NOT-FOR-US: Rust crate rocket
+CVE-2021-29934 (An issue was discovered in PartialReader in the uu_od crate before 0.0 ...)
+ NOT-FOR-US: Rust crate uu_od
+CVE-2021-29933 (An issue was discovered in the insert_many crate through 2021-01-26 fo ...)
+ NOT-FOR-US: Rust crate insert_many
+CVE-2021-29932 (An issue was discovered in the parse_duration crate through 2021-03-18 ...)
+ NOT-FOR-US: Rust crate parse_duration
+CVE-2021-29931 (An issue was discovered in the arenavec crate through 2021-01-12 for R ...)
+ NOT-FOR-US: Rust crate arenavec
+CVE-2021-29930 (An issue was discovered in the arenavec crate through 2021-01-12 for R ...)
+ NOT-FOR-US: Rust crate arenavec
+CVE-2021-29929 (An issue was discovered in the endian_trait crate through 2021-01-04 f ...)
+ NOT-FOR-US: Rust crate endian_trait
+CVE-2021-29928
+ RESERVED
+CVE-2021-29927
+ RESERVED
+CVE-2021-29926
+ RESERVED
+CVE-2021-29925
+ RESERVED
+CVE-2021-29924
+ RESERVED
+CVE-2021-29923 (Go before 1.17 does not properly consider extraneous zero characters a ...)
+ - golang-1.16 <unfixed>
+ - golang-1.15 <unfixed>
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <ignored> (Minor issue, IP-based access control failure in specific cases, upstream won't fix supported releases for backward compatibility)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <ignored> (Minor issue, IP-based access control failure in specific cases, upstream won't fix supported releases for backward compatibility)
+ NOTE: https://github.com/golang/go/issues/30999
+ NOTE: https://github.com/golang/go/issues/43389
+ NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-016.md
+ NOTE: https://go-review.googlesource.com/c/go/+/325829/
+CVE-2021-29922 (library/std/src/net/parser.rs in Rust before 1.53.0 does not properly ...)
+ - rustc 1.53.0+dfsg1-1
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <ignored> (Minor issue. Patch can be backported, but risky.)
+ NOTE: https://github.com/rust-lang/rust/issues/83648
+ NOTE: https://github.com/rust-lang/rust/pull/83652
+ NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-015.md
+ NOTE: https://github.com/rust-lang/rust/commit/974192cd98b3efca8e5cd293f641f561e7487b30
+CVE-2021-29921 (In Python before 3,9,5, the ipaddress library mishandles leading zero ...)
+ [experimental] - python3.9 3.9.5-1
+ - python3.9 3.9.7-1 (bug #989195)
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ NOTE: https://bugs.python.org/issue36384#msg392423
+ NOTE: https://github.com/python/cpython/commit/60ce8f0be6354ad565393ab449d8de5d713f35bc (v3.10.0b1)
+ NOTE: https://github.com/python/cpython/commit/5374fbc31446364bf5f12e5ab88c5493c35eaf04 (v3.9.5)
+ NOTE: Introduced by: https://github.com/python/cpython/commit/e653d4d8e820a7a004ad399530af0135b45db27a (v3.8.0a4)
+CVE-2021-29920
+ RESERVED
+CVE-2021-29919
+ RESERVED
+CVE-2021-29918
+ RESERVED
+CVE-2021-29917
+ RESERVED
+CVE-2021-29916
+ RESERVED
+CVE-2021-29915
+ RESERVED
+CVE-2021-29914
+ RESERVED
+CVE-2021-29913
+ RESERVED
+CVE-2021-29912 (IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site ...)
+ NOT-FOR-US: IBM
+CVE-2021-29911
+ RESERVED
+CVE-2021-29910
+ RESERVED
+CVE-2021-29909
+ RESERVED
+CVE-2021-29908 (The IBM TS7700 Management Interface is vulnerable to unauthenticated a ...)
+ NOT-FOR-US: IBM
+CVE-2021-29907 (IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated use ...)
+ NOT-FOR-US: IBM
+CVE-2021-29906 (IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29905 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29904 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29903 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 i ...)
+ NOT-FOR-US: IBM
+CVE-2021-29902
+ RESERVED
+CVE-2021-29901
+ RESERVED
+CVE-2021-29900
+ RESERVED
+CVE-2021-29899
+ RESERVED
+CVE-2021-29898
+ RESERVED
+CVE-2021-29897
+ RESERVED
+CVE-2021-29896
+ RESERVED
+CVE-2021-29895
+ RESERVED
+CVE-2021-29894 (IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29893
+ RESERVED
+CVE-2021-29892
+ RESERVED
+CVE-2021-29891
+ RESERVED
+CVE-2021-29890
+ RESERVED
+CVE-2021-29889
+ RESERVED
+CVE-2021-29888 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...)
+ NOT-FOR-US: IBM
+CVE-2021-29887
+ RESERVED
+CVE-2021-29886
+ RESERVED
+CVE-2021-29885
+ RESERVED
+CVE-2021-29884
+ RESERVED
+CVE-2021-29883 (IBM Standards Processing Engine (IBM Transformation Extender Advanced ...)
+ NOT-FOR-US: IBM
+CVE-2021-29882
+ RESERVED
+CVE-2021-29881
+ RESERVED
+CVE-2021-29880 (IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or mult ...)
+ NOT-FOR-US: IBM
+CVE-2021-29879
+ RESERVED
+CVE-2021-29878 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnera ...)
+ NOT-FOR-US: IBM
+CVE-2021-29877
+ RESERVED
+CVE-2021-29876
+ RESERVED
+CVE-2021-29875 (IBM InfoSphere Information Server 11.7 could allow an attacker to obta ...)
+ NOT-FOR-US: IBM
+CVE-2021-29874
+ RESERVED
+CVE-2021-29873 (IBM Flash System 900 could allow an authenticated attacker to obtain s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29872 (IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation S ...)
+ NOT-FOR-US: IBM
+CVE-2021-29871
+ RESERVED
+CVE-2021-29870
+ RESERVED
+CVE-2021-29869
+ RESERVED
+CVE-2021-29868 (IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29867 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to ...)
+ NOT-FOR-US: IBM
+CVE-2021-29866
+ RESERVED
+CVE-2021-29865
+ RESERVED
+CVE-2021-29864
+ RESERVED
+CVE-2021-29863 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forge ...)
+ NOT-FOR-US: IBM
+CVE-2021-29862 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
+ NOT-FOR-US: IBM
+CVE-2021-29861 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
+ NOT-FOR-US: IBM
+CVE-2021-29860 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
+ NOT-FOR-US: IBM
+CVE-2021-29859
+ RESERVED
+CVE-2021-29858
+ RESERVED
+CVE-2021-29857
+ RESERVED
+CVE-2021-29856 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre ...)
+ NOT-FOR-US: IBM
+CVE-2021-29855 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...)
+ NOT-FOR-US: IBM
+CVE-2021-29854
+ RESERVED
+CVE-2021-29853 (IBM Planning Analytics 2.0 could expose information that could be used ...)
+ NOT-FOR-US: IBM
+CVE-2021-29852 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-29851 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ NOT-FOR-US: IBM
+CVE-2021-29850
+ RESERVED
+CVE-2021-29849 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
+ NOT-FOR-US: IBM
+CVE-2021-29848
+ RESERVED
+CVE-2021-29847 (BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) conf ...)
+ NOT-FOR-US: IBM
+CVE-2021-29846 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29845 (IBM Security Guardium Insights 3.0 could allow an authenticated user t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29844 (IBM Jazz Team Server products is vulnerable to server-side request for ...)
+ NOT-FOR-US: IBM
+CVE-2021-29843 (IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial o ...)
+ NOT-FOR-US: IBM
+CVE-2021-29842 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29841 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...)
+ NOT-FOR-US: IBM
+CVE-2021-29840
+ RESERVED
+CVE-2021-29839
+ RESERVED
+CVE-2021-29838 (IBM Security Guardium Insights 3.0 could allow a remote attacker to ob ...)
+ NOT-FOR-US: IBM
+CVE-2021-29837 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 i ...)
+ NOT-FOR-US: IBM
+CVE-2021-29836 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29835 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnera ...)
+ NOT-FOR-US: IBM
+CVE-2021-29834 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29833 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29832 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29831 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29830
+ RESERVED
+CVE-2021-29829
+ RESERVED
+CVE-2021-29828
+ RESERVED
+CVE-2021-29827
+ RESERVED
+CVE-2021-29826
+ RESERVED
+CVE-2021-29825 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) coul ...)
+ NOT-FOR-US: IBM
+CVE-2021-29824
+ RESERVED
+CVE-2021-29823
+ RESERVED
+CVE-2021-29822 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...)
+ NOT-FOR-US: IBM
+CVE-2021-29821 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29820 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29819 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29818 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29817 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29816 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29815 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29814 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29813 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29812 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29811 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29810 (IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbu ...)
+ NOT-FOR-US: IBM
+CVE-2021-29809 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29808 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29807 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29806 (IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29805 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
+ NOT-FOR-US: IBM
+CVE-2021-29804 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
+ NOT-FOR-US: IBM
+CVE-2021-29803 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
+ NOT-FOR-US: IBM
+CVE-2021-29802 (IBM Security SOAR performs an operation at a privilege level that is h ...)
+ NOT-FOR-US: IBM
+CVE-2021-29801 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...)
+ NOT-FOR-US: IBM
+CVE-2021-29800 (IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29799
+ RESERVED
+CVE-2021-29798 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 i ...)
+ NOT-FOR-US: IBM
+CVE-2021-29797
+ RESERVED
+CVE-2021-29796
+ RESERVED
+CVE-2021-29795 (IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a lo ...)
+ NOT-FOR-US: IBM
+CVE-2021-29794 (IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29793
+ RESERVED
+CVE-2021-29792 (IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA ...)
+ NOT-FOR-US: IBM
+CVE-2021-29791
+ RESERVED
+CVE-2021-29790
+ RESERVED
+CVE-2021-29789
+ RESERVED
+CVE-2021-29788
+ RESERVED
+CVE-2021-29787
+ RESERVED
+CVE-2021-29786 (IBM Jazz Team Server products stores user credentials in clear text wh ...)
+ NOT-FOR-US: IBM
+CVE-2021-29785 (IBM Security SOAR V42 and V43could allow a remote attacker to obtain s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29784 (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29783
+ RESERVED
+CVE-2021-29782
+ RESERVED
+CVE-2021-29781 (IBM Partner Engagement Manager 2.0 could allow a remote attacker to ex ...)
+ NOT-FOR-US: IBM
+CVE-2021-29780 (IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authent ...)
+ NOT-FOR-US: IBM
+CVE-2021-29779 (IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitiv ...)
+ NOT-FOR-US: IBM
+CVE-2021-29778
+ RESERVED
+CVE-2021-29777 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2021-29776
+ RESERVED
+CVE-2021-29775 (IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak fo ...)
+ NOT-FOR-US: IBM
+CVE-2021-29774 (IBM Jazz Team Server products could allow an authenticated user to obt ...)
+ NOT-FOR-US: IBM
+CVE-2021-29773 (IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated ...)
+ NOT-FOR-US: IBM
+CVE-2021-29772 (IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potenti ...)
+ NOT-FOR-US: IBM
+CVE-2021-29771 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+ NOT-FOR-US: IBM
+CVE-2021-29770 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29769 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29768
+ RESERVED
+CVE-2021-29767 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow ...)
+ NOT-FOR-US: IBM
+CVE-2021-29766 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29765 (IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obta ...)
+ NOT-FOR-US: IBM
+CVE-2021-29764 (IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29763 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29762
+ RESERVED
+CVE-2021-29761 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...)
+ NOT-FOR-US: IBM
+CVE-2021-29760 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...)
+ NOT-FOR-US: IBM
+CVE-2021-29759 (IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29758 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...)
+ NOT-FOR-US: IBM
+CVE-2021-29757 (IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site r ...)
+ NOT-FOR-US: IBM
+CVE-2021-29756 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site req ...)
+ NOT-FOR-US: IBM
+CVE-2021-29755
+ RESERVED
+CVE-2021-29754 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
+CVE-2021-29753 (IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Proc ...)
+ NOT-FOR-US: IBM
+CVE-2021-29752 (IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability ...)
+ NOT-FOR-US: IBM
+CVE-2021-29751 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
+ NOT-FOR-US: IBM
+CVE-2021-29750 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...)
+ NOT-FOR-US: IBM
+CVE-2021-29749 (IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29748
+ RESERVED
+CVE-2021-29747 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29746
+ RESERVED
+CVE-2021-29745 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge esc ...)
+ NOT-FOR-US: IBM
+CVE-2021-29744 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
+ NOT-FOR-US: IBM
+CVE-2021-29743 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...)
+ NOT-FOR-US: IBM
+CVE-2021-29742 (IBM Security Verify Access Docker 10.0.0 could allow a user to imperso ...)
+ NOT-FOR-US: IBM
+CVE-2021-29741 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...)
+ NOT-FOR-US: IBM
+CVE-2021-29740 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 sys ...)
+ NOT-FOR-US: IBM
+CVE-2021-29739 (IBM Planning Analytics Local 2.0 could allow a remote attacker to obta ...)
+ NOT-FOR-US: IBM
+CVE-2021-29738 (IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 1 ...)
+ NOT-FOR-US: IBM
+CVE-2021-29737 (IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information S ...)
+ NOT-FOR-US: IBM
+CVE-2021-29736 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ NOT-FOR-US: IBM
+CVE-2021-29735 (IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulner ...)
+ NOT-FOR-US: IBM
+CVE-2021-29734
+ RESERVED
+CVE-2021-29733
+ RESERVED
+CVE-2021-29732
+ RESERVED
+CVE-2021-29731
+ RESERVED
+CVE-2021-29730 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29729
+ RESERVED
+CVE-2021-29728 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains ...)
+ NOT-FOR-US: IBM
+CVE-2021-29727 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...)
+ NOT-FOR-US: IBM
+CVE-2021-29726
+ RESERVED
+CVE-2021-29725 (IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IB ...)
+ NOT-FOR-US: IBM
+CVE-2021-29724
+ RESERVED
+CVE-2021-29723 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weak ...)
+ NOT-FOR-US: IBM
+CVE-2021-29722 (IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weak ...)
+ NOT-FOR-US: IBM
+CVE-2021-29721
+ RESERVED
+CVE-2021-29720
+ RESERVED
+CVE-2021-29719 (IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29718
+ RESERVED
+CVE-2021-29717
+ RESERVED
+CVE-2021-29716 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to ...)
+ NOT-FOR-US: IBM
+CVE-2021-29715 (IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to ...)
+ NOT-FOR-US: IBM
+CVE-2021-29714 (IBM Content Navigator 3.0.CD could allow a malicious user to cause a d ...)
+ NOT-FOR-US: IBM
+CVE-2021-29713 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29712 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
+ NOT-FOR-US: IBM
+CVE-2021-29711 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29710
+ RESERVED
+CVE-2021-29709
+ RESERVED
+CVE-2021-29708 (IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI ...)
+ NOT-FOR-US: IBM
+CVE-2021-29707 (IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could ...)
+ NOT-FOR-US: IBM
+CVE-2021-29706 (IBM AIX 7.1 could allow a non-privileged local user to exploit a vulne ...)
+ NOT-FOR-US: IBM
+CVE-2021-29705
+ RESERVED
+CVE-2021-29704 (IBM Security SOAR uses weaker than expected cryptographic algorithms t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29703 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulne ...)
+ NOT-FOR-US: IBM
+CVE-2021-29702 (Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 a ...)
+ NOT-FOR-US: IBM
+CVE-2021-29701 (IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as I ...)
+ NOT-FOR-US: IBM
+CVE-2021-29700 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 c ...)
+ NOT-FOR-US: IBM
+CVE-2021-29699 (IBM Security Verify Access Docker 10.0.0 could allow a remote priviled ...)
+ NOT-FOR-US: IBM
+CVE-2021-29698
+ RESERVED
+CVE-2021-29697 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-29696 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-29695 (IBM Host firmware for LC-class Systems could allow a remote attacker t ...)
+ NOT-FOR-US: IBM
+CVE-2021-29694 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expec ...)
+ NOT-FOR-US: IBM
+CVE-2021-29693 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the ...)
+ NOT-FOR-US: IBM
+CVE-2021-29692 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...)
+ NOT-FOR-US: IBM
+CVE-2021-29691 (IBM Security Identity Manager 7.0.2 contains hard-coded credentials, s ...)
+ NOT-FOR-US: IBM
+CVE-2021-29690
+ RESERVED
+CVE-2021-29689
+ RESERVED
+CVE-2021-29688 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...)
+ NOT-FOR-US: IBM
+CVE-2021-29687 (IBM Security Identity Manager 7.0.2 could allow a remote user to enume ...)
+ NOT-FOR-US: IBM
+CVE-2021-29686 (IBM Security Identity Manager 7.0.2 could allow an authenticated user ...)
+ NOT-FOR-US: IBM
+CVE-2021-29685
+ RESERVED
+CVE-2021-29684
+ RESERVED
+CVE-2021-29683 (IBM Security Identity Manager 7.0.2 stores user credentials in plain c ...)
+ NOT-FOR-US: IBM
+CVE-2021-29682 (IBM Security Identity Manager 7.0.2 could allow a remote attacker to o ...)
+ NOT-FOR-US: IBM
+CVE-2021-29681 (IBM InfoSphere Information Server 11.7 could allow an attacker to obta ...)
+ NOT-FOR-US: IBM
+CVE-2021-29680
+ RESERVED
+CVE-2021-29679 (IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated us ...)
+ NOT-FOR-US: IBM
+CVE-2021-29678 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2021-29677 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
+ NOT-FOR-US: IBM
+CVE-2021-29676 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is v ...)
+ NOT-FOR-US: IBM
+CVE-2021-29675
+ RESERVED
+CVE-2021-29674
+ RESERVED
+CVE-2021-29673 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...)
+ NOT-FOR-US: IBM
+CVE-2021-29672 (IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to ...)
+ NOT-FOR-US: IBM
+CVE-2021-29671 (IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the ...)
+ NOT-FOR-US: IBM
+CVE-2021-29670 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-29669
+ RESERVED
+CVE-2021-29668 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-29667 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is ...)
+ NOT-FOR-US: IBM
+CVE-2021-29666 (IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is ...)
+ NOT-FOR-US: IBM
+CVE-2021-29665 (IBM Security Verify Access 20.07 is vulnerable to a stack based buffer ...)
+ NOT-FOR-US: IBM
+CVE-2021-29664
+ RESERVED
+CVE-2021-29663 (CourseMS (aka Course Registration Management System) 2.1 is affected b ...)
+ NOT-FOR-US: CourseMS (aka Course Registration Management System)
+CVE-2021-29661 (Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.htm ...)
+ NOT-FOR-US: Softing AG OPC Toolbox
+CVE-2021-29660 (A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.htm ...)
+ NOT-FOR-US: Softing AG OPC Toolbox
+CVE-2021-29659 (ownCloud 10.7 has an incorrect access control vulnerability, leading t ...)
+ - owncloud <removed>
+CVE-2021-29658 (The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Co ...)
+ NOT-FOR-US: vscode-rufo extension for Visual Studio Code
+CVE-2021-29657 (arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use ...)
+ - linux 5.10.28-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/a58d9166a756a0f4a6618e4f593232593d6df134
+ NOTE: https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html
+CVE-2021-29656 (Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validat ...)
+ NOT-FOR-US: Pexip Infinity Connect
+CVE-2021-29655 (Pexip Infinity Connect before 1.8.0 omits certain provisioning authent ...)
+ NOT-FOR-US: Pexip Infinity Connect
+CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...)
+ NOT-FOR-US: AjaxSearchPro
+CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain ci ...)
+ NOT-FOR-US: HashiCorp Vault and Vault Enterprise
+CVE-2021-29652 (Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user s ...)
+ NOT-FOR-US: Pomerium
+CVE-2021-29651 (Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). ...)
+ NOT-FOR-US: Pomerium
+CVE-2021-29650 (An issue was discovered in the Linux kernel before 5.11.11. The netfil ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/175e476b8cdf2a4de7432583b49c871345e4f8a1
+CVE-2021-29649 (An issue was discovered in the Linux kernel before 5.11.11. The user m ...)
+ - linux 5.10.28-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/f60a85cad677c4f9bb4cadd764f1d106c38c7cf8
+CVE-2021-29648 (An issue was discovered in the Linux kernel before 5.11.11. The BPF su ...)
+ - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/350a5c4dd2452ea999cc5e1d4a8dbf12de2f97ef
+CVE-2021-29647 (An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvm ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/50535249f624d0072cd885bcdce4e4b6fb770160
+CVE-2021-29646 (An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_re ...)
+ - linux 5.10.28-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/0217ed2848e8538bcf9172d97ed2eeb4a26041bb
+CVE-2021-3480 (A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointe ...)
+ - slapi-nis 0.56.5-2 (bug #988736)
+ [bullseye] - slapi-nis <no-dsa> (Minor issue)
+ [buster] - slapi-nis <no-dsa> (Minor issue)
+ [stretch] - slapi-nis <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1944640
+ NOTE: https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master
+CVE-2021-3479 (There's a flaw in OpenEXR's Scanline API functionality in versions bef ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25370
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/d80f11f4f55100d007ae80a162bf257ec291612c
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/830
+CVE-2021-3478 (There's a flaw in OpenEXR's scanline input file functionality in versi ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939160
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/bc88cdb6c97fbf5bc5d11ad8ca55306da931283a (master)
+ NOTE: Depends on prior v3 checks https://github.com/AcademySoftwareFoundation/openexr/commit/0963ff1c4fcb3e748a9386685622747bfef00eb1
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0c2b46f630a3b5f2f561c2849d047ee39f899179 (2.5)
+CVE-2021-3477 (There's a flaw in OpenEXR's deep tile sample size calculations in vers ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26956
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939159
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/467be80b75642efbbe6bdace558079f68c16acb1
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0)
+CVE-2021-29645 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendM ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-29644 (Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remo ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-29643 (PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsa ...)
+ NOT-FOR-US: PRTG Network Monitor
+CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change the U ...)
+ NOT-FOR-US: GistPad
+CVE-2021-29641 (Directus 8 before 8.8.2 allows remote authenticated users to execute a ...)
+ NOT-FOR-US: Directus
+CVE-2021-29640
+ RESERVED
+CVE-2021-29639
+ RESERVED
+CVE-2021-29638
+ RESERVED
+CVE-2021-29637
+ RESERVED
+CVE-2021-29636
+ RESERVED
+CVE-2021-29635
+ RESERVED
+CVE-2021-29634
+ RESERVED
+CVE-2021-29633
+ RESERVED
+CVE-2021-29632 (In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+ NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-22:01.vt.asc
+CVE-2021-29631 (In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before ...)
+ NOT-FOR-US: FreeBSD
+CVE-2021-29630 (In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before ...)
+ NOT-FOR-US: FreeBSD
+CVE-2021-29629 (In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before ...)
+ - dacs <removed> (bug #989288; unimportant)
+ [stretch] - dacs <not-affected> (Vulnerable module first bundled in 1.4.40)
+ NOTE: RADIUS authentication not enabled in Debian packaging.
+CVE-2021-29628 (In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before ...)
+ NOT-FOR-US: FreeBSD
+CVE-2021-29627 (In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13. ...)
+ NOT-FOR-US: FreeBSD
+CVE-2021-29626 (In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11. ...)
+ - kfreebsd-10 <unfixed> (unimportant)
+CVE-2021-29625 (Adminer is open-source database management software. A cross-site scri ...)
+ - adminer 4.7.9-2 (bug #988886)
+ [buster] - adminer <no-dsa> (Minor issue)
+ [stretch] - adminer <no-dsa> (Minor issue)
+ NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc
+ NOTE: https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7
+CVE-2021-29624 (fastify-csrf is an open-source plugin helps developers protect their F ...)
+ NOT-FOR-US: fastify-csrf
+CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
+ - exiv2 0.27.5-1 (bug #988481)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
+ NOTE: https://github.com/Exiv2/exiv2/pull/1627
+CVE-2021-29622 (Prometheus is an open-source monitoring system and time series databas ...)
+ - prometheus <not-affected> (Vulnerable code disabled in Debian packaging)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/1
+ NOTE: https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7
+ NOTE: "Fixed" because the 2.15.2+ds-1 upload disabled codewise the functionality
+ NOTE: (due to lack of React support in Debian) in 01-Do_not_embed_blobs.patch.
+ NOTE: The vulnerability itself is introduced with 2.23.0 upstream.
+ NOTE: See https://bugs.debian.org/988804 for details.
+CVE-2021-29621 (Flask-AppBuilder is a development framework, built on top of Flask. Us ...)
+ - flask-appbuilder <itp> (bug #998029)
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580 (v3.3.0)
+CVE-2021-29620 (Report portal is an open source reporting and analysis framework. Star ...)
+ NOT-FOR-US: Report portal
+CVE-2021-29619 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29618 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29617 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29616 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29615 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29614 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29613 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29612 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29611 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29610 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29609 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29608 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29607 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29606 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29605 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29604 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29603 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29602 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29601 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29600 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29599 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29598 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29597 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29596 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29595 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29594 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29593 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29592 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29591 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29590 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29589 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29588 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29587 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29586 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29585 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29584 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29583 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29582 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29581 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29580 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29579 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29578 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29577 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29576 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29575 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29574 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29573 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29572 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29571 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29570 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29569 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29568 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29567 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29566 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29565 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29564 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29563 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29562 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29561 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29560 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29559 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29558 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29557 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29556 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29555 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29554 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29553 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29552 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29551 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29550 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29549 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29548 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29547 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29546 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29545 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29544 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29543 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29542 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29541 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29540 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29539 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29538 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29537 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29536 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29535 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29534 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29533 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29532 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29531 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29530 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29529 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29528 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29527 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29526 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29525 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29524 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29523 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29522 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29521 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29520 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29519 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29518 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29517 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29516 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29515 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29514 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29513 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29512 (TensorFlow is an end-to-end open source platform for machine learning. ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2021-29511 (evm is a pure Rust implementation of Ethereum Virtual Machine. Prior t ...)
+ NOT-FOR-US: Rust crate evm
+CVE-2021-29510 (Pydantic is a data validation and settings management using Python typ ...)
+ - pydantic 1.7.4-1 (bug #988480)
+ NOTE: https://github.com/samuelcolvin/pydantic/security/advisories/GHSA-5jqp-qgf6-3pvh
+ NOTE: https://github.com/samuelcolvin/pydantic/commit/7e83fdd2563ffac081db7ecdf1affa65ef38c468
+CVE-2021-29509 (Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The f ...)
+ - puma 4.3.8-1 (bug #989054)
+ [stretch] - puma <not-affected> (Incomplete fix for CVE-2019-16770 not applied)
+ NOTE: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
+ NOTE: https://github.com/puma/puma/commit/df72887170c7ef3614c941c9bdefb4a1f3546ebf
+ NOTE: CVE is related to an incomplete fix for CVE-2019-16770
+CVE-2021-29508 (Due to how Wire handles type information in its serialization format, ...)
+ NOT-FOR-US: Wire
+CVE-2021-29507 (GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interfa ...)
+ - dlt-daemon <unfixed> (unimportant)
+ NOTE: https://github.com/GENIVI/dlt-daemon/security/advisories/GHSA-7cqp-2hqj-mh3f (useless boilerplate only)
+ NOTE: https://github.com/GENIVI/dlt-daemon/commit/f5344f8cf036e6dcb899522e8e679639dd23e1a4
+ NOTE: No security impact, config files need to be trusted
+CVE-2021-29506 (GraphHopper is an open-source Java routing engine. In GrassHopper from ...)
+ NOT-FOR-US: GraphHopper
+CVE-2021-29505 (XStream is software for serializing Java objects to XML and back again ...)
+ {DLA-2704-1}
+ - libxstream-java 1.4.15-3 (bug #989491)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc
+ NOTE: https://github.com/x-stream/xstream/commit/f0c4a8d861b68ffc3119cfbbbd632deee624e227 (v1.4.17)
+CVE-2021-29504 (WP-CLI is the command-line interface for WordPress. An improper error ...)
+ NOT-FOR-US: WP-CLI
+CVE-2021-29503 (HedgeDoc is a platform to write and share markdown. HedgeDoc before ve ...)
+ NOT-FOR-US: HedgeDoc
+CVE-2021-29502 (WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability ...)
+ NOT-FOR-US: Red discord bot addon
+CVE-2021-29501 (Ticketer is a command based ticket system cog (plugin) for the red dis ...)
+ NOT-FOR-US: Red discord bot addon
+CVE-2021-29500 (bubble fireworks is an open source java package relating to Spring Fra ...)
+ NOT-FOR-US: bubble fireworks
+CVE-2021-29499 (SIF is an open source implementation of the Singularity Container Imag ...)
+ [experimental] - golang-github-sylabs-sif 2.3.1-1
+ - golang-github-sylabs-sif <unfixed> (bug #991664)
+ [bullseye] - golang-github-sylabs-sif <no-dsa> (Minor issue)
+ NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-4gh8-x3vv-phhg
+CVE-2021-29498
+ RESERVED
+CVE-2021-29497
+ RESERVED
+CVE-2021-29496
+ RESERVED
+CVE-2021-29495 (Nim is a statically typed compiled systems programming language. In Ni ...)
+ - nim 1.4.2-1
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <no-dsa> (Minor issue)
+ NOTE: https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr
+CVE-2021-29494
+ RESERVED
+CVE-2021-29493 (Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has ...)
+ NOT-FOR-US: Kennnyshiwa-cogs
+CVE-2021-29492 (Envoy is a cloud-native edge/middle/service proxy. Envoy does not deco ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-29491 (Mixme is a library for recursive merging of Javascript objects. In Nod ...)
+ NOT-FOR-US: mixme nodejs module
+CVE-2021-29490 (Jellyfin is a free software media system that provides media from a de ...)
+ NOT-FOR-US: Jellyfin
+CVE-2021-29489 (Highcharts JS is a JavaScript charting library based on SVG. In Highch ...)
+ NOT-FOR-US: Highcharts JS
+CVE-2021-29488 (SABnzbd is an open source binary newsreader. A vulnerability was disco ...)
+ - sabnzbdplus 3.2.1+dfsg-1
+ [bullseye] - sabnzbdplus 3.1.1+dfsg-2+deb11u1
+ [buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u2
+ [stretch] - sabnzbdplus <no-dsa> (Minor issue; contrib not supported)
+ NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp
+ NOTE: https://github.com/sabnzbd/sabnzbd/commit/3766ba54026eaa520dbee5b57a2f33d4954fb98b
+CVE-2021-29487 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...)
+ NOT-FOR-US: October CMS
+CVE-2021-29486 (cumulative-distribution-function is an open source npm library used wh ...)
+ NOT-FOR-US: Node cumulative-distribution-function
+CVE-2021-29485 (Ratpack is a toolkit for creating web applications. In versions prior ...)
+ NOT-FOR-US: Ratpack
+CVE-2021-29484 (Ghost is a Node.js CMS. An unused endpoint added during the developmen ...)
+ NOT-FOR-US: Ghost CMS
+CVE-2021-29483 (ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' ...)
+ NOT-FOR-US: ManageWiki MediaWiki extension
+ NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/
+CVE-2021-29482 (xz is a compression and decompression library focusing on the xz forma ...)
+ - golang-github-ulikunitz-xz 0.5.6-2 (bug #988243)
+ NOTE: https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27
+ NOTE: https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b
+CVE-2021-29481 (Ratpack is a toolkit for creating web applications. In versions prior ...)
+ NOT-FOR-US: Ratpack
+CVE-2021-29480 (Ratpack is a toolkit for creating web applications. In versions prior ...)
+ NOT-FOR-US: Ratpack
+CVE-2021-29479 (Ratpack is a toolkit for creating web applications. In versions prior ...)
+ NOT-FOR-US: Ratpack
+CVE-2021-29478 (Redis is an open source (BSD licensed), in-memory data structure store ...)
+ - redis 5:6.0.13-1 (bug #988045)
+ [buster] - redis <not-affected> (Vulnerable code not present)
+ [stretch] - redis <not-affected> (Vulnerable code not present)
+ NOTE: https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ
+ NOTE: https://github.com/redis/redis/commit/29900d4e6bccdf3691bedf0ea9a5d84863fa3592
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3
+CVE-2021-29477 (Redis is an open source (BSD licensed), in-memory data structure store ...)
+ - redis 5:6.0.13-1 (bug #988045)
+ [buster] - redis <not-affected> (Vulnerable code not present)
+ [stretch] - redis <not-affected> (Vulnerable code not present)
+ NOTE: https://groups.google.com/g/redis-db/c/6GSWzTW0PR8/m/8FbdIEEoBAAJ
+ NOTE: https://github.com/redis/redis/commit/f0c5f920d0f88bd8aa376a2c05af4902789d1ef9
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g
+CVE-2021-29476 (Requests is a HTTP library written in PHP. Requests mishandles deseria ...)
+ - wordpress 5.5.3+dfsg1-1
+ [buster] - wordpress 5.0.11+dfsg1-0+deb10u1
+ [stretch] - wordpress 4.7.19+dfsg-1+deb9u1
+ NOTE: https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54
+ NOTE: https://github.com/rmccue/Requests/pull/421
+ NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3
+ NOTE: The CVE directly correspond to CVE-2020-28032 for wordpress and we can track
+ NOTE: same versions as fixed. Strictly speaking CVE-2021-29476 is for the PHP Requests
+ NOTE: library directly.
+CVE-2021-29475 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
+ NOT-FOR-US: HedgeDoc
+CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborative ma ...)
+ NOT-FOR-US: HedgeDoc
+CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
+ {DSA-4958-1 DLA-2750-1}
+ - exiv2 0.27.5-1 (bug #987736)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
+ NOTE: https://github.com/Exiv2/exiv2/pull/1587
+ NOTE: https://github.com/Exiv2/exiv2/commit/e6a0982f7cd9282052b6e3485a458d60629ffa0b
+ NOTE: https://github.com/Exiv2/exiv2/commit/f0ff11f044b2c8ddf4792415beb91fd815c633a1
+CVE-2021-29472 (Composer is a dependency manager for PHP. URLs for Mercurial repositor ...)
+ {DSA-4907-1 DLA-2654-1}
+ - composer 2.0.9-2
+ NOTE: https://github.com/composer/composer/security/advisories/GHSA-h5h8-pc6h-jvvx
+ NOTE: https://github.com/composer/composer/commit/083b73515d1d72bc61c6374440b3f8a37531f8cf
+CVE-2021-29471 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.33.2-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85
+ NOTE: https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c (v1.33.2)
+CVE-2021-29470 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #987450)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj
+ NOTE: https://github.com/Exiv2/exiv2/pull/1581
+ NOTE: https://github.com/Exiv2/exiv2/commit/b3de96f4b4408347bed57e625963720e8d0dd2ea
+ NOTE: https://github.com/Exiv2/exiv2/commit/c372f2677d6f7cf88a8f26ef6bc175561e406ee2
+CVE-2021-29469 (Node-redis is a Node.js Redis client. Before version 3.1.1, when a cli ...)
+ - node-redis 3.0.2+~cs5.18.1-3
+ [buster] - node-redis 2.8.0-1+deb10u1
+ NOTE: https://github.com/NodeRedis/node-redis/issues/1569
+ NOTE: https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3
+ NOTE: https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e
+CVE-2021-29468 (Cygwin Git is a patch set for the git command line tool for the cygwin ...)
+ NOT-FOR-US: Cygwin Git
+CVE-2021-29467 (Wrongthink is an encrypted peer-to-peer chat program. A user could che ...)
+ NOT-FOR-US: Wrongthink
+CVE-2021-29466 (Discord-Recon is a bot for the Discord chat service. In versions of Di ...)
+ NOT-FOR-US: Discord-Recon
+CVE-2021-29465 (Discord-Recon is a bot for the Discord chat service. Versions of Disco ...)
+ NOT-FOR-US: Discord-Recon
+CVE-2021-29464 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #988242)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <not-affected> (Vulnerable code introduced later)
+ [stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p
+ NOTE: https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54
+CVE-2021-29463 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #988241)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <not-affected> (webp support introduced in 0.27)
+ [stretch] - exiv2 <not-affected> (webp support introduced in 0.27)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr
+ NOTE: https://github.com/Exiv2/exiv2/commit/783b3a6ff15ed6f82a8f8e6c8a6f3b84a9b04d4b
+CVE-2021-29462 (The Portable SDK for UPnP Devices is an SDK for development of UPnP de ...)
+ - pupnp-1.8 <unfixed> (bug #987326)
+ [bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
+ [buster] - pupnp-1.8 <no-dsa> (Minor issue)
+ - libupnp <removed>
+ [stretch] - libupnp <no-dsa> (Minor issue)
+ NOTE: https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
+ NOTE: https://github.com/pupnp/pupnp/commit/21fd85815da7ed2578d0de7cac4c433008f0ecd4
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/20/4
+CVE-2021-29461 (Discord Recon Server is a bot that allows one to do one's reconnaissan ...)
+ NOT-FOR-US: Discord-Recon
+CVE-2021-29460 (Kirby is an open source CMS. An editor with write access to the Kirby ...)
+ NOT-FOR-US: Kirby CMS
+CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ - exiv2 0.27.5-1 (bug #987277)
+ [bullseye] - exiv2 <no-dsa> (Minor issue)
+ [buster] - exiv2 <no-dsa> (Minor issue)
+ [stretch] - exiv2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
+ NOTE: https://github.com/Exiv2/exiv2/issues/1530
+ NOTE: https://github.com/Exiv2/exiv2/pull/1536
+ NOTE: https://github.com/Exiv2/exiv2/commit/0a91b56616404f7b29ca28deb01ce18b767d1871
+ NOTE: https://github.com/Exiv2/exiv2/commit/c92ac88cb0ebe72a5a17654fe6cecf411ab1e572
+ NOTE: https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0
+ NOTE: https://github.com/Exiv2/exiv2/commit/fadb68718eb1bff3bd3222bd26ff3328f5306730
+ NOTE: https://github.com/Exiv2/exiv2/commit/06d2db6e5fd2fcca9c060e95fc97f8a5b5d4c22d
+CVE-2021-29457 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
+ {DSA-4958-1 DLA-2750-1}
+ - exiv2 0.27.3-3.1 (bug #991705)
+ [bullseye] - exiv2 0.27.3-3+deb11u1
+ NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
+ NOTE: https://github.com/Exiv2/exiv2/issues/1529
+ NOTE: https://github.com/Exiv2/exiv2/pull/1534
+ NOTE: https://github.com/Exiv2/exiv2/commit/13e5a3e02339b746abcaee6408893ca2fd8e289d
+ NOTE: buster-security and bullseye-security updates refer to CVE-2021-31291, which
+ NOTE: was an addditional (and then rejected) CVE ID for the same issue as CVE-2021-29457
+CVE-2021-29456 (Authelia is an open-source authentication and authorization server pro ...)
+ NOT-FOR-US: Authelia
+CVE-2021-29455 (Grassroot Platform is an application to make it faster, cheaper and ea ...)
+ NOT-FOR-US: Grassroot Platform
+CVE-2021-29454 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
+ - smarty3 <unfixed>
+ NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m
+ NOTE: https://github.com/smarty-php/smarty/commit/7ad97ad030b4289711e30819c928b8bc33c62b23 (3.1.42)
+CVE-2021-29453 (matrix-media-repo is an open-source multi-domain media repository for ...)
+ NOT-FOR-US: matrix-media-repo
+CVE-2021-29452 (a12n-server is an npm package which aims to provide a simple authentic ...)
+ NOT-FOR-US: Node a12n-server
+CVE-2021-29451 (Portofino is an open source web development framework. Portofino befor ...)
+ NOT-FOR-US: Portofino
+CVE-2021-29450 (Wordpress is an open source CMS. One of the blocks in the WordPress ed ...)
+ {DSA-4896-1 DLA-2630-1}
+ - wordpress 5.7.1+dfsg1-1 (bug #987065)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
+CVE-2021-29449 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
+ NOT-FOR-US: Pi-hole
+CVE-2021-29448 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
+ NOT-FOR-US: Pi-hole
+CVE-2021-29447 (Wordpress is an open source CMS. A user with the ability to upload fil ...)
+ {DSA-4896-1 DLA-2630-1}
+ - wordpress 5.7.1+dfsg1-1 (unimportant)
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh
+ NOTE: Only an issue when installation runs under PHP8.
+CVE-2021-29446 (jose-node-cjs-runtime is an npm package which provides a number of cry ...)
+ NOT-FOR-US: Node jose-node-cjs-runtime
+CVE-2021-29445 (jose-node-esm-runtime is an npm package which provides a number of cry ...)
+ NOT-FOR-US: Node jose-esm-runtime
+CVE-2021-29444 (jose-browser-runtime is an npm package which provides a number of cryp ...)
+ NOT-FOR-US: Node jose-browser-runtime
+CVE-2021-29443 (jose is an npm library providing a number of cryptographic operations. ...)
+ NOT-FOR-US: Node jose
+CVE-2021-29442 (Nacos is a platform designed for dynamic service discovery and configu ...)
+ NOT-FOR-US: Nacos
+CVE-2021-29441 (Nacos is a platform designed for dynamic service discovery and configu ...)
+ NOT-FOR-US: Nacos
+CVE-2021-29440 (Grav is a file based Web-platform. Twig processing of static pages can ...)
+ NOT-FOR-US: Grav CMS
+CVE-2021-29439 (The Grav admin plugin prior to version 1.10.11 does not correctly veri ...)
+ NOT-FOR-US: Grav admin plugin
+CVE-2021-29438 (The Nextcloud dialogs library (npm package @nextcloud/dialogs) before ...)
+ NOT-FOR-US: Node @nextcloud/dialogs
+CVE-2021-29437 (ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth ...)
+ NOT-FOR-US: ScratchOAuth2
+CVE-2021-29436 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2021-29435 (trestle-auth is an authentication plugin for the Trestle admin framewo ...)
+ NOT-FOR-US: trestle-auth
+CVE-2021-29434 (Wagtail is a Django content management system. In affected versions of ...)
+ NOT-FOR-US: wagtail
+CVE-2021-29433 (Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 ...)
+ NOT-FOR-US: Matrix Sydent
+CVE-2021-29432 (Sydent is a reference matrix identity server. A malicious user could a ...)
+ NOT-FOR-US: Matrix Sydent
+CVE-2021-29431 (Sydent is a reference Matrix identity server. Sydent can be induced to ...)
+ NOT-FOR-US: Matrix Sydent
+CVE-2021-29430 (Sydent is a reference Matrix identity server. Sydent does not limit th ...)
+ NOT-FOR-US: Matrix Sydent
+CVE-2021-29429 (In Gradle before version 7.0, files created with open permissions in t ...)
+ - gradle <unfixed> (bug #987284)
+ [bullseye] - gradle <no-dsa> (Minor issue)
+ [buster] - gradle <no-dsa> (Minor issue)
+ [stretch] - gradle <no-dsa> (Minor issue)
+ NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8
+CVE-2021-29428 (In Gradle before version 7.0, on Unix-like systems, the system tempora ...)
+ - gradle <unfixed> (bug #987284)
+ [bullseye] - gradle <no-dsa> (Minor issue)
+ [buster] - gradle <no-dsa> (Minor issue)
+ [stretch] - gradle <no-dsa> (Minor issue; sticky bit on /tmp is set by default)
+ NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-89qm-pxvm-p336
+CVE-2021-29427 (In Gradle from version 5.1 and before version 7.0 there is a vulnerabi ...)
+ - gradle <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-jvmj-rh6q-x395
+CVE-2021-29426
+ RESERVED
+CVE-2021-29425 (In Apache Commons IO before 2.7, When invoking the method FileNameUtil ...)
+ {DLA-2741-1}
+ - commons-io 2.8.0-1
+ [buster] - commons-io 2.6-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/12/1
+ NOTE: https://issues.apache.org/jira/browse/IO-556
+CVE-2021-3476 (A flaw was found in OpenEXR's B44 uncompression functionality in versi ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24787
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/eec0dba242bedd2778c973ae4af112107b33d9c9
+CVE-2021-3475 (There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25297
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2a18ed424a854598c2a20b5dd7e782b436a1e753
+CVE-2021-3474 (There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted inp ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/c3ed4a1db1f39bf4524a644cb2af81dc8cfab33f
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0)
+CVE-2021-29662 (The Data::Validate::IP module through 0.29 for Perl does not properly ...)
+ - libdata-validate-ip-perl 0.30-1 (unimportant)
+ NOTE: Documentation update: https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e
+ NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
+ NOTE: Upstream only clarifies how to properly use the module with a documentation update
+CVE-2021-29424 (The Net::Netmask module before 2.0000 for Perl does not properly consi ...)
+ - libnet-netmask-perl 1.9104-2 (bug #986135)
+ [buster] - libnet-netmask-perl <no-dsa> (Minor issue)
+ [stretch] - libnet-netmask-perl <no-dsa> (Minor issue)
+ NOTE: https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
+ NOTE: https://metacpan.org/changes/distribution/Net-Netmask#L11-22
+ NOTE: https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163
+ NOTE: Fixed by: https://github.com/jmaslak/Net-Netmask/commit/9023b403682f1eaadadf6cb71ba0117a1fa4f163
+ NOTE: Improvements and add safe_new() method:
+ NOTE: https://github.com/jmaslak/Net-Netmask/commit/6b60b4eb3e98ee7548c13ecb7cb02c626f948a40
+ NOTE: Remove warnings introduced in tests:
+ NOTE: https://github.com/jmaslak/Net-Netmask/commit/30d82695e32bc3b1615c7cd08d34528252363436
+CVE-2021-29423
+ RESERVED
+CVE-2021-3473 (An internal product security audit of Lenovo XClarity Controller (XCC) ...)
+ NOT-FOR-US: Lenovo XClarity Controller (XCC)
+CVE-2021-3472 (A flaw was found in xorg-x11-server in versions before 1.20.11. An int ...)
+ {DSA-4893-1 DLA-2627-1}
+ - xorg-server 2:1.20.11-1
+ NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
+ NOTE: https://lists.x.org/archives/xorg-announce/2021-April/003080.html
+CVE-2021-29422
+ RESERVED
+CVE-2021-29421 (models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Pyth ...)
+ - pikepdf 1.17.3+dfsg-5 (bug #986274)
+ [buster] - pikepdf <no-dsa> (Minor issue)
+ NOTE: https://github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343a (v2.10.0)
+CVE-2021-29420
+ RESERVED
+CVE-2021-29419
+ RESERVED
+CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain unexpe ...)
+ NOT-FOR-US: Node netmask
+CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...)
+ NOT-FOR-US: gitjacker
+CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...)
+ NOT-FOR-US: Burp Suite (different from src:burp)
+CVE-2021-29415 (The elliptic curve cryptography (ECC) hardware accelerator, part of th ...)
+ NOT-FOR-US: NordicSemiconductor nRF52840
+CVE-2021-29414 (STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect p ...)
+ NOT-FOR-US: STMicroelectronics STM32L4 devices
+CVE-2021-29413
+ RESERVED
+CVE-2021-29412
+ RESERVED
+CVE-2021-29411
+ RESERVED
+CVE-2021-29410
+ RESERVED
+CVE-2021-29409
+ RESERVED
+CVE-2021-29408
+ RESERVED
+CVE-2021-29407
+ RESERVED
+CVE-2021-29406
+ RESERVED
+CVE-2021-29405
+ RESERVED
+CVE-2021-29404
+ RESERVED
+CVE-2021-29403
+ RESERVED
+CVE-2021-29402
+ RESERVED
+CVE-2021-29401
+ RESERVED
+CVE-2021-29400 (A cross-site request forgery (CSRF) vulnerability in the My SMTP Conta ...)
+ NOT-FOR-US: My SMTP Contact plugin for GetSimple CMS
+CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...)
+ NOT-FOR-US: XMB
+CVE-2021-29398 (Directory traversal in /northstar/Common/NorthFileManager/fileManagerO ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29397 (Cleartext Transmission of Sensitive Information in /northstar/Admin/lo ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29396 (Systemic Insecure Permissions in Northstar Technologies Inc NorthStar ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29395 (Directory travesal in /northstar/filemanager/download.jsp in Northstar ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29394 (Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29393 (Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar T ...)
+ NOT-FOR-US: Northstar
+CVE-2021-29392
+ RESERVED
+CVE-2021-29391
+ RESERVED
+CVE-2021-29390
+ RESERVED
+CVE-2021-29389
+ RESERVED
+CVE-2021-29388 (A stored cross-site scripting (XSS) vulnerability in SourceCodester Bu ...)
+ NOT-FOR-US: SourceCodester Budget Management System
+CVE-2021-29387 (Multiple stored cross-site scripting (XSS) vulnerabilities in Sourceco ...)
+ NOT-FOR-US: Sourcecodester Equipment Inventory System
+CVE-2021-29386
+ RESERVED
+CVE-2021-29385
+ RESERVED
+CVE-2021-29384
+ RESERVED
+CVE-2021-29383
+ RESERVED
+CVE-2021-29382
+ RESERVED
+CVE-2021-29381
+ RESERVED
+CVE-2021-29380
+ RESERVED
+CVE-2021-29379 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR- ...)
+ NOT-FOR-US: D-Link
+CVE-2021-29378
+ RESERVED
+CVE-2021-29377 (Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerabil ...)
+ NOT-FOR-US: Pear Admin Think
+CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...)
+ {DLA-2747-1 DLA-2746-1}
+ - ircii-pana <removed>
+ - ircii 20210314-1 (bug #986214)
+ [buster] - ircii 20190117-1+deb10u1
+ - scrollz 2.2.3-2 (bug #986215)
+ [buster] - scrollz 2.2.3-1+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/2
+ NOTE: https://github.com/ScrollZ/ScrollZ/issues/25
+CVE-2021-29375
+ RESERVED
+CVE-2021-29374
+ RESERVED
+CVE-2021-29373
+ RESERVED
+CVE-2021-29372
+ RESERVED
+CVE-2021-29371
+ RESERVED
+CVE-2021-29370 (A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1. ...)
+ NOT-FOR-US: Thanos-Soft Cheetah Browser in Android
+CVE-2021-29369 (The gnuplot package prior to version 0.1.0 for Node.js allows code exe ...)
+ NOT-FOR-US: Node gnuplot
+CVE-2021-29368
+ RESERVED
+CVE-2021-29367 (A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29366 (A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irf ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29365 (Irfanview 4.57 is affected by an infinite loop when processing a craft ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29364 (A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanvi ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29363 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanvie ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29362 (A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanvie ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29361 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfa ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29360 (A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfa ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29359
+ RESERVED
+CVE-2021-29358 (A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview ...)
+ NOT-FOR-US: Irfanview
+CVE-2021-29357 (The ECT Provider component in OutSystems Platform Server 10 before 10. ...)
+ NOT-FOR-US: OutSystems Platform Server
+CVE-2021-29356
+ RESERVED
+CVE-2021-29355
+ RESERVED
+CVE-2021-29354
+ RESERVED
+CVE-2021-29353
+ RESERVED
+CVE-2021-29352
+ RESERVED
+CVE-2021-29351
+ RESERVED
+CVE-2021-29350 (SQL injection in the getip function in conn/function.php in &#21457;&# ...)
+ NOT-FOR-US: Online video course
+CVE-2021-29349 (Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that all ...)
+ - mahara <removed>
+CVE-2021-29348
+ RESERVED
+CVE-2021-29347
+ RESERVED
+CVE-2021-29346
+ RESERVED
+CVE-2021-29345
+ RESERVED
+CVE-2021-29344
+ RESERVED
+CVE-2021-29343 (Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" p ...)
+ NOT-FOR-US: Ovidentia CMS
+CVE-2021-29342
+ RESERVED
+CVE-2021-29341
+ RESERVED
+CVE-2021-29340
+ RESERVED
+CVE-2021-29339
+ RESERVED
+CVE-2021-29338 (Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash t ...)
+ - openjpeg2 2.4.0-4 (bug #987276)
+ [bullseye] - openjpeg2 <no-dsa> (Minor issue)
+ [buster] - openjpeg2 <no-dsa> (Minor issue)
+ [stretch] - openjpeg2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/uclouvain/openjpeg/issues/1338
+CVE-2021-29337 (MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users ...)
+ NOT-FOR-US: MSI
+CVE-2021-29336
+ RESERVED
+CVE-2021-29335
+ RESERVED
+CVE-2021-29334
+ RESERVED
+CVE-2021-29333
+ RESERVED
+CVE-2021-29332
+ RESERVED
+CVE-2021-29331
+ RESERVED
+CVE-2021-29330
+ RESERVED
+CVE-2021-29329 (OpenSource Moddable v10.5.0 was discovered to contain a stack overflow ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29328 (OpenSource Moddable v10.5.0 was discovered to contain buffer over-read ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29327 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29326 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29325 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29324 (OpenSource Moddable v10.5.0 was discovered to contain a stack overflow ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29323 (OpenSource Moddable v10.5.0 was discovered to contain a heap buffer ov ...)
+ NOT-FOR-US: OpenSource Moddable
+CVE-2021-29322
+ RESERVED
+CVE-2021-29321
+ RESERVED
+CVE-2021-29320
+ RESERVED
+CVE-2021-29319
+ RESERVED
+CVE-2021-29318
+ RESERVED
+CVE-2021-29317
+ RESERVED
+CVE-2021-29316
+ RESERVED
+CVE-2021-29315
+ RESERVED
+CVE-2021-29314
+ RESERVED
+CVE-2021-29313 (Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the ...)
+ NOT-FOR-US: SeaCMS
+CVE-2021-29312
+ RESERVED
+CVE-2021-29311
+ RESERVED
+CVE-2021-29310
+ RESERVED
+CVE-2021-29309
+ RESERVED
+CVE-2021-29308
+ RESERVED
+CVE-2021-29307
+ RESERVED
+CVE-2021-29306
+ RESERVED
+CVE-2021-29305
+ RESERVED
+CVE-2021-29304
+ RESERVED
+CVE-2021-29303
+ RESERVED
+CVE-2021-29302 (TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 &lt;= 2020.06 contains a ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-29301
+ RESERVED
+CVE-2021-29300 (The @ronomon/opened library before 1.5.2 is vulnerable to a command in ...)
+ NOT-FOR-US: @ronomon/opened
+CVE-2021-29299
+ RESERVED
+CVE-2021-29298 (Improper Input Validation in Emerson GE Automation Proficy Machine Edi ...)
+ NOT-FOR-US: Emerson GE Automation Proficy Machine Edition
+CVE-2021-29297 (Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 ...)
+ NOT-FOR-US: Emerson GE Automation Proficy Machine Edition
+CVE-2021-29296 (** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability ...)
+ NOT-FOR-US: D-Link
+CVE-2021-29295 (** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability ...)
+ NOT-FOR-US: D-Link
+CVE-2021-29294 (** UNSUPPORTED WHEN ASSIGNED ** Null Pointer Dereference vulnerability ...)
+ NOT-FOR-US: D-Link
+CVE-2021-29293
+ RESERVED
+CVE-2021-29292
+ RESERVED
+CVE-2021-29291
+ RESERVED
+CVE-2021-29290
+ RESERVED
+CVE-2021-29289
+ RESERVED
+CVE-2021-29288
+ RESERVED
+CVE-2021-29287
+ RESERVED
+CVE-2021-29286
+ RESERVED
+CVE-2021-29285
+ RESERVED
+CVE-2021-29284
+ RESERVED
+CVE-2021-29283
+ RESERVED
+CVE-2021-29282
+ RESERVED
+CVE-2021-29281
+ RESERVED
+CVE-2021-29280 (In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-29279 (There is a integer overflow in function filter_core/filter_props.c:gf_ ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987323)
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/gpac/gpac/commit/da69ad1f970a7e17c865eaec9af98cc84df10d5b
+ NOTE: https://github.com/gpac/gpac/issues/1718
+CVE-2021-29278
+ RESERVED
+CVE-2021-29277
+ RESERVED
+CVE-2021-29276
+ RESERVED
+CVE-2021-29275
+ RESERVED
+CVE-2021-29274 (Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mi ...)
+ - redmine <not-affected> (Vulnerable code introduced in 4.1.0)
+ NOTE: https://www.redmine.org/issues/33846
+CVE-2021-XXXX [first_boot: Use session to verify first boot welcome step]
+ - freedombox 21.4.2
+ - plinth <removed>
+ [buster] - plinth 19.1+deb10u2
+ [stretch] - plinth <no-dsa> (Minor issue)
+ NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/2074 (not yet public)
+ NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/f2005f56aa44d15c0fb82c5211c548a575961b03
+CVE-2021-29273
+ RESERVED
+CVE-2021-29272 (bluemonday before 1.0.5 allows XSS because certain Go lowercasing conv ...)
+ NOT-FOR-US: bluemonday
+CVE-2021-29271 (remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator ...)
+ NOT-FOR-US: remark42
+CVE-2021-29270
+ RESERVED
+CVE-2021-29269
+ RESERVED
+CVE-2021-29268
+ RESERVED
+CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XS ...)
+ NOT-FOR-US: SherlockIM
+CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...)
+ - linux 5.10.26-1 (unimportant)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/f6bbf0010ba004f5e90c7aefdebc0ee4bd3283b9
+CVE-2021-29265 (An issue was discovered in the Linux kernel before 5.11.7. usbip_sockf ...)
+ {DLA-2689-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/9380afd6df70e24eacbdbde33afc6a3950965d22
+CVE-2021-29264 (An issue was discovered in the Linux kernel through 5.11.10. drivers/n ...)
+ {DLA-2690-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/d8861bab48b6c1fc3cdbcab8ff9d1eaea43afe7f
+CVE-2021-29263 (In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible ...)
+ - intellij-idea <itp> (bug #747616)
+CVE-2021-3471
+ REJECTED
+CVE-2021-3470 (A heap overflow issue was found in Redis in versions before 5.0.10, be ...)
+ - redis 5:6.0.9-1 (unimportant)
+ NOTE: https://github.com/redis/redis/pull/7963
+ NOTE: https://github.com/redis/redis/commit/9824fe3e392caa04dc1b4071886e9ac402dd6d95
+ NOTE: Only an issue if not using a heap allocator other than jemalloc or glibc's malloc
+CVE-2021-3469 (Foreman versions before 2.3.4 and before 2.4.0 is affected by an impro ...)
+ - foreman <itp> (bug #663101)
+CVE-2021-3468 (A flaw was found in avahi in versions 0.6 up to 0.8. The event used to ...)
+ - avahi <unfixed> (bug #984938)
+ [bullseye] - avahi <no-dsa> (Minor issue)
+ [buster] - avahi <no-dsa> (Minor issue)
+ [stretch] - avahi <postponed> (Minor issue; can be fixed in next DLA)
+ NOTE: https://github.com/lathiat/avahi/pull/330
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939614#c3
+CVE-2021-29262 (When starting Apache Solr versions prior to 8.8.2, configured with the ...)
+ - lucene-solr <not-affected> (Vulnerable code not yet present)
+CVE-2021-29261 (The unofficial Svelte extension before 104.8.0 for Visual Studio Code ...)
+ NOT-FOR-US: vscode extension Svelte
+CVE-2021-29260
+ RESERVED
+CVE-2021-29259
+ RESERVED
+CVE-2021-29258 (An issue was discovered in Envoy 1.14.0. There is a remotely exploitab ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-29257
+ RESERVED
+CVE-2021-29256 (. The Arm Mali GPU kernel driver allows an unprivileged user to achiev ...)
+ NOT-FOR-US: Arm Mali GPU kernel driver
+CVE-2021-29255 (MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credent ...)
+ NOT-FOR-US: MicroSeven
+CVE-2021-29254
+ RESERVED
+CVE-2021-29253 (The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 ...)
+ NOT-FOR-US: RSA
+CVE-2021-29252 (RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerabi ...)
+ NOT-FOR-US: RSA
+CVE-2021-29251 (BTCPay Server before 1.0.7.1 mishandles the policy setting in which us ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29250 (BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripti ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29249 (BTCPay Server before 1.0.6.0, when the payment button is used, has a p ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29248 (BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29247 (BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29246 (BTCPay Server through 1.0.7.0 suffers from directory traversal, which ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29245 (BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseud ...)
+ NOT-FOR-US: BTCPay Server
+CVE-2021-29244
+ RESERVED
+CVE-2021-29243 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. ...)
+ NOT-FOR-US: Cloudera Manager
+CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper input vali ...)
+ NOT-FOR-US: CODESYS Control Runtime
+CVE-2021-29241 (CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that ...)
+ NOT-FOR-US: CODESYS Gateway 3
+CVE-2021-29240 (The Package Manager of CODESYS Development System 3 before 3.5.17.0 do ...)
+ NOT-FOR-US: Package Manager of CODESYS Development System 3
+CVE-2021-29239 (CODESYS Development System 3 before 3.5.17.0 displays or executes mali ...)
+ NOT-FOR-US: CODESYS Development System 3
+CVE-2021-29238 (CODESYS Automation Server before 1.16.0 allows cross-site request forg ...)
+ NOT-FOR-US: CODESYS Automation Server
+CVE-2021-29237
+ RESERVED
+CVE-2021-29236
+ RESERVED
+CVE-2021-29235
+ RESERVED
+CVE-2021-29234
+ RESERVED
+CVE-2021-29233
+ RESERVED
+CVE-2021-29232
+ RESERVED
+CVE-2021-29231
+ RESERVED
+CVE-2021-29230
+ RESERVED
+CVE-2021-29229
+ RESERVED
+CVE-2021-29228
+ RESERVED
+CVE-2021-29227
+ RESERVED
+CVE-2021-29226
+ RESERVED
+CVE-2021-29225
+ RESERVED
+CVE-2021-29224
+ RESERVED
+CVE-2021-29223
+ RESERVED
+CVE-2021-29222
+ RESERVED
+CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erlang/OT ...)
+ - erlang <not-affected> (Windows-specific)
+CVE-2021-29220
+ RESERVED
+CVE-2021-29219 (A potential local buffer overflow vulnerability has been identified in ...)
+ NOT-FOR-US: HPE
+CVE-2021-29218 (A local unquoted search path security vulnerability has been identifie ...)
+ NOT-FOR-US: HPE
+CVE-2021-29217
+ RESERVED
+CVE-2021-29216
+ RESERVED
+CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...)
+ NOT-FOR-US: HPE
+CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...)
+ NOT-FOR-US: HPE
+CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...)
+ NOT-FOR-US: HPE
+CVE-2021-29212 (A remote unauthenticated directory traversal security vulnerability ha ...)
+ NOT-FOR-US: HPE
+CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ NOT-FOR-US: HPE
+CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
+ NOT-FOR-US: HPE
+CVE-2021-29209 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
+ NOT-FOR-US: HPE
+CVE-2021-29208 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
+ NOT-FOR-US: HPE
+CVE-2021-29207 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ NOT-FOR-US: HPE
+CVE-2021-29206 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ NOT-FOR-US: HPE
+CVE-2021-29205 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ NOT-FOR-US: HPE
+CVE-2021-29204 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ NOT-FOR-US: HPE
+CVE-2021-29203 (A security vulnerability has been identified in the HPE Edgeline Infra ...)
+ NOT-FOR-US: HPE
+CVE-2021-29202 (A local buffer overflow vulnerability was discovered in HPE Integrated ...)
+ NOT-FOR-US: HPE
+CVE-2021-29201 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
+ NOT-FOR-US: HPE
+CVE-2021-29200 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version An u ...)
+ NOT-FOR-US: Apache OFBiz
+CVE-2021-29199
+ RESERVED
+CVE-2021-29198
+ RESERVED
+CVE-2021-29197
+ RESERVED
+CVE-2021-29196
+ RESERVED
+CVE-2021-29195
+ RESERVED
+CVE-2021-29194
+ RESERVED
+CVE-2021-29193
+ RESERVED
+CVE-2021-29192
+ RESERVED
+CVE-2021-29191
+ RESERVED
+CVE-2021-29190
+ RESERVED
+CVE-2021-29189
+ RESERVED
+CVE-2021-29188
+ RESERVED
+CVE-2021-29187
+ RESERVED
+CVE-2021-29186
+ RESERVED
+CVE-2021-29185
+ RESERVED
+CVE-2021-29184
+ RESERVED
+CVE-2021-29183
+ RESERVED
+CVE-2021-29182
+ RESERVED
+CVE-2021-29181
+ RESERVED
+CVE-2021-29180
+ RESERVED
+CVE-2021-29179
+ RESERVED
+CVE-2021-29178
+ RESERVED
+CVE-2021-29177
+ RESERVED
+CVE-2021-29176
+ RESERVED
+CVE-2021-29175
+ RESERVED
+CVE-2021-29174
+ RESERVED
+CVE-2021-29173
+ RESERVED
+CVE-2021-29172
+ RESERVED
+CVE-2021-29171
+ RESERVED
+CVE-2021-29170
+ RESERVED
+CVE-2021-29169
+ RESERVED
+CVE-2021-29168
+ RESERVED
+CVE-2021-29167
+ RESERVED
+CVE-2021-29166
+ RESERVED
+CVE-2021-29165
+ RESERVED
+CVE-2021-29164
+ RESERVED
+CVE-2021-29163
+ RESERVED
+CVE-2021-29162
+ RESERVED
+CVE-2021-29161
+ RESERVED
+CVE-2021-29160
+ RESERVED
+CVE-2021-29159 (A cross-site scripting (XSS) vulnerability has been discovered in Nexu ...)
+ NOT-FOR-US: Nexus Repository Manager
+CVE-2021-29158 (Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager
+CVE-2021-29157 (Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with acce ...)
+ - dovecot 1:2.3.13+dfsg1-2 (bug #990566)
+ [buster] - dovecot <not-affected> (Vulnerable code introduced later)
+ [stretch] - dovecot <not-affected> (Vulnerable code introduced later)
+ NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html
+ NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/1
+CVE-2021-29156 (ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger ...)
+ NOT-FOR-US: ForgeRock OpenAM
+CVE-2021-29155 (An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf ...)
+ {DLA-2690-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux <not-affected> (Vulnerability introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/4
+ NOTE: Fixes need to be made complete for older series to not open CVE-2021-33200,
+ NOTE: cf. https://lore.kernel.org/stable/215e98bf-21c7-0074-129d-49a51526418b@iogearbox.net/
+CVE-2021-29154 (BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect c ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/08/1
+CVE-2021-3467 (A NULL pointer dereference flaw was found in the way Jasper versions b ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/268
+ NOTE: https://github.com/jasper-software/jasper/commit/c4144a6fdb2660794136d1daaa80682ee40b138b
+CVE-2021-3466 (A flaw was found in libmicrohttpd. A missing bounds check in the post_ ...)
+ - libmicrohttpd 0.9.71-1
+ [buster] - libmicrohttpd <not-affected> (Vulnerable code introduced later)
+ [stretch] - libmicrohttpd <not-affected> (Vulnerable code introduced later)
+ NOTE: Patch: https://git.gnunet.org/libmicrohttpd.git/commit/?id=a110ae6276660bee3caab30e9ff3f12f85cf3241
+ NOTE: Introduced in https://git.gnunet.org/libmicrohttpd.git/commit/?id=55f715e15e3ce66babc939b5a670bee02d4d9571
+CVE-2021-3465
+ REJECTED
+CVE-2021-29153
+ RESERVED
+CVE-2021-29152 (A remote denial of service (DoS) vulnerability was discovered in Aruba ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29151 (A remote authentication bypass vulnerability was discovered in Aruba C ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29150 (A remote insecure deserialization vulnerability was discovered in Arub ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29149 (A local bypass security restrictions vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29148 (A local cross-site scripting (XSS) vulnerability was discovered in Aru ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29147 (A remote arbitrary command execution vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29146 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29145 (A remote server side request forgery (SSRF) remote code execution vuln ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29144 (A remote disclosure of sensitive information vulnerability was discove ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29143 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29142 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29141 (A remote disclosure of sensitive information vulnerability was discove ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29140 (A remote XML external entity (XXE) vulnerability was discovered in Aru ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29139 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29138 (A remote disclosure of privileged information vulnerability was discov ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29137 (A remote URL redirection vulnerability was discovered in Aruba AirWave ...)
+ NOT-FOR-US: Aruba
+CVE-2021-29136 (Open Container Initiative umoci before 0.4.7 allows attackers to overw ...)
+ - umoci 0.4.7+ds-1
+ [buster] - umoci <no-dsa> (Minor issue)
+ NOTE: https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v
+ NOTE: https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57 (v0.4.7)
+CVE-2021-29135
+ RESERVED
+CVE-2021-3464 (A DLL search path vulnerability was reported in Lenovo PCManager, prio ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3463 (A null pointer dereference vulnerability in Lenovo Power Management Dr ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3462 (A privilege escalation vulnerability in Lenovo Power Management Driver ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-29134
+ RESERVED
+CVE-2021-29133 (Lack of verification in haserl, a component of Alpine Linux Configurat ...)
+ NOT-FOR-US: haserl (Alpine), different from src:haserl
+CVE-2021-29132
+ RESERVED
+CVE-2021-29131
+ RESERVED
+CVE-2021-29130
+ RESERVED
+CVE-2021-29129
+ RESERVED
+CVE-2021-29128
+ RESERVED
+CVE-2021-29127
+ RESERVED
+CVE-2021-29126
+ RESERVED
+CVE-2021-29125
+ RESERVED
+CVE-2021-29124
+ RESERVED
+CVE-2021-29123
+ RESERVED
+CVE-2021-29122
+ RESERVED
+CVE-2021-29121
+ RESERVED
+CVE-2021-29120
+ RESERVED
+CVE-2021-29119
+ RESERVED
+CVE-2021-29118
+ RESERVED
+CVE-2021-29117
+ RESERVED
+CVE-2021-29116 (A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Serve ...)
+ NOT-FOR-US: Esri ArcGIS Server
+CVE-2021-29115 (An information disclosure vulnerability in the ArcGIS Service Director ...)
+ NOT-FOR-US: Esri ArcGIS
+CVE-2021-29114 (A SQL injection vulnerability in feature services provided by Esri Arc ...)
+ NOT-FOR-US: Esri ArcGIS
+CVE-2021-29113 (A remote file inclusion vulnerability in the ArcGIS Server help docume ...)
+ NOT-FOR-US: ArcGIS Server
+CVE-2021-29112
+ RESERVED
+CVE-2021-29111
+ RESERVED
+CVE-2021-29110 (Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may ...)
+ NOT-FOR-US: Esri
+CVE-2021-29109 (A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 a ...)
+ NOT-FOR-US: Esri
+CVE-2021-29108 (There is an privilege escalation vulnerability in organization-specifi ...)
+ NOT-FOR-US: Esri
+CVE-2021-29107 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...)
+ NOT-FOR-US: ArcGIS Server Manager
+CVE-2021-29106 (A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Se ...)
+ NOT-FOR-US: ArcGIS Server
+CVE-2021-29105 (A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Serve ...)
+ NOT-FOR-US: ArcGIS Server Services Directory
+CVE-2021-29104 (A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Man ...)
+ NOT-FOR-US: ArcGIS Server Manager
+CVE-2021-29103 (A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server ...)
+ NOT-FOR-US: ArcGIS Server
+CVE-2021-29102 (A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Ma ...)
+ NOT-FOR-US: ArcGIS Server Manager
+CVE-2021-29101 (ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only direc ...)
+ NOT-FOR-US: ArcGIS GeoEvent Server
+CVE-2021-29100 (A path traversal vulnerability exists in Esri ArcGIS Earth versions 1. ...)
+ NOT-FOR-US: Esri
+CVE-2021-29099 (A SQL injection vulnerability exists in some configurations of ArcGIS ...)
+ NOT-FOR-US: Esri
+CVE-2021-29098 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...)
+ NOT-FOR-US: Esri (various ArcGIS products)
+CVE-2021-29097 (Multiple buffer overflow vulnerabilities when parsing a specially craf ...)
+ NOT-FOR-US: Esri (various ArcGIS products)
+CVE-2021-29096 (A use-after-free vulnerability when parsing a specially crafted file i ...)
+ NOT-FOR-US: Esri (various ArcGIS products)
+CVE-2021-29095 (Multiple uninitialized pointer vulnerabilities when parsing a speciall ...)
+ NOT-FOR-US: Esri (various ArcGIS products)
+CVE-2021-29094 (Multiple buffer overflow vulnerabilities when parsing a specially craf ...)
+ NOT-FOR-US: Esri (various ArcGIS products)
+CVE-2021-29093 (A use-after-free vulnerability when parsing a specially crafted file i ...)
+ NOT-FOR-US: Esri (various ArcGIS products)
+CVE-2021-3461
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2021-29092 (Unrestricted upload of file with dangerous type vulnerability in file ...)
+ NOT-FOR-US: Synology
+CVE-2021-29091 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ NOT-FOR-US: Synology
+CVE-2021-29090 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-29089 (Improper neutralization of special elements used in an SQL command ('S ...)
+ NOT-FOR-US: Synology
+CVE-2021-29088 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ NOT-FOR-US: Synology
+CVE-2021-29087 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ NOT-FOR-US: Synology
+CVE-2021-29086 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ NOT-FOR-US: Synology
+CVE-2021-29085 (Improper neutralization of special elements in output used by a downst ...)
+ NOT-FOR-US: Synology
+CVE-2021-29084 (Improper neutralization of special elements in output used by a downst ...)
+ NOT-FOR-US: Synology
+CVE-2021-29083 (Improper neutralization of special elements used in an OS command in S ...)
+ NOT-FOR-US: Synology
+CVE-2021-3460 (The Motorola MH702x devices, prior to version 2.0.0.301, do not proper ...)
+ NOT-FOR-US: Motorola MH702x devices
+CVE-2021-3459 (A privilege escalation vulnerability was reported in the MM1000 device ...)
+ NOT-FOR-US: MM1000 device
+CVE-2021-3458 (The Motorola MM1000 device configuration portal can be accessed withou ...)
+ NOT-FOR-US: Motorola MM1000 device configuration portal
+CVE-2021-29082 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29081 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29080 (Certain NETGEAR devices are affected by password reset by an unauthent ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29079 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29078 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29077 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29076 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29075 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29074 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29073 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29072 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29071 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29070 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29069 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29068 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29067 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29066 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29065 (NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication ...)
+ NOT-FOR-US: NETGEAR
+CVE-2021-29064
+ RESERVED
+CVE-2021-29063 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ - mpmath 1.2.1-2 (bug #990576)
+ [bullseye] - mpmath <no-dsa> (Minor issue)
+ [buster] - mpmath <no-dsa> (Minor issue)
+ [stretch] - mpmath <no-dsa> (Minor issue)
+ NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29063/Mpmath.md
+ NOTE: https://github.com/fredrik-johansson/mpmath/issues/548
+ NOTE: https://github.com/fredrik-johansson/mpmath/commit/c811b37c65a4372a7ce613111d2a508c204f9833
+ NOTE: https://github.com/fredrik-johansson/mpmath/commit/2865c7d12b2a077d420427ad187eca831a48bff4
+CVE-2021-29062
+ RESERVED
+CVE-2021-29061 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ NOT-FOR-US: Vfsjfilechooser2
+CVE-2021-29060 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...)
+ - node-color-string 1.5.4-2
+ [buster] - node-color-string <no-dsa> (Minor issue)
+ NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md
+ NOTE: https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3
+CVE-2021-29059 (A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and be ...)
+ NOT-FOR-US: Node is-svg
+CVE-2021-29058
+ RESERVED
+CVE-2021-29057
+ RESERVED
+CVE-2021-29056 (Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via ...)
+ NOT-FOR-US: Pixelimity
+CVE-2021-29055
+ RESERVED
+CVE-2021-29054 (Certain Papoo products are affected by: Cross Site Request Forgery (CS ...)
+ NOT-FOR-US: Papoo
+CVE-2021-29053 (Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Lif ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29052 (The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Life ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29051 (Cross-site scripting (XSS) vulnerability in the Asset module's Asset P ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29050
+ RESERVED
+CVE-2021-29049 (Cross-site scripting (XSS) vulnerability in the Portal Workflow module ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29048 (Cross-site scripting (XSS) vulnerability in the Layout module's page a ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29047 (The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Li ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29046 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29045 (Cross-site scripting (XSS) vulnerability in the Redirect module's redi ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29044 (Cross-site scripting (XSS) vulnerability in the Site module's membersh ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29043 (The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Lif ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29042
+ RESERVED
+CVE-2021-29041 (Denial-of-service (DoS) vulnerability in the Multi-Factor Authenticati ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29040 (The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29039 (Cross-site scripting (XSS) vulnerability in the Asset module's categor ...)
+ NOT-FOR-US: Liferay
+CVE-2021-29038
+ RESERVED
+CVE-2021-29037
+ RESERVED
+CVE-2021-29036
+ RESERVED
+CVE-2021-29035
+ RESERVED
+CVE-2021-29034
+ RESERVED
+CVE-2021-29033 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29032 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29031 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29030 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29029 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29028 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29027 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29026 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29025 (A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 ...)
+ NOT-FOR-US: Bitweaver
+CVE-2021-29024 (In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticat ...)
+ NOT-FOR-US: InvoicePlane
+CVE-2021-29023 (InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset ...)
+ NOT-FOR-US: InvoicePlane
+CVE-2021-29022 (In InvoicePlane 1.5.11, the upload feature discloses the full path of ...)
+ NOT-FOR-US: InvoicePlane
+CVE-2021-29021
+ RESERVED
+CVE-2021-29020
+ RESERVED
+CVE-2021-29019
+ RESERVED
+CVE-2021-29018
+ RESERVED
+CVE-2021-29017
+ RESERVED
+CVE-2021-29016
+ RESERVED
+CVE-2021-29015
+ RESERVED
+CVE-2021-29014
+ RESERVED
+CVE-2021-29013
+ RESERVED
+CVE-2021-29012 (DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to ev ...)
+ NOT-FOR-US: DMA Softlab Radius Manager
+CVE-2021-29011 (DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting ( ...)
+ NOT-FOR-US: DMA Softlab Radius Manager
+CVE-2021-29010 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...)
+ NOT-FOR-US: SEO Panel
+CVE-2021-29009 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...)
+ NOT-FOR-US: SEO Panel
+CVE-2021-29008 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote at ...)
+ NOT-FOR-US: SEO Panel
+CVE-2021-29007
+ RESERVED
+CVE-2021-29006 (rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An ...)
+ NOT-FOR-US: rConfig
+CVE-2021-29005 (Insecure permission of chmod command on rConfig server 3.9.6 exists. A ...)
+ NOT-FOR-US: rConfig
+CVE-2021-29004 (rConfig 3.9.6 is affected by SQL Injection. A user must be authenticat ...)
+ NOT-FOR-US: rConfig
+CVE-2021-29003 (Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers ...)
+ NOT-FOR-US: Genexis devices
+CVE-2021-29002 (A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 e ...)
+ NOT-FOR-US: Plone
+CVE-2021-29001
+ RESERVED
+CVE-2021-29000
+ RESERVED
+CVE-2021-28999
+ RESERVED
+CVE-2021-28998
+ RESERVED
+CVE-2021-28997
+ RESERVED
+CVE-2021-28996
+ RESERVED
+CVE-2021-28995
+ RESERVED
+CVE-2021-28994 (kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8. ...)
+ - kopanocore <unfixed> (bug #986272)
+ [buster] - kopanocore <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/6
+CVE-2021-28993 (Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is ...)
+ NOT-FOR-US: Plixer Scrutinizer
+CVE-2021-28992
+ RESERVED
+CVE-2021-28991
+ RESERVED
+CVE-2021-28990
+ RESERVED
+CVE-2021-28989
+ RESERVED
+CVE-2021-28988
+ RESERVED
+CVE-2021-28987
+ RESERVED
+CVE-2021-28986
+ RESERVED
+CVE-2021-28985
+ RESERVED
+CVE-2021-28984
+ RESERVED
+CVE-2021-28983
+ RESERVED
+CVE-2021-28982
+ RESERVED
+CVE-2021-28981
+ RESERVED
+CVE-2021-28980
+ RESERVED
+CVE-2021-28979 (SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP resp ...)
+ NOT-FOR-US: SafeNet KeySecure Management Console
+CVE-2021-28978
+ RESERVED
+CVE-2021-28977 (Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upl ...)
+ NOT-FOR-US: GetSimpleCMS
+CVE-2021-28976 (Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in a ...)
+ NOT-FOR-US: GetSimpleCMS
+CVE-2021-3457 (An improper authorization handling flaw was found in Foreman. The Shel ...)
+ - foreman <itp> (bug #663101)
+CVE-2021-3456
+ RESERVED
+ - foreman <itp> (bug #663101)
+CVE-2021-28975 (WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's de ...)
+ NOT-FOR-US: WP Mailster
+CVE-2021-28974
+ RESERVED
+CVE-2021-28973 (The XML Import functionality of the Administration console in Perforce ...)
+ NOT-FOR-US: Helix ALM
+CVE-2021-28970 (eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices ...)
+ NOT-FOR-US: Central Management of FireEye EX 3500 devices
+CVE-2021-28969 (eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticat ...)
+ NOT-FOR-US: Central Management of FireEye EX 3500 devices
+CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in ...)
+ NOT-FOR-US: PunBB
+CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio Code al ...)
+ NOT-FOR-US: MATLAB extenstion for vscode
+CVE-2021-28966 (In Ruby through 3.0 on Windows, a remote attacker can submit a crafted ...)
+ - ruby2.7 <not-affected> (Windows-specific)
+ NOTE: https://hackerone.com/reports/1131465
+CVE-2021-28965 (The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, a ...)
+ {DSA-5066-1}
+ - ruby2.7 2.7.3-1 (bug #986807)
+ - ruby2.5 <removed>
+ - ruby2.3 <removed>
+ [stretch] - ruby2.3 <postponed> (Minor issue; can be fixed in next update)
+ [experimental] - ruby-rexml 3.2.5-1
+ - ruby-rexml <removed> (bug #986806)
+ NOTE: https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
+CVE-2021-28972 (In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5. ...)
+ {DLA-2690-1}
+ - linux 5.10.26-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux <ignored> (Driver is specific to IBM Power systems)
+ NOTE: https://git.kernel.org/linus/cc7a0bb058b85ea03db87169c60c7cfdd5d34678
+CVE-2021-28971 (In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.26-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/d88d05a9e0b6d9356e97129d4ff9942d765f46ea
+CVE-2021-28964 (A race condition was discovered in get_old_root in fs/btrfs/ctree.c in ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.26-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/dbcc7d57bffc0c8cac9dac11bec548597d59a6a5
+CVE-2021-28962 (Stormshield Network Security (SNS) before 4.2.2 allows a read-only adm ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-28961 (applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDN ...)
+ NOT-FOR-US: DDNS package for OpenWrt
+CVE-2021-28960 (Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthe ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-28959 (Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to una ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-28958 (Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to una ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-28956 (** UNSUPPORTED WHEN ASSIGNED ** The unofficial vscode-sass-lint (aka S ...)
+ NOT-FOR-US: vscode-sass-lint
+CVE-2021-28955 (git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will ...)
+ NOT-FOR-US: git-bug
+CVE-2021-28954 (In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary ...)
+ NOT-FOR-US: Chris Walz bit
+CVE-2021-28953 (The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual S ...)
+ NOT-FOR-US: unofficial C/C++ Advanced Lint extension for Visual Studio Code
+CVE-2021-3455 (Disconnecting L2CAP channel right after invalid ATT request leads free ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3454 (Truncated L2CAP K-frame causes assertion failure. Zephyr versions &gt; ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3453 (Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS m ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3452 (A potential vulnerability in the system shutdown SMI callback function ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3451 (A denial of service vulnerability was reported in Lenovo PCManager, pr ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3450 (The X509_V_FLAG_X509_STRICT flag enables additional security checks of ...)
+ - openssl 1.1.1k-1
+ [buster] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h)
+ [stretch] - openssl <not-affected> (Vulnerable code introduced in 1.1.1h)
+ - openssl1.0 <not-affected> (Vulnerable code introduced in 1.1.1h)
+ NOTE: https://www.openssl.org/news/secadv/20210325.txt
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b
+CVE-2021-28957 (An XSS vulnerability was discovered in python-lxml's clean module vers ...)
+ {DSA-4880-1 DLA-2606-1}
+ - lxml 4.6.3-1 (bug #985643)
+ NOTE: https://bugs.launchpad.net/lxml/+bug/1888153
+ NOTE: https://github.com/lxml/lxml/pull/316
+ NOTE: https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d
+CVE-2021-28952 (An issue was discovered in the Linux kernel through 5.11.8. The sound/ ...)
+ - linux 5.10.26-1 (unimportant)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/1c668e1c0a0f74472469cd514f40c9012b324c31
+CVE-2021-28951 (An issue was discovered in fs/io_uring.c in the Linux kernel through 5 ...)
+ - linux 5.10.26-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/3ebba796fa251d042be42b929a2d916ee5c34a49
+CVE-2021-28950 (An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before ...)
+ {DLA-2689-1}
+ - linux 5.10.24-1
+ NOTE: https://git.kernel.org/linus/775c5033a0d164622d9d10dd0f0a5531639ed3ed
+CVE-2021-28949
+ RESERVED
+CVE-2021-28948
+ RESERVED
+CVE-2021-28947
+ RESERVED
+CVE-2021-28946
+ RESERVED
+CVE-2021-28945
+ RESERVED
+CVE-2021-28944
+ RESERVED
+CVE-2021-28943
+ RESERVED
+CVE-2021-28942
+ RESERVED
+CVE-2021-28941 (Because of no validation on a curl command in MagpieRSS 0.72 in the /e ...)
+ NOT-FOR-US: MagpieRSS
+CVE-2021-28940 (Because of a incorrect escaped exec command in MagpieRSS in 0.72 in th ...)
+ NOT-FOR-US: MagpieRSS
+CVE-2021-28939
+ RESERVED
+CVE-2021-28938 (Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2- ...)
+ NOT-FOR-US: Siren Federate
+CVE-2021-28937 (The /password.html page of the Web management interface of the Acexy W ...)
+ NOT-FOR-US: Acexy Wireless-N WiFi Repeater
+CVE-2021-28936 (The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management ...)
+ NOT-FOR-US: Acexy Wireless-N WiFi Repeater
+CVE-2021-28935 (CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin ...)
+ NOT-FOR-US: CMS Made Simple (CMSMS)
+CVE-2021-28934
+ RESERVED
+CVE-2021-28933
+ RESERVED
+CVE-2021-28932
+ RESERVED
+CVE-2021-28931 (Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers ...)
+ NOT-FOR-US: Fork CMS
+CVE-2021-28930
+ RESERVED
+CVE-2021-28929
+ RESERVED
+CVE-2021-28928
+ RESERVED
+CVE-2021-28927 (The text-to-speech engine in libretro RetroArch for Windows 1.9.0 pass ...)
+ - retroarch <not-affected> (Windows-specific)
+CVE-2021-28926
+ RESERVED
+CVE-2021-28925 (SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 vi ...)
+ NOT-FOR-US: Nagios Network Analyzer
+CVE-2021-28924 (Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the ...)
+ NOT-FOR-US: Nagios Network Analyzer
+CVE-2021-28923
+ RESERVED
+CVE-2021-28922
+ RESERVED
+CVE-2021-28921
+ RESERVED
+CVE-2021-28920
+ RESERVED
+CVE-2021-28919
+ RESERVED
+CVE-2021-28918 (Improper input validation of octal strings in netmask npm package v1.0 ...)
+ NOT-FOR-US: netmask nodejs module
+ NOTE: https://sick.codes/sick-2021-011
+ NOTE: https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/
+CVE-2021-28917
+ RESERVED
+CVE-2021-28916
+ RESERVED
+CVE-2021-28915
+ RESERVED
+CVE-2021-28914 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2021-28913 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2021-28912 (BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard c ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2021-28911 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2021-28910 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSR ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2021-28909 (BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthentica ...)
+ NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort
+CVE-2021-28908
+ RESERVED
+CVE-2021-28907
+ RESERVED
+CVE-2021-28906 (In function read_yin_leaf() in libyang &lt;= v1.0.225, it doesn't chec ...)
+ - libyang <unfixed> (bug #989060)
+ [bullseye] - libyang <no-dsa> (Minor issue)
+ [buster] - libyang <no-dsa> (Minor issue)
+ NOTE: https://github.com/CESNET/libyang/issues/1455
+CVE-2021-28905 (In function lys_node_free() in libyang &lt;= v1.0.225, it asserts that ...)
+ - libyang <unfixed> (bug #989060)
+ [bullseye] - libyang <no-dsa> (Minor issue)
+ [buster] - libyang <no-dsa> (Minor issue)
+ NOTE: https://github.com/CESNET/libyang/issues/1452
+CVE-2021-28904 (In function ext_get_plugin() in libyang &lt;= v1.0.225, it doesn't che ...)
+ - libyang <unfixed> (bug #989060)
+ [bullseye] - libyang <no-dsa> (Minor issue)
+ [buster] - libyang <no-dsa> (Minor issue)
+ NOTE: https://github.com/CESNET/libyang/issues/1451
+CVE-2021-28903 (A stack overflow in libyang &lt;= v1.0.225 can cause a denial of servi ...)
+ - libyang <unfixed> (bug #989060)
+ [bullseye] - libyang <no-dsa> (Minor issue)
+ [buster] - libyang <no-dsa> (Minor issue)
+ NOTE: https://github.com/CESNET/libyang/issues/1453
+CVE-2021-28902 (In function read_yin_container() in libyang &lt;= v1.0.225, it doesn't ...)
+ - libyang <unfixed> (bug #989060)
+ [bullseye] - libyang <no-dsa> (Minor issue)
+ [buster] - libyang <no-dsa> (Minor issue)
+ NOTE: https://github.com/CESNET/libyang/issues/1454
+CVE-2021-28901 (Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Soft ...)
+ NOT-FOR-US: Sita Software Azur CMS.
+CVE-2021-28900
+ RESERVED
+CVE-2021-28899 (Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileS ...)
+ - liblivemedia <removed>
+ [buster] - liblivemedia <no-dsa> (Minor issue)
+ [stretch] - liblivemedia <no-dsa> (Minor issue)
+ NOTE: http://lists.live555.com/pipermail/live-devel/2021-March/021891.html
+CVE-2021-28898
+ RESERVED
+CVE-2021-28897
+ RESERVED
+CVE-2021-28896
+ RESERVED
+CVE-2021-28895
+ RESERVED
+CVE-2021-28894
+ RESERVED
+CVE-2021-28893
+ RESERVED
+CVE-2021-28892
+ RESERVED
+CVE-2021-28891
+ RESERVED
+CVE-2021-28890 (J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via th ...)
+ NOT-FOR-US: J2eeFAST
+CVE-2021-28889
+ RESERVED
+CVE-2021-28888
+ RESERVED
+CVE-2021-28887
+ RESERVED
+CVE-2021-28886
+ RESERVED
+CVE-2021-28885
+ RESERVED
+CVE-2021-28884
+ RESERVED
+CVE-2021-28883
+ RESERVED
+CVE-2021-28882
+ RESERVED
+CVE-2021-28881
+ RESERVED
+CVE-2021-28880
+ RESERVED
+CVE-2021-28879 (In the standard library in Rust before 1.52.0, the Zip implementation ...)
+ - rustc 1.53.0+dfsg1-1 (bug #986803)
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/82282
+ NOTE: https://github.com/rust-lang/rust/pull/82289
+CVE-2021-28878 (In the standard library in Rust before 1.52.0, the Zip implementation ...)
+ - rustc 1.53.0+dfsg1-1 (bug #986803)
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/82291
+ NOTE: https://github.com/rust-lang/rust/pull/82292
+CVE-2021-28877 (In the standard library in Rust before 1.51.0, the Zip implementation ...)
+ - rustc 1.53.0+dfsg1-1 (bug #986803)
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/pull/80670
+CVE-2021-28876 (In the standard library in Rust before 1.52.0, the Zip implementation ...)
+ - rustc 1.53.0+dfsg1-1 (bug #986803)
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/81740
+ NOTE: https://github.com/rust-lang/rust/pull/81741
+CVE-2021-28875 (In the standard library in Rust before 1.50.0, read_to_end() does not ...)
+ - rustc 1.53.0+dfsg1-1 (bug #986803)
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/rust/issues/80894
+ NOTE: https://github.com/rust-lang/rust/pull/80895
+CVE-2021-28874 (SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contai ...)
+ NOT-FOR-US: SerenityOS
+CVE-2021-28873
+ RESERVED
+CVE-2021-28872
+ RESERVED
+CVE-2021-28871
+ RESERVED
+CVE-2021-28870
+ RESERVED
+CVE-2021-28869
+ RESERVED
+CVE-2021-28868
+ RESERVED
+CVE-2021-28867
+ RESERVED
+CVE-2021-28866
+ RESERVED
+CVE-2021-28865
+ RESERVED
+CVE-2021-28864
+ RESERVED
+CVE-2021-28863
+ RESERVED
+CVE-2021-28862
+ RESERVED
+CVE-2021-28861
+ RESERVED
+CVE-2021-28860 (In Node.js mixme, prior to v0.5.1, an attacker can add or alter proper ...)
+ NOT-FOR-US: Node mixme
+CVE-2021-28859
+ RESERVED
+CVE-2021-28858 (TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL b ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-28857 (TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and passw ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-28856 (In Deark before v1.5.8, a specially crafted input file can cause a div ...)
+ NOT-FOR-US: Deark
+CVE-2021-28855 (In Deark before 1.5.8, a specially crafted input file can cause a NULL ...)
+ NOT-FOR-US: Deark
+CVE-2021-28854
+ RESERVED
+CVE-2021-28853
+ RESERVED
+CVE-2021-28852
+ RESERVED
+CVE-2021-28851
+ RESERVED
+CVE-2021-28850
+ RESERVED
+CVE-2021-28849
+ RESERVED
+CVE-2021-28848 (Mintty before 3.4.5 allows remote servers to cause a denial of service ...)
+ NOT-FOR-US: Mintty
+CVE-2021-28847 (MobaXterm before 21.0 allows remote servers to cause a denial of servi ...)
+ NOT-FOR-US: MobaXterm
+CVE-2021-28846 (A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-28845 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-28844 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-28843 (Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1. ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-28842 (Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11 ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-28841 (Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, ...)
+ NOT-FOR-US: TRENDnet
+CVE-2021-28840 (Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07. ...)
+ NOT-FOR-US: D-Link
+CVE-2021-28839 (Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07. ...)
+ NOT-FOR-US: D-Link
+CVE-2021-28838 (Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, D ...)
+ NOT-FOR-US: D-Link
+CVE-2021-28837
+ RESERVED
+CVE-2021-28836
+ RESERVED
+CVE-2021-28835
+ RESERVED
+CVE-2021-28834 (Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge: ...)
+ {DSA-4890-1}
+ - ruby-kramdown 2.3.0-5 (bug #985569)
+ [stretch] - ruby-kramdown <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/gettalong/kramdown/pull/708
+ NOTE: Fixed by: https://github.com/gettalong/kramdown/commit/d6a1cbcb2caa2f8a70927f176070d126b2422760
+ NOTE: Introduced by https://github.com/gettalong/kramdown/commit/ff0218aefcf00cd5a389e17e075d36cd46d011e2 (v1.16)
+CVE-2021-28833 (Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist ...)
+ NOT-FOR-US: Increments Qiita::Markdown
+CVE-2021-28832 (VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via ...)
+ NOT-FOR-US: VSCodeVim
+CVE-2021-28831 (decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit ...)
+ {DLA-2614-1}
+ - busybox <unfixed> (bug #985674)
+ [bullseye] - busybox <no-dsa> (Minor issue)
+ [buster] - busybox <no-dsa> (Minor issue)
+ NOTE: https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
+CVE-2021-27851 (A security vulnerability that can lead to local privilege escalation h ...)
+ - guix 1.2.0-4 (bug #985467; unimportant)
+ NOTE: https://issues.guix.gnu.org/47229
+ NOTE: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf
+ NOTE: https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/
+ NOTE: Neutralised by kernel hardening (fs.protected_hardlinks = 1)
+CVE-2021-28830 (The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R component ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28829 (The Administration GUI component of TIBCO Software Inc.'s TIBCO Admini ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28828 (The Administration GUI component of TIBCO Software Inc.'s TIBCO Admini ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28827 (The Administration GUI component of TIBCO Software Inc.'s TIBCO Admini ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28826 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Mess ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28825 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Mess ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28824 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Acti ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28823 (The Windows Installation component of TIBCO Software Inc.'s TIBCO eFTL ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28822 (The Enterprise Message Service Server (tibemsd), Enterprise Message Se ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28821 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Ente ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28820 (The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28819 (The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Rend ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-28816 (A stack buffer overflow vulnerability has been reported to affect QNAP ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28815 (Insecure storage of sensitive information has been reported to affect ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28814 (An improper access control vulnerability has been reported to affect Q ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28813 (A vulnerability involving insecure storage of sensitive information ha ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28812 (A command injection vulnerability has been reported to affect certain ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28811 (If exploited, this command injection vulnerability could allow remote ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28810 (If exploited, this vulnerability allows an attacker to access resource ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28809 (An improper access control vulnerability has been reported to affect c ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28808
+ RESERVED
+CVE-2021-28807 (A post-authentication reflected XSS vulnerability has been reported to ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28806 (A DOM-based XSS vulnerability has been reported to affect QNAP NAS run ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28805 (Inclusion of sensitive information in the source code has been reporte ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28804 (A command injection vulnerabilities have been reported to affect QTS a ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28803 (This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11. ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28802 (A command injection vulnerabilities have been reported to affect QTS a ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28801 (An out-of-bounds read vulnerability has been reported to affect certai ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28800 (A command injection vulnerability has been reported to affect QNAP NAS ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28799 (An improper authorization vulnerability has been reported to affect QN ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28798 (A relative path traversal vulnerability has been reported to affect QN ...)
+ NOT-FOR-US: QNAP
+CVE-2021-28797 (A stack-based buffer overflow vulnerability has been reported to affec ...)
+ NOT-FOR-US: QNAP NAS devices
+CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. ...)
+ NOT-FOR-US: Increments Qiita::Markdown
+CVE-2021-28795
+ RESERVED
+CVE-2021-28794 (The unofficial ShellCheck extension before 0.13.4 for Visual Studio Co ...)
+ NOT-FOR-US: ShellCheck extension for Visual Studio Code
+CVE-2021-28793 (vscode-restructuredtext before 146.0.0 contains an incorrect access co ...)
+ NOT-FOR-US: vscode-restructuredtext
+CVE-2021-28792 (The unofficial Swift Development Environment extension before 2.12.1 f ...)
+ NOT-FOR-US: Swift Development Environment extension for Visual Studio Code
+CVE-2021-28791 (The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Co ...)
+ NOT-FOR-US: SwiftFormat extension for Visual Studio Code
+CVE-2021-28790 (The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code ...)
+ NOT-FOR-US: SwiftLint extension for Visual Studio Code
+CVE-2021-28789 (The unofficial apple/swift-format extension before 1.1.2 for Visual St ...)
+ NOT-FOR-US: apple/swift-format extension for Visual Studio Code
+CVE-2021-28788
+ RESERVED
+CVE-2021-28787
+ RESERVED
+CVE-2021-28786
+ RESERVED
+CVE-2021-28785
+ RESERVED
+CVE-2021-28784
+ RESERVED
+CVE-2021-28783
+ RESERVED
+CVE-2021-28782
+ RESERVED
+CVE-2021-28781
+ RESERVED
+CVE-2021-28780
+ RESERVED
+CVE-2021-28779
+ RESERVED
+CVE-2021-28778
+ RESERVED
+CVE-2021-28777
+ RESERVED
+CVE-2021-28776
+ RESERVED
+CVE-2021-28775
+ RESERVED
+CVE-2021-28774
+ RESERVED
+CVE-2021-28773
+ RESERVED
+CVE-2021-28772
+ RESERVED
+CVE-2021-28771
+ RESERVED
+CVE-2021-28770
+ RESERVED
+CVE-2021-28769
+ RESERVED
+CVE-2021-28768
+ RESERVED
+CVE-2021-28767
+ RESERVED
+CVE-2021-28766
+ RESERVED
+CVE-2021-28765
+ RESERVED
+CVE-2021-28764
+ RESERVED
+CVE-2021-28763
+ RESERVED
+CVE-2021-28762
+ RESERVED
+CVE-2021-28761
+ RESERVED
+CVE-2021-28760
+ RESERVED
+CVE-2021-28759
+ RESERVED
+CVE-2021-28758
+ RESERVED
+CVE-2021-28757
+ RESERVED
+CVE-2021-28756
+ RESERVED
+CVE-2021-28755
+ RESERVED
+CVE-2021-28754
+ RESERVED
+CVE-2021-28753
+ RESERVED
+CVE-2021-28752
+ RESERVED
+CVE-2021-28751
+ RESERVED
+CVE-2021-28750
+ RESERVED
+CVE-2021-28749
+ RESERVED
+CVE-2021-28748
+ RESERVED
+CVE-2021-28747
+ RESERVED
+CVE-2021-28746
+ RESERVED
+CVE-2021-28745
+ RESERVED
+CVE-2021-28744
+ RESERVED
+CVE-2021-28743
+ RESERVED
+CVE-2021-28742
+ RESERVED
+CVE-2021-28741
+ RESERVED
+CVE-2021-28740
+ RESERVED
+CVE-2021-28739
+ RESERVED
+CVE-2021-28738
+ RESERVED
+CVE-2021-28737
+ RESERVED
+CVE-2021-28736
+ RESERVED
+CVE-2021-28735
+ RESERVED
+CVE-2021-28734
+ RESERVED
+CVE-2021-28733
+ RESERVED
+CVE-2021-28732
+ REJECTED
+CVE-2021-28731
+ RESERVED
+CVE-2021-28730
+ RESERVED
+CVE-2021-28729
+ RESERVED
+CVE-2021-28728
+ RESERVED
+CVE-2021-28727
+ RESERVED
+CVE-2021-28726
+ RESERVED
+CVE-2021-28725
+ RESERVED
+CVE-2021-28724
+ RESERVED
+CVE-2021-28723
+ RESERVED
+CVE-2021-28722
+ RESERVED
+CVE-2021-28721
+ RESERVED
+CVE-2021-28720
+ RESERVED
+CVE-2021-28719
+ RESERVED
+CVE-2021-28718
+ RESERVED
+CVE-2021-28717
+ RESERVED
+CVE-2021-28716
+ RESERVED
+CVE-2021-28715 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-392.html
+CVE-2021-28714 (Guest can force Linux netback driver to hog large amounts of kernel me ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-392.html
+CVE-2021-28713 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-391.html
+CVE-2021-28712 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-391.html
+CVE-2021-28711 (Rogue backends can cause DoS of guests via high frequency events T[his ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-391.html
+CVE-2021-28710 (certain VT-d IOMMUs may not work in shared page table mode For efficie ...)
+ - xen <not-affected> (Only affects 4.15 series)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/9
+ NOTE: https://xenbits.xen.org/xsa/advisory-390.html
+CVE-2021-28709 (issues with partially successful P2M updates on x86 T[his CNA informat ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-389.html
+CVE-2021-28708 (PoD operations on misaligned GFNs T[his CNA information record relates ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-388.html
+CVE-2021-28707 (PoD operations on misaligned GFNs T[his CNA information record relates ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-388.html
+CVE-2021-28706 (guests may exceed their designated memory limit When a guest is permit ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-385.html
+CVE-2021-28705 (issues with partially successful P2M updates on x86 T[his CNA informat ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-389.html
+CVE-2021-28704 (PoD operations on misaligned GFNs T[his CNA information record relates ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-388.html
+CVE-2021-28703 (grant table v2 status pages may remain accessible after de-allocation ...)
+ - xen 4.14.0+80-gd101b417b7-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-387.html
+ NOTE: Fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches
+ NOTE: as a prerequisite of the fix for XSA-378. 4.14.0-1~exp1 was the first version in
+ NOTE: Debian including the fix.
+ NOTE: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=c65ea16dbcafbe4fe21693b18f8c2a3c5d14600e (4.14.0-rc1)
+CVE-2021-28702 (PCI devices with RMRRs not deassigned correctly Certain PCI devices in ...)
+ {DSA-5017-1}
+ - xen 4.14.3+32-g9de3671772-1
+ [buster] - xen <not-affected> (Vulnerable code introduced later)
+ [stretch] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-386.html
+CVE-2021-28701 (Another race in XENMAPSPACE_grant_table handling Guests are permitted ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-384.html
+CVE-2021-28700 (xen/arm: No memory limit for dom0less domUs The dom0less feature allow ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <not-affected> (Only affects 4.12 and later)
+ [stretch] - xen <not-affected> (Only affects 4.12 and later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-383.html
+CVE-2021-28699 (inadequate grant-v2 status frames array bounds check The v2 grant tabl ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <not-affected> (Only affects 4.10 and later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-382.html
+CVE-2021-28698 (long running loops in grant table handling In order to properly monito ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-380.html
+CVE-2021-28697 (grant table v2 status pages may remain accessible after de-allocation ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-379.html
+CVE-2021-28696 (IOMMU page mapping issues on x86 T[his CNA information record relates ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-378.html
+CVE-2021-28695 (IOMMU page mapping issues on x86 T[his CNA information record relates ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-378.html
+CVE-2021-28694 (IOMMU page mapping issues on x86 T[his CNA information record relates ...)
+ {DSA-4977-1}
+ - xen 4.14.3-1
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-378.html
+CVE-2021-28693 (xen/arm: Boot modules are not scrubbed The bootloader will load boot m ...)
+ - xen 4.14.2+25-gb6a8c4f72d-1
+ [buster] - xen <not-affected> (Only affects 4.12 and later)
+ [stretch] - xen <not-affected> (Only affects 4.12 and later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-372.html
+CVE-2021-28692 (inappropriate x86 IOMMU timeout detection / handling IOMMUs process co ...)
+ {DSA-4931-1}
+ - xen 4.14.2+25-gb6a8c4f72d-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-373.html
+CVE-2021-28691 (Guest triggered use-after-free in Linux xen-netback A malicious or bug ...)
+ - linux 5.10.46-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-374.html
+CVE-2021-28690 (x86: TSX Async Abort protections not restored after S3 This issue rela ...)
+ {DSA-4931-1}
+ - xen 4.14.2+25-gb6a8c4f72d-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-377.html
+CVE-2021-28689 (x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests ...)
+ - xen <unfixed> (unimportant)
+ NOTE: https://xenbits.xen.org/xsa/advisory-370.html
+ NOTE: Unfixable design/architecture limitation, no fix planned
+CVE-2021-28688 (The fix for XSA-365 includes initialization of pointers such that subs ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-371.html
+ NOTE: https://git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432
+CVE-2021-28686 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28685 (AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28684 (The XML parser used in ConeXware PowerArchiver before 20.10.02 allows ...)
+ NOT-FOR-US: ConeXware PowerArchiver
+CVE-2021-28683 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-28682 (An issue was discovered in Envoy through 1.71.1. There is a remotely e ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-28681 (Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connectio ...)
+ NOT-FOR-US: Pion WebRTC
+CVE-2021-28680 (The devise_masquerade gem before 1.3 allows certain attacks when a pas ...)
+ NOT-FOR-US: devise_masquerade
+CVE-2021-28679
+ RESERVED
+CVE-2021-28678 (An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImage ...)
+ [experimental] - pillow 8.2.0-1
+ - pillow 8.1.2+dfsg-0.2 (bug #989062)
+ [buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28678-fix-blp-dos
+ NOTE: https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1
+CVE-2021-28677 (An issue was discovered in Pillow before 8.2.0. For EPS data, the read ...)
+ {DLA-2716-1}
+ [experimental] - pillow 8.2.0-1
+ - pillow 8.1.2+dfsg-0.2 (bug #989062)
+ [buster] - pillow <no-dsa> (Minor issue)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open
+ NOTE: https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92
+CVE-2021-28676 (An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecod ...)
+ {DLA-2716-1}
+ [experimental] - pillow 8.2.0-1
+ - pillow 8.1.2+dfsg-0.2 (bug #989062)
+ [buster] - pillow <ignored> (Minor issue)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28676-fix-fli-dos
+ NOTE: https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856
+CVE-2021-28675 (An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImag ...)
+ [experimental] - pillow 8.2.0-1
+ - pillow 8.1.2+dfsg-0.2 (bug #989062)
+ [buster] - pillow <ignored> (Minor issue)
+ [stretch] - pillow <ignored> (Minor issue, too intrusive to backport)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28675-fix-dos-in-psdimageplugin
+ NOTE: https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497
+CVE-2021-28674 (The node management page in SolarWinds Orion Platform before 2020.2.5 ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-28673 (Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 65 ...)
+ NOT-FOR-US: Xerox
+CVE-2021-28672 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...)
+ NOT-FOR-US: Xerox
+CVE-2021-28671 (Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 65 ...)
+ NOT-FOR-US: Xerox
+CVE-2021-28670 (Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 befor ...)
+ NOT-FOR-US: Xerox
+CVE-2021-28669 (Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103. ...)
+ NOT-FOR-US: Xerox
+CVE-2021-28668 (Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103. ...)
+ NOT-FOR-US: Xerox
+CVE-2021-28667 (StackStorm before 3.4.1, in some situations, has an infinite loop that ...)
+ NOT-FOR-US: StackStorm
+CVE-2021-28666
+ RESERVED
+CVE-2021-28665 (Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a me ...)
+ NOT-FOR-US: Stormshield SNS
+CVE-2021-28664 (The Arm Mali GPU kernel driver allows privilege escalation or a denial ...)
+ NOT-FOR-US: ARM components for Android
+CVE-2021-28663 (The Arm Mali GPU kernel driver allows privilege escalation or informat ...)
+ NOT-FOR-US: ARM components for Android
+CVE-2021-28662 (An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. ...)
+ {DSA-4924-1}
+ - squid 4.13-10 (bug #988891)
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch
+CVE-2021-28661 (Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x thr ...)
+ NOT-FOR-US: ilverStripe GraphQL Server
+CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted renegoti ...)
+ {DSA-4875-1}
+ - openssl 1.1.1k-1
+ [stretch] - openssl <not-affected> (Vulnerable code introduced later)
+ - openssl1.0 <not-affected> (Vulnerability does not impact 1.0.2 series)
+ NOTE: https://www.openssl.org/news/secadv/20210325.txt
+ NOTE: Introduced by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c589c34e619c8700ab16b152dd9c8ee58356b319 (OpenSSL_1_1_1-pre1)
+ NOTE: Prerequisite: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=46d81bcabe2d36055bdd37079ed6acf976d967a7
+ NOTE: Prerequisite (test): https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3ff38629a2df6635f36bfb79513cc6440db8cd70
+ NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fb9fa6b51defd48157eeb207f52181f735d96148 (OpenSSL_1_1_1k)
+ NOTE: Followup: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d33c2a3d8453a75509bcc8d2cf7d2dc2a3a518d0
+CVE-2021-28687 (HVM soft-reset crashes toolstack libxl requires all data structures pa ...)
+ - xen 4.14.2+25-gb6a8c4f72d-1
+ [buster] - xen <not-affected> (Vulnerable code introduced later)
+ [stretch] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-368.html
+CVE-2021-28660 (rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in t ...)
+ {DLA-2689-1 DLA-2610-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/74b6b20df8cfe90ada777d621b54c32e69e27cd7
+CVE-2021-28659
+ RESERVED
+CVE-2021-28658 (In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, ...)
+ {DLA-2622-1}
+ - python-django 2:2.2.20-1 (bug #986447)
+ [buster] - python-django <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
+ NOTE: https://github.com/django/django/commit/d4d800ca1addc4141e03c5440a849bb64d1582cd (main)
+ NOTE: https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2 (2.2.20)
+CVE-2021-28657 (A carefully crafted or corrupt file may trigger an infinite loop in Ti ...)
+ - tika <unfixed> (bug #986805)
+ [bullseye] - tika <no-dsa> (Minor issue)
+ [buster] - tika <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/30/3
+CVE-2021-28656
+ RESERVED
+CVE-2021-28655
+ RESERVED
+CVE-2021-28654
+ RESERVED
+CVE-2021-28653 (The iOS and macOS apps before 1.4.1 for the Western Digital G-Technolo ...)
+ NOT-FOR-US: iOS and macOS apps for the Western Digital G-Technology ArmorLock NVMe SSD
+CVE-2021-28652 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
+ {DSA-4924-1 DLA-2685-1}
+ - squid 4.13-10 (bug #988892)
+ - squid3 <removed>
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch
+CVE-2021-28651 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...)
+ {DSA-4924-1 DLA-2685-1}
+ - squid 4.13-10 (bug #988893)
+ - squid3 <removed>
+ NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4
+ NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-a975fd5aedc866629214aaaccb38376855351899.patch
+CVE-2021-28963 (Shibboleth Service Provider before 3.2.1 allows content injection beca ...)
+ {DSA-4872-1 DLA-2599-1}
+ - shibboleth-sp 3.2.1+dfsg1-1 (bug #985405)
+ - shibboleth-sp2 <removed>
+ NOTE: https://shibboleth.net/community/advisories/secadv_20210317.txt
+ NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-922
+ NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=d1dbebfadc1bdb824fea63843c4c38fa69e54379
+CVE-2021-3448 (A flaw was found in dnsmasq in versions before 2.85. When configured t ...)
+ - dnsmasq 2.85-1
+ [buster] - dnsmasq <postponed> (Revisit once upstream has backported to 2.80)
+ [stretch] - dnsmasq <postponed> (Probably easier to base the patch on a backported version)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939368
+ NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=74d4fcd756a85bc1823232ea74334f7ccfb9d5d2
+CVE-2021-3447 (A flaw was found in several ansible modules, where parameters containi ...)
+ - ansible <undetermined>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939349
+ NOTE: check, details on upstream status not yet clear
+CVE-2021-3446 (A flaw was found in libtpms in versions before 0.8.2. The commonly use ...)
+ - libtpms 0.8.2-1 (bug #986799)
+ NOTE: https://github.com/stefanberger/libtpms/commit/32c159ab53db703749a8f90430cdc7b20b00975e
+CVE-2021-28650 (autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOM ...)
+ [experimental] - gnome-autoar 0.3.1-1
+ - gnome-autoar 0.4.0-1 (bug #985391)
+ [bullseye] - gnome-autoar <no-dsa> (Minor issue)
+ [buster] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied)
+ [stretch] - gnome-autoar <not-affected> (Incomplete fix for CVE-2020-36241 not applied)
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/12
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4
+ NOTE: Issue exists because of an incomplete fix for CVE-2020-36241.
+ NOTE: Two followup/regression patches:
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/135053d5d3a0320891cf2e2ad4684b648bb46fc8
+ NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/b9590ab77b70e74e9deffd2af6c32908dc3c5aaf
+CVE-2021-28649 (An incorrect permission vulnerability in the product installer for Tre ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-28648 (Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vu ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-28647 (Trend Micro Password Manager version 5 (Consumer) is vulnerable to a D ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-28646 (An insecure file permissions vulnerability in Trend Micro Apex One, Ap ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-28645 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-3445 (A flaw was found in libdnf's signature verification functionality in v ...)
+ - libdnf 0.55.2-6 (bug #986802)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932079
+ NOTE: https://github.com/rpm-software-management/libdnf/commit/930f2582f91077b3f338b84cf9567559d52713de
+CVE-2021-28644
+ RESERVED
+CVE-2021-28643 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28642 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28641 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28640 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28639 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28638 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28637 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28636 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28635 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28634 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28633 (Adobe Creative Cloud Desktop Application (installer) version 2.4 (and ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28632 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28631 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28630 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28629 (Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28628 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28627 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28626 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28625 (Adobe Experience Manager Cloud Service offering, as well as versions 6 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28624 (Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28623 (Adobe Premiere Elements version 5.2 (and earlier) is affected by an in ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28622 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28621 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28620 (Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28619 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28618 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28617 (Adobe Animate version 21.0.6 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28616 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28615 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28614 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28613 (Adobe Creative Cloud Desktop Application version 5.4 (and earlier) is ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28612 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28611 (Adobe After Effects version 18.2 (and earlier) is affected by an Our-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28610 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28609 (Adobe After Effects version 18.2 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28608 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28607 (Adobe After Effects version 18.2 (and earlier) is affected by a heap c ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28606 (Adobe After Effects version 18.2 (and earlier) is affected by a Stack- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28605 (Adobe After Effects version 18.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28604 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28603 (Adobe After Effects version 18.2 (and earlier) is affected by a Heap-b ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28602 (Adobe After Effects version 18.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28601 (Adobe After Effects version 18.2 (and earlier) is affected by a Null p ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28600 (Adobe After Effects version 18.2 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28599
+ RESERVED
+CVE-2021-28598
+ RESERVED
+CVE-2021-28597 (Adobe Photoshop Elements version 5.2 (and earlier) is affected by an i ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28596 (Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earl ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28595 (Adobe Dimension version 3.4 (and earlier) is affected by an Uncontroll ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28594 (Adobe Creative Cloud Desktop Application (installer) version 2.4 (and ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28593 (Adobe Illustrator version 25.2.3 (and earlier) is affected by a Use Af ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28592 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28591 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28590 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28589 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28588 (Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28587 (After Effects versions 18.0 (and earlier) are affected by an out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28586 (After Effects version 18.0 (and earlier) are affected by an out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28585 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28584 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28583 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28582
+ RESERVED
+CVE-2021-28581 (Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncon ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28580 (Medium by Adobe version 2.4.5.331 (and earlier) is affected by a buffe ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28579 (Adobe Connect version 11.2.1 (and earlier) is affected by an Improper ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28578
+ RESERVED
+CVE-2021-28577
+ RESERVED
+CVE-2021-28576 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28575 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28574 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28573 (Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28572
+ RESERVED
+CVE-2021-28571 (Adobe After Effects version 18.1 (and earlier) is affected by a potent ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28570 (Adobe After Effects version 18.1 (and earlier) is affected by an Uncon ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28569 (Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-o ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28568 (Adobe Genuine Services version 7.1 (and earlier) is affected by an Ins ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28567 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28566 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28565 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28564 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28563 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28562 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28561 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28560 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28559 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28558 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28557 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28556 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-28555 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28554 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28553 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28552 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28551 (Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28550 (Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28549 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28548 (Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28547 (Adobe Creative Cloud Desktop Application for macOS version 5.3 (and ea ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28546 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28545 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-28544
+ RESERVED
+CVE-2021-28543 (Varnish varnish-modules before 0.17.1 allows remote attackers to cause ...)
+ - varnish-modules <not-affected> (Vulnerable code ot present; bug #985947)
+ NOTE: https://varnish-cache.org/security/VSV00006.html
+ NOTE: Fixed by: https://github.com/varnish/varnish-modules/commit/2c120e576ebb73bc247790184702ba58dc0afc39 (0.18.0)
+ NOTE: Fixed by: https://github.com/varnish/varnish-modules/commit/71a1f1383158cc1c1cb3ab2b4d3ff93b044902f5 (0.17.1)
+ NOTE: Introduced by: https://github.com/varnish/varnish-modules/commit/b4d5927a2fbba31b1213225138f8432572414a24 (0.17.0)
+CVE-2021-28542
+ RESERVED
+CVE-2021-28541
+ RESERVED
+CVE-2021-28540
+ RESERVED
+CVE-2021-28539
+ RESERVED
+CVE-2021-28538
+ RESERVED
+CVE-2021-28537
+ RESERVED
+CVE-2021-28536
+ RESERVED
+CVE-2021-28535
+ RESERVED
+CVE-2021-28534
+ RESERVED
+CVE-2021-28533
+ RESERVED
+CVE-2021-28532
+ RESERVED
+CVE-2021-28531
+ RESERVED
+CVE-2021-28530
+ RESERVED
+CVE-2021-28529
+ RESERVED
+CVE-2021-28528
+ RESERVED
+CVE-2021-28527
+ RESERVED
+CVE-2021-28526
+ RESERVED
+CVE-2021-28525
+ RESERVED
+CVE-2021-28524
+ RESERVED
+CVE-2021-28523
+ RESERVED
+CVE-2021-28522
+ RESERVED
+CVE-2021-28521
+ RESERVED
+CVE-2021-28520
+ RESERVED
+CVE-2021-28519
+ RESERVED
+CVE-2021-28518
+ RESERVED
+CVE-2021-28517
+ RESERVED
+CVE-2021-28516
+ RESERVED
+CVE-2021-28515
+ RESERVED
+CVE-2021-28514
+ RESERVED
+CVE-2021-28513
+ RESERVED
+CVE-2021-28512
+ RESERVED
+CVE-2021-28511
+ RESERVED
+CVE-2021-28510
+ RESERVED
+CVE-2021-28509
+ RESERVED
+CVE-2021-28508
+ RESERVED
+CVE-2021-28507 (An issue has recently been discovered in Arista EOS where, under certa ...)
+ NOT-FOR-US: Arista
+CVE-2021-28506 (An issue has recently been discovered in Arista EOS where certain gNOI ...)
+ NOT-FOR-US: Arista
+CVE-2021-28505
+ RESERVED
+CVE-2021-28504
+ RESERVED
+CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...)
+ NOT-FOR-US: Arista
+CVE-2021-28502
+ RESERVED
+CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the incorrec ...)
+ NOT-FOR-US: Arista
+CVE-2021-28500 (An issue has recently been discovered in Arista EOS where the incorrec ...)
+ NOT-FOR-US: Arista
+CVE-2021-28499 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ NOT-FOR-US: Arista
+CVE-2021-28498 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ NOT-FOR-US: Arista
+CVE-2021-28497 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ NOT-FOR-US: Arista
+CVE-2021-28496 (On systems running Arista EOS and CloudEOS with the affected release v ...)
+ NOT-FOR-US: Arista
+CVE-2021-28495 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ NOT-FOR-US: Arista
+CVE-2021-28494 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ NOT-FOR-US: Arista
+CVE-2021-28493 (In Arista's MOS (Metamako Operating System) software which is supporte ...)
+ NOT-FOR-US: Arista
+CVE-2021-3444 (The bpf verifier in the Linux kernel did not properly handle mod32 des ...)
+ {DLA-2785-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/9b00f1b78809309163dda2d044d9e94a3c0248a3
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/23/2
+CVE-2021-28492 (Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, an ...)
+ NOT-FOR-US: Unisys Stealth
+CVE-2021-28491
+ RESERVED
+CVE-2021-28490 (In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cook ...)
+ NOT-FOR-US: OWASP CSRFGuard
+CVE-2021-28489
+ RESERVED
+CVE-2021-28488
+ RESERVED
+CVE-2021-28487
+ RESERVED
+CVE-2021-28486
+ RESERVED
+CVE-2021-28485
+ RESERVED
+CVE-2021-28484 (An issue was discovered in the /api/connector endpoint handler in Yubi ...)
+ NOT-FOR-US: yubihsm-connector
+CVE-2021-3443 (A NULL pointer dereference flaw was found in the way Jasper versions b ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/269
+ NOTE: https://github.com/jasper-software/jasper/commit/f94e7499a8b1471a4905c4f9c9e12e60fe88264b
+CVE-2021-3442
+ RESERVED
+ NOT-FOR-US: Red Hat OpenShift API Management
+CVE-2021-28483 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28482 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28481 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28480 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28479 (Windows CSC Service Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28478 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28477 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28476 (Hyper-V Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28475 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28474 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28473 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28472 (Visual Studio Code Maven for Java Extension Remote Code Execution Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28471 (Remote Development Extension for Visual Studio Code Remote Code Execut ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28470 (Visual Studio Code GitHub Pull Requests and Issues Extension Remote Co ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28469 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28468 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28467
+ RESERVED
+CVE-2021-28466 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28465 (Web Media Extensions Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28464 (VP9 Video Extensions Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28463
+ RESERVED
+CVE-2021-28462
+ RESERVED
+CVE-2021-28461 (Dynamics Finance and Operations Cross-site Scripting Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28460 (Azure Sphere Unsigned Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28459 (Azure DevOps Server Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28458 (Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28457 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28456 (Microsoft Excel Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28455 (Microsoft Jet Red Database Engine and Access Connectivity Engine Remot ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28454 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28453 (Microsoft Word Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28452 (Microsoft Outlook Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28451 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28450 (Microsoft SharePoint Denial of Service Update ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28449 (Microsoft Office Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28448 (Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28447 (Windows Early Launch Antimalware Driver Security Feature Bypass Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28446 (Windows Portmapping Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28445 (Windows Network File System Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28444 (Windows Hyper-V Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28443 (Windows Console Driver Denial of Service Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28442 (Windows TCP/IP Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28441 (Windows Hyper-V Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28440 (Windows Installer Elevation of Privilege Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28439 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28438 (Windows Console Driver Denial of Service Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28437 (Windows Installer Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28436 (Windows Speech Runtime Elevation of Privilege Vulnerability This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28435 (Windows Event Tracing Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28434 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28433
+ RESERVED
+CVE-2021-28432
+ RESERVED
+CVE-2021-28431
+ RESERVED
+CVE-2021-28430
+ RESERVED
+CVE-2021-28429
+ RESERVED
+CVE-2021-28428
+ RESERVED
+CVE-2021-28427
+ RESERVED
+CVE-2021-28426
+ RESERVED
+CVE-2021-28425
+ RESERVED
+CVE-2021-28424 (A stored cross-site scripting (XSS) vulnerability in Teachers Record M ...)
+ NOT-FOR-US: Teachers Record Management
+CVE-2021-28423 (Multiple SQL Injection vulnerabilities in Teachers Record Management S ...)
+ NOT-FOR-US: Teachers Record Management
+CVE-2021-28422
+ RESERVED
+CVE-2021-28421
+ REJECTED
+CVE-2021-28420 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
+ NOT-FOR-US: Seo Panel
+CVE-2021-28419 (The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnera ...)
+ NOT-FOR-US: Seo Panel
+CVE-2021-28418 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
+ NOT-FOR-US: Seo Panel
+CVE-2021-28417 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
+ NOT-FOR-US: Seo Panel
+CVE-2021-28416
+ RESERVED
+CVE-2021-28415
+ RESERVED
+CVE-2021-28414
+ RESERVED
+CVE-2021-28413
+ RESERVED
+CVE-2021-28412
+ RESERVED
+CVE-2021-28411
+ RESERVED
+CVE-2021-28410
+ RESERVED
+CVE-2021-28409
+ RESERVED
+CVE-2021-28408
+ RESERVED
+CVE-2021-28407
+ RESERVED
+CVE-2021-28406
+ RESERVED
+CVE-2021-28405
+ RESERVED
+CVE-2021-28404
+ RESERVED
+CVE-2021-28403
+ RESERVED
+CVE-2021-28402
+ RESERVED
+CVE-2021-28401
+ RESERVED
+CVE-2021-28400
+ RESERVED
+CVE-2021-28399 (OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid us ...)
+ NOT-FOR-US: OrangeHRM
+CVE-2021-28398
+ RESERVED
+CVE-2021-28397
+ RESERVED
+CVE-2021-28396
+ RESERVED
+CVE-2021-28395
+ RESERVED
+CVE-2021-28394
+ RESERVED
+CVE-2021-28393
+ RESERVED
+CVE-2021-28392
+ RESERVED
+CVE-2021-28391
+ RESERVED
+CVE-2021-28390
+ RESERVED
+CVE-2021-28389
+ RESERVED
+CVE-2021-28388
+ RESERVED
+CVE-2021-28387
+ RESERVED
+CVE-2021-28386
+ RESERVED
+CVE-2021-28385
+ RESERVED
+CVE-2021-28384
+ RESERVED
+CVE-2021-28383
+ RESERVED
+CVE-2021-28382 (Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on th ...)
+ NOT-FOR-US: Zoho
+CVE-2021-28381 (The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 ...)
+ NOT-FOR-US: vhs (aka VHS: Fluid ViewHelpers) extension for TYPO3
+CVE-2021-28380 (The aimeos (aka Aimeos shop and e-commerce framework) extension before ...)
+ NOT-FOR-US: aimeos (aka Aimeos shop and e-commerce framework) extension for TYPO3
+CVE-2021-28379 (web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) thro ...)
+ NOT-FOR-US: Vesta Control Panel
+CVE-2021-28378 (Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue dat ...)
+ - gitea <removed>
+CVE-2021-28377 (ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary fi ...)
+ NOT-FOR-US: ChronoForums
+CVE-2021-28376 (ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary f ...)
+ NOT-FOR-US: ChronoForums
+CVE-2021-28373 (The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03- ...)
+ - tt-rss <not-affected> (Vulnerable code introduced later)
+ NOTE: https://community.tt-rss.org/t/check-password-not-called-if-otp-is-enabled-update-asap-if-youre-using-2fa/4502
+ NOTE: Introduced by: https://git.tt-rss.org/fox/tt-rss/commit/3fd785654372d493c031d9b541ab33a881023a32
+ NOTE: Fixed by: https://git.tt-rss.org/fox/tt-rss/commit/4949e1a59059d9e72ba7a98f783cec312c06c6d2
+CVE-2021-28372 (ThroughTek's Kalay Platform 2.0 network allows an attacker to imperson ...)
+ NOT-FOR-US: ThroughTek
+CVE-2021-28371
+ RESERVED
+CVE-2021-28370
+ RESERVED
+CVE-2021-28369
+ RESERVED
+CVE-2021-28368
+ RESERVED
+CVE-2021-28367
+ RESERVED
+CVE-2021-28366
+ RESERVED
+CVE-2021-28365
+ RESERVED
+CVE-2021-28364
+ RESERVED
+CVE-2021-28363 (The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certific ...)
+ - python-urllib3 1.26.4-1
+ [buster] - python-urllib3 <not-affected> (Vulnerable code introduced later)
+ [stretch] - python-urllib3 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-5phf-pp7p-vc2r
+ NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0 (1.26.4)
+ NOTE: Support for HTTPS request via HTTPS proxies only introduced in 1.26.0.
+ NOTE: In Debian urllib3 does require SSL certificate validation by default (since 1.3-3)
+ NOTE: with the 02_require-cert-verification.patch patch (Cf. #686872).
+CVE-2021-28362 (An issue was discovered in Contiki through 3.0. When sending an ICMPv6 ...)
+ NOT-FOR-US: Contiki
+CVE-2021-28361 (An issue was discovered in Storage Performance Development Kit (SPDK) ...)
+ NOT-FOR-US: Storage Performance Development Kit
+CVE-2021-28360
+ RESERVED
+CVE-2021-28359 (The "origin" parameter passed to some of the endpoints like '/trigger' ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-28358 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28357 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28356 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28355 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28354 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28353 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28352 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28351 (Windows Speech Runtime Elevation of Privilege Vulnerability This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28350 (Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28349 (Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28348 (Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28347 (Windows Speech Runtime Elevation of Privilege Vulnerability This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28346 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28345 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28344 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28343 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28342 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28341 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28340 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28339 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28338 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28337 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28336 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28335 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28334 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28333 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28332 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28331 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28330 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28329 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28328 (Windows DNS Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28327 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28326 (Windows AppX Deployment Server Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28325 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28324 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28323 (Windows DNS Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28322 (Diagnostics Hub Standard Collector Service Elevation of Privilege Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28321 (Diagnostics Hub Standard Collector Service Elevation of Privilege Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28320 (Windows Resource Manager PSM Service Extension Elevation of Privilege ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28319 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28318 (Windows GDI+ Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28317 (Microsoft Windows Codecs Library Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28316 (Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28315 (Windows Media Video Decoder Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28314 (Windows Hyper-V Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28313 (Diagnostics Hub Standard Collector Service Elevation of Privilege Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28312 (Windows NTFS Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28311 (Windows Application Compatibility Cache Denial of Service Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28310 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28309 (Windows Kernel Information Disclosure Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-28308 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
+ NOT-FOR-US: Rust craste fltk
+CVE-2021-28307 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
+ NOT-FOR-US: Rust craste fltk
+CVE-2021-28306 (An issue was discovered in the fltk crate before 0.15.3 for Rust. Ther ...)
+ NOT-FOR-US: Rust craste fltk
+CVE-2021-28305 (An issue was discovered in the diesel crate before 1.4.6 for Rust. The ...)
+ - rust-diesel <unfixed> (bug #987275)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0037.html
+CVE-2021-28304
+ RESERVED
+CVE-2021-28303
+ RESERVED
+CVE-2021-28302 (A stack overflow in pupnp before version 1.14.5 can cause the denial o ...)
+ - pupnp-1.8 <unfixed> (bug #986833)
+ [bullseye] - pupnp-1.8 <no-dsa> (Minor issue)
+ [buster] - pupnp-1.8 <no-dsa> (Minor issue)
+ - libupnp <removed>
+ [stretch] - libupnp <no-dsa> (Minor issue)
+ NOTE: https://github.com/pupnp/pupnp/issues/249
+CVE-2021-28301
+ RESERVED
+CVE-2021-28300 (NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrac ...)
+ - gpac 1.0.1+dfsg1-4 (bug #987020)
+ [buster] - gpac <no-dsa> (Minor issue)
+ [stretch] - gpac <postponed> (Minor issue; can be fixed in next update)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/1702
+ NOTE: https://github.com/gpac/gpac/commit/c4a5109dad73abe25ad12d8d529a728ae98d78ca
+CVE-2021-28299
+ RESERVED
+CVE-2021-28298
+ RESERVED
+CVE-2021-28297
+ RESERVED
+CVE-2021-28296
+ RESERVED
+CVE-2021-28295 (Online Ordering System 1.0 is vulnerable to unauthenticated SQL inject ...)
+ NOT-FOR-US: Online Ordering System
+CVE-2021-28294 (Online Ordering System 1.0 is vulnerable to arbitrary file upload thro ...)
+ NOT-FOR-US: Online Ordering System
+CVE-2021-28293 (Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated ...)
+ NOT-FOR-US: Seceon aiSIEM
+CVE-2021-28292
+ RESERVED
+CVE-2021-28291
+ RESERVED
+CVE-2021-28290
+ RESERVED
+CVE-2021-28289
+ RESERVED
+CVE-2021-28288
+ RESERVED
+CVE-2021-28287
+ RESERVED
+CVE-2021-28286
+ RESERVED
+CVE-2021-28285
+ RESERVED
+CVE-2021-28284
+ RESERVED
+CVE-2021-28283
+ RESERVED
+CVE-2021-28282
+ RESERVED
+CVE-2021-28281
+ RESERVED
+CVE-2021-28280 (CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFu ...)
+ NOT-FOR-US: PHP-Fusion
+CVE-2021-28279
+ RESERVED
+CVE-2021-28278
+ RESERVED
+CVE-2021-28277
+ RESERVED
+CVE-2021-28276
+ RESERVED
+CVE-2021-28275
+ RESERVED
+CVE-2021-28274
+ RESERVED
+CVE-2021-28273
+ RESERVED
+CVE-2021-28272
+ RESERVED
+CVE-2021-28271 (Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of ...)
+ NOT-FOR-US: Soyal Technologies SOYAL 701Server
+CVE-2021-28270
+ RESERVED
+CVE-2021-28269 (Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions ...)
+ NOT-FOR-US: Soyal Technology 701Client
+CVE-2021-28268
+ RESERVED
+CVE-2021-28267
+ RESERVED
+CVE-2021-28266
+ RESERVED
+CVE-2021-28265
+ RESERVED
+CVE-2021-28264
+ RESERVED
+CVE-2021-28263
+ RESERVED
+CVE-2021-28262
+ RESERVED
+CVE-2021-28261
+ RESERVED
+CVE-2021-28260
+ RESERVED
+CVE-2021-28259
+ RESERVED
+CVE-2021-28258
+ RESERVED
+CVE-2021-28257
+ RESERVED
+CVE-2021-28256
+ RESERVED
+CVE-2021-28255
+ RESERVED
+CVE-2021-28254
+ RESERVED
+CVE-2021-28253
+ RESERVED
+CVE-2021-28252
+ RESERVED
+CVE-2021-28251
+ RESERVED
+CVE-2021-28250 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ NOT-FOR-US: CA eHealth Performance Manager
+CVE-2021-28249 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ NOT-FOR-US: CA eHealth Performance Manager
+CVE-2021-28248 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ NOT-FOR-US: CA eHealth Performance Manager
+CVE-2021-28247 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ NOT-FOR-US: CA eHealth Performance Manager
+CVE-2021-28246 (** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through ...)
+ NOT-FOR-US: CA eHealth Performance Manager
+CVE-2021-28245 (PbootCMS 3.0.4 contains a SQL injection vulnerability through index.ph ...)
+ NOT-FOR-US: PbootCMS
+CVE-2021-28244
+ RESERVED
+CVE-2021-28243
+ RESERVED
+CVE-2021-28242 (SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stab ...)
+ NOT-FOR-US: b2evolution CMS
+CVE-2021-28241
+ RESERVED
+CVE-2021-28240
+ RESERVED
+CVE-2021-28239
+ RESERVED
+CVE-2021-28238
+ RESERVED
+CVE-2021-28237 (LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-28236 (LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference ...)
+ - libredwg <itp> (bug #595191)
+CVE-2021-28235
+ RESERVED
+CVE-2021-28234
+ RESERVED
+CVE-2021-28233 (Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 v ...)
+ NOT-FOR-US: ok-file-formats
+CVE-2021-28232
+ RESERVED
+CVE-2021-28231
+ RESERVED
+CVE-2021-28230
+ RESERVED
+CVE-2021-28229
+ RESERVED
+CVE-2021-28228
+ RESERVED
+CVE-2021-28227
+ RESERVED
+CVE-2021-28226
+ RESERVED
+CVE-2021-28225
+ RESERVED
+CVE-2021-28224
+ RESERVED
+CVE-2021-28223
+ RESERVED
+CVE-2021-28222
+ RESERVED
+CVE-2021-28221
+ RESERVED
+CVE-2021-28220
+ RESERVED
+CVE-2021-28219
+ RESERVED
+CVE-2021-28218
+ RESERVED
+CVE-2021-28217
+ RESERVED
+CVE-2021-3441 (A potential security vulnerability has been identified for the HP Offi ...)
+ NOT-FOR-US: HP
+CVE-2021-3440 (HP Print and Scan Doctor, an application within the HP Smart App for W ...)
+ NOT-FOR-US: HP
+CVE-2021-3439
+ RESERVED
+CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...)
+ NOT-FOR-US: HP LaserJet products and Samsung product printers
+CVE-2021-3437
+ RESERVED
+CVE-2021-3436 (BT: Possible to overwrite an existing bond during keys distribution ph ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-28216 (BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ...)
+ - edk2 <unfixed>
+ [bullseye] - edk2 <no-dsa> (Minor issue)
+ [buster] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2957
+CVE-2021-28215
+ RESERVED
+CVE-2021-28214
+ RESERVED
+CVE-2021-28213 (Example EDK2 encrypted private key in the IpSecDxe.efi present potenti ...)
+ - edk2 0~20190606.20d2e5a1-2 (bug #989988; unimportant)
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1866
+ NOTE: IpSecDxe code not built.
+CVE-2021-28212
+ RESERVED
+CVE-2021-28211 (A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. ...)
+ {DLA-2645-1}
+ - edk2 2020.11-1
+ [buster] - edk2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1816
+ NOTE: https://github.com/tianocore/edk2/pull/1138
+ NOTE: https://github.com/tianocore/edk2/commit/e7bd0dd26db7e56aa8ca70132d6ea916ee6f3db0
+CVE-2021-28210 (An unlimited recursion in DxeCore in EDK II. ...)
+ {DLA-2645-1}
+ - edk2 2020.11-1
+ [buster] - edk2 <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1743
+ NOTE: https://github.com/tianocore/edk2/pull/1137
+ NOTE: https://github.com/tianocore/edk2/commit/47343af30435302c087027177613412a1a83e919
+CVE-2021-28209 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28208 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28207 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28206 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28205 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28204 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28203 (The Web Set Media Image function in ASUS BMC&#8217;s firmware Web mana ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28202 (The Service configuration-2 function in ASUS BMC&#8217;s firmware Web ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28201 (The Service configuration-1 function in ASUS BMC&#8217;s firmware Web ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28200 (The CD media configuration function in ASUS BMC&#8217;s firmware Web m ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28199 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28198 (The Firmware protocol configuration function in ASUS BMC&#8217;s firmw ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28197 (The Active Directory configuration function in ASUS BMC&#8217;s firmwa ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28196 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28195 (The Radius configuration function in ASUS BMC&#8217;s firmware Web man ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28194 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28193 (The SMTP configuration function in ASUS BMC&#8217;s firmware Web manag ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28192 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28191 (The Firmware update function in ASUS BMC&#8217;s firmware Web manageme ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28190 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28189 (The SMTP configuration function in ASUS BMC&#8217;s firmware Web manag ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28188 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28187 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28186 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28185 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28184 (The Active Directory configuration function in ASUS BMC&#8217;s firmwa ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28183 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28182 (The Web Service configuration function in ASUS BMC&#8217;s firmware We ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28181 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28180 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28179 (The specific function in ASUS BMC&#8217;s firmware Web management page ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28178 (The UEFI configuration function in ASUS BMC&#8217;s firmware Web manag ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28177 (The LDAP configuration function in ASUS BMC&#8217;s firmware Web manag ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28176 (The DNS configuration function in ASUS BMC&#8217;s firmware Web manage ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28175 (The Radius configuration function in ASUS BMC&#8217;s firmware Web man ...)
+ NOT-FOR-US: ASUS
+CVE-2021-28174 (Mitake smart stock selection system contains a broken authentication v ...)
+ NOT-FOR-US: Mitake smart stock selection system
+CVE-2021-28173 (The file upload function of Vangene deltaFlow E-platform does not perf ...)
+ NOT-FOR-US: Vangene deltaFlow E-platform
+CVE-2021-28172 (There is a Path Traversal vulnerability in the file download function ...)
+ NOT-FOR-US: Vangene deltaFlow E-platform
+CVE-2021-28171 (The Vangene deltaFlow E-platform does not take properly protective mea ...)
+ NOT-FOR-US: Vangene deltaFlow E-platform
+CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earlier, a ...)
+ - jakarta-el-api <unfixed> (unimportant; bug #989259)
+ NOTE: https://github.com/eclipse-ee4j/el-ri/issues/155
+ NOTE: https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
+ NOTE: Only affects the EL reference implementation which isn't built into the binary packages
+CVE-2021-28169 (For Eclipse Jetty versions &lt;= 9.4.40, &lt;= 10.0.2, &lt;= 11.0.2, i ...)
+ {DSA-4949-1 DLA-2688-1}
+ - jetty9 9.4.39-2 (bug #989999)
+ - jetty8 <removed>
+ - jetty <removed>
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq
+ NOTE: https://github.com/eclipse/jetty.project/issues/6263
+ NOTE: https://github.com/eclipse/jetty.project/commit/1c05b0bcb181c759e98b060bded0b9376976b055 (v9.4.41)
+CVE-2021-28168 (Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains ...)
+ NOT-FOR-US: Eclipse Jersey
+CVE-2021-28167 (In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect ...)
+ NOT-FOR-US: Eclipse OpenJ9
+CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated clien ...)
+ - mosquitto 2.0.10-1 (bug #986701)
+ [bullseye] - mosquitto <no-dsa> (Minor issue)
+ [buster] - mosquitto <not-affected> (Vulnerable code introduced in 2.0)
+ [stretch] - mosquitto <not-affected> (Vulnerable code introduced in 2.0)
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608
+CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0. ...)
+ {DSA-4949-1}
+ - jetty9 9.4.39-1
+ [stretch] - jetty9 <ignored> (Minor issue, cpu-spin DoS w/o service outage, no patch for 9.2 while 9.4 refactoring in core SSL code)
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
+ NOTE: https://github.com/eclipse/jetty.project/issues/6072
+ NOTE: https://github.com/eclipse/jetty.project/pull/6073/commits/af289dcaedcddcc6b23bc73ddc20363c34338412 (jetty-9.4.x)
+ NOTE: https://github.com/eclipse/jetty.project/pull/6073/commits/705e5e9a6a00fd3a533695bae8915b0295a4f879 (jetty-9.4.x)
+CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...)
+ - jetty9 9.4.39-1
+ [buster] - jetty9 <not-affected> (Vulnerable code introduced later)
+ [stretch] - jetty9 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5
+ NOTE: https://github.com/eclipse/jetty.project/commit/e412c8a15b3334b30193f40412c0fbc47e478e83
+ NOTE: Introduced by https://github.com/eclipse/jetty.project/commit/20ef71fe5d709a90c2a5698834fff07b9b4e7ad7 (jetty-9.4.37.v20210219)
+CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...)
+ - jetty9 9.4.39-1
+ [buster] - jetty9 <not-affected> (Vulnerable code was introduced later)
+ [stretch] - jetty9 <not-affected> (Vulnerable code introduced in 9.4.32 according to upstream advisory, reproducer no-op)
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq
+ NOTE: https://github.com/eclipse/jetty.project/commit/37fffb1722604da1763d8a096ec5c5fb41ea0633
+CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...)
+ NOT-FOR-US: Eclipse Theia
+CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the debug cons ...)
+ NOT-FOR-US: Eclipse Theia
+CVE-2021-28160 (Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected ...)
+ NOT-FOR-US: Acexy (BoyaMicro) Wireless-N WiFi Repeater
+CVE-2021-28159
+ RESERVED
+CVE-2021-28158
+ RESERVED
+CVE-2021-28157 (An SQL Injection issue in Devolutions Server before 2021.1 and Devolut ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-28156 (HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be ...)
+ - consul <not-affected> (Only affects Enterprise version)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950492
+ NOTE: https://github.com/hashicorp/consul/pull/10030
+CVE-2021-28155 (The Bluetooth Classic implementation on JBL TUNE500BT devices does not ...)
+ NOT-FOR-US: JBL TUNE500BT
+CVE-2021-28154 (** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 all ...)
+ NOT-FOR-US: Camunda Modeler
+CVE-2021-28152 (Hongdian H8922 3.0.5 devices have an undocumented feature that allows ...)
+ NOT-FOR-US: Hongdian H8922 3.0.5 devices
+CVE-2021-28151 (Hongdian H8922 3.0.5 devices allow OS command injection via shell meta ...)
+ NOT-FOR-US: Hongdian H8922 3.0.5 devices
+CVE-2021-28150 (Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read ...)
+ NOT-FOR-US: Hongdian H8922 3.0.5 devices
+CVE-2021-28149 (Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_downl ...)
+ NOT-FOR-US: Hongdian H8922 3.0.5 devices
+CVE-2021-28148 (One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x ...)
+ - grafana <removed>
+CVE-2021-28147 (The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x bef ...)
+ - grafana <removed>
+CVE-2021-28146 (The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an ...)
+ - grafana <removed>
+CVE-2021-28153 (An issue was discovered in GNOME GLib before 2.66.8. When g_file_repla ...)
+ - glib2.0 2.66.7-2 (bug #984969)
+ [buster] - glib2.0 2.58.3-2+deb10u3
+ [stretch] - glib2.0 <postponed> (Minor issue, directory traversal exploitable in file-roller)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2325
+CVE-2021-3435
+ RESERVED
+CVE-2021-3434
+ RESERVED
+CVE-2021-3433
+ RESERVED
+CVE-2021-3432
+ RESERVED
+CVE-2021-3431
+ RESERVED
+CVE-2021-3430
+ RESERVED
+CVE-2021-3429
+ RESERVED
+ {DLA-2601-1}
+ - cloud-init 20.4.1-2 (bug #985540)
+ [buster] - cloud-init 20.2-2~deb10u2
+ NOTE: https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668
+CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
+ RESERVED
+ {DLA-2689-1 DLA-2610-1}
+ - linux 5.8.7-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1936786
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/1
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1173485
+CVE-2021-28145 (Concrete CMS (formerly concrete5) before 8.5.5 allows remote authentic ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote a ...)
+ NOT-FOR-US: D-Link
+CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated ...)
+ NOT-FOR-US: D-Link
+CVE-2021-28142 (CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." ...)
+ NOT-FOR-US: CITSmart
+CVE-2021-28141 (** DISPUTED ** An issue was discovered in Progress Telerik UI for ASP. ...)
+ NOT-FOR-US: Telerik
+CVE-2021-28140
+ RESERVED
+CVE-2021-28139 (The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earl ...)
+ NOT-FOR-US: Espressif
+CVE-2021-28138
+ RESERVED
+CVE-2021-28137
+ RESERVED
+CVE-2021-28136 (The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earl ...)
+ NOT-FOR-US: Espressif
+CVE-2021-28135 (The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earl ...)
+ NOT-FOR-US: Espressif
+CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote attacke ...)
+ NOT-FOR-US: Clipper
+CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private informat ...)
+ NOT-FOR-US: Zoom
+CVE-2021-3427
+ RESERVED
+CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows unauthenticated ...)
+ NOT-FOR-US: LUCY Security Awareness Software
+CVE-2021-28131 (Impala sessions use a 16 byte secret to verify that the session is not ...)
+ NOT-FOR-US: Apache Impala
+CVE-2021-28130 (Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applicati ...)
+ NOT-FOR-US: Dr.Web Firewall
+CVE-2021-28129 (While working on Apache OpenOffice 4.1.8 a developer discovered that t ...)
+ NOT-FOR-US: Apache OpenOffice
+CVE-2021-28128 (In Strapi through 3.6.0, the admin panel allows the changing of one's ...)
+ NOT-FOR-US: Strapi
+CVE-2021-28127 (An issue was discovered in Stormshield SNS through 4.2.1. A brute-forc ...)
+ NOT-FOR-US: Stormshield SNS
+CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1 ...)
+ NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
+CVE-2021-28125 (Apache Superset up to and including 1.0.1 allowed for the creation of ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-28124 (A man-in-the-middle vulnerability in Cohesity DataPlatform support cha ...)
+ NOT-FOR-US: Cohesity DataPlatform support channel
+CVE-2021-28123 (Undocumented Default Cryptographic Key Vulnerability in Cohesity DataP ...)
+ NOT-FOR-US: Cohesity DataPlatform
+CVE-2021-28122 (A request-validation issue was discovered in Open5GS 2.1.3 through 2.2 ...)
+ NOT-FOR-US: Open5GS
+CVE-2021-28121 (Virtual Robots.txt before 1.10 does not block HTML tags in the robots. ...)
+ NOT-FOR-US: Virtual Robots.txt
+CVE-2021-28120
+ RESERVED
+CVE-2021-28119 (Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command e ...)
+ NOT-FOR-US: Twinkle Tray
+CVE-2021-28118
+ RESERVED
+CVE-2021-28117 (libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before ...)
+ - plasma-discover 5.20.5-3
+ [buster] - plasma-discover <not-affected> (Vulnerable code introduced later)
+ [stretch] - plasma-discover <not-affected> (Vulnerable code introduced later)
+ NOTE: https://kde.org/info/security/advisory-20210310-1.txt
+ NOTE: Introduced in: https://invent.kde.org/plasma/discover/8bea95730eabb439b0528da01fb1e0cc6fe179b7
+ NOTE: Plasma 5.21: https://commits.kde.org/plasma/discover/94478827aab63d2e2321f0ca9ec5553718798e60
+ NOTE: Plasma 5.18: https://commits.kde.org/plasma/discover/fcd3b30552bf03a384b1a16f9bb8db029c111356
+CVE-2021-28116 (Squid through 4.14 and 5.x through 5.0.5, in some configurations, allo ...)
+ - squid 5.2-1 (bug #986804)
+ [bullseye] - squid <postponed> (Minor issue)
+ [buster] - squid <postponed> (Minor issue)
+ - squid3 <removed>
+ [stretch] - squid3 <postponed> (Check later when information is public)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-11610/
+ NOTE: https://bugs.squid-cache.org/show_bug.cgi?id=5131
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/04/1
+ NOTE: Squid4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_12.patch
+ NOTE: Squid5: http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a73a54cefff6bb83c03de219a73276e42d183d0.patch
+CVE-2021-28115 (The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the com ...)
+ NOT-FOR-US: MyBB addon
+CVE-2021-28114 (Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace co ...)
+ NOT-FOR-US: Froala WYSIWYG Editor
+CVE-2021-28113 (A command injection vulnerability in the cookieDomain and relayDomain ...)
+ NOT-FOR-US: Okta Access Gateway
+CVE-2021-28112 (Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a deb ...)
+ NOT-FOR-US: Draeger X-Dock Firmware
+CVE-2021-28111 (Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, le ...)
+ NOT-FOR-US: Draeger X-Dock Firmware
+CVE-2021-28110 (/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27. ...)
+ NOT-FOR-US: TranzWare e-Commerce Payment Gateway (TWEC PG)
+CVE-2021-28109 (TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected C ...)
+ NOT-FOR-US: TranzWare (POI) FIMI
+CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier Authent ...)
+ {DLA-2625-1}
+ - courier-authlib 0.71.1-2 (bug #984810)
+ [buster] - courier-authlib <no-dsa> (Minor issue)
+ NOTE: Re-introduction of #378571 while migrating from debian/permissions to
+ NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2.
+CVE-2021-3426 (There's a flaw in Python 3's pydoc. A local or adjacent attacker who d ...)
+ {DLA-2619-1}
+ [experimental] - python3.9 3.9.3-1
+ - python3.9 3.9.7-1
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ - python2.7 <not-affected> (Vulnerable code not present)
+ - pypy3 7.3.3+dfsg-4
+ [buster] - pypy3 <no-dsa> (Minor issue)
+ NOTE: https://bugs.python.org/issue42988
+ NOTE: https://github.com/python/cpython/commit/9b999479c0022edfc9835a8a1f06e046f3881048
+ NOTE: https://python-security.readthedocs.io/vuln/pydoc-getfile.html
+ NOTE: https://github.com/python/cpython/pull/24337
+ NOTE: https://github.com/python/cpython/pull/24285
+CVE-2021-3425 (A flaw was found in the AMQ Broker that discloses JDBC encrypted usern ...)
+ NOT-FOR-US: Red Hat AMQ Broker
+CVE-2021-28108
+ RESERVED
+CVE-2021-28107
+ RESERVED
+CVE-2021-28106
+ RESERVED
+CVE-2021-28105
+ RESERVED
+CVE-2021-28104
+ RESERVED
+CVE-2021-28103
+ RESERVED
+CVE-2021-28102
+ RESERVED
+CVE-2021-28101
+ RESERVED
+CVE-2021-28100 (Priam uses File.createTempFile, which gives the permissions on that fi ...)
+ NOT-FOR-US: Priam
+CVE-2021-28099 (In Netflix OSS Hollow, since the Files.exists(parent) is run before cr ...)
+ NOT-FOR-US: Hollow
+CVE-2021-28098 (An issue was discovered in Forescout CounterACT before 8.1.4. A local ...)
+ NOT-FOR-US: Forescout CounterACT
+CVE-2021-28097
+ RESERVED
+CVE-2021-28096 (An issue was discovered in Stormshield SNS before 4.2.3 (when the prox ...)
+ NOT-FOR-US: Stormshield SNS
+CVE-2021-28095 (OX Documents before 7.10.5-rev5 has Incorrect Access Control for docum ...)
+ NOT-FOR-US: OX Documents
+CVE-2021-28094 (OX Documents before 7.10.5-rev7 has Incorrect Access Control for conve ...)
+ NOT-FOR-US: OX Documents
+CVE-2021-28093 (OX Documents before 7.10.5-rev5 has Incorrect Access Control of conver ...)
+ NOT-FOR-US: OX Documents
+CVE-2021-28092 (The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expr ...)
+ NOT-FOR-US: Node is-svg
+CVE-2021-3424 (A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-28091 (Lasso all versions prior to 2.7.0 has improper verification of a crypt ...)
+ {DSA-4926-1 DLA-2684-1}
+ - lasso 2.6.1-3
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1940089
+ NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html
+ NOTE: https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html
+ NOTE: https://git.entrouvert.org/lasso.git/commit/?id=ea7e5efe9741e1b1787a58af16cb15b40c23be5a
+CVE-2021-28090 (Tor before 0.4.5.7 allows a remote attacker to cause Tor directory aut ...)
+ {DSA-4871-1}
+ - tor 0.4.5.7-1
+ [stretch] - tor <end-of-life> (See DSA 4644)
+ NOTE: https://blog.torproject.org/node/2009
+ NOTE: https://bugs.torproject.org/tpo/core/tor/40316
+CVE-2021-28089 (Tor before 0.4.5.7 allows a remote participant in the Tor directory pr ...)
+ {DSA-4871-1}
+ - tor 0.4.5.7-1
+ [stretch] - tor <end-of-life> (See DSA 4644)
+ NOTE: https://blog.torproject.org/node/2009
+ NOTE: https://bugs.torproject.org/tpo/core/tor/40286
+CVE-2021-21381 (Flatpak is a system for building, distributing, and running sandboxed ...)
+ {DSA-4868-1}
+ - flatpak 1.10.1-4 (bug #984859)
+ [stretch] - flatpak <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/flatpak/flatpak/issues/4146
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp
+CVE-2021-28088 (Cross-site scripting (XSS) in modules/content/admin/content.php in Imp ...)
+ NOT-FOR-US: ImpressCMS
+CVE-2021-28087
+ RESERVED
+CVE-2021-28086
+ RESERVED
+CVE-2021-28085
+ RESERVED
+CVE-2021-28084
+ RESERVED
+CVE-2021-28083
+ RESERVED
+CVE-2021-28082
+ RESERVED
+CVE-2021-28081
+ RESERVED
+CVE-2021-28080
+ RESERVED
+CVE-2021-28079 (Jamovi &lt;=1.6.18 is affected by a cross-site scripting (XSS) vulnera ...)
+ NOT-FOR-US: Jamovi
+CVE-2021-28078
+ RESERVED
+CVE-2021-28077
+ RESERVED
+CVE-2021-28076
+ RESERVED
+CVE-2021-28075 (iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulner ...)
+ NOT-FOR-US: iKuaiOS
+CVE-2021-28074
+ RESERVED
+CVE-2021-28073
+ RESERVED
+CVE-2021-28072
+ RESERVED
+CVE-2021-28071
+ RESERVED
+CVE-2021-28070 (Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0 ...)
+ NOT-FOR-US: PopojiCMS
+CVE-2021-28069
+ RESERVED
+CVE-2021-28068
+ RESERVED
+CVE-2021-28067
+ RESERVED
+CVE-2021-28066
+ RESERVED
+CVE-2021-28065
+ RESERVED
+CVE-2021-28064
+ RESERVED
+CVE-2021-28063
+ RESERVED
+CVE-2021-28062
+ RESERVED
+CVE-2021-28061
+ RESERVED
+CVE-2021-28060 (A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4 ...)
+ NOT-FOR-US: Group Office
+CVE-2021-28059
+ RESERVED
+CVE-2021-28058
+ RESERVED
+CVE-2021-28057
+ RESERVED
+CVE-2021-28056
+ RESERVED
+CVE-2021-28055 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-28054 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-28053 (An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-28052
+ RESERVED
+CVE-2021-28051
+ RESERVED
+CVE-2021-28050
+ RESERVED
+CVE-2021-28049
+ RESERVED
+CVE-2021-28048 (An overly permissive CORS policy in Devolutions Server before 2021.1 a ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-28047 (Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Re ...)
+ NOT-FOR-US: Devolutions Remote Desktop Manager
+CVE-2021-28046
+ RESERVED
+CVE-2021-28045
+ RESERVED
+CVE-2021-28044
+ RESERVED
+CVE-2021-28043
+ RESERVED
+CVE-2021-28042 (Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Tra ...)
+ NOT-FOR-US: Deutsche Post Mailoptimizer
+CVE-2021-3423 (Uncontrolled Search Path Element vulnerability in the openssl componen ...)
+ NOT-FOR-US: Bitdefender
+CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...)
+ - openssh 1:8.4p1-5 (bug #984940)
+ [buster] - openssh <not-affected> (Vulnerable code introduced later)
+ [stretch] - openssh <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/03/1
+ NOTE: https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db
+ NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig
+CVE-2021-28040 (An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vuln ...)
+ - ossec-hids <itp> (bug #361954)
+CVE-2021-28037 (An issue was discovered in the internment crate before 0.4.2 for Rust. ...)
+ NOT-FOR-US: Rust crate internment
+CVE-2021-28036 (An issue was discovered in the quinn crate before 0.7.0 for Rust. It m ...)
+ NOT-FOR-US: Rust crate quinn
+CVE-2021-28035 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust. ...)
+ NOT-FOR-US: Rust crate stack_dst
+CVE-2021-28034 (An issue was discovered in the stack_dst crate before 0.6.1 for Rust. ...)
+ NOT-FOR-US: Rust crate stack_dst
+CVE-2021-28033 (An issue was discovered in the byte_struct crate before 0.6.1 for Rust ...)
+ NOT-FOR-US: Rust crate byte_struct
+CVE-2021-28032 (An issue was discovered in the nano_arena crate before 0.5.2 for Rust. ...)
+ NOT-FOR-US: Rust crate nano_arena
+CVE-2021-28031 (An issue was discovered in the scratchpad crate before 1.3.1 for Rust. ...)
+ NOT-FOR-US: Rust crate scratchpad
+CVE-2021-28030 (An issue was discovered in the truetype crate before 0.30.1 for Rust. ...)
+ NOT-FOR-US: Rust crate truetype
+CVE-2021-28029 (An issue was discovered in the toodee crate before 0.3.0 for Rust. The ...)
+ NOT-FOR-US: Rust crate toodee
+CVE-2021-28028 (An issue was discovered in the toodee crate before 0.3.0 for Rust. Row ...)
+ NOT-FOR-US: Rust crate toodee
+CVE-2021-28027 (An issue was discovered in the bam crate before 0.1.3 for Rust. There ...)
+ NOT-FOR-US: Rust crate bam
+CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff ...)
+ - jpeg-xl <itp> (bug #948862)
+CVE-2021-28025
+ RESERVED
+CVE-2021-28024 (Unauthorized system access in the login form in ServiceTonic Helpdesk ...)
+ NOT-FOR-US: ServiceTonic
+CVE-2021-28023 (Arbitrary file upload in Service import feature in ServiceTonic Helpde ...)
+ NOT-FOR-US: ServiceTonic
+CVE-2021-28022 (Blind SQL injection in the login form in ServiceTonic Helpdesk softwar ...)
+ NOT-FOR-US: ServiceTonic
+CVE-2021-28021 (Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...)
+ - libstb <undetermined>
+ NOTE: https://github.com/nothings/stb/issues/1108
+ NOTE: https://github.com/nothings/stb/commit/86b7570cfba845e8209c6aec2d15e487bb1d8bb4
+ TODO: check libstb itself, and various packages embedd a copy
+CVE-2021-28020
+ RESERVED
+CVE-2021-28019
+ RESERVED
+CVE-2021-28018
+ RESERVED
+CVE-2021-28017
+ RESERVED
+CVE-2021-28016
+ RESERVED
+CVE-2021-28015
+ RESERVED
+CVE-2021-28014
+ RESERVED
+CVE-2021-28013
+ RESERVED
+CVE-2021-28012
+ RESERVED
+CVE-2021-28011
+ RESERVED
+CVE-2021-28010
+ RESERVED
+CVE-2021-28009
+ RESERVED
+CVE-2021-28008
+ RESERVED
+CVE-2021-28007 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...)
+ NOT-FOR-US: Web Based Quiz System
+CVE-2021-28006 (Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in ...)
+ NOT-FOR-US: Web Based Quiz System
+CVE-2021-28005
+ RESERVED
+CVE-2021-28004
+ RESERVED
+CVE-2021-28003
+ RESERVED
+CVE-2021-28002 (A persistent cross-site scripting vulnerability was discovered in the ...)
+ NOT-FOR-US: Textpattern CMS
+CVE-2021-28001 (A cross-site scripting vulnerability was discovered in the Comments pa ...)
+ NOT-FOR-US: Textpattern CMS
+CVE-2021-28000 (A persistent cross-site scripting vulnerability was discovered in Loca ...)
+ NOT-FOR-US: Local Services Search Engine Management System Project
+CVE-2021-27999 (A SQL injection vulnerability was discovered in the editid parameter i ...)
+ NOT-FOR-US: Local Services Search Engine Management System Project
+CVE-2021-27998
+ RESERVED
+CVE-2021-27997
+ RESERVED
+CVE-2021-27996
+ RESERVED
+CVE-2021-27995
+ RESERVED
+CVE-2021-27994
+ RESERVED
+CVE-2021-27993
+ RESERVED
+CVE-2021-27992
+ RESERVED
+CVE-2021-27991
+ RESERVED
+CVE-2021-27990 (Appspace 6.2.4 is vulnerable to a broken authentication mechanism wher ...)
+ NOT-FOR-US: Appspace
+CVE-2021-27989 (Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in m ...)
+ NOT-FOR-US: Appspace
+CVE-2021-27988
+ RESERVED
+CVE-2021-27987
+ RESERVED
+CVE-2021-27986
+ RESERVED
+CVE-2021-27985
+ RESERVED
+CVE-2021-27984 (In Pluck-4.7.15 admin background a remote command execution vulnerabil ...)
+ NOT-FOR-US: Pluck CMS
+CVE-2021-27983 (Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 ...)
+ NOT-FOR-US: MaxSite CMS
+CVE-2021-27982
+ RESERVED
+CVE-2021-27981
+ RESERVED
+CVE-2021-27980
+ RESERVED
+CVE-2021-27979
+ RESERVED
+CVE-2021-27978
+ RESERVED
+CVE-2021-27977
+ RESERVED
+CVE-2021-27976
+ RESERVED
+CVE-2021-27975
+ RESERVED
+CVE-2021-27974
+ RESERVED
+CVE-2021-27973 (SQL injection exists in Piwigo before 11.4.0 via the language paramete ...)
+ - piwigo <removed>
+CVE-2021-27972
+ RESERVED
+CVE-2021-27971 (Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injec ...)
+ NOT-FOR-US: Alps Alpine Touchpad Driver
+CVE-2021-27970
+ RESERVED
+CVE-2021-27969 (Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "wi ...)
+ NOT-FOR-US: Dolphin CMS
+CVE-2021-27968
+ RESERVED
+CVE-2021-27967
+ RESERVED
+CVE-2021-27966
+ RESERVED
+CVE-2021-27965 (The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2 ...)
+ NOT-FOR-US: MSI Dragon Center
+CVE-2021-27964 (SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File U ...)
+ NOT-FOR-US: SonLogger
+CVE-2021-27963 (SonLogger before 6.4.1 is affected by user creation with any user perm ...)
+ NOT-FOR-US: SonLogger
+CVE-2021-27962 (Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4. ...)
+ - grafana <removed>
+CVE-2021-27961
+ RESERVED
+CVE-2021-27960
+ RESERVED
+CVE-2021-27959
+ RESERVED
+CVE-2021-27958
+ RESERVED
+CVE-2021-27957
+ RESERVED
+CVE-2021-27956 (Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2021-27955
+ RESERVED
+CVE-2021-27954 (A heap-based buffer overflow vulnerability exists on the ecobee3 lite ...)
+ NOT-FOR-US: ecobee3
+CVE-2021-27953 (A NULL pointer dereference vulnerability exists on the ecobee3 lite 4. ...)
+ NOT-FOR-US: ecobee3
+CVE-2021-27952 (Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.20 ...)
+ NOT-FOR-US: ecobee3
+CVE-2021-27951
+ RESERVED
+CVE-2021-27950 (A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through ...)
+ NOT-FOR-US: Sita AzurCMS
+CVE-2021-27949 (Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom mo ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27948 (SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (is ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27947 (SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum f ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27946 (SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27945 (The Squirro Insights Engine was affected by a Reflected Cross-Site Scr ...)
+ NOT-FOR-US: Squirro Insights Engine
+CVE-2021-28039 (An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as u ...)
+ - linux 5.10.24-1 (unimportant)
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-369.html
+CVE-2021-28038 (An issue was discovered in the Linux kernel through 5.11.3, as used wi ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-367.html
+CVE-2021-3422
+ RESERVED
+CVE-2021-3421 (A flaw was found in the RPM package in the read functionality. This fl ...)
+ - rpm 4.16.1.2+dfsg1-1 (bug #985308)
+ [buster] - rpm <no-dsa> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927747
+CVE-2021-27944 (Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E ...)
+ NOT-FOR-US: Vizio
+CVE-2021-27943 (The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 ...)
+ NOT-FOR-US: Vizio
+CVE-2021-27942 (Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a thre ...)
+ NOT-FOR-US: Vizio
+CVE-2021-27941 (Unconstrained Web access to the device's private encryption key in the ...)
+ NOT-FOR-US: eWeLink mobile application
+CVE-2021-27940 (resources/public/js/orchestrator.js in openark orchestrator before 3.2 ...)
+ NOT-FOR-US: openark
+CVE-2021-27939
+ RESERVED
+CVE-2021-27938 (A vulnerability has been identified in the Silverstripe CMS 3 and 4 ve ...)
+ NOT-FOR-US: Silverstripe CMS
+CVE-2021-27937
+ RESERVED
+CVE-2021-27936
+ RESERVED
+CVE-2021-27935 (An issue was discovered in AdGuard before 0.105.2. An attacker able to ...)
+ NOT-FOR-US: AdGuard
+CVE-2021-27934
+ RESERVED
+CVE-2021-27933 (pfSense 2.5.0 allows XSS via the services_wol_edit.php Description fie ...)
+ NOT-FOR-US: pfSense
+CVE-2021-27932
+ RESERVED
+CVE-2021-27931 (LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthent ...)
+ NOT-FOR-US: LumisXP (aka Lumis Experience Platform)
+CVE-2021-27930 (Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which ...)
+ NOT-FOR-US: IrisNext
+CVE-2021-27929
+ RESERVED
+CVE-2021-27928 (A remote code execution issue was discovered in MariaDB 10.2 before 10 ...)
+ {DLA-2605-1}
+ - mariadb-10.5 1:10.5.9-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.29-0+deb10u1
+ - mariadb-10.1 <removed>
+ NOTE: https://jira.mariadb.org/browse/MDEV-25179
+ NOTE: Fixed in MariaDB: 10.5.9, 10.4.18, 10.3.28, 10.2.27
+CVE-2021-27927 (In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ...)
+ - zabbix 1:5.0.8+dfsg-1
+ [buster] - zabbix <no-dsa> (Minor issue)
+ [stretch] - zabbix <not-affected> (Vulnerable code introduced later)
+ NOTE: https://support.zabbix.com/browse/ZBX-18942
+ NOTE: CControllerAuthenticationUpdate introduced by authentication revamp in https://support.zabbix.com/browse/ZBXNEXT-4573 (4.0)
+CVE-2021-27926
+ RESERVED
+CVE-2021-27925 (An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6. ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-27924 (An issue was discovered in Couchbase Server 6.x through 6.6.1. The Cou ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
+ - pillow 8.1.2-1
+ [buster] - pillow <ignored> (Minor issue)
+ [stretch] - pillow <ignored> (Minor issue, risk of regression, _decompression_bomb_check only warned, see CVE-2019-16865)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
+CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
+ - pillow 8.1.2-1
+ [buster] - pillow <ignored> (Minor issue)
+ [stretch] - pillow <ignored> (Minor issue, risk of regression, _decompression_bomb_check only warned, see CVE-2019-16865)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
+CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...)
+ - pillow 8.1.2-1
+ [buster] - pillow <ignored> (Minor issue)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/756fff33128a0b643d10518a26ad04b726dd8973
+ NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/adaa70357662a11cd4b7c0beddaad4e92164c5d9 (5.1.0)
+CVE-2021-27920
+ RESERVED
+CVE-2021-27919 (archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a den ...)
+ - golang-1.16 1.16.3-1
+ - golang-1.15 <not-affected> (Only affects 1.16)
+ NOTE: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
+ NOTE: https://github.com/golang/go/issues/44916
+CVE-2021-27918 (encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infin ...)
+ - golang-1.16 1.16.3-1
+ - golang-1.15 1.15.9-1
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <postponed> (Minor issue, DoS)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <postponed> (Minor issue, DoS)
+ NOTE: https://groups.google.com/g/golang-announce/c/MfiLYjG-RAw
+ NOTE: https://github.com/golang/go/issues/44913
+CVE-2021-3420 (A flaw was found in newlib in versions prior to 4.0.0. Improper overfl ...)
+ - newlib <unfixed> (bug #984446)
+ [bullseye] - newlib <no-dsa> (Minor issue)
+ [buster] - newlib <no-dsa> (Minor issue)
+ [stretch] - newlib <no-dsa> (Minor issue)
+ - picolibc 1.5-1
+ - libnewlib-nano <removed> (bug #984424)
+ [buster] - libnewlib-nano <no-dsa> (Minor issue)
+ NOTE: Fix in picolibc: https://keithp.com/cgit/picolibc.git/commit/newlib/libc/stdlib/mallocr.c?id=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
+ NOTE: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
+CVE-2021-27917
+ RESERVED
+CVE-2021-27916
+ RESERVED
+CVE-2021-27915
+ RESERVED
+CVE-2021-27914
+ RESERVED
+CVE-2021-27913 (The function mt_rand is used to generate session tokens, this function ...)
+ NOT-FOR-US: Mautic
+CVE-2021-27912 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...)
+ NOT-FOR-US: Mautic
+CVE-2021-27911 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS ...)
+ NOT-FOR-US: Mautic
+CVE-2021-27910 (Insufficient sanitization / filtering allows for arbitrary JavaScript ...)
+ NOT-FOR-US: Mautic
+CVE-2021-27909 (For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerabilit ...)
+ NOT-FOR-US: Mautic
+CVE-2021-27908 (In all versions prior to Mautic 3.3.2, secret parameters such as datab ...)
+ NOT-FOR-US: Mautic
+CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the creation of a M ...)
+ NOT-FOR-US: Apache Superset
+CVE-2021-27906 (A carefully crafted PDF file can trigger an OutOfMemory-Exception whil ...)
+ - libpdfbox2-java 2.0.23-1 (bug #986008)
+ [buster] - libpdfbox2-java <no-dsa> (Minor issue)
+ - libpdfbox-java <not-affected> (Only affects 2.x)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/10
+ NOTE: https://issues.apache.org/jira/browse/PDFBOX-5112
+ NOTE: https://github.com/apache/pdfbox/commit/8c47be1011c11dc47300faecffd8ab32fba3646f
+CVE-2021-27905 (The ReplicationHandler (normally registered at "/replication" under a ...)
+ - lucene-solr 3.6.2+dfsg-23
+ [buster] - lucene-solr <ignored> (Minor issue)
+ [stretch] - lucene-solr <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://lists.apache.org/thread.html/r0ddc3a82bd7523b1453cb7a5e09eb5559517145425074a42eb326b10%40%3Cannounce.apache.org%3E
+ NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version
+CVE-2021-27904 (An issue was discovered in app/Model/SharingGroupServer.php in MISP 2. ...)
+ NOT-FOR-US: MISP
+CVE-2021-27903 (An issue was discovered in Craft CMS before 3.6.7. In some circumstanc ...)
+ NOT-FOR-US: Craft CMS
+CVE-2021-27902 (An issue was discovered in Craft CMS before 3.6.0. In some circumstanc ...)
+ NOT-FOR-US: Craft CMS
+CVE-2021-27901 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-27900 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Server
+CVE-2021-27899 (The Proofpoint Insider Threat Management Agents (formerly ObserveIT Ag ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Agents
+CVE-2021-27898
+ RESERVED
+CVE-2021-27897
+ RESERVED
+CVE-2021-27896
+ RESERVED
+CVE-2021-27895
+ RESERVED
+CVE-2021-27894
+ RESERVED
+CVE-2021-27893 (SSH Tectia Client and Server before 6.4.19 on Windows allow local priv ...)
+ NOT-FOR-US: SSH Tectia Client and Server
+CVE-2021-27892 (SSH Tectia Client and Server before 6.4.19 on Windows allow local priv ...)
+ NOT-FOR-US: SSH Tectia Client and Server
+CVE-2021-27891 (SSH Tectia Client and Server before 6.4.19 on Windows have weak key ge ...)
+ NOT-FOR-US: SSH Tectia Client and Server
+CVE-2021-27890 (SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27889 (Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nes ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27888 (ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off ...)
+ NOT-FOR-US: ZendTo
+CVE-2021-27887 (Cross-site Scripting (XSS) vulnerability in the main dashboard of Elli ...)
+ NOT-FOR-US: Ellipse APM
+CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command injection in ...)
+ NOT-FOR-US: rakibtg Docker Dashboard
+CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protect ...)
+ NOT-FOR-US: e107
+CVE-2021-27884 (Weak JSON Web Token (JWT) signing secret generation in YMFE YApi throu ...)
+ NOT-FOR-US: YMFE YApi
+CVE-2021-27883
+ RESERVED
+CVE-2021-27882
+ RESERVED
+CVE-2021-27881
+ RESERVED
+CVE-2021-27880
+ RESERVED
+CVE-2021-27879
+ RESERVED
+CVE-2021-27878 (An issue was discovered in Veritas Backup Exec before 21.2. The commun ...)
+ NOT-FOR-US: Veritas
+CVE-2021-27877 (An issue was discovered in Veritas Backup Exec before 21.2. It support ...)
+ NOT-FOR-US: Veritas
+CVE-2021-27876 (An issue was discovered in Veritas Backup Exec before 21.2. The commun ...)
+ NOT-FOR-US: Veritas
+CVE-2021-3419
+ REJECTED
+CVE-2021-3418 (If certificates that signed grub are installed into db, grub can be bo ...)
+ - grub2 <not-affected> (Vulnerability specific to distributions using shim_lock)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1933757
+CVE-2021-27875
+ RESERVED
+CVE-2021-27874
+ RESERVED
+CVE-2021-27873
+ RESERVED
+CVE-2021-27872
+ RESERVED
+CVE-2021-27871
+ RESERVED
+CVE-2021-27870
+ RESERVED
+CVE-2021-27869
+ RESERVED
+CVE-2021-27868
+ RESERVED
+CVE-2021-27867
+ RESERVED
+CVE-2021-27866
+ RESERVED
+CVE-2021-27865
+ RESERVED
+CVE-2021-27864
+ RESERVED
+CVE-2021-27863
+ RESERVED
+CVE-2021-27862
+ RESERVED
+CVE-2021-27861
+ RESERVED
+CVE-2021-27860 (A vulnerability in the web management interface of FatPipe WARP, IPVPN ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27859 (A missing authorization vulnerability in the web management interface ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27858 (A missing authorization vulnerability in the web management interface ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27857 (A missing authorization vulnerability in the web management interface ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27856 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27855 (FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 ...)
+ NOT-FOR-US: FatPipe
+CVE-2021-27854
+ RESERVED
+CVE-2021-27853
+ RESERVED
+CVE-2021-27852 (Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of ...)
+ NOT-FOR-US: Checkbox Survey
+CVE-2021-27850 (A critical unauthenticated remote code execution vulnerability was fou ...)
+ NOT-FOR-US: Apache Tapestry
+CVE-2021-27849
+ RESERVED
+CVE-2021-27848
+ RESERVED
+CVE-2021-27847 (Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_ ...)
+ - vips 8.8.3-1
+ [buster] - vips <no-dsa> (Minor issue)
+ [stretch] - vips <no-dsa> (Minor issue)
+ NOTE: https://github.com/libvips/libvips/issues/1236
+ NOTE: https://github.com/libvips/libvips/commit/2fb81b8ed6a4a6b2385f3efbb0412f24f80163c4 (v8.8.0-rc1)
+ NOTE: https://github.com/libvips/libvips/commit/65a259a0258b2036b168cdeff6e9db434471225a (v8.8.0-rc1)
+CVE-2021-27846
+ RESERVED
+CVE-2021-27845 (A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2 ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/194
+CVE-2021-27844
+ RESERVED
+CVE-2021-27843
+ RESERVED
+CVE-2021-27842
+ RESERVED
+CVE-2021-27841
+ RESERVED
+CVE-2021-27840
+ RESERVED
+CVE-2021-27839 (A CSV injection vulnerability found in Online Invoicing System (OIS) 4 ...)
+ NOT-FOR-US: Online Invoicing System (OIS)
+CVE-2021-27838
+ RESERVED
+CVE-2021-27837
+ RESERVED
+CVE-2021-27836 (An issue was discoverered in in function xls_getWorkSheet in xls.c in ...)
+ - r-cran-readxl <unfixed> (unimportant)
+ NOTE: https://github.com/libxls/libxls/issues/94
+ NOTE: Negligible security impact
+CVE-2021-27835
+ RESERVED
+CVE-2021-27834
+ RESERVED
+CVE-2021-27833
+ RESERVED
+CVE-2021-27832
+ RESERVED
+CVE-2021-27831
+ RESERVED
+CVE-2021-27830
+ RESERVED
+CVE-2021-27829
+ RESERVED
+CVE-2021-27828 (SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify o ...)
+ NOT-FOR-US: In4Suite ERP
+CVE-2021-27827
+ RESERVED
+CVE-2021-27826
+ RESERVED
+CVE-2021-27825
+ RESERVED
+CVE-2021-27824
+ RESERVED
+CVE-2021-27823 (An information disclosure vulnerability was discovered in /index.class ...)
+ NOT-FOR-US: NetWave
+CVE-2021-27822 (A persistent cross site scripting (XSS) vulnerability in the Add Categ ...)
+ NOT-FOR-US: Vehicle Parking Management System
+CVE-2021-27821 (The Web Interface for OpenWRT LuCI version 19.07 and lower has been di ...)
+ NOT-FOR-US: OpenWRT LuCI
+CVE-2021-27820
+ RESERVED
+CVE-2021-27819
+ RESERVED
+CVE-2021-27818
+ RESERVED
+CVE-2021-27817 (A remote command execution vulnerability in shopxo 1.9.3 allows an att ...)
+ NOT-FOR-US: shopxo
+CVE-2021-27816
+ RESERVED
+CVE-2021-27815 (NULL Pointer Deference in the exif command line tool, when printing ou ...)
+ - exif <unfixed> (unimportant)
+ NOTE: https://github.com/libexif/exif/commit/f6334d9d32437ef13dc902f0a88a2be0063d9d1c
+ NOTE: https://github.com/libexif/exif/issues/4
+CVE-2021-27814
+ RESERVED
+CVE-2021-27813
+ RESERVED
+CVE-2021-27812
+ RESERVED
+CVE-2021-27811 (A code injection vulnerability has been discovered in the Upgrade func ...)
+ NOT-FOR-US: QibosoftX1
+CVE-2021-27810
+ RESERVED
+CVE-2021-27809
+ RESERVED
+CVE-2021-27808
+ RESERVED
+CVE-2021-27807 (A carefully crafted PDF file can trigger an infinite loop while loadin ...)
+ - libpdfbox2-java 2.0.23-1 (bug #986006)
+ [buster] - libpdfbox2-java <no-dsa> (Minor issue)
+ - libpdfbox-java <not-affected> (Only affects 2.x)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/9
+CVE-2021-27806
+ RESERVED
+CVE-2021-27805
+ RESERVED
+CVE-2021-27804 (JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. ...)
+ - jpeg-xl <itp> (bug #948862)
+CVE-2021-27802
+ REJECTED
+CVE-2021-27801
+ RESERVED
+CVE-2021-27800
+ RESERVED
+CVE-2021-27799 (ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 ...)
+ - zint 2.9.1-1.1 (bug #983610)
+ NOTE: https://sourceforge.net/p/zint/tickets/218/
+ NOTE: https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/
+CVE-2021-27798
+ RESERVED
+CVE-2021-27797 (Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all v ...)
+ NOT-FOR-US: Brocade
+CVE-2021-27796 (A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS ...)
+ NOT-FOR-US: Brocade
+CVE-2021-27795
+ RESERVED
+CVE-2021-27794 (A vulnerability in the authentication mechanism of Brocade Fabric OS v ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2021-27793 (ntermittent authorization failure in aaa tacacs+ with Brocade Fabric O ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2021-27792 (The request handling functions in web management interface of Brocade ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2021-27791 (The function that is used to parse the Authentication header in Brocad ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2021-27790 (The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9 ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2021-27789
+ RESERVED
+CVE-2021-27788
+ RESERVED
+CVE-2021-27787
+ RESERVED
+CVE-2021-27786
+ RESERVED
+CVE-2021-27785
+ RESERVED
+CVE-2021-27784
+ RESERVED
+CVE-2021-27783
+ RESERVED
+CVE-2021-27782
+ RESERVED
+CVE-2021-27781
+ RESERVED
+CVE-2021-27780
+ RESERVED
+CVE-2021-27779
+ RESERVED
+CVE-2021-27778
+ RESERVED
+CVE-2021-27777
+ RESERVED
+CVE-2021-27776
+ RESERVED
+CVE-2021-27775
+ RESERVED
+CVE-2021-27774
+ RESERVED
+CVE-2021-27773
+ RESERVED
+CVE-2021-27772
+ RESERVED
+CVE-2021-27771
+ RESERVED
+CVE-2021-27770
+ RESERVED
+CVE-2021-27769
+ RESERVED
+CVE-2021-27768
+ RESERVED
+CVE-2021-27767
+ RESERVED
+CVE-2021-27766
+ RESERVED
+CVE-2021-27765
+ RESERVED
+CVE-2021-27764
+ RESERVED
+CVE-2021-27763
+ RESERVED
+CVE-2021-27762
+ RESERVED
+CVE-2021-27761
+ RESERVED
+CVE-2021-27760
+ RESERVED
+CVE-2021-27759
+ RESERVED
+CVE-2021-27758
+ RESERVED
+CVE-2021-27757
+ RESERVED
+CVE-2021-27756
+ RESERVED
+CVE-2021-27755 ("Sametime Android potential path traversal vulnerability when using Fi ...)
+ NOT-FOR-US: HCL
+CVE-2021-27754
+ RESERVED
+CVE-2021-27753 ("Sametime Android PathTraversal Vulnerability" ...)
+ NOT-FOR-US: HCL
+CVE-2021-27752
+ RESERVED
+CVE-2021-27751
+ RESERVED
+CVE-2021-27750
+ RESERVED
+CVE-2021-27749
+ RESERVED
+CVE-2021-27748
+ RESERVED
+CVE-2021-27747
+ RESERVED
+CVE-2021-27746 ("HCL Connections Security Update for Reflected Cross-Site Scripting (X ...)
+ NOT-FOR-US: HCL
+CVE-2021-27745
+ RESERVED
+CVE-2021-27744
+ RESERVED
+CVE-2021-27743
+ RESERVED
+CVE-2021-27742
+ RESERVED
+CVE-2021-27741 (" Security vulnerability in HCL Commerce Management Center allowing XM ...)
+ NOT-FOR-US: HCL
+CVE-2021-27740
+ RESERVED
+CVE-2021-27739
+ RESERVED
+CVE-2021-27738 (All request mappings in `StreamingCoordinatorController.java` handling ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
+CVE-2021-27737 (Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on th ...)
+ - trafficserver <not-affected> (Only affects 9.x)
+CVE-2021-27803 (A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant b ...)
+ {DSA-4898-1 DLA-2581-1}
+ - wpa 2:2.9.0-21
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/25/3
+ NOTE: https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
+ NOTE: https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
+CVE-2021-3417 (An internal product security audit of LXCO, prior to version 1.2.2, di ...)
+ NOT-FOR-US: Lenovo
+CVE-2021-3416 (A potential stack overflow via infinite loop issue was found in variou ...)
+ {DLA-2623-1}
+ - qemu 1:5.2+dfsg-9 (bug #984448)
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07431.html
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07484.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e73adfbeec9d4e008630c814759052ed945c3fed
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=331d2ac9ea307c990dc86e6493e8f0c48d14bb33
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1caff0340f49c93d535c6558a5138d20d475315c
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=705df5466c98f3efdd2b68d3b31dad86858acad7
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=37cee01784ff0df13e5209517e1b3594a5e792d1
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=26194a58f4eb83c5bdf4061a1628508084450ba1
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=99ccfaa1edafd79f7a3a0ff7b58ae4da7c514928
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5311fb805a4403bba024e83886fa0e7572265de4
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8c92060d3c0248bd4d515719a35922cd2391b9b4
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8c552542b81e56ff532dd27ec6e5328954bdda73
+CVE-2021-27736 (FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a for ...)
+ NOT-FOR-US: fusionauth-samlv2
+CVE-2021-27735
+ RESERVED
+CVE-2021-27734 (Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSe ...)
+ NOT-FOR-US: Hirschmann HiOS
+CVE-2021-27733 (In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-27732
+ RESERVED
+CVE-2021-27731 (Accellion FTA 9_12_432 and earlier is affected by stored XSS via a cra ...)
+ NOT-FOR-US: Accellion FTA
+CVE-2021-27730 (Accellion FTA 9_12_432 and earlier is affected by argument injection v ...)
+ NOT-FOR-US: Accellion FTA
+CVE-2021-27729
+ RESERVED
+CVE-2021-27728
+ RESERVED
+CVE-2021-27727
+ RESERVED
+CVE-2021-27726
+ RESERVED
+CVE-2021-27725
+ RESERVED
+CVE-2021-27724
+ RESERVED
+CVE-2021-27723
+ REJECTED
+CVE-2021-27722 (An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The progr ...)
+ NOT-FOR-US: Nsasoft US LLC SpotAuditor
+CVE-2021-27721
+ RESERVED
+CVE-2021-27720
+ RESERVED
+CVE-2021-27719
+ RESERVED
+CVE-2021-27718
+ RESERVED
+CVE-2021-27717
+ RESERVED
+CVE-2021-27716
+ RESERVED
+CVE-2021-27715
+ RESERVED
+CVE-2021-27714
+ RESERVED
+CVE-2021-27713
+ RESERVED
+CVE-2021-27712
+ RESERVED
+CVE-2021-27711
+ RESERVED
+CVE-2021-27710 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...)
+ NOT-FOR-US: TOTOLINK X5000R router
+CVE-2021-27709
+ RESERVED
+CVE-2021-27708 (Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118 ...)
+ NOT-FOR-US: TOTOLINK X5000R router
+CVE-2021-27707 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-27706 (Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.1 ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-27705 (Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9 ...)
+ NOT-FOR-US: Tenda routers
+CVE-2021-27704
+ RESERVED
+CVE-2021-27703
+ RESERVED
+CVE-2021-27702
+ RESERVED
+CVE-2021-27701
+ RESERVED
+CVE-2021-27700
+ RESERVED
+CVE-2021-27699
+ RESERVED
+CVE-2021-27698 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/g ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-27697 (RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gn ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-27696
+ RESERVED
+CVE-2021-27695 (Multiple stored cross-site scripting (XSS) vulnerabilities in openMAIN ...)
+ NOT-FOR-US: openMAINT
+CVE-2021-27694
+ RESERVED
+CVE-2021-27693
+ RESERVED
+CVE-2021-27692 (Command Injection in Tenda G1 and G3 routers with firmware versions v1 ...)
+ NOT-FOR-US: Tenda
+CVE-2021-27691 (Command Injection in Tenda G0 routers with firmware versions v15.11.0. ...)
+ NOT-FOR-US: Tenda
+CVE-2021-27690
+ RESERVED
+CVE-2021-27689
+ RESERVED
+CVE-2021-27688
+ RESERVED
+CVE-2021-27687
+ RESERVED
+CVE-2021-27686
+ RESERVED
+CVE-2021-27685
+ RESERVED
+CVE-2021-27684
+ RESERVED
+CVE-2021-27683
+ RESERVED
+CVE-2021-27682
+ RESERVED
+CVE-2021-27681
+ RESERVED
+CVE-2021-27680
+ RESERVED
+CVE-2021-27679 (Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS ...)
+ NOT-FOR-US: Batflat CMS
+CVE-2021-27678 (Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1. ...)
+ NOT-FOR-US: Batflat CMS
+CVE-2021-27677 (Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1 ...)
+ NOT-FOR-US: Batflat CMS
+CVE-2021-27676 (Centreon version 20.10.2 is affected by a cross-site scripting (XSS) v ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-27675
+ RESERVED
+CVE-2021-27674
+ RESERVED
+CVE-2021-27673 (Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of ...)
+ NOT-FOR-US: Tribal Systems Zenario CMS
+CVE-2021-27672 (SQL Injection in the "admin_boxes.ajax.php" component of Tribal System ...)
+ NOT-FOR-US: Tribal Systems Zenario CMS
+CVE-2021-27671 (An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS ...)
+ NOT-FOR-US: comrak rust crate
+CVE-2021-27670 (Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url ...)
+ NOT-FOR-US: Appspace
+CVE-2021-27669
+ RESERVED
+CVE-2021-27668 (HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of lic ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-27667
+ RESERVED
+CVE-2021-27666
+ RESERVED
+ NOT-FOR-US: Android
+CVE-2021-27665 (An unauthenticated remote user could exploit a potential integer overf ...)
+ NOT-FOR-US: Johnson Controls
+CVE-2021-27664 (Under certain configurations an unauthenticated remote user could be g ...)
+ NOT-FOR-US: exacqVision
+CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM ...)
+ NOT-FOR-US: Johnson Controls
+CVE-2021-27662 (The KT-1 door controller is susceptible to replay or man-in-the-middle ...)
+ NOT-FOR-US: KT-1 door controller
+CVE-2021-27661 (Successful exploitation of this vulnerability could give an authentica ...)
+ NOT-FOR-US: Facility Explorer SNC Series Supervisory Controller
+CVE-2021-27660 (An insecure client auto update feature in C-CURE 9000 can allow remote ...)
+ NOT-FOR-US: C-CURE 9000
+CVE-2021-27659 (exacqVision Web Service 21.03 does not sufficiently validate, filter, ...)
+ NOT-FOR-US: exacqVision Web Service
+CVE-2021-27658 (exacqVision Enterprise Manager 20.12 does not sufficiently validate, f ...)
+ NOT-FOR-US: exacqVision Enterprise Manager
+CVE-2021-27657 (Successful exploitation of this vulnerability could give an authentica ...)
+ NOT-FOR-US: Johnson Controls Metasys
+CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior could a ...)
+ NOT-FOR-US: exacqVision Web Service
+CVE-2021-27655
+ RESERVED
+CVE-2021-27654 (Forgotten password reset functionality for local accounts can be used ...)
+ NOT-FOR-US: Pega
+CVE-2021-27653 (Misconfiguration of the Pega Chat Access Group portal in Pega platform ...)
+ NOT-FOR-US: Pega
+CVE-2021-27652
+ RESERVED
+CVE-2021-27651 (In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset f ...)
+ NOT-FOR-US: Pega
+CVE-2021-3415
+ RESERVED
+CVE-2021-27650
+ RESERVED
+CVE-2021-27649 (Use after free vulnerability in file transfer protocol component in Sy ...)
+ NOT-FOR-US: Synology
+CVE-2021-27648 (Externally controlled reference to a resource in another sphere in qua ...)
+ NOT-FOR-US: Synology
+CVE-2021-27647 (Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synolo ...)
+ NOT-FOR-US: Synology
+CVE-2021-27646 (Use After Free vulnerability in iscsi_snapshot_comm_core in Synology D ...)
+ NOT-FOR-US: Synology
+CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka glibc o ...)
+ - glibc 2.31-10 (bug #983479)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27462
+ NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=745664bd798ec8fd50438605948eea594179fba1 (glibc-2.29)
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673
+ NOTE: Introducing commit present in Debian since 2.28-1 with addition of
+ NOTE: https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919
+CVE-2021-27644 (In Apache DolphinScheduler before 1.3.6 versions, authorized users can ...)
+ NOT-FOR-US: Apache DolphinScheduler
+CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-27641 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-27640 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-27639 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-27638 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-27637 (Under certain conditions SAP Enable Now (SAP Workforce Performance Bui ...)
+ NOT-FOR-US: SAP
+CVE-2021-27636
+ RESERVED
+CVE-2021-27635 (SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, al ...)
+ NOT-FOR-US: SAP
+CVE-2021-27634 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27633 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27632 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27631 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27630 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27629 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27628 (SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - K ...)
+ NOT-FOR-US: SAP
+CVE-2021-27627 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27626 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27625 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27624 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27623 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27622 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27621 (Information Disclosure vulnerability in UserAdmin application in SAP N ...)
+ NOT-FOR-US: SAP
+CVE-2021-27620 (SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27619 (SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27618 (The Integration Builder Framework of SAP Process Integration versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27617 (The Integration Builder Framework of SAP Process Integration versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27616 (Under certain conditions, SAP Business One Hana Chef Cookbook, version ...)
+ NOT-FOR-US: SAP
+CVE-2021-27615 (SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does n ...)
+ NOT-FOR-US: SAP
+CVE-2021-27614 (SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27613 (Under certain conditions, SAP Business One Chef cookbook, version - 9. ...)
+ NOT-FOR-US: SAP
+CVE-2021-27612 (In specific situations SAP GUI for Windows until and including 7.60 PL ...)
+ NOT-FOR-US: SAP
+CVE-2021-27611 (SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a hig ...)
+ NOT-FOR-US: SAP
+CVE-2021-27610 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, ...)
+ NOT-FOR-US: SAP
+CVE-2021-27609 (SAP Focused RUN versions 200, 300, does not perform necessary authoriz ...)
+ NOT-FOR-US: SAP
+CVE-2021-27608 (An unquoted service path in SAPSetup, version - 9.0, could lead to pri ...)
+ NOT-FOR-US: SAPSetup
+CVE-2021-27607 (SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - K ...)
+ NOT-FOR-US: SAP
+CVE-2021-27606 (SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27605 (SAP's HCM Travel Management Fiori Apps V2, version - 608, does not per ...)
+ NOT-FOR-US: SAP
+CVE-2021-27604 (In order to prevent XML External Entity vulnerability in SAP NetWeaver ...)
+ NOT-FOR-US: SAP
+CVE-2021-27603 (An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABA ...)
+ NOT-FOR-US: SAP
+CVE-2021-27602 (SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice appl ...)
+ NOT-FOR-US: SAP
+CVE-2021-27601 (SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a ...)
+ NOT-FOR-US: SAP
+CVE-2021-27600 (SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15. ...)
+ NOT-FOR-US: SAP
+CVE-2021-27599 (SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Int ...)
+ NOT-FOR-US: SAP
+CVE-2021-27598 (SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions ...)
+ NOT-FOR-US: SAP
+CVE-2021-27597 (SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7 ...)
+ NOT-FOR-US: SAP
+CVE-2021-27596 (When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) fil ...)
+ NOT-FOR-US: SAP
+CVE-2021-27595 (When a user opens manipulated Portable Document Format (.PDF) files re ...)
+ NOT-FOR-US: SAP
+CVE-2021-27594 (When a user opens manipulated Windows Bitmap (.BMP) files received fro ...)
+ NOT-FOR-US: SAP
+CVE-2021-27593 (When a user opens manipulated Graphics Interchange Format (.GIF) files ...)
+ NOT-FOR-US: SAP
+CVE-2021-27592 (When a user opens manipulated Universal 3D (.U3D) files received from ...)
+ NOT-FOR-US: SAP
+CVE-2021-27591 (When a user opens manipulated Portable Document Format (.PDF) format f ...)
+ NOT-FOR-US: SAP
+CVE-2021-27590 (When a user opens manipulated Tag Image File Format (.TIFF) format fil ...)
+ NOT-FOR-US: SAP
+CVE-2021-27589 (When a user opens manipulated Scalable Vector Graphics (.SVG) format f ...)
+ NOT-FOR-US: SAP
+CVE-2021-27588 (When a user opens manipulated HPGL format files received from untruste ...)
+ NOT-FOR-US: SAP
+CVE-2021-27587 (When a user opens manipulated Jupiter Tessellation (.JT) format files ...)
+ NOT-FOR-US: SAP
+CVE-2021-27586 (When a user opens manipulated Interchange File Format (.IFF) format fi ...)
+ NOT-FOR-US: SAP
+CVE-2021-27585 (When a user opens manipulated Computer Graphics Metafile (.CGM) format ...)
+ NOT-FOR-US: SAP
+CVE-2021-27584 (When a user opens manipulated PhotoShop Document (.PSD) format files r ...)
+ NOT-FOR-US: SAP
+CVE-2021-27583 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
+ NOT-FOR-US: Directus
+CVE-2021-27582 (org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Co ...)
+ NOT-FOR-US: OpenID Connect server implementation for MITREid Connect
+CVE-2021-27581 (The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL inject ...)
+ NOT-FOR-US: Kentico CMS
+CVE-2021-27580
+ RESERVED
+CVE-2021-27579 (Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on ...)
+ NOT-FOR-US: Snow Inventory Agent
+CVE-2021-27578 (Cross Site Scripting vulnerability in markdown interpreter of Apache Z ...)
+ NOT-FOR-US: Apache Zeppelin
+CVE-2021-27577 (Incorrect handling of url fragment vulnerability of Apache Traffic Ser ...)
+ {DSA-4957-1}
+ - trafficserver 8.1.1+ds-1.1 (bug #990303)
+ NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E
+ NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x)
+ NOTE: https://github.com/apache/trafficserver/commit/2b13eb33794574e62249997b4ba654d943a10f2d (master)
+ NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x)
+CVE-2021-27576 (If was found that the NetTest web service can be used to overload the ...)
+ NOT-FOR-US: Apache OpenMeetings
+CVE-2021-27575
+ RESERVED
+CVE-2021-27574 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses ...)
+ NOT-FOR-US: Emote Remote Mouse
+CVE-2021-27573 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote ...)
+ NOT-FOR-US: Emote Remote Mouse
+CVE-2021-27572 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authent ...)
+ NOT-FOR-US: Emote Remote Mouse
+CVE-2021-27571 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attacke ...)
+ NOT-FOR-US: Emote Remote Mouse
+CVE-2021-27570 (An issue was discovered in Emote Remote Mouse through 3.015. Attackers ...)
+ NOT-FOR-US: Emote Remote Mouse
+CVE-2021-27569 (An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attacke ...)
+ NOT-FOR-US: Emote Remote Mouse
+CVE-2021-27568 (An issue was discovered in netplex json-smart-v1 through 2015-10-23 an ...)
+ NOT-FOR-US: netplex
+CVE-2021-27567
+ RESERVED
+CVE-2021-27566
+ RESERVED
+CVE-2021-3414
+ RESERVED
+ NOT-FOR-US: Red Hat Satellite
+CVE-2021-27565 (The web server in InterNiche NicheStack through 4.0.1 allows remote at ...)
+ NOT-FOR-US: InterNiche NicheStack
+CVE-2021-27564 (A stored XSS issue exists in Appspace 6.2.4. After a user is authentic ...)
+ NOT-FOR-US: Appspace
+CVE-2021-27563
+ RESERVED
+CVE-2021-27562 (In Arm Trusted Firmware M through 1.2, the NS world may trigger a syst ...)
+ NOT-FOR-US: Arm Trusted Firmware M
+CVE-2021-27561 (Yealink Device Management (DM) 3.6.0.20 allows command injection as ro ...)
+ NOT-FOR-US: Yealink Device Management
+CVE-2021-27560
+ RESERVED
+CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the Nickname f ...)
+ NOT-FOR-US: Monica
+CVE-2021-27558 (A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows re ...)
+ NOT-FOR-US: EasyCorp ZenTao
+CVE-2021-27557 (A cross-site request forgery (CSRF) vulnerability in the Cron job tab ...)
+ NOT-FOR-US: EasyCorp ZenTao
+CVE-2021-27556 (The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (wh ...)
+ NOT-FOR-US: EasyCorp ZenTao
+CVE-2021-27555
+ RESERVED
+CVE-2021-27554
+ RESERVED
+CVE-2021-27553
+ RESERVED
+CVE-2021-27552
+ RESERVED
+CVE-2021-27551
+ RESERVED
+CVE-2021-27550 (Polaris Office v9.102.66 is affected by a divide-by-zero error in Pola ...)
+ NOT-FOR-US: Polaris Office
+CVE-2021-27549 (** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipb ...)
+ NOT-FOR-US: Genymotion Desktop
+CVE-2021-27548
+ RESERVED
+CVE-2021-27547
+ RESERVED
+CVE-2021-27546
+ RESERVED
+CVE-2021-27545 (SQL Injection in the "add-services.php" component of PHPGurukul Beauty ...)
+ NOT-FOR-US: PHPGurukul Beauty Parlour Management System
+CVE-2021-27544 (Cross Site Scripting (XSS) in the "add-services.php" component of PHPG ...)
+ NOT-FOR-US: PHPGurukul Beauty Parlour Management System
+CVE-2021-27543
+ RESERVED
+CVE-2021-27542
+ RESERVED
+CVE-2021-27541
+ RESERVED
+CVE-2021-27540
+ RESERVED
+CVE-2021-27539
+ RESERVED
+CVE-2021-27538
+ RESERVED
+CVE-2021-27537
+ RESERVED
+CVE-2021-27536
+ RESERVED
+CVE-2021-27535
+ RESERVED
+CVE-2021-27534
+ RESERVED
+CVE-2021-27533
+ RESERVED
+CVE-2021-27532
+ RESERVED
+CVE-2021-27531 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ NOT-FOR-US: DynPG
+CVE-2021-27530 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ NOT-FOR-US: DynPG
+CVE-2021-27529 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ NOT-FOR-US: DynPG
+CVE-2021-27528 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ NOT-FOR-US: DynPG
+CVE-2021-27527 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ NOT-FOR-US: DynPG
+CVE-2021-27526 (A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allo ...)
+ NOT-FOR-US: DynPG
+CVE-2021-27525
+ RESERVED
+CVE-2021-27524
+ RESERVED
+CVE-2021-27523
+ RESERVED
+CVE-2021-27522 (Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability ...)
+ NOT-FOR-US: Learnsite
+CVE-2021-27521
+ RESERVED
+CVE-2021-27520 (A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote att ...)
+ NOT-FOR-US: FUDForum
+CVE-2021-27519 (A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote att ...)
+ NOT-FOR-US: FUDForum
+CVE-2021-27518
+ RESERVED
+CVE-2021-27517 (Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary Jav ...)
+ NOT-FOR-US: Foxit
+CVE-2021-27516 (URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash ...)
+ NOT-FOR-US: urijs
+CVE-2021-27515 (url-parse before 1.5.0 mishandles certain uses of backslash such as ht ...)
+ - node-url-parse 1.5.1-1 (bug #985110)
+ [buster] - node-url-parse <no-dsa> (Minor issue)
+ [stretch] - node-url-parse <no-dsa> (Minor issue)
+ NOTE: https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0 (1.5.0)
+ NOTE: https://github.com/unshiftio/url-parse/pull/197
+CVE-2021-27514 (EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for th ...)
+ NOT-FOR-US: EyesOfNetwork (EON)
+CVE-2021-27513 (The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authentica ...)
+ NOT-FOR-US: EyesOfNetwork (EON)
+CVE-2021-27512
+ RESERVED
+CVE-2021-27511
+ RESERVED
+CVE-2021-27510
+ RESERVED
+CVE-2021-27509 (In Visualware MyConnection Server before 11.0b build 5382, each publis ...)
+ NOT-FOR-US: Visualware MyConnection Server
+CVE-2021-27508
+ RESERVED
+CVE-2021-27507
+ RESERVED
+CVE-2021-27506 (The ClamAV Engine (version 0.103.1 and below) component embedded in St ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-27505
+ RESERVED
+CVE-2021-27504
+ RESERVED
+CVE-2021-27503 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
+ NOT-FOR-US: Ypsomed
+CVE-2021-27502
+ RESERVED
+CVE-2021-27501
+ RESERVED
+CVE-2021-27500
+ RESERVED
+CVE-2021-27499 (Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: ...)
+ NOT-FOR-US: Ypsomed
+CVE-2021-27498
+ RESERVED
+CVE-2021-27497
+ RESERVED
+CVE-2021-27496 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
+ NOT-FOR-US: Datakit
+CVE-2021-27495 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...)
+ NOT-FOR-US: Ypsomed
+CVE-2021-27494 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
+ NOT-FOR-US: Datakit
+CVE-2021-27493
+ RESERVED
+CVE-2021-27492 (When opening a specially crafted 3DXML file, the application containin ...)
+ NOT-FOR-US: Datakit
+CVE-2021-27491 (Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,A ...)
+ NOT-FOR-US: Ypsomed
+CVE-2021-27490 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
+ NOT-FOR-US: Datakit
+CVE-2021-27489 (ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allo ...)
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
+CVE-2021-27488 (Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, ...)
+ NOT-FOR-US: Datakit
+CVE-2021-27487 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products co ...)
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
+CVE-2021-27486 (FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to ...)
+ NOT-FOR-US: Fatek Automation WinProladder
+CVE-2021-27485 (ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows us ...)
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
+CVE-2021-27484
+ RESERVED
+CVE-2021-27483 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products con ...)
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
+CVE-2021-27482
+ RESERVED
+CVE-2021-27481 (ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products ut ...)
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
+CVE-2021-27480 (Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnera ...)
+ NOT-FOR-US: Delta Industrial Automation COMMGR
+CVE-2021-27479 (ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product&#821 ...)
+ NOT-FOR-US: ZOLL Defibrillator Dashboard
+CVE-2021-27478
+ RESERVED
+CVE-2021-27477 (When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus ...)
+ NOT-FOR-US: JTEKT
+CVE-2021-27476
+ RESERVED
+CVE-2021-27475
+ RESERVED
+CVE-2021-27474
+ RESERVED
+CVE-2021-27473
+ RESERVED
+CVE-2021-27472
+ RESERVED
+CVE-2021-27471
+ RESERVED
+CVE-2021-27470
+ RESERVED
+CVE-2021-27469
+ RESERVED
+CVE-2021-27468
+ RESERVED
+CVE-2021-27467 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ NOT-FOR-US: Emerson
+CVE-2021-27466
+ RESERVED
+CVE-2021-27465 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ NOT-FOR-US: Emerson
+CVE-2021-27464
+ RESERVED
+CVE-2021-27463 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ NOT-FOR-US: Emerson
+CVE-2021-27462
+ RESERVED
+CVE-2021-27461 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ NOT-FOR-US: Emerson
+CVE-2021-27460
+ RESERVED
+CVE-2021-27459 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ NOT-FOR-US: Emerson
+CVE-2021-27458 (If Ethernet communication of the JTEKT Corporation TOYOPUC product ser ...)
+ NOT-FOR-US: JTEKT Corporation TOYOPUC
+CVE-2021-27457 (A vulnerability has been found in multiple revisions of Emerson Rosemo ...)
+ NOT-FOR-US: Emerson
+CVE-2021-27456
+ RESERVED
+CVE-2021-27455 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-27454 (The software performs an operation at a privilege level higher than th ...)
+ NOT-FOR-US: GE
+CVE-2021-27453 (Mesa Labs AmegaView Versions 3.0 uses default cookies that could be se ...)
+ NOT-FOR-US: Mesa Labs
+CVE-2021-27452 (The software contains a hard-coded password that could allow an attack ...)
+ NOT-FOR-US: GE
+CVE-2021-27451 (Mesa Labs AmegaView Versions 3.0 and prior&#8217;s passcode is generat ...)
+ NOT-FOR-US: Mesa Labs
+CVE-2021-27450 (SSH server configuration file does not implement some best practices. ...)
+ NOT-FOR-US: GE
+CVE-2021-27449 (Mesa Labs AmegaView Versions 3.0 and prior has a command injection vul ...)
+ NOT-FOR-US: Mesa Labs
+CVE-2021-27448 (A miscommunication in the file system allows adversaries with access t ...)
+ NOT-FOR-US: GE
+CVE-2021-27447 (Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, ...)
+ NOT-FOR-US: Mesa Labs
+CVE-2021-27446
+ RESERVED
+CVE-2021-27445 (Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissio ...)
+ NOT-FOR-US: Mesa Labs
+CVE-2021-27444
+ RESERVED
+CVE-2021-27443
+ RESERVED
+CVE-2021-27442
+ RESERVED
+CVE-2021-27441
+ RESERVED
+CVE-2021-27440 (The software contains a hard-coded password it uses for its own inboun ...)
+ NOT-FOR-US: GE
+CVE-2021-27439
+ RESERVED
+CVE-2021-27438 (The software contains a hard-coded password it uses for its own inboun ...)
+ NOT-FOR-US: GE
+CVE-2021-27437 (The affected product allows attackers to obtain sensitive information ...)
+ NOT-FOR-US: WISE-PaaS
+CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scr ...)
+ NOT-FOR-US: WebAccess/SCADA
+CVE-2021-27435
+ RESERVED
+CVE-2021-27434 (Products with Unified Automation .NET based OPC UA Client/Server SDK B ...)
+ NOT-FOR-US: Unified Automation .NET
+CVE-2021-27433
+ RESERVED
+CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC U ...)
+ NOT-FOR-US: OPC Foundation UA .NET
+CVE-2021-27431
+ RESERVED
+CVE-2021-27430
+ RESERVED
+CVE-2021-27429
+ RESERVED
+CVE-2021-27428
+ RESERVED
+CVE-2021-27427
+ RESERVED
+CVE-2021-27426
+ RESERVED
+CVE-2021-27425
+ RESERVED
+CVE-2021-27424
+ RESERVED
+CVE-2021-27423
+ RESERVED
+CVE-2021-27422
+ RESERVED
+CVE-2021-27421
+ RESERVED
+CVE-2021-27420
+ RESERVED
+CVE-2021-27419
+ RESERVED
+CVE-2021-27418
+ RESERVED
+CVE-2021-27417
+ RESERVED
+CVE-2021-27416
+ RESERVED
+CVE-2021-27415
+ RESERVED
+CVE-2021-27414
+ RESERVED
+CVE-2021-27413 (Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0 ...)
+ NOT-FOR-US: Omron CX-One
+CVE-2021-27412 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-27411
+ RESERVED
+CVE-2021-27410 (The affected product is vulnerable to an out-of-bounds write, which ma ...)
+ NOT-FOR-US: Welch Allyn
+CVE-2021-27409
+ RESERVED
+CVE-2021-27408 (The affected product is vulnerable to an out-of-bounds read, which can ...)
+ NOT-FOR-US: Welch Allyn
+CVE-2021-27407
+ RESERVED
+CVE-2021-27406
+ RESERVED
+CVE-2021-27405 (A ReDoS (regular expression denial of service) flaw was found in the @ ...)
+ NOT-FOR-US: Node scrapbox-parser
+CVE-2021-27404 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injec ...)
+ NOT-FOR-US: Askey devices
+CVE-2021-27403 (Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-b ...)
+ NOT-FOR-US: Askey devices
+CVE-2021-27402 (The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an u ...)
+ NOT-FOR-US: Mitel
+CVE-2021-27401 (The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 coul ...)
+ NOT-FOR-US: Mitel
+CVE-2021-27400 (HashiCorp Vault and Vault Enterprise Cassandra integrations (storage b ...)
+ NOT-FOR-US: HashiCorp Vault and Vault Enterprise
+CVE-2021-3413 (A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm ...)
+ NOT-FOR-US: Red Hat Satellite
+CVE-2021-3412 (It was found that all versions of 3Scale developer portal lacked brute ...)
+ NOT-FOR-US: Red Hat 3scale API Management
+CVE-2021-27399 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...)
+ NOT-FOR-US: Simcenter (Siemens)
+CVE-2021-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ NOT-FOR-US: Tecnomatix Plant Simulation
+CVE-2021-27397 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ NOT-FOR-US: Tecnomatix Plant Simulation
+CVE-2021-27396 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...)
+ NOT-FOR-US: Tecnomatix Plant Simulation
+CVE-2021-27395 (A vulnerability has been identified in SIMATIC Process Historian 2013 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27394 (A vulnerability has been identified in Mendix Applications using Mendi ...)
+ NOT-FOR-US: Mendix Applications (Siemens)
+CVE-2021-27393 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2021-27392 (A vulnerability has been identified in Siveillance Video Open Network ...)
+ NOT-FOR-US: Siveillance
+CVE-2021-27391 (A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27390 (A vulnerability has been identified in JT2Go (All versions &lt; V13.1. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27389 (A vulnerability has been identified in Opcenter Quality (All versions ...)
+ NOT-FOR-US: Opcenter Quality
+CVE-2021-27388 (SINAMICS medium voltage routable products are affected by a vulnerabil ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27387 (A vulnerability has been identified in Simcenter Femap 2020.2 (All ver ...)
+ NOT-FOR-US: Simcenter (Siemens)
+CVE-2021-27386 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27385 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27384 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27383 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-27382 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
+ NOT-FOR-US: Solid Edge (Siemens)
+CVE-2021-27381 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...)
+ NOT-FOR-US: Solid Edge SE2020
+CVE-2021-27380 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
+ NOT-FOR-US: Solid Edge SE2020
+CVE-2021-27379 (An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM ...)
+ {DSA-4888-1}
+ - xen 4.14.0+80-gd101b417b7-1
+ [stretch] - xen <not-affected> (Incomplete fix for CVE-2020-15565 not applied)
+ NOTE: https://xenbits.xen.org/xsa/advisory-366.html
+ NOTE: Mark first version in 4.14.x which landed in unstable as fixed, though
+ NOTE: the issue more precisely only affects Xen versions up to 4.11 with version
+ NOTE: containing broken backport for XSA-321 / CVE-2020-15565
+CVE-2021-27378 (An issue was discovered in the rand_core crate before 0.6.2 for Rust. ...)
+ - rust-rand-core <not-affected> (0.5.1 not affected, see #985087)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0023.html
+CVE-2021-27377 (An issue was discovered in the yottadb crate before 1.2.0 for Rust. Fo ...)
+ NOT-FOR-US: Rust crate yottadb
+CVE-2021-27376 (An issue was discovered in the nb-connect crate before 1.0.3 for Rust. ...)
+ NOT-FOR-US: Rust crate nb-connect
+CVE-2021-27375 (Traefik before 2.4.5 allows the loading of IFRAME elements from other ...)
+ NOT-FOR-US: Traefik
+CVE-2021-27374 (VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before p ...)
+ NOT-FOR-US: VertiGIS WebOffice
+CVE-2021-27373
+ RESERVED
+CVE-2021-27372 (Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may ...)
+ NOT-FOR-US: Realtek xPON RTL9601D SDK
+CVE-2021-27371 (The Contact page in Monica 2.19.1 allows stored XSS via the Descriptio ...)
+ NOT-FOR-US: Monica
+CVE-2021-27370 (The Contact page in Monica 2.19.1 allows stored XSS via the Last Name ...)
+ NOT-FOR-US: Monica
+CVE-2021-27369 (The Contact page in Monica 2.19.1 allows stored XSS via the Middle Nam ...)
+ NOT-FOR-US: Monica
+CVE-2021-27368 (The Contact page in Monica 2.19.1 allows stored XSS via the First Name ...)
+ NOT-FOR-US: Monica
+CVE-2021-27367 (Controller/Backend/FileEditController.php and Controller/Backend/Filem ...)
+ NOT-FOR-US: Bolt CMS
+CVE-2021-27366
+ RESERVED
+CVE-2021-27365 (An issue was discovered in the Linux kernel through 5.11.3. Certain iS ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/ec98ea7070e94cc25a422ec97d1421e28d97b7ee
+ NOTE: https://git.kernel.org/linus/f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5
+CVE-2021-27364 (An issue was discovered in the Linux kernel through 5.11.3. drivers/sc ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
+CVE-2021-27363 (An issue was discovered in the Linux kernel through 5.11.3. A kernel p ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.24-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa
+CVE-2021-27362 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Vio ...)
+ NOT-FOR-US: WPG plugin for IrfanView
+CVE-2021-27361
+ RESERVED
+CVE-2021-27360
+ RESERVED
+CVE-2021-27359
+ RESERVED
+CVE-2021-27358 (The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unaut ...)
+ - grafana <removed>
+CVE-2021-27357 (RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/g ...)
+ NOT-FOR-US: RIOT RIOT-OS
+CVE-2021-27356
+ RESERVED
+CVE-2021-27355
+ RESERVED
+CVE-2021-27354
+ RESERVED
+CVE-2021-27353
+ RESERVED
+CVE-2021-27352 (An open redirect vulnerability in Ilch CMS version 2.1.42 allows attac ...)
+ NOT-FOR-US: Ilch CMS
+CVE-2021-27351 (The Terminate Session feature in the Telegram application through 7.2. ...)
+ - telegram-desktop 2.6.1-1
+ [buster] - telegram-desktop <not-affected> (Vulnerable code not present)
+ NOTE: https://0ffsecninja.github.io/Telegram:CVE-2021-2735.html
+ NOTE: Probably fixed earlier than 2.6.1, but marking that fixed in absence of further details
+ NOTE: (maintainer reached out to upstream for confirmation that 2.6.1 is fixed and buster
+ NOTE: not affected)
+CVE-2021-27350
+ RESERVED
+CVE-2021-27349 (Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a diffe ...)
+ NOT-FOR-US: WooCommerce
+CVE-2021-27348
+ RESERVED
+CVE-2021-27347 (Use after free in lzma_decompress_buf function in stream.c in Irzip 0. ...)
+ - lrzip <unfixed> (unimportant; bug #990583)
+ NOTE: https://github.com/ckolivas/lrzip/issues/165
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-27346
+ RESERVED
+CVE-2021-27345 (A null pointer dereference was discovered in ucompthread in stream.c i ...)
+ - lrzip <unfixed> (unimportant)
+ NOTE: https://github.com/ckolivas/lrzip/issues/164
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-27344
+ RESERVED
+CVE-2021-27343 (SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: ...)
+ NOT-FOR-US: SerenityOS
+CVE-2021-27342 (An authentication brute-force protection mechanism bypass in telnetd i ...)
+ NOT-FOR-US: D-Link
+CVE-2021-27341 (OpenSIS Community Edition version &lt;= 7.6 is affected by a local fil ...)
+ NOT-FOR-US: OpenSIS
+CVE-2021-27340 (OpenSIS Community Edition version &lt;= 7.6 is affected by a reflected ...)
+ NOT-FOR-US: OpenSIS
+CVE-2021-27339
+ RESERVED
+CVE-2021-27338 (Faraday Edge before 3.7 allows XSS via the network/create/ page and it ...)
+ NOT-FOR-US: Faraday Edge
+CVE-2021-27337
+ RESERVED
+CVE-2021-27336
+ RESERVED
+CVE-2021-27335 (KollectApps before 4.8.16c is affected by insecure Java deserializatio ...)
+ NOT-FOR-US: KollectApps
+CVE-2021-27334
+ RESERVED
+CVE-2021-27333
+ RESERVED
+CVE-2021-27332 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...)
+ NOT-FOR-US: CASAP Automated Enrollment System
+CVE-2021-27331
+ RESERVED
+CVE-2021-27330 (Triconsole Datepicker Calendar &lt;3.77 is affected by cross-site scri ...)
+ NOT-FOR-US: Triconsole Datepicker Calendar
+CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or ...)
+ NOT-FOR-US: Friendica
+CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Trave ...)
+ NOT-FOR-US: Yeastar NeoGate TG400 91.3.0.3 devices
+CVE-2021-27327
+ RESERVED
+CVE-2021-27326
+ RESERVED
+CVE-2021-27325
+ RESERVED
+CVE-2021-27324
+ RESERVED
+CVE-2021-27323
+ RESERVED
+CVE-2021-27322
+ RESERVED
+CVE-2021-27321
+ RESERVED
+CVE-2021-27320 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27319 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27318 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27317 (Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Ap ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27316 (Blind SQL injection in contactus.php in doctor appointment system 1.0 ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27315 (Blind SQL injection in contactus.php in Doctor Appointment System 1.0 ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27314 (SQL injection in admin.php in doctor appointment system 1.0 allows an ...)
+ NOT-FOR-US: doctor appointment system
+CVE-2021-27313
+ RESERVED
+CVE-2021-27312
+ RESERVED
+CVE-2021-27311
+ RESERVED
+CVE-2021-27310 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "langua ...)
+ NOT-FOR-US: Clansphere CMS
+CVE-2021-27309 (Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module ...)
+ NOT-FOR-US: Clansphere CMS
+CVE-2021-27308 (A cross-site scripting (XSS) vulnerability in the admin login panel in ...)
+ NOT-FOR-US: 4images
+CVE-2021-27307
+ RESERVED
+CVE-2021-27306 (An improper access control vulnerability in the JWT plugin in Kong Gat ...)
+ NOT-FOR-US: Kong Gateway
+CVE-2021-27305
+ RESERVED
+CVE-2021-27304
+ RESERVED
+CVE-2021-27303
+ RESERVED
+CVE-2021-27302
+ RESERVED
+CVE-2021-27301
+ RESERVED
+CVE-2021-27300
+ RESERVED
+CVE-2021-27299
+ RESERVED
+CVE-2021-27298
+ RESERVED
+CVE-2021-27297
+ RESERVED
+CVE-2021-27296
+ RESERVED
+CVE-2021-27295
+ RESERVED
+CVE-2021-27294
+ RESERVED
+CVE-2021-27293 (RestSharp &lt; 106.11.8-alpha.0.13 uses a regular expression which is ...)
+ NOT-FOR-US: RestSharp
+CVE-2021-27292 (ua-parser-js &gt;= 0.7.14, fixed in 0.7.24, uses a regular expression ...)
+ - node-ua-parser-js 0.7.24+ds-1 (bug #985568)
+ [buster] - node-ua-parser-js <no-dsa> (Minor issue)
+ NOTE: https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76
+ NOTE: https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566
+CVE-2021-27291 (In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming ...)
+ {DSA-4889-1 DSA-4878-1 DLA-2648-1 DLA-2600-1}
+ - pygments 2.7.1+dfsg-2.1 (bug #985574)
+ - mediawiki 1:1.35.2-1
+ NOTE: https://gist.github.com/b-c-ds/b1a2cc0c68a35c57188575eb496de5ce
+ NOTE: https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
+CVE-2021-27290 (ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expre ...)
+ - node-ssri 8.0.1-1 (bug #985841)
+ [buster] - node-ssri <no-dsa> (Minor issue)
+ NOTE: https://doyensec.com/resources/Doyensec_Advisory_ssri_redos.pdf
+ NOTE: https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2 (v8.0.1)
+CVE-2021-27289
+ RESERVED
+CVE-2021-27288 (Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attack ...)
+ NOT-FOR-US: X2Engine X2CRM
+CVE-2021-27287
+ RESERVED
+CVE-2021-27286
+ RESERVED
+CVE-2021-27285
+ RESERVED
+CVE-2021-27284
+ RESERVED
+CVE-2021-27283
+ RESERVED
+CVE-2021-27282
+ RESERVED
+CVE-2021-27281
+ RESERVED
+CVE-2021-27280
+ RESERVED
+CVE-2021-27279 (MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCo ...)
+ NOT-FOR-US: MyBB
+CVE-2021-27278 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-27277 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-27276 (This vulnerability allows remote attackers to delete arbitrary files o ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27275 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27274 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27273 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27272 (This vulnerability allows remote attackers to delete arbitrary files o ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27271 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27270 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27269 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27268 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27267 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27266 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27265 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27264 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27263 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27262 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27261 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit PhantomPDF
+CVE-2021-27260 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-27259 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels Desktop
+CVE-2021-27258 (This vulnerability allows remote attackers to execute escalate privile ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-27257 (This vulnerability allows network-adjacent attackers to compromise the ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27256 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27255 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27254 (This vulnerability allows network-adjacent attackers to bypass authent ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27253 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27252 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27251 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27250 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ NOT-FOR-US: D-Link
+CVE-2021-27249 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-27248 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: D-Link
+CVE-2021-27247 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: WeChat
+CVE-2021-27246 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...)
+ NOT-FOR-US: Parallels
+CVE-2021-27243 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels
+CVE-2021-27242 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Parallels
+CVE-2021-27241 (This vulnerability allows local attackers to delete arbitrary director ...)
+ NOT-FOR-US: Avast
+CVE-2021-27240 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-27239 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Netgear
+CVE-2021-27238
+ RESERVED
+CVE-2021-27237 (The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) ...)
+ NOT-FOR-US: BlackCat CMS
+CVE-2021-27236 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfil ...)
+ NOT-FOR-US: Mutare Voice (EVM)
+CVE-2021-27235 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...)
+ NOT-FOR-US: Mutare Voice (EVM)
+CVE-2021-27234 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The we ...)
+ NOT-FOR-US: Mutare Voice (EVM)
+CVE-2021-27233 (An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the ...)
+ NOT-FOR-US: Mutare Voice (EVM)
+CVE-2021-27232 (The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.1 ...)
+ NOT-FOR-US: Pelco Digital Sentry Server
+CVE-2021-27231 (Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, ...)
+ NOT-FOR-US: Hestia Control Panel
+CVE-2021-27230 (ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Inj ...)
+ NOT-FOR-US: ExpressionEngine
+CVE-2021-27229 (Mumble before 1.3.4 allows remote code execution if a victim navigates ...)
+ {DLA-2562-1}
+ - mumble 1.3.4-1 (bug #982904)
+ [buster] - mumble 1.3.0~git20190125.440b173+dfsg-2+deb10u1
+ NOTE: https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648
+ NOTE: https://github.com/mumble-voip/mumble/pull/4733
+CVE-2021-27228 (An issue was discovered in Shinobi through ocean version 1. lib/auth.j ...)
+ NOT-FOR-US: Shinobi
+CVE-2021-27227
+ RESERVED
+CVE-2021-27226
+ RESERVED
+CVE-2021-27225 (In Dataiku DSS before 8.0.6, insufficient access control in the Jupyte ...)
+ NOT-FOR-US: Dataiku DSS
+CVE-2021-27224 (The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write ...)
+ NOT-FOR-US: WPG plugin for IrfanView
+CVE-2021-27223
+ RESERVED
+CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote authenticat ...)
+ NOT-FOR-US: "Time in Status" app
+CVE-2021-27221 (** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ft ...)
+ NOT-FOR-US: MikroTik RouterOS
+CVE-2021-27220 (An issue was discovered in PRTG Network Monitor before 21.1.66.1623. B ...)
+ NOT-FOR-US: PRTG Network Monitor
+CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
+ NOT-FOR-US: YubiHSM 2 SDK
+CVE-2021-27216 (Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By lev ...)
+ - exim4 4.94.2-1
+ [buster] - exim4 <not-affected> (Vulnerable code introduced later)
+ [stretch] - exim4 <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://git.exim.org/exim.git/commit/01446a56c76aa5ac3213a86f8992a2371a8301f3 (exim-4_94_RC0)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7
+CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...)
+ NOT-FOR-US: genua genugate
+CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the ProductConfi ...)
+ NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
+CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution via YAML ...)
+ NOT-FOR-US: pystemon
+CVE-2021-27212 (In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion ...)
+ {DSA-4860-1 DLA-2574-1}
+ - openldap 2.4.57+dfsg-2
+ NOTE: https://bugs.openldap.org/show_bug.cgi?id=9454
+ NOTE: trunk: https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0
+ NOTE: REL_ENG 2.4.x: https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30
+CVE-2021-27211 (steghide 0.5.1 relies on a certain 32-bit seed value, which makes it e ...)
+ - steghide <unfixed> (bug #983267)
+ [bullseye] - steghide <no-dsa> (Minor issue)
+ [buster] - steghide <no-dsa> (Minor issue)
+ [stretch] - steghide <postponed> (Minor issue; can be fixed in next DLA)
+ NOTE: https://github.com/b4shfire/stegcrack
+CVE-2021-27210 (TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retri ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-27209 (In the management interface on TP-Link Archer C5v 1.7_181221 devices, ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-27208 (When booting a Zync-7000 SOC device from nand flash memory, the nand d ...)
+ NOT-FOR-US: Zync-7000 SOC device
+CVE-2021-27207
+ RESERVED
+CVE-2021-27206
+ RESERVED
+CVE-2021-3411 (A flaw was found in the Linux kernel in versions prior to 5.10. A viol ...)
+ - linux 5.9.15-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+CVE-2021-3410 (A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in c ...)
+ {DLA-2584-1}
+ - libcaca 0.99.beta19-2.2 (bug #983686)
+ [buster] - libcaca <no-dsa> (Minor issue)
+ NOTE: https://github.com/cacalabs/libcaca/issues/52
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928437
+ NOTE: https://github.com/cacalabs/libcaca/commit/46b4ea7cea72d6b3ffe65d33e604b1774dcc2bbd
+ NOTE: https://github.com/cacalabs/libcaca/commit/e4968ba6e93e9fd35429eb16895c785c51072015
+CVE-2021-27205 (Telegram before 7.4 (212543) Stable on macOS stores the local copy of ...)
+ NOT-FOR-US: Telegram for MacOS
+CVE-2021-27204 (Telegram before 7.4 (212543) Stable on macOS stores the local passcode ...)
+ NOT-FOR-US: Telegram for MacOS
+CVE-2021-27203 (In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for ...)
+ NOT-FOR-US: Dekart Private Disk
+CVE-2021-27202
+ RESERVED
+CVE-2021-XXXX [several security fixes: PHP injections, XSS and secrets stored in session file]
+ - spip 3.2.9-1
+ [buster] - spip 3.2.4-1+deb10u4
+ [stretch] - spip 3.1.4-4~deb9u4+deb9u1
+CVE-2021-27201 (Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated ...)
+ NOT-FOR-US: Endian Firewall Community (aka EFW)
+CVE-2021-27200 (In WoWonder 3.0.4, remote attackers can take over any account due to t ...)
+ NOT-FOR-US: WoWonder
+CVE-2021-27199
+ RESERVED
+CVE-2021-27198 (An issue was discovered in Visualware MyConnection Server before v11.1 ...)
+ NOT-FOR-US: Visualware MyConnection Server
+CVE-2021-27197 (DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arb ...)
+ NOT-FOR-US: Pelco Digital Sentry Server
+CVE-2021-27196 (Improper Input Validation vulnerability in Hitachi ABB Power Grids Rel ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-27195 (Improper Authorization vulnerability in Netop Vision Pro up to and inc ...)
+ NOT-FOR-US: Netop Vision Pro
+CVE-2021-27194 (Cleartext transmission of sensitive information in Netop Vision Pro up ...)
+ NOT-FOR-US: Netop Vision Pro
+CVE-2021-27193 (Incorrect default permissions vulnerability in the API of Netop Vision ...)
+ NOT-FOR-US: Netop Vision Pro
+CVE-2021-27192 (Local privilege escalation vulnerability in Windows clients of Netop V ...)
+ NOT-FOR-US: Netop Vision Pro
+CVE-2021-27191 (The get-ip-range package before 4.0.0 for Node.js is vulnerable to den ...)
+ NOT-FOR-US: Node get-ip-range
+CVE-2021-3408
+ RESERVED
+ NOTE: Red Hat duplicate for CVE-2021-20233
+CVE-2021-27190 (A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEE ...)
+ NOT-FOR-US: PEEL Shopping cart
+CVE-2021-27189 (The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certifica ...)
+ NOT-FOR-US: CIRA Canadian Shield app
+CVE-2021-27188 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 al ...)
+ NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator
+CVE-2021-27187 (The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 st ...)
+ NOT-FOR-US: Sovremennye Delovye Tekhnologii FX Aggregator
+CVE-2021-27186 (Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc re ...)
+ NOT-FOR-US: Fluent Bit
+CVE-2021-27185 (The samba-client package before 4.0.0 for Node.js allows command injec ...)
+ NOT-FOR-US: Node samba-client
+CVE-2021-27184 (Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity v ...)
+ NOT-FOR-US: Pelco Digital Sentry Server
+CVE-2021-27183 (An issue was discovered in MDaemon before 20.0.4. Administrators can u ...)
+ NOT-FOR-US: MDaemon
+CVE-2021-27182 (An issue was discovered in MDaemon before 20.0.4. There is an IFRAME i ...)
+ NOT-FOR-US: MDaemon
+CVE-2021-27181 (An issue was discovered in MDaemon before 20.0.4. Remote Administratio ...)
+ NOT-FOR-US: MDaemon
+CVE-2021-27180 (An issue was discovered in MDaemon before 20.0.4. There is Reflected X ...)
+ NOT-FOR-US: MDaemon
+CVE-2021-27179 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27178 (An issue was discovered on FiberHome HG6245D devices through RP2613. S ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27177 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27176 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27175 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27174 (An issue was discovered on FiberHome HG6245D devices through RP2613. w ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27173 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27172 (An issue was discovered on FiberHome HG6245D devices through RP2613. A ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27171 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27170 (An issue was discovered on FiberHome HG6245D devices through RP2613. B ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27169 (An issue was discovered on FiberHome AN5506-04-FA devices with firmwar ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27168 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27167 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27166 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27165 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27164 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27163 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27162 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27161 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27160 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27159 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27158 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27157 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27156 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27155 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27154 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27153 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27152 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27151 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27150 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27149 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27148 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27147 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27146 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27145 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27144 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27143 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27142 (An issue was discovered on FiberHome HG6245D devices through RP2613. T ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27141 (An issue was discovered on FiberHome HG6245D devices through RP2613. C ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27140 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27139 (An issue was discovered on FiberHome HG6245D devices through RP2613. I ...)
+ NOT-FOR-US: FiberHome devices
+CVE-2021-27138 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of uni ...)
+ [experimental] - u-boot 2021.04~rc3+dfsg-1
+ - u-boot 2021.07+dfsg-2 (bug #983269)
+ [bullseye] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <no-dsa> (Minor issue)
+ [stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA)
+ NOTE: https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917
+ NOTE: https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
+ NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
+CVE-2021-27137
+ RESERVED
+CVE-2021-27136
+ RESERVED
+CVE-2021-27134
+ RESERVED
+CVE-2021-27133
+ RESERVED
+CVE-2021-27132 (SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for H ...)
+ NOT-FOR-US: SerComm AG Combo VD625 AGSOT_2.1.0 devices
+CVE-2021-27131
+ RESERVED
+CVE-2021-27130 (Online Reviewer System 1.0 contains a SQL injection vulnerability thro ...)
+ NOT-FOR-US: Online Reviewer System
+CVE-2021-27129 (CASAP Automated Enrollment System version 1.0 contains a cross-site sc ...)
+ NOT-FOR-US: CASAP Automated Enrollment System
+CVE-2021-27128
+ RESERVED
+CVE-2021-27127
+ RESERVED
+CVE-2021-27126
+ RESERVED
+CVE-2021-27125
+ RESERVED
+CVE-2021-27124 (SQL injection in the expertise parameter in search_result.php in Docto ...)
+ NOT-FOR-US: Doctor Appointment System
+CVE-2021-27123
+ RESERVED
+CVE-2021-27122
+ RESERVED
+CVE-2021-27121
+ RESERVED
+CVE-2021-27120
+ RESERVED
+CVE-2021-27119
+ RESERVED
+CVE-2021-27118
+ RESERVED
+CVE-2021-27117
+ RESERVED
+CVE-2021-27116
+ RESERVED
+CVE-2021-27115
+ RESERVED
+CVE-2021-27114 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within ...)
+ NOT-FOR-US: D-Link
+CVE-2021-27113 (An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
+ NOT-FOR-US: D-Link
+CVE-2021-27112 (LightCMS v1.3.5 contains a remote code execution vulnerability in /app ...)
+ NOT-FOR-US: LightCMS
+CVE-2021-27111
+ RESERVED
+CVE-2021-27110
+ RESERVED
+CVE-2021-27109
+ RESERVED
+CVE-2021-27108
+ RESERVED
+CVE-2021-27107
+ RESERVED
+CVE-2021-27106
+ RESERVED
+CVE-2021-27105
+ RESERVED
+CVE-2021-3407 (A flaw was found in mupdf 1.18.0. Double free of object during lineari ...)
+ {DLA-2589-1}
+ - mupdf 1.17.0+ds1-1.3 (bug #983684)
+ [buster] - mupdf 1.14.0+ds1-4+deb10u3
+ NOTE: http://git.ghostscript.com/?p=mupdf.git;h=cee7cefc610d42fd383b3c80c12cbc675443176a
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703366 (not public yet)
+CVE-2021-3406 (A flaw was found in keylime 5.8.1 and older. The issue in the Keylime ...)
+ NOT-FOR-US: Keylime
+ NOTE: https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m
+CVE-2021-3405 (A flaw was found in libebml before 1.4.2. A heap overflow bug exists i ...)
+ {DLA-2629-1}
+ - libebml 1.4.2-1 (bug #982597)
+ [buster] - libebml <no-dsa> (Minor issue)
+ NOTE: https://github.com/Matroska-Org/libebml/issues/74
+CVE-2021-27104 (Accellion FTA 9_12_370 and earlier is affected by OS command execution ...)
+ NOT-FOR-US: Accellion FTA
+CVE-2021-27103 (Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted P ...)
+ NOT-FOR-US: Accellion FTA
+CVE-2021-27102 (Accellion FTA 9_12_411 and earlier is affected by OS command execution ...)
+ NOT-FOR-US: Accellion FTA
+CVE-2021-27101 (Accellion FTA 9_12_370 and earlier is affected by SQL injection via a ...)
+ NOT-FOR-US: Accellion FTA
+CVE-2021-27100
+ RESERVED
+CVE-2021-27099 (In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the ...)
+ NOT-FOR-US: SPIRE (SPIFFE Runtime Environment)
+CVE-2021-27098 (In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 ...)
+ NOT-FOR-US: SPIRE (SPIFFE Runtime Environment)
+CVE-2021-27097 (The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified ...)
+ [experimental] - u-boot 2021.04~rc3+dfsg-1
+ - u-boot 2021.07+dfsg-2 (bug #983270)
+ [bullseye] - u-boot <no-dsa> (Minor issue)
+ [buster] - u-boot <no-dsa> (Minor issue)
+ [stretch] - u-boot <postponed> (Minor issue; can be fixed in next DLA)
+ NOTE: https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
+ NOTE: https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b
+ NOTE: https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
+CVE-2021-27096 (NTFS Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27095 (Windows Media Video Decoder Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27094 (Windows Early Launch Antimalware Driver Security Feature Bypass Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27093 (Windows Kernel Information Disclosure Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27092 (Azure AD Web Sign-in Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27091 (RPC Endpoint Mapper Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27090 (Windows Secure Kernel Mode Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27089 (Microsoft Internet Messaging API Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27088 (Windows Event Tracing Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27087
+ RESERVED
+CVE-2021-27086 (Windows Services and Controller App Elevation of Privilege Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27085 (Internet Explorer Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27084 (Visual Studio Code Java Extension Pack Remote Code Execution Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27083 (Remote Development Extension for Visual Studio Code Remote Code Execut ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27082 (Quantum Development Kit for Visual Studio Code Remote Code Execution V ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27081 (Visual Studio Code ESLint Extension Remote Code Execution Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27080 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27079 (Windows Media Photo Codec Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27078 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27077 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27076 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27075 (Azure Virtual Machine Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27074 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27073
+ RESERVED
+CVE-2021-27072 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27071
+ RESERVED
+CVE-2021-27070 (Windows 10 Update Assistant Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27069
+ RESERVED
+CVE-2021-27068 (Visual Studio Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27067 (Azure DevOps Server and Team Foundation Server Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27066 (Windows Admin Center Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27065 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27064 (Visual Studio Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27063 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27062 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27061 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27060 (Visual Studio Code Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27059 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27058 (Microsoft Office ClickToRun Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27057 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27056 (Microsoft PowerPoint Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27055 (Microsoft Visio Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27054 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27053 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27052 (Microsoft SharePoint Server Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27051 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27050 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27049 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27048 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27047 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-27046 (A Memory Corruption vulnerability for PDF files in Autodesk Navisworks ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27045 (A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27044 (A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review versio ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27043 (An Arbitrary Address Write issue in the Autodesk DWG application can a ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27042 (A maliciously crafted DWG file can be used to write beyond the allocat ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27041 (A maliciously crafted DWG file can be used to write beyond the allocat ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27040 (A maliciously crafted DWG file can be forced to read beyond allocated ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27039 (A maliciously crafted TIFF file in Autodesk Design Review 2018, 2017, ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27038 (A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27037 (A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27036 (A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design R ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27035 (A maliciously crafted TIFF, PICT, TGA, or DWF files in Autodesk Design ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27034 (A heap-based buffer overflow could occur while parsing PICT, PCX, RCL ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27033 (A Double Free vulnerability allows remote attackers to execute arbitra ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27032 (Autodesk Licensing Installer was found to be vulnerable to privilege e ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27031 (A user may be tricked into opening a malicious FBX file which may expl ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27030 (A user may be tricked into opening a malicious FBX file which may expl ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27029 (The user may be tricked into opening a malicious FBX file which may ex ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27028 (A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27027 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...)
+ NOT-FOR-US: Autodesk
+CVE-2021-27026 (A flaw was divered in Puppet Enterprise and other Puppet products wher ...)
+ NOT-FOR-US: Puppet Enterprise
+CVE-2021-27025 (A flaw was discovered in Puppet Agent where the agent may silently ign ...)
+ - puppet <unfixed>
+ [bullseye] - puppet <ignored> (Minor issue, too intrusive to backport)
+ [buster] - puppet <ignored> (Minor issue, too intrusive to backport)
+ [stretch] - puppet <ignored> (Minor issue, too intrusive to backport)
+ NOTE: https://puppet.com/security/cve/cve-2021-27025
+ NOTE: https://github.com/puppetlabs/puppet/commit/da8b73edca174309a9bef5f62cd276933fe733e8 (6.25.1)
+ NOTE: Limited impact, needs a malformed custom type provider
+CVE-2021-27024 (A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD ...)
+ NOT-FOR-US: Continuous Delivery for Puppet Enterprise
+CVE-2021-27023 (A flaw was discovered in Puppet Agent and Puppet Server that may resul ...)
+ - puppet <unfixed>
+ [bullseye] - puppet <ignored> (Minor issue)
+ [buster] - puppet <ignored> (Minor issue)
+ [stretch] - puppet <ignored> (Minor issue)
+ NOTE: https://puppet.com/security/cve/cve-2021-27023
+ NOTE: https://github.com/puppetlabs/puppet/commit/e90023a8b54a58073d71dae655d7636e2c9bcc61 (6.25.1)
+ NOTE: Marginal/unclear security implications, the redirects are fully under control of
+ NOTE: the puppet masters and the advisory states this CVE would be similar to CVE-2018-1000007,
+ NOTE: but CVE is for curl, which obviously has different scope being a library. Plus, all
+ NOTE: reasonably secure installations use client auth on the agents
+ NOTE: Previous client code in lib/puppet/network/http/connection.rb also vulnerable
+CVE-2021-27022 (A flaw was discovered in bolt-server and ace where running a task with ...)
+ - puppet <not-affected> (Only affects Puppet Enterprise)
+ NOTE: https://puppet.com/security/cve/CVE-2021-27022/
+CVE-2021-27021 (A flaw was discovered in Puppet DB, this flaw results in an escalation ...)
+ - puppetdb <unfixed> (bug #990419)
+ [buster] - puppetdb <no-dsa> (Minor issue)
+ NOTE: https://puppet.com/security/cve/cve-2021-27021/
+ NOTE: https://github.com/puppetlabs/puppetdb/commit/c146e624d230f7410fb648d58ae28c0e3cd457a2
+ NOTE: https://github.com/puppetlabs/puppetdb/commit/f8dc81678cf347739838e42cc1c426d96406c266
+ NOTE: https://github.com/puppetlabs/puppetdb/commit/72bd137511487643a3a6236ad9e72a5dd4a6fadb
+ NOTE: https://puppet.com/docs/puppetdb/6/release_notes/release_notes_latest.html#puppetdb-6170
+CVE-2021-27020 (Puppet Enterprise presented a security risk by not sanitizing user inp ...)
+ - puppet <not-affected> (Only affects Puppet Enterprise)
+CVE-2021-27019 (PuppetDB logging included potentially sensitive system information. ...)
+ - puppetdb <unfixed>
+ [buster] - puppetdb <no-dsa> (Minor issue)
+ NOTE: https://puppet.com/security/cve/CVE-2021-27019/
+CVE-2021-27018 (The mechanism which performs certificate validation was discovered to ...)
+ NOT-FOR-US: Puppet Remediate
+CVE-2021-27017
+ RESERVED
+ - puppet <not-affected> (Specific to the Puppet 7.x stack)
+ NOTE: https://puppet.com/security/cve/CVE-2021-27017/
+CVE-2021-27016
+ RESERVED
+CVE-2021-27015
+ RESERVED
+CVE-2021-27014
+ RESERVED
+CVE-2021-27013
+ RESERVED
+CVE-2021-27012
+ RESERVED
+CVE-2021-27011
+ RESERVED
+CVE-2021-27010
+ RESERVED
+CVE-2021-27009
+ RESERVED
+CVE-2021-27008
+ RESERVED
+CVE-2021-27007 (NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway i ...)
+ NOT-FOR-US: NetApp Virtual Desktop Service
+CVE-2021-27006 (StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11. ...)
+ NOT-FOR-US: StorageGRID
+CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and ...)
+ NOT-FOR-US: NetAPP
+CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...)
+ NOT-FOR-US: Clustered Data ONTAP (NetApp)
+CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...)
+ NOT-FOR-US: NetApp Cloud Manager
+CVE-2021-27001 (Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8 ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2021-27000
+ RESERVED
+CVE-2021-26999 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive information ...)
+ NOT-FOR-US: NetApp Cloud Manager
+CVE-2021-26998 (NetApp Cloud Manager versions prior to 3.9.9 log sensitive information ...)
+ NOT-FOR-US: NetApp Cloud Manager
+CVE-2021-26997 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
+CVE-2021-26996 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
+CVE-2021-26995 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
+CVE-2021-26994 (Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptibl ...)
+ NOT-FOR-US: Clustered Data ONTAP (NetApp)
+CVE-2021-26993 (E-Series SANtricity OS Controller Software 11.x versions prior to 11.7 ...)
+ NOT-FOR-US: E-Series SANtricity OS Controller Software
+CVE-2021-26992 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...)
+ NOT-FOR-US: Cloud Manager (NetApp)
+CVE-2021-26991 (Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin ...)
+ NOT-FOR-US: Cloud Manager (NetApp)
+CVE-2021-26990 (Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerabili ...)
+ NOT-FOR-US: Cloud Manager (NetApp)
+CVE-2021-26989 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 a ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2021-26988 (Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 a ...)
+ NOT-FOR-US: Clustered Data ONTAP
+CVE-2021-26987 (Element Plug-in for vCenter Server incorporates SpringBoot Framework. ...)
+ NOT-FOR-US: Element Plug-in for vCenter Server
+CVE-2021-26986
+ RESERVED
+CVE-2021-26985
+ RESERVED
+CVE-2021-26984
+ RESERVED
+CVE-2021-26983
+ RESERVED
+CVE-2021-26982
+ RESERVED
+CVE-2021-26981
+ RESERVED
+CVE-2021-26980
+ RESERVED
+CVE-2021-26979
+ RESERVED
+CVE-2021-26978
+ RESERVED
+CVE-2021-26977
+ RESERVED
+CVE-2021-26976
+ RESERVED
+CVE-2021-26975
+ RESERVED
+CVE-2021-26974
+ RESERVED
+CVE-2021-26973
+ RESERVED
+CVE-2021-26972
+ RESERVED
+CVE-2021-26971 (A remote authenticated arbitrary command execution vulnerability was d ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26970 (A remote authenticated arbitrary command execution vulnerability was d ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26969 (A remote authenticated authenticated xml external entity (xxe) vulnera ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26968 (A remote authenticated stored cross-site scripting (xss) vulnerability ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26967 (A remote reflected cross-site scripting (xss) vulnerability was discov ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26966 (A remote authenticated sql injection vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26965 (A remote authenticated sql injection vulnerability was discovered in A ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26964 (A remote authentication restriction bypass vulnerability was discovere ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26963 (A remote authenticated arbitrary command execution vulnerability was d ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26962 (A remote authenticated arbitrary command execution vulnerability was d ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26961 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26960 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26959
+ REJECTED
+CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
+ - rust-xcb <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
+CVE-2021-26957 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
+ - rust-xcb <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
+CVE-2021-26956 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
+ - rust-xcb <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
+CVE-2021-26955 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...)
+ - rust-xcb <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0019.html
+CVE-2021-26954 (An issue was discovered in the qwutils crate before 0.3.1 for Rust. Wh ...)
+ NOT-FOR-US: Rust crate qwutils
+CVE-2021-26953 (An issue was discovered in the postscript crate before 0.14.0 for Rust ...)
+ NOT-FOR-US: Rust crate postscript
+CVE-2021-26952 (An issue was discovered in the ms3d crate before 0.1.3 for Rust. It mi ...)
+ NOT-FOR-US: Rust crate ms3d
+CVE-2021-26951 (An issue was discovered in the calamine crate before 0.17.0 for Rust. ...)
+ NOT-FOR-US: Rust crate calamine
+CVE-2021-26944
+ RESERVED
+CVE-2021-26943 (The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with t ...)
+ NOT-FOR-US: UX360CA BIOS
+CVE-2021-26942
+ RESERVED
+CVE-2021-26941
+ RESERVED
+CVE-2021-26940
+ REJECTED
+CVE-2021-26939 (** DISPUTED ** An information disclosure issue exists in henriquedorna ...)
+ NOT-FOR-US: henriquedornas
+CVE-2021-26938 (** DISPUTED ** A stored XSS issue exists in henriquedornas 5.2.17 via ...)
+ NOT-FOR-US: henriquedornas
+CVE-2021-27135 (xterm before Patch #366 allows remote attackers to execute arbitrary c ...)
+ {DLA-2558-1}
+ - xterm 366-1 (bug #982439)
+ [buster] - xterm 344-1+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/7
+ NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_366
+ NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
+CVE-2021-26937 (encoding.c in GNU Screen through 4.8.0 allows remote attackers to caus ...)
+ {DSA-4861-1 DLA-2570-1}
+ - screen 4.8.0-5 (bug #982435)
+ NOTE: https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/09/3
+ NOTE: https://savannah.gnu.org/bugs/?60030
+ NOTE: First patch applied in -4, but revised patch applied in -5 which fixed regressions
+CVE-2021-23219 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-23217 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-23201 (NVIDIA GPU and Tegra hardware contain a vulnerability in an internal m ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-3404 (In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote att ...)
+ - libytnef 1.9.3-3 (bug #982596)
+ [buster] - libytnef <no-dsa> (Minor issue)
+ [stretch] - libytnef <no-dsa> (Minor issue)
+ NOTE: https://github.com/Yeraze/ytnef/issues/86
+ NOTE: https://github.com/Yeraze/ytnef/pull/88
+ NOTE: https://github.com/Yeraze/ytnef/commit/f9ff4a203b8c155d51a208cadadb62f224fba715
+CVE-2021-3403 (In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows ...)
+ - libytnef 1.9.3-3 (bug #982594)
+ [buster] - libytnef <no-dsa> (Minor issue)
+ [stretch] - libytnef <no-dsa> (Minor issue)
+ NOTE: https://github.com/Yeraze/ytnef/issues/85
+ NOTE: https://github.com/Yeraze/ytnef/pull/87
+ NOTE: https://github.com/Yeraze/ytnef/commit/f2380a53fb84d370eaf6e6c3473062c54c57fac7
+CVE-2021-26936 (The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when ...)
+ NOT-FOR-US: ReplaySorcery
+CVE-2021-26935 (In WoWonder &lt; 3.1, remote attackers can gain access to the database ...)
+ NOT-FOR-US: WoWonder
+CVE-2021-26934 (An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...)
+ - linux <unfixed> (unimportant)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://xenbits.xen.org/xsa/advisory-363.html
+ NOTE: Driver never was meant to be supported and the patch in src:xen will only
+ NOTE: update SUPPORT.md to explicitly document the fact.
+CVE-2021-26933 (An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is ...)
+ {DSA-4888-1}
+ - xen 4.14.1+11-gb0b734a8b3-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-364.html
+CVE-2021-26932 (An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.177-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-361.html
+CVE-2021-26931 (An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.177-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-362.html
+CVE-2021-26930 (An issue was discovered in the Linux kernel 3.11 through 5.10.16, as u ...)
+ {DLA-2610-1 DLA-2586-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.177-1
+ NOTE: https://xenbits.xen.org/xsa/advisory-365.html
+CVE-2021-26929 (An XSS issue was discovered in Horde Groupware Webmail Edition through ...)
+ {DLA-2564-1}
+ - php-horde-text-filter 2.3.7-1 (bug #982769)
+ [buster] - php-horde-text-filter 2.3.5-3+deb10u2
+ NOTE: https://lists.horde.org/archives/announce/2021/001298.html
+ NOTE: https://github.com/horde/Text_Filter/commit/c26f938854c36b981558a3b1b9b2f81403cff60e (master)
+ NOTE: https://github.com/horde/Text_Filter/commit/a2f67da064d7a91440b7a2448e56a6387ab94c67 (v2.3.7)
+ NOTE: https://www.alexbirnberg.com/horde-xss.html
+CVE-2021-26928 (** DISPUTED ** BIRD through 2.0.7 does not provide functionality for p ...)
+ NOT-FOR-US: Disputed BIRD issue
+CVE-2021-26927 (A flaw was found in jasper before 2.0.25. A null pointer dereference i ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/265
+ NOTE: https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b
+CVE-2021-26926 (A flaw was found in jasper before 2.0.25. An out of bounds read issue ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/264
+ NOTE: https://github.com/jasper-software/jasper/commit/41f214b121b837fa30d9ca5f2430212110f5cd9b
+CVE-2021-26925 (Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets ...)
+ - roundcube 1.4.11+dfsg.1-1
+ [buster] - roundcube <not-affected> (Vulnerable code introduced later)
+ [stretch] - roundcube <not-affected> (Vulnerable code introduced later)
+ NOTE: https://roundcube.net/news/2021/02/08/security-update-1.4.11
+ NOTE: https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596
+CVE-2021-26924 (An issue was discovered in Argo CD before 1.8.4. Browser XSS protectio ...)
+ NOT-FOR-US: Argo CD
+CVE-2021-26923 (An issue was discovered in Argo CD before 1.8.4. Accessing the endpoin ...)
+ NOT-FOR-US: Argo CD
+CVE-2021-26922
+ RESERVED
+CVE-2021-26921 (In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens cont ...)
+ NOT-FOR-US: Argo CD
+CVE-2021-26920 (In the Druid ingestion system, the InputSource is used for reading dat ...)
+ - druid <itp> (bug #825797)
+CVE-2021-26919 (Apache Druid allows users to read data from other database systems usi ...)
+ - druid <itp> (bug #825797)
+CVE-2021-26918 (** DISPUTED ** The ProBot bot through 2021-02-08 for Discord might all ...)
+ NOT-FOR-US: ProBot bot
+CVE-2021-26917 (** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write ...)
+ NOT-FOR-US: PyBitmessage
+CVE-2021-26916 (In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon comp ...)
+ NOT-FOR-US: nopCommerce
+CVE-2021-26915 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...)
+ NOT-FOR-US: NetMotion Mobility
+CVE-2021-26914 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...)
+ NOT-FOR-US: NetMotion Mobility
+CVE-2021-26913 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...)
+ NOT-FOR-US: NetMotion Mobility
+CVE-2021-26912 (NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthent ...)
+ NOT-FOR-US: NetMotion Mobility
+CVE-2021-26911 (core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL ...)
+ NOT-FOR-US: Canary Mail
+CVE-2021-26909 (Automox Agent prior to version 31 uses an insufficiently protected S3 ...)
+ NOT-FOR-US: Automox Agent
+CVE-2021-26908 (Automox Agent prior to version 31 logs potentially sensitive informati ...)
+ NOT-FOR-US: Automox Agent
+CVE-2021-26907
+ RESERVED
+CVE-2021-26906 (An issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...)
+ - asterisk 1:16.16.1~dfsg-1 (bug #983159)
+ [buster] - asterisk <postponed> (Minor issue)
+ [stretch] - asterisk <no-dsa> (Minor issue)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-005.html
+ NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29196
+CVE-2021-3402 (An integer overflow and several buffer overflow reads in libyara/modul ...)
+ - yara 4.0.4-1
+ [buster] - yara <no-dsa> (Minor issue)
+ [stretch] - yara <postponed> (Minor issue; can be fixed with next DLA)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/2
+ NOTE: https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara/
+CVE-2021-26905 (1Password SCIM Bridge before 1.6.2 mishandles validation of authentica ...)
+ NOT-FOR-US: 1Password SCIM Bridge
+CVE-2021-26904 (LMA ISIDA Retriever 5.2 allows SQL Injection. ...)
+ NOT-FOR-US: LMA ISIDA Retriever
+CVE-2021-26903 (LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. ...)
+ NOT-FOR-US: LMA ISIDA Retriever
+CVE-2021-26902 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26901 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26900 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26899 (Windows UPnP Device Host Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26898 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26897 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26896 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26895 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26894 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26893 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26892 (Windows Extensible Firmware Interface Security Feature Bypass Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26891 (Windows Container Execution Agent Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26890 (Application Virtualization Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26889 (Windows Update Stack Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26888
+ RESERVED
+CVE-2021-26887 (Microsoft Windows Folder Redirection Elevation of Privilege Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26886 (User Profile Service Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26885 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26884 (Windows Media Photo Codec Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26883
+ RESERVED
+CVE-2021-26882 (Remote Access API Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26881 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26880 (Storage Spaces Controller Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26879 (Windows NAT Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26878 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26877 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26876 (OpenType Font Parsing Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26875 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26874 (Windows Overlay Filter Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26873 (Windows User Profile Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26872 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26871 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26870 (Windows Projected File System Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26869 (Windows ActiveX Installer Service Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26868 (Windows Graphics Component Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26867 (Windows Hyper-V Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26866 (Windows Update Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26865 (Windows Container Execution Agent Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26864 (Windows Virtual Registry Provider Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26863 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26862 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26861 (Windows Graphics Component Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26860 (Windows App-V Overlay Filter Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26859 (Microsoft Power BI Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26858 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26857 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26856
+ RESERVED
+CVE-2021-26855 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26854 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26853
+ RESERVED
+CVE-2021-26910 (Firejail before 0.9.64.4 allows attackers to bypass intended access re ...)
+ {DSA-4849-1 DLA-2554-1}
+ - firejail 0.9.64.4-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/08/5
+ NOTE: Fix (disabled overlayfs): https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
+ NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
+ NOTE: https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
+CVE-2021-24032 (Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for ...)
+ {DSA-4859-1}
+ - libzstd 1.4.8+dfsg-2 (bug #982519)
+ [stretch] - libzstd <not-affected> (Incomplete fix for CVE-2021-24031 not applied)
+ NOTE: https://github.com/facebook/zstd/issues/2491
+CVE-2021-24031 (In the Zstandard command-line utility prior to v1.4.1, output files we ...)
+ {DSA-4850-1 DLA-2573-1}
+ - libzstd 1.4.8+dfsg-1 (bug #981404)
+ NOTE: https://github.com/facebook/zstd/issues/1630
+CVE-2021-26852
+ RESERVED
+CVE-2021-26851
+ RESERVED
+CVE-2021-26850
+ RESERVED
+CVE-2021-26849
+ RESERVED
+CVE-2021-26848
+ RESERVED
+CVE-2021-26847
+ RESERVED
+CVE-2021-26846
+ RESERVED
+CVE-2021-26845 (Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS al ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-26844 (A cross-site scripting (XSS) vulnerability in Power Admin PA Server Mo ...)
+ NOT-FOR-US: Power Admin PA Server Monitor
+CVE-2021-26843 (An issue was discovered in sthttpd through 2.27.1. On systems where th ...)
+ - thttpd <removed>
+CVE-2021-21299 (hyper is an open-source HTTP library for Rust (crates.io). In hyper fr ...)
+ - rust-hyper <unfixed> (bug #988729)
+ NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-6hfq-h8hq-87mf
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0020.html
+CVE-2021-27218 (An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before ...)
+ - glib2.0 2.66.7-1 (bug #982779)
+ [buster] - glib2.0 2.58.3-2+deb10u3
+ [stretch] - glib2.0 <postponed> (fix along with CVE-2021-27219)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942
+ NOTE: Test case depends on CVE-2021-27219 fix
+CVE-2021-27219 (An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before ...)
+ - glib2.0 2.66.6-1 (bug #982778)
+ [buster] - glib2.0 2.58.3-2+deb10u3
+ [stretch] - glib2.0 <postponed> (requires fixing vulnerable rdeps, follow buster strategy)
+ NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2319
+ NOTE: Fix introduces new API 'g_memdup2'
+ NOTE: Fix backport in 2.66.7 adds 'g_memdup2' for internal use but does not allow fixing reverse-dependencies using vulnerable 'g_memdup'
+CVE-2021-26842
+ RESERVED
+CVE-2021-26841
+ RESERVED
+CVE-2021-26840
+ RESERVED
+CVE-2021-26839
+ RESERVED
+CVE-2021-26838
+ RESERVED
+CVE-2021-26837
+ RESERVED
+CVE-2021-26836
+ RESERVED
+CVE-2021-26835 (No filtering of cross-site scripting (XSS) payloads in the markdown-ed ...)
+ NOT-FOR-US: Zettlr
+CVE-2021-26834 (A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An a ...)
+ NOT-FOR-US: Znote
+CVE-2021-26833 (Code Execution vulnerability in Profile Picture upload in TimelyBills ...)
+ NOT-FOR-US: TimelyBills App Budget, Expense tracker & Bills
+CVE-2021-26832 (Cross Site Scripting (XSS) in the "Reset Password" page form of Priori ...)
+ NOT-FOR-US: Priority Enterprise Management System
+CVE-2021-26831
+ RESERVED
+CVE-2021-26830 (SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote att ...)
+ NOT-FOR-US: Tribalsystems Zenario CMS
+CVE-2021-26829 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...)
+ NOT-FOR-US: OpenPLC ScadaBR
+CVE-2021-26828 (OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows a ...)
+ NOT-FOR-US: OpenPLC ScadaBR
+CVE-2021-26827 (Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ route ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-26826 (A stack overflow issue exists in Godot Engine up to v3.2 and is caused ...)
+ - godot <unfixed> (bug #982593)
+ [bullseye] - godot <no-dsa> (Minor issue)
+ [buster] - godot <no-dsa> (Minor issue)
+ NOTE: https://github.com/godotengine/godot/pull/45701
+ NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master)
+ NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 (3.2)
+CVE-2021-26825 (An integer overflow issue exists in Godot Engine up to v3.2 that can b ...)
+ - godot <unfixed> (bug #982593)
+ [bullseye] - godot <no-dsa> (Minor issue)
+ [buster] - godot <no-dsa> (Minor issue)
+ NOTE: https://github.com/godotengine/godot/pull/45701
+ NOTE: https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a (master)
+ NOTE: https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 (3.2)
+CVE-2021-26824 (DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to impro ...)
+ NOT-FOR-US: DM FingerTool
+CVE-2021-26823
+ RESERVED
+CVE-2021-26822 (Teachers Record Management System 1.0 is affected by a SQL injection v ...)
+ NOT-FOR-US: Teachers Record Management System
+CVE-2021-26821
+ RESERVED
+CVE-2021-26820
+ RESERVED
+CVE-2021-26819
+ RESERVED
+CVE-2021-26818
+ RESERVED
+CVE-2021-26817
+ RESERVED
+CVE-2021-26816
+ RESERVED
+CVE-2021-26815
+ RESERVED
+CVE-2021-26814 (Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to e ...)
+ NOT-FOR-US: Wazuh
+CVE-2021-26813 (markdown2 &gt;=1.0.1.18, fixed in 2.4.0, is affected by a regular expr ...)
+ - python-markdown2 2.3.10-1.1 (bug #984668)
+ [buster] - python-markdown2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/trentm/python-markdown2/pull/387
+ NOTE: https://github.com/trentm/python-markdown2/commit/96dff22341489459c8cb832fdfd066a588ec23bf
+ NOTE: https://github.com/trentm/python-markdown2/commit/e1954d3a345fc7a4ccc113bd58f7df81ad63b6ec
+ NOTE: https://github.com/trentm/python-markdown2/commit/c4b4ccb3f9da33f29b013d6d765fd223a8277cfe
+CVE-2021-26812 (Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin ...)
+ NOT-FOR-US: Moodle plugin
+CVE-2021-26811
+ RESERVED
+CVE-2021-26810 (D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnera ...)
+ NOT-FOR-US: D-link
+CVE-2021-26809 (PHPGurukul Car Rental Project version 2.0 suffers from a remote shell ...)
+ NOT-FOR-US: PHPGurukul Car Rental Project
+CVE-2021-26808
+ RESERVED
+CVE-2021-26807 (GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, l ...)
+ NOT-FOR-US: GOG Galaxy client
+CVE-2021-26806
+ RESERVED
+CVE-2021-26805 (Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial o ...)
+ NOT-FOR-US: tsMuxer
+CVE-2021-26804 (Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 2 ...)
+ - centreon-web <itp> (bug #913903)
+CVE-2021-26803
+ RESERVED
+CVE-2021-26802
+ RESERVED
+CVE-2021-26801
+ RESERVED
+CVE-2021-26800 (Cross Site Request Forgery (CSRF) vulnerability in Change-password.php ...)
+ NOT-FOR-US: phpgurukul
+CVE-2021-26799 (Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka ...)
+ NOT-FOR-US: Omeka
+CVE-2021-26798
+ RESERVED
+CVE-2021-26797 (An access control vulnerability in Hame SD1 Wi-Fi firmware &lt;=V.2014 ...)
+ NOT-FOR-US: Hame SD1 Wi-Fi firmware
+CVE-2021-26796
+ RESERVED
+CVE-2021-26795 (A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX s ...)
+ NOT-FOR-US: TalariaX sendQuick Alert Plus Server Admin
+CVE-2021-26794 (Privilege escalation in 'upload.php' in FrogCMS SentCMS v0.9.5 allows ...)
+ NOT-FOR-US: FrogCMS SentCMS
+CVE-2021-26793
+ RESERVED
+CVE-2021-26792
+ RESERVED
+CVE-2021-26791
+ RESERVED
+CVE-2021-26790
+ RESERVED
+CVE-2021-26789
+ RESERVED
+CVE-2021-26788 (Oryx Embedded CycloneTCP 1.7.6 to 2.0.0, fixed in 2.0.2, is affected b ...)
+ NOT-FOR-US: Oryx Embedded CycloneTCP
+CVE-2021-26787 (A cross site scripting (XSS) vulnerability in Genesys Workforce Manage ...)
+ NOT-FOR-US: Genesys Workforce Management
+CVE-2021-26786 (An issue was discoverered in in customercentric-selling-poland PlayTub ...)
+ NOT-FOR-US: PlayTube
+CVE-2021-26785
+ RESERVED
+CVE-2021-26784
+ RESERVED
+CVE-2021-26783
+ RESERVED
+CVE-2021-26782
+ RESERVED
+CVE-2021-26781
+ RESERVED
+CVE-2021-26780
+ RESERVED
+CVE-2021-26779
+ RESERVED
+CVE-2021-26778
+ RESERVED
+CVE-2021-26777 (Buffer overflow vulnerability in function SetFirewall in index.cgi in ...)
+ NOT-FOR-US: CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare
+CVE-2021-26776 (CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: CSZ CMS
+CVE-2021-26775
+ RESERVED
+CVE-2021-26774
+ RESERVED
+CVE-2021-26773
+ RESERVED
+CVE-2021-26772
+ RESERVED
+CVE-2021-26771
+ RESERVED
+CVE-2021-26770
+ RESERVED
+CVE-2021-26769
+ RESERVED
+CVE-2021-26768
+ RESERVED
+CVE-2021-26767
+ RESERVED
+CVE-2021-26766
+ RESERVED
+CVE-2021-26765 (SQL injection vulnerability in PHPGurukul Student Record System 4.0 al ...)
+ NOT-FOR-US: PHPGurukul Student Record System
+CVE-2021-26764 (SQL injection vulnerability in PHPGurukul Student Record System v 4.0 ...)
+ NOT-FOR-US: PHPGurukul Student Record System
+CVE-2021-26763
+ RESERVED
+CVE-2021-26762 (SQL injection vulnerability in PHPGurukul Student Record System 4.0 al ...)
+ NOT-FOR-US: PHPGurukul Student Record System
+CVE-2021-26761
+ RESERVED
+CVE-2021-26760
+ RESERVED
+CVE-2021-26759
+ RESERVED
+CVE-2021-26758 (Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web serve ...)
+ NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed
+CVE-2021-26757
+ RESERVED
+CVE-2021-26756
+ RESERVED
+CVE-2021-26755
+ RESERVED
+CVE-2021-26754 (wpDataTables before 3.4.1 mishandles order direction for server-side t ...)
+ NOT-FOR-US: wpDataTables WordPress plugin
+CVE-2021-26753 (NeDi 1.9C allows an authenticated user to inject PHP code in the Syste ...)
+ NOT-FOR-US: NeDi
+CVE-2021-26752 (NeDi 1.9C allows an authenticated user to execute operating system com ...)
+ NOT-FOR-US: NeDi
+CVE-2021-26751 (NeDi 1.9C allows an authenticated user to perform a SQL Injection in t ...)
+ NOT-FOR-US: NeDi
+CVE-2021-26750 (DLL hijacking in Panda Agent &lt;=1.16.11 in Panda Security, S.L.U. Pa ...)
+ NOT-FOR-US: Panda Agent
+CVE-2021-26749
+ RESERVED
+CVE-2021-26748
+ RESERVED
+CVE-2021-26747 (Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metach ...)
+ NOT-FOR-US: Netis devices
+CVE-2021-26746 (Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= U ...)
+ NOT-FOR-US: Chamilo
+CVE-2021-26745
+ RESERVED
+CVE-2021-26744
+ RESERVED
+CVE-2021-26743
+ RESERVED
+CVE-2021-26742
+ RESERVED
+CVE-2021-26741
+ RESERVED
+CVE-2021-26740 (Arbitrary file upload vulnerability sysupload.php in millken doyocms 2 ...)
+ NOT-FOR-US: doyocms
+CVE-2021-26739 (SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows ...)
+ NOT-FOR-US: doyocms
+CVE-2021-26738
+ RESERVED
+CVE-2021-26737
+ RESERVED
+CVE-2021-26736
+ RESERVED
+CVE-2021-26735
+ RESERVED
+CVE-2021-26734
+ RESERVED
+CVE-2021-26733
+ RESERVED
+CVE-2021-26732
+ RESERVED
+CVE-2021-26731
+ RESERVED
+CVE-2021-26730
+ RESERVED
+CVE-2021-26729
+ RESERVED
+CVE-2021-26728
+ RESERVED
+CVE-2021-26727
+ RESERVED
+CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA service l ...)
+ NOT-FOR-US: Valmet
+CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...)
+ NOT-FOR-US: Nozomi Networks Guardian
+CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...)
+ NOT-FOR-US: Nozomi Networks Guardian
+CVE-2021-26723 (Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&amp;query= XSS. ...)
+ NOT-FOR-US: Jenzabar
+CVE-2021-26722 (LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because ...)
+ NOT-FOR-US: LinkedIn Oncall
+CVE-2021-26721
+ RESERVED
+CVE-2021-26720 (avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is ...)
+ - avahi 0.8-4
+ [buster] - avahi 0.7-4+deb10u1
+ [stretch] - avahi <postponed> (fix in next DLA - removal of .sh script)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/15/2
+ NOTE: Fixed by removing the avahi-daemon-check-dns.sh script.
+CVE-2021-26719 (A directory traversal issue was discovered in Gradle gradle-enterprise ...)
+ NOT-FOR-US: gradle-enterprise-test-distribution-agent
+CVE-2021-26718 (KIS for macOS in some use cases was vulnerable to AV bypass that poten ...)
+ NOT-FOR-US: KIS for macOS
+CVE-2021-26717 (An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x ...)
+ - asterisk 1:16.16.1~dfsg-1 (bug #983157)
+ [buster] - asterisk <not-affected> (Introduced in 16.15.0)
+ [stretch] - asterisk <not-affected> (Introduced in 16.15.0)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-002.html
+CVE-2021-26716 (Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS ...)
+ NOT-FOR-US: Emoncms
+CVE-2021-26715 (The OpenID Connect server implementation for MITREid Connect through 1 ...)
+ NOT-FOR-US: MITREid Connect
+CVE-2021-26714 (The Enterprise License Manager portal in Mitel MiContact Center Enterp ...)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1930888#c3
+CVE-2021-26713 (A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asteris ...)
+ - asterisk <not-affected> (Only affects 16.16.0 onwards)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-004.html
+CVE-2021-26712 (Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 1 ...)
+ - asterisk <not-affected> (Only affects 16.16)
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2021-003.html
+CVE-2021-26711 (A frame-injection issue in the online help in Redwood Report2Web 4.3.4 ...)
+ NOT-FOR-US: Redwood Report2Web
+CVE-2021-26710 (A cross-site scripting (XSS) issue in the login panel in Redwood Repor ...)
+ NOT-FOR-US: Redwood Report2Web
+CVE-2021-26709 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_ ...)
+ NOT-FOR-US: D-Link
+CVE-2021-26707 (The merge-deep library before 3.0.3 for Node.js can be tricked into ov ...)
+ NOT-FOR-US: Node deep-merge
+CVE-2021-26706 (An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x an ...)
+ NOT-FOR-US: Micrium
+CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2. An atta ...)
+ NOT-FOR-US: SquareBox CatDV Server
+CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary commands vi ...)
+ NOT-FOR-US: EPrints
+CVE-2021-26703 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...)
+ NOT-FOR-US: EPrints
+CVE-2021-26702 (EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset param ...)
+ NOT-FOR-US: EPrints
+CVE-2021-26701 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26700 (Visual Studio Code npm-script Extension Remote Code Execution Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26699 (OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows S ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-26698 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-26708 (A local privilege escalation was discovered in the Linux kernel before ...)
+ - linux 5.10.13-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/5
+ NOTE: https://git.kernel.org/linus/c518adafa39f37858697ac9309c6cf1805581446
+CVE-2021-26697 (The lineage endpoint of the deprecated Experimental API was not protec ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-26696
+ RESERVED
+CVE-2021-26695
+ RESERVED
+CVE-2021-26694
+ RESERVED
+CVE-2021-26693
+ RESERVED
+CVE-2021-26692
+ RESERVED
+CVE-2021-26691 (In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted Ses ...)
+ {DSA-4937-1 DLA-2706-1}
+ [experimental] - apache2 2.4.48-1
+ - apache2 2.4.46-6
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691
+ NOTE: https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b
+CVE-2021-26690 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie ...)
+ {DSA-4937-1 DLA-2706-1}
+ [experimental] - apache2 2.4.48-1
+ - apache2 2.4.46-6
+ NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690
+ NOTE: https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8
+CVE-2021-26249
+ RESERVED
+CVE-2021-23202
+ RESERVED
+CVE-2021-23141
+ RESERVED
+CVE-2021-3401 (Bitcoin Core before 0.19.0 might allow remote attackers to execute arb ...)
+ - bitcoin 0.20.1~dfsg-1
+CVE-2021-3400
+ RESERVED
+CVE-2021-26689 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-26688 (An issue was discovered on LG Wing mobile devices with Android OS 10 s ...)
+ NOT-FOR-US: LG Wing mobile devices
+CVE-2021-26687 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-26686 (A remote authenticated SQL Injection vulnerabilitiy was discovered in ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26685 (A remote authenticated SQL Injection vulnerabilitiy was discovered in ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26684 (A remote authenticated command injection vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26683 (A remote authenticated command injection vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26682 (A remote reflected cross-site scripting (XSS) vulnerability was discov ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26681 (A remote authenticated command Injection vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26680 (A remote authenticated command injection vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26679 (A remote authenticated command injection vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26678 (A remote unauthenticated stored cross-site scripting (XSS) vulnerabili ...)
+ NOT-FOR-US: Aruba
+CVE-2021-26677 (A local authenticated escalation of privilege vulnerability was discov ...)
+ NOT-FOR-US: Aruba
+CVE-2021-3399
+ RESERVED
+CVE-2021-3398 (Stormshield Network Security (SNS) 3.x has an Integer Overflow in the ...)
+ NOT-FOR-US: Stormshield Network Security (SNS)
+CVE-2021-3397
+ RESERVED
+CVE-2021-3396 (OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...)
+ {DSA-4847-1 DLA-2552-1}
+ - connman 1.36-2.1
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1
+CVE-2021-26675 (A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could ...)
+ {DSA-4847-1 DLA-2552-1}
+ - connman 1.36-2.1
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e4079a20f617a4b076af503f6e4e8b0304c9f2cb
+CVE-2021-26674
+ RESERVED
+CVE-2021-26673
+ RESERVED
+CVE-2021-26672
+ RESERVED
+CVE-2021-26671
+ RESERVED
+CVE-2021-26670
+ RESERVED
+CVE-2021-26669
+ RESERVED
+CVE-2021-26668
+ RESERVED
+CVE-2021-26667
+ RESERVED
+CVE-2021-26666
+ RESERVED
+CVE-2021-26665
+ RESERVED
+CVE-2021-26664
+ RESERVED
+CVE-2021-26663
+ RESERVED
+CVE-2021-26662
+ RESERVED
+CVE-2021-26661
+ RESERVED
+CVE-2021-26660
+ RESERVED
+CVE-2021-26659
+ RESERVED
+CVE-2021-26658
+ RESERVED
+CVE-2021-26657
+ RESERVED
+CVE-2021-26656
+ RESERVED
+CVE-2021-26655
+ RESERVED
+CVE-2021-26654
+ RESERVED
+CVE-2021-26653
+ RESERVED
+CVE-2021-26652
+ RESERVED
+CVE-2021-26651
+ RESERVED
+CVE-2021-26650
+ RESERVED
+CVE-2021-26649
+ RESERVED
+CVE-2021-26648
+ RESERVED
+CVE-2021-26647
+ RESERVED
+CVE-2021-26646
+ RESERVED
+CVE-2021-26645
+ RESERVED
+CVE-2021-26644
+ RESERVED
+CVE-2021-26643
+ RESERVED
+CVE-2021-26642
+ RESERVED
+CVE-2021-26641
+ RESERVED
+CVE-2021-26640
+ RESERVED
+CVE-2021-26639
+ RESERVED
+CVE-2021-26638
+ RESERVED
+CVE-2021-26637
+ RESERVED
+CVE-2021-26636
+ RESERVED
+CVE-2021-26635
+ RESERVED
+CVE-2021-26634
+ RESERVED
+CVE-2021-26633
+ RESERVED
+CVE-2021-26632
+ RESERVED
+CVE-2021-26631
+ RESERVED
+CVE-2021-26630
+ RESERVED
+CVE-2021-26629
+ RESERVED
+CVE-2021-26628
+ RESERVED
+CVE-2021-26627
+ RESERVED
+CVE-2021-26626
+ RESERVED
+CVE-2021-26625
+ RESERVED
+CVE-2021-26624
+ RESERVED
+CVE-2021-26623
+ RESERVED
+CVE-2021-26622
+ RESERVED
+CVE-2021-26621
+ RESERVED
+CVE-2021-26620
+ RESERVED
+CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was ...)
+ NOT-FOR-US: BigFileAgent
+CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...)
+ NOT-FOR-US: ToWord of ToOffice
+CVE-2021-26617
+ RESERVED
+CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...)
+ NOT-FOR-US: SecuwaySSL client for MacOS
+CVE-2021-26615 (ARK library allows attackers to execute remote code via the parameter( ...)
+ NOT-FOR-US: ARK library
+CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...)
+ NOT-FOR-US: IpTime C200 camera
+CVE-2021-26613 (improper input validation vulnerability in nexacro permits copying fil ...)
+ NOT-FOR-US: Tobesoft Nexacro
+CVE-2021-26612 (An improper input validation leading to arbitrary file creation was di ...)
+ NOT-FOR-US: Tobesoft Nexacro
+CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...)
+ NOT-FOR-US: HejHome GKW-IC052 IP Camera
+CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...)
+ NOT-FOR-US: godomall5
+CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-26608 (An arbitrary file download and execution vulnerability was found in th ...)
+ NOT-FOR-US: handysoft
+CVE-2021-26607 (An Improper input validation in execDefaultBrowser method of NEXACRO17 ...)
+ NOT-FOR-US: NEXACRO17
+CVE-2021-26606 (A vulnerability in PKI Security Solution of Dream Security could allow ...)
+ NOT-FOR-US: Dream Security
+CVE-2021-26605 (An improper input validation vulnerability in the service of ezPDFRead ...)
+ NOT-FOR-US: ezPDFReader
+CVE-2021-26604
+ RESERVED
+CVE-2021-26603 (A heap overflow issue was found in ARK library of bandisoft Co., Ltd w ...)
+ NOT-FOR-US: bandisoft
+CVE-2021-26602
+ RESERVED
+CVE-2021-26601
+ RESERVED
+CVE-2021-26600
+ RESERVED
+CVE-2021-26599
+ RESERVED
+CVE-2021-26598
+ RESERVED
+CVE-2021-3395 (A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows r ...)
+ NOT-FOR-US: Pryaniki
+CVE-2021-3394 (Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.3 ...)
+ NOT-FOR-US: Millennium Millewin
+CVE-2021-3393 (An information leak was discovered in postgresql in versions before 13 ...)
+ - postgresql-13 13.2-1
+ - postgresql-11 <removed>
+ [buster] - postgresql-11 11.11-0+deb10u1
+ NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
+CVE-2021-3392 (A use-after-free flaw was found in the MegaRAID emulator of QEMU. This ...)
+ {DLA-2623-1}
+ - qemu 1:5.2+dfsg-10 (bug #984449)
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00488.html
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1914236
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=3791642c8d60029adf9b00bcb4e34d7d8a1aea4d
+CVE-2021-26597 (An issue was discovered in Nokia NetAct 18A. A remote user, authentica ...)
+ NOT-FOR-US: Nokia NetAct 18A
+CVE-2021-26596 (An issue was discovered in Nokia NetAct 18A. A malicious user can chan ...)
+ NOT-FOR-US: Nokia NetAct 18A
+CVE-2021-26595 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
+ NOT-FOR-US: Directus
+CVE-2021-26594 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
+ NOT-FOR-US: Directus
+CVE-2021-26593 (** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an atta ...)
+ NOT-FOR-US: Directus
+CVE-2021-26592
+ RESERVED
+CVE-2021-26591
+ RESERVED
+CVE-2021-26590
+ RESERVED
+CVE-2021-26589 (A potential security vulnerability has been identified in HPE Superdom ...)
+ NOT-FOR-US: HPE
+CVE-2021-26588 (A potential security vulnerability has been identified in HPE 3PAR Sto ...)
+ NOT-FOR-US: HPE
+CVE-2021-26587 (A potential DOM-based Cross Site Scripting security vulnerability has ...)
+ NOT-FOR-US: HPE StoreOnce
+CVE-2021-26586 (A potential security vulnerability has been identified in the HPE Edge ...)
+ NOT-FOR-US: HPE
+CVE-2021-26585 (A potential vulnerability has been identified in HPE OneView Global Da ...)
+ NOT-FOR-US: HPE
+CVE-2021-26584 (A security vulnerability in HPE OneView for VMware vCenter (OV4VC) cou ...)
+ NOT-FOR-US: HPE OneView for VMware vCenter (OV4VC)
+CVE-2021-26583 (A potential security vulnerability was identified in HPE iLO Amplifier ...)
+ NOT-FOR-US: HPE
+CVE-2021-26582 (A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgf ...)
+ NOT-FOR-US: HPE
+CVE-2021-26581 (A potential security vulnerability has been identified in HPE Superdom ...)
+ NOT-FOR-US: HPE
+CVE-2021-26580 (A potential security vulnerability has been identified in HPE iLO Ampl ...)
+ NOT-FOR-US: HPE
+CVE-2021-26579 (A security vulnerability in HPE Unified Data Management (UDM) could al ...)
+ NOT-FOR-US: HPE
+CVE-2021-26578 (A potential security vulnerability has been identified in HPE Network ...)
+ NOT-FOR-US: HPE Network Orchestrator (NetO)
+CVE-2021-26577 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26576 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26575 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26574 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26573 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26572 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26571 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26570 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-26569 (Race Condition within a Thread vulnerability in iscsi_snapshot_comm_co ...)
+ NOT-FOR-US: Synology
+CVE-2021-26568
+ RESERVED
+CVE-2021-26567 (Stack-based buffer overflow vulnerability in frontend/main.c in faad2 ...)
+ NOT-FOR-US: Synology
+CVE-2021-26566 (Insertion of sensitive information into sent data vulnerability in syn ...)
+ NOT-FOR-US: Synology
+CVE-2021-26565 (Cleartext transmission of sensitive information vulnerability in synor ...)
+ NOT-FOR-US: Synology
+CVE-2021-26564 (Cleartext transmission of sensitive information vulnerability in synor ...)
+ NOT-FOR-US: Synology
+CVE-2021-26563 (Incorrect authorization vulnerability in synoagentregisterd in Synolog ...)
+ NOT-FOR-US: Synology
+CVE-2021-26562 (Out-of-bounds write vulnerability in synoagentregisterd in Synology Di ...)
+ NOT-FOR-US: Synology
+CVE-2021-26561 (Stack-based buffer overflow vulnerability in synoagentregisterd in Syn ...)
+ NOT-FOR-US: Synology
+CVE-2021-26560 (Cleartext transmission of sensitive information vulnerability in synoa ...)
+ NOT-FOR-US: Synology
+CVE-2021-26559 (Improper Access Control on Configurations Endpoint for the Stable API ...)
+ - airflow <itp> (bug #819700)
+CVE-2021-26558 (Deserialization of Untrusted Data vulnerability of Apache ShardingSphe ...)
+ NOT-FOR-US: Apache ShardingSphere-UI
+CVE-2021-3391 (MobileIron Mobile@Work through 2021-03-22 allows attackers to distingu ...)
+ NOT-FOR-US: MobileIron Mobile@Work
+CVE-2021-3390
+ RESERVED
+CVE-2021-3389
+ RESERVED
+CVE-2021-3388
+ RESERVED
+CVE-2021-3387
+ RESERVED
+CVE-2021-26557 (When Octopus Tentacle is installed using a custom folder location, fol ...)
+ NOT-FOR-US: Octopus Tentacle
+CVE-2021-26556 (When Octopus Server is installed using a custom folder location, folde ...)
+ NOT-FOR-US: Octopus Server
+CVE-2021-26555
+ RESERVED
+CVE-2021-26554
+ RESERVED
+CVE-2021-26553
+ RESERVED
+CVE-2021-26552
+ RESERVED
+CVE-2021-26551 (An issue was discovered in SmartFoxServer 2.17.0. An attacker can exec ...)
+ NOT-FOR-US: SmartFoxServer
+CVE-2021-26550 (An issue was discovered in SmartFoxServer 2.17.0. Cleartext password d ...)
+ NOT-FOR-US: SmartFoxServer
+CVE-2021-26549 (An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to ...)
+ NOT-FOR-US: SmartFoxServer
+CVE-2021-3386
+ RESERVED
+CVE-2021-3385
+ RESERVED
+CVE-2021-3384 (A vulnerability in Stormshield Network Security could allow an attacke ...)
+ NOT-FOR-US: Stormshield Network Security
+CVE-2021-3383
+ RESERVED
+CVE-2021-3382 (Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allo ...)
+ - gitea <removed>
+CVE-2021-3381
+ RESERVED
+CVE-2021-3380 (Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRM ...)
+ NOT-FOR-US: ICREM H8 SSRMS
+CVE-2021-26548
+ RESERVED
+CVE-2021-26547
+ RESERVED
+CVE-2021-26546
+ RESERVED
+CVE-2021-26545
+ RESERVED
+CVE-2021-26544 (Livy server version 0.7.0-incubating (only) is vulnerable to a cross s ...)
+ NOT-FOR-US: Apache Livy
+CVE-2021-26543 (The "gitDiff" function in Wayfair git-parse &lt;=1.0.4 has a command i ...)
+ NOT-FOR-US: git-parse nodejs module
+CVE-2021-26542
+ RESERVED
+CVE-2021-26541 (The gitlog function in src/index.ts in gitlog before 4.0.4 has a comma ...)
+ NOT-FOR-US: Node gitlog
+CVE-2021-26540 (Apostrophe Technologies sanitize-html before 2.3.2 does not properly v ...)
+ - node-sanitize-html <not-affected> (Fixed before initial upload)
+CVE-2021-26539 (Apostrophe Technologies sanitize-html before 2.3.1 does not properly h ...)
+ - node-sanitize-html <not-affected> (Fixed before initial upload)
+CVE-2021-3379
+ RESERVED
+CVE-2021-3378 (FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a ...)
+ NOT-FOR-US: FortiLogger
+CVE-2021-3377 (The npm package ansi_up converts ANSI escape codes into HTML. In ansi_ ...)
+ - node-ansi-up 5.0.0+dfsg-1 (bug #984667)
+CVE-2021-3376 (An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allow ...)
+ NOT-FOR-US: Cuppa CMS
+CVE-2021-3375 (ActivePresenter 6.1.6 is affected by a memory corruption vulnerability ...)
+ NOT-FOR-US: ActivePresenter
+CVE-2021-3374 (Directory traversal in RStudio Shiny Server before 1.5.16 allows attac ...)
+ NOT-FOR-US: RStudio Shiny Server
+CVE-2021-3373
+ RESERVED
+CVE-2021-3372
+ RESERVED
+CVE-2021-3371
+ RESERVED
+CVE-2021-3370 (DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vul ...)
+ NOT-FOR-US: DouPHP
+CVE-2021-3369
+ RESERVED
+CVE-2021-3368
+ RESERVED
+CVE-2021-3367
+ RESERVED
+CVE-2021-3366
+ RESERVED
+CVE-2021-3365
+ RESERVED
+CVE-2021-3364
+ RESERVED
+CVE-2021-3363
+ RESERVED
+CVE-2021-3362
+ RESERVED
+CVE-2021-3361
+ RESERVED
+CVE-2021-3360
+ RESERVED
+CVE-2021-3359
+ RESERVED
+CVE-2021-3358
+ RESERVED
+CVE-2021-3357
+ RESERVED
+CVE-2021-3356
+ RESERVED
+CVE-2021-3355 (A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to e ...)
+ NOT-FOR-US: LightCMS
+CVE-2021-3354
+ RESERVED
+CVE-2021-3353
+ RESERVED
+CVE-2021-3352 (The Software Development Kit in Mitel MiContact Center Business from 8 ...)
+ NOT-FOR-US: Mitel
+CVE-2021-3351 (OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device ...)
+ NOT-FOR-US: OpenPLC
+CVE-2021-3350 (deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS ...)
+ NOT-FOR-US: Delete Account plugin for MyBB
+CVE-2021-3349 (** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signat ...)
+ - evolution <unfixed> (unimportant)
+ NOTE: GNOME Evlolution upstreams claims that the issue should be fixed completely
+ NOTE: on the GnuPG side, whilst the reporter claims theat GnuPG provides what is
+ NOTE: needed to adress it on evolution's side.
+ NOTE: https://dev.gnupg.org/T4735
+ NOTE: https://gitlab.gnome.org/GNOME/evolution/-/issues/299
+ NOTE: https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html
+CVE-2021-26538
+ RESERVED
+CVE-2021-26537
+ RESERVED
+CVE-2021-26536
+ RESERVED
+CVE-2021-26535
+ RESERVED
+CVE-2021-26534
+ RESERVED
+CVE-2021-26533
+ RESERVED
+CVE-2021-26532
+ RESERVED
+CVE-2021-26531
+ RESERVED
+CVE-2021-26530 (The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compile ...)
+ NOT-FOR-US: Cesanta Mongoose
+ NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
+CVE-2021-26529 (The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7- ...)
+ NOT-FOR-US: Cesanta Mongoose
+ NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
+CVE-2021-26528 (The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is ...)
+ NOT-FOR-US: Cesanta Mongoose
+ NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
+CVE-2021-26527
+ RESERVED
+CVE-2021-26526
+ RESERVED
+CVE-2021-26525
+ RESERVED
+CVE-2021-26524
+ RESERVED
+CVE-2021-26523
+ RESERVED
+CVE-2021-26522
+ RESERVED
+CVE-2021-26521
+ RESERVED
+CVE-2021-26520
+ RESERVED
+CVE-2021-26519
+ RESERVED
+CVE-2021-26518
+ RESERVED
+CVE-2021-26517
+ RESERVED
+CVE-2021-26516
+ RESERVED
+CVE-2021-26515
+ RESERVED
+CVE-2021-26514
+ RESERVED
+CVE-2021-26513
+ RESERVED
+CVE-2021-26512
+ RESERVED
+CVE-2021-26511
+ RESERVED
+CVE-2021-26510
+ RESERVED
+CVE-2021-26509
+ RESERVED
+CVE-2021-26508
+ RESERVED
+CVE-2021-26507
+ RESERVED
+CVE-2021-26506
+ RESERVED
+CVE-2021-26505
+ RESERVED
+CVE-2021-26504
+ RESERVED
+CVE-2021-26503
+ RESERVED
+CVE-2021-26502
+ RESERVED
+CVE-2021-26501
+ RESERVED
+CVE-2021-26500
+ RESERVED
+CVE-2021-26499
+ RESERVED
+CVE-2021-26498
+ RESERVED
+CVE-2021-26497
+ RESERVED
+CVE-2021-26496
+ RESERVED
+CVE-2021-26495
+ RESERVED
+CVE-2021-26494
+ RESERVED
+CVE-2021-26493
+ RESERVED
+CVE-2021-26492
+ RESERVED
+CVE-2021-26491
+ RESERVED
+CVE-2021-26490
+ RESERVED
+CVE-2021-26489
+ RESERVED
+CVE-2021-26488
+ RESERVED
+CVE-2021-26487
+ RESERVED
+CVE-2021-26486
+ RESERVED
+CVE-2021-26485
+ RESERVED
+CVE-2021-26484
+ RESERVED
+CVE-2021-26483
+ RESERVED
+CVE-2021-26482
+ RESERVED
+CVE-2021-26481
+ RESERVED
+CVE-2021-26480
+ RESERVED
+CVE-2021-26479
+ RESERVED
+CVE-2021-26478
+ RESERVED
+CVE-2021-26477
+ RESERVED
+CVE-2021-26476 (EPrints 3.4.2 allows remote attackers to execute OS commands via craft ...)
+ NOT-FOR-US: EPrints
+CVE-2021-26475 (EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal ...)
+ NOT-FOR-US: EPrints
+CVE-2021-26474 (Various Vembu products allow an attacker to execute a (non-blind) http ...)
+ NOT-FOR-US: Vembu BDR Suite
+CVE-2021-26473 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http ...)
+ NOT-FOR-US: Vembu BDR Suite
+CVE-2021-26472 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed ...)
+ NOT-FOR-US: Vembu BDR Suite
+CVE-2021-26471 (In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http ...)
+ NOT-FOR-US: Vembu BDR Suite
+CVE-2021-26470
+ RESERVED
+CVE-2021-26469
+ RESERVED
+CVE-2021-26468
+ RESERVED
+CVE-2021-26467
+ RESERVED
+CVE-2021-26466
+ RESERVED
+CVE-2021-26465
+ RESERVED
+CVE-2021-26464
+ RESERVED
+CVE-2021-26463
+ RESERVED
+CVE-2021-26462
+ RESERVED
+CVE-2021-26461 (Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-a ...)
+ NOT-FOR-US: Apache NuttX
+CVE-2021-26460
+ RESERVED
+CVE-2021-26459
+ RESERVED
+CVE-2021-26458
+ RESERVED
+CVE-2021-26457
+ RESERVED
+CVE-2021-26456
+ RESERVED
+CVE-2021-26455
+ RESERVED
+CVE-2021-26454
+ RESERVED
+CVE-2021-26453
+ RESERVED
+CVE-2021-26452
+ RESERVED
+CVE-2021-26451
+ RESERVED
+CVE-2021-26450
+ RESERVED
+CVE-2021-26449
+ RESERVED
+CVE-2021-26448
+ RESERVED
+CVE-2021-26447
+ RESERVED
+CVE-2021-26446
+ RESERVED
+CVE-2021-26445
+ RESERVED
+CVE-2021-26444 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26443 (Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26442 (Windows HTTP.sys Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Siemens
+CVE-2021-26441 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...)
+ NOT-FOR-US: Siemens
+CVE-2021-26440
+ RESERVED
+CVE-2021-26439 (Microsoft Edge for Android Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26438
+ RESERVED
+CVE-2021-26437 (Visual Studio Code Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26436 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26435 (Windows Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26434 (Visual Studio Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26433 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26432 (Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulne ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26431 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26430 (Azure Sphere Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26429 (Azure Sphere Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26428 (Azure Sphere Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26427 (Microsoft Exchange Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Siemens
+CVE-2021-26426 (Windows User Account Profile Picture Elevation of Privilege Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26425 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26424 (Windows TCP/IP Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26423 (.NET Core and Visual Studio Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26422 (Skype for Business and Lync Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26421 (Skype for Business and Lync Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26420 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26419 (Scripting Engine Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26418 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26417 (Windows Overlay Filter Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26416 (Windows Hyper-V Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26415 (Windows Installer Elevation of Privilege Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26414 (Windows DCOM Server Security Feature Bypass ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26413 (Windows Installer Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26412 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26411 (Internet Explorer Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-26410
+ RESERVED
+CVE-2021-26409
+ RESERVED
+CVE-2021-26408
+ RESERVED
+CVE-2021-26407
+ RESERVED
+CVE-2021-26406
+ RESERVED
+CVE-2021-26405
+ RESERVED
+CVE-2021-26404
+ RESERVED
+CVE-2021-26403
+ RESERVED
+CVE-2021-26402
+ RESERVED
+CVE-2021-26401
+ RESERVED
+CVE-2021-26400
+ RESERVED
+CVE-2021-26399
+ RESERVED
+CVE-2021-26398
+ RESERVED
+CVE-2021-26397
+ RESERVED
+CVE-2021-26396
+ RESERVED
+CVE-2021-26395
+ RESERVED
+CVE-2021-26394
+ RESERVED
+CVE-2021-26393
+ RESERVED
+CVE-2021-26392
+ RESERVED
+CVE-2021-26391
+ RESERVED
+CVE-2021-26390
+ RESERVED
+CVE-2021-26389
+ RESERVED
+CVE-2021-26388
+ RESERVED
+CVE-2021-26387
+ RESERVED
+CVE-2021-26386
+ RESERVED
+CVE-2021-26385
+ RESERVED
+CVE-2021-26384
+ RESERVED
+CVE-2021-26383
+ RESERVED
+CVE-2021-26382
+ RESERVED
+CVE-2021-26381
+ RESERVED
+CVE-2021-26380
+ RESERVED
+CVE-2021-26379
+ RESERVED
+CVE-2021-26378
+ RESERVED
+CVE-2021-26377
+ RESERVED
+CVE-2021-26376
+ RESERVED
+CVE-2021-26375
+ RESERVED
+CVE-2021-26374
+ RESERVED
+CVE-2021-26373
+ RESERVED
+CVE-2021-26372
+ RESERVED
+CVE-2021-26371
+ RESERVED
+CVE-2021-26370
+ RESERVED
+CVE-2021-26369
+ RESERVED
+CVE-2021-26368
+ RESERVED
+CVE-2021-26367
+ RESERVED
+CVE-2021-26366
+ RESERVED
+CVE-2021-26365
+ RESERVED
+CVE-2021-26364
+ RESERVED
+CVE-2021-26363
+ RESERVED
+CVE-2021-26362
+ RESERVED
+CVE-2021-26361
+ RESERVED
+CVE-2021-26360
+ RESERVED
+CVE-2021-26359
+ RESERVED
+CVE-2021-26358
+ RESERVED
+CVE-2021-26357
+ RESERVED
+CVE-2021-26356
+ RESERVED
+CVE-2021-26355
+ RESERVED
+CVE-2021-26354
+ RESERVED
+CVE-2021-26353
+ RESERVED
+CVE-2021-26352
+ RESERVED
+CVE-2021-26351
+ RESERVED
+CVE-2021-26350
+ RESERVED
+CVE-2021-26349
+ RESERVED
+CVE-2021-26348
+ RESERVED
+CVE-2021-26347
+ RESERVED
+CVE-2021-26346
+ RESERVED
+CVE-2021-26345
+ RESERVED
+CVE-2021-26344
+ RESERVED
+CVE-2021-26343
+ RESERVED
+CVE-2021-26342
+ RESERVED
+CVE-2021-26341
+ RESERVED
+CVE-2021-26340 (A malicious hypervisor in conjunction with an unprivileged attacker pr ...)
+ NOT-FOR-US: AMD
+CVE-2021-26339
+ RESERVED
+CVE-2021-26338 (Improper access controls in System Management Unit (SMU) may allow for ...)
+ NOT-FOR-US: AMD
+CVE-2021-26337 (Insufficient DRAM address validation in System Management Unit (SMU) m ...)
+ NOT-FOR-US: AMD
+CVE-2021-26336 (Insufficient bounds checking in System Management Unit (SMU) may cause ...)
+ NOT-FOR-US: AMD
+CVE-2021-26335 (Improper input and range checking in the Platform Security Processor ( ...)
+ NOT-FOR-US: AMD
+CVE-2021-26334 (The AMDPowerProfiler.sys driver of AMD &#956;Prof tool may allow lower ...)
+ NOT-FOR-US: AMD
+CVE-2021-26333 (An information disclosure vulnerability exists in AMD Platform Securit ...)
+ NOT-FOR-US: AMD
+CVE-2021-26332
+ RESERVED
+CVE-2021-26331 (AMD System Management Unit (SMU) contains a potential issue where a ma ...)
+ NOT-FOR-US: AMD
+CVE-2021-26330 (AMD System Management Unit (SMU) may experience a heap-based overflow ...)
+ NOT-FOR-US: AMD
+CVE-2021-26329 (AMD System Management Unit (SMU) may experience an integer overflow wh ...)
+ NOT-FOR-US: AMD
+CVE-2021-26328
+ RESERVED
+CVE-2021-26327 (Insufficient validation of guest context in the SNP Firmware could lea ...)
+ NOT-FOR-US: AMD
+CVE-2021-26326 (Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss o ...)
+ NOT-FOR-US: AMD
+CVE-2021-26325 (Insufficient input validation in the SNP_GUEST_REQUEST command may lea ...)
+ NOT-FOR-US: AMD
+CVE-2021-26324
+ RESERVED
+CVE-2021-26323 (Failure to validate SEV Commands while SNP is active may result in a p ...)
+ NOT-FOR-US: AMD
+CVE-2021-26322 (Persistent platform private key may not be protected with a random IV ...)
+ NOT-FOR-US: AMD
+CVE-2021-26321 (Insufficient ID command validation in the SEV Firmware may allow a loc ...)
+ NOT-FOR-US: AMD
+CVE-2021-26320 (Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_S ...)
+ NOT-FOR-US: AMD
+CVE-2021-26319
+ RESERVED
+CVE-2021-26318 (A timing and power-based side channel attack leveraging the x86 PREFET ...)
+ NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1017
+ TODO: check details and if mitigation in microcode/kernel exists
+CVE-2021-26317
+ RESERVED
+CVE-2021-26316
+ RESERVED
+CVE-2021-26315 (When the AMD Platform Security Processor (PSP) boot rom loads, authent ...)
+ NOT-FOR-US: AMD
+CVE-2021-26314 (Potential floating point value injection in all supported CPU products ...)
+ NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
+ NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in
+ NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314").
+CVE-2021-26313 (Potential speculative code store bypass in all supported CPU products, ...)
+ {DSA-4931-1}
+ - xen 4.14.2+25-gb6a8c4f72d-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-375.html
+ NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1003
+CVE-2021-26312 (PSP protection against improperly configured side channels may lead to ...)
+ NOT-FOR-US: AMD
+CVE-2021-26311 (In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest a ...)
+ NOT-FOR-US: AMD
+CVE-2021-3346 (Foris before 101.1.1, as used in Turris OS, lacks certain HTML escapin ...)
+ NOT-FOR-US: Foris
+CVE-2021-3344 (A privilege escalation flaw was found in OpenShift builder. During bui ...)
+ NOT-FOR-US: OpenShift
+CVE-2021-26310 (In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possibl ...)
+ NOT-FOR-US: TeamCity IntelliJ plugin
+CVE-2021-26309 (Information disclosure in the TeamCity plugin for IntelliJ before 2020 ...)
+ NOT-FOR-US: TeamCity IntelliJ plugin
+CVE-2021-3345 (_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9. ...)
+ [experimental] - libgcrypt20 1.9.1-1 (bug #981370)
+ - libgcrypt20 <not-affected> (Only affected 1.9)
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2145
+ NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
+ NOTE: https://dev.gnupg.org/T5275
+ NOTE: Introduced by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e76617cbab018dd8f41fd6b4ec6740b5303f7e13
+ NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=512c0c75276949f13b6373b5c04f7065af750b08
+CVE-2021-3348 (nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10 ...)
+ {DLA-2610-1}
+ - linux 5.10.13-1
+ [buster] - linux 4.19.177-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/b98e762e3d71e893b221f871825dc64694cfb258 (5.11-rc6)
+CVE-2021-3347 (An issue was discovered in the Linux kernel through 5.10.11. PI futexe ...)
+ {DSA-4843-1 DLA-2586-1 DLA-2557-1}
+ - linux 5.10.12-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/29/1
+CVE-2021-3343
+ RESERVED
+CVE-2021-3342 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...)
+ NOT-FOR-US: EPrints
+CVE-2021-3341 (A path traversal vulnerability in the DxWebEngine component of DH2i Dx ...)
+ NOT-FOR-US: DH2i DxEnterprise and DxOdyssey for Windows
+CVE-2021-3340 (A cross-site scripting (XSS) vulnerability in many forms of Wikindx be ...)
+ NOT-FOR-US: Wikindx
+CVE-2021-3339 (ModernFlow before 1.3.00.208 does not constrain web-page access to mem ...)
+ NOT-FOR-US: ModernFlow
+CVE-2021-3338
+ RESERVED
+CVE-2021-3337 (The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remo ...)
+ NOT-FOR-US: MyBB
+CVE-2021-3336 (DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not c ...)
+ - wolfssl 4.6.0-3
+ NOTE: https://github.com/wolfSSL/wolfssl/pull/3676
+CVE-2021-26308 (An issue was discovered in the marc crate before 2.0.0 for Rust. A use ...)
+ NOT-FOR-US: Rust marc
+CVE-2021-26307 (An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. ...)
+ NOT-FOR-US: Rust raw-cpuid
+CVE-2021-26306 (An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. ...)
+ NOT-FOR-US: Rust raw-cpuid
+CVE-2021-26305 (An issue was discovered in Deserializer::read_vec in the cdr crate bef ...)
+ NOT-FOR-US: Rust Deserializer::read_vec
+CVE-2021-26304 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)
+ NOT-FOR-US: PHPGurukul Daily Expense Tracker System
+CVE-2021-26303 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...)
+ NOT-FOR-US: PHPGurukul Daily Expense Tracker System
+CVE-2021-26302
+ RESERVED
+CVE-2021-26301
+ RESERVED
+CVE-2021-26300
+ RESERVED
+CVE-2021-26299
+ RESERVED
+CVE-2021-3335
+ RESERVED
+CVE-2021-3334
+ RESERVED
+CVE-2021-26298
+ RESERVED
+CVE-2021-26297
+ RESERVED
+CVE-2021-26296 (In the default configuration, Apache MyFaces Core versions 2.2.0 to 2. ...)
+ NOT-FOR-US: Apache MyFaces
+CVE-2021-26295 (Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthen ...)
+ NOT-FOR-US: Apache OFBiz
+CVE-2021-3333 (Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). W ...)
+ NOT-FOR-US: Open-AudIT
+CVE-2021-3332 (WPS Hide Login 1.6.1 allows remote attackers to bypass a protection me ...)
+ NOT-FOR-US: WPS Hide Logi
+CVE-2021-3331 (WinSCP before 5.17.10 allows remote attackers to execute arbitrary pro ...)
+ NOT-FOR-US: WinSCP
+CVE-2021-3330 (RCE/DOS: Linked-list corruption leading to large out-of-bounds write w ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3329
+ RESERVED
+CVE-2021-3328 (An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.1 ...)
+ NOT-FOR-US: Aprelium Abyss Web Server
+CVE-2021-3327 (Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_t ...)
+ NOT-FOR-US: Ovation Dynamic Content
+CVE-2021-26294 (An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail ...)
+ NOT-FOR-US: AfterLogic Aurora
+CVE-2021-26293 (An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail ...)
+ NOT-FOR-US: AfterLogic Aurora
+CVE-2021-26292
+ RESERVED
+CVE-2021-26291 (Apache Maven will follow repositories that are defined in a dependency ...)
+ - maven <unfixed> (bug #988155)
+ [bullseye] - maven <no-dsa> (Minor issue)
+ [buster] - maven <no-dsa> (Minor issue)
+ [stretch] - maven <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/23/5
+ NOTE: https://issues.apache.org/jira/browse/MNG-7118
+ NOTE: https://github.com/apache/maven/commit/907d53ad3264718f66ff15e1363d76b07dd0c05f (3.8.x)
+ NOTE: https://github.com/apache/maven/commit/67125676eef313e592da6424a9be0c90c5e6bca5 (master)
+CVE-2021-26290
+ RESERVED
+CVE-2021-26289
+ RESERVED
+CVE-2021-26288
+ RESERVED
+CVE-2021-26287
+ RESERVED
+CVE-2021-26286
+ RESERVED
+CVE-2021-26285
+ RESERVED
+CVE-2021-26284
+ RESERVED
+CVE-2021-26283
+ RESERVED
+CVE-2021-26282
+ RESERVED
+CVE-2021-26281
+ RESERVED
+CVE-2021-26280
+ RESERVED
+CVE-2021-26279
+ RESERVED
+CVE-2021-26278
+ RESERVED
+CVE-2021-26277
+ RESERVED
+CVE-2021-26276 (** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka C ...)
+ NOT-FOR-US: GoDaddy node-config-shield
+CVE-2021-26275 (** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 ...)
+ NOT-FOR-US: eslint-fixer
+CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...)
+ NOT-FOR-US: Monitorix
+CVE-2021-3324
+ RESERVED
+CVE-2021-3323 (Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zeph ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3322 (Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zeph ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3321 (Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3320 (Type Confusion in 802154 ACK Frames Handling. Zephyr versions &gt;= v2 ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3319 (DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addre ...)
+ NOT-FOR-US: Zephyr, different from src:zephyr
+CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editori ...)
+ NOT-FOR-US: DzzOffice
+CVE-2021-26274 (The Agent in NinjaRMM 5.0.909 has Insecure Permissions. ...)
+ NOT-FOR-US: NinjaRMM
+CVE-2021-26273 (The Agent in NinjaRMM 5.0.909 has Incorrect Access Control. ...)
+ NOT-FOR-US: NinjaRMM
+CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...)
+ - glibc 2.31-10 (bug #981198)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2146
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27256
+ NOTE: https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888
+ NOTE: When fixing the issue for older suites make sure to not open up CVE-2021-43396
+ NOTE: and make a complete fix.
+CVE-2021-3317 (KLog Server through 2.4.1 allows authenticated command injection. asyn ...)
+ NOT-FOR-US: KLog Server
+CVE-2021-3316
+ RESERVED
+CVE-2021-3315 (In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was ...)
+ NOT-FOR-US: JetBrains
+CVE-2021-3314 (** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and b ...)
+ NOT-FOR-US: Oracle
+CVE-2021-3313 (Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) ...)
+ NOT-FOR-US: Plone
+CVE-2021-3312 (An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11 ...)
+ NOT-FOR-US: Alkacon OpenCms
+CVE-2021-3311 (An issue was discovered in October through build 471. It reactivates a ...)
+ NOT-FOR-US: October CMS
+CVE-2021-3310 (Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbol ...)
+ NOT-FOR-US: Western Digital
+CVE-2021-3309 (packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process co ...)
+ NOT-FOR-US: Wekan
+CVE-2021-26272 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...)
+ - ckeditor 4.16.0+dfsg-1 (bug #982587)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ [stretch] - ckeditor <postponed> (Fix along next DLA)
+ NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
+CVE-2021-26271 (It was possible to execute a ReDoS-type attack inside CKEditor 4 befor ...)
+ - ckeditor 4.16.0+dfsg-1 (bug #982587)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ [stretch] - ckeditor <postponed> (Fix along next DLA)
+ NOTE: https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
+CVE-2021-26270
+ RESERVED
+CVE-2021-3307
+ RESERVED
+CVE-2021-3306
+ RESERVED
+CVE-2021-3305
+ RESERVED
+CVE-2021-3304 (Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long ...)
+ NOT-FOR-US: Sagemcom
+CVE-2021-3303
+ RESERVED
+CVE-2021-3302
+ RESERVED
+CVE-2021-3301
+ RESERVED
+CVE-2021-3300
+ RESERVED
+CVE-2021-3299
+ RESERVED
+CVE-2021-3298 (Collabtive 3.1 allows XSS when an authenticated user enters an XSS pay ...)
+ - collabtive <removed>
+CVE-2021-3297 (On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to ...)
+ NOT-FOR-US: Zyxel
+CVE-2021-3296
+ RESERVED
+CVE-2021-3295
+ RESERVED
+CVE-2021-3294 (CASAP Automated Enrollment System 1.0 is affected by cross-site script ...)
+ NOT-FOR-US: CASAP Automated Enrollment System
+CVE-2021-3293 (emlog v5.3.1 has full path disclosure vulnerability in t/index.php, wh ...)
+ NOT-FOR-US: emlog
+CVE-2021-3292
+ RESERVED
+CVE-2021-3291 (Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by insp ...)
+ NOT-FOR-US: Zen Cart
+CVE-2021-3290
+ RESERVED
+CVE-2021-3289
+ RESERVED
+CVE-2021-3288
+ RESERVED
+CVE-2021-26269
+ RESERVED
+CVE-2021-26268
+ RESERVED
+CVE-2021-26267 (cPanel before 92.0.9 allows a MySQL user (who has an old-style passwor ...)
+ NOT-FOR-US: cPanel
+CVE-2021-26266 (cPanel before 92.0.9 allows a Reseller to bypass the suspension lock ( ...)
+ NOT-FOR-US: cPanel
+CVE-2021-26246
+ RESERVED
+CVE-2021-26245
+ RESERVED
+CVE-2021-26244
+ RESERVED
+CVE-2021-26243
+ RESERVED
+CVE-2021-26242
+ RESERVED
+CVE-2021-26241
+ RESERVED
+CVE-2021-26240
+ RESERVED
+CVE-2021-26239
+ RESERVED
+CVE-2021-26238
+ RESERVED
+CVE-2021-26237 (FastStone Image Viewer &lt;= 7.5 is affected by a user mode write acce ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2021-26236 (FastStone Image Viewer v.&lt;= 7.5 is affected by a Stack-based Buffer ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2021-26235 (FastStone Image Viewer &lt;= 7.5 is affected by a user mode write acce ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2021-26234 (FastStone Image Viewer &lt;= 7.5 is affected by a user mode write acce ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2021-26233 (FastStone Image Viewer &lt;= 7.5 is affected by a user mode write acce ...)
+ NOT-FOR-US: FastStone Image Viewer
+CVE-2021-26232 (SQL injection vulnerability in SourceCodester Simple College Website v ...)
+ NOT-FOR-US: SourceCodester Simple College Website
+CVE-2021-26231 (SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 ...)
+ NOT-FOR-US: SourceCodester Fantastic Blog CMS
+CVE-2021-26230 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...)
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
+CVE-2021-26229 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...)
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
+CVE-2021-26228 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...)
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
+CVE-2021-26227 (Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Autom ...)
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
+CVE-2021-26226 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...)
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
+CVE-2021-26225
+ RESERVED
+CVE-2021-26224 (Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-B ...)
+ NOT-FOR-US: SourceCodester Fantastic-Blog-CMS
+CVE-2021-26223 (SQL injection vulnerability in SourceCodester CASAP Automated Enrollme ...)
+ NOT-FOR-US: SourceCodester CASAP Automated Enrollment System
+CVE-2021-26222 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...)
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/22/
+CVE-2021-26221 (The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB ...)
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/21/
+CVE-2021-26220 (The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to O ...)
+ - mapcache <unfixed> (bug #989363)
+ [bullseye] - mapcache <no-dsa> (Minor issue)
+ [buster] - mapcache <no-dsa> (Minor issue)
+ [stretch] - mapcache <no-dsa> (Minor issue)
+ - scilab <unfixed> (bug #989364)
+ [bullseye] - scilab <no-dsa> (Minor issue)
+ [buster] - scilab <no-dsa> (Minor issue)
+ [stretch] - scilab <no-dsa> (Minor issue)
+ - netcdf <unfixed> (bug #989360)
+ [bullseye] - netcdf <no-dsa> (Minor issue)
+ [buster] - netcdf <no-dsa> (Minor issue)
+ [stretch] - netcdf <not-affected> (vulnerable code not present)
+ - netcdf-parallel <unfixed> (bug #989361)
+ [bullseye] - netcdf-parallel <no-dsa> (Minor issue)
+ [buster] - netcdf-parallel <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/ezxml/bugs/223/
+CVE-2021-26219
+ RESERVED
+CVE-2021-26218
+ RESERVED
+CVE-2021-26217
+ RESERVED
+CVE-2021-26216 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out. ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-26215 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out. ...)
+ NOT-FOR-US: SeedDMS
+CVE-2021-26214
+ RESERVED
+CVE-2021-26213
+ RESERVED
+CVE-2021-26212
+ RESERVED
+CVE-2021-26211
+ RESERVED
+CVE-2021-26210
+ RESERVED
+CVE-2021-26209
+ RESERVED
+CVE-2021-26208
+ RESERVED
+CVE-2021-26207
+ RESERVED
+CVE-2021-26206
+ RESERVED
+CVE-2021-26205
+ RESERVED
+CVE-2021-26204
+ RESERVED
+CVE-2021-26203
+ RESERVED
+CVE-2021-26202
+ RESERVED
+CVE-2021-26201 (The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable ...)
+ NOT-FOR-US: Login Panel of CASAP Automated Enrollment System
+CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL injection wh ...)
+ NOT-FOR-US: Library System
+CVE-2021-26199 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4056
+CVE-2021-26198 (An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_ ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4402
+CVE-2021-26197 (An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_ ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4403
+CVE-2021-26196
+ RESERVED
+CVE-2021-26195 (An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-o ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4442
+CVE-2021-26194 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
+ - iotjs <unfixed> (bug #989991)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4445
+CVE-2021-26193
+ RESERVED
+CVE-2021-26192
+ RESERVED
+CVE-2021-26191
+ RESERVED
+CVE-2021-26190
+ RESERVED
+CVE-2021-26189
+ RESERVED
+CVE-2021-26188
+ RESERVED
+CVE-2021-26187
+ RESERVED
+CVE-2021-26186
+ RESERVED
+CVE-2021-26185
+ RESERVED
+CVE-2021-26184
+ RESERVED
+CVE-2021-26183
+ RESERVED
+CVE-2021-26182
+ RESERVED
+CVE-2021-26181
+ RESERVED
+CVE-2021-26180
+ RESERVED
+CVE-2021-26179
+ RESERVED
+CVE-2021-26178
+ RESERVED
+CVE-2021-26177
+ RESERVED
+CVE-2021-26176
+ RESERVED
+CVE-2021-26175
+ RESERVED
+CVE-2021-26174
+ RESERVED
+CVE-2021-26173
+ RESERVED
+CVE-2021-26172
+ RESERVED
+CVE-2021-26171
+ RESERVED
+CVE-2021-26170
+ RESERVED
+CVE-2021-26169
+ RESERVED
+CVE-2021-26168
+ RESERVED
+CVE-2021-26167
+ RESERVED
+CVE-2021-26166
+ RESERVED
+CVE-2021-26165
+ RESERVED
+CVE-2021-26164
+ RESERVED
+CVE-2021-26163
+ RESERVED
+CVE-2021-26162
+ RESERVED
+CVE-2021-26161
+ RESERVED
+CVE-2021-26160
+ RESERVED
+CVE-2021-26159
+ RESERVED
+CVE-2021-26158
+ RESERVED
+CVE-2021-26157
+ RESERVED
+CVE-2021-26156
+ RESERVED
+CVE-2021-26155
+ RESERVED
+CVE-2021-26154
+ RESERVED
+CVE-2021-26153
+ RESERVED
+CVE-2021-26152
+ RESERVED
+CVE-2021-26151
+ RESERVED
+CVE-2021-26150
+ RESERVED
+CVE-2021-26149
+ RESERVED
+CVE-2021-26148
+ RESERVED
+CVE-2021-26147
+ RESERVED
+CVE-2021-26146
+ RESERVED
+CVE-2021-26145
+ RESERVED
+CVE-2021-26144
+ RESERVED
+CVE-2021-26143
+ RESERVED
+CVE-2021-26142
+ RESERVED
+CVE-2021-26141
+ RESERVED
+CVE-2021-26140
+ RESERVED
+CVE-2021-26139
+ RESERVED
+CVE-2021-26138
+ RESERVED
+CVE-2021-26137
+ RESERVED
+CVE-2021-26136
+ RESERVED
+CVE-2021-26135
+ RESERVED
+CVE-2021-26134
+ RESERVED
+CVE-2021-26133
+ RESERVED
+CVE-2021-26132
+ RESERVED
+CVE-2021-26131
+ RESERVED
+CVE-2021-26130
+ RESERVED
+CVE-2021-26129
+ RESERVED
+CVE-2021-26128
+ RESERVED
+CVE-2021-26127
+ RESERVED
+CVE-2021-26126
+ RESERVED
+CVE-2021-26125
+ RESERVED
+CVE-2021-26124
+ RESERVED
+CVE-2021-23232
+ RESERVED
+CVE-2021-23230 (A SQL Injection vulnerability in the OPCUA interface of Gallagher Comm ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23224
+ RESERVED
+CVE-2021-23220
+ RESERVED
+CVE-2021-23212
+ RESERVED
+CVE-2021-23211 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23205 (Improper Encoding or Escaping in Gallagher Command Centre Server allow ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23204 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23199
+ RESERVED
+CVE-2021-23197 (Unquoted service path vulnerability in the Gallagher Controller Servic ...)
+ NOT-FOR-US: Gallagher Controller Service
+CVE-2021-23193 (Improper privilege validation vulnerability in COM Interface of Gallag ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23185
+ RESERVED
+CVE-2021-23182 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23167 (Improper certificate validation vulnerability in SMTP Client allows ma ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23162 (Improper validation of the cloud certificate chain in Mobile Connect a ...)
+ NOT-FOR-US: Gallagher
+CVE-2021-23155 (Improper validation of the cloud certificate chain in Mobile Client al ...)
+ NOT-FOR-US: Gallagher
+CVE-2021-23146 (An Incomplete Comparison with Missing Factors vulnerability in the Gal ...)
+ NOT-FOR-US: Gallagher
+CVE-2021-23140 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-23136 (Improper Authorization vulnerability in Gallagher Command Centre Serve ...)
+ NOT-FOR-US: Gallagher Command Centre Server
+CVE-2021-26123 (LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wiht ...)
+ NOT-FOR-US: LivingLogic XIST4C
+CVE-2021-26122 (LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedb ...)
+ NOT-FOR-US: LivingLogic XIST4C
+CVE-2021-26121
+ RESERVED
+CVE-2021-26120 (Smarty before 3.1.39 allows code injection via an unexpected function ...)
+ {DLA-2618-1}
+ - smarty3 3.1.39-1
+ [buster] - smarty3 <no-dsa> (Minor issue)
+ NOTE: https://github.com/smarty-php/smarty/commit/4f634c0097ab4a8b2adc2a97caacd1676e88f9c8
+CVE-2021-26119 (Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_ ...)
+ {DLA-2618-1}
+ - smarty3 3.1.39-1
+ [buster] - smarty3 <no-dsa> (Minor issue)
+ NOTE: https://github.com/smarty-php/smarty/commit/c9272058d972045dda9c99c64a82acb21c93c6ad
+CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation of adv ...)
+ NOT-FOR-US: Apache ActiveMQ Artemis
+CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use anony ...)
+ {DLA-2583-1}
+ - activemq 5.16.1-1 (bug #982590)
+ [buster] - activemq <no-dsa> (Minor issue)
+ NOTE: https://issues.apache.org/jira/browse/AMQ-8035
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/27/6
+ NOTE: https://gitbox.apache.org/repos/asf?p=activemq.git;h=c9f68f4c64b2687eee283b95538753665d2b229b
+CVE-2021-26116
+ RESERVED
+CVE-2021-26115
+ RESERVED
+CVE-2021-26114
+ RESERVED
+CVE-2021-26113
+ RESERVED
+CVE-2021-26112
+ RESERVED
+CVE-2021-26111 (A missing release of memory after effective lifetime vulnerability in ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-26110 (An improper access control vulnerability [CWE-284] in FortiOS autod da ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-26109 (An integer overflow or wraparound vulnerability in the memory allocato ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-26108 (A use of hard-coded cryptographic key vulnerability in the SSLVPN of F ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-26107 (An improper access control vulnerability [CWE-284] in FortiManager ver ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-26106 (An improper neutralization of special elements used in an OS Command v ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-26105
+ RESERVED
+CVE-2021-26104
+ RESERVED
+CVE-2021-26103 (An insufficient verification of data authenticity vulnerability (CWE-3 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-26102
+ RESERVED
+CVE-2021-26101
+ RESERVED
+CVE-2021-26100 (A missing cryptographic step in the Identity-Based Encryption service ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-26099 (Missing cryptographic steps in the Identity-Based Encryption service o ...)
+ NOT-FOR-US: FortiMail
+CVE-2021-26098 (An instance of small space of random values in the RPC API of FortiSan ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-26097 (An improper neutralization of special elements used in an OS Command v ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-26096 (Multiple instances of heap-based buffer overflow in the command shell ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-26095 (The combination of various cryptographic issues in the session managem ...)
+ NOT-FOR-US: FortiMail
+CVE-2021-26094
+ RESERVED
+CVE-2021-26093
+ RESERVED
+CVE-2021-26092
+ RESERVED
+CVE-2021-26091
+ RESERVED
+CVE-2021-26090 (A missing release of memory after its effective lifetime vulnerability ...)
+ NOT-FOR-US: FortiMail
+CVE-2021-26089 (An improper symlink following in FortiClient for Mac 6.4.3 and below m ...)
+ NOT-FOR-US: FortiClient
+CVE-2021-26088 (An improper authentication vulnerability in FSSO Collector version 5.0 ...)
+ NOT-FOR-US: Fortinet
+CVE-2021-26087
+ RESERVED
+CVE-2021-26086 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26085 (Affected versions of Atlassian Confluence Server allow remote attacker ...)
+ NOT-FOR-US: Atlassian Confluence
+CVE-2021-26084 (In affected versions of Confluence Server and Data Center, an OGNL inj ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26083 (Export HTML Report in Atlassian Jira Server and Jira Data Center befor ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26082 (The XML Export in Atlassian Jira Server and Jira Data Center before ve ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26081 (REST API in Atlassian Jira Server and Jira Data Center before version ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26080 (EditworkflowScheme.jspa in Jira Server and Jira Data Center before ver ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26079 (The CardLayoutConfigTable component in Jira Server and Jira Data Cente ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26078 (The number range searcher component in Jira Server and Jira Data Cente ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26077 (Broken Authentication in Atlassian Connect Spring Boot (ACSB) in versi ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26076 (The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26075 (The Jira importers plugin AttachTemporaryFile rest resource in Jira Se ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26074 (Broken Authentication in Atlassian Connect Spring Boot (ACSB) from ver ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26073 (Broken Authentication in Atlassian Connect Express (ACE) from version ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26072 (The WidgetConnector plugin in Confluence Server and Confluence Data Ce ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26071 (The SetFeatureEnabled.jspa resource in Jira Server and Data Center bef ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26070 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26069 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26068 (An endpoint in Atlassian Jira Server for Slack plugin from version 0.0 ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26067 (Affected versions of Atlassian Bamboo allow an unauthenticated remote ...)
+ NOT-FOR-US: Atlassian
+CVE-2021-26066
+ REJECTED
+CVE-2021-26065
+ REJECTED
+CVE-2021-26064
+ REJECTED
+CVE-2021-26063
+ REJECTED
+CVE-2021-26062
+ REJECTED
+CVE-2021-26061
+ REJECTED
+CVE-2021-26060
+ REJECTED
+CVE-2021-26059
+ REJECTED
+CVE-2021-26058
+ REJECTED
+CVE-2021-26057
+ REJECTED
+CVE-2021-26056
+ REJECTED
+CVE-2021-26055
+ REJECTED
+CVE-2021-26054
+ REJECTED
+CVE-2021-26053
+ REJECTED
+CVE-2021-26052
+ REJECTED
+CVE-2021-26051
+ REJECTED
+CVE-2021-26050
+ REJECTED
+CVE-2021-26049
+ REJECTED
+CVE-2021-26048
+ REJECTED
+CVE-2021-26047
+ REJECTED
+CVE-2021-26046
+ REJECTED
+CVE-2021-26045
+ REJECTED
+CVE-2021-26044
+ REJECTED
+CVE-2021-26043
+ REJECTED
+CVE-2021-26042
+ REJECTED
+CVE-2021-26041
+ REJECTED
+CVE-2021-26040 (An issue was discovered in Joomla! 4.0.0. The media manager does not c ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26039 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26038 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install actio ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26037 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26036 (An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing valid ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26035 (An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate es ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26034 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26033 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing tok ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26032 (An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was miss ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26031 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate fi ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26030 (An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate es ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26029 (An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate fi ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26028 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-26027 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-3287 (Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Rem ...)
+ NOT-FOR-US: Zoho ManageEngine OpManager
+CVE-2021-26026 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...)
+ NOT-FOR-US: ACDSee Professional 2021
+CVE-2021-26025 (PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a Use ...)
+ NOT-FOR-US: ACDSee Professional 2021
+CVE-2021-3286 (SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands p ...)
+ - spotweb <not-affected> (Incomplete fix for CVE-2020-35545 not applied)
+ NOTE: https://github.com/spotweb/spotweb/issues/653
+CVE-2021-3285 (jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1. ...)
+ NOT-FOR-US: TI Code Composer Studio IDE
+CVE-2021-3284
+ RESERVED
+CVE-2021-3283 (HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task d ...)
+ - nomad 0.12.10+dfsg1-1 (bug #981889)
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332
+CVE-2021-3282 (HashiCorp Vault Enterprise 1.6.0 &amp; 1.6.1 allowed the `remove-peer` ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-3281 (In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, ...)
+ {DLA-2540-1}
+ - python-django 2:2.2.18-1 (bug #981562)
+ [buster] - python-django <no-dsa> (Minor issue)
+ NOTE: https://www.djangoproject.com/weblog/2021/feb/01/security-releases/
+ NOTE: https://github.com/django/django/commit/05413afa8c18cdb978fcdf470e09f7a12b234a23 (master)
+ NOTE: https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37 (2.2.18)
+CVE-2021-26024 (The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-26023 (The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-26022
+ RESERVED
+CVE-2021-26021
+ RESERVED
+CVE-2021-26020
+ RESERVED
+CVE-2021-26019
+ RESERVED
+CVE-2021-26018
+ RESERVED
+CVE-2021-26017
+ RESERVED
+CVE-2021-26016
+ RESERVED
+CVE-2021-26015
+ RESERVED
+CVE-2021-26014
+ RESERVED
+CVE-2021-26013
+ RESERVED
+CVE-2021-26012
+ RESERVED
+CVE-2021-26011
+ RESERVED
+CVE-2021-26010
+ RESERVED
+CVE-2021-26009
+ RESERVED
+CVE-2021-26008
+ RESERVED
+CVE-2021-26007
+ RESERVED
+CVE-2021-26006
+ RESERVED
+CVE-2021-26005
+ RESERVED
+CVE-2021-26004
+ RESERVED
+CVE-2021-26003
+ RESERVED
+CVE-2021-26002
+ RESERVED
+CVE-2021-26001
+ RESERVED
+CVE-2021-26000
+ RESERVED
+CVE-2021-25999
+ RESERVED
+CVE-2021-25998
+ RESERVED
+CVE-2021-25997
+ RESERVED
+CVE-2021-25996
+ RESERVED
+CVE-2021-25995
+ RESERVED
+CVE-2021-25994 (In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Head ...)
+ NOT-FOR-US: Userfrosting
+CVE-2021-25993 (In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected b ...)
+ NOT-FOR-US: Requarks wiki.js
+CVE-2021-25992 (In Ifme, versions 1.0.0 to v.7.33.2 don&#8217;t properly invalidate a ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25991 (In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper a ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25990 (In &#8220;ifme&#8221;, versions v7.22.0 to v7.31.4 are vulnerable agai ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25989 (In &#8220;ifme&#8221;, versions 1.0.0 to v7.31.4 are vulnerable agains ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25988 (In &#8220;ifme&#8221;, versions 1.0.0 to v7.31.4 are vulnerable agains ...)
+ NOT-FOR-US: Ifme
+CVE-2021-25987 (Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The po ...)
+ NOT-FOR-US: hexo blog framework
+CVE-2021-25986 (In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cros ...)
+ NOT-FOR-US: Django-wiki
+CVE-2021-25985 (In Factor (App Framework &amp; Headless CMS) v1.0.4 to v1.8.30, improp ...)
+ NOT-FOR-US: Factor (App Framework & Headless CMS)
+CVE-2021-25984 (In Factor (App Framework &amp; Headless CMS) forum plugin, versions v1 ...)
+ NOT-FOR-US: Factor (App Framework & Headless CMS)
+CVE-2021-25983 (In Factor (App Framework &amp; Headless CMS) forum plugin, versions v1 ...)
+ NOT-FOR-US: Factor (App Framework & Headless CMS)
+CVE-2021-25982 (In Factor (App Framework &amp; Headless CMS) forum plugin, versions 1. ...)
+ NOT-FOR-US: Factor (App Framework & Headless CMS)
+CVE-2021-25981 (In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev ve ...)
+ NOT-FOR-US: Talkyard
+CVE-2021-25980 (In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22 ...)
+ NOT-FOR-US: Talkyard
+CVE-2021-25979 (Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insuffi ...)
+ NOT-FOR-US: Apostrophe CMS
+CVE-2021-25978 (Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stor ...)
+ NOT-FOR-US: Apostrophe CMS
+CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...)
+ NOT-FOR-US: PiranhaCMS
+CVE-2021-25976 (In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross- ...)
+ NOT-FOR-US: PiranhaCMS
+CVE-2021-25975 (In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a ...)
+ NOT-FOR-US: Publify
+CVE-2021-25974 (In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A us ...)
+ NOT-FOR-US: Publify
+CVE-2021-25973 (In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Cont ...)
+ NOT-FOR-US: Publify
+CVE-2021-25972 (In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-S ...)
+ NOT-FOR-US: Camaleon CMS
+CVE-2021-25971 (In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught ...)
+ NOT-FOR-US: Camaleon CMS
+CVE-2021-25970 (Camaleon CMS 0.1.7 to 2.6.0 doesn&#8217;t terminate the active session ...)
+ NOT-FOR-US: Camaleon CMS
+CVE-2021-25969 (In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to ...)
+ NOT-FOR-US: Camaleon CMS
+CVE-2021-25968 (In &#8220;OpenCMS&#8221;, versions 10.5.0 to 11.0.2 are affected by a ...)
+ NOT-FOR-US: OpenCMS
+CVE-2021-25967 (In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerab ...)
+ NOT-FOR-US: CKAN
+CVE-2021-25966 (In &#8220;Orchard core CMS&#8221; application, versions 1.0.0-beta1-33 ...)
+ NOT-FOR-US: Orchard CMS
+CVE-2021-25965 (In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site ...)
+ NOT-FOR-US: Calibre web
+CVE-2021-25964 (In &#8220;Calibre-web&#8221; application, v0.6.0 to v0.6.12, are vulne ...)
+ NOT-FOR-US: Calibre web
+CVE-2021-25963 (In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cr ...)
+ NOT-FOR-US: Shuup
+CVE-2021-25962 (&#8220;Shuup&#8221; application in versions 0.4.2 to 2.10.8 is affecte ...)
+ NOT-FOR-US: Shuup
+CVE-2021-25961 (In &#8220;SuiteCRM&#8221; application, v7.1.7 through v7.10.31 and v7. ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-25960 (In &#8220;SuiteCRM&#8221; application, v7.11.18 through v7.11.19 and v ...)
+ NOT-FOR-US: SuiteCRM
+CVE-2021-25959 (In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected ...)
+ NOT-FOR-US: OpenCRX
+CVE-2021-25958 (In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch ...)
+ NOT-FOR-US: Apache Ofbiz
+CVE-2021-25957 (In &#8220;Dolibarr&#8221; application, v2.8.1 to v13.0.2 are vulnerabl ...)
+ - dolibarr <removed>
+ NOTE: https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377
+CVE-2021-25956 (In &#8220;Dolibarr&#8221; application, v3.3.beta1_20121221 to v13.0.2 ...)
+ - dolibarr <removed>
+ NOTE: https://github.com/Dolibarr/dolibarr/commit/c4cba43bade736ab89e31013a6ccee59a6e077ee
+CVE-2021-25955 (In &#8220;Dolibarr ERP CRM&#8221;, WYSIWYG Editor module, v2.8.1 to v1 ...)
+ - dolibarr <removed>
+ NOTE: https://github.com/Dolibarr/dolibarr/commit/796b2d201acb9938b903fb2afa297db289ecc93e
+CVE-2021-25954 (In &#8220;Dolibarr&#8221; application, 2.8.1 to 13.0.4 don&#8217;t res ...)
+ - dolibarr <removed>
+CVE-2021-25953 (Prototype pollution vulnerability in 'putil-merge' versions1.0.0 throu ...)
+ NOT-FOR-US: Node putil-merge
+CVE-2021-25952 (Prototype pollution vulnerability in &#8216;just-safe-set&#8217; versi ...)
+ NOT-FOR-US: AngusC just-safe-set
+CVE-2021-25951 (XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to ca ...)
+ NOT-FOR-US: XML2Dict
+CVE-2021-25950
+ REJECTED
+CVE-2021-25949 (Prototype pollution vulnerability in 'set-getter' version 0.1.0 allows ...)
+ NOT-FOR-US: Node set-getter
+CVE-2021-25948 (Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 thro ...)
+ NOT-FOR-US: Node expand-hash
+CVE-2021-25947 (Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 1 ...)
+ NOT-FOR-US: Node nestie
+CVE-2021-25946 (Prototype pollution vulnerability in `nconf-toml` versions 0.0.1 throu ...)
+ NOT-FOR-US: Node nconf-toml
+CVE-2021-25945 (Prototype pollution vulnerability in 'js-extend' versions 0.0.1 throug ...)
+ NOT-FOR-US: Node js-extend
+CVE-2021-25944 (Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 th ...)
+ NOT-FOR-US: Node deep-defaults
+CVE-2021-25943 (Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6. ...)
+ NOT-FOR-US: Node 101
+CVE-2021-25942
+ RESERVED
+CVE-2021-25941 (Prototype pollution vulnerability in 'deep-override' versions 1.0.0 th ...)
+ NOT-FOR-US: Node deep-override
+CVE-2021-25940 (In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insuffic ...)
+ - arangodb <itp> (bug #761817)
+CVE-2021-25939 (In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature whi ...)
+ - arangodb <itp> (bug #761817)
+CVE-2021-25938 (In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross ...)
+ - arangodb <itp> (bug #761817)
+CVE-2021-25937
+ RESERVED
+CVE-2021-25936
+ RESERVED
+CVE-2021-25935 (In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25934 (In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25932 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25929 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...)
+ - opennms <itp> (bug #450615)
+CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...)
+ NOT-FOR-US: Node safe-obj
+CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...)
+ NOT-FOR-US: Node safe-flat
+CVE-2021-25926 (In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Re ...)
+ NOT-FOR-US: SiCKRAGE
+CVE-2021-25925 (in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored C ...)
+ NOT-FOR-US: SiCKRAGE
+CVE-2021-25924 (In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Reques ...)
+ NOT-FOR-US: GoCD
+CVE-2021-25923 (In OpenEMR, versions 5.0.0 to 6.0.0.1 are vulnerable to weak password ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25922 (In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross- ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25921 (In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25920 (In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Ac ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25919 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25918 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25917 (In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Sit ...)
+ NOT-FOR-US: OpenEMR
+CVE-2021-25916 (Prototype pollution vulnerability in 'patchmerge' versions 1.0.0 throu ...)
+ NOT-FOR-US: Node patchmerge
+CVE-2021-25915 (Prototype pollution vulnerability in 'changeset' versions 0.0.1 throug ...)
+ NOT-FOR-US: changeset
+CVE-2021-25914 (Prototype pollution vulnerability in 'object-collider' versions 1.0.0 ...)
+ NOT-FOR-US: object-collider
+CVE-2021-25913 (Prototype pollution vulnerability in 'set-or-get' version 1.0.0 throug ...)
+ NOT-FOR-US: Node set-or-get
+CVE-2021-25912 (Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0. ...)
+ NOT-FOR-US: Node dotty
+CVE-2021-25911
+ RESERVED
+CVE-2021-25910 (Improper Authentication vulnerability in the cookie parameter of ZIV A ...)
+ NOT-FOR-US: ZIV AUTOMATION 4CCT-EA6-334126BF
+CVE-2021-25909 (ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, al ...)
+ NOT-FOR-US: ZIV Automation 4CCT-EA6-334126BF
+CVE-2021-25908 (An issue was discovered in the fil-ocl crate through 2021-01-04 for Ru ...)
+ NOT-FOR-US: Rust crate fil-ocl
+CVE-2021-25907 (An issue was discovered in the containers crate before 0.9.11 for Rust ...)
+ NOT-FOR-US: Rust crate containers
+CVE-2021-25906 (An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for ...)
+ NOT-FOR-US: Rust crate basic_dsp_matrix
+CVE-2021-25905 (An issue was discovered in the bra crate before 0.1.1 for Rust. It lac ...)
+ NOT-FOR-US: Rust crate bra
+CVE-2021-25904 (An issue was discovered in the av-data crate before 0.3.0 for Rust. A ...)
+ NOT-FOR-US: Rust crate av-data
+CVE-2021-25903 (An issue was discovered in the cache crate through 2021-01-01 for Rust ...)
+ NOT-FOR-US: Rust crate cache
+CVE-2021-25902 (An issue was discovered in the glsl-layout crate before 0.4.0 for Rust ...)
+ NOT-FOR-US: Rust crate glsl-layout
+CVE-2021-25901 (An issue was discovered in the lazy-init crate through 2021-01-17 for ...)
+ NOT-FOR-US: Rust crate lazy-init
+CVE-2021-3280
+ RESERVED
+CVE-2021-3279 (sz.chat version 4 allows injection of web scripts and HTML in the mess ...)
+ NOT-FOR-US: sz.chat
+CVE-2021-3278 (Local Service Search Engine Management System 1.0 has a vulnerability ...)
+ NOT-FOR-US: Local Service Search Engine Management System
+CVE-2021-3277 (Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbi ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-3276
+ RESERVED
+CVE-2021-3275 (Unauthenticated stored cross-site scripting (XSS) exists in multiple T ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-3274
+ RESERVED
+CVE-2021-3273 (Nagios XI below 5.7 is affected by code injection in the /nagiosxi/adm ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-3272 (jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-b ...)
+ - jasper <removed>
+ NOTE: https://github.com/jasper-software/jasper/issues/259
+CVE-2021-3271 (PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS ca ...)
+ NOT-FOR-US: PressBooks
+CVE-2021-3270
+ RESERVED
+CVE-2021-3269
+ RESERVED
+CVE-2021-3268
+ RESERVED
+CVE-2021-3267
+ RESERVED
+CVE-2021-3266
+ RESERVED
+CVE-2021-3265
+ RESERVED
+CVE-2021-3264 (SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in p ...)
+ NOT-FOR-US: cxuucms
+CVE-2021-3263
+ RESERVED
+CVE-2021-3262
+ RESERVED
+CVE-2021-3261
+ RESERVED
+CVE-2021-3260
+ RESERVED
+CVE-2021-3259
+ RESERVED
+CVE-2021-3258 (Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site ...)
+ NOT-FOR-US: Question2Answer Q2A Ultimate SEO
+CVE-2021-3257
+ RESERVED
+CVE-2021-3256 (KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the h ...)
+ NOT-FOR-US: KuaiFanCMS
+CVE-2021-3255
+ RESERVED
+CVE-2021-3254
+ RESERVED
+CVE-2021-3253
+ RESERVED
+CVE-2021-3252 (KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect acce ...)
+ NOT-FOR-US: KACO New Energy XP100U Up to XP-JAVA
+CVE-2021-3251
+ RESERVED
+CVE-2021-3250
+ RESERVED
+CVE-2021-3249
+ RESERVED
+CVE-2021-3248
+ RESERVED
+CVE-2021-3247
+ RESERVED
+CVE-2021-3246 (A heap buffer overflow vulnerability in msadpcm_decode_block of libsnd ...)
+ {DSA-4947-1 DLA-2722-1}
+ - libsndfile 1.0.31-2 (bug #991496)
+ NOTE: https://github.com/libsndfile/libsndfile/issues/687
+ NOTE: https://github.com/libsndfile/libsndfile/commit/deb669ee8be55a94565f6f8a6b60890c2e7c6f32
+CVE-2021-3245
+ RESERVED
+CVE-2021-3244
+ RESERVED
+CVE-2021-3243 (Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerabilit ...)
+ NOT-FOR-US: Wfilter ICF
+CVE-2021-3242 (DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: DuxCMS
+CVE-2021-3241
+ RESERVED
+CVE-2021-3240
+ RESERVED
+CVE-2021-3239 (E-Learning System 1.0 suffers from an unauthenticated SQL injection vu ...)
+ NOT-FOR-US: E-Learning System
+CVE-2021-3238
+ RESERVED
+CVE-2021-3237
+ RESERVED
+CVE-2021-3236
+ RESERVED
+CVE-2021-3235
+ RESERVED
+CVE-2021-3234
+ RESERVED
+CVE-2021-3233
+ RESERVED
+CVE-2021-3232
+ RESERVED
+CVE-2021-3231
+ RESERVED
+CVE-2021-3230
+ RESERVED
+CVE-2021-3229 (Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4. ...)
+ NOT-FOR-US: ASUSWRT ASUS RT-AX3000 firmware
+CVE-2021-3228
+ RESERVED
+CVE-2021-3227
+ RESERVED
+CVE-2021-3226
+ RESERVED
+CVE-2021-3225
+ RESERVED
+CVE-2021-3224 (A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exis ...)
+ NOT-FOR-US: cszcms
+CVE-2021-3223 (Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory tra ...)
+ NOT-FOR-US: Node-RED-Dashboard
+CVE-2021-3222
+ RESERVED
+CVE-2021-3221
+ RESERVED
+CVE-2021-3220
+ RESERVED
+CVE-2021-3219
+ RESERVED
+CVE-2021-3218
+ RESERVED
+CVE-2021-3217
+ RESERVED
+CVE-2021-3216
+ RESERVED
+CVE-2021-3215
+ RESERVED
+CVE-2021-3214
+ RESERVED
+CVE-2021-3213
+ RESERVED
+CVE-2021-3212
+ RESERVED
+CVE-2021-3211
+ RESERVED
+CVE-2021-3210 (components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound &l ...)
+ NOT-FOR-US: Bloodhound
+CVE-2021-3209
+ RESERVED
+CVE-2021-3208
+ RESERVED
+CVE-2021-3207
+ RESERVED
+CVE-2021-3206
+ RESERVED
+CVE-2021-3205
+ RESERVED
+CVE-2021-3204 (SSRF in the document conversion component of Webware Webdesktop 5.1.15 ...)
+ NOT-FOR-US: Webware Webdesktop
+CVE-2021-3203
+ RESERVED
+CVE-2021-3202
+ RESERVED
+CVE-2021-3201
+ RESERVED
+CVE-2021-3200 (Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * t ...)
+ - libsolv 0.7.17-1 (unimportant)
+ NOTE: https://github.com/openSUSE/libsolv/issues/416
+ NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-3199 (Directory traversal with remote code execution can occur in /upload in ...)
+ NOT-FOR-US: ONLYOFFICE Document Server
+CVE-2021-3198 (By abusing the 'install rpm url' command, an attacker can escape the r ...)
+ NOT-FOR-US: Ivanti MobileIron Core
+CVE-2021-25899 (An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0 ...)
+ NOT-FOR-US: Void Aural Rec Monitor
+CVE-2021-25898 (An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0 ...)
+ NOT-FOR-US: Void Aural Rec Monitor
+CVE-2021-25897
+ RESERVED
+CVE-2021-25896
+ RESERVED
+CVE-2021-25895
+ RESERVED
+CVE-2021-25894 (Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scriptin ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-25893 (Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scriptin ...)
+ NOT-FOR-US: Magnolia CMS
+CVE-2021-25892
+ RESERVED
+CVE-2021-25891
+ RESERVED
+CVE-2021-25890
+ RESERVED
+CVE-2021-25889
+ RESERVED
+CVE-2021-25888
+ RESERVED
+CVE-2021-25887
+ RESERVED
+CVE-2021-25886
+ RESERVED
+CVE-2021-25885
+ RESERVED
+CVE-2021-25884
+ RESERVED
+CVE-2021-25883
+ RESERVED
+CVE-2021-25882
+ RESERVED
+CVE-2021-25881
+ RESERVED
+CVE-2021-25880
+ RESERVED
+CVE-2021-25879
+ RESERVED
+CVE-2021-25878 (AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cro ...)
+ NOT-FOR-US: AVideo/YouPHPTube
+CVE-2021-25877 (AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. A ...)
+ NOT-FOR-US: AVideo/YouPHPTube
+CVE-2021-25876 (AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script S ...)
+ NOT-FOR-US: AVideo/YouPHPTube
+CVE-2021-25875 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflec ...)
+ NOT-FOR-US: AVideo/YouPHPTube
+CVE-2021-25874 (AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQ ...)
+ NOT-FOR-US: AVideo/YouPHPTube
+CVE-2021-25873
+ RESERVED
+CVE-2021-25872
+ RESERVED
+CVE-2021-25871
+ RESERVED
+CVE-2021-25870
+ RESERVED
+CVE-2021-25869
+ RESERVED
+CVE-2021-25868
+ RESERVED
+CVE-2021-25867
+ RESERVED
+CVE-2021-25866
+ RESERVED
+CVE-2021-25865
+ RESERVED
+CVE-2021-25864 (node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Direct ...)
+ NOT-FOR-US: node-red-contrib-huemagic
+CVE-2021-25863 (Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 14 ...)
+ NOT-FOR-US: Open5GS
+CVE-2021-25862
+ RESERVED
+CVE-2021-25861
+ RESERVED
+CVE-2021-25860
+ RESERVED
+CVE-2021-25859
+ RESERVED
+CVE-2021-25858
+ RESERVED
+CVE-2021-25857
+ RESERVED
+CVE-2021-25856
+ RESERVED
+CVE-2021-25855
+ RESERVED
+CVE-2021-25854
+ RESERVED
+CVE-2021-25853
+ RESERVED
+CVE-2021-25852
+ RESERVED
+CVE-2021-25851
+ RESERVED
+CVE-2021-25850
+ RESERVED
+CVE-2021-25849 (An integer underflow was discovered in userdisk/vport_lldpd in Moxa Ca ...)
+ NOT-FOR-US: Moxa
+CVE-2021-25848 (Improper validation of the length field of LLDP-MED TLV in userdisk/vp ...)
+ NOT-FOR-US: Moxa
+CVE-2021-25847 (Improper validation of the length field of LLDP-MED TLV in userdisk/vp ...)
+ NOT-FOR-US: Moxa
+CVE-2021-25846 (Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Mo ...)
+ NOT-FOR-US: Moxa
+CVE-2021-25845 (Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Mo ...)
+ NOT-FOR-US: Moxa
+CVE-2021-25844
+ RESERVED
+CVE-2021-25843
+ RESERVED
+CVE-2021-25842
+ RESERVED
+CVE-2021-25841
+ RESERVED
+CVE-2021-25840
+ RESERVED
+CVE-2021-25839 (A weak password requirement vulnerability exists in the Create New Use ...)
+ NOT-FOR-US: MintHCM
+CVE-2021-25838 (The Import function in MintHCM RELEASE 3.0.8 allows an attacker to exe ...)
+ NOT-FOR-US: MintHCM
+CVE-2021-25837 (Cosmos Network Ethermint &lt;= v0.4.0 is affected by cache lifecycle i ...)
+ NOT-FOR-US: Cosmos Network Ethermint
+CVE-2021-25836 (Cosmos Network Ethermint &lt;= v0.4.0 is affected by cache lifecycle i ...)
+ NOT-FOR-US: Cosmos Network Ethermint
+CVE-2021-25835 (Cosmos Network Ethermint &lt;= v0.4.0 is affected by a cross-chain tra ...)
+ NOT-FOR-US: Cosmos Network Ethermint
+CVE-2021-25834 (Cosmos Network Ethermint &lt;= v0.4.0 is affected by a transaction rep ...)
+ NOT-FOR-US: Cosmos Network Ethermint
+CVE-2021-25833 (A file extension handling issue was found in [server] module of ONLYOF ...)
+ NOT-FOR-US: ONLYOFFICE DocumentServer
+CVE-2021-25832 (A heap buffer overflow vulnerability inside of BMP image processing wa ...)
+ NOT-FOR-US: ONLYOFFICE DocumentServer
+CVE-2021-25831 (A file extension handling issue was found in [core] module of ONLYOFFI ...)
+ NOT-FOR-US: ONLYOFFICE DocumentServer
+CVE-2021-25830 (A file extension handling issue was found in [core] module of ONLYOFFI ...)
+ NOT-FOR-US: ONLYOFFICE DocumentServer
+CVE-2021-25829 (An improper binary stream data handling issue was found in the [core] ...)
+ NOT-FOR-US: ONLYOFFICE DocumentServer
+CVE-2021-25828
+ RESERVED
+CVE-2021-25827
+ RESERVED
+CVE-2021-25826
+ RESERVED
+CVE-2021-25825
+ RESERVED
+CVE-2021-25824
+ RESERVED
+CVE-2021-25823
+ RESERVED
+CVE-2021-25822
+ RESERVED
+CVE-2021-25821
+ RESERVED
+CVE-2021-25820
+ RESERVED
+CVE-2021-25819
+ RESERVED
+CVE-2021-25818
+ RESERVED
+CVE-2021-25817
+ RESERVED
+CVE-2021-25816
+ RESERVED
+CVE-2021-25815
+ RESERVED
+CVE-2021-25814
+ RESERVED
+CVE-2021-25813
+ RESERVED
+CVE-2021-25812 (Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 v ...)
+ NOT-FOR-US: China Mobile An Lianbao WF-1
+CVE-2021-25811 (MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a craf ...)
+ NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices
+CVE-2021-25810 (Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0. ...)
+ NOT-FOR-US: MERCUSYS Mercury X18G 1.0.5 devices
+CVE-2021-25809 (UCMS 1.5.0 was discovered to contain a physical path leakage via an er ...)
+ NOT-FOR-US: UCMS
+CVE-2021-25808 (A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 a ...)
+ NOT-FOR-US: Bludit
+CVE-2021-25807
+ RESERVED
+CVE-2021-25806
+ RESERVED
+CVE-2021-25805
+ RESERVED
+CVE-2021-25804 (A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Pl ...)
+ {DSA-4834-1 DLA-2728-1}
+ - vlc 3.0.12-1
+ NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/a7f577ec26d35bbd7b2a3cda89d1b41bde69de9c (v3.0.12)
+CVE-2021-25803 (A buffer overflow vulnerability in the vlc_input_attachment_New compon ...)
+ {DSA-4834-1 DLA-2728-1}
+ - vlc 3.0.12-1
+ NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/56cbe9c4b59edbdc5e1bb2687992f3bbf492eccb (v3.0.12)
+CVE-2021-25802 (A buffer overflow vulnerability in the AVI_ExtractSubtitle component o ...)
+ {DSA-4834-1 DLA-2728-1}
+ - vlc 3.0.12-1
+ NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/0660acc3ab64d2c3ad99cae887a438f0648faa72 (v3.0.12)
+CVE-2021-25801 (A buffer overflow vulnerability in the __Parse_indx component of Video ...)
+ {DSA-4834-1 DLA-2728-1}
+ - vlc 3.0.12-1
+ NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/f5f8cc3ab8825f178de3f6714bfbff8b3f293fd2 (v3.0.12)
+CVE-2021-25800
+ RESERVED
+CVE-2021-25799
+ RESERVED
+CVE-2021-25798
+ RESERVED
+CVE-2021-25797
+ RESERVED
+CVE-2021-25796
+ RESERVED
+CVE-2021-25795
+ RESERVED
+CVE-2021-25794
+ RESERVED
+CVE-2021-25793
+ RESERVED
+CVE-2021-25792
+ RESERVED
+CVE-2021-25791 (Multiple stored cross site scripting (XSS) vulnerabilities in the "Upd ...)
+ NOT-FOR-US: Online Doctor Appointment System
+CVE-2021-25790 (Multiple stored cross site scripting (XSS) vulnerabilities in the "Reg ...)
+ NOT-FOR-US: House Rental and Property Listing
+CVE-2021-25789
+ RESERVED
+CVE-2021-25788
+ RESERVED
+CVE-2021-25787
+ RESERVED
+CVE-2021-25786
+ RESERVED
+CVE-2021-25785 (Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS ...)
+ NOT-FOR-US: taocms
+CVE-2021-25784 (Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulne ...)
+ NOT-FOR-US: taocms
+CVE-2021-25783 (Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulne ...)
+ NOT-FOR-US: taocms
+CVE-2021-25782
+ RESERVED
+CVE-2021-25781
+ RESERVED
+CVE-2021-25780 (An arbitrary file upload vulnerability has been identified in posts.ph ...)
+ NOT-FOR-US: Baby Care System
+CVE-2021-25779 (Baby Care System v1.0 is vulnerable to SQL injection via the 'id' para ...)
+ NOT-FOR-US: Baby Care System
+CVE-2021-25778 (In JetBrains TeamCity before 2020.2.1, permissions during user deletio ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25777 (In JetBrains TeamCity before 2020.2.1, permissions during token remova ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25776 (In JetBrains TeamCity before 2020.2, an ECR token could be exposed in ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25775 (In JetBrains TeamCity before 2020.2.1, the server admin could create a ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25774 (In JetBrains TeamCity before 2020.2.1, a user could get access to the ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25773 (JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on se ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25772 (In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possibl ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25771 (In JetBrains YouTrack before 2020.6.1099, project information could be ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25770 (In JetBrains YouTrack before 2020.5.3123, server-side template injecti ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25769 (In JetBrains YouTrack before 2020.4.6808, the YouTrack administrator w ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25768 (In JetBrains YouTrack before 2020.4.4701, permissions for attachments ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25767 (In JetBrains YouTrack before 2020.6.1767, an issue's existence could b ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25766 (In JetBrains YouTrack before 2020.4.4701, improper resource access che ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25765 (In JetBrains YouTrack before 2020.4.4701, CSRF via attachment upload w ...)
+ NOT-FOR-US: JetBrains TeamCity
+CVE-2021-25764 (In JetBrains PhpStorm before 2020.3, source code could be added to deb ...)
+ NOT-FOR-US: JetBrains PhpStorm
+CVE-2021-25763 (In JetBrains Ktor before 1.4.2, weak cipher suites were enabled by def ...)
+ NOT-FOR-US: JetBrains Ktor
+CVE-2021-25762 (In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. ...)
+ NOT-FOR-US: JetBrains Ktor
+CVE-2021-25761 (In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage ke ...)
+ NOT-FOR-US: JetBrains Ktor
+CVE-2021-25760 (In JetBrains Hub before 2020.1.12669, information disclosure via the p ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-25759 (In JetBrains Hub before 2020.1.12629, an authenticated user can delete ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-25758 (In JetBrains IntelliJ IDEA before 2020.3, potentially insecure deseria ...)
+ - intellij-idea <itp> (bug #747616)
+CVE-2021-25757 (In JetBrains Hub before 2020.1.12629, an open redirect was possible. ...)
+ NOT-FOR-US: JetBrains Hub
+CVE-2021-25756 (In JetBrains IntelliJ IDEA before 2020.2, HTTP links were used for sev ...)
+ - intellij-idea <itp> (bug #747616)
+CVE-2021-25755 (In JetBrains Code With Me before 2020.3, an attacker on the local netw ...)
+ NOT-FOR-US: JetBrains Code With Me
+CVE-2021-25754
+ RESERVED
+CVE-2021-25753
+ RESERVED
+CVE-2021-25752
+ RESERVED
+CVE-2021-25751
+ RESERVED
+CVE-2021-25750
+ RESERVED
+CVE-2021-25749
+ RESERVED
+CVE-2021-25748
+ RESERVED
+CVE-2021-25747
+ RESERVED
+CVE-2021-25746
+ RESERVED
+CVE-2021-25745
+ RESERVED
+CVE-2021-25744
+ RESERVED
+CVE-2021-25743 (kubectl does not neutralize escape, meta or control sequences containe ...)
+ - kubernetes <unfixed>
+ [bullseye] - kubernetes <no-dsa> (Minor issue)
+ NOTE: https://github.com/kubernetes/kubernetes/issues/101695
+CVE-2021-25742 (A security issue was discovered in ingress-nginx where a user that can ...)
+ NOT-FOR-US: Kubernetes ingress-nginx component
+CVE-2021-25741 (A security issue was discovered in Kubernetes where a user may be able ...)
+ - kubernetes <unfixed>
+ [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+ NOTE: https://github.com/kubernetes/kubernetes/issues/104980
+CVE-2021-25740 (A security issue was discovered with Kubernetes that could enable user ...)
+ - kubernetes <unfixed>
+ [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/14/1
+CVE-2021-25739
+ RESERVED
+CVE-2021-25738 (Loading specially-crafted yaml with the Kubernetes Java Client library ...)
+ NOT-FOR-US: Kubernetes Java client
+CVE-2021-25737 (A security issue was discovered in Kubernetes where a user may be able ...)
+ - kubernetes <unfixed> (bug #990793)
+ [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/4
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+CVE-2021-25736
+ RESERVED
+ - kubernetes <not-affected> (Windows-specific)
+CVE-2021-25735 (A security issue was discovered in kube-apiserver that could allow nod ...)
+ - kubernetes <unfixed> (bug #990793)
+ [bullseye] - kubernetes <not-affected> (Kubernetes in Bullseye only ships the client)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/1
+ NOTE: https://github.com/kubernetes/kubernetes/issues/100096
+ NOTE: Server components no longer built since 1.20.5+really1.20.2-1
+CVE-2021-25734
+ RESERVED
+CVE-2021-25733
+ RESERVED
+CVE-2021-25732
+ RESERVED
+CVE-2021-25731
+ RESERVED
+CVE-2021-25730
+ RESERVED
+CVE-2021-25729
+ RESERVED
+CVE-2021-25728
+ RESERVED
+CVE-2021-25727
+ RESERVED
+CVE-2021-25726
+ RESERVED
+CVE-2021-25725
+ RESERVED
+CVE-2021-25724
+ RESERVED
+CVE-2021-25723
+ RESERVED
+CVE-2021-25722
+ RESERVED
+CVE-2021-25721
+ RESERVED
+CVE-2021-25720
+ RESERVED
+CVE-2021-25719
+ RESERVED
+CVE-2021-25718
+ RESERVED
+CVE-2021-25717
+ RESERVED
+CVE-2021-25716
+ RESERVED
+CVE-2021-25715
+ RESERVED
+CVE-2021-25714
+ RESERVED
+CVE-2021-25713
+ RESERVED
+CVE-2021-25712
+ RESERVED
+CVE-2021-25711
+ RESERVED
+CVE-2021-25710
+ RESERVED
+CVE-2021-25709
+ RESERVED
+CVE-2021-25708
+ RESERVED
+CVE-2021-25707
+ RESERVED
+CVE-2021-25706
+ RESERVED
+CVE-2021-25705
+ RESERVED
+CVE-2021-25704
+ RESERVED
+CVE-2021-25703
+ RESERVED
+CVE-2021-25702
+ RESERVED
+CVE-2021-25701 (The fUSBHub driver in the PCoIP Software Client prior to version 21.07 ...)
+ NOT-FOR-US: Teradici
+CVE-2021-25700
+ RESERVED
+CVE-2021-25699 (The OpenSSL component of the Teradici PCoIP Software Client prior to v ...)
+ NOT-FOR-US: Teradici
+CVE-2021-25698 (The OpenSSL component of the Teradici PCoIP Standard Agent prior to ve ...)
+ NOT-FOR-US: Teradici
+CVE-2021-25697
+ RESERVED
+CVE-2021-25696
+ RESERVED
+CVE-2021-25695 (The USB vHub in the Teradici PCOIP Software Agent prior to version 21. ...)
+ NOT-FOR-US: Teradici
+CVE-2021-25694 (Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not vali ...)
+ NOT-FOR-US: Teradici PCoIP Graphics Agent for Windows
+CVE-2021-25693 (An attacker may cause a Denial of Service (DoS) in multiple versions o ...)
+ NOT-FOR-US: Teradici PCoIP Agent
+CVE-2021-25692 (Sensitive smart card data is logged in default INFO logs by Teradici's ...)
+ NOT-FOR-US: Teradici
+CVE-2021-25691
+ RESERVED
+CVE-2021-25690 (A null pointer dereference in Teradici PCoIP Soft Client versions prio ...)
+ NOT-FOR-US: Teradici PCoIP Soft Client
+CVE-2021-25689 (An out of bounds write in Teradici PCoIP soft client versions prior to ...)
+ NOT-FOR-US: Teradici PCoIP Soft Client
+CVE-2021-25688 (Under certain conditions, Teradici PCoIP Agents for Windows prior to v ...)
+ NOT-FOR-US: Teradici PCoIP Agents
+CVE-2021-25687
+ RESERVED
+CVE-2021-25686
+ RESERVED
+CVE-2021-25685
+ RESERVED
+CVE-2021-25684 (It was discovered that apport in data/apport did not properly open a r ...)
+ NOT-FOR-US: Apport
+CVE-2021-25683 (It was discovered that the get_starttime() function in data/apport did ...)
+ NOT-FOR-US: Apport
+CVE-2021-25682 (It was discovered that the get_pid_info() function in data/apport did ...)
+ NOT-FOR-US: Apport
+CVE-2021-25681 (** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 s ...)
+ NOT-FOR-US: AdTran Personal Phone Manager
+CVE-2021-25680 (** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager soft ...)
+ NOT-FOR-US: AdTran Personal Phone Manager
+CVE-2021-25679 (** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager soft ...)
+ NOT-FOR-US: AdTran Personal Phone Manager
+CVE-2021-3197 (An issue was discovered in SaltStack Salt before 3002.5. The salt-api' ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://github.com/saltstack/salt/commit/5273722c2180c394bc426f731450b95809ca952e (v3002.3)
+ NOTE: https://github.com/saltstack/salt/commit/039b7f3f5713170799363d96e6263c2809e4245c (v3002.3)
+ NOTE: Regression: https://github.com/saltstack/salt/pull/59664
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/51f350fcdf4b14e4f16cedabd743ca23c574a186
+ NOTE: Regression follow-up: https://github.com/saltstack/salt/pull/59748
+ NOTE: Regression follow-up fix: https://github.com/saltstack/salt/commit/61d74a7e3bc4dfd6f16a7f123e76d0824059217d
+CVE-2021-3196 (An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 t ...)
+ NOT-FOR-US: Hitachi ID Bravura Security Fabric
+CVE-2021-3195 (** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a ne ...)
+ NOTE: Disputed Bitcoin issue
+ NOTE: https://github.com/bitcoin/bitcoin/issues/20866
+CVE-2021-3194
+ RESERVED
+CVE-2021-3193 (Improper access and command validation in the Nagios Docker Config Wiz ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-3192
+ RESERVED
+CVE-2021-3191 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...)
+ NOT-FOR-US: Idelji Web ViewPoint
+CVE-2021-3190 (The async-git package before 1.13.2 for Node.js allows OS Command Inje ...)
+ NOT-FOR-US: Node async-git
+CVE-2021-25678 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...)
+ NOT-FOR-US: Solid Edge (Siemens)
+CVE-2021-25677 (A vulnerability has been identified in Nucleus NET (All versions), Nuc ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2021-25676 (A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALAN ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25675 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25674 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25673 (A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All ver ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25672 (A vulnerability has been identified in Mendix Forgot Password Appstore ...)
+ NOT-FOR-US: Mendix Forgot Password Appstore module
+CVE-2021-25671 (A vulnerability has been identified in RWG1.M12 (All versions &lt; V1. ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25670 (A vulnerability has been identified in Tecnomatix RobotExpert (All ver ...)
+ NOT-FOR-US: Tecnomatix RobotExpert (Siemens)
+CVE-2021-25669 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25668 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25667 (A vulnerability has been identified in RUGGEDCOM RM1224 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25666 (A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 80 ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25665 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25664 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2021-25663 (A vulnerability has been identified in Capital VSTAR (Versions includi ...)
+ NOT-FOR-US: Nucleus (Siemens)
+CVE-2021-25662 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25661 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25660 (A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Pan ...)
+ NOT-FOR-US: Siemens
+CVE-2021-25659 (A vulnerability has been identified in Automation License Manager 5 (A ...)
+ NOT-FOR-US: Automation License Manager
+CVE-2021-25658
+ RESERVED
+CVE-2021-25657
+ RESERVED
+CVE-2021-25656 (Stored XSS injection vulnerabilities were discovered in the Avaya Aura ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25655 (A vulnerability in the system Service Menu component of Avaya Aura Exp ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25654 (An arbitrary code execution vulnerability was discovered in Avaya Aura ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25653 (A privilege escalation vulnerability was discovered in Avaya Aura Appl ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25652 (An information disclosure vulnerability was discovered in the director ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25651 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability w ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25650 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability w ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25649 (** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerabilit ...)
+ NOT-FOR-US: Avaya
+CVE-2021-25648 (Mobile application "Testes de Codigo" 11.4 and prior allows an attacke ...)
+ NOT-FOR-US: Mobile application "Testes de Codigo"
+CVE-2021-25647 (Mobile application "Testes de Codigo" v11.3 and prior allows stored XS ...)
+ NOT-FOR-US: Mobile application "Testes de Codigo"
+CVE-2021-25646 (Apache Druid includes the ability to execute user-provided JavaScript ...)
+ - druid <itp> (bug #825797)
+CVE-2021-3308 (An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 throug ...)
+ - xen 4.14.1+11-gb0b734a8b3-1 (bug #981052)
+ [buster] - xen <not-affected> (Vulnerable code introduced later)
+ [stretch] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-360.html
+ NOTE: Introduced by: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=5b58dad089880127674d460494d1a9d68109b3d7 (4.14.0-rc1)
+ NOTE: Issue backported to 4.12.3 and 4.13.1
+ NOTE: Fixed by: https://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=58427889f5a420cc5226f88524b3228f90b72a58
+CVE-2021-3189 (The slashify package 1.0.0 for Node.js allows open-redirect attacks, a ...)
+ NOT-FOR-US: Node slashify
+CVE-2021-3188 (phpList 3.6.0 allows CSV injection, related to the email parameter, an ...)
+ - phplist <itp> (bug #612288)
+CVE-2021-3187
+ RESERVED
+CVE-2021-3186 (A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi S ...)
+ NOT-FOR-US: Tenda AC5
+CVE-2021-25645 (An issue was discovered in Couchbase Server before 6.0.5, 6.1.x throug ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-25644 (An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-25643 (An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 a ...)
+ NOT-FOR-US: Couchbase Server
+CVE-2021-25642
+ RESERVED
+CVE-2021-25641 (Each Apache Dubbo server will set a serialization id to tell the clien ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-25640 (In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method ...)
+ NOT-FOR-US: Apache Dubbo
+CVE-2021-25639
+ RESERVED
+CVE-2021-25638
+ RESERVED
+CVE-2021-25637
+ RESERVED
+CVE-2021-25636
+ RESERVED
+CVE-2021-25635
+ RESERVED
+ - libreoffice <not-affected> (Only affects Microsoft Crypto API back-end)
+ NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25635
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/3
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/edeb164c1d8ab64116afee4e2140403a362a1358 (7-0)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/a5fe0bea138c5b32268a5cd0093908909d8bc013 (7-1)
+CVE-2021-25634 (LibreOffice supports digital signatures of ODF documents and macros wi ...)
+ {DSA-4988-1}
+ - libreoffice 1:7.2.0-2
+ [buster] - libreoffice <ignored> (Risk doesn't warrant complex backport)
+ [stretch] - libreoffice <not-affected> (XAdES / xades:SigningTime support introduced in 5.3)
+ NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/2
+ NOTE: XAdES/xades:SigningTime support introduced in 5.3, but pre-requisite for CVE-2021-25633/25634 also introduces it
+ NOTE: Pre-requisites (replacement for XSecParser):
+ NOTE: https://github.com/LibreOffice/core/commit/ad5930e87e788780a255523f106deb1dde5d7b37 (7-0)
+ NOTE: https://github.com/LibreOffice/core/commit/d92235df75829a8cf2ee8cc7b0b76063093b6cc2 (7-1)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/abe77c4fcb9ea97d9fff07eaea6d8863bcba5b02 (7-0)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/94ce59dd02fcfcaa1eb4f195b45a9a2edbd58242 (7-0)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/89befefb98487a27bff1003084e1200320828b3f (7-1)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/b776cf1281660cf495e12824872576bb8e99d569 (7-1)
+CVE-2021-25633 (LibreOffice supports digital signatures of ODF documents and macros wi ...)
+ {DSA-4988-1}
+ - libreoffice 1:7.2.0-2
+ [buster] - libreoffice <ignored> (Risk doesn't warrant complex backport)
+ [stretch] - libreoffice <ignored> (Risk doesn't warrant complex backport)
+ NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/1
+ NOTE: Pre-requisites (replacement for XSecParser):
+ NOTE: https://github.com/LibreOffice/core/commit/ad5930e87e788780a255523f106deb1dde5d7b37 (7-0)
+ NOTE: https://github.com/LibreOffice/core/commit/d92235df75829a8cf2ee8cc7b0b76063093b6cc2 (7-1)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/a1cf770c2d7ca3e153e0b1f01ddcc313bc2bed7f (7-0)
+ NOTE: Fixed by: https://github.com/LibreOffice/core/commit/be773bc5960def8c51de0e0e41db837e001aa8fd (7-1)
+CVE-2021-25632
+ RESERVED
+CVE-2021-25631 (In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7 ...)
+ - libreoffice <not-affected> (Libreoffice on Windows)
+ NOTE: https://positive.security/blog/url-open-rce#open-libreoffice
+CVE-2021-25630 ("loolforkit" is a privileged program that is supposed to be run by a s ...)
+ NOT-FOR-US: libreoffice online
+CVE-2021-25629
+ RESERVED
+CVE-2021-25628
+ RESERVED
+CVE-2021-25627
+ RESERVED
+CVE-2021-25626
+ RESERVED
+CVE-2021-25625
+ RESERVED
+CVE-2021-25624
+ RESERVED
+CVE-2021-25623
+ RESERVED
+CVE-2021-25622
+ RESERVED
+CVE-2021-25621
+ RESERVED
+CVE-2021-25620
+ RESERVED
+CVE-2021-25619
+ RESERVED
+CVE-2021-25618
+ RESERVED
+CVE-2021-25617
+ RESERVED
+CVE-2021-25616
+ RESERVED
+CVE-2021-25615
+ RESERVED
+CVE-2021-25614
+ RESERVED
+CVE-2021-25613
+ RESERVED
+CVE-2021-25612
+ RESERVED
+CVE-2021-25611
+ RESERVED
+CVE-2021-25610
+ RESERVED
+CVE-2021-25609
+ RESERVED
+CVE-2021-25608
+ RESERVED
+CVE-2021-25607
+ RESERVED
+CVE-2021-25606
+ RESERVED
+CVE-2021-25605
+ RESERVED
+CVE-2021-25604
+ RESERVED
+CVE-2021-25603
+ RESERVED
+CVE-2021-25602
+ RESERVED
+CVE-2021-25601
+ RESERVED
+CVE-2021-25600
+ RESERVED
+CVE-2021-25599
+ RESERVED
+CVE-2021-25598
+ RESERVED
+CVE-2021-25597
+ RESERVED
+CVE-2021-25596
+ RESERVED
+CVE-2021-25595
+ RESERVED
+CVE-2021-25594
+ RESERVED
+CVE-2021-25593
+ RESERVED
+CVE-2021-25592
+ RESERVED
+CVE-2021-25591
+ RESERVED
+CVE-2021-25590
+ RESERVED
+CVE-2021-25589
+ RESERVED
+CVE-2021-25588
+ RESERVED
+CVE-2021-25587
+ RESERVED
+CVE-2021-25586
+ RESERVED
+CVE-2021-25585
+ RESERVED
+CVE-2021-25584
+ RESERVED
+CVE-2021-25583
+ RESERVED
+CVE-2021-25582
+ RESERVED
+CVE-2021-25581
+ RESERVED
+CVE-2021-25580
+ RESERVED
+CVE-2021-25579
+ RESERVED
+CVE-2021-25578
+ RESERVED
+CVE-2021-25577
+ RESERVED
+CVE-2021-25576
+ RESERVED
+CVE-2021-25575
+ RESERVED
+CVE-2021-25574
+ RESERVED
+CVE-2021-25573
+ RESERVED
+CVE-2021-25572
+ RESERVED
+CVE-2021-25571
+ RESERVED
+CVE-2021-25570
+ RESERVED
+CVE-2021-25569
+ RESERVED
+CVE-2021-25568
+ RESERVED
+CVE-2021-25567
+ RESERVED
+CVE-2021-25566
+ RESERVED
+CVE-2021-25565
+ RESERVED
+CVE-2021-25564
+ RESERVED
+CVE-2021-25563
+ RESERVED
+CVE-2021-25562
+ RESERVED
+CVE-2021-25561
+ RESERVED
+CVE-2021-25560
+ RESERVED
+CVE-2021-25559
+ RESERVED
+CVE-2021-25558
+ RESERVED
+CVE-2021-25557
+ RESERVED
+CVE-2021-25556
+ RESERVED
+CVE-2021-25555
+ RESERVED
+CVE-2021-25554
+ RESERVED
+CVE-2021-25553
+ RESERVED
+CVE-2021-25552
+ RESERVED
+CVE-2021-25551
+ RESERVED
+CVE-2021-25550
+ RESERVED
+CVE-2021-25549
+ RESERVED
+CVE-2021-25548
+ RESERVED
+CVE-2021-25547
+ RESERVED
+CVE-2021-25546
+ RESERVED
+CVE-2021-25545
+ RESERVED
+CVE-2021-25544
+ RESERVED
+CVE-2021-25543
+ RESERVED
+CVE-2021-25542
+ RESERVED
+CVE-2021-25541
+ RESERVED
+CVE-2021-25540
+ RESERVED
+CVE-2021-25539
+ RESERVED
+CVE-2021-25538
+ RESERVED
+CVE-2021-25537
+ RESERVED
+CVE-2021-25536
+ RESERVED
+CVE-2021-25535
+ RESERVED
+CVE-2021-25534
+ RESERVED
+CVE-2021-25533
+ RESERVED
+CVE-2021-25532
+ RESERVED
+CVE-2021-25531
+ RESERVED
+CVE-2021-25530
+ RESERVED
+CVE-2021-25529
+ RESERVED
+CVE-2021-25528
+ RESERVED
+CVE-2021-25527 (Improper export of Android application components vulnerability in Sam ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25526 (Intent redirection vulnerability in Samsung Blockchain Wallet prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25525 (Improper check or handling of exception conditions vulnerability in Sa ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25524 (Insecure storage of device information in Contacts prior to version 12 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25523 (Insecure storage of device information in Samsung Dialer prior to vers ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25522 (Insecure storage of sensitive information vulnerability in Smart Captu ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25521 (Insecure caller check in sharevia deeplink logic prior to Samsung Inte ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25520 (Insecure caller check and input validation vulnerabilities in SearchKe ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25519 (An improper access control vulnerability in CPLC prior to SMR Dec-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25518 (An improper boundary check in secure_log of LDFW and BL31 prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25517 (An improper input validation vulnerability in LDFW prior to SMR Dec-20 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25516 (An improper check or handling of exceptional conditions in Exynos base ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25515 (An improper usage of implicit intent in SemRewardManager prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25514 (An improper intent redirection handling in Tags prior to SMR Dec-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25513 (An improper privilege management vulnerability in Apps Edge applicatio ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25512 (An improper validation vulnerability in telephony prior to SMR Dec-202 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25511 (An improper validation vulnerability in FilterProvider prior to SMR De ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25510 (An improper validation vulnerability in FilterProvider prior to SMR De ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25509 (A missing input validation in Samsung Flow Windows application prior t ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25508 (Improper privilege management vulnerability in API Key used in SmartTh ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25507 (Improper authorization vulnerability in Samsung Flow mobile applicatio ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25506 (Non-existent provider in Samsung Health prior to 6.19.1.0001 allows at ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25505 (Improper authentication in Samsung Pass prior to 3.0.02.4 allows to us ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25504 (Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 a ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25503 (Improper input validation vulnerability in HDCP prior to SMR Nov-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25502 (A vulnerability of storing sensitive information insecurely in Propert ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25501 (An improper access control vulnerability in SCloudBnRReceiver in SecTe ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25500 (A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25499 (Intent redirection vulnerability in SamsungAccountSDKSigninActivity of ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25498 (A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSP ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25497 (A possible buffer overflow vulnerability in maetd_cpy_slice of libSPen ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25496 (A possible buffer overflow vulnerability in maetd_dec_slice of libSPen ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25495 (A possible heap buffer overflow vulnerability in libSPenBase library o ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25494 (A possible buffer overflow vulnerability in libSPenBase library of Sam ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25493 (Lack of boundary checking of a buffer in libSPenBase library of Samsun ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25492 (Lack of boundary checking of a buffer in libSPenBase library of Samsun ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25491 (A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows m ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25490 (A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25489 (Assuming radio permission is gained, missing input validation in modem ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25488 (Lack of boundary checking of a buffer in recv_data() of modem interfac ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25487 (Lack of boundary checking of a buffer in set_skb_priv() of modem inter ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25486 (Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25485 (Path traversal vulnerability in FactoryAirCommnadManger prior to SMR O ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25484 (Improper authentication in InputManagerService prior to SMR Oct-2021 R ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25483 (Lack of boundary checking of a buffer in livfivextractor library prior ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25482 (SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25481 (An improper error handling in Exynos CP booting driver prior to SMR Oc ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25480 (A lack of replay attack protection in GUTI REALLOCATION COMMAND messag ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25479 (A possible heap-based buffer overflow vulnerability in Exynos CP Chips ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25478 (A possible stack-based buffer overflow vulnerability in Exynos CP Chip ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25477 (An improper error handling in Mediatek RRC Protocol stack prior to SMR ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-25476 (An information disclosure vulnerability in Widevine TA log prior to SM ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25475 (A possible heap-based buffer overflow vulnerability in DSP kernel driv ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25474 (Assuming a shell privilege is gained, an improper exception handling f ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25473 (Assuming a shell privilege is gained, an improper exception handling f ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25472 (An improper access control vulnerability in BluetoothSettingsProvider ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25471 (A lack of replay attack protection in Security Mode Command process pr ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25470 (An improper caller check logic of SMC call in TEEGRIS secure OS prior ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25469 (A possible stack-based buffer overflow vulnerability in Widevine trust ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25468 (A possible guessing and confirming a byte memory vulnerability in Wide ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25467 (Assuming system privilege is gained, possible buffer overflow vulnerab ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25466 (Improper scheme check vulnerability in Samsung Internet prior to versi ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25465 (An improper scheme check vulnerability in Samsung Themes prior to vers ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25464 (An improper file management vulnerability in SamsungCapture prior to v ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25463 (Improper access control vulnerability in PENUP prior to version 3.8.00 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25462 (NULL pointer dereference vulnerability in NPU driver prior to SMR Sep- ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25461 (An improper length check in APAService prior to SMR Sep-2021 Release 1 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25460 (An improper access control vulnerability in sspExit() in BlockchainTZS ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25459 (An improper access control vulnerability in sspInit() in BlockchainTZS ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25458 (NULL pointer dereference vulnerability in ION driver prior to SMR Sep- ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25457 (An improper input validation vulnerability in DSP driver prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25456 (OOB read vulnerability in libswmfextractor.so library prior to SMR Sep ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25455 (OOB read vulnerability in libsaviextractor.so library prior to SMR Sep ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25454 (OOB read vulnerability in libsaacextractor.so library prior to SMR Sep ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25453 (Some improper access control in Bluetooth APIs prior to SMR Sep-2021 R ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25452 (An improper input validation vulnerability in loading graph file in DS ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25451 (A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25450 (Path traversal vulnerability in FactoryAirCommnadManger prior to SMR S ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25449 (An improper input validation vulnerability in libsapeextractor library ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25448 (Improper access control vulnerability in Smart Touch Call prior to ver ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25447 (Improper access control vulnerability in SmartThings prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25446 (Improper access control vulnerability in SmartThings prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25445 (Unprotected component vulnerability in Samsung Internet prior to versi ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25444 (An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25443 (A use after free vulnerability in conn_gadget driver prior to SMR AUG- ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25442 (Improper MDM policy management vulnerability in KME module prior to KC ...)
+ NOT-FOR-US: Samsung (KME module)
+CVE-2021-25441 (Improper input validation vulnerability in AR Emoji Editor prior to ve ...)
+ NOT-FOR-US: AR Emoji Editor
+CVE-2021-25440 (Improper access control vulnerability in FactoryCameraFB prior to vers ...)
+ NOT-FOR-US: FactoryCameraFB
+CVE-2021-25439 (Improper access control vulnerability in Samsung Members prior to vers ...)
+ NOT-FOR-US: Samsung Members
+CVE-2021-25438 (Improper access control vulnerability in Samsung Members prior to vers ...)
+ NOT-FOR-US: Samsung Members
+CVE-2021-25437 (Improper access control vulnerability in Tizen FOTA service prior to F ...)
+ NOT-FOR-US: Tizen FOTA service
+CVE-2021-25436 (Improper input validation vulnerability in Tizen FOTA service prior to ...)
+ NOT-FOR-US: Tizen FOTA service
+CVE-2021-25435 (Improper input validation vulnerability in Tizen bootloader prior to F ...)
+ NOT-FOR-US: Tizen bootloader
+CVE-2021-25434 (Improper input validation vulnerability in Tizen bootloader prior to F ...)
+ NOT-FOR-US: Tizen bootloader
+CVE-2021-25433 (Improper authorization vulnerability in Tizen factory reset policy pri ...)
+ NOT-FOR-US: Tizen factory reset policy
+CVE-2021-25432 (Information exposure vulnerability in Samsung Members prior to version ...)
+ NOT-FOR-US: Samsung Members
+CVE-2021-25431 (Improper access control vulnerability in Cameralyzer prior to versions ...)
+ NOT-FOR-US: Cameralyzer
+CVE-2021-25430 (Improper access control vulnerability in Bluetooth application prior t ...)
+ NOT-FOR-US: Bluetooth application (Samsung)
+CVE-2021-25429 (Improper privilege management vulnerability in Bluetooth application p ...)
+ NOT-FOR-US: Bluetooth application (Samsung)
+CVE-2021-25428 (Improper validation check vulnerability in PackageManager prior to SMR ...)
+ NOT-FOR-US: PackageManager (Samsung)
+CVE-2021-25427 (SQL injection vulnerability in Bluetooth prior to SMR July-2021 Releas ...)
+ NOT-FOR-US: Bluetooth (Samsung)
+CVE-2021-25426 (Improper component protection vulnerability in SmsViewerActivity of Sa ...)
+ NOT-FOR-US: Samsung Message
+CVE-2021-25425 (Improper check vulnerability in Samsung Health prior to version 6.17 a ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25424 (Improper authentication vulnerability in Tizen bluetooth-frwk prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25423 (Improper log management vulnerability in Watch Active2 PlugIn prior to ...)
+ NOT-FOR-US: Watch Active2 PlugIn
+CVE-2021-25422 (Improper log management vulnerability in Watch Active PlugIn prior to ...)
+ NOT-FOR-US: Watch Active2 PlugIn
+CVE-2021-25421 (Improper log management vulnerability in Galaxy Watch3 PlugIn prior to ...)
+ NOT-FOR-US: Galaxy Watch3 PlugIn
+CVE-2021-25420 (Improper log management vulnerability in Galaxy Watch PlugIn prior to ...)
+ NOT-FOR-US: Galaxy Watch PlugIn
+CVE-2021-25419 (Non-compliance of recommended secure coding scheme in Samsung Internet ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25418 (Improper component protection vulnerability in Samsung Internet prior ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25417 (Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allo ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25416 (Assuming EL1 is compromised, an improper address validation in RKP pri ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25415 (Assuming EL1 is compromised, an improper address validation in RKP pri ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25414 (Improper sanitization of incoming intent in Samsung Contacts prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25413 (Improper sanitization of incoming intent in Samsung Contacts prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25412 (An improper access control vulnerability in genericssoservice prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25411 (Improper address validation vulnerability in RKP api prior to SMR JUN- ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25410 (Improper access control of a component in CallBGProvider prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25409 (Improper access in Notification setting prior to SMR JUN-2021 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25408 (A possible buffer overflow vulnerability in NPU driver prior to SMR JU ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25407 (A possible out of bounds write vulnerability in NPU driver prior to SM ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25406 (Information exposure vulnerability in Gear S Plugin prior to version 2 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25405 (An improper access control vulnerability in ScreenOffActivity in Samsu ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25404 (Information Exposure vulnerability in SmartThings prior to version 1.7 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25403 (Intent redirection vulnerability in Samsung Account prior to version 1 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25402 (Information Exposure vulnerability in Samsung Notes prior to version 4 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25401 (Intent redirection vulnerability in Samsung Health prior to version 6. ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25400 (Intent redirection vulnerability in Samsung Internet prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25399 (Improper configuration in Smart Manager prior to version 11.0.05.0 all ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25398 (Intent redirection vulnerability in Bixby Voice prior to version 3.1.1 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25397 (An improper access control vulnerability in TelephonyUI prior to SMR M ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25396 (An improper input validation vulnerability in NPU firmware prior to SM ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25395 (A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25394 (A use after free vulnerability via race condition in MFC charger drive ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25393 (Improper sanitization of incoming intent in SecSettings prior to SMR M ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25392 (Improper protection of backup path configuration in Samsung Dex prior ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25391 (Intent redirection vulnerability in Secure Folder prior to SMR MAY-202 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25390 (Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 R ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25389 (Improper running task check in S Secure prior to SMR MAY-2021 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25388 (Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25387 (An improper input validation vulnerability in sflacfd_get_frm() in lib ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25386 (An improper input validation vulnerability in sdfffd_parse_chunk_FVER( ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25385 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25384 (An improper input validation vulnerability in sdfffd_parse_chunk_PROP( ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25383 (An improper input validation vulnerability in scmn_mfal_read() in libs ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25382 (An improper authorization of using debugging command in Secure Folder ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25381 (Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25380 (Improper handling of exceptional conditions in Bixby prior to version ...)
+ NOT-FOR-US: Bixby
+CVE-2021-25379 (Intent redirection vulnerability in Gallery prior to version 5.4.16.1 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25378 (Improper access control of certain port in SmartThings prior to versio ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25377 (Intent redirection in Samsung Experience Service versions 10.8.0.4 in ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25376 (An improper synchronization logic in Samsung Email prior to version 6. ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25375 (Using predictable index for attachments in Samsung Email prior to vers ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25374 (An improper authorization vulnerability in Samsung Members "samsungrew ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25373 (Using unsafe PendingIntent in Customization Service prior to version 2 ...)
+ NOT-FOR-US: PendingIntent in Customization Service (Samsung)
+CVE-2021-25372 (An improper boundary check in DSP driver prior to SMR Mar-2021 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25371 (A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows a ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25370 (An incorrect implementation handling file descriptor in dpu driver pri ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25369 (An improper access control vulnerability in sec_log file prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25368 (Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allo ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25367 (Path Traversal vulnerability in Samsung Notes prior to version 4.2.00. ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25366 (Improper access control in Samsung Internet prior to version 13.2.1.70 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25365 (An improper exception control in softsimd prior to SMR APR-2021 Releas ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25364 (A pendingIntent hijacking vulnerability in Secure Folder prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25363 (An improper access control in ActivityManagerService prior to SMR APR- ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25362 (An improper permission management in CertInstaller prior to SMR APR-20 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25361 (An improper access control vulnerability in stickerCenter prior to SMR ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25360 (An improper input validation vulnerability in libswmfextractor library ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25359 (An improper SELinux policy prior to SMR APR-2021 Release 1 allows loca ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25358 (A vulnerability that stores IMSI values in an improper path prior to S ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25357 (A pendingIntent hijacking vulnerability in Create Movie prior to SMR A ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25356 (An improper caller check vulnerability in Managed Provisioning prior t ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25355 (Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25354 (Improper input check in Samsung Internet prior to version 13.2.1.46 al ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25353 (Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.121 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25352 (Using PendingIntent with implicit intent in Bixby Voice prior to versi ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25351 (Improper Access Control in EmailValidationView in Samsung Account prio ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25350 (Information Exposure vulnerability in Samsung Account prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25349 (Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5. ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25348 (Improper permission grant check in Samsung Internet prior to version 1 ...)
+ NOT-FOR-US: Samsung Internet
+CVE-2021-25347 (Hijacking vulnerability in Samsung Email application version prior to ...)
+ NOT-FOR-US: Samsung Email application
+CVE-2021-25346 (A possible arbitrary memory overwrite vulnerabilities in quram library ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25345 (Graphic format mismatch while converting video format in hwcomposer pr ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25344 (Missing permission check in knox_custom service prior to SMR Mar-2021 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25343 (Calling of non-existent provider in Samsung Members prior to version 2 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25342 (Calling of non-existent provider in SMP sdk prior to version 3.0.9 all ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25341 (Calling of non-existent provider in S Assistant prior to version 6.5.0 ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25340 (Improper access control vulnerability in Samsung keyboard version prio ...)
+ NOT-FOR-US: Samsung
+CVE-2021-25339 (Improper address validation in HArx in Samsung mobile devices prior to ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-25338 (Improper memory access control in RKP in Samsung mobile devices prior ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-25337 (Improper access control in clipboard service in Samsung mobile devices ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-25336 (Improper access control in NotificationManagerService in Samsung mobil ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-25335 (Improper lockscreen status check in cocktailbar service in Samsung mob ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-25334 (Improper input check in wallpaper service in Samsung mobile devices pr ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-25333 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+ NOT-FOR-US: Samsung Pay mini application
+CVE-2021-25332 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+ NOT-FOR-US: Samsung Pay mini application
+CVE-2021-25331 (Improper access control in Samsung Pay mini application prior to v4.0. ...)
+ NOT-FOR-US: Samsung Pay mini application
+CVE-2021-25330 (Calling of non-existent provider in MobileWips application prior to SM ...)
+ NOT-FOR-US: MobileWips application
+CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...)
+ NOT-FOR-US: MISP
+CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because the cl ...)
+ NOT-FOR-US: Files.com Fat Client
+CVE-2021-3182 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer ...)
+ NOT-FOR-US: D-Link
+CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a deni ...)
+ {DSA-4838-1 DLA-2529-1}
+ - mutt 2.0.5-1 (bug #980326)
+ NOTE: https://gitlab.com/muttmua/mutt/-/issues/323
+ NOTE: https://gitlab.com/muttmua/mutt/-/commit/4a2becbdb4422aaffe3ce314991b9d670b7adf17
+CVE-2021-3180
+ RESERVED
+CVE-2021-25329 (The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10. ...)
+ {DSA-4891-1 DLA-2594-1}
+ - tomcat9 9.0.43-1
+ - tomcat8 <removed>
+ - tomcat7 <removed>
+ [stretch] - tomcat7 <ignored> (No components in libservlet3.0-java binary package are affected)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/2
+ NOTE: https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453 (9.0.43)
+ NOTE: https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35 (8.5.63)
+ NOTE: https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5 (7.0.108)
+ NOTE: CVE is for incomplete fix for CVE-2020-9484.
+CVE-2021-25328 (Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a ...)
+ NOT-FOR-US: Skyworth Digital Technology RN510
+CVE-2021-25327 (Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site requ ...)
+ NOT-FOR-US: Skyworth Digital Technology RN510
+CVE-2021-25326 (Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrec ...)
+ NOT-FOR-US: Skyworth Digital Technology RN510
+CVE-2021-25325 (MISP 2.4.136 has XSS via galaxy cluster element values to app/View/Gal ...)
+ NOT-FOR-US: MISP
+CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster n ...)
+ NOT-FOR-US: MISP
+CVE-2021-25323 (The default setting of MISP 2.4.136 did not enable the requirements (a ...)
+ NOT-FOR-US: MISP
+CVE-2021-25322 (A UNIX Symbolic Link (Symlink) Following vulnerability in python-Hyper ...)
+ - hyperkitty <not-affected> (SuSE-specific packaging issue)
+CVE-2021-25321 (A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of ...)
+ - arpwatch <not-affected> (SuSE specific packaging issue)
+ NOTE: Debian does not ship arpwatch-2.1a11-drop-privs.dif and does apply permissions
+ NOTE: to /var/lib/arpwatch (to arpwatch:arpatch, 0750) on postinst time
+CVE-2021-25320 (A Improper Access Control vulnerability in Rancher, allows users in th ...)
+ NOT-FOR-US: Rancher
+CVE-2021-25319 (A Incorrect Default Permissions vulnerability in the packaging of virt ...)
+ - virtualbox <not-affected> (openSUSE specific security issue in the openSUSE packaging)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/2
+CVE-2021-25318 (A Incorrect Permission Assignment for Critical Resource vulnerability ...)
+ NOT-FOR-US: Rancher
+CVE-2021-25317 (A Incorrect Default Permissions vulnerability in the packaging of cups ...)
+ - cups <not-affected> (In Debian /var/log/cups is owned by root:root)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1949119
+CVE-2021-25316 (A Insecure Temporary File vulnerability in s390-tools of SUSE Linux En ...)
+ NOT-FOR-US: SuSE (different from src:s390-tools in Debian)
+CVE-2021-25315 (A Incorrect Implementation of Authentication Algorithm vulnerability i ...)
+ - salt <not-affected> (SuSE specific issue, cf #985085)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1182382
+CVE-2021-25314 (A Creation of Temporary File With Insecure Permissions vulnerability i ...)
+ NOT-FOR-US: hawk2 as packaged by SuSE
+CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...)
+ NOT-FOR-US: Rancher
+CVE-2021-3179 (GGLocker iOS application, contains an insecure data storage of the pas ...)
+ NOT-FOR-US: GGLocker iOS application
+CVE-2021-3178 (** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, w ...)
+ {DLA-2586-1}
+ - linux 5.10.12-1 (unimportant)
+ [buster] - linux 4.19.171-1
+ NOTE: https://patchwork.kernel.org/project/linux-nfs/patch/20210111210129.GA11652@fieldses.org/
+ NOTE: Disputed/mild security relevance/impact
+CVE-2021-3177 (Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctyp ...)
+ {DLA-2919-1 DLA-2619-1}
+ - python3.9 3.9.1-3
+ - python3.8 <removed>
+ - python3.7 <removed>
+ [buster] - python3.7 3.7.3-2+deb10u3
+ [stretch] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ - python2.7 2.7.18-2
+ [buster] - python2.7 <no-dsa> (Minor issue)
+ NOTE: https://bugs.python.org/issue42938
+ NOTE: https://github.com/python/cpython/pull/24239
+ NOTE: https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html
+ NOTE: https://github.com/python/cpython/commit/916610ef90a0d0761f08747f7b0905541f0977c7 (master)
+ NOTE: https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932 (3.9)
+ NOTE: https://github.com/python/cpython/commit/ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f (3.8)
+ NOTE: https://github.com/python/cpython/commit/d9b8f138b7df3b455b54653ca59f491b4840d6fa (3.7)
+ NOTE: https://github.com/python/cpython/commit/34df10a9a16b38d54421eeeaf73ec89828563be7 (3.6)
+CVE-2021-3176 (The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for ...)
+ NOT-FOR-US: Mitel
+CVE-2021-3175
+ RESERVED
+CVE-2021-25312 (HTCondor before 8.9.11 allows a user to submit a job as another user o ...)
+ - condor <not-affected> (Only affects versions 8.9.2 through 8.9.10 inclusive)
+ NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0001.html
+CVE-2021-25311 (condor_credd in HTCondor before 8.9.11 allows Directory Traversal outs ...)
+ - condor <not-affected> (Only affects versions 8.9.7 through 8.9.10 inclusive)
+ NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html
+CVE-2021-25310 (** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Be ...)
+ NOT-FOR-US: Belkin Linksys WRT160NL devices
+CVE-2021-25309 (The telnet administrator service running on port 650 on Gigaset DX600A ...)
+ NOT-FOR-US: Gigaset devices
+CVE-2021-25308
+ RESERVED
+CVE-2021-25307
+ RESERVED
+CVE-2021-25306 (A buffer overflow vulnerability in the AT command interface of Gigaset ...)
+ NOT-FOR-US: Gigaset devices
+CVE-2021-3174
+ RESERVED
+CVE-2021-25305
+ RESERVED
+CVE-2021-25304
+ RESERVED
+CVE-2021-25303
+ RESERVED
+CVE-2021-25302
+ RESERVED
+CVE-2021-3173
+ RESERVED
+CVE-2021-3172
+ RESERVED
+CVE-2021-3171
+ RESERVED
+CVE-2021-3170
+ RESERVED
+CVE-2021-3169 (An issue in Jumpserver 2.6.2 and below allows attackers to create a co ...)
+ NOT-FOR-US: Jumpserver
+CVE-2021-3168
+ RESERVED
+CVE-2021-3167 (In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens ar ...)
+ NOT-FOR-US: Cloudera Data Engineering (CDE)
+CVE-2021-3166 (An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An at ...)
+ NOT-FOR-US: ASUS devices
+CVE-2021-3165 (SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser acco ...)
+ NOT-FOR-US: SmartAgent
+CVE-2021-3164 (ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. ...)
+ NOT-FOR-US: ChurchRota
+CVE-2021-3163 (** DISPUTED ** A vulnerability in the HTML editor of Slab Quill 4.8.0 ...)
+ NOT-FOR-US: Slab Quill
+CVE-2021-25301
+ RESERVED
+CVE-2021-25300
+ RESERVED
+CVE-2021-25299 (Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-25298 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-25297 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-25296 (Nagios XI version xi-5.7.5 is affected by OS command injection. The vu ...)
+ NOT-FOR-US: Nagios XI
+CVE-2021-25295 (OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issue ...)
+ NOT-FOR-US: OpenCATS
+CVE-2021-25294 (OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity re ...)
+ NOT-FOR-US: OpenCATS
+CVE-2021-25293 (An issue was discovered in Pillow before 8.1.1. There is an out-of-bou ...)
+ - pillow 8.1.1-1
+ [buster] - pillow <ignored> (Minor issue)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/f891baa604636cd2506a9360d170bc2cf4963cc5
+ NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8 (v4.3.0)
+CVE-2021-25292 (An issue was discovered in Pillow before 8.1.1. The PDF parser allows ...)
+ - pillow 8.1.1-1
+ [buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/521dab94c7ab72b037bd9a83e9663401e0fd2cee
+ NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/6207b44ab1ff4a91d8ddc7579619876d0bb191a4 (5.1.0)
+CVE-2021-25291 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...)
+ - pillow 8.1.1-1
+ [buster] - pillow <ignored> (Minor issue)
+ [stretch] - pillow <not-affected> (Vulnerable code introduced later)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/8b8076bdcb3815be0ef0d279651d8d1342b8ea61
+ NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0)
+CVE-2021-25290 (An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there ...)
+ {DLA-2716-1}
+ - pillow 8.1.1-1
+ [buster] - pillow <no-dsa> (Minor issue)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/e25be1e33dc526bfd1094bc778a54d8e29bf66c9
+CVE-2021-25289 (An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap- ...)
+ - pillow 8.1.1-1
+ [buster] - pillow <not-affected> (Vulnerable code not present)
+ [stretch] - pillow <not-affected> (Vulnerable code not present)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
+ NOTE: https://github.com/python-pillow/Pillow/commit/cbfdde7b1f2295059a20a539ee9960f0bec7b299
+CVE-2021-25288 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...)
+ [experimental] - pillow 8.2.0-1
+ - pillow 8.1.2+dfsg-0.2 (unimportant; bug #989062)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
+ NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
+ NOTE: Debian packages are built without JPEG2000 support
+CVE-2021-25287 (An issue was discovered in Pillow before 8.2.0. There is an out-of-bou ...)
+ [experimental] - pillow 8.2.0-1
+ - pillow 8.1.2+dfsg-0.2 (unimportant; bug #989062)
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode
+ NOTE: https://github.com/python-pillow/Pillow/commit/3bf5eddb89afdf690eceaa52bc4d3546ba9a5f87
+ NOTE: Debian packages are built without JPEG2000 support
+CVE-2021-3185 (A flaw was found in the gstreamer h264 component of gst-plugins-bad be ...)
+ {DSA-4833-1 DLA-2528-1}
+ - gst-plugins-bad1.0 1.18.1-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1917192
+ NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/11353b3f6e2f047cc37483d21e6a37ae558896bc
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/20/1
+CVE-2021-25286
+ RESERVED
+CVE-2021-25285
+ RESERVED
+CVE-2021-25284 (An issue was discovered in through SaltStack Salt before 3002.5. salt. ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://github.com/saltstack/salt/commit/ac2ce3a3a000e428122bc120179e083de95c1de7 (v3002.3)
+ NOTE: Regression: https://github.com/saltstack/salt/pull/59664
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/24d04343b36ffbd4cf63441db13b43363ea57548
+ NOTE: Regression: https://github.com/saltstack/salt/issues/59793
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/e6dd6a482a76e2c82fcc6eeb6df9030e453837c4
+CVE-2021-25283 (An issue was discovered in through SaltStack Salt before 3002.5. The j ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://github.com/saltstack/salt/commit/3fbf9a35bc4f7a43f628631f89ebb31f907859e3 (v3002.5)
+CVE-2021-25282 (An issue was discovered in through SaltStack Salt before 3002.5. The s ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://github.com/saltstack/salt/commit/aafc5ed6de60403c90201d85963299df351147ec (v3002.3)
+ NOTE: Regression: https://github.com/saltstack/salt/issues/59935
+ NOTE: Regression fix: https://github.com/saltstack/salt/commit/da381954425e1e1d5b807ff1156090847c5d16aa
+CVE-2021-25281 (An issue was discovered in through SaltStack Salt before 3002.5. salt- ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2021/01/28
+ NOTE: https://github.com/saltstack/salt/commit/905efea17d9740a081509780d7c44e742b99ce60 (v3000.7)
+ NOTE: Regression: https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2021/02/05
+ NOTE: Regression: https://github.com/saltstack/salt/commit/8f8994ba42e618a9b07fac417d931bdb7b7005d1
+ NOTE: Regression: https://github.com/saltstack/salt/commit/41a24843d8b22c6a340338ac86a628323fbfc181
+ NOTE: Regression: https://github.com/saltstack/salt/commit/7b3591d9cd427d46e410bc2d510e2ccfa6a23884
+CVE-2021-XXXX [SQL Server LIMIT / OFFSET SQL Injection]
+ - php-laravel-framework 6.20.14+dfsg-2 (bug #987831)
+ - php-illuminate-database <removed> (bug #987848)
+ NOTE: https://github.com/laravel/framework/security/advisories/GHSA-4mg9-vhxq-vm7j
+ NOTE: https://blog.laravel.com/security-sql-injection-in-sql-server-limit-offset
+CVE-2021-XXXX [Unexpected database bindings via requests (follow-up)]
+ - php-laravel-framework 6.20.14+dfsg-1
+ NOTE: https://github.com/laravel/framework/security/advisories/GHSA-x7p5-p2c9-phvg
+ TODO: check php-illuminate-database and CVE assignment
+CVE-2021-21263 (Laravel is a web application framework. Versions of Laravel before 6.2 ...)
+ - php-laravel-framework 6.20.11+dfsg-1 (bug #980095)
+ - php-illuminate-database <removed> (bug #980899)
+ NOTE: https://blog.laravel.com/security-laravel-62011-7302-8221-released
+ NOTE: https://github.com/laravel/framework/security/advisories/GHSA-3p32-j457-pg5x
+ NOTE: https://github.com/laravel/framework/pull/35865
+CVE-2021-3162 (Docker Desktop Community before 2.5.0.0 on macOS mishandles certificat ...)
+ NOT-FOR-US: Docker Desktop on MacOS
+CVE-2021-3161
+ RESERVED
+CVE-2021-3160 (Deserialization of untrusted data in the login page of ASSUWEB 359.3 b ...)
+ NOT-FOR-US: ACA
+CVE-2021-25280
+ RESERVED
+CVE-2021-25279
+ RESERVED
+CVE-2021-25278 (FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Backgroun ...)
+ NOT-FOR-US: FTAPI
+CVE-2021-25277 (FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative ...)
+ NOT-FOR-US: FTAPI
+CVE-2021-25276 (In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory cont ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-25275 (SolarWinds Orion Platform before 2020.2.4, as used by various SolarWin ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-25274 (The Collector Service in SolarWinds Orion Platform before 2020.2.4 use ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-3159 (A stored cross site scripting (XSS) vulnerability in the /sys/attachme ...)
+ NOT-FOR-US: Landray EKP
+CVE-2021-25273 (Stored XSS can execute as administrator in quarantined email detail vi ...)
+ NOT-FOR-US: Sophos
+CVE-2021-25272
+ RESERVED
+CVE-2021-25271 (A local attacker could read or write arbitrary files with administrato ...)
+ NOT-FOR-US: HitmanPro
+CVE-2021-25270 (A local attacker could execute arbitrary code with administrator privi ...)
+ NOT-FOR-US: HitmanPro
+CVE-2021-25269 (A local administrator could prevent the HMPA service from starting des ...)
+ NOT-FOR-US: Sophos
+CVE-2021-25268
+ RESERVED
+CVE-2021-25267
+ RESERVED
+CVE-2021-25266
+ RESERVED
+CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connect Clie ...)
+ NOT-FOR-US: Sophos Connect Client
+CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a local at ...)
+ NOT-FOR-US: Sophos
+CVE-2021-25263 (Clickhouse prior to versions v20.8.18.32-lts, v21.1.9.41-stable, v21.2 ...)
+ - clickhouse <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/ClickHouse/ClickHouse/pull/22822
+ NOTE: Vulnerable code introduced at https://github.com/ClickHouse/ClickHouse/commit/ea8994b9e4fd4434b296ffccbfbf60c3c65a50d1
+CVE-2021-25262
+ RESERVED
+CVE-2021-25261
+ RESERVED
+CVE-2021-25260
+ RESERVED
+CVE-2021-25259
+ RESERVED
+CVE-2021-25258
+ RESERVED
+CVE-2021-25257
+ RESERVED
+CVE-2021-25256
+ RESERVED
+CVE-2021-25255
+ RESERVED
+CVE-2021-25254
+ RESERVED
+CVE-2021-25253 (An improper access control vulnerability in Trend Micro Apex One, Tren ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25252 (Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine ( ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25251 (The Trend Micro Security 2020 and 2021 families of consumer products a ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25250 (An improper access control vulnerability in Trend Micro Apex One, Tren ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25249 (An out-of-bounds write information disclosure vulnerability in Trend M ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25248 (An out-of-bounds read information disclosure vulnerability in Trend Mi ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25247 (A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25246 (An improper access control information disclosure vulnerability in Tre ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25245 (An improper access control vulnerability in Worry-Free Business Securi ...)
+ NOT-FOR-US: Worry-Free Business Security
+CVE-2021-25244 (An improper access control vulnerability in Worry-Free Business Securi ...)
+ NOT-FOR-US: Worry-Free Business Security
+CVE-2021-25243 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25242 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25241 (A server-side request forgery (SSRF) information disclosure vulnerabil ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25240 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25239 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25238 (An improper access control information disclosure vulnerability in Tre ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25237 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25236 (A server-side request forgery (SSRF) information disclosure vulnerabil ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25235 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25234 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25233 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25232 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25231 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25230 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25229 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25228 (An improper access control vulnerability in Trend Micro Apex One (on-p ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25227 (Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memor ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25226 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25225 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25224 (A memory exhaustion vulnerability in Trend Micro ServerProtect for Lin ...)
+ NOT-FOR-US: Trend Micro
+CVE-2021-25223
+ RESERVED
+CVE-2021-25222
+ RESERVED
+CVE-2021-25221
+ RESERVED
+CVE-2021-25220
+ RESERVED
+CVE-2021-25219 (In BIND 9.3.0 -&gt; 9.11.35, 9.12.0 -&gt; 9.16.21, and versions 9.9.3- ...)
+ {DSA-4994-1 DLA-2807-1}
+ - bind9 1:9.17.19-1
+ NOTE: https://kb.isc.org/docs/cve-2021-25219
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8fe18c0566c41228a568157287f5a44f96d37662 (v9_16_22)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/e4931584a34bdd0a0d18e4d918fb853bf5296787 (v9_16_22)
+CVE-2021-25218 (In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported P ...)
+ - bind9 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://kb.isc.org/docs/cve-2021-25218
+CVE-2021-25217 (In ISC DHCP 4.1-ESV-R1 -&gt; 4.1-ESV-R16, ISC DHCP 4.4.0 -&gt; 4.4.2 ( ...)
+ {DLA-2674-1}
+ - isc-dhcp 4.4.1-2.3 (bug #989157)
+ [buster] - isc-dhcp 4.4.1-2+deb10u1
+ NOTE: https://kb.isc.org/docs/cve-2021-25217
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/6
+ NOTE: https://downloads.isc.org/isc/dhcp/4.4.2-P1/patches/4.4.2.CVE-2021-25217.patch
+CVE-2021-25216 (In BIND 9.5.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...)
+ {DSA-4909-1 DLA-2647-1}
+ - bind9 1:9.16.15-1 (bug #987743)
+ NOTE: https://kb.isc.org/docs/cve-2021-25216
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/216a97188d86cb3edb307a40ff5ee61b030eb033 (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/a875dcc66969ea3995eb6fc1545d39dafcb56b26 (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/6b0b0c6aba2488f8db5d6cdbc44162b98ffa5ed4 (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/3fd30e16340afd95ee8c7dca8a5ff7cc35d069bc (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/565a6a56791b01b86e2fd1eaa1907bf985f2e997 (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/99132eda0e006932fa5927d4ad81bced0d3b3042 (v9_16_15)
+ NOTE: Issue can be mitigated configuring with --disable-isc-spnego and using the system library.
+CVE-2021-25215 (In BIND 9.0.0 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, and versions BIND 9 ...)
+ {DSA-4909-1 DLA-2647-1}
+ - bind9 1:9.16.15-1 (bug #987742)
+ NOTE: https://kb.isc.org/docs/cve-2021-25215
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/dde958717c9bfdc8679764c045c226e3a1468334 (v9_16_15)
+CVE-2021-25214 (In BIND 9.8.5 -&gt; 9.8.8, 9.9.3 -&gt; 9.11.29, 9.12.0 -&gt; 9.16.13, ...)
+ {DSA-4909-1 DLA-2647-1}
+ - bind9 1:9.16.15-1 (bug #987741)
+ NOTE: https://kb.isc.org/docs/cve-2021-25214
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f68d4cba3321ed375bbc334e2333250893c4f587 (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f092fcee10a7e8b391747dbdd7e58243bff4f75c (v9_16_15)
+ NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/01a916abac22f87a248a7525d3e7408acac0804b (v9_16_15)
+CVE-2021-25213 (SQL injection vulnerability in SourceCodester Travel Management System ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25212 (SQL injection vulnerability in SourceCodester Alumni Management System ...)
+ NOT-FOR-US: SourceCodester Alumni Management System
+CVE-2021-25211 (Arbitrary file upload vulnerability in SourceCodester Ordering System ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25210 (Arbitrary file upload vulnerability in SourceCodester Alumni Managemen ...)
+ NOT-FOR-US: SourceCodester Alumni Management System
+CVE-2021-25209 (SQL injection vulnerability in SourceCodester Theme Park Ticketing Sys ...)
+ NOT-FOR-US: SourceCodester Theme Park Ticketing System
+CVE-2021-25208 (Arbitrary file upload vulnerability in SourceCodester Travel Managemen ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25207 (Arbitrary file upload vulnerability in SourceCodester E-Commerce Websi ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25206 (Arbitrary file upload vulnerability in SourceCodester Responsive Order ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25205 (SQL injection vulnerability in SourceCodester E-Commerce Website V 1.0 ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25204 (Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25203 (Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attacke ...)
+ NOT-FOR-US: Victor CMS
+CVE-2021-25202 (SQL injection vulnerability in SourceCodester Sales and Inventory Syst ...)
+ NOT-FOR-US: SourceCodester Sales and Inventory System
+CVE-2021-25201 (SQL injection vulnerability in Learning Management System v 1.0 allows ...)
+ NOT-FOR-US: Learning Management System
+CVE-2021-25200 (Arbitrary file upload vulnerability in SourceCodester Learning Managem ...)
+ NOT-FOR-US: SourceCodester
+CVE-2021-25199
+ RESERVED
+CVE-2021-25198
+ RESERVED
+CVE-2021-25197 (Cross-site scripting (XSS) vulnerability in SourceCodester Content Man ...)
+ NOT-FOR-US: SourceCodester Content Management System
+CVE-2021-3158
+ RESERVED
+CVE-2021-3157
+ RESERVED
+CVE-2021-3156 (Sudo before 1.9.5p2 contains an off-by-one error that can result in a ...)
+ {DSA-4839-1 DLA-2534-1}
+ - sudo 1.9.5p1-1.1
+ NOTE: https://www.sudo.ws/alerts/unescape_overflow.html
+ NOTE: https://www.sudo.ws/repos/sudo/rev/9b97f1787804
+ NOTE: https://www.sudo.ws/repos/sudo/rev/a97dc92eae6b
+ NOTE: https://www.sudo.ws/repos/sudo/rev/049ad90590be
+ NOTE: https://www.sudo.ws/repos/sudo/rev/09f98816fc89
+ NOTE: https://www.sudo.ws/repos/sudo/rev/c125fbe68783
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/26/3
+CVE-2021-3155 (snapd 2.54.2 and earlier created ~/snap directories in user home direc ...)
+ - snapd 2.54-1
+ NOTE: https://github.com/snapcore/snapd/pull/9841
+ NOTE: https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85 (2.52)
+ NOTE: https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca (2.54)
+CVE-2021-3154 (An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenti ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-3153 (HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an or ...)
+ NOT-FOR-US: HashiCorp Terraform Enterprise
+CVE-2021-3152 (** DISPUTED ** Home Assistant before 2021.1.3 does not have a protecti ...)
+ NOT-FOR-US: Home Assistant
+CVE-2021-3151 (i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) ...)
+ NOT-FOR-US: i-doit
+CVE-2021-3150 (A cross-site scripting (XSS) vulnerability on the Delete Personal Data ...)
+ NOT-FOR-US: Cryptshare Server
+CVE-2021-3149 (On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ ...)
+ NOT-FOR-US: Netshield NANO devices
+CVE-2021-3148 (An issue was discovered in SaltStack Salt before 3002.5. Sending craft ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: Introduced by: https://github.com/saltstack/salt/commit/fc9267afa3a7ecaae3ef446575072e0e5d51d8b7 (v2016.3)
+ NOTE: Fixed by: https://github.com/saltstack/salt/commit/6ae64c6b15cb7f43b57f564a0cb8a0e426cc183a (v3000.7 backport)
+CVE-2021-3147
+ RESERVED
+CVE-2021-25196
+ RESERVED
+CVE-2021-25195 (Windows PKU2U Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-25194
+ RESERVED
+CVE-2021-25193
+ RESERVED
+CVE-2021-25192
+ RESERVED
+CVE-2021-25191
+ RESERVED
+CVE-2021-25190
+ RESERVED
+CVE-2021-25189
+ RESERVED
+CVE-2021-25188
+ RESERVED
+CVE-2021-25187
+ RESERVED
+CVE-2021-25186
+ RESERVED
+CVE-2021-25185
+ RESERVED
+CVE-2021-25184
+ RESERVED
+CVE-2021-25183
+ RESERVED
+CVE-2021-25182
+ RESERVED
+CVE-2021-25181
+ RESERVED
+CVE-2021-25180
+ RESERVED
+CVE-2021-25179 (SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-25178 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-25177 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-25176 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-25175 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-25174 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-25173 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2021-25172 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-25171 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-25170 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-25169 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-25168 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-25167 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25166 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25165 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25164 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25163 (A remote XML external entity vulnerability was discovered in Aruba Air ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25162 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25161 (A remote cross-site scripting (xss) vulnerability was discovered in so ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25160 (A remote arbitrary file modification vulnerability was discovered in s ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25159 (A remote arbitrary file modification vulnerability was discovered in s ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25158 (A remote arbitrary file read vulnerability was discovered in some Arub ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25157 (A remote arbitrary file read vulnerability was discovered in some Arub ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25156 (A remote arbitrary directory create vulnerability was discovered in so ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25155 (A remote arbitrary file modification vulnerability was discovered in s ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25154 (A remote escalation of privilege vulnerability was discovered in Aruba ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25153 (A remote SQL injection vulnerability was discovered in Aruba AirWave M ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25152 (A remote insecure deserialization vulnerability was discovered in Arub ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25151 (A remote insecure deserialization vulnerability was discovered in Arub ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25150 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25149 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25148 (A remote arbitrary file modification vulnerability was discovered in s ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25147 (A remote authentication restriction bypass vulnerability was discovere ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25146 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25145 (A remote unauthorized disclosure of information vulnerability was disc ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25144 (A remote buffer overflow vulnerability was discovered in some Aruba In ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25143 (A remote denial of service (dos) vulnerability was discovered in some ...)
+ NOT-FOR-US: Aruba
+CVE-2021-25142 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...)
+ NOT-FOR-US: HPE
+CVE-2021-25141 (A security vulnerability has been identified in in certain HPE and Aru ...)
+ NOT-FOR-US: HPE
+CVE-2021-25140 (A potential security vulnerability has been identified in the HPE Moon ...)
+ NOT-FOR-US: HPE
+CVE-2021-25139 (A potential security vulnerability has been identified in the HPE Moon ...)
+ NOT-FOR-US: HPE
+CVE-2021-25138 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25137 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25136 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25135 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25134 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25133 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25132 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25131 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25130 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25129 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25128 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25127 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25126 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25125 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25124 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 ...)
+ NOT-FOR-US: HPE
+CVE-2021-25122 (When responding to new h2c connection requests, Apache Tomcat versions ...)
+ {DSA-4891-1 DLA-2594-1}
+ - tomcat9 9.0.43-1
+ - tomcat8 <removed>
+ - tomcat7 <removed>
+ [stretch] - tomcat7 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/1
+ NOTE: https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1 (9.0.43)
+ NOTE: https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa (8.5.63)
+CVE-2021-25121
+ RESERVED
+CVE-2021-25120
+ RESERVED
+CVE-2021-25119
+ RESERVED
+CVE-2021-25118
+ RESERVED
+CVE-2021-25117
+ RESERVED
+CVE-2021-25116
+ RESERVED
+CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25113
+ RESERVED
+CVE-2021-25112
+ RESERVED
+CVE-2021-25111
+ RESERVED
+CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allows any logged in u ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL I ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25107 (The Form Store to DB WordPress plugin before 1.1.1 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25106 (The Privacy Policy Generator, Terms &amp; Conditions Generator WordPre ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25104
+ RESERVED
+CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25102
+ RESERVED
+CVE-2021-25101 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25100 (The GiveWP WordPress plugin before 2.17.3 does not escape the s parame ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25099 (The GiveWP WordPress plugin before 2.17.3 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25098
+ RESERVED
+CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5 bans ca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25094
+ RESERVED
+CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have authorisa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25092 (The Link Library WordPress plugin before 7.2.8 does not have CSRF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25091 (The Link Library WordPress plugin before 7.2.9 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25090
+ RESERVED
+CVE-2021-25089 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25088
+ RESERVED
+CVE-2021-25087
+ RESERVED
+CVE-2021-25086
+ RESERVED
+CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25082 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25081
+ RESERVED
+CVE-2021-25080 (The Contact Form Entries WordPress plugin before 1.1.7 does not valida ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not saniti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25078 (The Affiliates Manager WordPress plugin before 2.9.0 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25077 (The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25075 (The Duplicate Page or Post WordPress plugin before 1.5.1 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25074 (The WebP Converter for Media WordPress plugin before 4.0.3 contains a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25073 (The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in v ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25072 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25071
+ RESERVED
+CVE-2021-25070
+ RESERVED
+CVE-2021-25069 (The Download Manager WordPress plugin before 3.2.34 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25068
+ RESERVED
+CVE-2021-25067 (The Landing Page Builder WordPress plugin before 1.4.9.6 was affected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25066
+ RESERVED
+CVE-2021-25065 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25064
+ RESERVED
+CVE-2021-25063 (The Contact Form 7 Skins WordPress plugin through 2.5.0 does not sanit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25062 (The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 doe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25061 (The WP Booking System WordPress plugin before 2.0.15 was affected by a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25060 (The Five Star Business Profile and Schema WordPress plugin before 2.1. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25059
+ RESERVED
+CVE-2021-25058 (The Buffer Button WordPress plugin through 1.0 was vulnerable to Authe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25057 (The Translation Exchange WordPress plugin through 1.0.14 was vulnerabl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25056
+ RESERVED
+CVE-2021-25055 (The FeedWordPress plugin before 2022.0123 is affected by a Reflected C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25054 (The WPcalc WordPress plugin through 2.1 does not sanitize user input i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25053 (The WP Coder WordPress plugin before 2.5.2 within the wow-company admi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25052 (The Button Generator WordPress plugin before 2.3.3 within the wow-comp ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25051 (The Modal Window WordPress plugin before 5.2.2 within the wow-company ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25050 (The Remove Footer Credit WordPress plugin before 1.0.11 does properly ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does not sanit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25048
+ RESERVED
+CVE-2021-25047 (The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affecte ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25046 (The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25045 (The Asgaros Forum WordPress plugin before 1.15.15 does not validate or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25044
+ RESERVED
+CVE-2021-25043 (The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25042
+ RESERVED
+CVE-2021-25041 (The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerabl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25040 (The Booking Calendar WordPress plugin before 8.9.2 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25039
+ RESERVED
+CVE-2021-25038
+ RESERVED
+CVE-2021-25037 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by an a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25036 (The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Pr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin before 1.22 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25034
+ RESERVED
+CVE-2021-25033 (The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Co ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25029 (The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not validate the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25026
+ RESERVED
+CVE-2021-25025 (The EventCalendar WordPress plugin before 1.1.51 does not have proper ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25024 (The EventCalendar WordPress plugin before 1.1.51 does not escape some ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25023 (The Speed Booster Pack &#9889; PageSpeed Optimization Suite WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25022 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25021 (The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25020 (The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25019
+ RESERVED
+CVE-2021-25018 (The PPOM for WooCommerce WordPress plugin before 24.0 does not have au ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape the searc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25015 (The myCred WordPress plugin before 2.4 does not sanitise and escape th ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25014 (The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisation a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25012
+ RESERVED
+CVE-2021-25011
+ RESERVED
+CVE-2021-25010
+ RESERVED
+CVE-2021-25009
+ RESERVED
+CVE-2021-25008 (The Code Snippets WordPress plugin before 2.14.3 does not escape the s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25007
+ RESERVED
+CVE-2021-25006
+ RESERVED
+CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25003
+ RESERVED
+CVE-2021-25002
+ RESERVED
+CVE-2021-25001 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-25000 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24999 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24998 (The Simple JWT Login WordPress plugin before 3.3.0 can be used to crea ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24997 (The WP Guppy WordPress plugin before 1.3 does not have any authorisati ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24996
+ RESERVED
+CVE-2021-24995
+ RESERVED
+CVE-2021-24994
+ RESERVED
+CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24991 (The WooCommerce PDF Invoices &amp; Packing Slips WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24990
+ RESERVED
+CVE-2021-24989 (The Accept Donations with PayPal WordPress plugin before 1.3.4 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24988 (The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24987
+ RESERVED
+CVE-2021-24986
+ RESERVED
+CVE-2021-24985 (The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24983 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24982
+ RESERVED
+CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cros ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24980 (The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24979 (The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24978
+ RESERVED
+CVE-2021-24977
+ RESERVED
+CVE-2021-24976 (The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24975 (The NextScripts: Social Networks Auto-Poster WordPress plugin before 4 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24974 (The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape some of it ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24971
+ RESERVED
+CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24969 (The WordPress Download Manager WordPress plugin before 3.2.22 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24968 (The Ultimate FAQ WordPress plugin before 2.1.2 does not have capabilit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24967 (The Contact Form &amp; Lead Form Elementor Builder WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24966
+ RESERVED
+CVE-2021-24965 (The Five Star Restaurant Reservations WordPress plugin before 2.4.8 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24964 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly ve ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24963 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24962
+ RESERVED
+CVE-2021-24961
+ RESERVED
+CVE-2021-24960
+ RESERVED
+CVE-2021-24959
+ RESERVED
+CVE-2021-24958
+ RESERVED
+CVE-2021-24957
+ RESERVED
+CVE-2021-24956 (The Blog2Social: Social Media Auto Post &amp; Scheduler WordPress plug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24955 (The User Registration, Login Form, User Profile &amp; Membership WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24954 (The User Registration, Login Form, User Profile &amp; Membership WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24953
+ RESERVED
+CVE-2021-24952
+ RESERVED
+CVE-2021-24951 (The LearnPress WordPress plugin before 4.1.4 does not sanitise, valida ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24950
+ RESERVED
+CVE-2021-24949 (The "WP Search Filters" widget of The Plus Addons for Elementor - Pro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24948 (The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24947 (The RVM WordPress plugin before 6.4.2 does not have proper authorisati ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24945 (The Like Button Rating &#9829; LikeBtn WordPress plugin before 2.6.38 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24944 (The Custom Dashboard &amp; Login Page WordPress plugin before 7.0 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24942
+ RESERVED
+CVE-2021-24941 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24940
+ RESERVED
+CVE-2021-24939 (The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24938 (The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24937 (The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24936 (The WP Extra File Types WordPress plugin before 0.5.1 does not have CS ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24935 (The WP Google Fonts WordPress plugin before 3.1.5 does not escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24934 (The Visual CSS Style Editor WordPress plugin before 7.5.4 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24933
+ RESERVED
+CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24931 (The Secure Copy Content Protection and Content Locking WordPress plugi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24929
+ RESERVED
+CVE-2021-24928 (The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24925 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape the d para ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24923 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check w ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24921 (The Advanced Database Cleaner WordPress plugin before 3.0.4 does not s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24920
+ RESERVED
+CVE-2021-24919 (The Wicked Folders WordPress plugin before 2.8.10 does not sanitise an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24917 (The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allow ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24916
+ RESERVED
+CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not have cap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24914 (The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24913
+ RESERVED
+CVE-2021-24912
+ RESERVED
+CVE-2021-24911
+ RESERVED
+CVE-2021-24910
+ RESERVED
+CVE-2021-24909 (The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24908 (The Check &amp; Log Email WordPress plugin before 1.0.4 does not escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24906 (The Protect WP Admin WordPress plugin before 3.6.2 does not check for ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24905
+ RESERVED
+CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does not impl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24903
+ RESERVED
+CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24901
+ RESERVED
+CVE-2021-24900 (The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24898
+ RESERVED
+CVE-2021-24897
+ RESERVED
+CVE-2021-24896 (The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24895
+ RESERVED
+CVE-2021-24894 (The Reviews Plus WordPress plugin before 1.2.14 does not validate the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24893 (The Stars Rating WordPress plugin before 3.5.1 does not validate the s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced Forms (F ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.4.8 does not s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24890
+ RESERVED
+CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not es ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24887
+ RESERVED
+CVE-2021-24886
+ RESERVED
+CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24883 (The Popup Anything WordPress plugin before 2.0.4 does not escape the L ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24881
+ RESERVED
+CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not validate and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have CSRF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24878 (The SupportCandy WordPress plugin before 2.2.7 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24874 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24872 (The Get Custom Field Values WordPress plugin before 4.0 allows users w ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24871 (The Get Custom Field Values WordPress plugin before 4.0.1 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24870
+ RESERVED
+CVE-2021-24869
+ RESERVED
+CVE-2021-24868 (The Document Embedder WordPress plugin before 1.7.9 contains a AJAX ac ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24867 (Numerous Plugins and Themes from the AccessPress Themes (aka Access Ke ...)
+ TODO: check
+CVE-2021-24866 (The WP Data Access WordPress plugin before 5.0.0 does not properly san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24865 (The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 d ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24864
+ RESERVED
+CVE-2021-24863 (The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Prot ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24862 (The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24861 (The Quotes Collection WordPress plugin through 2.5.2 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24860 (The BSK PDF Manager WordPress plugin before 3.1.2 does not validate an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24859 (The User Meta Shortcodes WordPress plugin through 0.5 registers a shor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24858 (The Cookie Notification Plugin for WordPress plugin before 1.0.9 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24857 (The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded us ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24856 (The Shared Files WordPress plugin before 1.6.61 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24855 (The Display Post Metadata WordPress plugin before 1.5.0 adds a shortco ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24854 (The QR Redirector WordPress plugin before 1.6.1 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24853 (The QR Redirector WordPress plugin before 1.6 does not have capability ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24852 (The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24851 (The Insert Pages WordPress plugin before 3.7.0 allows users with a rol ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24850 (The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24849 (The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24848 (The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPre ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24847 (The importFromRedirection AJAX action of the SEO Redirection Plugin &# ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24846 (The get_query() function of the Ni WooCommerce Custom Order Status Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows passing ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24843 (The SupportCandy WordPress plugin before 2.2.7 does not have CRSF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24839 (The SupportCandy WordPress plugin before 2.2.5 does not have authorisa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24838 (The AnyComment WordPress plugin through 0.2.17 has an API endpoint whi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24837
+ RESERVED
+CVE-2021-24836 (The Temporary Login Without Password WordPress plugin before 1.7.1 doe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24835 (The WCFM &#8211; Frontend Manager for WooCommerce along with Bookings ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24834 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24833 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24832 (The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CS ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24831 (All AJAX actions of the Tab WordPress plugin before 1.3.2 are availabl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24830 (The Advanced Access Manager WordPress plugin before 6.8.0 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24829 (The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 d ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24828 (The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24827 (The Asgaros Forum WordPress plugin before 1.15.13 does not validate an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24826
+ RESERVED
+CVE-2021-24825
+ RESERVED
+CVE-2021-24824
+ RESERVED
+CVE-2021-24823
+ RESERVED
+CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does not hav ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24821
+ RESERVED
+CVE-2021-24820
+ RESERVED
+CVE-2021-24819 (The Page/Post Content Shortcode WordPress plugin through 1.0 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24818 (The WP Limits WordPress plugin through 1.0 does not have CSRF check wh ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24817 (The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24816 (The Phoenix Media Rename WordPress plugin before 3.4.4 does not have c ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24815 (The Accept Donations with PayPal WordPress plugin before 1.3.2 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24814 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise and es ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24811 (The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24810
+ RESERVED
+CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24808 (The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24807 (The Support Board WordPress plugin before 3.3.5 allows Authenticated ( ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24806 (The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when ad ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24805
+ RESERVED
+CVE-2021-24804 (The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24803
+ RESERVED
+CVE-2021-24802 (The Colorful Categories WordPress plugin before 2.0.15 does not enforc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have any auth ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24800
+ RESERVED
+CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24797 (The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24796 (The My Tickets WordPress plugin before 1.8.31 does not properly saniti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24795 (The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24794 (The Connections Business Directory WordPress plugin before 10.4.3 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24793 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24792 (The Shiny Buttons WordPress plugin through 1.1.0 does not have any aut ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24791 (The Header Footer Code Manager WordPress plugin before 1.1.14 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24790 (The Contact Form Advanced Database WordPress plugin through 1.0.8 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not escape some ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24788 (The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actio ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24787 (The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24786 (The Download Monitor WordPress plugin before 4.4.5 does not properly v ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24784 (The WP Admin Logo Changer WordPress plugin through 1.0 does not have C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24783 (The Post Expirator WordPress plugin before 2.6.0 does not have proper ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24782 (The Flex Local Fonts WordPress plugin through 1.0.0 does not escape th ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24781 (The Image Source Control WordPress plugin before 2.3.1 allows users wi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24780 (The Single Post Exporter WordPress plugin through 1.1.1 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24778
+ RESERVED
+CVE-2021-24777
+ RESERVED
+CVE-2021-24776 (The WP Performance Score Booster WordPress plugin before 2.1 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24775 (The Document Embedder WordPress plugin before 1.7.5 contains a REST en ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24774 (The Check &amp; Log Email WordPress plugin before 1.0.3 does not valid ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24772 (The Stream WordPress plugin before 3.8.2 does not sanitise and validat ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24771 (The Inspirational Quote Rotator WordPress plugin through 1.0.0 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not perform ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24768 (The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24767 (The Redirect 404 Error Page to Homepage or Custom Page with Logs WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24766 (The 404 to 301 &#8211; Redirect, Log and Notify 404 Errors WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24765 (The Perfect Survey WordPress plugin through 1.5.2 does not validate an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24764 (The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24763 (The Perfect Survey WordPress plugin before 1.5.2 does not have proper ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24762 (The Perfect Survey WordPress plugin before 1.5.2 does not validate and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24761 (The Error Log Viewer WordPress plugin through 1.1.1 does not perform n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24759 (The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some o ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24758 (The Email Log WordPress plugin before 2.4.7 does not properly validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not perform ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24756 (The WP System Log WordPress plugin before 1.0.21 does not sanitise, va ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24755 (The myCred WordPress plugin before 2.3 does not validate or escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does not valida ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24753 (The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not pr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capability ...)
+ NOT-FOR-US: WordPress plugins
+CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not validate the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24750 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24749 (The URL Shortify WordPress plugin before 1.5.1 does not have CSRF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not properl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24747 (The SEO Booster WordPress plugin before 3.8 allows for authenticated S ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24746
+ RESERVED
+CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24742 (The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Edi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape multip ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape some of it ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24739 (The Logo Carousel WordPress plugin before 3.4.2 allows users with a ro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24738 (The Logo Carousel WordPress plugin before 3.4.2 does not validate and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24737 (The Comments &#8211; wpDiscuz WordPress plugin through 7.3.0 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24736 (The Easy Download Manager and File Sharing Plugin with frontend file u ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24735 (The Compact WP Audio Player WordPress plugin before 1.9.7 does not imp ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24734 (The Compact WP Audio Player WordPress plugin before 1.9.7 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24733 (The WP Post Page Clone WordPress plugin before 1.2 allows users with a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress &#8211; DearFlip WordPress plu ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24731 (The Registration Forms &#8211; User profile, Content Restriction, Spam ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24730
+ RESERVED
+CVE-2021-24729 (The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24728 (The Membership &amp; Content Restriction &#8211; Paid Member Subscript ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24727 (The StopBadBots WordPress plugin before 6.60 did not validate or escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24726 (The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24725 (The Comment Link Remove and Other Comment Tools WordPress plugin befor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24724 (The Timetable and Event Schedule by MotoPress WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24723 (The WP Reactions Lite WordPress plugin before 1.3.6 does not properly ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24722 (The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24721 (The Loco Translate WordPress plugin before 2.5.4 mishandles data input ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 wa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Refle ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24718 (The Contact Form, Survey &amp; Popup Form Plugin for WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24717 (The AutomatorWP WordPress plugin before 1.7.6 does not perform capabil ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24716 (The Modern Events Calendar Lite WordPress plugin before 5.22.3 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24715 (The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24714 (The Import any XML or CSV File to WordPress plugin before 3.6.3 does n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24713 (The Video Lessons Manager WordPress plugin before 1.7.2 and Video Less ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 does not p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24711 (The del_reistered_domains AJAX action of the Software License Manager ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24710 (The Print-O-Matic WordPress plugin before 2.0.3 does not escape some o ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24709 (The Weather Effect WordPress plugin before 1.3.6 does not properly val ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24708 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24707 (The Learning Courses WordPress plugin before 5.0 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24706 (The Qwizcards &#8211; online quizzes and flashcards WordPress plugin b ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape some of i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24704
+ RESERVED
+CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not have capabi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not properly sanit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24701 (The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize m ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24700 (The Forminator WordPress plugin before 1.15.4 does not sanitize and es ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24698 (The Simple Download Monitor WordPress plugin before 3.9.6 allows users ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24697 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24696 (The Simple Download Monitor WordPress plugin before 3.9.9 does not enf ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24695 (The Simple Download Monitor WordPress plugin before 3.9.6 saves logs i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24694 (The Simple Download Monitor WordPress plugin before 3.9.11 could allow ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24693 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24692
+ RESERVED
+CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does not esca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24690 (The Chained Quiz WordPress plugin before 1.2.7.2 does not properly san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24689
+ RESERVED
+CVE-2021-24688
+ RESERVED
+CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24686 (The SVG Support WordPress plugin before 2.3.20 does not escape the "CS ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24685 (The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have any CSR ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24682 (The Cool Tag Cloud WordPress plugin before 2.26 does not escape the st ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24680 (The WP Travel Engine WordPress plugin before 5.3.1 does not escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24678 (The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24677 (The Find My Blocks WordPress plugin before 3.4.0 does not have authori ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24676 (The Better Find and Replace WordPress plugin before 1.2.9 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24675 (The One User Avatar WordPress plugin before 2.3.7 does not check for C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24674 (The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24673 (The Appointment Hour Booking WordPress plugin before 1.3.16 does not e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24672 (The One User Avatar WordPress plugin before 2.3.7 does not escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some short ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24669 (The MAZ Loader &#8211; Preloader Builder for WordPress plugin before 1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24668 (The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce ch ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-24666 (The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not escape th ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24664 (The School Management System &#8211; WPSchoolPress WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1 does n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24662 (The Game Server Status WordPress plugin through 1.0 does not validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24661 (The PostX &#8211; Gutenberg Blocks for Post Grid WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24660 (The PostX &#8211; Gutenberg Blocks for Post Grid WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24659 (The PostX &#8211; Gutenberg Blocks for Post Grid WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24658 (The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 d ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24657 (The Limit Login Attempts WordPress plugin before 4.0.50 does not escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24656 (The Simple Social Media Share Buttons WordPress plugin before 3.2.4 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24655
+ RESERVED
+CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitis ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24652 (The PostX &#8211; Gutenberg Blocks for Post Grid WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated us ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24650
+ RESERVED
+CVE-2021-24649
+ RESERVED
+CVE-2021-24648 (The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitis ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24647 (The Registration Forms &#8211; User profile, Content Restriction, Spam ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin before 1.4.3 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24645 (The Booking.com Product Helper WordPress plugin before 1.0.2 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24644 (The Images to WebP WordPress plugin before 1.9 does not validate or sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape some at ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24642 (The Scroll Baner WordPress plugin through 1.0 does not have CSRF check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24641 (The Images to WebP WordPress plugin before 1.9 does not have CSRF chec ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24640 (The WordPress Slider Block Gutenslider plugin before 5.2.0 does not es ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24639 (The OMGF WordPress plugin before 4.5.4 does not enforce path validatio ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24638 (The OMGF WordPress plugin before 4.5.4 does not escape or validate the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24637 (The Google Fonts Typography WordPress plugin before 3.0.3 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24636 (The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24635 (The Visual Link Preview WordPress plugin before 2.2.3 does not enforce ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24634 (The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24633 (The Countdown Block WordPress plugin before 1.1.2 does not have author ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24632 (The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24631 (The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24630 (The Schreikasten WordPress plugin through 0.14.18 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24629 (The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24628 (The Wow Forms WordPress plugin through 3.1.3 does not sanitise or esca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24627 (The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24626 (The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24625 (The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24624 (The MP3 Audio Player for Music, Radio &amp; Podcast by Sonaar WordPres ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24622 (The Customer Service Software &amp; Support Ticket System WordPress pl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24621 (The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise it ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24620 (The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products thr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24619 (The Per page add to head WordPress plugin through 1.4.4 does not prope ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24618 (The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24617 (The GamePress WordPress plugin through 1.1.0 does not escape the op_ed ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24616 (The AddToAny Share Buttons WordPress plugin before 1.7.48 does not esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24615 (The Wechat Reward WordPress plugin through 1.7 does not sanitise or es ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24614 (The Book appointment online WordPress plugin before 1.39 does not sani ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24613 (The Post Views Counter WordPress plugin before 1.3.5 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24612 (The Sociable WordPress plugin through 4.3.4.1 does not sanitise or esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not sanitise of esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not implement a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24608 (The Formidable Form Builder &#8211; Contact Form, Survey &amp; Quiz Fo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24607 (The Storefront Footer Text WordPress plugin through 1.0.1 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does not escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24605 (The create_post_page AJAX action of the Custom Post View Generator Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24604 (The Availability Calendar WordPress plugin before 1.2.2 does not sanit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24603 (The Site Reviews WordPress plugin before 5.13.1 does not sanitise some ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24602 (The HM Multiple Roles WordPress plugin before 1.3 does not have any ac ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24601 (The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24600 (The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24599 (The Email Encoder &#8211; Protect Email Addresses WordPress plugin bef ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24598 (The Testimonial WordPress plugin before 1.6.0 does not escape some tes ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24597 (The You Shang WordPress plugin through 1.0.1 does not escape its qrcod ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not sanitise esca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24595 (The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSR ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24594 (The Translate WordPress &#8211; Google Language Translator WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5 does not sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24592 (The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24591 (The Highlight WordPress plugin before 0.9.3 does not sanitise its Cust ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24590 (The Cookie Notice &amp; Consent Banner for GDPR &amp; CCPA Compliance ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24589
+ RESERVED
+CVE-2021-24588 (The SMS Alert Order Notifications WordPress plugin before 3.4.7 is aff ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24587 (The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24586 (The Per page add to head WordPress plugin before 1.4.4 is lacking any ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24585 (The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24584 (The Timetable and Event Schedule WordPress plugin before 2.4.2 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24583 (The Timetable and Event Schedule WordPress plugin before 2.4.2 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24582 (The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24581 (The Blue Admin WordPress plugin through 21.06.01 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24580 (The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise use ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24578 (The SportsPress WordPress plugin before 2.7.9 does not sanitise and es ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not properly sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24575 (The School Management System &#8211; WPSchoolPress WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not sanitise and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24573
+ RESERVED
+CVE-2021-24572 (The Accept Donations with PayPal WordPress plugin before 1.3.1 provide ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24571 (The HD Quiz WordPress plugin before 1.8.4 does not escape some of its ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24570 (The Accept Donations with PayPal WordPress plugin before 1.3.1 offers ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24569 (The Cookie Notice &amp; Compliance for GDPR / CCPA WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24568 (The AddToAny Share Buttons WordPress plugin before 1.7.46 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24567
+ RESERVED
+CVE-2021-24566
+ RESERVED
+CVE-2021-24565 (The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24564 (The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24563 (The Frontend Uploader WordPress plugin through 1.3.2 does not prevent ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24562 (The LMS by LifterLMS &#8211; Online Course, Membership &amp; Learning ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24561 (The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_gr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24560 (The Software License Manager WordPress plugin before 4.4.8 does not sa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24559
+ RESERVED
+CVE-2021-24558 (The pspin_duplicate_post_save_as_new_post function of the Project Stat ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24557 (The update functionality in the rslider_page uses an rs_id POST parame ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24556 (The kento_email_subscriber_ajax AJAX action of the Email Subscriber Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24555 (The daac_delete_booking_callback function, hooked to the daac_delete_b ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24554 (The Paytm &#8211; Donation Plugin WordPress plugin through 1.3.2 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24553 (The Timeline Calendar WordPress plugin through 1.2 does not sanitise, ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24552 (The Simple Events Calendar WordPress plugin through 1.4.0 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24551 (The Edit Comments WordPress plugin through 0.3 does not sanitise, vali ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24550 (The Broken Link Manager WordPress plugin through 0.6.5 does not saniti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24549 (The AceIDE WordPress plugin through 2.6.2 does not sanitise or validat ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24548 (The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Au ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24547 (The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24546 (The Gutenberg Block Editor Toolkit &#8211; EditorsKit WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitis ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24544 (The Responsive WordPress Slider WordPress plugin through 2.2.0 does no ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24543 (The jQuery Reply to Comment WordPress plugin through 1.31 does not hav ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24542
+ RESERVED
+CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape param ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24540 (The Wonder Video Embed WordPress plugin before 1.8 does not escape par ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24539 (The Coming Soon, Under Construction &amp; Maintenance Mode By Dazzler ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not sanitize user ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24537 (The Similar Posts WordPress plugin through 3.1.5 allow high privilege ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24536 (The Custom Login Redirect WordPress plugin through 1.0.0 does not have ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24535 (The Light Messages WordPress plugin through 1.0 is lacking CSRF check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24534 (The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24533 (The Maintenance WordPress plugin before 4.03 does not sanitise or esca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24532
+ RESERVED
+CVE-2021-24531 (The Charitable &#8211; Donation Plugin WordPress plugin before 1.6.51 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24530 (The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24529 (The Grid Gallery &#8211; Photo Image Grid Gallery WordPress plugin bef ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24528 (The FluentSMTP WordPress plugin before 2.0.1 does not sanitize paramet ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24527 (The User Registration &amp; User Profile &#8211; Profile Builder WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24526 (The Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contac ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24525 (The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users wi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24524 (The GiveWP &#8211; Donation Plugin and Fundraising Platform WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24523 (The Daily Prayer Time WordPress plugin before 2021.08.10 does not sani ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24522 (The User Registration, User Profile, Login &amp; Membership &#8211; Pr ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24521 (The Side Menu Lite &#8211; add sticky fixed buttons WordPress plugin b ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24520 (The Stock in &amp; out WordPress plugin through 1.0.4 lacks proper san ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24519 (The VikRentCar Car Rental Management System WordPress plugin before 1. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24518 (The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not escape the ti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24515 (The Video Gallery WordPress plugin before 1.1.5 does not escape the Ti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24514 (The Visual Form Builder WordPress plugin before 3.0.4 does not sanitis ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24513 (The Form Builder | Create Responsive Contact Forms WordPress plugin be ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24511 (The fetch_product_ajax functionality in the Product Feed on WooCommerc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24510 (The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24509 (The Page View Count WordPress plugin before 2.4.9 does not escape the ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24508 (The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24507 (The Astra Pro Addon WordPress plugin before 3.5.2 did not properly san ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24506 (The Slider Hero with Animation, Video Background &amp; Intro Maker Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24505 (The Forms WordPress plugin before 1.12.3 did not sanitise its input fi ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24504 (The WP LMS &#8211; Best WordPress LMS Plugin WordPress plugin through ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24503 (The Popular Brand Icons &#8211; Simple Icons WordPress plugin before 2 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24502 (The WP Google Map WordPress plugin before 1.7.7 did not sanitise or es ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24501 (The Workreap WordPress theme before 2.2.2 had several AJAX actions mis ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24500 (Several AJAX actions available in the Workreap WordPress theme before ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24499 (The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_ ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24498 (The Calendar Event Multi View WordPress plugin before 1.4.01 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24497 (The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL In ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24496 (The Community Events WordPress plugin before 1.4.8 does not sanitise, ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24495 (The Marmoset Viewer WordPress plugin before 1.9.3 does not property sa ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape s ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24493 (The shopp_upload_file AJAX action of the Shopp WordPress plugin throug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24492 (The hndtst_action_instance_callback AJAX call of the Handsome Testimon ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24491 (The Fileviewer WordPress plugin through 2.2 does not have CSRF checks ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24490 (The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24489 (The Request a Quote WordPress plugin before 2.3.5 does not sanitise, v ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24488 (The slider import search feature and tab parameter of the Post Grid Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24487 (The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF c ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24486 (The Simple Social Media Share Buttons &#8211; Social Sharing for Every ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24485 (The Special Text Boxes WordPress plugin through 5.9.109 does not sanit ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24483 (The get_poll_categories(), get_polls() and get_reports() functions in ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24482 (The Related Posts for WordPress plugin through 2.0.4 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24481 (The Any Hostname WordPress plugin through 1.0.6 does not sanitise or e ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24480 (The Event Geek WordPress plugin through 2.5.2 does not sanitise or esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24479 (The DrawBlog WordPress plugin through 0.90 does not sanitise or valida ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24478 (The Bookshelf WordPress plugin through 2.0.4 does not sanitise or esca ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24477 (The Migrate Users WordPress plugin through 1.0.1 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24476 (The Steam Group Viewer WordPress plugin through 2.1 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24475
+ RESERVED
+CVE-2021-24474 (The Awesome Weather Widget WordPress plugin through 3.0.2 does not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24473 (The User Profile Picture WordPress plugin before 2.6.0 was affected by ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24472 (The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24471 (The YouTube Embed WordPress plugin before 5.2.2 does not validate, esc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24470 (The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24469
+ RESERVED
+CVE-2021-24468 (The Leaflet Map WordPress plugin before 3.0.0 does not escape some sho ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24466 (The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSR ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24465 (The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, vali ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24464 (The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin bef ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24463 (The get_sliders() function in the Image Slider by Ays- Responsive Slid ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24462 (The get_gallery_categories() and get_galleries() functions in the Phot ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24461 (The get_faqs() function in the FAQ Builder AYS WordPress plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24460 (The get_fb_likeboxes() function in the Popup Like box &#8211; Page Plu ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24459 (The get_results() and get_items() functions in the Survey Maker WordPr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24458 (The get_ays_popupboxes() and get_popup_categories() functions of the P ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24457 (The get_portfolios() and get_portfolio_attributes() functions in the c ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24456 (The Quiz Maker WordPress plugin before 6.2.0.9 did not properly saniti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24455 (The Tutor LMS &#8211; eLearning and online course solution WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24454 (In the YOP Poll WordPress plugin before 6.2.8, when a pool is created ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24453 (The Include Me WordPress plugin through 1.2.1 is vulnerable to path tr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24452 (The W3 Total Cache WordPress plugin before 2.1.5 was affected by a ref ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24451 (The Export Users With Meta WordPress plugin before 0.6.5 did not escap ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24450 (The User Registration, User Profiles, Login &amp; Membership &#8211; P ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24449
+ RESERVED
+CVE-2021-24448 (The User Registration &amp; User Profile &#8211; Profile Builder WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate its ta ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24446 (The Remove Footer Credit WordPress plugin before 1.0.6 does not have C ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24445 (The My Site Audit WordPress plugin through 1.2.4 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24444 (The TaxoPress &#8211; Create and Manage Taxonomies, Tags, Categories W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24443 (The About Me widget of the Youzify &#8211; BuddyPress Community, User ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24442 (The Poll, Survey, Questionnaire and Voting system WordPress plugin bef ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24441 (The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitis ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24440 (The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24439 (The Browser Screenshots WordPress plugin before 1.7.6 allowed authenti ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24438 (The ShareThis Dashboard for Google Analytics WordPress plugin before 2 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24437 (The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 do ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24436 (The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a r ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24435 (The iframe-font-preview.php file of the titan-framework does not prope ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or escape i ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24433
+ RESERVED
+CVE-2021-24432
+ RESERVED
+CVE-2021-24431 (The Language Bar Flags WordPress plugin through 1.0.8 does not have an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24430 (The Speed Booster Pack &#9889; PageSpeed Optimization Suite WordPress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24429 (The Salon booking system WordPress plugin before 6.3.1 does not proper ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24428 (The RSS for Yandex Turbo WordPress plugin through 1.30 does not saniti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24427 (The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or e ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24426 (The Backup by 10Web &#8211; Backup and Restore Plugin WordPress plugin ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24425 (The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Heade ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24424 (The WP Reset &#8211; Most Advanced WordPress Reset Tool WordPress plug ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24423 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24422
+ RESERVED
+CVE-2021-24421 (The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or esc ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24420 (The Request a Quote WordPress plugin before 2.3.4 did not sanitise and ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24419 (The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24418 (The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 do ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24417
+ RESERVED
+CVE-2021-24416 (The StreamCast &#8211; Radio Player for WordPress plugin before 2.1.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24415 (The Polo Video Gallery &#8211; Best wordpress video gallery plugin Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24414 (The Video Player for YouTube WordPress plugin before 1.4 does not sani ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24412 (The Html5 Audio Player &#8211; Audio Player for WordPress plugin befor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24411 (The Social Tape WordPress plugin through 1.0 does not have CSRF checks ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24410 (The &#3108;&#3142;&#3122;&#3137;&#3095;&#3137; &#3116;&#3144;&#3116;&# ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24409 (The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GE ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24408 (The Prismatic WordPress plugin before 2.8 does not sanitise or validat ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24407 (The Jannah WordPress theme before 5.4.5 did not properly sanitize the ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24406 (The wpForo Forum WordPress plugin before 1.9.7 did not validate the re ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24405 (The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24404 (The options.php file of the WP-Board WordPress plugin through 1.1 beta ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24403 (The Orders functionality in the WordPress Page Contact plugin through ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24402 (The Orders functionality in the WP iCommerce WordPress plugin through ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24401 (The Edit domain functionality in the WP Domain Redirect WordPress plug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24400 (The Edit Role functionality in the Display Users WordPress plugin thro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24399 (The check_order function of The Sorter WordPress plugin through 1.0 us ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24398 (The Add new scene functionality in the Responsive 3D Slider WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24397 (The edit functionality in the MicroCopy WordPress plugin through 1.1.0 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24396 (A pageid GET parameter of the GSEOR &#8211; WordPress SEO Plugin WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24395 (The editid GET parameter of the Embed Youtube Video WordPress plugin t ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24394 (An id GET parameter of the Easy Testimonial Manager WordPress plugin t ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24393 (A c GET parameter of the Comment Highlighter WordPress plugin through ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24392 (An id GET parameter of the WordPress Membership SwiftCloud.io WordPres ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24391 (An editid GET parameter of the Cashtomer WordPress plugin through 1.0. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24390 (A proid GET parameter of the WordPress&#25903;&#20184;&#23453;Alipay|& ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24389 (The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24388 (In the VikRentCar Car Rental Management System WordPress plugin before ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24387 (The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24386 (The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24385 (The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24384 (The joomsport_md_load AJAX action of the JoomSport WordPress plugin be ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, va ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24381 (The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows users t ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24378 (The Autoptimize WordPress plugin before 2.7.8 does not check for malic ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24377 (The Autoptimize WordPress plugin before 2.7.8 attempts to remove poten ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24376 (The Autoptimize WordPress plugin before 2.7.8 attempts to delete malic ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24375 (Lack of authentication or validation in motor_load_more, motor_gallery ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24374 (The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24373 (The WP Hardening &#8211; Fix Your WordPress Security WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24372 (The WP Hardening &#8211; Fix Your WordPress Security WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24371 (The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24370 (The Fancy Product Designer WordPress plugin before 4.6.9 allows unauth ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24369 (In the GetPaid WordPress plugin before 2.3.4, users with the contribut ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24368 (The Quiz And Survey Master &#8211; Best Quiz, Exam and Survey Plugin W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24367 (The WP Config File Editor WordPress plugin through 1.7.1 was affected ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24366 (The Admin Columns Free WordPress plugin before 4.3 and Admin Columns P ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24365 (The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24364 (The Jannah WordPress theme before 5.4.4 did not properly sanitize the ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24363 (The Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24362 (The Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24361 (In the Location Manager WordPress plugin before 2.1.0.10, the AJAX act ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24360 (The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24359 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24358 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24357 (In the Best Image Gallery &amp; Responsive Photo Gallery &#8211; FooGa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24356 (In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24355 (In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24354 (A lack of capability checks and insufficient nonce check on the AJAX a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24353 (The import_data function of the Simple 301 Redirects by BetterLinks Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24352 (The export_data function of the Simple 301 Redirects by BetterLinks Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24351 (The theplus_more_post AJAX action of The Plus Addons for Elementor Pag ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24350 (The Visitors WordPress plugin through 0.3 is affected by an Unauthenti ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24349 (This Gallery from files WordPress plugin through 1.6.0 gives the funct ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24348 (The menu delete functionality of the Side Menu &#8211; add fixed side ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24347 (The SP Project &amp; Document Manager WordPress plugin before 4.22 all ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24346 (The Stock in &amp; out WordPress plugin through 1.0.4 has a search fun ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24345 (The page lists-management feature of the Sendit WP Newsletter WordPres ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24344 (The Easy Preloader WordPress plugin through 1.0.0 does not sanitise it ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24343 (The iFlyChat WordPress plugin before 4.7.0 does not sanitise its APP I ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24342 (The JNews WordPress theme before 8.0.6 did not sanitise the cat_id par ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24341 (When deleting a date in the Xllentech English Islamic Calendar WordPre ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24340 (The WP Statistics WordPress plugin before 13.0.8 relied on using the W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24339 (The Pods &#8211; Custom Content Types and Fields WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24338 (The Pods &#8211; Custom Content Types and Fields WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24337 (The id GET parameter of one of the Video Embed WordPress plugin throug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24336 (The FlightLog WordPress plugin through 3.0.2 does not sanitise, valida ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24335 (The Car Repair Services &amp; Auto Mechanic WordPress theme before 4.0 ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24334 (The Instant Images &#8211; One Click Unsplash Uploads WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24333 (The Content Copy Protection &amp; Prevent Image Save WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24332 (The Autoptimize WordPress plugin before 2.8.4 was missing proper escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24331 (The Smooth Scroll Page Up/Down Buttons WordPress plugin before 1.4 did ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24330 (The Funnel Builder by CartFlows &#8211; Create High Converting Sales F ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24329 (The WP Super Cache WordPress plugin before 1.7.3 did not properly sani ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24328 (The WP Login Security and History WordPress plugin through 1.0 did not ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24327 (The SEO Redirection Plugin &#8211; 301 Redirect Manager WordPress plug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24326 (The tab parameter of the settings page of the All 404 Redirect to Home ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24325 (The tab parameter of the settings page of the 404 SEO Redirection Word ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24324 (The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF c ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24323 (When taxes are enabled, the "Additional tax classes" field was not pro ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24322 (The Database Backup for WordPress plugin before 2.4 did not escape the ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24321 (The Bello - Directory &amp; Listing WordPress theme before 1.6.0 did n ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24320 (The Bello - Directory &amp; Listing WordPress theme before 1.6.0 did n ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24319 (The Bello - Directory &amp; Listing WordPress theme before 1.6.0 did n ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24318 (The Listeo WordPress theme before 1.6.11 did not ensure that the Post/ ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24317 (The Listeo WordPress theme before 1.6.11 did not properly sanitise som ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24316 (The search feature of the Mediumish WordPress theme through 1.0.47 doe ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24315 (The GiveWP &#8211; Donation Plugin and Fundraising Platform WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24314 (The Goto WordPress theme before 2.1 did not sanitise, validate of esca ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24313 (The WP Prayer WordPress plugin before 1.6.2 provides the functionality ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24312 (The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_ ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24311 (The wp_ajax_upload-remote-file AJAX action of the External Media WordP ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24310 (The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24309 (The "Schedule Name" input in the Weekly Schedule WordPress plugin befo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24308 (The 'State' field of the Edit profile page of the LMS by LifterLMS &#8 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24307 (The All in One SEO &#8211; Best WordPress SEO Plugin &#8211; Easily Im ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24306 (The Ultimate Member &#8211; User Profile, User Registration, Login &am ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24305 (The Target First WordPress Plugin v2.0, also previously known as Watch ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24304 (The Newsmag WordPress theme before 5.0 does not sanitise the td_block_ ...)
+ NOT-FOR-US: Wordpress theme
+CVE-2021-24303 (The JiangQie Official Website Mini Program WordPress plugin before 1.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24302 (The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24301 (The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24300 (The slider import search feature of the PickPlugins Product Slider for ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 21.0426 provid ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24298 (The method and share GET parameters of the Giveaway pages were not san ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24297 (The Goto WordPress theme before 2.1 did not properly sanitize the form ...)
+ NOT-FOR-US: Goto WordPress theme
+CVE-2021-24296 (The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind SQL Inj ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24294 (The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP Word ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plugin be ...)
+ NOT-FOR-US: NextGEN Gallery Pro WordPress plugin
+CVE-2021-24292 (The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy A ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24291 (The Photo Gallery by 10Web &#8211; Mobile-Friendly Image Gallery WordP ...)
+ NOT-FOR-US: Photo Gallery by 10Web / Mobile-Friendly Image Gallery WordPress plugin
+CVE-2021-24290 (There are several endpoints in the Store Locator Plus for WordPress pl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24289 (There is functionality in the Store Locator Plus for WordPress plugin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24288 (When subscribing using AcyMailing, the 'redirect' parameter isn't prop ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies, Change ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress plugin befor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24285 (The request_list_request AJAX call of the Car Seller - Auto Classified ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24284 (The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows una ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24283 (The tab GET parameter of the settings page is not sanitised or escaped ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24282 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24281 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24280 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24279 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, l ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24278 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, u ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24277 (The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24276 (The Contact Form by Supsystic WordPress plugin before 1.7.15 did not s ...)
+ NOT-FOR-US: Supsystic WordPress plugin
+CVE-2021-24275 (The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise ...)
+ NOT-FOR-US: Supsystic WordPress plugin
+CVE-2021-24274 (The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not s ...)
+ NOT-FOR-US: Supsystic WordPress plugin
+CVE-2021-24273 (The &#8220;Clever Addons for Elementor&#8221; WordPress Plugin before ...)
+ NOT-FOR-US: WordPress Plugin
+CVE-2021-24272 (The fitness calculators WordPress plugin before 1.9.6 add calculators ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24271 (The &#8220;Ultimate Addons for Elementor&#8221; WordPress Plugin befor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24270 (The &#8220;DeTheme Kit for Elementor&#8221; WordPress Plugin before 1. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24269 (The &#8220;Sina Extension for Elementor&#8221; WordPress Plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24268 (The &#8220;JetWidgets For Elementor&#8221; WordPress Plugin before 1.0 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24267 (The &#8220;All-in-One Addons for Elementor &#8211; WidgetKit&#8221; Wo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24266 (The &#8220;The Plus Addons for Elementor Page Builder Lite&#8221; Word ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24265 (The &#8220;Rife Elementor Extensions &amp; Templates&#8221; WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24264 (The &#8220;Image Hover Effects &#8211; Elementor Addon&#8221; WordPres ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24263 (The &#8220;Elementor Addons &#8211; PowerPack Addons for Elementor&#82 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24262 (The &#8220;WooLentor &#8211; WooCommerce Elementor Addons + Builder&#8 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24261 (The &#8220;HT Mega &#8211; Absolute Addons for Elementor Page Builder& ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24260 (The &#8220;Livemesh Addons for Elementor&#8221; WordPress Plugin befor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24259 (The &#8220;Elementor Addon Elements&#8221; WordPress Plugin before 1.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24258 (The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24257 (The &#8220;Premium Addons for Elementor&#8221; WordPress Plugin before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24256 (The &#8220;Elementor &#8211; Header, Footer &amp; Blocks Template&#822 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24255 (The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24254 (The College publisher Import WordPress plugin through 0.1 does not che ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24253 (The Classyfrieds WordPress plugin through 3.8 does not properly check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24252 (The Event Banner WordPress plugin through 1.3 does not verify the uplo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24251 (The Business Directory Plugin &#8211; Easy Listing Directories for Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24250 (The Business Directory Plugin &#8211; Easy Listing Directories for Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24249 (The Business Directory Plugin &#8211; Easy Listing Directories for Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24248 (The Business Directory Plugin &#8211; Easy Listing Directories for Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24247 (The Contact Form Check Tester WordPress plugin through 1.0.2 settings ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24246 (The Workscout Core WordPress plugin before 1.3.4, used by the WorkScou ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24245 (The Stop Spammers WordPress plugin before 2021.9 did not escape user i ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24244 (An AJAX action registered by the WPBakery Page Builder (Visual Compose ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24243 (An AJAX action registered by the WPBakery Page Builder (Visual Compose ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24242 (The Tutor LMS &#8211; eLearning and online course solution WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24241 (The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24240 (The Business Hours Pro WordPress plugin through 5.5.0 allows a remote ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24239 (The Pie Register &#8211; User Registration Forms. Invitation based reg ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24238 (The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, d ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24237 (The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, d ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24236 (The Imagements WordPress plugin through 1.2.5 allows images to be uplo ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24235 (The Goto WordPress theme before 2.0 does not sanitise the keywords and ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24234 (The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24233 (The Cooked Pro WordPress plugin before 1.7.5.6 was affected by unauthe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24232 (The Advanced Booking Calendar WordPress plugin before 1.6.8 does not s ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24231 (The Jetpack Scan team identified a Cross-Site Request Forgery vulnerab ...)
+ NOT-FOR-US: Jetpack
+CVE-2021-24230 (The Jetpack Scan team identified a Cross-Site Request Forgery vulnerab ...)
+ NOT-FOR-US: Patreon WordPress plugin
+CVE-2021-24229 (The Jetpack Scan team identified a Reflected Cross-Site Scripting via ...)
+ NOT-FOR-US: Patreon WordPress plugin
+CVE-2021-24228 (The Jetpack Scan team identified a Reflected Cross-Site Scripting in t ...)
+ NOT-FOR-US: Patreon WordPress plugin
+CVE-2021-24227 (The Jetpack Scan team identified a Local File Disclosure vulnerability ...)
+ NOT-FOR-US: Patreon WordPress plugin
+CVE-2021-24226 (In the AccessAlly WordPress plugin before 3.5.7, the file "resource/fr ...)
+ NOT-FOR-US: AccessAlly WordPress plugin
+CVE-2021-24225 (The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sa ...)
+ NOT-FOR-US: Advanced Booking Calendar WordPress plugin
+CVE-2021-24224 (The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordP ...)
+ NOT-FOR-US: Easy Form Builder WordPress plugin
+CVE-2021-24223 (The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitr ...)
+ NOT-FOR-US: N5 Upload Form WordPress plugin
+CVE-2021-24222 (The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from ...)
+ NOT-FOR-US: WP-Curriculo Vitae Free WordPress plugin
+CVE-2021-24221 (The Quiz And Survey Master &#8211; Best Quiz, Exam and Survey Plugin f ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24220 (Thrive &#8220;Legacy&#8221; Rise by Thrive Themes WordPress theme befo ...)
+ NOT-FOR-US: WordPress theme
+CVE-2021-24219 (The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24218 (The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX act ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24217 (The run_action function of the Facebook for WordPress plugin before 3. ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24216
+ RESERVED
+CVE-2021-24215 (An Improper Access Control vulnerability was discovered in the Control ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24214 (The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24213 (The GiveWP &#8211; Donation Plugin and Fundraising Platform WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24212 (The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://wooc ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24211 (The WordPress Related Posts plugin through 3.6.4 contains an authentic ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24210 (There is an open redirect in the PhastPress WordPress plugin before 1. ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24209 (The WP Super Cache WordPress plugin before 1.7.2 was affected by an au ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24208 (The editor of the WP Page Builder WordPress plugin before 1.2.4 allows ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24207 (By default, the WP Page Builder WordPress plugin before 1.2.4 allows s ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24206 (In the Elementor Website Builder WordPress plugin before 3.1.4, the im ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24205 (In the Elementor Website Builder WordPress plugin before 3.1.4, the ic ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24204 (In the Elementor Website Builder WordPress plugin before 3.1.4, the ac ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24203 (In the Elementor Website Builder WordPress plugin before 3.1.4, the di ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24202 (In the Elementor Website Builder WordPress plugin before 3.1.4, the he ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24201 (In the Elementor Website Builder WordPress plugin before 3.1.4, the co ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24200 (The wpDataTables &#8211; Tables &amp; Table Charts premium WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24199 (The wpDataTables &#8211; Tables &amp; Table Charts premium WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24198 (The wpDataTables &#8211; Tables &amp; Table Charts premium WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24197 (The wpDataTables &#8211; Tables &amp; Table Charts premium WordPress p ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24196 (The Social Slider Widget WordPress plugin before 1.8.5 allowed Authent ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24195 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24194 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24193 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24192 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24191 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24190 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24189 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24188 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24187 (The setting page of the SEO Redirection Plugin - 301 Redirect Manager ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24186 (The tutor_answering_quiz_question/get_answer_by_id function pair from ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24185 (The tutor_place_rating AJAX action from the Tutor LMS &#8211; eLearnin ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24184 (Several AJAX endpoints in the Tutor LMS &#8211; eLearning and online c ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24183 (The tutor_quiz_builder_get_question_form AJAX action from the Tutor LM ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24182 (The tutor_quiz_builder_get_answers_by_question AJAX action from the Tu ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24181 (The tutor_mark_answer_as_correct AJAX action from the Tutor LMS &#8211 ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24180 (Unvalidated input and lack of output encoding within the Related Posts ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24179 (The Business Directory Plugin &#8211; Easy Listing Directories for Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24178 (The Business Directory Plugin &#8211; Easy Listing Directories for Wor ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-24177 (In the default configuration of the File Manager WordPress plugin befo ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24176 (The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the re ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24175 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24174 (The Database Backups WordPress plugin through 1.2.2.6 does not have CS ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24173 (The VM Backups WordPress plugin through 1.0 does not have CSRF checks, ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24172 (The VM Backups WordPress plugin through 1.0 does not have CSRF checks, ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24171 (The WooCommerce Upload Files WordPress plugin before 59.4 ran a single ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24170 (The REST API endpoint get_users in the User Profile Picture WordPress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24169 (This Advanced Order Export For WooCommerce WordPress plugin before 3.1 ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24168 (The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not prop ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24167 (When visiting a site running Web-Stat &lt; 1.4.0, the "wts_web_stat_lo ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24166 (The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form &#82 ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24165 (In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24164 (In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low- ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24163 (The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, di ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24162 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, a ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24161 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, a ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24160 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, s ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24159 (Due to the lack of sanitization and lack of nonce protection on the cu ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24158 (Orbit Fox by ThemeIsle has a feature to add a registration form to bot ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24157 (Orbit Fox by ThemeIsle has a feature to add custom scripts to the head ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24156 (Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0 ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24155 (The WordPress Backup and Migrate Plugin &#8211; Backup Guard WordPress ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24154 (The Theme Editor WordPress plugin before 2.6 did not validate the GET ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24153 (A Stored Cross-Site Scripting vulnerability was discovered in the Yoas ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24152 (The "All Subscribers" setting page of Popup Builder was vulnerable to ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24151
+ RESERVED
+CVE-2021-24150 (The LikeBtn WordPress Like Button Rating &#9829; LikeBtn WordPress plu ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress plugin, ...)
+ NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
+CVE-2021-24148 (A business logic issue in the MStore API WordPress plugin, versions be ...)
+ NOT-FOR-US: MStore API WordPress plugin
+CVE-2021-24147 (Unvalidated input and lack of output encoding in the Modern Events Cal ...)
+ NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
+CVE-2021-24146 (Lack of authorisation checks in the Modern Events Calendar Lite WordPr ...)
+ NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
+CVE-2021-24145 (Arbitrary file upload in the Modern Events Calendar Lite WordPress plu ...)
+ NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
+CVE-2021-24144 (Unvalidated input in the Contact Form 7 Database Addon plugin, version ...)
+ NOT-FOR-US: Contact Form 7 Database Addon plugin,
+CVE-2021-24143 (Unvalidated input in the AccessPress Social Icons plugin, versions bef ...)
+ NOT-FOR-US: AccessPress Social Icons plugin
+CVE-2021-24142 (Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPre ...)
+ NOT-FOR-US: 301 Redirects - Easy Redirect Manager WordPress plugin
+CVE-2021-24141 (Unvaludated input in the Advanced Database Cleaner plugin, versions be ...)
+ NOT-FOR-US: Advanced Database Cleaner plugin
+CVE-2021-24140 (Unvalidated input in the Ajax Load More WordPress plugin, versions bef ...)
+ NOT-FOR-US: Ajax Load More WordPress plugin
+CVE-2021-24139 (Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress ...)
+ NOT-FOR-US: Photo Gallery (10Web Photo Gallery) WordPress plugin
+CVE-2021-24138 (Unvalidated input in the AdRotate WordPress plugin, versions before 5. ...)
+ NOT-FOR-US: AdRotate WordPress plugin
+CVE-2021-24137 (Unvalidated input in the Blog2Social WordPress plugin, versions before ...)
+ NOT-FOR-US: Blog2Social WordPress plugin
+CVE-2021-24136 (Unvalidated input and lack of output encoding in the Testimonials Widg ...)
+ NOT-FOR-US: Testimonials Widget WordPress plugin
+CVE-2021-24135 (Unvalidated input and lack of output encoding in the WP Customer Revie ...)
+ NOT-FOR-US: WP Customer Reviews WordPress plugin
+CVE-2021-24134 (Unvalidated input and lack of output encoding in the Constant Contact ...)
+ NOT-FOR-US: Constant Contact Forms WordPress plugin
+CVE-2021-24133 (Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions b ...)
+ NOT-FOR-US: ActiveCampaign WordPress plugin
+CVE-2021-24132 (The Slider by 10Web WordPress plugin, versions before 1.2.36, in the b ...)
+ NOT-FOR-US: 10Web WordPress plugin
+CVE-2021-24131 (Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, vers ...)
+ NOT-FOR-US: Anti-Spam by CleanTalk WordPress plugin
+CVE-2021-24130 (Unvalidated input in the WP Google Map Plugin WordPress plugin, versio ...)
+ NOT-FOR-US: WP Google Map Plugin WordPress plugin
+CVE-2021-24129 (Unvalidated input and lack of output encoding in the Themify Portfolio ...)
+ NOT-FOR-US: Themify Portfolio Post WordPress plugin
+CVE-2021-24128 (Unvalidated input and lack of output encoding in the Team Members Word ...)
+ NOT-FOR-US: Team Members WordPress plugin
+CVE-2021-24127 (Unvalidated input and lack of output encoding in the ThirstyAffiliates ...)
+ NOT-FOR-US: ThirstyAffiliates Affiliate Link Manager WordPress plugin
+CVE-2021-24126 (Unvalidated input and lack of output encoding in the Envira Gallery Li ...)
+ NOT-FOR-US: Envira Gallery Lite WordPress plugin
+CVE-2021-24125 (Unvalidated input in the Contact Form Submissions WordPress plugin bef ...)
+ NOT-FOR-US: Contact Form Submissions WordPress plugin
+CVE-2021-24124 (Unvalidated input and lack of output encoding in the WP Shieldon WordP ...)
+ NOT-FOR-US: WP Shieldon WordPress plugin
+CVE-2021-24123 (Arbitrary file upload in the PowerPress WordPress plugin, versions bef ...)
+ NOT-FOR-US: PowerPress WordPress plugin
+CVE-2021-24122 (When serving resources from a network location using the NTFS file sys ...)
+ {DLA-2594-1}
+ - tomcat9 9.0.40-1 (unimportant)
+ - tomcat8 <removed> (unimportant)
+ - tomcat7 <removed> (unimportant)
+ NOTE: https://github.com/apache/tomcat/commit/935fc5582dc25ae10bab6f9d5629ff8d996cb533 (9.0.40)
+ NOTE: https://github.com/apache/tomcat/commit/920dddbdb981f92e8d5872a4bb126a10af5ca8a9 (8.5.60)
+ NOTE: https://github.com/apache/tomcat/commit/800b03140e640f8892f27021e681645e8e320177 (7.0.107)
+ NOTE: Issue when erving resources from a network location using the NTFS file system.
+CVE-2021-21261 (Flatpak is a system for building, distributing, and running sandboxed ...)
+ {DSA-4830-1}
+ - flatpak 1.8.5-1
+ [stretch] - flatpak <not-affected> (app portal introduced in 0.11.4)
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2
+ NOTE: Fixed by:
+ NOTE: https://github.com/flatpak/flatpak/commit/6d1773d2a54dde9b099043f07a2094a4f1c2f486
+ NOTE: https://github.com/flatpak/flatpak/commit/6e5ae7a109cdfa9735ea7ccbd8cb79f9e8d3ae8b
+ NOTE: https://github.com/flatpak/flatpak/commit/aeb6a7ab0abaac4a8f4ad98b3df476d9de6b8bd4
+ NOTE: https://github.com/flatpak/flatpak/commit/cc1401043c075268ecc652eac557ef8076b5eaba
+ NOTE: Automated tests:
+ NOTE: https://github.com/flatpak/flatpak/commit/821249844bbb7e52cbf4508b4de18c05e8592220
+ NOTE: https://github.com/flatpak/flatpak/commit/39a5621e6941b9d27bf89b63e8fb6cad6e279e53
+ NOTE: https://github.com/flatpak/flatpak/commit/d19f6c330aa42e17df6dc36d12b6f4dfa507dbb3
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/21/4
+CVE-2021-3146 (The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allow ...)
+ NOT-FOR-US: Dolby Audio X2 (DAX2) API service
+CVE-2021-3145 (In Ionic Identity Vault before 5, a local root attacker on an Android ...)
+ NOT-FOR-US: Ionic Identity Vault
+CVE-2021-3144 (In SaltStack Salt before 3002.5, eauth tokens can be used once after e ...)
+ {DLA-2815-1}
+ - salt 3002.5+dfsg1-1 (bug #983632)
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/
+ NOTE: Introduced by: https://github.com/saltstack/salt/commit/b8e34e1f6f785bf00634ee561c89c30c45f4c689 (v2018.2)
+ NOTE: Fixed by: https://github.com/saltstack/salt/commit/7c1d565465f78a7937f089857f3980045f27fd6e (v3002.3)
+CVE-2021-3143
+ RESERVED
+CVE-2021-3142
+ REJECTED
+CVE-2021-3141 (In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is st ...)
+ NOT-FOR-US: Unisys
+CVE-2021-24121
+ RESERVED
+CVE-2021-24120
+ RESERVED
+CVE-2021-24119 (In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in b ...)
+ {DLA-2826-1}
+ - mbedtls 2.16.11-0.1
+ [bullseye] - mbedtls <no-dsa> (Minor issue)
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ NOTE: Fixed in 2.26.0: https://github.com/ARMmbed/mbedtls/releases/tag/v2.26.0
+CVE-2021-24118
+ RESERVED
+CVE-2021-24117 (In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in ...)
+ NOT-FOR-US: Rust SGX
+CVE-2021-24116 (In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM f ...)
+ - wolfssl 5.0.0-1 (bug #991663)
+ [bullseye] - wolfssl <no-dsa> (Minor issue)
+ NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable
+CVE-2021-24115 (In Botan before 2.17.3, constant-time computations are not used for ce ...)
+ - botan 2.17.3+dfsg-1
+ [buster] - botan <no-dsa> (Minor issue)
+ - botan1.10 <removed>
+ [stretch] - botan1.10 <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/randombit/botan/pull/2549
+CVE-2021-24114 (Microsoft Teams iOS Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24113 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24112 (.NET Core Remote Code Execution Vulnerability This CVE ID is unique fr ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24111 (.NET Framework Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24110 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24109 (Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24108 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24107 (Windows Event Tracing Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24106 (Windows DirectX Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24105 (Package Managers Configurations Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24104 (Microsoft SharePoint Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24103 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24102 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24101 (Microsoft Dataverse Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24100 (Microsoft Edge for Android Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24099 (Skype for Business and Lync Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24098 (Windows Console Driver Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24097
+ RESERVED
+CVE-2021-24096 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24095 (DirectX Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24094 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24093 (Windows Graphics Component Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24092 (Microsoft Defender Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24091 (Windows Camera Codec Pack Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24090 (Windows Error Reporting Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24089 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24088 (Windows Local Spooler Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24087 (Azure IoT CLI extension Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24086 (Windows TCP/IP Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24085 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24084 (Windows Mobile Device Management Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24083 (Windows Address Book Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24082 (Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulne ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24081 (Microsoft Windows Codecs Library Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24080 (Windows Trust Verification API Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24079 (Windows Backup Engine Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24078 (Windows DNS Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24077 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24076 (Microsoft Windows VMSwitch Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24075 (Windows Network File System Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24074 (Windows TCP/IP Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24073 (Skype for Business and Lync Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24072 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24071 (Microsoft SharePoint Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24070 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24069 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24068 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24067 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24066 (Microsoft SharePoint Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-24065
+ RESERVED
+CVE-2021-24064
+ RESERVED
+CVE-2021-24063
+ RESERVED
+CVE-2021-24062
+ RESERVED
+CVE-2021-24061
+ RESERVED
+CVE-2021-24060
+ RESERVED
+CVE-2021-24059
+ RESERVED
+CVE-2021-24058
+ RESERVED
+CVE-2021-24057
+ RESERVED
+CVE-2021-24056
+ RESERVED
+CVE-2021-24055
+ RESERVED
+CVE-2021-24054
+ RESERVED
+CVE-2021-24053
+ RESERVED
+CVE-2021-24052
+ RESERVED
+CVE-2021-24051
+ RESERVED
+CVE-2021-24050
+ RESERVED
+CVE-2021-24049
+ RESERVED
+CVE-2021-24048
+ RESERVED
+CVE-2021-24047
+ RESERVED
+CVE-2021-24046 (A logic flaw in Ray-Ban&#174; Stories device software allowed some par ...)
+ NOT-FOR-US: Facebook View
+CVE-2021-24045 (A type confusion vulnerability could be triggered when resolving the " ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2021-24044 (By passing invalid javascript code where await and yield were called u ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2021-24043 (A missing bound check in RTCP flag parsing code prior to WhatsApp for ...)
+ NOT-FOR-US: Whatsapp
+CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...)
+ NOT-FOR-US: Whatsapp
+CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...)
+ NOT-FOR-US: Whatsapp
+CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the ...)
+ NOT-FOR-US: Facebook ParlAI
+CVE-2021-24039
+ RESERVED
+CVE-2021-24038 (Due to a bug with management of handles in OVRServiceLauncher.exe, an ...)
+ NOT-FOR-US: Oculus Desktop
+CVE-2021-24037 (A use after free in hermes, while emitting certain error messages, pri ...)
+ NOT-FOR-US: Facebook Hermes
+CVE-2021-24036 (Passing an attacker controlled size when creating an IOBuf could cause ...)
+ - hhvm <removed>
+CVE-2021-24035 (A lack of filename validation when unzipping archives prior to WhatsAp ...)
+ NOT-FOR-US: WhatsApp
+CVE-2021-24034
+ RESERVED
+CVE-2021-24033 (react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort ...)
+ NOT-FOR-US: react-dev-utils
+CVE-2021-24030 (The fbgames protocol handler registered as part of Facebook Gameroom d ...)
+ NOT-FOR-US: Facebook Gameroom
+CVE-2021-24029 (A packet of death scenario is possible in mvfst via a specially crafte ...)
+ NOT-FOR-US: mvfst
+CVE-2021-24028 (An invalid free in Thrift's table-based serialization can cause the ap ...)
+ NOT-FOR-US: Facebook Thrift (Debian packages Apache Thrift)
+CVE-2021-24027 (A cache configuration issue prior to WhatsApp for Android v2.21.4.18 a ...)
+ NOT-FOR-US: WhatsApp
+CVE-2021-24026 (A missing bounds check within the audio decoding pipeline for WhatsApp ...)
+ NOT-FOR-US: WhatsApp
+CVE-2021-24025 (Due to incorrect string size calculations inside the preg_quote functi ...)
+ - hhvm <removed>
+CVE-2021-24024 (A clear text storage of sensitive information into log file vulnerabil ...)
+ NOT-FOR-US: FortiADCManager
+CVE-2021-24023 (An improper input validation in FortiAI v1.4.0 and earlier may allow a ...)
+ NOT-FOR-US: FortiAI (FortiGuard)
+CVE-2021-24022 (A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24021 (An improper neutralization of input vulnerability [CWE-79] in FortiAna ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24020 (A missing cryptographic step in the implementation of the hash digest ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24019 (An insufficient session expiration vulnerability [CWE- 613] in FortiCl ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24018 (A buffer underwrite vulnerability in the firmware verification routine ...)
+ NOT-FOR-US: FortiOS
+CVE-2021-24017 (An improper authentication in Fortinet FortiManager version 6.4.3 and ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24016 (An improper neutralization of formula elements in a csv file in Fortin ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24015 (An improper neutralization of special elements used in an OS Command v ...)
+ NOT-FOR-US: Fortinet
+CVE-2021-24014 (Multiple instances of improper neutralization of input during web page ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-24013 (Multiple Path traversal vulnerabilities in the Webmail of FortiMail be ...)
+ NOT-FOR-US: Fortinet
+CVE-2021-24012 (An improper following of a certificate's chain of trust vulnerability ...)
+ NOT-FOR-US: FortiGate
+CVE-2021-24011 (A privilege escalation vulnerability in FortiNAC version below 8.8.2 m ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24010 (Improper limitation of a pathname to a restricted directory vulnerabil ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-24009
+ RESERVED
+CVE-2021-24008
+ RESERVED
+CVE-2021-24007 (Multiple improper neutralization of special elements of SQL commands v ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-24006 (An improper access control vulnerability in FortiManager versions 6.4. ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-24005 (Usage of hard-coded cryptographic keys to encrypt configuration files ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-24004
+ RESERVED
+CVE-2021-24003
+ RESERVED
+CVE-2021-3140
+ RESERVED
+CVE-2021-3139 (In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy ...)
+ - tcmu 1.5.2-6 (bug #980007)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/13/5
+ NOTE: https://github.com/open-iscsi/tcmu-runner/issues/645
+ NOTE: https://github.com/open-iscsi/tcmu-runner/pull/644
+ NOTE: Fixed by: https://github.com/open-iscsi/tcmu-runner/commit/2b16e96e6b63d0419d857f53e4cc67f0adb383fd
+ NOTE: Some followup fixes: https://github.com/open-iscsi/tcmu-runner/pull/646
+ NOTE: https://github.com/open-iscsi/tcmu-runner/commit/b202dc06ef391c6ab9a7561856238a258de04663
+ NOTE: https://github.com/open-iscsi/tcmu-runner/commit/170bfa63288a399b38c35eb646b2835d4ba7c08a
+ NOTE: https://github.com/open-iscsi/tcmu-runner/commit/01685b2ab8c430c0fb9ce397e7e76b60fe6cbde5
+CVE-2021-24002 (When a user clicked on an FTP URL containing encoded newline character ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-24002
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-24002
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24002
+CVE-2021-24001 (A compromised content process could have performed session history man ...)
+ - firefox 88.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24001
+CVE-2021-24000 (A race condition with requestPointerLock() and setTimeout() could have ...)
+ - firefox 88.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-24000
+CVE-2021-23999 (If a Blob URL was loaded through some unusual user interaction, it cou ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23999
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23999
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999
+CVE-2021-23998 (Through complicated navigations with new windows, an HTTP page could h ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23998
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23998
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23998
+CVE-2021-23997 (Due to unexpected data type conversions, a use-after-free could have o ...)
+ - firefox 88.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23997
+CVE-2021-23996 (By utilizing 3D CSS in conjunction with Javascript, content could have ...)
+ - firefox 88.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23996
+CVE-2021-23995 (When Responsive Design Mode was enabled, it used references to objects ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23995
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23995
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23995
+CVE-2021-23994 (A WebGL framebuffer was not initialized early enough, resulting in mem ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 88.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23994
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23994
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23994
+CVE-2021-23993 (An attacker may perform a DoS attack to prevent a user from sending en ...)
+ {DSA-4897-1 DLA-2632-1}
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23993
+CVE-2021-23992 (Thunderbird did not check if the user ID associated with an OpenPGP ke ...)
+ {DSA-4897-1 DLA-2632-1}
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23992
+CVE-2021-23991 (If a Thunderbird user has previously imported Alice's OpenPGP key, and ...)
+ {DSA-4897-1 DLA-2632-1}
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-13/#CVE-2021-23991
+CVE-2021-23990
+ RESERVED
+CVE-2021-23989
+ RESERVED
+CVE-2021-23988 (Mozilla developers reported memory safety bugs present in Firefox 86. ...)
+ - firefox 87.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23988
+CVE-2021-23987 (Mozilla developers and community members reported memory safety bugs p ...)
+ {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
+ - firefox 87.0-1
+ - firefox-esr 78.9.0esr-1
+ - thunderbird 1:78.9.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23987
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23987
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23987
+CVE-2021-23986 (A malicious extension with the 'search' permission could have installe ...)
+ - firefox 87.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23986
+CVE-2021-23985 (If an attacker is able to alter specific about:config values (for exam ...)
+ - firefox 87.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23985
+CVE-2021-23984 (A malicious extension could have opened a popup window lacking an addr ...)
+ {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
+ - firefox 87.0-1
+ - firefox-esr 78.9.0esr-1
+ - thunderbird 1:78.9.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23984
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23984
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23984
+CVE-2021-23983 (By causing a transition on a parent node by removing a CSS rule, an in ...)
+ - firefox 87.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23983
+CVE-2021-23982 (Using techniques that built on the slipstream research, a malicious we ...)
+ {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
+ - firefox 87.0-1
+ - firefox-esr 78.9.0esr-1
+ - thunderbird 1:78.9.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23982
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23982
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23982
+CVE-2021-23981 (A texture upload of a Pixel Buffer Object could have confused the WebG ...)
+ {DSA-4876-1 DSA-4874-1 DLA-2609-1 DLA-2607-1}
+ - firefox 87.0-1
+ - firefox-esr 78.9.0esr-1
+ - thunderbird 1:78.9.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-23981
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23981
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-23981
+CVE-2021-23980 [mutation XSS via allowed math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with strip_comments=False]
+ RESERVED
+ {DSA-4892-1 DLA-2620-1}
+ - python-bleach 3.2.1-2.1 (bug #986251)
+ NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vv2x-vrpj-qqpq
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1689399
+ NOTE: https://github.com/mozilla/bleach/commit/1334134d34397966a7f7cfebd38639e9ba2c680e
+ NOTE: https://github.com/mozilla/bleach/commit/d398c89e54ced6b1039d3677689707456ba42dec
+CVE-2021-23979 (Mozilla developers reported memory safety bugs present in Firefox 85. ...)
+ - firefox 86.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23979
+CVE-2021-23978 (Mozilla developers reported memory safety bugs present in Firefox 85 a ...)
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
+ - firefox 86.0-1
+ - firefox-esr 78.8.0esr-1
+ - thunderbird 1:78.8.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23978
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23978
+CVE-2021-23977 (Firefox for Android suffered from a time-of-check-time-of-use vulnerab ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23977
+CVE-2021-23976 (When accepting a malicious intent from other installed apps, Firefox f ...)
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23976
+CVE-2021-23975 (The developer page about:memory has a Measure function for exploring w ...)
+ - firefox 86.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23975
+CVE-2021-23974 (The DOMParser API did not properly process '&lt;noscript&gt;' elements ...)
+ - firefox 86.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974
+CVE-2021-23973 (When trying to load a cross-origin resource in an audio/video context ...)
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
+ - firefox 86.0-1
+ - firefox-esr 78.8.0esr-1
+ - thunderbird 1:78.8.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23973
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23973
+CVE-2021-23972 (One phishing tactic on the web is to provide a link with HTTP Auth. Fo ...)
+ - firefox 86.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23972
+CVE-2021-23971 (When processing a redirect with a conflicting Referrer-Policy, Firefox ...)
+ - firefox 86.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23971
+CVE-2021-23970 (Context-specific code was included in a shared jump table; resulting i ...)
+ - firefox 86.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23970
+CVE-2021-23969 (As specified in the W3C Content Security Policy draft, when creating a ...)
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
+ - firefox 86.0-1
+ - firefox-esr 78.8.0esr-1
+ - thunderbird 1:78.8.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23969
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23969
+CVE-2021-23968 (If Content Security Policy blocked frame navigation, the full destinat ...)
+ {DSA-4866-1 DSA-4862-1 DLA-2578-1 DLA-2575-1}
+ - firefox 86.0-1
+ - firefox-esr 78.8.0esr-1
+ - thunderbird 1:78.8.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23968
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-09/#CVE-2021-23968
+CVE-2021-23967
+ RESERVED
+CVE-2021-23966
+ RESERVED
+CVE-2021-23965 (Mozilla developers reported memory safety bugs present in Firefox 84. ...)
+ - firefox 85.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965
+CVE-2021-23964 (Mozilla developers reported memory safety bugs present in Firefox 84 a ...)
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
+ - firefox-esr 78.7.0esr-1
+ - firefox 85.0-1
+ - thunderbird 1:78.7.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23964
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23964
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23964
+CVE-2021-23963 (When sharing geolocation during an active WebRTC share, Firefox could ...)
+ - firefox 85.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23963
+CVE-2021-23962 (Incorrect use of the '&lt;RowCountChanged&gt;' method could have led t ...)
+ - firefox 85.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23962
+CVE-2021-23961 (Further techniques that built on the slipstream research combined with ...)
+ {DSA-4897-1 DSA-4895-1 DLA-2633-1 DLA-2632-1}
+ - firefox 85.0-1
+ - firefox-esr 78.10.0esr-1
+ - thunderbird 1:78.10.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23961
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23961
+CVE-2021-23960 (Performing garbage collection on re-declared JavaScript variables resu ...)
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
+ - firefox-esr 78.7.0esr-1
+ - firefox 85.0-1
+ - thunderbird 1:78.7.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23960
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23960
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23960
+CVE-2021-23959 (An XSS bug in internal error pages could have led to various spoofing ...)
+ - firefox <not-affected> (Only affects Firefox for Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23959
+CVE-2021-23958 (The browser could have been confused into transferring a screen sharin ...)
+ - firefox 85.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23958
+CVE-2021-23957 (Navigations through the Android-specific `intent` URL scheme could hav ...)
+ - firefox <not-affected> (Only affects Firefox for Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23957
+CVE-2021-23956 (An ambiguous file picker design could have confused users who intended ...)
+ - firefox 85.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23956
+CVE-2021-23955 (The browser could have been confused into transferring a pointer lock ...)
+ - firefox 85.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23955
+CVE-2021-23954 (Using the new logical assignment operators in a JavaScript switch stat ...)
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
+ - firefox-esr 78.7.0esr-1
+ - firefox 85.0-1
+ - thunderbird 1:78.7.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23954
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23954
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23954
+CVE-2021-23953 (If a user clicked into a specifically crafted PDF, the PDF reader coul ...)
+ {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1}
+ - firefox-esr 78.7.0esr-1
+ - firefox 85.0-1
+ - thunderbird 1:78.7.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23953
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23953
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23953
+CVE-2021-23952
+ RESERVED
+CVE-2021-23951
+ RESERVED
+CVE-2021-23950
+ RESERVED
+CVE-2021-23949
+ RESERVED
+CVE-2021-23948
+ RESERVED
+CVE-2021-23947
+ RESERVED
+CVE-2021-23946
+ RESERVED
+CVE-2021-23945
+ RESERVED
+CVE-2021-23944
+ RESERVED
+CVE-2021-23943
+ RESERVED
+CVE-2021-23942
+ RESERVED
+CVE-2021-23941
+ RESERVED
+CVE-2021-23940
+ RESERVED
+CVE-2021-23939
+ RESERVED
+CVE-2021-23938
+ RESERVED
+CVE-2021-23937 (A DNS proxy and possible amplification attack vulnerability in WebClie ...)
+ NOT-FOR-US: Apache Wicket
+CVE-2021-3138 (In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypas ...)
+ NOT-FOR-US: Discourse
+CVE-2021-3137 (XWiki 12.10.2 allows XSS via an SVG document to the upload feature of ...)
+ NOT-FOR-US: XWiki
+CVE-2021-3136
+ RESERVED
+CVE-2021-3135 (An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for Wor ...)
+ NOT-FOR-US: tagDiv Newspaper theme for WordPress
+CVE-2021-23936 (OX App Suite through 7.10.4 allows XSS via the subject of a task. ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23935 (OX App Suite through 7.10.4 allows XSS via an appointment in which the ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23934 (OX App Suite through 7.10.4 allows XSS via a contact whose name contai ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23933 (OX App Suite through 7.10.4 allows XSS via JavaScript in a Note refere ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23932 (OX App Suite through 7.10.4 allows XSS via an inline image with a craf ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23931 (OX App Suite through 7.10.4 allows XSS via an inline binary file. ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23930 (OX App Suite through 7.10.4 allows XSS via use of the conversion API f ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23929 (OX App Suite through 7.10.4 allows XSS via a crafted Content-Dispositi ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23928 (OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests que ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23927 (OX App Suite through 7.10.4 allows SSRF via a URL with an @ character ...)
+ NOT-FOR-US: OX App Suite
+CVE-2021-23926 (The XML parsers used by XMLBeans up to version 2.6.0 did not set the p ...)
+ {DLA-2693-1}
+ - xmlbeans 3.0.2-1
+ NOTE: https://issues.apache.org/jira/browse/XMLBEANS-517
+CVE-2021-23925 (An issue was discovered in Devolutions Server before 2020.3. There is ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-23924 (An issue was discovered in Devolutions Server before 2020.3. There is ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-23923 (An issue was discovered in Devolutions Server before 2020.3. There is ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-23922 (An issue was discovered in Devolutions Remote Desktop Manager before 2 ...)
+ NOT-FOR-US: Devolutions Remote Desktop Manager
+CVE-2021-23921 (An issue was discovered in Devolutions Server before 2020.3. There is ...)
+ NOT-FOR-US: Devolutions Server
+CVE-2021-3134 (Mubu 2.2.1 allows local users to gain privileges to execute commands, ...)
+ NOT-FOR-US: Mubu
+CVE-2021-3133 (The Elementor Contact Form DB plugin before 1.6 for WordPress allows C ...)
+ NOT-FOR-US: Elementor Contact Form DB plugin for WordPress
+CVE-2021-3132
+ RESERVED
+CVE-2021-3131 (The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 enco ...)
+ NOT-FOR-US: 1C:Enterprise
+CVE-2021-3130 (Within the Open-AudIT up to version 3.5.3 application, the web interfa ...)
+ NOT-FOR-US: Open-AudIT
+CVE-2021-3129 (Ignition before 2.5.2, as used in Laravel and other products, allows u ...)
+ NOT-FOR-US: Ignition
+CVE-2021-3128 (In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers ...)
+ NOT-FOR-US: ASUS
+CVE-2021-23920
+ RESERVED
+CVE-2021-23919
+ RESERVED
+CVE-2021-23918
+ RESERVED
+CVE-2021-23917
+ RESERVED
+CVE-2021-23916
+ RESERVED
+CVE-2021-23915
+ RESERVED
+CVE-2021-23914
+ RESERVED
+CVE-2021-23913
+ RESERVED
+CVE-2021-23912
+ RESERVED
+CVE-2021-23911
+ RESERVED
+CVE-2021-23910 (An issue was discovered in HERMES 2.1 in the MBUX Infotainment System ...)
+ NOT-FOR-US: Mercedes-Benz HERMES
+CVE-2021-23909 (An issue was discovered in HERMES 2.1 in the MBUX Infotainment System ...)
+ NOT-FOR-US: Mercedes-Benz HERMES
+CVE-2021-23908 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...)
+ NOT-FOR-US: MBUX Infotainment System on Mercedes-Benz vehicles
+CVE-2021-23907 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...)
+ NOT-FOR-US: MBUX Infotainment System on Mercedes-Benz vehicles
+CVE-2021-23906 (An issue was discovered in the Headunit NTG6 in the MBUX Infotainment ...)
+ NOT-FOR-US: MBUX Infotainment System on Mercedes-Benz vehicles
+CVE-2021-23905
+ RESERVED
+CVE-2021-23904
+ RESERVED
+CVE-2021-23903
+ RESERVED
+CVE-2021-23902
+ RESERVED
+CVE-2021-23901 (An XML external entity (XXE) injection vulnerability was discovered in ...)
+ NOT-FOR-US: Apache Nutch
+CVE-2021-23900 (OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an ...)
+ NOT-FOR-US: OWASP json-sanitizer
+CVE-2021-23899 (OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDA ...)
+ NOT-FOR-US: OWASP json-sanitizer
+CVE-2021-23898
+ RESERVED
+CVE-2021-23897
+ REJECTED
+CVE-2021-25900 (An issue was discovered in the smallvec crate before 0.6.14 and 1.x be ...)
+ - rust-smallvec 1.4.2-2 (bug #984665)
+ [buster] - rust-smallvec <no-dsa> (Minor issue)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0003.html
+ NOTE: https://github.com/servo/rust-smallvec/issues/252
+CVE-2021-3127 (NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorre ...)
+ NOT-FOR-US: nats-server
+CVE-2021-3126
+ RESERVED
+CVE-2021-23896 (Cleartext Transmission of Sensitive Information vulnerability in the a ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23895 (Deserialization of untrusted data vulnerability in McAfee Database Sec ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23894 (Deserialization of untrusted data vulnerability in McAfee Database Sec ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23893 (Privilege Escalation vulnerability in a Windows system driver of McAfe ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23892 (By exploiting a time of check to time of use (TOCTOU) race condition d ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23891 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23890 (Information leak vulnerability in the Agent Handler of McAfee ePolicy ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23889 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23888 (Unvalidated client-side URL redirect vulnerability in McAfee ePolicy O ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23887 (Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23886 (Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) E ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23885 (Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior t ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23884 (Cleartext Transmission of Sensitive Information vulnerability in the e ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23883 (A Null Pointer Dereference vulnerability in McAfee Endpoint Security ( ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23882 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23881 (A stored cross site scripting vulnerability in ePO extension of McAfee ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23880 (Improper Access Control in attribute in McAfee Endpoint Security (ENS) ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23879 (Unquoted service path vulnerability in McAfee Endpoint Product Removal ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23878 (Clear text storage of sensitive Information in memory vulnerability in ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23877 (Privilege escalation vulnerability in the Windows trial installer of M ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23876 (Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23875
+ RESERVED
+CVE-2021-23874 (Arbitrary Process Execution vulnerability in McAfee Total Protection ( ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23873 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23872 (Privilege Escalation vulnerability in the File Lock component of McAfe ...)
+ NOT-FOR-US: McAfee
+CVE-2021-23871
+ RESERVED
+CVE-2021-23870
+ RESERVED
+CVE-2021-23869
+ RESERVED
+CVE-2021-23868
+ RESERVED
+CVE-2021-23867
+ RESERVED
+CVE-2021-23866
+ RESERVED
+CVE-2021-23865
+ RESERVED
+CVE-2021-23864
+ RESERVED
+CVE-2021-23863 (HTML code injection vulnerability in Android Application, Bosch Video ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23862 (A crafted configuration packet sent by an authenticated administrative ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23861 (By executing a special command, an user with administrative rights can ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23860 (An error in a page handler of the VRM may lead to a reflected cross si ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23859 (An unauthenticated attacker is able to send a special HTTP request, th ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23858 (Information disclosure: The main configuration, including users and th ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23857 (Login with hash: The login routine allows the client to log in to the ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23856 (The web server is vulnerable to reflected XSS and therefore an attacke ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23855 (The user and password data base is exposed by an unprotected web serve ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23854 (An error in the handling of a page parameter in Bosch IP cameras may l ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23853 (In Bosch IP cameras, improper validation of the HTTP header allows an ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23852 (An authenticated attacker with administrator rights Bosch IP cameras c ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23851
+ RESERVED
+CVE-2021-23850
+ RESERVED
+CVE-2021-23849 (A vulnerability in the web-based interface allows an unauthenticated r ...)
+ NOT-FOR-US: Bosch IP cameras
+CVE-2021-23848 (An error in the URL handler Bosch IP cameras may lead to a reflected c ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23847 (A Missing Authentication in Critical Function in Bosch IP cameras allo ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23846 (When using http protocol, the user password is transmitted as a clear ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session while a ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23844
+ RESERVED
+CVE-2021-23843 (The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are us ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23842 (Communication to the AMC2 uses a state-of-the-art cryptographic algori ...)
+ NOT-FOR-US: Bosch
+CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...)
+ {DSA-4855-1 DLA-2565-1 DLA-2563-1}
+ - openssl 1.1.1j-1
+ - openssl1.0 <removed>
+ NOTE: https://www.openssl.org/news/secadv/20210216.txt
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf (OpenSSL_1_1_1j)
+CVE-2021-23840 (Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may ...)
+ {DSA-4855-1 DLA-2565-1 DLA-2563-1}
+ - openssl 1.1.1j-1
+ - openssl1.0 <removed>
+ NOTE: https://www.openssl.org/news/secadv/20210216.txt
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 (OpenSSL_1_1_1j)
+CVE-2021-23839 (OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 ...)
+ - openssl 1.0.0d-1
+ - openssl1.0 <not-affected> (SSL2 disabled before openssl1.0 was uploaded)
+ NOTE: https://www.openssl.org/news/secadv/20210216.txt
+ NOTE: SSL2 disabled since 1.0.0d-1 (1.0.0c-2 in experimental)
+ NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=901f1ef7dacb6b3bde63233a1f623e1fa2f0f058 (OpenSSL_1_1_1j)
+CVE-2021-23838 (An issue was discovered in flatCore before 2.0.0 build 139. A reflecte ...)
+ NOT-FOR-US: flatCore CMS
+CVE-2021-23837 (An issue was discovered in flatCore before 2.0.0 build 139. A time-bas ...)
+ NOT-FOR-US: flatCore CMS
+CVE-2021-23836 (An issue was discovered in flatCore before 2.0.0 build 139. A stored X ...)
+ NOT-FOR-US: flatCore CMS
+CVE-2021-23835 (An issue was discovered in flatCore before 2.0.0 build 139. A local fi ...)
+ NOT-FOR-US: flatCore CMS
+CVE-2021-3125 (In TP-Link TL-XDR3230 &lt; 1.0.12, TL-XDR1850 &lt; 1.0.9, TL-XDR1860 & ...)
+ NOT-FOR-US: TP-Link
+CVE-2021-3124 (Stored cross-site scripting (XSS) in form field in robust.systems prod ...)
+ NOT-FOR-US: WordPress Plugin Custom Global Variables
+CVE-2021-3123
+ RESERVED
+CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers per ...)
+ NOT-FOR-US: CMCAgent in NCR Command Center Agent
+CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarsha ...)
+ - golang-gogoprotobuf 1.3.2-1
+ [buster] - golang-gogoprotobuf <no-dsa> (Minor issue)
+ [stretch] - golang-gogoprotobuf <no-dsa> (Minor issue)
+ NOTE: https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc
+CVE-2021-3120 (An arbitrary file upload vulnerability in the YITH WooCommerce Gift Ca ...)
+ NOT-FOR-US: YITH WooCommerce Gift Cards Premium plugin for WordPress
+CVE-2021-3119 (Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing is ...)
+ - sqlcipher <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/sqlcipher/sqlcipher/commit/cb71f53e8cea4802509f182fa5bead0ac6ab0e7f#diff-9305215a9a0ea69300281fc4af90bc7f3437e34a0e1745d030213152993ddae4
+CVE-2021-3118 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...)
+ NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging)
+CVE-2021-3117
+ RESERVED
+CVE-2021-3116 (before_upstream_connection in AuthPlugin in http/proxy/auth.py in prox ...)
+ NOT-FOR-US: proxy.py
+CVE-2021-3115 (Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to ...)
+ - golang-1.15 1.15.7-1
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <ignored> (Minor issue, only applies to inherently insecure setups)
+ - golang-1.8 <removed>
+ [stretch] - golang-1.8 <ignored> (Minor issue, requires unsecure PATH and compiling a malicious dependency)
+ - golang-1.7 <removed>
+ [stretch] - golang-1.7 <ignored> (Minor issue, requires unsecure PATH and compiling a malicious dependency)
+ NOTE: https://github.com/golang/go/issues/43783
+ NOTE: https://github.com/golang/go/commit/46e2e2e9d99925bbf724b12693c6d3e27a95d6a0 (master)
+ NOTE: https://github.com/golang/go/commit/e8e7facfaa47bf21007c0a1c679debba52ec3ea0 (1.15.7)
+ NOTE: Mainly an issue on Windows but as well for Unix users who have '.' listed
+ NOTE: explicitly in PATH and running 'go get' outside of a module or with module
+ NOTE: mode disabled.
+CVE-2021-3114 (In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go ...)
+ {DSA-4848-1 DLA-2592-1 DLA-2591-1}
+ - golang-1.15 1.15.7-1
+ - golang-1.11 <removed>
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/43786
+ NOTE: https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871 (master)
+ NOTE: https://github.com/golang/go/commit/5c8fd727c41e31273923c32b33d4f25855f4e123 (1.15.7)
+CVE-2021-23834
+ RESERVED
+CVE-2021-23833
+ RESERVED
+CVE-2021-23832
+ RESERVED
+CVE-2021-23831
+ RESERVED
+CVE-2021-23830
+ RESERVED
+CVE-2021-23829
+ RESERVED
+CVE-2021-23828
+ RESERVED
+CVE-2021-23827 (Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5 ...)
+ NOT-FOR-US: Keybase Desktop Client
+CVE-2021-23826
+ RESERVED
+CVE-2021-23825
+ RESERVED
+CVE-2021-23824 (This affects the package Crow before 0.3+4. When using attributes with ...)
+ NOT-FOR-US: CrowCpp
+CVE-2021-23823
+ RESERVED
+CVE-2021-23822
+ RESERVED
+CVE-2021-23821
+ RESERVED
+CVE-2021-23820 (This affects all versions of package json-pointer. A type confusion vu ...)
+ NOT-FOR-US: Node json-pointer
+CVE-2021-23819
+ RESERVED
+CVE-2021-23818
+ RESERVED
+CVE-2021-23817
+ RESERVED
+CVE-2021-23816
+ RESERVED
+CVE-2021-23815
+ RESERVED
+CVE-2021-23814 (This affects the package unisharp/laravel-filemanager from 0.0.0. The ...)
+ NOT-FOR-US: Laravel Filemanager
+CVE-2021-23813
+ RESERVED
+CVE-2021-23812
+ RESERVED
+CVE-2021-23811
+ RESERVED
+CVE-2021-23810
+ RESERVED
+CVE-2021-23809
+ RESERVED
+CVE-2021-23808
+ RESERVED
+CVE-2021-23807 (This affects the package jsonpointer before 5.0.0. A type confusion vu ...)
+ NOT-FOR-US: Node json-pointer
+CVE-2021-23806
+ RESERVED
+CVE-2021-23805
+ RESERVED
+CVE-2021-23804
+ RESERVED
+CVE-2021-23803 (This affects the package latte/latte before 2.10.6. There is a way to ...)
+ - php-nette <removed>
+ [stretch] - php-nette <not-affected> (Sandbox first appeared in Latte 2.8.0 so older versions are not affected.)
+ NOTE: https://github.com/nette/latte/commit/227c86eda9a8a6d060ea8501923e768b6d992210
+ NOTE: https://github.com/nette/latte/issues/279
+CVE-2021-23802
+ RESERVED
+CVE-2021-23801
+ RESERVED
+CVE-2021-23800
+ RESERVED
+CVE-2021-23799
+ RESERVED
+CVE-2021-23798
+ RESERVED
+CVE-2021-23797 (All versions of package http-server-node are vulnerable to Directory T ...)
+ NOT-FOR-US: Node http-server
+CVE-2021-23796
+ RESERVED
+CVE-2021-23795
+ RESERVED
+CVE-2021-23794
+ RESERVED
+CVE-2021-23793
+ RESERVED
+CVE-2021-23792
+ RESERVED
+CVE-2021-23791
+ RESERVED
+CVE-2021-23790
+ RESERVED
+CVE-2021-23789
+ RESERVED
+CVE-2021-23788
+ RESERVED
+CVE-2021-23787
+ RESERVED
+CVE-2021-23786
+ RESERVED
+CVE-2021-23785
+ RESERVED
+CVE-2021-23784 (This affects the package tempura before 0.4.0. If the input to the esc ...)
+ NOT-FOR-US: tempura
+CVE-2021-23783
+ RESERVED
+CVE-2021-23782
+ RESERVED
+CVE-2021-23781
+ RESERVED
+CVE-2021-23780
+ RESERVED
+CVE-2021-23779
+ RESERVED
+CVE-2021-23778
+ RESERVED
+CVE-2021-23777
+ RESERVED
+CVE-2021-23776
+ RESERVED
+CVE-2021-23775
+ RESERVED
+CVE-2021-23774
+ RESERVED
+CVE-2021-23773
+ RESERVED
+CVE-2021-23772 (This affects all versions of package github.com/kataras/iris; all vers ...)
+ NOT-FOR-US: iris Go web framework
+CVE-2021-23771
+ RESERVED
+CVE-2021-23770
+ RESERVED
+CVE-2021-23769
+ RESERVED
+CVE-2021-23768
+ RESERVED
+CVE-2021-23767
+ RESERVED
+CVE-2021-23766
+ RESERVED
+CVE-2021-23765
+ RESERVED
+CVE-2021-23764
+ RESERVED
+CVE-2021-23763
+ RESERVED
+CVE-2021-23762
+ RESERVED
+CVE-2021-23761
+ RESERVED
+CVE-2021-23760 (The package keyget from 0.0.0 are vulnerable to Prototype Pollution vi ...)
+ NOT-FOR-US: Node keyget
+CVE-2021-23759
+ RESERVED
+CVE-2021-23758 (All versions of package ajaxpro.2 are vulnerable to Deserialization of ...)
+ NOT-FOR-US: ajaxpro
+CVE-2021-23757
+ RESERVED
+CVE-2021-23756
+ RESERVED
+CVE-2021-23755
+ RESERVED
+CVE-2021-23754
+ RESERVED
+CVE-2021-23753
+ RESERVED
+CVE-2021-23752
+ RESERVED
+CVE-2021-23751
+ RESERVED
+CVE-2021-23750
+ RESERVED
+CVE-2021-23749
+ RESERVED
+CVE-2021-23748
+ RESERVED
+CVE-2021-23747
+ RESERVED
+CVE-2021-23746
+ RESERVED
+CVE-2021-23745
+ RESERVED
+CVE-2021-23744
+ RESERVED
+CVE-2021-23743
+ RESERVED
+CVE-2021-23742
+ RESERVED
+CVE-2021-23741
+ RESERVED
+CVE-2021-23740
+ RESERVED
+CVE-2021-23739
+ RESERVED
+CVE-2021-23738
+ RESERVED
+CVE-2021-23737
+ RESERVED
+CVE-2021-23736
+ RESERVED
+CVE-2021-23735
+ RESERVED
+CVE-2021-23734
+ RESERVED
+CVE-2021-23733
+ RESERVED
+CVE-2021-23732 (This affects all versions of package docker-cli-js. If the command par ...)
+ NOT-FOR-US: Node docker-cli-js
+CVE-2021-23731
+ RESERVED
+CVE-2021-23730
+ RESERVED
+CVE-2021-23729
+ RESERVED
+CVE-2021-23728
+ RESERVED
+CVE-2021-23727 (This affects the package celery before 5.2.2. It by default trusts the ...)
+ - celery 5.2.3-1
+ [bullseye] - celery <no-dsa> (Minor issue)
+ [buster] - celery <not-affected> (Vulnerable code not present)
+ [stretch] - celery <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/celery/celery/commit/5c3f1559df16c32fb8d82918b4497f688d42ad0a (v5.2.3)
+ NOTE: Introduced by: https://github.com/celery/celery/commit/d20b8a5d469c80f48468e251cbe6451c798d1c29 (4.4.0rc1)
+CVE-2021-23726
+ RESERVED
+CVE-2021-23725
+ RESERVED
+CVE-2021-23724
+ RESERVED
+CVE-2021-23723
+ RESERVED
+CVE-2021-23722
+ RESERVED
+CVE-2021-23721
+ RESERVED
+CVE-2021-23720
+ RESERVED
+CVE-2021-23719
+ RESERVED
+CVE-2021-23718 (The package ssrf-agent before 1.0.5 are vulnerable to Server-side Requ ...)
+ NOT-FOR-US: ssrf-agent
+CVE-2021-23717
+ RESERVED
+CVE-2021-23716
+ RESERVED
+CVE-2021-23715
+ RESERVED
+CVE-2021-23714
+ RESERVED
+CVE-2021-23713
+ RESERVED
+CVE-2021-23712
+ RESERVED
+CVE-2021-23711
+ RESERVED
+CVE-2021-23710
+ RESERVED
+CVE-2021-23709
+ RESERVED
+CVE-2021-23708
+ RESERVED
+CVE-2021-23707
+ RESERVED
+CVE-2021-23706
+ RESERVED
+CVE-2021-23705
+ RESERVED
+CVE-2021-23704
+ RESERVED
+CVE-2021-23703
+ RESERVED
+CVE-2021-23702 (The package object-extend from 0.0.0 are vulnerable to Prototype Pollu ...)
+ TODO: check
+CVE-2021-23701
+ RESERVED
+CVE-2021-23700 (All versions of package merge-deep2 are vulnerable to Prototype Pollut ...)
+ NOT-FOR-US: merge-deep2 (fork of unaffected merge-deep).
+CVE-2021-23699
+ RESERVED
+CVE-2021-23698
+ RESERVED
+CVE-2021-23697
+ RESERVED
+CVE-2021-23696
+ RESERVED
+CVE-2021-23695
+ RESERVED
+CVE-2021-23694
+ RESERVED
+CVE-2021-23693
+ RESERVED
+CVE-2021-23692
+ RESERVED
+CVE-2021-23691
+ RESERVED
+CVE-2021-23690
+ RESERVED
+CVE-2021-23689
+ RESERVED
+CVE-2021-23688
+ RESERVED
+CVE-2021-23687
+ RESERVED
+CVE-2021-23686
+ RESERVED
+CVE-2021-23685
+ RESERVED
+CVE-2021-23684
+ RESERVED
+CVE-2021-23683
+ RESERVED
+CVE-2021-23682 (This affects the package litespeed.js before 0.3.12; the package appwr ...)
+ NOT-FOR-US: litespeed.js
+CVE-2021-23681
+ RESERVED
+CVE-2021-23680
+ RESERVED
+CVE-2021-23679
+ RESERVED
+CVE-2021-23678
+ RESERVED
+CVE-2021-23677
+ RESERVED
+CVE-2021-23676
+ RESERVED
+CVE-2021-23675
+ RESERVED
+CVE-2021-23674
+ RESERVED
+CVE-2021-23673 (This affects all versions of package pekeupload. If an attacker induce ...)
+ NOT-FOR-US: Node pekeupload
+CVE-2021-23672
+ RESERVED
+CVE-2021-23671
+ RESERVED
+CVE-2021-23670
+ RESERVED
+CVE-2021-23669
+ RESERVED
+CVE-2021-23668
+ RESERVED
+CVE-2021-23667
+ RESERVED
+CVE-2021-23666
+ RESERVED
+CVE-2021-23665
+ RESERVED
+CVE-2021-23664 (The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to ...)
+ NOT-FOR-US: cors-proxy
+CVE-2021-23663 (All versions of package sey are vulnerable to Prototype Pollution via ...)
+ NOT-FOR-US: sey - Deprecated Simple JavaScript build tool
+CVE-2021-23662
+ RESERVED
+CVE-2021-23661
+ RESERVED
+CVE-2021-23660
+ RESERVED
+CVE-2021-23659
+ RESERVED
+CVE-2021-23658
+ RESERVED
+CVE-2021-23657
+ RESERVED
+CVE-2021-23656
+ RESERVED
+CVE-2021-23655
+ RESERVED
+CVE-2021-23654 (This affects all versions of package html-to-csv. When there is a form ...)
+ NOT-FOR-US: html-to-csv
+CVE-2021-23653
+ RESERVED
+CVE-2021-23652
+ RESERVED
+CVE-2021-23651
+ RESERVED
+CVE-2021-23650
+ RESERVED
+CVE-2021-23649
+ RESERVED
+CVE-2021-23648
+ RESERVED
+CVE-2021-23647
+ RESERVED
+CVE-2021-23646
+ RESERVED
+CVE-2021-23645
+ RESERVED
+CVE-2021-23644
+ RESERVED
+CVE-2021-23643
+ RESERVED
+CVE-2021-23642
+ RESERVED
+CVE-2021-23641
+ RESERVED
+CVE-2021-23640
+ RESERVED
+CVE-2021-23639 (The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execu ...)
+ NOT-FOR-US: Node md-to-pdf
+CVE-2021-23638
+ RESERVED
+CVE-2021-23637
+ RESERVED
+CVE-2021-23636
+ RESERVED
+CVE-2021-23635
+ RESERVED
+CVE-2021-23634
+ RESERVED
+CVE-2021-23633
+ RESERVED
+CVE-2021-23632
+ RESERVED
+CVE-2021-23631 (This affects all versions of package convert-svg-core; all versions of ...)
+ NOT-FOR-US: Node convert-svg
+CVE-2021-23630
+ RESERVED
+CVE-2021-23629
+ RESERVED
+CVE-2021-23628
+ RESERVED
+CVE-2021-23627
+ RESERVED
+CVE-2021-23626
+ RESERVED
+CVE-2021-23625
+ RESERVED
+CVE-2021-23624 (This affects the package dotty before 0.1.2. A type confusion vulnerab ...)
+ NOT-FOR-US: Node dotty
+CVE-2021-23623
+ RESERVED
+CVE-2021-23622
+ RESERVED
+CVE-2021-23621
+ RESERVED
+CVE-2021-23620
+ RESERVED
+CVE-2021-23619
+ RESERVED
+CVE-2021-23618
+ RESERVED
+CVE-2021-23617
+ RESERVED
+CVE-2021-23616
+ RESERVED
+CVE-2021-23615
+ RESERVED
+CVE-2021-23614
+ RESERVED
+CVE-2021-23613
+ RESERVED
+CVE-2021-23612
+ RESERVED
+CVE-2021-23611
+ RESERVED
+CVE-2021-23610
+ RESERVED
+CVE-2021-23609
+ RESERVED
+CVE-2021-23608
+ RESERVED
+CVE-2021-23607
+ RESERVED
+CVE-2021-23606
+ RESERVED
+CVE-2021-23605
+ RESERVED
+CVE-2021-23604
+ RESERVED
+CVE-2021-23603
+ RESERVED
+CVE-2021-23602
+ RESERVED
+CVE-2021-23601
+ RESERVED
+CVE-2021-23600
+ RESERVED
+CVE-2021-23599
+ RESERVED
+CVE-2021-23598
+ RESERVED
+CVE-2021-23597 (This affects the package fastify-multipart before 5.3.1. By providing ...)
+ NOT-FOR-US: Node fastify
+CVE-2021-23596
+ RESERVED
+CVE-2021-23595
+ RESERVED
+CVE-2021-23594 (All versions of package realms-shim are vulnerable to Sandbox Bypass v ...)
+ NOT-FOR-US: realms-shim
+CVE-2021-23593
+ RESERVED
+CVE-2021-23592
+ RESERVED
+CVE-2021-23591
+ RESERVED
+CVE-2021-23590
+ RESERVED
+CVE-2021-23589
+ RESERVED
+CVE-2021-23588
+ RESERVED
+CVE-2021-23587
+ RESERVED
+CVE-2021-23586
+ RESERVED
+CVE-2021-23585
+ RESERVED
+CVE-2021-23584
+ RESERVED
+CVE-2021-23583
+ RESERVED
+CVE-2021-23582
+ RESERVED
+CVE-2021-23581
+ RESERVED
+CVE-2021-23580
+ RESERVED
+CVE-2021-23579
+ RESERVED
+CVE-2021-23578
+ RESERVED
+CVE-2021-23577
+ RESERVED
+CVE-2021-23576
+ RESERVED
+CVE-2021-23575
+ RESERVED
+CVE-2021-23574 (All versions of package js-data are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node js-data
+CVE-2021-23573
+ RESERVED
+CVE-2021-23572
+ RESERVED
+CVE-2021-23571
+ RESERVED
+CVE-2021-23570
+ RESERVED
+CVE-2021-23569
+ RESERVED
+CVE-2021-23568 (The package extend2 before 1.0.1 are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: extend2 (fork of node-extend which is not affected)
+CVE-2021-23567 (The package colors after 1.4.0 are vulnerable to Denial of Service (Do ...)
+ - colors.js <not-affected> (Vulnerable code never in a released Debian version)
+ NOTE: https://github.com/Marak/colors.js/issues/285
+ NOTE: Introduced with: https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6
+CVE-2021-23566 (The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Info ...)
+ NOT-FOR-US: Node nanoid (NaN0-1D)
+CVE-2021-23565
+ RESERVED
+CVE-2021-23564
+ RESERVED
+CVE-2021-23563
+ RESERVED
+CVE-2021-23562 (This affects the package plupload before 2.3.9. A file name containing ...)
+ NOT-FOR-US: Node plupload
+CVE-2021-23561 (All versions of package comb are vulnerable to Prototype Pollution via ...)
+ NOT-FOR-US: Node comb
+CVE-2021-23560
+ RESERVED
+CVE-2021-23559
+ RESERVED
+CVE-2021-23558 (The package bmoor before 0.10.1 are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node bmoor
+CVE-2021-23557
+ RESERVED
+CVE-2021-23556
+ RESERVED
+CVE-2021-23555 (The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via dire ...)
+ NOT-FOR-US: Node vm2
+CVE-2021-23554
+ RESERVED
+CVE-2021-23553
+ RESERVED
+CVE-2021-23552
+ RESERVED
+CVE-2021-23551
+ RESERVED
+CVE-2021-23550
+ RESERVED
+CVE-2021-23549
+ RESERVED
+CVE-2021-23548
+ RESERVED
+CVE-2021-23547
+ RESERVED
+CVE-2021-23546
+ RESERVED
+CVE-2021-23545
+ RESERVED
+CVE-2021-23544
+ RESERVED
+CVE-2021-23543 (All versions of package realms-shim are vulnerable to Sandbox Bypass v ...)
+ NOT-FOR-US: realms-shim
+CVE-2021-23542
+ RESERVED
+CVE-2021-23541
+ RESERVED
+CVE-2021-23540
+ RESERVED
+CVE-2021-23539
+ RESERVED
+CVE-2021-23538
+ RESERVED
+CVE-2021-23537
+ RESERVED
+CVE-2021-23536
+ RESERVED
+CVE-2021-23535
+ RESERVED
+CVE-2021-23534
+ RESERVED
+CVE-2021-23533
+ RESERVED
+CVE-2021-23532
+ RESERVED
+CVE-2021-23531
+ RESERVED
+CVE-2021-23530
+ RESERVED
+CVE-2021-23529
+ RESERVED
+CVE-2021-23528
+ RESERVED
+CVE-2021-23527
+ RESERVED
+CVE-2021-23526
+ RESERVED
+CVE-2021-23525
+ RESERVED
+CVE-2021-23524
+ RESERVED
+CVE-2021-23523
+ RESERVED
+CVE-2021-23522
+ RESERVED
+CVE-2021-23521 (This affects the package juce-framework/JUCE before 6.1.5. This vulner ...)
+ - juce 6.1.5~ds0-1
+ [bullseye] - juce <no-dsa> (Minor issue)
+ [buster] - juce <no-dsa> (Minor issue)
+ [stretch] - juce <no-dsa> (Minor issue)
+ NOTE: https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f
+ NOTE: https://security.snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388608
+CVE-2021-23520 (The package juce-framework/juce before 6.1.5 are vulnerable to Arbitra ...)
+ - juce 6.1.5~ds0-1
+ [bullseye] - juce <no-dsa> (Minor issue)
+ [buster] - juce <no-dsa> (Minor issue)
+ [stretch] - juce <no-dsa> (Minor issue)
+ NOTE: https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f
+ NOTE: https://snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388607
+ NOTE: https://snyk.io/research/zip-slip-vulnerability
+CVE-2021-23519
+ RESERVED
+CVE-2021-23518 (The package cached-path-relative before 1.1.0 are vulnerable to Protot ...)
+ - node-cached-path-relative 1.1.0+~1.0.0-1 (bug #1004338)
+ [bullseye] - node-cached-path-relative <no-dsa> (Minor issue)
+ [buster] - node-cached-path-relative <no-dsa> (Minor issue)
+ NOTE: https://github.com/ashaffer/cached-path-relative/commit/40c73bf70c58add5aec7d11e4f36b93d144bb760
+ NOTE: results from incomplete fix for https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573
+ NOTE: which was CVE-2018-16472.
+CVE-2021-23517
+ RESERVED
+CVE-2021-23516
+ RESERVED
+CVE-2021-23515
+ RESERVED
+CVE-2021-23514 (This affects the package Crow before 0.3+4. It is possible to traverse ...)
+ NOT-FOR-US: CrowCpp
+CVE-2021-23513
+ RESERVED
+CVE-2021-23512
+ RESERVED
+CVE-2021-23511
+ RESERVED
+CVE-2021-23510
+ RESERVED
+CVE-2021-23509 (This affects the package json-ptr before 3.0.0. A type confusion vulne ...)
+ NOT-FOR-US: Node json-ptr
+CVE-2021-23508
+ RESERVED
+CVE-2021-23507 (The package object-path-set before 1.0.2 are vulnerable to Prototype P ...)
+ NOT-FOR-US: Node object-path-set
+CVE-2021-23506
+ RESERVED
+CVE-2021-23505
+ RESERVED
+CVE-2021-23504
+ RESERVED
+CVE-2021-23503
+ RESERVED
+CVE-2021-23502
+ RESERVED
+CVE-2021-23501
+ RESERVED
+CVE-2021-23500
+ RESERVED
+CVE-2021-23499
+ RESERVED
+CVE-2021-23498
+ RESERVED
+CVE-2021-23497 (This affects the package @strikeentco/set before 1.0.2. It allows an a ...)
+ NOT-FOR-US: Node strikeentco/set
+CVE-2021-23496
+ RESERVED
+CVE-2021-23495
+ RESERVED
+CVE-2021-23494
+ RESERVED
+CVE-2021-23493
+ RESERVED
+CVE-2021-23492
+ RESERVED
+CVE-2021-23491
+ RESERVED
+CVE-2021-23490 (The package parse-link-header before 2.0.0 are vulnerable to Regular E ...)
+ NOT-FOR-US: parse-link-header
+CVE-2021-23489
+ RESERVED
+CVE-2021-23488
+ RESERVED
+CVE-2021-23487
+ RESERVED
+CVE-2021-23486
+ RESERVED
+CVE-2021-23485
+ RESERVED
+CVE-2021-23484 (The package zip-local before 0.3.5 are vulnerable to Arbitrary File Wr ...)
+ NOT-FOR-US: zip-local
+CVE-2021-23483
+ RESERVED
+CVE-2021-23482
+ RESERVED
+CVE-2021-23481
+ RESERVED
+CVE-2021-23480
+ RESERVED
+CVE-2021-23479
+ RESERVED
+CVE-2021-23478
+ RESERVED
+CVE-2021-23477
+ RESERVED
+CVE-2021-23476
+ RESERVED
+CVE-2021-23475
+ RESERVED
+CVE-2021-23474
+ RESERVED
+CVE-2021-23473
+ RESERVED
+CVE-2021-23472 (This affects versions before 1.19.1 of package bootstrap-table. A type ...)
+ NOT-FOR-US: bootstrap-table
+ NOTE: URL in CVE has moved. https://github.com/wenzhixin/bootstrap-table/pull/5941
+CVE-2021-23471
+ RESERVED
+CVE-2021-23470 (This affects the package putil-merge before 3.8.0. The merge() functio ...)
+ NOT-FOR-US: Node putil-merge
+CVE-2021-23469
+ RESERVED
+CVE-2021-23468
+ RESERVED
+CVE-2021-23467
+ RESERVED
+CVE-2021-23466
+ RESERVED
+CVE-2021-23465
+ RESERVED
+CVE-2021-23464
+ RESERVED
+CVE-2021-23463 (The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vuln ...)
+ - h2database <not-affected> (vulnerable method is not supported; vulnerable code introduced in 1.4.198)
+ NOTE: https://github.com/h2database/h2database/issues/3195
+ NOTE: https://github.com/h2database/h2database/pull/3199
+ NOTE: Introduced in: https://github.com/h2database/h2database/commit/1cfd2ffad975b31de3f20711bab19a121bfad20c (version-1.4.198)
+ NOTE: Fixed by: https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8 (version-2.0.202)
+CVE-2021-23462
+ RESERVED
+CVE-2021-23461
+ RESERVED
+CVE-2021-23460 (The package min-dash before 3.8.1 are vulnerable to Prototype Pollutio ...)
+ NOT-FOR-US: bpmn.io min-dash
+CVE-2021-23459
+ RESERVED
+CVE-2021-23458
+ RESERVED
+CVE-2021-23457
+ RESERVED
+CVE-2021-23456
+ RESERVED
+CVE-2021-23455
+ RESERVED
+CVE-2021-23454
+ RESERVED
+CVE-2021-23453
+ RESERVED
+CVE-2021-23452 (This affects all versions of package x-assign. The global proto object ...)
+ NOT-FOR-US: x-assign JS
+CVE-2021-23451
+ RESERVED
+CVE-2021-23450 (All versions of package dojo are vulnerable to Prototype Pollution via ...)
+ - dojo <unfixed>
+ NOTE: https://github.com/advisories/GHSA-m8gw-hjpr-rjv7
+ NOTE: Fixed by: https://github.com/dojo/dojo/commit/b7b8b279f3e082e9d4b54144fe831bdc77b2e0c9
+CVE-2021-23449 (This affects the package vm2 before 3.9.4 via a Prototype Pollution at ...)
+ NOT-FOR-US: vm2 JS
+ NOTE: https://github.com/patriksimek/vm2
+CVE-2021-23448 (All versions of package config-handler are vulnerable to Prototype Pol ...)
+ NOT-FOR-US: config-handler JS
+CVE-2021-23447 (This affects the package teddy before 0.5.9. A type confusion vulnerab ...)
+ NOT-FOR-US: teddy templating engine
+CVE-2021-23446 (The package handsontable before 10.0.0; the package handsontable from ...)
+ NOT-FOR-US: Node handsontable
+CVE-2021-23445 (This affects the package datatables.net before 1.11.3. If an array is ...)
+ - datatables.js 1.10.21+dfsg-3 (bug #995229)
+ [bullseye] - datatables.js 1.10.21+dfsg-2+deb11u1
+ [buster] - datatables.js <no-dsa> (Minor issue)
+ [stretch] - datatables.js <no-dsa> (Minor issue)
+ NOTE: https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b (v1.11.3)
+CVE-2021-23444 (This affects the package jointjs before 3.4.2. A type confusion vulner ...)
+ NOT-FOR-US: Node jointjs
+CVE-2021-23443 (This affects the package edge.js before 5.3.2. A type confusion vulner ...)
+ NOT-FOR-US: Node edge.js
+CVE-2021-23442 (This affects all versions of package @cookiex/deep. The global proto o ...)
+ NOT-FOR-US: Node @cookiex/deep
+CVE-2021-23441
+ REJECTED
+CVE-2021-23440 (This affects the package set-value before &lt;2.0.1, &gt;=3.0.0 &lt;4. ...)
+ - node-set-value 3.0.1-3 (bug #994448)
+ [bullseye] - node-set-value 3.0.1-2+deb11u1
+ [buster] - node-set-value <no-dsa> (Minor issue)
+ [stretch] - node-set-value <no-dsa> (Minor issue)
+ NOTE: https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452 (v4.0.1)
+ NOTE: https://github.com/jonschlinkert/set-value/pull/33/commits/383b72d47c74a55ae8b6e231da548f9280a4296a
+ NOTE: https://github.com/jonschlinkert/set-value/pull/33
+CVE-2021-23439 (This affects the package file-upload-with-preview before 4.2.0. A file ...)
+ NOT-FOR-US: Node file-upload-with-preview
+CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion vulnerab ...)
+ NOT-FOR-US: Node mpath
+CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Ex ...)
+ - pillow 8.3.2-1
+ [bullseye] - pillow <no-dsa> (Minor issue)
+ [buster] - pillow <no-dsa> (Minor issue)
+ [stretch] - pillow <postponed> (Minor issue, can be fixed in the next DLA)
+ NOTE: https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b
+ NOTE: https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443
+CVE-2021-23436 (This affects the package immer before 9.0.6. A type confusion vulnerab ...)
+ NOT-FOR-US: Node immer
+CVE-2021-23435 (This affects the package clearance before 2.5.0. The vulnerability can ...)
+ NOT-FOR-US: Rails clearance gem
+CVE-2021-23434 (This affects the package object-path before 0.11.6. A type confusion v ...)
+ - node-object-path 0.11.7-1
+ [bullseye] - node-object-path 0.11.5-3+deb11u1
+ [buster] - node-object-path <no-dsa> (Minor issue)
+ [stretch] - node-object-path <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453
+ NOTE: https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb
+CVE-2021-23433 (The package algoliasearch-helper before 3.6.2 are vulnerable to Protot ...)
+ NOT-FOR-US: Node algoliasearch-helper
+CVE-2021-23432 (This affects all versions of package mootools. This is due to the abil ...)
+ NOT-FOR-US: Node mootools
+CVE-2021-23431 (The package joplin before 2.3.2 are vulnerable to Cross-site Request F ...)
+ NOT-FOR-US: Node joplin
+CVE-2021-23430 (All versions of package startserver are vulnerable to Directory Traver ...)
+ NOT-FOR-US: Node startserver
+CVE-2021-23429 (All versions of package transpile are vulnerable to Denial of Service ...)
+ NOT-FOR-US: Node transpile
+CVE-2021-23428 (This affects all versions of package elFinder.NetCore. The Path.Combin ...)
+ NOT-FOR-US: elFinder.NetCore
+CVE-2021-23427 (This affects all versions of package elFinder.NetCore. The ExtractAsyn ...)
+ NOT-FOR-US: elFinder.NetCore
+CVE-2021-23426 (This affects all versions of package Proto. It is possible to inject p ...)
+ NOT-FOR-US: Node proto
+CVE-2021-23425 (All versions of package trim-off-newlines are vulnerable to Regular Ex ...)
+ NOT-FOR-US: Node trim-off-newlines
+CVE-2021-23424 (This affects all versions of package ansi-html. If an attacker provide ...)
+ NOT-FOR-US: Node ansi-html
+CVE-2021-23423 (This affects the package bikeshed before 3.0.0. This can occur when an ...)
+ NOT-FOR-US: Bikeshed
+CVE-2021-23422 (This affects the package bikeshed before 3.0.0. This can occur when an ...)
+ NOT-FOR-US: Bikeshed
+CVE-2021-23421 (All versions of package merge-change are vulnerable to Prototype Pollu ...)
+ NOT-FOR-US: Node merge-change
+CVE-2021-23420 (This affects the package codeception/codeception from 4.0.0 and before ...)
+ NOT-FOR-US: codeception
+CVE-2021-23419 (This affects the package open-graph before 0.2.6. The function parse c ...)
+ NOT-FOR-US: Node open-graph
+CVE-2021-23418 (The package glances before 3.2.1 are vulnerable to XML External Entity ...)
+ - glances <unfixed>
+ [bullseye] - glances <no-dsa> (Minor issue)
+ [buster] - glances <no-dsa> (Minor issue)
+ [stretch] - glances <no-dsa> (Minor issue)
+ NOTE: https://github.com/nicolargo/glances/issues/1025
+ NOTE: https://github.com/nicolargo/glances/commit/4b87e979afdc06d98ed1b48da31e69eaa3a9fb94
+ NOTE: https://github.com/nicolargo/glances/commit/85d5a6b4af31fcf785d5a61086cbbd166b40b07a
+ NOTE: https://github.com/nicolargo/glances/commit/9d6051be4a42f692392049fdbfc85d5dfa458b32
+CVE-2021-23417 (All versions of package deepmergefn are vulnerable to Prototype Pollut ...)
+ NOT-FOR-US: Node deepmergefn
+CVE-2021-23416 (This affects all versions of package curly-bracket-parser. When used a ...)
+ NOT-FOR-US: curly-bracket-parser
+CVE-2021-23415 (This affects the package elFinder.AspNet before 1.1.1. The user-contro ...)
+ NOT-FOR-US: elFinder.AspNet
+CVE-2021-23414 (This affects the package video.js before 7.14.3. The src attribute of ...)
+ NOT-FOR-US: video.js
+CVE-2021-23413 (This affects the package jszip before 3.7.0. Crafting a new zip file w ...)
+ - node-jszip 3.5.0+dfsg-2
+ [buster] - node-jszip 3.1.4+dfsg-1+deb10u1
+ NOTE: https://github.com/Stuk/jszip/pull/766
+ NOTE: https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36
+CVE-2021-23412 (All versions of package gitlogplus are vulnerable to Command Injection ...)
+ NOT-FOR-US: Node gitlogplus
+CVE-2021-23411 (Affected versions of this package are vulnerable to Cross-site Scripti ...)
+ NOT-FOR-US: Node anchorme
+CVE-2021-23410
+ REJECTED
+CVE-2021-23409 (The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable ...)
+ - golang-github-pires-go-proxyproto <unfixed> (bug #991498)
+ [bullseye] - golang-github-pires-go-proxyproto <no-dsa> (Minor issue)
+ NOTE: https://github.com/pires/go-proxyproto/issues/65
+ NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439
+ NOTE: https://github.com/pires/go-proxyproto/pull/74
+CVE-2021-23408 (This affects the package com.graphhopper:graphhopper-web-bundle before ...)
+ NOT-FOR-US: com.graphhopper:graphhopper-web-bundle
+CVE-2021-23407 (This affects the package elFinder.Net.Core from 0 and before 1.2.4. Th ...)
+ NOT-FOR-US: elFinder.Net.Core
+CVE-2021-23406 (This affects the package pac-resolver before 5.0.0. This can occur whe ...)
+ NOT-FOR-US: Node pac-resolver
+CVE-2021-23405 (This affects the package pimcore/pimcore before 10.0.7. This issue exi ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-23404 (This affects all versions of package sqlite-web. The SQL dashboard are ...)
+ NOT-FOR-US: sqlite-web
+CVE-2021-23403 (All versions of package ts-nodash are vulnerable to Prototype Pollutio ...)
+ NOT-FOR-US: Node ts-nodash
+CVE-2021-23402 (All versions of package record-like-deep-assign are vulnerable to Prot ...)
+ NOT-FOR-US: Node record-like-deep-assign
+CVE-2021-23401 (This affects all versions of package Flask-User. When using the make_s ...)
+ NOT-FOR-US: Flask-User
+CVE-2021-23400 (The package nodemailer before 6.6.1 are vulnerable to HTTP Header Inje ...)
+ - node-nodemailer 6.4.17-3 (bug #990485)
+ NOTE: https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f
+ NOTE: https://github.com/nodemailer/nodemailer/issues/1289
+ NOTE: https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415
+CVE-2021-23399 (This affects all versions of package wincred. If attacker-controlled u ...)
+ NOT-FOR-US: wincred
+CVE-2021-23398 (All versions of package react-bootstrap-table are vulnerable to Cross- ...)
+ NOT-FOR-US: react-bootstrap-table
+CVE-2021-23397
+ RESERVED
+CVE-2021-23396 (All versions of package lutils are vulnerable to Prototype Pollution v ...)
+ NOT-FOR-US: Node lutils
+CVE-2021-23395 (This affects all versions of package nedb. The library could be tricke ...)
+ NOT-FOR-US: Node nedb
+CVE-2021-23394 (The package studio-42/elfinder before 2.1.58 are vulnerable to Remote ...)
+ NOT-FOR-US: studio-42/elfinder
+CVE-2021-23393 (This affects the package Flask-Unchained before 0.9.0. When using the ...)
+ NOT-FOR-US: Flask-unchained
+CVE-2021-23392 (The package locutus before 2.0.15 are vulnerable to Regular Expression ...)
+ NOT-FOR-US: Node locutus
+CVE-2021-23391 (This affects all versions of package calipso. It is possible for a mal ...)
+ NOT-FOR-US: Node calipso
+CVE-2021-23390 (The package total4 before 0.0.43 are vulnerable to Arbitrary Code Exec ...)
+ NOT-FOR-US: Node total4
+CVE-2021-23389 (The package total.js before 3.4.9 are vulnerable to Arbitrary Code Exe ...)
+ NOT-FOR-US: Node total4
+CVE-2021-23388 (The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulner ...)
+ NOT-FOR-US: Node forms
+CVE-2021-23387 (The package trailing-slash before 2.0.1 are vulnerable to Open Redirec ...)
+ NOT-FOR-US: Node trailing-slash
+CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates buffers w ...)
+ NOT-FOR-US: Node dns-packet
+CVE-2021-23385
+ RESERVED
+CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to ...)
+ NOT-FOR-US: Node koa-remove-trailing-slashes before
+CVE-2021-23383 (The package handlebars before 4.7.7 are vulnerable to Prototype Pollut ...)
+ - node-handlebars 3:4.7.6+~4.1.0-2
+ [buster] - node-handlebars <no-dsa> (Minor issue; can be fixed via point release)
+ - libjs-handlebars <removed>
+ [stretch] - libjs-handlebars <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
+ NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029
+CVE-2021-23382 (The package postcss before 8.2.13 are vulnerable to Regular Expression ...)
+ - node-postcss 8.2.1+~cs5.3.23-7
+ [buster] - node-postcss <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
+ NOTE: https://github.com/postcss/postcss/commit/2ad1ca9b965dde32223bee28dc259c339cbaaa05 (8.2.13)
+CVE-2021-23381 (This affects all versions of package killing. If attacker-controlled u ...)
+ NOT-FOR-US: Node killing
+CVE-2021-23380 (This affects all versions of package roar-pidusage. If attacker-contro ...)
+ NOT-FOR-US: Node roar-pidusage
+CVE-2021-23379 (This affects all versions of package portkiller. If (attacker-controll ...)
+ NOT-FOR-US: Node portkiller
+CVE-2021-23378 (This affects all versions of package picotts. If attacker-controlled u ...)
+ NOT-FOR-US: Node picotts
+CVE-2021-23377 (This affects all versions of package onion-oled-js. If attacker-contro ...)
+ NOT-FOR-US: Node onion-oled-js
+CVE-2021-23376 (This affects all versions of package ffmpegdotjs. If attacker-controll ...)
+ NOT-FOR-US: Node ffmpegdotjs
+CVE-2021-23375 (This affects all versions of package psnode. If attacker-controlled us ...)
+ NOT-FOR-US: Node psnode
+CVE-2021-23374 (This affects all versions of package ps-visitor. If attacker-controlle ...)
+ NOT-FOR-US: Node ps-visitor
+CVE-2021-23373
+ RESERVED
+CVE-2021-23372 (All versions of package mongo-express are vulnerable to Denial of Serv ...)
+ NOT-FOR-US: mongo-express
+CVE-2021-23371 (This affects the package chrono-node before 2.2.4. It hangs on a date- ...)
+ NOT-FOR-US: Node chrono-node
+CVE-2021-23370 (This affects the package swiper before 6.5.1. ...)
+ NOT-FOR-US: swiper
+CVE-2021-23369 (The package handlebars before 4.7.7 are vulnerable to Remote Code Exec ...)
+ - node-handlebars 3:4.7.6+~4.1.0-2
+ [buster] - node-handlebars 3:4.1.0-1+deb10u3
+ - libjs-handlebars <removed>
+ [stretch] - libjs-handlebars <ignored> (Minor issue and too intrusive to backport)
+ NOTE: https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8
+ NOTE: https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
+ NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
+CVE-2021-23368 (The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Reg ...)
+ - node-postcss 8.2.1+~cs5.3.23-6
+ [buster] - node-postcss <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4
+ NOTE: https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5
+ NOTE: https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595
+CVE-2021-23367
+ RESERVED
+CVE-2021-23366
+ RESERVED
+CVE-2021-23365 (The package github.com/tyktechnologies/tyk-identity-broker before 1.1. ...)
+ NOT-FOR-US: tyk-identity-broker
+CVE-2021-23364 (The package browserslist from 4.0.0 and before 4.16.5 are vulnerable t ...)
+ - node-browserslist 4.16.3+~cs5.4.72-2 (bug #987792)
+ [buster] - node-browserslist <ignored> (Minor issue; risky backport with regression potential)
+ NOTE: https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98
+ NOTE: https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
+ NOTE: https://github.com/browserslist/browserslist/pull/593
+CVE-2021-23363 (This affects the package kill-by-port before 0.0.2. If (attacker-contr ...)
+ NOT-FOR-US: Node kill-by-port
+CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to Regular Exp ...)
+ - node-hosted-git-info 3.0.8-1
+ [buster] - node-hosted-git-info 2.7.1-1+deb10u1
+ [stretch] - node-hosted-git-info <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed by: https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
+ NOTE: https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
+CVE-2021-23361
+ REJECTED
+CVE-2021-23360 (This affects the package killport before 1.0.2. If (attacker-controlle ...)
+ NOT-FOR-US: Node killport
+CVE-2021-23359 (This affects all versions of package port-killer. If (attacker-control ...)
+ NOT-FOR-US: Node port-killer
+CVE-2021-23358 (The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 a ...)
+ {DSA-4883-1 DLA-2613-1}
+ - underscore 1.9.1~dfsg-2 (bug #986171)
+ NOTE: https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
+CVE-2021-23357 (All versions of package github.com/tyktechnologies/tyk/gateway are vul ...)
+ NOT-FOR-US: tyk/gateway
+CVE-2021-23356 (This affects all versions of package kill-process-by-name. If (attacke ...)
+ NOT-FOR-US: Node kill-process-by-name
+CVE-2021-23355 (This affects all versions of package ps-kill. If (attacker-controlled) ...)
+ NOT-FOR-US: Node ps-kill
+CVE-2021-23354 (The package printf before 0.6.1 are vulnerable to Regular Expression D ...)
+ NOT-FOR-US: Node printf
+CVE-2021-23353 (This affects the package jspdf before 2.3.1. ReDoS is possible via the ...)
+ NOT-FOR-US: Node jspdf
+CVE-2021-23352 (This affects the package madge before 4.0.1. It is possible to specify ...)
+ NOT-FOR-US: Node madge
+CVE-2021-23351 (The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable ...)
+ - golang-github-pires-go-proxyproto 0.4.2-1 (bug #985025)
+ NOTE: https://github.com/pires/go-proxyproto/issues/69
+ NOTE: https://github.com/pires/go-proxyproto/commit/7f48261db810703d173f27f3309a808cc2b49b8b
+ NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1081577
+CVE-2021-23350
+ RESERVED
+CVE-2021-23349
+ RESERVED
+CVE-2021-23348 (This affects the package portprocesses before 1.0.5. If (attacker-cont ...)
+ NOT-FOR-US: Node portprocesses
+CVE-2021-23347 (The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 ...)
+ NOT-FOR-US: argo-cd
+CVE-2021-23346 (This affects the package html-parse-stringify before 2.0.1; all versio ...)
+ NOT-FOR-US: html-parse-stringify
+CVE-2021-23345 (All versions of package github.com/thecodingmachine/gotenberg are vuln ...)
+ NOT-FOR-US: gotenberg
+CVE-2021-23344 (The package total.js before 3.4.8 are vulnerable to Remote Code Execut ...)
+ NOT-FOR-US: total.js
+CVE-2021-23343 (All versions of package path-parse are vulnerable to Regular Expressio ...)
+ NOT-FOR-US: Node path-parse
+CVE-2021-23342 (This affects the package docsify before 4.12.0. It is possible to bypa ...)
+ NOT-FOR-US: docsify
+CVE-2021-23341 (The package prismjs before 1.23.0 are vulnerable to Regular Expression ...)
+ - node-prismjs 1.23.0+dfsg-1 (bug #985109)
+ NOTE: https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609 (v1.23.0)
+ NOTE: https://github.com/PrismJS/prism/pull/2584
+ NOTE: https://github.com/PrismJS/prism/issues/2583
+CVE-2021-23340 (This affects the package pimcore/pimcore before 6.8.8. A Local FIle In ...)
+ NOT-FOR-US: Pimcore
+CVE-2021-23339 (This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of ...)
+ NOT-FOR-US: com.typesafe.akka:akka-http-core
+CVE-2021-23338 (This affects all versions of package qlib. The workflow function in cl ...)
+ NOT-FOR-US: qlib
+CVE-2021-23337 (Lodash versions prior to 4.17.21 are vulnerable to Command Injection v ...)
+ - node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086)
+ [buster] - node-lodash <no-dsa> (Minor issue)
+ [stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1040724
+CVE-2021-23336 (The package python/cpython from 0 and before 3.6.13, from 3.7.0 and be ...)
+ {DLA-2628-1 DLA-2619-1 DLA-2569-1}
+ - python-django 2:2.2.19-1 (bug #983090)
+ [buster] - python-django <no-dsa> (Minor issue; can be fixed via point release)
+ - python3.9 3.9.2-1
+ - python3.8 <removed>
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ - python2.7 <unfixed>
+ [bullseye] - python2.7 <ignored> (Python 2.7 in Bullseye not covered by security support)
+ [buster] - python2.7 <no-dsa> (Minor issue)
+ - pypy3 7.3.3+dfsg-3
+ [buster] - pypy3 <no-dsa> (Minor issue)
+ NOTE: https://github.com/python/cpython/pull/24297
+ NOTE: https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)
+ NOTE: https://github.com/python/cpython/commit/c9f07813ab8e664d8c34413c4fc2d4f86c061a92 (3.9)
+ NOTE: https://github.com/python/cpython/commit/d0d4d30882fe3ab9b1badbecf5d15d94326fd13e (3.7)
+ NOTE: https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/
+CVE-2021-23335 (All versions of package is-user-valid are vulnerable to LDAP Injection ...)
+ NOT-FOR-US: Node is-user-valid
+CVE-2021-23334
+ REJECTED
+CVE-2021-23333
+ RESERVED
+CVE-2021-23332
+ RESERVED
+CVE-2021-23331 (This affects all versions of package com.squareup:connect. The method ...)
+ NOT-FOR-US: com.squareup:connect
+CVE-2021-23330 (All versions of package launchpad are vulnerable to Command Injection ...)
+ NOT-FOR-US: Node launchpad
+CVE-2021-23329 (The package nested-object-assign before 1.0.4 are vulnerable to Protot ...)
+ NOT-FOR-US: Node nested-object-assign
+CVE-2021-23328 (This affects all versions of package iniparserjs. This vulnerability r ...)
+ NOT-FOR-US: Node iniparserjs
+CVE-2021-23327 (The package apexcharts before 3.24.0 are vulnerable to Cross-site Scri ...)
+ NOT-FOR-US: apexcharts
+CVE-2021-23326 (This affects the package @graphql-tools/git-loader before 6.2.6. The u ...)
+ NOT-FOR-US: graphql-tools/git-loader
+CVE-2021-23325
+ RESERVED
+CVE-2021-23324
+ RESERVED
+CVE-2021-23323
+ RESERVED
+CVE-2021-23322
+ RESERVED
+CVE-2021-23321
+ RESERVED
+CVE-2021-23320
+ RESERVED
+CVE-2021-23319
+ RESERVED
+CVE-2021-23318
+ RESERVED
+CVE-2021-23317
+ RESERVED
+CVE-2021-23316
+ RESERVED
+CVE-2021-23315
+ RESERVED
+CVE-2021-23314
+ RESERVED
+CVE-2021-23313
+ RESERVED
+CVE-2021-23312
+ RESERVED
+CVE-2021-23311
+ RESERVED
+CVE-2021-23310
+ RESERVED
+CVE-2021-23309
+ RESERVED
+CVE-2021-23308
+ RESERVED
+CVE-2021-23307
+ RESERVED
+CVE-2021-23306
+ RESERVED
+CVE-2021-23305
+ RESERVED
+CVE-2021-23304
+ RESERVED
+CVE-2021-23303
+ RESERVED
+CVE-2021-23302
+ RESERVED
+CVE-2021-23301
+ RESERVED
+CVE-2021-23300
+ RESERVED
+CVE-2021-23299
+ RESERVED
+CVE-2021-23298
+ RESERVED
+CVE-2021-23297
+ RESERVED
+CVE-2021-23296
+ RESERVED
+CVE-2021-23295
+ RESERVED
+CVE-2021-23294
+ RESERVED
+CVE-2021-23293
+ RESERVED
+CVE-2021-23292
+ RESERVED
+CVE-2021-23291
+ RESERVED
+CVE-2021-23290
+ RESERVED
+CVE-2021-23289
+ RESERVED
+CVE-2021-23288
+ RESERVED
+CVE-2021-23287
+ RESERVED
+CVE-2021-23286
+ RESERVED
+CVE-2021-23285
+ RESERVED
+CVE-2021-23284
+ RESERVED
+CVE-2021-23283
+ RESERVED
+CVE-2021-23282
+ RESERVED
+CVE-2021-23281 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
+CVE-2021-23280 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
+CVE-2021-23279 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
+CVE-2021-23278 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
+CVE-2021-23277 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to u ...)
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
+CVE-2021-23276 (Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to a ...)
+ NOT-FOR-US: Eaton Intelligent Power Manager (IPM)
+CVE-2021-23275 (The Windows Installation component of TIBCO Software Inc.'s TIBCO Ente ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Ga ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-23272 (The Application Development Clients component of TIBCO Software Inc.'s ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-23271 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX ...)
+ NOT-FOR-US: TIBCO
+CVE-2021-3113 (Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers ...)
+ NOT-FOR-US: Netsia SEBA+
+CVE-2021-23270 (In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur tha ...)
+ NOT-FOR-US: Gargoyle OS
+CVE-2021-23269
+ RESERVED
+CVE-2021-23268
+ RESERVED
+CVE-2021-23267
+ RESERVED
+CVE-2021-23266
+ RESERVED
+CVE-2021-23265
+ RESERVED
+CVE-2021-23264 (Installations, where crafter-search is not protected, allow unauthenti ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23263 (Unauthenticated remote attackers can read textual content via FreeMark ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23262 (Authenticated administrators may modify the main YAML configuration fi ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23261 (Authenticated administrators may override the system configuration fil ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23260 (Authenticated users with Site roles may inject XSS scripts via file na ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23259 (Authenticated users with Administrator or Developer roles may execute ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23258 (Authenticated users with Administrator or Developer roles may execute ...)
+ NOT-FOR-US: Crafter CMS
+CVE-2021-23257
+ RESERVED
+CVE-2021-23256
+ RESERVED
+CVE-2021-23255
+ RESERVED
+CVE-2021-23254
+ RESERVED
+CVE-2021-23253 (Opera Mini for Android below 53.1 displays URL left-aligned in the add ...)
+ NOT-FOR-US: Opera Mini for Android
+CVE-2021-23252
+ RESERVED
+CVE-2021-23251
+ RESERVED
+CVE-2021-23250
+ RESERVED
+CVE-2021-23249
+ RESERVED
+CVE-2021-23248
+ RESERVED
+CVE-2021-23247
+ RESERVED
+CVE-2021-23246
+ RESERVED
+CVE-2021-23245
+ RESERVED
+CVE-2021-23244 (ColorOS pregrant dangerous permissions to apps which are listed in a w ...)
+ NOT-FOR-US: OPPO Android Phone
+CVE-2021-23243 (In Oppo's battery application, the third-party SDK provides the functi ...)
+ NOT-FOR-US: OPPO Android Phone
+CVE-2021-3112
+ RESERVED
+CVE-2021-3111 (The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via ...)
+ NOT-FOR-US: Concrete5
+CVE-2021-3110 (The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL i ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-3109 (The custom menu item options page in SolarWinds Orion Platform before ...)
+ NOT-FOR-US: SolarWinds
+CVE-2021-23242 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...)
+ NOT-FOR-US: MERCUSYS Mercury X18G devices
+CVE-2021-23241 (MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ ...)
+ NOT-FOR-US: MERCUSYS Mercury X18G devices
+CVE-2021-23240 (selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a loc ...)
+ - sudo 1.9.5-1 (unimportant)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2
+ NOTE: https://www.sudo.ws/repos/sudo/rev/8fcb36ef422a
+ NOTE: https://www.sudo.ws/alerts/sudoedit_selinux.html
+ NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1)
+CVE-2021-23239 (The sudoedit personality of Sudo before 1.9.5 may allow a local unpriv ...)
+ - sudo 1.9.5-1
+ [buster] - sudo <no-dsa> (Minor issue)
+ [stretch] - sudo <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/11/2
+ NOTE: https://www.sudo.ws/repos/sudo/rev/ea19d0073c02
+CVE-2021-3108
+ RESERVED
+CVE-2021-3107
+ RESERVED
+CVE-2021-3106
+ RESERVED
+CVE-2021-23238
+ RESERVED
+CVE-2021-23237
+ RESERVED
+CVE-2021-3105
+ RESERVED
+CVE-2021-3104
+ RESERVED
+CVE-2021-3103
+ RESERVED
+CVE-2021-3102
+ RESERVED
+CVE-2021-3101
+ RESERVED
+CVE-2021-3100
+ RESERVED
+CVE-2021-3099
+ RESERVED
+CVE-2021-3098
+ RESERVED
+CVE-2021-3097
+ RESERVED
+CVE-2021-3096
+ RESERVED
+CVE-2021-3095
+ REJECTED
+CVE-2021-3094
+ RESERVED
+CVE-2021-3093
+ RESERVED
+CVE-2021-3092
+ RESERVED
+CVE-2021-3091
+ RESERVED
+CVE-2021-3090
+ REJECTED
+CVE-2021-3089
+ RESERVED
+CVE-2021-3088
+ RESERVED
+CVE-2021-3087
+ RESERVED
+CVE-2021-3086
+ RESERVED
+CVE-2021-3085
+ RESERVED
+CVE-2021-3084
+ RESERVED
+CVE-2021-3083
+ RESERVED
+CVE-2021-3082
+ RESERVED
+CVE-2021-3081
+ RESERVED
+CVE-2021-3080
+ RESERVED
+CVE-2021-3079
+ RESERVED
+CVE-2021-3078
+ RESERVED
+CVE-2021-3077
+ RESERVED
+CVE-2021-3076
+ RESERVED
+CVE-2021-3075
+ RESERVED
+CVE-2021-3074
+ RESERVED
+CVE-2021-3073
+ RESERVED
+CVE-2021-3072
+ RESERVED
+CVE-2021-3071
+ RESERVED
+CVE-2021-3070
+ RESERVED
+CVE-2021-3069
+ RESERVED
+CVE-2021-3068
+ RESERVED
+CVE-2021-3067
+ RESERVED
+CVE-2021-3066
+ RESERVED
+CVE-2021-3065
+ RESERVED
+CVE-2021-3064 (A memory corruption vulnerability exists in Palo Alto Networks GlobalP ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3063 (An improper handling of exceptional conditions vulnerability exists in ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3062 (An improper access control vulnerability in PAN-OS software enables an ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3061 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3060 (An OS command injection vulnerability in the Simple Certificate Enroll ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3059 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3058 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3057 (A stack-based buffer overflow vulnerability exists in the Palo Alto Ne ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3056 (A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalP ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3055 (An improper restriction of XML external entity (XXE) reference vulnera ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3054 (A time-of-check to time-of-use (TOCTOU) race condition vulnerability i ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3053 (An improper handling of exceptional conditions vulnerability exists in ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3052 (A reflected cross-site scripting (XSS) vulnerability in the Palo Alto ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3051 (An improper verification of cryptographic signature vulnerability exis ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3050 (An OS command injection vulnerability in the Palo Alto Networks PAN-OS ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2021-3049 (An improper authorization vulnerability in the Palo Alto Networks Cort ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3048 (Certain invalid URL entries contained in an External Dynamic List (EDL ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3047 (A cryptographically weak pseudo-random number generator (PRNG) is used ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3046 (An improper authentication vulnerability exists in Palo Alto Networks ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3045 (An OS command argument injection vulnerability in the Palo Alto Networ ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3044 (An improper authorization vulnerability in Palo Alto Networks Cortex X ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3043 (A reflected cross-site scripting (XSS) vulnerability exists in the Pri ...)
+ NOT-FOR-US: Prisma Cloud Compute web console (Palo Alto Networks)
+CVE-2021-3042 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3041 (A local privilege escalation vulnerability exists in the Palo Alto Net ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3040 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3039 (An information exposure through log file vulnerability exists in the P ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3038 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3037 (An information exposure through log file vulnerability exists in Palo ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3036 (An information exposure through log file vulnerability exists in Palo ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3035 (An unsafe deserialization vulnerability in Bridgecrew Checkov by Prism ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3034 (An information exposure through log file vulnerability exists in Corte ...)
+ NOT-FOR-US: Cortex XSOAR software (Palo Alto Networks)
+CVE-2021-3033 (An improper verification of cryptographic signature vulnerability exis ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3032 (An information exposure through log file vulnerability exists in Palo ...)
+ NOT-FOR-US: Palo Alto Networks PAN-OS
+CVE-2021-3031 (Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, P ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2021-3030
+ RESERVED
+CVE-2021-23234
+ RESERVED
+CVE-2021-23135 (Exposure of System Data to an Unauthorized Control Sphere vulnerabilit ...)
+ NOT-FOR-US: Argo CD
+CVE-2021-23134 (Use After Free vulnerability in nfc sockets in the Linux Kernel before ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/4
+CVE-2021-23133 (A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) befo ...)
+ {DLA-2690-1 DLA-2689-1}
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/linus/34e5b01186858b36c4d7c87e1a025071e8e2401f
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/18/2
+CVE-2021-23132 (An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media all ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23131 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23130 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23129 (An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filte ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23128 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core ship ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23127 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an i ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23126 (An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23125 (An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of e ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23124 (An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of e ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23123 (An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of A ...)
+ NOT-FOR-US: Joomla!
+CVE-2021-23122
+ RESERVED
+CVE-2021-23121
+ RESERVED
+CVE-2021-23120
+ RESERVED
+CVE-2021-23119
+ RESERVED
+CVE-2021-23118
+ RESERVED
+CVE-2021-23117
+ RESERVED
+CVE-2021-23116
+ RESERVED
+CVE-2021-23115
+ RESERVED
+CVE-2021-23114
+ RESERVED
+CVE-2021-23113
+ RESERVED
+CVE-2021-23112
+ RESERVED
+CVE-2021-23111
+ RESERVED
+CVE-2021-23110
+ RESERVED
+CVE-2021-23109
+ RESERVED
+CVE-2021-23108
+ RESERVED
+CVE-2021-23107
+ RESERVED
+CVE-2021-23106
+ RESERVED
+CVE-2021-23105
+ RESERVED
+CVE-2021-23104
+ RESERVED
+CVE-2021-23103
+ RESERVED
+CVE-2021-23102
+ RESERVED
+CVE-2021-23101
+ RESERVED
+CVE-2021-23100
+ RESERVED
+CVE-2021-23099
+ RESERVED
+CVE-2021-23098
+ RESERVED
+CVE-2021-23097
+ RESERVED
+CVE-2021-23096
+ RESERVED
+CVE-2021-23095
+ RESERVED
+CVE-2021-23094
+ RESERVED
+CVE-2021-23093
+ RESERVED
+CVE-2021-23092
+ RESERVED
+CVE-2021-23091
+ RESERVED
+CVE-2021-23090
+ RESERVED
+CVE-2021-23089
+ RESERVED
+CVE-2021-23088
+ RESERVED
+CVE-2021-23087
+ RESERVED
+CVE-2021-23086
+ RESERVED
+CVE-2021-23085
+ RESERVED
+CVE-2021-23084
+ RESERVED
+CVE-2021-23083
+ RESERVED
+CVE-2021-23082
+ RESERVED
+CVE-2021-23081
+ RESERVED
+CVE-2021-23080
+ RESERVED
+CVE-2021-23079
+ RESERVED
+CVE-2021-23078
+ RESERVED
+CVE-2021-23077
+ RESERVED
+CVE-2021-23076
+ RESERVED
+CVE-2021-23075
+ RESERVED
+CVE-2021-23074
+ RESERVED
+CVE-2021-23073
+ RESERVED
+CVE-2021-23072
+ RESERVED
+CVE-2021-23071
+ RESERVED
+CVE-2021-23070
+ RESERVED
+CVE-2021-23069
+ RESERVED
+CVE-2021-23068
+ RESERVED
+CVE-2021-23067
+ RESERVED
+CVE-2021-23066
+ RESERVED
+CVE-2021-23065
+ RESERVED
+CVE-2021-23064
+ RESERVED
+CVE-2021-23063
+ RESERVED
+CVE-2021-23062
+ RESERVED
+CVE-2021-23061
+ RESERVED
+CVE-2021-23060
+ RESERVED
+CVE-2021-23059
+ RESERVED
+CVE-2021-23058
+ RESERVED
+CVE-2021-23057
+ RESERVED
+CVE-2021-23056
+ RESERVED
+CVE-2021-23055
+ RESERVED
+CVE-2021-23054 (On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23053 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x be ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23052 (On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23051 (On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Develo ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23050 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 a ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23049 (On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, whe ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23048 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23047 (On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23046 (On all versions of Guided Configuration before 8.0.0, when a configura ...)
+ NOT-FOR-US: F5
+CVE-2021-23045 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23044 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23043 (On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23042 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23041 (On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23040 (On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23039 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23038 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x befo ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23037 (On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23036 (On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe prof ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23035 (On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured o ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23034 (On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23033 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23032 (On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23031 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23030 (On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23029 (On version 16.0.x before 16.0.1.2, insufficient permission checks may ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23028 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x befo ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23027 (On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23026 (BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x be ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23025 (On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x befo ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23024 (On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG ...)
+ NOT-FOR-US: F5
+CVE-2021-23023 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23022 (On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, t ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23021 (The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/co ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2021-23020 (The NAAS 3.x before 3.10.0 API keys were generated using an insecure p ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2021-23019 (The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administra ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2021-23018 (Intra-cluster communication does not use TLS. The services within the ...)
+ NOT-FOR-US: NGINX Controller
+CVE-2021-23017 (A security issue in nginx resolver was identified, which might allow a ...)
+ {DSA-4921-1 DLA-2670-1}
+ - nginx 1.18.0-6.1 (bug #989095)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/5
+ NOTE: Patch: http://nginx.org/download/patch.2021.resolver.txt
+ NOTE: Fixed by: https://github.com/nginx/nginx/commit/7199ebc203f74fd9e44595474de6bdc41740c5cf (1.20.1)
+CVE-2021-23016 (On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23015 (On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 throu ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23014 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23013 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23012 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23011 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x befor ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23010 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x befor ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23009 (On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, mal ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23008 (On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23007 (On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Mi ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23006 (On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23005 (On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum devi ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23004 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23003 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23002 (When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23001 (On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x bef ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-23000 (On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22999 (On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22998 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22997 (On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22996 (On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22995 (On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22994 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22993 (On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22992 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22991 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22990 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22989 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22988 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22987 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22986 (On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22985 (On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22984 (On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22983 (On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, an ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22982 (On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22981 (On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22980 (In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, a ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22979 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22978 (On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22977 (On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation betwe ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22976 (On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22975 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22974 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22973 (On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2021-22972
+ RESERVED
+CVE-2021-22971
+ RESERVED
+CVE-2021-22970 (Concrete CMS (formerly concrete5) versions 8.5.6 and below and version ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22969 (Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF miti ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22968 (A bypass of adding remote files in Concrete CMS (previously concrete5) ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22967 (In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthe ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22966 (Privilege escalation from Editor to Admin using Groups in Concrete CMS ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22965 (A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22964 (A redirect vulnerability in the `fastify-static` module version &gt;= ...)
+ NOT-FOR-US: fastify-static
+CVE-2021-22963 (A redirect vulnerability in the fastify-static module version &lt; 4.2 ...)
+ NOT-FOR-US: fastify-static
+CVE-2021-22962
+ RESERVED
+CVE-2021-22961 (A code injection vulnerability exists within the firewall software of ...)
+ NOT-FOR-US: GlassWire
+CVE-2021-22960 (The parse function in llhttp &lt; 2.1.4 and &lt; 6.0.6. ignores chunk ...)
+ - nodejs 12.22.7~dfsg-1
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-when-parsing-the-body-medium-cve-2021-22960
+CVE-2021-22959 (The parser in accepts requests with a space (SP) right after the heade ...)
+ - nodejs 12.22.7~dfsg-1
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/#http-request-smuggling-due-to-spaced-in-headers-medium-cve-2021-22959
+CVE-2021-22958 (A Server-Side Request Forgery vulnerability was found in concrete5 &lt ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22957 (A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Pr ...)
+ NOT-FOR-US: UniFi Protect
+CVE-2021-22956 (An uncontrolled resource consumption vulnerability exists in Citrix AD ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22955 (A unauthenticated denial of service vulnerability exists in Citrix ADC ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22954 (A cross-site request forgery vulnerability exists in Concrete CMS &lt; ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22953 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to c ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22952 (A vulnerability found in UniFi Talk application V1.12.3 and earlier pe ...)
+ NOT-FOR-US: UniFI Talk
+CVE-2021-22951 (Unauthorized individuals could view password protected files using vie ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22950 (Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachme ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22949 (A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to d ...)
+ NOT-FOR-US: Concrete CMS
+CVE-2021-22948 (Vulnerability in the generation of session IDs in revive-adserver &lt; ...)
+ NOT-FOR-US: revive-adserver
+CVE-2021-22947 (When curl &gt;= 7.20.0 and &lt;= 7.78.0 connects to an IMAP or POP3 se ...)
+ {DLA-2773-1}
+ - curl 7.79.1-1
+ [bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
+ NOTE: https://curl.se/docs/CVE-2021-22947.html
+ NOTE: Fixed by: https://github.com/curl/curl/commit/8ef147c43646e91fdaad5d0e7b60351f842e5c68 (curl-7_79_0)
+CVE-2021-22946 (A user can tell curl &gt;= 7.20.0 and &lt;= 7.78.0 to require a succes ...)
+ {DLA-2773-1}
+ - curl 7.79.1-1
+ [bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
+ NOTE: https://curl.se/docs/CVE-2021-22946.html
+ NOTE: Fixed by: https://github.com/curl/curl/commit/364f174724ef115c63d5e5dc1d3342c8a43b1cca (curl-7_79_0)
+CVE-2021-22945 (When sending data to an MQTT server, libcurl &lt;= 7.73.0 and 7.78.0 c ...)
+ - curl 7.79.1-1
+ [bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <not-affected> (Vulnerable code introduced later)
+ [stretch] - curl <not-affected> (Vulnerable code introduced later)
+ NOTE: https://curl.se/docs/CVE-2021-22945.html
+ NOTE: Fixed by: https://github.com/curl/curl/commit/43157490a5054bd24256fe12876931e8abc9df49 (curl-7_79_0)
+CVE-2021-22944 (A vulnerability found in UniFi Protect application V1.18.1 and earlier ...)
+ NOT-FOR-US: UniFi Protect application
+CVE-2021-22943 (A vulnerability found in UniFi Protect application V1.18.1 and earlier ...)
+ NOT-FOR-US: UniFi Protect application
+CVE-2021-22942 (A possible open redirect vulnerability in the Host Authorization middl ...)
+ [experimental] - rails 2:6.1.4.1+dfsg-1
+ - rails <unfixed> (bug #992586)
+ [bullseye] - rails <no-dsa> (Minor issue)
+ [buster] - rails <not-affected> (Vulnerable code not present)
+ [stretch] - rails <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/20/1
+CVE-2021-22941 (Improper Access Control in Citrix ShareFile storage zones controller b ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22940 (Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use aft ...)
+ - nodejs 12.22.5~dfsg-1
+ [bullseye] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
+ [buster] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
+ [stretch] - nodejs <not-affected> (Incomplete fix for CVE-2021-22930 not applied)
+ NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22940
+CVE-2021-22939 (If the Node.js https API was used incorrectly and "undefined" was in p ...)
+ - nodejs 12.22.5~dfsg-1
+ [bullseye] - nodejs 12.22.5~dfsg-2~11u1
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#incomplete-validation-of-rejectunauthorized-parameter-low-cve-2021-22939
+CVE-2021-22938 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22937 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22936 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow a th ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22935 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22934 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22933 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22932 (An issue has been identified in the CTX269106 mitigation tool for Citr ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22931 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Co ...)
+ - nodejs <not-affected> (Debian builds nodejs against src:c-ares)
+ NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931
+CVE-2021-22930 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use aft ...)
+ - nodejs 12.22.4~dfsg-1
+ [bullseye] - nodejs 12.22.5~dfsg-2~11u1
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/nodejs/node/commit/b263f2585ab53f56e0e22b46cf1f8519a8af8a05
+ NOTE: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/#use-after-free-on-close-http2-on-stream-canceling-high-cve-2021-22930
+ NOTE: Possible incomplete fix (at least for v12): https://github.com/nodejs/node/issues/38964#issuecomment-889936936
+ NOTE: CVE for the incomplete fix tracked as CVE-2021-22940
+CVE-2021-22929 (An information disclosure exists in Brave Browser Desktop prior to ver ...)
+ - brave-browser <itp> (bug #864795)
+CVE-2021-22928 (A vulnerability has been identified in Citrix Virtual Apps and Desktop ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22927 (A session fixation vulnerability exists in Citrix ADC and Citrix Gatew ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22926 (libcurl-using applications can ask for a specific client certificate t ...)
+ NOT-FOR-US: curl builds on MacOS
+CVE-2021-22925 (curl supports the `-t` command line option, known as `CURLOPT_TELNETOP ...)
+ - curl <not-affected> (Incomplete fix for CVE-2021-22898 not applied)
+ NOTE: https://curl.se/docs/CVE-2021-22925.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (curl-7_7_alpha2)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/894f6ec730597eb243618d33cc84d71add8d6a8a (curl-7_78_0)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/4
+ NOTE: CVE is assigned because previous attempt to address CVE-2021-22898 resulted to be
+ NOTE: insufficient and the security vulnerability remained.
+CVE-2021-22924 (libcurl keeps previously used connections in a connection pool for sub ...)
+ {DLA-2734-1}
+ - curl 7.79.1-1 (bug #991492)
+ [bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
+ NOTE: https://curl.se/docs/CVE-2021-22924.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/89721ff04af70f527baae1368f3b992777bf6526 (curl-7_10_4)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/5ea3145850ebff1dc2b13d17440300a01ca38161 (curl-7_78_0)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/3
+CVE-2021-22923 (When curl is instructed to get content using the metalink feature, and ...)
+ - curl <unfixed> (unimportant)
+ NOTE: https://curl.se/docs/CVE-2021-22923.html
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/2
+ NOTE: The fix for earlier versions is to rebuild curl with the metalink support
+ NOTE: switched off.
+ NOTE: Metalink support not enabled in Debian builds.
+CVE-2021-22922 (When curl is instructed to download content using the metalink feature ...)
+ - curl <unfixed> (unimportant)
+ NOTE: https://curl.se/docs/CVE-2021-22922.html
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/21/1
+ NOTE: The fix for earlier versions is to rebuild curl with the metalink support
+ NOTE: switched off.
+ NOTE: Metalink support not enabled in Debian builds.
+CVE-2021-22921 (Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local pri ...)
+ - nodejs <not-affected> (Only affects Windows installer)
+CVE-2021-22920 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22919 (A vulnerability has been discovered in Citrix ADC (formerly known as N ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22918 (Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bou ...)
+ {DSA-4936-1}
+ - libuv1 1.40.0-2 (bug #990561)
+ [stretch] - libuv1 <not-affected> (Vulnerable code added later)
+ NOTE: https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
+ NOTE: https://github.com/nodejs/node/commit/d33aead28bcec32a2a450f884907a6d971631829
+CVE-2021-22917 (Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to ...)
+ - brave-browser <itp> (bug #864795)
+CVE-2021-22916 (In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is ...)
+ - brave-browser <itp> (bug #864795)
+CVE-2021-22915 (Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brut ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-22914 (Citrix Cloud Connector before 6.31.0.62192 suffers from insecure stora ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22913 (Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclos ...)
+ NOT-FOR-US: Nextcloud Deck
+CVE-2021-22912 (Nextcloud iOS before 3.4.2 suffers from an information disclosure vuln ...)
+ NOT-FOR-US: Nextcloud iOS
+CVE-2021-22911 (A improper input sanitization vulnerability exists in Rocket.Chat serv ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2021-22910 (A sanitization vulnerability exists in Rocket.Chat server versions &lt ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2021-22909 (A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could a ...)
+ NOT-FOR-US: EdgeMAX EdgeRouter
+CVE-2021-22908 (A buffer overflow vulnerability exists in Windows File Resource Profil ...)
+ NOT-FOR-US: Windows File Resource Profiles
+CVE-2021-22907 (An improper access control vulnerability exists in Citrix Workspace Ap ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22906 (Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-22905 (Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnera ...)
+ NOT-FOR-US: Nextcloud Android App (com.nextcloud.client)
+CVE-2021-22904 (The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffer ...)
+ {DSA-4929-1 DLA-2655-1}
+ - rails 2:6.0.3.7+dfsg-1 (bug #988214)
+ NOTE: https://github.com/rails/rails/commit/eab8c20f3ef6a022c4c11b439b1b22cef1768d5e (main)
+ NOTE: https://github.com/rails/rails/commit/d861fa8ade353390c4419b53a6c6b41f3005b1f2 (v6.0.3.7)
+ NOTE: https://github.com/rails/rails/commit/3d9e9fdf14e044b3ba66f909582c228a9d4ffb5c (v5.2.4.6)
+CVE-2021-22903 (The actionpack ruby gem before 6.1.3.2 suffers from a possible open re ...)
+ - rails <not-affected> (Vulnerable code introduced in 6.1.0.rc2)
+ NOTE: Introduced by: https://github.com/rails/rails/commit/9bc7ea5dab34c8657c91d0258bb5afd8bfcd3a8f (main)
+ NOTE: Fixed by: https://github.com/rails/rails/commit/55e0723846aa77ce6afcb677618578fb859b7fd7 (main)
+CVE-2021-22902 (The actionpack ruby gem (a framework for handling and responding to we ...)
+ - rails 2:6.0.3.7+dfsg-1 (bug #988214)
+ [buster] - rails <not-affected> (Vulnerable code introduced later)
+ [stretch] - rails <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed by: https://github.com/rails/rails/commit/b61b94181b2a0cecab49d90d8f259bc8e39b662a (main)
+ NOTE: Fixed by: https://github.com/rails/rails/commit/446afbd15360a347c923ca775b21a286dcb5297a (v6.0.3.7)
+CVE-2021-22901 (curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability ...)
+ - curl <not-affected> (Vulnerable code introduced later)
+ NOTE: https://curl.se/docs/CVE-2021-22901.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/a304051620b92e12b6b1b4e19edc57b34ea332b6 (7.75.0)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 (7.77.0)
+CVE-2021-22900 (A vulnerability allowed multiple unrestricted uploads in Pulse Connect ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22899 (A command injection vulnerability exists in Pulse Connect Secure befor ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22898 (curl 7.7 through 7.76.1 suffers from an information disclosure when th ...)
+ {DLA-2734-1}
+ - curl 7.79.1-1 (bug #989228)
+ [bullseye] - curl <no-dsa> (Minor issue)
+ [buster] - curl <no-dsa> (Minor issue)
+ NOTE: https://curl.se/docs/CVE-2021-22898.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (7.7)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde (7.77.0)
+ NOTE: Followup to not make curl vulnerable to CVE-2021-22925:
+ NOTE: https://github.com/curl/curl/commit/894f6ec730597eb243618d33cc84d71add8d6a8a (curl-7_78_0)
+CVE-2021-22897 (curl 7.61.0 through 7.76.1 suffers from exposure of data element to wr ...)
+ - curl <not-affected> (Windows only)
+ NOTE: https://curl.se/docs/CVE-2021-22897.html
+ NOTE: Introduced by: https://github.com/curl/curl/commit/9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28 (7.61.0)
+ NOTE: Fixed by: https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511 (7.77.0)
+ NOTE: Only affect builds with schannel support (which is Windows only)
+CVE-2021-22896 (Nextcloud Mail before 1.9.5 suffers from improper access control due t ...)
+ NOT-FOR-US: Nextcloud Mail
+CVE-2021-22895 (Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certif ...)
+ {DSA-4974-1}
+ - nextcloud-desktop 3.3.1-1 (bug #989846)
+ NOTE: https://github.com/nextcloud/desktop/pull/2926
+ NOTE: https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc (stable-3.1)
+ NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5
+CVE-2021-22894 (A buffer overflow vulnerability exists in Pulse Connect Secure before ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22893 (Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authen ...)
+ NOT-FOR-US: Pulse Connect Secure
+CVE-2021-22892 (An information disclosure vulnerability exists in the Rocket.Chat serv ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2021-22891 (A missing authorization vulnerability exists in Citrix ShareFile Stora ...)
+ NOT-FOR-US: Citrix
+CVE-2021-22890 (curl 7.63.0 to and including 7.75.0 includes vulnerability that allows ...)
+ {DSA-4881-1}
+ - curl 7.74.0-1.2 (bug #986270)
+ [stretch] - curl <not-affected> (Vulnerable code introduced later)
+ NOTE: https://curl.se/docs/CVE-2021-22890.html
+ NOTE: Fixed by: https://github.com/curl/curl/commit/b09c8ee15771c614c4bf3ddac893cdb12187c844
+CVE-2021-22889 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22888 (Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnera ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22887 (A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) mode ...)
+ NOT-FOR-US: BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000
+CVE-2021-22886 (Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persist ...)
+ NOT-FOR-US: Rocket.Chat
+CVE-2021-22885 (A possible information disclosure / unintended method execution vulner ...)
+ {DSA-4929-1 DLA-2655-1}
+ - rails 2:6.0.3.7+dfsg-1 (bug #988214)
+ NOTE: https://github.com/rails/rails/commit/c4c21a9f8d7c9c8ca6570bdb82d64e2dc860e62c (main)
+ NOTE: https://github.com/rails/rails/commit/f202249bdd701f908a57d733e633d366a982f8ce (v6.0.3.7)
+ NOTE: https://github.com/rails/rails/commit/3eb9e74c287750a9fe11f700fc96d3be1e83aa35 (v5.2.4.6)
+CVE-2021-22884 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...)
+ {DSA-4863-1}
+ - nodejs 12.21.0~dfsg-1
+ [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
+CVE-2021-22883 (Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to ...)
+ {DSA-4863-1}
+ - nodejs 12.21.0~dfsg-1
+ [stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
+CVE-2021-22882 (UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras ...)
+ NOT-FOR-US: UniFi Protect
+CVE-2021-22881 (The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3 ...)
+ - rails 2:6.0.3.5+dfsg-1
+ [buster] - rails <not-affected> (Vulnerable code not present)
+ [stretch] - rails <not-affected> (host_authorization.rb added later)
+ NOTE: https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130
+ NOTE: https://hackerone.com/reports/1047447
+ NOTE: https://github.com/rails/rails/commit/83a6ac3fee8fd538ce7e0088913ff54f0f9bcb6f (main)
+ NOTE: https://github.com/rails/rails/commit/e33092740b3cc05f5abee197a5982eac31947e92 (v6.0.3.5)
+CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4 ...)
+ {DSA-4929-1}
+ - rails 2:6.0.3.5+dfsg-1
+ [stretch] - rails <not-affected> (Vulnerable asterisk in regex added later)
+ NOTE: https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129
+ NOTE: https://hackerone.com/reports/1023899
+ NOTE: https://github.com/rails/rails/commit/eddda4d8fb6b6508e11196b14494ceac37b57339 (main)
+ NOTE: https://github.com/rails/rails/commit/879d02107b5b3eb7aeaad1cd1f259bb41f17286b (v6.0.3.5)
+ NOTE: https://github.com/rails/rails/commit/bf0ef9df1793046241c26b3fb92fac551d1628b4 (5.2-stable)
+CVE-2021-22879 (Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource inje ...)
+ - nextcloud-desktop 3.1.1-2 (bug #987274)
+ [buster] - nextcloud-desktop <no-dsa> (Minor issue)
+ NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2021-008
+ NOTE: https://github.com/nextcloud/desktop/pull/2906
+CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...)
+ - nextcloud-server <itp> (bug #941708)
+CVE-2021-22876 (curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Pr ...)
+ {DSA-4881-1 DLA-2664-1}
+ - curl 7.74.0-1.2 (bug #986269)
+ NOTE: https://curl.se/docs/CVE-2021-22876.html
+ NOTE: Fixed by: https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c
+CVE-2021-22875 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22874 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22873 (Revive Adserver before 5.1.0 is vulnerable to open redirects via the ` ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22872 (Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site s ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22871 (Revive Adserver before 5.1.0 permits any user with a manager account t ...)
+ NOT-FOR-US: Revive Adserver
+CVE-2021-22870 (A path traversal vulnerability was identified in GitHub Pages builds o ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-22869 (An improper access control vulnerability in GitHub Enterprise Server a ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-22868 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-22867 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-22866 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-22865 (An improper access control vulnerability was identified in GitHub Ente ...)
+ NOT-FOR-US: GitHub Enterprise Server
+CVE-2021-22864 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
+ NOT-FOR-US: GitHub Enterprise
+CVE-2021-22863 (An improper access control vulnerability was identified in the GitHub ...)
+ NOT-FOR-US: GitHub Enterprise
+CVE-2021-22862 (An improper access control vulnerability was identified in GitHub Ente ...)
+ NOT-FOR-US: GitHub Enterprise
+CVE-2021-22861 (An improper access control vulnerability was identified in GitHub Ente ...)
+ NOT-FOR-US: GitHub Enterprise
+CVE-2021-22860 (EIC e-document system does not perform completed identity verification ...)
+ NOT-FOR-US: EIC e-document system
+CVE-2021-22859 (The users&#8217; data querying function of EIC e-document system does ...)
+ NOT-FOR-US: EIC e-document system
+CVE-2021-22858 (Attackers can access the CGE account management function without privi ...)
+ NOT-FOR-US: CGE
+CVE-2021-22857 (The CGE page with download function contains a Directory Traversal vul ...)
+ NOT-FOR-US: CGE
+CVE-2021-22856 (The CGE property management system contains SQL Injection vulnerabilit ...)
+ NOT-FOR-US: CGE
+CVE-2021-22855 (The specific function of HR Portal of Soar Cloud System accepts any ty ...)
+ NOT-FOR-US: HR Portal of Soar Cloud System
+CVE-2021-22854 (The HR Portal of Soar Cloud System fails to filter specific parameters ...)
+ NOT-FOR-US: HR Portal of Soar Cloud System
+CVE-2021-22853 (The HR Portal of Soar Cloud System fails to manage access control. Whi ...)
+ NOT-FOR-US: HR Portal of Soar Cloud System
+CVE-2021-22852 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...)
+ NOT-FOR-US: HGiga EIP
+CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...)
+ NOT-FOR-US: HGiga EIP
+CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain pages th ...)
+ NOT-FOR-US: HGiga EIP
+CVE-2021-22849 (Hyweb HyCMS-J1 backend editing function does not filter special charac ...)
+ NOT-FOR-US: Hyweb HyCMS-J1
+CVE-2021-22848 (HGiga MailSherlock contains a SQL Injection. Remote attackers can inje ...)
+ NOT-FOR-US: HGiga MailSherlock
+CVE-2021-22847 (Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote at ...)
+ NOT-FOR-US: Hyweb HyCMS-J1
+CVE-2021-22846
+ RESERVED
+CVE-2021-22845
+ RESERVED
+CVE-2021-22844
+ RESERVED
+CVE-2021-22843
+ RESERVED
+CVE-2021-22842
+ RESERVED
+CVE-2021-22841
+ RESERVED
+CVE-2021-22840
+ RESERVED
+CVE-2021-22839
+ RESERVED
+CVE-2021-22838
+ RESERVED
+CVE-2021-22837
+ RESERVED
+CVE-2021-22836
+ RESERVED
+CVE-2021-22835
+ RESERVED
+CVE-2021-22834
+ RESERVED
+CVE-2021-22833
+ RESERVED
+CVE-2021-22832
+ RESERVED
+CVE-2021-22831
+ RESERVED
+CVE-2021-22830
+ RESERVED
+CVE-2021-22829
+ RESERVED
+CVE-2021-22828
+ RESERVED
+CVE-2021-22827 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22826 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22825 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22824 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22823 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22822 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22821 (A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22820 (A CWE-614 Insufficient Session Expiration vulnerability exists that co ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22819 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22818 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22817 (A CWE-276: Incorrect Default Permissions vulnerability exists that cou ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22816 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22815 (A CWE-200: Information Exposure vulnerability exists which could cause ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22814 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22813 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22811 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22810 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22809 (A CWE-125:Out-of-Bounds Read vulnerability exists that could cause uni ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22808 (A CWE-416: Use After Free vulnerability exists that could cause arbitr ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22807 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause a ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22806 (A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability e ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22805 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22804 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22803 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22802 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22801 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22800 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22799 (A CWE-331: Insufficient Entropy vulnerability exists that could cause ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22798 (A CWE-522: Insufficiently Protected Credentials vulnerability exists t ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22797
+ RESERVED
+CVE-2021-22796 (A CWE-287: Improper Authentication vulnerability exists that could all ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22795
+ RESERVED
+CVE-2021-22794
+ RESERVED
+CVE-2021-22793 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22792 (A CWE-476: NULL Pointer Dereference vulnerability that could cause a D ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22791 (A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22790 (A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22789 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22788 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause d ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22787 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22786
+ RESERVED
+CVE-2021-22785 (A CWE-200: Information Exposure vulnerability exists that could cause ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22784 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22783
+ RESERVED
+CVE-2021-22782 (Missing Encryption of Sensitive Data vulnerability exists in EcoStruxu ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22781 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22780 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22779 (Authentication Bypass by Spoofing vulnerability exists in EcoStruxure ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22778 (Insufficiently Protected Credentials vulnerability exists in EcoStruxu ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22777 (A CWE-502: Deserialization of Untrusted Data vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22776
+ RESERVED
+CVE-2021-22775 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22774 (A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists i ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22773 (A CWE-620: Unverified Password Change vulnerability exists in EVlink C ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22772 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22771 (A CWE-1236: Improper Neutralization of Formula Elements in a CSV File ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22770 (A CWE-200: Information Exposure vulnerability exists in Easergy T300 w ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22769 (A CWE-552: Files or Directories Accessible to External Parties vulnera ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
+ NOT-FOR-US: PowerLogic EGX300
+CVE-2021-22767 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
+ NOT-FOR-US: PowerLogic EGX300
+CVE-2021-22766 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
+ NOT-FOR-US: PowerLogic EGX300
+CVE-2021-22765 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
+ NOT-FOR-US: PowerLogic
+CVE-2021-22764 (A CWE-287: Improper Authentication vulnerability exists in PowerLogic ...)
+ NOT-FOR-US: PowerLogic
+CVE-2021-22763 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...)
+ NOT-FOR-US: PowerLogic
+CVE-2021-22762 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22761 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22760 (A CWE-763: Release of invalid pointer or reference vulnerability exist ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22759 (A CWE-416: Use after free vulnerability exists inIGSS Definition (Def. ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22758 (A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22757 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22756 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22755 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22754 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22753 (A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition ( ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22752 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22751 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22750 (A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22749 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22748 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22747 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ NOT-FOR-US: Tricon
+CVE-2021-22746 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ NOT-FOR-US: Tricon
+CVE-2021-22745 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ NOT-FOR-US: Tricon
+CVE-2021-22744 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ NOT-FOR-US: Tricon
+CVE-2021-22743 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ NOT-FOR-US: Tricon
+CVE-2021-22742 (Improper Check for Unusual or Exceptional Conditions vulnerability exi ...)
+ NOT-FOR-US: Tricon
+CVE-2021-22741 (Use of Password Hash with Insufficient Computational Effort vulnerabil ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22740 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22739 (Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22738 (Use of a Broken or Risky Cryptographic Algorithm vulnerability exists ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22737 (Insufficiently Protected Credentials vulnerability exists in homeLYnk ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22736 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22735 (Improper Verification of Cryptographic Signature vulnerability exists ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22734 (Improper Verification of Cryptographic Signature vulnerability exists ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22733 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22732 (Improper Privilege Management vulnerability exists in homeLYnk (Wiser ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22731 (Weak Password Recovery Mechanism for Forgotten Password vulnerability ...)
+ NOT-FOR-US: Modicon
+CVE-2021-22730 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlin ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22729 (A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink C ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22728 (A CWE-200: Information Exposure vulnerability exists in EVlink City (E ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22727 (A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (E ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22726 (A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22725 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22724 (A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22723 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22722 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22721 (A CWE-200: Information Exposure vulnerability exists in EVlink City (E ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22720 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22719 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22718 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22717 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22716 (A CWE-269: Improper Privilege Management vulnerability exists in C-Bus ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22715
+ RESERVED
+CVE-2021-22714 (A CWE-119:Improper restriction of operations within the bounds of a me ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22713 (A CWE-119:Improper restriction of operations within the bounds of a me ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22712 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22711 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22710 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22709 (A CWE-119:Improper Restriction of Operations within the Bounds of a Me ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22708 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22707 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlin ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22706 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22705 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...)
+ NOT-FOR-US: Schneider
+CVE-2021-22704 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
+ NOT-FOR-US: PowerLogic
+CVE-2021-22702 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...)
+ NOT-FOR-US: PowerLogic
+CVE-2021-22701 (A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLog ...)
+ NOT-FOR-US: PowerLogic
+CVE-2021-22700
+ RESERVED
+CVE-2021-22699 (Improper Input Validation vulnerability exists in Modicon M241/M251 lo ...)
+ NOT-FOR-US: Modicon
+CVE-2021-22698 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
+ NOT-FOR-US: EcoStruxure Power Build
+CVE-2021-22697 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...)
+ NOT-FOR-US: EcoStruxure Power Build
+CVE-2021-3029 (** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) ...)
+ NOT-FOR-US: EVOLUCARE ECSIMAGING (aka ECS Imaging)
+CVE-2021-3028 (git-big-picture before 1.0.0 mishandles ' characters in a branch name, ...)
+ - git-big-picture 1.0.0-1
+ [buster] - git-big-picture <no-dsa> (Minor issue)
+ [stretch] - git-big-picture <no-dsa> (Minor issue)
+ NOTE: https://github.com/git-big-picture/git-big-picture/pull/62
+CVE-2021-22696 (CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via ...)
+ NOT-FOR-US: Apache CXF
+CVE-2021-3027 (app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected ...)
+ NOT-FOR-US: LibrIT PaSSHport
+CVE-2021-3026 (Invision Community IPS Community Suite before 4.5.4.2 allows XSS durin ...)
+ NOT-FOR-US: Invision Community IPS Community Suite
+CVE-2021-3025 (Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injec ...)
+ NOT-FOR-US: Invision Community IPS Community
+CVE-2021-22695
+ RESERVED
+CVE-2021-22694
+ RESERVED
+CVE-2021-22693
+ RESERVED
+CVE-2021-22692
+ RESERVED
+CVE-2021-22691
+ RESERVED
+CVE-2021-22690
+ RESERVED
+CVE-2021-22689
+ RESERVED
+CVE-2021-22688
+ RESERVED
+CVE-2021-22687
+ RESERVED
+CVE-2021-22686
+ RESERVED
+CVE-2021-3024 (HashiCorp Vault and Vault Enterprise disclosed the internal IP address ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2021-3023
+ RESERVED
+CVE-2021-3022 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2021-3021 (ISPConfig before 3.2.2 allows SQL injection. ...)
+ NOT-FOR-US: ISPConfig
+CVE-2021-3020
+ RESERVED
+CVE-2021-22685
+ RESERVED
+CVE-2021-22684 (Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in ...)
+ NOT-FOR-US: Tizen RT RTOS
+CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
+ NOT-FOR-US: Fatek FvDesigner
+CVE-2021-22682 (Cscape (All versions prior to 9.90 SP4) is configured by default to be ...)
+ NOT-FOR-US: Cscape
+CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, ...)
+ NOT-FOR-US: Rockwell Automation
+CVE-2021-22680
+ RESERVED
+CVE-2021-22679 (The affected product is vulnerable to an integer overflow while proces ...)
+ NOT-FOR-US: SimpleLink
+CVE-2021-22678 (Cscape (All versions prior to 9.90 SP4) lacks proper validation of use ...)
+ NOT-FOR-US: Cscape
+CVE-2021-22677 (An integer overflow exists in the APIs of the host MCU while trying to ...)
+ NOT-FOR-US: SimpleLink
+CVE-2021-22676 (UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site sc ...)
+ NOT-FOR-US: WebAccess/SCADA
+CVE-2021-22675 (The affected product is vulnerable to integer overflow while parsing m ...)
+ NOT-FOR-US: SimpleLink
+CVE-2021-22674 (The affected product is vulnerable to a relative path traversal condit ...)
+ NOT-FOR-US: WebAccess/SCADA
+CVE-2021-22673 (The affected product is vulnerable to stack-based buffer overflow whil ...)
+ NOT-FOR-US: SimpleLink
+CVE-2021-22672 (Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 ...)
+ NOT-FOR-US: Delta Electronics
+CVE-2021-22671 (Multiple integer overflow issues exist while processing long domain na ...)
+ NOT-FOR-US: SimpleLink
+CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Version ...)
+ NOT-FOR-US: Fatek FvDesigner
+CVE-2021-22669 (Incorrect permissions are set to default on the &#8216;Project Managem ...)
+ NOT-FOR-US: WebAccess/SCADA
+CVE-2021-22668 (Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (wit ...)
+ NOT-FOR-US: Delta Industrial Automation
+CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the ...)
+ NOT-FOR-US: BB-ESWGP506-2SFP-T
+CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-bas ...)
+ NOT-FOR-US: Fatek FvDesigner
+CVE-2021-22665 (Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 ...)
+ NOT-FOR-US: Rockwell Automation
+CVE-2021-22664 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds ...)
+ NOT-FOR-US: CNCSoft-B
+CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...)
+ NOT-FOR-US: Cscape
+CVE-2021-22662 (A use after free issue has been identified in Fatek FvDesigner Version ...)
+ NOT-FOR-US: Fatek FvDesigner
+CVE-2021-22661 (Changing the password on the module webpage does not require the user ...)
+ NOT-FOR-US: ProSoft Technology
+CVE-2021-22660 (CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds ...)
+ NOT-FOR-US: CNCSoft-B
+CVE-2021-22659 (Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a ...)
+ NOT-FOR-US: Rockwell Automation
+CVE-2021-22658 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...)
+ NOT-FOR-US: Advantech iView
+CVE-2021-22657 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API p ...)
+ NOT-FOR-US: mySCADA myPRO
+CVE-2021-22656 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to direc ...)
+ NOT-FOR-US: Advantech iView
+CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-22654 (Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL ...)
+ NOT-FOR-US: Advantech iView
+CVE-2021-22653 (Multiple out-of-bounds write issues have been identified in the way th ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-22652 (Access to the Advantech iView versions prior to v5.7.03.6112 configura ...)
+ NOT-FOR-US: Advantech iView
+CVE-2021-22651 (When loading a specially crafted file, Luxion KeyShot versions prior t ...)
+ NOT-FOR-US: Luxion
+CVE-2021-22650
+ RESERVED
+CVE-2021-22649 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...)
+ NOT-FOR-US: Luxion KeyShot
+CVE-2021-22648
+ RESERVED
+CVE-2021-22647 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...)
+ NOT-FOR-US: Luxion KeyShot
+CVE-2021-22646
+ RESERVED
+CVE-2021-22645 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...)
+ NOT-FOR-US: Luxion KeyShot
+CVE-2021-22644
+ RESERVED
+CVE-2021-22643 (Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions ...)
+ NOT-FOR-US: Luxion KeyShot
+CVE-2021-22642
+ RESERVED
+CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the way the ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-22640
+ RESERVED
+CVE-2021-22639 (An uninitialized pointer issue has been identified in the way the appl ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...)
+ NOT-FOR-US: Fatek FvDesigner
+CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...)
+ NOT-FOR-US: Fuji Electric
+CVE-2021-22636
+ RESERVED
+CVE-2021-22635
+ RESERVED
+CVE-2021-22634
+ RESERVED
+CVE-2021-22633
+ RESERVED
+CVE-2021-22632
+ RESERVED
+CVE-2021-22631
+ RESERVED
+CVE-2021-22630
+ RESERVED
+CVE-2021-22629
+ RESERVED
+CVE-2021-22628
+ RESERVED
+CVE-2021-22627
+ RESERVED
+CVE-2021-22626
+ RESERVED
+CVE-2021-22625
+ RESERVED
+CVE-2021-22624
+ RESERVED
+CVE-2021-22623
+ RESERVED
+CVE-2021-22622
+ RESERVED
+CVE-2021-22621
+ RESERVED
+CVE-2021-22620
+ RESERVED
+CVE-2021-22619
+ RESERVED
+CVE-2021-22618
+ RESERVED
+CVE-2021-22617
+ RESERVED
+CVE-2021-22616
+ RESERVED
+CVE-2021-22615
+ RESERVED
+CVE-2021-22614
+ RESERVED
+CVE-2021-22613
+ RESERVED
+CVE-2021-22612
+ RESERVED
+CVE-2021-22611
+ RESERVED
+CVE-2021-22610
+ RESERVED
+CVE-2021-22609
+ RESERVED
+CVE-2021-22608
+ RESERVED
+CVE-2021-22607
+ RESERVED
+CVE-2021-22606
+ RESERVED
+CVE-2021-22605
+ RESERVED
+CVE-2021-22604
+ RESERVED
+CVE-2021-22603
+ RESERVED
+CVE-2021-22602
+ RESERVED
+CVE-2021-22601
+ RESERVED
+CVE-2021-22600 (A double free bug in packet_set_ring() in net/packet/af_packet.c can b ...)
+ - linux 5.15.15-1
+ [bullseye] - linux 5.10.92-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (5.16-rc6)
+CVE-2021-22599
+ RESERVED
+CVE-2021-22598
+ RESERVED
+CVE-2021-22597
+ RESERVED
+CVE-2021-22596
+ RESERVED
+CVE-2021-22595
+ RESERVED
+CVE-2021-22594
+ RESERVED
+CVE-2021-22593
+ RESERVED
+CVE-2021-22592
+ RESERVED
+CVE-2021-22591
+ RESERVED
+CVE-2021-22589
+ RESERVED
+CVE-2021-22588
+ RESERVED
+CVE-2021-22587
+ RESERVED
+CVE-2021-22586
+ RESERVED
+CVE-2021-22585
+ RESERVED
+CVE-2021-22584
+ RESERVED
+CVE-2021-22583
+ RESERVED
+CVE-2021-22582
+ RESERVED
+CVE-2021-22581
+ RESERVED
+CVE-2021-22580
+ RESERVED
+CVE-2021-22579
+ RESERVED
+CVE-2021-22578
+ RESERVED
+CVE-2021-22577
+ RESERVED
+CVE-2021-22576
+ RESERVED
+CVE-2021-22575
+ RESERVED
+CVE-2021-22574
+ RESERVED
+CVE-2021-22573
+ RESERVED
+CVE-2021-22572
+ RESERVED
+CVE-2021-22571
+ RESERVED
+CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...)
+ [experimental] - protobuf 3.17.1-1
+ - protobuf <unfixed>
+ [bullseye] - protobuf <no-dsa> (Minor issue)
+ [buster] - protobuf <no-dsa> (Minor issue)
+ [stretch] - protobuf <postponed> (Minor issue; clean crash / Dos; patch needs to be isolated)
+ NOTE: Fixed upstream in v3.15.0: https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
+CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of com.google.proto ...)
+ [experimental] - protobuf 3.19.3-1
+ - protobuf <unfixed>
+ [bullseye] - protobuf <no-dsa> (Minor issue)
+ [buster] - protobuf <no-dsa> (Minor issue)
+ [stretch] - protobuf <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/12/4
+ NOTE: https://cloud.google.com/support/bulletins#gcp-2022-001
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330 (unclear, might be bogus)
+ NOTE: https://github.com/protocolbuffers/protobuf/pull/9371/commits/5ea2bdf6d7483d64a6b02fcf00ee51fbfb80e847
+CVE-2021-22568 (When using the dart pub publish command to publish a package to a thir ...)
+ NOT-FOR-US: Dart language
+CVE-2021-22567 (Bidirectional Unicode text can be interpreted and compiled differently ...)
+ NOT-FOR-US: Dart language (different from src:dart)
+ NOTE: https://github.com/dart-lang/sdk/commit/52519ea8eb4780c468c4c2ed00e7c8046ccfed41
+CVE-2021-22566 (An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead ...)
+ NOT-FOR-US: Google fuchsia
+CVE-2021-22565 (An attacker could prematurely expire a verification code, making it un ...)
+ NOT-FOR-US: Google reference COVID19 exposure verification component
+ NOTE: https://github.com/google/exposure-notifications-verification-server
+CVE-2021-22564 (For certain valid JPEG XL images with a size slightly larger than an i ...)
+ - jpeg-xl <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/libjxl/libjxl/issues/708
+ NOTE: https://github.com/libjxl/libjxl/pull/775
+ NOTE: https://github.com/libjxl/libjxl/commit/9d4a2de2f7a853f072c2a1bd6719e815a09075e9 (v0.6.1)
+CVE-2021-22563 (Invalid JPEG XL images using libjxl can cause an out of bounds access ...)
+ - jpeg-xl <not-affected> (Fixed with initial upload to Debian)
+ NOTE: https://github.com/libjxl/libjxl/issues/735
+ NOTE: https://github.com/libjxl/libjxl/pull/757
+ NOTE: https://github.com/libjxl/libjxl/commit/b0b39694d8ba6eb031eae217fcae488ce7403ae7 (v0.6.1)
+CVE-2021-22562
+ RESERVED
+CVE-2021-22561
+ RESERVED
+CVE-2021-22560
+ RESERVED
+CVE-2021-22559
+ RESERVED
+CVE-2021-22558
+ RESERVED
+CVE-2021-22557 (SLO generator allows for loading of YAML files that if crafted in a sp ...)
+ NOT-FOR-US: SLO generator
+CVE-2021-22556
+ RESERVED
+CVE-2021-22555 (A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was disco ...)
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528
+ NOTE: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
+CVE-2021-22554
+ RESERVED
+CVE-2021-22553 (Any git operation is passed through Jetty and a session is created. No ...)
+ - gerrit <itp> (bug #589436)
+CVE-2021-22552 (An untrusted memory read vulnerability in Asylo versions up to 0.6.1 a ...)
+ NOT-FOR-US: Asylo
+CVE-2021-22551
+ RESERVED
+CVE-2021-22550 (An attacker can modify the pointers in enclave memory to overwrite arb ...)
+ NOT-FOR-US: Asylo
+CVE-2021-22549 (An attacker can modify the address to point to trusted memory to overw ...)
+ NOT-FOR-US: Asylo
+CVE-2021-22548 (An attacker can change the pointer to untrusted memory to point to tru ...)
+ NOT-FOR-US: Asylo
+CVE-2021-22547 (In IoT Devices SDK, there is an implementation of calloc() that doesn' ...)
+ NOT-FOR-US: Google Cloud IoT Device SDK
+CVE-2021-22546
+ RESERVED
+CVE-2021-22545 (An attacker can craft a specific IdaPro *.i64 file that will cause the ...)
+ NOT-FOR-US: IDA Pro
+CVE-2021-22544
+ RESERVED
+CVE-2021-22543 (An issue was discovered in Linux: KVM through Improper handling of VM_ ...)
+ {DLA-2843-1 DLA-2785-1}
+ - linux 5.10.46-2
+ [buster] - linux 4.19.208-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/05/26/3
+ NOTE: https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584
+ NOTE: https://git.kernel.org/linus/f8be156be163a052a067306417cd0ff679068c97
+CVE-2021-22542
+ RESERVED
+CVE-2021-22541
+ RESERVED
+CVE-2021-22540 (Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an ...)
+ NOT-FOR-US: Dart SDK
+CVE-2021-22539 (An attacker can place a crafted JSON config file into the project fold ...)
+ NOT-FOR-US: VScode-bazel
+CVE-2021-22538 (A privilege escalation vulnerability impacting the Google Exposure Not ...)
+ NOT-FOR-US: Google Exposure Notification Verification Server
+CVE-2021-22537
+ RESERVED
+CVE-2021-22536
+ RESERVED
+CVE-2021-22535 (Unauthorized information security disclosure vulnerability on Micro Fo ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22534
+ RESERVED
+CVE-2021-22533
+ RESERVED
+CVE-2021-22532
+ RESERVED
+CVE-2021-22531
+ RESERVED
+CVE-2021-22530
+ RESERVED
+CVE-2021-22529
+ RESERVED
+CVE-2021-22528 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...)
+ NOT-FOR-US: NetIQ Access Manager
+CVE-2021-22527 (Information leakage vulnerability in NetIQ Access Manager prior to 5.0 ...)
+ NOT-FOR-US: NetIQ Access Manager
+CVE-2021-22526 (Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 ...)
+ NOT-FOR-US: NetIQ Access Manager
+CVE-2021-22525 (This release addresses a potential information leakage vulnerability i ...)
+ NOT-FOR-US: Microfocus
+CVE-2021-22524 (Injection attack caused the denial of service vulnerability in NetIQ A ...)
+ NOT-FOR-US: NetIQ Access Manager
+CVE-2021-22523 (XML External Entity vulnerability in Micro Focus Verastream Host Integ ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22522 (Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22521 (A privileged escalation vulnerability has been identified in Micro Foc ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22520
+ RESERVED
+CVE-2021-22519 (Execute arbitrary code vulnerability in Micro Focus SiteScope product, ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22518
+ RESERVED
+CVE-2021-22517 (A potential unauthorized privilege escalation vulnerability has been i ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22516 (Insertion of Sensitive Information into Log File vulnerability in Micr ...)
+ NOT-FOR-US: Micro Focus Secure API Manager
+CVE-2021-22515 (Multi-Factor Authentication (MFA) functionality can be bypassed, allow ...)
+ NOT-FOR-US: NetIQ
+CVE-2021-22514 (An arbitrary code execution vulnerability exists in Micro Focus Applic ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22513 (Missing Authorization vulnerability in Micro Focus Application Automat ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-22512 (Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Applica ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-22511 (Improper Certificate Validation vulnerability in Micro Focus Applicati ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-22510 (Reflected XSS vulnerability in Micro Focus Application Automation Tool ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-22509
+ RESERVED
+CVE-2021-22508
+ RESERVED
+CVE-2021-22507 (Authentication bypass vulnerability in Micro Focus Operations Bridge M ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22506 (Advance configuration exposing Information Leakage vulnerability in Mi ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22505 (Escalation of privileges vulnerability in Micro Focus Operations Agent ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22504 (Arbitrary code execution vulnerability on Micro Focus Operations Bridg ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22503
+ RESERVED
+CVE-2021-22502 (Remote Code execution vulnerability in Micro Focus Operation Bridge Re ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22501
+ RESERVED
+CVE-2021-22500 (Cross Site Request Forgery vulnerability in Micro Focus Application Pe ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22499 (Persistent Cross-Site scripting vulnerability in Micro Focus Applicati ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22498 (XML External Entity Injection vulnerability in Micro Focus Application ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22497 (Advanced Authentication versions prior to 6.3 SP4 have a potential bro ...)
+ NOT-FOR-US: NetIQ
+CVE-2021-22496 (Authentication Bypass Vulnerability in Micro Focus Access Manager Prod ...)
+ NOT-FOR-US: Micro Focus
+CVE-2021-22495 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-22494 (An issue was discovered in the fingerprint scanner on Samsung Note20 m ...)
+ NOT-FOR-US: Samsung Note20 mobile devices
+CVE-2021-22493
+ REJECTED
+CVE-2021-22492 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2021-22491 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22490 (There is a Permission verification vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22489
+ RESERVED
+CVE-2021-22488 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22487 (There is an Out-of-bounds read vulnerability in Huawei Smartphone. Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22486 (There is a issue of Unstandardized field names in Huawei Smartphone. S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22485 (There is a SSID vulnerability with Wi-Fi network connections in Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22484
+ RESERVED
+CVE-2021-22483 (There is a issue of IP address spoofing in Huawei Smartphone. Successf ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22482 (There is an Uninitialized variable vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22481 (There is a Verification errors vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22480
+ RESERVED
+CVE-2021-22479
+ RESERVED
+CVE-2021-22478
+ RESERVED
+CVE-2021-22477
+ RESERVED
+CVE-2021-22476
+ RESERVED
+CVE-2021-22475 (There is an Improper permission management vulnerability in Huawei Sma ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22474 (There is an Out-of-bounds memory access in Huawei Smartphone.Successfu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22473 (There is an Authentication vulnerability in Huawei Smartphone.Successf ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22472 (There is an Improper verification vulnerability in Huawei Smartphone.S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22471 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22470 (A component of the HarmonyOS has a Privileges Controls vulnerability. ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22469 (A component of the HarmonyOS has a Out-of-bounds Read vulnerability. L ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22468 (A component of the HarmonyOS has a Exposure of Sensitive Information t ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22467 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22466 (A component of the HarmonyOS has a Use After Free vulnerability. Local ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22465 (A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerab ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22464 (A component of the HarmonyOS has a Out-of-bounds Read vulnerability. L ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22463 (A component of the HarmonyOS has a Use After Free vulnerability . Loca ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22462 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22461 (A component of the HarmonyOS has a Allocation of Resources Without Lim ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22460 (A component of the HarmonyOS has a Insufficient Verification of Data A ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22459 (A component of the HarmonyOS has a NULL Pointer Dereference vulnerabil ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22458 (A component of the HarmonyOS has a Improper Restriction of Operations ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22457 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22456 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22455 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22454 (A component of the HarmonyOS has a External Control of System or Confi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22453 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22452 (A component of the HarmonyOS has a Improper Input Validation vulnerabi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22451 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22450 (A component of the HarmonyOS has a Incomplete Cleanup vulnerability. L ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22449 (There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthentica ...)
+ NOT-FOR-US: Elf-G10HN (Huawei)
+CVE-2021-22448
+ RESERVED
+CVE-2021-22447 (There is an Improper Check for Unusual or Exceptional Conditions Vulne ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22446 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22445 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22444 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22443 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22442 (There is an Improper Validation of Integrity Check Value Vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22441
+ RESERVED
+CVE-2021-22440 (There is a path traversal vulnerability in some Huawei products. The v ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22439 (There is a deserialization vulnerability in Huawei AnyOffice V200R006C ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22438 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22437
+ RESERVED
+CVE-2021-22436 (There is a Logic Bypass vulnerability in Huawei Smartphone.Successful ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22435 (There is a Configuration Defect Vulnerability in Huawei Smartphone.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22434
+ RESERVED
+CVE-2021-22433
+ RESERVED
+CVE-2021-22432
+ RESERVED
+CVE-2021-22431
+ RESERVED
+CVE-2021-22430
+ RESERVED
+CVE-2021-22429
+ RESERVED
+CVE-2021-22428 (There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22427 (There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartpho ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22426
+ RESERVED
+CVE-2021-22425 (A component of the HarmonyOS has a Double Free vulnerability. Local at ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22424 (A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22423 (A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22422 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22421 (A component of the HarmonyOS has a Improper Privilege Management vulne ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22420 (A component of the HarmonyOS has a External Control of System or Confi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22419 (A component of the HarmonyOS has a Insufficient Verification of Data A ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22418 (A component of the HarmonyOS has a Integer Overflow or Wraparound vuln ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22417 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22416 (A component of the HarmonyOS has a Data Processing Errors vulnerabilit ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22415 (There is an Incorrect Calculation of Buffer Size Vulnerability in Huaw ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22414 (There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22413 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22412 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22411 (There is an out-of-bounds write vulnerability in some Huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22410 (There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22409 (There is a denial of service vulnerability in some versions of ManageO ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22408
+ RESERVED
+CVE-2021-22407 (There is a Configuration defects in Huawei Smartphone.Successful explo ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22406 (There is an Uncaught Exception vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22405 (There is a Configuration defects in Huawei Smartphone.Successful explo ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22404 (There is a Directory traversal vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22403 (There is a vulnerability of hijacking unverified providers in Huawei S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22402 (There is a DoS vulnerability in Huawei Smartphone.Successful exploitat ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22401 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22400 (Some Huawei Smartphones has an insufficient input validation vulnerabi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22399 (The Bluetooth function of some Huawei smartphones has a DoS vulnerabil ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22398 (There is a logic error vulnerability in several smartphones. The softw ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22397 (There is a privilege escalation vulnerability in Huawei ManageOne 8.0. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22396 (There is a privilege escalation vulnerability in some Huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22395
+ RESERVED
+CVE-2021-22394
+ RESERVED
+CVE-2021-22393 (There is a denial of service vulnerability in some versions of CloudEn ...)
+ NOT-FOR-US: CloudEngine (Huawei)
+CVE-2021-22392 (There is an Incorrect Calculation of Buffer Size in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22391 (There is an Incorrect Calculation of Buffer Size in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22390 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22389 (There is a Permission Control Vulnerability in Huawei Smartphone.Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22388 (There is an Integer Overflow Vulnerability in Huawei Smartphone.Succes ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22387 (There is an Improper Control of Dynamically Managing Code Resources Vu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22386 (A component of the Huawei smartphone has a Double Free vulnerability. ...)
+ NOT-FOR-US: Huawei / HarmonyOS
+CVE-2021-22385 (A component of the Huawei smartphone has a External Control of System ...)
+ NOT-FOR-US: Huawei / HarmonyOS
+CVE-2021-22384 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22383 (There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22382 (Huawei LTE USB Dongle products have an improper permission assignment ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22381 (There is an Input Verification Vulnerability in Huawei Smartphone.Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22380 (There is a Cleartext Transmission of Sensitive Information Vulnerabili ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22379 (There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Hu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22378 (There is a race condition vulnerability in eCNS280_TD V100R005C00 and ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22377 (There is a command injection vulnerability in S12700 V200R019C00SPC500 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22376 (A component of the HarmonyOS has a Improper Privilege Management vulne ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22375 (There is a Key Management Errors Vulnerability in Huawei Smartphone. S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22374 (There is an Improper Validation of Array Index Vulnerability in Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22373 (There is a Defects Introduced in the Design Process Vulnerability in H ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22372 (There is a Security Features Vulnerability in Huawei Smartphone. Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22371 (There is an Improper Permission Management Vulnerability in Huawei Sma ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22370 (There is a Credentials Management Errors Vulnerability in Huawei Smart ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22369 (There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerabi ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22368 (There is a Permission Control Vulnerability in Huawei Smartphone. Succ ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22367 (There is a Key Management Errors Vulnerability in Huawei Smartphone. S ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22366 (There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22365 (There is an out of bounds read vulnerability in eSE620X vESS V100R001C ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22364 (There is a denial of service vulnerability in the versions 10.1.0.126( ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22363 (There is a resource management error vulnerability in eCNS280_TD V100R ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22362 (There is an out of bounds write vulnerability in some Huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22361 (There is an improper authorization vulnerability in eCNS280 V100R005C0 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22360 (There is a resource management error vulnerability in the verisions V5 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22359 (There is a denial of service vulnerability in the verisions V200R005C0 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22358 (There is an insufficient input validation vulnerability in FusionCompu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22357 (There is a denial of service vulnerability in Huawei products. A modul ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22356 (There is a weak secure algorithm vulnerability in Huawei products. A w ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22355
+ RESERVED
+CVE-2021-22354 (There is an Information Disclosure Vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22353 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22352 (There is a Configuration Defect Vulnerability in Huawei Smartphone. Su ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22351 (There is a Credentials Management Errors Vulnerability in Huawei Smart ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22350 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22349 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22348 (There is a Memory Buffer Improper Operation Limit Vulnerability in Hua ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22347 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22346 (There is an Improper Permission Management Vulnerability in Huawei Sma ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22345 (There is an Input Verification Vulnerability in Huawei Smartphone. Suc ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22344 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22343 (There is a Configuration Defect vulnerability in Huawei Smartphone. Su ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22342 (There is an information leak vulnerability in Huawei products. A modul ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22341 (There is a memory leak vulnerability in Huawei products. A resource ma ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22340 (There is a multiple threads race condition vulnerability in Huawei pro ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22339 (There is a denial of service vulnerability in some versions of ManageO ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22338 (There is an XXE injection vulnerability in eCNS280 V100R005C00 and V10 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22337 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22336 (There is an Improper Control of Generation of Code vulnerability in Hu ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22335 (There is a Memory Buffer Improper Operation Limit vulnerability in Hua ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22334 (There is an Improper Access Control vulnerability in Huawei Smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22333 (There is an Improper Validation of Array Index vulnerability in Huawei ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22332 (There is a pointer double free vulnerability in some versions of Cloud ...)
+ NOT-FOR-US: CloudEngine (Huawei)
+CVE-2021-22331 (There is a JavaScript injection vulnerability in certain Huawei smartp ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22330 (There is an out of bounds write vulnerability in Huawei Smartphone HUA ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22329 (There has a license management vulnerability in some Huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22328 (There is a denial of service vulnerability in some huawei products. In ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22327 (There is an arbitrary memory write vulnerability in Huawei smart phone ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22326 (A component of the HarmonyOS has a Privilege Dropping / Lowering Error ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22325 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22324 (There is a Credentials Management Errors vulnerability in Huawei Smart ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22323 (There is an Integer Overflow Vulnerability in Huawei Smartphone. Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22322 (There is a Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22321 (There is a use-after-free vulnerability in a Huawei product. A module ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22320 (There is a denial of service vulnerability in Huawei products. A modul ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22319
+ RESERVED
+CVE-2021-22318 (A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulner ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22317 (There is an Information Disclosure vulnerability in Huawei Smartphone. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22316 (There is a Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22315
+ RESERVED
+CVE-2021-22314 (There is a local privilege escalation vulnerability in some versions o ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22313 (There is a Security Function vulnerability in Huawei Smartphone. Succe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22312 (There is a memory leak vulnerability in some Huawei products. An authe ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22311 (There is an improper permission assignment vulnerability in Huawei Man ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22310 (There is an information leakage vulnerability in some huawei products. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22309 (There is insecure algorithm vulnerability in Huawei products. A module ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22308 (There is a Business Logic Errors vulnerability in Huawei Smartphone. T ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22307 (There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22306 (There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22305 (There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22304 (There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22303 (There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1( ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22302 (There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22301 (Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22300 (There is an information leak vulnerability in eCNS280_TD versions V100 ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22299 (There is a local privilege escalation vulnerability in some Huawei pro ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22298 (There is a logic vulnerability in Huawei Gauss100 OLTP Product. An att ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22297
+ RESERVED
+CVE-2021-22296 (A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22295 (A component of the HarmonyOS has a permission bypass vulnerability. Lo ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22294 (A component API of the HarmonyOS 2.0 has a permission bypass vulnerabi ...)
+ NOT-FOR-US: HarmonyOS
+CVE-2021-22293 (Some Huawei products have an inconsistent interpretation of HTTP reque ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22292 (There is a denial of service (DoS) vulnerability in eCNS280 versions V ...)
+ NOT-FOR-US: Huawei
+CVE-2021-22291
+ RESERVED
+CVE-2021-22290
+ RESERVED
+CVE-2021-22289
+ RESERVED
+CVE-2021-22288 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...)
+ NOT-FOR-US: ABB
+CVE-2021-22287
+ RESERVED
+CVE-2021-22286 (Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 ...)
+ NOT-FOR-US: ABB
+CVE-2021-22285 (Improper Handling of Exceptional Conditions, Improper Check for Unusua ...)
+ NOT-FOR-US: ABB
+CVE-2021-22284 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
+ NOT-FOR-US: ABB
+CVE-2021-22283
+ RESERVED
+CVE-2021-22282
+ RESERVED
+CVE-2021-22281
+ RESERVED
+CVE-2021-22280
+ RESERVED
+CVE-2021-22279 (A Missing Authentication vulnerability in RobotWare for the OmniCore r ...)
+ NOT-FOR-US: ABB / OmniCore robot controller
+CVE-2021-22278 (A certificate validation vulnerability in PCM600 Update Manager allows ...)
+ NOT-FOR-US: PCM600 Update Manager
+CVE-2021-22277
+ RESERVED
+CVE-2021-22276 (The vulnerability allows a successful attacker to bypass the integrity ...)
+ NOT-FOR-US: ABB
+CVE-2021-22275
+ RESERVED
+CVE-2021-22274
+ RESERVED
+CVE-2021-22273
+ RESERVED
+CVE-2021-22272 (The vulnerability origins in the commissioning process where an attack ...)
+ NOT-FOR-US: ABB
+CVE-2021-22271
+ RESERVED
+CVE-2021-22270
+ RESERVED
+CVE-2021-22269
+ RESERVED
+CVE-2021-22268
+ RESERVED
+CVE-2021-22267 (Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, a ...)
+ NOT-FOR-US: Idelji Web ViewPoint Suite
+CVE-2021-22266
+ RESERVED
+CVE-2021-22265
+ RESERVED
+CVE-2021-22264 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22263 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22262 (Missing access control in GitLab version 13.10 and above with Jira Clo ...)
+ - gitlab <unfixed>
+CVE-2021-22261 (A stored Cross-Site Scripting vulnerability in the Jira integration in ...)
+ - gitlab <unfixed>
+CVE-2021-22260 (A stored Cross-Site Scripting vulnerability in the DataDog integration ...)
+ - gitlab <unfixed>
+CVE-2021-22259 (A potential DOS vulnerability was discovered in GitLab EE starting wit ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22258 (The project import/export feature in GitLab 8.9 and greater could be u ...)
+ - gitlab <unfixed>
+CVE-2021-22257 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22256 (Improper authorization in GitLab CE/EE affecting all versions since 12 ...)
+ - gitlab <unfixed>
+CVE-2021-22255 (SSRF in URL file upload in Baserow &lt;1.1.0 allows remote authenticat ...)
+ NOT-FOR-US: Baserow
+CVE-2021-22254 (Under very specific conditions a user could be impersonated using Gitl ...)
+ - gitlab <unfixed>
+CVE-2021-22253 (Improper authorization in GitLab EE affecting all versions since 13.4 ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22252 (A confusion between tag and branch names in GitLab CE/EE affecting all ...)
+ - gitlab <not-affected> (Vulnerable code introduced later)
+CVE-2021-22251 (Improper validation of invited users' email address in GitLab EE affec ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22250 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...)
+ - gitlab <unfixed>
+CVE-2021-22249 (A verbose error message in GitLab EE affecting all versions since 12.2 ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22248 (Improper authorization on the pipelines page in GitLab CE/EE affecting ...)
+ - gitlab <not-affected> (Vulnerable code intrododuced later)
+CVE-2021-22247 (Improper authorization in GitLab CE/EE affecting all versions since 13 ...)
+ - gitlab <unfixed>
+CVE-2021-22246 (A vulnerability was discovered in GitLab versions before 14.0.2, 13.12 ...)
+ - gitlab <unfixed>
+CVE-2021-22245 (Improper validation of commit author in GitLab CE/EE affecting all ver ...)
+ - gitlab <unfixed>
+CVE-2021-22244 (Improper authorization in the vulnerability report feature in GitLab E ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22243 (Under specialized conditions, GitLab CE/EE versions starting 7.10 may ...)
+ - gitlab <unfixed>
+CVE-2021-22242 (Insufficient input sanitization in Mermaid markdown in GitLab CE/EE ve ...)
+ - gitlab <unfixed>
+CVE-2021-22241 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22240 (Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14 ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22239 (An unauthorized user was able to insert metadata when creating new iss ...)
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
+CVE-2021-22238 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22237 (Under specialized conditions, GitLab may allow a user with an imperson ...)
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
+CVE-2021-22236 (Due to improper handling of OAuth client IDs, new subscriptions genera ...)
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/
+CVE-2021-22235 (Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 ...)
+ {DSA-5019-1 DLA-2849-1}
+ [experimental] - wireshark 3.4.7-1~exp1
+ - wireshark 3.4.7-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-06.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17462
+ NOTE: Regression fix: https://gitlab.com/wireshark/wireshark/-/merge_requests/3616
+CVE-2021-22234 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22233 (An information disclosure vulnerability in GitLab EE versions 13.10 an ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22232 (HTML injection was possible via the full name field before versions 13 ...)
+ - gitlab <unfixed>
+CVE-2021-22231 (A denial of service in user's profile page is found starting with GitL ...)
+ - gitlab <unfixed>
+CVE-2021-22230 (Improper code rendering while rendering merge requests could be exploi ...)
+ - gitlab <unfixed>
+CVE-2021-22229 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22228 (An issue has been discovered in GitLab affecting all versions. Imprope ...)
+ - gitlab <unfixed>
+CVE-2021-22227 (A reflected cross-site script vulnerability in GitLab before versions ...)
+ - gitlab <unfixed>
+CVE-2021-22226 (Under certain conditions, some users were able to push to protected br ...)
+ - gitlab <unfixed>
+CVE-2021-22225 (Insufficient input sanitization in markdown in GitLab version 13.11 an ...)
+ - gitlab <unfixed>
+CVE-2021-22224 (A cross-site request forgery vulnerability in the GraphQL API in GitLa ...)
+ - gitlab <unfixed>
+CVE-2021-22223 (Client-Side code injection through Feature Flag name in GitLab CE/EE s ...)
+ - gitlab <unfixed>
+CVE-2021-22222 (Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allow ...)
+ {DSA-5019-1}
+ [experimental] - wireshark 3.4.6-1~exp1
+ - wireshark 3.4.7-1
+ [buster] - wireshark <not-affected> (Vulnerability introduced in 3.4)
+ [stretch] - wireshark <not-affected> (Vulnerability introduced in 3.4)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/3130
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-05.html
+ NOTE: Caused by https://gitlab.com/wireshark/wireshark/-/commit/4bf4ee88f0544727e7f89f3f288c6afd2f650a4c
+CVE-2021-22221 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22220 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22219 (GitLab CE/EE since version 9.5 allows a high privilege user to obtain ...)
+ - gitlab <unfixed>
+CVE-2021-22218 (All versions of GitLab CE/EE starting with 12.8 were affected by an is ...)
+ - gitlab <unfixed>
+CVE-2021-22217 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
+ - gitlab <unfixed>
+CVE-2021-22216 (A denial of service vulnerability in all versions of GitLab CE/EE befo ...)
+ - gitlab <unfixed>
+CVE-2021-22215 (An information disclosure vulnerability in GitLab EE versions 13.11 an ...)
+ - gitlab <not-affected> (Specific to EE)
+CVE-2021-22214 (When requests to the internal network for webhooks are enabled, a serv ...)
+ - gitlab <unfixed>
+CVE-2021-22213 (A cross-site leak vulnerability in the OAuth flow of all versions of G ...)
+ - gitlab <unfixed>
+CVE-2021-22212 (ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 all ...)
+ - ntpsec 1.2.0+dfsg1-4 (bug #989847)
+ [buster] - ntpsec <not-affected> (Only affects 1.2.0)
+ NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/699
+ NOTE: https://gitlab.com/NTPsec/ntpsec/-/commit/b09be47d650280cc7ebdcd45dfa07eca4b9a52f8
+CVE-2021-22211 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22210 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22209 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22208 (An issue has been discovered in GitLab affecting versions starting wit ...)
+ - gitlab <unfixed>
+CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to ...)
+ {DSA-5019-1 DLA-2849-1}
+ [experimental] - wireshark 3.4.6-1~exp1
+ - wireshark 3.4.7-1 (bug #987853)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17331
+ NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b7a0650e061b5418ab4a8f72c6e4b00317aff623
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-04.html
+CVE-2021-22206 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22205 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22204 (Improper neutralization of user data in the DjVu file format in ExifTo ...)
+ {DSA-4910-1 DLA-2663-1}
+ - libimage-exiftool-perl 12.16+dfsg-2 (bug #987505)
+ NOTE: https://bugs.launchpad.net/bugs/1925985
+ NOTE: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
+ NOTE: https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html
+CVE-2021-22203 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22202 (An issue has been discovered in GitLab CE/EE affecting all previous ve ...)
+ - gitlab <unfixed>
+CVE-2021-22201 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22200 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22199 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22198 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
+ - gitlab <unfixed>
+CVE-2021-22197 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 and earl ...)
+ NOT-FOR-US: gitlab-vscode-extension
+CVE-2021-22194 (In all versions of GitLab, marshalled session keys were being stored i ...)
+ - gitlab <unfixed>
+CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2021-22191 (Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 ...)
+ - wireshark 3.4.4-1
+ [buster] - wireshark <no-dsa> (Minor issue)
+ [stretch] - wireshark <postponed> (Minor issue, can be fixed along in future update)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-03.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17232
+CVE-2021-22190 (A path traversal vulnerability via the GitLab Workhorse in all version ...)
+ - gitlab <unfixed>
+CVE-2021-22189 (Starting with version 13.7 the Gitlab CE/EE editions were affected by ...)
+ [experimental] - gitlab 13.6.7-1
+ - gitlab <unfixed>
+CVE-2021-22188 (An issue has been discovered in GitLab affecting all versions starting ...)
+ [experimental] - gitlab 13.6.7-1
+ - gitlab <unfixed>
+CVE-2021-22187 (An issue has been discovered in GitLab affecting all versions of Gitla ...)
+ - gitlab 13.2.3-2
+CVE-2021-22186 (An authorization issue in GitLab CE/EE version 9.4 and up allowed a gr ...)
+ [experimental] - gitlab 13.7.8+ds1-1
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
+CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8 and up ...)
+ - gitlab <not-affected> (Only affects 13.8)
+ NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
+CVE-2021-22184 (An information disclosure issue in GitLab starting from version 12.8 a ...)
+ - gitlab <unfixed>
+CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...)
+ [experimental] - gitlab 13.6.6-1
+ - gitlab <unfixed>
+CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions starting ...)
+ [experimental] - gitlab 13.7.7-1
+ - gitlab <not-affected> (Affected version never uploaded to unstable)
+CVE-2021-22181 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...)
+ - gitlab <unfixed>
+CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab ...)
+ - gitlab <unfixed>
+CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22177 (Potential DoS was identified in gitlab-shell in GitLab CE/EE version 1 ...)
+ - gitlab <unfixed>
+CVE-2021-22176 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2021-22175 (When requests to the internal network for webhooks are enabled, a serv ...)
+ - gitlab <unfixed>
+CVE-2021-22174 (Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial o ...)
+ - wireshark 3.4.3-1 (bug #981791)
+ [buster] - wireshark <not-affected> (Affected code not present)
+ [stretch] - wireshark <not-affected> (Affected code not present)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-02.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17165
+CVE-2021-22173 (Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows de ...)
+ - wireshark 3.4.3-1 (bug #981791)
+ [buster] - wireshark <not-affected> (Affected code not present)
+ [stretch] - wireshark <not-affected> (Affected code not present)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2021-01.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17124
+CVE-2021-22172 (Improper authorization in GitLab 12.8+ allows a guest user in a privat ...)
+ [experimental] - gitlab 13.6.6-1
+ - gitlab <unfixed>
+ NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
+CVE-2021-22171 (Insufficient validation of authentication parameters in GitLab Pages f ...)
+ [experimental] - gitlab 13.6.6-1
+ - gitlab <unfixed>
+CVE-2021-22170 (Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows ...)
+ - gitlab <unfixed>
+CVE-2021-22169 (An issue was identified in GitLab EE 13.4 or later which leaked intern ...)
+ - gitlab <not-affected> (Specific to EE)
+ NOTE: https://about.gitlab.com/releases/2021/02/01/security-release-gitlab-13-8-2-released/
+CVE-2021-22168 (A regular expression denial of service issue has been discovered in Nu ...)
+ [experimental] - gitlab 13.6.6-1
+ - gitlab <unfixed>
+CVE-2021-22167 (An issue has been discovered in GitLab affecting all versions starting ...)
+ [experimental] - gitlab 13.6.6-1
+ - gitlab <unfixed>
+CVE-2021-22166 (An attacker could cause a Prometheus denial of service in GitLab 13.7+ ...)
+ - gitlab <not-affected> (Only affects Gitlab 13.7.x)
+ NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/
+CVE-2021-22165
+ RESERVED
+CVE-2021-22164
+ RESERVED
+CVE-2021-22163
+ RESERVED
+CVE-2021-22162
+ RESERVED
+CVE-2021-22161 (In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop c ...)
+ NOT-FOR-US: OpenWrt
+CVE-2021-22160 (If Apache Pulsar is configured to authenticate clients using tokens ba ...)
+ NOT-FOR-US: Apache Pulsar
+CVE-2021-3019 (ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.p ...)
+ NOT-FOR-US: ffay lanproxy
+CVE-2021-3018 (ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an un ...)
+ NOT-FOR-US: ipeak Infosystems ibexwebCMS (aka IPeakCMS)
+CVE-2021-3017 (The web interface on Intelbras WIN 300 and WRN 342 devices through 202 ...)
+ NOT-FOR-US: Intelbras
+CVE-2021-3016
+ RESERVED
+CVE-2021-3015
+ RESERVED
+CVE-2021-22159 (Insider Threat Management Windows Agent Local Privilege Escalation Vul ...)
+ NOT-FOR-US: The Proofpoint Insider Threat Management
+CVE-2021-22158 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Server
+CVE-2021-22157 (Proofpoint Insider Threat Management Server (formerly ObserveIT Server ...)
+ NOT-FOR-US: Proofpoint Insider Threat Management Server
+CVE-2021-22156 (An integer overflow vulnerability in the calloc() function of the C ru ...)
+ NOT-FOR-US: BlackBerry
+CVE-2021-22155 (An Authentication Bypass vulnerability in the SAML Authentication comp ...)
+ NOT-FOR-US: BlackBerry Workspaces Server
+CVE-2021-22154 (An Information Disclosure vulnerability in the Management Console comp ...)
+ NOT-FOR-US: BlackBerry UEM
+CVE-2021-22153 (A Remote Code Execution vulnerability in the Management Console compon ...)
+ NOT-FOR-US: BlackBerry UEM
+CVE-2021-22152 (A Denial of Service due to Improper Input Validation vulnerability in ...)
+ NOT-FOR-US: BlackBerry UEM
+CVE-2021-22151
+ RESERVED
+CVE-2021-22150
+ RESERVED
+CVE-2021-22149 (Elastic Enterprise Search App Search versions before 7.14.0 are vulner ...)
+ NOT-FOR-US: Elastic Enterprise Search
+CVE-2021-22148 (Elastic Enterprise Search App Search versions before 7.14.0 was vulner ...)
+ NOT-FOR-US: Elastic Enterprise Search
+CVE-2021-22147 (Elasticsearch before 7.14.0 did not apply document and field level sec ...)
+ - elasticsearch <removed>
+CVE-2021-22146 (All versions of Elastic Cloud Enterprise has the Elasticsearch &#8220; ...)
+ NOT-FOR-US: Elastic Cloud
+CVE-2021-22145 (A memory disclosure vulnerability was identified in Elasticsearch 7.10 ...)
+ - elasticsearch <removed>
+CVE-2021-22144 (In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled rec ...)
+ - elasticsearch <removed>
+CVE-2021-22143
+ RESERVED
+CVE-2021-22142
+ RESERVED
+ - kibana <itp> (bug #700337)
+CVE-2021-22141
+ RESERVED
+ - kibana <itp> (bug #700337)
+CVE-2021-22140 (Elastic App Search versions after 7.11.0 and before 7.12.0 contain an ...)
+ NOT-FOR-US: Elastic App Search web crawler
+CVE-2021-22139 (Kibana versions before 7.12.1 contain a denial of service vulnerabilit ...)
+ - kibana <itp> (bug #700337)
+CVE-2021-22138 (In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS ce ...)
+ - logstash <itp> (bug #664841)
+CVE-2021-22137 (In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosu ...)
+ - elasticsearch <removed>
+CVE-2021-22136 (In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session time ...)
+ - kibana <itp> (bug #700337)
+CVE-2021-22135 (Elasticsearch versions before 7.11.2 and 6.8.15 contain a document dis ...)
+ - elasticsearch <removed>
+CVE-2021-22134 (A document disclosure flaw was found in Elasticsearch versions after 7 ...)
+ - elasticsearch <removed>
+CVE-2021-22133 (The Elastic APM agent for Go versions before 1.11.0 can leak sensitive ...)
+ NOT-FOR-US: Elastic APM agent
+CVE-2021-22132 (Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosu ...)
+ - elasticsearch <removed>
+CVE-2021-22131
+ RESERVED
+CVE-2021-22130 (A stack-based buffer overflow vulnerability in FortiProxy physical app ...)
+ NOT-FOR-US: FortiProxy (FortiGuard)
+CVE-2021-22129 (Multiple instances of incorrect calculation of buffer size in the Webm ...)
+ NOT-FOR-US: Fortiguard
+CVE-2021-22128 (An improper access control vulnerability in FortiProxy SSL VPN portal ...)
+ NOT-FOR-US: FortiProxy SSL VPN portal
+CVE-2021-22127
+ RESERVED
+CVE-2021-22126
+ RESERVED
+CVE-2021-22125 (An instance of improper neutralization of special elements in the snif ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-22124 (An uncontrolled resource consumption (denial of service) vulnerability ...)
+ NOT-FOR-US: FortiSandbox
+CVE-2021-22123 (An OS command injection vulnerability in FortiWeb's management interfa ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-22122 (An improper neutralization of input during web page generation in Fort ...)
+ NOT-FOR-US: FortiGuard
+CVE-2021-22121
+ RESERVED
+CVE-2021-22120
+ RESERVED
+CVE-2021-22119 (Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5 ...)
+ - libspring-security-2.0-java <removed>
+CVE-2021-22118 (In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x ...)
+ - libspring-java <not-affected> (Introduced in v5.0.0.RC1)
+ NOTE: https://tanzu.vmware.com/security/cve-2021-22118
+ NOTE: https://github.com/spring-projects/spring-framework/issues/26931
+ NOTE: https://github.com/spring-projects/spring-framework/commit/cce60c479c22101f24b2b4abebb6d79440b120d1
+CVE-2021-22117 (RabbitMQ installers on Windows prior to version 3.8.16 do not harden p ...)
+ - rabbitmq-server <not-affected> (Windows-specific)
+CVE-2021-22116 (RabbitMQ all versions prior to 3.8.16 are prone to a denial of service ...)
+ {DLA-2710-1}
+ - rabbitmq-server 3.9.4-1 (bug #989056)
+ [bullseye] - rabbitmq-server <no-dsa> (Minor issue)
+ [buster] - rabbitmq-server <no-dsa> (Minor issue)
+ NOTE: https://tanzu.vmware.com/security/cve-2021-22116
+ NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/2953
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/f37a31de55229e6c763215500e376fa16803390b (v3.9.0-beta.1)
+ NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/626d5219115d087a2695c0eb243c7ddb7e154563 (v3.8.15-rc.2)
+CVE-2021-22115 (Cloud Controller API versions prior to 1.106.0 logs service broker cre ...)
+ NOT-FOR-US: Cloud Controller API
+CVE-2021-22114 (Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versio ...)
+ NOT-FOR-US: Spring-integration-zip
+CVE-2021-22113 (Applications using the &#8220;Sensitive Headers&#8221; functionality i ...)
+ NOT-FOR-US: Spring Cloud Netflix Zuul
+CVE-2021-22112 (Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5. ...)
+ - jenkins <removed>
+CVE-2021-22111
+ RESERVED
+CVE-2021-22110
+ RESERVED
+CVE-2021-22109
+ RESERVED
+CVE-2021-22108
+ RESERVED
+CVE-2021-22107
+ RESERVED
+CVE-2021-22106
+ RESERVED
+CVE-2021-22105
+ RESERVED
+CVE-2021-22104
+ RESERVED
+CVE-2021-22103
+ RESERVED
+CVE-2021-22102
+ RESERVED
+CVE-2021-22101 (Cloud Controller versions prior to 1.118.0 are vulnerable to unauthent ...)
+ NOT-FOR-US: Cloud Foundry Cloud Controller
+CVE-2021-22100
+ RESERVED
+CVE-2021-22099
+ RESERVED
+CVE-2021-22098 (UAA server versions prior to 75.4.0 are vulnerable to an open redirect ...)
+ NOT-FOR-US: UAA server
+CVE-2021-22097 (In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring ...)
+ NOT-FOR-US: Spring AMQP
+CVE-2021-22096 (In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older ...)
+ - libspring-java <unfixed>
+ [bullseye] - libspring-java <no-dsa> (Minor issue)
+ [buster] - libspring-java <no-dsa> (Minor issue)
+ [stretch] - libspring-java <ignored> (Minor issue, no known patch)
+ NOTE: https://github.com/spring-projects/spring-framework/issues/27647 (patch unidentifiable)
+CVE-2021-22095 (In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring ...)
+ NOT-FOR-US: Spring AMQP
+CVE-2021-22094
+ RESERVED
+CVE-2021-22093
+ RESERVED
+CVE-2021-22092
+ RESERVED
+CVE-2021-22091
+ RESERVED
+CVE-2021-22090
+ RESERVED
+CVE-2021-22089
+ RESERVED
+CVE-2021-22088
+ RESERVED
+CVE-2021-22087
+ RESERVED
+CVE-2021-22086
+ RESERVED
+CVE-2021-22085
+ RESERVED
+CVE-2021-22084
+ RESERVED
+CVE-2021-22083
+ RESERVED
+CVE-2021-22082
+ RESERVED
+CVE-2021-22081
+ RESERVED
+CVE-2021-22080
+ RESERVED
+CVE-2021-22079
+ RESERVED
+CVE-2021-22078
+ RESERVED
+CVE-2021-22077
+ RESERVED
+CVE-2021-22076
+ RESERVED
+CVE-2021-22075
+ RESERVED
+CVE-2021-22074
+ RESERVED
+CVE-2021-22073
+ RESERVED
+CVE-2021-22072
+ RESERVED
+CVE-2021-22071
+ RESERVED
+CVE-2021-22070
+ RESERVED
+CVE-2021-22069
+ RESERVED
+CVE-2021-22068
+ RESERVED
+CVE-2021-22067
+ RESERVED
+CVE-2021-22066
+ RESERVED
+CVE-2021-22065
+ RESERVED
+CVE-2021-22064
+ RESERVED
+CVE-2021-22063
+ RESERVED
+CVE-2021-22062
+ RESERVED
+CVE-2021-22061
+ RESERVED
+CVE-2021-22060 (In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older ...)
+ - libspring-java <unfixed>
+ [stretch] - libspring-java <end-of-life> (EOL'd for stretch)
+ NOTE: follow-up to CVE-2021-22096
+ NOTE: https://tanzu.vmware.com/security/cve-2021-22060
+CVE-2021-22059
+ RESERVED
+CVE-2021-22058
+ RESERVED
+CVE-2021-22057 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an aut ...)
+ NOT-FOR-US: VMware
+CVE-2021-22056 (VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity M ...)
+ NOT-FOR-US: VMware
+CVE-2021-22055
+ RESERVED
+CVE-2021-22054 (VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 pr ...)
+ NOT-FOR-US: VMware
+CVE-2021-22053 (Applications using both `spring-cloud-netflix-hystrix-dashboard` and ` ...)
+ NOT-FOR-US: spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf
+CVE-2021-22052
+ RESERVED
+CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...)
+ NOT-FOR-US: Spring Cloud Gateway
+CVE-2021-22050 (ESXi contains a slow HTTP POST denial-of-service vulnerability in rhtt ...)
+ NOT-FOR-US: VMware
+CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...)
+ NOT-FOR-US: VMware
+CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...)
+ NOT-FOR-US: VMware
+CVE-2021-22047 (In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older ...)
+ NOT-FOR-US: Spring Data REST
+CVE-2021-22046
+ RESERVED
+CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi6 ...)
+ NOT-FOR-US: VMware
+CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...)
+ NOT-FOR-US: Spring Cloud OpenFeign
+CVE-2021-22043 (VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerabilit ...)
+ NOT-FOR-US: VMware
+CVE-2021-22042 (VMware ESXi contains an unauthorized access vulnerability due to VMX h ...)
+ NOT-FOR-US: VMware
+CVE-2021-22041 (VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerabil ...)
+ NOT-FOR-US: VMware
+CVE-2021-22040 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...)
+ NOT-FOR-US: VMware
+CVE-2021-22039
+ RESERVED
+CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary ...)
+ NOT-FOR-US: InstallBuilder
+CVE-2021-22037 (Under certain circumstances, when manipulating the Windows registry, I ...)
+ NOT-FOR-US: InstallBuilder
+CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redi ...)
+ NOT-FOR-US: VMware
+CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...)
+ NOT-FOR-US: VMware
+CVE-2021-22034 (Releases prior to VMware vRealize Operations Tenant App 8.6 contain an ...)
+ NOT-FOR-US: VMware
+CVE-2021-22033 (Releases prior to VMware vRealize Operations 8.6 contain a Server Side ...)
+ NOT-FOR-US: VMware
+CVE-2021-22032
+ RESERVED
+CVE-2021-22031
+ RESERVED
+CVE-2021-22030 (In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain ...)
+ NOT-FOR-US: Greenplum
+CVE-2021-22029 (VMware Workspace ONE UEM REST API contains a denial of service vulnera ...)
+ NOT-FOR-US: VMware
+CVE-2021-22028 (In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplu ...)
+ NOT-FOR-US: Greenplum
+CVE-2021-22027 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)
+ NOT-FOR-US: VMware
+CVE-2021-22026 (The vRealize Operations Manager API (8.x prior to 8.5) contains a Serv ...)
+ NOT-FOR-US: VMware
+CVE-2021-22025 (The vRealize Operations Manager API (8.x prior to 8.5) contains a brok ...)
+ NOT-FOR-US: VMware
+CVE-2021-22024 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...)
+ NOT-FOR-US: VMware
+CVE-2021-22023 (The vRealize Operations Manager API (8.x prior to 8.5) has insecure ob ...)
+ NOT-FOR-US: VMware
+CVE-2021-22022 (The vRealize Operations Manager API (8.x prior to 8.5) contains an arb ...)
+ NOT-FOR-US: VMware
+CVE-2021-22021 (VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site S ...)
+ NOT-FOR-US: VMware
+CVE-2021-22020 (The vCenter Server contains a denial-of-service vulnerability in the A ...)
+ NOT-FOR-US: VMware
+CVE-2021-22019 (The vCenter Server contains a denial-of-service vulnerability in VAPI ...)
+ NOT-FOR-US: VMware
+CVE-2021-22018 (The vCenter Server contains an arbitrary file deletion vulnerability i ...)
+ NOT-FOR-US: VMware
+CVE-2021-22017 (Rhttproxy as used in vCenter Server contains a vulnerability due to im ...)
+ NOT-FOR-US: VMware
+CVE-2021-22016 (The vCenter Server contains a reflected cross-site scripting vulnerabi ...)
+ NOT-FOR-US: VMware
+CVE-2021-22015 (The vCenter Server contains multiple local privilege escalation vulner ...)
+ NOT-FOR-US: VMware
+CVE-2021-22014 (The vCenter Server contains an authenticated code execution vulnerabil ...)
+ NOT-FOR-US: VMware
+CVE-2021-22013 (The vCenter Server contains a file path traversal vulnerability leadin ...)
+ NOT-FOR-US: VMware
+CVE-2021-22012 (The vCenter Server contains an information disclosure vulnerability du ...)
+ NOT-FOR-US: VMware
+CVE-2021-22011 (vCenter Server contains an unauthenticated API endpoint vulnerability ...)
+ NOT-FOR-US: VMware
+CVE-2021-22010 (The vCenter Server contains a denial-of-service vulnerability in VPXD ...)
+ NOT-FOR-US: VMware
+CVE-2021-22009 (The vCenter Server contains multiple denial-of-service vulnerabilities ...)
+ NOT-FOR-US: VMware
+CVE-2021-22008 (The vCenter Server contains an information disclosure vulnerability in ...)
+ NOT-FOR-US: VMware
+CVE-2021-22007 (The vCenter Server contains a local information disclosure vulnerabili ...)
+ NOT-FOR-US: VMware
+CVE-2021-22006 (The vCenter Server contains a reverse proxy bypass vulnerability due t ...)
+ NOT-FOR-US: VMware
+CVE-2021-22005 (The vCenter Server contains an arbitrary file upload vulnerability in ...)
+ NOT-FOR-US: VMware
+CVE-2021-22004 (An issue was discovered in SaltStack Salt before 3003.3. The salt mini ...)
+ - salt 3002.7+dfsg1-1 (unimportant; bug #994016)
+ NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
+ NOTE: Windows-specific
+CVE-2021-22003 (VMware Workspace ONE Access and Identity Manager, unintentionally prov ...)
+ NOT-FOR-US: VMware
+CVE-2021-22002 (VMware Workspace ONE Access and Identity Manager, allow the /cfg web a ...)
+ NOT-FOR-US: VMware
+CVE-2021-22001 (In UAA versions prior to 75.3.0, sensitive information like relaying s ...)
+ NOT-FOR-US: CloudFoundry
+CVE-2021-22000 (VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vul ...)
+ NOT-FOR-US: VMware
+CVE-2021-21999 (VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Conso ...)
+ NOT-FOR-US: VMware
+CVE-2021-21998 (VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 ...)
+ NOT-FOR-US: VMware
+CVE-2021-21997 (VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of ...)
+ NOT-FOR-US: VMware
+CVE-2021-21996 (An issue was discovered in SaltStack Salt before 3003.3. A user who ha ...)
+ {DSA-5011-1 DLA-2823-1}
+ - salt 3002.7+dfsg1-1 (bug #994016)
+ NOTE: https://saltproject.io/security_announcements/salt-security-advisory-2021-sep-02/
+ NOTE: Fixed by https://github.com/saltstack/salt/commit/0b75ba190fda9c04cc026ad1aa4a6d572f40349b
+ NOTE: https://github.com/openSUSE/salt/commit/57ed9c41a177f57e3d56465662750617ac36cc95
+CVE-2021-21995 (OpenSLP as used in ESXi has a denial-of-service vulnerability due a he ...)
+ NOT-FOR-US: VMware
+CVE-2021-21994 (SFCB (Small Footprint CIM Broker) as used in ESXi has an authenticatio ...)
+ NOT-FOR-US: VMware
+CVE-2021-21993 (The vCenter Server contains an SSRF (Server Side Request Forgery) vuln ...)
+ NOT-FOR-US: VMware
+CVE-2021-21992 (The vCenter Server contains a denial-of-service vulnerability due to i ...)
+ NOT-FOR-US: VMware
+CVE-2021-21991 (The vCenter Server contains a local privilege escalation vulnerability ...)
+ NOT-FOR-US: VMware
+CVE-2021-21990 (VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior t ...)
+ NOT-FOR-US: VMware
+CVE-2021-21989 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...)
+ NOT-FOR-US: VMware
+CVE-2021-21988 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...)
+ NOT-FOR-US: VMware
+CVE-2021-21987 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windo ...)
+ NOT-FOR-US: VMware
+CVE-2021-21986 (The vSphere Client (HTML5) contains a vulnerability in a vSphere authe ...)
+ NOT-FOR-US: VMware
+CVE-2021-21985 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...)
+ NOT-FOR-US: VMware
+CVE-2021-21984 (VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remot ...)
+ NOT-FOR-US: VMware
+CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations Manager API ...)
+ NOT-FOR-US: vRealize Operations Manager API (Vmware)
+CVE-2021-21982 (VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an aut ...)
+ NOT-FOR-US: VMware Carbon Black Cloud Workload appliance
+CVE-2021-21981 (VMware NSX-T contains a privilege escalation vulnerability due to an i ...)
+ NOT-FOR-US: VMware
+CVE-2021-21980 (The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary ...)
+ NOT-FOR-US: VMware
+CVE-2021-21979 (In Bitnami Containers, all Laravel container versions prior to: 6.20.0 ...)
+ NOT-FOR-US: Bitnami Containers
+CVE-2021-21978 (VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remot ...)
+ NOT-FOR-US: VMware View Planner
+CVE-2021-21977
+ RESERVED
+CVE-2021-21976 (vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8. ...)
+ NOT-FOR-US: vSphere Replication
+CVE-2021-21975 (Server Side Request Forgery in vRealize Operations Manager API (CVE-20 ...)
+ NOT-FOR-US: vRealize Operations Manager API (Vmware)
+CVE-2021-21974 (OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESX ...)
+ NOT-FOR-US: VMware
+ NOTE: Might affect src:openslp-dfsg, but removed years ago
+CVE-2021-21973 (The vSphere Client (HTML5) contains an SSRF (Server Side Request Forge ...)
+ NOT-FOR-US: VMware
+CVE-2021-21972 (The vSphere Client (HTML5) contains a remote code execution vulnerabil ...)
+ NOT-FOR-US: VMware
+CVE-2021-3014 (In MikroTik RouterOS through 2021-01-04, the hotspot login page is vul ...)
+ NOT-FOR-US: MikroTik RouterOS
+CVE-2021-3013 (ripgrep before 13 on Windows allows attackers to trigger execution of ...)
+ - rust-ripgrep <not-affected> (Only affects ripgrep on Windows)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0071.html
+CVE-2021-3012 (A cross-site scripting (XSS) vulnerability in the Document Link of doc ...)
+ NOT-FOR-US: ESRI ArcGIS Online
+CVE-2021-3011 (An electromagnetic-wave side-channel issue was discovered on NXP Smart ...)
+ NOT-FOR-US: NXP
+CVE-2021-3010 (There are multiple persistent cross-site scripting (XSS) vulnerabiliti ...)
+ NOT-FOR-US: OpenText Content Server
+CVE-2021-3009
+ RESERVED
+CVE-2021-3008
+ RESERVED
+CVE-2021-21971 (An out-of-bounds write vulnerability exists in the URL_decode function ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21970 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21969 (An out-of-bounds write vulnerability exists in the HandleSeaCloudMessa ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21968 (A file write vulnerability exists in the OTA update task functionality ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21967
+ RESERVED
+CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...)
+ NOT-FOR-US: Texas Instruments
+CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21963 (An information disclosure vulnerability exists in the Web Server funct ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21962 (A heap-based buffer overflow vulnerability exists in the OTA Update u- ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21961 (A stack-based buffer overflow vulnerability exists in the NBNS functio ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the LLMNR f ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...)
+ NOT-FOR-US: Sealevel Systems
+CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword HwordAp ...)
+ NOT-FOR-US: Hancom Office 2020
+CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...)
+ NOT-FOR-US: Dream Report ODS Remote Connector
+CVE-2021-21956
+ RESERVED
+CVE-2021-21955 (An authentication bypass vulnerability exists in the get_aes_key_info_ ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21954 (A command execution vulnerability exists in the wifi_country_code_upda ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21953 (An authentication bypass vulnerability exists in the process_msg() fun ...)
+ NOT-FOR-US: Anker Eufy Homebase 2
+CVE-2021-21952 (An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RS ...)
+ NOT-FOR-US: Anker Eufy Homebase 2
+CVE-2021-21951 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21950 (An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERV ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21949
+ RESERVED
+CVE-2021-21948
+ RESERVED
+CVE-2021-21947
+ RESERVED
+CVE-2021-21946
+ RESERVED
+CVE-2021-21945
+ RESERVED
+CVE-2021-21944
+ RESERVED
+CVE-2021-21943
+ RESERVED
+CVE-2021-21942
+ RESERVED
+CVE-2021-21941 (A use-after-free vulnerability exists in the pushMuxer CreatePushThrea ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21940 (A heap-based buffer overflow vulnerability exists in the pushMuxer pro ...)
+ NOT-FOR-US: Anker Eufy Homebase
+CVE-2021-21939
+ RESERVED
+CVE-2021-21938
+ RESERVED
+CVE-2021-21937 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21936 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21935 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21934 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21933 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21932 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21931 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21930 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21929 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21928 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21927 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21926 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21925 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21924 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21923 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21922 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21921 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21920 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21919 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21918 (A specially-crafted HTTP request can lead to SQL injection. An attacke ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21917 (An exploitable SQL injection vulnerability exist in the &#8216;group_l ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21916 (An exploitable SQL injection vulnerability exist in the &#8216;group_l ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21915 (An exploitable SQL injection vulnerability exist in the &#8216;group_l ...)
+ NOT-FOR-US: Advantech
+CVE-2021-21914
+ RESERVED
+CVE-2021-21913 (An information disclosure vulnerability exists in the WiFi Smart Mesh ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-21912 (A privilege escalation vulnerability exists in the Windows version of ...)
+ NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
+CVE-2021-21911 (A privilege escalation vulnerability exists in the Windows version of ...)
+ NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
+CVE-2021-21910 (A privilege escalation vulnerability exists in the Windows version of ...)
+ NOT-FOR-US: Advantech R-SeeNet Advantech R-SeeNet
+CVE-2021-21909 (Specially-crafted command line arguments can lead to arbitrary file de ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21908 (Specially-crafted command line arguments can lead to arbitrary file de ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21907 (A directory traversal vulnerability exists in the CMA CLI getenv comma ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21906 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21905 (Stack-based buffer overflow vulnerability exists in how the CMA readfi ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21904 (A directory traversal vulnerability exists in the CMA CLI setenv comma ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21903 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21902 (An authentication bypass vulnerability exists in the CMA run_server_68 ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21901 (A stack-based buffer overflow vulnerability exists in the CMA check_ud ...)
+ NOT-FOR-US: Garrett Metal Detectors iC Module CMA
+CVE-2021-21900 (A code execution vulnerability exists in the dxfRW::processLType() fun ...)
+ {DSA-5077-1 DLA-2838-1}
+ - librecad 2.1.3-2
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351
+ NOTE: librecad bundles libdxfrw
+ NOTE: https://github.com/LibreCAD/libdxfrw/commit/fcd977cc7f8f6cc7f012e5b72d33cf7d77b3fa69
+CVE-2021-21899 (A code execution vulnerability exists in the dwgCompressor::copyCompBy ...)
+ {DSA-5077-1 DLA-2838-1}
+ - librecad 2.1.3-2
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350
+ NOTE: librecad bundles libdxfrw
+ NOTE: https://github.com/LibreCAD/libdxfrw/commit/6417118874333309aa10c4e59f954c3905a6e8b5
+CVE-2021-21898 (A code execution vulnerability exists in the dwgCompressor::decompress ...)
+ {DSA-5077-1 DLA-2838-1}
+ - librecad 2.1.3-2
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349
+ NOTE: librecad bundles libdxfrw
+ NOTE: https://github.com/LibreCAD/libdxfrw/commit/ba3fa95648bef948e008dfbdd31a4d21badd71f0
+CVE-2021-21897 (A code execution vulnerability exists in the DL_Dxf::handleLWPolylineD ...)
+ - dxflib 3.26.4-1
+ [bullseye] - dxflib <no-dsa> (Minor issue)
+ [buster] - dxflib <no-dsa> (Minor issue)
+ [stretch] - dxflib <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346
+ NOTE: https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8
+ TODO: check, horizon-eda, cloudcompare, kicad embedds it, but needs to check if actually used and issue affects those
+CVE-2021-21896 (A directory traversal vulnerability exists in the Web Manager FsBrowse ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21895 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21894 (A directory traversal vulnerability exists in the Web Manager FsTFtp f ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21893 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2021-21892 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21891 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21890 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21889 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21888 (An OS command injection vulnerability exists in the Web Manager SslGen ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21887 (A stack-based buffer overflow vulnerability exists in the Web Manager ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21886 (A directory traversal vulnerability exists in the Web Manager FSBrowse ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21885 (A directory traversal vulnerability exists in the Web Manager FsMove f ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21884 (An OS command injection vulnerability exists in the Web Manager SslGen ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21883 (An OS command injection vulnerability exists in the Web Manager Diagno ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21882 (An OS command injection vulnerability exists in the Web Manager FsUnmo ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21881 (An OS command injection vulnerability exists in the Web Manager Wirele ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21880 (A directory traversal vulnerability exists in the Web Manager FsCopyFi ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21879 (A directory traversal vulnerability exists in the Web Manager File Upl ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21878 (A local file inclusion vulnerability exists in the Web Manager Applica ...)
+ NOT-FOR-US: Lantronix PremierWave
+CVE-2021-21877 (Specially-crafted HTTP requests can lead to arbitrary command executio ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21876 (Specially-crafted HTTP requests can lead to arbitrary command executio ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21875 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21874 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21873 (A specially-crafted HTTP request can lead to arbitrary command executi ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21872 (An OS command injection vulnerability exists in the Web Manager Diagno ...)
+ NOT-FOR-US: Lantronix
+CVE-2021-21871 (A memory corruption vulnerability exists in the DMG File Format Handle ...)
+ NOT-FOR-US: PowerISO
+CVE-2021-21870 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2021-21869 (An unsafe deserialization vulnerability exists in the Engine.plugin Pr ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21868 (An unsafe deserialization vulnerability exists in the ObjectManager.pl ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21867 (An unsafe deserialization vulnerability exists in the ObjectManager.pl ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21866 (A unsafe deserialization vulnerability exists in the ObjectManager.plu ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21865 (A unsafe deserialization vulnerability exists in the PackageManagement ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21864 (A unsafe deserialization vulnerability exists in the ComponentModel Co ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21863 (A unsafe deserialization vulnerability exists in the ComponentModel Pr ...)
+ NOT-FOR-US: CODESYS
+CVE-2021-21862 (Multiple exploitable integer truncation vulnerabilities exist within t ...)
+ - gpac <not-affected> (Vulnerable code not present)
+ NOTE: Introduced in https://github.com/gpac/gpac/commit/69ae9059fc
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+ NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21861 (An exploitable integer truncation vulnerability exists within the MPEG ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+ NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21860 (An exploitable integer truncation vulnerability exists within the MPEG ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+ NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21859 (An exploitable integer truncation vulnerability exists within the MPEG ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1298
+ NOTE: https://github.com/gpac/gpac/commit/8cd33e8977fd5f4215e4b67c309fd403762bfeb7
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21858 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+ NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21857 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+ NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21856 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ - gpac <not-affected> (Vulnerable code not present)
+ NOTE: Introduced in https://github.com/gpac/gpac/commit/35c4644cb5
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+ NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21855 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+ NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21854 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+ NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21853 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1299
+ NOTE: https://github.com/gpac/gpac/commit/bbd741e0e5a6e7e1e90a73c350acc061dde9450b
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21852 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ - ccextractor 0.93+ds2-1 (bug #994746)
+ [bullseye] - ccextractor <no-dsa> (Minor issue)
+ [buster] - ccextractor <no-dsa> (Minor issue)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/commit/592ba2689a3f2fc787371eda490fde4f84e60315
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21851 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ - gpac <not-affected> (Vulnerable code not present)
+ NOTE: Introduced in https://github.com/gpac/gpac/commit/0f9761c48541bc01f0c619b7d02916d28e87dea9
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21850 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21849 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21848 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21847 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21846 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21845 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21844 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21843 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21842 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21841 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21840 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21839 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21838 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21837 (Multiple exploitable integer overflow vulnerabilities exist within the ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21836 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21835 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ - gpac <not-affected> (Vulnerable code not present)
+ NOTE: Introduced in https://github.com/gpac/gpac/commit/0f9761c48541bc01f0c619b7d02916d28e87dea9
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21834 (An exploitable integer overflow vulnerability exists within the MPEG-4 ...)
+ {DSA-4966-1}
+ - gpac 1.0.1+dfsg1-5
+ [buster] - gpac <not-affected> (Vulnerable code not present)
+ [stretch] - gpac <not-affected> (Vulnerable code not present)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1297
+ NOTE: https://github.com/gpac/gpac/commit/b515fd04f5f00f4a99df741042f1efb31ad56351
+ NOTE: https://github.com/gpac/gpac/issues/1814
+CVE-2021-21833 (An improper array index validation vulnerability exists in the TIF IP_ ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21832 (A memory corruption vulnerability exists in the ISO Parsing functional ...)
+ NOT-FOR-US: Disc Soft Ltd Deamon Tools Pro
+CVE-2021-21831 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2021-21830 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21829 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21828 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ NOT-FOR-US: AT&T Labs Xmill
+CVE-2021-21827 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ NOT-FOR-US: AT&T Labs Xmill
+CVE-2021-21826 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ NOT-FOR-US: AT&T Labs Xmill
+CVE-2021-21825 (A heap-based buffer overflow vulnerability exists in the XML Decompres ...)
+ NOT-FOR-US: AT&T Labs Xmill
+CVE-2021-21824 (An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21823 (An information disclosure vulnerability exists in the Friend finder fu ...)
+ NOT-FOR-US: GmbH Komoot
+CVE-2021-21822 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
+ NOT-FOR-US: Foxit
+CVE-2021-21821 (A stack-based buffer overflow vulnerability exists in the PDF process_ ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21820 (A hard-coded password vulnerability exists in the Libcli Test Environm ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-21819 (A code execution vulnerability exists in the Libcli Test Environment f ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-21818 (A hard-coded password vulnerability exists in the Zebra IP Routing Man ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-21817 (An information disclosure vulnerability exists in the Zebra IP Routing ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-21816 (An information disclosure vulnerability exists in the Syslog functiona ...)
+ NOT-FOR-US: D-LINK
+CVE-2021-21815 (A stack-based buffer overflow vulnerability exists in the command-line ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21814 (Within the function HandleFileArg the argument filepattern is under co ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21813 (Within the function HandleFileArg the argument filepattern is under co ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21812 (A stack-based buffer overflow vulnerability exists in the command-line ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21811 (A memory corruption vulnerability exists in the XML-parsing CreateLabe ...)
+ NOT-FOR-US: Xmill (AT&T Labs)
+CVE-2021-21810 (A memory corruption vulnerability exists in the XML-parsing ParseAttri ...)
+ NOT-FOR-US: AT&T Labs Xmill
+CVE-2021-21809 (A command execution vulnerability exists in the default legacy spellch ...)
+ NOT-FOR-US: Moodle plugin
+CVE-2021-21808 (A memory corruption vulnerability exists in the PNG png_palette_proces ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21807 (An integer overflow vulnerability exists in the DICOM parse_dicom_meta ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21806 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1214
+CVE-2021-21805 (An OS Command Injection vulnerability exists in the ping.php script fu ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21804 (A local file inclusion (LFI) vulnerability exists in the options.php s ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21803 (This vulnerability is present in device_graph_page.php script, which i ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21802 (This vulnerability is present in device_graph_page.php script, which i ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21801 (This vulnerability is present in device_graph_page.php script, which i ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21800 (Cross-site scripting vulnerabilities exist in the ssh_form.php script ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21799 (Cross-site scripting vulnerabilities exist in the telnet_form.php scri ...)
+ NOT-FOR-US: Advantech R-SeeNet
+CVE-2021-21798 (An exploitable return of stack variable address vulnerability exists i ...)
+ NOT-FOR-US: Nitro Pro PDF
+CVE-2021-21797 (An exploitable double-free vulnerability exists in the JavaScript impl ...)
+ NOT-FOR-US: Nitro Pro PDF
+CVE-2021-21796 (An exploitable use-after-free vulnerability exists in the JavaScript i ...)
+ NOT-FOR-US: Nitro Pro PDF
+CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD read_icc_ ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21794 (An out-of-bounds write vulnerability exists in the TIF bits_per_sample ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21793 (An out-of-bounds write vulnerability exists in the JPG sof_nb_comp hea ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21792 (An information disclosure vulnerability exists in the the way IOBit Ad ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21791 (An information disclosure vulnerability exists in the the way IOBit Ad ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21790 (An information disclosure vulnerability exists in the the way IOBit Ad ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21789 (A privilege escalation vulnerability exists in the way IOBit Advanced ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21788 (A privilege escalation vulnerability exists in the way IOBit Advanced ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21787 (A privilege escalation vulnerability exists in the way IOBit Advanced ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21786 (A privilege escalation vulnerability exists in the IOCTL 0x9c406144 ha ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21785 (An information disclosure vulnerability exists in the IOCTL 0x9c40a148 ...)
+ NOT-FOR-US: IOBit
+CVE-2021-21784 (An out-of-bounds write vulnerability exists in the JPG format SOF mark ...)
+ NOT-FOR-US: Accusoft ImageGear
+CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...)
+ - gsoap <unfixed> (unimportant)
+ NOTE: Mis-assignment/report, see #987273. Should be rejected
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245
+CVE-2021-21782 (An out-of-bounds write vulnerability exists in the SGI format buffer s ...)
+ NOT-FOR-US: ImageGear
+CVE-2021-21781 (An information disclosure vulnerability exists in the ARM SIGPAGE func ...)
+ {DLA-2713-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.177-1
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243
+ NOTE: https://git.kernel.org/linus/9c698bff66ab4914bb3d71da7dc6112519bde23e
+CVE-2021-21780
+ RESERVED
+CVE-2021-21779 (A use-after-free vulnerability exists in the way Webkit&#8217;s Graphi ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [bullseye] - webkit2gtk <postponed> (Fix along with next update round)
+ [buster] - webkit2gtk <postponed> (Fix along with next update round)
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ [bullseye] - wpewebkit <postponed> (Minor issue, fix along with next update)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1238
+CVE-2021-21778 (A denial of service vulnerability exists in the ASDU message processin ...)
+ NOT-FOR-US: MZ Automation GmbH lib60870.NET
+CVE-2021-21777 (An information disclosure vulnerability exists in the Ethernet/IP UDP ...)
+ NOT-FOR-US: EIP Stack Group OpENer
+CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...)
+ NOT-FOR-US: ImageGear
+CVE-2021-21775 (A use-after-free vulnerability exists in the way certain events are pr ...)
+ {DSA-4945-1}
+ - webkit2gtk 2.32.3-1
+ [bullseye] - webkit2gtk <postponed> (Fix along with next update round)
+ [buster] - webkit2gtk <postponed> (Fix along with next update round)
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.3-1
+ [bullseye] - wpewebkit <postponed> (Minor issue, fix along with next update)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1229
+CVE-2021-21774
+ REJECTED
+CVE-2021-21773 (An out-of-bounds write vulnerability exists in the TIFF header count-p ...)
+ NOT-FOR-US: ImageGear
+CVE-2021-21772 (A use-after-free vulnerability exists in the NMR::COpcPackageReader::r ...)
+ {DSA-4887-1}
+ - lib3mf 1.8.1+ds-4 (bug #985092)
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226
+CVE-2021-21771
+ RESERVED
+CVE-2021-21770
+ RESERVED
+CVE-2021-21769
+ RESERVED
+CVE-2021-21768
+ RESERVED
+CVE-2021-21767
+ RESERVED
+CVE-2021-21766
+ RESERVED
+CVE-2021-21765
+ RESERVED
+CVE-2021-21764
+ RESERVED
+CVE-2021-21763
+ RESERVED
+CVE-2021-21762
+ RESERVED
+CVE-2021-21761
+ RESERVED
+CVE-2021-21760
+ RESERVED
+CVE-2021-21759
+ RESERVED
+CVE-2021-21758
+ RESERVED
+CVE-2021-21757
+ RESERVED
+CVE-2021-21756
+ RESERVED
+CVE-2021-21755
+ RESERVED
+CVE-2021-21754
+ RESERVED
+CVE-2021-21753
+ RESERVED
+CVE-2021-21752
+ RESERVED
+CVE-2021-21751 (ZTE BigVideo analysis product has an input verification vulnerability. ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21750 (ZTE BigVideo Analysis product has a privilege escalation vulnerability ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21749 (ZTE MF971R product has two stack-based buffer overflow vulnerabilities ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21748 (ZTE MF971R product has two stack-based buffer overflow vulnerabilities ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21747 (ZTE MF971R product has reflective XSS vulnerability. An attacker could ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21746 (ZTE MF971R product has reflective XSS vulnerability. An attacker could ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21745 (ZTE MF971R product has a Referer authentication bypass vulnerability. ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21744 (ZTE MF971R product has a configuration file control vulnerability. An ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21743 (ZTE MF971R product has a CRLF injection vulnerability. An attacker cou ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21742 (There is an information leak vulnerability in the message service app ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21741 (A conference management system of ZTE is impacted by a command executi ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21740 (There is an information leak vulnerability in the digital media player ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21739 (A ZTE's product of the transport network access layer has a security v ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21738 (ZTE's big video business platform has two reflective cross-site script ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21737 (A smart STB product of ZTE is impacted by a permission and access cont ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21736 (A smart camera product of ZTE is impacted by a permission and access c ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21735 (A ZTE product has an information leak vulnerability. Due to improper p ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21734 (Some PON MDU devices of ZTE stored sensitive information in plaintext, ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21733 (The management system of ZXCDN is impacted by the information leak vul ...)
+ NOT-FOR-US: ZXCDN
+CVE-2021-21732 (A mobile phone of ZTE is impacted by improper access control vulnerabi ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21731 (A CSRF vulnerability exists in the management page of a ZTE product.Th ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21730 (A ZTE product is impacted by improper access control vulnerability. Th ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21729 (Some ZTE products have CSRF vulnerability. Because some pages lack CSR ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21728 (A ZTE product has a configuration error vulnerability. Because a certa ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21727 (A ZTE product has a DoS vulnerability. A remote attacker can amplify t ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21726 (Some ZTE products have an input verification vulnerability in the diag ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21724 (A ZTE product has a memory leak vulnerability. Due to the product's im ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21723 (Some ZTE products have a DoS vulnerability. Due to the improper handli ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21722 (A ZTE Smart STB is impacted by an information leak vulnerability. The ...)
+ NOT-FOR-US: ZTE
+CVE-2021-21721
+ RESERVED
+CVE-2021-21720
+ RESERVED
+CVE-2021-21719
+ RESERVED
+CVE-2021-21718
+ RESERVED
+CVE-2021-21717
+ RESERVED
+CVE-2021-21716
+ RESERVED
+CVE-2021-21715
+ RESERVED
+CVE-2021-21714
+ RESERVED
+CVE-2021-21713
+ RESERVED
+CVE-2021-21712
+ RESERVED
+CVE-2021-21711
+ RESERVED
+CVE-2021-21710
+ RESERVED
+CVE-2021-21709
+ RESERVED
+CVE-2021-21708
+ RESERVED
+ {DSA-5082-1}
+ - php8.1 <unfixed>
+ - php7.4 <removed>
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in 8.1.3, 7.4.28
+ NOTE: PHP Bug: https://bugs.php.net/81708
+CVE-2021-21707 (In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...)
+ {DSA-5082-1}
+ - php8.1 8.1.0-1
+ - php8.0 <removed>
+ - php7.4 7.4.26-1
+ - php7.3 <removed>
+ [buster] - php7.3 <no-dsa> (Minor issue, fix along with next DSA)
+ - php7.0 <removed>
+ [stretch] - php7.0 <no-dsa> (Minor issue, fix along with next DLA)
+ NOTE: Fixed in 8.1.0, 8.0.13, 7.4.26, 7.3.33
+ NOTE: PHP Bug: https://bugs.php.net/79971
+ NOTE: https://github.com/php/php-src/commit/f15f8fc573eb38c3c73e23e0930063a6f6409ed4
+CVE-2021-21706 (In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below ...)
+ - php8.0 <not-affected> (Windows specific issue)
+ - php7.4 <not-affected> (Windows specific issue)
+ - php7.3 <not-affected> (Windows specific issue)
+ - php7.0 <not-affected> (Windows specific issue)
+ NOTE: Fixed in 8.0.11, 7.4.24, 7.3.31
+ NOTE: PHP Bug: https://bugs.php.net/81420
+CVE-2021-21705 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...)
+ {DSA-4935-1 DLA-2708-1}
+ - php8.0 8.0.8-1 (bug #990575)
+ - php7.4 7.4.21-1+deb11u1
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in 8.0.8, 7.4.21, 7.3.29
+ NOTE: PHP Bug: https://bugs.php.net/81122
+CVE-2021-21704 (In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...)
+ {DSA-4935-1 DLA-2708-1}
+ - php8.0 8.0.8-1 (bug #990575)
+ - php7.4 7.4.21-1+deb11u1
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in 8.0.8, 7.4.21, 7.3.29
+ NOTE: PHP Bug: https://bugs.php.net/76448
+ NOTE: PHP Bug: https://bugs.php.net/76449
+ NOTE: PHP Bug: https://bugs.php.net/76450
+ NOTE: PHP Bug: https://bugs.php.net/76452
+CVE-2021-21703 (In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 a ...)
+ {DSA-4993-1 DSA-4992-1 DLA-2794-1}
+ - php8.0 <removed>
+ - php7.4 7.4.26-1 (bug #997003)
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in 8.0.12, 7.4.25
+ NOTE: PHP Bug: http://bugs.php.net/81026
+ NOTE: https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b
+ NOTE: https://www.ambionics.io/blog/php-fpm-local-root
+ NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/7
+CVE-2021-21702 (In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...)
+ {DSA-4856-1 DLA-2708-1}
+ - php8.0 8.0.2-1
+ - php7.4 7.4.15-1
+ - php7.3 <removed>
+ - php7.0 <removed>
+ NOTE: Fixed in PHP 8.0.2, 7.4.15, 7.3.27
+ NOTE: PHP Bug: https://bugs.php.net/80672
+CVE-2021-21701 (Jenkins Performance Plugin 3.20 and earlier does not configure its XML ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21700 (Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of s ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21699 (Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the pa ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21698 (Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the nam ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21697 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to ...)
+ - jenkins <removed>
+CVE-2021-21696 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agen ...)
+ - jenkins <removed>
+CVE-2021-21695 (FilePath#listFiles lists files outside directories that agents are all ...)
+ - jenkins <removed>
+CVE-2021-21694 (FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isD ...)
+ - jenkins <removed>
+CVE-2021-21693 (When creating temporary files, agent-to-controller access to create th ...)
+ - jenkins <removed>
+CVE-2021-21692 (FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and ...)
+ - jenkins <removed>
+CVE-2021-21691 (Creating symbolic links is possible without the 'symlink' agent-to-con ...)
+ - jenkins <removed>
+CVE-2021-21690 (Agent processes are able to completely bypass file path filtering by w ...)
+ - jenkins <removed>
+CVE-2021-21689 (FilePath#unzip and FilePath#untar were not subject to any agent-to-con ...)
+ - jenkins <removed>
+CVE-2021-21688 (The agent-to-controller security check FilePath#reading(FileVisitor) i ...)
+ - jenkins <removed>
+CVE-2021-21687 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agen ...)
+ - jenkins <removed>
+CVE-2021-21686 (File path filters in the agent-to-controller security subsystem of Jen ...)
+ - jenkins <removed>
+CVE-2021-21685 (Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agen ...)
+ - jenkins <removed>
+CVE-2021-21684 (Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 che ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21683 (The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier ...)
+ - jenkins <removed>
+CVE-2021-21682 (Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jo ...)
+ - jenkins <removed>
+CVE-2021-21681 (Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencry ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21680 (Jenkins Nested View Plugin 1.20 and earlier does not configure its XML ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21679 (Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21678 (Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs t ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21677 (Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenk ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21676 (Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a pe ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21675 (A cross-site request forgery (CSRF) vulnerability in Jenkins requests- ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21674 (A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21673 (Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21672 (Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21671 (Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate ...)
+ - jenkins <removed>
+CVE-2021-21670 (Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to can ...)
+ - jenkins <removed>
+CVE-2021-21669 (Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not confi ...)
+ NOT-FOR-US: Jenkins Generic Webhook Trigger Plugin
+CVE-2021-21668 (Jenkins Scriptler Plugin 3.1 and earlier does not escape script conten ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21667 (Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter nam ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21666 (Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query paramete ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21665 (A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21664 (An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10 ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21663 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21662 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0. ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21661 (Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform perm ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21660 (Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21659 (Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21658 (Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21657 (Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21656 (Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21655 (A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21654 (Jenkins P4 Plugin 1.11.4 and earlier does not perform permission check ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21653 (Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21652 (A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Te ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21651 (Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a perm ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21650 (Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Ar ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21649 (Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs re ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21648 (Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-con ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21647 (Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a perm ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21646 (Jenkins Templating Engine Plugin 2.1 and earlier does not protect its ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21645 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21644 (A cross-site request forgery (CSRF) vulnerability in Jenkins Config Fi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21643 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not correct ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21642 (Jenkins Config File Provider Plugin 3.7.0 and earlier does not configu ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21641 (A cross-site request forgery (CSRF) vulnerability in Jenkins promoted ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21640 (Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly c ...)
+ - jenkins <removed>
+CVE-2021-21639 (Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate t ...)
+ - jenkins <removed>
+CVE-2021-21638 (A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foun ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21637 (A missing permission check in Jenkins Team Foundation Server Plugin 5. ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21636 (A missing permission check in Jenkins Team Foundation Server Plugin 5. ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21635 (Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21634 (Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier sto ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21633 (A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dep ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21632 (A missing permission check in Jenkins OWASP Dependency-Track Plugin 3. ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21631 (Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a pe ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21630 (Jenkins Extra Columns Plugin 1.22 and earlier does not escape paramete ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21629 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build Wit ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21628 (Jenkins Build With Parameters Plugin 1.5 and earlier does not escape p ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21627 (A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt A ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21626 (Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not per ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21625 (Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not per ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21624 (An incorrect permission check in Jenkins Role-based Authorization Stra ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21623 (An incorrect permission check in Jenkins Matrix Authorization Strategy ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21622 (Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does no ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21621 (Jenkins Support Core Plugin 2.72 and earlier provides the serialized u ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21620 (A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plu ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21619 (Jenkins Claim Plugin 2.18.1 and earlier does not escape the user displ ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21618 (Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21617 (A cross-site request forgery (CSRF) vulnerability in Jenkins Configura ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21616 (Jenkins Active Choices Plugin 2.5.2 and earlier does not escape refere ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21615 (Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the ...)
+ - jenkins <removed>
+CVE-2021-21614 (Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials u ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21613 (Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS servic ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21612 (Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credenti ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2021-21611 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape dis ...)
+ - jenkins <removed>
+CVE-2021-21610 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement ...)
+ - jenkins <removed>
+CVE-2021-21609 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly ...)
+ - jenkins <removed>
+CVE-2021-21608 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape but ...)
+ - jenkins <removed>
+CVE-2021-21607 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit size ...)
+ - jenkins <removed>
+CVE-2021-21606 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validate ...)
+ - jenkins <removed>
+CVE-2021-21605 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with A ...)
+ - jenkins <removed>
+CVE-2021-21604 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers wi ...)
+ - jenkins <removed>
+CVE-2021-21603 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape not ...)
+ - jenkins <removed>
+CVE-2021-21602 (Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbi ...)
+ - jenkins <removed>
+CVE-2021-21601 (Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and p ...)
+ NOT-FOR-US: EMC
+CVE-2021-21600 (Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource co ...)
+ NOT-FOR-US: EMC
+CVE-2021-21599 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS comma ...)
+ NOT-FOR-US: EMC
+CVE-2021-21598 (Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive ...)
+ NOT-FOR-US: Dell Wyse ThinOS
+CVE-2021-21597 (Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclo ...)
+ NOT-FOR-US: Dell Wyse ThinOS
+CVE-2021-21596 (Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenMan ...)
+ NOT-FOR-US: Dell OpenManage Enterprise
+CVE-2021-21595 (Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper ...)
+ NOT-FOR-US: EMC
+CVE-2021-21594 (Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get re ...)
+ NOT-FOR-US: Dell
+CVE-2021-21593
+ RESERVED
+CVE-2021-21592 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an ...)
+ NOT-FOR-US: EMC
+CVE-2021-21591 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21590 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21589 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21588 (Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vu ...)
+ NOT-FOR-US: EMC
+CVE-2021-21587 (Dell Wyse Management Suite versions 3.2 and earlier contain a full pat ...)
+ NOT-FOR-US: Dell
+CVE-2021-21586 (Wyse Management Suite versions 3.2 and earlier contain an absolute pat ...)
+ NOT-FOR-US: Dell
+CVE-2021-21585 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS comma ...)
+ NOT-FOR-US: Dell OpenManage Enterprise
+CVE-2021-21584 (Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modul ...)
+ NOT-FOR-US: Dell OpenManage Enterprise
+CVE-2021-21583
+ RESERVED
+CVE-2021-21582
+ RESERVED
+CVE-2021-21581 (Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scri ...)
+ NOT-FOR-US: EMC
+CVE-2021-21580 (Dell EMC iDRAC8 versions prior to 2.80.80.80 &amp; Dell EMC iDRAC9 ver ...)
+ NOT-FOR-US: EMC
+CVE-2021-21579 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect ...)
+ NOT-FOR-US: EMC
+CVE-2021-21578 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect ...)
+ NOT-FOR-US: EMC
+CVE-2021-21577 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross ...)
+ NOT-FOR-US: EMC
+CVE-2021-21576 (Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross ...)
+ NOT-FOR-US: EMC
+CVE-2021-21575
+ RESERVED
+CVE-2021-21574 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
+ NOT-FOR-US: Dell
+CVE-2021-21573 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
+ NOT-FOR-US: Dell
+CVE-2021-21572 (Dell BIOSConnect feature contains a buffer overflow vulnerability. An ...)
+ NOT-FOR-US: Dell
+CVE-2021-21571 (Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature a ...)
+ NOT-FOR-US: Dell
+CVE-2021-21570 (Dell NetWorker, versions 18.x and 19.x contain an Information disclosu ...)
+ NOT-FOR-US: Dell
+CVE-2021-21569 (Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulner ...)
+ NOT-FOR-US: Dell
+CVE-2021-21568 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficie ...)
+ NOT-FOR-US: EMC
+CVE-2021-21567 (Dell PowerScale OneFS 9.1.0.x contains an improper privilege managemen ...)
+ NOT-FOR-US: Dell
+CVE-2021-21566
+ RESERVED
+CVE-2021-21565 (Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of ...)
+ NOT-FOR-US: Dell
+CVE-2021-21564 (Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper ...)
+ NOT-FOR-US: Dell
+CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper C ...)
+ NOT-FOR-US: EMC
+CVE-2021-21562 (Dell EMC PowerScale OneFS contains an untrusted search path vulnerabil ...)
+ NOT-FOR-US: EMC
+CVE-2021-21561 (Dell PowerScale OneFS version 8.1.2 contains a sensitive information e ...)
+ NOT-FOR-US: Dell
+CVE-2021-21560
+ RESERVED
+CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21558 (Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, co ...)
+ NOT-FOR-US: EMC
+CVE-2021-21557 (Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain ...)
+ NOT-FOR-US: Dell
+CVE-2021-21556 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...)
+ NOT-FOR-US: Dell
+CVE-2021-21555 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...)
+ NOT-FOR-US: Dell
+CVE-2021-21554 (Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, ...)
+ NOT-FOR-US: Dell
+CVE-2021-21553 (Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User M ...)
+ NOT-FOR-US: Dell
+CVE-2021-21552 (Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier ...)
+ NOT-FOR-US: Dell
+CVE-2021-21551 (Dell dbutil_2_3.sys driver contains an insufficient access control vul ...)
+ NOT-FOR-US: Dell
+CVE-2021-21550 (Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralizati ...)
+ NOT-FOR-US: EMC
+CVE-2021-21549 (Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Reque ...)
+ NOT-FOR-US: EMC
+CVE-2021-21548
+ RESERVED
+CVE-2021-21547 (Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21546 (Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 c ...)
+ NOT-FOR-US: EMC
+CVE-2021-21545 (Dell Peripheral Manager 1.3.1 or greater contains remediation for a lo ...)
+ NOT-FOR-US: Dell
+CVE-2021-21544 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authe ...)
+ NOT-FOR-US: EMC
+CVE-2021-21543 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored c ...)
+ NOT-FOR-US: EMC
+CVE-2021-21542 (Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored c ...)
+ NOT-FOR-US: EMC
+CVE-2021-21541 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross ...)
+ NOT-FOR-US: EMC
+CVE-2021-21540 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based ove ...)
+ NOT-FOR-US: EMC
+CVE-2021-21539 (Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check T ...)
+ NOT-FOR-US: EMC
+CVE-2021-21538 (Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21537 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
+ NOT-FOR-US: Dell Hybrid Client
+CVE-2021-21536 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
+ NOT-FOR-US: Dell Hybrid Client
+CVE-2021-21535 (Dell Hybrid Client versions prior to 1.5 contain a missing authenticat ...)
+ NOT-FOR-US: Dell Hybrid Client
+CVE-2021-21534 (Dell Hybrid Client versions prior to 1.5 contain an information exposu ...)
+ NOT-FOR-US: Dell Hybrid Client
+CVE-2021-21533 (Wyse Management Suite versions up to 3.2 contains a vulnerability wher ...)
+ NOT-FOR-US: Wyse Management Suite
+CVE-2021-21532 (Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper manageme ...)
+ NOT-FOR-US: Dell Wyse ThinOS
+CVE-2021-21531 (Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Autho ...)
+ NOT-FOR-US: Dell
+CVE-2021-21530 (Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 c ...)
+ NOT-FOR-US: Dell
+CVE-2021-21529 (Dell System Update (DSU) 1.9 and earlier versions contain a denial of ...)
+ NOT-FOR-US: Dell System Update (DSU)
+CVE-2021-21528 (Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an ...)
+ NOT-FOR-US: EMC
+CVE-2021-21527 (Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization o ...)
+ NOT-FOR-US: Dell
+CVE-2021-21526 (Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in ...)
+ NOT-FOR-US: Dell PowerScale OneFS
+CVE-2021-21525
+ RESERVED
+CVE-2021-21524 (Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5. ...)
+ NOT-FOR-US: Dell
+CVE-2021-21523
+ RESERVED
+CVE-2021-21522 (Dell BIOS contains a Credentials Management issue. A local authenticat ...)
+ NOT-FOR-US: Dell
+CVE-2021-21521
+ RESERVED
+CVE-2021-21520
+ RESERVED
+CVE-2021-21519
+ RESERVED
+CVE-2021-21518 (Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4. ...)
+ NOT-FOR-US: Dell SupportAssist Client for Consumer PCs
+CVE-2021-21517 (SRS Policy Manager 6.X is affected by an XML External Entity Injection ...)
+ NOT-FOR-US: SRS Policy Manager
+CVE-2021-21516
+ RESERVED
+CVE-2021-21515 (Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross ...)
+ NOT-FOR-US: EMC
+CVE-2021-21514 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior ...)
+ NOT-FOR-US: EMC
+CVE-2021-21513 (Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft ...)
+ NOT-FOR-US: EMC
+CVE-2021-21512 (Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an In ...)
+ NOT-FOR-US: EMC
+CVE-2021-21511 (Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Aut ...)
+ NOT-FOR-US: EMC Avamar Server
+CVE-2021-21510 (Dell iDRAC8 versions prior to 2.75.100.75 contain a host header inject ...)
+ NOT-FOR-US: Dell iDRAC8
+CVE-2021-21509
+ RESERVED
+CVE-2021-21508
+ RESERVED
+CVE-2021-21507 (Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and De ...)
+ NOT-FOR-US: EMC
+CVE-2021-21506 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...)
+ NOT-FOR-US: PowerScale OneFS
+CVE-2021-21505 (Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 190 ...)
+ NOT-FOR-US: EMC
+CVE-2021-21504
+ RESERVED
+CVE-2021-21503 (PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sani ...)
+ NOT-FOR-US: PowerScale OneFS
+CVE-2021-21502 (Dell PowerScale OneFS versions 8.1.0 &#8211; 9.1.0 contain a "use of S ...)
+ NOT-FOR-US: Dell
+CVE-2021-21501 (Improper configuration will cause ServiceComb ServiceCenter Directory ...)
+ NOT-FOR-US: Apache ServiceComb
+CVE-2021-21500
+ RESERVED
+CVE-2021-21499
+ RESERVED
+CVE-2021-21498
+ RESERVED
+CVE-2021-21497
+ RESERVED
+CVE-2021-21496
+ RESERVED
+CVE-2021-3007 (** DISPUTED ** Laminas Project laminas-http before 2.14.2, and Zend Fr ...)
+ NOT-FOR-US: laminas-http
+CVE-2021-21495 (MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the ce ...)
+ NOT-FOR-US: MK-AUTH
+CVE-2021-21494 (MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo ...)
+ NOT-FOR-US: MK-AUTH
+CVE-2021-3006 (The breed function in the smart contract implementation for Farm in Se ...)
+ NOT-FOR-US: Farm in Seal Finance (Seal) Ethereum token
+CVE-2021-3005 (MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive ...)
+ NOT-FOR-US: MK-AUTH
+CVE-2021-3004 (The _deposit function in the smart contract implementation for Stable ...)
+ NOT-FOR-US: Stable Yield Credit (yCREDIT) Ethereum token
+CVE-2021-3003 (Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenzi ...)
+ NOT-FOR-US: Agenzia delle Entrate Desktop Telematico
+CVE-2021-3002 (Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?se ...)
+ NOT-FOR-US: Seo Panel
+CVE-2021-3001
+ RESERVED
+CVE-2021-21493 (When a user opens manipulated Graphics Interchange Format (.GIF) forma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21492 (SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, ...)
+ NOT-FOR-US: SAP
+CVE-2021-21491 (SAP Netweaver Application Server Java (Applications based on WebDynpro ...)
+ NOT-FOR-US: SAP
+CVE-2021-21490 (SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, ...)
+ NOT-FOR-US: SAP
+CVE-2021-21489 (SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.3 ...)
+ NOT-FOR-US: SAP
+CVE-2021-21488 (Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allow ...)
+ NOT-FOR-US: Knowledge Management
+CVE-2021-21487 (SAP Payment Engine version 500, does not perform necessary authorizati ...)
+ NOT-FOR-US: SAP
+CVE-2021-21486 (SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 6 ...)
+ NOT-FOR-US: SAP
+CVE-2021-21485 (An unauthorized attacker may be able to entice an administrator to inv ...)
+ NOT-FOR-US: SAP
+CVE-2021-21484 (LDAP authentication in SAP HANA Database version 2.0 can be bypassed i ...)
+ NOT-FOR-US: SAP
+CVE-2021-21483 (Under certain conditions SAP Solution Manager, version - 720, allows a ...)
+ NOT-FOR-US: SAP
+CVE-2021-21482 (SAP NetWeaver Master Data Management, versions - 710, 710.750, allows ...)
+ NOT-FOR-US: SAP
+CVE-2021-21481 (The MigrationService, which is part of SAP NetWeaver versions 7.10, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2021-21480 (SAP MII allows users to create dashboards and save them as JSP through ...)
+ NOT-FOR-US: SAP
+CVE-2021-21479 (In SCIMono before 0.0.19, it is possible for an attacker to inject and ...)
+ NOT-FOR-US: SAP
+CVE-2021-21478 (SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious ...)
+ NOT-FOR-US: SAP
+CVE-2021-21477 (SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certa ...)
+ NOT-FOR-US: SAP
+CVE-2021-21476 (SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1 ...)
+ NOT-FOR-US: SAP
+CVE-2021-21475 (Under specific circumstances SAP Master Data Management, versions - 71 ...)
+ NOT-FOR-US: SAP
+CVE-2021-21474 (SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 d ...)
+ NOT-FOR-US: SAP
+CVE-2021-21473 (SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711 ...)
+ NOT-FOR-US: SAP
+CVE-2021-21472 (SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Manag ...)
+ NOT-FOR-US: SAP
+CVE-2021-21471 (In CLA-Assistant, versions before 2.8.5, due to improper access contro ...)
+ NOT-FOR-US: CLA-Assistant
+CVE-2021-21470 (SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in ...)
+ NOT-FOR-US: SAP
+CVE-2021-21469 (When security guidelines for SAP NetWeaver Master Data Management runn ...)
+ NOT-FOR-US: SAP
+CVE-2021-21468 (The BW Database Interface does not perform necessary authorization che ...)
+ NOT-FOR-US: SAP
+CVE-2021-21467 (SAP Banking Services (Generic Market Data) does not perform necessary ...)
+ NOT-FOR-US: SAP
+CVE-2021-21466 (SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 75 ...)
+ NOT-FOR-US: SAP
+CVE-2021-21465 (The BW Database Interface allows an attacker with low privileges to ex ...)
+ NOT-FOR-US: SAP
+CVE-2021-21464 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21463 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21462 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21461 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21460 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21459 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21458 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21457 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21456 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21455 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21454 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21453 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21452 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21451 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21450 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21449 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2021-21448 (SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon ...)
+ NOT-FOR-US: SAP
+CVE-2021-21447 (SAP BusinessObjects Business Intelligence platform, versions 410, 420, ...)
+ NOT-FOR-US: SAP
+CVE-2021-21446 (SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, all ...)
+ NOT-FOR-US: SAP
+CVE-2021-21445 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an ...)
+ NOT-FOR-US: SAP
+CVE-2021-21444 (SAP Business Objects BI Platform, versions - 410, 420, 430, allows mul ...)
+ NOT-FOR-US: SAP
+CVE-2021-21443 (Agents are able to list customer user emails without required permissi ...)
+ - otrs2 6.0.32-6 (bug #991593)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-13/
+ NOTE: https://github.com/znuny/Znuny/commit/48ee5532911be5453cc8bed1e437a64c21bcc072
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+CVE-2021-21442 (In the project create screen it's possible to inject malicious JS code ...)
+ NOT-FOR-US: OTRS TimeAccounting module
+CVE-2021-21441 (There is a XSS vulnerability in the ticket overview screens. It's poss ...)
+ - otrs2 6.0.32-5 (bug #989992)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-11/
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
+ NOTE: src:otrs2 is the znuny fork)
+CVE-2021-21440 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...)
+ - otrs2 6.0.32-6 (bug #991593)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/
+ NOTE: https://github.com/znuny/Znuny/commit/c5c90087d4187da5c456a80289fa088a19511934
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
+CVE-2021-21439 (DoS attack can be performed when an email contains specially designed ...)
+ - otrs2 6.0.32-5 (bug #989992)
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-09/
+ NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
+ NOTE: src:otrs2 is the znuny fork)
+CVE-2021-21438 (Agents are able to see linked FAQ articles without permissions (define ...)
+ NOT-FOR-US: OTRS FAQ addon (and OTRS 7 which is proprietary)
+CVE-2021-21437 (Agents are able to see linked Config Items without permissions, which ...)
+ NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
+CVE-2021-21436 (Agents are able to see and link Config Items without permissions, whic ...)
+ NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
+CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...)
+ - otrs2 <not-affected> (Doesn't affect OTRS as packaged in Debian, see bug #982586)
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-02/
+CVE-2021-21434 (Survey administrator can craft a survey in such way that malicious cod ...)
+ NOT-FOR-US: OTRS Survey addon
+CVE-2021-21433 (Discord Recon Server is a bot that allows you to do your reconnaissanc ...)
+ NOT-FOR-US: Discord Recon Server
+CVE-2021-21432 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
+ NOT-FOR-US: Vela
+CVE-2021-21431 (sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior ...)
+ NOT-FOR-US: sopel-channelmgnt
+CVE-2021-21430 (OpenAPI Generator allows generation of API client libraries (SDK gener ...)
+ NOT-FOR-US: OpenAPI Generator
+CVE-2021-21429 (OpenAPI Generator allows generation of API client libraries, server st ...)
+ NOT-FOR-US: OpenAPI Generator
+CVE-2021-21428 (Openapi generator is a java tool which allows generation of API client ...)
+ NOT-FOR-US: OpenAPI Generator
+CVE-2021-21427 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
+ NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
+CVE-2021-21426 (Magento-lts is a long-term support alternative to Magento Community Ed ...)
+ NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
+CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a way to con ...)
+ NOT-FOR-US: Grav Admin Plugin
+CVE-2021-21424 (Symfony is a PHP framework for web and console applications and a set ...)
+ - symfony 4.4.19+dfsg-2
+ [buster] - symfony <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - symfony <postponed> (Minor issue)
+ NOTE: https://symfony.com/blog/cve-2021-21424-prevent-user-enumeration-in-authentication-mechanisms
+ NOTE: https://github.com/symfony/symfony/commit/f012eee6c6034a94566dff596fe4e16dfc5d9c1f
+CVE-2021-21423 (`projen` is a project generation tool that synthesizes project configu ...)
+ NOT-FOR-US: projen
+CVE-2021-21422 (mongo-express is a web-based MongoDB admin interface, written with Nod ...)
+ NOT-FOR-US: mongo-express
+CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client. Applications that a ...)
+ NOT-FOR-US: node-etsy-client
+CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A vulnerability ...)
+ NOT-FOR-US: vscode-stripe Visual Studio Code extension
+CVE-2021-21419 (Eventlet is a concurrent networking library for Python. A websocket pe ...)
+ - python-eventlet 0.26.1-7 (bug #988342)
+ [buster] - python-eventlet <no-dsa> (Minor issue)
+ [stretch] - python-eventlet <no-dsa> (Minor issue)
+ NOTE: https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2
+ NOTE: Fixed by: https://github.com/eventlet/eventlet/commit/1412f5e4125b4313f815778a1acb4d3336efcd07
+ NOTE: Issue present as well in versions before introduction of per-message-defalte extension
+ NOTE: or compression extension support.
+ NOTE: Patch for 0.20 by SuSE: https://bugzilla.suse.com/attachment.cgi?id=849402&action=diff
+CVE-2021-21418 (ps_emailsubscription is a newsletter subscription module for the Prest ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-21417 (fluidsynth is a software synthesizer based on the SoundFont 2 specific ...)
+ {DLA-2697-1}
+ - fluidsynth 2.1.7-1.1
+ [buster] - fluidsynth 1.1.11-1+deb10u1
+ NOTE: https://github.com/FluidSynth/fluidsynth/issues/808
+ NOTE: https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-6fcq-pxhc-jxc9
+CVE-2021-21416 (django-registration is a user registration package for Django. The dja ...)
+ - python-django-registration <unfixed> (bug #987366)
+ [stretch] - python-django-registration <no-dsa> (Minor issue)
+ NOTE: https://github.com/ubernostrum/django-registration/security/advisories/GHSA-58c7-px5v-82hh
+ NOTE: https://github.com/ubernostrum/django-registration/commit/8206af081e239598cfd15d165d4d8ab9849ee23c
+CVE-2021-21415 (Prisma VS Code a VSCode extension for Prisma schema files. This is a R ...)
+ NOT-FOR-US: Prisma VS Code a VSCode extension
+CVE-2021-21414 (Prisma is an open source ORM for Node.js &amp; TypeScript. As of today ...)
+ NOT-FOR-US: Prisma
+CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...)
+ NOT-FOR-US: Node isolated-vm
+CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...)
+ NOT-FOR-US: Node @thi.ng/egf
+CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...)
+ - oauth2-proxy <itp> (bug #982891)
+CVE-2021-21410 (Contiki-NG is an open-source, cross-platform operating system for Next ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network application ...)
+ {DSA-4885-1}
+ - netty 1:4.1.48-4 (bug #986217)
+ [stretch] - netty <ignored> (Minor issue, fix requires major changes of HTTP2 module)
+ NOTE: Fixed by: https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32
+ NOTE: Is a followup to: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
+CVE-2021-21408 (Smarty is a template engine for PHP, facilitating the separation of pr ...)
+ - smarty3 <unfixed>
+ NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m
+ NOTE: https://github.com/smarty-php/smarty/commit/28519ca00fe6890ef2d464f8400a16188c4b6f36 (3.1.43)
+CVE-2021-21407 (Combodo iTop is an open source, web based IT Service Management tool. ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2021-21406 (Combodo iTop is an open source, web based IT Service Management tool. ...)
+ NOT-FOR-US: Combodo iTop
+CVE-2021-21405 (Lotus is an Implementation of the Filecoin protocol written in Go. BLS ...)
+ NOT-FOR-US: Lotus
+CVE-2021-21404 (Syncthing is a continuous file synchronization program. In Syncthing b ...)
+ - syncthing 1.12.1~ds1-3 (bug #986593)
+ [buster] - syncthing <no-dsa> (Minor issue)
+ [stretch] - syncthing <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h
+ NOTE: https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97
+CVE-2021-21403 (In github.com/kongchuanhujiao/server before version 1.3.21 there is an ...)
+ NOT-FOR-US: kongchuanhujiao
+CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before version 1 ...)
+ NOT-FOR-US: Jellyfin
+CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in ansi C. ...)
+ - nanopb 0.4.4-2 (bug #985844)
+ NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-7mv5-5mxh-qg88
+ NOTE: https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261
+CVE-2021-21400 (wire-webapp is an open-source front end for Wire, a secure collaborati ...)
+ NOT-FOR-US: wire-webapp
+CVE-2021-21399 (Ampache is a web based audio/video streaming application and file mana ...)
+ - ampache <removed>
+CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-21397
+ RESERVED
+CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collaboratio ...)
+ NOT-FOR-US: wire-server
+CVE-2021-21395
+ RESERVED
+CVE-2021-21394 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.28.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-w9fg-xffh-p362
+CVE-2021-21393 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.28.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jrh7-mhhx-6h88
+CVE-2021-21392 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.28.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-5wrh-4jwv-5w78
+CVE-2021-21391 (CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the f ...)
+ - ckeditor <unfixed>
+ [bullseye] - ckeditor <no-dsa> (Minor issue)
+ [buster] - ckeditor <no-dsa> (Minor issue)
+ [stretch] - ckeditor <not-affected> (Introduced in ckeditor5 rewrite)
+ NOTE: https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-3rh3-wfr4-76mj
+CVE-2021-21390 (MinIO is an open-source high performance object storage service and it ...)
+ NOT-FOR-US: MinIO
+CVE-2021-21389 (BuddyPress is an open source WordPress plugin to build a community sit ...)
+ NOT-FOR-US: BuddyPress WordPress plugin
+CVE-2021-21388 (systeminformation is an open source system and OS information library ...)
+ NOT-FOR-US: Node systeminformation
+CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS an ...)
+ NOT-FOR-US: Wrongthink
+CVE-2021-21386 (APKLeaks is an open-source project for scanning APK file for URIs, end ...)
+ NOT-FOR-US: APKLeaks
+CVE-2021-21385 (Mifos-Mobile Android Application for MifosX is an Android Application ...)
+ NOT-FOR-US: Mifos-Mobile Android Application
+CVE-2021-21384 (shescape is a simple shell escape package for JavaScript. In shescape ...)
+ NOT-FOR-US: shescape
+CVE-2021-21383 (Wiki.js an open-source wiki app built on Node.js. Wiki.js before versi ...)
+ NOT-FOR-US: Wiki.js
+CVE-2021-21382 (Restund is an open source NAT traversal server. The restund TURN serve ...)
+ - restund <itp> (bug #804846)
+CVE-2021-21380 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...)
+ - envoyproxy <itp> (bug #987544)
+CVE-2021-21377 (OMERO.web is open source Django-based software for managing microscopy ...)
+ NOT-FOR-US: OMERO.web
+CVE-2021-21376 (OMERO.web is open source Django-based software for managing microscopy ...)
+ NOT-FOR-US: OMERO.web
+CVE-2021-21375 (PJSIP is a free and open source multimedia communication library writt ...)
+ {DLA-2665-1 DLA-2636-1}
+ - pjproject <removed>
+ - ring 20210112.2.b757bac~ds1-1 (bug #986815)
+ [buster] - ring 20190215.1.f152c98~ds1-1+deb10u1
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
+ NOTE: https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
+CVE-2021-21374 (Nimble is a package manager for the Nim programming language. In Nim r ...)
+ - nim 1.4.6+really1.4.2-1 (bug #987272)
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
+ NOTE: Initially fixed in 1.4.6-1, but then reverted to 1.4.2 due to bullseye freeze
+CVE-2021-21373 (Nimble is a package manager for the Nim programming language. In Nim r ...)
+ - nim 1.4.6+really1.4.2-1 (bug #987272)
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
+ NOTE: Initially fixed in 1.4.6-1, but then reverted to 1.4.2 due to bullseye freeze
+CVE-2021-21372 (Nimble is a package manager for the Nim programming language. In Nim r ...)
+ - nim 1.4.6+really1.4.2-1 (bug #987272)
+ [buster] - nim <no-dsa> (Minor issue)
+ [stretch] - nim <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
+ NOTE: Initially fixed in 1.4.6-1, but then reverted to 1.4.2 due to bullseye freeze
+CVE-2021-21371 (Tenable for Jira Cloud is an open source project designed to pull Tena ...)
+ NOT-FOR-US: Tenable for Jira Cloud
+CVE-2021-21370 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21369 (Hyperledger Besu is an open-source, MainNet compatible, Ethereum clien ...)
+ NOT-FOR-US: Hyperledger Besu
+CVE-2021-21368 (msgpack5 is a msgpack v5 implementation for node.js and the browser. I ...)
+ NOT-FOR-US: Node msgpack5
+CVE-2021-21367 (Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and be ...)
+ NOT-FOR-US: Switchboard Bluetooth Plug for elementary OS
+CVE-2021-21366 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
+ - node-xmldom 0.5.0-1
+ [buster] - node-xmldom <no-dsa> (Minor issue)
+ NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
+ NOTE: https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
+CVE-2021-21365 (Bootstrap Package is a theme for TYPO3. It has been discovered that re ...)
+ NOT-FOR-US: Typo3 theme
+CVE-2021-21364 (swagger-codegen is an open-source project which contains a template-dr ...)
+ - swagger-codegen <itp> (bug #950318)
+CVE-2021-21363 (swagger-codegen is an open-source project which contains a template-dr ...)
+ - swagger-codegen <itp> (bug #950318)
+CVE-2021-21362 (MinIO is an open-source high performance object storage service and it ...)
+ NOT-FOR-US: MinIO
+CVE-2021-21361 (The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an inf ...)
+ NOT-FOR-US: gradle-vagrant-plugin
+CVE-2021-21360 (Products.GenericSetup is a mini-framework for expressing the configure ...)
+ NOT-FOR-US: Products.GenericSetup
+CVE-2021-21359 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21358 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21357 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21356
+ RESERVED
+CVE-2021-21355 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21354 (Pollbot is open source software which "frees its human masters from th ...)
+ NOT-FOR-US: Pollbot
+CVE-2021-21353 (Pug is an npm package which is a high-performance template engine. In ...)
+ NOT-FOR-US: Node pug
+CVE-2021-21352 (Anuko Time Tracker is an open source, web-based time tracking applicat ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2021-21351 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hrcp-8f3q-4w2c
+CVE-2021-21350 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-43gc-mjxg-gvrq
+CVE-2021-21349 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-f6hm-88x3-mfjv
+CVE-2021-21348 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-56p8-3fh9-4cvq
+CVE-2021-21347 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qpfq-ph7r-qv6f
+CVE-2021-21346 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-4hrm-m67v-5cxr
+CVE-2021-21345 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hwpc-8xqv-jvj4
+CVE-2021-21344 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-59jw-jqf4-3wq3
+CVE-2021-21343 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-74cv-f58x-f9wf
+CVE-2021-21342 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hvv8-336g-rx3m
+CVE-2021-21341 (XStream is a Java library to serialize objects to XML and back again. ...)
+ {DLA-2616-1}
+ - libxstream-java 1.4.15-2 (bug #985843)
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2p3x-qw9c-25hh
+CVE-2021-21340 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21339 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21338 (TYPO3 is an open source PHP based web content management system. In TY ...)
+ NOT-FOR-US: TYPO3
+CVE-2021-21337 (Products.PluggableAuthService is a pluggable Zope authentication and a ...)
+ NOT-FOR-US: Products.PluggableAuthService
+CVE-2021-21336 (Products.PluggableAuthService is a pluggable Zope authentication and a ...)
+ NOT-FOR-US: Products.PluggableAuthService
+CVE-2021-21335 (In the SPNEGO HTTP Authentication Module for nginx (spnego-http-auth-n ...)
+ NOT-FOR-US: Nginx addon for SPNEGO auth
+CVE-2021-21334 (In containerd (an industry-standard container runtime) before versions ...)
+ - containerd 1.4.4~ds1-1
+ NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
+CVE-2021-21333 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.27.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-c5f8-35qr-q4fm
+CVE-2021-21332 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.27.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-246w-56m2-5899
+CVE-2021-21331 (The Java client for the Datadog API before version 1.0.0-beta.9 has a ...)
+ NOT-FOR-US: Java client for Datadog API
+CVE-2021-21330 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ {DSA-4864-1}
+ - python-aiohttp 3.7.4-1
+ [stretch] - python-aiohttp <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/aio-libs/aiohttp/issues/5497
+ NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg
+ NOTE: https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst#374-2021-02-25
+ NOTE: https://github.com/aio-libs/aiohttp/commit/2545222a3853e31ace15d87ae0e2effb7da0c96b
+CVE-2021-21329 (RATCF is an open-source framework for hosting Cyber-Security Capture t ...)
+ NOT-FOR-US: RATCF
+CVE-2021-21328 (Vapor is a web framework for Swift. In Vapor before version 4.40.1, th ...)
+ NOT-FOR-US: Vapor
+CVE-2021-21327 (GLPI is an open-source asset and IT management software package that p ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qmw7-w2m4-rjwp
+CVE-2021-21326 (GLPI is an open-source asset and IT management software package that p ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-vmj9-cg56-p7wh
+CVE-2021-21325 (GLPI is an open-source asset and IT management software package that p ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-m574-f3jw-pwrf
+CVE-2021-21324 (GLPI is an open-source asset and IT management software package that p ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-jvwm-gq36-3v7v
+CVE-2021-21323 (Brave is an open source web browser with a focus on privacy and securi ...)
+ - brave-browser <itp> (bug #864795)
+CVE-2021-21322 (fastify-http-proxy is an npm package which is a fastify plugin for pro ...)
+ NOT-FOR-US: fastify-http-proxy
+CVE-2021-21321 (fastify-reply-from is an npm package which is a fastify plugin to forw ...)
+ NOT-FOR-US: Node fastify-reply-from
+CVE-2021-21320 (matrix-react-sdk is an npm package which is a Matrix SDK for React Jav ...)
+ NOT-FOR-US: Node matrix-react-sdk
+CVE-2021-21319 (Galette is a membership management web application geared towards non ...)
+ - galette <removed>
+CVE-2021-21318 (Opencast is a free, open-source platform to support the management of ...)
+ NOT-FOR-US: Opencast
+CVE-2021-21317 (uap-core in an open-source npm package which contains the core of Brow ...)
+ NOT-FOR-US: Node uap-core
+CVE-2021-21316 (less-openui5 is an npm package which enables building OpenUI5 themes w ...)
+ NOT-FOR-US: less-openui5 npm package
+CVE-2021-21315 (The System Information Library for Node.JS (npm package "systeminforma ...)
+ NOT-FOR-US: Node systeminformation
+CVE-2021-21314 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2w7j-xgj7-3xgg
+CVE-2021-21313 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-h4hj-mrpg-xfgx
+CVE-2021-21312 (GLPI is open source software which stands for Gestionnaire Libre de Pa ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-c7f6-3mr7-3rq2
+CVE-2021-21311 (Adminer is an open-source database management in a single PHP file. In ...)
+ {DLA-2580-1}
+ - adminer 4.7.9-1
+ [buster] - adminer <no-dsa> (Minor issue)
+ NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6
+ NOTE: https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 (v4.7.9)
+CVE-2021-21310 (NextAuth.js (next-auth) is am open source authentication solution for ...)
+ NOT-FOR-US: NextAuth.js
+CVE-2021-21309 (Redis is an open-source, in-memory database that persists on disk. In ...)
+ {DLA-2576-1}
+ - redis 5:6.0.11-1 (bug #983446)
+ [buster] - redis 5:5.0.3-4+deb10u3
+ NOTE: https://github.com/redis/redis/pull/8522
+ NOTE: https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf
+CVE-2021-21308 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-21307 (Lucee Server is a dynamic, Java based (JSR-223), tag and scripting lan ...)
+ NOT-FOR-US: Lucee Server
+CVE-2021-21306 (Marked is an open-source markdown parser and compiler (npm package "ma ...)
+ - node-marked <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96
+ NOTE: https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
+CVE-2021-21305 (CarrierWave is an open-source RubyGem which provides a simple and flex ...)
+ - ruby-carrierwave <unfixed> (bug #982551)
+ [buster] - ruby-carrierwave <no-dsa> (Minor issue)
+ [stretch] - ruby-carrierwave <ignored> (No reverse dependencies)
+ NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4
+ NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7
+CVE-2021-21304 (Dynamoose is an open-source modeling tool for Amazon's DynamoDB. In Dy ...)
+ NOT-FOR-US: Dynamoose
+CVE-2021-21303 (Helm is open-source software which is essentially "The Kubernetes Pack ...)
+ - helm-kubernetes <itp> (bug #910799)
+CVE-2021-21302 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...)
+ NOT-FOR-US: PrestaShop
+CVE-2021-21301 (Wire is an open-source collaboration platform. In Wire for iOS (iPhone ...)
+ NOT-FOR-US: Wire
+CVE-2021-21300 (Git is an open-source distributed revision control system. In affected ...)
+ - git 1:2.30.2-1 (bug #985120)
+ [buster] - git <no-dsa> (Minor issue)
+ [stretch] - git <no-dsa> (Minor issue)
+ NOTE: https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/
+ NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?h=v2.30.2&id=684dd4c2b414bcf648505e74498a608f28de4592
+CVE-2021-21298 (Node-Red is a low-code programming for event-driven applications built ...)
+ NOT-FOR-US: Node-Red
+CVE-2021-21297 (Node-Red is a low-code programming for event-driven applications built ...)
+ NOT-FOR-US: Node-Red
+CVE-2021-21296 (Fleet is an open source osquery manager. In Fleet before version 3.7.0 ...)
+ NOT-FOR-US: Fleet
+CVE-2021-21295 (Netty is an open-source, asynchronous event-driven network application ...)
+ {DSA-4885-1}
+ - netty 1:4.1.48-3 (bug #984948)
+ [stretch] - netty <ignored> (Minor issue, fix requires major changes of HTTP2 module)
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
+ NOTE: https://github.com/netty/netty/commit/89c241e3b1795ff257af4ad6eadc616cb2fb3dc4
+CVE-2021-21294 (Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface f ...)
+ NOT-FOR-US: Http4s
+CVE-2021-21293 (blaze is a Scala library for building asynchronous pipelines, with a f ...)
+ NOT-FOR-US: blaez
+CVE-2021-21292 (Traccar is an open source GPS tracking system. In Traccar before versi ...)
+ NOT-FOR-US: Traccar
+CVE-2021-21291 (OAuth2 Proxy is an open-source reverse proxy and static file server th ...)
+ - oauth2-proxy <itp> (bug #982891)
+CVE-2021-21290 (Netty is an open-source, asynchronous event-driven network application ...)
+ {DSA-4885-1 DLA-2555-1}
+ - netty 1:4.1.48-2 (bug #982580)
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
+ NOTE: https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec
+CVE-2021-21289 (Mechanize is an open-source ruby library that makes automated web inte ...)
+ {DLA-2561-1}
+ - ruby-mechanize 2.7.7-1
+ [buster] - ruby-mechanize 2.7.6-1+deb10u1
+ NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-qrqm-fpv6-6r8g
+ NOTE: https://github.com/sparklemotion/mechanize/commit/aae0b13514a1a0caf93b1cf233733c50e679069a (v2.7.7)
+ NOTE: https://github.com/sparklemotion/mechanize/commit/2ac906b26f4a565a0af92df5fb9c8a36c2b75375 (v2.7.7)
+ NOTE: https://github.com/sparklemotion/mechanize/commit/f43a3952ab39341136656b0a8b2c8597ba1b4adc (v2.7.7)
+ NOTE: https://github.com/sparklemotion/mechanize/commit/b48b12f5db33c5a94a14dfcab8adf3e73cfa0388 (v2.7.7)
+ NOTE: https://github.com/sparklemotion/mechanize/commit/63f8779e49664d5e95fae8d42d04c8e373162b3c (v2.7.7)
+ NOTE: Test warnings fixup: https://github.com/sparklemotion/mechanize/commit/5b30aed33cbac9825e8978f8e36dd221cbd4c093 (v2.7.7)
+CVE-2021-21288 (CarrierWave is an open-source RubyGem which provides a simple and flex ...)
+ - ruby-carrierwave 1.3.2-1 (bug #982552)
+ [buster] - ruby-carrierwave <no-dsa> (Minor issue)
+ [stretch] - ruby-carrierwave <ignored> (No reverse dependencies)
+ NOTE: https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5
+ NOTE: https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0
+CVE-2021-21287 (MinIO is a High Performance Object Storage released under Apache Licen ...)
+ - minio <itp> (bug #859207)
+CVE-2021-21286 (AVideo Platform is an open-source Audio and Video platform. It is simi ...)
+ NOT-FOR-US: AVideo Platform
+CVE-2021-21285 (In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in ...)
+ {DSA-4865-1}
+ - docker.io 20.10.3+dfsg1-1
+ NOTE: https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
+ NOTE: https://github.com/moby/moby/commit/420b1d36250f9cfdc561f086f25a213ecb669b6f (v19.03)
+CVE-2021-21284 (In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in ...)
+ {DSA-4865-1}
+ - docker.io 20.10.3+dfsg1-1
+ NOTE: https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
+ NOTE: https://github.com/moby/moby/commit/1342c51d5e809d2994e6f7e490c8d2b3b12c28ae (v19.03)
+ NOTE: https://github.com/moby/moby/commit/5eff67a2c294b7e72607e0949ebc0de21710e4d3 (v19.03)
+ NOTE: https://github.com/moby/moby/commit/67de83e70bca92ae6a08e28a03b3fc8fcca9f3f1 (v19.03)
+CVE-2021-21283 (Flarum is an open source discussion platform for websites. The "Flarum ...)
+ NOT-FOR-US: Flarum
+CVE-2021-21282 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2021-21281 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2021-21280 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2021-21279 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2021-21278 (RSSHub is an open source, easy to use, and extensible RSS feed generat ...)
+ NOT-FOR-US: RSSHub
+CVE-2021-21277 (angular-expressions is "angular's nicest part extracted as a standalon ...)
+ NOT-FOR-US: angular-expressions
+CVE-2021-21276 (Polr is an open source URL shortener. in Polr before version 2.3.0, a ...)
+ NOT-FOR-US: Polr
+CVE-2021-21275 (The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSR ...)
+ NOT-FOR-US: MediaWiki Report extention
+CVE-2021-21274 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.25.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-2hwx-mjrm-v3g8
+ NOTE: https://github.com/matrix-org/synapse/commit/ff5c4da1289cb5e097902b3e55b771be342c29d6
+CVE-2021-21273 (Synapse is a Matrix reference homeserver written in python (pypi packa ...)
+ - matrix-synapse 1.25.0-1
+ NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-v936-j8gp-9q3p
+ NOTE: https://github.com/matrix-org/synapse/commit/30fba6210834a4ecd91badf0c8f3eb278b72e746
+CVE-2021-21272 (ORAS is open source software which enables a way to push OCI Artifacts ...)
+ NOT-FOR-US: ORAS
+CVE-2021-21271 (Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middl ...)
+ NOT-FOR-US: Tendermint
+CVE-2021-21270 (OctopusDSC is a PowerShell module with DSC resources that can be used ...)
+ NOT-FOR-US: OctopusDSC
+CVE-2021-21269 (Keymaker is a Mastodon Community Finder based Matrix Community serverl ...)
+ NOT-FOR-US: Keymaker
+CVE-2021-21268
+ RESERVED
+CVE-2021-21267 (Schema-Inspector is an open-source tool to sanitize and validate JS ob ...)
+ NOT-FOR-US: Node schema-inspector
+CVE-2021-21266 (openHAB is a vendor and technology agnostic open source automation sof ...)
+ NOT-FOR-US: openHAB
+CVE-2021-21265 (October is a free, open-source, self-hosted CMS platform based on the ...)
+ NOT-FOR-US: October CMS
+CVE-2021-21264 (October is a free, open-source, self-hosted CMS platform based on the ...)
+ NOT-FOR-US: October CMS
+CVE-2021-21262
+ RESERVED
+CVE-2021-21260 (Online Invoicing System (OIS) is open source software which is a lean ...)
+ NOT-FOR-US: Online Invoicing System (OIS)
+CVE-2021-21259 (HedgeDoc is open source software which lets you create real-time colla ...)
+ NOT-FOR-US: HedgeDoc
+CVE-2021-21258 (GLPI is an open-source asset and IT management software package that p ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-j4xj-4qmc-mmmx
+ NOTE: https://github.com/glpi-project/glpi/commit/e7802fc051696de1f76108ea8dc3bd4e2c880f15
+CVE-2021-21257 (Contiki-NG is an open-source, cross-platform operating system for inte ...)
+ NOT-FOR-US: Contiki-NG
+CVE-2021-21256
+ RESERVED
+CVE-2021-21255 (GLPI is an open-source asset and IT management software package that p ...)
+ - glpi <removed>
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-v3m5-r3mx-ff9j
+ NOTE: https://github.com/glpi-project/glpi/commit/aade65b7f67d46f23d276a8acb0df70651c3b1dc
+CVE-2021-21254 (CKEditor 5 is an open source rich text editor framework with a modular ...)
+ NOT-FOR-US: CKEditor 5 Markdown plugin
+CVE-2021-21253 (OnlineVotingSystem is an open source project hosted on GitHub. OnlineV ...)
+ NOT-FOR-US: OnlineVotingSystem
+CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for your exis ...)
+ - civicrm <unfixed> (bug #980892)
+ [bullseye] - civicrm <no-dsa> (Minor issue)
+ - otrs2 6.0.32-4 (bug #980891)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
+ - phpmyadmin 4:5.0.4+dfsg2-2
+ [stretch] - phpmyadmin <no-dsa> (Minor issue; barely an issue in the phpmyadmin package)
+ NOTE: https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
+ NOTE: not packaged, but civicrm, otrs2, and phpmyadmin embed a copy
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/401eedd288c4e83d69287b97a9f574f231156171
+CVE-2021-21251 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21250 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21249 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21248 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21247 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21246 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21245 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21244 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21243 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21242 (OneDev is an all-in-one devops platform. In OneDev before version 4.0. ...)
+ NOT-FOR-US: OneDev
+CVE-2021-21241 (The Python "Flask-Security-Too" package is used for adding security fe ...)
+ - flask-security 4.0.0-1 (bug #980189)
+ [buster] - flask-security <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/Flask-Middleware/flask-security/security/advisories/GHSA-hh7m-rx4f-4vpv
+ NOTE: https://github.com/Flask-Middleware/flask-security/issues/421
+ NOTE: https://github.com/Flask-Middleware/flask-security/pull/422
+ NOTE: https://github.com/Flask-Middleware/flask-security/commit/c05afe837e83f20f59c0fb409ce1240341d1ec41 (master)
+ NOTE: https://github.com/Flask-Middleware/flask-security/commit/61d313150b5f620d0b800896c4f2199005e84b1f (3.4.5)
+CVE-2021-21240 (httplib2 is a comprehensive HTTP client library for Python. In httplib ...)
+ - python-httplib2 0.20.2-1 (bug #982738)
+ [bullseye] - python-httplib2 <no-dsa> (Minor issue)
+ [buster] - python-httplib2 <no-dsa> (Minor issue)
+ [stretch] - python-httplib2 <no-dsa> (Minor issue)
+ NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m
+ NOTE: https://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc (v0.19.0)
+ NOTE: https://github.com/httplib2/httplib2/pull/182
+CVE-2021-21239 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...)
+ {DLA-2577-1}
+ - python-pysaml2 6.5.1-1 (bug #980772)
+ NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62
+ NOTE: https://github.com/IdentityPython/pysaml2/commit/751dbf50a51131b13d55989395f9b115045f9737
+CVE-2021-21238 (PySAML2 is a pure python implementation of SAML Version 2 Standard. Py ...)
+ - python-pysaml2 6.5.1-1 (bug #980773)
+ [stretch] - python-pysaml2 <ignored> (python3-xmlschema not available in stretch for fix)
+ NOTE: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9
+ NOTE: https://github.com/IdentityPython/pysaml2/commit/3b707723dcf1bf60677b424aac398c0c3557641d
+CVE-2021-21237 (Git LFS is a command line extension for managing large files with Git. ...)
+ - git-lfs <not-affected> (Windows-specific)
+ NOTE: https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5
+CVE-2021-21236 (CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter base ...)
+ - cairosvg 2.5.0-1.1 (bug #979597)
+ [buster] - cairosvg <not-affected> (Vulnerable code introduced in 2.0.0rc6)
+ [stretch] - cairosvg <not-affected> (Vulnerable code introduced in 2.0.0rc6)
+ NOTE: https://github.com/Kozea/CairoSVG/security/advisories/GHSA-hq37-853p-g5cf
+ NOTE: Introduced by: https://github.com/Kozea/CairoSVG/commit/4f14d2e8f2d7f9b534c5342e26519b7c27386a81
+ NOTE: Fixed by: https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc (2.5.1)
+CVE-2021-21235 (kamadak-exif is an exif parsing library written in pure Rust. In kamad ...)
+ - rust-kamadak-exif <unfixed> (bug #985309)
+ NOTE: https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2
+CVE-2021-21234 (spring-boot-actuator-logview in a library that adds a simple logfile v ...)
+ NOT-FOR-US: Spring actuator logview
+CVE-2021-21233 (Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90. ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21232 (Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 all ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21231 (Insufficient data validation in V8 in Google Chrome prior to 90.0.4430 ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21230 (Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21229 (Incorrect security UI in downloads in Google Chrome on Android prior t ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21228 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21227 (Insufficient data validation in V8 in Google Chrome prior to 90.0.4430 ...)
+ {DSA-4911-1}
+ - chromium 90.0.4430.93-1 (bug #987715)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21226 (Use after free in navigation in Google Chrome prior to 90.0.4430.85 al ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.85-1 (bug #987358)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21225 (Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430. ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.85-1 (bug #987358)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21224 (Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.85-1 (bug #987358)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21223 (Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowe ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.85-1 (bug #987358)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21222 (Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allo ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.85-1 (bug #987358)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21221 (Insufficient validation of untrusted input in Mojo in Google Chrome pr ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21220 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...)
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21219 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21218 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21217 (Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 al ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21216 (Inappropriate implementation in Autofill in Google Chrome prior to 90. ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21215 (Inappropriate implementation in Autofill in Google Chrome prior to 90. ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21214 (Use after free in Network API in Google Chrome prior to 90.0.4430.72 a ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21213 (Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allow ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21212 (Incorrect security UI in Network Config UI in Google Chrome on ChromeO ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21211 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21210 (Inappropriate implementation in Network in Google Chrome prior to 90.0 ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21209 (Inappropriate implementation in storage in Google Chrome prior to 90.0 ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21208 (Insufficient data validation in QR scanner in Google Chrome on iOS pri ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21207 (Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 all ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21206 (Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowe ...)
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21205 (Insufficient policy enforcement in navigation in Google Chrome on iOS ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21204 (Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21203 (Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21202 (Use after free in extensions in Google Chrome prior to 90.0.4430.72 al ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21201 (Use after free in permissions in Google Chrome prior to 90.0.4430.72 a ...)
+ {DSA-4906-1}
+ - chromium 90.0.4430.72-1 (bug #987053)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21200
+ RESERVED
+CVE-2021-21199 (Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.11 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.114-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21198 (Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allo ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.114-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21197 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.1 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.114-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21196 (Heap buffer overflow in TabStrip in Google Chrome on Windows prior to ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.114-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21195 (Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.114-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21194 (Use after free in screen sharing in Google Chrome prior to 89.0.4389.1 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.114-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21193 (Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.90-1 (bug #985142)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21192 (Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.90-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21191 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowe ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.90-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21190 (Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 al ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21189 (Insufficient policy enforcement in payments in Google Chrome prior to ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21188 (Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21187 (Insufficient data validation in URL formatting in Google Chrome prior ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21186 (Insufficient policy enforcement in QR scanning in Google Chrome on iOS ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21185 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21184 (Inappropriate implementation in performance APIs in Google Chrome prio ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21183 (Inappropriate implementation in performance APIs in Google Chrome prio ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21182 (Insufficient policy enforcement in navigations in Google Chrome prior ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21181 (Side-channel information leakage in autofill in Google Chrome prior to ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21180 (Use after free in tab search in Google Chrome prior to 89.0.4389.72 al ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21179 (Use after free in Network Internals in Google Chrome on Linux prior to ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21178 (Inappropriate implementation in Compositing in Google Chrome on Linux ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21177 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21176 (Inappropriate implementation in full screen mode in Google Chrome prio ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21175 (Inappropriate implementation in Site isolation in Google Chrome prior ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21174 (Inappropriate implementation in Referrer in Google Chrome prior to 89. ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21173 (Side-channel information leakage in Network Internals in Google Chrome ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21172 (Insufficient policy enforcement in File System API in Google Chrome on ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21171 (Incorrect security UI in TabStrip and Navigation in Google Chrome on A ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21170 (Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21169 (Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389. ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21168 (Insufficient policy enforcement in appcache in Google Chrome prior to ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21167 (Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 all ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21166 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21165 (Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a re ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21164 (Insufficient data validation in Chrome on iOS in Google Chrome on iOS ...)
+ - chromium <not-affected> (MacOS specific)
+CVE-2021-21163 (Insufficient data validation in Reader Mode in Google Chrome on iOS pr ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21162 (Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowe ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21161 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21160 (Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.7 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21159 (Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.7 ...)
+ {DSA-4886-1}
+ - chromium 89.0.4389.82-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21158
+ RESERVED
+ - chromium <not-affected> (MacOS specific)
+CVE-2021-21157 (Use after free in Web Sockets in Google Chrome on Linux prior to 88.0. ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21156 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 all ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21155 (Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21154 (Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324. ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21153 (Stack buffer overflow in GPU Process in Google Chrome on Linux prior t ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21152 (Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0. ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21151 (Use after free in Payments in Google Chrome prior to 88.0.4324.182 all ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21150 (Use after free in Downloads in Google Chrome on Windows prior to 88.0. ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21149 (Stack buffer overflow in Data Transfer in Google Chrome on Linux prior ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.182-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21148 (Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 all ...)
+ {DSA-4858-1}
+ - chromium 88.0.4324.150-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21147 (Inappropriate implementation in Skia in Google Chrome prior to 88.0.43 ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.146-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21146 (Use after free in Navigation in Google Chrome prior to 88.0.4324.146 a ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.146-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21145 (Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowe ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.146-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21144 (Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324 ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.146-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21143 (Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324 ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.146-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21142 (Use after free in Payments in Google Chrome on Mac prior to 88.0.4324. ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.146-1
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21141 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21140 (Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowe ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21139 (Inappropriate implementation in iframe sandbox in Google Chrome prior ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21138 (Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allo ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21137 (Inappropriate implementation in DevTools in Google Chrome prior to 88. ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21136 (Insufficient policy enforcement in WebView in Google Chrome on Android ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21135 (Inappropriate implementation in Performance API in Google Chrome prior ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21134 (Incorrect security UI in Page Info in Google Chrome on iOS prior to 88 ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21133 (Insufficient policy enforcement in Downloads in Google Chrome prior to ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21132 (Inappropriate implementation in DevTools in Google Chrome prior to 88. ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21131 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21130 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21129 (Insufficient policy enforcement in File System API in Google Chrome pr ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21128 (Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 a ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21127 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21126 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21125 (Insufficient policy enforcement in File System API in Google Chrome on ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21124 (Potential user after free in Speech Recognizer in Google Chrome on And ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21123 (Insufficient data validation in File System API in Google Chrome prior ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21122 (Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21121 (Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324 ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21120 (Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowe ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21119 (Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21118 (Insufficient data validation in V8 in Google Chrome prior to 88.0.4324 ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21117 (Insufficient policy enforcement in Cryptohome in Google Chrome prior t ...)
+ {DSA-4846-1}
+ - chromium 88.0.4324.96-0.1 (bug #980564)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21116 (Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21115 (User after free in safe browsing in Google Chrome prior to 87.0.4280.1 ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21114 (Use after free in audio in Google Chrome prior to 87.0.4280.141 allowe ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21113 (Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 a ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21112 (Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowe ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21111 (Insufficient policy enforcement in WebUI in Google Chrome prior to 87. ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21110 (Use after free in safe browsing in Google Chrome prior to 87.0.4280.14 ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21109 (Use after free in payments in Google Chrome prior to 87.0.4280.141 all ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21108 (Use after free in media in Google Chrome prior to 87.0.4280.141 allowe ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21107 (Use after free in drag and drop in Google Chrome on Linux prior to 87. ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21106 (Use after free in autofill in Google Chrome prior to 87.0.4280.141 all ...)
+ {DSA-4832-1}
+ - chromium 87.0.4280.141-0.1 (bug #979533)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2021-21105 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21104 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21103 (Adobe Illustrator version 25.2 (and earlier) is affected by a memory c ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21102 (Adobe Illustrator version 25.2 (and earlier) is affected by a Path Tra ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21101 (Adobe Illustrator version 25.2 (and earlier) is affected by an Out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21100 (Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21099 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21098 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21097
+ RESERVED
+CVE-2021-21096 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21095 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21094 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21093 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21092 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21091 (Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) ar ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21090 (Adobe InCopy version 16.0 (and earlier) is affected by an path travers ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21089 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Acrobat
+CVE-2021-21088
+ RESERVED
+CVE-2021-21087 (Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 1 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21086 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21085 (Adobe Connect version 11.0.7 (and earlier) is affected by an Input Val ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21084 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21083 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21082 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21081
+ RESERVED
+CVE-2021-21080 (Adobe Connect version 11.0.7 (and earlier) is affected by a reflected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21079 (Adobe Connect version 11.0.7 (and earlier) is affected by a reflected ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21078 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21077 (Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21076 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21075 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21074 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21073 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21072 (Adobe Animate version 21.0.3 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21071 (Adobe Animate version 21.0.3 (and earlier) is affected by a Memory Cor ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21070 (Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncont ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21069 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21068 (Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21067 (Adobe Photoshop versions 21.2.5 (and earlier) and 22.2 (and earlier) a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21066 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21065 (Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bound ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21064 (Magento UPWARD-php version 1.1.4 (and earlier) is affected by a Path t ...)
+ NOT-FOR-US: Magento
+CVE-2021-21063 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21062 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21061 (Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.00 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21060 (Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.3 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21059 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21058 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21057 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21056 (Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21055 (Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) i ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21054 (Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21053 (Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21052 (Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bo ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21051 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21050 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21049 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21048 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21047 (Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21046 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21045 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21044 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21043 (ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21042 (Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.3001 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21041 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21040 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21039 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21038 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21037 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21036 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21035 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21034 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21033 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21032 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21031 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21030 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21029 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21028 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21027 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21026 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21025 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21024 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21023 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21022 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21021 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21020 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21019 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21018 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21017 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21016 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21015 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21014 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Magento
+CVE-2021-21013 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21012 (Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21011 (Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by a ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21010 (InCopy version 15.1.1 (and earlier) for Windows is affected by an unco ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21009 (Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and ear ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21008 (Adobe Animate version 21.0 (and earlier) is affected by an uncontrolle ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21007 (Adobe Illustrator version 25.0 (and earlier) is affected by an uncontr ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21006 (Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffe ...)
+ NOT-FOR-US: Adobe
+CVE-2021-21005 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...)
+ NOT-FOR-US: Phoenix Contact FL SWITCH SMCS series products
+CVE-2021-21004 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...)
+ NOT-FOR-US: Phoenix Contact FL SWITCH SMCS series products
+CVE-2021-21003 (In Phoenix Contact FL SWITCH SMCS series products in multiple versions ...)
+ NOT-FOR-US: Phoenix Contact FL SWITCH SMCS series products
+CVE-2021-21002 (In Phoenix Contact FL COMSERVER UNI in versions &lt; 2.40 a invalid Mo ...)
+ NOT-FOR-US: Phoenix Contact FL COMSERVER UNI
+CVE-2021-21001 (On WAGO PFC200 devices in different firmware versions with special cra ...)
+ NOT-FOR-US: WAGO
+CVE-2021-21000 (On WAGO PFC200 devices in different firmware versions with special cra ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20999 (In Weidm&#252;ller u-controls and IoT-Gateways in versions up to 1.12. ...)
+ NOT-FOR-US: Weidmueller u-controls and IoT Gateways
+CVE-2021-20998 (In multiple managed switches by WAGO in different versions without aut ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20997 (In multiple managed switches by WAGO in different versions it is possi ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20996 (In multiple managed switches by WAGO in different versions special cra ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20995 (In multiple managed switches by WAGO in different versions the webserv ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20994 (In multiple managed switches by WAGO in different versions an attacker ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20993 (In multiple managed switches by WAGO in different versions the activat ...)
+ NOT-FOR-US: WAGO
+CVE-2021-20992 (In Fibaro Home Center 2 and Lite devices in all versions provide a web ...)
+ NOT-FOR-US: Fibaro Home Center
+CVE-2021-20991 (In Fibaro Home Center 2 and Lite devices with firmware version 4.540 a ...)
+ NOT-FOR-US: Fibaro Home Center
+CVE-2021-20990 (In Fibaro Home Center 2 and Lite devices with firmware version 4.600 a ...)
+ NOT-FOR-US: Fibaro Home Center
+CVE-2021-20989 (Fibaro Home Center 2 and Lite devices with firmware version 4.600 and ...)
+ NOT-FOR-US: Fibaro Home Center
+CVE-2021-20988 (In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet ...)
+ NOT-FOR-US: Hilscher rcX RTOS
+CVE-2021-20987 (A denial of service and memory corruption vulnerability was found in H ...)
+ NOT-FOR-US: Hilscher EtherNet/IP Core
+CVE-2021-20986 (A Denial of Service vulnerability was found in Hilscher PROFINET IO De ...)
+ NOT-FOR-US: Hilscher
+CVE-2021-20985
+ RESERVED
+CVE-2021-20984
+ RESERVED
+CVE-2021-20983
+ RESERVED
+CVE-2021-20982
+ RESERVED
+CVE-2021-20981
+ RESERVED
+CVE-2021-20980
+ RESERVED
+CVE-2021-20979
+ RESERVED
+CVE-2021-20978
+ RESERVED
+CVE-2021-20977
+ RESERVED
+CVE-2021-20976
+ RESERVED
+CVE-2021-20975
+ RESERVED
+CVE-2021-20974
+ RESERVED
+CVE-2021-20973
+ RESERVED
+CVE-2021-20972
+ RESERVED
+CVE-2021-20971
+ RESERVED
+CVE-2021-20970
+ RESERVED
+CVE-2021-20969
+ RESERVED
+CVE-2021-20968
+ RESERVED
+CVE-2021-20967
+ RESERVED
+CVE-2021-20966
+ RESERVED
+CVE-2021-20965
+ RESERVED
+CVE-2021-20964
+ RESERVED
+CVE-2021-20963
+ RESERVED
+CVE-2021-20962
+ RESERVED
+CVE-2021-20961
+ RESERVED
+CVE-2021-20960
+ RESERVED
+CVE-2021-20959
+ RESERVED
+CVE-2021-20958
+ RESERVED
+CVE-2021-20957
+ RESERVED
+CVE-2021-20956
+ RESERVED
+CVE-2021-20955
+ RESERVED
+CVE-2021-20954
+ RESERVED
+CVE-2021-20953
+ RESERVED
+CVE-2021-20952
+ RESERVED
+CVE-2021-20951
+ RESERVED
+CVE-2021-20950
+ RESERVED
+CVE-2021-20949
+ RESERVED
+CVE-2021-20948
+ RESERVED
+CVE-2021-20947
+ RESERVED
+CVE-2021-20946
+ RESERVED
+CVE-2021-20945
+ RESERVED
+CVE-2021-20944
+ RESERVED
+CVE-2021-20943
+ RESERVED
+CVE-2021-20942
+ RESERVED
+CVE-2021-20941
+ RESERVED
+CVE-2021-20940
+ RESERVED
+CVE-2021-20939
+ RESERVED
+CVE-2021-20938
+ RESERVED
+CVE-2021-20937
+ RESERVED
+CVE-2021-20936
+ RESERVED
+CVE-2021-20935
+ RESERVED
+CVE-2021-20934
+ RESERVED
+CVE-2021-20933
+ RESERVED
+CVE-2021-20932
+ RESERVED
+CVE-2021-20931
+ RESERVED
+CVE-2021-20930
+ RESERVED
+CVE-2021-20929
+ RESERVED
+CVE-2021-20928
+ RESERVED
+CVE-2021-20927
+ RESERVED
+CVE-2021-20926
+ RESERVED
+CVE-2021-20925
+ RESERVED
+CVE-2021-20924
+ RESERVED
+CVE-2021-20923
+ RESERVED
+CVE-2021-20922
+ RESERVED
+CVE-2021-20921
+ RESERVED
+CVE-2021-20920
+ RESERVED
+CVE-2021-20919
+ RESERVED
+CVE-2021-20918
+ RESERVED
+CVE-2021-20917
+ RESERVED
+CVE-2021-20916
+ RESERVED
+CVE-2021-20915
+ RESERVED
+CVE-2021-20914
+ RESERVED
+CVE-2021-20913
+ RESERVED
+CVE-2021-20912
+ RESERVED
+CVE-2021-20911
+ RESERVED
+CVE-2021-20910
+ RESERVED
+CVE-2021-20909
+ RESERVED
+CVE-2021-20908
+ RESERVED
+CVE-2021-20907
+ RESERVED
+CVE-2021-20906
+ RESERVED
+CVE-2021-20905
+ RESERVED
+CVE-2021-20904
+ RESERVED
+CVE-2021-20903
+ RESERVED
+CVE-2021-20902
+ RESERVED
+CVE-2021-20901
+ RESERVED
+CVE-2021-20900
+ RESERVED
+CVE-2021-20899
+ RESERVED
+CVE-2021-20898
+ RESERVED
+CVE-2021-20897
+ RESERVED
+CVE-2021-20896
+ RESERVED
+CVE-2021-20895
+ RESERVED
+CVE-2021-20894
+ RESERVED
+CVE-2021-20893
+ RESERVED
+CVE-2021-20892
+ RESERVED
+CVE-2021-20891
+ RESERVED
+CVE-2021-20890
+ RESERVED
+CVE-2021-20889
+ RESERVED
+CVE-2021-20888
+ RESERVED
+CVE-2021-20887
+ RESERVED
+CVE-2021-20886
+ RESERVED
+CVE-2021-20885
+ RESERVED
+CVE-2021-20884
+ RESERVED
+CVE-2021-20883
+ RESERVED
+CVE-2021-20882
+ RESERVED
+CVE-2021-20881
+ RESERVED
+CVE-2021-20880
+ RESERVED
+CVE-2021-20879
+ RESERVED
+CVE-2021-20878
+ RESERVED
+CVE-2021-20877 (Cross-site scripting vulnerability in Canon laser printers and small o ...)
+ NOT-FOR-US: Canon printer firmware
+CVE-2021-20876 (Path traversal vulnerability in GroupSession Free edition ver5.1.1 and ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20875 (Open redirect vulnerability in GroupSession Free edition ver5.1.1 and ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20874 (Incorrect permission assignment for critical resource vulnerability in ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20873 (Yappli is an application development platform which provides the funct ...)
+ NOT-FOR-US: Yappli
+CVE-2021-20872 (Protection mechanism failure vulnerability in KONICA MINOLTA bizhub se ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20871 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20870 (Improper handling of exceptional conditions vulnerability in KONICA MI ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20869 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20868 (Incorrect authorization vulnerability in KONICA MINOLTA bizhub series ...)
+ NOT-FOR-US: KONICA MINOLTA
+CVE-2021-20867 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20866 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20865 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20864 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2 ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20863 (OS command injection vulnerability in ELECOM routers (WRC-1167GST2 fir ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20862 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2 ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20861 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20860 (Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20859 (ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20858 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20857 (Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20856 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20855 (Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK f ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20854 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20853 (ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733G ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20852 (Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmwa ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20851 (Cross-site request forgery (CSRF) vulnerability in Browser and Operati ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20850 (PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and ea ...)
+ NOT-FOR-US: PowerCMS
+CVE-2021-20849
+ RESERVED
+CVE-2021-20848 (Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 a ...)
+ NOT-FOR-US: rwtxt
+CVE-2021-20847 (Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G ...)
+ NOT-FOR-US: Wi-Fi STATION SH-52A
+CVE-2021-20846 (Cross-site request forgery (CSRF) vulnerability in Push Notifications ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2021-20845 (Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap G ...)
+ NOT-FOR-US: Unlimited Sitemap Generator
+CVE-2021-20844 (Improper neutralization of HTTP request headers for scripting syntax v ...)
+ NOT-FOR-US: RTX830
+CVE-2021-20843 (Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev ...)
+ NOT-FOR-US: RTX830
+CVE-2021-20842 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2. ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2021-20841 (Improper access control in Management screen of EC-CUBE 2 series 2.11. ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2021-20840 (Cross-site scripting vulnerability in Booking Package - Appointment Bo ...)
+ NOT-FOR-US: Booking Package - Appointment Booking Calendar System
+CVE-2021-20839 (Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and e ...)
+ NOT-FOR-US: Office Server Document Converter
+CVE-2021-20838 (Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and e ...)
+ NOT-FOR-US: Office Server Document Converter
+CVE-2021-20837 (Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Typ ...)
+ - movabletype-opensource <removed>
+CVE-2021-20836 (Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0 ...)
+ NOT-FOR-US: CX-Supervisor
+CVE-2021-20835 (Improper authorization in handler for custom URL scheme vulnerability ...)
+ NOT-FOR-US: Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App'
+CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...)
+ NOT-FOR-US: Nike App
+CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not ...)
+ NOT-FOR-US: SNKRDUNK Market Place App
+CVE-2021-20832 (InBody App for iOS versions prior to 2.3.30 and InBody App for Android ...)
+ NOT-FOR-US: InBody App
+CVE-2021-20831 (Cross-site request forgery (CSRF) vulnerability in OG Tags versions pr ...)
+ NOT-FOR-US: OG Tags (WordPress plugin)
+CVE-2021-20830
+ RESERVED
+CVE-2021-20829 (Cross-site scripting vulnerability due to the inadequate tag sanitizat ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20828 (Cross-site scripting vulnerability in Order Status Batch Change Plug-i ...)
+ NOT-FOR-US: EC-CUBE plugin
+CVE-2021-20827 (Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Serie ...)
+ NOT-FOR-US: IDEC
+CVE-2021-20826 (Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A ...)
+ NOT-FOR-US: IDEC
+CVE-2021-20825 (Cross-site scripting vulnerability in List (order management) item cha ...)
+ NOT-FOR-US: EC-CUBE plugin
+CVE-2021-20824
+ RESERVED
+CVE-2021-20823
+ RESERVED
+CVE-2021-20822
+ RESERVED
+CVE-2021-20821
+ RESERVED
+CVE-2021-20820
+ RESERVED
+CVE-2021-20819
+ RESERVED
+CVE-2021-20818
+ RESERVED
+CVE-2021-20817
+ RESERVED
+CVE-2021-20816
+ RESERVED
+CVE-2021-20815 (Cross-site scripting vulnerability in Edit Boilerplate screen of Movab ...)
+ - movabletype-opensource <removed>
+CVE-2021-20814 (Cross-site scripting vulnerability in Setting screen of ContentType In ...)
+ - movabletype-opensource <removed>
+CVE-2021-20813 (Cross-site scripting vulnerability in Edit screen of Content Data of M ...)
+ - movabletype-opensource <removed>
+CVE-2021-20812 (Cross-site scripting vulnerability in Setting screen of Server Sync of ...)
+ - movabletype-opensource <removed>
+CVE-2021-20811 (Cross-site scripting vulnerability in List of Assets screen of Movable ...)
+ - movabletype-opensource <removed>
+CVE-2021-20810 (Cross-site scripting vulnerability in Website Management screen of Mov ...)
+ - movabletype-opensource <removed>
+CVE-2021-20809 (Cross-site scripting vulnerability in Create screens of Entry, Page, a ...)
+ - movabletype-opensource <removed>
+CVE-2021-20808 (Cross-site scripting vulnerability in Search screen of Movable Type (M ...)
+ - movabletype-opensource <removed>
+CVE-2021-20807 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20806 (Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 al ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20805 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20804 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20803 (Operation restriction bypass in the management screen of Cybozu Remote ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20802 (HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20801 (Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated att ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20800 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20799 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20798 (Cross-site scripting vulnerability in the management screen of Cybozu ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20797 (Cross-site script inclusion vulnerability in the management screen of ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20796 (Directory traversal vulnerability in the management screen of Cybozu R ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20795 (Cross-site request forgery (CSRF) vulnerability in the management scre ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20794
+ RESERVED
+CVE-2021-20793 (Untrusted search path vulnerability in the installer of Sony Audio USB ...)
+ NOT-FOR-US: installer of Sony Audio USB Driver and installer of HAP Music Transfer
+CVE-2021-20792 (Cross-site scripting vulnerability in Quiz And Survey Master versions ...)
+ NOT-FOR-US: Quiz And Survey Master
+CVE-2021-20791 (Improper access control vulnerability in RevoWorks Browser 2.1.230 and ...)
+ NOT-FOR-US: RevoWorks Browser
+CVE-2021-20790 (Improper control of program execution vulnerability in RevoWorks Brows ...)
+ NOT-FOR-US: RevoWorks Browser
+CVE-2021-20789 (Open redirect vulnerability in GroupSession (GroupSession Free edition ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20788 (Server-side request forgery (SSRF) vulnerability in GroupSession (Grou ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20787 (Cross-site scripting vulnerability in GroupSession (GroupSession Free ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20786 (Cross-site request forgery (CSRF) vulnerability in GroupSession (Group ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20785 (Cross-site scripting vulnerability in GroupSession (GroupSession Free ...)
+ NOT-FOR-US: GroupSession
+CVE-2021-20784 (HTTP header injection vulnerability in Everything all versions except ...)
+ NOT-FOR-US: Everything
+CVE-2021-20783 (Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-W ...)
+ NOT-FOR-US: Optical BB unit E-WMTA2.3
+CVE-2021-20782 (Cross-site request forgery (CSRF) vulnerability in Software License Ma ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-20781 (Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-20780 (Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Cu ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-20779 (Cross-site request forgery (CSRF) vulnerability in WordPress Email Tem ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-20778 (Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 seri ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2021-20777 (Improper authorization in handler for custom URL scheme vulnerability ...)
+ NOT-FOR-US: GU App for Android
+CVE-2021-20776 (Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR ...)
+ NOT-FOR-US: SCT-40CM01SR and AT-40CM01SR
+CVE-2021-20775 (Improper input validation vulnerability in Bulletin of Cybozu Garoon 4 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20774 (Cross-site scripting vulnerability in some functions of E-mail of Cybo ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20773 (There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20772 (Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20771 (Cross-site scripting vulnerability in some functions of Group Mail of ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20770 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 t ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20769 (Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20768 (Operational restrictions bypass vulnerability in Scheduler and MultiRe ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20767 (Cross-site scripting vulnerability in Full Text Search of Cybozu Garoo ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20766 (Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 t ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20765 (Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20764 (Improper input validation vulnerability in Attaching Files of Cybozu G ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20763 (Operational restrictions bypass vulnerability in Portal of Cybozu Garo ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20762 (Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20761 (Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20760 (Improper input validation vulnerability in User Profile of Cybozu Garo ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20759 (Operational restrictions bypass vulnerability in Bulletin of Cybozu Ga ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20758 (Cross-site request forgery (CSRF) vulnerability in Message of Cybozu G ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20757 (Operational restrictions bypass vulnerability in E-mail of Cybozu Garo ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20756 (Viewing restrictions bypass vulnerability in Address of Cybozu Garoon ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20755 (Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20754 (Improper input validation vulnerability in Workflow of Cybozu Garoon 4 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20753 (Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 ...)
+ NOT-FOR-US: Cybozu
+CVE-2021-20752 (Cross-site scripting vulnerability in IkaIka RSS Reader all versions a ...)
+ NOT-FOR-US: IkaIka RSS Reader
+CVE-2021-20751 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2021-20750 (Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18- ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2021-20749 (Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and ear ...)
+ NOT-FOR-US: Fudousan plugin
+CVE-2021-20748 (Retty App for Android versions prior to 4.8.13 and Retty App for iOS v ...)
+ NOT-FOR-US: Retty
+CVE-2021-20747 (Improper authorization in handler for custom URL scheme vulnerability ...)
+ NOT-FOR-US: Retty App
+CVE-2021-20746 (Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 an ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2021-20745 (Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitra ...)
+ NOT-FOR-US: Inkdrop
+CVE-2021-20744 (Cross-site scripting vulnerability in EC-CUBE Category contents plugin ...)
+ NOT-FOR-US: EC-CUBE Category contents plugin
+CVE-2021-20743 (Cross-site scripting vulnerability in EC-CUBE Email newsletters manage ...)
+ NOT-FOR-US: EC-CUBE Email newsletters management plugin
+CVE-2021-20742 (Cross-site scripting vulnerability in EC-CUBE Business form output plu ...)
+ NOT-FOR-US: EC-CUBE Business form output plugin
+CVE-2021-20741 (Cross-site scripting vulnerability in Hitachi Application Server Help ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-20740 (Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions ...)
+ NOT-FOR-US: Hitachi
+CVE-2021-20739 (WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, ...)
+ NOT-FOR-US: Elecom
+CVE-2021-20738 (WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unau ...)
+ NOT-FOR-US: Elecom
+CVE-2021-20737 (Improper authentication vulnerability in GROWI versions prior to v4.2. ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20736 (NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allow ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20735 (Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery ...)
+ NOT-FOR-US: ETUNA EC-CUBE plugins
+CVE-2021-20734 (Cross-site scripting vulnerability in Welcart e-Commerce versions prio ...)
+ NOT-FOR-US: Welcart e-Commerce
+CVE-2021-20733 (Improper authorization in handler for custom URL scheme vulnerability ...)
+ NOT-FOR-US: Some Android app
+CVE-2021-20732 (The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 an ...)
+ NOT-FOR-US: ATOM (ATOM - Smart life App)
+CVE-2021-20731 (WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver ...)
+ NOT-FOR-US: WSR-1166DHP3 firmware
+CVE-2021-20730 (Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.1 ...)
+ NOT-FOR-US: WSR-1166DHP3 firmware
+CVE-2021-20729
+ RESERVED
+CVE-2021-20728 (Improper access control vulnerability in goo blog App for Android ver. ...)
+ NOT-FOR-US: goo blog App
+CVE-2021-20727 (Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allo ...)
+ NOT-FOR-US: Zettlr
+CVE-2021-20726 (Untrusted search path vulnerability in The Installer of Overwolf 2.168 ...)
+ NOT-FOR-US: Overwolf
+CVE-2021-20725 (Reflected cross-site scripting vulnerability in the admin page of [Cal ...)
+ NOT-FOR-US: Calendar01
+CVE-2021-20724 (Reflected cross-site scripting vulnerability in the admin page of [Tel ...)
+ NOT-FOR-US: Telop01
+CVE-2021-20723 (Reflected cross-site scripting vulnerability in [MailForm01] free edit ...)
+ NOT-FOR-US: MailForm01
+CVE-2021-20722 (Untrusted search path vulnerability in the installers of ScanSnap Mana ...)
+ NOT-FOR-US: ScanSnap Manager
+CVE-2021-20721 (KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload a ...)
+ NOT-FOR-US: KonaWiki2
+CVE-2021-20720 (SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 a ...)
+ NOT-FOR-US: KonaWiki2
+CVE-2021-20719 (RFNTPS firmware versions System_01000004 and earlier, and Web_01000004 ...)
+ NOT-FOR-US: RFNTPS firmware
+CVE-2021-20718 (mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a de ...)
+ - libapache2-mod-auth-openidc 2.4.4.1-2 (bug #989055)
+ [buster] - libapache2-mod-auth-openidc <not-affected> (Vulnerable code introduced later)
+ [stretch] - libapache2-mod-auth-openidc <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/5ef1b0a74208fcb43a16795d0afc94c3d54cd120
+CVE-2021-20717 (Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a ...)
+ NOT-FOR-US: EC-CUBE
+CVE-2021-20716 (Hidden functionality in multiple Buffalo network devices (BHR-4RV firm ...)
+ NOT-FOR-US: Buffalo
+CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet App for An ...)
+ NOT-FOR-US: Hot Pepper Gourmet App
+CVE-2021-20714 (Directory traversal vulnerability in WP Fastest Cache versions prior t ...)
+ NOT-FOR-US: WP fastest cache
+CVE-2021-20713 (Privilege escalation vulnerability in QND Advance/Premium/Standard Ver ...)
+ NOT-FOR-US: QND Advance/Premium/Standard
+CVE-2021-20712 (Improper access control vulnerability in NEC Aterm WG2600HS firmware V ...)
+ NOT-FOR-US: Aterm firmware
+CVE-2021-20711 (Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to exe ...)
+ NOT-FOR-US: Aterm firmware
+CVE-2021-20710 (Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 ...)
+ NOT-FOR-US: Aterm firmware
+CVE-2021-20709 (Improper validation of integrity check value vulnerability in NEC Ater ...)
+ NOT-FOR-US: Aterm firmware
+CVE-2021-20708 (NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm ...)
+ NOT-FOR-US: Aterm firmware
+CVE-2021-20707 (Improper input validation vulnerability in the Transaction Server CLUS ...)
+ NOT-FOR-US: Nec
+CVE-2021-20706 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...)
+ NOT-FOR-US: Nec
+CVE-2021-20705 (Improper input validation vulnerability in the WebManager CLUSTERPRO X ...)
+ NOT-FOR-US: Nec
+CVE-2021-20704 (Buffer overflow vulnerability in the compatible API with previous vers ...)
+ NOT-FOR-US: Nec
+CVE-2021-20703 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4 ...)
+ NOT-FOR-US: Nec
+CVE-2021-20702 (Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4 ...)
+ NOT-FOR-US: Nec
+CVE-2021-20701 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for W ...)
+ NOT-FOR-US: Nec
+CVE-2021-20700 (Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for W ...)
+ NOT-FOR-US: Nec
+CVE-2021-20699 (Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
+ NOT-FOR-US: SHARP
+CVE-2021-20698 (Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and ...)
+ NOT-FOR-US: SHARP
+CVE-2021-20697 (Missing authentication for critical function in DAP-1880AC firmware ve ...)
+ NOT-FOR-US: DAP-1880AC firmware
+CVE-2021-20696 (DAP-1880AC firmware version 1.21 and earlier allows a remote authentic ...)
+ NOT-FOR-US: DAP-1880AC firmware
+CVE-2021-20695 (Improper following of a certificate's chain of trust vulnerability in ...)
+ NOT-FOR-US: DAP-1880AC firmware
+CVE-2021-20694 (Improper access control vulnerability in DAP-1880AC firmware version 1 ...)
+ NOT-FOR-US: DAP-1880AC firmware
+CVE-2021-20693 (Improper access control vulnerability in Gurunavi App for Android ver. ...)
+ NOT-FOR-US: Gurunavi App for Android and iOS
+CVE-2021-20692 (Directory traversal vulnerability in Archive collectively operation ut ...)
+ NOT-FOR-US: Enkisoft
+CVE-2021-20691 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...)
+ NOT-FOR-US: Yomi-Search
+CVE-2021-20690 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...)
+ NOT-FOR-US: Yomi-Search
+CVE-2021-20689 (Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remot ...)
+ NOT-FOR-US: Yomi-Search
+CVE-2021-20688 (Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remo ...)
+ NOT-FOR-US: Click Ranker
+CVE-2021-20687 (Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allow ...)
+ NOT-FOR-US: Kagemai
+CVE-2021-20686 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote atta ...)
+ NOT-FOR-US: Kagemai
+CVE-2021-20685 (Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote atta ...)
+ NOT-FOR-US: Kagemai
+CVE-2021-20684 (Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remot ...)
+ NOT-FOR-US: MagazinegerZ
+CVE-2021-20683 (Improper neutralization of JavaScript input in the blog article editin ...)
+ NOT-FOR-US: baserCMS
+CVE-2021-20682 (baserCMS versions prior to 4.4.5 allows a remote attacker with an admi ...)
+ NOT-FOR-US: baserCMS
+CVE-2021-20681 (Improper neutralization of JavaScript input in the page editing functi ...)
+ NOT-FOR-US: baserCMS
+CVE-2021-20680 (Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900H ...)
+ NOT-FOR-US: Aterm firmware
+CVE-2021-20679 (Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6 ...)
+ NOT-FOR-US: Fuji
+CVE-2021-20678 (SQL injection vulnerability in the Paid Memberships Pro versions prior ...)
+ NOT-FOR-US: Paid Memberships Pro
+CVE-2021-20677 (UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIV ...)
+ NOT-FOR-US: UNIVERGE
+CVE-2021-20676 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...)
+ NOT-FOR-US: M-System
+CVE-2021-20675 (M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B ( ...)
+ NOT-FOR-US: M-System
+CVE-2021-20674 (Untrusted search path vulnerability in Installer of MagicConnect Clien ...)
+ NOT-FOR-US: MagicConnect client
+CVE-2021-20673 (Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20672 (Reflected cross-site scripting vulnerability due to insufficient verif ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20671 (Invalid file validation on the upload feature in GROWI versions v4.2.2 ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20670 (Improper access control vulnerability in GROWI versions v4.2.2 and ear ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20669 (Path traversal vulnerability in GROWI versions v4.2.2 and earlier allo ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20668 (Path traversal vulnerability in GROWI versions v4.2.2 and earlier allo ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20667 (Stored cross-site scripting vulnerability due to inadequate CSP (Conte ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20666
+ RESERVED
+CVE-2021-20665 (Cross-site scripting vulnerability in in Add asset screen of Contents ...)
+ - movabletype-opensource <removed>
+CVE-2021-20664 (Cross-site scripting vulnerability in in Asset registration screen of ...)
+ - movabletype-opensource <removed>
+CVE-2021-20663 (Cross-site scripting vulnerability in in Role authority setting screen ...)
+ - movabletype-opensource <removed>
+CVE-2021-20662 (Missing authentication for critical function in SolarView Compact SV-C ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20661 (Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 pr ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20660 (Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 p ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20659 (SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticate ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20658 (SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20657 (Improper access control vulnerability in SolarView Compact SV-CPT-MC31 ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20656 (Exposure of information through directory listing in SolarView Compact ...)
+ NOT-FOR-US: SolarView Compact
+CVE-2021-20655 (FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attack ...)
+ NOT-FOR-US: FileZen
+CVE-2021-20654 (Wekan, open source kanban board system, between version 3.12 and 4.11, ...)
+ NOT-FOR-US: Wekan
+CVE-2021-20653 (Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, ...)
+ NOT-FOR-US: Calsos CSDJ
+CVE-2021-20652 (Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17 ...)
+ NOT-FOR-US: Name Directory
+CVE-2021-20651 (Directory traversal vulnerability in ELECOM File Manager all versions ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20650 (Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RM ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20649 (ELECOM WRC-300FEBK-S contains an improper certificate validation vulne ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20648 (ELECOM WRC-300FEBK-S allows an attacker with administrator rights to e ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20647 (Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK- ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20646 (Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK- ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20645 (Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remo ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20644 (ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the u ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20643 (Improper access control vulnerability in ELECOM LD-PS/U1 allows remote ...)
+ NOT-FOR-US: ELECOM
+CVE-2021-20642 (Improper check or handling of exceptional conditions in LOGITEC LAN-W3 ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20641 (Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/R ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20640 (Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an atta ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20639 (LOGITEC LAN-W300N/PGRB allows an attacker with administrative privileg ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20638 (LOGITEC LAN-W300N/PGRB allows an attacker with administrative privileg ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20637 (Improper check or handling of exceptional conditions in LOGITEC LAN-W3 ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20636 (Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/P ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20635 (Improper restriction of excessive authentication attempts in LOGITEC L ...)
+ NOT-FOR-US: LOGITEC
+CVE-2021-20634 (Improper access control vulnerability in Custom App of Cybozu Office 1 ...)
+ NOT-FOR-US: Custom App of Cybozu Office
+CVE-2021-20633 (Improper access control vulnerability in Cabinet of Cybozu Office 10.0 ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20632 (Improper access control vulnerability in Bulletin Board of Cybozu Offi ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20631 (Improper input validation vulnerability in Custom App of Cybozu Office ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20630 (Improper access control vulnerability in Phone Messages of Cybozu Offi ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20629 (Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 t ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20628 (Cross-site scripting vulnerability in Address Book of Cybozu Office 10 ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20627 (Cross-site scripting vulnerability in Address Book of Cybozu Office 10 ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20626 (Improper access control vulnerability in Workflow of Cybozu Office 10. ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20625 (Improper access control vulnerability in Bulletin Board of Cybozu Offi ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20624 (Improper access control vulnerability in Scheduler of Cybozu Office 10 ...)
+ NOT-FOR-US: Cybozu Office
+CVE-2021-20623 (Video Insight VMS versions prior to 7.8 allows a remote attacker to ex ...)
+ NOT-FOR-US: Video Insight VMS
+CVE-2021-20622 (Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 ...)
+ NOT-FOR-US: Aterm WG2600HP firmware
+CVE-2021-20621 (Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firm ...)
+ NOT-FOR-US: Aterm WG2600HP firmware
+CVE-2021-20620 (Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 ...)
+ NOT-FOR-US: Aterm WF800HP firmware
+CVE-2021-20619 (Cross-site scripting vulnerability in GROWI (v4.2 Series) versions pri ...)
+ NOT-FOR-US: GROWI
+CVE-2021-20618 (Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, a ...)
+ NOT-FOR-US: acmailer
+CVE-2021-20617 (Improper access control vulnerability in acmailer ver. 4.0.1 and earli ...)
+ NOT-FOR-US: acmailer
+CVE-2021-20616 (Untrusted search path vulnerability in the installer of SKYSEA Client ...)
+ NOT-FOR-US: SKYSEA Client View
+CVE-2021-20615
+ RESERVED
+CVE-2021-20614
+ RESERVED
+CVE-2021-20613 (Improper initialization vulnerability in MELSEC-F series FX3U-ENET Fir ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20612 (Lack of administrator control over security vulnerability in MELSEC-F ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20611 (Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/0 ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20610 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20609 (Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20608 (Improper Handling of Length Parameter Inconsistency vulnerability in M ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20607 (Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versi ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20606 (Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 vers ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20605 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20604 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20603 (Improper Input Validation vulnerability in GOT2000 series GT21 model G ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20602 (Improper Handling of Exceptional Conditions vulnerability in GOT2000 s ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20601 (Improper input validation vulnerability in GOT2000 series GT27 model a ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20600 (Uncontrolled resource consumption in MELSEC iQ-R series C Controller M ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20599 (Authorization bypass through user-controlled key vulnerability in MELS ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20598 (Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubis ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20597 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20596 (NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20595 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20594 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20593 (Incorrect Implementation of Authentication Algorithm in Mitsubishi Ele ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20592 (Missing synchronization vulnerability in GOT2000 series GT27 model com ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20591 (Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27 model VNC ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20589 (Buffer access with incorrect length value vulnerability in GOT2000 ser ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20588 (Improper handling of length parameter inconsistency vulnerability in M ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Eng ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20586 (Resource management errors vulnerability in a robot controller of MELF ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2021-20585 (IBM Security Verify Access 20.07 could disclose sensitive information ...)
+ NOT-FOR-US: IBM
+CVE-2021-20584 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2021-20583 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) coul ...)
+ NOT-FOR-US: IBM
+CVE-2021-20582 (IBM Security Secret Server up to 11.0 stores sensitive information in ...)
+ NOT-FOR-US: IBM
+CVE-2021-20581
+ RESERVED
+CVE-2021-20580 (IBM Planning Analytics 2.0 could be vulnerable to cross-site request f ...)
+ NOT-FOR-US: IBM
+CVE-2021-20579 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20578 (IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0 ...)
+ NOT-FOR-US: IBM
+CVE-2021-20577 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to ...)
+ NOT-FOR-US: IBM
+CVE-2021-20576 (IBM Security Verify Access 20.07 could allow a remote attacker to send ...)
+ NOT-FOR-US: IBM
+CVE-2021-20575 (IBM Security Verify Access 20.07 allows web pages to be stored locally ...)
+ NOT-FOR-US: IBM
+CVE-2021-20574 (IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remot ...)
+ NOT-FOR-US: IBM
+CVE-2021-20573 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20572 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20571 (IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to s ...)
+ NOT-FOR-US: IBM
+CVE-2021-20570
+ RESERVED
+CVE-2021-20569 (IBM Security Secret Server up to 11.0 could allow an attacker to enume ...)
+ NOT-FOR-US: IBM
+CVE-2021-20568
+ RESERVED
+CVE-2021-20567 (IBM Resilient SOAR V38.0 could allow a local privileged attacker to ob ...)
+ NOT-FOR-US: IBM
+CVE-2021-20566 (IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algor ...)
+ NOT-FOR-US: IBM
+CVE-2021-20565 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20564 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20563 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2021-20562 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 ...)
+ NOT-FOR-US: IBM
+CVE-2021-20561 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-20560 (IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 ...)
+ NOT-FOR-US: IBM
+CVE-2021-20559 (IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scrip ...)
+ NOT-FOR-US: IBM
+CVE-2021-20558
+ RESERVED
+CVE-2021-20557 (IBM Security Guardium 11.2 could allow a remote authenticated attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20556
+ RESERVED
+CVE-2021-20555
+ RESERVED
+CVE-2021-20554 (IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cros ...)
+ NOT-FOR-US: IBM
+CVE-2021-20553
+ RESERVED
+CVE-2021-20552 (IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2021-20551
+ RESERVED
+CVE-2021-20550 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
+ NOT-FOR-US: IBM
+CVE-2021-20549 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
+ NOT-FOR-US: IBM
+CVE-2021-20548
+ RESERVED
+CVE-2021-20547
+ RESERVED
+CVE-2021-20546 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to ...)
+ NOT-FOR-US: IBM
+CVE-2021-20545
+ RESERVED
+CVE-2021-20544
+ RESERVED
+CVE-2021-20543
+ RESERVED
+CVE-2021-20542
+ RESERVED
+CVE-2021-20541 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20540 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20539 (IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20538 (IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a us ...)
+ NOT-FOR-US: IBM
+CVE-2021-20537 (IBM Security Verify Access Docker 10.0.0 contains hard-coded credentia ...)
+ NOT-FOR-US: IBM
+CVE-2021-20536 (IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores ...)
+ NOT-FOR-US: IBM
+CVE-2021-20535 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...)
+ NOT-FOR-US: IBM
+CVE-2021-20534 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20533 (IBM Security Verify Access Docker 10.0.0 could allow a remote authenti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20532 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a loc ...)
+ NOT-FOR-US: IBM
+CVE-2021-20531
+ RESERVED
+CVE-2021-20530
+ RESERVED
+CVE-2021-20529 (IBM Control Center 6.2.0.0 could allow a user to obtain sensitive vers ...)
+ NOT-FOR-US: IBM
+CVE-2021-20528 (IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-20527 (IBM Resilient SOAR V38.0 could allow a privileged user to create creat ...)
+ NOT-FOR-US: IBM
+CVE-2021-20526 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
+ NOT-FOR-US: IBM
+CVE-2021-20525
+ RESERVED
+CVE-2021-20524 (IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site s ...)
+ NOT-FOR-US: IBM
+CVE-2021-20523 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20522
+ RESERVED
+CVE-2021-20521
+ RESERVED
+CVE-2021-20520 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20519 (IBM Jazz Team Server products are vulnerable to cross-site scripting. ...)
+ NOT-FOR-US: IBM
+CVE-2021-20518 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20517 (IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could ...)
+ NOT-FOR-US: IBM
+CVE-2021-20516
+ RESERVED
+CVE-2021-20515 (IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffe ...)
+ NOT-FOR-US: IBM
+CVE-2021-20514
+ RESERVED
+CVE-2021-20513
+ RESERVED
+CVE-2021-20512
+ RESERVED
+CVE-2021-20511 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20510 (IBM Security Verify Access Docker 10.0.0 stores user credentials in pl ...)
+ NOT-FOR-US: IBM
+CVE-2021-20509 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable ...)
+ NOT-FOR-US: IBM
+CVE-2021-20508 (IBM Security Secret Server up to 11.0 could allow a remote attacker to ...)
+ NOT-FOR-US: IBM
+CVE-2021-20507 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-20506 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20505 (The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, ...)
+ NOT-FOR-US: IBM
+CVE-2021-20504 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20503 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20502 (IBM Jazz Foundation Products are vulnerable to an XML External Entity ...)
+ NOT-FOR-US: IBM
+CVE-2021-20501 (IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send em ...)
+ NOT-FOR-US: IBM
+CVE-2021-20500 (IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive ...)
+ NOT-FOR-US: IBM
+CVE-2021-20499 (IBM Security Verify Access Docker 10.0.0 could allow a remote attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20498 (IBM Security Verify Access Docker 10.0.0 reveals version information i ...)
+ NOT-FOR-US: IBM
+CVE-2021-20497 (IBM Security Verify Access Docker 10.0.0 uses weaker than expected cry ...)
+ NOT-FOR-US: IBM
+CVE-2021-20496 (IBM Security Verify Access Docker 10.0.0 could allow an authenticated ...)
+ NOT-FOR-US: IBM
+CVE-2021-20495
+ RESERVED
+CVE-2021-20494 (IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20493 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...)
+ NOT-FOR-US: IBM
+CVE-2021-20492 (IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch ...)
+ NOT-FOR-US: IBM
+CVE-2021-20491 (IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based bu ...)
+ NOT-FOR-US: IBM
+CVE-2021-20490 (IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local us ...)
+ NOT-FOR-US: IBM
+CVE-2021-20489 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-20488 (IBM Security Identity Manager 6.0.2 could allow an authenticated malic ...)
+ NOT-FOR-US: IBM
+CVE-2021-20487 (IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inje ...)
+ NOT-FOR-US: IBM
+CVE-2021-20486 (IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain ...)
+ NOT-FOR-US: IBM
+CVE-2021-20485 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2021-20484 (IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-20483 (IBM Security Identity Manager 6.0.2 is vulnerable to server-side reque ...)
+ NOT-FOR-US: IBM
+CVE-2021-20482 (IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to ...)
+ NOT-FOR-US: IBM
+CVE-2021-20481 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-20480 (IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to se ...)
+ NOT-FOR-US: IBM
+CVE-2021-20479
+ RESERVED
+CVE-2021-20478 (IBM Cloud Pak System 2.3 could allow a local user in some situations t ...)
+ NOT-FOR-US: IBM
+CVE-2021-20477 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-20476
+ RESERVED
+CVE-2021-20475
+ RESERVED
+CVE-2021-20474 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perfor ...)
+ NOT-FOR-US: IBM
+CVE-2021-20473 (IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does ...)
+ NOT-FOR-US: IBM
+CVE-2021-20472
+ RESERVED
+CVE-2021-20471
+ RESERVED
+CVE-2021-20470 (IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users sho ...)
+ NOT-FOR-US: IBM
+CVE-2021-20469
+ RESERVED
+CVE-2021-20468
+ RESERVED
+CVE-2021-20467
+ RESERVED
+CVE-2021-20466
+ RESERVED
+CVE-2021-20465
+ RESERVED
+CVE-2021-20464
+ RESERVED
+CVE-2021-20463
+ RESERVED
+CVE-2021-20462
+ RESERVED
+CVE-2021-20461 (IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the ...)
+ NOT-FOR-US: IBM
+CVE-2021-20460
+ RESERVED
+CVE-2021-20459
+ RESERVED
+CVE-2021-20458
+ RESERVED
+CVE-2021-20457
+ RESERVED
+CVE-2021-20456
+ RESERVED
+CVE-2021-20455
+ RESERVED
+CVE-2021-20454 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
+CVE-2021-20453 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20452
+ RESERVED
+CVE-2021-20451
+ RESERVED
+CVE-2021-20450
+ RESERVED
+CVE-2021-20449
+ RESERVED
+CVE-2021-20448 (IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. Th ...)
+ NOT-FOR-US: IBM
+CVE-2021-20447 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20446 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...)
+ NOT-FOR-US: IBM
+CVE-2021-20445 (IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain ...)
+ NOT-FOR-US: IBM
+CVE-2021-20444 (IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site ...)
+ NOT-FOR-US: IBM
+CVE-2021-20443 (IBM Maximo for Civil Infrastructure 7.6.2 includes executable function ...)
+ NOT-FOR-US: IBM
+CVE-2021-20442 (IBM Security Verify Bridge contains hard-coded credentials, such as a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20441 (IBM Security Verify Bridge uses weaker than expected cryptographic alg ...)
+ NOT-FOR-US: IBM
+CVE-2021-20440 (IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not ...)
+ NOT-FOR-US: IBM
+CVE-2021-20439 (IBM Security Access Manager 9.0 and IBM Security Verify Access Docker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20438
+ RESERVED
+CVE-2021-20437
+ RESERVED
+CVE-2021-20436
+ RESERVED
+CVE-2021-20435 (IBM Security Verify Bridge 1.0.5.0 does not properly validate a certif ...)
+ NOT-FOR-US: IBM
+CVE-2021-20434 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...)
+ NOT-FOR-US: IBM
+CVE-2021-20433 (IBM Security Guardium 11.3 could allow a an authenticated user to obta ...)
+ NOT-FOR-US: IBM
+CVE-2021-20432 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Reso ...)
+ NOT-FOR-US: IBM
+CVE-2021-20431 (IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not inv ...)
+ NOT-FOR-US: IBM
+CVE-2021-20430 (IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4. ...)
+ NOT-FOR-US: IBM
+CVE-2021-20429 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose ...)
+ NOT-FOR-US: IBM
+CVE-2021-20428 (IBM Security Guardium 11.2 could allow a remote attacker to obtain sen ...)
+ NOT-FOR-US: IBM
+CVE-2021-20427 (IBM Security Guardium 11.2 uses an inadequate account lockout setting ...)
+ NOT-FOR-US: IBM
+CVE-2021-20426 (IBM Security Guardium 11.2 contains hard-coded credentials, such as a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20425
+ RESERVED
+CVE-2021-20424 (IBM Cloud Pak for Applications 4.3 could allow a remote attacker to ob ...)
+ NOT-FOR-US: IBM
+CVE-2021-20423 (IBM Cloud Pak for Applications 4.3 could allow an authenticated user g ...)
+ NOT-FOR-US: IBM
+CVE-2021-20422 (IBM Cloud Pak for Applications 4.3 could disclose sensitive informatio ...)
+ NOT-FOR-US: IBM
+CVE-2021-20421
+ RESERVED
+CVE-2021-20420 (IBM Security Guardium 11.2 could disclose sensitive information due to ...)
+ NOT-FOR-US: IBM
+CVE-2021-20419 (IBM Security Guardium 11.2 uses weaker than expected cryptographic alg ...)
+ NOT-FOR-US: IBM
+CVE-2021-20418 (IBM Security Guardium 11.2 does not require that users should have str ...)
+ NOT-FOR-US: IBM
+CVE-2021-20417 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...)
+ NOT-FOR-US: IBM
+CVE-2021-20416 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a r ...)
+ NOT-FOR-US: IBM
+CVE-2021-20415 (IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account ...)
+ NOT-FOR-US: IBM
+CVE-2021-20414 (IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce ...)
+ NOT-FOR-US: IBM
+CVE-2021-20413 (IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attack ...)
+ NOT-FOR-US: IBM
+CVE-2021-20412 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-co ...)
+ NOT-FOR-US: IBM
+CVE-2021-20411 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...)
+ NOT-FOR-US: IBM
+CVE-2021-20410 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user crede ...)
+ NOT-FOR-US: IBM
+CVE-2021-20409 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...)
+ NOT-FOR-US: IBM
+CVE-2021-20408 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose h ...)
+ NOT-FOR-US: IBM
+CVE-2021-20407 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensit ...)
+ NOT-FOR-US: IBM
+CVE-2021-20406 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than ...)
+ NOT-FOR-US: IBM
+CVE-2021-20405 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...)
+ NOT-FOR-US: IBM
+CVE-2021-20404 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a us ...)
+ NOT-FOR-US: IBM
+CVE-2021-20403 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to ...)
+ NOT-FOR-US: IBM
+CVE-2021-20402 (IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a re ...)
+ NOT-FOR-US: IBM
+CVE-2021-20401 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a ...)
+ NOT-FOR-US: IBM
+CVE-2021-20400 (IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic al ...)
+ NOT-FOR-US: IBM
+CVE-2021-20399 (IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulner ...)
+ NOT-FOR-US: IBM
+CVE-2021-20398
+ RESERVED
+CVE-2021-20397 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...)
+ NOT-FOR-US: IBM
+CVE-2021-20396 (IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM ...)
+ NOT-FOR-US: IBM
+CVE-2021-20395
+ RESERVED
+CVE-2021-20394
+ RESERVED
+CVE-2021-20393 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a r ...)
+ NOT-FOR-US: IBM
+CVE-2021-20392 (IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable t ...)
+ NOT-FOR-US: IBM
+CVE-2021-20391 (IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web page ...)
+ NOT-FOR-US: IBM
+CVE-2021-20390
+ RESERVED
+CVE-2021-20389 (IBM Security Guardium 11.2 stores user credentials in plain clear text ...)
+ NOT-FOR-US: IBM
+CVE-2021-20388
+ RESERVED
+CVE-2021-20387
+ RESERVED
+CVE-2021-20386 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-20385 (IBM Security Guardium 11.2 could allow a remote authenticated attacker ...)
+ NOT-FOR-US: IBM
+CVE-2021-20384
+ RESERVED
+CVE-2021-20383
+ RESERVED
+CVE-2021-20382
+ RESERVED
+CVE-2021-20381
+ RESERVED
+CVE-2021-20380 (IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRad ...)
+ NOT-FOR-US: IBM
+CVE-2021-20379 (IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker tha ...)
+ NOT-FOR-US: IBM
+CVE-2021-20378 (IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invali ...)
+ NOT-FOR-US: IBM
+CVE-2021-20377 (IBM Security Guardium 11.3 could allow a remote attacker to obtain sen ...)
+ NOT-FOR-US: IBM
+CVE-2021-20376 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...)
+ NOT-FOR-US: IBM
+CVE-2021-20375 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...)
+ NOT-FOR-US: IBM
+CVE-2021-20374 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cr ...)
+ NOT-FOR-US: IBM
+CVE-2021-20373 (IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Inform ...)
+ NOT-FOR-US: IBM
+CVE-2021-20372 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2021-20371 (IBM Jazz Foundation and IBM Engineering products could allow a remote ...)
+ NOT-FOR-US: IBM
+CVE-2021-20370
+ RESERVED
+CVE-2021-20369 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...)
+ NOT-FOR-US: IBM
+CVE-2021-20368 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20367
+ RESERVED
+CVE-2021-20366 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20365 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20364 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20363 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20362 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20361 (IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20360 (IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptogra ...)
+ NOT-FOR-US: IBM
+CVE-2021-20359 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automatio ...)
+ NOT-FOR-US: IBM
+CVE-2021-20358 (IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially s ...)
+ NOT-FOR-US: IBM
+CVE-2021-20357 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...)
+ NOT-FOR-US: IBM
+CVE-2021-20356
+ RESERVED
+CVE-2021-20355
+ RESERVED
+CVE-2021-20354 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remot ...)
+ NOT-FOR-US: IBM
+CVE-2021-20353 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
+CVE-2021-20352 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...)
+ NOT-FOR-US: IBM
+CVE-2021-20351 (IBM Engineering products are vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-20350 (IBM Engineering products are vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-20349 (IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-bas ...)
+ NOT-FOR-US: IBM
+CVE-2021-20348 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
+ NOT-FOR-US: IBM
+CVE-2021-20347 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
+ NOT-FOR-US: IBM
+CVE-2021-20346 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
+ NOT-FOR-US: IBM
+CVE-2021-20345 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
+ NOT-FOR-US: IBM
+CVE-2021-20344
+ RESERVED
+CVE-2021-20343 (IBM Jazz Foundation and IBM Engineering products are vulnerable to ser ...)
+ NOT-FOR-US: IBM
+CVE-2021-20342
+ RESERVED
+CVE-2021-20341 (IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potenti ...)
+ NOT-FOR-US: IBM
+CVE-2021-20340 (IBM Engineering products are vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2021-20339
+ RESERVED
+CVE-2021-20338 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
+ NOT-FOR-US: IBM
+CVE-2021-20337 (IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weak ...)
+ NOT-FOR-US: IBM
+CVE-2021-20336 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-sit ...)
+ NOT-FOR-US: IBM
+CVE-2021-20335 (For MongoDB Ops Manager &lt;= 4.2.24 with multiple OM application serv ...)
+ NOT-FOR-US: MongoDB Ops Manager
+CVE-2021-20334 (A malicious 3rd party with local access to the Windows machine where M ...)
+ NOT-FOR-US: MongoDB Compass
+CVE-2021-20333 (Sending specially crafted commands to a MongoDB Server may result in a ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-50605
+CVE-2021-20332 (Specific MongoDB Rust Driver versions can include credentials used by ...)
+ NOT-FOR-US: MongoDB rust driver
+CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously publish eve ...)
+ NOT-FOR-US: MongoDB C# Driver
+CVE-2021-20330 (An attacker with basic CRUD permissions on a replicated collection can ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-36263
+CVE-2021-20329 (Specific cstrings input may not be properly validated in the MongoDB G ...)
+ NOT-FOR-US: mongo-driver
+ NOTE: https://jira.mongodb.org/browse/GODRIVER-1923
+ NOTE: https://github.com/mongodb/mongo-go-driver/pull/622
+ NOTE: https://github.com/mongodb/mongo-go-driver/commit/3a89e6cde18d6ac5d38f39b54eaa8d4e321fd118 (v1.5.1)
+CVE-2021-20328 (Specific versions of the Java driver that support client-side field le ...)
+ - mongo-java-driver <not-affected> (Vulnerable code introduce later)
+ NOTE: https://jira.mongodb.org/browse/JAVA-4017
+ NOTE: Fixed by: https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234
+CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption module doe ...)
+ NOT-FOR-US: Node mongodb-client-encryption
+CVE-2021-20326 (A user authorized to performing a specific type of find query may trig ...)
+ - mongodb <removed>
+ [stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
+ NOTE: https://jira.mongodb.org/browse/SERVER-53929
+CVE-2021-20325 (Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of ...)
+ - apache2 <not-affected> (Red Hat RHEL 8 specifc regression of CVE-2021-40438 and CVE-2021-26691)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2017321
+CVE-2021-20324
+ RESERVED
+ NOT-FOR-US: WildFly Elytron
+CVE-2021-20323
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2021-20322 (A flaw in the processing of received ICMP errors (ICMP fragment needed ...)
+ {DLA-2843-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2014230
+CVE-2021-20321 (A race condition accessing file object in the Linux kernel OverlayFS s ...)
+ {DLA-2843-1}
+ - linux 5.14.12-1
+ [bullseye] - linux 5.10.84-1
+ NOTE: https://git.kernel.org/linus/a295aef603e109a47af355477326bd41151765b6 (5.15-rc5)
+CVE-2021-20320 (A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf ...)
+ - linux 5.14.9-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ [stretch] - linux <ignored> (s390x not supported in LTS)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010090
+CVE-2021-20319
+ RESERVED
+ NOT-FOR-US: coreos-installer
+CVE-2021-20318 (The HornetQ component of Artemis in EAP 7 was not updated with the fix ...)
+ NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
+CVE-2021-20317 (A flaw was found in the Linux kernel. A corrupted timer tree caused th ...)
+ {DLA-2843-1}
+ - linux 5.4.6-1
+ NOTE: https://git.kernel.org/linus/511885d7061eda3eb1faf3f57dcc936ff75863f1 (5.4-rc1)
+CVE-2021-20316
+ RESERVED
+ - samba <unfixed> (bug #1004690)
+ [bullseye] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ [buster] - samba <ignored> (Minor issue; no backport to older versions, mitigations exists)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-20316.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14842
+CVE-2021-20315 (A locking protection bypass flaw was found in some versions of gnome-s ...)
+ - gnome-shell <undetermined>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006285
+ TODO: check, possibly Red Hat specific as issue introduced of backporting features to CentOS 8 Streams
+CVE-2021-20314 (Stack buffer overflow in libspf2 versions below 1.2.11 when processing ...)
+ {DSA-4955-1 DLA-2739-1}
+ - libspf2 1.2.10-7.1
+ [bullseye] - libspf2 1.2.10-7.1~deb11u1
+ NOTE: https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef
+ NOTE: https://www.openwall.com/lists/oss-security/2021/08/11/6
+CVE-2021-20313 (A flaw was found in ImageMagick in versions before 7.0.11. A potential ...)
+ {DLA-2672-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <no-dsa> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
+ NOTE: IM6: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
+CVE-2021-20312 (A flaw was found in ImageMagick in versions 7.0.11, where an integer o ...)
+ {DLA-2672-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
+ NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e53e24b078f7fa586f9cc910491b8910f5bdad2e
+CVE-2021-20311 (A flaw was found in ImageMagick in versions before 7.0.11, where a div ...)
+ - imagemagick <unfixed> (unimportant)
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/70aa86f5d5d8aa605a918ed51f7574f433a18482
+CVE-2021-20310 (A flaw was found in ImageMagick in versions before 7.0.11, where a div ...)
+ - imagemagick <not-affected> (Specific to IM7)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/3295
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/75f6f5032690077cae3eaeda3c0165cc765eaeb5
+CVE-2021-20309 (A flaw was found in ImageMagick in versions before 7.0.11 and before 6 ...)
+ {DLA-2672-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94174beff065cb5683d09d79e992c3ebbdead311
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f1e68d22d1b35459421710587a0dcbab6900b51f
+CVE-2021-20308 (Integer overflow in the htmldoc 1.9.11 and before may allow attackers ...)
+ {DLA-2700-1}
+ - htmldoc 1.9.11-3 (unimportant; bug #984765)
+ [buster] - htmldoc 1.9.3-1+deb10u1
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/423
+ NOTE: Crash in CLI tool, no security impact
+CVE-2021-20307 (Format string vulnerability in panoFileOutputNamesCreate() in libpano1 ...)
+ {DLA-2624-1}
+ - libpano13 2.9.20~rc3+dfsg-1 (bug #985249)
+ [buster] - libpano13 2.9.19+dfsg-3+deb10u1
+ NOTE: https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/
+CVE-2021-20306 (A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any ...)
+ NOT-FOR-US: Red Hat Business Central
+CVE-2021-20305 (A flaw was found in Nettle in versions before 3.7.2, where several Net ...)
+ {DSA-4933-1 DLA-2760-1}
+ - nettle 3.7.2-1 (bug #985652)
+ NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
+ NOTE: New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/a63893791280d441c713293491da97c79c0950fe
+ NOTE: Use ecc_mod_mul_canonical for point comparison:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/971bed6ab4b27014eb23085e8176917e1a096fd5
+ NOTE: Fix bug in ecc_ecdsa_verify:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/74ee0e82b6891e090f20723750faeb19064e31b2
+ NOTE: Ensure ecdsa_sign output is canonically reduced:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/51f643eee00e2caa65c8a2f5857f49acdf3ef1ce
+ NOTE: Analogous fix to ecc_gostdsa_verify:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/401c8d53d8a8cf1e79980e62bda3f946f8e07c14
+ NOTE: Similar fix for eddsa:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/ae3801a0e5cce276c270973214385c86048d5f7b
+ NOTE: Fix canonical reduction in gostdsa_vko:
+ NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/63f222c60b03470c0005aa9bc4296fbf585f68b9
+CVE-2021-20304 [Undefined-shift in Imf_2_5::hufDecode]
+ RESERVED
+ - openexr 2.5.4-1 (unimportant)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26229
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/51a92d67f53c08230734e74564c807043cbfe41e
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/849
+ NOTE: Negligible security impact
+CVE-2021-20303 [Heap-buffer-overflow in Imf_2_5::copyIntoFrameBuffer]
+ RESERVED
+ {DLA-2732-1}
+ - openexr 2.5.4-1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/831
+CVE-2021-20302 [Floating-point-exception in Imf_2_5::precalculateTileInfot]
+ RESERVED
+ {DLA-2732-1}
+ - openexr 2.5.4-1
+ [buster] - openexr <ignored> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25894
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/842
+CVE-2021-20301
+ RESERVED
+CVE-2021-20300 [Integer-overflow in Imf_2_5::hufUncompress]
+ RESERVED
+ {DLA-2732-1}
+ - openexr 2.5.4-1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25562
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ed560b8a932c78d5e8e5990ce36fe7808b35d9f0 (master)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5.x)
+CVE-2021-20299 [Null-dereference READ in Imf_2_5::Header::operator]
+ RESERVED
+ {DLA-2732-1}
+ - openexr 2.5.4-1
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25740
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/840
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25e9515b06a6bc293d871622b8cafaee7af84e0f
+CVE-2021-20298 [Out-of-memory in B44Compressor]
+ RESERVED
+ - openexr 2.5.4-1
+ [buster] - openexr <ignored> (Minor issue)
+ [stretch] - openexr <postponed> (Minor issue, OOM, revisit when there's a full fix upstream)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97 (master) (partial fix)
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0c2b46f630a3b5f2f561c2849d047ee39f899179 (2.5.x) (partial fix)
+CVE-2021-20297 (A flaw was found in NetworkManager in versions before 1.30.0. Setting ...)
+ - network-manager 1.30.0-2 (bug #986809)
+ [buster] - network-manager <not-affected> (Vulnerable code introduced later)
+ [stretch] - network-manager <not-affected> (Vulnerable code introduced later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942741 (not yet public)
+ NOTE: Introduced by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/3ced486f4162edcd03ff42fa27535130aff0c86c (1.26-rc2)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27
+CVE-2021-20296 (A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted i ...)
+ {DLA-2701-1}
+ - openexr 2.5.4-1 (bug #986796)
+ [buster] - openexr <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b0c63c0b96eb9b0d3998f603e12f9f414fb0d44a
+CVE-2021-20295 [Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3]
+ RESERVED
+ - qemu <not-affected> (RHEL 8.3 specific security regression)
+CVE-2021-20294 (A flaw was found in binutils readelf 2.35 program. An attacker who is ...)
+ - binutils 2.35.2-1 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26929
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=372dd157272e0674d13372655cc60eaca9c06926
+ NOTE: binutils not covered by security support
+CVE-2021-20293 (A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ...)
+ - resteasy <undetermined>
+ - resteasy3.0 <undetermined>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942819
+CVE-2021-20292 (There is a flaw reported in the Linux kernel in versions before 5.9 in ...)
+ {DLA-2689-1}
+ - linux 5.7.17-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1939686
+ NOTE: https://git.kernel.org/linus/5de5b6ecf97a021f29403aa272cb4e03318ef586
+CVE-2021-20291 (A deadlock vulnerability was found in 'github.com/containers/storage' ...)
+ [experimental] - golang-github-containers-storage 1.29.0+ds1-1
+ - golang-github-containers-storage 1.34.1+ds1-1 (bug #988942)
+ NOTE: https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1
+ NOTE: golang-github-containers-buildah uses golang-github-containers-storage compression support.
+ NOTE: docker.io already uses the same library as the fix for golang-github-containers-storage.
+CVE-2021-20290
+ RESERVED
+ - foreman <itp> (bug #663101)
+CVE-2021-20289 (A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.F ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-20288 (An authentication flaw was found in ceph in versions before 14.2.20. W ...)
+ - ceph 14.2.20-1 (bug #986974)
+ [buster] - ceph <no-dsa> (Minor issue)
+ [stretch] - ceph <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/14/2
+ NOTE: https://github.com/ceph/ceph/commit/059eabcc0ada81078a898cdc25cf72bf3d506ad0
+ NOTE: https://github.com/ceph/ceph/commit/05b3b6a305ddbb56cc53bbeadf5866db4d785f49
+CVE-2021-20287
+ RESERVED
+CVE-2021-20286 (A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked ...)
+ - libnbd 1.6.2-1
+ [bullseye] - libnbd <no-dsa> (Minor issue)
+ NOTE: https://listman.redhat.com/archives/libguestfs/2021-March/msg00092.html
+ NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/2216190ecbbd853648df6a3280c17b345b0907a0 (v1.6.2)
+ NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0 (v1.7.3)
+CVE-2021-20285 (A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw ...)
+ - upx-ucl <unfixed> (unimportant)
+ NOTE: https://github.com/upx/upx/issues/421
+ NOTE: https://github.com/upx/upx/commit/3781df9da23840e596d5e9e8493f22666802fe6c
+CVE-2021-20284 (A flaw was found in GNU Binutils 2.35.1, where there is a heap-based b ...)
+ - binutils 2.37-3 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26931
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f60742b2a1988d276c77d5c1011143f320d9b4cb
+ NOTE: binutils not covered by security support
+CVE-2021-20283 (The web service responsible for fetching other users' enrolled courses ...)
+ - moodle <removed>
+CVE-2021-20282 (When creating a user account, it was possible to verify the account wi ...)
+ - moodle <removed>
+CVE-2021-20281 (It was possible for some users without permission to view other users' ...)
+ - moodle <removed>
+CVE-2021-20280 (Text-based feedback answers required additional sanitizing to prevent ...)
+ - moodle <removed>
+CVE-2021-20279 (The ID number user profile field required additional sanitizing to pre ...)
+ - moodle <removed>
+CVE-2021-20278 (An authentication bypass vulnerability was found in Kiali in versions ...)
+ NOT-FOR-US: Kiali
+CVE-2021-20277 (A flaw was found in Samba's libldb. Multiple, consecutive leading spac ...)
+ {DSA-4884-1 DLA-2611-1}
+ - ldb 2:2.2.0-3.1 (bug #985935)
+ - samba <unfixed> (unimportant)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-20277.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14655
+ NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=ea4bd2c437fbb5801fb82e2a038d9cdb5abea4c0
+ NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=1fe8c790b2294fd10fe9c9c6254ecf2b6c00b709
+ NOTE: Samba uses the System ldb library
+CVE-2021-20276 (A flaw was found in privoxy before 3.0.32. Invalid memory access with ...)
+ {DLA-2587-1}
+ - privoxy 3.0.32-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=28512e5b62457f0ff6f2d72e3e5c9226b9e0203d
+CVE-2021-20275 (A flaw was found in privoxy before 3.0.32. A invalid read of size two ...)
+ {DLA-2587-1}
+ - privoxy 3.0.32-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=a912ba7bc9ce5855a810d09332e9d94566ce1521
+CVE-2021-20274 (A flaw was found in privoxy before 3.0.32. A crash may occur due a NUL ...)
+ - privoxy 3.0.32-1
+ [buster] - privoxy <not-affected> (Vulnerable code introduced later)
+ [stretch] - privoxy <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=85817cc55b9829e6c20db40d3a93b8380618463d
+CVE-2021-20273 (A flaw was found in privoxy before 3.0.32. A crash can occur via a cra ...)
+ {DLA-2587-1}
+ - privoxy 3.0.32-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=e711c505c4830ab271938d61af90a2075523f058
+CVE-2021-20272 (A flaw was found in privoxy before 3.0.32. An assertion failure could ...)
+ {DLA-2587-1}
+ - privoxy 3.0.32-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/28/1
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=2256d7b4d67dd9c364386877d5af59943433458b
+CVE-2021-20271 (A flaw was found in RPM's signature check functionality when reading a ...)
+ - rpm 4.16.1.2+dfsg1-1 (bug #985308)
+ [buster] - rpm <no-dsa> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1934125
+CVE-2021-20270 (An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lea ...)
+ {DSA-4889-1 DSA-4870-1 DLA-2648-1 DLA-2590-1}
+ - pygments 2.7.1+dfsg-2 (bug #984664)
+ - mediawiki 1:1.35.2-1
+ NOTE: https://github.com/pygments/pygments/issues/1625
+ NOTE: https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333
+CVE-2021-20269 [incorrect permissions on kdump dmesg file]
+ RESERVED
+ - kexec-tools <unfixed> (bug #985105)
+ [bullseye] - kexec-tools <no-dsa> (Minor issue)
+ [buster] - kexec-tools <no-dsa> (Minor issue)
+ [stretch] - kexec-tools <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/11/2
+CVE-2021-20268 (An out-of-bounds access flaw was found in the Linux kernel's implement ...)
+ - linux 5.10.12-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-101/
+ NOTE: https://git.kernel.org/linus/bc895e8b2a64e502fbba72748d59618272052a8b
+CVE-2021-20267 (A flaw was found in openstack-neutron's default Open vSwitch firewall ...)
+ - neutron 2:17.1.1-5 (bug #985104)
+ [buster] - neutron 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1
+ [stretch] - neutron <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/neutron/+bug/1902917
+ NOTE: https://review.opendev.org/c/openstack/neutron/+/776599
+ NOTE: Followup: https://review.opendev.org/c/openstack/neutron/+/783743
+ NOTE: https://www.openwall.com/lists/oss-security/2021/07/12/2
+CVE-2021-20266 (A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw all ...)
+ - rpm 4.16.1.2+dfsg1-1 (bug #985308)
+ [buster] - rpm <no-dsa> (Minor issue)
+ [stretch] - rpm <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927741
+CVE-2021-20265 (A flaw was found in the way memory resources were freed in the unix_st ...)
+ - linux 4.4.4-1
+ NOTE: https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b (4.5-rc3)
+CVE-2021-20264 (An insecure modification flaw in the /etc/passwd file was found in the ...)
+ NOT-FOR-US: Container configuration of some Red Hat products
+CVE-2021-20263 (A flaw was found in the virtio-fs shared file system daemon (virtiofsd ...)
+ - qemu 1:5.2+dfsg-9 (bug #985083)
+ [buster] - qemu <not-affected> (Introduced in 5.2.0)
+ [stretch] - qemu <not-affected> (Introduced in 5.2.0)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1933668
+ NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=725ca3313a5b9cbef89eaa1c728567684f37990a
+ NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=e586edcb410543768ef009eaa22a2d9dd4a53846
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e586edcb410543768ef009eaa22a2d9dd4a53846
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1e08f164e9fdc9528ad6990012301b9a04b0bc90
+CVE-2021-20262 (A flaw was found in Keycloak 12.0.0 where re-authentication does not o ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-20261 (A race condition was found in the Linux kernels implementation of the ...)
+ - linux 4.5.1-1
+ NOTE: https://git.kernel.org/linus/a0c80efe5956ccce9fe7ae5c78542578c07bc20a
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1932150
+CVE-2021-20260
+ RESERVED
+ - foreman <itp> (bug #663101)
+CVE-2021-20259 (A flaw was found in the Foreman project. The Proxmox compute resource ...)
+ - foreman <itp> (bug #663101)
+CVE-2021-20258
+ RESERVED
+CVE-2021-20257 [net: e1000: infinite loop while processing transmit descriptors]
+ RESERVED
+ {DLA-2623-1}
+ - qemu 1:5.2+dfsg-9 (bug #984450)
+ [bullseye] - qemu <postponed> (Minor issue)
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03595.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=3de46e6fc489c52c9431a8a832ad8170a7569bd8
+CVE-2021-20256 (A flaw was found in Red Hat Satellite. The BMC interface exposes the p ...)
+ NOT-FOR-US: Red Hat Satellite
+CVE-2021-20255 (A stack overflow via an infinite recursion vulnerability was found in ...)
+ {DLA-2623-1}
+ - qemu <unfixed> (bug #984451)
+ [bullseye] - qemu <postponed> (Minor issue)
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html
+ NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
+ NOTE: No upstream patch as of 2022-01-28
+CVE-2021-20254 (A flaw was found in samba. The Samba smbd file server must map Windows ...)
+ {DLA-2668-1}
+ - samba 2:4.13.5+dfsg-2 (bug #987811)
+ [buster] - samba <no-dsa> (Minor issue)
+ NOTE: https://www.samba.org/samba/security/CVE-2021-20254.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14571
+ NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=75ad84167f5d2379557ec078d17c9a1c244402fc (master)
+CVE-2021-20253 (A flaw was found in ansible-tower. The default installation is vulnera ...)
+ NOT-FOR-US: Ansible Tower
+CVE-2021-20252 (A flaw was found in Red Hat 3scale API Management Platform 2. The 3sca ...)
+ NOT-FOR-US: Red Hat 3scale API Management
+CVE-2021-20251
+ RESERVED
+CVE-2021-20250 (A flaw was found in wildfly. The JBoss EJB client has publicly accessi ...)
+ - wildfly <itp> (bug #752018)
+CVE-2021-20249
+ REJECTED
+CVE-2021-20248
+ REJECTED
+CVE-2021-20247 (A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of th ...)
+ - isync 1.3.0-2.1 (bug #983351)
+ [buster] - isync 1.3.0-2.2~deb10u1
+ [stretch] - isync <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/22/1
+CVE-2021-20246 (A flaw was found in ImageMagick in MagickCore/resample.c. An attacker ...)
+ {DLA-2602-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/3195
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/8d25d94a363b104acd6ff23df7470aeedb806c51
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f3190d4a6e6e8556575c84b5d976f77d111caa74
+CVE-2021-20245 (A flaw was found in ImageMagick in coders/webp.c. An attacker who subm ...)
+ {DLA-2672-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/3176
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ffb683e62ddedc6436a1b88388eb690d7ca57bf2
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a78d92dc0f468e79c3d761aae9707042952cdaca
+CVE-2021-20244 (A flaw was found in ImageMagick in MagickCore/visual-effects.c. An att ...)
+ {DLA-2602-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/pull/3194
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/329dd528ab79531d884c0ba131e97d43f872ab5d
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c8d674946a687f40a126166edf470733fc8ede02
+CVE-2021-20243 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...)
+ {DLA-2672-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/pull/3193
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9751bd619872c8e58609fbed56c4827afa083b40
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745 (resize.c hunk)
+CVE-2021-20242
+ REJECTED
+CVE-2021-20241 (A flaw was found in ImageMagick in coders/jp2.c. An attacker who submi ...)
+ {DLA-2602-1}
+ [experimental] - imagemagick 8:6.9.12.20+dfsg1-1
+ - imagemagick <unfixed>
+ [bullseye] - imagemagick <ignored> (Minor issue)
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/pull/3177
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/dd33b451c3e01098efad34bbaca2df78d5391dc8
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/53cb91b3e7bf95d0e372cbc745e0055ac6054745
+CVE-2021-20240 (A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer w ...)
+ - gdk-pixbuf 2.42.2+dfsg-1
+ [buster] - gdk-pixbuf <not-affected> (Vulnerable code introduced later)
+ [stretch] - gdk-pixbuf <not-affected> (Vulnerable code added later)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1926787
+ NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/132
+ NOTE: Vulnerable code introduced in https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4e7b5345d2fc8f0d1dee93d8ba9ab805bc95d42f (2.39.2)
+ NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e (2.42.0)
+CVE-2021-20239 (A flaw was found in the Linux kernel in versions before 5.4.92 in the ...)
+ - linux 5.10.4-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-100/
+ NOTE: https://gist.github.com/Ga-ryo/2ec958e78f55c5d18558960f3fe1c6ec
+CVE-2021-20238
+ RESERVED
+ NOT-FOR-US: OpenShift
+CVE-2021-20237 (An uncontrolled resource consumption (memory leak) flaw was found in Z ...)
+ - zeromq3 4.3.3-1
+ [buster] - zeromq3 <no-dsa> (Minor issue)
+ [stretch] - zeromq3 <no-dsa> (Minor issue)
+ NOTE: https://github.com/zeromq/libzmq/pull/3935
+ NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22344
+CVE-2021-20236 (A flaw was found in the ZeroMQ server in versions before 4.3.3. This f ...)
+ - zeromq3 4.3.3-1
+ [buster] - zeromq3 <no-dsa> (Minor issue)
+ [stretch] - zeromq3 <ignored> (Minor issue, too intrusive to backport)
+ NOTE: https://github.com/zeromq/libzmq/pull/3959
+ NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22488
+CVE-2021-20235 (There's a flaw in the zeromq server in versions before 4.3.3 in src/de ...)
+ {DLA-2588-1}
+ - zeromq3 4.3.3-1
+ [buster] - zeromq3 <no-dsa> (Minor issue)
+ NOTE: https://github.com/zeromq/libzmq/pull/3902
+ NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21984
+CVE-2021-20234 (An uncontrolled resource consumption (memory leak) flaw was found in t ...)
+ {DLA-2588-1}
+ - zeromq3 4.3.3-1
+ [buster] - zeromq3 <no-dsa> (Minor issue)
+ NOTE: https://github.com/zeromq/libzmq/pull/3918
+ NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22037
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22123
+CVE-2021-20233 (A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() ...)
+ {DSA-4867-1}
+ - grub2 2.04-16
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+CVE-2021-20232 (A flaw was found in gnutls. A use after free issue in client_send_para ...)
+ - gnutls28 3.7.1-1
+ [buster] - gnutls28 3.6.7-4+deb10u7
+ [stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
+ NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1151
+CVE-2021-20231 (A flaw was found in gnutls. A use after free issue in client sending k ...)
+ - gnutls28 3.7.1-1
+ [buster] - gnutls28 3.6.7-4+deb10u7
+ [stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
+ NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1151
+CVE-2021-20230 (A flaw was found in stunnel before 5.57, where it improperly validates ...)
+ - stunnel4 3:5.56+dfsg-8 (bug #982578)
+ [buster] - stunnel4 <no-dsa> (Minor issue)
+ [stretch] - stunnel4 <not-affected> (Re-ordering of redirect/accept/reject checks performed in stunnel 5.41b8)
+ NOTE: https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9
+ NOTE: Isolated fix only the changes in src/verify.c:
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1177580#c2
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925226
+CVE-2021-20229 (A flaw was found in PostgreSQL in versions before 13.2. This flaw allo ...)
+ - postgresql-13 13.2-1
+ NOTE: https://www.postgresql.org/about/news/postgresql-132-126-1111-1016-9621-and-9525-released-2165/
+CVE-2021-20228 (A flaw was found in the Ansible Engine 2.9.18, where sensitive info is ...)
+ {DSA-4950-1}
+ - ansible 2.10.7+merged+base+2.10.8+dfsg-1
+ - ansible-base <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1925002
+ NOTE: https://github.com/ansible/ansible/pull/73487
+CVE-2021-20227 (A flaw was found in SQLite's SELECT query functionality (src/select.c) ...)
+ - sqlite3 3.34.1-1
+ [buster] - sqlite3 <not-affected> (Introduced in 3.33)
+ [stretch] - sqlite3 <not-affected> (Introduced in 3.33)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1924886
+ NOTE: https://sqlite.org/src/info/30a4c323650cc949
+ NOTE: Patch: https://github.com/sqlite/sqlite/commit/f39168e468af3b1d6b6d37efdcb081eced6724b2
+ NOTE: Introduced in https://github.com/sqlite/sqlite/commit/896366282dae3789fb277c2dad8660784a0895a3
+CVE-2021-20226 (A use-after-free flaw was found in the io_uring in Linux kernel, where ...)
+ - linux 5.10.4-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-001/
+CVE-2021-20225 (A flaw was found in grub2 in versions prior to 2.06. The option parser ...)
+ {DSA-4867-1}
+ - grub2 2.04-16
+ [stretch] - grub2 <ignored> (No SecureBoot support in stretch)
+CVE-2021-20224
+ RESERVED
+CVE-2021-20223
+ RESERVED
+CVE-2021-20222 (A flaw was found in keycloak. The new account console in keycloak can ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-20221 (An out-of-bounds heap buffer access issue was found in the ARM Generic ...)
+ {DLA-2560-1}
+ - qemu 1:5.2+dfsg-4
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/05/1
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/edfe2eb4360cde4ed5d95bda7777edcb3510f76a (v6.0.0-rc0)
+CVE-2021-20220 (A flaw was found in Undertow. A regression in the fix for CVE-2020-106 ...)
+ - undertow 2.2.0-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1923133
+ NOTE: https://github.com/undertow-io/undertow/commit/a18574a4da09449d855c0a7e58dfca3e9e2e488e
+CVE-2021-20219 (A denial of service vulnerability was found in n_tty_receive_char_spec ...)
+ - linux <not-affected> (Red Hat specific issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/10
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/16
+CVE-2021-20218 (A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and ...)
+ NOT-FOR-US: fabric8io / kubernetes-client
+CVE-2021-20217 (A flaw was found in Privoxy in versions before 3.0.31. An assertion fa ...)
+ {DLA-2548-1}
+ - privoxy 3.0.31-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5bba5b89193fa2eeea51aa39fb6525c47b59a82a (3.0.31)
+CVE-2021-20216 (A flaw was found in Privoxy in versions before 3.0.31. A memory leak t ...)
+ {DLA-2548-1}
+ - privoxy 3.0.31-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/31/2
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=f431d61740cc03c1c5f6b7f9c7a4a8d0bedd70dd (3.0.31)
+CVE-2021-20215 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=064eac5fd0f693e94ec8b3a64d1d91e8fb7e8e66 (3.0.29)
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=fdee85c0bf3e2dbd7722ddc45e9ed912f02a2136 (3.0.29)
+CVE-2021-20214 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in ...)
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ [stretch] - privoxy <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=cf5640eb2a57197717758e225ad6e11cbaab1d6c (3.0.29)
+CVE-2021-20213 (A flaw was found in Privoxy in versions before 3.0.29. Dereference of ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=75301323495579ff27bdaaea67e31e2df83475fc (3.0.29)
+CVE-2021-20212 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak if ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=5cfb7bc8feecc82eb161450faa572abf9be19cbb (3.0.29)
+CVE-2021-20211 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak whe ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=245e1cf325bc957df6226c745b7ac3f67a97ea07 (3.0.29)
+CVE-2021-20210 (A flaw was found in Privoxy in versions before 3.0.29. Memory leak in ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=1b1370f7a8a9cc5434d3e0e54dd620df1e70c873 (3.0.29)
+CVE-2021-20209 (A memory leak vulnerability was found in Privoxy before 3.0.29 in the ...)
+ {DLA-2548-1}
+ - privoxy 3.0.29-1
+ [buster] - privoxy 3.0.28-2+deb10u1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3
+ NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c62254a686dcd40e3b6e5753d0c7c0308209a7b6 (3.0.29)
+CVE-2021-20208 (A flaw was found in cifs-utils in versions before 6.13. A user when mo ...)
+ - cifs-utils 2:6.11-3 (bug #987308)
+ [buster] - cifs-utils <no-dsa> (Minor issue)
+ [stretch] - cifs-utils <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14651
+ NOTE: https://lists.samba.org/archive/samba-technical/2021-April/136467.html
+ NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=e461afd8cfa6d0781ae0c5c10e89b6ef1ca6da32
+ NOTE: Fix causes regression: https://bugs.debian.org/989080
+CVE-2021-20207
+ REJECTED
+CVE-2021-20206 (An improper limitation of path name flaw was found in containernetwork ...)
+ - golang-github-appc-cni 0.8.1-1 (bug #983659)
+ [buster] - golang-github-appc-cni <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - golang-github-appc-cni <no-dsa> (Minor issue)
+ NOTE: https://github.com/containernetworking/cni/pull/808
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919391
+CVE-2021-20205 (Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of ...)
+ - libjpeg-turbo <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/493
+ NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1719d12e51641cce5c77e259516649ba5ef6303c
+CVE-2021-20204 (A heap memory corruption problem (use after free) can be triggered in ...)
+ {DLA-2660-1}
+ - libgetdata 0.10.0-10 (bug #988239)
+ [buster] - libgetdata 0.10.0-5+deb10u1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956348
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/libgetdata/+bug/1912050
+ NOTE: Debian patch applied causes functional regressions: https://bugs.debian.org/992437
+CVE-2021-20203 (An integer overflow issue was found in the vmxnet3 NIC emulator of the ...)
+ {DLA-2623-1}
+ - qemu 1:6.2+dfsg-1 (bug #984452)
+ [bullseye] - qemu <postponed> (Minor issue)
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1913873
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/308
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1890152
+ NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/d05dcd94aee88728facafb993c7280547eb4d645 (v6.2.0-rc3)
+CVE-2021-20202 (A flaw was found in keycloak. Directories can be created prior to the ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-20201 (A flaw was found in spice in versions before 0.14.92. A DoS tool might ...)
+ - spice 0.14.3-2.1 (bug #983698)
+ [buster] - spice <no-dsa> (Minor issue)
+ [stretch] - spice <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/spice/spice/-/issues/49
+ NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749
+ NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
+ NOTE: https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
+CVE-2021-20200
+ REJECTED
+CVE-2021-20199 (Rootless containers run with Podman, receive all traffic with a source ...)
+ - libpod 3.0.0~rc2+dfsg1-2
+ - rootlesskit 0.12.0-1
+ NOTE: https://github.com/containers/podman/issues/5138
+ NOTE: https://github.com/containers/podman/pull/9052
+ NOTE: https://github.com/rootless-containers/rootlesskit/pull/206
+ NOTE: For Podman v3.0: https://github.com/containers/podman/pull/9225 (v3.0.0-rc3)
+ NOTE: Issue in podman was fixed by linking against rootlesskit 0.12, and Debian updated
+ NOTE: ahead of time
+CVE-2021-20198 (A flaw was found in the OpenShift Installer before version v0.9.0-mast ...)
+ NOT-FOR-US: OpenShift
+CVE-2021-20197 (There is an open race window when writing output in the following util ...)
+ [experimental] - binutils 2.35.50.20201209-1
+ - binutils 2.37-3 (unimportant)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26945
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=014cc7f849e8209623fc99264814bce7b3b6faf2
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1a1c3b4cc17687091cff5a368bd6f13742bcfdf8
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=365f5fb6d0f0da83817431a275e99e6f6babbe04
+ NOTE: binutils not covered by security support
+CVE-2021-20196 (A NULL pointer dereference flaw was found in the floppy disk emulator ...)
+ - qemu 1:6.2+dfsg-1 (bug #984453)
+ [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - qemu <postponed> (Fix along in future DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1919210
+ NOTE: https://bugs.launchpad.net/qemu/+bug/1912780
+ NOTE: https://gitlab.com/qemu-project/qemu/-/issues/338
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-01/msg05986.html
+ NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/1ab95af033a419e7a64e2d58e67dd96b20af5233 (v6.2.0-rc4)
+CVE-2021-20195 (A flaw was found in keycloak in versions before 13.0.0. A Self Stored ...)
+ NOT-FOR-US: Keycloak
+CVE-2021-20194 (There is a vulnerability in the linux kernel versions higher than 5.2 ...)
+ - linux 5.10.19-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1912683
+ NOTE: https://patchwork.kernel.org/project/netdevbpf/patch/20210122164232.61770-1-loris.reiff@liblor.ch/#23921223
+CVE-2021-20193 (A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw ...)
+ - tar 1.34+dfsg-1 (unimportant; bug #980525)
+ NOTE: https://savannah.gnu.org/bugs/?59897
+ NOTE: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
+ NOTE: Memory leak in CLI tool, no security impact
+CVE-2021-20192
+ RESERVED
+CVE-2021-20191 (A flaw was found in ansible. Credentials, such as secrets, are being d ...)
+ - ansible <unfixed> (bug #985753)
+ [bullseye] - ansible <no-dsa> (Minor issue)
+ [buster] - ansible <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1916813
+ NOTE: https://github.com/ansible-collections/cisco.nxos/pull/227
+ NOTE: https://github.com/ansible-collections/cisco.nxos/commit/120956963f47502151a358e4a7bc2a87f71813aa
+CVE-2021-20190 (A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishan ...)
+ {DLA-2638-1}
+ - jackson-databind 2.12.1-1
+ [buster] - jackson-databind 2.9.8-3+deb10u3
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2854
+ NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
+ NOTE: but still an issue when Default Typing is enabled.
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a
+CVE-2021-20189
+ REJECTED
+CVE-2021-20188 (A flaw was found in podman before 1.7.0. File permissions for non-root ...)
+ - libpod 2.0.2+dfsg1-3
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915734
+ NOTE: https://github.com/containers/podman/commit/2c7b579fe7328dc6db48bdaf60d0ddd9136b1e24
+ NOTE: https://github.com/containers/podman/commit/c8bd4746151e6ae37d49c4688f2f64e03db429fc
+ NOTE: Fixed as part of https://github.com/containers/podman/commit/dcf3c742b1ac4d641d66810113f3d17441a412f4 (v1.7.0-rc1)
+CVE-2021-20187 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...)
+ - moodle <removed>
+CVE-2021-20186 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...)
+ - moodle <removed>
+CVE-2021-20185 (It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 ...)
+ - moodle <removed>
+CVE-2021-20184 (It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a i ...)
+ - moodle <removed>
+CVE-2021-20183 (It was found in Moodle before version 3.10.1 that some search inputs w ...)
+ - moodle <removed>
+CVE-2021-20182 (A privilege escalation flaw was found in openshift4/ose-docker-builder ...)
+ NOT-FOR-US: OpenShift
+CVE-2021-20181 (A race condition flaw was found in the 9pfs server implementation of Q ...)
+ {DLA-2560-1}
+ - qemu 1:5.2+dfsg-4
+ [buster] - qemu <postponed> (Minor issue)
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305
+CVE-2021-20180
+ RESERVED
+ - ansible <unfixed> (bug #985753)
+ [bullseye] - ansible <no-dsa> (Minor issue)
+ [buster] - ansible <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1915808
+ NOTE: https://github.com/ansible-collections/community.general/pull/1635
+ NOTE: https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc
+CVE-2021-20179 (A flaw was found in pki-core. An attacker who has successfully comprom ...)
+ - dogtag-pki 10.10.2-2
+ NOTE: https://github.com/dogtagpki/pki/pull/3475
+CVE-2021-20178 (A flaw was found in ansible module where credentials are disclosed in ...)
+ - ansible <unfixed> (bug #985753)
+ [bullseye] - ansible <no-dsa> (Minor issue)
+ [buster] - ansible <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1914774
+ NOTE: https://github.com/ansible-collections/community.general/pull/1621
+ NOTE: https://github.com/ansible-collections/community.general/commit/3560aeb12f7061bf21d63ca0e1e19feb99c57de3
+CVE-2021-20177 (A flaw was found in the Linux kernel's implementation of string matchi ...)
+ {DSA-4843-1 DLA-2557-1}
+ - linux 5.5.13-1
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=209823
+ NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/1
+CVE-2021-20176 (A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 ...)
+ {DLA-2602-1}
+ - imagemagick 8:6.9.11.57+dfsg-1
+ [buster] - imagemagick <ignored> (Minor issue)
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/3077
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/90255f0834eead08d59f46b0bda7b1580451cc0f
+CVE-2021-20175 (Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure comm ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20174 (Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure comm ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20173 (Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20172 (All known versions of the Netgear Genie Installer for macOS contain a ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20171 (Netgear RAX43 version 1.0.3.96 stores sensitive information in plainte ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20170 (Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20169 (Netgear RAX43 version 1.0.3.96 does not utilize secure communications ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20168 (Netgear RAX43 version 1.0.3.96 does not have sufficient protections to ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20167 (Netgear RAX43 version 1.0.3.96 contains a command injection vulnerabil ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20166 (Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability ...)
+ NOT-FOR-US: Netgear
+CVE-2021-20165 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20164 (Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses creden ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20163 (Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the f ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20162 (Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plain ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20161 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient pr ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20160 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injectio ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20159 (Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command in ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20158 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20157 (It is possible for an unauthenticated, malicious user to force the dev ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20156 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20155 (Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded cred ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20154 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw i ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20153 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerab ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20152 (Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20151 (Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the sess ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20150 (Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses inform ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20149 (Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient ac ...)
+ NOT-FOR-US: Trendnet
+CVE-2021-20148 (ManageEngine ADSelfService Plus below build 6116 stores the password p ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-20147 (ManageEngine ADSelfService Plus below build 6116 contains an observabl ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-20146 (An unprotected ssh private key exists on the Gryphon devices which cou ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20145 (Gryphon Tower routers contain an unprotected openvpn configuration fil ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20144 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20143 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20142 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20141 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20140 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20139 (An unauthenticated command injection vulnerability exists in the param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20138 (An unauthenticated command injection vulnerability exists in multiple ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20137 (A reflected cross-site scripting vulnerability exists in the url param ...)
+ NOT-FOR-US: Gryphon Tower routers
+CVE-2021-20136 (ManageEngine Log360 Builds &lt; 5235 are affected by an improper acces ...)
+ NOT-FOR-US: ManageEngine
+CVE-2021-20135 (Nessus versions 8.15.2 and earlier were found to contain a local privi ...)
+ NOT-FOR-US: Nessus
+CVE-2021-20134 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...)
+ NOT-FOR-US: D-Link
+CVE-2021-20133 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...)
+ NOT-FOR-US: D-Link
+CVE-2021-20132 (Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B ...)
+ NOT-FOR-US: D-Link
+CVE-2021-20131 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...)
+ NOT-FOR-US: ManageEngine ADManager Plus
+CVE-2021-20130 (ManageEngine ADManager Plus Build 7111 contains a post-authentication ...)
+ NOT-FOR-US: ManageEngine ADManager Plus
+CVE-2021-20129 (An information disclosure vulnerability exists in Draytek VigorConnect ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20128 (The Profile Name field in the floor plan (Network Menu) page in Drayte ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20127 (An arbitrary file deletion vulnerability exists in the file delete fun ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20126 (Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protect ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20125 (An arbitrary file upload and directory traversal vulnerability exists ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20124 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20123 (A local file inclusion vulnerability exists in Draytek VigorConnect 1. ...)
+ NOT-FOR-US: Draytek
+CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...)
+ NOT-FOR-US: Telus Wi-Fi Hub
+CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...)
+ NOT-FOR-US: Telus Wi-Fi Hub
+CVE-2021-20120 (The administration web interface for the Arris Surfboard SB8200 lacks ...)
+ NOT-FOR-US: Arris Surfboard SB8200
+CVE-2021-20119 (The password change utility for the Arris SurfBoard SB8200 can have sa ...)
+ NOT-FOR-US: Arris SurfBoard SB8200
+CVE-2021-20118 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...)
+ NOT-FOR-US: Nessus Agent
+CVE-2021-20117 (Nessus Agent 8.3.0 and earlier was found to contain a local privilege ...)
+ NOT-FOR-US: Nessus Agent
+CVE-2021-20116 (A reflected cross-site scripting vulnerability exists in TCExam &lt;= ...)
+ NOT-FOR-US: TCExam
+CVE-2021-20115 (A reflected cross-site scripting vulnerability exists in TCExam &lt;= ...)
+ NOT-FOR-US: TCExam
+CVE-2021-20114 (When installed following the default/recommended settings, TCExam &lt; ...)
+ NOT-FOR-US: TCExam
+CVE-2021-20113 (An exposure of sensitive information vulnerability exists in TCExam &l ...)
+ NOT-FOR-US: TCExam
+CVE-2021-20112 (A stored cross-site scripting vulnerability exists in TCExam &lt;= 14. ...)
+ NOT-FOR-US: TCExam
+CVE-2021-20111 (A stored cross-site scripting vulnerability exists in TCExam &lt;= 14. ...)
+ NOT-FOR-US: TCExam
+CVE-2021-20110 (Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS ...)
+ NOT-FOR-US: Manage Engine Asset Explorer Agent
+CVE-2021-20109 (Due to the Asset Explorer agent not validating HTTPS certificates, an ...)
+ NOT-FOR-US: Asset Explorer agent
+CVE-2021-20108 (Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for inc ...)
+ NOT-FOR-US: Manage Engine Asset Explorer Agent
+CVE-2021-20107 (There exists an unauthenticated BLE Interface in Sloan SmartFaucets in ...)
+ NOT-FOR-US: Sloan
+CVE-2021-20106 (Nessus Agent versions 8.2.5 and earlier were found to contain a privil ...)
+ NOT-FOR-US: Nessus Agent
+CVE-2021-20105 (Machform prior to version 16 is vulnerable to an open redirect in Safa ...)
+ NOT-FOR-US: Machform
+CVE-2021-20104 (Machform prior to version 16 is vulnerable to unauthenticated remote c ...)
+ NOT-FOR-US: Machform
+CVE-2021-20103 (Machform prior to version 16 is vulnerable to stored cross-site script ...)
+ NOT-FOR-US: Machform
+CVE-2021-20102 (Machform prior to version 16 is vulnerable to cross-site request forge ...)
+ NOT-FOR-US: Machform
+CVE-2021-20101 (Machform prior to version 16 is vulnerable to HTTP host header injecti ...)
+ NOT-FOR-US: Machform
+CVE-2021-20100 (Nessus Agent 8.2.4 and earlier for Windows were found to contain multi ...)
+ NOT-FOR-US: Nessus Agent
+CVE-2021-20099 (Nessus Agent 8.2.4 and earlier for Windows were found to contain multi ...)
+ NOT-FOR-US: Nessus Agent
+CVE-2021-20098
+ RESERVED
+CVE-2021-20097
+ RESERVED
+CVE-2021-20096 (Cross-site request forgery in OpenOversight 0.6.4 allows a remote atta ...)
+ NOT-FOR-US: OpenOversight
+CVE-2021-20095
+ REJECTED
+CVE-2021-20094 (A denial of service vulnerability exists in Wibu-Systems CodeMeter ver ...)
+ NOT-FOR-US: Wibu-Systems CodeMeter
+CVE-2021-20093 (A buffer over-read vulnerability exists in Wibu-Systems CodeMeter vers ...)
+ NOT-FOR-US: Wibu-Systems CodeMeter
+CVE-2021-20092 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version &lt;= 1.0 ...)
+ NOT-FOR-US: Buffalo
+CVE-2021-20091 (The web interfaces of Buffalo WSR-2533DHPL2 firmware version &lt;= 1.0 ...)
+ NOT-FOR-US: Buffalo
+CVE-2021-20090 (A path traversal vulnerability in the web interfaces of Buffalo WSR-25 ...)
+ NOT-FOR-US: Buffalo
+CVE-2021-20089 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: purl javascript URL parser (different from src:purl)
+CVE-2021-20088 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: mootools-more
+CVE-2021-20087 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: jquery-deparam
+CVE-2021-20086 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: jquery-bbq
+CVE-2021-20085 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: backbone-query-parameters
+CVE-2021-20084 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: jquery-sparkle
+CVE-2021-20083 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+ NOT-FOR-US: jquery-plugin-query-object
+CVE-2021-20082
+ RESERVED
+CVE-2021-20081 (Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus ...)
+ NOT-FOR-US: ManageEngine ServiceDesk Plus
+CVE-2021-20080 (Insufficient output sanitization in ManageEngine ServiceDesk Plus befo ...)
+ NOT-FOR-US: ManageEngine ServiceDesk Plus
+CVE-2021-20079 (Nessus versions 8.13.2 and earlier were found to contain a privilege e ...)
+ NOT-FOR-US: Nessus
+CVE-2021-20078 (Manage Engine OpManager builds below 125346 are vulnerable to a remote ...)
+ NOT-FOR-US: Manage Engine OpManager
+CVE-2021-20077 (Nessus versions 8.13.2 and earlier were found to contain a privilege e ...)
+ NOT-FOR-US: Nessus Agent
+CVE-2021-20076 (Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were fou ...)
+ NOT-FOR-US: Tenable
+CVE-2021-20075 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for pr ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20074 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20073 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cr ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20072 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20071 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20070 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20069 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20068 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20067 (Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attack ...)
+ NOT-FOR-US: Racom's MIDGE Firmware
+CVE-2021-20066 (JSDom improperly allows the loading of local resources, which allows f ...)
+ NOTE: Disputed by upstream: https://github.com/jsdom/jsdom/issues/3124#issuecomment-783502951
+ NOTE: https://www.tenable.com/security/research/tra-2021-05
+ NOTE: https://github.com/jsdom/jsdom/issues/3124
+CVE-2021-20065
+ RESERVED
+CVE-2021-20064
+ RESERVED
+CVE-2021-20063
+ RESERVED
+CVE-2021-20062
+ RESERVED
+CVE-2021-20061
+ RESERVED
+CVE-2021-20060
+ RESERVED
+CVE-2021-20059
+ RESERVED
+CVE-2021-20058
+ RESERVED
+CVE-2021-20057
+ RESERVED
+CVE-2021-20056
+ RESERVED
+CVE-2021-20055
+ RESERVED
+CVE-2021-20054
+ RESERVED
+CVE-2021-20053
+ RESERVED
+CVE-2021-20052
+ RESERVED
+CVE-2021-20051
+ RESERVED
+CVE-2021-20050 (An Improper Access Control Vulnerability in the SMA100 series leads to ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20049 (A vulnerability in SonicWall SMA100 password change API allows a remot ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20048 (A Stack-based buffer overflow in the SonicOS SessionID HTTP response h ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20047 (SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and ear ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20046 (A Stack-based buffer overflow in the SonicOS HTTP Content-Length respo ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20045 (A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacN ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20044 (A post-authentication remote command injection vulnerability in SonicW ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20043 (A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBook ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20042 (An unauthenticated remote attacker can use SMA 100 as an unintended pr ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20041 (An unauthenticated and remote adversary can consume all of the device' ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20040 (A relative path traversal vulnerability in the SMA100 upload funtion a ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20039 (Improper neutralization of special elements in the SMA100 management i ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20038 (A Stack-based buffer overflow vulnerability in SMA100 Apache httpd ser ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20037 (SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incor ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20036
+ RESERVED
+CVE-2021-20035 (Improper neutralization of special elements in the SMA100 management i ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20034 (An improper access control vulnerability in SMA100 allows a remote una ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20033
+ RESERVED
+CVE-2021-20032 (SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Proto ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20031 (A Host Header Redirection vulnerability in SonicOS potentially allows ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20030
+ RESERVED
+CVE-2021-20029
+ RESERVED
+CVE-2021-20028 (** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Comma ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20027 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20026 (A vulnerability in the SonicWall NSM On-Prem product allows an authent ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20025 (SonicWall Email Security Virtual Appliance version 10.0.9 and earlier ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20024 (Multiple Out-of-Bound read vulnerability in SonicWall Switch when hand ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20023 (SonicWall Email Security version 10.0.9.x contains a vulnerability tha ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20022 (SonicWall Email Security version 10.0.9.x contains a vulnerability tha ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20021 (A vulnerability in the SonicWall Email Security version 10.0.9.x allow ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20020 (A command execution vulnerability in SonicWall GMS 9.3 allows a remote ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20019 (A vulnerability in SonicOS where the HTTP server response leaks partia ...)
+ NOT-FOR-US: SonicOS
+CVE-2021-20018 (A post-authenticated vulnerability in SonicWall SMA100 allows an attac ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20017 (A post-authenticated command injection vulnerability in SonicWall SMA1 ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20016 (A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product a ...)
+ NOT-FOR-US: SonicWall
+CVE-2021-20015
+ REJECTED
+CVE-2021-20014
+ REJECTED
+CVE-2021-20013
+ REJECTED
+CVE-2021-20012
+ REJECTED
+CVE-2021-20011
+ REJECTED
+CVE-2021-20010
+ REJECTED
+CVE-2021-20009
+ REJECTED
+CVE-2021-20008
+ REJECTED
+CVE-2021-20007
+ REJECTED
+CVE-2021-20006
+ REJECTED
+CVE-2021-20005
+ REJECTED
+CVE-2021-20004
+ REJECTED
+CVE-2021-20003
+ REJECTED
+CVE-2021-20002
+ REJECTED
+CVE-2021-20001 (It was discovered, that debian-edu-config, a set of configuration file ...)
+ {DSA-5072-1 DLA-2918-1}
+ - debian-edu-config 2.12.16
+ NOTE: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5
+CVE-2021-2485 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2484 (Vulnerability in the Oracle Operations Intelligence product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2483 (Vulnerability in the Oracle Content Manager product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2482 (Vulnerability in the Oracle Payables product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2481 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2480 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2479 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2478 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2477 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2476 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2475 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.28-dfsg-1
+CVE-2021-2474 (Vulnerability in the Oracle Web Analytics product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2473
+ RESERVED
+CVE-2021-2472
+ RESERVED
+CVE-2021-2471 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2470
+ RESERVED
+CVE-2021-2469
+ RESERVED
+CVE-2021-2468
+ RESERVED
+CVE-2021-2467
+ RESERVED
+CVE-2021-2466
+ RESERVED
+CVE-2021-2465
+ RESERVED
+CVE-2021-2464 (Vulnerability in Oracle Linux (component: OSwatcher). Supported versio ...)
+ NOT-FOR-US: Oracle Linux
+CVE-2021-2463 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2462 (Vulnerability in the Oracle Commerce Service Center product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2461 (Vulnerability in the Oracle Communications Interactive Session Recorde ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2460 (Vulnerability in the Oracle Application Express Data Reporter componen ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2459
+ RESERVED
+CVE-2021-2458 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2457 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2456 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2455 (Vulnerability in the PeopleSoft Enterprise HCM Shared Components produ ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2454 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.26-dfsg-1
+CVE-2021-2453 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2452 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2451 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2450 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2449 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2448 (Vulnerability in the Oracle Financial Services Crime and Compliance In ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2447 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2446 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2445 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2444 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2443 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.26-dfsg-1
+CVE-2021-2442 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.26-dfsg-1
+CVE-2021-2441 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2440 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2439 (Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (c ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2438 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2437 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2436 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2435 (Vulnerability in the Essbase Analytic Provider Services product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2434 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2433 (Vulnerability in the Essbase Analytic Provider Services product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2432 (Vulnerability in the Java SE product of Oracle Java SE (component: JND ...)
+ - openjdk-11 <not-affected> (Only affects Java 7)
+ - openjdk-8 <not-affected> (Only affects Java 7)
+CVE-2021-2431 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2430 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2429 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2428 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2427 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2426 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2425 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2424 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2423 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2422 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2421 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2420 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2419 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2418 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2417 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2416 (Vulnerability in the Oracle Communications Session Border Controller p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2415 (Vulnerability in the Oracle Time and Labor product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2414 (Vulnerability in the Oracle Communications Session Border Controller p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2413
+ RESERVED
+CVE-2021-2412 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2411 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-cluster <itp> (bug #833356)
+CVE-2021-2410 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2409 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.26-dfsg-1
+CVE-2021-2408 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of O ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2407 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2406 (Vulnerability in the Oracle Collaborative Planning product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2405 (Vulnerability in the Oracle Engineering product of Oracle E-Business S ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2404 (Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway produ ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2403 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2402 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2401 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2400 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2399 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2398 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2397 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2396 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2395 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2394 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2393 (Vulnerability in the Oracle E-Records product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2392 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2391 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2390 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2021-2389 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.12-1
+ [bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+ NOTE: Fixed in MariaDB 10.5.12, 10.3.31
+CVE-2021-2388 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-4946-1 DLA-2737-1}
+ - openjdk-11 11.0.12+7-1
+ - openjdk-8 8u302-b08-1
+CVE-2021-2387 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2386 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2385 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2021-2384 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2383 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2382 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2381 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2380 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2379
+ RESERVED
+CVE-2021-2378 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2377 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2376 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2375 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2374 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2373 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2372 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.12-1
+ [bullseye] - mariadb-10.5 1:10.5.12-0+deb11u1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.31-0+deb10u1
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+ NOTE: Fixed in MariaDB 10.5.12, 10.3.31
+CVE-2021-2371 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2370 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2369 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-4946-1 DLA-2737-1}
+ - openjdk-11 11.0.12+7-1
+ - openjdk-8 8u302-b08-1
+CVE-2021-2368 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM (componen ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2367 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2366 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2365 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2364 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2363 (Vulnerability in the Oracle Public Sector Financials (International) p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2362 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2361 (Vulnerability in the Oracle Advanced Inbound Telephony product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2360 (Vulnerability in the Oracle Approvals Management product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2359 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2358 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2357 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2356 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2021-2355 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2354 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2353 (Vulnerability in the Siebel Core - Server Framework product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2352 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2351 (Vulnerability in the Advanced Networking Option component of Oracle Da ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2350 (Vulnerability in the Hyperion Essbase Administration Services product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2349 (Vulnerability in the Hyperion Essbase Administration Services product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2348 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2347 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2346 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2345 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2344 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2343 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2342 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2021-2341 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
+ {DSA-4946-1 DLA-2737-1}
+ - openjdk-11 11.0.12+7-1
+ - openjdk-8 8u302-b08-1
+CVE-2021-2340 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2339 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2021-2338 (Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2337 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2336 (Vulnerability in the Oracle Database - Enterprise Edition Data Redacti ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2335 (Vulnerability in the Oracle Database - Enterprise Edition Data Redacti ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2334 (Vulnerability in the Oracle Database - Enterprise Edition Data Redacti ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2333 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2332 (Vulnerability in the Oracle LogMiner component of Oracle Database Serv ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2331
+ RESERVED
+CVE-2021-2330 (Vulnerability in the Core RDBMS component of Oracle Database Server. T ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2329 (Vulnerability in the Oracle XML DB component of Oracle Database Server ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2328 (Vulnerability in the Oracle Text component of Oracle Database Server. ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2327
+ RESERVED
+CVE-2021-2326 (Vulnerability in the Database Vault component of Oracle Database Serve ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2325
+ RESERVED
+CVE-2021-2324 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2323 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2322 (Vulnerability in OpenGrok (component: Web App). Versions that are affe ...)
+ NOT-FOR-US: OpenGrok
+CVE-2021-2321 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2320 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2319 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2318 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2317 (Vulnerability in the Oracle Cloud Infrastructure Storage Gateway produ ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2316 (Vulnerability in the Oracle HRMS (France) product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2315 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2314 (Vulnerability in the Oracle Application Object Library product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2313
+ RESERVED
+CVE-2021-2312 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2311 (Vulnerability in the Oracle Hospitality Inventory Management product o ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2310 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2309 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2308 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2307 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2306 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2305 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2304 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2303 (Vulnerability in the OSS Support Tools product of Oracle Support Tools ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2302 (Vulnerability in the Oracle Platform Security for Java product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2301 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2300 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2299 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2298 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2297 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2296 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2295 (Vulnerability in the Oracle Concurrent Processing product of Oracle E- ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2294 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2293 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2292 (Vulnerability in the Oracle Document Management and Collaboration prod ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2291 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2290 (Vulnerability in the Oracle Engineering product of Oracle E-Business S ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2289 (Vulnerability in the Oracle Product Hub product of Oracle E-Business S ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2288 (Vulnerability in the Oracle Bills of Material product of Oracle E-Busi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2287 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2286 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2285 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2284 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2283 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2282 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2281 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2280 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2279 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2278 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2277 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2276 (Vulnerability in the Oracle iSetup product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2275 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2274 (Vulnerability in the Oracle E-Business Tax product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2273 (Vulnerability in the Oracle Legal Entity Configurator product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2272 (Vulnerability in the Oracle Subledger Accounting product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2271 (Vulnerability in the Oracle Work in Process product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2270 (Vulnerability in the Oracle Site Hub product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2269 (Vulnerability in the Oracle Advanced Pricing product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2268 (Vulnerability in the Oracle Quoting product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2267 (Vulnerability in the Oracle Labor Distribution product of Oracle E-Bus ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2266 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2265
+ RESERVED
+CVE-2021-2264 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+ NOTE: https://www.openwall.com/lists/oss-security/2021/04/26/1
+CVE-2021-2263 (Vulnerability in the Oracle Sourcing product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2262 (Vulnerability in the Oracle Purchasing product of Oracle E-Business Su ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2261 (Vulnerability in the Oracle Lease and Finance Management product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2260 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2259 (Vulnerability in the Oracle Payables product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2258 (Vulnerability in the Oracle Projects product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2257 (Vulnerability in the Oracle Storage Cloud Software Appliance product o ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2256 (Vulnerability in the Oracle Storage Cloud Software Appliance product o ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2255 (Vulnerability in the Oracle Service Contracts product of Oracle E-Busi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2254 (Vulnerability in the Oracle Project Contracts product of Oracle E-Busi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2253 (Vulnerability in the Oracle Advanced Supply Chain Planning product of ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2252 (Vulnerability in the Oracle Loans product of Oracle E-Business Suite ( ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2251 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2250 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2249 (Vulnerability in the Oracle Landed Cost Management product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2248 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2247 (Vulnerability in the Oracle Advanced Collections product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2246 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2245 (Vulnerability in the Oracle Database - Enterprise Edition Unified Audi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2244 (Vulnerability in the Hyperion Analytic Provider Services product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2243
+ RESERVED
+CVE-2021-2242 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2241 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2240 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2239 (Vulnerability in the Oracle Time and Labor product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2238 (Vulnerability in the Oracle MES for Process Manufacturing product of O ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2237 (Vulnerability in the Oracle General Ledger product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2236 (Vulnerability in the Oracle Financials Common Modules product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2235 (Vulnerability in the Oracle Transportation Execution product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2234 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2233 (Vulnerability in the Oracle Enterprise Asset Management product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2232 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2231 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2230 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2229 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2228 (Vulnerability in the Oracle Incentive Compensation product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2227 (Vulnerability in the Oracle Cash Management product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2226 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2225 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2224 (Vulnerability in the Oracle Compensation Workbench product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2223 (Vulnerability in the Oracle Receivables product of Oracle E-Business S ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2222 (Vulnerability in the Oracle Bill Presentment Architecture product of O ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2221 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2220 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2219 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2218 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of O ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2217 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2216 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2215 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2214 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2213 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2212 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2211 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2210 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2209 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2208 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2207 (Vulnerability in the Oracle Database - Enterprise Edition component of ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2206 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2205 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2204 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2203 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2202 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2201 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2200 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2199 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2198 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2197 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2196 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2195 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2194 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.8-1
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.27-0+deb10u1
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+ NOTE: Fixed in MariaDB 10.5.7, 10.4.16, 10.3.26, 10.2.35
+CVE-2021-2193 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2192 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2191 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2190 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2189 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2188 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2187 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2186 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2185 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2184 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2183 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2182 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2181 (Vulnerability in the Oracle Document Management and Collaboration prod ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2180 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2179 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2178 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2177 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2176
+ RESERVED
+CVE-2021-2175 (Vulnerability in the Database Vault component of Oracle Database Serve ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2174 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2173 (Vulnerability in the Recovery component of Oracle Database Server. Sup ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2172 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2171 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2170 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2169 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2168
+ RESERVED
+CVE-2021-2167 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2166 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.10-1 (bug #988428)
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.29-0+deb10u1
+ - mysql-8.0 <unfixed> (bug #987325)
+ - mysql-5.7 <removed>
+ NOTE: Fixed in MariaDB 10.5.10, 10.4.19, 10.3.29, 10.2.38
+CVE-2021-2165
+ RESERVED
+CVE-2021-2164 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2163 (Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...)
+ {DSA-4899-1 DLA-2634-1}
+ - openjdk-17 17~19-1
+ - openjdk-11 11.0.11+9-1
+ - openjdk-8 8u292-b10-1
+ NOTE: OpenJDK-11: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c82c3d65c256
+ NOTE: OpenJDK-8: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/412d2b1381a4
+CVE-2021-2162 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2161 (Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...)
+ - openjdk-17 <not-affected> (Windows-specific)
+ - openjdk-11 <not-affected> (Windows-specific)
+ - openjdk-8 <not-affected> (Windows-specific)
+CVE-2021-2160 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed> (bug #987325)
+CVE-2021-2159 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2158 (Vulnerability in the Hyperion Financial Management product of Oracle H ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2157 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2156 (Vulnerability in the Oracle Customers Online product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2155 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2154 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.10-1 (bug #988428)
+ - mariadb-10.3 <removed>
+ [buster] - mariadb-10.3 1:10.3.29-0+deb10u1
+ - mysql-5.7 <removed>
+ NOTE: Fixed in MariaDB 10.5.10, 10.4.19, 10.3.29, 10.2.38
+CVE-2021-2153 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2152 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2151 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2150 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2149 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2148
+ RESERVED
+CVE-2021-2147 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2146 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+ - mysql-5.7 <removed>
+CVE-2021-2145 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.20-dfsg-1
+CVE-2021-2144 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #987325)
+ - mysql-5.7 <removed>
+CVE-2021-2143
+ RESERVED
+CVE-2021-2142 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2141 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2140 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2139
+ RESERVED
+CVE-2021-2138 (Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2137 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2136 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2135 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2134 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2133
+ RESERVED
+CVE-2021-2132
+ RESERVED
+CVE-2021-2131 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2130 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2129 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2128 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2127 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2126 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2125 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2124 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2123 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2122 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2121 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2120 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2119 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2118 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2117 (Vulnerability in the Oracle Application Express Survey Builder compone ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2116 (Vulnerability in the Oracle Application Express Opportunity Tracker co ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2115 (Vulnerability in the Oracle Common Applications Calendar product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2114 (Vulnerability in the Oracle Common Applications Calendar product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2113 (Vulnerability in the Oracle Financial Services Revenue Management and ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2112 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2111 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2110 (Vulnerability in the Oracle Argus Safety product of Oracle Health Scie ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2109 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2108 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2107 (Vulnerability in the Oracle Customer Interaction History product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2106 (Vulnerability in the Oracle Customer Interaction History product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2105 (Vulnerability in the Oracle Customer Interaction History product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2104 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2103 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2102 (Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2101 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2100 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2099 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2098 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2097 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2096 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2095
+ RESERVED
+CVE-2021-2094 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2093 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2092 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2091 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2090 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2089 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2088 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2087 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2086 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2085 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2084 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2083 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2082 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2081 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2080 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2079 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2078 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2077 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2076 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2075 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2074 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2073 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.18-dfsg-1
+CVE-2021-2072 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2071 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2070 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2069 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2068 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2067 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2066 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2065 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2064 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2063 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2062 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2061 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2060 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2059 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2058 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2057 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2056 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2055 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1
+CVE-2021-2054 (Vulnerability in the RDBMS Sharding component of Oracle Database Serve ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2053 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2052 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2051 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2050 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2049 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2048 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2047 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2046 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2045 (Vulnerability in the Oracle Text component of Oracle Database Server. ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2044 (Vulnerability in the PeopleSoft Enterprise FIN Payables product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2043 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2042 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1
+CVE-2021-2041 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2040 (Vulnerability in the Oracle Argus Safety product of Oracle Health Scie ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2039 (Vulnerability in the Siebel Core - Server Framework product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2038 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2037
+ RESERVED
+CVE-2021-2036 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2035 (Vulnerability in the RDBMS Scheduler component of Oracle Database Serv ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2034 (Vulnerability in the Oracle Common Applications Calendar product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2033 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2032 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2031 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2030 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1
+CVE-2021-2029 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2028 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.22-1
+CVE-2021-2027 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2026 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2025 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2024 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2023 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2022 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mariadb-10.5 1:10.5.5-1
+ - mariadb-10.3 1:10.3.24-1
+ [buster] - mariadb-10.3 1:10.3.25-0+deb10u1
+ - mariadb-10.1 <removed>
+ [stretch] - mariadb-10.1 10.1.47-0+deb9u1
+ - mysql-8.0 8.0.23-1 (bug #980795)
+ - mysql-5.7 <removed> (bug #981194)
+ NOTE: Fixed in MariaDB 10.5.5, 10.4.14, 10.3.24, 10.2.33, 10.1.46
+CVE-2021-2021 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2020 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.21-1
+CVE-2021-2019 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <not-affected> (Fixed before initial upload)
+CVE-2021-2018 (Vulnerability in the Advanced Networking Option component of Oracle Da ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2017 (Vulnerability in the Oracle User Management product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2016 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <not-affected> (Fixed before initial upload)
+CVE-2021-2015 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2014 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2013 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2012 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.21-1
+CVE-2021-2011 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2010 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2009 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <not-affected> (Fixed before initial upload)
+CVE-2021-2008 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2007 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ - mysql-8.0 <not-affected> (Fixed before initial upload)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2006 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.21-1
+CVE-2021-2005 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2004 (Vulnerability in the Siebel Core - Server BizLogic Script product of O ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2003 (Vulnerability in the Business Intelligence Enterprise Edition product ...)
+ NOT-FOR-US: Oracle
+CVE-2021-2002 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-2001 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <not-affected> (Fixed before initial upload)
+ - mysql-5.7 <removed> (bug #981194)
+CVE-2021-2000 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1999 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1998 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 8.0.23-1 (bug #980795)
+CVE-2021-1997 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1996 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1995 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1994 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1993 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2021-1992
+ RESERVED
+CVE-2021-1991
+ RESERVED
+CVE-2021-1990
+ RESERVED
+CVE-2021-1989
+ RESERVED
+CVE-2021-1988
+ RESERVED
+CVE-2021-1987
+ RESERVED
+CVE-2021-1986
+ RESERVED
+CVE-2021-1985 (Possible buffer over read due to lack of data length check in QVR Serv ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1984 (Possible buffer overflow due to improper validation of index value whi ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1983 (Possible buffer overflow due to improper handling of negative data len ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1982 (Possible denial of service scenario due to improper input validation o ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1981 (Possible buffer over read due to improper IE size check of Bearer capa ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1980 (Possible buffer over read due to lack of length check while parsing be ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1979 (Possible buffer overflow due to improper validation of FTM command pay ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1978
+ RESERVED
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1977 (Possible buffer over read due to improper validation of frame length w ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1976 (A use after free can occur due to improper validation of P2P device ad ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1975 (Possible heap overflow due to improper length check of domain while pa ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1974 (Possible buffer over read due to lack of alignment between map or unma ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1973 (A FTM Diag command can allow an arbitrary write into modem OS space in ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1972 (Possible buffer overflow due to improper validation of device types du ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1971 (Possible assertion due to lack of physical layer state validation in S ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1970 (Possible out of bound read due to lack of length check of FT sub-eleme ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1969 (Improper validation of kernel buffer address while copying information ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1968 (Improper validation of kernel buffer address while copying information ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1967 (Possible stack buffer overflow due to lack of check on the maximum num ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1966 (Possible buffer overflow due to lack of length check of source and des ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1965 (Possible buffer overflow due to lack of parameter length check during ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1964 (Possible buffer over read due to improper validation of IE size while ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1963 (Possible use-after-free due to lack of validation for the rule count i ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1962 (Buffer Overflow while processing IOCTL for getting peripheral endpoint ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1961 (Possible buffer overflow due to lack of offset length check while upda ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1960 (Improper handling of ASB-C broadcast packets with crafted opcode in LM ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1959 (Possible memory corruption due to lack of bound check of input index i ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1958 (A race condition in fastrpc kernel driver for dynamic process creation ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1957 (Improper Access Control when ACL link encryption is failed and ACL lin ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1956 (Improper handling of ASB-U packet with L2CAP channel ID by slave host ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1955 (Denial of service in SAP case due to improper handling of connections ...)
+ NOT-FOR-US: SAP
+CVE-2021-1954 (Possible buffer over read due to improper validation of data pointer w ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1953 (Improper handling of received malformed FTMR request frame can lead to ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1952 (Possible buffer over read occurs due to lack of length check of reques ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1951
+ RESERVED
+CVE-2021-1950
+ RESERVED
+CVE-2021-1949 (Possible integer overflow due to improper check of batch count value w ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1948 (Possible out of bound read due to lack of length check of data while p ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1947 (Use-after-free vulnerability in kernel graphics driver because of stor ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1946 (Null Pointer Dereference may occur due to improper validation while pr ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1945 (Possible out of bound read due to lack of length check of Bandwidth-NS ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1944
+ RESERVED
+CVE-2021-1943 (Possible buffer out of bound read can occur due to improper validation ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1942
+ RESERVED
+CVE-2021-1941 (Possible buffer over read issue due to improper length check on WPA IE ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1940 (Use after free can occur due to improper handling of response from fir ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1939 (Null pointer dereference occurs due to improper validation when the pr ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1938 (Possible assertion due to improper verification while creating and del ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1937 (Reachable assertion is possible while processing peer association WLAN ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1936 (Null pointer dereference can occur due to lack of null check for user ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1935 (Possible null pointer dereference due to lack of validation check for ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1934 (Possible memory corruption due to improper check when application load ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1933 (UE assertion is possible due to improper validation of invite message ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1932 (Improper access control in trusted application environment can cause u ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1931 (Possible buffer overflow due to improper validation of buffer length w ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1930 (Possible out of bounds read due to incorrect validation of incoming bu ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1929 (Lack of strict validation of bootmode can lead to information disclosu ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1928 (Buffer over read could occur due to incorrect check of buffer size whi ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1927 (Possible use after free due to lack of null check while memory is bein ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1926
+ RESERVED
+CVE-2021-1925 (Possible denial of service scenario due to improper handling of group ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1924 (Information disclosure through timing and power side-channels during m ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1923 (Incorrect pointer argument passed to trusted application TA could resu ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1922
+ RESERVED
+CVE-2021-1921 (Possible memory corruption due to Improper handling of hypervisor unma ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1920 (Integer underflow can occur due to improper handling of incoming RTCP ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1919 (Integer underflow can occur when the RTCP length is lesser than than t ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1918 (Improper handling of resource allocation in virtual machines can lead ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1917 (Null pointer dereference can occur due to memory allocation failure in ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1916 (Possible buffer underflow due to lack of check for negative indices va ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1915 (Buffer overflow can occur due to improper validation of NDP applicatio ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1914 (Loop with unreachable exit condition may occur due to improper handlin ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1913 (Possible integer overflow due to improper length check while updating ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1912 (Possible integer overflow can occur due to improper length check while ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1911
+ RESERVED
+CVE-2021-1910 (Double free in video due to lack of input buffer length check in Snapd ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1909 (Buffer overflow occurs in trusted applications due to lack of length c ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1908
+ RESERVED
+CVE-2021-1907 (Possible buffer overflow due to lack of length check in BA request in ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1906 (Improper handling of address deregistration on failure can lead to new ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1905 (Possible use after free due to improper handling of memory mapping of ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1904 (Child process can leak information from parent process due to numeric ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1903 (Possible denial of service scenario can occur due to lack of length ch ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1902
+ RESERVED
+CVE-2021-1901 (Possible buffer over-read due to lack of length check while flashing m ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1900 (Possible use after free in Display due to race condition while creatin ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1899 (Possible buffer over read due to lack of length check while flashing m ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1898 (Possible buffer over-read due to incorrect overflow check when loading ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1897 (Possible Buffer Over-read due to lack of validation of boundary checks ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1896 (Weak configuration in WLAN could cause forwarding of unencrypted packe ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1895 (Possible integer overflow due to improper length check while flashing ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1894 (Improper access control in TrustZone due to improper error handling wh ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1893
+ RESERVED
+CVE-2021-1892 (Memory corruption due to improper input validation while processing IO ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1891 (A possible use-after-free occurrence in audio driver can happen when p ...)
+ NOT-FOR-US: Qualcomm components for Android
+CVE-2021-1890 (Improper length check of public exponent in RSA import key function co ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1889 (Possible buffer overflow due to lack of length check in Trusted Applic ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1888 (Memory corruption in key parsing and import function due to double fre ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1887 (An assertion can be reached in the WLAN subsystem while using the Wi-F ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1886 (Incorrect handling of pointers in trusted application key import mecha ...)
+ NOT-FOR-US: Snapdragon
+CVE-2021-1885 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1884 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1883 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1882 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1881 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1880 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1879 (This issue was addressed by improved management of object lifetimes. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1878 (An integer overflow was addressed with improved input validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1877 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1876 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-1875 (A double free issue was addressed with improved memory management. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1874 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1873 (An API issue in Accessibility TCC permissions was addressed with impro ...)
+ NOT-FOR-US: Apple
+CVE-2021-1872 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1871 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4923-1}
+ - webkit2gtk 2.32.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.0-2
+ NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
+CVE-2021-1870 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2021-1869
+ RESERVED
+CVE-2021-1868 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1867 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1866
+ RESERVED
+CVE-2021-1865 (An issue obscuring passwords in screenshots was addressed with improve ...)
+ NOT-FOR-US: Apple
+CVE-2021-1864 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-1863 (An issue existed with authenticating the action triggered by an NFC ta ...)
+ NOT-FOR-US: Apple
+CVE-2021-1862 (Description: A person with physical access may be able to access conta ...)
+ NOT-FOR-US: Apple
+CVE-2021-1861 (An issue existed in determining cache occupancy. The issue was address ...)
+ NOT-FOR-US: Apple
+CVE-2021-1860 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
+CVE-2021-1859 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1858 (Processing a maliciously crafted image may lead to arbitrary code exec ...)
+ NOT-FOR-US: Apple
+CVE-2021-1857 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
+CVE-2021-1856
+ RESERVED
+CVE-2021-1855 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1854 (A call termination issue with was addressed with improved logic. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1853 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1852 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1851 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1850
+ RESERVED
+CVE-2021-1849 (An issue in code signature validation was addressed with improved chec ...)
+ NOT-FOR-US: Apple
+CVE-2021-1848 (The issue was addressed with improved UI handling. This issue is fixed ...)
+ NOT-FOR-US: Apple
+CVE-2021-1847 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1846 (Processing a maliciously crafted audio file may disclose restricted me ...)
+ NOT-FOR-US: Apple
+CVE-2021-1845
+ RESERVED
+CVE-2021-1844 (A memory corruption issue was addressed with improved validation. This ...)
+ {DSA-4923-1}
+ - webkit2gtk 2.32.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.0-2
+ NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
+CVE-2021-1843 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1842
+ RESERVED
+CVE-2021-1841 (A malicious application may be able to execute arbitrary code with ker ...)
+ NOT-FOR-US: Apple
+CVE-2021-1840 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1839 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1838 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1837 (A certificate validation issue was addressed. This issue is fixed in i ...)
+ NOT-FOR-US: Apple
+CVE-2021-1836 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1835 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1834 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-1833 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1832 (Copied files may not have the expected file permissions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1831 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1830 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1829 (A type confusion issue was addressed with improved state handling. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1828 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1827
+ RESERVED
+CVE-2021-1826 (A logic issue was addressed with improved restrictions. This issue is ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-1825 (An input validation issue was addressed with improved input validation ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-1824 (This issue was addressed with improved entitlements. This issue is fix ...)
+ NOT-FOR-US: Apple
+CVE-2021-1823
+ RESERVED
+CVE-2021-1822 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1821 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1820 (A memory initialization issue was addressed with improved memory handl ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-1819
+ RESERVED
+CVE-2021-1818 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1817 (A memory corruption issue was addressed with improved state management ...)
+ {DSA-4797-1}
+ - webkit2gtk 2.30.1-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.0-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0004.html
+CVE-2021-1816 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1815 (A parsing issue in the handling of directory paths was addressed with ...)
+ NOT-FOR-US: Apple
+CVE-2021-1814 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1813 (A validation issue was addressed with improved logic. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1812 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1811 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1810 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1809 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1808 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
+CVE-2021-1807 (A validation issue was addressed with improved input sanitization. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1806 (A race condition was addressed with additional validation. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1805 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1804
+ RESERVED
+CVE-2021-1803 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1802 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1801 (This issue was addressed with improved iframe sandbox enforcement. Thi ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2021-1800 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2021-1799 (A port redirection issue was addressed with additional port validation ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2021-1798
+ RESERVED
+CVE-2021-1797 (The issue was addressed with improved permissions logic. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1796 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1795 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1794 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1793 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1792 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1791 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
+ NOT-FOR-US: Apple
+CVE-2021-1790 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1789 (A type confusion issue was addressed with improved state handling. Thi ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2021-1788 (A use after free issue was addressed with improved memory management. ...)
+ {DSA-4923-1}
+ - webkit2gtk 2.32.0-2
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.32.0-2
+ NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
+CVE-2021-1787 (Multiple issues were addressed with improved logic. This issue is fixe ...)
+ NOT-FOR-US: Apple
+CVE-2021-1786 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1785 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1784 (A permissions issue existed in DiskArbitration. This was addressed wit ...)
+ NOT-FOR-US: Apple
+CVE-2021-1783 (An access issue was addressed with improved memory management. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1782 (A race condition was addressed with improved locking. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1781 (A privacy issue existed in the handling of Contact cards. This was add ...)
+ NOT-FOR-US: Apple
+CVE-2021-1780 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
+CVE-2021-1779 (A logic error in kext loading was addressed with improved state handli ...)
+ NOT-FOR-US: Apple
+CVE-2021-1778 (An out-of-bounds read issue existed in the curl. This issue was addres ...)
+ NOT-FOR-US: Apple
+CVE-2021-1777 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1776 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2021-1775 (This issue was addressed by removing the vulnerable code. This issue i ...)
+ NOT-FOR-US: Apple
+CVE-2021-1774 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1773 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1772 (A stack overflow was addressed with improved input validation. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1771 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1770 (A buffer overflow may result in arbitrary code execution. This issue i ...)
+ NOT-FOR-US: Apple
+CVE-2021-1769 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1768 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1767 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1766 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1765 (This issue was addressed with improved iframe sandbox enforcement. Thi ...)
+ {DSA-4877-1}
+ - webkit2gtk 2.30.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.30.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
+CVE-2021-1764 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Apple
+CVE-2021-1763 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2021-1762 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1761 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1760 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2021-1759 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1758 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1757 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1756 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1755 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1754 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1753 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1752
+ RESERVED
+CVE-2021-1751 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2021-1750 (Multiple issues were addressed with improved logic. This issue is fixe ...)
+ NOT-FOR-US: Apple
+CVE-2021-1749
+ RESERVED
+CVE-2021-1748 (A validation issue was addressed with improved input sanitization. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1747 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1746 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1745 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1744 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1743 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1742 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2021-1741 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2021-1740 (A parsing issue in the handling of directory paths was addressed with ...)
+ NOT-FOR-US: Apple
+CVE-2021-1739 (A parsing issue in the handling of directory paths was addressed with ...)
+ NOT-FOR-US: Apple
+CVE-2021-1738 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1737 (An out-of-bounds write was addressed with improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2021-1736 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2021-1735
+ RESERVED
+CVE-2021-1734 (Windows Remote Procedure Call Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1733 (Sysinternals PsExec Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1732 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1731 (PFX Encryption Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1730 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1729 (Windows Update Stack Setup Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1728 (System Center Operations Manager Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1727 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1726 (Microsoft SharePoint Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1725 (Bot Framework SDK Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Bot Framework SDK
+CVE-2021-1724 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1723 (ASP.NET Core and Visual Studio Denial of Service Vulnerability ...)
+ NOT-FOR-US: ASP.NET Core and Visual Studio
+CVE-2021-1722 (Windows Fax Service Remote Code Execution Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1721 (.NET Core and Visual Studio Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft .NET
+CVE-2021-1720
+ RESERVED
+CVE-2021-1719 (Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1718 (Microsoft SharePoint Server Tampering Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1717 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1716 (Microsoft Word Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1715 (Microsoft Word Remote Code Execution Vulnerability This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1714 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1713 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1712 (Microsoft SharePoint Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1711 (Microsoft Office Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1710 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1709 (Windows Win32k Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1708 (Windows GDI+ Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1707 (Microsoft SharePoint Server Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1706 (Windows LUAFV Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1705 (Microsoft Edge (HTML-based) Memory Corruption Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1704 (Windows Hyper-V Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1703 (Windows Event Logging Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1702 (Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1701 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1700 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1699 (Windows (modem.sys) Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1698 (Windows Win32k Elevation of Privilege Vulnerability This CVE ID is uni ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1697 (Windows InstallService Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1696 (Windows Graphics Component Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1695 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1694 (Windows Update Stack Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1693 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1692 (Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1691 (Hyper-V Denial of Service Vulnerability This CVE ID is unique from CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1690 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1689 (Windows Multipoint Management Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1688 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1687 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1686 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1685 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1684 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1683 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1682 (Windows Kernel Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1681 (Windows WalletService Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1680 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1679 (Windows CryptoAPI Denial of Service Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1678 (NTLM Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1677 (Azure Active Directory Pod Identity Spoofing Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1676 (Windows NT Lan Manager Datagram Receiver Driver Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1675 (Windows Print Spooler Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1674 (Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1673 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1672 (Windows Projected File System FS Filter Driver Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1671 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1670 (Windows Projected File System FS Filter Driver Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1669 (Windows Remote Desktop Security Feature Bypass Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1668 (Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1667 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1666 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1665 (GDI+ Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1664 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1663 (Windows Projected File System FS Filter Driver Information Disclosure ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1662 (Windows Event Tracing Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1661 (Windows Installer Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1660 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1659 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1658 (Remote Procedure Call Runtime Remote Code Execution Vulnerability This ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1657 (Windows Fax Compose Form Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1656 (TPM Device Driver Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1655 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1654 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1653 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1652 (Windows CSC Service Elevation of Privilege Vulnerability This CVE ID i ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1651 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1650 (Windows Runtime C++ Template Library Elevation of Privilege Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1649 (Active Template Library Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1648 (Microsoft splwow64 Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1647 (Microsoft Defender Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1646 (Windows WLAN Service Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1645 (Windows Docker Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1644 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1643 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1642 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1641 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1640 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1639 (Visual Studio Code Remote Code Execution Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1638 (Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1637 (Windows DNS Query Information Disclosure Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1636 (Microsoft SQL Elevation of Privilege Vulnerability ...)
+ NOT-FOR-US: Microsoft
+CVE-2021-1635
+ RESERVED
+CVE-2021-1634
+ RESERVED
+CVE-2021-1633
+ RESERVED
+CVE-2021-1632
+ RESERVED
+CVE-2021-1631
+ RESERVED
+CVE-2021-1630 (XML external entity (XXE) vulnerability affecting certain versions of ...)
+ NOT-FOR-US: Salesforce
+CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded in ema ...)
+ NOT-FOR-US: Tableau Server
+CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability affecti ...)
+ NOT-FOR-US: Tableau Server
+CVE-2021-1627 (MuleSoft is aware of a Server Side Request Forgery vulnerability affec ...)
+ NOT-FOR-US: MuleSoft
+CVE-2021-1626 (MuleSoft is aware of a Remote Code Execution vulnerability affecting c ...)
+ NOT-FOR-US: MuleSoft
+CVE-2021-1625 (A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1624 (A vulnerability in the Rate Limiting Network Address Translation (NAT) ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1623 (A vulnerability in the Simple Network Management Protocol (SNMP) punt ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1622 (A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1621 (A vulnerability in the Layer 2 punt code of Cisco IOS XE Software coul ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1620 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1619 (A vulnerability in the authentication, authorization, and accounting ( ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1618 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1617 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1616 (A vulnerability in the H.323 application level gateway (ALG) used by t ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1615 (A vulnerability in the packet processing functionality of Cisco Embedd ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1614 (A vulnerability in the Multiprotocol Label Switching (MPLS) packet han ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1613
+ RESERVED
+CVE-2021-1612 (A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1611 (A vulnerability in Ethernet over GRE (EoGRE) packet processing of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1610 (Multiple vulnerabilities in the web-based management interface of the ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1609 (Multiple vulnerabilities in the web-based management interface of the ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1608
+ RESERVED
+CVE-2021-1607 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1606 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1605 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1604 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1603 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1602 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1601 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance could a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1600 (Multiple vulnerabilities in Cisco Intersight Virtual Appliance could a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1599 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1598 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1597 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1596 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1595 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) i ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1594 (A vulnerability in the REST API of Cisco Identity Services Engine (ISE ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1593 (A vulnerability in Cisco Packet Tracer for Windows could allow an auth ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1592 (A vulnerability in the way Cisco UCS Manager software handles SSH sess ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1591 (A vulnerability in the EtherChannel port subscription logic of Cisco N ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1590 (A vulnerability in the implementation of the system login block-for co ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1589 (A vulnerability in the disaster recovery feature of Cisco SD-WAN vMana ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1588 (A vulnerability in the MPLS Operation, Administration, and Maintenance ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1587 (A vulnerability in the VXLAN Operation, Administration, and Maintenanc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1586 (A vulnerability in the Multi-Pod or Multi-Site network configurations ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1585 (A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1584 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1583 (A vulnerability in the fabric infrastructure file system access contro ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1582 (A vulnerability in the web UI of Cisco Application Policy Infrastructu ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1581 (Multiple vulnerabilities in the web UI and API endpoints of Cisco Appl ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1580 (Multiple vulnerabilities in the web UI and API endpoints of Cisco Appl ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1579 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1578 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1577 (A vulnerability in an API endpoint of Cisco Application Policy Infrast ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1576 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1575 (A vulnerability in the web-based management interface of Cisco Virtual ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1574 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1573 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1572 (A vulnerability in ConfD could allow an authenticated, local attacker ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1571 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1570 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1569 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1568 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1567 (A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secur ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1566 (A vulnerability in the Cisco Advanced Malware Protection (AMP) for End ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1565 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1564 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1563 (Multiple vulnerabilities in the implementation of the Cisco Discovery ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1562 (A vulnerability in the XSI-Actions interface of Cisco BroadWorks Appli ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1561 (A vulnerability in the spam quarantine feature of Cisco Secure Email a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1560 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1559 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1558 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1557 (Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1556
+ RESERVED
+CVE-2021-1555 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1554 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1553 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1552 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1551 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1550 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1549 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1548 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1547 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1546 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1545
+ RESERVED
+CVE-2021-1544 (A vulnerability in logging mechanisms of Cisco Webex Meetings client s ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1543 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1542 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1541 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1540 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1539 (Multiple vulnerabilities in the authorization process of Cisco ASR 500 ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1538 (A vulnerability in the configuration dashboard of Cisco Common Service ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1537 (A vulnerability in the installer software of Cisco ThousandEyes Record ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1536 (A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1535 (A vulnerability in the cluster management interface of Cisco SD-WAN vM ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1534 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1533
+ RESERVED
+CVE-2021-1532 (A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1531 (A vulnerability in the web UI of Cisco Modeling Labs could allow an au ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1530 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1529 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1528 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1527 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1526 (A vulnerability in Cisco Webex Player for Windows and MacOS could allo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1525 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1524 (A vulnerability in the API of Cisco Meeting Server could allow an auth ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1523 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1522 (A vulnerability in the change password API of Cisco Connected Mobile E ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1521 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1520 (A vulnerability in the internal message processing of Cisco RV340, RV3 ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1519 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1518 (A vulnerability in the REST API of Cisco Firepower Device Manager (FDM ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1517 (A vulnerability in the multimedia viewer feature of Cisco Webex Meetin ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1516 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1515 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1514 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1513 (A vulnerability in the vDaemon process of Cisco SD-WAN Software could ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1512 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1511 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1510 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1509 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1508 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1507 (A vulnerability in an API of Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1506 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1505 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1504 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1503 (A vulnerability in Cisco Webex Network Recording Player for Windows an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1502 (A vulnerability in Cisco Webex Network Recording Player for Windows an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1501 (A vulnerability in the SIP inspection engine of Cisco Adaptive Securit ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1500 (A vulnerability in the web-based management interface of Cisco Webex V ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1499 (A vulnerability in the web-based management interface of Cisco HyperFl ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1498 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1497 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1496 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1495 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1494
+ RESERVED
+CVE-2021-1493 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...)
+ NOT-FOR-US: Duo Authentication Proxy
+CVE-2021-1491
+ RESERVED
+CVE-2021-1490 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1489 (A vulnerability in filesystem usage management for Cisco Firepower Dev ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1488 (A vulnerability in the upgrade process of Cisco Adaptive Security Appl ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1487 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1486 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1485 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1484
+ RESERVED
+CVE-2021-1483
+ RESERVED
+CVE-2021-1482
+ RESERVED
+CVE-2021-1481
+ RESERVED
+CVE-2021-1480 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1479 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1478 (A vulnerability in the Java Management Extensions (JMX) component of C ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1477 (A vulnerability in an access control mechanism of Cisco Firepower Mana ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1476 (A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1475 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1474 (Multiple vulnerabilities in the Admin audit log export feature and Sch ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1473 (Multiple vulnerabilities exist in the web-based management interface o ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1472 (Multiple vulnerabilities exist in the web-based management interface o ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1471 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1470
+ RESERVED
+CVE-2021-1469 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1468 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1467 (A vulnerability in Cisco Webex Meetings for Android could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1466
+ RESERVED
+CVE-2021-1465
+ RESERVED
+CVE-2021-1464
+ RESERVED
+CVE-2021-1463 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1462
+ RESERVED
+CVE-2021-1461
+ RESERVED
+CVE-2021-1460 (A vulnerability in the Cisco IOx Application Framework of Cisco 809 In ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1459 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1458 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1457 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1456 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1455 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1454 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1453 (A vulnerability in the software image verification functionality of Ci ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1452 (A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software f ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1451 (A vulnerability in the Easy Virtual Switching System (VSS) feature of ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1450 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1449 (A vulnerability in the boot logic of Cisco Access Points Software coul ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1448 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1447 (A vulnerability in the user account management system of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1446 (A vulnerability in the DNS application layer gateway (ALG) functionali ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1445 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1444
+ RESERVED
+CVE-2021-1443 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1442 (A vulnerability in a diagnostic command for the Plug-and-Play (PnP) su ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1441 (A vulnerability in the hardware initialization routines of Cisco IOS X ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1440
+ RESERVED
+CVE-2021-1439 (A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco A ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1438 (A vulnerability in Cisco Wide Area Application Services (WAAS) Softwar ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1437 (A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Se ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1436 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1435 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1434 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1433 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1432 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1431 (A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1430 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1429 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1428 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1427 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1426 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1425
+ RESERVED
+CVE-2021-1424
+ RESERVED
+CVE-2021-1423 (A vulnerability in the implementation of a CLI command in Cisco Airone ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1422 (A vulnerability in the software cryptography module of Cisco Adaptive ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1421 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1420 (A vulnerability in certain web pages of Cisco Webex Meetings could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1419 (A vulnerability in the SSH management feature of multiple Cisco Access ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1418 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1417 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1416 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1415 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1414 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1413 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1412 (Multiple vulnerabilities in the Admin portal of Cisco Identity Service ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1411 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1410
+ RESERVED
+CVE-2021-1409 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1408 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1407 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1406 (A vulnerability in Cisco Unified Communications Manager (Unified CM) a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1405 (A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) ...)
+ {DLA-2626-1}
+ - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790)
+ [buster] - clamav 0.103.2+dfsg-0+deb10u1
+ NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
+CVE-2021-1404 (A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) S ...)
+ - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790)
+ [buster] - clamav <not-affected> (Affects only 0.103.0 and 0.103.1)
+ [stretch] - clamav <not-affected> (Affects only 0.103.0 and 0.103.1)
+ NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
+CVE-2021-1403 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1402 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1401 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1400 (Multiple vulnerabilities in the web-based management interface of cert ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1399 (A vulnerability in the Self Care Portal of Cisco Unified Communication ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1398 (A vulnerability in the boot logic of Cisco IOS XE Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1397 (A vulnerability in the web-based management interface of Cisco Integra ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1396 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1395 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1394 (A vulnerability in the ingress traffic manager of Cisco IOS XE Softwar ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1393 (Multiple vulnerabilities in Cisco Application Services Engine could al ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1392 (A vulnerability in the CLI command permissions of Cisco IOS and Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1391 (A vulnerability in the dragonite debugger of Cisco IOS XE Software cou ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1390 (A vulnerability in one of the diagnostic test CLI commands of Cisco IO ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1389 (A vulnerability in the IPv6 traffic processing of Cisco IOS XR Softwar ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1388 (A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrato ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1387 (A vulnerability in the network stack of Cisco NX-OS Software could all ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1386 (A vulnerability in the dynamic link library (DLL) loading mechanism in ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1385 (A vulnerability in the Cisco IOx application hosting environment of mu ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1384 (A vulnerability in Cisco IOx application hosting environment of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1383 (Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software co ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1382 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1381 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1380 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1379
+ RESERVED
+CVE-2021-1378 (A vulnerability in the SSH service of the Cisco StarOS operating syste ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1377 (A vulnerability in Address Resolution Protocol (ARP) management of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1376 (Multiple vulnerabilities in the fast reload feature of Cisco IOS XE So ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1375 (Multiple vulnerabilities in the fast reload feature of Cisco IOS XE So ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1374 (A vulnerability in the web-based management interface of Cisco IOS XE ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1373 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1372 (A vulnerability in Cisco Webex Meetings Desktop App and Webex Producti ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1371 (A vulnerability in the role-based access control of Cisco IOS XE SD-WA ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1370 (A vulnerability in a CLI command of Cisco IOS XR Software for the Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1369 (A vulnerability in the REST API of Cisco Firepower Device Manager (FDM ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1368 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1367 (A vulnerability in the Protocol Independent Multicast (PIM) feature of ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1366 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1365 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1364 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1363 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1362 (A vulnerability in the SOAP API endpoint of Cisco Unified Communicatio ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1361 (A vulnerability in the implementation of an internal file management s ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1360 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1359 (A vulnerability in the configuration management of Cisco AsyncOS for C ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1358 (A vulnerability in the web-based management interface of Cisco Finesse ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1357 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1356 (Multiple vulnerabilities in the web UI of Cisco IOS XE Software could ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1355 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1354 (A vulnerability in the certificate registration process of Cisco Unifi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1353 (A vulnerability in the IPv4 protocol handling of Cisco StarOS could al ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1352 (A vulnerability in the DECnet Phase IV and DECnet/OSI protocol process ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1351 (A vulnerability in the web-based interface of Cisco Webex Meetings cou ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1350 (A vulnerability in the web UI of Cisco Umbrella could allow an unauthe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1349 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1348 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1347 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1346 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1345 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1344 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1343 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1342 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1341 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1340 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1339 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1338 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1337 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1336 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1335 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1334 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1333 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1332 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1331 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1330 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1329 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1328 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1327 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1326 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1325 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1324 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1323 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1322 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1321 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1320 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1319 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1318 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1317 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1316 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1315 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1314 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1313 (Multiple vulnerabilities in the ingress packet processing function of ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1312 (A vulnerability in the system resource management of Cisco Elastic Ser ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1311 (A vulnerability in the reclaim host role feature of Cisco Webex Meetin ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1310 (A vulnerability in the web-based management interface of Cisco Webex M ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1309 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1308 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1307 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1306 (A vulnerability in the restricted shell of Cisco Evolved Programmable ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1305 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1304 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1303 (A vulnerability in the user management roles of Cisco DNA Center could ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1302 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1301 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1300 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1299 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1298 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1297 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1296 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1295 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1294 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1293 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1292 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1291 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1290 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1289 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1288 (Multiple vulnerabilities in the ingress packet processing function of ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1287 (A vulnerability in the web-based management interface of Cisco RV132W ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1286 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1285
+ RESERVED
+CVE-2021-1284 (A vulnerability in the web-based messaging service interface of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1283 (A vulnerability in the logging subsystem of Cisco Data Center Network ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1282 (Multiple vulnerabilities in Cisco Unified Communications Manager IM &a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1281 (A vulnerability in CLI management in Cisco IOS XE SD-WAN Software coul ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1280 (A vulnerability in the loading mechanism of specific DLLs of Cisco Adv ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1279 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1278 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1277 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) c ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1276 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) c ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1275 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1274 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1273 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1272 (A vulnerability in the session validation feature of Cisco Data Center ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1271 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1270 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1269 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1268 (A vulnerability in the IPv6 protocol handling of the management interf ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1267 (A vulnerability in the dashboard widget of Cisco Firepower Management ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1266 (A vulnerability in the REST API of Cisco Managed Services Accelerator ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1265 (A vulnerability in the configuration archive functionality of Cisco DN ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1264 (A vulnerability in the Command Runner tool of Cisco DNA Center could a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1263 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1262 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1261 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1260 (Multiple vulnerabilities in Cisco SD-WAN products could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1259 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1258 (A vulnerability in the upgrade component of Cisco AnyConnect Secure Mo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1257 (A vulnerability in the web-based management interface of Cisco DNA Cen ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1256 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1255 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1254 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1253 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1252 (A vulnerability in the Excel XLM macro parsing module in Clam AntiViru ...)
+ - clamav 0.103.2+dfsg-1 (bug #986622; bug #986790)
+ [buster] - clamav <not-affected> (Affects ony 0.103.0 and 0.103.1)
+ [stretch] - clamav <not-affected> (Affects ony 0.103.0 and 0.103.1)
+ NOTE: https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
+CVE-2021-1251 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1250 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1249 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1248 (Multiple vulnerabilities in certain REST API endpoints of Cisco Data C ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1247 (Multiple vulnerabilities in certain REST API endpoints of Cisco Data C ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1246 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1245 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1244 (Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1243 (A vulnerability in the Local Packet Transport Services (LPTS) programm ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1242 (A vulnerability in Cisco Webex Teams could allow an unauthenticated, r ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1241 (Multiple vulnerabilities in Cisco SD-WAN products could allow an unaut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1240 (A vulnerability in the loading process of specific DLLs in Cisco Proxi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1239 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1238 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1237 (A vulnerability in the Network Access Manager and Web Security Agent c ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1236 (Multiple Cisco products are affected by a vulnerability in the Snort a ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1235 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1234
+ RESERVED
+CVE-2021-1233 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1232
+ RESERVED
+CVE-2021-1231 (A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1230 (A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1229 (A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS S ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1228 (A vulnerability in the fabric infrastructure VLAN connection establish ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1227 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1226 (A vulnerability in the audit logging component of Cisco Unified Commun ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1225 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1224 (Multiple Cisco products are affected by a vulnerability with TCP Fast ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1223 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1222 (A vulnerability in the web-based management interface of Cisco Smart S ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1221 (A vulnerability in the user interface of Cisco Webex Meetings and Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1220 (Multiple vulnerabilities in the web UI of Cisco IOS XE Software could ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1219 (A vulnerability in Cisco Smart Software Manager Satellite could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1218 (A vulnerability in the web management interface of Cisco Smart Softwar ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1217 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1216 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1215 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1214 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1213 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1212 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1211 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1210 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1209 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1208 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1207 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1206 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1205 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1204 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1203 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1202 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1201 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1200 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1199 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1198 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1197 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1196 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1195 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1194 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1193 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1192 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1191 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1190 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1189 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1188 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1187 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1186 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1185 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1184 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1183 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1182 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1181 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1180 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1179 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1178 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1177 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1176 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1175 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1174 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1173 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1172 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1171 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1170 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1169 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1168 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1167 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1166 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1165 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1164 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1163 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1162 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1161 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1160 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1159 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1158 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1157 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1156 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1155 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1154 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1153 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1152 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1151 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1150 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1149 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1148 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1147 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1146 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1145 (A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1144 (A vulnerability in Cisco Connected Mobile Experiences (CMX) could allo ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1143 (A vulnerability in Cisco Connected Mobile Experiences (CMX) API author ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1142 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1141 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1140 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1139 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1138 (Multiple vulnerabilities in the web UI of Cisco Smart Software Manager ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1137 (Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1136 (Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1135 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1134 (A vulnerability in the Cisco Identity Services Engine (ISE) integratio ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1133 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1132
+ RESERVED
+CVE-2021-1131 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1130 (A vulnerability in the web-based management interface of Cisco DNA Cen ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1129 (A vulnerability in the authentication for the general purpose APIs imp ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1128 (A vulnerability in the CLI parser of Cisco IOS XR Software could allow ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1127 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1126 (A vulnerability in the storage of proxy server credentials of Cisco Fi ...)
+ NOT-FOR-US: Cisco
+CVE-2021-1125 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1124
+ RESERVED
+CVE-2021-1123 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1122 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1121 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1120 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1119 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1118 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
+CVE-2021-1115 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
+CVE-2021-1114 (NVIDIA Linux kernel distributions contain a vulnerability in the kerne ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1113 (NVIDIA camera firmware contains a difficult to exploit vulnerability w ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1112 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1111 (Bootloader contains a vulnerability in the NV3P server where any user ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1110 (NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerabi ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1109 (NVIDIA camera firmware contains a multistep, timing-related vulnerabil ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1108 (NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capt ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1107 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVM ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1106 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap, wh ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1105 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1104 (The RISC-V Instruction Set Manual contains a documented ambiguity for ...)
+ NOT-FOR-US: RISC-V
+CVE-2021-1103 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1102 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1101 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1100 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1099 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1098 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1097 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1096 (NVIDIA Windows GPU Display Driver for Windows contains a vulnerability ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
+CVE-2021-1095 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ {DLA-2888-1}
+ - nvidia-graphics-drivers 460.91.03-1 (bug #991351)
+ [buster] - nvidia-graphics-drivers 418.211.00-1
+ - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-tesla-460 460.91.03-1 (bug #991357)
+ - nvidia-graphics-drivers-tesla-450 450.142.00-1 (bug #991356)
+ - nvidia-graphics-drivers-tesla-440 <removed> (bug #991355)
+ - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354)
+ NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
+CVE-2021-1094 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ {DLA-2888-1}
+ - nvidia-graphics-drivers 460.91.03-1 (bug #991351)
+ [buster] - nvidia-graphics-drivers 418.211.00-1
+ - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-tesla-460 460.91.03-1 (bug #991357)
+ - nvidia-graphics-drivers-tesla-450 450.142.00-1 (bug #991356)
+ - nvidia-graphics-drivers-tesla-440 <removed> (bug #991355)
+ - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354)
+ NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
+CVE-2021-1093 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ {DLA-2888-1}
+ - nvidia-graphics-drivers 460.91.03-1 (bug #991351)
+ [buster] - nvidia-graphics-drivers 418.211.00-1
+ - nvidia-graphics-drivers-legacy-390xx 390.144-1 (bug #991353)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.144-1~deb10u1
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #991352)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-tesla-460 460.91.03-1 (bug #991357)
+ - nvidia-graphics-drivers-tesla-450 450.142.00-1 (bug #991356)
+ - nvidia-graphics-drivers-tesla-440 <removed> (bug #991355)
+ - nvidia-graphics-drivers-tesla-418 418.211.00-1 (bug #991354)
+ NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5211
+CVE-2021-1092 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
+CVE-2021-1091 (NVIDIA GPU Display driver for Windows contains a vulnerability where a ...)
+ NOT-FOR-US: NVIDIA GPU Display driver for Windows
+CVE-2021-1090 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
+ NOT-FOR-US: NVIDIA GPU Display driver for Windows
+ NOTE: CVE description is wrong, per https://nvidia.custhelp.com/app/answers/detail/a_id/5211 only for Windows
+CVE-2021-1089 (NVIDIA GPU Display Driver for Windows contains a vulnerability in nvid ...)
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
+CVE-2021-1088 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1087 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...)
+ NOT-FOR-US: NVIDIA vGPU driver
+CVE-2021-1086 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...)
+ NOT-FOR-US: NVIDIA vGPU driver
+CVE-2021-1085 (NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager ...)
+ NOT-FOR-US: NVIDIA vGPU driver
+CVE-2021-1084 (NVIDIA vGPU driver contains a vulnerability in the guest kernel mode d ...)
+ NOT-FOR-US: NVIDIA vGPU driver
+CVE-2021-1083 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1082 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1081 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1080 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1079 (NVIDIA GeForce Experience, all versions prior to 3.22, contains a vuln ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1078 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
+CVE-2021-1077 (NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver ...)
+ - nvidia-graphics-drivers 460.73.01-1 (bug #987216)
+ [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers <not-affected> (R390 not affected)
+ - nvidia-graphics-drivers-tesla-450 450.119.03-1 (bug #987221)
+ - nvidia-graphics-drivers-tesla-460 460.73.01-1 (bug #987222)
+CVE-2021-1076 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
+ {DLA-2888-1}
+ - nvidia-graphics-drivers 460.73.01-1 (bug #987216)
+ [buster] - nvidia-graphics-drivers 418.197.02-1
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #987217)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-legacy-390xx 390.143-1 (bug #987218)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.143-1~deb10u1
+ - nvidia-graphics-drivers-tesla-418 418.197.02-1 (bug #987219)
+ - nvidia-graphics-drivers-tesla-440 <removed> (bug #987220)
+ - nvidia-graphics-drivers-tesla-450 450.119.03-1 (bug #987221)
+ - nvidia-graphics-drivers-tesla-460 460.73.01-1 (bug #987222)
+CVE-2021-1075 (NVIDIA Windows GPU Display Driver for Windows, all versions, contains ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
+CVE-2021-1074 (NVIDIA GPU Display Driver for Windows installer contains a vulnerabili ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver for Windows
+CVE-2021-1073 (NVIDIA GeForce Experience, all versions prior to 3.23, contains a vuln ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1072 (NVIDIA GeForce Experience, all versions prior to 3.21, contains a vuln ...)
+ NOT-FOR-US: NVIDIA GeForce Experience
+CVE-2021-1071 (NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1 ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1070 (NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1069 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1068 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1067 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerabilit ...)
+ NOT-FOR-US: NVIDIA
+CVE-2021-1066 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1065 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1064 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1063 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1062 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1061 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1060 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1059 (NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in wh ...)
+ NOT-FOR-US: NVIDIA vGPU manager
+CVE-2021-1058 (NVIDIA vGPU software contains a vulnerability in the guest kernel mode ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2021-1057 (NVIDIA Virtual GPU Manager NVIDIA vGPU manager contains a vulnerabilit ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager NVIDIA vGPU manager
+CVE-2021-1056 (NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerab ...)
+ {DLA-2888-1}
+ - nvidia-graphics-drivers 460.32.03-1 (bug #979670)
+ [buster] - nvidia-graphics-drivers 418.181.07-1
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #979671)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-legacy-390xx 390.141-1 (bug #979672)
+ [buster] - nvidia-graphics-drivers-legacy-390xx 390.141-2~deb10u1
+ - nvidia-graphics-drivers-tesla-418 418.181.07-1 (bug #979673)
+ - nvidia-graphics-drivers-tesla-440 <removed> (bug #979674)
+ - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675)
+CVE-2021-1055 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
+ NOT-FOR-US: NVIDIA Windows drivers
+CVE-2021-1054 (NVIDIA GPU Display Driver for Windows, all versions, contains a vulner ...)
+ NOT-FOR-US: NVIDIA Windows drivers
+CVE-2021-1053 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
+ - nvidia-graphics-drivers 460.32.03-1 (bug #979670)
+ [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers <not-affected> (R390 not affected)
+ - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675)
+CVE-2021-1052 (NVIDIA GPU Display Driver for Windows and Linux, all versions, contain ...)
+ - nvidia-graphics-drivers 460.32.03-1 (bug #979670)
+ [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [stretch] - nvidia-graphics-drivers <not-affected> (R390 not affected)
+ - nvidia-graphics-drivers-tesla-450 450.102.04-1 (bug #979675)
+CVE-2021-1051 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ NOT-FOR-US: NVIDIA Windows drivers
+CVE-2021-1050
+ RESERVED
+CVE-2021-1049 (Hacker one bug ID: 1343975Product: AndroidVersions: Android SoCAndroid ...)
+ NOT-FOR-US: Unisoc
+CVE-2021-1048 (In ep_loop_check_proc of eventpoll.c, there is a possible way to corru ...)
+ - linux 5.8.10-1
+ [buster] - linux 4.19.146-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/77f4689de17c0887775bb77896f4cc11a39bf848 (5.9-rc4)
+CVE-2021-1047 (In valid_ipc_dram_addr of cm_access_control.c, there is a possible out ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1046 (In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1045 (Product: AndroidVersions: Android kernelAndroid ID: A-195580473Referen ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1044 (In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1043 (In TBD of TBD, there is a possible downgrade attack due to under utili ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1042 (In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible d ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1041 (In (TBD) of (TBD), there is a possible out of bounds read due to memor ...)
+ NOT-FOR-US: Google Pixel components
+CVE-2021-1040 (In onCreate of BluetoothPairingSelectionFragment.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-1039 (In NotificationAccessActivity of AndroidManifest.xml, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-1038 (In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS ...)
+ NOT-FOR-US: Android
+CVE-2021-1037 (The broadcast that DevicePickerFragment sends when a new device is pai ...)
+ NOT-FOR-US: Android
+CVE-2021-1036 (In LocationSettingsActivity of AndroidManifest.xml, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-1035 (In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-1034 (In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is ap ...)
+ NOT-FOR-US: Android
+CVE-2021-1033
+ RESERVED
+CVE-2021-1032 (In getMimeGroup of PackageManagerService.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-1031 (In cancelNotificationsFromListener of NotificationManagerService.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-1030 (In setNotificationsShownFromListener of NotificationManagerService.jav ...)
+ NOT-FOR-US: Android
+CVE-2021-1029 (In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-1028 (In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-1027 (In setTransactionState of SurfaceFlinger, there is possible arbitrary ...)
+ NOT-FOR-US: Android
+CVE-2021-1026 (In startRanging of RttServiceImpl.java, there is a possible way to det ...)
+ NOT-FOR-US: Android
+CVE-2021-1025 (In hasNamedWallpaper of WallpaperManagerService.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-1024 (In onEventReceived of EventResultPersister.java, there is a possible i ...)
+ NOT-FOR-US: Android
+CVE-2021-1023 (In onCreate of RequestIgnoreBatteryOptimizations.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-1022 (In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-1021 (In snoozeNotificationInt of NotificationManagerService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-1020 (In snoozeNotification of NotificationListenerService.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-1019 (In snoozeNotification of NotificationListenerService.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-1018 (In adjustStreamVolume of AudioService.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-1017 (In AdapterService and GattService definition of AndroidManifest.xml, t ...)
+ NOT-FOR-US: Android
+CVE-2021-1016 (In onCreate of UsbPermissionActivity.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-1015 (In getMeidForSlot of PhoneInterfaceManager.java, there is a possible w ...)
+ NOT-FOR-US: Android
+CVE-2021-1014 (In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-1013 (In checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission of P ...)
+ NOT-FOR-US: Android
+CVE-2021-1012 (In onResume of NotificationAccessDetails.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-1011 (In setPackageStoppedState of PackageManagerService.java, there is a mi ...)
+ NOT-FOR-US: Android
+CVE-2021-1010 (In getSigningKeySet of PackageManagerService.java, there is a missing ...)
+ NOT-FOR-US: Android
+CVE-2021-1009 (In setApplicationCategoryHint of PackageManagerService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-1008 (In addSubInfo of SubscriptionController.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-1007 (In btu_hcif_process_event of btu_hcif.cc, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2021-1006 (In several functions of DatabaseManager.java, there is a possible leak ...)
+ NOT-FOR-US: Android
+CVE-2021-1005 (In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a po ...)
+ NOT-FOR-US: Android
+CVE-2021-1004 (In getConfiguredNetworks of WifiServiceImpl.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-1003 (In adjustStreamVolume of AudioService.java, there is a possible way fo ...)
+ NOT-FOR-US: Android
+CVE-2021-1002 (In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds ...)
+ NOT-FOR-US: Android
+CVE-2021-1001 (In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bo ...)
+ NOT-FOR-US: Android
+CVE-2021-1000
+ RESERVED
+CVE-2021-0999 (In the broadcast definition in AndroidManifest.xml, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0998 (In 'ih264e_find_bskip_params()' of ih264e_me.c, there is a possible ou ...)
+ NOT-FOR-US: Android
+CVE-2021-0997 (In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , t ...)
+ NOT-FOR-US: Android
+CVE-2021-0996 (In nfaHciCallback of HciEventManager.cpp, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2021-0995 (In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-0994 (In requestRouteToHostAddress of ConnectivityService.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0993 (In getOffsetBeforeAfter of TextLine.java, there is a possible denial o ...)
+ NOT-FOR-US: Android
+CVE-2021-0992 (In onCreate of PaymentDefaultDialog.java, there is a possible way to c ...)
+ NOT-FOR-US: Android
+CVE-2021-0991 (In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderControll ...)
+ NOT-FOR-US: Android
+CVE-2021-0990 (In getDeviceId of PhoneSubInfoController.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-0989 (In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there i ...)
+ NOT-FOR-US: Android
+CVE-2021-0988 (In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientCont ...)
+ NOT-FOR-US: Android
+CVE-2021-0987 (In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a po ...)
+ NOT-FOR-US: Android
+CVE-2021-0986 (In hasGrantedPolicy of DevicePolicyManagerService.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0985 (In onReceive of AlertReceiver.java, there is a possible way to dismiss ...)
+ NOT-FOR-US: Android
+CVE-2021-0984 (In onNullBinding of ManagedServices.java, there is a possible permissi ...)
+ NOT-FOR-US: Android
+CVE-2021-0983 (In createAdminSupportIntent of DevicePolicyManagerService.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-0982 (In getOrganizationNameForUser of DevicePolicyManagerService.java, ther ...)
+ NOT-FOR-US: Android
+CVE-2021-0981 (In enqueueNotificationInternal of NotificationManagerService.java, the ...)
+ NOT-FOR-US: Android
+CVE-2021-0980
+ RESERVED
+CVE-2021-0979 (In isRequestPinItemSupported of ShortcutService.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0978 (In getSerialForPackage of DeviceIdentifiersPolicyService.java, there i ...)
+ NOT-FOR-US: Android
+CVE-2021-0977 (In phNxpNHal_DtaUpdate of phNxpNciHal_dta.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-0976 (In toBARK of floor0.c, there is a possible out of bounds read due to a ...)
+ NOT-FOR-US: Android
+CVE-2021-0975
+ RESERVED
+CVE-2021-0974
+ RESERVED
+CVE-2021-0973 (In isFileUri of UriUtil.java, there is a possible way to bypass ignori ...)
+ NOT-FOR-US: Android
+CVE-2021-0972
+ RESERVED
+CVE-2021-0971 (In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of ...)
+ NOT-FOR-US: Google Play
+CVE-2021-0970 (In createFromParcel of GpsNavigationMessage.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0969 (In getTitle of AccessPoint.java, there is a possible unhandled excepti ...)
+ NOT-FOR-US: Android
+CVE-2021-0968 (In osi_malloc and osi_calloc of allocator.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-0967 (In vorbis_book_decodev_set of codebook.c, there is a possible out of b ...)
+ NOT-FOR-US: Google Play
+CVE-2021-0966 (In code generated by BuildParcelFields of generate_cpp.cpp, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0965 (In AndroidManifest.xml of Settings, there is a possible pairing of a B ...)
+ NOT-FOR-US: Android
+CVE-2021-0964 (In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out o ...)
+ NOT-FOR-US: Google Play
+CVE-2021-0963 (In onCreate of KeyChainActivity.java, there is a possible way to use a ...)
+ NOT-FOR-US: Android
+CVE-2021-0962
+ RESERVED
+CVE-2021-0961 (In quota_proc_write of xt_quota2.c, there is a possible way to read ke ...)
+ - linux <not-affected> (Android-specific xt_quota2 code)
+ NOTE: https://source.android.com/security/bulletin/2021-12-01
+CVE-2021-0960
+ RESERVED
+CVE-2021-0959 (In jit_memory_region.cc, there is a possible bypass of memory restrict ...)
+ NOT-FOR-US: Android
+CVE-2021-0958 (In update of km_compat.cpp, there is a possible loss of potentially se ...)
+ NOT-FOR-US: Android
+CVE-2021-0957
+ RESERVED
+CVE-2021-0956 (In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0955 (In pf_write_buf of FuseDaemon.cpp, there is possible memory corruption ...)
+ NOT-FOR-US: Android
+CVE-2021-0954 (In ResolverActivity, there is a possible user interaction bypass due t ...)
+ NOT-FOR-US: Android
+CVE-2021-0953 (In setOnClickActivityIntent of SearchWidgetProvider.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0952 (In doCropPhoto of PhotoSelectionHandler.java, there is a possible perm ...)
+ NOT-FOR-US: Android
+CVE-2021-0951
+ RESERVED
+CVE-2021-0950
+ RESERVED
+CVE-2021-0949
+ RESERVED
+CVE-2021-0948
+ RESERVED
+CVE-2021-0947
+ RESERVED
+CVE-2021-0946
+ RESERVED
+CVE-2021-0945
+ RESERVED
+CVE-2021-0944
+ RESERVED
+CVE-2021-0943
+ RESERVED
+CVE-2021-0942
+ RESERVED
+CVE-2021-0941 (In bpf_skb_change_head of filter.c, there is a possible out of bounds ...)
+ - linux 5.10.28-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://git.kernel.org/6306c1189e77a513bf02720450bb43bd4ba5d8ae
+CVE-2021-0940 (In TBD of TBD, there is a possible out of bounds write due to improper ...)
+ NOT-FOR-US: Pixel components
+CVE-2021-0939 (In set_default_passthru_cfg of passthru.c, there is a possible out of ...)
+ NOT-FOR-US: Pixel components
+CVE-2021-0938 (In memzero_explicit of compiler-clang.h, there is a possible bypass of ...)
+ - linux 5.9.15-1 (unimportant)
+ [buster] - linux 4.19.171-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
+ NOTE: https://git.kernel.org/linus/3347acc6fcd4ee71ad18a9ff9d9dac176b517329
+CVE-2021-0937
+ RESERVED
+ - linux 5.10.38-1
+ [buster] - linux 4.19.194-1
+ [stretch] - linux 4.9.272-1
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
+ NOTE: https://git.kernel.org/linus/b29c457a6511435960115c0f548c4360d5f4801d
+ NOTE: Duplicate of CVE-2021-22555
+CVE-2021-0936 (In acc_read of f_accessory.c, there is a possible memory corruption du ...)
+ - linux <not-affected> (Pixel or Android-specific driver)
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
+CVE-2021-0935 (In ip6_xmit of ip6_output.c, there is a possible out of bounds write d ...)
+ - linux 4.15.17-1
+ [stretch] - linux 4.9.258-1
+ NOTE: https://git.kernel.org/linus/2f987a76a97773beafbc615b9c4d8fe79129a7f4
+ NOTE: https://git.kernel.org/linus/b954f94023dcc61388c8384f0f14eb8e42c863c5
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-10-01
+CVE-2021-0934
+ RESERVED
+CVE-2021-0933 (In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.j ...)
+ NOT-FOR-US: Android
+CVE-2021-0932 (In showNotification of NavigationModeController.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0931 (In getAlias of BluetoothDevice.java, there is a possible way to create ...)
+ NOT-FOR-US: Android
+CVE-2021-0930 (In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0929 (In ion_dma_buf_end_cpu_access and related functions of ion.c, there is ...)
+ - linux 5.6.4-1 (unimportant)
+ NOTE: https://source.android.com/security/bulletin/2021-11-01
+ NOTE: CONFIG_ION not enabled in Debian
+CVE-2021-0928 (In createFromParcel of OutputConfiguration.java, there is a possible p ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0927 (In requestChannelBrowsable of TvInputManagerService.java, there is a p ...)
+ NOT-FOR-US: Android TV
+CVE-2021-0926 (In onCreate of NfcImportVCardActivity.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-0925 (In rw_t4t_sm_detect_ndef of rw_t4t.cc, there is a possible out of boun ...)
+ NOT-FOR-US: Android
+CVE-2021-0924 (In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds re ...)
+ - linux <not-affected> (Android-specific XHCI patch)
+ NOTE: https://source.android.com/security/bulletin/2021-11-01
+ NOTE: https://android.googlesource.com/kernel/common/+/df1995aede8e5b13a5ba4d36b48ed88d5bb84497
+CVE-2021-0923 (In createOrUpdate of Permission.java, there is a possible way to gain ...)
+ NOT-FOR-US: Android
+CVE-2021-0922 (In enforceCrossUserOrProfilePermission of PackageManagerService.java, ...)
+ NOT-FOR-US: Android
+CVE-2021-0921 (In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0920 (In unix_scm_to_skb of af_unix.c, there is a possible use after free bu ...)
+ {DLA-2843-1}
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux 4.19.208-1
+ NOTE: https://git.kernel.org/linus/cbcf01128d0a92e131bd09f1688fe032480b65ca
+ NOTE: https://source.android.com/security/bulletin/2021-11-01
+CVE-2021-0919 (In getService of IServiceManager.cpp, there is a possible unhandled ex ...)
+ NOT-FOR-US: Android
+CVE-2021-0918 (In gatt_process_notification of gatt_cl.cc, there is a possible out of ...)
+ NOT-FOR-US: Android
+CVE-2021-0917
+ RESERVED
+CVE-2021-0916
+ RESERVED
+CVE-2021-0915
+ RESERVED
+CVE-2021-0914
+ RESERVED
+CVE-2021-0913
+ RESERVED
+CVE-2021-0912
+ RESERVED
+CVE-2021-0911
+ RESERVED
+CVE-2021-0910
+ RESERVED
+CVE-2021-0909
+ RESERVED
+CVE-2021-0908
+ RESERVED
+CVE-2021-0907
+ RESERVED
+CVE-2021-0906
+ RESERVED
+CVE-2021-0905
+ RESERVED
+CVE-2021-0904 (In SRAMROM, there is a possible permission bypass due to an insecure p ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0903 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0902 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0901 (In apusys, there is a possible memory corruption due to a missing boun ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0900 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0899 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0898 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0897 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0896 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0895 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0894 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0893 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0892
+ RESERVED
+CVE-2021-0891
+ RESERVED
+CVE-2021-0890
+ RESERVED
+CVE-2021-0889 (In Android TV , there is a possible silent pairing due to lack of rate ...)
+ NOT-FOR-US: Android TV
+CVE-2021-0888
+ RESERVED
+CVE-2021-0887
+ RESERVED
+CVE-2021-0886
+ RESERVED
+CVE-2021-0885
+ RESERVED
+CVE-2021-0884
+ RESERVED
+CVE-2021-0883
+ RESERVED
+CVE-2021-0882
+ RESERVED
+CVE-2021-0881
+ RESERVED
+CVE-2021-0880
+ RESERVED
+CVE-2021-0879
+ RESERVED
+CVE-2021-0878
+ RESERVED
+CVE-2021-0877
+ RESERVED
+CVE-2021-0876
+ RESERVED
+CVE-2021-0875
+ RESERVED
+CVE-2021-0874
+ RESERVED
+CVE-2021-0873
+ RESERVED
+CVE-2021-0872
+ RESERVED
+CVE-2021-0871
+ RESERVED
+CVE-2021-0870 (In RW_SetActivatedTagType of rw_main.cc, there is possible memory corr ...)
+ NOT-FOR-US: Android
+CVE-2021-0869 (In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-0868
+ RESERVED
+CVE-2021-0867
+ RESERVED
+CVE-2021-0866
+ RESERVED
+CVE-2021-0865
+ RESERVED
+CVE-2021-0864
+ RESERVED
+CVE-2021-0863
+ RESERVED
+CVE-2021-0862
+ RESERVED
+CVE-2021-0861
+ RESERVED
+CVE-2021-0860
+ RESERVED
+CVE-2021-0859
+ RESERVED
+CVE-2021-0858
+ RESERVED
+CVE-2021-0857
+ RESERVED
+CVE-2021-0856
+ RESERVED
+CVE-2021-0855
+ RESERVED
+CVE-2021-0854
+ RESERVED
+CVE-2021-0853
+ RESERVED
+CVE-2021-0852
+ RESERVED
+CVE-2021-0851
+ RESERVED
+CVE-2021-0850
+ RESERVED
+CVE-2021-0849
+ RESERVED
+CVE-2021-0848
+ RESERVED
+CVE-2021-0847
+ RESERVED
+CVE-2021-0846
+ RESERVED
+CVE-2021-0845
+ RESERVED
+CVE-2021-0844
+ RESERVED
+CVE-2021-0843
+ RESERVED
+CVE-2021-0842
+ RESERVED
+CVE-2021-0841
+ RESERVED
+CVE-2021-0840
+ RESERVED
+CVE-2021-0839
+ RESERVED
+CVE-2021-0838
+ RESERVED
+CVE-2021-0837
+ RESERVED
+CVE-2021-0836
+ RESERVED
+CVE-2021-0835
+ RESERVED
+CVE-2021-0834
+ RESERVED
+CVE-2021-0833
+ RESERVED
+CVE-2021-0832
+ RESERVED
+CVE-2021-0831
+ RESERVED
+CVE-2021-0830
+ RESERVED
+CVE-2021-0829
+ RESERVED
+CVE-2021-0828
+ RESERVED
+CVE-2021-0827
+ RESERVED
+CVE-2021-0826
+ RESERVED
+CVE-2021-0825
+ RESERVED
+CVE-2021-0824
+ RESERVED
+CVE-2021-0823
+ RESERVED
+CVE-2021-0822
+ RESERVED
+CVE-2021-0821
+ RESERVED
+CVE-2021-0820
+ RESERVED
+CVE-2021-0819
+ RESERVED
+CVE-2021-0818
+ RESERVED
+CVE-2021-0817
+ RESERVED
+CVE-2021-0816
+ RESERVED
+CVE-2021-0815
+ RESERVED
+CVE-2021-0814
+ RESERVED
+CVE-2021-0813
+ RESERVED
+CVE-2021-0812
+ RESERVED
+CVE-2021-0811
+ RESERVED
+CVE-2021-0810
+ RESERVED
+CVE-2021-0809
+ RESERVED
+CVE-2021-0808
+ RESERVED
+CVE-2021-0807
+ RESERVED
+CVE-2021-0806
+ RESERVED
+CVE-2021-0805
+ RESERVED
+CVE-2021-0804
+ RESERVED
+CVE-2021-0803
+ RESERVED
+CVE-2021-0802
+ RESERVED
+CVE-2021-0801
+ RESERVED
+CVE-2021-0800
+ RESERVED
+CVE-2021-0799 (In ActivityThread.java, there is a possible way to collide the content ...)
+ NOT-FOR-US: Android
+CVE-2021-0798
+ RESERVED
+CVE-2021-0797
+ RESERVED
+CVE-2021-0796
+ RESERVED
+CVE-2021-0795
+ RESERVED
+CVE-2021-0794
+ RESERVED
+CVE-2021-0793
+ RESERVED
+CVE-2021-0792
+ RESERVED
+CVE-2021-0791
+ RESERVED
+CVE-2021-0790
+ RESERVED
+CVE-2021-0789
+ RESERVED
+CVE-2021-0788
+ RESERVED
+CVE-2021-0787
+ RESERVED
+CVE-2021-0786
+ RESERVED
+CVE-2021-0785
+ RESERVED
+CVE-2021-0784
+ RESERVED
+CVE-2021-0783
+ RESERVED
+CVE-2021-0782
+ RESERVED
+CVE-2021-0781
+ RESERVED
+CVE-2021-0780
+ RESERVED
+CVE-2021-0779
+ RESERVED
+CVE-2021-0778
+ RESERVED
+CVE-2021-0777
+ RESERVED
+CVE-2021-0776
+ RESERVED
+CVE-2021-0775
+ RESERVED
+CVE-2021-0774
+ RESERVED
+CVE-2021-0773
+ RESERVED
+CVE-2021-0772
+ RESERVED
+CVE-2021-0771
+ RESERVED
+CVE-2021-0770
+ RESERVED
+CVE-2021-0769 (In onCreate of AllowBindAppWidgetActivity.java, there is a possible by ...)
+ NOT-FOR-US: Android
+CVE-2021-0768
+ RESERVED
+CVE-2021-0767
+ RESERVED
+CVE-2021-0766
+ RESERVED
+CVE-2021-0765
+ RESERVED
+CVE-2021-0764
+ RESERVED
+CVE-2021-0763
+ RESERVED
+CVE-2021-0762
+ RESERVED
+CVE-2021-0761
+ RESERVED
+CVE-2021-0760
+ RESERVED
+CVE-2021-0759
+ RESERVED
+CVE-2021-0758
+ RESERVED
+CVE-2021-0757
+ RESERVED
+CVE-2021-0756
+ RESERVED
+CVE-2021-0755
+ RESERVED
+CVE-2021-0754
+ RESERVED
+CVE-2021-0753
+ RESERVED
+CVE-2021-0752
+ RESERVED
+CVE-2021-0751
+ RESERVED
+CVE-2021-0750
+ RESERVED
+CVE-2021-0749
+ RESERVED
+CVE-2021-0748
+ RESERVED
+CVE-2021-0747
+ RESERVED
+CVE-2021-0746
+ RESERVED
+CVE-2021-0745
+ RESERVED
+CVE-2021-0744
+ RESERVED
+CVE-2021-0743
+ RESERVED
+CVE-2021-0742
+ RESERVED
+CVE-2021-0741
+ RESERVED
+CVE-2021-0740
+ RESERVED
+CVE-2021-0739
+ RESERVED
+CVE-2021-0738
+ RESERVED
+CVE-2021-0737
+ RESERVED
+CVE-2021-0736
+ RESERVED
+CVE-2021-0735
+ RESERVED
+CVE-2021-0734
+ RESERVED
+CVE-2021-0733
+ RESERVED
+CVE-2021-0732
+ RESERVED
+CVE-2021-0731
+ RESERVED
+CVE-2021-0730
+ RESERVED
+CVE-2021-0729
+ RESERVED
+CVE-2021-0728
+ RESERVED
+CVE-2021-0727
+ RESERVED
+CVE-2021-0726
+ RESERVED
+CVE-2021-0725
+ RESERVED
+CVE-2021-0724
+ RESERVED
+CVE-2021-0723
+ RESERVED
+CVE-2021-0722
+ RESERVED
+CVE-2021-0721
+ RESERVED
+CVE-2021-0720
+ RESERVED
+CVE-2021-0719
+ RESERVED
+CVE-2021-0718
+ RESERVED
+CVE-2021-0717
+ RESERVED
+CVE-2021-0716
+ RESERVED
+CVE-2021-0715
+ RESERVED
+CVE-2021-0714
+ RESERVED
+CVE-2021-0713
+ RESERVED
+CVE-2021-0712
+ RESERVED
+CVE-2021-0711
+ RESERVED
+CVE-2021-0710
+ RESERVED
+CVE-2021-0709
+ RESERVED
+CVE-2021-0708 (In runDumpHeap of ActivityManagerShellCommand.java, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0707
+ RESERVED
+CVE-2021-0706 (In startListening of PluginManagerImpl.java, there is a possible way t ...)
+ NOT-FOR-US: Android
+CVE-2021-0705 (In sanitizeSbn of NotificationManagerService.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0704 (In createNoCredentialsPermissionNotification and related functions of ...)
+ NOT-FOR-US: Android
+CVE-2021-0703 (In SecondStageMain of init.cpp, there is a possible use after free due ...)
+ NOT-FOR-US: Android
+CVE-2021-0702 (In RevertActiveSessions of apexd.cpp, there is a possible way to share ...)
+ NOT-FOR-US: Android
+CVE-2021-0701
+ RESERVED
+CVE-2021-0700
+ RESERVED
+CVE-2021-0699
+ RESERVED
+CVE-2021-0698
+ RESERVED
+CVE-2021-0697
+ RESERVED
+CVE-2021-0696
+ RESERVED
+CVE-2021-0695 (In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds re ...)
+ - linux <not-affected> (Android-specific xt_qtaguid code)
+ NOTE: https://source.android.com/security/bulletin/2021-09-01
+CVE-2021-0694
+ RESERVED
+CVE-2021-0693 (In openFile of HeapDumpProvider.java, there is a possible way to retri ...)
+ NOT-FOR-US: Android
+CVE-2021-0692 (In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0691 (In the SELinux policy configured in system_app.te, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0690 (In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a pos ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0689 (In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0688 (In lockNow of PhoneWindowManager.java, there is a possible lock screen ...)
+ NOT-FOR-US: Android
+CVE-2021-0687 (In ellipsize of Layout.java, there is a possible ANR due to improper i ...)
+ NOT-FOR-US: Android
+CVE-2021-0686 (In getDefaultSmsPackage of RoleManagerService.java, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0685 (In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parc ...)
+ NOT-FOR-US: Android
+CVE-2021-0684 (In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0683 (In runTraceIpcStop of ActivityManagerShellCommand.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0682 (In sendAccessibilityEvent of NotificationManagerService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-0681 (In system properties, there is a possible information disclosure due t ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0680 (In system properties, there is a possible information disclosure due t ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0679 (In apusys, there is a possible memory corruption due to a missing boun ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0678 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0677 (In ccu driver, there is a possible out of bounds read due to an intege ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0676 (In geniezone driver, there is a possible out of bounds read due to an ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0675 (In alac decoder, there is a possible out of bounds write due to an inc ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0674 (In alac decoder, there is a possible out of bounds read due to an inco ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0673 (In Audio Aurisys HAL, there is a possible permission bypass due to a m ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0672 (In Browser app, there is a possible information disclosure due to a mi ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0671 (In apusys, there is a possible memory corruption due to a missing boun ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0670 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0669 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0668 (In apusys, there is a possible memory corruption due to incorrect erro ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0667 (In apusys, there is a possible memory corruption due to a use after fr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0666 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0665 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0664 (In ccu, there is a possible memory corruption due to a use after free. ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0663 (In audio DSP, there is a possible out of bounds write due to an incorr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0662 (In audio DSP, there is a possible out of bounds write due to an incorr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0661 (In audio DSP, there is a possible out of bounds write due to an incorr ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0660 (In ccu, there is a possible out of bounds read due to incorrect error ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0659 (In apusys, there is a possible out of bounds read due to an incorrect ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0658 (In apusys, there is a possible out of bounds write due to a missing bo ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0657 (In apusys, there is a possible out of bounds write due to a stack-base ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0656 (In edma driver, there is a possible memory corruption due to a use aft ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0655 (In mdlactl driver, there is a possible memory corruption due to an inc ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0654 (In isRealSnapshot of TaskThumbnailView.java, there is possible data ex ...)
+ NOT-FOR-US: Android
+CVE-2021-0653 (In enqueueNotification of NetworkPolicyManagerService.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0652 (In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0651 (In loadLabel of PackageItemInfo.java, there is a possible way to DoS a ...)
+ NOT-FOR-US: Android
+CVE-2021-0650 (In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0649 (In stopVpnProfile of Vpn.java, there is a possible VPN profile reset d ...)
+ NOT-FOR-US: Android
+CVE-2021-0648
+ RESERVED
+CVE-2021-0647
+ RESERVED
+CVE-2021-0646 (In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bound ...)
+ NOT-FOR-US: Android
+CVE-2021-0645 (In shouldBlockFromTree of ExternalStorageProvider.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0644 (In conditionallyRemoveIdentifiers of SubscriptionController.java, ther ...)
+ NOT-FOR-US: Android
+CVE-2021-0643 (In getAllSubInfoList of SubscriptionController.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0642 (In onResume of VoicemailSettingsFragment.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-0641 (In getAvailableSubscriptionInfoList of SubscriptionController.java, th ...)
+ NOT-FOR-US: Android
+CVE-2021-0640 (In noteAtomLogged of StatsdStats.cpp, there is a possible out of bound ...)
+ NOT-FOR-US: Android
+CVE-2021-0639 (In multiple functions of libl3oemcrypto.cpp, there is a possible weakn ...)
+ NOT-FOR-US: Widevine
+CVE-2021-0638
+ RESERVED
+CVE-2021-0637
+ RESERVED
+CVE-2021-0636 (When extracting the incorrectly formatted avi file, the memory is dama ...)
+ NOT-FOR-US: UniSoc components for Android
+CVE-2021-0635 (When extracting the incorrectly formatted flv file, the memory is dama ...)
+ NOT-FOR-US: UniSoc components for Android
+CVE-2021-0634 (In display driver, there is a possible memory corruption due to uninit ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0633 (In display driver, there is a possible out of bounds write due to an i ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0632 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0631 (In wifi driver, there is a possible system crash due to a missing boun ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0630 (In wifi driver, there is a possible system crash due to a missing boun ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0629 (In mdlactl driver, there is a possible memory corruption due to a use ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0628 (In OMA DRM, there is a possible memory corruption due to improper inpu ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0627 (In OMA DRM, there is a possible memory corruption due to an integer ov ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0626 (In ged, there is a possible out of bounds write due to a missing bound ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0625 (In ccu, there is a possible memory corruption due to improper locking. ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0624 (In flv extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0623 (In asf extractor, there is a possible out of bounds read due to an int ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0622 (In asf extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0621 (In asf extractor, there is a possible out of bounds read due to an int ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0620 (In asf extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0619 (In ape extractor, there is a possible out of bounds read due to a miss ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0618 (In ape extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0617 (In ape extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0616 (In ape extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0615 (In flv extractor, there is a possible out of bounds read due to an int ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0614 (In asf extractor, there is a possible out of bounds read due to an inc ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0613 (In asf extractor, there is a possible out of bounds read due to an inc ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0612 (In m4u, there is a possible memory corruption due to a use after free. ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0611 (In m4u, there is a possible memory corruption due to a use after free. ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0610 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0609
+ RESERVED
+CVE-2021-0608 (In handleAppLaunch of AppLaunchActivity.java, there is a possible arbi ...)
+ NOT-FOR-US: Pixel
+CVE-2021-0607 (In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware p ...)
+ NOT-FOR-US: Pixel
+CVE-2021-0606 (In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use ...)
+ - linux <not-affected> (Vulnerability specific to 4.14.y backporting)
+ NOTE: https://source.android.com/security/bulletin/pixel/2021-06-01
+CVE-2021-0605 (In pfkey_dump of af_key.c, there is a possible out-of-bounds read due ...)
+ - linux 5.8.7-1
+ [buster] - linux 4.19.152-1
+ [stretch] - linux 4.9.240-1
+ NOTE: https://git.kernel.org/linus/37bd22420f856fcd976989f1d4f1f7ad28e1fcac
+CVE-2021-0604 (In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0603 (In onCreate of ContactSelectionActivity.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-0602 (In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0601 (In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of boun ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0600 (In onCreate of DeviceAdminAdd.java, there is a possible way to mislead ...)
+ NOT-FOR-US: Android
+CVE-2021-0599 (In scheduleTimeoutLocked of NotificationRecord.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0598 (In onCreate of ConfirmConnectActivity.java, there is a possible pairin ...)
+ NOT-FOR-US: Android
+CVE-2021-0597 (In notifyProfileAdded and notifyProfileRemoved of SipService.java, the ...)
+ NOT-FOR-US: Android
+CVE-2021-0596 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0595 (In lockAllProfileTasks of RootWindowContainer.java, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0594 (In onCreate of ConfirmConnectActivity, there is a possible remote bypa ...)
+ NOT-FOR-US: Android
+CVE-2021-0593 (In sendDevicePickedIntent of DevicePickerFragment.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0592 (In various functions in WideVine, there are possible out of bounds wri ...)
+ NOT-FOR-US: Widevine
+CVE-2021-0591 (In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, ther ...)
+ NOT-FOR-US: Android
+CVE-2021-0590 (In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0589 (In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds ...)
+ NOT-FOR-US: Android
+CVE-2021-0588 (In processInboundMessage of MceStateMachine.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0587 (In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0586 (In onCreate of DevicePickerFragment.java, there is a possible way to t ...)
+ NOT-FOR-US: Android
+CVE-2021-0585 (In beginWrite and beginRead of MessageQueueBase.h, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0584 (In verifyBufferObject of Parcel.cpp, there is a possible out of bounds ...)
+ NOT-FOR-US: Android
+CVE-2021-0583 (In onCreate of BluetoothPairingDialog, there is a possible way to enab ...)
+ NOT-FOR-US: Android
+CVE-2021-0582 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0581 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0580 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0579 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0578 (In wifi driver, there is a possible out of bounds read due to a missin ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0577 (In flv extractor, there is a possible out of bounds write due to a hea ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0576 (In flv extractor, there is a possible out of bounds write due to a mis ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0575
+ RESERVED
+CVE-2021-0574 (In asf extractor, there is a possible out of bounds write due to a mis ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0573 (In asf extractor, there is a possible out of bounds write due to a mis ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0572 (In doNotification of AccountManagerService.java, there is a possible p ...)
+ NOT-FOR-US: Android
+CVE-2021-0571 (In ActivityTaskManagerService.startActivity() and AppTaskImpl.startAct ...)
+ NOT-FOR-US: Android
+CVE-2021-0570 (In sendBugreportNotification of BugreportProgressService.java, there i ...)
+ NOT-FOR-US: Android
+CVE-2021-0569 (In onStart of ContactsDumpActivity.java, there is possible access to c ...)
+ NOT-FOR-US: Android
+CVE-2021-0568 (In onReceive of DevicePolicyManagerService.java, there is a possible e ...)
+ NOT-FOR-US: Android
+CVE-2021-0567 (In isRestricted of RemoteViews.java, there is a possible way to inject ...)
+ NOT-FOR-US: Android
+CVE-2021-0566 (In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0565 (In wrapUserThread of AudioStream.cpp, there is a possible use after fr ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0564 (In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0563 (In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a poss ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0562 (In RasterIntraUpdate of motion_est.cpp, there is a possible out of bou ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0561 (In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0560
+ RESERVED
+CVE-2021-0559 (In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0558 (In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0557 (In setRange of ABuffer.cpp, there is a possible out of bounds write du ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0556 (In getBlockSum of fastcodemb.cpp, there is a possible out of bounds re ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0555 (In RenderStruct of protostream_objectsource.cc, there is a possible cr ...)
+ NOT-FOR-US: Android
+CVE-2021-0554 (In isBackupServiceActive of BackupManagerService.java, there is a miss ...)
+ NOT-FOR-US: Android
+CVE-2021-0553 (In onBindViewHolder of AppSwitchPreference.java, there is a possible b ...)
+ NOT-FOR-US: Android
+CVE-2021-0552 (In getEndItemSliceAction of MediaOutputSlice.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0551 (In bind of MediaControlPanel.java, there is a possible way to lock up ...)
+ NOT-FOR-US: Android
+CVE-2021-0550 (In onLoadFailed of AnnotateActivity.java, there is a possible way to g ...)
+ NOT-FOR-US: Android
+CVE-2021-0549 (In sspRequestCallback of BondStateMachine.java, there is a possible le ...)
+ NOT-FOR-US: Android
+CVE-2021-0548 (In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bound ...)
+ NOT-FOR-US: Android
+CVE-2021-0547 (In onReceive of NetInitiatedActivity.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-0546 (In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0545 (In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0544 (In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0543 (In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0542 (In updateNotification of BeamTransferManager.java, there is a missing ...)
+ NOT-FOR-US: Android
+CVE-2021-0541 (In phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, there i ...)
+ NOT-FOR-US: Android
+CVE-2021-0540 (In halWrapperDataCallback of hal_wrapper.cc, there is a possible out o ...)
+ NOT-FOR-US: Android
+CVE-2021-0539 (In archiveStoredConversation of MmsService.java, there is a possible w ...)
+ NOT-FOR-US: Android
+CVE-2021-0538 (In onCreate of EmergencyCallbackModeExitDialog.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0537 (In onCreate of WiFiInstaller.java, there is a possible way to install ...)
+ NOT-FOR-US: Android
+CVE-2021-0536 (In dropFile of WiFiInstaller, there is a way to delete files accessibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0535 (In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0534 (In permission declarations of DeviceAdminReceiver.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0533 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0532 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0531 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0530 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0529 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0528 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0527 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0526 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0525 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0524 (In isServiceDistractionOptimized of CarPackageManagerService.java, the ...)
+ NOT-FOR-US: Android
+CVE-2021-0523 (In onCreate of WifiScanModeActivity.java, there is a possible way to e ...)
+ NOT-FOR-US: Android
+CVE-2021-0522 (In ConnectionHandler::SdpCb of connection_handler.cc, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0521 (In getAllPackages of PackageManagerService, there is a possible inform ...)
+ NOT-FOR-US: Android
+CVE-2021-0520 (In several functions of MemoryFileSystem.cpp and related files, there ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0519 (In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of b ...)
+ NOT-FOR-US: Google Play
+CVE-2021-0518 (In handleSendStatusChangeBroadcast of WifiDisplayAdapter.java, there i ...)
+ NOT-FOR-US: Android
+CVE-2021-0517 (In updateCapabilities of ConnectivityService.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0516 (In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of b ...)
+ NOT-FOR-US: Android
+CVE-2021-0515 (In Factory::CreateStrictFunctionMap of factory.cc, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0514 (In several functions of the V8 library, there is a possible use after ...)
+ NOT-FOR-US: Android
+CVE-2021-0513 (In deleteNotificationChannel and related functions of NotificationMana ...)
+ NOT-FOR-US: Android
+CVE-2021-0512 (In __hidinput_change_resolution_multipliers of hid-input.c, there is a ...)
+ {DLA-2689-1}
+ - linux 5.10.19-1
+ [buster] - linux 4.19.181-1
+ NOTE: https://git.kernel.org/linus/ed9be64eefe26d7d8b0b5b9fa3ffdf425d87a01f
+CVE-2021-0511 (In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode i ...)
+ NOT-FOR-US: Android
+CVE-2021-0510 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0509 (In various functions of CryptoPlugin.cpp, there is a possible use afte ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0508 (In various functions of DrmPlugin.cpp, there is a possible use after f ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0507 (In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bou ...)
+ NOT-FOR-US: Android
+CVE-2021-0506 (In ActivityPicker.java, there is a possible bypass of user interaction ...)
+ NOT-FOR-US: Android
+CVE-2021-0505 (In the Settings app, there is a possible way to disable an always-on V ...)
+ NOT-FOR-US: Android
+CVE-2021-0504 (In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of ...)
+ NOT-FOR-US: Android
+CVE-2021-0503
+ RESERVED
+CVE-2021-0502
+ RESERVED
+CVE-2021-0501
+ RESERVED
+CVE-2021-0500
+ RESERVED
+CVE-2021-0499
+ RESERVED
+CVE-2021-0498 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0497 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0496 (In memory management driver, there is a possible memory corruption due ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0495 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0494 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0493 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0492 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0491 (In memory management driver, there is a possible escalation of privile ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0490 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0489 (In memory management driver, there is a possible out of bounds write d ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0488 (In pb_write of pb_encode.c, there is a possible out of bounds write du ...)
+ NOT-FOR-US: Android
+CVE-2021-0487 (In onCreate of CalendarDebugActivity.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-0486 (In onPackageAddedInternal of PermissionManagerService.java, there is p ...)
+ NOT-FOR-US: Android
+CVE-2021-0485 (In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypa ...)
+ NOT-FOR-US: Android
+CVE-2021-0484 (In readVector of IMediaPlayer.cpp, there is a possible read of uniniti ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0483 (In multiple methods of AAudioService, there is a possible use-after-fr ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0482 (In BinderDiedCallback of MediaCodec.cpp, there is a possible memory co ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0481 (In onActivityResult of EditUserPhotoController.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0480 (In createPendingIntent of SnoozeHelper.java, there is a possible broad ...)
+ NOT-FOR-US: Android
+CVE-2021-0479
+ RESERVED
+CVE-2021-0478 (In updateDrawable of StatusBarIconView.java, there is a possible permi ...)
+ NOT-FOR-US: Android
+CVE-2021-0477 (In notifyScreenshotError of ScreenshotNotificationsController.java, th ...)
+ NOT-FOR-US: Android
+CVE-2021-0476 (In FindOrCreatePeer of btif_av.cc, there is a possible use after free ...)
+ NOT-FOR-US: Android
+CVE-2021-0475 (In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory c ...)
+ NOT-FOR-US: Android
+CVE-2021-0474 (In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds wr ...)
+ NOT-FOR-US: Android
+CVE-2021-0473 (In rw_t3t_process_error of rw_t3t.cc, there is a possible double free ...)
+ NOT-FOR-US: Android
+CVE-2021-0472 (In shouldLockKeyguard of LockTaskController.java, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0471 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0470
+ RESERVED
+CVE-2021-0469
+ RESERVED
+CVE-2021-0468 (In LK, there is a possible escalation of privilege due to an insecure ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0467 (In Chromecast bootROM, there is a possible out of bounds write due to ...)
+ NOT-FOR-US: AMLogic
+CVE-2021-0466 (In startIpClient of ClientModeImpl.java, there is a possible identifie ...)
+ NOT-FOR-US: Android
+CVE-2021-0465 (In GenerateFaceMask of face.cc, there is a possible out of bounds writ ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0464 (In sound_trigger_event_alloc of platform.h, there is a possible out of ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0463 (In convertToHidl of convert.cpp, there is a possible out of bounds rea ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0462 (In the NXP NFC firmware, there is a possible insecure firmware update ...)
+ NOT-FOR-US: NXP NFC firmware as used in Android/Pixel
+CVE-2021-0461 (In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possib ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0460 (In the FingerTipS touch screen driver, there is a possible out of boun ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0459 (In fts_driver_test_write of fts_proc.c, there is a possible out of bou ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0458 (In the FingerTipS touch screen driver, there is a possible out of boun ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0457 (In the FingerTipS touch screen driver, there is a possible out of boun ...)
+ NOT-FOR-US: Android/Pixel kernel component not in mainline
+CVE-2021-0456 (In the Citadel chip firmware, there is a possible out of bounds write ...)
+ NOT-FOR-US: Citadel chip firmware as used in Android/Pixel
+CVE-2021-0455 (In the Citadel chip firmware, there is a possible out of bounds write ...)
+ NOT-FOR-US: Citadel chip firmware as used in Android/Pixel
+CVE-2021-0454 (In the Citadel chip firmware, there is a possible out of bounds write ...)
+ NOT-FOR-US: Citadel chip firmware as used in Android/Pixel
+CVE-2021-0453 (In the Titan-M chip firmware, there is a possible disclosure of stack ...)
+ NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel
+CVE-2021-0452 (In the Titan M chip firmware, there is a possible disclosure of stack ...)
+ NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel
+CVE-2021-0451 (In the Titan M chip firmware, there is a possible disclosure of stack ...)
+ NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel
+CVE-2021-0450 (In the Titan M chip firmware, there is a possible disclosure of stack ...)
+ NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel
+CVE-2021-0449 (In the Titan M chip firmware, there is a possible disclosure of stack ...)
+ NOT-FOR-US: Titan-M chip firmware as used in Android/Pixel
+CVE-2021-0448
+ RESERVED
+CVE-2021-0447
+ RESERVED
+ - linux 4.15.4-1
+ [stretch] - linux 4.9.228-1
+CVE-2021-0446 (In ImportVCardActivity, there is a possible way to bypass user consent ...)
+ NOT-FOR-US: Android
+CVE-2021-0445 (In start of WelcomeActivity.java, there is a possible residual profile ...)
+ NOT-FOR-US: Android
+CVE-2021-0444 (In onActivityResult of QuickContactActivity.java, there is an unnecess ...)
+ NOT-FOR-US: Android
+CVE-2021-0443 (In several functions of ScreenshotHelper.java and related files, there ...)
+ NOT-FOR-US: Android
+CVE-2021-0442 (In updateInfo of android_hardware_input_InputApplicationHandle.cpp, th ...)
+ NOT-FOR-US: Android
+CVE-2021-0441 (In onCreate of PermissionActivity.java, there is a possible permission ...)
+ NOT-FOR-US: Android
+CVE-2021-0440
+ RESERVED
+CVE-2021-0439 (In setPowerModeWithHandle of com_android_server_power_PowerManagerServ ...)
+ NOT-FOR-US: Android
+CVE-2021-0438 (In several functions of InputDispatcher.cpp, WindowManagerService.java ...)
+ NOT-FOR-US: Android
+CVE-2021-0437 (In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. Th ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0436 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0435 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak o ...)
+ NOT-FOR-US: Android
+CVE-2021-0434 (In onReceive of BluetoothPermissionRequest.java, there is a possible p ...)
+ NOT-FOR-US: Android
+CVE-2021-0433 (In onCreate of DeviceChooserActivity.java, there is a possible way to ...)
+ NOT-FOR-US: Android
+CVE-2021-0432 (In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPulle ...)
+ NOT-FOR-US: Android
+CVE-2021-0431 (In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds re ...)
+ NOT-FOR-US: Android
+CVE-2021-0430 (In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of boun ...)
+ NOT-FOR-US: Android
+CVE-2021-0429 (In pollOnce of ALooper.cpp, there is possible memory corruption due to ...)
+ NOT-FOR-US: Android
+CVE-2021-0428 (In getSimSerialNumber of TelephonyManager.java, there is a possible wa ...)
+ NOT-FOR-US: Android
+CVE-2021-0427 (In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0426 (In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0425 (In memory management driver, there is a possible side channel informat ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0424 (In memory management driver, there is a possible system crash due to a ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0423 (In memory management driver, there is a possible information disclosur ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0422 (In memory management driver, there is a possible system crash due to a ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0421 (In memory management driver, there is a possible information disclosur ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0420 (In memory management driver, there is a possible system crash due to a ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0419 (In memory management driver, there is a possible system crash due to i ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0418 (In memory management driver, there is a possible system crash due to i ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0417 (In memory management driver, there is a possible system crash due to i ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0416 (In memory management driver, there is a possible system crash due to i ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0415 (In memory management driver, there is a possible information disclosur ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0414 (In flv extractor, there is a possible out of bounds read due to a heap ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0413 (In flv extractor, there is a possible out of bounds read due to a miss ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0412 (In flv extractor, there is a possible out of bounds read due to a miss ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0411 (In flv extractor, there is a possible out of bounds read due to an int ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0410 (In flv extractor, there is a possible out of bounds read due to an inc ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0409 (In flv extractor, there is a possible out of bounds read due to an inc ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0408 (In asf extractor, there is a possible out of bounds read due to an inc ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0407 (In clk driver, there is a possible out of bounds write due to an incor ...)
+ NOT-FOR-US: Mediatek
+CVE-2021-0406 (In cameraisp, there is a possible out of bounds write due to a missing ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0405 (In performance driver, there is a possible out of bounds write due to ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0404 (In mobile_log_d, there is a possible information disclosure due to imp ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0403 (In netdiag, there is a possible information disclosure due to a missin ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0402 (In jpeg, there is a possible out of bounds write due to improper input ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0401 (In vow, there is a possible memory corruption due to a race condition. ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0400 (In injectBestLocation and handleUpdateLocation of GnssLocationProvider ...)
+ NOT-FOR-US: Android
+CVE-2021-0399 (In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruptio ...)
+ - linux <not-affected> (Android-specific xt_qtaguid code)
+ NOTE: https://source.android.com/security/bulletin/2021-03-01
+CVE-2021-0398 (In bindServiceLocked of ActiveServices.java, there is a possible foreg ...)
+ NOT-FOR-US: Android
+CVE-2021-0397 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system c ...)
+ NOT-FOR-US: Android
+CVE-2021-0396 (In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc an ...)
+ NOT-FOR-US: Android
+CVE-2021-0395 (In StopServicesAndLogViolations of reboot.cpp, there is possible memor ...)
+ NOT-FOR-US: Android
+CVE-2021-0394 (In android_os_Parcel_readString8 of android_os_Parcel.cpp, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0393 (In Scanner::LiteralBuffer::NewCapacity of scanner.cc, there is a possi ...)
+ NOT-FOR-US: Android
+CVE-2021-0392 (In main of main.cpp, there is a possible memory corruption due to a do ...)
+ NOT-FOR-US: Android
+CVE-2021-0391 (In onCreate() of ChooseTypeAndAccountActivity.java, there is a possibl ...)
+ NOT-FOR-US: Android
+CVE-2021-0390 (In various methods of WifiNetworkSuggestionsManager.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0389 (In setNightModeActivated of UiModeManagerService.java, there is a miss ...)
+ NOT-FOR-US: Android
+CVE-2021-0388 (In onReceive of ImsPhoneCallTracker.java, there is a possible misattri ...)
+ NOT-FOR-US: Android
+CVE-2021-0387 (In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-a ...)
+ NOT-FOR-US: Android
+CVE-2021-0386 (In onCreate of UsbConfirmActivity, there is a possible tapjacking vect ...)
+ NOT-FOR-US: Android
+CVE-2021-0385 (In createConnectToAvailableNetworkNotification of ConnectToNetworkNoti ...)
+ NOT-FOR-US: Android
+CVE-2021-0384
+ REJECTED
+CVE-2021-0383 (In done of CaptivePortalLoginActivity.java, there is a confused deputy ...)
+ NOT-FOR-US: Android
+CVE-2021-0382 (In checkSlicePermission of SliceManagerService.java, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0381 (In updateNotifications of DeviceStorageMonitorService.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0380 (In onReceive of DcTracker.java, there is a possible way to trigger a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0379 (In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of boun ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0378 (In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds re ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0377 (In DeltaPerformer::Write of delta_performer.cc, there is a possible us ...)
+ NOT-FOR-US: Android
+CVE-2021-0376 (In checkUriPermission and related functions of MediaProvider.java, the ...)
+ NOT-FOR-US: Android
+CVE-2021-0375 (In onPackageModified of VoiceInteractionManagerService.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-0374 (In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0373
+ RESERVED
+CVE-2021-0372 (In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-0371 (In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out ...)
+ NOT-FOR-US: Android
+CVE-2021-0370 (In Write of NxpMfcReader.cc, there is a possible out of bounds write d ...)
+ NOT-FOR-US: Android
+CVE-2021-0369 (In CrossProfileAppsServiceImpl.java, there is the possibility of an ap ...)
+ NOT-FOR-US: Android
+CVE-2021-0368 (In oggpack_look of bitwise.c, there is a possible out of bounds read d ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0367 (In vpu, there is a possible memory corruption due to a race condition. ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0366 (In vpu, there is a possible memory corruption due to a race condition. ...)
+ NOT-FOR-US: MediaTek
+CVE-2021-0365 (In display driver, there is a possible memory corruption due to a use ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0364 (In mobile_log_d, there is a possible command injection due to improper ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0363 (In mobile_log_d, there is a possible command injection due to a missin ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0362 (In aee, there is a possible memory corruption due to a stack buffer ov ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0361 (In kisd, there is a possible out of bounds read due to improper input ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0360 (In netdiag, there is a possible out of bounds write due to an incorrec ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0359 (In netdiag, there is a possible out of bounds write due to a missing b ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0358 (In netdiag, there is a possible command injection due to improper inpu ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0357 (In netdiag, there is a possible out of bounds write due to a missing b ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0356 (In netdiag, there is a possible command injection due to improper inpu ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0355 (In kisd, there is a possible out of bounds write due to an integer ove ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0354 (In ged, there is a possible out of bounds write due to an integer over ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0353 (In kisd, there is a possible memory corruption due to a heap buffer ov ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0352 (In RT regmap driver, there is a possible memory corruption due to type ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0351 (In wlan driver, there is a possible system crash due to a missing boun ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0350 (In ged, there is a possible system crash due to an improper input vali ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0349 (In display driver, there is a possible memory corruption due to a use ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0348 (In vpu, there is a possible out of bounds write due to a missing bound ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0347 (In ccu, there is a possible out of bounds read due to a missing bounds ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0346 (In vpu, there is a possible out of bounds write due to an incorrect bo ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0345 (In mobile_log_d, there is a possible escalation of privilege due to im ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0344 (In mtkpower, there is a possible memory corruption due to a missing bo ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0343 (In kisd, there is a possible out of bounds write due to a missing boun ...)
+ NOT-FOR-US: Mediatek components for Android
+CVE-2021-0342 (In tun_get_user of tun.c, there is possible memory corruption due to a ...)
+ - linux 5.7.6-1
+ [buster] - linux 4.19.131-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/96aa1b22bd6bb9fccf62f6261f390ed6f3e7967f
+CVE-2021-0341 (In verifyHostName of OkHostnameVerifier.java, there is a possible way ...)
+ NOT-FOR-US: Android
+CVE-2021-0340 (In parseNextBox of IsoInterface.java, there is a possible leak of unre ...)
+ NOT-FOR-US: Android
+CVE-2021-0339 (In loadAnimation of WindowContainer.java, there is a possible way to k ...)
+ NOT-FOR-US: Android
+CVE-2021-0338 (In SystemSettingsValidators, there is a possible permanent denial of s ...)
+ NOT-FOR-US: Android
+CVE-2021-0337 (In moveInMediaStore of FileSystemProvider.java, there is a possible fi ...)
+ NOT-FOR-US: Android
+CVE-2021-0336 (In onReceive of BluetoothPermissionRequest.java, there is a possible p ...)
+ NOT-FOR-US: Android
+CVE-2021-0335 (In process of C2SoftHevcDec.cpp, there is a possible out of bounds wri ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0334 (In onTargetSelected of ResolverActivity.java, there is a possible sett ...)
+ NOT-FOR-US: Android
+CVE-2021-0333 (In onCreate of BluetoothPermissionActivity.java, there is a possible p ...)
+ NOT-FOR-US: Android
+CVE-2021-0332 (In bootFinished of SurfaceFlinger.cpp, there is a possible memory corr ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0331 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0330 (In add_user_ce and remove_user_ce of storaged.cpp, there is a possible ...)
+ NOT-FOR-US: Android
+CVE-2021-0329 (In several native functions called by AdvertiseManager.java, there is ...)
+ NOT-FOR-US: Android
+CVE-2021-0328 (In onBatchScanReports and deliverBatchScan of GattService.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-0327 (In getContentProviderImpl of ActivityManagerService.java, there is a p ...)
+ NOT-FOR-US: Android
+CVE-2021-0326 (In p2p_copy_client_info of p2p.c, there is a possible out of bounds wr ...)
+ {DSA-4898-1 DLA-2572-1}
+ - wpa 2:2.9.0-17 (bug #981971)
+ NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/4
+ NOTE: https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt
+ NOTE: https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
+ NOTE: https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e
+CVE-2021-0325 (In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible o ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0324 (Product: AndroidVersions: Android SoCAndroid ID: A-175402462 ...)
+ NOT-FOR-US: UniSoc components for Android
+CVE-2021-0323
+ RESERVED
+ NOTE: Duplicate for CVE-2020-10767, clarification with Android security team pending
+CVE-2021-0322 (In onCreate of SlicePermissionActivity.java, there is a possible misle ...)
+ NOT-FOR-US: Android
+CVE-2021-0321 (In enforceDumpPermissionForPackage of ActivityManagerService.java, the ...)
+ NOT-FOR-US: Android
+CVE-2021-0320 (In is_device_locked and set_device_locked of keystore_keymaster_enforc ...)
+ NOT-FOR-US: Android
+CVE-2021-0319 (In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there ...)
+ NOT-FOR-US: Android
+CVE-2021-0318 (In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a ...)
+ NOT-FOR-US: Android
+CVE-2021-0317 (In createOrUpdate of Permission.java and related code, there is possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0316 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of ...)
+ NOT-FOR-US: Android
+CVE-2021-0315 (In onCreate of GrantCredentialsPermissionActivity.java, there is a pos ...)
+ NOT-FOR-US: Android
+CVE-2021-0314 (In onCreate of UninstallerActivity, there is a possible way to uninsta ...)
+ NOT-FOR-US: Android
+CVE-2021-0313 (In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slo ...)
+ NOT-FOR-US: Android
+CVE-2021-0312 (In WAVSource::read of WAVExtractor.cpp, there is a possible out of bou ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0311 (In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, ther ...)
+ NOT-FOR-US: Android media framework
+CVE-2021-0310 (In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possib ...)
+ NOT-FOR-US: Android
+CVE-2021-0309 (In onCreate of grantCredentialsPermissionActivity, there is a confused ...)
+ NOT-FOR-US: Android
+CVE-2021-0308 (In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds ...)
+ {DLA-2549-1}
+ - gdisk 1.0.6-1
+ [buster] - gdisk <no-dsa> (Minor issue)
+ NOTE: https://sourceforge.net/p/gptfdisk/code/ci/f523bbc0c2437fe259aa3aff5e819e24101aee29
+ NOTE: https://android.googlesource.com/platform/external/gptfdisk/+/6d369451868ce71618144c4f4bd645ae48f0d1c5
+CVE-2021-0307 (In updatePermissionSourcePackage of PermissionManagerService.java, the ...)
+ NOT-FOR-US: Android
+CVE-2021-0306 (In addAllPermissions of PermissionManagerService.java, there is a poss ...)
+ NOT-FOR-US: Android
+CVE-2021-0305 (In PackageInstaller, there is a possible tapjacking attack due to an i ...)
+ NOT-FOR-US: Android
+CVE-2021-0304 (In several functions of GlobalScreenshot.java, there is a possible per ...)
+ NOT-FOR-US: Android
+CVE-2021-0303 (In dispatchGraphTerminationMessage() of packages/services/Car/computep ...)
+ NOT-FOR-US: Android
+CVE-2021-0302 (In PackageInstaller, there is a possible tapjacking attack due to an i ...)
+ NOT-FOR-US: Android
+CVE-2021-0301 (In ged, there is a possible out of bounds write due to a missing bound ...)
+ NOT-FOR-US: MediaTek components for Android
+CVE-2021-0300
+ RESERVED
+CVE-2021-0299 (An Improper Handling of Exceptional Conditions vulnerability in the pr ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0298 (A Race Condition in the 'show chassis pic' command in Juniper Networks ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0297 (A vulnerability in the processing of TCP MD5 authentication in Juniper ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0296 (The Juniper Networks CTPView server is not enforcing HTTP Strict Trans ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0295 (A vulnerability in the Distance Vector Multicast Routing Protocol (DVM ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0294 (A vulnerability in Juniper Networks Junos OS, which only affects the r ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0293 (A vulnerability in Juniper Networks Junos OS caused by Missing Release ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0292 (An Uncontrolled Resource Consumption vulnerability in the ARP daemon ( ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0291 (An Exposure of System Data vulnerability in Juniper Networks Junos OS ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0290 (Improper Handling of Exceptional Conditions in Ethernet interface fram ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0289 (When user-defined ARP Policer is configured and applied on one or more ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0288 (A vulnerability in the processing of specific MPLS packets in Juniper ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0287 (In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Netwo ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0286 (A vulnerability in the handling of exceptional conditions in Juniper N ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0285 (An uncontrolled resource consumption vulnerability in Juniper Networks ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0284 (A buffer overflow vulnerability in the TCP/IP stack of Juniper Network ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0283 (A buffer overflow vulnerability in the TCP/IP stack of Juniper Network ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0282 (On Juniper Networks Junos OS devices with Multipath or add-path featur ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0281 (On Juniper Networks Junos OS devices configured with BGP origin valida ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0280 (Due to an Improper Initialization vulnerability in Juniper Networks Ju ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0279 (Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have Rab ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0278 (An Improper Input Validation vulnerability in J-Web of Juniper Network ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0277 (An Out-of-bounds Read vulnerability in the processing of specially cra ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0276 (A stack-based Buffer Overflow vulnerability in Juniper Networks SBR Ca ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0275 (A Cross-site Scripting (XSS) vulnerability in J-Web on Juniper Network ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0274
+ RESERVED
+CVE-2021-0273 (An always-incorrect control flow implementation in the implicit filter ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0272 (A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX1 ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0271 (A Double Free vulnerability in the software forwarding interface daemo ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0270 (On PTX Series and QFX10k Series devices with the "inline-jflow" featur ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0269 (The improper handling of client-side parameters in J-Web of Juniper Ne ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0268 (An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Re ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0267 (An Improper Input Validation vulnerability in the active-lease query p ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0266 (The use of multiple hard-coded cryptographic keys in cSRX Series softw ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0265 (An unvalidated REST API in the AppFormix Agent of Juniper Networks App ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0264 (A vulnerability in the processing of traffic matching a firewall filte ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0263 (A Data Processing vulnerability in the Multi-Service process (multi-sv ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0262 (Through routine static code analysis of the Juniper Networks Junos OS ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0261 (A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentic ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0260 (An improper authorization vulnerability in the Simple Network Manageme ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0259 (Due to a vulnerability in DDoS protection in Juniper Networks Junos OS ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0258 (A vulnerability in the forwarding of transit TCPv6 packets received on ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0257 (On Juniper Networks MX Series and EX9200 Series platforms with Trio-ba ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0256 (A sensitive information disclosure vulnerability in the mosquitto mess ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0255 (A local privilege escalation vulnerability in ethtraceroute of Juniper ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0254 (A buffer size validation vulnerability in the overlayd service of Juni ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0253 (NFX Series devices using Juniper Networks Junos OS are susceptible to ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0252 (NFX Series devices using Juniper Networks Junos OS are susceptible to ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0251 (A NULL Pointer Dereference vulnerability in the Captive Portal Content ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0250 (In segment routing traffic engineering (SRTE) environments where the B ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0249 (On SRX Series devices configured with UTM services a buffer overflow v ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0248 (This issue is not applicable to NFX NextGen Software. On NFX Series de ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0247 (A Race Condition (Concurrent Execution using Shared Resource with Impr ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0246 (On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0245 (A Use of Hard-coded Credentials vulnerability in Juniper Networks Juno ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0244 (A signal handler race condition exists in the Layer 2 Address Learning ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0243 (Improper Handling of Unexpected Data in the firewall policer of Junipe ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0242 (A vulnerability due to the improper handling of direct memory access ( ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0241 (On Juniper Networks Junos OS platforms configured as DHCPv6 local serv ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0240 (On Juniper Networks Junos OS platforms configured as DHCPv6 local serv ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0239 (In Juniper Networks Junos OS Evolved, receipt of a stream of specific ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0238 (When a MX Series is configured as a Broadband Network Gateway (BNG) ba ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0237 (On Juniper Networks EX4300-MP Series, EX4600 Series, EX4650 Series, QF ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0236 (Due to an improper check for unusual or exceptional conditions in Juni ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0235 (On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0234 (Due to an improper Initialization vulnerability on Juniper Networks Ju ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0233 (A vulnerability in Juniper Networks Junos OS ACX500 Series, ACX4000 Se ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0232 (An authentication bypass vulnerability in the Juniper Networks Paragon ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0231 (A path traversal vulnerability in the Juniper Networks SRX and vSRX Se ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0230 (On Juniper Networks SRX Series devices with link aggregation (lag) con ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0229 (An uncontrolled resource consumption vulnerability in Message Queue Te ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0228 (An improper check for unusual or exceptional conditions vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0227 (An improper restriction of operations within the bounds of a memory bu ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0226 (On Juniper Networks Junos OS Evolved devices, receipt of a specific IP ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0225 (An Improper Check for Unusual or Exceptional Conditions in Juniper Net ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0224 (A vulnerability in the handling of internal resources necessary to bri ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0223 (A local privilege escalation vulnerability in telnetd.real of Juniper ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0222 (A vulnerability in Juniper Networks Junos OS allows an attacker to cau ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0221 (In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0220 (The Junos Space Network Management Platform has been found to store sh ...)
+ NOT-FOR-US: Junos Space Network Management Platform
+CVE-2021-0219 (A command injection vulnerability in install package validation subsys ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0218 (A command injection vulnerability in the license-check daemon of Junip ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0217 (A vulnerability in processing of certain DHCP packets from adjacent cl ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0216 (A vulnerability in Juniper Networks Junos OS running on the ACX5448 an ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0215 (On Juniper Networks Junos EX series, QFX Series, MX Series and SRX bra ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0214 (A vulnerability in the distributed or centralized periodic packet mana ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0213
+ RESERVED
+CVE-2021-0212 (An Information Exposure vulnerability in Juniper Networks Contrail Net ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0211 (An improper check for unusual or exceptional conditions in Juniper Net ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0210 (An Information Exposure vulnerability in J-Web of Juniper Networks Jun ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0209 (In Juniper Networks Junos OS Evolved an attacker sending certain valid ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0208 (An improper input validation vulnerability in the Routing Protocol Dae ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0207 (An improper interpretation conflict of certain data between certain so ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0206 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0205 (When the "Intrusion Detection Service" (IDS) feature is configured on ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0204 (A sensitive information disclosure vulnerability in delta-export confi ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0203 (On Juniper Networks EX and QFX5K Series platforms configured with Redu ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0202 (On Juniper Networks MX Series and EX9200 Series platforms with Trio-ba ...)
+ NOT-FOR-US: Juniper
+CVE-2021-0201
+ RESERVED
+CVE-2021-0200 (Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series C ...)
+ NOT-FOR-US: Intel
+CVE-2021-0199 (Improper input validation in the firmware for the Intel(R) Ethernet Ne ...)
+ NOT-FOR-US: Intel
+CVE-2021-0198 (Improper access control in the firmware for the Intel(R) Ethernet Netw ...)
+ NOT-FOR-US: Intel
+CVE-2021-0197 (Protection mechanism failure in the firmware for the Intel(R) Ethernet ...)
+ NOT-FOR-US: Intel
+CVE-2021-0196 (Improper access control in kernel mode driver for some Intel(R) NUC 9 ...)
+ NOT-FOR-US: Intel
+CVE-2021-0195
+ RESERVED
+CVE-2021-0194
+ RESERVED
+CVE-2021-0193
+ RESERVED
+CVE-2021-0192
+ RESERVED
+CVE-2021-0191
+ RESERVED
+CVE-2021-0190
+ RESERVED
+CVE-2021-0189
+ RESERVED
+CVE-2021-0188
+ RESERVED
+CVE-2021-0187
+ RESERVED
+CVE-2021-0186 (Improper input validation in the Intel(R) SGX SDK applications compile ...)
+ NOT-FOR-US: Intel
+CVE-2021-0185
+ RESERVED
+CVE-2021-0184
+ RESERVED
+CVE-2021-0183 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0182 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...)
+ NOT-FOR-US: Intel Hardware Accelerated Execution Manager
+CVE-2021-0181
+ RESERVED
+CVE-2021-0180 (Uncontrolled resource consumption in the Intel(R) HAXM software before ...)
+ NOT-FOR-US: Intel Hardware Accelerated Execution Manager
+CVE-2021-0179 (Improper Use of Validation Framework in software for Intel(R) PROSet/W ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0178 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0177 (Improper Validation of Consistency within input in software for Intel( ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0176 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0175 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0174 (Improper Use of Validation Framework in firmware for some Intel(R) PRO ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0173 (Improper Validation of Consistency within input in firmware for some I ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0172 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0171 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0170 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0169 (Uncontrolled Search Path Element in software for Intel(R) PROSet/Wirel ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0168 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0167 (Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0166 (Exposure of Sensitive Information to an Unauthorized Actor in firmware ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0165 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0164 (Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0163 (Improper Validation of Consistency within input in software for Intel( ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0162 (Improper input validation in software for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0161 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0160 (Uncontrolled search path in some Intel(R) NUC Pro Chassis Element Aver ...)
+ NOT-FOR-US: Intel
+CVE-2021-0159
+ RESERVED
+CVE-2021-0158 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...)
+ NOT-FOR-US: Intel
+CVE-2021-0157 (Insufficient control flow management in the BIOS firmware for some Int ...)
+ NOT-FOR-US: Intel
+CVE-2021-0156 (Improper input validation in the firmware for some Intel(R) Processors ...)
+ TODO: check
+CVE-2021-0155
+ RESERVED
+CVE-2021-0154
+ RESERVED
+CVE-2021-0153
+ RESERVED
+CVE-2021-0152 (Improper verification of cryptographic signature in the installer for ...)
+ NOT-FOR-US: Intel
+CVE-2021-0151 (Improper access control in the installer for some Intel(R) Wireless Bl ...)
+ NOT-FOR-US: Intel
+CVE-2021-0150
+ RESERVED
+CVE-2021-0149
+ RESERVED
+CVE-2021-0148 (Insertion of information into log file in firmware for some Intel(R) S ...)
+ NOT-FOR-US: Intel
+CVE-2021-0147 (Improper locking in the Power Management Controller (PMC) for some Int ...)
+ NOT-FOR-US: Intel
+CVE-2021-0146 (Hardware allows activation of test or debug logic at runtime for some ...)
+ - intel-microcode <unfixed>
+ [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+ [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
+ NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
+CVE-2021-0145 (Improper initialization of shared resources in some Intel(R) Processor ...)
+ - intel-microcode <unfixed>
+ [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+ [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00561.html
+ NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/fast-store-forwarding-predictor.html
+CVE-2021-0144 (Insecure default variable initialization for the Intel BSSA DFT featur ...)
+ NOT-FOR-US: Intel
+CVE-2021-0143 (Improper permissions in the installer for the Intel(R) Brand Verificat ...)
+ NOT-FOR-US: Intel
+CVE-2021-0142
+ RESERVED
+CVE-2021-0141
+ RESERVED
+CVE-2021-0140
+ RESERVED
+CVE-2021-0139
+ RESERVED
+CVE-2021-0138
+ RESERVED
+CVE-2021-0137
+ RESERVED
+CVE-2021-0136
+ RESERVED
+CVE-2021-0135 (Improper input validation in the Intel(R) Ethernet Diagnostic Driver f ...)
+ NOT-FOR-US: Intel
+CVE-2021-0134 (Improper input validation in an API for the Intel(R) Security Library ...)
+ NOT-FOR-US: Intel
+CVE-2021-0133 (Key exchange without entity authentication in the Intel(R) Security Li ...)
+ NOT-FOR-US: Intel
+CVE-2021-0132 (Missing release of resource after effective lifetime in an API for the ...)
+ NOT-FOR-US: Intel
+CVE-2021-0131 (Use of cryptographically weak pseudo-random number generator (PRNG) in ...)
+ NOT-FOR-US: Intel
+CVE-2021-0130
+ RESERVED
+CVE-2021-0129 (Improper access control in BlueZ may allow an authenticated user to po ...)
+ {DSA-4951-1 DLA-2692-1 DLA-2690-1 DLA-2689-1}
+ - bluez 5.55-3.1 (bug #989614)
+ - linux 5.10.40-1
+ [buster] - linux 4.19.194-1
+ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738
+ NOTE: https://git.kernel.org/linus/6d19628f539fccf899298ff02ee4c73e4bf6df3f
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
+CVE-2021-0128
+ RESERVED
+CVE-2021-0127 (Insufficient control flow management in some Intel(R) Processors may a ...)
+ - intel-microcode <unfixed>
+ [bullseye] - intel-microcode <postponed> (Wait until exposed in unstable; tendency to point release)
+ [buster] - intel-microcode <postponed> (Wait until exposed in unstable; tendency point release)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html
+ NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220207
+CVE-2021-0126
+ RESERVED
+CVE-2021-0125 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0124 (Improper access control in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0123
+ RESERVED
+CVE-2021-0122
+ RESERVED
+CVE-2021-0121 (Improper access control in the installer for some Intel(R) Iris(R) Xe ...)
+ NOT-FOR-US: Intel
+CVE-2021-0120 (Improper initialization in the installer for some Intel(R) Graphics DC ...)
+ NOT-FOR-US: Intel
+CVE-2021-0119 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0118 (Out-of-bounds read in the firmware for some Intel(R) Processors may al ...)
+ TODO: check
+CVE-2021-0117 (Pointer issues in the firmware for some Intel(R) Processors may allow ...)
+ TODO: check
+CVE-2021-0116 (Out-of-bounds write in the firmware for some Intel(R) Processors may a ...)
+ TODO: check
+CVE-2021-0115 (Buffer overflow in the firmware for some Intel(R) Processors may allow ...)
+ TODO: check
+CVE-2021-0114 (Unchecked return value in the firmware for some Intel(R) Processors ma ...)
+ NOT-FOR-US: Intel
+CVE-2021-0113 (Out of bounds write in the BMC firmware for Intel(R) Server Board M10J ...)
+ NOT-FOR-US: Intel
+CVE-2021-0112 (Unquoted service path in the Intel Unite(R) Client for Windows before ...)
+ NOT-FOR-US: Intel
+CVE-2021-0111 (NULL pointer dereference in the firmware for some Intel(R) Processors ...)
+ TODO: check
+CVE-2021-0110 (Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH D ...)
+ NOT-FOR-US: Intel
+CVE-2021-0109 (Insecure inherited permissions for the Intel(R) SOC driver package for ...)
+ NOT-FOR-US: Intel
+CVE-2021-0108 (Uncontrolled search path in the Intel Unite(R) Client for Windows befo ...)
+ NOT-FOR-US: Intel
+CVE-2021-0107 (Unchecked return value in the firmware for some Intel(R) Processors ma ...)
+ TODO: check
+CVE-2021-0106 (Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent ...)
+ NOT-FOR-US: Intel
+CVE-2021-0105 (Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi d ...)
+ NOT-FOR-US: Intel
+CVE-2021-0104 (Uncontrolled search path element in the installer for the Intel(R) Rap ...)
+ NOT-FOR-US: Intel
+CVE-2021-0103 (Insufficient control flow management in the firmware for some Intel(R) ...)
+ TODO: check
+CVE-2021-0102 (Insecure inherited permissions in the Intel Unite(R) Client for Window ...)
+ NOT-FOR-US: Intel
+CVE-2021-0101 (Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB ...)
+ NOT-FOR-US: Intel
+CVE-2021-0100 (Incorrect default permissions in the installer for the Intel(R) SSD Da ...)
+ NOT-FOR-US: Intel
+CVE-2021-0099 (Insufficient control flow management in the firmware for some Intel(R) ...)
+ TODO: check
+CVE-2021-0098 (Improper access control in the Intel Unite(R) Client for Windows befor ...)
+ NOT-FOR-US: Intel
+CVE-2021-0097 (Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB ...)
+ NOT-FOR-US: Intel
+CVE-2021-0096 (Improper authentication in the software installer for the Intel(R) NUC ...)
+ NOT-FOR-US: Intel
+CVE-2021-0095 (Improper initialization in the firmware for some Intel(R) Processors m ...)
+ NOT-FOR-US: Intel
+CVE-2021-0094 (Improper link resolution before file access in Intel(R) DSA before ver ...)
+ NOT-FOR-US: Intel
+CVE-2021-0093 (Incorrect default permissions in the firmware for some Intel(R) Proces ...)
+ TODO: check
+CVE-2021-0092 (Improper access control in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0091 (Improper access control in the firmware for some Intel(R) Processors m ...)
+ TODO: check
+CVE-2021-0090 (Uncontrolled search path element in Intel(R) DSA before version 20.11. ...)
+ NOT-FOR-US: Intel
+CVE-2021-0089 (Observable response discrepancy in some Intel(R) Processors may allow ...)
+ {DSA-4931-1}
+ - xen 4.14.2+25-gb6a8c4f72d-1
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-375.html
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html
+CVE-2021-0088
+ RESERVED
+CVE-2021-0087
+ RESERVED
+CVE-2021-0086 (Observable response discrepancy in floating-point operations for some ...)
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html
+ NOTE: Claimed to not affect Xen, Cf. https://xenbits.xen.org/xsa/advisory-375.html in
+ NOTE: ("NOTE CONCERNING CVE-2021-0086 / CVE-2021-26314").
+ NOT-FOR-US: Intel
+CVE-2021-0085
+ RESERVED
+CVE-2021-0084 (Improper input validation in the Intel(R) Ethernet Controllers X722 an ...)
+ NOT-FOR-US: Intel
+CVE-2021-0083 (Improper input validation in some Intel(R) Optane(TM) PMem versions be ...)
+ NOT-FOR-US: Intel
+CVE-2021-0082 (Uncontrolled search path in software installer for Intel(R) PROSet/Wir ...)
+ NOT-FOR-US: Intel
+CVE-2021-0081
+ RESERVED
+CVE-2021-0080
+ RESERVED
+CVE-2021-0079 (Improper input validation in software for some Intel(R) PROSet/Wireles ...)
+ NOT-FOR-US: Intel
+CVE-2021-0078 (Improper input validation in software for some Intel(R) PROSet/Wireles ...)
+ NOT-FOR-US: Intel
+CVE-2021-0077 (Insecure inherited permissions in the installer for the Intel(R) VTune ...)
+ NOT-FOR-US: Intel
+CVE-2021-0076 (Improper Validation of Specified Index, Position, or Offset in Input i ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0075 (Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi ...)
+ NOT-FOR-US: Intel
+CVE-2021-0074 (Improper permissions in the installer for the Intel(R) Computing Impro ...)
+ NOT-FOR-US: Intel
+CVE-2021-0073 (Insufficient control flow management in Intel(R) DSA before version 20 ...)
+ NOT-FOR-US: Intel
+CVE-2021-0072 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0071 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ NOT-FOR-US: Intel
+CVE-2021-0070 (Improper input validation in the BMC firmware for Intel(R) Server Boar ...)
+ NOT-FOR-US: Intel
+CVE-2021-0069 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ NOT-FOR-US: Intel
+CVE-2021-0068
+ RESERVED
+CVE-2021-0067 (&amp;nbsp;Improper access control in system firmware for some Intel(R) ...)
+ NOT-FOR-US: Intel
+CVE-2021-0066 (Improper input validation in firmware for Intel(R) PROSet/Wireless Wi- ...)
+ - firmware-nonfree <unfixed>
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html
+ TODO: check, research in kernel-team; unclear in which firmware version fixed for firmware-nonfree
+CVE-2021-0065 (Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi sof ...)
+ NOT-FOR-US: Intel
+CVE-2021-0064 (Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi so ...)
+ NOT-FOR-US: Intel
+CVE-2021-0063 (Improper input validation in firmware for some Intel(R) PROSet/Wireles ...)
+ NOT-FOR-US: Intel
+CVE-2021-0062 (Improper input validation in some Intel(R) Graphics Drivers before ver ...)
+ NOT-FOR-US: Intel drivers for Windows
+CVE-2021-0061 (Improper initialization in some Intel(R) Graphics Driver before versio ...)
+ NOT-FOR-US: Intel drivers for Windows
+CVE-2021-0060 (Insufficient compartmentalization in HECI subsystem for the Intel(R) S ...)
+ NOT-FOR-US: Intel
+CVE-2021-0059
+ RESERVED
+CVE-2021-0058 (Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Drive ...)
+ NOT-FOR-US: Intel
+CVE-2021-0057 (Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pac ...)
+ NOT-FOR-US: Intel
+CVE-2021-0056 (Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Dri ...)
+ NOT-FOR-US: Intel
+CVE-2021-0055 (Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop ...)
+ NOT-FOR-US: Intel
+CVE-2021-0054 (Improper buffer restrictions in system firmware for some Intel(R) NUCs ...)
+ NOT-FOR-US: Intel
+CVE-2021-0053 (Improper initialization in firmware for some Intel(R) PROSet/Wireless ...)
+ NOT-FOR-US: Intel
+CVE-2021-0052 (Incorrect default privileges in the Intel(R) Computing Improvement Pro ...)
+ NOT-FOR-US: Intel
+CVE-2021-0051 (Improper input validation in the Intel(R) SPS versions before SPS_E5_0 ...)
+ NOT-FOR-US: Intel
+CVE-2021-0050
+ RESERVED
+CVE-2021-0049
+ RESERVED
+CVE-2021-0048
+ RESERVED
+CVE-2021-0047
+ RESERVED
+CVE-2021-0046
+ RESERVED
+CVE-2021-0045
+ RESERVED
+CVE-2021-0044
+ RESERVED
+CVE-2021-0043
+ RESERVED
+CVE-2021-0042
+ RESERVED
+CVE-2021-0041
+ RESERVED
+CVE-2021-0040
+ RESERVED
+CVE-2021-0039
+ RESERVED
+CVE-2021-0038
+ RESERVED
+CVE-2021-0037
+ RESERVED
+CVE-2021-0036
+ RESERVED
+CVE-2021-0035
+ RESERVED
+CVE-2021-0034
+ RESERVED
+CVE-2021-0033
+ RESERVED
+CVE-2021-0032
+ RESERVED
+CVE-2021-0031
+ RESERVED
+CVE-2021-0030
+ RESERVED
+CVE-2021-0029
+ RESERVED
+CVE-2021-0028
+ RESERVED
+CVE-2021-0027
+ RESERVED
+CVE-2021-0026
+ RESERVED
+CVE-2021-0025
+ RESERVED
+CVE-2021-0024
+ RESERVED
+CVE-2021-0023
+ RESERVED
+CVE-2021-0022
+ RESERVED
+CVE-2021-0021
+ RESERVED
+CVE-2021-0020
+ RESERVED
+CVE-2021-0019
+ RESERVED
+CVE-2021-0018
+ RESERVED
+CVE-2021-0017
+ RESERVED
+CVE-2021-0016
+ RESERVED
+CVE-2021-0015
+ RESERVED
+CVE-2021-0014
+ RESERVED
+CVE-2021-0013 (Improper input validation for Intel(R) EMA before version 1.5.0 may al ...)
+ NOT-FOR-US: Intel
+CVE-2021-0012 (Use after free in some Intel(R) Graphics Driver before version 27.20.1 ...)
+ NOT-FOR-US: Intel drivers for Windows
+CVE-2021-0011
+ RESERVED
+CVE-2021-0010
+ RESERVED
+CVE-2021-0009 (Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 ...)
+ NOT-FOR-US: Intel
+CVE-2021-0008 (Uncontrolled resource consumption in firmware for Intel(R) Ethernet Ad ...)
+ NOT-FOR-US: Intel
+CVE-2021-0007 (Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Seri ...)
+ NOT-FOR-US: Intel
+CVE-2021-0006 (Improper conditions check in firmware for Intel(R) Ethernet Adapters 8 ...)
+ NOT-FOR-US: Intel
+CVE-2021-0005 (Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Seri ...)
+ NOT-FOR-US: Intel
+CVE-2021-0004 (Improper buffer restrictions in the firmware of Intel(R) Ethernet Adap ...)
+ NOT-FOR-US: Intel
+CVE-2021-0003 (Improper conditions check in some Intel(R) Ethernet Controllers 800 se ...)
+ NOT-FOR-US: Intel
+CVE-2021-0002 (Improper conditions check in some Intel(R) Ethernet Controllers 800 se ...)
+ NOT-FOR-US: Intel
+CVE-2021-0001 (Observable timing discrepancy in Intel(R) IPP before version 2020 upda ...)
+ NOT-FOR-US: Intel
+CVE-2021-3409 (The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffectiv ...)
+ {DLA-2623-1}
+ - qemu 1:5.2+dfsg-10 (bug #986795)
+ [buster] - qemu <not-affected> (CVE-2020-17380/CVE-2020-25085 weren't backported to Buster)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1928146
+ NOTE: https://www.openwall.com/lists/oss-security/2021/03/09/1
+ NOTE: New patch series: https://lists.nongnu.org/archive/html/qemu-devel/2021-03/msg00949.html
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b263d8f928001b5cfa2a993ea43b7a5b3a1811e8
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8be45cc947832b3c02144c9d52921f499f2d77fe
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=bc6f28995ff88f5d82c38afcfd65406f0ae375aa
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5cd7aa3451b76bb19c0f6adc2b931f091e5d7fcd
+ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=cffb446e8fd19a14e1634c7a3a8b07be3f01d5c9
+CVE-2021-28375 (An issue was discovered in the Linux kernel through 5.11.6. fastrpc_in ...)
+ - linux 5.10.24-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6 (5.12-rc3)
+ NOTE: https://lore.kernel.org/stable/YD03ew7+6v0XPh6l@kroah.com
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
new file mode 100644
index 0000000000..d065e0189f
--- /dev/null
+++ b/data/CVE/2022.list
@@ -0,0 +1,13963 @@
+CVE-2022-25643
+ RESERVED
+CVE-2022-25642
+ RESERVED
+CVE-2022-25641
+ RESERVED
+CVE-2022-25640
+ RESERVED
+CVE-2022-25639
+ RESERVED
+CVE-2022-25638
+ RESERVED
+CVE-2022-25637
+ RESERVED
+CVE-2022-25635
+ RESERVED
+CVE-2022-25634
+ RESERVED
+CVE-2022-25633
+ RESERVED
+CVE-2022-25632
+ RESERVED
+CVE-2022-25631
+ RESERVED
+CVE-2022-25630
+ RESERVED
+CVE-2022-25629
+ RESERVED
+CVE-2022-25628
+ RESERVED
+CVE-2022-25627
+ RESERVED
+CVE-2022-25626
+ RESERVED
+CVE-2022-25625
+ RESERVED
+CVE-2022-25624
+ RESERVED
+CVE-2022-25623
+ RESERVED
+CVE-2022-25325
+ RESERVED
+CVE-2022-25234
+ RESERVED
+CVE-2022-25230
+ RESERVED
+CVE-2022-21219
+ RESERVED
+CVE-2022-21124
+ RESERVED
+CVE-2022-0717
+ RESERVED
+CVE-2022-0716
+ RESERVED
+CVE-2022-0715
+ RESERVED
+CVE-2022-0714
+ RESERVED
+CVE-2022-0713
+ RESERVED
+CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 a ...)
+ - linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2
+CVE-2022-25622
+ RESERVED
+CVE-2022-25621
+ RESERVED
+CVE-2022-25620
+ RESERVED
+CVE-2022-25619
+ RESERVED
+CVE-2022-25618
+ RESERVED
+CVE-2022-25617
+ RESERVED
+CVE-2022-25616
+ RESERVED
+CVE-2022-25615
+ RESERVED
+CVE-2022-25614
+ RESERVED
+CVE-2022-25613
+ RESERVED
+CVE-2022-25612
+ RESERVED
+CVE-2022-25611
+ RESERVED
+CVE-2022-25610
+ RESERVED
+CVE-2022-25609
+ RESERVED
+CVE-2022-25608
+ RESERVED
+CVE-2022-25607
+ RESERVED
+CVE-2022-25606
+ RESERVED
+CVE-2022-25605
+ RESERVED
+CVE-2022-25604
+ RESERVED
+CVE-2022-25603
+ RESERVED
+CVE-2022-25602
+ RESERVED
+CVE-2022-25601
+ RESERVED
+CVE-2022-25600
+ RESERVED
+CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to event delet ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-25598
+ RESERVED
+CVE-2022-0712
+ RESERVED
+CVE-2022-0711
+ RESERVED
+CVE-2022-0710
+ RESERVED
+CVE-2022-0709
+ RESERVED
+CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...)
+ TODO: check
+CVE-2022-0707
+ RESERVED
+CVE-2022-0706
+ RESERVED
+CVE-2022-0705
+ RESERVED
+CVE-2022-0704
+ RESERVED
+CVE-2022-0703
+ RESERVED
+CVE-2022-0702
+ RESERVED
+CVE-2022-0701
+ RESERVED
+CVE-2022-0700
+ RESERVED
+CVE-2022-0699
+ RESERVED
+CVE-2022-25597
+ RESERVED
+CVE-2022-25596
+ RESERVED
+CVE-2022-25595
+ RESERVED
+CVE-2022-25594
+ RESERVED
+CVE-2022-25593
+ RESERVED
+CVE-2022-25592
+ RESERVED
+CVE-2022-25591
+ RESERVED
+CVE-2022-25590
+ RESERVED
+CVE-2022-25589
+ RESERVED
+CVE-2022-25588
+ RESERVED
+CVE-2022-25587
+ RESERVED
+CVE-2022-25586
+ RESERVED
+CVE-2022-25585
+ RESERVED
+CVE-2022-25584
+ RESERVED
+CVE-2022-25583
+ RESERVED
+CVE-2022-25582
+ RESERVED
+CVE-2022-25581
+ RESERVED
+CVE-2022-25580
+ RESERVED
+CVE-2022-25579
+ RESERVED
+CVE-2022-25578
+ RESERVED
+CVE-2022-25577
+ RESERVED
+CVE-2022-25576
+ RESERVED
+CVE-2022-25575
+ RESERVED
+CVE-2022-25574
+ RESERVED
+CVE-2022-25573
+ RESERVED
+CVE-2022-25572
+ RESERVED
+CVE-2022-25571
+ RESERVED
+CVE-2022-25570
+ RESERVED
+CVE-2022-25569
+ RESERVED
+CVE-2022-25568
+ RESERVED
+CVE-2022-25567
+ RESERVED
+CVE-2022-25566
+ RESERVED
+CVE-2022-25565
+ RESERVED
+CVE-2022-25564
+ RESERVED
+CVE-2022-25563
+ RESERVED
+CVE-2022-25562
+ RESERVED
+CVE-2022-25561
+ RESERVED
+CVE-2022-25560
+ RESERVED
+CVE-2022-25559
+ RESERVED
+CVE-2022-25558
+ RESERVED
+CVE-2022-25557
+ RESERVED
+CVE-2022-25556
+ RESERVED
+CVE-2022-25555
+ RESERVED
+CVE-2022-25554
+ RESERVED
+CVE-2022-25553
+ RESERVED
+CVE-2022-25552
+ RESERVED
+CVE-2022-25551
+ RESERVED
+CVE-2022-25550
+ RESERVED
+CVE-2022-25549
+ RESERVED
+CVE-2022-25548
+ RESERVED
+CVE-2022-25547
+ RESERVED
+CVE-2022-25546
+ RESERVED
+CVE-2022-25545
+ RESERVED
+CVE-2022-25544
+ RESERVED
+CVE-2022-25543
+ RESERVED
+CVE-2022-25542
+ RESERVED
+CVE-2022-25541
+ RESERVED
+CVE-2022-25540
+ RESERVED
+CVE-2022-25539
+ RESERVED
+CVE-2022-25538
+ RESERVED
+CVE-2022-25537
+ RESERVED
+CVE-2022-25536
+ RESERVED
+CVE-2022-25535
+ RESERVED
+CVE-2022-25534
+ RESERVED
+CVE-2022-25533
+ RESERVED
+CVE-2022-25532
+ RESERVED
+CVE-2022-25531
+ RESERVED
+CVE-2022-25530
+ RESERVED
+CVE-2022-25529
+ RESERVED
+CVE-2022-25528
+ RESERVED
+CVE-2022-25527
+ RESERVED
+CVE-2022-25526
+ RESERVED
+CVE-2022-25525
+ RESERVED
+CVE-2022-25524
+ RESERVED
+CVE-2022-25523
+ RESERVED
+CVE-2022-25522
+ RESERVED
+CVE-2022-25521
+ RESERVED
+CVE-2022-25520
+ RESERVED
+CVE-2022-25519
+ RESERVED
+CVE-2022-25518
+ RESERVED
+CVE-2022-25517
+ RESERVED
+CVE-2022-25516
+ RESERVED
+CVE-2022-25515
+ RESERVED
+CVE-2022-25514
+ RESERVED
+CVE-2022-25513
+ RESERVED
+CVE-2022-25512
+ RESERVED
+CVE-2022-25511
+ RESERVED
+CVE-2022-25510
+ RESERVED
+CVE-2022-25509
+ RESERVED
+CVE-2022-25508
+ RESERVED
+CVE-2022-25507
+ RESERVED
+CVE-2022-25506
+ RESERVED
+CVE-2022-25505
+ RESERVED
+CVE-2022-25504
+ RESERVED
+CVE-2022-25503
+ RESERVED
+CVE-2022-25502
+ RESERVED
+CVE-2022-25501
+ RESERVED
+CVE-2022-25500
+ RESERVED
+CVE-2022-25499
+ RESERVED
+CVE-2022-25498
+ RESERVED
+CVE-2022-25497
+ RESERVED
+CVE-2022-25496
+ RESERVED
+CVE-2022-25495
+ RESERVED
+CVE-2022-25494
+ RESERVED
+CVE-2022-25493
+ RESERVED
+CVE-2022-25492
+ RESERVED
+CVE-2022-25491
+ RESERVED
+CVE-2022-25490
+ RESERVED
+CVE-2022-25489
+ RESERVED
+CVE-2022-25488
+ RESERVED
+CVE-2022-25487
+ RESERVED
+CVE-2022-25486
+ RESERVED
+CVE-2022-25485
+ RESERVED
+CVE-2022-25484
+ RESERVED
+CVE-2022-25483
+ RESERVED
+CVE-2022-25482
+ RESERVED
+CVE-2022-25481
+ RESERVED
+CVE-2022-25480
+ RESERVED
+CVE-2022-25479
+ RESERVED
+CVE-2022-25478
+ RESERVED
+CVE-2022-25477
+ RESERVED
+CVE-2022-25476
+ RESERVED
+CVE-2022-25475
+ RESERVED
+CVE-2022-25474
+ RESERVED
+CVE-2022-25473
+ RESERVED
+CVE-2022-25472
+ RESERVED
+CVE-2022-25471
+ RESERVED
+CVE-2022-25470
+ RESERVED
+CVE-2022-25469
+ RESERVED
+CVE-2022-25468
+ RESERVED
+CVE-2022-25467
+ RESERVED
+CVE-2022-25466
+ RESERVED
+CVE-2022-25465
+ RESERVED
+CVE-2022-25464
+ RESERVED
+CVE-2022-25463
+ RESERVED
+CVE-2022-25462
+ RESERVED
+CVE-2022-25461
+ RESERVED
+CVE-2022-25460
+ RESERVED
+CVE-2022-25459
+ RESERVED
+CVE-2022-25458
+ RESERVED
+CVE-2022-25457
+ RESERVED
+CVE-2022-25456
+ RESERVED
+CVE-2022-25455
+ RESERVED
+CVE-2022-25454
+ RESERVED
+CVE-2022-25453
+ RESERVED
+CVE-2022-25452
+ RESERVED
+CVE-2022-25451
+ RESERVED
+CVE-2022-25450
+ RESERVED
+CVE-2022-25449
+ RESERVED
+CVE-2022-25448
+ RESERVED
+CVE-2022-25447
+ RESERVED
+CVE-2022-25446
+ RESERVED
+CVE-2022-25445
+ RESERVED
+CVE-2022-25444
+ RESERVED
+CVE-2022-25443
+ RESERVED
+CVE-2022-25442
+ RESERVED
+CVE-2022-25441
+ RESERVED
+CVE-2022-25440
+ RESERVED
+CVE-2022-25439
+ RESERVED
+CVE-2022-25438
+ RESERVED
+CVE-2022-25437
+ RESERVED
+CVE-2022-25436
+ RESERVED
+CVE-2022-25435
+ RESERVED
+CVE-2022-25434
+ RESERVED
+CVE-2022-25433
+ RESERVED
+CVE-2022-25432
+ RESERVED
+CVE-2022-25431
+ RESERVED
+CVE-2022-25430
+ RESERVED
+CVE-2022-25429
+ RESERVED
+CVE-2022-25428
+ RESERVED
+CVE-2022-25427
+ RESERVED
+CVE-2022-25426
+ RESERVED
+CVE-2022-25425
+ RESERVED
+CVE-2022-25424
+ RESERVED
+CVE-2022-25423
+ RESERVED
+CVE-2022-25422
+ RESERVED
+CVE-2022-25421
+ RESERVED
+CVE-2022-25420
+ RESERVED
+CVE-2022-25419
+ RESERVED
+CVE-2022-25418
+ RESERVED
+CVE-2022-25417
+ RESERVED
+CVE-2022-25416
+ RESERVED
+CVE-2022-25415
+ RESERVED
+CVE-2022-25414
+ RESERVED
+CVE-2022-25413
+ RESERVED
+CVE-2022-25412
+ RESERVED
+CVE-2022-25411
+ RESERVED
+CVE-2022-25410
+ RESERVED
+CVE-2022-25409
+ RESERVED
+CVE-2022-25408
+ RESERVED
+CVE-2022-25407
+ RESERVED
+CVE-2022-25406
+ RESERVED
+CVE-2022-25405
+ RESERVED
+CVE-2022-25404
+ RESERVED
+CVE-2022-25403
+ RESERVED
+CVE-2022-25402
+ RESERVED
+CVE-2022-25401
+ RESERVED
+CVE-2022-25400
+ RESERVED
+CVE-2022-25399
+ RESERVED
+CVE-2022-25398
+ RESERVED
+CVE-2022-25397
+ RESERVED
+CVE-2022-25396
+ RESERVED
+CVE-2022-25395
+ RESERVED
+CVE-2022-25394
+ RESERVED
+CVE-2022-25393
+ RESERVED
+CVE-2022-25392
+ RESERVED
+CVE-2022-25391
+ RESERVED
+CVE-2022-25390
+ RESERVED
+CVE-2022-25389
+ RESERVED
+CVE-2022-25388
+ RESERVED
+CVE-2022-25387
+ RESERVED
+CVE-2022-25386
+ RESERVED
+CVE-2022-25385
+ RESERVED
+CVE-2022-25384
+ RESERVED
+CVE-2022-25383
+ RESERVED
+CVE-2022-25382
+ RESERVED
+CVE-2022-25381
+ RESERVED
+CVE-2022-25380
+ RESERVED
+CVE-2022-25379
+ RESERVED
+CVE-2022-25378
+ RESERVED
+CVE-2022-25377
+ RESERVED
+CVE-2022-25376
+ RESERVED
+CVE-2022-25375 (An issue was discovered in drivers/usb/gadget/function/rndis.c in the ...)
+ - linux 5.16.10-1
+ NOTE: https://github.com/szymonh/rndis-co
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/1
+ NOTE: https://git.kernel.org/linus/38ea1eac7d88072bbffb630e2b3db83ca649b826 (5.17-rc4)
+CVE-2022-25374
+ RESERVED
+CVE-2022-25373
+ RESERVED
+CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local privilege e ...)
+ NOT-FOR-US: Pritunl Client
+CVE-2022-0698
+ RESERVED
+CVE-2022-0697
+ RESERVED
+CVE-2022-0696 (NULL Pointer Dereference in Conda vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/
+ NOTE: https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 (v8.2.4428)
+CVE-2022-0695
+ RESERVED
+CVE-2022-25371
+ RESERVED
+CVE-2022-25370
+ RESERVED
+CVE-2022-25355
+ RESERVED
+CVE-2022-0694
+ RESERVED
+CVE-2022-0693
+ RESERVED
+CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...)
+ NOT-FOR-US: alltube
+CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ - node-url-parse 1.5.9+~1.4.8-1
+ NOTE: https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4
+ NOTE: https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63 (1.5.9)
+CVE-2022-25369
+ RESERVED
+CVE-2022-25368
+ RESERVED
+CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
+ NOT-FOR-US: microweber
+CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/microweb ...)
+ NOT-FOR-US: microweber
+CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...)
+ NOT-FOR-US: microweber
+CVE-2022-0687
+ RESERVED
+CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ - node-url-parse 1.5.9+~1.4.8-1
+ NOTE: https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c
+ NOTE: https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5 (1.5.8)
+CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782
+ NOTE: https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87 (v8.2.4418)
+CVE-2022-0684
+ RESERVED
+CVE-2022-25367
+ RESERVED
+CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it ...)
+ NOT-FOR-US: Cryptomator
+CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to move arbitr ...)
+ NOT-FOR-US: Docker Desktop
+CVE-2022-25364
+ RESERVED
+CVE-2022-25363
+ RESERVED
+CVE-2022-25362
+ RESERVED
+CVE-2022-25361
+ RESERVED
+CVE-2022-25360
+ RESERVED
+CVE-2022-25359
+ RESERVED
+CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...)
+ NOT-FOR-US: awful-salmonella-tar
+CVE-2022-25357
+ RESERVED
+CVE-2022-25356
+ RESERVED
+CVE-2022-25344
+ RESERVED
+CVE-2022-25343
+ RESERVED
+CVE-2022-25342
+ RESERVED
+CVE-2022-25341
+ RESERVED
+CVE-2022-25340
+ RESERVED
+CVE-2022-25339
+ RESERVED
+CVE-2022-25338
+ RESERVED
+CVE-2022-24914
+ RESERVED
+CVE-2022-24436
+ RESERVED
+CVE-2022-24378
+ RESERVED
+CVE-2022-24067
+ RESERVED
+CVE-2022-23403
+ RESERVED
+CVE-2022-23182
+ RESERVED
+CVE-2022-22139
+ RESERVED
+CVE-2022-21225
+ RESERVED
+CVE-2022-21198
+ RESERVED
+CVE-2022-21183
+ RESERVED
+CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
+ NOT-FOR-US: Ibexa
+CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...)
+ NOT-FOR-US: Ibexa
+CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...)
+ NOT-FOR-US: RigoBlock Dragos
+CVE-2022-25334
+ RESERVED
+CVE-2022-25333
+ RESERVED
+CVE-2022-25332
+ RESERVED
+CVE-2022-25331
+ RESERVED
+CVE-2022-25330
+ RESERVED
+CVE-2022-25329
+ RESERVED
+CVE-2022-25328
+ RESERVED
+CVE-2022-25327
+ RESERVED
+CVE-2022-25326
+ RESERVED
+CVE-2022-23183
+ RESERVED
+CVE-2022-21179
+ RESERVED
+CVE-2022-0683
+ RESERVED
+CVE-2022-0682
+ RESERVED
+CVE-2022-0681
+ RESERVED
+CVE-2022-0680
+ RESERVED
+CVE-2022-0679
+ RESERVED
+CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
+ NOT-FOR-US: microweber
+CVE-2022-0677
+ RESERVED
+CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...)
+ NOT-FOR-US: ZEROF Web Server
+CVE-2022-25322 (ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ...)
+ NOT-FOR-US: ZEROF Web Server
+CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...)
+ NOT-FOR-US: Cerebrate
+CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...)
+ NOT-FOR-US: Cerebrate
+CVE-2022-25319 (An issue was discovered in Cerebrate through 1.4. Endpoints could be o ...)
+ NOT-FOR-US: Cerebrate
+CVE-2022-25318 (An issue was discovered in Cerebrate through 1.4. An incorrect sharing ...)
+ NOT-FOR-US: Cerebrate
+CVE-2022-25317 (An issue was discovered in Cerebrate through 1.4. genericForm allows r ...)
+ NOT-FOR-US: Cerebrate
+CVE-2022-25316
+ RESERVED
+CVE-2022-25312
+ RESERVED
+CVE-2022-21132
+ RESERVED
+CVE-2022-0676 (Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.4. ...)
+ TODO: check
+CVE-2022-0675
+ RESERVED
+CVE-2022-25315 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...)
+ - expat 2.4.5-1
+ NOTE: https://github.com/libexpat/libexpat/pull/559
+ NOTE: https://github.com/libexpat/libexpat/commit/eb0362808b4f9f1e2345a0cf203b8cc196d776d9
+CVE-2022-25314 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...)
+ - expat 2.4.5-1
+ NOTE: https://github.com/libexpat/libexpat/pull/560
+ NOTE: https://github.com/libexpat/libexpat/commit/efcb347440ade24b9f1054671e6bd05e60b4cafd
+CVE-2022-25313 (In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack ex ...)
+ - expat 2.4.5-1
+ NOTE: https://github.com/libexpat/libexpat/pull/558
+ NOTE: https://github.com/libexpat/libexpat/commit/9b4ce651b26557f16103c3a366c91934ecd439ab
+CVE-2022-25311
+ RESERVED
+CVE-2022-25310
+ RESERVED
+CVE-2022-25309
+ RESERVED
+CVE-2022-25308
+ RESERVED
+CVE-2022-25307
+ RESERVED
+CVE-2022-25306
+ RESERVED
+CVE-2022-25305
+ RESERVED
+CVE-2022-21158
+ RESERVED
+CVE-2022-0674
+ RESERVED
+CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoni ...)
+ NOT-FOR-US: LemMinX
+CVE-2022-0672 (A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redi ...)
+ NOT-FOR-US: LemMinX
+CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schema dow ...)
+ TODO: check
+CVE-2022-0670
+ RESERVED
+CVE-2022-0669
+ RESERVED
+CVE-2022-0668
+ RESERVED
+CVE-2022-0667
+ RESERVED
+CVE-2022-0666 (CRLF Injection leads to Stack Trace Exposure due to lack of filtering ...)
+ NOT-FOR-US: microweber
+CVE-2022-0665
+ RESERVED
+CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker ...)
+ NOT-FOR-US: Go github.com/gravitl/netmaker
+CVE-2022-0663
+ RESERVED
+CVE-2022-0662
+ RESERVED
+CVE-2022-0661
+ RESERVED
+CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...)
+ NOT-FOR-US: microweber
+CVE-2022-0659
+ RESERVED
+CVE-2022-0658
+ RESERVED
+CVE-2022-0657
+ RESERVED
+CVE-2022-0656
+ RESERVED
+CVE-2022-XXXX [Arbitrary File Write Vulnerability ]
+ - libpgjava 42.3.3-1
+ NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
+ NOTE: https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 (REL42.3.3-rc1)
+CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe handl ...)
+ TODO: check
+CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is possible ...)
+ NOT-FOR-US: webcc
+CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. The unsa ...)
+ TODO: check
+CVE-2022-25296
+ RESERVED
+CVE-2022-25295
+ RESERVED
+CVE-2022-25294
+ RESERVED
+CVE-2022-25293
+ RESERVED
+CVE-2022-25292
+ RESERVED
+CVE-2022-25291
+ RESERVED
+CVE-2022-25290
+ RESERVED
+CVE-2022-25289
+ RESERVED
+CVE-2022-25288
+ RESERVED
+CVE-2022-25287
+ RESERVED
+CVE-2022-25286
+ RESERVED
+CVE-2022-25285
+ RESERVED
+CVE-2022-25284
+ RESERVED
+CVE-2022-25283
+ RESERVED
+CVE-2022-25282
+ RESERVED
+CVE-2022-25281
+ RESERVED
+CVE-2022-25280
+ RESERVED
+CVE-2022-25279
+ RESERVED
+CVE-2022-25278
+ RESERVED
+CVE-2022-25277
+ RESERVED
+CVE-2022-25276
+ RESERVED
+CVE-2022-25275
+ RESERVED
+CVE-2022-25274
+ RESERVED
+CVE-2022-25273
+ RESERVED
+CVE-2022-25272
+ RESERVED
+CVE-2022-25270 (The Quick Edit module does not properly check entity access in some ci ...)
+ NOT-FOR-US: Drupal 9.x
+CVE-2022-25269
+ RESERVED
+CVE-2022-25268
+ RESERVED
+CVE-2022-25267
+ RESERVED
+CVE-2022-25266
+ RESERVED
+CVE-2022-25265 (In the Linux kernel through 5.16.10, certain binary files may have the ...)
+ - linux <unfixed>
+ NOTE: https://github.com/x0reaxeax/exec-prot-bypass
+CVE-2022-25264
+ RESERVED
+CVE-2022-25263
+ RESERVED
+CVE-2022-25262
+ RESERVED
+CVE-2022-25261
+ RESERVED
+CVE-2022-25260
+ RESERVED
+CVE-2022-25259
+ RESERVED
+CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in the Linux ...)
+ - linux 5.16.10-1
+ NOTE: https://github.com/szymonh/d-os-descriptor
+ NOTE: https://git.kernel.org/linus/75e5b4849b81e19e9efe1654b30d7f3151c33c2c (5.17-rc4)
+CVE-2022-0655
+ RESERVED
+CVE-2022-0654
+ RESERVED
+CVE-2022-0653
+ RESERVED
+CVE-2022-0652
+ RESERVED
+CVE-2022-0651
+ RESERVED
+CVE-2022-0650
+ RESERVED
+CVE-2022-0649
+ RESERVED
+CVE-2022-25257
+ RESERVED
+CVE-2022-25256 (SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRend ...)
+ NOT-FOR-US: SAS Web Report Studio
+CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...)
+ - qt6-base <unfixed>
+ - qtbase-opensource-src 5.15.2+dfsg-15
+ - qtbase-opensource-src-gles <unfixed>
+ NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/393113
+ NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/394914
+ NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/396020
+ NOTE: https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff
+ NOTE: https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff
+CVE-2022-25254
+ RESERVED
+CVE-2022-25253
+ RESERVED
+CVE-2022-25252
+ RESERVED
+CVE-2022-25251
+ RESERVED
+CVE-2022-25250
+ RESERVED
+CVE-2022-25249
+ RESERVED
+CVE-2022-25248
+ RESERVED
+CVE-2022-25247
+ RESERVED
+CVE-2022-25246
+ RESERVED
+CVE-2022-24374
+ RESERVED
+CVE-2022-23916
+ RESERVED
+CVE-2022-23810
+ RESERVED
+CVE-2022-21142
+ RESERVED
+CVE-2022-0648
+ RESERVED
+CVE-2022-0647
+ RESERVED
+CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...)
+ - linux <unfixed>
+ NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/
+CVE-2022-0645
+ RESERVED
+CVE-2022-0644 [vfs: check fd has read access in kernel_read_file_from_fd()]
+ RESERVED
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ [stretch] - linux 4.9.290-1
+ NOTE: https://git.kernel.org/linus/032146cda85566abcd1c4884d9d23e4e30a07e9a (5.15-rc7)
+CVE-2022-0643
+ RESERVED
+CVE-2022-0642
+ RESERVED
+CVE-2022-0641
+ RESERVED
+CVE-2022-0640
+ RESERVED
+CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ - node-url-parse 1.5.7-1
+ [bullseye] - node-url-parse <no-dsa> (Minor issue)
+ [buster] - node-url-parse <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
+ NOTE: https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788 (1.5.7)
+CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
+ NOT-FOR-US: microweber
+CVE-2022-0637
+ RESERVED
+CVE-2022-0636
+ RESERVED
+CVE-2022-0635
+ RESERVED
+CVE-2022-0634
+ RESERVED
+CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0632 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/3e5bb8f6-30fd-4553-86dd-761e9459ce1b
+ NOTE: https://github.com/mruby/mruby/commit/44f591aa8f7091e6ca6cb418e428ae6d4ceaf77d
+CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/9bdc49ca-6697-4adc-a785-081e1961bf40
+ NOTE: https://github.com/mruby/mruby/commit/47068ae07a5fa3aa9a1879cdfe98a9ce0f339299
+CVE-2022-0630 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32
+ NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
+CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/
+ NOTE: https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc (v8.2.4397)
+CVE-2022-0628
+ RESERVED
+CVE-2022-0627
+ RESERVED
+CVE-2022-0626
+ RESERVED
+CVE-2022-0625
+ RESERVED
+CVE-2022-0624
+ RESERVED
+CVE-2022-25271 (Drupal core's form API has a vulnerability where certain contributed o ...)
+ {DLA-2925-1}
+ - drupal7 <removed>
+ NOTE: https://www.drupal.org/sa-core-2022-003
+ NOTE: https://git.drupalcode.org/project/drupal/-/commit/43c757167380643b5f73287a63a8739731a5b712
+CVE-2022-25245
+ RESERVED
+CVE-2022-25244
+ RESERVED
+CVE-2022-25243
+ RESERVED
+CVE-2022-25242 (In FileCloud before 21.3, file upload is not protected against Cross-S ...)
+ NOT-FOR-US: FileCloud
+CVE-2022-25241 (In FileCloud before 21.3, the CSV user import functionality is vulnera ...)
+ NOT-FOR-US: FileCloud
+CVE-2022-25240
+ RESERVED
+CVE-2022-25239
+ RESERVED
+CVE-2022-25238
+ RESERVED
+CVE-2022-25237
+ RESERVED
+CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...)
+ - expat 2.4.5-1 (bug #1005895)
+ NOTE: https://github.com/libexpat/libexpat/pull/561
+ NOTE: https://github.com/libexpat/libexpat/commit/6881a4fc8596307ab9ff2e85e605afa2e413ab71
+ NOTE: https://github.com/libexpat/libexpat/commit/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4
+ NOTE: https://github.com/libexpat/libexpat/commit/2de077423fb22750ebea599677d523b53cb93b1d
+CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid ...)
+ - expat 2.4.5-1 (bug #1005894)
+ NOTE: https://github.com/libexpat/libexpat/pull/562
+ NOTE: https://github.com/libexpat/libexpat/commit/ee2a5b50e7d1940ba8745715b62ceb9efd3a96da
+ NOTE: https://github.com/libexpat/libexpat/commit/3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6
+ NOTE: https://github.com/libexpat/libexpat/commit/c85a3025e7a1be086dc34e7559fbc543914d047f
+ NOTE: https://github.com/libexpat/libexpat/commit/6a5510bc6b7efe743356296724e0b38300f05379
+CVE-2022-25229
+ RESERVED
+CVE-2022-25228
+ RESERVED
+CVE-2022-25227
+ RESERVED
+CVE-2022-25226
+ RESERVED
+CVE-2022-25225
+ RESERVED
+CVE-2022-25224
+ RESERVED
+CVE-2022-25223
+ RESERVED
+CVE-2022-25222
+ RESERVED
+CVE-2022-25221
+ RESERVED
+CVE-2022-25220
+ RESERVED
+CVE-2022-25219
+ RESERVED
+CVE-2022-25218
+ RESERVED
+CVE-2022-25217
+ RESERVED
+CVE-2022-25216
+ RESERVED
+CVE-2022-25215
+ RESERVED
+CVE-2022-25214
+ RESERVED
+CVE-2022-25213
+ RESERVED
+CVE-2022-24915
+ RESERVED
+CVE-2022-24432
+ RESERVED
+CVE-2022-22985
+ RESERVED
+CVE-2022-21146
+ RESERVED
+CVE-2022-0623 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
+ NOTE: https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580
+CVE-2022-0622 (Generation of Error Message Containing Sensitive Information in Packag ...)
+ NOT-FOR-US: snipe-it
+CVE-2022-0621
+ RESERVED
+CVE-2022-0620
+ RESERVED
+CVE-2022-0619
+ RESERVED
+CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...)
+ NOT-FOR-US: Jenkins Chef Sinatra Plugin
+CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...)
+ NOT-FOR-US: Jenkins Pipeline: Multibranch Plugin
+CVE-2022-25169
+ RESERVED
+CVE-2022-25168
+ RESERVED
+CVE-2022-25167
+ RESERVED
+CVE-2022-24435
+ RESERVED
+CVE-2022-23986
+ RESERVED
+CVE-2022-21159
+ RESERVED
+CVE-2022-0618
+ RESERVED
+CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file system fu ...)
+ - linux 5.16.7-1
+ NOTE: https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee
+ NOTE: https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f
+CVE-2022-0616
+ RESERVED
+CVE-2022-0615
+ RESERVED
+CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879
+ NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
+CVE-2022-0613 (Authorization Bypass Through User-Controlled Key in NPM urijs prior to ...)
+ NOT-FOR-US: Node urijs
+CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25211 (A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier a ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25210 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25208 (A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and ear ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sina ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25206 (A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows at ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25205 (A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25204 (Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25203 (Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25202 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escap ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25201 (Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and ear ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25199 (A missing permission check in Jenkins SCP publisher Plugin 1.8 and ear ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25198 (A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publi ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25197 (Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implement ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25196 (Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25195 (A missing permission check in Jenkins autonomiq Plugin 1.15 and earlie ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25194 (A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin 2.0 and ear ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25192 (A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Comm ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25191 (Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25190 (A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25189 (Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not esca ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25188 (Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appNa ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25187 (Jenkins Support Core Plugin 2.79 and earlier does not redact some sens ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25186 (Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functional ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25185 (Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escap ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25184 (Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25183 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25182 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25181 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25180 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier include ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25179 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier fol ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25178 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25177 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25176 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25174 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses th ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-25166
+ RESERVED
+CVE-2022-25165
+ RESERVED
+CVE-2022-25164
+ RESERVED
+CVE-2022-25163
+ RESERVED
+CVE-2022-25162
+ RESERVED
+CVE-2022-25161
+ RESERVED
+CVE-2022-25160
+ RESERVED
+CVE-2022-25159
+ RESERVED
+CVE-2022-25158
+ RESERVED
+CVE-2022-25157
+ RESERVED
+CVE-2022-25156
+ RESERVED
+CVE-2022-25155
+ RESERVED
+CVE-2022-25154
+ RESERVED
+CVE-2022-25153
+ RESERVED
+CVE-2022-25152
+ RESERVED
+CVE-2022-25151
+ RESERVED
+CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, prog ...)
+ NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control
+CVE-2022-25149
+ RESERVED
+CVE-2022-25148
+ RESERVED
+CVE-2022-0612 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0611 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...)
+ NOT-FOR-US: snipe-it
+CVE-2022-25147
+ RESERVED
+CVE-2022-0610
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0609
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0608
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0607
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0606
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0605
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0604
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0603
+ RESERVED
+ {DSA-5079-1}
+ - chromium 98.0.4758.102-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
+CVE-2022-0602
+ RESERVED
+CVE-2022-0601
+ RESERVED
+CVE-2022-0600
+ RESERVED
+CVE-2022-0599
+ RESERVED
+CVE-2022-0598
+ RESERVED
+CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
+ NOT-FOR-US: microweber
+CVE-2022-0596 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...)
+ NOT-FOR-US: microweber
+CVE-2022-0595
+ RESERVED
+CVE-2022-0594
+ RESERVED
+CVE-2022-0593
+ RESERVED
+CVE-2022-0592
+ RESERVED
+CVE-2022-0591
+ RESERVED
+CVE-2022-0590
+ RESERVED
+CVE-2022-0589 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...)
+ NOT-FOR-US: LibreNMS
+CVE-2022-0588 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+ NOT-FOR-US: LibreNMS
+CVE-2022-0587 (Improper Authorization in Packagist librenms/librenms prior to 22.2.0. ...)
+ NOT-FOR-US: LibreNMS
+CVE-2022-25146
+ RESERVED
+CVE-2022-25145
+ RESERVED
+CVE-2022-25144
+ RESERVED
+CVE-2022-25143
+ RESERVED
+CVE-2022-25142
+ RESERVED
+CVE-2022-25141
+ RESERVED
+CVE-2022-25140
+ RESERVED
+CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a heap use ...)
+ NOT-FOR-US: njs
+CVE-2022-25138
+ RESERVED
+CVE-2022-25137 (A command injection vulnerability in the function recvSlaveUpgstatus o ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25136 (A command injection vulnerability in the function meshSlaveUpdate of T ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25135 (A command injection vulnerability in the function recv_mesh_info_sync ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25134 (A command injection vulnerability in the function setUpgradeFW of TOTO ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25133 (A command injection vulnerability in the function isAssocPriDevice of ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25132 (A command injection vulnerability in the function meshSlaveDlfw of TOT ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25131 (A command injection vulnerability in the function recvSlaveCloudCheckS ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25130 (A command injection vulnerability in the function updateWifiInfo of TO ...)
+ NOT-FOR-US: TOTOLINK
+CVE-2022-25129
+ RESERVED
+CVE-2022-25128
+ RESERVED
+CVE-2022-25127
+ RESERVED
+CVE-2022-25126
+ RESERVED
+CVE-2022-25125
+ RESERVED
+CVE-2022-25124
+ RESERVED
+CVE-2022-25123
+ RESERVED
+CVE-2022-25122
+ RESERVED
+CVE-2022-25121
+ RESERVED
+CVE-2022-25120
+ RESERVED
+CVE-2022-25119
+ RESERVED
+CVE-2022-25118
+ RESERVED
+CVE-2022-25117
+ RESERVED
+CVE-2022-25116
+ RESERVED
+CVE-2022-25115
+ RESERVED
+CVE-2022-25114
+ RESERVED
+CVE-2022-25113
+ RESERVED
+CVE-2022-25112
+ RESERVED
+CVE-2022-25111
+ RESERVED
+CVE-2022-25110
+ RESERVED
+CVE-2022-25109
+ RESERVED
+CVE-2022-25108
+ RESERVED
+CVE-2022-25107
+ RESERVED
+CVE-2022-25106
+ RESERVED
+CVE-2022-25105
+ RESERVED
+CVE-2022-25104
+ RESERVED
+CVE-2022-25103
+ RESERVED
+CVE-2022-25102
+ RESERVED
+CVE-2022-25101
+ RESERVED
+CVE-2022-25100
+ RESERVED
+CVE-2022-25099
+ RESERVED
+CVE-2022-25098
+ RESERVED
+CVE-2022-25097
+ RESERVED
+CVE-2022-25096
+ RESERVED
+CVE-2022-25095
+ RESERVED
+CVE-2022-25094
+ RESERVED
+CVE-2022-25093
+ RESERVED
+CVE-2022-25092
+ RESERVED
+CVE-2022-25091
+ RESERVED
+CVE-2022-25090
+ RESERVED
+CVE-2022-25089
+ RESERVED
+CVE-2022-25088
+ RESERVED
+CVE-2022-25087
+ RESERVED
+CVE-2022-25086
+ RESERVED
+CVE-2022-25085
+ RESERVED
+CVE-2022-25084
+ RESERVED
+CVE-2022-25083
+ RESERVED
+CVE-2022-25082
+ RESERVED
+CVE-2022-25081
+ RESERVED
+CVE-2022-25080
+ RESERVED
+CVE-2022-25079
+ RESERVED
+CVE-2022-25078
+ RESERVED
+CVE-2022-25077
+ RESERVED
+CVE-2022-25076
+ RESERVED
+CVE-2022-25075
+ RESERVED
+CVE-2022-25074
+ RESERVED
+CVE-2022-25073
+ RESERVED
+CVE-2022-25072
+ RESERVED
+CVE-2022-25071
+ RESERVED
+CVE-2022-25070
+ RESERVED
+CVE-2022-25069
+ RESERVED
+CVE-2022-25068
+ RESERVED
+CVE-2022-25067
+ RESERVED
+CVE-2022-25066
+ RESERVED
+CVE-2022-25065
+ RESERVED
+CVE-2022-25064
+ RESERVED
+CVE-2022-25063
+ RESERVED
+CVE-2022-25062
+ RESERVED
+CVE-2022-25061
+ RESERVED
+CVE-2022-25060
+ RESERVED
+CVE-2022-25059
+ RESERVED
+CVE-2022-25058
+ RESERVED
+CVE-2022-25057
+ RESERVED
+CVE-2022-25056
+ RESERVED
+CVE-2022-25055
+ RESERVED
+CVE-2022-25054
+ RESERVED
+CVE-2022-25053
+ RESERVED
+CVE-2022-25052
+ RESERVED
+CVE-2022-25051
+ RESERVED
+CVE-2022-25050
+ RESERVED
+CVE-2022-25049
+ RESERVED
+CVE-2022-25048
+ RESERVED
+CVE-2022-25047
+ RESERVED
+CVE-2022-25046
+ RESERVED
+CVE-2022-25045
+ RESERVED
+CVE-2022-25044
+ RESERVED
+CVE-2022-25043
+ RESERVED
+CVE-2022-25042
+ RESERVED
+CVE-2022-25041
+ RESERVED
+CVE-2022-25040
+ RESERVED
+CVE-2022-25039
+ RESERVED
+CVE-2022-25038
+ RESERVED
+CVE-2022-25037
+ RESERVED
+CVE-2022-25036
+ RESERVED
+CVE-2022-25035
+ RESERVED
+CVE-2022-25034
+ RESERVED
+CVE-2022-25033
+ RESERVED
+CVE-2022-25032
+ RESERVED
+CVE-2022-25031
+ RESERVED
+CVE-2022-25030
+ RESERVED
+CVE-2022-25029
+ RESERVED
+CVE-2022-25028
+ RESERVED
+CVE-2022-25027
+ RESERVED
+CVE-2022-25026
+ RESERVED
+CVE-2022-25025
+ RESERVED
+CVE-2022-25024
+ RESERVED
+CVE-2022-25023
+ RESERVED
+CVE-2022-25022
+ RESERVED
+CVE-2022-25021
+ RESERVED
+CVE-2022-25020
+ RESERVED
+CVE-2022-25019
+ RESERVED
+CVE-2022-25018
+ RESERVED
+CVE-2022-25017
+ RESERVED
+CVE-2022-25016
+ RESERVED
+CVE-2022-25015
+ RESERVED
+CVE-2022-25014
+ RESERVED
+CVE-2022-25013
+ RESERVED
+CVE-2022-25012
+ RESERVED
+CVE-2022-25011
+ RESERVED
+CVE-2022-25010
+ RESERVED
+CVE-2022-25009
+ RESERVED
+CVE-2022-25008
+ RESERVED
+CVE-2022-25007
+ RESERVED
+CVE-2022-25006
+ RESERVED
+CVE-2022-25005
+ RESERVED
+CVE-2022-25004
+ RESERVED
+CVE-2022-25003
+ RESERVED
+CVE-2022-25002
+ RESERVED
+CVE-2022-25001
+ RESERVED
+CVE-2022-25000
+ RESERVED
+CVE-2022-24999
+ RESERVED
+CVE-2022-24998
+ RESERVED
+CVE-2022-24997
+ RESERVED
+CVE-2022-24996
+ RESERVED
+CVE-2022-24995
+ RESERVED
+CVE-2022-24994
+ RESERVED
+CVE-2022-24993
+ RESERVED
+CVE-2022-24992
+ RESERVED
+CVE-2022-24991
+ RESERVED
+CVE-2022-24990
+ RESERVED
+CVE-2022-24989
+ RESERVED
+CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-b ...)
+ NOT-FOR-US: galois_2p8
+CVE-2022-24987
+ RESERVED
+CVE-2022-24986
+ RESERVED
+CVE-2022-24985 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...)
+ NOT-FOR-US: JQueryForm.com
+CVE-2022-24984 (Forms generated by JQueryForm.com before 2022-02-05 (if file-upload ca ...)
+ NOT-FOR-US: JQueryForm.com
+CVE-2022-24983 (Forms generated by JQueryForm.com before 2022-02-05 allow remote attac ...)
+ NOT-FOR-US: JQueryForm.com
+CVE-2022-24982 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...)
+ NOT-FOR-US: JQueryForm.com
+CVE-2022-24981 (A reflected cross-site scripting (XSS) vulnerability in forms generate ...)
+ NOT-FOR-US: JQueryForm.com
+CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html
+CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6. ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054049
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2022-02.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17829
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17842
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17847
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17855
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17891
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17925
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17926
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17931
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17932
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17933
+CVE-2022-0584
+ RESERVED
+CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3 ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17840
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2022-03.html
+CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17882
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2022-04.html
+CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3. ...)
+ - wireshark <unfixed>
+ [bullseye] - wireshark <no-dsa> (Minor issue)
+ [buster] - wireshark <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17935
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html
+CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...)
+ NOT-FOR-US: LibreNMS
+CVE-2022-24980 (An issue was discovered in the Kitodo.Presentation (aka dif) extension ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2022-24979 (An issue was discovered in the Varnishcache extension before 2.0.1 for ...)
+ NOT-FOR-US: TYPO3 extension
+CVE-2022-24978
+ RESERVED
+CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...)
+ NOT-FOR-US: ImpressCMS
+CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...)
+ NOT-FOR-US: snipe-it
+CVE-2022-0578
+ RESERVED
+CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with InspI ...)
+ - atheme-services 7.2.12-1
+ [bullseye] - atheme-services <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - atheme-services <no-dsa> (Minor issue; can be fixed via point release)
+ [stretch] - atheme-services <postponed> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/4
+ NOTE: https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52
+CVE-2022-0577
+ RESERVED
+CVE-2022-0576 (Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms pr ...)
+ NOT-FOR-US: LibreNMS
+CVE-2022-0575 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...)
+ NOT-FOR-US: LibreNMS
+CVE-2022-0574
+ RESERVED
+CVE-2022-0573
+ RESERVED
+CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf
+ NOTE: https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f (v8.2.4359)
+CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-t ...)
+ - phoronix-test-suite <removed>
+CVE-2022-0570 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1
+ NOTE: https://github.com/mruby/mruby/commit/38b164ace7d6ae1c367883a3d67d7f559783faad
+CVE-2022-0569 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+ NOT-FOR-US: snipe-it
+CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not mention the ...)
+ - git <unfixed> (unimportant)
+ NOTE: https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/
+ NOTE: CVE is specifically about --mirror documentation not mentioning the availability
+ NOTE: of deleted content.
+CVE-2022-24974
+ RESERVED
+CVE-2022-24973
+ RESERVED
+CVE-2022-24972
+ RESERVED
+CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24970
+ RESERVED
+CVE-2022-24969
+ RESERVED
+CVE-2022-24968 (In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoo ...)
+ NOT-FOR-US: Mellium
+CVE-2022-24967
+ RESERVED
+CVE-2022-24966
+ RESERVED
+CVE-2022-24965
+ RESERVED
+CVE-2022-24964
+ RESERVED
+CVE-2022-24963
+ RESERVED
+CVE-2022-24962
+ RESERVED
+CVE-2022-0568
+ RESERVED
+CVE-2022-0567
+ RESERVED
+CVE-2022-0566
+ RESERVED
+ - thunderbird 1:91.6.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/#CVE-2022-0566
+CVE-2022-0565 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+ NOT-FOR-US: pimcore
+CVE-2022-24961 (In Portainer Agent before 2.11.1, an API server can continue running e ...)
+ NOT-FOR-US: Portainer
+CVE-2022-24960
+ RESERVED
+CVE-2022-24959 (An issue was discovered in the Linux kernel before 5.16.5. There is a ...)
+ - linux 5.16.7-1
+ NOTE: https://git.kernel.org/linus/29eb31542787e1019208a2e1047bb7c76c069536 (5.17-rc2)
+CVE-2022-24958 (drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 m ...)
+ - linux <unfixed>
+ NOTE: Fixed by: https://git.kernel.org/linus/89f3594d0de58e8a57d92d497dea9fee3d4b9cda (5.17-rc1)
+ NOTE: Fixed by: https://git.kernel.org/linus/501e38a5531efbd77d5c73c0ba838a889bfc1d74 (5.17-rc1)
+CVE-2022-24957
+ RESERVED
+CVE-2022-24956
+ RESERVED
+CVE-2022-24955 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24954 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24953 (The Crypt_GPG extension before 1.6.7 for PHP does not prevent addition ...)
+ - php-crypt-gpg 1.6.7-1 (bug #1005921)
+ [bullseye] - php-crypt-gpg <no-dsa> (Minor issue; can be fixed via point release)
+ NOTE: https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04 (v1.6.7)
+CVE-2022-24952
+ RESERVED
+CVE-2022-24951
+ RESERVED
+CVE-2022-24950
+ RESERVED
+CVE-2022-24949
+ RESERVED
+CVE-2022-24948
+ RESERVED
+CVE-2022-24947
+ RESERVED
+CVE-2022-24946
+ RESERVED
+CVE-2022-24945
+ RESERVED
+CVE-2022-24944
+ RESERVED
+CVE-2022-24943
+ RESERVED
+CVE-2022-24942
+ RESERVED
+CVE-2022-24941
+ RESERVED
+CVE-2022-24940
+ RESERVED
+CVE-2022-24939
+ RESERVED
+CVE-2022-24938
+ RESERVED
+CVE-2022-24937
+ RESERVED
+CVE-2022-24936
+ RESERVED
+CVE-2022-24935
+ RESERVED
+CVE-2022-24934
+ RESERVED
+CVE-2022-24933
+ RESERVED
+CVE-2022-24932
+ RESERVED
+CVE-2022-24931
+ RESERVED
+CVE-2022-24930
+ RESERVED
+CVE-2022-24929
+ RESERVED
+CVE-2022-24928
+ RESERVED
+CVE-2022-24927 (Improper privilege management vulnerability in Samsung Video Player pr ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24926 (Improper input validation vulnerability in SmartTagPlugin prior to ver ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24925 (Improper input validation vulnerability in SettingsProvider prior to A ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24924 (An improper access control in LiveWallpaperService prior to versions 3 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24923 (Improper access control vulnerability in Samsung SearchWidget prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24922
+ RESERVED
+CVE-2022-24921
+ RESERVED
+CVE-2022-24920
+ RESERVED
+CVE-2022-24919
+ RESERVED
+CVE-2022-24918
+ RESERVED
+CVE-2022-24917
+ RESERVED
+CVE-2022-24911
+ RESERVED
+CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow an rem ...)
+ NOT-FOR-US: Qlik Sense Enterprise
+CVE-2022-24916 (Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing b ...)
+ NOT-FOR-US: Optimism
+CVE-2022-24908
+ RESERVED
+CVE-2022-24907
+ RESERVED
+CVE-2022-24906
+ RESERVED
+CVE-2022-24905
+ RESERVED
+CVE-2022-24904
+ RESERVED
+CVE-2022-24903
+ RESERVED
+CVE-2022-24902
+ RESERVED
+CVE-2022-24901
+ RESERVED
+CVE-2022-24900
+ RESERVED
+CVE-2022-24899
+ RESERVED
+CVE-2022-24898
+ RESERVED
+CVE-2022-24897
+ RESERVED
+CVE-2022-24896
+ RESERVED
+CVE-2022-24895
+ RESERVED
+CVE-2022-24894
+ RESERVED
+CVE-2022-24893
+ RESERVED
+CVE-2022-24892
+ RESERVED
+CVE-2022-24891
+ RESERVED
+CVE-2022-24890
+ RESERVED
+CVE-2022-24889
+ RESERVED
+CVE-2022-24888
+ RESERVED
+CVE-2022-24887
+ RESERVED
+CVE-2022-24886
+ RESERVED
+CVE-2022-24885
+ RESERVED
+CVE-2022-24884
+ RESERVED
+CVE-2022-24883
+ RESERVED
+CVE-2022-24882
+ RESERVED
+CVE-2022-24881
+ RESERVED
+CVE-2022-24880
+ RESERVED
+CVE-2022-24879
+ RESERVED
+CVE-2022-24878
+ RESERVED
+CVE-2022-24877
+ RESERVED
+CVE-2022-24876
+ RESERVED
+CVE-2022-24875
+ RESERVED
+CVE-2022-24874
+ RESERVED
+CVE-2022-24873
+ RESERVED
+CVE-2022-24872
+ RESERVED
+CVE-2022-24871
+ RESERVED
+CVE-2022-24870
+ RESERVED
+CVE-2022-24869
+ RESERVED
+CVE-2022-24868
+ RESERVED
+CVE-2022-24867
+ RESERVED
+CVE-2022-24866
+ RESERVED
+CVE-2022-24865
+ RESERVED
+CVE-2022-24864
+ RESERVED
+CVE-2022-24863
+ RESERVED
+CVE-2022-24862
+ RESERVED
+CVE-2022-24861
+ RESERVED
+CVE-2022-24860
+ RESERVED
+CVE-2022-24859
+ RESERVED
+CVE-2022-24858
+ RESERVED
+CVE-2022-24857
+ RESERVED
+CVE-2022-24856
+ RESERVED
+CVE-2022-24855
+ RESERVED
+CVE-2022-24854
+ RESERVED
+CVE-2022-24853
+ RESERVED
+CVE-2022-24852
+ RESERVED
+CVE-2022-24851
+ RESERVED
+CVE-2022-24850
+ RESERVED
+CVE-2022-24849
+ RESERVED
+CVE-2022-24848
+ RESERVED
+CVE-2022-24847
+ RESERVED
+CVE-2022-24846
+ RESERVED
+CVE-2022-24845
+ RESERVED
+CVE-2022-24844
+ RESERVED
+CVE-2022-24843
+ RESERVED
+CVE-2022-24842
+ RESERVED
+CVE-2022-24841
+ RESERVED
+CVE-2022-24840
+ RESERVED
+CVE-2022-24839
+ RESERVED
+CVE-2022-24838
+ RESERVED
+CVE-2022-24837
+ RESERVED
+CVE-2022-24836
+ RESERVED
+CVE-2022-24835
+ RESERVED
+CVE-2022-24834
+ RESERVED
+CVE-2022-24833
+ RESERVED
+CVE-2022-24832
+ RESERVED
+CVE-2022-24831
+ RESERVED
+CVE-2022-24830
+ RESERVED
+CVE-2022-24829
+ RESERVED
+CVE-2022-24828
+ RESERVED
+CVE-2022-24827
+ RESERVED
+CVE-2022-24826
+ RESERVED
+CVE-2022-24825
+ RESERVED
+CVE-2022-24824
+ RESERVED
+CVE-2022-24823
+ RESERVED
+CVE-2022-24822
+ RESERVED
+CVE-2022-24821
+ RESERVED
+CVE-2022-24820
+ RESERVED
+CVE-2022-24819
+ RESERVED
+CVE-2022-24818
+ RESERVED
+CVE-2022-24817
+ RESERVED
+CVE-2022-24816
+ RESERVED
+CVE-2022-24815
+ RESERVED
+CVE-2022-24814
+ RESERVED
+CVE-2022-24813
+ RESERVED
+CVE-2022-24812
+ RESERVED
+CVE-2022-24811
+ RESERVED
+CVE-2022-24810
+ RESERVED
+CVE-2022-24809
+ RESERVED
+CVE-2022-24808
+ RESERVED
+CVE-2022-24807
+ RESERVED
+CVE-2022-24806
+ RESERVED
+CVE-2022-24805
+ RESERVED
+CVE-2022-24804
+ RESERVED
+CVE-2022-24803
+ RESERVED
+CVE-2022-24802
+ RESERVED
+CVE-2022-24801
+ RESERVED
+CVE-2022-24800
+ RESERVED
+CVE-2022-24799
+ RESERVED
+CVE-2022-24798
+ RESERVED
+CVE-2022-24797
+ RESERVED
+CVE-2022-24796
+ RESERVED
+CVE-2022-24795
+ RESERVED
+CVE-2022-24794
+ RESERVED
+CVE-2022-24793
+ RESERVED
+CVE-2022-24792
+ RESERVED
+CVE-2022-24791
+ RESERVED
+CVE-2022-24790
+ RESERVED
+CVE-2022-24789
+ RESERVED
+CVE-2022-24788
+ RESERVED
+CVE-2022-24787
+ RESERVED
+CVE-2022-24786
+ RESERVED
+CVE-2022-24785
+ RESERVED
+CVE-2022-24784
+ RESERVED
+CVE-2022-24783
+ RESERVED
+CVE-2022-24782
+ RESERVED
+CVE-2022-24781
+ RESERVED
+CVE-2022-24780
+ RESERVED
+CVE-2022-24779
+ RESERVED
+CVE-2022-24778
+ RESERVED
+CVE-2022-24777
+ RESERVED
+CVE-2022-24776
+ RESERVED
+CVE-2022-24775
+ RESERVED
+CVE-2022-24774
+ RESERVED
+CVE-2022-24773
+ RESERVED
+CVE-2022-24772
+ RESERVED
+CVE-2022-24771
+ RESERVED
+CVE-2022-24770
+ RESERVED
+CVE-2022-24769
+ RESERVED
+CVE-2022-24768
+ RESERVED
+CVE-2022-24767
+ RESERVED
+CVE-2022-24766
+ RESERVED
+CVE-2022-24765
+ RESERVED
+CVE-2022-24764
+ RESERVED
+CVE-2022-24763
+ RESERVED
+CVE-2022-24762
+ RESERVED
+CVE-2022-24761
+ RESERVED
+CVE-2022-24760
+ RESERVED
+CVE-2022-24759
+ RESERVED
+CVE-2022-24758
+ RESERVED
+CVE-2022-24757
+ RESERVED
+CVE-2022-24756
+ RESERVED
+CVE-2022-24755
+ RESERVED
+CVE-2022-24754
+ RESERVED
+CVE-2022-24753
+ RESERVED
+CVE-2022-24752
+ RESERVED
+CVE-2022-24751
+ RESERVED
+CVE-2022-24750
+ RESERVED
+CVE-2022-24749
+ RESERVED
+CVE-2022-24748
+ RESERVED
+CVE-2022-24747
+ RESERVED
+CVE-2022-24746
+ RESERVED
+CVE-2022-24745
+ RESERVED
+CVE-2022-24744
+ RESERVED
+CVE-2022-24743
+ RESERVED
+CVE-2022-24742
+ RESERVED
+CVE-2022-24741
+ RESERVED
+CVE-2022-24740
+ RESERVED
+CVE-2022-24739
+ RESERVED
+CVE-2022-24738
+ RESERVED
+CVE-2022-24737
+ RESERVED
+CVE-2022-24736
+ RESERVED
+CVE-2022-24735
+ RESERVED
+CVE-2022-24734
+ RESERVED
+CVE-2022-24733
+ RESERVED
+CVE-2022-24732
+ RESERVED
+CVE-2022-24731
+ RESERVED
+CVE-2022-24730
+ RESERVED
+CVE-2022-24729
+ RESERVED
+CVE-2022-24728
+ RESERVED
+CVE-2022-24727
+ RESERVED
+CVE-2022-24726
+ RESERVED
+CVE-2022-24725
+ RESERVED
+CVE-2022-24724
+ RESERVED
+CVE-2022-24723
+ RESERVED
+CVE-2022-24722
+ RESERVED
+CVE-2022-24721
+ RESERVED
+CVE-2022-24720
+ RESERVED
+CVE-2022-24719
+ RESERVED
+CVE-2022-24718
+ RESERVED
+CVE-2022-24717
+ RESERVED
+CVE-2022-24716
+ RESERVED
+CVE-2022-24715
+ RESERVED
+CVE-2022-24714
+ RESERVED
+CVE-2022-24713
+ RESERVED
+CVE-2022-24712
+ RESERVED
+CVE-2022-24711
+ RESERVED
+CVE-2022-24710
+ RESERVED
+CVE-2022-24709
+ RESERVED
+CVE-2022-24708
+ RESERVED
+CVE-2022-24707
+ RESERVED
+CVE-2022-24706
+ RESERVED
+CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a memcpy ...)
+ NOT-FOR-US: ACCEL-PPP
+CVE-2022-24704 (The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suf ...)
+ NOT-FOR-US: ACCEL-PPP
+CVE-2022-23922
+ RESERVED
+CVE-2022-23104
+ RESERVED
+CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when compil ...)
+ - util-linux <unfixed> (unimportant)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151
+ NOTE: https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
+ NOTE: https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17
+ NOTE: util-linux in Debian does build with readline support but chfn and chsh are provided
+ NOTE: by src:shadow and util-linux is configured with --disable-chfn-chsh
+CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within ...)
+ - tiff 4.3.0-4
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
+ NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b
+CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within ...)
+ - tiff 4.3.0-4
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
+ NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362
+ NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef
+CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11. ...)
+ NOT-FOR-US: microweber
+CVE-2022-0559 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/aa80adb7-e900-44a5-ad05-91f3ccdfc81e
+ NOTE: https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3cc94a362807f5e
+CVE-2022-0558 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+ NOT-FOR-US: microweber
+CVE-2022-0557 (OS Command Injection in Packagist microweber/microweber prior to 1.2.1 ...)
+ NOT-FOR-US: microweber
+CVE-2022-24703
+ RESERVED
+CVE-2022-24702
+ RESERVED
+CVE-2022-24701
+ RESERVED
+CVE-2022-24700
+ RESERVED
+CVE-2022-0556
+ RESERVED
+CVE-2022-0555
+ RESERVED
+CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71/
+ NOTE: https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8 (v8.2.4327)
+CVE-2022-0553
+ RESERVED
+CVE-2022-0552
+ RESERVED
+CVE-2022-24699
+ RESERVED
+CVE-2022-24698
+ RESERVED
+CVE-2022-24697
+ RESERVED
+CVE-2022-0551
+ RESERVED
+CVE-2022-0550
+ RESERVED
+CVE-2022-0549
+ RESERVED
+CVE-2022-0548
+ RESERVED
+CVE-2022-24696
+ RESERVED
+CVE-2022-24695
+ RESERVED
+CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...)
+ - mahara <removed>
+CVE-2022-24693
+ RESERVED
+CVE-2022-24692
+ RESERVED
+CVE-2022-24691
+ RESERVED
+CVE-2022-24690
+ RESERVED
+CVE-2022-24689
+ RESERVED
+CVE-2022-24688
+ RESERVED
+CVE-2022-24687
+ RESERVED
+CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...)
+ - nomad <unfixed>
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
+CVE-2022-24685
+ RESERVED
+CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.1 ...)
+ - nomad <undetermined>
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
+CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and ...)
+ - nomad <unfixed>
+ NOTE: https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560
+CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...)
+ NOT-FOR-US: Zimbra
+CVE-2022-24681
+ RESERVED
+CVE-2022-24680
+ RESERVED
+CVE-2022-24679
+ RESERVED
+CVE-2022-24678
+ RESERVED
+CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution because ...)
+ NOT-FOR-US: HYBBS2
+CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file ...)
+ NOT-FOR-US: HYBBS2
+CVE-2022-24675
+ RESERVED
+CVE-2022-24674
+ RESERVED
+CVE-2022-24673
+ RESERVED
+CVE-2022-24672
+ RESERVED
+CVE-2022-24383
+ RESERVED
+CVE-2022-21228
+ RESERVED
+CVE-2022-21214
+ RESERVED
+CVE-2022-21202
+ RESERVED
+CVE-2022-21168
+ RESERVED
+CVE-2022-24671
+ RESERVED
+CVE-2022-24670
+ RESERVED
+CVE-2022-24669
+ RESERVED
+CVE-2022-0547
+ RESERVED
+CVE-2022-0546
+ RESERVED
+CVE-2022-0545
+ RESERVED
+CVE-2022-0544
+ RESERVED
+CVE-2022-0543 (It was discovered, that redis, a persistent key-value database, due to ...)
+ {DSA-5081-1}
+ - redis <unfixed> (bug #1005787)
+ NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
+CVE-2022-0542
+ RESERVED
+CVE-2022-0541
+ RESERVED
+CVE-2022-0540
+ RESERVED
+CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...)
+ NOT-FOR-US: beanstalk_console
+CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...)
+ - jenkins <removed>
+CVE-2022-0537
+ RESERVED
+CVE-2022-0536 (Exposure of Sensitive Information to an Unauthorized Actor in NPM foll ...)
+ - node-follow-redirects 1.14.8+~1.14.0-1
+ [bullseye] - node-follow-redirects <no-dsa> (Minor issue)
+ [buster] - node-follow-redirects <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db/
+ NOTE: https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445 (v1.14.8)
+CVE-2022-0535
+ RESERVED
+CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...)
+ - htmldoc 1.9.15-1 (unimportant)
+ NOTE: https://github.com/michaelrsweet/htmldoc/issues/463
+ NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50 (v1.9.15)
+ NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9 (v1.9.15)
+ NOTE: Crash in CLI tool, no security impact
+CVE-2022-0533
+ RESERVED
+CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18 ...)
+ NOT-FOR-US: cri-o
+CVE-2022-0531
+ RESERVED
+CVE-2022-0530 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...)
+ - unzip <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395
+ NOTE: Crash in CLI tool, no security impact
+CVE-2022-0529 (A flaw was found in unzip 6.0. The vulnerability occurs during the con ...)
+ - unzip <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402
+CVE-2022-24668 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
+ NOT-FOR-US: swift-nio-http2
+CVE-2022-24667 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
+ NOT-FOR-US: swift-nio-http2
+CVE-2022-24666 (A program using swift-nio-http2 is vulnerable to a denial of service a ...)
+ NOT-FOR-US: swift-nio-http2
+CVE-2022-0528
+ RESERVED
+CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
+ NOT-FOR-US: chatwoot
+CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...)
+ NOT-FOR-US: chatwoot
+CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9
+ NOTE: https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7
+CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...)
+ NOT-FOR-US: Publify
+CVE-2022-0523 (Expired Pointer Dereference in GitHub repository radareorg/radare2 pri ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69
+ NOTE: https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269
+CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM radare2.js pri ...)
+ NOT-FOR-US: Node radare2.js
+CVE-2022-0521 (Access of Memory Location After End of Buffer in GitHub repository rad ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca
+ NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
+CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2. ...)
+ NOT-FOR-US: Node radare2.js
+CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository radareo ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3
+ NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5
+CVE-2022-0518 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184
+ NOTE: https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa
+CVE-2022-0517
+ RESERVED
+CVE-2022-0516 [KVM: s390: Return error on SIDA memop on normal guest]
+ RESERVED
+ - linux 5.16.10-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: Fixed by: https://git.kernel.org/linus/2c212e1baedcd782b2535a3f86bc491977677c0e
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/2
+CVE-2022-24665 (PHP Everywhere &lt;= 2.0.3 included functionality that allowed executi ...)
+ NOT-FOR-US: PHP Everywhere
+CVE-2022-24664 (PHP Everywhere &lt;= 2.0.3 included functionality that allowed executi ...)
+ NOT-FOR-US: PHP Everywhere
+CVE-2022-24663 (PHP Everywhere &lt;= 2.0.3 included functionality that allowed executi ...)
+ NOT-FOR-US: PHP Everywhere
+CVE-2022-24662
+ RESERVED
+CVE-2022-24661
+ RESERVED
+CVE-2022-24660
+ RESERVED
+CVE-2022-24659
+ RESERVED
+CVE-2022-24658
+ RESERVED
+CVE-2022-24657
+ RESERVED
+CVE-2022-24656
+ RESERVED
+CVE-2022-24655
+ RESERVED
+CVE-2022-24654
+ RESERVED
+CVE-2022-24653
+ RESERVED
+CVE-2022-24652
+ RESERVED
+CVE-2022-24651
+ RESERVED
+CVE-2022-24650
+ RESERVED
+CVE-2022-24649
+ RESERVED
+CVE-2022-24648
+ RESERVED
+CVE-2022-24647 (Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vu ...)
+ NOT-FOR-US: Cuppa CMS
+CVE-2022-24646 (Hospital Management System v4.0 was discovered to contain a SQL inject ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2022-24645
+ RESERVED
+CVE-2022-24644
+ RESERVED
+CVE-2022-24643
+ RESERVED
+CVE-2022-24642
+ RESERVED
+CVE-2022-24641
+ RESERVED
+CVE-2022-24640
+ RESERVED
+CVE-2022-24639
+ RESERVED
+CVE-2022-24638
+ RESERVED
+CVE-2022-24637
+ RESERVED
+CVE-2022-24636
+ RESERVED
+CVE-2022-24635
+ RESERVED
+CVE-2022-24634
+ RESERVED
+CVE-2022-24633
+ RESERVED
+CVE-2022-24632
+ RESERVED
+CVE-2022-24631
+ RESERVED
+CVE-2022-24630
+ RESERVED
+CVE-2022-24629
+ RESERVED
+CVE-2022-24628
+ RESERVED
+CVE-2022-24627
+ RESERVED
+CVE-2022-24626
+ RESERVED
+CVE-2022-24625
+ RESERVED
+CVE-2022-24624
+ RESERVED
+CVE-2022-24623
+ RESERVED
+CVE-2022-24622
+ RESERVED
+CVE-2022-24621
+ RESERVED
+CVE-2022-24620
+ RESERVED
+CVE-2022-24619
+ RESERVED
+CVE-2022-24618
+ RESERVED
+CVE-2022-24617
+ RESERVED
+CVE-2022-24616
+ RESERVED
+CVE-2022-24615
+ RESERVED
+CVE-2022-24614
+ RESERVED
+CVE-2022-24613
+ RESERVED
+CVE-2022-24612
+ RESERVED
+CVE-2022-24611
+ RESERVED
+CVE-2022-24610
+ RESERVED
+CVE-2022-24609
+ RESERVED
+CVE-2022-24608
+ RESERVED
+CVE-2022-24607
+ RESERVED
+CVE-2022-24606
+ RESERVED
+CVE-2022-24605
+ RESERVED
+CVE-2022-24604
+ RESERVED
+CVE-2022-24603
+ RESERVED
+CVE-2022-24602
+ RESERVED
+CVE-2022-24601
+ RESERVED
+CVE-2022-24600
+ RESERVED
+CVE-2022-24599
+ RESERVED
+CVE-2022-24598
+ RESERVED
+CVE-2022-24597
+ RESERVED
+CVE-2022-24596
+ RESERVED
+CVE-2022-24595
+ RESERVED
+CVE-2022-24594
+ RESERVED
+CVE-2022-24593
+ RESERVED
+CVE-2022-24592
+ RESERVED
+CVE-2022-24591
+ RESERVED
+CVE-2022-24590 (A stored cross-site scripting (XSS) vulnerability in the Add Link func ...)
+ NOT-FOR-US: BackdropCMS
+CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site scripting (X ...)
+ NOT-FOR-US: Burden
+CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...)
+ NOT-FOR-US: Flatpress
+CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the component cor ...)
+ - pluxml <undetermined>
+ NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24587/CVE-2022-24587.pdf
+ TODO: check if reported upstream
+CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
+ - pluxml <undetermined>
+ NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24586/CVE-2022-24586.pdf
+ TODO: check if reported upstream
+CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...)
+ - pluxml <undetermined>
+ NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf
+ TODO: check if reported upstream
+CVE-2022-24584
+ RESERVED
+CVE-2022-24583
+ RESERVED
+CVE-2022-24582
+ RESERVED
+CVE-2022-24581
+ RESERVED
+CVE-2022-24580
+ RESERVED
+CVE-2022-24579
+ RESERVED
+CVE-2022-24578
+ RESERVED
+CVE-2022-24577
+ RESERVED
+CVE-2022-24576
+ RESERVED
+CVE-2022-24575
+ RESERVED
+CVE-2022-24574
+ RESERVED
+CVE-2022-24573
+ RESERVED
+CVE-2022-24572
+ RESERVED
+CVE-2022-24571
+ RESERVED
+CVE-2022-24570
+ RESERVED
+CVE-2022-24569
+ RESERVED
+CVE-2022-24568 (Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Reque ...)
+ NOT-FOR-US: Novel-plus
+CVE-2022-24567
+ RESERVED
+CVE-2022-24566
+ RESERVED
+CVE-2022-24565
+ RESERVED
+CVE-2022-24564 (Checkmk &lt;=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerabil ...)
+ TODO: check
+CVE-2022-24563
+ RESERVED
+CVE-2022-24562
+ RESERVED
+CVE-2022-24561
+ RESERVED
+CVE-2022-24560
+ RESERVED
+CVE-2022-24559
+ RESERVED
+CVE-2022-24558
+ RESERVED
+CVE-2022-24557
+ RESERVED
+CVE-2022-24556
+ RESERVED
+CVE-2022-24555
+ RESERVED
+CVE-2022-24554
+ RESERVED
+CVE-2022-24553 (An issue was found in Zfaka &lt;= 1.4.5. The verification of the backg ...)
+ NOT-FOR-US: Zfaka
+CVE-2022-24552 (StarWind SAN and NAS before 0.2 build 1685 allows remote code executio ...)
+ NOT-FOR-US: StarWind
+CVE-2022-24551 (StarWind SAN and NAS before 0.2 build 1685 allows users to reset other ...)
+ NOT-FOR-US: StarWind
+CVE-2022-24550
+ RESERVED
+CVE-2022-24549
+ RESERVED
+CVE-2022-24548
+ RESERVED
+CVE-2022-24547
+ RESERVED
+CVE-2022-24546
+ RESERVED
+CVE-2022-24545
+ RESERVED
+CVE-2022-24544
+ RESERVED
+CVE-2022-24543
+ RESERVED
+CVE-2022-24542
+ RESERVED
+CVE-2022-24541
+ RESERVED
+CVE-2022-24540
+ RESERVED
+CVE-2022-24539
+ RESERVED
+CVE-2022-24538
+ RESERVED
+CVE-2022-24537
+ RESERVED
+CVE-2022-24536
+ RESERVED
+CVE-2022-24535
+ RESERVED
+CVE-2022-24534
+ RESERVED
+CVE-2022-24533
+ RESERVED
+CVE-2022-24532
+ RESERVED
+CVE-2022-24531
+ RESERVED
+CVE-2022-24530
+ RESERVED
+CVE-2022-24529
+ RESERVED
+CVE-2022-24528
+ RESERVED
+CVE-2022-24527
+ RESERVED
+CVE-2022-24526
+ RESERVED
+CVE-2022-24525
+ RESERVED
+CVE-2022-24524
+ RESERVED
+CVE-2022-24523
+ RESERVED
+CVE-2022-24522
+ RESERVED
+CVE-2022-24521
+ RESERVED
+CVE-2022-24520
+ RESERVED
+CVE-2022-24519
+ RESERVED
+CVE-2022-24518
+ RESERVED
+CVE-2022-24517
+ RESERVED
+CVE-2022-24516
+ RESERVED
+CVE-2022-24515
+ RESERVED
+CVE-2022-24514
+ RESERVED
+CVE-2022-24513
+ RESERVED
+CVE-2022-24512
+ RESERVED
+CVE-2022-24511
+ RESERVED
+CVE-2022-24510
+ RESERVED
+CVE-2022-24509
+ RESERVED
+CVE-2022-24508
+ RESERVED
+CVE-2022-24507
+ RESERVED
+CVE-2022-24506
+ RESERVED
+CVE-2022-24505
+ RESERVED
+CVE-2022-24504
+ RESERVED
+CVE-2022-24503
+ RESERVED
+CVE-2022-24502
+ RESERVED
+CVE-2022-24501
+ RESERVED
+CVE-2022-24500
+ RESERVED
+CVE-2022-24499
+ RESERVED
+CVE-2022-24498
+ RESERVED
+CVE-2022-24497
+ RESERVED
+CVE-2022-24496
+ RESERVED
+CVE-2022-24495
+ RESERVED
+CVE-2022-24494
+ RESERVED
+CVE-2022-24493
+ RESERVED
+CVE-2022-24492
+ RESERVED
+CVE-2022-24491
+ RESERVED
+CVE-2022-24490
+ RESERVED
+CVE-2022-24489
+ RESERVED
+CVE-2022-24488
+ RESERVED
+CVE-2022-24487
+ RESERVED
+CVE-2022-24486
+ RESERVED
+CVE-2022-24485
+ RESERVED
+CVE-2022-24484
+ RESERVED
+CVE-2022-24483
+ RESERVED
+CVE-2022-24482
+ RESERVED
+CVE-2022-24481
+ RESERVED
+CVE-2022-24480
+ RESERVED
+CVE-2022-24479
+ RESERVED
+CVE-2022-24478
+ RESERVED
+CVE-2022-24477
+ RESERVED
+CVE-2022-24476
+ RESERVED
+CVE-2022-24475
+ RESERVED
+CVE-2022-24474
+ RESERVED
+CVE-2022-24473
+ RESERVED
+CVE-2022-24472
+ RESERVED
+CVE-2022-24471
+ RESERVED
+CVE-2022-24470
+ RESERVED
+CVE-2022-24469
+ RESERVED
+CVE-2022-24468
+ RESERVED
+CVE-2022-24467
+ RESERVED
+CVE-2022-24466
+ RESERVED
+CVE-2022-24465
+ RESERVED
+CVE-2022-24464
+ RESERVED
+CVE-2022-24463
+ RESERVED
+CVE-2022-24462
+ RESERVED
+CVE-2022-24461
+ RESERVED
+CVE-2022-24460
+ RESERVED
+CVE-2022-24459
+ RESERVED
+CVE-2022-24458
+ RESERVED
+CVE-2022-24457
+ RESERVED
+CVE-2022-24456
+ RESERVED
+CVE-2022-24455
+ RESERVED
+CVE-2022-24454
+ RESERVED
+CVE-2022-24453
+ RESERVED
+CVE-2022-24452
+ RESERVED
+CVE-2022-24451
+ RESERVED
+CVE-2022-24450 (NATS nats-server before 2.7.2 has Incorrect Access Control. Any authen ...)
+ NOT-FOR-US: nats-server
+CVE-2022-24449
+ RESERVED
+CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.1 ...)
+ - linux 5.16.7-1
+ NOTE: Fixed by: https://git.kernel.org/linus/ac795161c93699d600db16c1a8cc23a65a1eceaf (5.17-rc2)
+CVE-2022-24447
+ RESERVED
+CVE-2022-24446
+ RESERVED
+CVE-2022-24445
+ REJECTED
+CVE-2022-24444
+ RESERVED
+CVE-2022-24443
+ RESERVED
+CVE-2022-24442
+ RESERVED
+CVE-2022-24428
+ RESERVED
+CVE-2022-24427
+ RESERVED
+CVE-2022-24426
+ RESERVED
+CVE-2022-24425
+ RESERVED
+CVE-2022-24424
+ RESERVED
+CVE-2022-24423
+ RESERVED
+CVE-2022-24422
+ RESERVED
+CVE-2022-24421
+ RESERVED
+CVE-2022-24420
+ RESERVED
+CVE-2022-24419
+ RESERVED
+CVE-2022-24418
+ RESERVED
+CVE-2022-24417
+ RESERVED
+CVE-2022-24416
+ RESERVED
+CVE-2022-24415
+ RESERVED
+CVE-2022-24414
+ RESERVED
+CVE-2022-24413
+ RESERVED
+CVE-2022-24412
+ RESERVED
+CVE-2022-24411
+ RESERVED
+CVE-2022-24410
+ RESERVED
+CVE-2022-24409
+ RESERVED
+CVE-2022-24380
+ RESERVED
+CVE-2022-22147
+ RESERVED
+CVE-2022-21130
+ RESERVED
+CVE-2022-0515
+ RESERVED
+CVE-2022-0514
+ RESERVED
+CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...)
+ - node-url-parse 1.5.7-1
+ [bullseye] - node-url-parse <no-dsa> (Minor issue)
+ [buster] - node-url-parse <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b
+ NOTE: https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40 (1.5.6)
+CVE-2022-0511
+ RESERVED
+ - firefox 97.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-0511
+CVE-2022-0510 (Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore pr ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0509 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0508 (Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/pee ...)
+ - peertube <itp> (bug #950821)
+CVE-2022-0507
+ RESERVED
+CVE-2022-0506 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+ NOT-FOR-US: microweber
+CVE-2022-0505 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...)
+ NOT-FOR-US: microweber
+CVE-2022-0504 (Generation of Error Message Containing Sensitive Information in Packag ...)
+ NOT-FOR-US: microweber
+CVE-2022-0503
+ RESERVED
+CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-24408
+ RESERVED
+CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...)
+ NOT-FOR-US: beanstalk_console
+CVE-2022-0500
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044578
+CVE-2022-0499
+ RESERVED
+CVE-2022-0498
+ REJECTED
+CVE-2022-0497
+ RESERVED
+ - openscad 2021.01-4 (unimportant; bug #1005641)
+ NOTE: https://github.com/openscad/openscad/issues/4043
+ NOTE: Crash in CLI tool, no security impact
+CVE-2022-0496
+ RESERVED
+ - openscad 2021.01-4 (unimportant; bug #1005641)
+ NOTE: https://github.com/openscad/openscad/issues/4037
+ NOTE: Crash in CLI tool, no security impact
+CVE-2022-0495
+ RESERVED
+CVE-2022-0494
+ RESERVED
+CVE-2022-0493
+ RESERVED
+CVE-2022-24407
+ RESERVED
+CVE-2022-24406
+ RESERVED
+CVE-2022-24405
+ RESERVED
+CVE-2022-24404
+ RESERVED
+CVE-2022-24403
+ RESERVED
+CVE-2022-24402
+ RESERVED
+CVE-2022-24401
+ RESERVED
+CVE-2022-24400
+ RESERVED
+CVE-2022-24382
+ RESERVED
+CVE-2022-24379
+ RESERVED
+CVE-2022-24297
+ RESERVED
+CVE-2022-23917
+ RESERVED
+CVE-2022-23914
+ RESERVED
+CVE-2022-22730
+ RESERVED
+CVE-2022-21807
+ RESERVED
+CVE-2022-21795
+ RESERVED
+CVE-2022-21233
+ RESERVED
+CVE-2022-21128
+ RESERVED
+CVE-2022-0492 [cgroup-v1: Require capabilities to set release_agent]
+ RESERVED
+ - linux 5.16.7-1
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/04/1
+ NOTE: https://git.kernel.org/linus/24f6008564183aa120d07c03d9289519c2fe02af
+CVE-2022-0491
+ RESERVED
+CVE-2022-0490
+ RESERVED
+CVE-2022-0489
+ RESERVED
+CVE-2022-0488
+ RESERVED
+CVE-2022-24399
+ RESERVED
+CVE-2022-24398
+ RESERVED
+CVE-2022-24397
+ RESERVED
+CVE-2022-24396
+ RESERVED
+CVE-2022-24395
+ RESERVED
+CVE-2022-24394
+ RESERVED
+CVE-2022-24393
+ RESERVED
+CVE-2022-24392
+ RESERVED
+CVE-2022-24391
+ RESERVED
+CVE-2022-24390
+ RESERVED
+CVE-2022-24389
+ RESERVED
+CVE-2022-24388
+ RESERVED
+CVE-2022-24387
+ RESERVED
+CVE-2022-24386
+ RESERVED
+CVE-2022-24385
+ RESERVED
+CVE-2022-24384
+ RESERVED
+CVE-2022-21241 (Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a rem ...)
+ NOT-FOR-US: CSV+
+CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in ...)
+ - linux 5.16.10-1 (unimportant)
+ NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516
+ NOTE: https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/
+ NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4)
+ NOTE: CONFIG_MMC_MOXART is not set in Debian.
+CVE-2022-0486
+ RESERVED
+CVE-2022-0485 [nbdcopy: missing error handling may create corrupted destination image]
+ RESERVED
+ - libnbd 1.10.5-1 (bug #1005307)
+ [bullseye] - libnbd <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2050324
+ NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb (v1.11.8)
+ NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/9219d2e70c770d8efb98d6e8eaf68e8e354631e3 (v1.10.4)
+ NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/6c8f2f859926b82094fb5e85c446ea099700fa10 (v1.6.6)
+ NOTE: https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html
+CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens Extens ...)
+ NOT-FOR-US: Mirantis Container Cloud Lens
+CVE-2022-0483 (Local privilege escalation due to insecure folder permissions. The fol ...)
+ NOT-FOR-US: Acronis VSS Doctor
+CVE-2022-0482
+ RESERVED
+CVE-2022-24372
+ RESERVED
+CVE-2022-24371
+ RESERVED
+CVE-2022-24370 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24369 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24368 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24367 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24366 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24365 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24364 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24363 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24362 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24361 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24360 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24359 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24358 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24357 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24356 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2022-24355 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: TP-Link
+CVE-2022-24354 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: TP-Link
+CVE-2022-24353
+ RESERVED
+CVE-2022-24352
+ RESERVED
+CVE-2022-24351
+ RESERVED
+CVE-2022-24350
+ RESERVED
+CVE-2022-24349
+ RESERVED
+CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal ...)
+ NOT-FOR-US: Argo CD
+CVE-2022-24347
+ RESERVED
+CVE-2022-24346
+ RESERVED
+CVE-2022-24345
+ RESERVED
+CVE-2022-24344
+ RESERVED
+CVE-2022-24343
+ RESERVED
+CVE-2022-24342
+ RESERVED
+CVE-2022-24341
+ RESERVED
+CVE-2022-24340
+ RESERVED
+CVE-2022-24339
+ RESERVED
+CVE-2022-24338
+ RESERVED
+CVE-2022-24337
+ RESERVED
+CVE-2022-24336
+ RESERVED
+CVE-2022-24335
+ RESERVED
+CVE-2022-24334
+ RESERVED
+CVE-2022-24333
+ RESERVED
+CVE-2022-24332
+ RESERVED
+CVE-2022-24331
+ RESERVED
+CVE-2022-24330
+ RESERVED
+CVE-2022-24329
+ RESERVED
+CVE-2022-24328
+ RESERVED
+CVE-2022-24327
+ RESERVED
+CVE-2022-24326
+ RESERVED
+CVE-2022-24325
+ RESERVED
+CVE-2022-23402
+ RESERVED
+CVE-2022-23401
+ RESERVED
+CVE-2022-22729
+ RESERVED
+CVE-2022-22151
+ RESERVED
+CVE-2022-22148
+ RESERVED
+CVE-2022-22145
+ RESERVED
+CVE-2022-22141
+ RESERVED
+CVE-2022-21808
+ RESERVED
+CVE-2022-21194
+ RESERVED
+CVE-2022-21177
+ RESERVED
+CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+ - mruby <unfixed>
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027
+ NOTE: https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e
+ TODO: check, possibly only introduced with dccd66f9efecd0a974b735c62836fe566015cf37 in 3.1.0-rc
+CVE-2022-24324
+ RESERVED
+CVE-2022-24323
+ RESERVED
+CVE-2022-24322
+ RESERVED
+CVE-2022-24321 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24320 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24319 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24318 (A CWE-326: Inadequate Encryption Strength vulnerability exists that co ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24317 (A CWE-862: Missing Authorization vulnerability exists that could cause ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24316 (A CWE-665: Improper Initialization vulnerability exists that could cau ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24315 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause de ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24314 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause me ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24313 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24312 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24311 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists that co ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-24309
+ RESERVED
+CVE-2022-0480
+ RESERVED
+ - linux 5.15.3-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2049700
+ NOTE: https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1)
+CVE-2022-0479
+ RESERVED
+CVE-2022-0478
+ RESERVED
+CVE-2022-0477
+ RESERVED
+CVE-2022-0476
+ RESERVED
+CVE-2022-0475
+ RESERVED
+CVE-2022-0474 (Full list of recipients from customer users in a contact field could b ...)
+ NOT-FOR-US: OTRS
+ NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian
+CVE-2022-0473 (OTRS administrators can configure dynamic field and inject malicious J ...)
+ NOT-FOR-US: OTRS
+ NOTE: Only affects 7.x, so won't affect znuny fork packaged in Debian
+CVE-2022-24308
+ RESERVED
+CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...)
+ NOT-FOR-US: Mastodon
+CVE-2022-24306
+ RESERVED
+CVE-2022-24305
+ RESERVED
+CVE-2022-24304
+ RESERVED
+CVE-2022-24303
+ RESERVED
+ - pillow <unfixed>
+ [bullseye] - pillow <ignored> (Minor issue)
+ [buster] - pillow <ignored> (Minor issue)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052682
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security
+ NOTE: https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26 (9.0.1)
+CVE-2022-24302
+ RESERVED
+CVE-2022-24296
+ RESERVED
+CVE-2022-24295 (Okta Advanced Server Access Client for Windows prior to version 1.57.0 ...)
+ NOT-FOR-US: Okta Advanced Server Access Client
+CVE-2022-22986
+ RESERVED
+CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...)
+ NOT-FOR-US: jsdecena/laracom
+CVE-2022-0471
+ RESERVED
+CVE-2022-24294
+ RESERVED
+CVE-2022-24293
+ RESERVED
+CVE-2022-24292
+ RESERVED
+CVE-2022-24291
+ RESERVED
+CVE-2022-24290
+ RESERVED
+CVE-2022-24289 (Hessian serialization is a network protocol that supports object-based ...)
+ NOT-FOR-US: Apache Cayenne
+CVE-2022-24288
+ RESERVED
+CVE-2022-24287
+ RESERVED
+CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R ...)
+ NOT-FOR-US: ELECOM
+CVE-2022-21173 (Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 f ...)
+ NOT-FOR-US: ELECOM
+CVE-2022-0470
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0469
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0468
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0467
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0466
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0465
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0464
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0463
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0462
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0461
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0460
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0459
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0458
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0457
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0456
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0455
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0454
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0453
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0452
+ RESERVED
+ {DSA-5068-1}
+ - chromium 98.0.4758.80-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...)
+ NOT-FOR-US: Dart SDK
+CVE-2022-0450
+ RESERVED
+CVE-2022-0449
+ RESERVED
+CVE-2022-0448
+ RESERVED
+CVE-2022-0447
+ RESERVED
+CVE-2022-0446
+ RESERVED
+CVE-2022-0445
+ RESERVED
+CVE-2022-0444
+ RESERVED
+CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51
+ NOTE: https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 (v8.2.4281)
+CVE-2022-0442
+ RESERVED
+CVE-2022-0441
+ RESERVED
+CVE-2022-0440
+ RESERVED
+CVE-2022-0439
+ RESERVED
+CVE-2022-0438
+ RESERVED
+CVE-2022-24286
+ RESERVED
+CVE-2022-24285
+ RESERVED
+CVE-2022-24284
+ RESERVED
+CVE-2022-24283
+ RESERVED
+CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. ...)
+ NOT-FOR-US: Node karma
+CVE-2022-0436
+ RESERVED
+CVE-2022-24282
+ RESERVED
+CVE-2022-24281
+ RESERVED
+CVE-2022-24280
+ RESERVED
+CVE-2022-24277
+ RESERVED
+CVE-2022-24276
+ RESERVED
+CVE-2022-24275
+ RESERVED
+CVE-2022-24274
+ RESERVED
+CVE-2022-24273
+ RESERVED
+CVE-2022-24272
+ RESERVED
+CVE-2022-23400
+ RESERVED
+CVE-2022-0435
+ RESERVED
+ - linux 5.16.10-1
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/10/1
+ NOTE: Fixed by: https://git.kernel.org/linus/9aa422ad326634b76309e8ff342c246800621216
+CVE-2022-0434
+ RESERVED
+CVE-2022-0433 [missing initialization in bloom filter map in kernel/bpf/bloom_filter.c can lead to DoS]
+ RESERVED
+ - linux <not-affected> (Vulnerable code newer in a supported Debian release; only affected experimental)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048259
+ NOTE: Fixed by: https://git.kernel.org/linus/3ccdcee28415c4226de05438b4d89eb5514edf73 (5.17-rc1)
+CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon prior to 3. ...)
+ NOT-FOR-US: Mastodon
+CVE-2022-0431
+ RESERVED
+CVE-2022-0430
+ RESERVED
+CVE-2022-0429
+ RESERVED
+CVE-2022-0428
+ RESERVED
+CVE-2022-0427
+ RESERVED
+CVE-2022-0426
+ RESERVED
+CVE-2022-0425
+ RESERVED
+CVE-2022-0424
+ RESERVED
+CVE-2022-0423
+ RESERVED
+CVE-2022-0422
+ RESERVED
+CVE-2022-0421
+ RESERVED
+CVE-2022-0420
+ RESERVED
+CVE-2022-24271
+ RESERVED
+CVE-2022-24270
+ RESERVED
+CVE-2022-24269
+ RESERVED
+CVE-2022-24268
+ RESERVED
+CVE-2022-24267
+ RESERVED
+CVE-2022-24266 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: Cuppa CMS
+CVE-2022-24265 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: Cuppa CMS
+CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: Cuppa CMS
+CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a SQL inject ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2022-24262 (The config restore function of Voipmonitor GUI before v24.96 does not ...)
+ NOT-FOR-US: Voipmonitor
+CVE-2022-24261
+ RESERVED
+CVE-2022-24260 (A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows ...)
+ NOT-FOR-US: Voipmonitor
+CVE-2022-24259 (An incorrect check in the component cdr.php of Voipmonitor GUI before ...)
+ NOT-FOR-US: Voipmonitor
+CVE-2022-24258
+ RESERVED
+CVE-2022-24257
+ RESERVED
+CVE-2022-24256
+ RESERVED
+CVE-2022-24255
+ RESERVED
+CVE-2022-24254
+ RESERVED
+CVE-2022-24253
+ RESERVED
+CVE-2022-24252
+ RESERVED
+CVE-2022-24251
+ RESERVED
+CVE-2022-24250
+ RESERVED
+CVE-2022-24249 (A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the ...)
+ - gpac <unfixed>
+ [bullseye] - gpac <no-dsa> (Minor issue)
+ [buster] - gpac <no-dsa> (Minor issue)
+ NOTE: https://github.com/gpac/gpac/issues/2081
+ NOTE: https://github.com/gpac/gpac/commit/71f9871fc210e60df041b58c84572782b4849de9
+CVE-2022-24248
+ RESERVED
+CVE-2022-24247
+ RESERVED
+CVE-2022-24246
+ RESERVED
+CVE-2022-24245
+ RESERVED
+CVE-2022-24244
+ RESERVED
+CVE-2022-24243
+ RESERVED
+CVE-2022-24242
+ RESERVED
+CVE-2022-24241
+ RESERVED
+CVE-2022-24240
+ RESERVED
+CVE-2022-24239
+ RESERVED
+CVE-2022-24238
+ RESERVED
+CVE-2022-24237
+ RESERVED
+CVE-2022-24236
+ RESERVED
+CVE-2022-24235
+ RESERVED
+CVE-2022-24234
+ RESERVED
+CVE-2022-24233
+ RESERVED
+CVE-2022-24232
+ RESERVED
+CVE-2022-24231
+ RESERVED
+CVE-2022-24230
+ RESERVED
+CVE-2022-24229
+ RESERVED
+CVE-2022-24228
+ RESERVED
+CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows at ...)
+ NOT-FOR-US: BoltWire
+CVE-2022-24226 (Hospital Management System v4.0 was discovered to contain a blind SQL ...)
+ NOT-FOR-US: Hospital Management System
+CVE-2022-24225
+ RESERVED
+CVE-2022-24224
+ RESERVED
+CVE-2022-24223 (AtomCMS v2.0 was discovered to contain a SQL injection vulnerability v ...)
+ NOT-FOR-US: AtomCMS
+CVE-2022-24222 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: eliteCMS
+CVE-2022-24221 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: eliteCMS
+CVE-2022-24220 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: eliteCMS
+CVE-2022-24219 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: eliteCMS
+CVE-2022-24218 (An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers ...)
+ NOT-FOR-US: eliteCMS
+CVE-2022-24217
+ RESERVED
+CVE-2022-24216
+ RESERVED
+CVE-2022-24215
+ RESERVED
+CVE-2022-24214
+ RESERVED
+CVE-2022-24213
+ RESERVED
+CVE-2022-24212
+ RESERVED
+CVE-2022-24211
+ RESERVED
+CVE-2022-24210
+ RESERVED
+CVE-2022-24209
+ RESERVED
+CVE-2022-24208
+ RESERVED
+CVE-2022-24207
+ RESERVED
+CVE-2022-24206 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
+ NOT-FOR-US: Tongda2000
+CVE-2022-24205
+ RESERVED
+CVE-2022-24204
+ RESERVED
+CVE-2022-24203
+ RESERVED
+CVE-2022-24202
+ RESERVED
+CVE-2022-24201
+ RESERVED
+CVE-2022-24200
+ RESERVED
+CVE-2022-24199
+ RESERVED
+CVE-2022-24198 (iText v7.1.17 was discovered to contain an out-of-bounds exception via ...)
+ NOT-FOR-US: iText
+CVE-2022-24197 (iText v7.1.17 was discovered to contain a stack-based buffer overflow ...)
+ NOT-FOR-US: iText
+CVE-2022-24196 (iText v7.1.17 was discovered to contain an out-of-memory error via the ...)
+ NOT-FOR-US: iText
+CVE-2022-24195
+ RESERVED
+CVE-2022-24194
+ RESERVED
+CVE-2022-24193
+ RESERVED
+CVE-2022-24192
+ RESERVED
+CVE-2022-24191
+ RESERVED
+CVE-2022-24190
+ RESERVED
+CVE-2022-24189
+ RESERVED
+CVE-2022-24188
+ RESERVED
+CVE-2022-24187
+ RESERVED
+CVE-2022-24186
+ RESERVED
+CVE-2022-24185
+ RESERVED
+CVE-2022-24184
+ RESERVED
+CVE-2022-24183
+ RESERVED
+CVE-2022-24182
+ RESERVED
+CVE-2022-24181
+ RESERVED
+CVE-2022-24180
+ RESERVED
+CVE-2022-24179
+ RESERVED
+CVE-2022-24178
+ RESERVED
+CVE-2022-24177
+ RESERVED
+CVE-2022-24176
+ RESERVED
+CVE-2022-24175
+ RESERVED
+CVE-2022-24174
+ RESERVED
+CVE-2022-24173
+ RESERVED
+CVE-2022-24172 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24171 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24170 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24169 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24168 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24167 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24166 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24165 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24164 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24163 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24162 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24161 (Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24160 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24159 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24158 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24157 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24156 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24155 (Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24154 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24153 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24152 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24151 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24150 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24149 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24148 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24147 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24146 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24145 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24144 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24143 (Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to con ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24142 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...)
+ NOT-FOR-US: Tenda routers
+CVE-2022-24141
+ RESERVED
+CVE-2022-24140
+ RESERVED
+CVE-2022-24139
+ RESERVED
+CVE-2022-24138
+ RESERVED
+CVE-2022-24137
+ RESERVED
+CVE-2022-24136
+ RESERVED
+CVE-2022-24135
+ RESERVED
+CVE-2022-24134
+ RESERVED
+CVE-2022-24133
+ RESERVED
+CVE-2022-24132
+ RESERVED
+CVE-2022-24131
+ RESERVED
+CVE-2022-21170
+ RESERVED
+CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa
+ NOTE: https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 (5.6.0)
+CVE-2022-0418
+ RESERVED
+CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/
+ NOTE: https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a (v8.2.4245)
+CVE-2022-0416
+ RESERVED
+CVE-2022-0415
+ RESERVED
+CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows attacke ...)
+ {DLA-2913-1}
+ - xterm 370-2 (bug #1004689)
+ [bullseye] - xterm <no-dsa> (Minor issue)
+ [buster] - xterm <no-dsa> (Minor issue)
+ NOTE: https://twitter.com/nickblack/status/1487731459398025216
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/2
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/3
+ NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d
+CVE-2022-24129 (The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allow ...)
+ NOT-FOR-US: Shibboleth identity provider OIDC OP plugin
+CVE-2022-24128
+ RESERVED
+CVE-2022-24127
+ RESERVED
+CVE-2022-24126
+ RESERVED
+CVE-2022-24125
+ RESERVED
+CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection vulnerabili ...)
+ NOT-FOR-US: Casdoor
+CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a mermaid block ...)
+ NOT-FOR-US: MarkText
+CVE-2022-24121 (SQL Injection vulnerability discovered in Unified Office Total Connect ...)
+ NOT-FOR-US: Unified Office
+CVE-2022-0414 (Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. ...)
+ - dolibarr <removed>
+CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38
+ NOTE: https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a (v8.2.4253)
+CVE-2022-0412
+ RESERVED
+CVE-2022-0411
+ RESERVED
+CVE-2022-0410
+ RESERVED
+CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivil ...)
+ - linux 5.15.15-2
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/29/1
+ NOTE: https://git.kernel.org/linus/f9d87929d451d3e649699d0f1d74f71f77ad38f5
+CVE-2022-24120
+ RESERVED
+CVE-2022-24119
+ RESERVED
+CVE-2022-24118
+ RESERVED
+CVE-2022-24117
+ RESERVED
+CVE-2022-24116
+ RESERVED
+CVE-2022-24115 (Local privilege escalation due to unrestricted loading of unsigned lib ...)
+ NOT-FOR-US: Acronis
+CVE-2022-24114 (Local privilege escalation due to race condition on application startu ...)
+ NOT-FOR-US: Acronis
+CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...)
+ NOT-FOR-US: Acronis
+CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist showdoc/s ...)
+ NOT-FOR-US: ShowDoc
+CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d
+ NOTE: https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31 (v8.2.4247)
+CVE-2022-0407 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c
+ NOTE: https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e (v8.2.4219)
+CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send requests to by ...)
+ NOT-FOR-US: Apache APISIX
+CVE-2022-0406
+ RESERVED
+CVE-2022-0405
+ RESERVED
+CVE-2022-0404
+ RESERVED
+CVE-2022-0403
+ RESERVED
+CVE-2022-0402
+ RESERVED
+CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12. ...)
+ NOT-FOR-US: Node w-zip
+CVE-2022-0400 [Out of bounds read in the smc protocol stack]
+ RESERVED
+ - linux <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044575
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public)
+CVE-2022-0399
+ RESERVED
+CVE-2022-0398
+ RESERVED
+CVE-2022-0397
+ RESERVED
+CVE-2022-24111 (In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios cr ...)
+ - mahara <removed>
+CVE-2022-24110 (Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' ...)
+ NOT-FOR-US: Kiteworks managed file transfer
+CVE-2022-24109
+ RESERVED
+CVE-2022-24108
+ RESERVED
+CVE-2022-24107
+ RESERVED
+CVE-2022-24106
+ RESERVED
+CVE-2022-24105
+ RESERVED
+CVE-2022-24104
+ RESERVED
+CVE-2022-24103
+ RESERVED
+CVE-2022-24102
+ RESERVED
+CVE-2022-24101
+ RESERVED
+CVE-2022-24100
+ RESERVED
+CVE-2022-24099
+ RESERVED
+CVE-2022-24098
+ RESERVED
+CVE-2022-24097
+ RESERVED
+CVE-2022-24096
+ RESERVED
+CVE-2022-24095
+ RESERVED
+CVE-2022-24094
+ RESERVED
+CVE-2022-24093
+ RESERVED
+CVE-2022-24092
+ RESERVED
+CVE-2022-24091
+ RESERVED
+CVE-2022-24090
+ RESERVED
+CVE-2022-24089
+ RESERVED
+CVE-2022-24088
+ RESERVED
+CVE-2022-24087
+ RESERVED
+CVE-2022-24086 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...)
+ NOT-FOR-US: Adobe
+CVE-2022-24085
+ RESERVED
+CVE-2022-24084
+ RESERVED
+CVE-2022-24083
+ RESERVED
+CVE-2022-24082
+ RESERVED
+CVE-2022-24081
+ RESERVED
+CVE-2022-24080
+ RESERVED
+CVE-2022-24079
+ RESERVED
+CVE-2022-24078
+ RESERVED
+CVE-2022-24077
+ RESERVED
+CVE-2022-24076
+ RESERVED
+CVE-2022-24075
+ RESERVED
+CVE-2022-24074
+ RESERVED
+CVE-2022-24073
+ RESERVED
+CVE-2022-24072
+ RESERVED
+CVE-2022-24071 (A Built-in extension in Whale browser before 3.12.129.46 allows attack ...)
+ NOT-FOR-US: Whale browser
+CVE-2022-24070
+ RESERVED
+CVE-2022-0396
+ RESERVED
+CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba
+ NOTE: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 (v8.2.4233)
+CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
+CVE-2022-24064 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24063 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24062 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24061 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24060 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24059 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24058 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24057 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24056 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24055 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Sante DICOM Viewer
+CVE-2022-24054
+ RESERVED
+CVE-2022-24053
+ RESERVED
+CVE-2022-24052 (This vulnerability allows local attackers to escalate privileges on af ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/
+CVE-2022-24051 (This vulnerability allows local attackers to escalate privileges on af ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/
+CVE-2022-24050 (This vulnerability allows local attackers to escalate privileges on af ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/
+CVE-2022-24049 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Sonos One Speaker
+CVE-2022-24048 (This vulnerability allows local attackers to escalate privileges on af ...)
+ - mariadb-10.6 1:10.6.7-1
+ - mariadb-10.5 <removed>
+ - mariadb-10.3 <removed>
+ NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/
+CVE-2022-24047 (This vulnerability allows remote attackers to bypass authentication on ...)
+ NOT-FOR-US: BMC Track-It!
+CVE-2022-24046 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ NOT-FOR-US: Sonos One Speaker
+CVE-2022-24045
+ RESERVED
+CVE-2022-24044
+ RESERVED
+CVE-2022-24043
+ RESERVED
+CVE-2022-24042
+ RESERVED
+CVE-2022-24041
+ RESERVED
+CVE-2022-24040
+ RESERVED
+CVE-2022-24039
+ RESERVED
+CVE-2022-24038
+ RESERVED
+CVE-2022-24037
+ RESERVED
+CVE-2022-24036
+ RESERVED
+CVE-2022-23921
+ RESERVED
+CVE-2022-22987 (The affected product has a hardcoded private key available inside the ...)
+ NOT-FOR-US: Advantech
+CVE-2022-21798
+ RESERVED
+CVE-2022-21154
+ RESERVED
+CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
+ NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218)
+CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse modul ...)
+ - python3.9 3.9.7-1
+ [bullseye] - python3.9 <no-dsa> (Minor issue)
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ [stretch] - python3.5 <postponed> (Minor issue; regressions reports)
+ - python3.4 <removed>
+ NOTE: https://bugs.python.org/issue43882
+ NOTE: Fixed by: https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 (v3.10.0b1)
+ NOTE: Followup for 3.10.x: https://github.com/python/cpython/commit/24f1d1a8a2c4aa58a606b4b6d5fa4305a3b91705 (v3.10.0b2)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/491fde0161d5e527eeff8586dd3972d7d3a631a7 (v3.9.5)
+ NOTE: Followup for 3.9.x: https://github.com/python/cpython/commit/8a595744e696a0fb92dccc5d4e45da41571270a1 (v3.9.6)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/515a7bc4e13645d0945b46a8e1d9102b918cd407 (v3.8.11)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/f4dac7ec55477a6c5d965e594e74bd6bda786903 (v3.7.11)
+ NOTE: Fixed by: https://github.com/python/cpython/commit/6c472d3a1d334d4eeb4a25eba7bf3b01611bf667 (v3.6.14)
+CVE-2022-0390
+ RESERVED
+CVE-2022-0389
+ RESERVED
+CVE-2022-0388
+ RESERVED
+CVE-2022-24035
+ RESERVED
+CVE-2022-24034
+ RESERVED
+CVE-2022-24033
+ RESERVED
+CVE-2022-24032 (Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enu ...)
+ NOT-FOR-US: Adenza AxiomSL ControllerView
+CVE-2022-24031 (An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kern ...)
+ NOT-FOR-US: Insyde
+CVE-2022-24030 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
+ NOT-FOR-US: Insyde
+CVE-2022-24029
+ RESERVED
+CVE-2022-24028
+ RESERVED
+CVE-2022-24027
+ RESERVED
+CVE-2022-24026
+ RESERVED
+CVE-2022-24025
+ RESERVED
+CVE-2022-24024
+ RESERVED
+CVE-2022-24023
+ RESERVED
+CVE-2022-24022
+ RESERVED
+CVE-2022-24021
+ RESERVED
+CVE-2022-24020
+ RESERVED
+CVE-2022-24019
+ RESERVED
+CVE-2022-24018
+ RESERVED
+CVE-2022-24017
+ RESERVED
+CVE-2022-24016
+ RESERVED
+CVE-2022-24015
+ RESERVED
+CVE-2022-24014
+ RESERVED
+CVE-2022-24013
+ RESERVED
+CVE-2022-24012
+ RESERVED
+CVE-2022-24011
+ RESERVED
+CVE-2022-24010
+ RESERVED
+CVE-2022-24009
+ RESERVED
+CVE-2022-24008
+ RESERVED
+CVE-2022-24007
+ RESERVED
+CVE-2022-24006
+ RESERVED
+CVE-2022-24005
+ RESERVED
+CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0386
+ RESERVED
+CVE-2022-0385
+ RESERVED
+CVE-2022-0384
+ RESERVED
+CVE-2022-24004
+ RESERVED
+CVE-2022-24003 (Exposure of Sensitive Information vulnerability in Bixby Vision prior ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24002 (Improper Authorization vulnerability in Link Sharing prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24001 (Information disclosure vulnerability in Edge Panel prior to Android S( ...)
+ NOT-FOR-US: Samsung
+CVE-2022-24000 (PendingIntent hijacking vulnerability in DataUsageReminderReceiver pri ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23999 (PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb- ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23998 (Improper access control vulnerability in Camera prior to versions 11.1 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23997 (Unprotected component vulnerability in StTheaterModeDurationAlarmRecei ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23996 (Unprotected component vulnerability in StTheaterModeReceiver in Wear O ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23995 (Unprotected component vulnerability in StBedtimeModeAlarmReceiver in W ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23994 (An Improper access control vulnerability in StBedtimeModeReceiver in W ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...)
+ NOT-FOR-US: pfSense
+CVE-2022-23992 (XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain ...)
+ NOT-FOR-US: XCOM Data Transport
+CVE-2022-23991
+ RESERVED
+CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-3
+ NOTE: https://github.com/libexpat/libexpat/pull/551
+ NOTE: Introduced with: https://github.com/libexpat/libexpat/commit/cb8a4c756d057b948c1b41e7185dd69ef3ade3fb (R_1_95_4)
+ NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/ede41d1e186ed2aba88a06e84cac839b770af3a1 (R_2_4_4)
+CVE-2022-23989
+ RESERVED
+CVE-2022-23988
+ RESERVED
+CVE-2022-23987
+ RESERVED
+CVE-2022-23984 (Sensitive information disclosure discovered in wpDiscuz WordPress plug ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23983 (Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Sett ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr &#8211; Ye ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23978
+ RESERVED
+CVE-2022-23977
+ RESERVED
+CVE-2022-23976
+ RESERVED
+CVE-2022-23975
+ RESERVED
+CVE-2022-23974
+ RESERVED
+CVE-2022-23103
+ RESERVED
+CVE-2022-0383
+ RESERVED
+CVE-2022-0382 (An information leak flaw was found due to uninitialized memory in the ...)
+ - linux 5.15.15-1
+ NOTE: Fixed by: https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523
+CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Si ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0380 (The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Sc ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+ NOT-FOR-US: microweber
+CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
+ NOT-FOR-US: microweber
+CVE-2022-0377
+ RESERVED
+CVE-2022-0376
+ RESERVED
+CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0373
+ RESERVED
+CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior ...)
+ NOT-FOR-US: Crater
+CVE-2022-23973
+ RESERVED
+CVE-2022-23972
+ RESERVED
+CVE-2022-23971
+ RESERVED
+CVE-2022-23970
+ RESERVED
+CVE-2022-23969
+ RESERVED
+CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware before 2022-0 ...)
+ NOT-FOR-US: Xerox
+CVE-2022-23967 (In TightVNC 1.3.10, there is an integer signedness error and resultant ...)
+ TODO: check
+CVE-2022-23966
+ RESERVED
+CVE-2022-23965
+ RESERVED
+CVE-2022-23964
+ RESERVED
+CVE-2022-23963
+ RESERVED
+CVE-2022-23962
+ RESERVED
+CVE-2022-23961
+ RESERVED
+CVE-2022-23960
+ RESERVED
+CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 ...)
+ {DLA-2920-1}
+ - varnish <unfixed> (bug #1004433)
+ NOTE: https://varnish-cache.org/security/VSV00008.html
+ NOTE: https://docs.varnish-software.com/security/VSV00008/
+ NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4 (master)
+ NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/9ed39d1f796369caafb647fe37b729c07f332327 (6.6.2)
+ NOTE: Test case: https://github.com/varnishcache/varnish-cache/commit/ec531e16b9cd139bbf8971c5b306561c669681f4 (6.6.2)
+CVE-2022-23958
+ RESERVED
+CVE-2022-23957
+ RESERVED
+CVE-2022-23956
+ RESERVED
+CVE-2022-23955
+ RESERVED
+CVE-2022-23954
+ RESERVED
+CVE-2022-23953
+ RESERVED
+CVE-2022-23952
+ RESERVED
+CVE-2022-23951
+ RESERVED
+CVE-2022-23950
+ RESERVED
+CVE-2022-23949
+ RESERVED
+CVE-2022-23948
+ RESERVED
+CVE-2022-0371
+ RESERVED
+CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0369
+ RESERVED
+CVE-2022-23947 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+ NOT-FOR-US: Gerber
+CVE-2022-23946 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+ NOT-FOR-US: Gerber
+CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. This iss ...)
+ NOT-FOR-US: Apache ShenYu Admin
+CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...)
+ NOT-FOR-US: Apache ShenYu Admin
+CVE-2022-23943
+ RESERVED
+CVE-2022-23942
+ RESERVED
+CVE-2022-21184
+ RESERVED
+CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/
+ NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217)
+CVE-2022-0367
+ RESERVED
+CVE-2022-0366 (An authenticated and authorized agent user could potentially gain admi ...)
+ NOT-FOR-US: Sophos
+CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...)
+ NOT-FOR-US: Ricon Mobile
+CVE-2022-0364
+ RESERVED
+CVE-2022-0363
+ RESERVED
+CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...)
+ NOT-FOR-US: ShowDoc
+CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b
+ NOTE: https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 (v8.2.4215)
+CVE-2022-0360
+ RESERVED
+CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def
+ NOTE: https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 (v8.2.4214)
+CVE-2022-0358
+ RESERVED
+ - qemu <unfixed>
+ [buster] - qemu <not-affected> (Vulnerable code not present)
+ [stretch] - qemu <not-affected> (virtiofsd added in 5.0)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044863
+ NOTE: https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca
+CVE-2022-0357
+ RESERVED
+CVE-2022-0356
+ RESERVED
+CVE-2022-23941
+ RESERVED
+CVE-2022-23940
+ RESERVED
+CVE-2022-23939
+ RESERVED
+CVE-2022-23938
+ RESERVED
+CVE-2022-23937
+ RESERVED
+CVE-2022-23936
+ RESERVED
+CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ...)
+ - libimage-exiftool-perl 12.38+dfsg-1
+ [bullseye] - libimage-exiftool-perl <no-dsa> (Minor issue)
+ [buster] - libimage-exiftool-perl <no-dsa> (Minor issue)
+ [stretch] - libimage-exiftool-perl <no-dsa> (Minor issue)
+ NOTE: https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582 (12.38)
+CVE-2022-23934
+ RESERVED
+CVE-2022-23933
+ RESERVED
+CVE-2022-23932
+ RESERVED
+CVE-2022-23931
+ RESERVED
+CVE-2022-23930
+ RESERVED
+CVE-2022-23929
+ RESERVED
+CVE-2022-23928
+ RESERVED
+CVE-2022-23927
+ RESERVED
+CVE-2022-23926
+ RESERVED
+CVE-2022-23925
+ RESERVED
+CVE-2022-23924
+ RESERVED
+CVE-2022-23919
+ RESERVED
+CVE-2022-23918
+ RESERVED
+CVE-2022-23399
+ RESERVED
+CVE-2022-22144
+ RESERVED
+CVE-2022-22140
+ RESERVED
+CVE-2022-21201
+ RESERVED
+CVE-2022-21178
+ RESERVED
+CVE-2022-0355 (Exposure of Sensitive Information to an Unauthorized Actor in NPM simp ...)
+ NOT-FOR-US: simple-get nodejs module
+CVE-2022-0354
+ RESERVED
+CVE-2022-0353
+ RESERVED
+CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker coul ...)
+ NOT-FOR-US: Apache ActiveMQ Artemis
+CVE-2022-23912
+ RESERVED
+CVE-2022-23911
+ RESERVED
+CVE-2022-23910
+ RESERVED
+CVE-2022-23909
+ RESERVED
+CVE-2022-23908
+ RESERVED
+CVE-2022-23907
+ RESERVED
+CVE-2022-23906
+ RESERVED
+CVE-2022-23905
+ RESERVED
+CVE-2022-23904
+ RESERVED
+CVE-2022-23903
+ RESERVED
+CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...)
+ NOT-FOR-US: Tongda2000
+CVE-2022-23901
+ RESERVED
+CVE-2022-23900
+ RESERVED
+CVE-2022-23899
+ RESERVED
+CVE-2022-23898
+ RESERVED
+CVE-2022-23897
+ RESERVED
+CVE-2022-23896
+ RESERVED
+CVE-2022-23895
+ RESERVED
+CVE-2022-23894
+ RESERVED
+CVE-2022-23893
+ RESERVED
+CVE-2022-23892
+ RESERVED
+CVE-2022-23891
+ RESERVED
+CVE-2022-23890
+ RESERVED
+CVE-2022-23889 (The comment function in YzmCMS v6.3 was discovered as being able to be ...)
+ NOT-FOR-US: YzmCMS
+CVE-2022-23888 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSR ...)
+ NOT-FOR-US: YzmCMS
+CVE-2022-23887 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CS ...)
+ NOT-FOR-US: YzmCMS
+CVE-2022-23886
+ RESERVED
+CVE-2022-23885
+ RESERVED
+CVE-2022-23884
+ RESERVED
+CVE-2022-23883
+ RESERVED
+CVE-2022-23882
+ RESERVED
+CVE-2022-23881
+ RESERVED
+CVE-2022-23880
+ RESERVED
+CVE-2022-23879
+ RESERVED
+CVE-2022-23878
+ RESERVED
+CVE-2022-23877
+ RESERVED
+CVE-2022-23876
+ RESERVED
+CVE-2022-23875
+ RESERVED
+CVE-2022-23874
+ RESERVED
+CVE-2022-23873 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...)
+ NOT-FOR-US: Victor CMS
+CVE-2022-23872 (Emlog pro v1.1.1 was discovered to contain a stored cross-site scripti ...)
+ NOT-FOR-US: Emlog pro
+CVE-2022-23871 (Multiple cross-site scripting (XSS) vulnerabilities in the component o ...)
+ NOT-FOR-US: Gibbon CMS
+CVE-2022-23870
+ RESERVED
+CVE-2022-23869
+ RESERVED
+CVE-2022-23868
+ RESERVED
+CVE-2022-23867
+ RESERVED
+CVE-2022-23866
+ RESERVED
+CVE-2022-23865
+ RESERVED
+CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...)
+ NOT-FOR-US: calibre-web
+CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub repository ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161
+ NOTE: https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d (v8.2.4206)
+CVE-2022-0350
+ RESERVED
+CVE-2022-0349
+ RESERVED
+CVE-2022-0348 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0347
+ RESERVED
+CVE-2022-0346
+ RESERVED
+CVE-2022-0345
+ RESERVED
+CVE-2022-0344
+ RESERVED
+CVE-2022-0343
+ RESERVED
+CVE-2022-0342
+ RESERVED
+CVE-2022-23864
+ RESERVED
+CVE-2022-23863 (Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authen ...)
+ NOT-FOR-US: Zoho ManageEngine
+CVE-2022-23862
+ RESERVED
+CVE-2022-23861
+ RESERVED
+CVE-2022-23860
+ RESERVED
+CVE-2022-23859
+ RESERVED
+CVE-2022-23858 (In StarWind Command Center before V2 build 6021, an authenticated read ...)
+ NOT-FOR-US: StarWind Command Center
+CVE-2022-23857 (model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to ...)
+ NOT-FOR-US: Navidrome
+CVE-2022-23856 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...)
+ NOT-FOR-US: Saviynt Enterprise Identity Cloud (EIC)
+CVE-2022-23855 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...)
+ NOT-FOR-US: Saviynt Enterprise Identity Cloud (EIC)
+CVE-2022-23854
+ RESERVED
+CVE-2022-23853 (The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 a ...)
+ - kate <unfixed>
+ [bullseye] - kate <no-dsa> (Minor issue)
+ [buster] - kate <no-dsa> (Minor issue)
+ [stretch] - kate <no-dsa> (Minor issue)
+ - ktexteditor <unfixed>
+ [bullseye] - ktexteditor <no-dsa> (Minor issue)
+ [buster] - ktexteditor <no-dsa> (Minor issue)
+ [stretch] - ktexteditor <no-dsa> (Minor issue)
+ NOTE: https://kde.org/info/security/advisory-20220131-1.txt
+ NOTE: KTextEditor: Fixed by: https://commits.kde.org/ktexteditor/804e49444c093fe58ec0df2ab436565e50dc147e
+ NOTE: KTextEditor: Fixed by: https://commits.kde.org/ktexteditor/c80f935c345de2e2fb10635202800839ca9697bf
+ NOTE: Kate: prerequisites:
+ NOTE: https://commits.kde.org/kate/361dd43e42994829dbdb35e78fb7698d27cbb0e2
+ NOTE: https://commits.kde.org/kate/6fc3bf6e5bd540e842e32c4a959c2158c8573be5
+ NOTE: https://commits.kde.org/kate/92a9c65e30b4b63b8b116eb5c8dcb1e1a2d867bc
+ NOTE: Fixed by: https://commits.kde.org/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9
+ NOTE: Fixed by: https://commits.kde.org/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad
+CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-2
+ NOTE: https://github.com/libexpat/libexpat/pull/550
+ NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 (R_2_4_4)
+ NOTE: Tests: https://github.com/libexpat/libexpat/commit/acf956f14bf79a5e6383a969aaffec98bfbc2e44
+CVE-2022-23851
+ RESERVED
+CVE-2022-0341
+ RESERVED
+CVE-2022-0340
+ RESERVED
+CVE-2022-24300 (Minetest before 5.4.0 allows attackers to add or modify arbitrary meta ...)
+ {DSA-5075-1}
+ - minetest 5.4.1+repack-1 (bug #1004223)
+ [stretch] - minetest <end-of-life> (games are not supported in LTS)
+ NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf
+ NOTE: Fixed by: https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae (5.4.0)
+ NOTE: When fixing this issue the fix for GHSA-7q63-4fq2-hqcr should be included,
+ NOTE: which is not a vulnerability by itself, and won't get a CVE assigned:
+ NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-7q63-4fq2-hqcr
+ NOTE: https://github.com/minetest/minetest/commit/8d6a0b917ce1e7f4f1017835af0ca76e79c98c38 (5.2.0)
+CVE-2022-24301 (In Minetest before 5.4.0, players can add or subtract items from a dif ...)
+ {DSA-5075-1}
+ - minetest 5.4.1+repack-1
+ [stretch] - minetest <end-of-life> (games are not supported in LTS)
+ NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-fvwv-qcq6-wmp5
+ NOTE: Fixed by: https://github.com/minetest/minetest/commit/3693b6871eba268ecc79b3f52d00d3cefe761131 (5.4.0)
+CVE-2022-23850 (xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through ...)
+ - epub2txt2 <itp> (bug #1004115)
+CVE-2022-23849
+ RESERVED
+CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. ...)
+ NOT-FOR-US: calibre-web
+CVE-2022-0338 (Improper Privilege Management in Conda loguru prior to 0.5.3. ...)
+ - loguru <unfixed> (unimportant)
+ NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/
+ NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa
+ NOTE: loguru documents security considerations and best practices to follow
+CVE-2022-23848 (In Alluxio before 2.7.3, the logserver does not validate the input str ...)
+ NOT-FOR-US: Alluxio
+CVE-2022-23847
+ RESERVED
+CVE-2022-23846
+ RESERVED
+CVE-2022-23845
+ RESERVED
+CVE-2022-23844
+ RESERVED
+CVE-2022-23843
+ RESERVED
+CVE-2022-23842
+ RESERVED
+CVE-2022-23841
+ RESERVED
+CVE-2022-23840
+ RESERVED
+CVE-2022-23839
+ RESERVED
+CVE-2022-23838
+ RESERVED
+CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ...)
+ - ruby-sidekiq <unfixed> (bug #1004193)
+ NOTE: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 (v6.4.0)
+CVE-2022-23836
+ RESERVED
+CVE-2022-23835
+ RESERVED
+CVE-2022-0337
+ RESERVED
+CVE-2022-0336 [Samba AD users with permission to write to an account can impersonate arbitrary services]
+ RESERVED
+ - samba <unfixed> (bug #1004694)
+ [bullseye] - samba 2:4.13.13+dfsg-1~deb11u3
+ [buster] - samba <no-dsa> (Minor issue; affects Samba as AD DC)
+ NOTE: https://www.samba.org/samba/security/CVE-2022-0336.html
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14950
+CVE-2022-23834
+ RESERVED
+CVE-2022-23833 (An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27 ...)
+ {DLA-2906-1}
+ - python-django 2:3.2.12-1 (bug #1004752)
+ [bullseye] - python-django <no-dsa> (Minor issue)
+ [buster] - python-django <no-dsa> (Minor issue)
+ NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
+ NOTE: https://github.com/django/django/commit/fc18f36c4ab94399366ca2f2007b3692559a6f23 (main)
+ NOTE: https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9 (4.0.2)
+ NOTE: https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 (3.2.12)
+ NOTE: https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a (2.2.27)
+CVE-2022-23832
+ RESERVED
+CVE-2022-23831
+ RESERVED
+CVE-2022-23830
+ RESERVED
+CVE-2022-23829
+ RESERVED
+CVE-2022-23828
+ RESERVED
+CVE-2022-23827
+ RESERVED
+CVE-2022-23826
+ RESERVED
+CVE-2022-23825
+ RESERVED
+CVE-2022-23824
+ RESERVED
+CVE-2022-23823
+ RESERVED
+CVE-2022-23822
+ RESERVED
+CVE-2022-23821
+ RESERVED
+CVE-2022-23820
+ RESERVED
+CVE-2022-23819
+ RESERVED
+CVE-2022-23818
+ RESERVED
+CVE-2022-23817
+ RESERVED
+CVE-2022-23816
+ RESERVED
+CVE-2022-23815
+ RESERVED
+CVE-2022-23814
+ RESERVED
+CVE-2022-23813
+ RESERVED
+CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allo ...)
+ NOT-FOR-US: TransmitMail
+CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...)
+ NOT-FOR-US: TransmitMail
+CVE-2022-21176 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-21143 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-21141 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
+ - moodle <removed>
+CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
+ - moodle <removed>
+CVE-2022-0333 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...)
+ - moodle <removed>
+CVE-2022-0332 (A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injectio ...)
+ - moodle <removed>
+CVE-2022-0331
+ RESERVED
+CVE-2022-0330 [drm/i915: Flush TLBs before releasing backing store]
+ RESERVED
+ - linux 5.15.15-2
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/12
+ NOTE: https://git.kernel.org/linus/7938d61591d33394a21bdd7797a245b65428f44c
+CVE-2022-0329
+ REJECTED
+CVE-2022-0328
+ RESERVED
+CVE-2022-0327
+ RESERVED
+CVE-2022-23809
+ RESERVED
+CVE-2022-23808 (An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker ca ...)
+ - phpmyadmin 4:5.1.3+dfsg1-1 (unimportant)
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2022-2/
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59
+ NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/28 (setup not available)
+CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before ...)
+ - phpmyadmin 4:5.1.3+dfsg1-1 (unimportant)
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2022-1/
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32
+ NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages)
+ NOTE: 2FA support is not packaged in Debian
+CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...)
+ - golang-1.18 1.18~rc1-1
+ - golang-1.17 1.17.7-1
+ - golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/50974
+ NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+ NOTE: https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 (go1.17.7)
+CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...)
+ NOT-FOR-US: Trend Micro
+CVE-2022-23804 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+ TODO: check
+CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...)
+ TODO: check
+CVE-2022-23802
+ RESERVED
+CVE-2022-23801
+ RESERVED
+CVE-2022-23800
+ RESERVED
+CVE-2022-23799
+ RESERVED
+CVE-2022-23798
+ RESERVED
+CVE-2022-23797
+ RESERVED
+CVE-2022-23796
+ RESERVED
+CVE-2022-23795
+ RESERVED
+CVE-2022-23794
+ RESERVED
+CVE-2022-23793
+ RESERVED
+CVE-2022-0326 (NULL Pointer Dereference in Homebrew mruby prior to 3.2. ...)
+ - mruby <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/mruby/mruby/commit/dccd66f9efecd0a974b735c62836fe566015cf37 (3.1.0-rc)
+ NOTE: Fixed by: https://github.com/mruby/mruby/commit/b611c43a5de061ec21b343967e1b64c45c373d7e
+CVE-2022-0325
+ RESERVED
+CVE-2022-0324
+ RESERVED
+CVE-2022-23792
+ RESERVED
+CVE-2022-23791
+ RESERVED
+CVE-2022-23790
+ RESERVED
+CVE-2022-23789
+ RESERVED
+CVE-2022-23788
+ RESERVED
+CVE-2022-23787
+ RESERVED
+CVE-2022-23786
+ RESERVED
+CVE-2022-23785
+ RESERVED
+CVE-2022-23784
+ RESERVED
+CVE-2022-23783
+ RESERVED
+CVE-2022-23782
+ RESERVED
+CVE-2022-23781
+ RESERVED
+CVE-2022-23780
+ RESERVED
+CVE-2022-21147
+ RESERVED
+CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine ...)
+ NOT-FOR-US: Mustache (implementation in PHP)
+CVE-2022-0322 [DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c]
+ RESERVED
+ - linux 5.14.16-1
+ [bullseye] - linux 5.10.84-1
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://git.kernel.org/linus/a2d859e3fc97e79d907761550dbc03ff1b36479c (5.15-rc6)
+CVE-2022-0321
+ RESERVED
+CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5 does ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b
+ NOTE: https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9 (v8.2.4154)
+CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...)
+ - vim <unfixed> (bug #1004859)
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08
+ NOTE: https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc (v8.2.4151)
+CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...)
+ NOT-FOR-US: go-attestation
+CVE-2022-0316
+ RESERVED
+CVE-2022-0315
+ RESERVED
+CVE-2022-23779
+ RESERVED
+CVE-2022-23778
+ RESERVED
+CVE-2022-23777
+ RESERVED
+CVE-2022-23776
+ RESERVED
+CVE-2022-23775
+ RESERVED
+CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...)
+ NOT-FOR-US: Docker Desktop
+CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret ...)
+ - golang-1.18 1.18~rc1-1
+ - golang-1.17 1.17.7-1
+ - golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/35671
+ NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+ NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7)
+CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...)
+ - golang-1.18 1.18~beta2-1
+ - golang-1.17 1.17.7-1
+ - golang-1.15 <removed>
+ [bullseye] - golang-1.15 <no-dsa> (Minor issue)
+ - golang-1.11 <removed>
+ [buster] - golang-1.11 <no-dsa> (Minor issue)
+ - golang-1.8 <removed>
+ - golang-1.7 <removed>
+ NOTE: https://github.com/golang/go/issues/50699
+ NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
+ NOTE: https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a (go1.17.7)
+CVE-2022-23771
+ RESERVED
+CVE-2022-23770
+ RESERVED
+CVE-2022-23769
+ RESERVED
+CVE-2022-23768
+ RESERVED
+CVE-2022-23767
+ RESERVED
+CVE-2022-23766
+ RESERVED
+CVE-2022-23765
+ RESERVED
+CVE-2022-23764
+ RESERVED
+CVE-2022-23763
+ RESERVED
+CVE-2022-23762
+ RESERVED
+CVE-2022-23761
+ RESERVED
+CVE-2022-23760
+ RESERVED
+CVE-2022-23759
+ RESERVED
+CVE-2022-23758
+ RESERVED
+CVE-2022-23757
+ RESERVED
+CVE-2022-23756
+ RESERVED
+CVE-2022-23755
+ RESERVED
+CVE-2022-23754
+ RESERVED
+CVE-2022-23753
+ RESERVED
+CVE-2022-23752
+ RESERVED
+CVE-2022-23751
+ RESERVED
+CVE-2022-23750
+ RESERVED
+CVE-2022-23749
+ RESERVED
+CVE-2022-23748
+ RESERVED
+CVE-2022-23747
+ RESERVED
+CVE-2022-23746
+ RESERVED
+CVE-2022-23745
+ RESERVED
+CVE-2022-23744
+ RESERVED
+CVE-2022-23743
+ RESERVED
+CVE-2022-23742
+ RESERVED
+CVE-2022-23741
+ RESERVED
+CVE-2022-23740
+ RESERVED
+CVE-2022-23739
+ RESERVED
+CVE-2022-23738
+ RESERVED
+CVE-2022-23737
+ RESERVED
+CVE-2022-23736
+ RESERVED
+CVE-2022-23735
+ RESERVED
+CVE-2022-23734
+ RESERVED
+CVE-2022-23733
+ RESERVED
+CVE-2022-23732
+ RESERVED
+CVE-2022-23731
+ RESERVED
+CVE-2022-23730
+ RESERVED
+CVE-2022-23729
+ RESERVED
+CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...)
+ NOT-FOR-US: LG
+CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs. Due t ...)
+ NOT-FOR-US: LG
+CVE-2022-23726
+ RESERVED
+CVE-2022-23725
+ RESERVED
+CVE-2022-23724
+ RESERVED
+CVE-2022-23723
+ RESERVED
+CVE-2022-23722
+ RESERVED
+CVE-2022-23721
+ RESERVED
+CVE-2022-23720
+ RESERVED
+CVE-2022-23719
+ RESERVED
+CVE-2022-23718
+ RESERVED
+CVE-2022-23717
+ RESERVED
+CVE-2022-23716
+ RESERVED
+CVE-2022-23715
+ RESERVED
+CVE-2022-23714
+ RESERVED
+CVE-2022-23713
+ RESERVED
+CVE-2022-23712
+ RESERVED
+CVE-2022-23711
+ RESERVED
+CVE-2022-23710
+ RESERVED
+CVE-2022-23709
+ RESERVED
+CVE-2022-23708
+ RESERVED
+CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using this vu ...)
+ - kibana <itp> (bug #700337)
+CVE-2022-23706
+ RESERVED
+CVE-2022-23705
+ RESERVED
+CVE-2022-23704
+ RESERVED
+CVE-2022-23703
+ RESERVED
+CVE-2022-23702
+ RESERVED
+CVE-2022-23701
+ RESERVED
+CVE-2022-23700
+ RESERVED
+CVE-2022-23699
+ RESERVED
+CVE-2022-23698
+ RESERVED
+CVE-2022-23697
+ RESERVED
+CVE-2022-23696
+ RESERVED
+CVE-2022-23695
+ RESERVED
+CVE-2022-23694
+ RESERVED
+CVE-2022-23693
+ RESERVED
+CVE-2022-23692
+ RESERVED
+CVE-2022-23691
+ RESERVED
+CVE-2022-23690
+ RESERVED
+CVE-2022-23689
+ RESERVED
+CVE-2022-23688
+ RESERVED
+CVE-2022-23687
+ RESERVED
+CVE-2022-23686
+ RESERVED
+CVE-2022-23685
+ RESERVED
+CVE-2022-23684
+ RESERVED
+CVE-2022-23683
+ RESERVED
+CVE-2022-23682
+ RESERVED
+CVE-2022-23681
+ RESERVED
+CVE-2022-23680
+ RESERVED
+CVE-2022-23679
+ RESERVED
+CVE-2022-23678
+ RESERVED
+CVE-2022-23677
+ RESERVED
+CVE-2022-23676
+ RESERVED
+CVE-2022-23675
+ RESERVED
+CVE-2022-23674
+ RESERVED
+CVE-2022-23673
+ RESERVED
+CVE-2022-23672
+ RESERVED
+CVE-2022-23671
+ RESERVED
+CVE-2022-23670
+ RESERVED
+CVE-2022-23669
+ RESERVED
+CVE-2022-23668
+ RESERVED
+CVE-2022-23667
+ RESERVED
+CVE-2022-23666
+ RESERVED
+CVE-2022-23665
+ RESERVED
+CVE-2022-23664
+ RESERVED
+CVE-2022-23663
+ RESERVED
+CVE-2022-23662
+ RESERVED
+CVE-2022-23661
+ RESERVED
+CVE-2022-23660
+ RESERVED
+CVE-2022-23659
+ RESERVED
+CVE-2022-23658
+ RESERVED
+CVE-2022-23657
+ RESERVED
+CVE-2022-23656
+ RESERVED
+CVE-2022-23655
+ RESERVED
+CVE-2022-23654
+ RESERVED
+CVE-2022-23653
+ RESERVED
+CVE-2022-23652
+ RESERVED
+CVE-2022-23651
+ RESERVED
+CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay netwo ...)
+ NOT-FOR-US: Netmaker
+CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...)
+ NOT-FOR-US: Cosign
+CVE-2022-23648
+ RESERVED
+CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...)
+ - node-prismjs 1.27.0+dfsg+~1.26.0-1
+ NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99
+ NOTE: https://github.com/PrismJS/prism/issues/3340
+ NOTE: https://github.com/PrismJS/prism/pull/3341
+ NOTE: https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c (v1.27.0)
+CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...)
+ TODO: check
+CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character device, a ...)
+ - swtpm <unfixed>
+ NOTE: https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw
+ NOTE: https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19
+CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...)
+ NOT-FOR-US: BookWyrm
+CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...)
+ NOT-FOR-US: Sourcegraph
+CVE-2022-23642 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...)
+ NOT-FOR-US: Sourcegraph
+CVE-2022-23641 (Discourse is an open source discussion platform. In versions prior to ...)
+ NOT-FOR-US: Discourse
+CVE-2022-23640
+ RESERVED
+CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...)
+ TODO: check
+CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...)
+ TODO: check
+CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...)
+ NOT-FOR-US: K-Box
+CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly &amp; WASI. Prior t ...)
+ NOT-FOR-US: wasmtime
+CVE-2022-23635
+ RESERVED
+CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` ...)
+ - puma <unfixed> (bug #1005391)
+ NOTE: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
+ NOTE: https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
+ NOTE: Related issue to CVE-2022-23633 for src:rails
+CVE-2022-23633 (Action Pack is a framework for handling and responding to web requests ...)
+ - rails <unfixed> (bug #1005389)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/5
+ NOTE: Fixed by: https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545 (v6.1.4.5)
+ NOTE: Followup: https://github.com/rails/rails/commit/d1267768e9f57ebcf86ff7f011aca7fb08e733eb (v6.1.4.6)
+ NOTE: Fixed by: https://github.com/rails/rails/commit/e9015f91dd685472f915f8aa1eb18b0e0763e013 (v6.0.4.5)
+ NOTE: Followup: https://github.com/rails/rails/commit/f85b396e5a0019eb614e4ee436ea713089696833 (v6.0.4.6)
+ NOTE: Fixed by: https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08 (v5.2.6.1)
+ NOTE: Followup: https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1 (v5.2.6.2)
+CVE-2022-23632 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...)
+ NOT-FOR-US: Traefik
+CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...)
+ TODO: check
+CVE-2022-23630 (Gradle is a build tool with a focus on build automation and support fo ...)
+ - gradle <not-affected> (Vulnerable node not yet uploaded; introduced in 6.2)
+ NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr
+ NOTE: https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351 (v7.4.0-RC2)
+CVE-2022-23629
+ RESERVED
+CVE-2022-23628 (OPA is an open source, general-purpose policy engine. Under certain co ...)
+ NOT-FOR-US: OPA
+CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...)
+ NOT-FOR-US: ArchiSteamFarm
+CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...)
+ NOT-FOR-US: m1k1o/blog
+CVE-2022-23625
+ RESERVED
+CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScript. Fro ...)
+ NOT-FOR-US: Frourio-express
+CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...)
+ NOT-FOR-US: Frourio
+CVE-2022-23622 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23621 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23620 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23619 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23618 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23617 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23616 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23615 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+ NOT-FOR-US: XWiki
+CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...)
+ - php-twig 3.3.8-1
+ NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v
+ NOTE: https://github.com/twigphp/Twig/pull/3641
+ NOTE: https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5 (v3.3.8)
+CVE-2022-23613 (xrdp is an open source remote desktop protocol (RDP) server. In affect ...)
+ - xrdp <unfixed> (bug #1005304)
+ [bullseye] - xrdp <not-affected> (Vulnerable code not present)
+ [buster] - xrdp <not-affected> (Vulnerable code not present)
+ [stretch] - xrdp <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32
+ NOTE: Introduced by: https://github.com/neutrinolabs/xrdp/commit/738e346f810c97d578df9e99a36520616ee201be (v0.9.17)
+ NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506a0ffa
+CVE-2022-23612
+ RESERVED
+CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
+ NOT-FOR-US: iTunesRPC-Remastered
+CVE-2022-23610
+ RESERVED
+CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
+ NOT-FOR-US: iTunesRPC-Remastered
+CVE-2022-23608
+ RESERVED
+CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...)
+ - python-treq <unfixed> (bug #1005041)
+ NOTE: https://github.com/twisted/treq/security/advisories/GHSA-fhpf-pp6p-55qc
+ NOTE: https://github.com/twisted/treq/commit/1da6022cc880bbcff59321abe02bf8498b89efb2 (release-22.1.0)
+CVE-2022-23606
+ RESERVED
+CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...)
+ NOT-FOR-US: Wire webapp
+CVE-2022-23604 (x26-Cogs is a repository of cogs made by Twentysix for the Red Discord ...)
+ NOT-FOR-US: x26-Cogs
+CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...)
+ NOT-FOR-US: iTunesRPC-Remastered
+CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in Nim. In ...)
+ NOT-FOR-US: Nimforum
+CVE-2022-23601 (Symfony is a PHP framework for web and console applications and a set ...)
+ - symfony <not-affected> (Vulnerable code not present; no Debian released version contained the vulnerable code)
+ NOTE: https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms
+ NOTE: https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50
+CVE-2022-23600 (fleet is an open source device management, built on osquery. Versions ...)
+ NOT-FOR-US: Fleet
+CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 2.1 - 4.3 ...)
+ NOT-FOR-US: Plone
+CVE-2022-23598 (laminas-form is a package for validating and displaying simple and com ...)
+ NOT-FOR-US: laminas-form
+CVE-2022-23597 (Element Desktop is a Matrix client for desktop platforms with Element ...)
+ NOT-FOR-US: Element Desktop
+CVE-2022-23596 (Junrar is an open source java RAR archive library. In affected version ...)
+ NOT-FOR-US: Junrar
+CVE-2022-23595 (Tensorflow is an Open Source Machine Learning Framework. When building ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23594 (Tensorflow is an Open Source Machine Learning Framework. The TFG diale ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23593 (Tensorflow is an Open Source Machine Learning Framework. The `simplify ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23592 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow's ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23591 (Tensorflow is an Open Source Machine Learning Framework. The `GraphDef ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23590 (Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23589 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23588 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23587 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23586 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23585 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23584 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23583 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23582 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23581 (Tensorflow is an Open Source Machine Learning Framework. The Grappler ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23580 (Tensorflow is an Open Source Machine Learning Framework. During shape ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23579 (Tensorflow is an Open Source Machine Learning Framework. The Grappler ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23578 (Tensorflow is an Open Source Machine Learning Framework. If a graph no ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23577 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23576 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23575 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23574 (Tensorflow is an Open Source Machine Learning Framework. There is a ty ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23573 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23572 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23571 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23570 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23569 (Tensorflow is an Open Source Machine Learning Framework. Multiple oper ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23568 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23567 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23566 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow is ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23565 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23564 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23563 (Tensorflow is an Open Source Machine Learning Framework. In multiple p ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23562 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23561 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23560 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23559 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23558 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23557 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-23556
+ RESERVED
+CVE-2022-23555
+ RESERVED
+CVE-2022-23554
+ RESERVED
+CVE-2022-23553
+ RESERVED
+CVE-2022-23552
+ RESERVED
+CVE-2022-23551
+ RESERVED
+CVE-2022-23550
+ RESERVED
+CVE-2022-23549
+ RESERVED
+CVE-2022-23548
+ RESERVED
+CVE-2022-23547
+ RESERVED
+CVE-2022-23546
+ RESERVED
+CVE-2022-23545
+ RESERVED
+CVE-2022-23544
+ RESERVED
+CVE-2022-23543
+ RESERVED
+CVE-2022-23542
+ RESERVED
+CVE-2022-23541
+ RESERVED
+CVE-2022-23540
+ RESERVED
+CVE-2022-23539
+ RESERVED
+CVE-2022-23538
+ RESERVED
+CVE-2022-23537
+ RESERVED
+CVE-2022-23536
+ RESERVED
+CVE-2022-23535
+ RESERVED
+CVE-2022-23534
+ RESERVED
+CVE-2022-23533
+ RESERVED
+CVE-2022-23532
+ RESERVED
+CVE-2022-23531
+ RESERVED
+CVE-2022-23530
+ RESERVED
+CVE-2022-23529
+ RESERVED
+CVE-2022-23528
+ RESERVED
+CVE-2022-23527
+ RESERVED
+CVE-2022-23526
+ RESERVED
+CVE-2022-23525
+ RESERVED
+CVE-2022-23524
+ RESERVED
+CVE-2022-23523
+ RESERVED
+CVE-2022-23522
+ RESERVED
+CVE-2022-23521
+ RESERVED
+CVE-2022-23520
+ RESERVED
+CVE-2022-23519
+ RESERVED
+CVE-2022-23518
+ RESERVED
+CVE-2022-23517
+ RESERVED
+CVE-2022-23516
+ RESERVED
+CVE-2022-23515
+ RESERVED
+CVE-2022-23514
+ RESERVED
+CVE-2022-23513
+ RESERVED
+CVE-2022-23512
+ RESERVED
+CVE-2022-23511
+ RESERVED
+CVE-2022-23510
+ RESERVED
+CVE-2022-23509
+ RESERVED
+CVE-2022-23508
+ RESERVED
+CVE-2022-23507
+ RESERVED
+CVE-2022-23506
+ RESERVED
+CVE-2022-23505
+ RESERVED
+CVE-2022-23504
+ RESERVED
+CVE-2022-23503
+ RESERVED
+CVE-2022-23502
+ RESERVED
+CVE-2022-23501
+ RESERVED
+CVE-2022-23500
+ RESERVED
+CVE-2022-23499
+ RESERVED
+CVE-2022-23498
+ RESERVED
+CVE-2022-23497
+ RESERVED
+CVE-2022-23496
+ RESERVED
+CVE-2022-23495
+ RESERVED
+CVE-2022-23494
+ RESERVED
+CVE-2022-23493
+ RESERVED
+CVE-2022-23492
+ RESERVED
+CVE-2022-23491
+ RESERVED
+CVE-2022-23490
+ RESERVED
+CVE-2022-23489
+ RESERVED
+CVE-2022-23488
+ RESERVED
+CVE-2022-23487
+ RESERVED
+CVE-2022-23486
+ RESERVED
+CVE-2022-23485
+ RESERVED
+CVE-2022-23484
+ RESERVED
+CVE-2022-23483
+ RESERVED
+CVE-2022-23482
+ RESERVED
+CVE-2022-23481
+ RESERVED
+CVE-2022-23480
+ RESERVED
+CVE-2022-23479
+ RESERVED
+CVE-2022-23478
+ RESERVED
+CVE-2022-23477
+ RESERVED
+CVE-2022-23476
+ RESERVED
+CVE-2022-23475
+ RESERVED
+CVE-2022-23474
+ RESERVED
+CVE-2022-23473
+ RESERVED
+CVE-2022-23472
+ RESERVED
+CVE-2022-23471
+ RESERVED
+CVE-2022-23470
+ RESERVED
+CVE-2022-23469
+ RESERVED
+CVE-2022-23468
+ RESERVED
+CVE-2022-23467
+ RESERVED
+CVE-2022-23466
+ RESERVED
+CVE-2022-23465
+ RESERVED
+CVE-2022-23464
+ RESERVED
+CVE-2022-23463
+ RESERVED
+CVE-2022-23462
+ RESERVED
+CVE-2022-23461
+ RESERVED
+CVE-2022-23460
+ RESERVED
+CVE-2022-23459
+ RESERVED
+CVE-2022-23458
+ RESERVED
+CVE-2022-23457
+ RESERVED
+CVE-2022-0314
+ RESERVED
+CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0312
+ RESERVED
+CVE-2022-0299
+ RESERVED
+CVE-2022-23456 (Potential arbitrary file deletion vulnerability has been identified in ...)
+ NOT-FOR-US: HP
+CVE-2022-23455
+ RESERVED
+CVE-2022-23454
+ RESERVED
+CVE-2022-23453
+ RESERVED
+CVE-2022-23452
+ RESERVED
+ - barbican <unfixed>
+ [bullseye] - barbican <no-dsa> (Minor issue)
+ [buster] - barbican <no-dsa> (Minor issue)
+ [stretch] - barbican <no-dsa> (Minor issue)
+ NOTE: https://storyboard.openstack.org/#!/story/2009297
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025090
+CVE-2022-23451
+ RESERVED
+ - barbican <unfixed>
+ [bullseye] - barbican <no-dsa> (Minor issue)
+ [buster] - barbican <no-dsa> (Minor issue)
+ [stretch] - barbican <no-dsa> (Minor issue)
+ NOTE: https://storyboard.openstack.org/#!/story/2009253
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025089
+CVE-2022-23450
+ RESERVED
+CVE-2022-23449
+ RESERVED
+CVE-2022-23448
+ RESERVED
+CVE-2022-23447
+ RESERVED
+CVE-2022-23446
+ RESERVED
+CVE-2022-23445
+ RESERVED
+CVE-2022-23444
+ RESERVED
+CVE-2022-23443
+ RESERVED
+CVE-2022-23442
+ RESERVED
+CVE-2022-23441
+ RESERVED
+CVE-2022-23440
+ RESERVED
+CVE-2022-23439
+ RESERVED
+CVE-2022-23438
+ RESERVED
+CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...)
+ - libxerces2-java <unfixed>
+ [stretch] - libxerces2-java <postponed> (revisit when/if fix is complete)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/3
+CVE-2022-0311 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0310 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0309 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0308 (Use after free in Data Transfer in Google Chrome on Chrome OS prior to ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0307 (Use after free in Optimization Guide in Google Chrome prior to 97.0.46 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0306 (Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0305 (Inappropriate implementation in Service Worker API in Google Chrome pr ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0304 (Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 all ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0303
+ RESERVED
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0302 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0301 (Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.9 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0300 (Use after free in Text Input Method Editor in Google Chrome on Android ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0298 (Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 al ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0297 (Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowe ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0296 (Use after free in Printing in Google Chrome prior to 97.0.4692.99 allo ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0295 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0294 (Inappropriate implementation in Push messaging in Google Chrome prior ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0293 (Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0292 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0291 (Inappropriate implementation in Storage in Google Chrome prior to 97.0 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0290 (Use after free in Site isolation in Google Chrome prior to 97.0.4692.9 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 ...)
+ {DSA-5054-1}
+ - chromium 97.0.4692.99-1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPr ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0287
+ RESERVED
+CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...)
+ - linux 5.14.6-1
+ [bullseye] - linux 5.10.70-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0284
+ RESERVED
+ - imagemagick <not-affected> (Specific to IM7)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045943
+ NOTE: https://github.com/ImageMagick/ImageMagick/issues/4729
+ NOTE: https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7
+CVE-2022-0283
+ RESERVED
+CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...)
+ NOT-FOR-US: microweber
+CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
+ NOT-FOR-US: microweber
+CVE-2022-0280
+ RESERVED
+CVE-2022-0279 (The AnyComment WordPress plugin before 0.2.18 is affected by a race co ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
+ NOT-FOR-US: microweber
+CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...)
+ NOT-FOR-US: microweber
+CVE-2022-23436
+ RESERVED
+CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...)
+ NOT-FOR-US: android-gif-drawable
+CVE-2022-23434 (A vulnerability using PendingIntent in Bixby Vision prior to versions ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23433 (Improper access control vulnerability in Reminder prior to versions 12 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23432 (An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw pri ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23431 (An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23430
+ RESERVED
+CVE-2022-23429 (An improper boundary check in audio hal service prior to SMR Feb-2022 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23428 (An improper boundary check in eden_runtime hal service prior to SMR Fe ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23427 (PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver pri ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23426 (A vulnerability using PendingIntent in DeX Home and DeX for PC prior t ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23425 (Improper input validation in Exynos baseband prior to SMR Feb-2022 Rel ...)
+ NOT-FOR-US: Samsung
+CVE-2022-23424
+ RESERVED
+CVE-2022-23423
+ RESERVED
+CVE-2022-23422
+ RESERVED
+CVE-2022-23421
+ RESERVED
+CVE-2022-23420
+ RESERVED
+CVE-2022-23419
+ RESERVED
+CVE-2022-23418
+ RESERVED
+CVE-2022-23417
+ RESERVED
+CVE-2022-23416
+ RESERVED
+CVE-2022-23415
+ RESERVED
+CVE-2022-23414
+ RESERVED
+CVE-2022-23413
+ RESERVED
+CVE-2022-23412
+ RESERVED
+CVE-2022-23411
+ RESERVED
+CVE-2022-23410 (AXIS IP Utility prior to 4.17.0 allows for remote code execution and l ...)
+ NOT-FOR-US: AXIS IP Utility
+CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to ...)
+ NOT-FOR-US: Craft CMS
+CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...)
+ - wolfssl 5.1.1-1 (bug #1004181)
+ [bullseye] - wolfssl <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-511-jan-3rd-2022
+ NOTE: https://github.com/wolfSSL/wolfssl/pull/4710
+ NOTE: Introduced by: https://github.com/wolfSSL/wolfssl/commit/2871fc670f448e5f7cab7101479cb5b88e4d21f4 (WCv5.0-RC9)
+ NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/73b4cc9476f6355a91138f545f3fd007ce058255 (master)
+ NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/f3038b7aa5512572a04c14becee799ef275a6736 (v5.1.1-stable)
+CVE-2022-23407
+ RESERVED
+CVE-2022-23406
+ RESERVED
+CVE-2022-23405
+ RESERVED
+CVE-2022-23404
+ RESERVED
+CVE-2022-0276
+ RESERVED
+CVE-2022-0275
+ RESERVED
+CVE-2022-23398
+ RESERVED
+CVE-2022-23397
+ RESERVED
+CVE-2022-23396
+ RESERVED
+CVE-2022-23395
+ RESERVED
+CVE-2022-23394
+ RESERVED
+CVE-2022-23393
+ RESERVED
+CVE-2022-23392
+ RESERVED
+CVE-2022-23391 (A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attack ...)
+ NOT-FOR-US: Pybbs
+CVE-2022-23390 (An issue in the getType function of BBS Forum v5.3 and below allows at ...)
+ NOT-FOR-US: BBS Forum
+CVE-2022-23389 (PublicCMS v4.0 was discovered to contain a remote code execution (RCE) ...)
+ NOT-FOR-US: PublicCMS
+CVE-2022-23388
+ RESERVED
+CVE-2022-23387
+ RESERVED
+CVE-2022-23386
+ RESERVED
+CVE-2022-23385
+ RESERVED
+CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin ...)
+ NOT-FOR-US: YzmCMS
+CVE-2022-23383
+ RESERVED
+CVE-2022-23382
+ RESERVED
+CVE-2022-23381
+ RESERVED
+CVE-2022-23380
+ RESERVED
+CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...)
+ NOT-FOR-US: Emlog
+CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 ver ...)
+ NOT-FOR-US: TastyIgniter
+CVE-2022-23377
+ RESERVED
+CVE-2022-23376 (WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on ...)
+ NOT-FOR-US: WikiDocs
+CVE-2022-23375 (WikiDocs version 0.1.18 has an authenticated remote code execution vul ...)
+ NOT-FOR-US: WikiDocs
+CVE-2022-23374
+ RESERVED
+CVE-2022-23373
+ RESERVED
+CVE-2022-23372
+ RESERVED
+CVE-2022-23371
+ RESERVED
+CVE-2022-23370
+ RESERVED
+CVE-2022-23369
+ RESERVED
+CVE-2022-23368
+ RESERVED
+CVE-2022-23367 (Fulusso v1.1 was discovered to contain a DOM-based cross-site scriptin ...)
+ NOT-FOR-US: Fulusso
+CVE-2022-23366 (HMS v1.0 was discovered to contain a SQL injection vulnerability via p ...)
+ NOT-FOR-US: HMS (Hospital Managment System)
+CVE-2022-23365 (HMS v1.0 was discovered to contain a SQL injection vulnerability via d ...)
+ NOT-FOR-US: HMS (Hospital Managment System)
+CVE-2022-23364 (HMS v1.0 was discovered to contain a SQL injection vulnerability via a ...)
+ NOT-FOR-US: HMS (Hospital Managment System)
+CVE-2022-23363 (Online Banking System v1.0 was discovered to contain a SQL injection v ...)
+ NOT-FOR-US: Online Banking System
+CVE-2022-23362
+ RESERVED
+CVE-2022-23361
+ RESERVED
+CVE-2022-23360
+ RESERVED
+CVE-2022-23359
+ RESERVED
+CVE-2022-23358 (EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In ...)
+ NOT-FOR-US: EasyCMS
+CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory traversal attac ...)
+ TODO: check
+CVE-2022-23356
+ RESERVED
+CVE-2022-23355
+ RESERVED
+CVE-2022-23354
+ RESERVED
+CVE-2022-23353
+ RESERVED
+CVE-2022-23352
+ RESERVED
+CVE-2022-23351
+ RESERVED
+CVE-2022-23350
+ RESERVED
+CVE-2022-23349
+ RESERVED
+CVE-2022-23348
+ RESERVED
+CVE-2022-23347
+ RESERVED
+CVE-2022-23346
+ RESERVED
+CVE-2022-23345
+ RESERVED
+CVE-2022-23344
+ RESERVED
+CVE-2022-23343
+ RESERVED
+CVE-2022-23342
+ RESERVED
+CVE-2022-23341
+ RESERVED
+CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...)
+ NOT-FOR-US: Joplin
+CVE-2022-23339
+ RESERVED
+CVE-2022-23338
+ RESERVED
+CVE-2022-23337 (DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerabilit ...)
+ NOT-FOR-US: DedeCMS
+CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability in ...)
+ NOT-FOR-US: S-CMS
+CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: Metinfo
+CVE-2022-23334
+ RESERVED
+CVE-2022-23333
+ RESERVED
+CVE-2022-23332
+ RESERVED
+CVE-2022-23331 (In DataEase v1.6.1, an authenticated user can gain unauthorized access ...)
+ NOT-FOR-US: DataEase
+CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...)
+ NOT-FOR-US: jpress
+CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...)
+ NOT-FOR-US: UJCMS Jspxcms
+CVE-2022-23328
+ RESERVED
+CVE-2022-23327
+ RESERVED
+CVE-2022-23326
+ RESERVED
+CVE-2022-23325
+ RESERVED
+CVE-2022-23324
+ RESERVED
+CVE-2022-23323
+ RESERVED
+CVE-2022-23322
+ RESERVED
+CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on two in ...)
+ NOT-FOR-US: XMPie
+CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...)
+ NOT-FOR-US: XMPie uStore
+CVE-2022-23319 (A segmentation fault during PCF file parsing in pcf2bdf versions &gt;= ...)
+ - pcf2bdf <unfixed> (unimportant)
+ NOTE: https://github.com/ganaware/pcf2bdf/issues/5
+ NOTE: https://github.com/advisories/GHSA-p4gv-mjgc-3g68
+ NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/3555aab4f3cfbec199141122177750a4351b8e79
+ NOTE: Crash in CLI tool, no security impact
+CVE-2022-23318 (A heap-buffer-overflow in pcf2bdf, versions &gt;= 1.05 allows an attac ...)
+ - pcf2bdf <unfixed> (unimportant)
+ NOTE: https://github.com/ganaware/pcf2bdf/issues/4
+ NOTE: https://github.com/advisories/GHSA-mhwp-x94h-mg49
+ NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/aaf16808e4bb8d96eeab5f684df6550912a9e694
+ NOTE: Crash in CLI tool, no security impact
+CVE-2022-23317 (CobaltStrike &lt;=4.5 HTTP(S) listener does not determine whether the ...)
+ NOT-FOR-US: CobaltStrike
+CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...)
+ NOT-FOR-US: taocms
+CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnera ...)
+ NOT-FOR-US: MCMS
+CVE-2022-23314 (MCMS v5.2.4 was discovered to contain a SQL injection vulnerability vi ...)
+ NOT-FOR-US: MCMS
+CVE-2022-23313
+ RESERVED
+CVE-2022-22137
+ RESERVED
+CVE-2022-21801 (A denial of service vulnerability exists in the netserver recv_command ...)
+ NOT-FOR-US: Reolink
+CVE-2022-21796 (A memory corruption vulnerability exists in the netserver parse_comman ...)
+ NOT-FOR-US: Reolink
+CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
+ NOT-FOR-US: Orchard CMS
+CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16. ...)
+ NOT-FOR-US: calibre-web
+CVE-2022-0272
+ RESERVED
+CVE-2022-0271
+ RESERVED
+CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...)
+ NOT-FOR-US: bored-agent
+CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...)
+ NOT-FOR-US: yetiforce-crm
+CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to ...)
+ NOT-FOR-US: Grav CMS
+CVE-2022-0267
+ RESERVED
+CVE-2022-23312 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
+ NOT-FOR-US: Siemens
+CVE-2022-23311
+ RESERVED
+CVE-2022-23310
+ RESERVED
+CVE-2022-23309
+ RESERVED
+CVE-2022-23308
+ RESERVED
+CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist remdex/l ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0265
+ RESERVED
+CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...)
+ {DLA-2905-1}
+ - apache-log4j1.2 1.2.17-11 (bug #1004482)
+ [bullseye] - apache-log4j1.2 <no-dsa> (Minor issue)
+ [buster] - apache-log4j1.2 <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5
+CVE-2022-23306
+ RESERVED
+CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...)
+ {DLA-2905-1}
+ - apache-log4j1.2 1.2.17-11 (bug #1004482)
+ [bullseye] - apache-log4j1.2 <no-dsa> (Minor issue)
+ [buster] - apache-log4j1.2 <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4
+CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82
+ NOTE: https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc (v8.2.4120)
+CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0259
+ RESERVED
+CVE-2022-0258 (pimcore is vulnerable to Improper Neutralization of Special Elements u ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0257 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0256 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0255 (The Database Backup for WordPress plugin before 2.5.1 does not properl ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0254
+ RESERVED
+CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the json par ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
+ NOT-FOR-US: pimcore
+CVE-2022-0250
+ RESERVED
+CVE-2022-0249
+ RESERVED
+CVE-2022-0248
+ RESERVED
+CVE-2022-0247
+ RESERVED
+CVE-2022-0246
+ RESERVED
+CVE-2022-23304 (The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplica ...)
+ - wpa 2:2.10-1
+ [bullseye] - wpa <no-dsa> (Minor issue)
+ [buster] - wpa <no-dsa> (Minor issue)
+ [stretch] - wpa <ignored> (Minor issue)
+ NOTE: https://w1.fi/security/2022-1/
+ NOTE: Issue exists because of an incomplete fix for CVE-2019-9495
+CVE-2022-23303 (The implementations of SAE in hostapd before 2.10 and wpa_supplicant b ...)
+ - wpa 2:2.10-1
+ [bullseye] - wpa <no-dsa> (Minor issue)
+ [buster] - wpa <no-dsa> (Minor issue)
+ [stretch] - wpa <not-affected> (CVE-2019-9494 was not applied and is marked as ignored)
+ NOTE: https://w1.fi/security/2022-1/
+ NOTE: Issue exists because of an incomplete fix for CVE-2019-9494
+CVE-2022-0264 (A vulnerability was found in the Linux kernel's eBPF verifier when han ...)
+ - linux 5.15.5-2
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/7d3baf0afa3aa9102d6a521a8e4c41888bb79882 (5.16-rc6)
+CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/ ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...)
+ NOT-FOR-US: Orchard CMS
+CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...)
+ {DLA-2905-1}
+ - apache-log4j1.2 1.2.17-11 (bug #1004482)
+ [bullseye] - apache-log4j1.2 <no-dsa> (Minor issue)
+ [buster] - apache-log4j1.2 <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
+CVE-2022-22142 (Reflected cross-site scripting vulnerability in the checkbox of php_ma ...)
+ NOT-FOR-US: php_mailform
+CVE-2022-21805 (Reflected cross-site scripting vulnerability in the attached file name ...)
+ NOT-FOR-US: php_mailform
+CVE-2022-0242 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
+ NOT-FOR-US: Crater
+CVE-2022-0241
+ RESERVED
+CVE-2022-0240 (mruby is vulnerable to NULL Pointer Dereference ...)
+ - mruby <unfixed>
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb/
+ NOTE: https://github.com/mruby/mruby/commit/31fa3304049fc406a201a72293cce140f0557dca
+CVE-2022-0239 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
+ NOT-FOR-US: corenlp
+CVE-2022-0238 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ - phoronix-test-suite <removed>
+CVE-2022-23301
+ RESERVED
+CVE-2022-23300
+ RESERVED
+CVE-2022-23299
+ RESERVED
+CVE-2022-23298
+ RESERVED
+CVE-2022-23297
+ RESERVED
+CVE-2022-23296
+ RESERVED
+CVE-2022-23295
+ RESERVED
+CVE-2022-23294
+ RESERVED
+CVE-2022-23293
+ RESERVED
+CVE-2022-23292
+ RESERVED
+CVE-2022-23291
+ RESERVED
+CVE-2022-23290
+ RESERVED
+CVE-2022-23289
+ RESERVED
+CVE-2022-23288
+ RESERVED
+CVE-2022-23287
+ RESERVED
+CVE-2022-23286
+ RESERVED
+CVE-2022-23285
+ RESERVED
+CVE-2022-23284
+ RESERVED
+CVE-2022-23283
+ RESERVED
+CVE-2022-23282
+ RESERVED
+CVE-2022-23281
+ RESERVED
+CVE-2022-23280 (Microsoft Outlook for Mac Security Feature Bypass Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23279
+ RESERVED
+CVE-2022-23278
+ RESERVED
+CVE-2022-23277
+ RESERVED
+CVE-2022-23276 (SQL Server for Linux Containers Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23275
+ RESERVED
+CVE-2022-23274 (Microsoft Dynamics GP Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23273 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23272 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23271 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23270
+ RESERVED
+CVE-2022-23269 (Microsoft Dynamics GP Spoofing Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23268
+ RESERVED
+CVE-2022-23267
+ RESERVED
+CVE-2022-23266
+ RESERVED
+CVE-2022-23265
+ RESERVED
+CVE-2022-23264
+ RESERVED
+CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23260
+ RESERVED
+CVE-2022-23259
+ RESERVED
+CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23257
+ RESERVED
+CVE-2022-23256 (Azure Data Explorer Spoofing Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23255 (Microsoft OneDrive for Android Security Feature Bypass Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23254 (Microsoft Power BI Information Disclosure Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23253
+ RESERVED
+CVE-2022-23252 (Microsoft Office Information Disclosure Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-23251
+ RESERVED
+CVE-2022-23250
+ RESERVED
+CVE-2022-23249
+ RESERVED
+CVE-2022-23248
+ RESERVED
+CVE-2022-23247
+ RESERVED
+CVE-2022-23246
+ RESERVED
+CVE-2022-23245
+ RESERVED
+CVE-2022-23244
+ RESERVED
+CVE-2022-23243
+ RESERVED
+CVE-2022-23242
+ RESERVED
+CVE-2022-23241
+ RESERVED
+CVE-2022-23240
+ RESERVED
+CVE-2022-23239
+ RESERVED
+CVE-2022-23238
+ RESERVED
+CVE-2022-23237
+ RESERVED
+CVE-2022-23236
+ RESERVED
+CVE-2022-23235
+ RESERVED
+CVE-2022-23234
+ RESERVED
+CVE-2022-23233
+ RESERVED
+CVE-2022-23232
+ RESERVED
+CVE-2022-23231
+ RESERVED
+CVE-2022-23230
+ RESERVED
+CVE-2022-23229
+ RESERVED
+CVE-2022-23228 (Pexip Infinity before 27.0 has improper WebRTC input validation. An un ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to uploa ...)
+ NOT-FOR-US: NUUO NVRmini2
+CVE-2022-23226
+ RESERVED
+CVE-2022-23225
+ RESERVED
+CVE-2022-23224
+ RESERVED
+CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...)
+ NOT-FOR-US: Apache ShenYu Admin
+CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
+ {DSA-5076-1 DLA-2923-1}
+ - h2database 2.1.210-1
+ NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210
+ NOTE: Fixed by https://github.com/h2database/h2database/commit/eb75633d0dfa86341e6ef77a861665c4a0f16ab8
+ NOTE: https://github.com/h2database/h2database/issues/3360#issuecomment-1018351050
+CVE-2022-23220 (USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...)
+ {DSA-5052-1}
+ - usbview 2.0-21-g6fe2f4f-2.1
+ [stretch] - usbview <not-affected> (Vulnerable code introduced later)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/21/1
+ NOTE: Introduced by: https://github.com/gregkh/usbview/commit/ddefeba3f67d6a6f394eb57352254c1c8a312671 (v2.1)
+ NOTE: Fixed by: https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b (v2.2)
+ NOTE: Hardening: https://github.com/gregkh/usbview/commit/1282782301570b3ee27f82f4f34c2c1a82bfd91a (v2.2)
+CVE-2022-0237
+ RESERVED
+CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...)
+ - node-fetch 2.6.1-7
+ [bullseye] - node-fetch <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
+ NOTE: Fixed by: https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80 (v3.1.1)
+CVE-2022-0234 (The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0233 (The ProfileGrid &#8211; User Profiles, Memberships, Groups and Communi ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0232 (The User Registration, Login &amp; Landing Pages WordPress plugin is v ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0230
+ RESERVED
+CVE-2022-0229
+ RESERVED
+CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/1
+CVE-2022-23219 (The deprecated compatibility function clnt_create in the sunrpc module ...)
+ - glibc 2.33-3
+ [bullseye] - glibc <no-dsa> (Minor issue)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22542
+CVE-2022-23218 (The deprecated compatibility function svcunix_create in the sunrpc mod ...)
+ - glibc 2.33-3
+ [bullseye] - glibc <no-dsa> (Minor issue)
+ [buster] - glibc <no-dsa> (Minor issue)
+ [stretch] - glibc <no-dsa> (Minor issue)
+ NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28768
+CVE-2022-23217
+ RESERVED
+CVE-2022-23216
+ RESERVED
+CVE-2022-23215
+ RESERVED
+CVE-2022-23214
+ RESERVED
+CVE-2022-23213
+ RESERVED
+CVE-2022-23212
+ RESERVED
+CVE-2022-23211
+ RESERVED
+CVE-2022-23210
+ RESERVED
+CVE-2022-23209
+ RESERVED
+CVE-2022-23208
+ RESERVED
+CVE-2022-23207
+ RESERVED
+CVE-2022-0227 (Business Logic Errors in GitHub repository silverstripe/silverstripe-f ...)
+ NOT-FOR-US: Silverstripe CMS
+CVE-2022-0226 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0225
+ RESERVED
+ NOT-FOR-US: Keycloak
+CVE-2022-0224 (dolibarr is vulnerable to Improper Neutralization of Special Elements ...)
+ - dolibarr <removed>
+CVE-2022-0223
+ RESERVED
+CVE-2022-0222
+ RESERVED
+CVE-2022-0221
+ RESERVED
+CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...)
+ NOT-FOR-US: jadx
+CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0216
+ RESERVED
+CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoloa ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed
+ NOTE: Fixed by: https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (v8.2.4074)
+CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0211 (The Shield Security WordPress plugin before 13.0.6 does not sanitise a ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...)
+ NOT-FOR-US: Apache Traffic Control
+CVE-2022-23205
+ RESERVED
+CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23202 (Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affecte ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23201
+ RESERVED
+CVE-2022-23200 (Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earl ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23199 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23198 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23197 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23196 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23195 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23194 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23193 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23192 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23191 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23190 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23187
+ RESERVED
+CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...)
+ NOT-FOR-US: Adobe
+CVE-2022-23185
+ RESERVED
+CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...)
+ NOT-FOR-US: Octopus Server
+CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use ...)
+ - tomcat9 <unfixed>
+ [bullseye] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
+ [buster] - tomcat9 <postponed> (Minor issue, fix along in future DSA)
+ - tomcat8 <removed>
+ [stretch] - tomcat8 <postponed> (Minor issue; local race condition)
+ NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9
+ NOTE: https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e (9.0.57)
+ NOTE: https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530 (8.5.74)
+ NOTE: Issue introduced by the fix for CVE-2020-9484
+CVE-2022-23180
+ RESERVED
+CVE-2022-23179
+ RESERVED
+CVE-2022-21199 (An information disclosure vulnerability exists due to the hardcoded TL ...)
+ NOT-FOR-US: Reolink
+CVE-2022-0217 [Unauthenticated Remote Denial of Service Attack in the WebSocket interface]
+ RESERVED
+ {DSA-5047-1}
+ - prosody 0.11.12-1 (bug #1003696)
+ [stretch] - prosody <ignored> (websocket module introduced in 0.10.0; internal XML API only used on trusted data)
+ NOTE: https://prosody.im/security/advisory_20220113/
+ NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch
+ NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/3
+ NOTE: Regression: https://issues.prosody.im/1711
+ NOTE: Regression fix: https://hg.prosody.im/trunk/rev/e5e0ab93d7f4
+CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross-Site ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0209
+ RESERVED
+CVE-2022-0208 (The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0207
+ RESERVED
+ - vdsm <itp> (bug #668538)
+CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not properly escap ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0205
+ RESERVED
+CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt protocol]
+ RESERVED
+ - bluez <unfixed> (bug #1003712)
+ [bullseye] - bluez <no-dsa> (Minor issue)
+ [buster] - bluez <no-dsa> (Minor issue)
+ [stretch] - bluez <no-dsa> (Minor issue)
+ NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
+ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=591c546c536b42bef696d027f64aa22434f8c3f0 (5.63)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039807
+CVE-2022-0203 (Improper Access Control in GitHub repository crater-invoice/crater pri ...)
+ NOT-FOR-US: Crater
+CVE-2022-0202
+ RESERVED
+CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalin ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0199 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. ...)
+ NOT-FOR-US: Crestron devices
+CVE-2022-23177
+ RESERVED
+CVE-2022-23176
+ RESERVED
+CVE-2022-23175
+ RESERVED
+CVE-2022-23174
+ RESERVED
+CVE-2022-23173
+ RESERVED
+CVE-2022-23172
+ RESERVED
+CVE-2022-23171
+ RESERVED
+CVE-2022-23170
+ RESERVED
+CVE-2022-23169
+ RESERVED
+CVE-2022-23168
+ RESERVED
+CVE-2022-23167
+ RESERVED
+CVE-2022-23166
+ RESERVED
+CVE-2022-23165
+ RESERVED
+CVE-2022-23164
+ RESERVED
+CVE-2022-23163
+ RESERVED
+CVE-2022-23162
+ RESERVED
+CVE-2022-23161
+ RESERVED
+CVE-2022-23160
+ RESERVED
+CVE-2022-23159
+ RESERVED
+CVE-2022-23158
+ RESERVED
+CVE-2022-23157
+ RESERVED
+CVE-2022-23156
+ RESERVED
+CVE-2022-23155
+ RESERVED
+CVE-2022-23154
+ RESERVED
+CVE-2022-23153
+ RESERVED
+CVE-2022-23152
+ RESERVED
+CVE-2022-23151
+ RESERVED
+CVE-2022-23150
+ RESERVED
+CVE-2022-23149
+ RESERVED
+CVE-2022-23148
+ RESERVED
+CVE-2022-23147
+ RESERVED
+CVE-2022-23146
+ RESERVED
+CVE-2022-23145
+ RESERVED
+CVE-2022-23144
+ RESERVED
+CVE-2022-23143
+ RESERVED
+CVE-2022-23142
+ RESERVED
+CVE-2022-23141
+ RESERVED
+CVE-2022-23140
+ RESERVED
+CVE-2022-23139
+ RESERVED
+CVE-2022-23138
+ RESERVED
+CVE-2022-23137
+ RESERVED
+CVE-2022-23136
+ RESERVED
+CVE-2022-23135
+ RESERVED
+CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...)
+ {DLA-2914-1}
+ - zabbix <unfixed>
+ NOTE: https://support.zabbix.com/browse/ZBX-20384
+ NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa0fecfbcc9794bc00206630a7424575dfc944df (5.0.19rc2)
+CVE-2022-23133 (An authenticated user can create a hosts group from the configuration ...)
+ - zabbix <unfixed>
+ [stretch] - zabbix <not-affected> (Vulnerable code introduced later, and reverted with the fix)
+ NOTE: https://support.zabbix.com/browse/ZBX-20388
+ NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/74b8716a73c324e6cdbdda1de434e7872740a908 (5.0.19rc1)
+ NOTE: Introduced by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/f3654d0173ea244a2319a093f7c4e27ad9086dc3 (4.4.0alpha3)
+CVE-2022-23132 (During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability i ...)
+ - zabbix <unfixed>
+ [stretch] - zabbix <not-affected> (Not using RPM or DAC_OVERRIDE in Debian installs, zbx_ipc_service_init_env() not present)
+ NOTE: https://support.zabbix.com/browse/ZBX-20341
+ NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/019fbd9b5cc9c455304f1a48460435ca474ba2ac (5.0.18)
+CVE-2022-23131 (In the case of instances where the SAML SSO authentication is enabled ...)
+ - zabbix <unfixed>
+ [stretch] - zabbix <not-affected> (SAML authentication support added in 5.0)
+ NOTE: https://support.zabbix.com/browse/ZBX-20350
+ TODO: check, possibly only affecting 5.4.0 onwards; similar code but no upstream fix in 5.0 LTS
+CVE-2022-23130 (Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versi ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2022-23129 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric M ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Elect ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...)
+ NOT-FOR-US: Mitsubishi
+CVE-2022-23126 (TeslaMate before 1.25.1 (when using the default Docker configuration) ...)
+ NOT-FOR-US: TeslaMate
+CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...)
+ NOT-FOR-US: corenlp
+CVE-2022-0197 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ - phoronix-test-suite <removed>
+CVE-2022-0196 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) ...)
+ - phoronix-test-suite <removed>
+CVE-2022-0195
+ RESERVED
+CVE-2022-23125
+ RESERVED
+CVE-2022-23124
+ RESERVED
+CVE-2022-23123
+ RESERVED
+CVE-2022-23122
+ RESERVED
+CVE-2022-23121
+ RESERVED
+CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security and Cloud ...)
+ NOT-FOR-US: Trend Micro
+CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep Security and C ...)
+ NOT-FOR-US: Trend Micro
+CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements fu ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23116 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23115 (Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch tas ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23114 (Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unenc ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23113 (Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23112 (A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23111 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish O ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23110 (Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the S ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23109 (Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault c ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23108 (Jenkins Badge Plugin 1.9 and earlier does not escape the description a ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23107 (Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not re ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23106 (Jenkins Configuration as Code Plugin 1.55 and earlier used a non-const ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-23102 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ NOT-FOR-US: Siemens
+CVE-2022-21236 (An information disclosure vulnerability exists due to a web server mis ...)
+ NOT-FOR-US: Reolink
+CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device TestEmail fu ...)
+ NOT-FOR-US: Reolink
+CVE-2022-21134 (A firmware update vulnerability exists in the &amp;quot;update&amp;quo ...)
+ NOT-FOR-US: Reolink
+CVE-2022-0194
+ RESERVED
+CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s para ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0192
+ RESERVED
+CVE-2022-0191
+ RESERVED
+CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0189
+ RESERVED
+CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not logge ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0187
+ RESERVED
+CVE-2022-0186 (The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0185 (A heap-based buffer overflow flaw was found in the way the legacy_pars ...)
+ {DSA-5050-1}
+ - linux 5.15.15-1
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: Fixed by: https://git.kernel.org/linus/722d94847de29310e8aa03fcbdb41fc92c521756
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/7
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/14
+ NOTE: https://www.willsroot.io/2022/01/cve-2022-0185.html
+CVE-2022-0184 (Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR59 ...)
+ NOT-FOR-US: TEPRA
+CVE-2022-0183 (Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 ...)
+ NOT-FOR-US: MIRUPASS
+CVE-2022-23101
+ RESERVED
+CVE-2022-23100
+ RESERVED
+CVE-2022-23099
+ RESERVED
+CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...)
+ {DLA-2915-1}
+ - connman <unfixed> (bug #1004935)
+ [bullseye] - connman <no-dsa> (Minor issue)
+ [buster] - connman <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
+ NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c34313a196515c80fe78a2862ad78174b985be5
+CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40. forw ...)
+ {DLA-2915-1}
+ - connman <unfixed> (bug #1004935)
+ [bullseye] - connman <no-dsa> (Minor issue)
+ [buster] - connman <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
+ NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950
+CVE-2022-23096 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...)
+ {DLA-2915-1}
+ - connman <unfixed> (bug #1004935)
+ [bullseye] - connman <no-dsa> (Minor issue)
+ [buster] - connman <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1
+ NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/
+ NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950
+CVE-2022-23095 (Open Design Alliance Drawings SDK before 2022.12.1 mishandles the load ...)
+ NOT-FOR-US: Open Design Alliance Drawings SDK
+CVE-2022-23094 (Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of ...)
+ {DSA-5048-1}
+ - libreswan 4.6-1
+ [buster] - libreswan <not-affected> (Vulnerable code introduced in 4.2)
+ NOTE: https://github.com/libreswan/libreswan/issues/585
+ NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094.txt
+ NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.2-4.3.patch (4.2-4.3)
+ NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.4-4.5.patch (4.4-4.5)
+CVE-2022-23093
+ RESERVED
+CVE-2022-23092
+ RESERVED
+CVE-2022-23091
+ RESERVED
+CVE-2022-23090
+ RESERVED
+CVE-2022-23089
+ RESERVED
+CVE-2022-23088
+ RESERVED
+CVE-2022-23087
+ RESERVED
+CVE-2022-23086
+ RESERVED
+CVE-2022-23085
+ RESERVED
+CVE-2022-23084
+ RESERVED
+CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transf ...)
+ NOT-FOR-US: NetMaster
+CVE-2022-23082
+ RESERVED
+CVE-2022-23081
+ RESERVED
+CVE-2022-23080
+ RESERVED
+CVE-2022-23079
+ RESERVED
+CVE-2022-23078
+ RESERVED
+CVE-2022-23077
+ RESERVED
+CVE-2022-23076
+ RESERVED
+CVE-2022-23075
+ RESERVED
+CVE-2022-23074
+ RESERVED
+CVE-2022-23073
+ RESERVED
+CVE-2022-23072
+ RESERVED
+CVE-2022-23071
+ RESERVED
+CVE-2022-23070
+ RESERVED
+CVE-2022-23069
+ RESERVED
+CVE-2022-23068
+ RESERVED
+CVE-2022-23067
+ RESERVED
+CVE-2022-23066
+ RESERVED
+CVE-2022-23065
+ RESERVED
+CVE-2022-23064
+ RESERVED
+CVE-2022-23063
+ RESERVED
+CVE-2022-23062
+ RESERVED
+CVE-2022-23061
+ RESERVED
+CVE-2022-23060
+ RESERVED
+CVE-2022-23059
+ RESERVED
+CVE-2022-23058
+ RESERVED
+CVE-2022-23057
+ RESERVED
+CVE-2022-23056
+ RESERVED
+CVE-2022-23055
+ RESERVED
+CVE-2022-23054 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...)
+ NOT-FOR-US: Openmct
+CVE-2022-23053 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...)
+ NOT-FOR-US: Openmct
+CVE-2022-23052
+ RESERVED
+CVE-2022-23051
+ RESERVED
+CVE-2022-23050
+ RESERVED
+CVE-2022-23049 (Exponent CMS 2.6.0patch2 allows an authenticated user to inject persis ...)
+ NOT-FOR-US: Exponent CMS
+CVE-2022-23048 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload ...)
+ NOT-FOR-US: Exponent CMS
+CVE-2022-23047 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject ...)
+ NOT-FOR-US: Exponent CMS
+CVE-2022-23046 (PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL senten ...)
+ NOT-FOR-US: PhpIPAM
+CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent ...)
+ NOT-FOR-US: PhpIPAM
+CVE-2022-23044
+ RESERVED
+CVE-2022-23043
+ RESERVED
+CVE-2022-23042
+ RESERVED
+CVE-2022-23041
+ RESERVED
+CVE-2022-23040
+ RESERVED
+CVE-2022-23039
+ RESERVED
+CVE-2022-23038
+ RESERVED
+CVE-2022-23037
+ RESERVED
+CVE-2022-23036
+ RESERVED
+CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The management of I ...)
+ - xen 4.16.0+51-g0941d6cb-1
+ [bullseye] - xen <postponed> (Fix along with next DSA round)
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-395.html
+CVE-2022-23034 (A PV guest could DoS Xen while unmapping a grant To address XSA-380, r ...)
+ - xen 4.16.0+51-g0941d6cb-1
+ [bullseye] - xen <postponed> (Fix along with next DSA round)
+ [buster] - xen <end-of-life> (DSA 4677-1)
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-394.html
+CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings The funct ...)
+ - xen 4.16.0+51-g0941d6cb-1
+ [bullseye] - xen <postponed> (Fix along with next DSA round)
+ [buster] - xen <not-affected> (Vulnerable code introduced later)
+ [stretch] - xen <not-affected> (Vulnerable code introduced later)
+ NOTE: https://xenbits.xen.org/xsa/advisory-393.html
+CVE-2022-23032 (In all versions before 7.2.1.4, when proxy settings are configured in ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23031 (On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23030 (On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23029 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23028 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23027 (On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23026 (On BIG-IP ASM &amp; Advanced WAF version 16.1.x before 16.1.2, 15.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23025 (On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23024 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23023 (On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23022 (On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is config ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23021 (On BIG-IP version 16.1.x before 16.1.2, when any of the following conf ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23020 (On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' se ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23019 (On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23018 (On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23017 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23016 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23015 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14. ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23014 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23013 (On BIG-IP DNS &amp; GTM version 16.x before 16.1.0, 15.1.x before 15.1 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23012 (On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23011 (On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23010 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23009 (On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated ad ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23008 (On NGINX Controller API Management versions 3.18.0-3.19.0, an authenti ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2022-23007
+ RESERVED
+CVE-2022-23006
+ RESERVED
+CVE-2022-23005
+ RESERVED
+CVE-2022-23004
+ RESERVED
+CVE-2022-23003
+ RESERVED
+CVE-2022-23002
+ RESERVED
+CVE-2022-23001
+ RESERVED
+CVE-2022-23000
+ RESERVED
+CVE-2022-22999
+ RESERVED
+CVE-2022-22998
+ RESERVED
+CVE-2022-22997
+ RESERVED
+CVE-2022-22996
+ RESERVED
+CVE-2022-22995
+ RESERVED
+CVE-2022-22994 (A remote code execution vulnerability was discovered on Western Digita ...)
+ NOT-FOR-US: Western Digital
+CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital My Clou ...)
+ NOT-FOR-US: Western Digital
+CVE-2022-22992 (A command injection remote code execution vulnerability was discovered ...)
+ NOT-FOR-US: Western Digital
+CVE-2022-22991 (A malicious user on the same LAN could use DNS spoofing followed by a ...)
+ NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
+CVE-2022-22990 (A limited authentication bypass vulnerability was discovered that coul ...)
+ NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
+CVE-2022-22989 (My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vul ...)
+ NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware
+CVE-2022-22988 (File and directory permissions have been corrected to prevent unintend ...)
+ NOT-FOR-US: Western Digital
+CVE-2022-21234
+ RESERVED
+CVE-2022-21210
+ RESERVED
+CVE-2022-21145
+ RESERVED
+CVE-2022-0182 (Stored cross-site scripting vulnerability in Quiz And Survey Master ve ...)
+ NOT-FOR-US: Quiz And Survey Master
+CVE-2022-0181 (Reflected cross-site scripting vulnerability in Quiz And Survey Master ...)
+ NOT-FOR-US: Quiz And Survey Master
+CVE-2022-0180 (Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Mas ...)
+ NOT-FOR-US: Quiz And Survey Master
+CVE-2022-0179 (snipe-it is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: snipe-it
+CVE-2022-0178 (snipe-it is vulnerable to Improper Access Control ...)
+ NOT-FOR-US: snipe-it
+CVE-2022-0177
+ REJECTED
+CVE-2022-22983
+ RESERVED
+CVE-2022-22982
+ RESERVED
+CVE-2022-22981
+ RESERVED
+CVE-2022-22980
+ RESERVED
+CVE-2022-22979
+ RESERVED
+CVE-2022-22978
+ RESERVED
+CVE-2022-22977
+ RESERVED
+CVE-2022-22976
+ RESERVED
+CVE-2022-22975
+ RESERVED
+CVE-2022-22974
+ RESERVED
+CVE-2022-22973
+ RESERVED
+CVE-2022-22972
+ RESERVED
+CVE-2022-22971
+ RESERVED
+CVE-2022-22970
+ RESERVED
+CVE-2022-22969
+ RESERVED
+CVE-2022-22968
+ RESERVED
+CVE-2022-22967
+ RESERVED
+CVE-2022-22966
+ RESERVED
+CVE-2022-22965
+ RESERVED
+CVE-2022-22964
+ RESERVED
+CVE-2022-22963
+ RESERVED
+CVE-2022-22962
+ RESERVED
+CVE-2022-22961
+ RESERVED
+CVE-2022-22960
+ RESERVED
+CVE-2022-22959
+ RESERVED
+CVE-2022-22958
+ RESERVED
+CVE-2022-22957
+ RESERVED
+CVE-2022-22956
+ RESERVED
+CVE-2022-22955
+ RESERVED
+CVE-2022-22954
+ RESERVED
+CVE-2022-22953
+ RESERVED
+CVE-2022-22952
+ RESERVED
+CVE-2022-22951
+ RESERVED
+CVE-2022-22950
+ RESERVED
+CVE-2022-22949
+ RESERVED
+CVE-2022-22948
+ RESERVED
+CVE-2022-22947
+ RESERVED
+CVE-2022-22946
+ RESERVED
+CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. A malici ...)
+ NOT-FOR-US: VMware
+CVE-2022-22944
+ RESERVED
+CVE-2022-22943
+ RESERVED
+CVE-2022-22942 [drm/vmwgfx: Fix stale file descriptors on failed usercopy]
+ RESERVED
+ - linux 5.15.15-2
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/27/4
+ NOTE: https://www.openwall.com/lists/oss-security/2022/02/03/1
+ NOTE: Fixed by: https://git.kernel.org/linus/a0f90c8815706981c483a652a6aefca51a5e191c
+CVE-2022-22941
+ RESERVED
+CVE-2022-22940
+ RESERVED
+CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure vulnerabili ...)
+ NOT-FOR-US: VMware
+CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...)
+ NOT-FOR-US: VMware
+CVE-2022-22937
+ RESERVED
+CVE-2022-22936
+ RESERVED
+CVE-2022-22935
+ RESERVED
+CVE-2022-22934
+ RESERVED
+CVE-2022-22933
+ RESERVED
+CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the karaf-maven-plugin hav ...)
+ - apache-karaf <itp> (bug #881297)
+CVE-2022-22931 (Fix of CVE-2021-40525 do not prepend delimiters upon valid directory v ...)
+ NOT-FOR-US: Apache James
+CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template Management ...)
+ NOT-FOR-US: MCMS
+CVE-2022-22929 (MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerabil ...)
+ NOT-FOR-US: MCMS
+CVE-2022-22928 (MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing att ...)
+ NOT-FOR-US: MCMS
+CVE-2022-22927
+ RESERVED
+CVE-2022-22926
+ RESERVED
+CVE-2022-22925
+ RESERVED
+CVE-2022-22924
+ RESERVED
+CVE-2022-22923
+ RESERVED
+CVE-2022-22922 (TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovere ...)
+ NOT-FOR-US: TP-Link
+CVE-2022-22921
+ RESERVED
+CVE-2022-22920
+ RESERVED
+CVE-2022-22919 (Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SS ...)
+ NOT-FOR-US: Adenza AxiomSL ControllerView
+CVE-2022-22918
+ RESERVED
+CVE-2022-22917
+ RESERVED
+CVE-2022-22916 (O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vu ...)
+ NOT-FOR-US: O2OA
+CVE-2022-22915
+ RESERVED
+CVE-2022-22914 (An incorrect access control issue in the component FileManager of Ovid ...)
+ NOT-FOR-US: Ovidentia CMS
+CVE-2022-22913
+ RESERVED
+CVE-2022-22912 (Prototype pollution vulnerability via .parse() in Plist before v3.0.4 ...)
+ TODO: check
+CVE-2022-22911
+ RESERVED
+CVE-2022-22910
+ RESERVED
+CVE-2022-22909
+ RESERVED
+CVE-2022-22908
+ RESERVED
+CVE-2022-22907
+ RESERVED
+CVE-2022-22906
+ RESERVED
+CVE-2022-22905
+ RESERVED
+CVE-2022-22904
+ RESERVED
+CVE-2022-22903
+ RESERVED
+CVE-2022-22902
+ RESERVED
+CVE-2022-22901 (There is an Assertion in 'context_p-&gt;next_scanner_info_p-&gt;type = ...)
+ TODO: check
+CVE-2022-22900
+ RESERVED
+CVE-2022-22899 (Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenti ...)
+ NOT-FOR-US: Core FTP / SFTP Server
+CVE-2022-22898
+ RESERVED
+CVE-2022-22897
+ RESERVED
+CVE-2022-22896
+ RESERVED
+CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4850
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4882
+CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899
+CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_lo ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <no-dsa> (Minor issue)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4901
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4945
+CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_valu ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4872
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878
+CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via e ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4871
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4885
+CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT &am ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4849
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4847
+CVE-2022-22889
+ RESERVED
+CVE-2022-22888 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...)
+ - iotjs <unfixed> (bug #1004298)
+ [bullseye] - iotjs <no-dsa> (Minor issue)
+ [buster] - iotjs <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4877
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4848
+CVE-2022-22887
+ RESERVED
+CVE-2022-22886
+ RESERVED
+CVE-2022-22885 (Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL cert ...)
+ NOT-FOR-US: Hutool
+CVE-2022-22884
+ RESERVED
+CVE-2022-22883
+ RESERVED
+CVE-2022-22882
+ RESERVED
+CVE-2022-22881 (Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerabilit ...)
+ NOT-FOR-US: Jeecg-boot
+CVE-2022-22880 (Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerabilit ...)
+ NOT-FOR-US: Jeecg-boot
+CVE-2022-22879
+ RESERVED
+CVE-2022-22878
+ RESERVED
+CVE-2022-22877
+ RESERVED
+CVE-2022-22876
+ RESERVED
+CVE-2022-22875
+ RESERVED
+CVE-2022-22874
+ RESERVED
+CVE-2022-22873
+ RESERVED
+CVE-2022-22872
+ RESERVED
+CVE-2022-22871
+ RESERVED
+CVE-2022-22870
+ RESERVED
+CVE-2022-22869
+ RESERVED
+CVE-2022-22868 (Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting ( ...)
+ NOT-FOR-US: Gibbon CMS
+CVE-2022-22867
+ RESERVED
+CVE-2022-22866
+ RESERVED
+CVE-2022-22865
+ RESERVED
+CVE-2022-22864
+ RESERVED
+CVE-2022-22863
+ RESERVED
+CVE-2022-22862
+ RESERVED
+CVE-2022-22861
+ RESERVED
+CVE-2022-22860
+ RESERVED
+CVE-2022-22859
+ RESERVED
+CVE-2022-22858
+ RESERVED
+CVE-2022-22857
+ RESERVED
+CVE-2022-22856
+ RESERVED
+CVE-2022-22855
+ RESERVED
+CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...)
+ NOT-FOR-US: Hospital Patient Record Management System
+CVE-2022-22853 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient ...)
+ NOT-FOR-US: Hospital Patient Record Management System
+CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
+ NOT-FOR-US: Sourcecodtester
+CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
+ NOT-FOR-US: Sourcecodtester
+CVE-2022-22850 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...)
+ NOT-FOR-US: Sourcecodtester
+CVE-2022-22849
+ RESERVED
+CVE-2022-22149
+ RESERVED
+CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0175 [memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak]
+ RESERVED
+ - virglrenderer <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039003
+ NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
+ NOTE: Code refactored in https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/7899e057327848300b18d8f03aa3789e00ed0221 (0.9.0)
+ NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c
+ TODO: check if issue is present before refactoring in 0.9.0
+CVE-2022-0174 (dolibarr is vulnerable to Business Logic Errors ...)
+ - dolibarr <removed>
+CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5
+ NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c
+CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
+ - gitlab <unfixed>
+CVE-2022-0171
+ RESERVED
+CVE-2022-0170 (peertube is vulnerable to Improper Access Control ...)
+ - peertube <itp> (bug #950821)
+CVE-2022-0169
+ RESERVED
+CVE-2022-0168
+ RESERVED
+CVE-2022-0167
+ RESERVED
+CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to 5.7. ...)
+ NOT-FOR-US: McAfee
+CVE-2022-0165
+ RESERVED
+CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0163
+ RESERVED
+CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 ...)
+ NOT-FOR-US: TP-Link
+CVE-2022-0161
+ RESERVED
+CVE-2022-0160
+ RESERVED
+CVE-2022-0159 (orchardcore is vulnerable to Improper Neutralization of Input During W ...)
+ NOT-FOR-US: orchardcore
+CVE-2022-0158 (vim is vulnerable to Heap-based Buffer Overflow ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/
+ NOTE: https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 (v8.2.4049)
+CVE-2022-0157 (phoronix-test-suite is vulnerable to Improper Neutralization of Input ...)
+ - phoronix-test-suite <removed>
+CVE-2022-22848
+ RESERVED
+CVE-2022-22847 (Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Se ...)
+ NOT-FOR-US: Formpipe Lasernet
+CVE-2022-22846 (The dnslib package through 0.9.16 for Python does not verify that the ...)
+ - python-dnslib 0.9.18-1
+ [bullseye] - python-dnslib <no-dsa> (Minor issue)
+ [buster] - python-dnslib <no-dsa> (Minor issue)
+ NOTE: https://github.com/paulc/dnslib/issues/30
+ NOTE: https://github.com/paulc/dnslib/commit/76e8677699ed098387d502c57980f58da642aeba
+CVE-2022-22845 (QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167 ...)
+ NOT-FOR-US: QXIP SIPCAPTURE homer-app for HOMER
+CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c i ...)
+ - tiff 4.3.0-3
+ [bullseye] - tiff <no-dsa> (Minor issue)
+ [buster] - tiff <no-dsa> (Minor issue)
+ [stretch] - tiff <postponed> (Minor issue; read overflow in CLI utility)
+ NOTE: https://gitlab.com/libtiff/libtiff/-/issues/355
+ NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/287
+ NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64
+CVE-2022-22843
+ RESERVED
+CVE-2022-22842
+ RESERVED
+CVE-2022-22841
+ RESERVED
+CVE-2022-22840
+ RESERVED
+CVE-2022-22839
+ RESERVED
+CVE-2022-22838
+ RESERVED
+CVE-2022-22837
+ RESERVED
+CVE-2022-22836 (CoreFTP Server before 727 allows directory traversal (for file creatio ...)
+ NOT-FOR-US: CoreFTP
+CVE-2022-22835
+ RESERVED
+CVE-2022-22834
+ RESERVED
+CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obta ...)
+ NOT-FOR-US: Servisnet Tessa
+CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2. Authorization data i ...)
+ NOT-FOR-US: Servisnet Tessa
+CVE-2022-22831 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add ...)
+ NOT-FOR-US: Servisnet Tessa
+CVE-2022-22830
+ RESERVED
+CVE-2022-22829
+ RESERVED
+CVE-2022-22828 (An insecure direct object reference for the file-download URL in Synam ...)
+ NOT-FOR-US: Synametrics
+CVE-2022-0156 (vim is vulnerable to Use After Free ...)
+ - vim <unfixed>
+ [bullseye] - vim <no-dsa> (Minor issue)
+ [buster] - vim <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36
+ NOTE: https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f (v8.2.4040)
+CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1003474)
+ NOTE: https://github.com/libexpat/libexpat/pull/539
+ NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3)
+CVE-2022-22826 (nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1003474)
+ NOTE: https://github.com/libexpat/libexpat/pull/539
+ NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3)
+CVE-2022-22825 (lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integ ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1003474)
+ NOTE: https://github.com/libexpat/libexpat/pull/539
+ NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3)
+CVE-2022-22824 (defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1003474)
+ NOTE: https://github.com/libexpat/libexpat/pull/539
+ NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3)
+CVE-2022-22823 (build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1003474)
+ NOTE: https://github.com/libexpat/libexpat/pull/539
+ NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3)
+CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an i ...)
+ {DSA-5073-1 DLA-2904-1}
+ - expat 2.4.3-1 (bug #1003474)
+ NOTE: https://github.com/libexpat/libexpat/pull/539
+ NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3)
+CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in wh ...)
+ NOT-FOR-US: NVIDIA NeMo
+CVE-2022-22820 (Due to the lack of media file checks before rendering, it was possible ...)
+ NOT-FOR-US: LINE
+CVE-2022-22819
+ RESERVED
+CVE-2022-22818 (The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...)
+ {DLA-2906-1}
+ - python-django 2:3.2.12-1 (bug #1004752)
+ [bullseye] - python-django <no-dsa> (Minor issue)
+ [buster] - python-django <no-dsa> (Minor issue)
+ NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/
+ NOTE: https://github.com/django/django/commit/394517f07886495efcf79f95c7ee402a9437bd68 (main)
+ NOTE: https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5 (4.0.2)
+ NOTE: https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2 (3.2.12)
+ NOTE: https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6 (2.2.27)
+CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ...)
+ {DSA-5053-1 DLA-2893-1}
+ - pillow 9.0.0-1
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval
+ NOTE: https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (9.0.0)
+ NOTE: Fillowup in 9.0.1: https://github.com/python-pillow/Pillow/commit/c930be0758ac02cf15a2b8d5409d50d443550581
+CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...)
+ {DSA-5053-1 DLA-2893-1}
+ - pillow 9.0.0-1
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
+ NOTE: https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c (9.0.0)
+CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initializes I ...)
+ {DSA-5053-1 DLA-2893-1}
+ - pillow 9.0.0-1
+ NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling
+ NOTE: https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (9.0.0)
+CVE-2022-22814
+ RESERVED
+CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal Informa ...)
+ - node-follow-redirects 1.14.7+~1.13.1-1
+ [bullseye] - node-follow-redirects <no-dsa> (Minor issue)
+ [buster] - node-follow-redirects <ignored> (Minor issue, too intrusive to backport)
+ NOTE: https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406
+ NOTE: https://github.com/follow-redirects/follow-redirects/issues/183
+ NOTE: https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 (v1.14.7)
+CVE-2022-22813 (A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an a ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22811 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22810 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22809 (A CWE-306: Missing Authentication for Critical Function vulnerability ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22808 (A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulne ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22806
+ RESERVED
+CVE-2022-22805
+ RESERVED
+CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22803
+ RESERVED
+CVE-2022-22802
+ RESERVED
+CVE-2022-22801
+ RESERVED
+CVE-2022-22800
+ RESERVED
+CVE-2022-22799
+ RESERVED
+CVE-2022-22798
+ RESERVED
+CVE-2022-22797
+ RESERVED
+CVE-2022-22796
+ RESERVED
+CVE-2022-22795
+ RESERVED
+CVE-2022-22794
+ RESERVED
+CVE-2022-22793
+ RESERVED
+CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...)
+ NOT-FOR-US: MobiSoft
+CVE-2022-22791 (SYNEL - eharmony Authenticated Blind &amp; Stored XSS. Inject JS code ...)
+ NOT-FOR-US: SYNEL
+CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...)
+ NOT-FOR-US: SYNEL
+CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover &#8211; An attacker ...)
+ NOT-FOR-US: Charactell - FormStorm Enterprise
+CVE-2022-22788
+ RESERVED
+CVE-2022-22787
+ RESERVED
+CVE-2022-22786
+ RESERVED
+CVE-2022-22785
+ RESERVED
+CVE-2022-22784
+ RESERVED
+CVE-2022-22783
+ RESERVED
+CVE-2022-22782
+ RESERVED
+CVE-2022-22781
+ RESERVED
+CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible to Zip ...)
+ NOT-FOR-US: Zoom
+CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...)
+ NOT-FOR-US: Keybase on MacOS & Windows
+CVE-2022-22778
+ RESERVED
+CVE-2022-22777
+ RESERVED
+CVE-2022-22776
+ RESERVED
+CVE-2022-22775
+ RESERVED
+CVE-2022-22774
+ RESERVED
+CVE-2022-22773
+ RESERVED
+CVE-2022-22772
+ RESERVED
+CVE-2022-22771
+ RESERVED
+CVE-2022-22770 (The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe cont ...)
+ NOT-FOR-US: TIBCO
+CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX ...)
+ NOT-FOR-US: TIBCO
+CVE-2022-22768
+ RESERVED
+CVE-2022-22767
+ RESERVED
+CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...)
+ NOT-FOR-US: BD Pyxis
+CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded credent ...)
+ NOT-FOR-US: BD Viper LT system
+CVE-2022-22764
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox 97.0-1
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22764
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22764
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22764
+CVE-2022-22763
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22763
+CVE-2022-22762
+ RESERVED
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22762
+CVE-2022-22761
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox 97.0-1
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22761
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22761
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22761
+CVE-2022-22760
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox 97.0-1
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22760
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22760
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22760
+CVE-2022-22759
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox 97.0-1
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22759
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22759
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22759
+CVE-2022-22758
+ RESERVED
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22758
+CVE-2022-22757
+ RESERVED
+ - firefox <unfixed>
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22757
+ TODO: check if WebDriver enabled, if not demote severity to unimportant
+CVE-2022-22756
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox 97.0-1
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22756
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22756
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22756
+CVE-2022-22755
+ RESERVED
+ - firefox 97.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22755
+CVE-2022-22754
+ RESERVED
+ {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1}
+ - firefox 97.0-1
+ - firefox-esr 91.6.0esr-1
+ - thunderbird 1:91.6.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22754
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22754
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22754
+CVE-2022-22753
+ RESERVED
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22753
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22753
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22753
+CVE-2022-22752
+ RESERVED
+ - firefox 96.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22752
+CVE-2022-22751
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22751
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22751
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22751
+CVE-2022-22750
+ RESERVED
+ - firefox <not-affected> (Only affects Windows and MacOS)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22750
+CVE-2022-22749
+ RESERVED
+ - firefox <not-affected> (Only affects Android)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22749
+CVE-2022-22748
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22748
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22748
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22748
+CVE-2022-22747
+ RESERVED
+ {DSA-5062-1 DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1}
+ - nss 2:3.73-1
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22747
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22747
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22747
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1735028
+ NOTE: https://hg.mozilla.org/projects/nss/rev/7ff99e71f3e37faed12bc3cc90a3eed27e3418d0
+CVE-2022-22746
+ RESERVED
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22746
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22746
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22746
+CVE-2022-22745
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22745
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22745
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22745
+CVE-2022-22744
+ RESERVED
+ - firefox <not-affected> (Only affects Windows)
+ - firefox-esr <not-affected> (Only affects Windows)
+ - thunderbird <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22744
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22744
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22744
+CVE-2022-22743
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22743
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22743
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22743
+CVE-2022-22742
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22742
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22742
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22742
+CVE-2022-22741
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22741
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22741
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22741
+CVE-2022-22740
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22740
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22740
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22740
+CVE-2022-22739
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22739
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22739
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22739
+CVE-2022-22738
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22738
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22738
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22738
+CVE-2022-22737
+ RESERVED
+ {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1}
+ - firefox 96.0-1
+ - firefox-esr 91.5.0esr-1
+ - thunderbird 1:91.5.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22737
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22737
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22737
+CVE-2022-22736
+ RESERVED
+ - firefox <not-affected> (Only affects Windows)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22736
+CVE-2022-22735
+ RESERVED
+CVE-2022-22734
+ RESERVED
+CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+ NOT-FOR-US: Apache ShardingSphere ElasticJob-UI
+CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2022-0153
+ RESERVED
+CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2022-0150
+ RESERVED
+CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0147
+ RESERVED
+CVE-2022-0146
+ RESERVED
+CVE-2022-0145
+ RESERVED
+CVE-2022-22732
+ RESERVED
+CVE-2022-22731
+ RESERVED
+CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management ...)
+ - node-shelljs 0.8.5+~cs0.8.10-1
+ [bullseye] - node-shelljs <no-dsa> (Minor issue)
+ [buster] - node-shelljs <no-dsa> (Minor issue)
+ [stretch] - node-shelljs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/
+ NOTE: https://github.com/shelljs/shelljs/issues/1058
+ NOTE: https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c (v0.8.5)
+CVE-2022-0143
+ RESERVED
+CVE-2022-0142
+ RESERVED
+CVE-2022-0141
+ RESERVED
+CVE-2022-0140
+ RESERVED
+CVE-2022-22728
+ RESERVED
+CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that could al ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22725 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22724 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists that ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...)
+ NOT-FOR-US: Schneider Electric
+CVE-2022-22721
+ RESERVED
+CVE-2022-22720
+ RESERVED
+CVE-2022-22719
+ RESERVED
+CVE-2022-22718 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22717 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22716 (Microsoft Excel Information Disclosure Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22715 (Named Pipe File System Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22714
+ RESERVED
+CVE-2022-22713
+ RESERVED
+CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22711
+ RESERVED
+CVE-2022-22710 (Windows Common Log File System Driver Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22709 (VP9 Video Extensions Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21806
+ RESERVED
+CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. ...)
+ - radare2 <unfixed>
+ NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/
+ NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0)
+CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-0137
+ RESERVED
+CVE-2022-0136
+ RESERVED
+CVE-2022-0135 [out-of-bounds write in read_transfer_data()]
+ RESERVED
+ - virglrenderer <undetermined>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037790
+ NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654
+ NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec
+ TODO: Check introducing information for issue
+CVE-2022-0134 (The AnyComment WordPress plugin before 0.2.18 does not have CSRF check ...)
+ NOT-FOR-US: WordPress plugin
+CVE-2022-0133 (peertube is vulnerable to Improper Access Control ...)
+ - peertube <itp> (bug #950821)
+CVE-2022-0132 (peertube is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ - peertube <itp> (bug #950821)
+CVE-2022-0131 (Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API ...)
+ NOT-FOR-US: Jimoty App for Android
+CVE-2022-22708
+ RESERVED
+CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...)
+ {DSA-5040-1}
+ - lighttpd 1.4.64-1
+ [stretch] - lighttpd <not-affected> (Vulnerable code not present; the issue was introduced in later versions)
+ NOTE: https://redmine.lighttpd.net/issues/3134
+ NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664
+CVE-2022-22706
+ RESERVED
+CVE-2022-22705
+ RESERVED
+CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes a ...)
+ NOT-FOR-US: zabbix-agent2 package for Alpine
+CVE-2022-22703 (In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cl ...)
+ NOT-FOR-US: Stormshield SSO Agent
+CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the functionality to upload attach ...)
+ NOT-FOR-US: PartKeepr
+CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL while c ...)
+ NOT-FOR-US: PartKeepr
+CVE-2022-22700
+ RESERVED
+CVE-2022-22699
+ RESERVED
+CVE-2022-22698
+ RESERVED
+CVE-2022-22697
+ RESERVED
+CVE-2022-22696
+ RESERVED
+CVE-2022-22695
+ RESERVED
+CVE-2022-22694
+ RESERVED
+CVE-2022-22693
+ RESERVED
+CVE-2022-22692
+ RESERVED
+CVE-2022-22691 (The password reset component deployed within Umbraco uses the hostname ...)
+ NOT-FOR-US: Umbraco CMS
+CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...)
+ NOT-FOR-US: Umbraco CMS
+CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, an ...)
+ NOT-FOR-US: CA Harvest Software Change Manager
+CVE-2022-22688
+ RESERVED
+CVE-2022-22687
+ RESERVED
+CVE-2022-22686
+ RESERVED
+CVE-2022-22685
+ RESERVED
+CVE-2022-22684
+ RESERVED
+CVE-2022-22683
+ RESERVED
+CVE-2022-22682
+ RESERVED
+CVE-2022-22681
+ RESERVED
+CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...)
+ NOT-FOR-US: Synology
+CVE-2022-22679 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
+ NOT-FOR-US: Synology
+CVE-2022-22150 (A memory corruption vulnerability exists in the JavaScript engine of F ...)
+ NOT-FOR-US: Foxit
+CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remo ...)
+ NOT-FOR-US: Tenable
+CVE-2022-22678
+ RESERVED
+CVE-2022-0129 (Uncontrolled search path element vulnerability in McAfee TechCheck pri ...)
+ NOT-FOR-US: McAfee
+CVE-2022-0128 (vim is vulnerable to Out-of-bounds Read ...)
+ - vim <unfixed>
+ [bullseye] - vim <not-affected> (Vulnerable code introduced later)
+ [buster] - vim <not-affected> (Vulnerable code introduced later)
+ [stretch] - vim <not-affected> (Vulnerable code introduced later)
+ NOTE: https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba
+ NOTE: Introduced by: https://github.com/vim/vim/commit/bdc0f1c6986e5d64f647e0924a4de795b47c549a (v8.2.2806)
+ NOTE: Fixed by: https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a (v8.2.4009)
+CVE-2022-0127
+ RESERVED
+CVE-2022-0126
+ RESERVED
+CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab <unfixed>
+CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
+ - gitlab <unfixed>
+CVE-2022-0123
+ RESERVED
+CVE-2022-22677
+ RESERVED
+CVE-2022-22676
+ RESERVED
+CVE-2022-22675
+ RESERVED
+CVE-2022-22674
+ RESERVED
+CVE-2022-22673
+ RESERVED
+CVE-2022-22672
+ RESERVED
+CVE-2022-22671
+ RESERVED
+CVE-2022-22670
+ RESERVED
+CVE-2022-22669
+ RESERVED
+CVE-2022-22668
+ RESERVED
+CVE-2022-22667
+ RESERVED
+CVE-2022-22666
+ RESERVED
+CVE-2022-22665
+ RESERVED
+CVE-2022-22664
+ RESERVED
+CVE-2022-22663
+ RESERVED
+CVE-2022-22662
+ RESERVED
+CVE-2022-22661
+ RESERVED
+CVE-2022-22660
+ RESERVED
+CVE-2022-22659
+ RESERVED
+CVE-2022-22658
+ RESERVED
+CVE-2022-22657
+ RESERVED
+CVE-2022-22656
+ RESERVED
+CVE-2022-22655
+ RESERVED
+CVE-2022-22654
+ RESERVED
+CVE-2022-22653
+ RESERVED
+CVE-2022-22652
+ RESERVED
+CVE-2022-22651
+ RESERVED
+CVE-2022-22650
+ RESERVED
+CVE-2022-22649
+ RESERVED
+CVE-2022-22648
+ RESERVED
+CVE-2022-22647
+ RESERVED
+CVE-2022-22646
+ RESERVED
+CVE-2022-22645
+ RESERVED
+CVE-2022-22644
+ RESERVED
+CVE-2022-22643
+ RESERVED
+CVE-2022-22642
+ RESERVED
+CVE-2022-22641
+ RESERVED
+CVE-2022-22640
+ RESERVED
+CVE-2022-22639
+ RESERVED
+CVE-2022-22638
+ RESERVED
+CVE-2022-22637
+ RESERVED
+CVE-2022-22636
+ RESERVED
+CVE-2022-22635
+ RESERVED
+CVE-2022-22634
+ RESERVED
+CVE-2022-22633
+ RESERVED
+CVE-2022-22632
+ RESERVED
+CVE-2022-22631
+ RESERVED
+CVE-2022-22630
+ RESERVED
+CVE-2022-22629
+ RESERVED
+CVE-2022-22628
+ RESERVED
+CVE-2022-22627
+ RESERVED
+CVE-2022-22626
+ RESERVED
+CVE-2022-22625
+ RESERVED
+CVE-2022-22624
+ RESERVED
+CVE-2022-22623
+ RESERVED
+CVE-2022-22622
+ RESERVED
+CVE-2022-22621
+ RESERVED
+CVE-2022-22620 [A use after free issue was addressed with improved memory management]
+ RESERVED
+ {DSA-5084-1 DSA-5083-1}
+ - webkit2gtk 2.34.6-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.6-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0003.html
+CVE-2022-22619
+ RESERVED
+CVE-2022-22618
+ RESERVED
+CVE-2022-22617
+ RESERVED
+CVE-2022-22616
+ RESERVED
+CVE-2022-22615
+ RESERVED
+CVE-2022-22614
+ RESERVED
+CVE-2022-22613
+ RESERVED
+CVE-2022-22612
+ RESERVED
+CVE-2022-22611
+ RESERVED
+CVE-2022-22610
+ RESERVED
+CVE-2022-22609
+ RESERVED
+CVE-2022-22608
+ RESERVED
+CVE-2022-22607
+ RESERVED
+CVE-2022-22606
+ RESERVED
+CVE-2022-22605
+ RESERVED
+CVE-2022-22604
+ RESERVED
+CVE-2022-22603
+ RESERVED
+CVE-2022-22602
+ RESERVED
+CVE-2022-22601
+ RESERVED
+CVE-2022-22600
+ RESERVED
+CVE-2022-22599
+ RESERVED
+CVE-2022-22598
+ RESERVED
+CVE-2022-22597
+ RESERVED
+CVE-2022-22596
+ RESERVED
+CVE-2022-22595
+ RESERVED
+CVE-2022-22594 [A cross-origin issue in the IndexDB API was addressed with improved input validation]
+ RESERVED
+ {DSA-5061-1 DSA-5060-1}
+ - webkit2gtk 2.34.4-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.4-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0001.html
+CVE-2022-22593
+ RESERVED
+CVE-2022-22591
+ RESERVED
+CVE-2022-22589 [A validation issue was addressed with improved input sanitization]
+ RESERVED
+ {DSA-5084-1 DSA-5083-1}
+ - webkit2gtk 2.34.5-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.5-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0002.html
+CVE-2022-22588
+ RESERVED
+CVE-2022-22587
+ RESERVED
+CVE-2022-22586
+ RESERVED
+CVE-2022-22585
+ RESERVED
+CVE-2022-22584
+ RESERVED
+CVE-2022-22583
+ RESERVED
+CVE-2022-22582
+ RESERVED
+CVE-2022-22581
+ RESERVED
+CVE-2022-22580
+ RESERVED
+CVE-2022-22579
+ RESERVED
+CVE-2022-22578
+ RESERVED
+CVE-2022-22577
+ RESERVED
+CVE-2022-22576
+ RESERVED
+CVE-2022-22575
+ RESERVED
+CVE-2022-22574
+ RESERVED
+CVE-2022-22573
+ RESERVED
+CVE-2022-22572
+ RESERVED
+CVE-2022-22571
+ RESERVED
+CVE-2022-22570
+ RESERVED
+CVE-2022-22569
+ RESERVED
+CVE-2022-22568
+ RESERVED
+CVE-2022-0122 (forge is vulnerable to URL Redirection to Untrusted Site ...)
+ NOT-FOR-US: forge
+CVE-2022-0121 (hoppscotch is vulnerable to Exposure of Sensitive Information to an Un ...)
+ NOT-FOR-US: hoppscotch
+CVE-2022-22567 (Select Dell Client Commercial and Consumer platforms are vulnerable to ...)
+ NOT-FOR-US: Dell
+CVE-2022-22566 (Select Dell Client Commercial and Consumer platforms contain a pre-boo ...)
+ NOT-FOR-US: Dell
+CVE-2022-22565
+ RESERVED
+CVE-2022-22564
+ RESERVED
+CVE-2022-22563
+ RESERVED
+CVE-2022-22562
+ RESERVED
+CVE-2022-22561
+ RESERVED
+CVE-2022-22560
+ RESERVED
+CVE-2022-22559
+ RESERVED
+CVE-2022-22558
+ RESERVED
+CVE-2022-22557
+ RESERVED
+CVE-2022-22556
+ RESERVED
+CVE-2022-22555
+ RESERVED
+CVE-2022-22554 (Dell EMC System Update, version 1.9.2 and prior, contain an Unprotecte ...)
+ NOT-FOR-US: EMC
+CVE-2022-22553 (Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction o ...)
+ NOT-FOR-US: EMC
+CVE-2022-22552 (Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerabil ...)
+ NOT-FOR-US: EMC
+CVE-2022-22551 (DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensi ...)
+ NOT-FOR-US: EMC
+CVE-2022-22550
+ RESERVED
+CVE-2022-22549
+ RESERVED
+CVE-2022-22548
+ RESERVED
+CVE-2022-22547
+ RESERVED
+CVE-2022-22546 (Due to improper HTML encoding in input control summary, an authorized ...)
+ NOT-FOR-US: SAP
+CVE-2022-22545 (A high privileged user who has access to transaction SM59 can read con ...)
+ NOT-FOR-US: SAP
+CVE-2022-22544 (Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720 ...)
+ NOT-FOR-US: SAP
+CVE-2022-22543 (SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform ( ...)
+ NOT-FOR-US: SAP
+CVE-2022-22542 (S/4HANA Supplier Factsheet exposes the private address and bank detail ...)
+ NOT-FOR-US: SAP
+CVE-2022-22541
+ RESERVED
+CVE-2022-22540 (SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731 ...)
+ NOT-FOR-US: SAP
+CVE-2022-22539 (When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) receiv ...)
+ NOT-FOR-US: SAP
+CVE-2022-22538 (When a user opens a manipulated Adobe Illustrator file format (.ai, ai ...)
+ NOT-FOR-US: SAP
+CVE-2022-22537 (When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3 ...)
+ NOT-FOR-US: SAP
+CVE-2022-22536 (SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Serve ...)
+ NOT-FOR-US: SAP
+CVE-2022-22535 (SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necess ...)
+ NOT-FOR-US: SAP
+CVE-2022-22534 (Due to insufficient encoding of user input, SAP NetWeaver allows an un ...)
+ NOT-FOR-US: SAP
+CVE-2022-22533 (Due to improper error handling in SAP NetWeaver Application Server Jav ...)
+ NOT-FOR-US: SAP
+CVE-2022-22532 (In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7. ...)
+ NOT-FOR-US: SAP
+CVE-2022-22531 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...)
+ NOT-FOR-US: SAP
+CVE-2022-22530 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...)
+ NOT-FOR-US: SAP
+CVE-2022-22529 (SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficie ...)
+ NOT-FOR-US: SAP
+CVE-2022-22528 (SAP Adaptive Server Enterprise (ASE) - version 16.0, installation make ...)
+ NOT-FOR-US: SAP
+CVE-2022-22527
+ RESERVED
+CVE-2022-0120 (Inappropriate implementation in Passwords in Google Chrome prior to 97 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0119
+ RESERVED
+CVE-2022-0118 (Inappropriate implementation in WebShare in Google Chrome prior to 97. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0117 (Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0116 (Inappropriate implementation in Compositing in Google Chrome prior to ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0115 (Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0114 (Out of bounds memory access in Blink Serial API in Google Chrome prior ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0113 (Inappropriate implementation in Blink in Google Chrome prior to 97.0.4 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0112 (Incorrect security UI in Browser UI in Google Chrome prior to 97.0.469 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0111 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0110 (Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0109 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0108 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0107 (Use after free in File Manager API in Google Chrome on Chrome OS prior ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0106 (Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allo ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0105 (Use after free in PDF Accessibility in Google Chrome prior to 97.0.469 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0104 (Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0103 (Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0102 (Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0101 (Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0100 (Heap buffer overflow in Media streams API in Google Chrome prior to 97 ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0099 (Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allow ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0098 (Use after free in Screen Capture in Google Chrome on Chrome OS prior t ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0097 (Inappropriate implementation in DevTools in Google Chrome prior to 97. ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0096 (Use after free in Storage in Google Chrome prior to 97.0.4692.71 allow ...)
+ {DSA-5046-1}
+ - chromium 97.0.4692.71-0.1
+ [buster] - chromium <end-of-life> (see DSA 5046)
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2022-0095
+ RESERVED
+CVE-2022-0094
+ RESERVED
+CVE-2022-0093 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
+ - gitlab <unfixed>
+CVE-2022-0092
+ RESERVED
+CVE-2022-0091
+ RESERVED
+CVE-2022-0090 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...)
+ - gitlab <unfixed>
+CVE-2022-0089
+ RESERVED
+CVE-2022-0088
+ RESERVED
+CVE-2022-22526
+ RESERVED
+CVE-2022-22525
+ RESERVED
+CVE-2022-22524
+ RESERVED
+CVE-2022-22523
+ RESERVED
+CVE-2022-22522
+ RESERVED
+CVE-2022-22521
+ RESERVED
+CVE-2022-22520
+ RESERVED
+CVE-2022-22519
+ RESERVED
+CVE-2022-22518
+ RESERVED
+CVE-2022-22517
+ RESERVED
+CVE-2022-22516
+ RESERVED
+CVE-2022-22515
+ RESERVED
+CVE-2022-22514
+ RESERVED
+CVE-2022-22513
+ RESERVED
+CVE-2022-22512
+ RESERVED
+CVE-2022-22511
+ RESERVED
+CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer derefere ...)
+ NOT-FOR-US: Codesys
+CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect ...)
+ NOT-FOR-US: Phoenix Contact FL SWITCH Series
+CVE-2022-22508
+ RESERVED
+CVE-2022-22507
+ RESERVED
+CVE-2022-22506
+ RESERVED
+CVE-2022-22505
+ RESERVED
+CVE-2022-22504
+ RESERVED
+CVE-2022-22503
+ RESERVED
+CVE-2022-22502
+ RESERVED
+CVE-2022-22501
+ RESERVED
+CVE-2022-22500
+ RESERVED
+CVE-2022-22499
+ RESERVED
+CVE-2022-22498
+ RESERVED
+CVE-2022-22497
+ RESERVED
+CVE-2022-22496
+ RESERVED
+CVE-2022-22495
+ RESERVED
+CVE-2022-22494
+ RESERVED
+CVE-2022-22493
+ RESERVED
+CVE-2022-22492
+ RESERVED
+CVE-2022-22491
+ RESERVED
+CVE-2022-22490
+ RESERVED
+CVE-2022-22489
+ RESERVED
+CVE-2022-22488
+ RESERVED
+CVE-2022-22487
+ RESERVED
+CVE-2022-22486
+ RESERVED
+CVE-2022-22485
+ RESERVED
+CVE-2022-22484
+ RESERVED
+CVE-2022-22483
+ RESERVED
+CVE-2022-22482
+ RESERVED
+CVE-2022-22481
+ RESERVED
+CVE-2022-22480
+ RESERVED
+CVE-2022-22479
+ RESERVED
+CVE-2022-22478
+ RESERVED
+CVE-2022-22477
+ RESERVED
+CVE-2022-22476
+ RESERVED
+CVE-2022-22475
+ RESERVED
+CVE-2022-22474
+ RESERVED
+CVE-2022-22473
+ RESERVED
+CVE-2022-22472
+ RESERVED
+CVE-2022-22471
+ RESERVED
+CVE-2022-22470
+ RESERVED
+CVE-2022-22469
+ RESERVED
+CVE-2022-22468
+ RESERVED
+CVE-2022-22467
+ RESERVED
+CVE-2022-22466
+ RESERVED
+CVE-2022-22465
+ RESERVED
+CVE-2022-22464
+ RESERVED
+CVE-2022-22463
+ RESERVED
+CVE-2022-22462
+ RESERVED
+CVE-2022-22461
+ RESERVED
+CVE-2022-22460
+ RESERVED
+CVE-2022-22459
+ RESERVED
+CVE-2022-22458
+ RESERVED
+CVE-2022-22457
+ RESERVED
+CVE-2022-22456
+ RESERVED
+CVE-2022-22455
+ RESERVED
+CVE-2022-22454
+ RESERVED
+CVE-2022-22453
+ RESERVED
+CVE-2022-22452
+ RESERVED
+CVE-2022-22451
+ RESERVED
+CVE-2022-22450
+ RESERVED
+CVE-2022-22449
+ RESERVED
+CVE-2022-22448
+ RESERVED
+CVE-2022-22447
+ RESERVED
+CVE-2022-22446
+ RESERVED
+CVE-2022-22445
+ RESERVED
+CVE-2022-22444
+ RESERVED
+CVE-2022-22443
+ RESERVED
+CVE-2022-22442
+ RESERVED
+CVE-2022-22441
+ RESERVED
+CVE-2022-22440
+ RESERVED
+CVE-2022-22439
+ RESERVED
+CVE-2022-22438
+ RESERVED
+CVE-2022-22437
+ RESERVED
+CVE-2022-22436
+ RESERVED
+CVE-2022-22435
+ RESERVED
+CVE-2022-22434
+ RESERVED
+CVE-2022-22433
+ RESERVED
+CVE-2022-22432
+ RESERVED
+CVE-2022-22431
+ RESERVED
+CVE-2022-22430
+ RESERVED
+CVE-2022-22429
+ RESERVED
+CVE-2022-22428
+ RESERVED
+CVE-2022-22427
+ RESERVED
+CVE-2022-22426
+ RESERVED
+CVE-2022-22425
+ RESERVED
+CVE-2022-22424
+ RESERVED
+CVE-2022-22423
+ RESERVED
+CVE-2022-22422
+ RESERVED
+CVE-2022-22421
+ RESERVED
+CVE-2022-22420
+ RESERVED
+CVE-2022-22419
+ RESERVED
+CVE-2022-22418
+ RESERVED
+CVE-2022-22417
+ RESERVED
+CVE-2022-22416
+ RESERVED
+CVE-2022-22415
+ RESERVED
+CVE-2022-22414
+ RESERVED
+CVE-2022-22413
+ RESERVED
+CVE-2022-22412
+ RESERVED
+CVE-2022-22411
+ RESERVED
+CVE-2022-22410
+ RESERVED
+CVE-2022-22409
+ RESERVED
+CVE-2022-22408
+ RESERVED
+CVE-2022-22407
+ RESERVED
+CVE-2022-22406
+ RESERVED
+CVE-2022-22405
+ RESERVED
+CVE-2022-22404
+ RESERVED
+CVE-2022-22403
+ RESERVED
+CVE-2022-22402
+ RESERVED
+CVE-2022-22401
+ RESERVED
+CVE-2022-22400
+ RESERVED
+CVE-2022-22399
+ RESERVED
+CVE-2022-22398
+ RESERVED
+CVE-2022-22397
+ RESERVED
+CVE-2022-22396
+ RESERVED
+CVE-2022-22395
+ RESERVED
+CVE-2022-22394
+ RESERVED
+CVE-2022-22393
+ RESERVED
+CVE-2022-22392
+ RESERVED
+CVE-2022-22391
+ RESERVED
+CVE-2022-22390
+ RESERVED
+CVE-2022-22389
+ RESERVED
+CVE-2022-22388
+ RESERVED
+CVE-2022-22387
+ RESERVED
+CVE-2022-22386
+ RESERVED
+CVE-2022-22385
+ RESERVED
+CVE-2022-22384
+ RESERVED
+CVE-2022-22383
+ RESERVED
+CVE-2022-22382
+ RESERVED
+CVE-2022-22381
+ RESERVED
+CVE-2022-22380
+ RESERVED
+CVE-2022-22379
+ RESERVED
+CVE-2022-22378
+ RESERVED
+CVE-2022-22377
+ RESERVED
+CVE-2022-22376
+ RESERVED
+CVE-2022-22375
+ RESERVED
+CVE-2022-22374
+ RESERVED
+CVE-2022-22373
+ RESERVED
+CVE-2022-22372
+ RESERVED
+CVE-2022-22371
+ RESERVED
+CVE-2022-22370
+ RESERVED
+CVE-2022-22369
+ RESERVED
+CVE-2022-22368
+ RESERVED
+CVE-2022-22367
+ RESERVED
+CVE-2022-22366
+ RESERVED
+CVE-2022-22365
+ RESERVED
+CVE-2022-22364
+ RESERVED
+CVE-2022-22363
+ RESERVED
+CVE-2022-22362
+ RESERVED
+CVE-2022-22361
+ RESERVED
+CVE-2022-22360
+ RESERVED
+CVE-2022-22359
+ RESERVED
+CVE-2022-22358
+ RESERVED
+CVE-2022-22357
+ RESERVED
+CVE-2022-22356
+ RESERVED
+CVE-2022-22355
+ RESERVED
+CVE-2022-22354
+ RESERVED
+CVE-2022-22353
+ RESERVED
+CVE-2022-22352
+ RESERVED
+CVE-2022-22351
+ RESERVED
+CVE-2022-22350
+ RESERVED
+CVE-2022-22349
+ RESERVED
+CVE-2022-22348
+ RESERVED
+CVE-2022-22347
+ RESERVED
+CVE-2022-22346
+ RESERVED
+CVE-2022-22345
+ RESERVED
+CVE-2022-22344
+ RESERVED
+CVE-2022-22343
+ RESERVED
+CVE-2022-22342
+ RESERVED
+CVE-2022-22341
+ RESERVED
+CVE-2022-22340
+ RESERVED
+CVE-2022-22339
+ RESERVED
+CVE-2022-22338
+ RESERVED
+CVE-2022-22337
+ RESERVED
+CVE-2022-22336
+ RESERVED
+CVE-2022-22335
+ RESERVED
+CVE-2022-22334
+ RESERVED
+CVE-2022-22333
+ RESERVED
+CVE-2022-22332
+ RESERVED
+CVE-2022-22331
+ RESERVED
+CVE-2022-22330
+ RESERVED
+CVE-2022-22329
+ RESERVED
+CVE-2022-22328
+ RESERVED
+CVE-2022-22327
+ RESERVED
+CVE-2022-22326
+ RESERVED
+CVE-2022-22325
+ RESERVED
+CVE-2022-22324
+ RESERVED
+CVE-2022-22323
+ RESERVED
+CVE-2022-22322
+ RESERVED
+CVE-2022-22321
+ RESERVED
+CVE-2022-22320
+ RESERVED
+CVE-2022-22319
+ RESERVED
+CVE-2022-22318
+ RESERVED
+CVE-2022-22317
+ RESERVED
+CVE-2022-22316
+ RESERVED
+CVE-2022-22315
+ RESERVED
+CVE-2022-22314
+ RESERVED
+CVE-2022-22313
+ RESERVED
+CVE-2022-22312
+ RESERVED
+CVE-2022-22311
+ RESERVED
+CVE-2022-22310 (IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 c ...)
+ NOT-FOR-US: IBM
+CVE-2022-22309
+ RESERVED
+CVE-2022-22308 (IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI ...)
+ TODO: check
+CVE-2022-22307
+ RESERVED
+CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input During Web ...)
+ NOT-FOR-US: KeystoneJS
+CVE-2022-22306
+ RESERVED
+CVE-2022-22305
+ RESERVED
+CVE-2022-22304
+ RESERVED
+CVE-2022-22303
+ RESERVED
+CVE-2022-22302
+ RESERVED
+CVE-2022-22301
+ RESERVED
+CVE-2022-22300
+ RESERVED
+CVE-2022-22299
+ RESERVED
+CVE-2022-22298
+ RESERVED
+CVE-2022-22297
+ RESERVED
+CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...)
+ NOT-FOR-US: Sourcecodester
+CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...)
+ NOT-FOR-US: Metinfo
+CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA&lt;=1.43 which an attack ...)
+ NOT-FOR-US: zfaka
+CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...)
+ NOT-FOR-US: Node uppy
+CVE-2022-0085
+ RESERVED
+CVE-2022-0084
+ RESERVED
+CVE-2022-0083 (livehelperchat is vulnerable to Generation of Error Message Containing ...)
+ NOT-FOR-US: livehelperchat
+CVE-2022-0082
+ RESERVED
+CVE-2022-22293 (admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstra ...)
+ - dolibarr <removed>
+CVE-2022-0081
+ RESERVED
+CVE-2022-0080 (mruby is vulnerable to Heap-based Buffer Overflow ...)
+ - mruby 3.0.0-3
+ [bullseye] - mruby <no-dsa> (Minor issue)
+ [buster] - mruby <no-dsa> (Minor issue)
+ [stretch] - mruby <no-dsa> (Minor issue)
+ NOTE: https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e/
+ NOTE: https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6
+CVE-2022-0079 (showdoc is vulnerable to Generation of Error Message Containing Sensit ...)
+ NOT-FOR-US: ShowDoc
+CVE-2022-0078
+ RESERVED
+CVE-2022-22292 (Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22291 (Logging of excessive data vulnerability in telephony prior to SMR Feb- ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22290 (Incorrect download source UI in Downloads in Samsung Internet prior to ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22289 (Improper access control vulnerability in S Assistant prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22288 (Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22287 (Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22286 (A vulnerability using PendingIntent in Bixby Routines prior to version ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22285 (A vulnerability using PendingIntent in Reminder prior to version 12.2. ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22284 (Improper authentication vulnerability in Samsung Internet prior to 16. ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22283 (Improper session management vulnerability in Samsung Health prior to 6 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22282
+ RESERVED
+CVE-2022-22281
+ RESERVED
+CVE-2022-22280
+ RESERVED
+CVE-2022-22279
+ RESERVED
+CVE-2022-22278
+ RESERVED
+CVE-2022-22277
+ RESERVED
+CVE-2022-22276
+ RESERVED
+CVE-2022-22275
+ RESERVED
+CVE-2022-22274
+ RESERVED
+CVE-2022-22273
+ RESERVED
+CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR Jan-2022 Relea ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22271 (A missing input validation before memory copy in TIMA trustlet prior t ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22270 (An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan- ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22269 (Keeping sensitive data in unprotected BluetoothSettingsProvider prior ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22268 (Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22267 (Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22266 ((Applicable to China models only) Unprotected WifiEvaluationService in ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22265 (An improper check or handling of exceptional conditions in NPU driver ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22264 (Improper sanitization of incoming intent in Dressroom prior to SMR Jan ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22263 (Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Rele ...)
+ NOT-FOR-US: Samsung
+CVE-2022-22262
+ RESERVED
+CVE-2022-0077
+ RESERVED
+CVE-2022-0076
+ RESERVED
+CVE-2022-0075
+ RESERVED
+CVE-2022-0074
+ RESERVED
+CVE-2022-0073
+ RESERVED
+CVE-2022-0072
+ RESERVED
+CVE-2022-0071
+ RESERVED
+CVE-2022-0070
+ RESERVED
+CVE-2022-0069
+ RESERVED
+CVE-2022-0068
+ RESERVED
+CVE-2022-0067
+ RESERVED
+CVE-2022-0066
+ RESERVED
+CVE-2022-0065
+ RESERVED
+CVE-2022-0064
+ RESERVED
+CVE-2022-0063
+ RESERVED
+CVE-2022-0062
+ RESERVED
+CVE-2022-0061
+ RESERVED
+CVE-2022-0060
+ RESERVED
+CVE-2022-0059
+ RESERVED
+CVE-2022-0058
+ RESERVED
+CVE-2022-0057
+ RESERVED
+CVE-2022-0056
+ RESERVED
+CVE-2022-0055
+ RESERVED
+CVE-2022-0054
+ RESERVED
+CVE-2022-0053
+ RESERVED
+CVE-2022-0052
+ RESERVED
+CVE-2022-0051
+ RESERVED
+CVE-2022-0050
+ RESERVED
+CVE-2022-0049
+ RESERVED
+CVE-2022-0048
+ RESERVED
+CVE-2022-0047
+ RESERVED
+CVE-2022-0046
+ RESERVED
+CVE-2022-0045
+ RESERVED
+CVE-2022-0044
+ RESERVED
+CVE-2022-0043
+ RESERVED
+CVE-2022-0042
+ RESERVED
+CVE-2022-0041
+ RESERVED
+CVE-2022-0040
+ RESERVED
+CVE-2022-0039
+ RESERVED
+CVE-2022-0038
+ RESERVED
+CVE-2022-0037
+ RESERVED
+CVE-2022-0036
+ RESERVED
+CVE-2022-0035
+ RESERVED
+CVE-2022-0034
+ RESERVED
+CVE-2022-0033
+ RESERVED
+CVE-2022-0032
+ RESERVED
+CVE-2022-0031
+ RESERVED
+CVE-2022-0030
+ RESERVED
+CVE-2022-0029
+ RESERVED
+CVE-2022-0028
+ RESERVED
+CVE-2022-0027
+ RESERVED
+CVE-2022-0026
+ RESERVED
+CVE-2022-0025
+ RESERVED
+CVE-2022-0024
+ RESERVED
+CVE-2022-0023
+ RESERVED
+CVE-2022-0022
+ RESERVED
+CVE-2022-0021 (An information exposure through log file vulnerability exists in the P ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0020 (A stored cross-site scripting (XSS) vulnerability in Palo Alto Network ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0019 (An insufficiently protected credentials vulnerability exists in the Pa ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0018 (An information exposure vulnerability exists in the Palo Alto Networks ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0017 (An improper link resolution before file access ('link following') vuln ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0016 (An improper handling of exceptional conditions vulnerability exists wi ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0015 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0014 (An untrusted search path vulnerability exists in the Palo Alto Network ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0013 (A file information exposure vulnerability exists in the Palo Alto Netw ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0012 (An improper link resolution before file access vulnerability exists in ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-0011 (PAN-OS software provides options to exclude specific websites from URL ...)
+ NOT-FOR-US: Palo Alto Networks
+CVE-2022-22261
+ RESERVED
+CVE-2022-22260
+ RESERVED
+CVE-2022-22259
+ RESERVED
+CVE-2022-22258
+ RESERVED
+CVE-2022-22257
+ RESERVED
+CVE-2022-22256
+ RESERVED
+CVE-2022-22255
+ RESERVED
+CVE-2022-22254
+ RESERVED
+CVE-2022-22253
+ RESERVED
+CVE-2022-22252
+ RESERVED
+CVE-2022-22251
+ RESERVED
+CVE-2022-22250
+ RESERVED
+CVE-2022-22249
+ RESERVED
+CVE-2022-22248
+ RESERVED
+CVE-2022-22247
+ RESERVED
+CVE-2022-22246
+ RESERVED
+CVE-2022-22245
+ RESERVED
+CVE-2022-22244
+ RESERVED
+CVE-2022-22243
+ RESERVED
+CVE-2022-22242
+ RESERVED
+CVE-2022-22241
+ RESERVED
+CVE-2022-22240
+ RESERVED
+CVE-2022-22239
+ RESERVED
+CVE-2022-22238
+ RESERVED
+CVE-2022-22237
+ RESERVED
+CVE-2022-22236
+ RESERVED
+CVE-2022-22235
+ RESERVED
+CVE-2022-22234
+ RESERVED
+CVE-2022-22233
+ RESERVED
+CVE-2022-22232
+ RESERVED
+CVE-2022-22231
+ RESERVED
+CVE-2022-22230
+ RESERVED
+CVE-2022-22229
+ RESERVED
+CVE-2022-22228
+ RESERVED
+CVE-2022-22227
+ RESERVED
+CVE-2022-22226
+ RESERVED
+CVE-2022-22225
+ RESERVED
+CVE-2022-22224
+ RESERVED
+CVE-2022-22223
+ RESERVED
+CVE-2022-22222
+ RESERVED
+CVE-2022-22221
+ RESERVED
+CVE-2022-22220
+ RESERVED
+CVE-2022-22219
+ RESERVED
+CVE-2022-22218
+ RESERVED
+CVE-2022-22217
+ RESERVED
+CVE-2022-22216
+ RESERVED
+CVE-2022-22215
+ RESERVED
+CVE-2022-22214
+ RESERVED
+CVE-2022-22213
+ RESERVED
+CVE-2022-22212
+ RESERVED
+CVE-2022-22211
+ RESERVED
+CVE-2022-22210
+ RESERVED
+CVE-2022-22209
+ RESERVED
+CVE-2022-22208
+ RESERVED
+CVE-2022-22207
+ RESERVED
+CVE-2022-22206
+ RESERVED
+CVE-2022-22205
+ RESERVED
+CVE-2022-22204
+ RESERVED
+CVE-2022-22203
+ RESERVED
+CVE-2022-22202
+ RESERVED
+CVE-2022-22201
+ RESERVED
+CVE-2022-22200
+ RESERVED
+CVE-2022-22199
+ RESERVED
+CVE-2022-22198
+ RESERVED
+CVE-2022-22197
+ RESERVED
+CVE-2022-22196
+ RESERVED
+CVE-2022-22195
+ RESERVED
+CVE-2022-22194
+ RESERVED
+CVE-2022-22193
+ RESERVED
+CVE-2022-22192
+ RESERVED
+CVE-2022-22191
+ RESERVED
+CVE-2022-22190
+ RESERVED
+CVE-2022-22189
+ RESERVED
+CVE-2022-22188
+ RESERVED
+CVE-2022-22187
+ RESERVED
+CVE-2022-22186
+ RESERVED
+CVE-2022-22185
+ RESERVED
+CVE-2022-22184
+ RESERVED
+CVE-2022-22183
+ RESERVED
+CVE-2022-22182
+ RESERVED
+CVE-2022-22181
+ RESERVED
+CVE-2022-22180 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22179 (A Improper Validation of Specified Index, Position, or Offset in Input ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22178 (A Stack-based Buffer Overflow vulnerability in the flow processing dae ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22177 (A release of illegal memory vulnerability in the snmpd daemon of Junip ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22176 (An Improper Validation of Syntactic Correctness of Input vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22175 (An Improper Locking vulnerability in the SIP ALG of Juniper Networks J ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22174 (A vulnerability in the processing of inbound IPv6 packets in Juniper N ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22173 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22172 (A Missing Release of Memory after Effective Lifetime vulnerability in ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22171 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22170 (A Missing Release of Resource after Effective Lifetime vulnerability i ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22169 (An Improper Initialization vulnerability in the routing protocol daemo ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22168 (An Improper Validation of Specified Type of Input vulnerability in the ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22167 (A traffic classification vulnerability in Juniper Networks Junos OS on ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22166 (An Improper Validation of Specified Quantity in Input vulnerability in ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22165
+ RESERVED
+CVE-2022-22164 (An Improper Initialization vulnerability in Juniper Networks Junos OS ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22163 (An Improper Input Validation vulnerability in the Juniper DHCP daemon ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22162 (A Generation of Error Message Containing Sensitive Information vulnera ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22161 (An Uncontrolled Resource Consumption vulnerability in the kernel of Ju ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22160 (An Unchecked Error Condition vulnerability in the subscriber managemen ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22159 (A vulnerability in the NETISR network queue functionality of Juniper N ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22158
+ RESERVED
+CVE-2022-22157 (A traffic classification vulnerability in Juniper Networks Junos OS on ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22156 (An Improper Certificate Validation weakness in the Juniper Networks Ju ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22155 (An Uncontrolled Resource Consumption vulnerability in the handling of ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22154 (In a Junos Fusion scenario an External Control of Critical State Data ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocation of ...)
+ NOT-FOR-US: Juniper
+CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...)
+ NOT-FOR-US: Juniper
+CVE-2022-21800 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-21215 (This vulnerability could allow an attacker to force the server to crea ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...)
+ NOT-FOR-US: Airspan Networks
+CVE-2022-21155
+ RESERVED
+CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...)
+ NOT-FOR-US: Omron CX-One
+CVE-2022-22136
+ RESERVED
+CVE-2022-22135
+ RESERVED
+CVE-2022-22134
+ RESERVED
+CVE-2022-22133
+ RESERVED
+CVE-2022-22132
+ RESERVED
+CVE-2022-22131
+ RESERVED
+CVE-2022-22130
+ RESERVED
+CVE-2022-22129
+ RESERVED
+CVE-2022-22128
+ RESERVED
+CVE-2022-22127
+ RESERVED
+CVE-2022-22126 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...)
+ NOT-FOR-US: Openmct
+CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
+ NOT-FOR-US: Halo
+CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
+ NOT-FOR-US: Halo
+CVE-2022-22123 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...)
+ NOT-FOR-US: Halo
+CVE-2022-22122
+ REJECTED
+CVE-2022-22121 (In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injectio ...)
+ NOT-FOR-US: NocoDB
+CVE-2022-22120 (In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrep ...)
+ NOT-FOR-US: NocoDB
+CVE-2022-22119
+ RESERVED
+CVE-2022-22118
+ RESERVED
+CVE-2022-22117 (In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted f ...)
+ NOT-FOR-US: Directus
+CVE-2022-22116 (In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to st ...)
+ NOT-FOR-US: Directus
+CVE-2022-22115 (In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Si ...)
+ NOT-FOR-US: Teedy
+CVE-2022-22114 (In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross ...)
+ NOT-FOR-US: Teedy
+CVE-2022-22113 (In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22112 (In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an ap ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22111 (In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22110 (In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requ ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22109 (In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scri ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22108 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22107 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...)
+ NOT-FOR-US: DayByDay CRM
+CVE-2022-22106
+ RESERVED
+CVE-2022-22105
+ RESERVED
+CVE-2022-22104
+ RESERVED
+CVE-2022-22103
+ RESERVED
+CVE-2022-22102
+ RESERVED
+CVE-2022-22101
+ RESERVED
+CVE-2022-22100
+ RESERVED
+CVE-2022-22099
+ RESERVED
+CVE-2022-22098
+ RESERVED
+CVE-2022-22097
+ RESERVED
+CVE-2022-22096
+ RESERVED
+CVE-2022-22095
+ RESERVED
+CVE-2022-22094
+ RESERVED
+CVE-2022-22093
+ RESERVED
+CVE-2022-22092
+ RESERVED
+CVE-2022-22091
+ RESERVED
+CVE-2022-22090
+ RESERVED
+CVE-2022-22089
+ RESERVED
+CVE-2022-22088
+ RESERVED
+CVE-2022-22087
+ RESERVED
+CVE-2022-22086
+ RESERVED
+CVE-2022-22085
+ RESERVED
+CVE-2022-22084
+ RESERVED
+CVE-2022-22083
+ RESERVED
+CVE-2022-22082
+ RESERVED
+CVE-2022-22081
+ RESERVED
+CVE-2022-22080
+ RESERVED
+CVE-2022-22079
+ RESERVED
+CVE-2022-22078
+ RESERVED
+CVE-2022-22077
+ RESERVED
+CVE-2022-22076
+ RESERVED
+CVE-2022-22075
+ RESERVED
+CVE-2022-22074
+ RESERVED
+CVE-2022-22073
+ RESERVED
+CVE-2022-22072
+ RESERVED
+CVE-2022-22071
+ RESERVED
+CVE-2022-22070
+ RESERVED
+CVE-2022-22069
+ RESERVED
+CVE-2022-22068
+ RESERVED
+CVE-2022-22067
+ RESERVED
+CVE-2022-22066
+ RESERVED
+CVE-2022-22065
+ RESERVED
+CVE-2022-22064
+ RESERVED
+CVE-2022-22063
+ RESERVED
+CVE-2022-22062
+ RESERVED
+CVE-2022-22061
+ RESERVED
+CVE-2022-22060
+ RESERVED
+CVE-2022-22059
+ RESERVED
+CVE-2022-22058
+ RESERVED
+CVE-2022-22057
+ RESERVED
+CVE-2022-22056 (The Le-yan dental management system contains a hard-coded credentials ...)
+ NOT-FOR-US: Le-yan dental management system
+CVE-2022-22055 (The Le-yan dental management system contains an SQL-injection vulnerab ...)
+ NOT-FOR-US: Le-yan dental management system
+CVE-2022-22054 (ASUS RT-AX56U&#8217;s login function contains a path traversal vulnera ...)
+ NOT-FOR-US: ASUS
+CVE-2022-22053
+ RESERVED
+CVE-2022-22052
+ RESERVED
+CVE-2022-22051
+ RESERVED
+CVE-2022-22050
+ RESERVED
+CVE-2022-22049
+ RESERVED
+CVE-2022-22048
+ RESERVED
+CVE-2022-22047
+ RESERVED
+CVE-2022-22046
+ RESERVED
+CVE-2022-22045
+ RESERVED
+CVE-2022-22044
+ RESERVED
+CVE-2022-22043
+ RESERVED
+CVE-2022-22042
+ RESERVED
+CVE-2022-22041
+ RESERVED
+CVE-2022-22040
+ RESERVED
+CVE-2022-22039
+ RESERVED
+CVE-2022-22038
+ RESERVED
+CVE-2022-22037
+ RESERVED
+CVE-2022-22036
+ RESERVED
+CVE-2022-22035
+ RESERVED
+CVE-2022-22034
+ RESERVED
+CVE-2022-22033
+ RESERVED
+CVE-2022-22032
+ RESERVED
+CVE-2022-22031
+ RESERVED
+CVE-2022-22030
+ RESERVED
+CVE-2022-22029
+ RESERVED
+CVE-2022-22028
+ RESERVED
+CVE-2022-22027
+ RESERVED
+CVE-2022-22026
+ RESERVED
+CVE-2022-22025
+ RESERVED
+CVE-2022-22024
+ RESERVED
+CVE-2022-22023
+ RESERVED
+CVE-2022-22022
+ RESERVED
+CVE-2022-22021
+ RESERVED
+CVE-2022-22020
+ RESERVED
+CVE-2022-22019
+ RESERVED
+CVE-2022-22018
+ RESERVED
+CVE-2022-22017
+ RESERVED
+CVE-2022-22016
+ RESERVED
+CVE-2022-22015
+ RESERVED
+CVE-2022-22014
+ RESERVED
+CVE-2022-22013
+ RESERVED
+CVE-2022-22012
+ RESERVED
+CVE-2022-22011
+ RESERVED
+CVE-2022-22010
+ RESERVED
+CVE-2022-22009
+ RESERVED
+CVE-2022-22008
+ RESERVED
+CVE-2022-22007
+ RESERVED
+CVE-2022-22006
+ RESERVED
+CVE-2022-22005 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22004 (Microsoft Office ClickToRun Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22003 (Microsoft Office Graphics Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22002 (Windows User Account Profile Picture Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22001 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-22000 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21999 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21998 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21997 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21996 (Win32k Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21995 (Windows Hyper-V Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21994 (Windows DWM Core Library Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21993 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21992 (Windows Mobile Device Management Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21991 (Visual Studio Code Remote Development Extension Remote Code Execution ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21990
+ RESERVED
+CVE-2022-21989 (Windows Kernel Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21988 (Microsoft Office Visio Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21987 (Microsoft SharePoint Server Spoofing Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21986 (.NET Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft .NET
+CVE-2022-21985 (Windows Remote Access Connection Manager Information Disclosure Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21984 (Windows DNS Server Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21983
+ RESERVED
+CVE-2022-21982
+ RESERVED
+CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21980
+ RESERVED
+CVE-2022-21979
+ RESERVED
+CVE-2022-21978
+ RESERVED
+CVE-2022-21977
+ RESERVED
+CVE-2022-21976
+ RESERVED
+CVE-2022-21975
+ RESERVED
+CVE-2022-21974 (Roaming Security Rights Management Services Remote Code Execution Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21973
+ RESERVED
+CVE-2022-21972
+ RESERVED
+CVE-2022-21971 (Windows Runtime Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21970 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21969 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21968 (Microsoft SharePoint Server Security Feature BypassVulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21967
+ RESERVED
+CVE-2022-21966
+ RESERVED
+CVE-2022-21965 (Microsoft Teams Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21964 (Remote Desktop Licensing Diagnoser Information Disclosure Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21963 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21962 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21961 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21960 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21959 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21958 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21957 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21956
+ RESERVED
+CVE-2022-21955
+ RESERVED
+CVE-2022-21954 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21953
+ RESERVED
+CVE-2022-21952
+ RESERVED
+CVE-2022-21951
+ RESERVED
+CVE-2022-21950
+ RESERVED
+CVE-2022-21949
+ RESERVED
+CVE-2022-21948
+ RESERVED
+CVE-2022-21947
+ RESERVED
+CVE-2022-21946
+ RESERVED
+CVE-2022-21945
+ RESERVED
+CVE-2022-21944 (A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd ...)
+ NOT-FOR-US: SUSE packaging issue in watchman
+CVE-2022-21943
+ RESERVED
+CVE-2022-21942
+ RESERVED
+CVE-2022-21941
+ RESERVED
+CVE-2022-21940
+ RESERVED
+CVE-2022-21939
+ RESERVED
+CVE-2022-21938
+ RESERVED
+CVE-2022-21937
+ RESERVED
+CVE-2022-21936
+ RESERVED
+CVE-2022-21935
+ RESERVED
+CVE-2022-21934
+ RESERVED
+CVE-2022-21933 (ASUS VivoMini/Mini PC device has an improper input validation vulnerab ...)
+ NOT-FOR-US: ASUS
+CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21930 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21929 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21928 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21927 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21926 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21925 (Windows BackupKey Remote Protocol Security Feature Bypass Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21924 (Workstation Service Remote Protocol Security Feature Bypass Vulnerabil ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21923
+ RESERVED
+CVE-2022-21922 (Remote Procedure Call Runtime Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21921 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21920 (Windows Kerberos Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21919 (Windows User Profile Service Elevation of Privilege Vulnerability. Thi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21918 (DirectX Graphics Kernel File Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21917 (HEVC Video Extensions Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21916 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21915 (Windows GDI+ Information Disclosure Vulnerability. This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21914 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21913 (Local Security Authority (Domain Policy) Remote Protocol Security Feat ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21912 (DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21911 (.NET Framework Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft .NET
+CVE-2022-21910 (Microsoft Cluster Port Driver Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21909
+ RESERVED
+CVE-2022-21908 (Windows Installer Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21907 (HTTP Protocol Stack Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21906 (Windows Defender Application Control Security Feature Bypass Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21905 (Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21904 (Windows GDI Information Disclosure Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21903 (Windows GDI Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21902 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21901 (Windows Hyper-V Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21900 (Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21899 (Windows Extensible Firmware Interface Security Feature Bypass Vulnerab ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21898 (DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21897 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21896 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21895 (Windows User Profile Service Elevation of Privilege Vulnerability. Thi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21894 (Secure Boot Security Feature Bypass Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21893 (Remote Desktop Protocol Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21892 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21891 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21890 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21889 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21888 (Windows Modern Execution Server Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21887 (Win32k Elevation of Privilege Vulnerability. This CVE ID is unique fro ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21886
+ RESERVED
+CVE-2022-21885 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21884 (Local Security Authority Subsystem Service Elevation of Privilege Vuln ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21883 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21882 (Win32k Elevation of Privilege Vulnerability. This CVE ID is unique fro ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21881 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21880 (Windows GDI+ Information Disclosure Vulnerability. This CVE ID is uniq ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21879 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21878 (Windows Geolocation Service Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21877 (Storage Spaces Controller Information Disclosure Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21876 (Win32k Information Disclosure Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21875 (Windows Storage Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21874 (Windows Security Center API Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21873 (Tile Data Repository Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21872 (Windows Event Tracing Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21871 (Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Priv ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21870 (Tablet Windows User Interface Application Core Elevation of Privilege ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21869 (Clipboard User Service Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21868 (Windows Devices Human Interface Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21867 (Windows Push Notifications Apps Elevation Of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21866 (Windows System Launcher Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21865 (Connected Devices Platform Service Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21864 (Windows UI Immersive Server API Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21863 (Windows StateRepository API Server file Elevation of Privilege Vulnera ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21862 (Windows Application Model Core API Elevation of Privilege Vulnerabilit ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21861 (Task Flow Data Engine Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21860 (Windows AppContracts API Server Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21859 (Windows Accounts Control Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21858 (Windows Bind Filter Driver Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21857 (Active Directory Domain Services Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21856
+ RESERVED
+CVE-2022-21855 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21854
+ RESERVED
+CVE-2022-21853
+ RESERVED
+CVE-2022-21852 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21851 (Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21850 (Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21849 (Windows IKE Extension Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21848 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21847 (Windows Hyper-V Denial of Service Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21846 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21845
+ RESERVED
+CVE-2022-21844 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21843 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21842 (Microsoft Word Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21841 (Microsoft Excel Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21840 (Microsoft Office Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21839 (Windows Event Tracing Discretionary Access Control List Denial of Serv ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21838 (Windows Cleanup Manager Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21837 (Microsoft SharePoint Server Remote Code Execution Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21836 (Windows Certificate Spoofing Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21835 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21834 (Windows User-mode Driver Framework Reflector Driver Elevation of Privi ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-21833 (Virtual Machine IDE Drive Elevation of Privilege Vulnerability. ...)
+ NOT-FOR-US: Microsoft
+CVE-2022-0010
+ RESERVED
+CVE-2022-21832
+ RESERVED
+CVE-2022-21831
+ RESERVED
+CVE-2022-21830
+ RESERVED
+CVE-2022-21829
+ RESERVED
+CVE-2022-21828
+ RESERVED
+CVE-2022-21827
+ RESERVED
+CVE-2022-21826
+ RESERVED
+CVE-2022-21825 (An Improper Access Control vulnerability exists in Citrix Workspace Ap ...)
+ NOT-FOR-US: Citrix
+CVE-2022-21823 (A insecure storage of sensitive information vulnerability exists in Iv ...)
+ NOT-FOR-US: Ivanti
+CVE-2022-21822
+ RESERVED
+CVE-2022-21821
+ RESERVED
+CVE-2022-21820
+ RESERVED
+CVE-2022-21819
+ RESERVED
+CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...)
+ NOT-FOR-US: NVIDIA License System
+CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...)
+ NOT-FOR-US: NVIDIA
+CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...)
+ NOT-FOR-US: NVIDIA vGPU software
+CVE-2022-21815 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...)
+ NOT-FOR-US: NVIDIA GPU Display Driver for Windows
+CVE-2022-21814 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ - nvidia-graphics-drivers 470.103.01-1 (bug #1004847)
+ [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1004848)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1004849)
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-470 470.103.01-1 (bug #1004853)
+ - nvidia-graphics-drivers-tesla-460 <unfixed> (bug #1004852)
+ [bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-450 450.172.01-1 (bug #1004851)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1004850)
+ [bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
+CVE-2022-21813 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...)
+ - nvidia-graphics-drivers 470.103.01-1 (bug #1004847)
+ [bullseye] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1004848)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ [stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia anymore)
+ - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1004849)
+ [bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-470 470.103.01-1 (bug #1004853)
+ - nvidia-graphics-drivers-tesla-460 <unfixed> (bug #1004852)
+ [bullseye] - nvidia-graphics-drivers-tesla-460 <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-450 450.172.01-1 (bug #1004851)
+ [bullseye] - nvidia-graphics-drivers-tesla-450 <no-dsa> (Non-free not supported)
+ - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1004850)
+ [bullseye] - nvidia-graphics-drivers-tesla-418 <no-dsa> (Non-free not supported)
+CVE-2022-21812
+ RESERVED
+CVE-2022-21804
+ RESERVED
+CVE-2022-21794
+ RESERVED
+CVE-2022-21793
+ RESERVED
+CVE-2022-21239
+ RESERVED
+CVE-2022-21229
+ RESERVED
+CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...)
+ NOT-FOR-US: Intel
+CVE-2022-21206
+ RESERVED
+CVE-2022-21188
+ RESERVED
+CVE-2022-21185
+ RESERVED
+CVE-2022-21175
+ RESERVED
+CVE-2022-21171
+ RESERVED
+CVE-2022-21163
+ RESERVED
+CVE-2022-21162
+ RESERVED
+CVE-2022-21161
+ RESERVED
+CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer and Col ...)
+ NOT-FOR-US: Intel
+CVE-2022-21152
+ RESERVED
+CVE-2022-21150
+ RESERVED
+CVE-2022-21148
+ RESERVED
+CVE-2022-21135
+ RESERVED
+CVE-2022-21824 [Prototype pollution via console.table properties]
+ RESERVED
+ - nodejs <unfixed> (bug #1004177)
+ [stretch] - nodejs <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824
+ NOTE: https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e (v12.x)
+CVE-2022-21240
+ RESERVED
+CVE-2022-21237
+ RESERVED
+CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...)
+ NOT-FOR-US: Intel
+CVE-2022-21212
+ RESERVED
+CVE-2022-21197
+ RESERVED
+CVE-2022-21172
+ RESERVED
+CVE-2022-21160
+ RESERVED
+CVE-2022-21140
+ RESERVED
+CVE-2022-21139
+ RESERVED
+CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...)
+ NOT-FOR-US: Intel
+CVE-2022-21792
+ RESERVED
+CVE-2022-21791
+ RESERVED
+CVE-2022-21790
+ RESERVED
+CVE-2022-21789
+ RESERVED
+CVE-2022-21788
+ RESERVED
+CVE-2022-21787
+ RESERVED
+CVE-2022-21786
+ RESERVED
+CVE-2022-21785
+ RESERVED
+CVE-2022-21784
+ RESERVED
+CVE-2022-21783
+ RESERVED
+CVE-2022-21782
+ RESERVED
+CVE-2022-21781
+ RESERVED
+CVE-2022-21780
+ RESERVED
+CVE-2022-21779
+ RESERVED
+CVE-2022-21778
+ RESERVED
+CVE-2022-21777
+ RESERVED
+CVE-2022-21776
+ RESERVED
+CVE-2022-21775
+ RESERVED
+CVE-2022-21774
+ RESERVED
+CVE-2022-21773
+ RESERVED
+CVE-2022-21772
+ RESERVED
+CVE-2022-21771
+ RESERVED
+CVE-2022-21770
+ RESERVED
+CVE-2022-21769
+ RESERVED
+CVE-2022-21768
+ RESERVED
+CVE-2022-21767
+ RESERVED
+CVE-2022-21766
+ RESERVED
+CVE-2022-21765
+ RESERVED
+CVE-2022-21764
+ RESERVED
+CVE-2022-21763
+ RESERVED
+CVE-2022-21762
+ RESERVED
+CVE-2022-21761
+ RESERVED
+CVE-2022-21760
+ RESERVED
+CVE-2022-21759
+ RESERVED
+CVE-2022-21758
+ RESERVED
+CVE-2022-21757
+ RESERVED
+CVE-2022-21756
+ RESERVED
+CVE-2022-21755
+ RESERVED
+CVE-2022-21754
+ RESERVED
+CVE-2022-21753
+ RESERVED
+CVE-2022-21752
+ RESERVED
+CVE-2022-21751
+ RESERVED
+CVE-2022-21750
+ RESERVED
+CVE-2022-21749
+ RESERVED
+CVE-2022-21748
+ RESERVED
+CVE-2022-21747
+ RESERVED
+CVE-2022-21746
+ RESERVED
+CVE-2022-21745
+ RESERVED
+CVE-2022-21744
+ RESERVED
+CVE-2022-21743
+ RESERVED
+CVE-2022-0009
+ RESERVED
+CVE-2022-0008
+ RESERVED
+CVE-2022-0007
+ RESERVED
+CVE-2022-0006
+ RESERVED
+CVE-2022-21742
+ RESERVED
+CVE-2022-21741 (Tensorflow is an Open Source Machine Learning Framework. ### Impact An ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21740 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21739 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21738 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21737 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21736 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21735 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21734 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21733 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21732 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21731 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21730 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21729 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21728 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21727 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21726 (Tensorflow is an Open Source Machine Learning Framework. The implement ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21725 (Tensorflow is an Open Source Machine Learning Framework. The estimator ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was foun ...)
+ - libpgjava 42.3.2-1
+ NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
+ NOTE: https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 (REL42.3.2)
+CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ [stretch] - ring <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
+ NOTE: https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896
+CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...)
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36
+ NOTE: https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a
+CVE-2022-21721 (Next.js is a React framework. Starting with version 12.0.0 and prior t ...)
+ TODO: check
+CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior to vers ...)
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2022-21719 (GLPI is a free asset and IT management software package. All GLPI vers ...)
+ - glpi <removed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
+CVE-2022-21718
+ RESERVED
+CVE-2022-21717
+ RESERVED
+CVE-2022-21716
+ RESERVED
+CVE-2022-21715 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...)
+ - codeigniter <itp> (bug #471583)
+CVE-2022-21714
+ RESERVED
+CVE-2022-21713 (Grafana is an open-source platform for monitoring and observability. A ...)
+ - grafana <removed>
+CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...)
+ {DLA-2927-1}
+ - twisted 22.1.0-1
+ [bullseye] - twisted <no-dsa> (Minor issue)
+ [buster] - twisted <no-dsa> (Minor issue)
+ NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx
+ NOTE: https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 (twisted-22.1.0rc1)
+CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...)
+ NOT-FOR-US: elfspirit
+CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...)
+ NOT-FOR-US: ShortDescription MediaWiki extension
+CVE-2022-21709
+ RESERVED
+CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In version ...)
+ - golang-github-graph-gophers-graphql-go 1.3.0-1
+ NOTE: https://github.com/graph-gophers/graphql-go/commit/eae31ca73eb3473c544710955d1dbebc22605bfe (v1.3.0)
+ NOTE: https://github.com/graph-gophers/graphql-go/security/advisories/GHSA-mh3m-8c74-74xh
+ NOTE: https://github.com/graph-gophers/graphql-go/pull/492
+CVE-2022-21707 (wasmCloud Host Runtime is a server process that securely hosts and pro ...)
+ NOT-FOR-US: wasmCloud Host Runtime
+CVE-2022-21706
+ RESERVED
+CVE-2022-21705
+ RESERVED
+CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected versions defau ...)
+ - node-log4js 6.4.1+~cs8.3.5-1
+ [bullseye] - node-log4js <no-dsa> (Minor issue)
+ [buster] - node-log4js <no-dsa> (Minor issue)
+ [stretch] - node-log4js <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/log4js-node/log4js-node/pull/1141 (v6.4.1)
+ NOTE: https://github.com/log4js-node/streamroller/pull/87
+ NOTE: https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q
+ NOTE: https://github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640
+CVE-2022-21703 (Grafana is an open-source platform for monitoring and observability. A ...)
+ - grafana <removed>
+CVE-2022-21702 (Grafana is an open-source platform for monitoring and observability. I ...)
+ - grafana <removed>
+CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microservices ...)
+ NOT-FOR-US: Istio
+CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...)
+ NOT-FOR-US: Micronaut
+CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive comput ...)
+ {DSA-5065-1 DLA-2896-1}
+ - ipython 7.31.1-1 (bug #1004122)
+ NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x
+ NOTE: Fixed by: https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9
+ NOTE: Testcase: https://github.com/ipython/ipython/commit/56665dfcf7df8690da46aab1278df8e47b14fe3b
+ NOTE: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699
+CVE-2022-21698 (client_golang is the instrumentation library for Go applications in Pr ...)
+ - golang-github-prometheus-client-golang <unfixed>
+ NOTE: https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p
+ NOTE: https://github.com/prometheus/client_golang/pull/962
+ NOTE: https://github.com/prometheus/client_golang/pull/987
+CVE-2022-21697 (Jupyter Server Proxy is a Jupyter notebook server extension to proxy w ...)
+ TODO: check
+CVE-2022-21696 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-68vr-8f46-vc9f
+CVE-2022-21695 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4
+CVE-2022-21694 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h
+ NOTE: https://github.com/onionshare/onionshare/issues/1389
+CVE-2022-21693 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jgm9-xpfj-4fq6
+CVE-2022-21692 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v
+CVE-2022-21691 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-w9m4-7w72-r766
+CVE-2022-21690 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-ch22-x2v3-v6vq
+CVE-2022-21689 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jh82-c5jw-pxpc
+CVE-2022-21688 (OnionShare is an open source tool that lets you securely and anonymous ...)
+ - onionshare <unfixed>
+ NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v
+CVE-2022-21687 (gh-ost is a triggerless online schema migration solution for MySQL. Ve ...)
+ NOT-FOR-US: GitHub Online Schema
+CVE-2022-21686 (PrestaShop is an Open Source e-commerce platform. Starting with versio ...)
+ NOT-FOR-US: PrestaShop
+CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...)
+ TODO: check
+CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...)
+ NOT-FOR-US: Discourse
+CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...)
+ NOT-FOR-US: Wagtail
+CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework. ...)
+ {DSA-5049-1}
+ - flatpak 1.12.3-1
+ [buster] - flatpak <ignored> (Intrusive and risky to backport)
+ [stretch] - flatpak <ignored> (Intrusive and risky to backport)
+ NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
+ NOTE: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a
+ NOTE: Documentation: https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa
+ NOTE: 1.12.4 added further changes to avoid regressions for some workflows
+CVE-2022-21681 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...)
+ - node-marked 4.0.12+ds+~4.0.1-1
+ [bullseye] - node-marked <no-dsa> (Minor issue)
+ [buster] - node-marked <no-dsa> (Minor issue)
+ [stretch] - node-marked <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj
+ NOTE: https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5
+ NOTE: https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 (4.0.10)
+ NOTE: https://github.com/markedjs/marked/releases/tag/v4.0.10
+CVE-2022-21680 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...)
+ - node-marked 4.0.12+ds+~4.0.1-1
+ [bullseye] - node-marked <no-dsa> (Minor issue)
+ [buster] - node-marked <no-dsa> (Minor issue)
+ [stretch] - node-marked <end-of-life> (Nodejs in stretch not covered by security support)
+ NOTE: https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 (4.0.10)
+ NOTE: https://github.com/markedjs/marked/releases/tag/v4.0.10
+ NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf
+CVE-2022-21679 (Istio is an open platform to connect, manage, and secure microservices ...)
+ NOT-FOR-US: Istio
+CVE-2022-21678 (Discourse is an open source discussion platform. Prior to version 2.8. ...)
+ NOT-FOR-US: Discourse
+CVE-2022-21677 (Discourse is an open source discussion platform. Discourse groups can ...)
+ NOT-FOR-US: Discourse
+CVE-2022-21676 (Engine.IO is the implementation of transport-based cross-browser/cross ...)
+ NOT-FOR-US: Engine.IO
+CVE-2022-21675 (Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Ver ...)
+ NOT-FOR-US: Bytecode Viewer
+CVE-2022-21674
+ RESERVED
+CVE-2022-21673 (Grafana is an open-source platform for monitoring and observability. I ...)
+ - grafana <removed>
+CVE-2022-21672 (make-ca is a utility to deliver and manage a complete PKI configuratio ...)
+ TODO: check
+CVE-2022-21671 (@replit/crosis is a JavaScript client that speaks Replit's container p ...)
+ NOT-FOR-US: crosis
+CVE-2022-21670 (markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...)
+ - node-markdown-it 10.0.0+dfsg-6
+ [bullseye] - node-markdown-it <no-dsa> (Minor issue)
+ NOTE: https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c
+ NOTE: https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101 (12.3.2)
+CVE-2022-21669 (PuddingBot is a group management bot. In version 0.0.6-b933652 and pri ...)
+ NOT-FOR-US: PuddingBot
+CVE-2022-21668 (pipenv is a Python development workflow tool. Starting with version 20 ...)
+ - pipenv <not-affected> (Vulnerable code not uploaded)
+ NOTE: https://github.com/pypa/pipenv/security/advisories/GHSA-qc9x-gjcv-465w
+ NOTE: https://github.com/pypa/pipenv/releases/tag/v2022.1.8
+ NOTE: https://github.com/pypa/pipenv/pull/4899 (v2022.1.8)
+ NOTE: Introduced by: https://github.com/pypa/pipenv/commit/742988169333ba14a4b2b6f527a604d6f0bc9e09 (v2018.10.9)
+ NOTE: Fixed by: https://github.com/pypa/pipenv/commit/167909839a95ef5aa379fe12d4564b2b829cc175 (v2022.1.8)
+CVE-2022-21667 (soketi is an open-source WebSockets server. There is an unhandled case ...)
+ NOT-FOR-US: soketi
+CVE-2022-21666 (Useful Simple Open-Source CMS (USOC) is a content management system (C ...)
+ NOT-FOR-US: Useful Simple Open-Source CMS (USOC)
+CVE-2022-21665
+ RESERVED
+CVE-2022-21664 (WordPress is a free and open-source content management system written ...)
+ {DSA-5039-1 DLA-2884-1}
+ - wordpress 5.8.3+dfsg1-1 (bug #1003243)
+ NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957
+CVE-2022-21663 (WordPress is a free and open-source content management system written ...)
+ {DSA-5039-1 DLA-2884-1}
+ - wordpress 5.8.3+dfsg1-1 (bug #1003243)
+ NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h
+ NOTE: https://hackerone.com/reports/541469
+CVE-2022-21662 (WordPress is a free and open-source content management system written ...)
+ {DSA-5039-1 DLA-2884-1}
+ - wordpress 5.8.3+dfsg1-1 (bug #1003243)
+ NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w
+ NOTE: https://hackerone.com/reports/425342
+CVE-2022-21661 (WordPress is a free and open-source content management system written ...)
+ {DSA-5039-1 DLA-2884-1}
+ - wordpress 5.8.3+dfsg1-1 (bug #1003243)
+ NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/
+ NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84
+ NOTE: https://github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214
+ NOTE: https://hackerone.com/reports/1378209
+ NOTE: https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
+CVE-2022-21660 (Gin-vue-admin is a backstage management system based on vue and gin. I ...)
+ NOT-FOR-US: Gin-vue-admin
+CVE-2022-21659 (Flask-AppBuilder is an application development framework, built on top ...)
+ - flask-appbuilder <itp> (bug #998029)
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/pull/1775
+ NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/e2b744c258ff62ece9d5ac7172c3b4644ff4c2fe (3.4.4)
+CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...)
+ - rustc <unfixed>
+ [bullseye] - rustc <no-dsa> (Minor issue)
+ [buster] - rustc <no-dsa> (Minor issue)
+ [stretch] - rustc <no-dsa> (Minor issue)
+ NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1
+CVE-2022-21657
+ RESERVED
+CVE-2022-21656
+ RESERVED
+CVE-2022-21655
+ RESERVED
+CVE-2022-21654
+ RESERVED
+CVE-2022-21653 (Jawn is an open source JSON parser. Extenders of the `org.typelevel.ja ...)
+ - jawn <not-affected> (Vulnerable code not uploaded)
+ NOTE: https://github.com/typelevel/jawn/pull/390
+ NOTE: https://github.com/typelevel/jawn/commit/e5ddb114ed5d45ee0a605da06a280207bf9f9f58 (1.3.2)
+ NOTE: https://github.com/typelevel/jawn/commit/0707e2569f43ff6195f90cc0dfc2d0ca79b51dd1 (1.3.2)
+CVE-2022-21652 (Shopware is an open source e-commerce software platform. In affected v ...)
+ NOT-FOR-US: Shopware
+CVE-2022-21651 (Shopware is an open source e-commerce software platform. An open redir ...)
+ NOT-FOR-US: Shopware
+CVE-2022-21650 (Convos is an open source multi-user chat that runs in a web browser. Y ...)
+ NOT-FOR-US: Convos
+CVE-2022-21649 (Convos is an open source multi-user chat that runs in a web browser. C ...)
+ NOT-FOR-US: Convos
+CVE-2022-21648 (Latte is an open source template engine for PHP. Versions since 2.8.0 ...)
+ - php-nette <removed>
+ [stretch] - php-nette <not-affected> (Sandbox first appeared in Latte 2.8.0 so older versions are not affected.)
+ NOTE: https://github.com/nette/latte/security/advisories/GHSA-36m2-8rhx-f36j
+ NOTE: https://github.com/nette/latte/commit/9e1b4f7d70f7a9c3fa6753ffa7d7e450a3d4abb0
+CVE-2022-21647 (CodeIgniter is an open source PHP full-stack web framework. Deserializ ...)
+ - codeigniter <itp> (bug #471583)
+CVE-2022-21646 (SpiceDB is a database system for managing security-critical applicatio ...)
+ TODO: check
+CVE-2022-21645
+ RESERVED
+CVE-2022-21644 (USOC is an open source CMS with a focus on simplicity. In affected ver ...)
+ NOT-FOR-US: USOC
+CVE-2022-21643 (USOC is an open source CMS with a focus on simplicity. In affected ver ...)
+ NOT-FOR-US: USOC
+CVE-2022-21642 (Discourse is an open source platform for community discussion. In affe ...)
+ NOT-FOR-US: Discourse
+CVE-2022-21641
+ RESERVED
+CVE-2022-21640
+ RESERVED
+CVE-2022-21639
+ RESERVED
+CVE-2022-21638
+ RESERVED
+CVE-2022-21637
+ RESERVED
+CVE-2022-21636
+ RESERVED
+CVE-2022-21635
+ RESERVED
+CVE-2022-21634
+ RESERVED
+CVE-2022-21633
+ RESERVED
+CVE-2022-21632
+ RESERVED
+CVE-2022-21631
+ RESERVED
+CVE-2022-21630
+ RESERVED
+CVE-2022-21629
+ RESERVED
+CVE-2022-21628
+ RESERVED
+CVE-2022-21627
+ RESERVED
+CVE-2022-21626
+ RESERVED
+CVE-2022-21625
+ RESERVED
+CVE-2022-21624
+ RESERVED
+CVE-2022-21623
+ RESERVED
+CVE-2022-21622
+ RESERVED
+CVE-2022-21621
+ RESERVED
+CVE-2022-21620
+ RESERVED
+CVE-2022-21619
+ RESERVED
+CVE-2022-21618
+ RESERVED
+CVE-2022-21617
+ RESERVED
+CVE-2022-21616
+ RESERVED
+CVE-2022-21615
+ RESERVED
+CVE-2022-21614
+ RESERVED
+CVE-2022-21613
+ RESERVED
+CVE-2022-21612
+ RESERVED
+CVE-2022-21611
+ RESERVED
+CVE-2022-21610
+ RESERVED
+CVE-2022-21609
+ RESERVED
+CVE-2022-21608
+ RESERVED
+CVE-2022-21607
+ RESERVED
+CVE-2022-21606
+ RESERVED
+CVE-2022-21605
+ RESERVED
+CVE-2022-21604
+ RESERVED
+CVE-2022-21603
+ RESERVED
+CVE-2022-21602
+ RESERVED
+CVE-2022-21601
+ RESERVED
+CVE-2022-21600
+ RESERVED
+CVE-2022-21599
+ RESERVED
+CVE-2022-21598
+ RESERVED
+CVE-2022-21597
+ RESERVED
+CVE-2022-21596
+ RESERVED
+CVE-2022-21595
+ RESERVED
+CVE-2022-21594
+ RESERVED
+CVE-2022-21593
+ RESERVED
+CVE-2022-21592
+ RESERVED
+CVE-2022-21591
+ RESERVED
+CVE-2022-21590
+ RESERVED
+CVE-2022-21589
+ RESERVED
+CVE-2022-21588
+ RESERVED
+CVE-2022-21587
+ RESERVED
+CVE-2022-21586
+ RESERVED
+CVE-2022-21585
+ RESERVED
+CVE-2022-21584
+ RESERVED
+CVE-2022-21583
+ RESERVED
+CVE-2022-21582
+ RESERVED
+CVE-2022-21581
+ RESERVED
+CVE-2022-21580
+ RESERVED
+CVE-2022-21579
+ RESERVED
+CVE-2022-21578
+ RESERVED
+CVE-2022-21577
+ RESERVED
+CVE-2022-21576
+ RESERVED
+CVE-2022-21575
+ RESERVED
+CVE-2022-21574
+ RESERVED
+CVE-2022-21573
+ RESERVED
+CVE-2022-21572
+ RESERVED
+CVE-2022-21571
+ RESERVED
+CVE-2022-21570
+ RESERVED
+CVE-2022-21569
+ RESERVED
+CVE-2022-21568
+ RESERVED
+CVE-2022-21567
+ RESERVED
+CVE-2022-21566
+ RESERVED
+CVE-2022-21565
+ RESERVED
+CVE-2022-21564
+ RESERVED
+CVE-2022-21563
+ RESERVED
+CVE-2022-21562
+ RESERVED
+CVE-2022-21561
+ RESERVED
+CVE-2022-21560
+ RESERVED
+CVE-2022-21559
+ RESERVED
+CVE-2022-21558
+ RESERVED
+CVE-2022-21557
+ RESERVED
+CVE-2022-21556
+ RESERVED
+CVE-2022-21555
+ RESERVED
+CVE-2022-21554
+ RESERVED
+CVE-2022-21553
+ RESERVED
+CVE-2022-21552
+ RESERVED
+CVE-2022-21551
+ RESERVED
+CVE-2022-21550
+ RESERVED
+CVE-2022-21549
+ RESERVED
+CVE-2022-21548
+ RESERVED
+CVE-2022-21547
+ RESERVED
+CVE-2022-21546
+ RESERVED
+CVE-2022-21545
+ RESERVED
+CVE-2022-21544
+ RESERVED
+CVE-2022-21543
+ RESERVED
+CVE-2022-21542
+ RESERVED
+CVE-2022-21541
+ RESERVED
+CVE-2022-21540
+ RESERVED
+CVE-2022-21539
+ RESERVED
+CVE-2022-21538
+ RESERVED
+CVE-2022-21537
+ RESERVED
+CVE-2022-21536
+ RESERVED
+CVE-2022-21535
+ RESERVED
+CVE-2022-21534
+ RESERVED
+CVE-2022-21533
+ RESERVED
+CVE-2022-21532
+ RESERVED
+CVE-2022-21531
+ RESERVED
+CVE-2022-21530
+ RESERVED
+CVE-2022-21529
+ RESERVED
+CVE-2022-21528
+ RESERVED
+CVE-2022-21527
+ RESERVED
+CVE-2022-21526
+ RESERVED
+CVE-2022-21525
+ RESERVED
+CVE-2022-21524
+ RESERVED
+CVE-2022-21523
+ RESERVED
+CVE-2022-21522
+ RESERVED
+CVE-2022-21521
+ RESERVED
+CVE-2022-21520
+ RESERVED
+CVE-2022-21519
+ RESERVED
+CVE-2022-21518
+ RESERVED
+CVE-2022-21517
+ RESERVED
+CVE-2022-21516
+ RESERVED
+CVE-2022-21515
+ RESERVED
+CVE-2022-21514
+ RESERVED
+CVE-2022-21513
+ RESERVED
+CVE-2022-21512
+ RESERVED
+CVE-2022-21511
+ RESERVED
+CVE-2022-21510
+ RESERVED
+CVE-2022-21509
+ RESERVED
+CVE-2022-21508
+ RESERVED
+CVE-2022-21507
+ RESERVED
+CVE-2022-21506
+ RESERVED
+CVE-2022-21505
+ RESERVED
+CVE-2022-21504
+ RESERVED
+CVE-2022-21503
+ RESERVED
+CVE-2022-21502
+ RESERVED
+CVE-2022-21501
+ RESERVED
+CVE-2022-21500
+ RESERVED
+CVE-2022-21499
+ RESERVED
+CVE-2022-21498
+ RESERVED
+CVE-2022-21497
+ RESERVED
+CVE-2022-21496
+ RESERVED
+CVE-2022-21495
+ RESERVED
+CVE-2022-21494
+ RESERVED
+CVE-2022-21493
+ RESERVED
+CVE-2022-21492
+ RESERVED
+CVE-2022-21491
+ RESERVED
+CVE-2022-21490
+ RESERVED
+CVE-2022-21489
+ RESERVED
+CVE-2022-21488
+ RESERVED
+CVE-2022-21487
+ RESERVED
+CVE-2022-21486
+ RESERVED
+CVE-2022-21485
+ RESERVED
+CVE-2022-21484
+ RESERVED
+CVE-2022-21483
+ RESERVED
+CVE-2022-21482
+ RESERVED
+CVE-2022-21481
+ RESERVED
+CVE-2022-21480
+ RESERVED
+CVE-2022-21479
+ RESERVED
+CVE-2022-21478
+ RESERVED
+CVE-2022-21477
+ RESERVED
+CVE-2022-21476
+ RESERVED
+CVE-2022-21475
+ RESERVED
+CVE-2022-21474
+ RESERVED
+CVE-2022-21473
+ RESERVED
+CVE-2022-21472
+ RESERVED
+CVE-2022-21471
+ RESERVED
+CVE-2022-21470
+ RESERVED
+CVE-2022-21469
+ RESERVED
+CVE-2022-21468
+ RESERVED
+CVE-2022-21467
+ RESERVED
+CVE-2022-21466
+ RESERVED
+CVE-2022-21465
+ RESERVED
+CVE-2022-21464
+ RESERVED
+CVE-2022-21463
+ RESERVED
+CVE-2022-21462
+ RESERVED
+CVE-2022-21461
+ RESERVED
+CVE-2022-21460
+ RESERVED
+CVE-2022-21459
+ RESERVED
+CVE-2022-21458
+ RESERVED
+CVE-2022-21457
+ RESERVED
+CVE-2022-21456
+ RESERVED
+CVE-2022-21455
+ RESERVED
+CVE-2022-21454
+ RESERVED
+CVE-2022-21453
+ RESERVED
+CVE-2022-21452
+ RESERVED
+CVE-2022-21451
+ RESERVED
+CVE-2022-21450
+ RESERVED
+CVE-2022-21449
+ RESERVED
+CVE-2022-21448
+ RESERVED
+CVE-2022-21447
+ RESERVED
+CVE-2022-21446
+ RESERVED
+CVE-2022-21445
+ RESERVED
+CVE-2022-21444
+ RESERVED
+CVE-2022-21443
+ RESERVED
+CVE-2022-21442
+ RESERVED
+CVE-2022-21441
+ RESERVED
+CVE-2022-21440
+ RESERVED
+CVE-2022-21439
+ RESERVED
+CVE-2022-21438
+ RESERVED
+CVE-2022-21437
+ RESERVED
+CVE-2022-21436
+ RESERVED
+CVE-2022-21435
+ RESERVED
+CVE-2022-21434
+ RESERVED
+CVE-2022-21433
+ RESERVED
+CVE-2022-21432
+ RESERVED
+CVE-2022-21431
+ RESERVED
+CVE-2022-21430
+ RESERVED
+CVE-2022-21429
+ RESERVED
+CVE-2022-21428
+ RESERVED
+CVE-2022-21427
+ RESERVED
+CVE-2022-21426
+ RESERVED
+CVE-2022-21425
+ RESERVED
+CVE-2022-21424
+ RESERVED
+CVE-2022-21423
+ RESERVED
+CVE-2022-21422
+ RESERVED
+CVE-2022-21421
+ RESERVED
+CVE-2022-21420
+ RESERVED
+CVE-2022-21419
+ RESERVED
+CVE-2022-21418
+ RESERVED
+CVE-2022-21417
+ RESERVED
+CVE-2022-21416
+ RESERVED
+CVE-2022-21415
+ RESERVED
+CVE-2022-21414
+ RESERVED
+CVE-2022-21413
+ RESERVED
+CVE-2022-21412
+ RESERVED
+CVE-2022-21411
+ RESERVED
+CVE-2022-21410
+ RESERVED
+CVE-2022-21409
+ RESERVED
+CVE-2022-21408
+ RESERVED
+CVE-2022-21407
+ RESERVED
+CVE-2022-21406
+ RESERVED
+CVE-2022-21405
+ RESERVED
+CVE-2022-21404
+ RESERVED
+CVE-2022-21403 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21402 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21401 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21400 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21399 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21398 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21397 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21396 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21395 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21394 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.32-dfsg-1
+CVE-2022-21393 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21392 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21391 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21390 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21389 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21388 (Vulnerability in the Oracle Communications Pricing Design Center produ ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21387 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21386 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21385
+ RESERVED
+CVE-2022-21384
+ RESERVED
+CVE-2022-21383 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21382 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21381 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21380 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21379 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21378 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21377 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21376 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21375 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21374 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21373 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21372 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21371 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21370 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21369 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21368 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21367 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2022-21366 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1}
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21365 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21364 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21363 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21362 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21361 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21360 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21359 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21358 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21357 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21356 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21355 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21354 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21353 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21352 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21351 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21350 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21349 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DLA-2917-1}
+ - openjdk-8 <unfixed>
+CVE-2022-21348 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21347 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21346 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21345 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21344 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2022-21343
+ RESERVED
+CVE-2022-21342 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21341 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21340 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21339 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21338 (Vulnerability in the Oracle Communications Convergence product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21337 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21336 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21335 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21334 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21333 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21332 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21331 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21330 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21329 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21328 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21327 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21326 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21325 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21324 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21323 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21322 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21321 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21320 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21319 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21318 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21317 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21316 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21315 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21314 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21313 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21312 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21311 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21310 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21309 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21308 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21307 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21306 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21305 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21304 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2022-21303 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2022-21302 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21301 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21300 (Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack prod ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21299 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21298 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21297 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21296 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21295 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox <not-affected> (Windows-specific)
+CVE-2022-21294 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21293 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21292 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21291 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1}
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21290 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21289 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21288 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21287 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21286 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21285 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21284 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21283 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21282 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21281 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21280 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21279 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ NOT-FOR-US: MySQL Cluster
+CVE-2022-21278 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21277 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1}
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21276 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21275 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21274 (Vulnerability in the Oracle Sourcing product of Oracle E-Business Suit ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21273 (Vulnerability in the Oracle Project Costing product of Oracle E-Busine ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21272 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21271 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ - openjdk-8 <not-affected> (Seems specific to Oracle Java)
+ - openjdk-11 <not-affected> (Seems specific to Oracle Java)
+CVE-2022-21270 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2022-21269 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21268 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21267 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21266 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21265 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21264 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21263 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21262 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21261 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21260 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21259 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21258 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21257 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21256 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21255 (Vulnerability in the Oracle Configurator product of Oracle E-Business ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21254 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21253 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21252 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21251 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21250 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21249 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed>
+CVE-2022-21248 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
+ {DSA-5058-1 DSA-5057-1 DLA-2917-1}
+ - openjdk-8 <unfixed>
+ - openjdk-11 11.0.14+9-1
+ - openjdk-17 17.0.2+8-1
+CVE-2022-21247 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21246 (Vulnerability in the Oracle Communications Operations Monitor product ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21245 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <removed>
+ - mysql-8.0 <unfixed>
+CVE-2022-21244 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21243 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21242 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2022-21216
+ RESERVED
+CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before ...)
+ NOT-FOR-US: Intel
+CVE-2022-21200
+ RESERVED
+CVE-2022-21174 (Improper access control in a third-party component of Intel(R) Quartus ...)
+ NOT-FOR-US: Intel
+CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android applicati ...)
+ NOT-FOR-US: Intel
+CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit Android ...)
+ NOT-FOR-US: Intel
+CVE-2022-21151
+ RESERVED
+CVE-2022-21138
+ RESERVED
+CVE-2022-21136
+ RESERVED
+CVE-2022-21131
+ RESERVED
+CVE-2022-21220 (Improper restriction of XML external entity for Intel(R) Quartus(R) Pr ...)
+ NOT-FOR-US: Intel
+CVE-2022-21207
+ RESERVED
+CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Builder P ...)
+ NOT-FOR-US: Intel
+CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...)
+ NOT-FOR-US: Intel
+CVE-2022-21181
+ RESERVED
+CVE-2022-21180
+ RESERVED
+CVE-2022-21166
+ RESERVED
+CVE-2022-21127
+ RESERVED
+CVE-2022-21125
+ RESERVED
+CVE-2022-21123
+ RESERVED
+CVE-2022-21121
+ RESERVED
+CVE-2022-21120
+ RESERVED
+CVE-2022-21119
+ RESERVED
+CVE-2022-21118
+ RESERVED
+CVE-2022-21117
+ RESERVED
+CVE-2022-21116
+ RESERVED
+CVE-2022-21115
+ RESERVED
+CVE-2022-21114
+ RESERVED
+CVE-2022-21113
+ RESERVED
+CVE-2022-21112
+ RESERVED
+CVE-2022-21111
+ RESERVED
+CVE-2022-21110
+ RESERVED
+CVE-2022-21109
+ RESERVED
+CVE-2022-21108
+ RESERVED
+CVE-2022-21107
+ RESERVED
+CVE-2022-21106
+ RESERVED
+CVE-2022-21105
+ RESERVED
+CVE-2022-21104
+ RESERVED
+CVE-2022-21103
+ RESERVED
+CVE-2022-21102
+ RESERVED
+CVE-2022-21101
+ RESERVED
+CVE-2022-21100
+ RESERVED
+CVE-2022-21099
+ RESERVED
+CVE-2022-21098
+ RESERVED
+CVE-2022-21097
+ RESERVED
+CVE-2022-21096
+ RESERVED
+CVE-2022-21095
+ RESERVED
+CVE-2022-21094
+ RESERVED
+CVE-2022-21093
+ RESERVED
+CVE-2022-21092
+ RESERVED
+CVE-2022-21091
+ RESERVED
+CVE-2022-21090
+ RESERVED
+CVE-2022-21089
+ RESERVED
+CVE-2022-21088
+ RESERVED
+CVE-2022-21087
+ RESERVED
+CVE-2022-21086
+ RESERVED
+CVE-2022-21085
+ RESERVED
+CVE-2022-21084
+ RESERVED
+CVE-2022-21083
+ RESERVED
+CVE-2022-21082
+ RESERVED
+CVE-2022-21081
+ RESERVED
+CVE-2022-21080
+ RESERVED
+CVE-2022-21079
+ RESERVED
+CVE-2022-21078
+ RESERVED
+CVE-2022-21077
+ RESERVED
+CVE-2022-21076
+ RESERVED
+CVE-2022-21075
+ RESERVED
+CVE-2022-21074
+ RESERVED
+CVE-2022-21073
+ RESERVED
+CVE-2022-21072
+ RESERVED
+CVE-2022-21071
+ RESERVED
+CVE-2022-21070
+ RESERVED
+CVE-2022-21069
+ RESERVED
+CVE-2022-21068
+ RESERVED
+CVE-2022-21067
+ RESERVED
+CVE-2022-21066
+ RESERVED
+CVE-2022-21065
+ RESERVED
+CVE-2022-21064
+ RESERVED
+CVE-2022-21063
+ RESERVED
+CVE-2022-21062
+ RESERVED
+CVE-2022-21061
+ RESERVED
+CVE-2022-21060
+ RESERVED
+CVE-2022-21059
+ RESERVED
+CVE-2022-21058
+ RESERVED
+CVE-2022-21057
+ RESERVED
+CVE-2022-21056
+ RESERVED
+CVE-2022-21055
+ RESERVED
+CVE-2022-21054
+ RESERVED
+CVE-2022-21053
+ RESERVED
+CVE-2022-21052
+ RESERVED
+CVE-2022-21051
+ RESERVED
+CVE-2022-21050
+ RESERVED
+CVE-2022-21049
+ RESERVED
+CVE-2022-21048
+ RESERVED
+CVE-2022-21047
+ RESERVED
+CVE-2022-21046
+ RESERVED
+CVE-2022-21045
+ RESERVED
+CVE-2022-21044
+ RESERVED
+CVE-2022-21043
+ RESERVED
+CVE-2022-21042
+ RESERVED
+CVE-2022-21041
+ RESERVED
+CVE-2022-21040
+ RESERVED
+CVE-2022-21039
+ RESERVED
+CVE-2022-21038
+ RESERVED
+CVE-2022-21037
+ RESERVED
+CVE-2022-21036
+ RESERVED
+CVE-2022-21035
+ RESERVED
+CVE-2022-21034
+ RESERVED
+CVE-2022-21033
+ RESERVED
+CVE-2022-21032
+ RESERVED
+CVE-2022-21031
+ RESERVED
+CVE-2022-21030
+ RESERVED
+CVE-2022-21029
+ RESERVED
+CVE-2022-21028
+ RESERVED
+CVE-2022-21027
+ RESERVED
+CVE-2022-21026
+ RESERVED
+CVE-2022-21025
+ RESERVED
+CVE-2022-21024
+ RESERVED
+CVE-2022-21023
+ RESERVED
+CVE-2022-21022
+ RESERVED
+CVE-2022-21021
+ RESERVED
+CVE-2022-21020
+ RESERVED
+CVE-2022-21019
+ RESERVED
+CVE-2022-21018
+ RESERVED
+CVE-2022-21017
+ RESERVED
+CVE-2022-21016
+ RESERVED
+CVE-2022-21015
+ RESERVED
+CVE-2022-21014
+ RESERVED
+CVE-2022-21013
+ RESERVED
+CVE-2022-21012
+ RESERVED
+CVE-2022-21011
+ RESERVED
+CVE-2022-21010
+ RESERVED
+CVE-2022-21009
+ RESERVED
+CVE-2022-21008
+ RESERVED
+CVE-2022-21007
+ RESERVED
+CVE-2022-21006
+ RESERVED
+CVE-2022-21005
+ RESERVED
+CVE-2022-21004
+ RESERVED
+CVE-2022-21003
+ RESERVED
+CVE-2022-21002
+ RESERVED
+CVE-2022-21001
+ RESERVED
+CVE-2022-21000
+ RESERVED
+CVE-2022-20999
+ RESERVED
+CVE-2022-20998
+ RESERVED
+CVE-2022-20997
+ RESERVED
+CVE-2022-20996
+ RESERVED
+CVE-2022-20995
+ RESERVED
+CVE-2022-20994
+ RESERVED
+CVE-2022-20993
+ RESERVED
+CVE-2022-20992
+ RESERVED
+CVE-2022-20991
+ RESERVED
+CVE-2022-20990
+ RESERVED
+CVE-2022-20989
+ RESERVED
+CVE-2022-20988
+ RESERVED
+CVE-2022-20987
+ RESERVED
+CVE-2022-20986
+ RESERVED
+CVE-2022-20985
+ RESERVED
+CVE-2022-20984
+ RESERVED
+CVE-2022-20983
+ RESERVED
+CVE-2022-20982
+ RESERVED
+CVE-2022-20981
+ RESERVED
+CVE-2022-20980
+ RESERVED
+CVE-2022-20979
+ RESERVED
+CVE-2022-20978
+ RESERVED
+CVE-2022-20977
+ RESERVED
+CVE-2022-20976
+ RESERVED
+CVE-2022-20975
+ RESERVED
+CVE-2022-20974
+ RESERVED
+CVE-2022-20973
+ RESERVED
+CVE-2022-20972
+ RESERVED
+CVE-2022-20971
+ RESERVED
+CVE-2022-20970
+ RESERVED
+CVE-2022-20969
+ RESERVED
+CVE-2022-20968
+ RESERVED
+CVE-2022-20967
+ RESERVED
+CVE-2022-20966
+ RESERVED
+CVE-2022-20965
+ RESERVED
+CVE-2022-20964
+ RESERVED
+CVE-2022-20963
+ RESERVED
+CVE-2022-20962
+ RESERVED
+CVE-2022-20961
+ RESERVED
+CVE-2022-20960
+ RESERVED
+CVE-2022-20959
+ RESERVED
+CVE-2022-20958
+ RESERVED
+CVE-2022-20957
+ RESERVED
+CVE-2022-20956
+ RESERVED
+CVE-2022-20955
+ RESERVED
+CVE-2022-20954
+ RESERVED
+CVE-2022-20953
+ RESERVED
+CVE-2022-20952
+ RESERVED
+CVE-2022-20951
+ RESERVED
+CVE-2022-20950
+ RESERVED
+CVE-2022-20949
+ RESERVED
+CVE-2022-20948
+ RESERVED
+CVE-2022-20947
+ RESERVED
+CVE-2022-20946
+ RESERVED
+CVE-2022-20945
+ RESERVED
+CVE-2022-20944
+ RESERVED
+CVE-2022-20943
+ RESERVED
+CVE-2022-20942
+ RESERVED
+CVE-2022-20941
+ RESERVED
+CVE-2022-20940
+ RESERVED
+CVE-2022-20939
+ RESERVED
+CVE-2022-20938
+ RESERVED
+CVE-2022-20937
+ RESERVED
+CVE-2022-20936
+ RESERVED
+CVE-2022-20935
+ RESERVED
+CVE-2022-20934
+ RESERVED
+CVE-2022-20933
+ RESERVED
+CVE-2022-20932
+ RESERVED
+CVE-2022-20931
+ RESERVED
+CVE-2022-20930
+ RESERVED
+CVE-2022-20929
+ RESERVED
+CVE-2022-20928
+ RESERVED
+CVE-2022-20927
+ RESERVED
+CVE-2022-20926
+ RESERVED
+CVE-2022-20925
+ RESERVED
+CVE-2022-20924
+ RESERVED
+CVE-2022-20923
+ RESERVED
+CVE-2022-20922
+ RESERVED
+CVE-2022-20921
+ RESERVED
+CVE-2022-20920
+ RESERVED
+CVE-2022-20919
+ RESERVED
+CVE-2022-20918
+ RESERVED
+CVE-2022-20917
+ RESERVED
+CVE-2022-20916
+ RESERVED
+CVE-2022-20915
+ RESERVED
+CVE-2022-20914
+ RESERVED
+CVE-2022-20913
+ RESERVED
+CVE-2022-20912
+ RESERVED
+CVE-2022-20911
+ RESERVED
+CVE-2022-20910
+ RESERVED
+CVE-2022-20909
+ RESERVED
+CVE-2022-20908
+ RESERVED
+CVE-2022-20907
+ RESERVED
+CVE-2022-20906
+ RESERVED
+CVE-2022-20905
+ RESERVED
+CVE-2022-20904
+ RESERVED
+CVE-2022-20903
+ RESERVED
+CVE-2022-20902
+ RESERVED
+CVE-2022-20901
+ RESERVED
+CVE-2022-20900
+ RESERVED
+CVE-2022-20899
+ RESERVED
+CVE-2022-20898
+ RESERVED
+CVE-2022-20897
+ RESERVED
+CVE-2022-20896
+ RESERVED
+CVE-2022-20895
+ RESERVED
+CVE-2022-20894
+ RESERVED
+CVE-2022-20893
+ RESERVED
+CVE-2022-20892
+ RESERVED
+CVE-2022-20891
+ RESERVED
+CVE-2022-20890
+ RESERVED
+CVE-2022-20889
+ RESERVED
+CVE-2022-20888
+ RESERVED
+CVE-2022-20887
+ RESERVED
+CVE-2022-20886
+ RESERVED
+CVE-2022-20885
+ RESERVED
+CVE-2022-20884
+ RESERVED
+CVE-2022-20883
+ RESERVED
+CVE-2022-20882
+ RESERVED
+CVE-2022-20881
+ RESERVED
+CVE-2022-20880
+ RESERVED
+CVE-2022-20879
+ RESERVED
+CVE-2022-20878
+ RESERVED
+CVE-2022-20877
+ RESERVED
+CVE-2022-20876
+ RESERVED
+CVE-2022-20875
+ RESERVED
+CVE-2022-20874
+ RESERVED
+CVE-2022-20873
+ RESERVED
+CVE-2022-20872
+ RESERVED
+CVE-2022-20871
+ RESERVED
+CVE-2022-20870
+ RESERVED
+CVE-2022-20869
+ RESERVED
+CVE-2022-20868
+ RESERVED
+CVE-2022-20867
+ RESERVED
+CVE-2022-20866
+ RESERVED
+CVE-2022-20865
+ RESERVED
+CVE-2022-20864
+ RESERVED
+CVE-2022-20863
+ RESERVED
+CVE-2022-20862
+ RESERVED
+CVE-2022-20861
+ RESERVED
+CVE-2022-20860
+ RESERVED
+CVE-2022-20859
+ RESERVED
+CVE-2022-20858
+ RESERVED
+CVE-2022-20857
+ RESERVED
+CVE-2022-20856
+ RESERVED
+CVE-2022-20855
+ RESERVED
+CVE-2022-20854
+ RESERVED
+CVE-2022-20853
+ RESERVED
+CVE-2022-20852
+ RESERVED
+CVE-2022-20851
+ RESERVED
+CVE-2022-20850
+ RESERVED
+CVE-2022-20849
+ RESERVED
+CVE-2022-20848
+ RESERVED
+CVE-2022-20847
+ RESERVED
+CVE-2022-20846
+ RESERVED
+CVE-2022-20845
+ RESERVED
+CVE-2022-20844
+ RESERVED
+CVE-2022-20843
+ RESERVED
+CVE-2022-20842
+ RESERVED
+CVE-2022-20841
+ RESERVED
+CVE-2022-20840
+ RESERVED
+CVE-2022-20839
+ RESERVED
+CVE-2022-20838
+ RESERVED
+CVE-2022-20837
+ RESERVED
+CVE-2022-20836
+ RESERVED
+CVE-2022-20835
+ RESERVED
+CVE-2022-20834
+ RESERVED
+CVE-2022-20833
+ RESERVED
+CVE-2022-20832
+ RESERVED
+CVE-2022-20831
+ RESERVED
+CVE-2022-20830
+ RESERVED
+CVE-2022-20829
+ RESERVED
+CVE-2022-20828
+ RESERVED
+CVE-2022-20827
+ RESERVED
+CVE-2022-20826
+ RESERVED
+CVE-2022-20825
+ RESERVED
+CVE-2022-20824
+ RESERVED
+CVE-2022-20823
+ RESERVED
+CVE-2022-20822
+ RESERVED
+CVE-2022-20821
+ RESERVED
+CVE-2022-20820
+ RESERVED
+CVE-2022-20819
+ RESERVED
+CVE-2022-20818
+ RESERVED
+CVE-2022-20817
+ RESERVED
+CVE-2022-20816
+ RESERVED
+CVE-2022-20815
+ RESERVED
+CVE-2022-20814
+ RESERVED
+CVE-2022-20813
+ RESERVED
+CVE-2022-20812
+ RESERVED
+CVE-2022-20811
+ RESERVED
+CVE-2022-20810
+ RESERVED
+CVE-2022-20809
+ RESERVED
+CVE-2022-20808
+ RESERVED
+CVE-2022-20807
+ RESERVED
+CVE-2022-20806
+ RESERVED
+CVE-2022-20805
+ RESERVED
+CVE-2022-20804
+ RESERVED
+CVE-2022-20803
+ RESERVED
+CVE-2022-20802
+ RESERVED
+CVE-2022-20801
+ RESERVED
+CVE-2022-20800
+ RESERVED
+CVE-2022-20799
+ RESERVED
+CVE-2022-20798
+ RESERVED
+CVE-2022-20797
+ RESERVED
+CVE-2022-20796
+ RESERVED
+CVE-2022-20795
+ RESERVED
+CVE-2022-20794
+ RESERVED
+CVE-2022-20793
+ RESERVED
+CVE-2022-20792
+ RESERVED
+CVE-2022-20791
+ RESERVED
+CVE-2022-20790
+ RESERVED
+CVE-2022-20789
+ RESERVED
+CVE-2022-20788
+ RESERVED
+CVE-2022-20787
+ RESERVED
+CVE-2022-20786
+ RESERVED
+CVE-2022-20785
+ RESERVED
+CVE-2022-20784
+ RESERVED
+CVE-2022-20783
+ RESERVED
+CVE-2022-20782
+ RESERVED
+CVE-2022-20781
+ RESERVED
+CVE-2022-20780
+ RESERVED
+CVE-2022-20779
+ RESERVED
+CVE-2022-20778
+ RESERVED
+CVE-2022-20777
+ RESERVED
+CVE-2022-20776
+ RESERVED
+CVE-2022-20775
+ RESERVED
+CVE-2022-20774
+ RESERVED
+CVE-2022-20773
+ RESERVED
+CVE-2022-20772
+ RESERVED
+CVE-2022-20771
+ RESERVED
+CVE-2022-20770
+ RESERVED
+CVE-2022-20769
+ RESERVED
+CVE-2022-20768
+ RESERVED
+CVE-2022-20767
+ RESERVED
+CVE-2022-20766
+ RESERVED
+CVE-2022-20765
+ RESERVED
+CVE-2022-20764
+ RESERVED
+CVE-2022-20763
+ RESERVED
+CVE-2022-20762
+ RESERVED
+CVE-2022-20761
+ RESERVED
+CVE-2022-20760
+ RESERVED
+CVE-2022-20759
+ RESERVED
+CVE-2022-20758
+ RESERVED
+CVE-2022-20757
+ RESERVED
+CVE-2022-20756
+ RESERVED
+CVE-2022-20755
+ RESERVED
+CVE-2022-20754
+ RESERVED
+CVE-2022-20753
+ RESERVED
+CVE-2022-20752
+ RESERVED
+CVE-2022-20751
+ RESERVED
+CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of Cisco Redu ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20748
+ RESERVED
+CVE-2022-20747
+ RESERVED
+CVE-2022-20746
+ RESERVED
+CVE-2022-20745
+ RESERVED
+CVE-2022-20744
+ RESERVED
+CVE-2022-20743
+ RESERVED
+CVE-2022-20742
+ RESERVED
+CVE-2022-20741
+ RESERVED
+CVE-2022-20740
+ RESERVED
+CVE-2022-20739
+ RESERVED
+CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service could ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20737
+ RESERVED
+CVE-2022-20736
+ RESERVED
+CVE-2022-20735
+ RESERVED
+CVE-2022-20734
+ RESERVED
+CVE-2022-20733
+ RESERVED
+CVE-2022-20732
+ RESERVED
+CVE-2022-20731
+ RESERVED
+CVE-2022-20730
+ RESERVED
+CVE-2022-20729
+ RESERVED
+CVE-2022-20728
+ RESERVED
+CVE-2022-20727
+ RESERVED
+CVE-2022-20726
+ RESERVED
+CVE-2022-20725
+ RESERVED
+CVE-2022-20724
+ RESERVED
+CVE-2022-20723
+ RESERVED
+CVE-2022-20722
+ RESERVED
+CVE-2022-20721
+ RESERVED
+CVE-2022-20720
+ RESERVED
+CVE-2022-20719
+ RESERVED
+CVE-2022-20718
+ RESERVED
+CVE-2022-20717
+ RESERVED
+CVE-2022-20716
+ RESERVED
+CVE-2022-20715
+ RESERVED
+CVE-2022-20714
+ RESERVED
+CVE-2022-20713
+ RESERVED
+CVE-2022-20712 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20711 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20710 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20709 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20708 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20707 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20706 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20705 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20704 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20703 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20702 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20701 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20700 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20699 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...)
+ NOT-FOR-US: Cisco Small Business RV Series Routers
+CVE-2022-20698 (A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) ...)
+ - clamav 0.103.5+dfsg-1
+ [bullseye] - clamav <no-dsa> (clamav is updated via -updates)
+ [buster] - clamav <no-dsa> (clamav is updated via -updates)
+ [stretch] - clamav <postponed> (Minor issue; clean crash; follow stable updates)
+ NOTE: https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
+ NOTE: https://github.com/Cisco-Talos/clamav/commit/9a6bb57f89721db637f4ddb5b233c1c4e23d223a (0.103.5)
+CVE-2022-20697
+ RESERVED
+CVE-2022-20696
+ RESERVED
+CVE-2022-20695
+ RESERVED
+CVE-2022-20694
+ RESERVED
+CVE-2022-20693
+ RESERVED
+CVE-2022-20692
+ RESERVED
+CVE-2022-20691
+ RESERVED
+CVE-2022-20690
+ RESERVED
+CVE-2022-20689
+ RESERVED
+CVE-2022-20688
+ RESERVED
+CVE-2022-20687
+ RESERVED
+CVE-2022-20686
+ RESERVED
+CVE-2022-20685
+ RESERVED
+CVE-2022-20684
+ RESERVED
+CVE-2022-20683
+ RESERVED
+CVE-2022-20682
+ RESERVED
+CVE-2022-20681
+ RESERVED
+CVE-2022-20680 (A vulnerability in the web-based management interface of Cisco Prime S ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20679
+ RESERVED
+CVE-2022-20678
+ RESERVED
+CVE-2022-20677
+ RESERVED
+CVE-2022-20676
+ RESERVED
+CVE-2022-20675
+ RESERVED
+CVE-2022-20674
+ RESERVED
+CVE-2022-20673
+ RESERVED
+CVE-2022-20672
+ RESERVED
+CVE-2022-20671
+ RESERVED
+CVE-2022-20670
+ RESERVED
+CVE-2022-20669
+ RESERVED
+CVE-2022-20668
+ RESERVED
+CVE-2022-20667
+ RESERVED
+CVE-2022-20666
+ RESERVED
+CVE-2022-20665
+ RESERVED
+CVE-2022-20664
+ RESERVED
+CVE-2022-20663
+ RESERVED
+CVE-2022-20662
+ RESERVED
+CVE-2022-20661
+ RESERVED
+CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20659 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20658 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20657
+ RESERVED
+CVE-2022-20656
+ RESERVED
+CVE-2022-20655
+ RESERVED
+CVE-2022-20654
+ RESERVED
+CVE-2022-20653 (A vulnerability in the DNS-based Authentication of Named Entities (DAN ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20652
+ RESERVED
+CVE-2022-20651
+ RESERVED
+CVE-2022-20650
+ RESERVED
+CVE-2022-20649
+ RESERVED
+CVE-2022-20648
+ RESERVED
+CVE-2022-20647 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20646 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20645 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20644 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20643 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20642 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20641 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20640 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20639 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20638 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20637 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20636 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20635 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20634
+ RESERVED
+CVE-2022-20633
+ RESERVED
+CVE-2022-20632
+ RESERVED
+CVE-2022-20631
+ RESERVED
+CVE-2022-20630 (A vulnerability in the audit log of Cisco DNA Center could allow an au ...)
+ NOT-FOR-US: Cisco
+CVE-2022-20629
+ RESERVED
+CVE-2022-20628
+ RESERVED
+CVE-2022-20627
+ RESERVED
+CVE-2022-20626
+ RESERVED
+CVE-2022-20625
+ RESERVED
+CVE-2022-20624
+ RESERVED
+CVE-2022-20623
+ RESERVED
+CVE-2022-20622
+ RESERVED
+CVE-2022-20621 (Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencr ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20620 (Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20619 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20618 (A missing permission check in Jenkins Bitbucket Branch Source Plugin 7 ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20617 (Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the n ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20616 (Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20615 (Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML me ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20614 (A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4 ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20613 (A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Pl ...)
+ NOT-FOR-US: Jenkins plugin
+CVE-2022-20612 (A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and ...)
+ - jenkins <removed>
+CVE-2022-0005
+ RESERVED
+CVE-2022-0004
+ RESERVED
+CVE-2022-0003
+ RESERVED
+CVE-2022-0002
+ RESERVED
+CVE-2022-0001
+ RESERVED
+CVE-2022-20611
+ RESERVED
+CVE-2022-20610
+ RESERVED
+CVE-2022-20609
+ RESERVED
+CVE-2022-20608
+ RESERVED
+CVE-2022-20607
+ RESERVED
+CVE-2022-20606
+ RESERVED
+CVE-2022-20605
+ RESERVED
+CVE-2022-20604
+ RESERVED
+CVE-2022-20603
+ RESERVED
+CVE-2022-20602
+ RESERVED
+CVE-2022-20601
+ RESERVED
+CVE-2022-20600
+ RESERVED
+CVE-2022-20599
+ RESERVED
+CVE-2022-20598
+ RESERVED
+CVE-2022-20597
+ RESERVED
+CVE-2022-20596
+ RESERVED
+CVE-2022-20595
+ RESERVED
+CVE-2022-20594
+ RESERVED
+CVE-2022-20593
+ RESERVED
+CVE-2022-20592
+ RESERVED
+CVE-2022-20591
+ RESERVED
+CVE-2022-20590
+ RESERVED
+CVE-2022-20589
+ RESERVED
+CVE-2022-20588
+ RESERVED
+CVE-2022-20587
+ RESERVED
+CVE-2022-20586
+ RESERVED
+CVE-2022-20585
+ RESERVED
+CVE-2022-20584
+ RESERVED
+CVE-2022-20583
+ RESERVED
+CVE-2022-20582
+ RESERVED
+CVE-2022-20581
+ RESERVED
+CVE-2022-20580
+ RESERVED
+CVE-2022-20579
+ RESERVED
+CVE-2022-20578
+ RESERVED
+CVE-2022-20577
+ RESERVED
+CVE-2022-20576
+ RESERVED
+CVE-2022-20575
+ RESERVED
+CVE-2022-20574
+ RESERVED
+CVE-2022-20573
+ RESERVED
+CVE-2022-20572
+ RESERVED
+CVE-2022-20571
+ RESERVED
+CVE-2022-20570
+ RESERVED
+CVE-2022-20569
+ RESERVED
+CVE-2022-20568
+ RESERVED
+CVE-2022-20567
+ RESERVED
+CVE-2022-20566
+ RESERVED
+CVE-2022-20565
+ RESERVED
+CVE-2022-20564
+ RESERVED
+CVE-2022-20563
+ RESERVED
+CVE-2022-20562
+ RESERVED
+CVE-2022-20561
+ RESERVED
+CVE-2022-20560
+ RESERVED
+CVE-2022-20559
+ RESERVED
+CVE-2022-20558
+ RESERVED
+CVE-2022-20557
+ RESERVED
+CVE-2022-20556
+ RESERVED
+CVE-2022-20555
+ RESERVED
+CVE-2022-20554
+ RESERVED
+CVE-2022-20553
+ RESERVED
+CVE-2022-20552
+ RESERVED
+CVE-2022-20551
+ RESERVED
+CVE-2022-20550
+ RESERVED
+CVE-2022-20549
+ RESERVED
+CVE-2022-20548
+ RESERVED
+CVE-2022-20547
+ RESERVED
+CVE-2022-20546
+ RESERVED
+CVE-2022-20545
+ RESERVED
+CVE-2022-20544
+ RESERVED
+CVE-2022-20543
+ RESERVED
+CVE-2022-20542
+ RESERVED
+CVE-2022-20541
+ RESERVED
+CVE-2022-20540
+ RESERVED
+CVE-2022-20539
+ RESERVED
+CVE-2022-20538
+ RESERVED
+CVE-2022-20537
+ RESERVED
+CVE-2022-20536
+ RESERVED
+CVE-2022-20535
+ RESERVED
+CVE-2022-20534
+ RESERVED
+CVE-2022-20533
+ RESERVED
+CVE-2022-20532
+ RESERVED
+CVE-2022-20531
+ RESERVED
+CVE-2022-20530
+ RESERVED
+CVE-2022-20529
+ RESERVED
+CVE-2022-20528
+ RESERVED
+CVE-2022-20527
+ RESERVED
+CVE-2022-20526
+ RESERVED
+CVE-2022-20525
+ RESERVED
+CVE-2022-20524
+ RESERVED
+CVE-2022-20523
+ RESERVED
+CVE-2022-20522
+ RESERVED
+CVE-2022-20521
+ RESERVED
+CVE-2022-20520
+ RESERVED
+CVE-2022-20519
+ RESERVED
+CVE-2022-20518
+ RESERVED
+CVE-2022-20517
+ RESERVED
+CVE-2022-20516
+ RESERVED
+CVE-2022-20515
+ RESERVED
+CVE-2022-20514
+ RESERVED
+CVE-2022-20513
+ RESERVED
+CVE-2022-20512
+ RESERVED
+CVE-2022-20511
+ RESERVED
+CVE-2022-20510
+ RESERVED
+CVE-2022-20509
+ RESERVED
+CVE-2022-20508
+ RESERVED
+CVE-2022-20507
+ RESERVED
+CVE-2022-20506
+ RESERVED
+CVE-2022-20505
+ RESERVED
+CVE-2022-20504
+ RESERVED
+CVE-2022-20503
+ RESERVED
+CVE-2022-20502
+ RESERVED
+CVE-2022-20501
+ RESERVED
+CVE-2022-20500
+ RESERVED
+CVE-2022-20499
+ RESERVED
+CVE-2022-20498
+ RESERVED
+CVE-2022-20497
+ RESERVED
+CVE-2022-20496
+ RESERVED
+CVE-2022-20495
+ RESERVED
+CVE-2022-20494
+ RESERVED
+CVE-2022-20493
+ RESERVED
+CVE-2022-20492
+ RESERVED
+CVE-2022-20491
+ RESERVED
+CVE-2022-20490
+ RESERVED
+CVE-2022-20489
+ RESERVED
+CVE-2022-20488
+ RESERVED
+CVE-2022-20487
+ RESERVED
+CVE-2022-20486
+ RESERVED
+CVE-2022-20485
+ RESERVED
+CVE-2022-20484
+ RESERVED
+CVE-2022-20483
+ RESERVED
+CVE-2022-20482
+ RESERVED
+CVE-2022-20481
+ RESERVED
+CVE-2022-20480
+ RESERVED
+CVE-2022-20479
+ RESERVED
+CVE-2022-20478
+ RESERVED
+CVE-2022-20477
+ RESERVED
+CVE-2022-20476
+ RESERVED
+CVE-2022-20475
+ RESERVED
+CVE-2022-20474
+ RESERVED
+CVE-2022-20473
+ RESERVED
+CVE-2022-20472
+ RESERVED
+CVE-2022-20471
+ RESERVED
+CVE-2022-20470
+ RESERVED
+CVE-2022-20469
+ RESERVED
+CVE-2022-20468
+ RESERVED
+CVE-2022-20467
+ RESERVED
+CVE-2022-20466
+ RESERVED
+CVE-2022-20465
+ RESERVED
+CVE-2022-20464
+ RESERVED
+CVE-2022-20463
+ RESERVED
+CVE-2022-20462
+ RESERVED
+CVE-2022-20461
+ RESERVED
+CVE-2022-20460
+ RESERVED
+CVE-2022-20459
+ RESERVED
+CVE-2022-20458
+ RESERVED
+CVE-2022-20457
+ RESERVED
+CVE-2022-20456
+ RESERVED
+CVE-2022-20455
+ RESERVED
+CVE-2022-20454
+ RESERVED
+CVE-2022-20453
+ RESERVED
+CVE-2022-20452
+ RESERVED
+CVE-2022-20451
+ RESERVED
+CVE-2022-20450
+ RESERVED
+CVE-2022-20449
+ RESERVED
+CVE-2022-20448
+ RESERVED
+CVE-2022-20447
+ RESERVED
+CVE-2022-20446
+ RESERVED
+CVE-2022-20445
+ RESERVED
+CVE-2022-20444
+ RESERVED
+CVE-2022-20443
+ RESERVED
+CVE-2022-20442
+ RESERVED
+CVE-2022-20441
+ RESERVED
+CVE-2022-20440
+ RESERVED
+CVE-2022-20439
+ RESERVED
+CVE-2022-20438
+ RESERVED
+CVE-2022-20437
+ RESERVED
+CVE-2022-20436
+ RESERVED
+CVE-2022-20435
+ RESERVED
+CVE-2022-20434
+ RESERVED
+CVE-2022-20433
+ RESERVED
+CVE-2022-20432
+ RESERVED
+CVE-2022-20431
+ RESERVED
+CVE-2022-20430
+ RESERVED
+CVE-2022-20429
+ RESERVED
+CVE-2022-20428
+ RESERVED
+CVE-2022-20427
+ RESERVED
+CVE-2022-20426
+ RESERVED
+CVE-2022-20425
+ RESERVED
+CVE-2022-20424
+ RESERVED
+CVE-2022-20423
+ RESERVED
+CVE-2022-20422
+ RESERVED
+CVE-2022-20421
+ RESERVED
+CVE-2022-20420
+ RESERVED
+CVE-2022-20419
+ RESERVED
+CVE-2022-20418
+ RESERVED
+CVE-2022-20417
+ RESERVED
+CVE-2022-20416
+ RESERVED
+CVE-2022-20415
+ RESERVED
+CVE-2022-20414
+ RESERVED
+CVE-2022-20413
+ RESERVED
+CVE-2022-20412
+ RESERVED
+CVE-2022-20411
+ RESERVED
+CVE-2022-20410
+ RESERVED
+CVE-2022-20409
+ RESERVED
+CVE-2022-20408
+ RESERVED
+CVE-2022-20407
+ RESERVED
+CVE-2022-20406
+ RESERVED
+CVE-2022-20405
+ RESERVED
+CVE-2022-20404
+ RESERVED
+CVE-2022-20403
+ RESERVED
+CVE-2022-20402
+ RESERVED
+CVE-2022-20401
+ RESERVED
+CVE-2022-20400
+ RESERVED
+CVE-2022-20399
+ RESERVED
+CVE-2022-20398
+ RESERVED
+CVE-2022-20397
+ RESERVED
+CVE-2022-20396
+ RESERVED
+CVE-2022-20395
+ RESERVED
+CVE-2022-20394
+ RESERVED
+CVE-2022-20393
+ RESERVED
+CVE-2022-20392
+ RESERVED
+CVE-2022-20391
+ RESERVED
+CVE-2022-20390
+ RESERVED
+CVE-2022-20389
+ RESERVED
+CVE-2022-20388
+ RESERVED
+CVE-2022-20387
+ RESERVED
+CVE-2022-20386
+ RESERVED
+CVE-2022-20385
+ RESERVED
+CVE-2022-20384
+ RESERVED
+CVE-2022-20383
+ RESERVED
+CVE-2022-20382
+ RESERVED
+CVE-2022-20381
+ RESERVED
+CVE-2022-20380
+ RESERVED
+CVE-2022-20379
+ RESERVED
+CVE-2022-20378
+ RESERVED
+CVE-2022-20377
+ RESERVED
+CVE-2022-20376
+ RESERVED
+CVE-2022-20375
+ RESERVED
+CVE-2022-20374
+ RESERVED
+CVE-2022-20373
+ RESERVED
+CVE-2022-20372
+ RESERVED
+CVE-2022-20371
+ RESERVED
+CVE-2022-20370
+ RESERVED
+CVE-2022-20369
+ RESERVED
+CVE-2022-20368
+ RESERVED
+CVE-2022-20367
+ RESERVED
+CVE-2022-20366
+ RESERVED
+CVE-2022-20365
+ RESERVED
+CVE-2022-20364
+ RESERVED
+CVE-2022-20363
+ RESERVED
+CVE-2022-20362
+ RESERVED
+CVE-2022-20361
+ RESERVED
+CVE-2022-20360
+ RESERVED
+CVE-2022-20359
+ RESERVED
+CVE-2022-20358
+ RESERVED
+CVE-2022-20357
+ RESERVED
+CVE-2022-20356
+ RESERVED
+CVE-2022-20355
+ RESERVED
+CVE-2022-20354
+ RESERVED
+CVE-2022-20353
+ RESERVED
+CVE-2022-20352
+ RESERVED
+CVE-2022-20351
+ RESERVED
+CVE-2022-20350
+ RESERVED
+CVE-2022-20349
+ RESERVED
+CVE-2022-20348
+ RESERVED
+CVE-2022-20347
+ RESERVED
+CVE-2022-20346
+ RESERVED
+CVE-2022-20345
+ RESERVED
+CVE-2022-20344
+ RESERVED
+CVE-2022-20343
+ RESERVED
+CVE-2022-20342
+ RESERVED
+CVE-2022-20341
+ RESERVED
+CVE-2022-20340
+ RESERVED
+CVE-2022-20339
+ RESERVED
+CVE-2022-20338
+ RESERVED
+CVE-2022-20337
+ RESERVED
+CVE-2022-20336
+ RESERVED
+CVE-2022-20335
+ RESERVED
+CVE-2022-20334
+ RESERVED
+CVE-2022-20333
+ RESERVED
+CVE-2022-20332
+ RESERVED
+CVE-2022-20331
+ RESERVED
+CVE-2022-20330
+ RESERVED
+CVE-2022-20329
+ RESERVED
+CVE-2022-20328
+ RESERVED
+CVE-2022-20327
+ RESERVED
+CVE-2022-20326
+ RESERVED
+CVE-2022-20325
+ RESERVED
+CVE-2022-20324
+ RESERVED
+CVE-2022-20323
+ RESERVED
+CVE-2022-20322
+ RESERVED
+CVE-2022-20321
+ RESERVED
+CVE-2022-20320
+ RESERVED
+CVE-2022-20319
+ RESERVED
+CVE-2022-20318
+ RESERVED
+CVE-2022-20317
+ RESERVED
+CVE-2022-20316
+ RESERVED
+CVE-2022-20315
+ RESERVED
+CVE-2022-20314
+ RESERVED
+CVE-2022-20313
+ RESERVED
+CVE-2022-20312
+ RESERVED
+CVE-2022-20311
+ RESERVED
+CVE-2022-20310
+ RESERVED
+CVE-2022-20309
+ RESERVED
+CVE-2022-20308
+ RESERVED
+CVE-2022-20307
+ RESERVED
+CVE-2022-20306
+ RESERVED
+CVE-2022-20305
+ RESERVED
+CVE-2022-20304
+ RESERVED
+CVE-2022-20303
+ RESERVED
+CVE-2022-20302
+ RESERVED
+CVE-2022-20301
+ RESERVED
+CVE-2022-20300
+ RESERVED
+CVE-2022-20299
+ RESERVED
+CVE-2022-20298
+ RESERVED
+CVE-2022-20297
+ RESERVED
+CVE-2022-20296
+ RESERVED
+CVE-2022-20295
+ RESERVED
+CVE-2022-20294
+ RESERVED
+CVE-2022-20293
+ RESERVED
+CVE-2022-20292
+ RESERVED
+CVE-2022-20291
+ RESERVED
+CVE-2022-20290
+ RESERVED
+CVE-2022-20289
+ RESERVED
+CVE-2022-20288
+ RESERVED
+CVE-2022-20287
+ RESERVED
+CVE-2022-20286
+ RESERVED
+CVE-2022-20285
+ RESERVED
+CVE-2022-20284
+ RESERVED
+CVE-2022-20283
+ RESERVED
+CVE-2022-20282
+ RESERVED
+CVE-2022-20281
+ RESERVED
+CVE-2022-20280
+ RESERVED
+CVE-2022-20279
+ RESERVED
+CVE-2022-20278
+ RESERVED
+CVE-2022-20277
+ RESERVED
+CVE-2022-20276
+ RESERVED
+CVE-2022-20275
+ RESERVED
+CVE-2022-20274
+ RESERVED
+CVE-2022-20273
+ RESERVED
+CVE-2022-20272
+ RESERVED
+CVE-2022-20271
+ RESERVED
+CVE-2022-20270
+ RESERVED
+CVE-2022-20269
+ RESERVED
+CVE-2022-20268
+ RESERVED
+CVE-2022-20267
+ RESERVED
+CVE-2022-20266
+ RESERVED
+CVE-2022-20265
+ RESERVED
+CVE-2022-20264
+ RESERVED
+CVE-2022-20263
+ RESERVED
+CVE-2022-20262
+ RESERVED
+CVE-2022-20261
+ RESERVED
+CVE-2022-20260
+ RESERVED
+CVE-2022-20259
+ RESERVED
+CVE-2022-20258
+ RESERVED
+CVE-2022-20257
+ RESERVED
+CVE-2022-20256
+ RESERVED
+CVE-2022-20255
+ RESERVED
+CVE-2022-20254
+ RESERVED
+CVE-2022-20253
+ RESERVED
+CVE-2022-20252
+ RESERVED
+CVE-2022-20251
+ RESERVED
+CVE-2022-20250
+ RESERVED
+CVE-2022-20249
+ RESERVED
+CVE-2022-20248
+ RESERVED
+CVE-2022-20247
+ RESERVED
+CVE-2022-20246
+ RESERVED
+CVE-2022-20245
+ RESERVED
+CVE-2022-20244
+ RESERVED
+CVE-2022-20243
+ RESERVED
+CVE-2022-20242
+ RESERVED
+CVE-2022-20241
+ RESERVED
+CVE-2022-20240
+ RESERVED
+CVE-2022-20239
+ RESERVED
+CVE-2022-20238
+ RESERVED
+CVE-2022-20237
+ RESERVED
+CVE-2022-20236
+ RESERVED
+CVE-2022-20235
+ RESERVED
+CVE-2022-20234
+ RESERVED
+CVE-2022-20233
+ RESERVED
+CVE-2022-20232
+ RESERVED
+CVE-2022-20231
+ RESERVED
+CVE-2022-20230
+ RESERVED
+CVE-2022-20229
+ RESERVED
+CVE-2022-20228
+ RESERVED
+CVE-2022-20227
+ RESERVED
+CVE-2022-20226
+ RESERVED
+CVE-2022-20225
+ RESERVED
+CVE-2022-20224
+ RESERVED
+CVE-2022-20223
+ RESERVED
+CVE-2022-20222
+ RESERVED
+CVE-2022-20221
+ RESERVED
+CVE-2022-20220
+ RESERVED
+CVE-2022-20219
+ RESERVED
+CVE-2022-20218
+ RESERVED
+CVE-2022-20217
+ RESERVED
+CVE-2022-20216
+ RESERVED
+CVE-2022-20215
+ RESERVED
+CVE-2022-20214
+ RESERVED
+CVE-2022-20213
+ RESERVED
+CVE-2022-20212
+ RESERVED
+CVE-2022-20211
+ RESERVED
+CVE-2022-20210
+ RESERVED
+CVE-2022-20209
+ RESERVED
+CVE-2022-20208
+ RESERVED
+CVE-2022-20207
+ RESERVED
+CVE-2022-20206
+ RESERVED
+CVE-2022-20205
+ RESERVED
+CVE-2022-20204
+ RESERVED
+CVE-2022-20203
+ RESERVED
+CVE-2022-20202
+ RESERVED
+CVE-2022-20201
+ RESERVED
+CVE-2022-20200
+ RESERVED
+CVE-2022-20199
+ RESERVED
+CVE-2022-20198
+ RESERVED
+CVE-2022-20197
+ RESERVED
+CVE-2022-20196
+ RESERVED
+CVE-2022-20195
+ RESERVED
+CVE-2022-20194
+ RESERVED
+CVE-2022-20193
+ RESERVED
+CVE-2022-20192
+ RESERVED
+CVE-2022-20191
+ RESERVED
+CVE-2022-20190
+ RESERVED
+CVE-2022-20189
+ RESERVED
+CVE-2022-20188
+ RESERVED
+CVE-2022-20187
+ RESERVED
+CVE-2022-20186
+ RESERVED
+CVE-2022-20185
+ RESERVED
+CVE-2022-20184
+ RESERVED
+CVE-2022-20183
+ RESERVED
+CVE-2022-20182
+ RESERVED
+CVE-2022-20181
+ RESERVED
+CVE-2022-20180
+ RESERVED
+CVE-2022-20179
+ RESERVED
+CVE-2022-20178
+ RESERVED
+CVE-2022-20177
+ RESERVED
+CVE-2022-20176
+ RESERVED
+CVE-2022-20175
+ RESERVED
+CVE-2022-20174
+ RESERVED
+CVE-2022-20173
+ RESERVED
+CVE-2022-20172
+ RESERVED
+CVE-2022-20171
+ RESERVED
+CVE-2022-20170
+ RESERVED
+CVE-2022-20169
+ RESERVED
+CVE-2022-20168
+ RESERVED
+CVE-2022-20167
+ RESERVED
+CVE-2022-20166
+ RESERVED
+CVE-2022-20165
+ RESERVED
+CVE-2022-20164
+ RESERVED
+CVE-2022-20163
+ RESERVED
+CVE-2022-20162
+ RESERVED
+CVE-2022-20161
+ RESERVED
+CVE-2022-20160
+ RESERVED
+CVE-2022-20159
+ RESERVED
+CVE-2022-20158
+ RESERVED
+CVE-2022-20157
+ RESERVED
+CVE-2022-20156
+ RESERVED
+CVE-2022-20155
+ RESERVED
+CVE-2022-20154
+ RESERVED
+CVE-2022-20153
+ RESERVED
+CVE-2022-20152
+ RESERVED
+CVE-2022-20151
+ RESERVED
+CVE-2022-20150
+ RESERVED
+CVE-2022-20149
+ RESERVED
+CVE-2022-20148
+ RESERVED
+CVE-2022-20147
+ RESERVED
+CVE-2022-20146
+ RESERVED
+CVE-2022-20145
+ RESERVED
+CVE-2022-20144
+ RESERVED
+CVE-2022-20143
+ RESERVED
+CVE-2022-20142
+ RESERVED
+CVE-2022-20141
+ RESERVED
+CVE-2022-20140
+ RESERVED
+CVE-2022-20139
+ RESERVED
+CVE-2022-20138
+ RESERVED
+CVE-2022-20137
+ RESERVED
+CVE-2022-20136
+ RESERVED
+CVE-2022-20135
+ RESERVED
+CVE-2022-20134
+ RESERVED
+CVE-2022-20133
+ RESERVED
+CVE-2022-20132
+ RESERVED
+CVE-2022-20131
+ RESERVED
+CVE-2022-20130
+ RESERVED
+CVE-2022-20129
+ RESERVED
+CVE-2022-20128
+ RESERVED
+CVE-2022-20127
+ RESERVED
+CVE-2022-20126
+ RESERVED
+CVE-2022-20125
+ RESERVED
+CVE-2022-20124
+ RESERVED
+CVE-2022-20123
+ RESERVED
+CVE-2022-20122
+ RESERVED
+CVE-2022-20121
+ RESERVED
+CVE-2022-20120
+ RESERVED
+CVE-2022-20119
+ RESERVED
+CVE-2022-20118
+ RESERVED
+CVE-2022-20117
+ RESERVED
+CVE-2022-20116
+ RESERVED
+CVE-2022-20115
+ RESERVED
+CVE-2022-20114
+ RESERVED
+CVE-2022-20113
+ RESERVED
+CVE-2022-20112
+ RESERVED
+CVE-2022-20111
+ RESERVED
+CVE-2022-20110
+ RESERVED
+CVE-2022-20109
+ RESERVED
+CVE-2022-20108
+ RESERVED
+CVE-2022-20107
+ RESERVED
+CVE-2022-20106
+ RESERVED
+CVE-2022-20105
+ RESERVED
+CVE-2022-20104
+ RESERVED
+CVE-2022-20103
+ RESERVED
+CVE-2022-20102
+ RESERVED
+CVE-2022-20101
+ RESERVED
+CVE-2022-20100
+ RESERVED
+CVE-2022-20099
+ RESERVED
+CVE-2022-20098
+ RESERVED
+CVE-2022-20097
+ RESERVED
+CVE-2022-20096
+ RESERVED
+CVE-2022-20095
+ RESERVED
+CVE-2022-20094
+ RESERVED
+CVE-2022-20093
+ RESERVED
+CVE-2022-20092
+ RESERVED
+CVE-2022-20091
+ RESERVED
+CVE-2022-20090
+ RESERVED
+CVE-2022-20089
+ RESERVED
+CVE-2022-20088
+ RESERVED
+CVE-2022-20087
+ RESERVED
+CVE-2022-20086
+ RESERVED
+CVE-2022-20085
+ RESERVED
+CVE-2022-20084
+ RESERVED
+CVE-2022-20083
+ RESERVED
+CVE-2022-20082
+ RESERVED
+CVE-2022-20081
+ RESERVED
+CVE-2022-20080
+ RESERVED
+CVE-2022-20079
+ RESERVED
+CVE-2022-20078
+ RESERVED
+CVE-2022-20077
+ RESERVED
+CVE-2022-20076
+ RESERVED
+CVE-2022-20075
+ RESERVED
+CVE-2022-20074
+ RESERVED
+CVE-2022-20073
+ RESERVED
+CVE-2022-20072
+ RESERVED
+CVE-2022-20071
+ RESERVED
+CVE-2022-20070
+ RESERVED
+CVE-2022-20069
+ RESERVED
+CVE-2022-20068
+ RESERVED
+CVE-2022-20067
+ RESERVED
+CVE-2022-20066
+ RESERVED
+CVE-2022-20065
+ RESERVED
+CVE-2022-20064
+ RESERVED
+CVE-2022-20063
+ RESERVED
+CVE-2022-20062
+ RESERVED
+CVE-2022-20061
+ RESERVED
+CVE-2022-20060
+ RESERVED
+CVE-2022-20059
+ RESERVED
+CVE-2022-20058
+ RESERVED
+CVE-2022-20057
+ RESERVED
+CVE-2022-20056
+ RESERVED
+CVE-2022-20055
+ RESERVED
+CVE-2022-20054
+ RESERVED
+CVE-2022-20053
+ RESERVED
+CVE-2022-20052
+ RESERVED
+CVE-2022-20051
+ RESERVED
+CVE-2022-20050
+ RESERVED
+CVE-2022-20049
+ RESERVED
+CVE-2022-20048
+ RESERVED
+CVE-2022-20047
+ RESERVED
+CVE-2022-20046 (In Bluetooth, there is a possible memory corruption due to a logic err ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20045 (In Bluetooth, there is a possible service crash due to a use after fre ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20044 (In Bluetooth, there is a possible service crash due to a use after fre ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20043 (In Bluetooth, there is a possible escalation of privilege due to a mis ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20042 (In Bluetooth, there is a possible information disclosure due to incorr ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20041 (In Bluetooth, there is a possible escalation of privilege due to a mis ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20040 (In power_hal_manager_service, there is a possible permission bypass du ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20039 (In ccu driver, there is a possible memory corruption due to an integer ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20038 (In ccu driver, there is a possible memory corruption due to an incorre ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20037 (In ion driver, there is a possible information disclosure due to an in ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20036 (In ion driver, there is a possible information disclosure due to an in ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20035 (In vcu driver, there is a possible information disclosure due to a use ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20034 (In Preloader XFLASH, there is a possible escalation of privilege due t ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20033 (In camera driver, there is a possible out of bounds read due to an inc ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20032 (In vow driver, there is a possible memory corruption due to a race con ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20031 (In fb driver, there is a possible memory corruption due to a use after ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20030 (In vow driver, there is a possible out of bounds write due to a stack- ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20029 (In cmdq driver, there is a possible out of bounds read due to an incor ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20028 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20027 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20026 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20025 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20024 (In system service, there is a possible permission bypass due to a miss ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20023 (In Bluetooth, there is a possible application crash due to bluetooth f ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20022 (In Bluetooth, there is a possible link disconnection due to bluetooth ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20021 (In Bluetooth, there is a possible application crash due to bluetooth d ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20020 (In libvcodecdrv, there is a possible information disclosure due to a m ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20019 (In libMtkOmxGsmDec, there is a possible information disclosure due to ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20018 (In seninf driver, there is a possible information disclosure due to un ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20017 (In ion driver, there is a possible information disclosure due to an in ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20016 (In vow driver, there is a possible memory corruption due to improper l ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20015 (In kd_camera_hw driver, there is a possible information disclosure due ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20014 (In vow driver, there is a possible memory corruption due to improper i ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20013 (In vow driver, there is a possible memory corruption due to a race con ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20012 (In mdp driver, there is a possible memory corruption due to an integer ...)
+ NOT-FOR-US: MediaTek
+CVE-2022-20011
+ RESERVED
+CVE-2022-20010
+ RESERVED
+CVE-2022-20009
+ RESERVED
+CVE-2022-20008
+ RESERVED
+CVE-2022-20007
+ RESERVED
+CVE-2022-20006
+ RESERVED
+CVE-2022-20005
+ RESERVED
+CVE-2022-20004
+ RESERVED
+CVE-2022-20003
+ RESERVED
+CVE-2022-20002
+ RESERVED
+CVE-2022-20001
+ RESERVED
+CVE-2022-22590 [A use after free issue was addressed with improved memory management]
+ RESERVED
+ {DSA-5084-1 DSA-5083-1}
+ - webkit2gtk 2.34.5-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.5-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0002.html
+CVE-2022-22592 [A logic issue was addressed with improved state management]
+ RESERVED
+ {DSA-5084-1 DSA-5083-1}
+ - webkit2gtk 2.34.5-1
+ [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
+ - wpewebkit 2.34.5-1
+ NOTE: https://webkitgtk.org/security/WSA-2022-0002.html
diff --git a/data/DLA/list b/data/DLA/list
index 59ed7aafa7..21489709f1 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,2130 @@
+[19 Feb 2022] DLA-2927-1 twisted - security update
+ {CVE-2020-10108 CVE-2020-10109 CVE-2022-21712}
+ [stretch] - twisted 16.6.0-2+deb9u1
+[18 Feb 2022] DLA-2926-1 zsh - security update
+ {CVE-2021-45444}
+ [stretch] - zsh 5.3.1-4+deb9u5
+[16 Feb 2022] DLA-2925-1 drupal7 - security update
+ {CVE-2022-25271}
+ [stretch] - drupal7 7.52-2+deb9u18
+[15 Feb 2022] DLA-2924-1 libxstream-java - security update
+ {CVE-2021-43859}
+ [stretch] - libxstream-java 1.4.11.1-1+deb9u5
+[15 Feb 2022] DLA-2923-1 h2database - security update
+ {CVE-2021-42392 CVE-2022-23221}
+ [stretch] - h2database 1.4.193-1+deb9u1
+[14 Feb 2022] DLA-2922-1 pgbouncer - security update
+ {CVE-2021-3935}
+ [stretch] - pgbouncer 1.7.2-2+deb9u1
+[14 Feb 2022] DLA-2921-1 thunderbird - security update
+ {CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764}
+ [stretch] - thunderbird 1:91.6.0-1~deb9u1
+[14 Feb 2022] DLA-2920-1 varnish - security update
+ {CVE-2022-23959}
+ [stretch] - varnish 5.0.0-7+deb9u3
+[12 Feb 2022] DLA-2919-1 python2.7 - security update
+ {CVE-2021-3177 CVE-2021-4189}
+ [stretch] - python2.7 2.7.13-2+deb9u6
+[12 Feb 2022] DLA-2918-1 debian-edu-config - security update
+ {CVE-2021-20001}
+ [stretch] - debian-edu-config 1.929+deb9u5
+[10 Feb 2022] DLA-2917-1 openjdk-8 - security update
+ {CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21349 CVE-2022-21360 CVE-2022-21365}
+ [stretch] - openjdk-8 8u322-b06-1~deb9u1
+[09 Feb 2022] DLA-2916-1 firefox-esr - security update
+ {CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764}
+ [stretch] - firefox-esr 91.6.0esr-1~deb9u1
+[09 Feb 2022] DLA-2915-1 connman - security update
+ {CVE-2021-33833 CVE-2022-23096 CVE-2022-23097 CVE-2022-23098}
+ [stretch] - connman 1.33-3+deb9u3
+[07 Feb 2022] DLA-2914-1 zabbix - security update
+ {CVE-2022-23134}
+ [stretch] - zabbix 1:3.0.32+dfsg-0+deb9u2
+[07 Feb 2022] DLA-2913-1 xterm - security update
+ {CVE-2022-24130}
+ [stretch] - xterm 327-2+deb9u2
+[06 Feb 2022] DLA-2912-1 libphp-adodb - security update
+ {CVE-2021-3850}
+ [stretch] - libphp-adodb 5.20.9-1+deb9u1
+[04 Feb 2022] DLA-2911-1 apng2gif - security update
+ {CVE-2017-6960 CVE-2017-6961 CVE-2017-6962}
+ [stretch] - apng2gif 1.8-0.1~deb9u1
+[03 Feb 2022] DLA-2910-1 ldns - security update
+ {CVE-2017-1000231 CVE-2017-1000232 CVE-2020-19860 CVE-2020-19861}
+ [stretch] - ldns 1.7.0-1+deb9u1
+[03 Feb 2022] DLA-2909-1 strongswan - security update
+ {CVE-2021-45079}
+ [stretch] - strongswan 5.5.1-4+deb9u6
+[03 Feb 2022] DLA-2908-1 librecad - security update
+ {CVE-2021-45341 CVE-2021-45342 CVE-2021-45343}
+ [stretch] - librecad 2.1.2-1+deb9u3
+[01 Feb 2022] DLA-2907-1 apache2 - security update
+ {CVE-2021-44224 CVE-2021-44790}
+ [stretch] - apache2 2.4.25-3+deb9u12
+[01 Feb 2022] DLA-2906-1 python-django - security update
+ {CVE-2022-22818 CVE-2022-23833}
+ [stretch] - python-django 1:1.10.7-2+deb9u15
+[31 Jan 2022] DLA-2905-1 apache-log4j1.2 - security update
+ {CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307}
+ [stretch] - apache-log4j1.2 1.2.17-7+deb9u2
+[30 Jan 2022] DLA-2904-1 expat - security update
+ {CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990}
+ [stretch] - expat 2.2.0-2+deb9u4
+[29 Jan 2022] DLA-2903-1 libraw - security update
+ {CVE-2017-13735 CVE-2017-14265 CVE-2017-14348 CVE-2017-14608 CVE-2017-16909 CVE-2017-16910 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5804 CVE-2018-5805 CVE-2018-5806 CVE-2018-5807 CVE-2018-5808 CVE-2018-5810 CVE-2018-5811 CVE-2018-5812 CVE-2018-5813 CVE-2018-5815 CVE-2018-5817 CVE-2018-5818 CVE-2018-5819 CVE-2018-20363 CVE-2018-20364 CVE-2018-20365}
+ [stretch] - libraw 0.17.2-6+deb9u2
+[27 Jan 2022] DLA-2902-1 graphicsmagick - security update
+ {CVE-2020-12672}
+ [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u5
+[26 Jan 2022] DLA-2883-2 uriparser - regression update
+ {CVE-2021-46141}
+ [stretch] - uriparser 0.8.4-1+deb9u4
+[25 Jan 2022] DLA-2901-1 libxfont - security update
+ {CVE-2017-16611}
+ [stretch] - libxfont 1:2.0.1-3+deb9u2
+[25 Jan 2022] DLA-2900-1 lrzsz - security update
+ {CVE-2018-10195}
+ [stretch] - lrzsz 0.12.21-8+deb9u1
+[25 Jan 2022] DLA-2899-1 policykit-1 - security update
+ {CVE-2021-4034}
+ [stretch] - policykit-1 0.105-18+deb9u2
+[25 Jan 2022] DLA-2898-1 nss - security update
+ {CVE-2022-22747}
+ [stretch] - nss 2:3.26.2-1.1+deb9u5
+[24 Jan 2022] DLA-2897-1 apr - security update
+ {CVE-2017-12613}
+ [stretch] - apr 1.5.2-5+deb9u1
+[24 Jan 2022] DLA-2896-1 ipython - security update
+ {CVE-2022-21699}
+ [stretch] - ipython 5.1.0-3+deb9u1
+[24 Jan 2022] DLA-2895-1 qt4-x11 - security update
+ {CVE-2021-3481 CVE-2021-45930}
+ [stretch] - qt4-x11 4:4.8.7+dfsg-11+deb9u3
+[24 Jan 2022] DLA-2894-1 aide - security update
+ {CVE-2021-45417}
+ [stretch] - aide 0.16-1+deb9u1
+[23 Jan 2022] DLA-2893-1 pillow - security update
+ {CVE-2022-22815 CVE-2022-22816 CVE-2022-22817}
+ [stretch] - pillow 4.0.0-4+deb9u4
+[21 Jan 2022] DLA-2892-1 golang-1.7 - security update
+ {CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717}
+ [stretch] - golang-1.7 1.7.4-2+deb9u4
+[21 Jan 2022] DLA-2891-1 golang-1.8 - security update
+ {CVE-2021-33196 CVE-2021-36221 CVE-2021-39293 CVE-2021-41771 CVE-2021-44716 CVE-2021-44717}
+ [stretch] - golang-1.8 1.8.1-1+deb9u4
+[21 Jan 2022] DLA-2890-1 libspf2 - security update
+ {CVE-2021-33912 CVE-2021-33913}
+ [stretch] - libspf2 1.2.10-7+deb9u2
+[19 Jan 2022] DLA-2889-1 drupal7 - security update
+ {CVE-2016-7103 CVE-2010-5312 CVE-2021-41182 CVE-2021-41183}
+ [stretch] - drupal7 7.52-2+deb9u17
+[18 Jan 2022] DLA-2888-1 nvidia-graphics-drivers - security update
+ {CVE-2021-1056 CVE-2021-1076 CVE-2021-1093 CVE-2021-1094 CVE-2021-1095}
+ [stretch] - nvidia-graphics-drivers 390.144-1~deb9u1
+[18 Jan 2022] DLA-2887-1 lighttpd - security update
+ {CVE-2018-19052}
+ [stretch] - lighttpd 1.4.45-1+deb9u1
+[17 Jan 2022] DLA-2886-1 slurm-llnl - security update
+ {CVE-2019-12838 CVE-2020-12693 CVE-2020-27745 CVE-2021-31215}
+ [stretch] - slurm-llnl 16.05.9-1+deb9u5
+[17 Jan 2022] DLA-2885-1 qtsvg-opensource-src - security update
+ {CVE-2021-3481 CVE-2021-45930}
+ [stretch] - qtsvg-opensource-src 5.7.1~20161021-2.1+deb9u1
+[17 Jan 2022] DLA-2884-1 wordpress - security update
+ {CVE-2022-21661 CVE-2022-21662 CVE-2022-21663 CVE-2022-21664}
+ [stretch] - wordpress 4.7.22+dfsg-0+deb9u1
+[17 Jan 2022] DLA-2883-1 uriparser - security update
+ {CVE-2021-46141 CVE-2021-46142}
+ [stretch] - uriparser 0.8.4-1+deb9u3
+[17 Jan 2022] DLA-2882-1 sphinxsearch - security update
+ {CVE-2020-29050}
+ [stretch] - sphinxsearch 2.2.11-1.1+deb9u1
+[16 Jan 2022] DLA-2881-1 thunderbird - security update
+ {CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751}
+ [stretch] - thunderbird 1:91.5.0-1~deb9u1
+[16 Jan 2022] DLA-2880-1 firefox-esr - security update
+ {CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751}
+ [stretch] - firefox-esr 91.5.0esr-1~deb9u1
+[14 Jan 2022] DLA-2879-1 ghostscript - security update
+ {CVE-2021-45944 CVE-2021-45949}
+ [stretch] - ghostscript 9.26a~dfsg-0+deb9u8
+[12 Jan 2022] DLA-2878-1 roundcube - security update
+ {CVE-2021-46144}
+ [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u10
+[12 Jan 2022] DLA-2877-1 gdal - security update
+ {CVE-2019-17545 CVE-2021-45943}
+ [stretch] - gdal 2.1.2+dfsg-5+deb9u1
+[10 Jan 2022] DLA-2876-1 vim - security update
+ {CVE-2017-17087 CVE-2019-20807 CVE-2021-3778 CVE-2021-3796}
+ [stretch] - vim 2:8.0.0197-4+deb9u4
+[10 Jan 2022] DLA-2875-1 clamav - security update
+ [stretch] - clamav 0.103.4+dfsg-0+deb9u1
+[04 Jan 2022] DLA-2874-1 thunderbird - security update
+ {CVE-2021-4126 CVE-2021-38496 CVE-2021-38500 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43529 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538}
+ [stretch] - thunderbird 1:91.4.1-1~deb9u1
+[03 Jan 2022] DLA-2480-2 salt - regression update
+ [stretch] - salt 2016.11.2+ds-1+deb9u10
+[31 Dec 2021] DLA-2873-1 aria2 - security update
+ {CVE-2019-3500}
+ [stretch] - aria2 1.30.0-2+deb9u1
+[31 Dec 2021] DLA-2872-1 agg - security update
+ {CVE-2019-6245}
+ [stretch] - agg 2.5+dfsg1-11+deb9u1
+[30 Dec 2021] DLA-2871-1 lxml - security update
+ {CVE-2021-43818}
+ [stretch] - lxml 3.7.1-1+deb9u5
+[29 Dec 2021] DLA-2870-1 apache-log4j2 - security update
+ {CVE-2021-44832}
+ [stretch] - apache-log4j2 2.12.4-0+deb9u1
+[29 Dec 2021] DLA-2869-1 xorg-server - security update
+ {CVE-2021-4008 CVE-2021-4009 CVE-2021-4011}
+ [stretch] - xorg-server 2:1.19.2-1+deb9u9
+[29 Dec 2021] DLA-2868-1 advancecomp - security update
+ {CVE-2018-1056 CVE-2019-8379 CVE-2019-8383 CVE-2019-9210}
+ [stretch] - advancecomp 1.20-1+deb9u1
+[29 Dec 2021] DLA-2857-2 postgis - regression update
+ [stretch] - postgis 2.3.1+dfsg-2+deb9u2
+[29 Dec 2021] DLA-2867-1 spip - security update
+ {CVE-2021-44118 CVE-2021-44120 CVE-2021-44122 CVE-2021-44123}
+ [stretch] - spip 3.1.4-4~deb9u4+deb9u2
+[29 Dec 2021] DLA-2866-1 uw-imap - security update
+ {CVE-2018-19518}
+ [stretch] - uw-imap 8:2007f~dfsg-5+deb9u1
+[29 Dec 2021] DLA-2865-1 resiprocate - security update
+ {CVE-2017-11521 CVE-2018-12584}
+ [stretch] - resiprocate 1:1.11.0~beta1-3+deb9u2
+[29 Dec 2021] DLA-2864-1 ruby-haml - security update
+ {CVE-2017-1002201}
+ [stretch] - ruby-haml 4.0.7-1+deb9u1
+[29 Dec 2021] DLA-2863-1 firefox-esr - security update
+ {CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546}
+ [stretch] - firefox-esr 91.4.1esr-1~deb9u1
+[29 Dec 2021] DLA-2862-1 python-gnupg - security update
+ {CVE-2018-12020 CVE-2019-6690}
+ [stretch] - python-gnupg 0.3.9-1+deb9u1
+[28 Dec 2021] DLA-2861-1 rdflib - security update
+ {CVE-2019-7653}
+ [stretch] - rdflib 4.2.1-2+deb9u1
+[28 Dec 2021] DLA-2860-1 paramiko - security update
+ {CVE-2018-7750 CVE-2018-1000805}
+ [stretch] - paramiko 2.0.0-1+deb9u1
+[28 Dec 2021] DLA-2859-1 zziplib - security update
+ {CVE-2020-18442}
+ [stretch] - zziplib 0.13.62-3.2~deb9u2
+[28 Dec 2021] DLA-2858-1 libzip - security update
+ {CVE-2017-14107}
+ [stretch] - libzip 1.1.2-1.1+deb9u1
+[28 Dec 2021] DLA-2857-1 postgis - security update
+ {CVE-2017-18359}
+ [stretch] - postgis 2.3.1+dfsg-2+deb9u1
+[27 Dec 2021] DLA-2856-1 okular - security update
+ {CVE-2020-9359}
+ [stretch] - okular 4:16.08.2-1+deb9u2
+[27 Dec 2021] DLA-2855-1 monit - security update
+ {CVE-2019-11454 CVE-2019-11455}
+ [stretch] - monit 1:5.20.0-6+deb9u2
+[27 Dec 2021] DLA-2854-1 novnc - security update
+ {CVE-2017-18635}
+ [stretch] - novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-6+deb9u1
+[27 Dec 2021] DLA-2853-1 ruby2.3 - security update
+ {CVE-2021-41817 CVE-2021-41819}
+ [stretch] - ruby2.3 2.3.3-1+deb9u11
+[26 Dec 2021] DLA-2852-1 apache-log4j2 - security update
+ {CVE-2020-9488 CVE-2021-45105}
+ [stretch] - apache-log4j2 2.12.3-0+deb9u1
+[26 Dec 2021] DLA-2851-1 libextractor - security update
+ {CVE-2019-15531}
+ [stretch] - libextractor 1:1.3-4+deb9u4
+[26 Dec 2021] DLA-2850-1 libpcap - security update
+ {CVE-2019-15165}
+ [stretch] - libpcap 1.8.1-3+deb9u1
+[26 Dec 2021] DLA-2849-1 wireshark - security update
+ {CVE-2021-22207 CVE-2021-22235 CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 CVE-2021-39928 CVE-2021-39929}
+ [stretch] - wireshark 2.6.20-0+deb9u2
+[17 Dec 2021] DLA-2848-1 libssh2 - security update
+ {CVE-2019-13115 CVE-2019-17498}
+ [stretch] - libssh2 1.7.0-1+deb9u2
+[15 Dec 2021] DLA-2847-1 mediawiki - security update
+ {CVE-2021-44858}
+ [stretch] - mediawiki 1:1.27.7-1+deb9u11
+[14 Dec 2021] DLA-2846-1 raptor2 - security update
+ {CVE-2020-25713}
+ [stretch] - raptor2 2.0.14-1+deb9u2
+[14 Dec 2021] DLA-2845-1 libsamplerate - security update
+ {CVE-2017-7697}
+ [stretch] - libsamplerate 0.1.8-8+deb9u1
+[13 Dec 2021] DLA-2844-1 privoxy - security update
+ {CVE-2021-44540 CVE-2021-44543}
+ [stretch] - privoxy 3.0.26-3+deb9u3
+[12 Dec 2021] DLA-2843-1 linux - security update
+ {CVE-2020-3702 CVE-2020-16119 CVE-2021-0920 CVE-2021-3612 CVE-2021-3653 CVE-2021-3655 CVE-2021-3679 CVE-2021-3732 CVE-2021-3753 CVE-2021-3760 CVE-2021-20317 CVE-2021-20321 CVE-2021-20322 CVE-2021-22543 CVE-2021-37159 CVE-2021-38160 CVE-2021-38198 CVE-2021-38199 CVE-2021-38204 CVE-2021-38205 CVE-2021-40490 CVE-2021-41864 CVE-2021-42008 CVE-2021-42739 CVE-2021-43389}
+ [stretch] - linux 4.9.290-1
+[12 Dec 2021] DLA-2842-1 apache-log4j2 - security update
+ {CVE-2021-44228}
+ [stretch] - apache-log4j2 2.7-2+deb9u1
+[08 Dec 2021] DLA-2836-2 nss - regression update
+ [stretch] - nss 2:3.26.2-1.1+deb9u4
+[06 Dec 2021] DLA-2841-1 runc - security update
+ {CVE-2021-43784}
+ [stretch] - runc 0.1.1+dfsg1-2+deb9u3
+[06 Dec 2021] DLA-2840-1 roundcube - security update
+ {CVE-2021-44025 CVE-2021-44026}
+ [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u9
+[03 Dec 2021] DLA-2839-1 gerbv - security update
+ {CVE-2021-40391}
+ [stretch] - gerbv 2.6.1-2+deb9u1
+[03 Dec 2021] DLA-2838-1 librecad - security update
+ {CVE-2021-21898 CVE-2021-21899 CVE-2021-21900}
+ [stretch] - librecad 2.1.2-1+deb9u2
+[02 Dec 2021] DLA-2837-1 gmp - security update
+ {CVE-2021-43618}
+ [stretch] - gmp 2:6.1.2+dfsg-1+deb9u1
+[02 Dec 2021] DLA-2836-1 nss - security update
+ {CVE-2021-43527}
+ [stretch] - nss 2:3.26.2-1.1+deb9u3
+[30 Nov 2021] DLA-2835-1 rsyslog - security update
+ {CVE-2019-17041 CVE-2019-17042}
+ [stretch] - rsyslog 8.24.0-1+deb9u1
+[30 Nov 2021] DLA-2834-1 uriparser - security update
+ {CVE-2018-20721}
+ [stretch] - uriparser 0.8.4-1+deb9u2
+[30 Nov 2021] DLA-2833-1 rsync - security update
+ {CVE-2018-5764}
+ [stretch] - rsync 3.1.2-1+deb9u3
+[29 Nov 2021] DLA-2832-1 opensc - security update
+ {CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570 CVE-2020-26571 CVE-2020-26572}
+ [stretch] - opensc 0.16.0-3+deb9u2
+[28 Nov 2021] DLA-2831-1 libntlm - security update
+ {CVE-2019-17455}
+ [stretch] - libntlm 1.4-8+deb9u1
+[28 Nov 2021] DLA-2830-1 tar - security update
+ {CVE-2018-20482}
+ [stretch] - tar 1.29b-1.1+deb9u1
+[27 Nov 2021] DLA-2829-1 libvpx - security update
+ {CVE-2020-0034}
+ [stretch] - libvpx 1.6.1-3+deb9u3
+[27 Nov 2021] DLA-2828-1 libvorbis - security update
+ {CVE-2017-14160 CVE-2018-10392 CVE-2018-10393}
+ [stretch] - libvorbis 1.3.5-4+deb9u3
+[27 Nov 2021] DLA-2827-1 bluez - security update
+ {CVE-2019-8921 CVE-2019-8922 CVE-2021-41229}
+ [stretch] - bluez 5.43-2+deb9u5
+[23 Nov 2021] DLA-2826-1 mbedtls - security update
+ {CVE-2018-9988 CVE-2018-9989 CVE-2020-36475 CVE-2020-36476 CVE-2020-36478 CVE-2021-24119}
+ [stretch] - mbedtls 2.4.2-1+deb9u4
+[22 Nov 2021] DLA-2825-1 libmodbus - security update
+ {CVE-2019-14462 CVE-2019-14463}
+ [stretch] - libmodbus 3.0.6-2+deb9u1
+[21 Nov 2021] DLA-2823-2 salt - regression update
+ [stretch] - salt 2016.11.2+ds-1+deb9u9
+[20 Nov 2021] DLA-2824-1 firebird3.0 - security update
+ {CVE-2017-11509}
+ [stretch] - firebird3.0 3.0.1.32609.ds4-14+deb9u1
+[19 Nov 2021] DLA-2823-1 salt - security update
+ {CVE-2021-21996}
+ [stretch] - salt 2016.11.2+ds-1+deb9u8
+[19 Nov 2021] DLA-2822-1 netkit-rsh - security update
+ {CVE-2019-7282 CVE-2019-7283}
+ [stretch] - netkit-rsh 0.17-17+deb9u1
+[17 Nov 2021] DLA-2821-1 axis - security update
+ {CVE-2018-8032}
+ [stretch] - axis 1.4-25+deb9u1
+[17 Nov 2021] DLA-2820-1 atftp - security update
+ {CVE-2020-6097 CVE-2021-41054}
+ [stretch] - atftp 0.7.git20120829-3.1~deb9u2
+[16 Nov 2021] DLA-2819-1 ntfs-3g - security update
+ {CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39254 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263}
+ [stretch] - ntfs-3g 1:2016.2.22AR.1+dfsg-1+deb9u2
+[13 Nov 2021] DLA-2818-1 ffmpeg - security update
+ {CVE-2020-20445 CVE-2020-20446 CVE-2020-20451 CVE-2020-20453 CVE-2020-22037 CVE-2020-22041 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048 CVE-2020-22049 CVE-2020-22054 CVE-2021-38171 CVE-2021-38291}
+ [stretch] - ffmpeg 7:3.2.16-1+deb9u1
+[12 Nov 2021] DLA-2817-1 postgresql-9.6 - security update
+ {CVE-2021-23214 CVE-2021-23222}
+ [stretch] - postgresql-9.6 9.6.24-0+deb9u1
+[10 Nov 2021] DLA-2816-1 icinga2 - security update
+ {CVE-2021-32739 CVE-2021-32743 CVE-2021-37698}
+ [stretch] - icinga2 2.6.0-2+deb9u2
+[10 Nov 2021] DLA-2815-1 salt - security update
+ {CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3144 CVE-2021-3148 CVE-2021-3197 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-25284 CVE-2021-31607}
+ [stretch] - salt 2016.11.2+ds-1+deb9u7
+[09 Nov 2021] DLA-2814-1 openjdk-8 - security update
+ {CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603}
+ [stretch] - openjdk-8 8u312-b07-1~deb9u1
+[09 Nov 2021] DLA-2813-1 ckeditor - security update
+ {CVE-2021-33829 CVE-2021-37695}
+ [stretch] - ckeditor 4.5.7+dfsg-2+deb9u1
+[08 Nov 2021] DLA-2812-1 botan1.10 - security update
+ {CVE-2017-14737}
+ [stretch] - botan1.10 1.10.17-1+deb9u1
+[06 Nov 2021] DLA-2811-1 sqlalchemy - security update
+ {CVE-2019-7164 CVE-2019-7548}
+ [stretch] - sqlalchemy 1.0.15+ds1-1+deb9u1
+[05 Nov 2021] DLA-2810-1 redis - security update
+ {CVE-2021-32626 CVE-2021-32672 CVE-2021-32675 CVE-2021-32687 CVE-2021-32762 CVE-2021-41099}
+ [stretch] - redis 3:3.2.6-3+deb9u8
+[05 Nov 2021] DLA-2809-1 udisks2 - security update
+ {CVE-2021-3802}
+ [stretch] - udisks2 2.1.8-1+deb9u1
+[05 Nov 2021] DLA-2808-1 python3.5 - security update
+ {CVE-2021-3733 CVE-2021-3737}
+ [stretch] - python3.5 3.5.3-1+deb9u5
+[01 Nov 2021] DLA-2807-1 bind9 - security update
+ {CVE-2018-5740 CVE-2021-25219}
+ [stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u10
+[01 Nov 2021] DLA-2806-1 glusterfs - security update
+ {CVE-2018-1088 CVE-2018-10841 CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930 CVE-2018-14652 CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660 CVE-2018-14661}
+ [stretch] - glusterfs 3.8.8-1+deb9u1
+[31 Oct 2021] DLA-2805-1 libmspack - security update
+ {CVE-2019-1010305}
+ [stretch] - libmspack 0.5-1+deb9u4
+[31 Oct 2021] DLA-2804-1 libsdl1.2 - security update
+ {CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2019-13616}
+ [stretch] - libsdl1.2 1.2.15+dfsg1-4+deb9u1
+[31 Oct 2021] DLA-2803-1 libsdl2 - security update
+ {CVE-2017-2888 CVE-2019-7637}
+ [stretch] - libsdl2 2.0.5+dfsg1-2+deb9u2
+[30 Oct 2021] DLA-2802-1 elfutils - security update
+ {CVE-2018-16062 CVE-2018-16402 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7150 CVE-2019-7665}
+ [stretch] - elfutils 0.168-1+deb9u1
+[30 Oct 2021] DLA-2801-1 cron - security update
+ {CVE-2017-9525 CVE-2019-9704 CVE-2019-9705 CVE-2019-9706}
+ [stretch] - cron 3.0pl1-128+deb9u2
+[30 Oct 2021] DLA-2800-1 cups - security update
+ {CVE-2020-10001}
+ [stretch] - cups 2.2.1-8+deb9u7
+[29 Oct 2021] DLA-2799-1 opencv - security update
+ {CVE-2016-1516 CVE-2017-12597 CVE-2017-12598 CVE-2017-12599 CVE-2017-12601 CVE-2017-12603 CVE-2017-12604 CVE-2017-12605 CVE-2017-12606 CVE-2017-12862 CVE-2017-12863 CVE-2017-12864 CVE-2017-17760 CVE-2017-1000450 CVE-2018-5268 CVE-2018-5269 CVE-2019-14493 CVE-2019-15939}
+ [stretch] - opencv 2.4.9.1+dfsg1-2+deb9u1
+[29 Oct 2021] DLA-2798-1 libdatetime-timezone-perl - new upstream version
+ [stretch] - libdatetime-timezone-perl 1:2.09-1+2021e
+[29 Oct 2021] DLA-2797-1 tzdata - new upstream version
+ [stretch] - tzdata 2021a-0+deb9u2
+[29 Oct 2021] DLA-2796-1 jbig2dec - security update
+ {CVE-2017-9216 CVE-2020-12268}
+ [stretch] - jbig2dec 0.13-4.1+deb9u1
+[29 Oct 2021] DLA-2795-1 gpsd - security update
+ {CVE-2018-17937}
+ [stretch] - gpsd 3.16-4+deb9u1
+[27 Oct 2021] DLA-2794-1 php7.0 - security update
+ {CVE-2021-21703}
+ [stretch] - php7.0 7.0.33-0+deb9u12
+[26 Oct 2021] DLA-2793-1 mosquitto - security update
+ {CVE-2017-7655}
+ [stretch] - mosquitto 1.4.10-3+deb9u5
+[24 Oct 2021] DLA-2792-1 faad2 - security update
+ {CVE-2018-20199 CVE-2018-20360 CVE-2019-6956 CVE-2021-32274 CVE-2021-32276 CVE-2021-32277 CVE-2021-32278}
+ [stretch] - faad2 2.8.0~cvs20161113-1+deb9u3
+[23 Oct 2021] DLA-2791-1 mailman - security update
+ {CVE-2021-42096 CVE-2021-42097}
+ [stretch] - mailman 1:2.1.23-1+deb9u7
+[21 Oct 2021] DLA-2790-1 python-babel - security update
+ {CVE-2021-42771}
+ [stretch] - python-babel 2.3.4+dfsg.1-2+deb9u1
+[20 Oct 2021] DLA-2789-1 squashfs-tools - security update
+ {CVE-2021-41072}
+ [stretch] - squashfs-tools 1:4.3-3+deb9u3
+[20 Oct 2021] DLA-2768-2 uwsgi - regression update
+ [stretch] - uwsgi 2.0.14+20161117-3+deb9u5
+[20 Oct 2021] DLA-2618-3 smarty3 - regression update
+ [stretch] - smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u4
+[20 Oct 2021] DLA-2788-1 strongswan - security update
+ {CVE-2021-41991}
+ [stretch] - strongswan 5.5.1-4+deb9u5
+[18 Oct 2021] DLA-2787-1 redmine - security update
+ {CVE-2021-42326}
+ [stretch] - redmine 3.3.1-4+deb9u5
+[18 Oct 2021] DLA-2743-2 amd64-microcode - regression update
+ [stretch] - amd64-microcode 3.20181128.1~deb9u2
+[16 Oct 2021] DLA-2786-1 nghttp2 - security update
+ {CVE-2018-1000168 CVE-2020-11080}
+ [stretch] - nghttp2 1.18.1-1+deb9u2
+[12 Oct 2021] DLA-2785-1 linux-4.19 - security update
+ {CVE-2020-3702 CVE-2020-16119 CVE-2021-3444 CVE-2021-3600 CVE-2021-3612 CVE-2021-3653 CVE-2021-3655 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3743 CVE-2021-3753 CVE-2021-22543 CVE-2021-33624 CVE-2021-34556 CVE-2021-35039 CVE-2021-35477 CVE-2021-37159 CVE-2021-37576 CVE-2021-38160 CVE-2021-38198 CVE-2021-38199 CVE-2021-38204 CVE-2021-38205 CVE-2021-40490 CVE-2021-42008 CVE-2021-42252}
+ [stretch] - linux-4.19 4.19.208-1~deb9u1
+[12 Oct 2021] DLA-2784-1 icu - security update
+ {CVE-2020-21913}
+ [stretch] - icu 57.1-6+deb9u5
+[12 Oct 2021] DLA-2783-1 hiredis - security update
+ {CVE-2021-32765}
+ [stretch] - hiredis 0.13.3-1+deb9u1
+[11 Oct 2021] DLA-2782-1 firefox-esr - security update
+ {CVE-2021-38496 CVE-2021-38500}
+ [stretch] - firefox-esr 78.15.0esr-1~deb9u1
+[11 Oct 2021] DLA-2781-1 neutron - security update
+ {CVE-2021-40085}
+ [stretch] - neutron 2:9.1.1-3+deb9u2
+[11 Oct 2021] DLA-2780-1 ruby2.3 - security update
+ {CVE-2021-31799 CVE-2021-31810 CVE-2021-32066}
+ [stretch] - ruby2.3 2.3.3-1+deb9u10
+[09 Oct 2021] DLA-2779-1 mediawiki - security update
+ {CVE-2021-35197 CVE-2021-41798 CVE-2021-41799}
+ [stretch] - mediawiki 1:1.27.7-1~deb9u10
+[04 Oct 2021] DLA-2778-1 fig2dev - security update
+ {CVE-2019-19797 CVE-2020-21529 CVE-2020-21530 CVE-2020-21531 CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21535 CVE-2020-21675 CVE-2020-21676 CVE-2021-3561 CVE-2021-32280}
+ [stretch] - fig2dev 1:3.2.6a-2+deb9u4
+[03 Oct 2021] DLA-2777-1 tiff - security update
+ {CVE-2020-19131 CVE-2020-19144}
+ [stretch] - tiff 4.0.8-2+deb9u7
+[02 Oct 2021] DLA-2776-1 apache2 - security update
+ {CVE-2021-34798 CVE-2021-39275 CVE-2021-40438}
+ [stretch] - apache2 2.4.25-3+deb9u11
+[02 Oct 2021] DLA-2775-1 plib - security update
+ {CVE-2021-38714}
+ [stretch] - plib 1.8.5-7+deb9u1
+[30 Sep 2021] DLA-2774-1 openssl1.0 - security update
+ {CVE-2021-3712}
+ [stretch] - openssl1.0 1.0.2u-1~deb9u6
+[30 Sep 2021] DLA-2773-1 curl - security update
+ {CVE-2021-22946 CVE-2021-22947}
+ [stretch] - curl 7.52.1-5+deb9u16
+[30 Sep 2021] DLA-2772-1 taglib - security update
+ {CVE-2017-12678 CVE-2018-11439}
+ [stretch] - taglib 1.11.1+dfsg.1-0.3+deb9u1
+[30 Sep 2021] DLA-2771-1 krb5 - security update
+ {CVE-2018-5729 CVE-2018-5730 CVE-2018-20217 CVE-2021-37750}
+ [stretch] - krb5 1.15-1+deb9u3
+[30 Sep 2021] DLA-2770-1 weechat - security update
+ {CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516}
+ [stretch] - weechat 1.6-1+deb9u3
+[29 Sep 2021] DLA-2769-1 libxstream-java - security update
+ {CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154}
+ [stretch] - libxstream-java 1.4.11.1-1+deb9u4
+[29 Sep 2021] DLA-2768-1 uwsgi - security update
+ {CVE-2021-36160}
+ [stretch] - uwsgi 2.0.14+20161117-3+deb9u4
+[27 Sep 2021] DLA-2767-1 libxml-security-java - security update
+ {CVE-2021-40690}
+ [stretch] - libxml-security-java 1.5.8-2+deb9u1
+[27 Sep 2021] DLA-2766-1 openssl - security update
+ {CVE-2021-3712}
+ [stretch] - openssl 1.1.0l-1~deb9u4
+[23 Sep 2021] DLA-2765-1 mupdf - security update
+ {CVE-2016-10246 CVE-2016-10247 CVE-2017-6060 CVE-2018-10289 CVE-2018-1000036 CVE-2020-19609}
+ [stretch] - mupdf 1.14.0+ds1-4+deb9u1
+[22 Sep 2021] DLA-2764-1 tomcat8 - security update
+ {CVE-2021-41079}
+ [stretch] - tomcat8 8.5.54-0+deb9u8
+[22 Sep 2021] DLA-2763-1 ruby-kaminari - security update
+ {CVE-2020-11082}
+ [stretch] - ruby-kaminari 0.17.0-3+deb9u1
+[22 Sep 2021] DLA-2762-1 grilo - security update
+ {CVE-2021-39365}
+ [stretch] - grilo 0.3.2-2+deb9u1
+[18 Sep 2021] DLA-2761-1 openssl1.0 - security update
+ [stretch] - openssl1.0 1.0.2u-1~deb9u5
+[18 Sep 2021] DLA-2760-1 nettle - security update
+ {CVE-2021-3580 CVE-2021-20305}
+ [stretch] - nettle 3.3-1+deb9u1
+[17 Sep 2021] DLA-2759-1 gnutls28 - security update
+ [stretch] - gnutls28 3.5.8-5+deb9u6
+[15 Sep 2021] DLA-2758-1 sssd - security update
+ {CVE-2021-3621}
+ [stretch] - sssd 1.15.0-3+deb9u2
+[13 Sep 2021] DLA-2757-1 thunderbird - security update
+ {CVE-2021-38493}
+ [stretch] - thunderbird 1:78.14.0-1~deb9u1
+[11 Sep 2021] DLA-2753-2 qemu - regression update
+ [stretch] - qemu 1:2.8+dfsg-6+deb9u16
+[10 Sep 2021] DLA-2756-1 firefox-esr - security update
+ {CVE-2021-38493}
+ [stretch] - firefox-esr 78.14.0esr-1~deb9u1
+[05 Sep 2021] DLA-2755-1 btrbk - security update
+ {CVE-2021-38173}
+ [stretch] - btrbk 0.24.0-1+deb9u1
+[04 Sep 2021] DLA-2754-1 pywps - security update
+ {CVE-2021-39371}
+ [stretch] - pywps 4.0.0-3+deb9u1
+[01 Sep 2021] DLA-2753-1 qemu - security update
+ {CVE-2021-3527 CVE-2021-3594 CVE-2021-3595 CVE-2021-3682 CVE-2021-3713}
+ [stretch] - qemu 1:2.8+dfsg-6+deb9u15
+[31 Aug 2021] DLA-2752-1 squashfs-tools - security update
+ {CVE-2021-40153}
+ [stretch] - squashfs-tools 1:4.3-3+deb9u2
+[31 Aug 2021] DLA-2751-1 postgresql-9.6 - security update
+ [stretch] - postgresql-9.6 9.6.23-0+deb9u1
+[30 Aug 2021] DLA-2750-1 exiv2 - security update
+ {CVE-2019-20421 CVE-2021-3482 CVE-2021-29457 CVE-2021-29473 CVE-2021-31292}
+ [stretch] - exiv2 0.25-3.1+deb9u3
+[29 Aug 2021] DLA-2749-1 gthumb - security update
+ {CVE-2019-20326}
+ [stretch] - gthumb 3:3.4.4.1-5+deb9u2
+[27 Aug 2021] DLA-2717-2 redis - regression update
+ {CVE-2021-32761}
+ [stretch] - redis 3:3.2.6-3+deb9u6
+[23 Aug 2021] DLA-2748-1 tnef - security update
+ {CVE-2019-18849}
+ [stretch] - tnef 1.4.12-1.2+deb9u1
+[22 Aug 2021] DLA-2742-2 ffmpeg - regression update
+ [stretch] - ffmpeg 7:3.2.15-0+deb9u4
+[22 Aug 2021] DLA-2747-1 ircii - security update
+ {CVE-2021-29376}
+ [stretch] - ircii 20151120-1+deb9u1
+[21 Aug 2021] DLA-2746-1 scrollz - security update
+ {CVE-2021-29376}
+ [stretch] - scrollz 2.2.3-1+deb9u1
+[16 Aug 2021] DLA-2745-1 thunderbird - security update
+ {CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989}
+ [stretch] - thunderbird 1:78.13.0-1~deb9u1
+[16 Aug 2021] DLA-2744-1 usermode - security update
+ [stretch] - usermode 1.109-1+deb9u1
+[16 Aug 2021] DLA-2743-1 amd64-microcode - security update
+ {CVE-2017-5715}
+ [stretch] - amd64-microcode 3.20181128.1~deb9u1
+[14 Aug 2021] DLA-2742-1 ffmpeg - security update
+ {CVE-2020-21041 CVE-2020-22015 CVE-2020-22016 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22028 CVE-2020-22031 CVE-2020-22032 CVE-2020-22036 CVE-2021-3566 CVE-2021-38114}
+ [stretch] - ffmpeg 7:3.2.15-0+deb9u3
+[12 Aug 2021] DLA-2741-1 commons-io - security update
+ {CVE-2021-29425}
+ [stretch] - commons-io 2.5-1+deb9u1
+[12 Aug 2021] DLA-2740-1 firefox-esr - security update
+ {CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989}
+ [stretch] - firefox-esr 78.13.0esr-1~deb9u1
+[11 Aug 2021] DLA-2739-1 libspf2 - security update
+ {CVE-2021-20314}
+ [stretch] - libspf2 1.2.10-7+deb9u1
+[10 Aug 2021] DLA-2738-1 c-ares - security update
+ {CVE-2021-3672}
+ [stretch] - c-ares 1.12.0-1+deb9u2
+[09 Aug 2021] DLA-2737-1 openjdk-8 - security update
+ {CVE-2021-2341 CVE-2021-2369 CVE-2021-2388}
+ [stretch] - openjdk-8 8u302-b08-1~deb9u1
+[09 Aug 2021] DLA-2736-1 lynx - security update
+ {CVE-2021-38165}
+ [stretch] - lynx 2.8.9dev11-1+deb9u1
+[09 Aug 2021] DLA-2735-1 ceph - security update
+ {CVE-2018-14662 CVE-2018-16846 CVE-2020-1760 CVE-2020-10753 CVE-2021-3524}
+ [stretch] - ceph 10.2.11-2+deb9u1
+[09 Aug 2021] DLA-2734-1 curl - security update
+ {CVE-2021-22898 CVE-2021-22924}
+ [stretch] - curl 7.52.1-5+deb9u15
+[05 Aug 2021] DLA-2733-1 tomcat8 - security update
+ {CVE-2021-30640 CVE-2021-33037}
+ [stretch] - tomcat8 8.5.54-0+deb9u7
+[04 Aug 2021] DLA-2732-1 openexr - security update
+ {CVE-2021-3605 CVE-2021-20299 CVE-2021-20300 CVE-2021-20302 CVE-2021-20303}
+ [stretch] - openexr 2.2.0-11+deb9u4
+[04 Aug 2021] DLA-2731-1 wordpress - security update
+ [stretch] - wordpress 4.7.21+dfsg-0+deb9u1
+[04 Aug 2021] DLA-2730-1 libpam-tacplus - security update
+ {CVE-2020-13881}
+ [stretch] - libpam-tacplus 1.3.8-2+deb9u1
+[04 Aug 2021] DLA-2729-1 asterisk - security update
+ {CVE-2021-32558}
+ [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u5
+[03 Aug 2021] DLA-2728-1 vlc - security update
+ {CVE-2021-25801 CVE-2021-25802 CVE-2021-25803 CVE-2021-25804}
+ [stretch] - vlc 3.0.11-0+deb9u2
+[03 Aug 2021] DLA-2727-1 pyxdg - security update
+ {CVE-2019-12761}
+ [stretch] - pyxdg 0.25-4+deb9u1
+[02 Aug 2021] DLA-2726-1 shiro - security update
+ {CVE-2020-13933 CVE-2020-17510}
+ [stretch] - shiro 1.3.2-1+deb9u2
+[01 Aug 2021] DLA-2725-1 lrzip - security update
+ {CVE-2017-8844 CVE-2017-8846 CVE-2017-9928 CVE-2017-9929 CVE-2018-5650 CVE-2018-5747 CVE-2018-5786 CVE-2018-10685 CVE-2018-11496}
+ [stretch] - lrzip 0.631-1+deb9u1
+[01 Aug 2021] DLA-2724-1 condor - security update
+ {CVE-2019-18823}
+ [stretch] - condor 8.4.11~dfsg.1-1+deb9u1
+[31 Jul 2021] DLA-2723-1 linuxptp - security update
+ {CVE-2021-3570}
+ [stretch] - linuxptp 1.8-1+deb9u1
+[30 Jul 2021] DLA-2722-1 libsndfile - security update
+ {CVE-2021-3246}
+ [stretch] - libsndfile 1.0.27-3+deb9u2
+[26 Jul 2021] DLA-2721-1 drupal7 - security update
+ {CVE-2021-32610}
+ [stretch] - drupal7 7.52-2+deb9u16
+[26 Jul 2021] DLA-2720-1 aspell - security update
+ {CVE-2019-17544 CVE-2019-25051}
+ [stretch] - aspell 0.60.7~20110707-3+deb9u1
+[25 Jul 2021] DLA-2710-2 rabbitmq-server - regression update
+ [stretch] - rabbitmq-server 3.6.6-1+deb9u2
+[23 Jul 2021] DLA-2719-1 ruby-actionpack-page-caching - security update
+ {CVE-2020-8159}
+ [stretch] - ruby-actionpack-page-caching 1.0.2-4+deb9u1
+[23 Jul 2021] DLA-2718-1 intel-microcode - security update
+ {CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513}
+ [stretch] - intel-microcode 3.20210608.2~deb9u2
+[22 Jul 2021] DLA-2717-1 redis - security update
+ {CVE-2021-32761}
+ [stretch] - redis 3:3.2.6-3+deb9u5
+[22 Jul 2021] DLA-2716-1 pillow - security update
+ {CVE-2020-35653 CVE-2021-25290 CVE-2021-28676 CVE-2021-28677 CVE-2021-34552}
+ [stretch] - pillow 4.0.0-4+deb9u3
+[20 Jul 2021] DLA-2715-1 systemd - security update
+ {CVE-2021-33910}
+ [stretch] - systemd 232-25+deb9u13
+[20 Jul 2021] DLA-2714-1 linux-4.19 - security update
+ {CVE-2020-36311 CVE-2021-3609 CVE-2021-33909 CVE-2021-34693}
+ [stretch] - linux-4.19 4.19.194-3~deb9u1
+[20 Jul 2021] DLA-2713-1 linux - security update
+ {CVE-2021-3609 CVE-2021-21781 CVE-2021-33909 CVE-2021-34693}
+ [stretch] - linux 4.9.272-2
+[20 Jul 2021] DLA-2712-1 libjdom1-java - security update
+ {CVE-2021-33813}
+ [stretch] - libjdom1-java 1.1.3-1+deb9u1
+[19 Jul 2021] DLA-2711-1 thunderbird - security update
+ {CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547}
+ [stretch] - thunderbird 1:78.12.0-1~deb9u1
+[19 Jul 2021] DLA-2710-1 rabbitmq-server - security update
+ {CVE-2017-4965 CVE-2017-4966 CVE-2017-4967 CVE-2019-11281 CVE-2019-11287 CVE-2021-22116}
+ [stretch] - rabbitmq-server 3.6.6-1+deb9u1
+[15 Jul 2021] DLA-2709-1 firefox-esr - security update
+ {CVE-2021-29970 CVE-2021-29976 CVE-2021-30547}
+ [stretch] - firefox-esr 78.12.0esr-1~deb9u1
+[15 Jul 2021] DLA-2708-1 php7.0 - security update
+ {CVE-2019-18218 CVE-2020-7071 CVE-2021-21702 CVE-2021-21704 CVE-2021-21705}
+ [stretch] - php7.0 7.0.33-0+deb9u11
+[12 Jul 2021] DLA-2707-1 sogo - security update
+ {CVE-2021-33054}
+ [stretch] - sogo 3.2.6-2+deb9u1
+[09 Jul 2021] DLA-2706-1 apache2 - security update
+ {CVE-2020-1927 CVE-2020-1934 CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618}
+ [stretch] - apache2 2.4.25-3+deb9u10
+[07 Jul 2021] DLA-2705-1 scilab - security update
+ {CVE-2021-30485 CVE-2021-31229 CVE-2021-31347 CVE-2021-31348 CVE-2021-31598}
+ [stretch] - scilab 5.5.2-4+deb9u1
+[05 Jul 2021] DLA-2704-1 libxstream-java - security update
+ {CVE-2021-29505}
+ [stretch] - libxstream-java 1.4.11.1-1+deb9u3
+[05 Jul 2021] DLA-2703-1 ieee-data - crash fix
+ [stretch] - ieee-data 20160613.1+deb9u1
+[03 Jul 2021] DLA-2702-1 djvulibre - security update
+ {CVE-2021-3630}
+ [stretch] - djvulibre 3.5.27.1-7+deb9u2
+[03 Jul 2021] DLA-2701-1 openexr - security update
+ {CVE-2020-16587 CVE-2021-3474 CVE-2021-3475 CVE-2021-3476 CVE-2021-3477 CVE-2021-3478 CVE-2021-3479 CVE-2021-3598 CVE-2021-20296 CVE-2021-23215 CVE-2021-26260}
+ [stretch] - openexr 2.2.0-11+deb9u3
+[01 Jul 2021] DLA-2700-1 htmldoc - security update
+ {CVE-2019-19630 CVE-2021-20308 CVE-2021-23158 CVE-2021-23165 CVE-2021-23180 CVE-2021-23191 CVE-2021-23206 CVE-2021-26252 CVE-2021-26259 CVE-2021-26948}
+ [stretch] - htmldoc 1.8.27-8+deb9u1
+[01 Jul 2021] DLA-2699-1 ipmitool - security update
+ {CVE-2020-5208}
+ [stretch] - ipmitool 1.8.18-3+deb9u1
+[01 Jul 2021] DLA-2698-1 node-bl - security update
+ {CVE-2020-8244}
+ [stretch] - node-bl 1.1.2-1+deb9u1
+[29 Jun 2021] DLA-2697-1 fluidsynth - security update
+ {CVE-2021-21417}
+ [stretch] - fluidsynth 1.1.6-4+deb9u1
+[29 Jun 2021] DLA-2696-1 libjdom2-java - security update
+ {CVE-2021-33813}
+ [stretch] - libjdom2-java 2.0.6-1+deb9u1
+[28 Jun 2021] DLA-2695-1 klibc - security update
+ {CVE-2021-31870 CVE-2021-31871 CVE-2021-31872 CVE-2021-31873}
+ [stretch] - klibc 2.0.4-9+deb9u1
+[28 Jun 2021] DLA-2694-1 tiff - security update
+ {CVE-2020-35523 CVE-2020-35524}
+ [stretch] - tiff 4.0.8-2+deb9u6
+[28 Jun 2021] DLA-2693-1 xmlbeans - security update
+ {CVE-2021-23926}
+ [stretch] - xmlbeans 2.6.0+dfsg-1+deb9u1
+[27 Jun 2021] DLA-2692-1 bluez - security update
+ {CVE-2020-26558 CVE-2021-0129}
+ [stretch] - bluez 5.43-2+deb9u4
+[25 Jun 2021] DLA-2691-1 libgcrypt20 - security update
+ {CVE-2021-40528}
+ [stretch] - libgcrypt20 1.7.6-2+deb9u4
+[22 Jun 2021] DLA-2690-1 linux-4.19 - security update
+ {CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-26139 CVE-2020-26147 CVE-2020-26558 CVE-2020-29374 CVE-2021-0129 CVE-2021-23133 CVE-2021-23134 CVE-2021-28688 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29647 CVE-2021-29650 CVE-2021-31829 CVE-2021-31916 CVE-2021-32399 CVE-2021-33034 CVE-2021-3483 CVE-2021-3506 CVE-2021-3564 CVE-2021-3573 CVE-2021-38208}
+ [stretch] - linux-4.19 4.19.194-1~deb9u1
+[22 Jun 2021] DLA-2689-1 linux - security update
+ {CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-26139 CVE-2020-26147 CVE-2020-26558 CVE-2020-29374 CVE-2020-36322 CVE-2021-0129 CVE-2021-0512 CVE-2021-20292 CVE-2021-23133 CVE-2021-23134 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-29154 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-31916 CVE-2021-32399 CVE-2021-33034 CVE-2021-3428 CVE-2021-3483 CVE-2021-3564 CVE-2021-3573 CVE-2021-38208}
+ [stretch] - linux 4.9.272-1
+[19 Jun 2021] DLA-2687-2 prosody - regression update
+ [stretch] - prosody 0.9.12-2+deb9u4
+[17 Jun 2021] DLA-2688-1 jetty9 - security update
+ {CVE-2021-28169}
+ [stretch] - jetty9 9.2.30-0+deb9u2
+[15 Jun 2021] DLA-2687-1 prosody - security update
+ {CVE-2021-32917 CVE-2021-32921}
+ [stretch] - prosody 0.9.12-2+deb9u3
+[15 Jun 2021] DLA-2686-1 python-urllib3 - security update
+ {CVE-2018-20060 CVE-2019-11236 CVE-2019-11324 CVE-2020-26137}
+ [stretch] - python-urllib3 1.19.1-1+deb9u1
+[14 Jun 2021] DLA-2685-1 squid3 - security update
+ {CVE-2021-28651 CVE-2021-28652 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620}
+ [stretch] - squid3 3.5.23-5+deb9u7
+[10 Jun 2021] DLA-2684-1 lasso - security update
+ {CVE-2021-28091}
+ [stretch] - lasso 2.5.0-5+deb9u1
+[09 Jun 2021] DLA-2683-1 rxvt - security update
+ {CVE-2017-7483 CVE-2021-33477}
+ [stretch] - rxvt 1:2.7.10-7+deb9u2
+[09 Jun 2021] DLA-2682-1 mrxvt - security update
+ {CVE-2021-33477}
+ [stretch] - mrxvt 0.5.4-2+deb9u1
+[09 Jun 2021] DLA-2681-1 eterm - security update
+ {CVE-2021-33477}
+ [stretch] - eterm 0.9.6-5+deb9u1
+[07 Jun 2021] DLA-2680-1 nginx - security update
+ {CVE-2017-20005}
+ [stretch] - nginx 1.10.3-1+deb9u7
+[07 Jun 2021] DLA-2679-1 thunderbird - security update
+ {CVE-2021-29956 CVE-2021-29957 CVE-2021-29967}
+ [stretch] - thunderbird 1:78.11.0-1~deb9u1
+[06 Jun 2021] DLA-2678-1 ruby-nokogiri - security update
+ {CVE-2020-26247}
+ [stretch] - ruby-nokogiri 1.6.8.1-1+deb9u1
+[05 Jun 2021] DLA-2677-1 libwebp - security update
+ {CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331}
+ [stretch] - libwebp 0.5.2-1+deb9u1
+[05 Jun 2021] DLA-2676-1 python-django - security update
+ {CVE-2021-33203 CVE-2021-33571}
+ [stretch] - python-django 1:1.10.7-2+deb9u14
+[03 Jun 2021] DLA-2675-1 caribou - regression update
+ [stretch] - caribou 0.4.21-1+deb9u1
+[03 Jun 2021] DLA-2674-1 isc-dhcp - security update
+ {CVE-2021-25217}
+ [stretch] - isc-dhcp 4.3.5-3+deb9u2
+[03 Jun 2021] DLA-2673-1 firefox-esr - security update
+ {CVE-2021-29967}
+ [stretch] - firefox-esr 78.11.0esr-1~deb9u1
+[02 Jun 2021] DLA-2672-1 imagemagick - security update
+ {CVE-2020-27751 CVE-2021-20243 CVE-2021-20245 CVE-2021-20309 CVE-2021-20312 CVE-2021-20313}
+ [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u13
+[30 May 2021] DLA-2671-1 rxvt-unicode - security update
+ {CVE-2021-33477}
+ [stretch] - rxvt-unicode 9.22-1+deb9u1
+[30 May 2021] DLA-2670-1 nginx - security update
+ {CVE-2021-23017}
+ [stretch] - nginx 1.10.3-1+deb9u6
+[30 May 2021] DLA-2669-1 libxml2 - security update
+ {CVE-2021-3541}
+ [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u5
+[29 May 2021] DLA-2668-1 samba - security update
+ {CVE-2019-10218 CVE-2019-14833 CVE-2019-14847 CVE-2019-14861 CVE-2019-14870 CVE-2019-14902 CVE-2019-14907 CVE-2021-20254}
+ [stretch] - samba 2:4.5.16+dfsg-1+deb9u4
+[26 May 2021] DLA-2667-1 djvulibre - security update
+ {CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 CVE-2019-18804 CVE-2021-3500 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493}
+ [stretch] - djvulibre 3.5.27.1-7+deb9u1
+[24 May 2021] DLA-2666-1 libx11 - security update
+ {CVE-2021-31535}
+ [stretch] - libx11 2:1.6.4-3+deb9u4
+[23 May 2021] DLA-2665-1 ring - security update
+ {CVE-2021-21375}
+ [stretch] - ring 20161221.2.7bd7d91~dfsg1-1+deb9u1
+[17 May 2021] DLA-2664-1 curl - security update
+ {CVE-2021-22876}
+ [stretch] - curl 7.52.1-5+deb9u14
+[16 May 2021] DLA-2663-1 libimage-exiftool-perl - security update
+ {CVE-2021-22204}
+ [stretch] - libimage-exiftool-perl 10.40-1+deb9u1
+[15 May 2021] DLA-2662-1 postgresql-9.6 - security update
+ {CVE-2021-32027 CVE-2021-32028}
+ [stretch] - postgresql-9.6 9.6.22-0+deb9u1
+[14 May 2021] DLA-2661-1 jetty9 - security update
+ {CVE-2017-9735 CVE-2018-12536 CVE-2019-10241 CVE-2019-10247 CVE-2020-27216}
+ [stretch] - jetty9 9.2.30-0+deb9u1
+[13 May 2021] DLA-2660-1 libgetdata - security update
+ {CVE-2021-20204}
+ [stretch] - libgetdata 0.9.4-1+deb9u1
+[13 May 2021] DLA-2659-1 graphviz - security update
+ {CVE-2018-10196 CVE-2020-18032}
+ [stretch] - graphviz 2.38.0-17+deb9u1
+[13 May 2021] DLA-2658-1 redmine - security update
+ {CVE-2019-25026 CVE-2020-36306 CVE-2020-36307 CVE-2020-36308 CVE-2021-30163 CVE-2021-30164 CVE-2021-31863 CVE-2021-31864 CVE-2021-31865 CVE-2021-31866}
+ [stretch] - redmine 3.3.1-4+deb9u4
+[12 May 2021] DLA-2657-1 lz4 - security update
+ {CVE-2021-3520}
+ [stretch] - lz4 0.0~r131-2+deb9u1
+[12 May 2021] DLA-2656-1 hivex - security update
+ {CVE-2021-3504}
+ [stretch] - hivex 1.3.13-2+deb9u1
+[12 May 2021] DLA-2655-1 rails - security update
+ {CVE-2021-22885 CVE-2021-22904}
+ [stretch] - rails 2:4.2.7.1-1+deb9u5
+[12 May 2021] DLA-2654-1 composer - security update
+ {CVE-2021-29472}
+ [stretch] - composer 1.2.2-1+deb9u1
+[10 May 2021] DLA-2653-1 libxml2 - security update
+ {CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537}
+ [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u4
+[07 May 2021] DLA-2648-2 mediawiki - regression update
+ [stretch] - mediawiki 1:1.27.7-1~deb9u9
+[06 May 2021] DLA-2652-1 unbound1.9 - security update
+ {CVE-2019-25031 CVE-2019-25032 CVE-2019-25033 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042}
+ [stretch] - unbound1.9 1.9.0-2+deb10u2~deb9u2
+[06 May 2021] DLA-2651-1 python-django - security update
+ {CVE-2021-31542}
+ [stretch] - python-django 1:1.10.7-2+deb9u13
+[05 May 2021] DLA-2650-1 exim4 - security update
+ {CVE-2020-28007 CVE-2020-28008 CVE-2020-28009 CVE-2020-28011 CVE-2020-28012 CVE-2020-28013 CVE-2020-28014 CVE-2020-28015 CVE-2020-28017 CVE-2020-28019 CVE-2020-28020 CVE-2020-28021 CVE-2020-28022 CVE-2020-28023 CVE-2020-28024 CVE-2020-28025 CVE-2020-28026}
+ [stretch] - exim4 4.89-2+deb9u8
+[04 May 2021] DLA-2649-1 cgal - security update
+ {CVE-2020-28601 CVE-2020-35633 CVE-2020-35634 CVE-2020-35635 CVE-2020-28636 CVE-2020-35628 CVE-2020-35636}
+ [stretch] - cgal 4.9-1+deb9u1
+[05 May 2021] DLA-2648-1 mediawiki - security update
+ {CVE-2021-20270 CVE-2021-27291 CVE-2021-30152 CVE-2021-30155 CVE-2021-30158 CVE-2021-30159}
+ [stretch] - mediawiki 1:1.27.7-1~deb9u8
+[04 May 2021] DLA-2647-1 bind9 - security update
+ {CVE-2021-25214 CVE-2021-25215 CVE-2021-25216}
+ [stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u9
+[03 May 2021] DLA-2646-1 subversion - security update
+ {CVE-2020-17525}
+ [stretch] - subversion 1.9.5-1+deb9u6
+[29 Apr 2021] DLA-2645-1 edk2 - security update
+ {CVE-2019-0161 CVE-2019-14558 CVE-2019-14559 CVE-2019-14562 CVE-2019-14563 CVE-2019-14575 CVE-2019-14584 CVE-2019-14586 CVE-2019-14587 CVE-2021-28210 CVE-2021-28211}
+ [stretch] - edk2 0~20161202.7bbe0b3e-1+deb9u2
+[27 Apr 2021] DLA-2644-1 gst-libav1.0 - security update
+ [stretch] - gst-libav1.0 1.10.4-1+deb9u1
+[27 Apr 2021] DLA-2643-1 gst-plugins-ugly1.0 - security update
+ [stretch] - gst-plugins-ugly1.0 1.10.4-1+deb9u1
+[27 Apr 2021] DLA-2642-1 gst-plugins-bad1.0 - security update
+ [stretch] - gst-plugins-bad1.0 1.10.4-1+deb9u2
+[27 Apr 2021] DLA-2641-1 gst-plugins-base1.0 - security update
+ {CVE-2021-3522}
+ [stretch] - gst-plugins-base1.0 1.10.4-1+deb9u2
+[26 Apr 2021] DLA-2640-1 gst-plugins-good1.0 - security update
+ {CVE-2021-3497}
+ [stretch] - gst-plugins-good1.0 1.10.4-1+deb9u1
+[25 Apr 2021] DLA-2639-1 opendmarc - security update
+ {CVE-2020-12460}
+ [stretch] - opendmarc 1.3.2-2+deb9u3
+[25 Apr 2021] DLA-2638-1 jackson-databind - security update
+ {CVE-2020-24616 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-20190}
+ [stretch] - jackson-databind 2.8.6-1+deb9u9
+[23 Apr 2021] DLA-2637-1 drupal7 - security update
+ {CVE-2020-13672}
+ [stretch] - drupal7 7.52-2+deb9u15
+[23 Apr 2021] DLA-2636-1 pjproject - security update
+ {CVE-2021-21375}
+ [stretch] - pjproject 2.5.5~dfsg-6+deb9u2
+[23 Apr 2021] DLA-2635-1 libspring-java - security update
+ {CVE-2018-1270 CVE-2018-11039 CVE-2018-11040 CVE-2018-15756}
+ [stretch] - libspring-java 4.3.5-1+deb9u1
+[23 Apr 2021] DLA-2634-1 openjdk-8 - security update
+ {CVE-2021-2163}
+ [stretch] - openjdk-8 8u292-b10-0+deb9u1
+[23 Apr 2021] DLA-2633-1 firefox-esr - security update
+ {CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946}
+ [stretch] - firefox-esr 78.10.0esr-1~deb9u1
+[22 Apr 2021] DLA-2632-1 thunderbird - security update
+ {CVE-2021-23961 CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 CVE-2021-29949}
+ [stretch] - thunderbird 1:78.10.0-1~deb9u1
+[21 Apr 2021] DLA-2631-1 zabbix - security update
+ {CVE-2019-15132 CVE-2020-15803}
+ [stretch] - zabbix 1:3.0.32+dfsg-0+deb9u1
+[21 Apr 2021] DLA-2630-1 wordpress - security update
+ {CVE-2021-29447 CVE-2021-29450}
+ [stretch] - wordpress 4.7.20+dfsg-1+deb9u1
+[18 Apr 2021] DLA-2629-1 libebml - security update
+ {CVE-2021-3405}
+ [stretch] - libebml 1.3.4-1+deb9u2
+[17 Apr 2021] DLA-2628-1 python2.7 - security update
+ {CVE-2019-16935 CVE-2021-23336}
+ [stretch] - python2.7 2.7.13-2+deb9u5
+[16 Apr 2021] DLA-2618-2 smarty3 - regression update
+ [stretch] - smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u3
+[15 Apr 2021] DLA-2627-1 xorg-server - security update
+ {CVE-2021-3472}
+ [stretch] - xorg-server 2:1.19.2-1+deb9u8
+[14 Apr 2021] DLA-2626-1 clamav - security update
+ {CVE-2021-1405}
+ [stretch] - clamav 0.102.4+dfsg-0+deb9u2
+[14 Apr 2021] DLA-2625-1 courier-authlib - security update
+ {CVE-2021-28374}
+ [stretch] - courier-authlib 0.66.4-9+deb9u1
+[12 Apr 2021] DLA-2624-1 libpano13 - security update
+ {CVE-2021-20307}
+ [stretch] - libpano13 2.9.19+dfsg-2+deb9u1
+[10 Apr 2021] DLA-2623-1 qemu - security update
+ {CVE-2020-17380 CVE-2021-3392 CVE-2021-3409 CVE-2021-3416 CVE-2021-20203 CVE-2021-20255 CVE-2021-20257}
+ [stretch] - qemu 1:2.8+dfsg-6+deb9u14
+[09 Apr 2021] DLA-2622-1 python-django - security update
+ {CVE-2021-28658}
+ [stretch] - python-django 1:1.10.7-2+deb9u12
+[08 Apr 2021] DLA-2621-1 php-pear - security update
+ {CVE-2020-36193}
+ [stretch] - php-pear 1:1.10.1+submodules+notgz-9+deb9u3
+[06 Apr 2021] DLA-2620-1 python-bleach - security update
+ {CVE-2021-23980}
+ [stretch] - python-bleach 2.0-1+deb9u1
+[05 Apr 2021] DLA-2619-1 python3.5 - security update
+ {CVE-2021-3177 CVE-2021-3426 CVE-2021-23336}
+ [stretch] - python3.5 3.5.3-1+deb9u4
+[05 Apr 2021] DLA-2618-1 smarty3 - security update
+ {CVE-2018-13982 CVE-2018-16831 CVE-2021-26119 CVE-2021-26120}
+ [stretch] - smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u2
+[04 Apr 2021] DLA-2617-1 php-nette - security update
+ {CVE-2020-15227}
+ [stretch] - php-nette 2.4-20160731-1+deb9u1
+[03 Apr 2021] DLA-2616-1 libxstream-java - security update
+ {CVE-2021-21341 CVE-2021-21342 CVE-2021-21343 CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21348 CVE-2021-21349 CVE-2021-21350 CVE-2021-21351}
+ [stretch] - libxstream-java 1.4.11.1-1+deb9u2
+[02 Apr 2021] DLA-2615-1 spamassassin - security update
+ {CVE-2020-1946}
+ [stretch] - spamassassin 3.4.2-1~deb9u4
+[01 Apr 2021] DLA-2614-1 busybox - security update
+ {CVE-2021-28831}
+ [stretch] - busybox 1:1.22.0-19+deb9u2
+[31 Mar 2021] DLA-2613-1 underscore - security update
+ {CVE-2021-23358}
+ [stretch] - underscore 1.8.3~dfsg-1+deb9u1
+[31 Mar 2021] DLA-2612-1 leptonlib - security update
+ {CVE-2020-36277 CVE-2020-36278 CVE-2020-36279 CVE-2020-36281}
+ [stretch] - leptonlib 1.74.1-1+deb9u1
+[31 Mar 2021] DLA-2611-1 ldb - security update
+ {CVE-2020-27840 CVE-2021-20277}
+ [stretch] - ldb 2:1.1.27-1+deb9u2
+[29 Mar 2021] DLA-2610-1 linux-4.19 - security update
+ {CVE-2020-27170 CVE-2020-27171 CVE-2021-3348 CVE-2021-3428 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660}
+ [stretch] - linux-4.19 4.19.181-1~deb9u1
+[26 Mar 2021] DLA-2609-1 thunderbird - security update
+ {CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-29950}
+ [stretch] - thunderbird 1:78.9.0-1~deb9u1
+[25 Mar 2021] DLA-2608-1 jquery - security update
+ {CVE-2020-11022 CVE-2020-11023}
+ [stretch] - jquery 3.1.1-2+deb9u2
+[25 Mar 2021] DLA-2607-1 firefox-esr - security update
+ {CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-29955}
+ [stretch] - firefox-esr 78.9.0esr-1~deb9u1
+[24 Mar 2021] DLA-2606-1 lxml - security update
+ {CVE-2021-28957}
+ [stretch] - lxml 3.7.1-1+deb9u4
+[22 Mar 2021] DLA-2605-1 mariadb-10.1 - security update
+ {CVE-2021-27928}
+ [stretch] - mariadb-10.1 10.1.48-0+deb9u2
+[22 Mar 2021] DLA-2604-1 dnsmasq - security update
+ {CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25687}
+ [stretch] - dnsmasq 2.76-5+deb9u3
+[22 Mar 2021] DLA-2603-1 libmediainfo - security update
+ {CVE-2019-11372 CVE-2019-11373 CVE-2020-15395 CVE-2020-26797}
+ [stretch] - libmediainfo 0.7.91-1+deb9u1
+[22 Mar 2021] DLA-2602-1 imagemagick - security update
+ {CVE-2020-25666 CVE-2020-25675 CVE-2020-25676 CVE-2020-27754 CVE-2020-27757 CVE-2020-27758 CVE-2020-27759 CVE-2020-27761 CVE-2020-27762 CVE-2020-27764 CVE-2020-27766 CVE-2020-27767 CVE-2020-27768 CVE-2020-27769 CVE-2020-27770 CVE-2020-27771 CVE-2020-27772 CVE-2020-27774 CVE-2020-27775 CVE-2020-27776 CVE-2021-20176 CVE-2021-20241 CVE-2021-20244 CVE-2021-20246}
+ [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u12
+[21 Mar 2021] DLA-2558-2 xterm - regression update
+ [stretch] - xterm 327-2+deb9u2
+[20 Mar 2021] DLA-2601-1 cloud-init - security update
+ {CVE-2021-3429}
+ [stretch] - cloud-init 0.7.9-2+deb9u1
+[19 Mar 2021] DLA-2600-1 pygments - security update
+ {CVE-2021-27291}
+ [stretch] - pygments 2.2.0+dfsg-1+deb9u2
+[19 Mar 2021] DLA-2599-1 shibboleth-sp2 - security update
+ {CVE-2021-28963}
+ [stretch] - shibboleth-sp2 2.6.0+dfsg1-4+deb9u2
+[19 Mar 2021] DLA-2598-1 squid3 - security update
+ {CVE-2020-25097}
+ [stretch] - squid3 3.5.23-5+deb9u6
+[17 Mar 2021] DLA-2597-1 velocity-tools - security update
+ {CVE-2020-13959}
+ [stretch] - velocity-tools 2.0-6+deb9u1
+[17 Mar 2021] DLA-2596-1 shadow - security update
+ {CVE-2017-12424 CVE-2017-20002}
+ [stretch] - shadow 1:4.4-4.1+deb9u1
+[17 Mar 2021] DLA-2595-1 velocity - security update
+ {CVE-2020-13936}
+ [stretch] - velocity 1.7-5+deb9u1
+[15 Mar 2021] DLA-2594-1 tomcat8 - security update
+ {CVE-2021-24122 CVE-2021-25122 CVE-2021-25329}
+ [stretch] - tomcat8 8.5.54-0+deb9u6
+[14 Mar 2021] DLA-2589-2 mupdf - regression update
+ [stretch] - mupdf 1.9a+ds1-4+deb9u7
+[14 Mar 2021] DLA-2593-1 ca-certificates - whitelist Symantec CA
+ [stretch] - ca-certificates 20200601~deb9u2
+[13 Mar 2021] DLA-2592-1 golang-1.8 - security update
+ {CVE-2017-15041 CVE-2018-16873 CVE-2018-16874 CVE-2019-9741 CVE-2019-16276 CVE-2019-17596 CVE-2021-3114}
+ [stretch] - golang-1.8 1.8.1-1+deb9u3
+[13 Mar 2021] DLA-2591-1 golang-1.7 - security update
+ {CVE-2017-15041 CVE-2018-16873 CVE-2018-16874 CVE-2019-9741 CVE-2019-16276 CVE-2019-17596 CVE-2021-3114}
+ [stretch] - golang-1.7 1.7.4-2+deb9u3
+[12 Mar 2021] DLA-2590-1 pygments - security update
+ {CVE-2021-20270}
+ [stretch] - pygments 2.2.0+dfsg-1+deb9u1
+[12 Mar 2021] DLA-2589-1 mupdf - security update
+ {CVE-2020-26519 CVE-2021-3407}
+ [stretch] - mupdf 1.9a+ds1-4+deb9u6
+[09 Mar 2021] DLA-2588-1 zeromq3 - security update
+ {CVE-2021-20234 CVE-2021-20235}
+ [stretch] - zeromq3 4.2.1-4+deb9u4
+[09 Mar 2021] DLA-2587-1 privoxy - security update
+ {CVE-2021-20272 CVE-2021-20273 CVE-2021-20275 CVE-2021-20276}
+ [stretch] - privoxy 3.0.26-3+deb9u2
+[08 Mar 2021] DLA-2553-2 xcftools - regression update
+ [stretch] - xcftools 1.0.7-6+deb9u2
+[08 Mar 2021] DLA-2586-1 linux - security update
+ {CVE-2019-19318 CVE-2019-19813 CVE-2019-19816 CVE-2020-27815 CVE-2020-27825 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3178 CVE-2021-3347 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038}
+ [stretch] - linux 4.9.258-1
+[08 Mar 2021] DLA-2585-1 libupnp - security update
+ {CVE-2020-13848}
+ [stretch] - libupnp 1:1.6.19+git20160116-1.2+deb9u1
+[07 Mar 2021] DLA-2584-1 libcaca - security update
+ {CVE-2021-3410}
+ [stretch] - libcaca 0.99.beta19-2.1~deb9u2
+[05 Mar 2021] DLA-2583-1 activemq - security update
+ {CVE-2017-15709 CVE-2018-11775 CVE-2019-0222 CVE-2021-26117}
+ [stretch] - activemq 5.14.3-3+deb9u2
+[05 Mar 2021] DLA-2582-1 mqtt-client - security update
+ {CVE-2019-0222}
+ [stretch] - mqtt-client 1.14-1+deb9u1
+[03 Mar 2021] DLA-2581-1 wpa - security update
+ {CVE-2021-27803}
+ [stretch] - wpa 2:2.4-1+deb9u9
+[03 Mar 2021] DLA-2580-1 adminer - security update
+ {CVE-2021-21311}
+ [stretch] - adminer 4.2.5-3+deb9u2
+[02 Mar 2021] DLA-2579-1 spip - security update
+ [stretch] - spip 3.1.4-4~deb9u4+deb9u1
+[01 Mar 2021] DLA-2578-1 thunderbird - security update
+ {CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978}
+ [stretch] - thunderbird 1:78.8.0-1~deb9u1
+[26 Feb 2021] DLA-2577-1 python-pysaml2 - security update
+ {CVE-2017-1000433 CVE-2021-21239}
+ [stretch] - python-pysaml2 3.0.0-5+deb9u2
+[25 Feb 2021] DLA-2576-1 redis - security update
+ {CVE-2021-21309}
+ [stretch] - redis 3:3.2.6-3+deb9u4
+[25 Feb 2021] DLA-2575-1 firefox-esr - security update
+ {CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978}
+ [stretch] - firefox-esr 78.8.0esr-1~deb9u1
+[21 Feb 2021] DLA-2574-1 openldap - security update
+ {CVE-2021-27212}
+ [stretch] - openldap 2.4.44+dfsg-5+deb9u8
+[20 Feb 2021] DLA-2573-1 libzstd - security update
+ {CVE-2021-24031}
+ [stretch] - libzstd 1.1.2-1+deb9u1
+[20 Feb 2021] DLA-2572-1 wpa - security update
+ {CVE-2021-0326}
+ [stretch] - wpa 2:2.4-1+deb9u8
+[19 Feb 2021] DLA-2571-1 openvswitch - security update
+ {CVE-2015-8011 CVE-2017-9214 CVE-2018-17204 CVE-2018-17206 CVE-2020-27827 CVE-2020-35498}
+ [stretch] - openvswitch 2.6.10-0+deb9u1
+[20 Feb 2021] DLA-2570-1 screen - security update
+ {CVE-2021-26937}
+ [stretch] - screen 4.5.0-6+deb9u1
+[19 Feb 2021] DLA-2569-1 python-django - security update
+ {CVE-2021-23336}
+ [stretch] - python-django 1:1.10.7-2+deb9u11
+[19 Feb 2021] DLA-2568-1 bind9 - security update
+ {CVE-2020-8625}
+ [stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u8
+[18 Feb 2021] DLA-2567-1 unrar-free - security update
+ {CVE-2017-14120 CVE-2017-14121 CVE-2017-14122}
+ [stretch] - unrar-free 1:0.0.1+cvs20140707-1+deb9u1
+[18 Feb 2021] DLA-2566-1 libbsd - security update
+ {CVE-2019-20367}
+ [stretch] - libbsd 0.8.3-1+deb9u1
+[18 Feb 2021] DLA-2565-1 openssl1.0 - security update
+ {CVE-2021-23840 CVE-2021-23841}
+ [stretch] - openssl1.0 1.0.2u-1~deb9u4
+[18 Feb 2021] DLA-2564-1 php-horde-text-filter - security update
+ {CVE-2021-26929}
+ [stretch] - php-horde-text-filter 2.3.5-1+deb9u1
+[18 Feb 2021] DLA-2563-1 openssl - security update
+ {CVE-2021-23840 CVE-2021-23841}
+ [stretch] - openssl 1.1.0l-1~deb9u3
+[18 Feb 2021] DLA-2562-1 mumble - security update
+ {CVE-2021-27229}
+ [stretch] - mumble 1.2.18-1+deb9u2
+[17 Feb 2021] DLA-2561-1 ruby-mechanize - security update
+ {CVE-2021-21289}
+ [stretch] - ruby-mechanize 2.7.5-1+deb9u1
+[16 Feb 2021] DLA-2560-1 qemu - security update
+ {CVE-2020-15469 CVE-2020-15859 CVE-2020-25084 CVE-2020-28916 CVE-2020-29130 CVE-2020-29443 CVE-2021-20181 CVE-2021-20221}
+ [stretch] - qemu 1:2.8+dfsg-6+deb9u13
+[15 Feb 2021] DLA-2559-1 busybox - security update
+ {CVE-2011-5325 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2017-15873 CVE-2017-16544 CVE-2018-1000517}
+ [stretch] - busybox 1:1.22.0-19+deb9u1
+[14 Feb 2021] DLA-2558-1 xterm - security update
+ {CVE-2021-27135}
+ [stretch] - xterm 327-2+deb9u1
+[12 Feb 2021] DLA-2557-1 linux-4.19 - security update
+ {CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347 CVE-2021-20177}
+ [stretch] - linux-4.19 4.19.171-2~deb9u1
+[12 Feb 2021] DLA-2556-1 unbound1.9 - security update
+ {CVE-2020-12662 CVE-2020-12663 CVE-2020-28935}
+ [stretch] - unbound1.9 1.9.0-2+deb10u2~deb9u1
+[11 Feb 2021] DLA-2555-1 netty - security update
+ {CVE-2021-21290}
+ [stretch] - netty 1:4.1.7-2+deb9u3
+[11 Feb 2021] DLA-2554-1 firejail - security update
+ {CVE-2021-26910}
+ [stretch] - firejail 0.9.44.8-2+deb9u2
+[09 Feb 2021] DLA-2553-1 xcftools - security update
+ {CVE-2019-5086 CVE-2019-5087}
+ [stretch] - xcftools 1.0.7-6+deb9u1
+[09 Feb 2021] DLA-2552-1 connman - security update
+ {CVE-2021-26675 CVE-2021-26676}
+ [stretch] - connman 1.33-3+deb9u2
+[09 Feb 2021] DLA-2551-1 slirp - security update
+ {CVE-2020-7039 CVE-2020-8608}
+ [stretch] - slirp 1:1.0.17-8+deb9u1
+[09 Feb 2021] DLA-2550-1 openjpeg2 - security update
+ {CVE-2020-27814 CVE-2020-27823 CVE-2020-27824 CVE-2020-27841 CVE-2020-27845}
+ [stretch] - openjpeg2 2.1.2-1.1+deb9u6
+[08 Feb 2021] DLA-2549-1 gdisk - security update
+ {CVE-2020-0256 CVE-2021-0308}
+ [stretch] - gdisk 1.0.1-1+deb9u1
+[07 Feb 2021] DLA-2548-1 privoxy - security update
+ {CVE-2020-35502 CVE-2021-20209 CVE-2021-20210 CVE-2021-20211 CVE-2021-20212 CVE-2021-20213 CVE-2021-20215 CVE-2021-20216 CVE-2021-20217}
+ [stretch] - privoxy 3.0.26-3+deb9u1
+[06 Feb 2021] DLA-2547-1 wireshark - security update
+ {CVE-2019-12295 CVE-2019-13619 CVE-2019-16319 CVE-2019-19553 CVE-2020-7045 CVE-2020-9428 CVE-2020-9430 CVE-2020-9431 CVE-2020-11647 CVE-2020-13164 CVE-2020-15466 CVE-2020-25862 CVE-2020-25863 CVE-2020-26418 CVE-2020-26421 CVE-2020-26575 CVE-2020-28030}
+ [stretch] - wireshark 2.6.20-0+deb9u1
+[06 Feb 2021] DLA-2546-1 intel-microcode - security update
+ {CVE-2020-8695 CVE-2020-8696 CVE-2020-8698}
+ [stretch] - intel-microcode 3.20201118.1~deb9u1
+[03 Feb 2021] DLA-2545-1 open-build-service - security update
+ {CVE-2020-8020 CVE-2020-8021}
+ [stretch] - open-build-service 2.7.1-10+deb9u1
+[03 Feb 2021] DLA-2544-1 openldap - security update
+ {CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230}
+ [stretch] - openldap 2.4.44+dfsg-5+deb9u7
+[02 Feb 2021] DLA-2543-1 libdatetime-timezone-perl - new upstream version
+ [stretch] - libdatetime-timezone-perl 1:2.09-1+2021a
+[02 Feb 2021] DLA-2542-1 tzdata - new upstream version
+ [stretch] - tzdata 2021a-0+deb9u1
+[02 Feb 2021] DLA-2541-1 thunderbird - security update
+ {CVE-2020-15685 CVE-2020-16044 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964}
+ [stretch] - thunderbird 1:78.7.0-1~deb9u1
+[01 Feb 2021] DLA-2540-1 python-django - security update
+ {CVE-2021-3281}
+ [stretch] - python-django 1:1.10.7-2+deb9u10
+[02 Feb 2021] DLA-2539-1 firefox-esr - security update
+ {CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964}
+ [stretch] - firefox-esr 78.7.0esr-1~deb9u1
+[31 Jan 2021] DLA-2538-1 mariadb-10.1 - security update
+ {CVE-2020-14765 CVE-2020-14812}
+ [stretch] - mariadb-10.1 10.1.48-0+deb9u1
+[31 Jan 2021] DLA-2537-1 ffmpeg - security update
+ {CVE-2019-17539 CVE-2020-35965}
+ [stretch] - ffmpeg 7:3.2.15-0+deb9u2
+[30 Jan 2021] DLA-2536-1 libsdl2 - security update
+ {CVE-2019-7575 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7638 CVE-2019-13616 CVE-2020-14409 CVE-2020-14410}
+ [stretch] - libsdl2 2.0.5+dfsg1-2+deb9u1
+[30 Jan 2021] DLA-2431-2 libonig - regression update
+ [stretch] - libonig 6.1.3-2+deb9u2
+[27 Jan 2021] DLA-2535-1 ansible - security update
+ {CVE-2017-7481 CVE-2019-10156 CVE-2019-14846 CVE-2019-14904}
+ [stretch] - ansible 2.2.1.0-2+deb9u2
+[26 Jan 2021] DLA-2534-1 sudo - security update
+ {CVE-2021-3156}
+ [stretch] - sudo 1.8.19p1-2.1+deb9u3
+[25 Jan 2021] DLA-2533-1 crmsh - security update
+ {CVE-2020-35459}
+ [stretch] - crmsh 2.3.2-4+deb9u1
+[25 Jan 2021] DLA-2532-1 debian-security-support - security update
+ [stretch] - debian-security-support 1:9+2021.01.23
+[24 Jan 2021] DLA-2531-1 python-bottle - security update
+ {CVE-2020-28473}
+ [stretch] - python-bottle 0.12.13-1+deb9u1
+[21 Jan 2021] DLA-2530-1 drupal7 - security update
+ {CVE-2020-36193}
+ [stretch] - drupal7 7.52-2+deb9u14
+[21 Jan 2021] DLA-2529-1 mutt - security update
+ {CVE-2021-3181}
+ [stretch] - mutt 1.7.2-1+deb9u5
+[19 Jan 2021] DLA-2528-1 gst-plugins-bad1.0 - security update
+ {CVE-2021-3185}
+ [stretch] - gst-plugins-bad1.0 1.10.4-1+deb9u1
+[18 Jan 2021] DLA-2527-1 snapd - security update
+ {CVE-2019-11840}
+ [stretch] - snapd 2.21-2+deb9u1
+[15 Jan 2021] DLA-2526-1 ruby-redcarpet - security update
+ {CVE-2020-26298}
+ [stretch] - ruby-redcarpet 3.3.4-2+deb9u1
+[15 Jan 2021] DLA-2525-1 wavpack - security update
+ {CVE-2018-19840 CVE-2018-19841 CVE-2019-11498 CVE-2019-1010315 CVE-2019-1010317 CVE-2019-1010319 CVE-2020-35738}
+ [stretch] - wavpack 5.0.0-2+deb9u3
+[13 Jan 2021] DLA-2524-1 spice-vdagent - security update
+ {CVE-2017-15108 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653}
+ [stretch] - spice-vdagent 0.17.0-1+deb9u1
+[12 Jan 2021] DLA-2523-1 imagemagick - security update
+ {CVE-2017-14528 CVE-2020-19667 CVE-2020-25665 CVE-2020-25674 CVE-2020-27560 CVE-2020-27750 CVE-2020-27760 CVE-2020-27763 CVE-2020-27765 CVE-2020-27773 CVE-2020-29599}
+ [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u11
+[12 Jan 2021] DLA-2522-1 coturn - security update
+ {CVE-2020-26262}
+ [stretch] - coturn 4.5.0.5-1+deb9u3
+[08 Jan 2021] DLA-2521-1 firefox-esr - security update
+ {CVE-2020-16044}
+ [stretch] - firefox-esr 78.6.1esr-1~deb9u1
+[07 Jan 2021] DLA-2520-1 golang-websocket - security update
+ {CVE-2020-27813}
+ [stretch] - golang-websocket 1.1.0-1+deb9u1
+[06 Jan 2021] DLA-2519-1 pacemaker - security update
+ {CVE-2018-16877 CVE-2018-16878 CVE-2020-25654}
+ [stretch] - pacemaker 1.1.24-0+deb9u1
+[06 Jan 2021] DLA-2518-1 cairo - security update
+ {CVE-2020-35492}
+ [stretch] - cairo 1.14.8-1+deb9u1
+[05 Jan 2021] DLA-2517-1 dovecot - security update
+ {CVE-2020-24386 CVE-2020-25275}
+ [stretch] - dovecot 1:2.2.27-3+deb9u7
+[04 Jan 2021] DLA-2516-1 gssproxy - security update
+ {CVE-2020-12658}
+ [stretch] - gssproxy 0.5.1-2+deb9u1
+[04 Jan 2021] DLA-2515-1 csync2 - security update
+ {CVE-2019-15523}
+ [stretch] - csync2 2.0-8-g175a01c-4+deb9u2
+[04 Jan 2021] DLA-2514-1 flac - security update
+ {CVE-2017-6888 CVE-2020-0499}
+ [stretch] - flac 1.3.2-2+deb9u1
+[04 Jan 2021] DLA-2513-1 p11-kit - security update
+ {CVE-2020-29361 CVE-2020-29362}
+ [stretch] - p11-kit 0.23.3-2+deb9u1
+[03 Jan 2021] DLA-2512-1 libhibernate3-java - security update
+ {CVE-2020-25638}
+ [stretch] - libhibernate3-java 3.6.10.Final-6+deb9u1
+[30 Dec 2020] DLA-2511-1 highlight.js - security update
+ {CVE-2020-26237}
+ [stretch] - highlight.js 8.2+ds-5+deb9u1
+[29 Dec 2020] DLA-2510-1 libdatetime-timezone-perl - new upstream version
+ [stretch] - libdatetime-timezone-perl 1:2.09-1+2020e
+[29 Dec 2020] DLA-2509-1 tzdata - new upstream version
+ [stretch] - tzdata 2020e-0+deb9u1
+[28 Dec 2020] DLA-2508-1 roundcube - security update
+ {CVE-2020-35730}
+ [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u8
+[31 Dec 2020] DLA-2507-1 libxstream-java - security update
+ {CVE-2020-26258 CVE-2020-26259}
+ [stretch] - libxstream-java 1.4.11.1-1+deb9u1
+[26 Dec 2020] DLA-2488-2 python-apt - regression update
+ [stretch] - python-apt 1.4.3
+[23 Dec 2020] DLA-2506-1 awstats - security update
+ {CVE-2020-29600 CVE-2020-35176}
+ [stretch] - awstats 7.6+dfsg-1+deb9u2
+[23 Dec 2020] DLA-2505-1 spip - security update
+ {CVE-2020-28984}
+ [stretch] - spip 3.1.4-4~deb9u4
+[22 Dec 2020] DLA-2504-1 mediawiki - security update
+ {CVE-2020-15005 CVE-2020-35477 CVE-2020-35479 CVE-2020-35480}
+ [stretch] - mediawiki 1:1.27.7-1~deb9u7
+[22 Dec 2020] DLA-2412-2 openjdk-8 - regression update
+ [stretch] - openjdk-8 8u275-b01-1~deb9u1
+[21 Dec 2020] DLA-2503-1 node-ini - security update
+ {CVE-2020-7788}
+ [stretch] - node-ini 1.1.0-1+deb9u1
+[20 Dec 2020] DLA-2502-1 postsrsd - security update
+ {CVE-2020-35573}
+ [stretch] - postsrsd 1.4-1+deb9u1
+[20 Dec 2020] DLA-2501-1 influxdb - security update
+ {CVE-2019-20933}
+ [stretch] - influxdb 1.1.1+dfsg1-4+deb9u1
+[18 Dec 2020] DLA-2500-1 curl - security update
+ {CVE-2020-8284 CVE-2020-8285 CVE-2020-8286}
+ [stretch] - curl 7.52.1-5+deb9u13
+[18 Dec 2020] DLA-2467-2 lxml - regression update
+ [stretch] - lxml 3.7.1-1+deb9u3
+[17 Dec 2020] DLA-2499-1 sympa - security update
+ {CVE-2020-29668}
+ [stretch] - sympa 6.2.16~dfsg-3+deb9u5
+[17 Dec 2020] DLA-2498-1 xerces-c - security update
+ [stretch] - xerces-c 3.1.4+debian-2+deb9u2
+[17 Dec 2020] DLA-2497-1 thunderbird - security update
+ {CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113}
+ [stretch] - thunderbird 1:78.6.0-1~deb9u1
+[16 Dec 2020] DLA-2496-1 firefox-esr - security update
+ {CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113}
+ [stretch] - firefox-esr 78.6.0esr-1~deb9u1
+[16 Dec 2020] DLA-2495-1 tomcat8 - security update
+ {CVE-2020-17527}
+ [stretch] - tomcat8 8.5.54-0+deb9u5
+[14 Dec 2020] DLA-2494-1 linux - security update
+ {CVE-2020-0427 CVE-2020-8694 CVE-2020-14351 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 CVE-2020-27673 CVE-2020-27675 CVE-2020-28974}
+ [stretch] - linux 4.9.246-1
+[14 Dec 2020] DLA-2493-1 openssl1.0 - security update
+ {CVE-2020-1971}
+ [stretch] - openssl1.0 1.0.2u-1~deb9u3
+[14 Dec 2020] DLA-2492-1 openssl - security update
+ {CVE-2020-1971}
+ [stretch] - openssl 1.1.0l-1~deb9u2
+[13 Dec 2020] DLA-2491-1 openexr - security update
+ {CVE-2020-16588 CVE-2020-16589}
+ [stretch] - openexr 2.2.0-11+deb9u2
+[10 Dec 2020] DLA-2490-1 x11vnc - security update
+ {CVE-2020-29074}
+ [stretch] - x11vnc 0.9.13-2+deb9u2
+[10 Dec 2020] DLA-2489-1 minidlna - security update
+ {CVE-2020-12695 CVE-2020-28926}
+ [stretch] - minidlna 1.1.6+dfsg-1+deb9u1
+[10 Dec 2020] DLA-2340-2 sqlite3 - regression update
+ {CVE-2019-20218}
+ [stretch] - sqlite3 3.16.2-5+deb9u3
+[10 Dec 2020] DLA-2488-1 python-apt - security update
+ {CVE-2020-27351}
+ [stretch] - python-apt 1.4.2
+[10 Dec 2020] DLA-2487-1 apt - security update
+ {CVE-2020-27350}
+ [stretch] - apt 1.4.11
+[09 Dec 2020] DLA-2486-1 xorg-server - security update
+ {CVE-2020-14360 CVE-2020-25712}
+ [stretch] - xorg-server 2:1.19.2-1+deb9u7
+[09 Dec 2020] DLA-2485-1 golang-golang-x-net-dev - security update
+ {CVE-2019-9512 CVE-2019-9514}
+ [stretch] - golang-golang-x-net-dev 1:0.0+git20161013.8b4af36+dfsg-3+deb9u1
+[07 Dec 2020] DLA-2484-1 python-certbot - switch to ACMEv2 API
+ [stretch] - python-certbot 0.28.0-1~deb9u3
+[05 Dec 2020] DLA-2483-1 linux-4.19 - security update
+ {CVE-2019-19039 CVE-2019-19377 CVE-2019-19770 CVE-2019-19816 CVE-2020-0423 CVE-2020-4788 CVE-2020-8694 CVE-2020-14351 CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 CVE-2020-27673 CVE-2020-27675 CVE-2020-27777 CVE-2020-28941 CVE-2020-28974}
+ [stretch] - linux-4.19 4.19.160-2~deb9u1
+[04 Dec 2020] DLA-2482-1 debian-security-support - security update
+ [stretch] - debian-security-support 1:9+2020.12.04
+[04 Dec 2020] DLA-2481-1 openldap - security update
+ {CVE-2020-25709 CVE-2020-25710}
+ [stretch] - openldap 2.4.44+dfsg-5+deb9u6
+[04 Dec 2020] DLA-2480-1 salt - security update
+ {CVE-2020-16846 CVE-2020-17490 CVE-2020-25592}
+ [stretch] - salt 2016.11.2+ds-1+deb9u6
+[04 Dec 2020] DLA-2479-1 thunderbird - security update
+ {CVE-2020-26970}
+ [stretch] - thunderbird 1:78.5.1-1~deb9u1
+[02 Dec 2020] DLA-2478-1 postgresql-9.6 - security update
+ {CVE-2020-25694 CVE-2020-25695 CVE-2020-25696}
+ [stretch] - postgresql-9.6 9.6.20-0+deb9u1
+[02 Dec 2020] DLA-2477-1 jupyter-notebook - security update
+ {CVE-2020-26215}
+ [stretch] - jupyter-notebook 4.2.3-4+deb9u2
+[01 Dec 2020] DLA-2476-1 brotli - security update
+ {CVE-2020-8927}
+ [stretch] - brotli 0.5.2+dfsg-2+deb9u1
+[01 Dec 2020] DLA-2475-1 pdfresurrect - security update
+ {CVE-2019-14934 CVE-2020-20740}
+ [stretch] - pdfresurrect 0.12-6+deb9u1
+[01 Dec 2020] DLA-2474-1 musl - security update
+ {CVE-2020-28928}
+ [stretch] - musl 1.1.16-3+deb9u1
+[30 Nov 2020] DLA-2473-1 vips - security update
+ {CVE-2020-20739}
+ [stretch] - vips 8.4.5-1+deb9u2
+[30 Nov 2020] DLA-2472-1 mutt - security update
+ {CVE-2020-28896}
+ [stretch] - mutt 1.7.2-1+deb9u4
+[30 Nov 2020] DLA-2471-1 libxstream-java - security update
+ {CVE-2020-26217}
+ [stretch] - libxstream-java 1.4.9-2+deb9u1
+[30 Nov 2020] DLA-2470-1 zsh - security update
+ {CVE-2017-18206 CVE-2018-0502 CVE-2018-1071 CVE-2018-1083 CVE-2018-1100 CVE-2018-13259 CVE-2019-20044}
+ [stretch] - zsh 5.3.1-4+deb9u1
+[29 Nov 2020] DLA-2469-1 qemu - security update
+ {CVE-2020-25085 CVE-2020-25624 CVE-2020-25625 CVE-2020-25723 CVE-2020-27617}
+ [stretch] - qemu 1:2.8+dfsg-6+deb9u12
+[29 Nov 2020] DLA-2468-1 tcpflow - security update
+ {CVE-2018-14938}
+ [stretch] - tcpflow 1.4.4+repack1-3+deb8u1
+[26 Nov 2020] DLA-2467-1 lxml - security update
+ {CVE-2018-19787 CVE-2020-27783}
+ [stretch] - lxml 3.7.1-1+deb9u1
+[26 Nov 2020] DLA-2466-1 drupal7 - security update
+ {CVE-2020-28948 CVE-2020-28949}
+ [stretch] - drupal7 7.52-2+deb9u13
+[23 Nov 2020] DLA-2465-1 php-pear - security update
+ {CVE-2020-28948 CVE-2020-28949}
+ [stretch] - php-pear 1:1.10.1+submodules+notgz-9+deb9u2
+[23 Nov 2020] DLA-2464-1 thunderbird - security update
+ {CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968}
+ [stretch] - thunderbird 1:78.5.0-1~deb9u1
+[22 Nov 2020] DLA-2463-1 samba - security update
+ {CVE-2020-1472 CVE-2020-10704 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 CVE-2020-14318 CVE-2020-14323 CVE-2020-14383}
+ [stretch] - samba 2:4.5.16+dfsg-1+deb9u3
+[23 Nov 2020] DLA-2462-1 cimg - security update
+ {CVE-2020-25693}
+ [stretch] - cimg 1.7.9+dfsg-1+deb9u2
+[21 Nov 2020] DLA-2461-1 zabbix - security update
+ {CVE-2016-10742 CVE-2020-11800}
+ [stretch] - zabbix 1:3.0.31+dfsg-0+deb9u1
+[21 Nov 2020] DLA-2460-1 golang-1.8 - security update
+ {CVE-2020-15586 CVE-2020-16845 CVE-2020-28367}
+ [stretch] - golang-1.8 1.8.1-1+deb9u2
+[21 Nov 2020] DLA-2459-1 golang-1.7 - security update
+ {CVE-2020-15586 CVE-2020-16845}
+ [stretch] - golang-1.7 1.7.4-2+deb9u2
+[21 Nov 2020] DLA-2379-3 mediawiki - regression update
+ [stretch] - mediawiki 1:1.27.7-1~deb9u6
+[19 Nov 2020] DLA-2458-1 drupal7 - security update
+ {CVE-2020-13666 CVE-2020-13671}
+ [stretch] - drupal7 7.52-2+deb9u12
+[19 Nov 2020] DLA-2457-1 firefox-esr - security update
+ {CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968}
+ [stretch] - firefox-esr 78.5.0esr-1~deb9u1
+[18 Nov 2020] DLA-2456-1 python3.5 - security update
+ {CVE-2019-20907 CVE-2020-26116}
+ [stretch] - python3.5 3.5.3-1+deb9u3
+[19 Nov 2020] DLA-2455-1 packer - security update
+ {CVE-2020-9283}
+ [stretch] - packer 0.10.2+dfsg-6+deb9u1
+[19 Nov 2020] DLA-2454-1 rclone - security update
+ {CVE-2019-11840}
+ [stretch] - rclone 1.35-1+deb8u1
+[17 Nov 2020] DLA-2447-2 pacemaker - regression update
+ [stretch] - pacemaker 1.1.16-1+deb9u2
+[17 Nov 2020] DLA-2453-1 restic - security update
+ {CVE-2020-9283}
+ [stretch] - restic 0.3.3-1+deb9u1
+[17 Nov 2020] DLA-2452-2 libdatetime-timezone-perl - regression update
+ [stretch] - libdatetime-timezone-perl 1:2.09-1+2020d+1
+[16 Nov 2020] DLA-2452-1 libdatetime-timezone-perl - new upstream version
+ [stretch] - libdatetime-timezone-perl 1:2.09-1+2020d
+[15 Nov 2020] DLA-2451-1 libvncserver - security update
+ {CVE-2020-25708}
+ [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u6
+[13 Nov 2020] DLA-2450-1 libproxy - security update
+ {CVE-2020-26154}
+ [stretch] - libproxy 0.4.14-2+deb9u2
+[13 Nov 2020] DLA-2449-1 thunderbird - security update
+ {CVE-2020-26950}
+ [stretch] - thunderbird 1:78.4.2-1~deb9u1
+[11 Nov 2020] DLA-2448-1 firefox-esr - security update
+ {CVE-2020-26950}
+ [stretch] - firefox-esr 78.4.1esr-1~deb9u1
+[11 Nov 2020] DLA-2447-1 pacemaker - security update
+ [stretch] - pacemaker 1.1.16-1+deb9u1
+[10 Nov 2020] DLA-2446-1 moin - security update
+ {CVE-2020-15275 CVE-2020-25074}
+ [stretch] - moin 1.9.9-1+deb9u2
+[10 Nov 2020] DLA-2445-1 libmaxminddb - security update
+ {CVE-2020-28241}
+ [stretch] - libmaxminddb 1.2.0-1+deb9u1
+[10 Nov 2020] DLA-2444-1 tcpdump - security update
+ {CVE-2020-8037}
+ [stretch] - tcpdump 4.9.3-1~deb9u2
+[10 Nov 2020] DLA-2443-1 zeromq3 - security update
+ {CVE-2020-15166}
+ [stretch] - zeromq3 4.2.1-4+deb9u3
+[10 Nov 2020] DLA-2442-1 obfs4proxy - security update
+ {CVE-2019-11840}
+ [stretch] - obfs4proxy 0.0.7-1+deb8u1
+[09 Nov 2020] DLA-2441-1 sympa - security update
+ {CVE-2018-1000671}
+ [stretch] - sympa 6.2.16~dfsg-3+deb9u4
+[08 Nov 2020] DLA-2440-1 poppler - security update
+ {CVE-2017-14926 CVE-2017-14928 CVE-2018-19058 CVE-2018-20650 CVE-2018-20662 CVE-2019-7310 CVE-2019-9959 CVE-2019-10018 CVE-2019-14494}
+ [stretch] - poppler 0.48.0-2+deb9u4
+[07 Nov 2020] DLA-2439-1 libexif - security update
+ {CVE-2020-0452}
+ [stretch] - libexif 0.6.21-2+deb9u5
+[07 Nov 2020] DLA-2438-1 raptor2 - security update
+ {CVE-2017-18926}
+ [stretch] - raptor2 2.0.14-1+deb9u1
+[07 Nov 2020] DLA-2437-1 krb5 - security update
+ {CVE-2020-28196}
+ [stretch] - krb5 1.15-1+deb9u2
+[06 Nov 2020] DLA-2436-1 sddm - security update
+ {CVE-2020-28049}
+ [stretch] - sddm 0.14.0-4+deb9u2
+[05 Nov 2020] DLA-2435-1 guacamole-server - security update
+ {CVE-2020-9497 CVE-2020-9498}
+ [stretch] - guacamole-server 0.9.9-2+deb9u1
+[05 Nov 2020] DLA-2434-1 gdm3 - security update
+ {CVE-2020-16125}
+ [stretch] - gdm3 3.22.3-3+deb9u3
+[05 Nov 2020] DLA-2433-1 bouncycastle - security update
+ {CVE-2020-26939}
+ [stretch] - bouncycastle 1.56-1+deb9u3
+[04 Nov 2020] DLA-2432-1 jupyter-notebook - security update
+ {CVE-2018-8768 CVE-2018-19351 CVE-2018-21030}
+ [stretch] - jupyter-notebook 4.2.3-4+deb9u1
+[03 Nov 2020] DLA-2431-1 libonig - security update
+ {CVE-2019-13224 CVE-2019-16163 CVE-2019-19012 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246}
+ [stretch] - libonig 6.1.3-2+deb9u1
+[03 Nov 2020] DLA-2430-1 blueman - security update
+ {CVE-2020-15238}
+ [stretch] - blueman 2.0.4-1+deb9u1
+[03 Nov 2020] DLA-2429-1 wordpress - security update
+ {CVE-2020-28032 CVE-2020-28033 CVE-2020-28034 CVE-2020-28035 CVE-2020-28036 CVE-2020-28037 CVE-2020-28038 CVE-2020-28039 CVE-2020-28040}
+ [stretch] - wordpress 4.7.19+dfsg-1+deb9u1
+[01 Nov 2020] DLA-2428-1 spice-gtk - security update
+ {CVE-2020-14355}
+ [stretch] - spice-gtk 0.33-3.3+deb9u2
+[01 Nov 2020] DLA-2427-1 spice - security update
+ {CVE-2020-14355}
+ [stretch] - spice 0.12.8-2.1+deb9u4
+[01 Nov 2020] DLA-2426-1 junit4 - security update
+ {CVE-2020-15250}
+ [stretch] - junit4 4.12-4+deb9u1
+[01 Nov 2020] DLA-2425-1 openldap - security update
+ {CVE-2020-25692}
+ [stretch] - openldap 2.4.44+dfsg-5+deb9u5
+[31 Oct 2020] DLA-2424-1 tzdata - new upstream version
+ [stretch] - tzdata 2020d-0+deb9u1
+[31 Oct 2020] DLA-2423-1 wireshark - security update
+ {CVE-2019-10894 CVE-2019-10895 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 CVE-2019-12295}
+ [stretch] - wireshark 2.6.8-1.1~deb9u1
+[31 Oct 2020] DLA-2422-1 qtsvg-opensource-src - security update
+ {CVE-2018-19869}
+ [stretch] - qtsvg-opensource-src 5.7.1~20161021-2.1
+[30 Oct 2020] DLA-2421-1 cimg - security update
+ {CVE-2018-7588 CVE-2018-7589 CVE-2018-7637 CVE-2018-7638 CVE-2018-7639 CVE-2018-7640 CVE-2018-7641 CVE-2019-1010174}
+ [stretch] - cimg 1.7.9+dfsg-1+deb9u1
+[29 Oct 2020] DLA-2420-1 linux - security update
+ {CVE-2019-9445 CVE-2019-19073 CVE-2019-19074 CVE-2019-19448 CVE-2020-12351 CVE-2020-12352 CVE-2020-12655 CVE-2020-12771 CVE-2020-12888 CVE-2020-14305 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-14390 CVE-2020-15393 CVE-2020-16166 CVE-2020-24490 CVE-2020-25211 CVE-2020-25212 CVE-2020-25220 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-26088}
+ [stretch] - linux 4.9.240-1
+[29 Oct 2020] DLA-2419-1 dompurify.js - security update
+ {CVE-2019-16728 CVE-2020-26870}
+ [stretch] - dompurify.js 0.8.2~dfsg1-1+deb9u1
+[29 Oct 2020] DLA-2418-1 libsndfile - security update
+ {CVE-2017-6892 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2018-19661 CVE-2018-19662 CVE-2018-19758 CVE-2019-3832}
+ [stretch] - libsndfile 1.0.27-3+deb9u1
+[27 Oct 2020] DLA-2417-1 linux-4.19 - security update
+ {CVE-2020-12351 CVE-2020-12352 CVE-2020-25211 CVE-2020-25643 CVE-2020-25645}
+ [stretch] - linux-4.19 4.19.152-1~deb9u1
+[27 Oct 2020] DLA-2416-1 thunderbird - security update
+ {CVE-2020-15683 CVE-2020-15969}
+ [stretch] - thunderbird 1:78.4.0-1~deb9u1
+[25 Oct 2020] DLA-2415-1 freetype - security update
+ {CVE-2020-15999}
+ [stretch] - freetype 2.6.3-3.2+deb9u2
+[25 Oct 2020] DLA-2414-1 fastd - security update
+ {CVE-2020-27638}
+ [stretch] - fastd 18-2+deb9u1
+[25 Oct 2020] DLA-2413-1 phpmyadmin - security update
+ {CVE-2019-19617 CVE-2020-26934 CVE-2020-26935}
+ [stretch] - phpmyadmin 4:4.6.6-4+deb9u2
+[23 Oct 2020] DLA-2412-1 openjdk-8 - security update
+ {CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803}
+ [stretch] - openjdk-8 8u272-b10-0+deb9u1
+[21 Oct 2020] DLA-2411-1 firefox-esr - security update
+ {CVE-2020-15683 CVE-2020-15969}
+ [stretch] - firefox-esr 78.4.0esr-1~deb9u1
+[21 Oct 2020] DLA-2410-1 bluez - security update
+ {CVE-2020-27153}
+ [stretch] - bluez 5.43-2+deb9u3
+[21 Oct 2020] DLA-2409-1 mariadb-10.1 - security update
+ {CVE-2020-15180}
+ [stretch] - mariadb-10.1 10.1.47-0+deb9u1
+[17 Oct 2020] DLA-2408-1 thunderbird - security update
+ {CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678}
+ [stretch] - thunderbird 1:78.3.1-2~deb9u1
+[14 Oct 2020] DLA-2407-1 tomcat8 - security update
+ {CVE-2020-13943}
+ [stretch] - tomcat8 8.5.54-0+deb9u4
+[14 Oct 2020] DLA-2406-1 jackson-databind - security update
+ {CVE-2020-25649}
+ [stretch] - jackson-databind 2.8.6-1+deb9u8
+[10 Oct 2020] DLA-2405-1 httpcomponents-client - security update
+ {CVE-2020-13956}
+ [stretch] - httpcomponents-client 4.5.2-2+deb9u1
+[09 Oct 2020] DLA-2404-1 eclipse-wtp - security update
+ {CVE-2019-17637}
+ [stretch] - eclipse-wtp 3.6.3-3+deb9u1
+[09 Oct 2020] DLA-2403-1 rails - security update
+ {CVE-2020-15169}
+ [stretch] - rails 2:4.2.7.1-1+deb9u4
+[08 Oct 2020] DLA-2402-1 golang-go.crypto - security update
+ {CVE-2019-11840 CVE-2019-11841 CVE-2020-9283}
+ [stretch] - golang-go.crypto 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1
+[07 Oct 2020] DLA-2401-1 sympa - security update
+ {CVE-2020-10936 CVE-2020-26932}
+ [stretch] - sympa 6.2.16~dfsg-3+deb9u3
+[07 Oct 2020] DLA-2400-1 activemq - security update
+ {CVE-2020-13920}
+ [stretch] - activemq 5.14.3-3+deb9u1
+[07 Oct 2020] DLA-2399-1 packagekit - security update
+ {CVE-2020-16121 CVE-2020-16122}
+ [stretch] - packagekit 1.1.5-2+deb9u2
+[07 Oct 2020] DLA-2332-2 sane-backends - regression update
+ [stretch] - sane-backends 1.0.25-4.1+deb9u2
+[07 Oct 2020] DLA-2398-1 puma - security update
+ {CVE-2020-11076 CVE-2020-11077}
+ [stretch] - puma 3.6.0-1+deb9u1
+[06 Oct 2020] DLA-2397-1 php7.0 - security update
+ {CVE-2020-7070}
+ [stretch] - php7.0 7.0.33-0+deb9u10
+[06 Oct 2020] DLA-2396-1 tigervnc - security update
+ {CVE-2020-26117}
+ [stretch] - tigervnc 1.7.0+dfsg-7+deb9u2
+[02 Oct 2020] DLA-2395-1 libvirt - security update
+ {CVE-2020-25637}
+ [stretch] - libvirt 3.0.0-4+deb9u5
+[02 Oct 2020] DLA-2394-1 squid3 - security update
+ {CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606}
+ [stretch] - squid3 3.5.23-5+deb9u5
+[01 Oct 2020] DLA-2393-1 snmptt - security update
+ {CVE-2020-24361}
+ [stretch] - snmptt 1.4-1+deb9u1
+[01 Oct 2020] DLA-2392-1 jruby - security update
+ {CVE-2020-25613}
+ [stretch] - jruby 1.7.26-1+deb9u3
+[01 Oct 2020] DLA-2391-1 ruby2.3 - security update
+ {CVE-2020-25613}
+ [stretch] - ruby2.3 2.3.3-1+deb9u9
+[01 Oct 2020] DLA-2390-1 ruby-json-jwt - security update
+ {CVE-2019-18848}
+ [stretch] - ruby-json-jwt 1.6.2-1+deb9u2
+[01 Oct 2020] DLA-2389-1 ruby-rack-cors - security update
+ {CVE-2019-18978}
+ [stretch] - ruby-rack-cors 0.4.0-1+deb9u2
+[29 Sep 2020] DLA-2387-2 firefox-esr - regression update
+ [stretch] - firefox-esr 78.3.0esr-1~deb9u2
+[29 Sep 2020] DLA-2388-1 nss - security update
+ {CVE-2018-12404 CVE-2018-18508 CVE-2019-11719 CVE-2019-11729 CVE-2019-11745 CVE-2019-17006 CVE-2019-17007 CVE-2020-6829 CVE-2020-12399 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403}
+ [stretch] - nss 2:3.26.2-1.1+deb9u2
+[28 Sep 2020] DLA-2387-1 firefox-esr - security update
+ {CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678}
+ [stretch] - firefox-esr 78.3.0esr-1~deb9u1
+[28 Sep 2020] DLA-2379-2 mediawiki - regression update
+ [stretch] - mediawiki 1:1.27.7-1~deb9u5
+[28 Sep 2020] DLA-2386-1 libdbi-perl - security update
+ {CVE-2019-20919 CVE-2020-14392 CVE-2020-14393}
+ [stretch] - libdbi-perl 1.636-1+deb9u1
+[26 Sep 2020] DLA-2385-1 linux-4.19 - security update
+ {CVE-2019-3874 CVE-2019-19448 CVE-2019-19813 CVE-2019-19816 CVE-2020-10781 CVE-2020-12888 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14385 CVE-2020-14386 CVE-2020-14390 CVE-2020-16166 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-26088}
+ [stretch] - linux-4.19 4.19.146-1~deb9u1
+[26 Sep 2020] DLA-2384-1 yaws - security update
+ {CVE-2020-24379 CVE-2020-24916}
+ [stretch] - yaws 2.0.4+dfsg-1+deb9u1
+[26 Sep 2020] DLA-2383-1 nfdump - security update
+ {CVE-2019-14459 CVE-2019-1010057}
+ [stretch] - nfdump 1.6.15-3+deb9u1
+[26 Sep 2020] DLA-2382-1 curl - security update
+ {CVE-2020-8231}
+ [stretch] - curl 7.52.1-5+deb9u12
+[26 Sep 2020] DLA-2381-1 lua5.3 - security update
+ {CVE-2020-24370}
+ [stretch] - lua5.3 5.3.3-1+deb9u1
+[26 Sep 2020] DLA-2380-1 ruby-gon - security update
+ {CVE-2020-25739}
+ [stretch] - ruby-gon 6.1.0-1+deb9u1
+[25 Sep 2020] DLA-2379-1 mediawiki - security update
+ {CVE-2020-25813 CVE-2020-25814 CVE-2020-25827 CVE-2020-25828}
+ [stretch] - mediawiki 1:1.27.7-1~deb9u4
+[25 Sep 2020] DLA-2378-1 openssl1.0 - security update
+ {CVE-2020-1968}
+ [stretch] - openssl1.0 1.0.2u-1~deb9u2
+[21 Sep 2020] DLA-2377-1 qt4-x11 - security update
+ {CVE-2018-15518 CVE-2018-19869 CVE-2018-19870 CVE-2018-19871 CVE-2018-19872 CVE-2018-19873 CVE-2020-17507}
+ [stretch] - qt4-x11 4:4.8.7+dfsg-11+deb9u1
+[21 Sep 2020] DLA-2376-1 qtbase-opensource-src - security update
+ {CVE-2018-19872 CVE-2020-17507}
+ [stretch] - qtbase-opensource-src 5.7.1+dfsg-3+deb9u3
+[19 Sep 2020] DLA-2375-1 inspircd - security update
+ {CVE-2019-20917 CVE-2020-25269}
+ [stretch] - inspircd 2.0.23-2+deb9u1
+[15 Sep 2020] DLA-2374-1 gnome-shell - security update
+ {CVE-2020-17489}
+ [stretch] - gnome-shell 3.22.3-3+deb9u1
+[13 Sep 2020] DLA-2373-1 qemu - security update
+ {CVE-2020-1711 CVE-2020-13253 CVE-2020-14364 CVE-2020-16092}
+ [stretch] - qemu 1:2.8+dfsg-6+deb9u11
+[12 Sep 2020] DLA-2372-1 libproxy - security update
+ {CVE-2020-25219}
+ [stretch] - libproxy 0.4.14-2+deb9u1
+[11 Sep 2020] DLA-2371-1 wordpress - security update
+ {CVE-2019-17670 CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050 CVE-2020-25286}
+ [stretch] - wordpress 4.7.18+dfsg-1+deb9u1
+[11 Sep 2020] DLA-2370-1 python-pip - security update
+ {CVE-2019-20916}
+ [stretch] - python-pip 9.0.1-2+deb9u2
+[09 Sep 2020] DLA-2369-1 libxml2 - security update
+ {CVE-2017-8872 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567 CVE-2019-19956 CVE-2019-20388 CVE-2020-7595 CVE-2020-24977}
+ [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u3
+[09 Sep 2020] DLA-2368-1 grunt - security update
+ {CVE-2020-7729}
+ [stretch] - grunt 1.0.1-5+deb9u1
+[07 Sep 2020] DLA-2367-1 lemonldap-ng - security update
+ {CVE-2020-24660}
+ [stretch] - lemonldap-ng 1.9.7-3+deb9u4
+[07 Sep 2020] DLA-2366-1 imagemagick - security update
+ {CVE-2017-12140 CVE-2017-12429 CVE-2017-12430 CVE-2017-12435 CVE-2017-12563 CVE-2017-12643 CVE-2017-12674 CVE-2017-12691 CVE-2017-12692 CVE-2017-12693 CVE-2017-12806 CVE-2017-12875 CVE-2017-13061 CVE-2017-13133 CVE-2017-13658 CVE-2017-13768 CVE-2017-14060 CVE-2017-14172 CVE-2017-14173 CVE-2017-14174 CVE-2017-14175 CVE-2017-14249 CVE-2017-14341 CVE-2017-14400 CVE-2017-14505 CVE-2017-14532 CVE-2017-14624 CVE-2017-14625 CVE-2017-14626 CVE-2017-14739 CVE-2017-14741 CVE-2017-15015 CVE-2017-15017 CVE-2017-15281 CVE-2017-17682 CVE-2017-17914 CVE-2017-18209 CVE-2017-18211 CVE-2017-18271 CVE-2017-18273 CVE-2017-1000445 CVE-2017-1000476 CVE-2018-16643 CVE-2018-16749 CVE-2018-18025 CVE-2019-11598 CVE-2019-13135 CVE-2019-13308 CVE-2019-13391 CVE-2019-15139}
+ [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u10
+[04 Sep 2020] DLA-2278-3 squid3 - regression update
+ [stretch] - squid3 3.5.23-5+deb9u4
+[04 Sep 2020] DLA-2365-1 netty-3.9 - security update
+ {CVE-2019-16869 CVE-2019-20444 CVE-2019-20445}
+ [stretch] - netty-3.9 3.9.9.Final-1+deb9u1
+[04 Sep 2020] DLA-2364-1 netty - security update
+ {CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 CVE-2020-11612}
+ [stretch] - netty 1:4.1.7-2+deb9u2
+[03 Sep 2020] DLA-2363-1 asyncpg - security update
+ {CVE-2020-17446}
+ [stretch] - asyncpg 0.8.4-1+deb9u1
+[03 Sep 2020] DLA-2362-1 uwsgi - security update
+ {CVE-2020-11984}
+ [stretch] - uwsgi 2.0.14+20161117-3+deb9u3
+[01 Sep 2020] DLA-2361-1 libx11 - security update
+ {CVE-2020-14363}
+ [stretch] - libx11 2:1.6.4-3+deb9u3
+[31 Aug 2020] DLA-2360-1 thunderbird - security update
+ {CVE-2020-15664 CVE-2020-15669}
+ [stretch] - thunderbird 1:68.12.0-1~deb9u1
+[30 Aug 2020] DLA-2359-1 xorg-server - security update
+ {CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14361 CVE-2020-14362}
+ [stretch] - xorg-server 2:1.19.2-1+deb9u6
+[30 Aug 2020] DLA-2358-1 openexr - security update
+ {CVE-2017-9110 CVE-2017-9111 CVE-2017-9112 CVE-2017-9113 CVE-2017-9114 CVE-2017-9115 CVE-2017-9116 CVE-2017-12596 CVE-2018-18444 CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 CVE-2020-15305 CVE-2020-15306}
+ [stretch] - openexr 2.2.0-11+deb9u1
+[30 Aug 2020] DLA-2357-1 ros-actionlib - security update
+ {CVE-2020-10289}
+ [stretch] - ros-actionlib 1.11.7-1+deb9u1
+[30 Aug 2020] DLA-2356-1 freerdp - security update
+ {CVE-2014-0791 CVE-2020-11042 CVE-2020-11045 CVE-2020-11046 CVE-2020-11048 CVE-2020-11058 CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397 CVE-2020-13398}
+ [stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4
+[29 Aug 2020] DLA-2355-1 bind9 - security update
+ {CVE-2020-8622 CVE-2020-8623}
+ [stretch] - bind9 1:9.10.3.dfsg.P4-12.3+deb9u7
+[29 Aug 2020] DLA-2354-1 ndpi - security update
+ {CVE-2020-15476}
+ [stretch] - ndpi 1.8-1+deb9u1
+[29 Aug 2020] DLA-2353-1 bacula - security update
+ {CVE-2020-11061}
+ [stretch] - bacula 7.4.4+dfsg-6+deb9u2
+[29 Aug 2020] DLA-2352-1 php-horde-gollem - security update
+ {CVE-2017-15235}
+ [stretch] - php-horde-gollem 3.0.10-1+deb9u2
+[29 Aug 2020] DLA-2351-1 php-horde-kronolith - security update
+ {CVE-2017-16906}
+ [stretch] - php-horde-kronolith 4.2.19-1+deb9u2
+[29 Aug 2020] DLA-2350-1 php-horde-kronolith - security update
+ {CVE-2017-16908}
+ [stretch] - php-horde-kronolith 4.2.19-1+deb9u1
+[29 Aug 2020] DLA-2349-1 php-horde - security update
+ {CVE-2017-16907}
+ [stretch] - php-horde 5.2.13+debian0-1+deb9u3
+[29 Aug 2020] DLA-2348-1 php-horde-core - security update
+ {CVE-2017-16907}
+ [stretch] - php-horde-core 2.27.6+debian1-2+deb9u1
+[28 Aug 2020] DLA-2347-1 libvncserver - security update
+ {CVE-2019-20839 CVE-2020-14397 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-14405}
+ [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u5
+[27 Aug 2020] DLA-2346-1 firefox-esr - security update
+ {CVE-2020-15664 CVE-2020-15669}
+ [stretch] - firefox-esr 68.12.0esr-1~deb9u1
+[26 Aug 2020] DLA-2345-1 php7.0 - security update
+ {CVE-2020-7068}
+ [stretch] - php7.0 7.0.33-0+deb9u9
+[25 Aug 2020] DLA-2338-2 proftpd-dfsg - regression update
+ [stretch] - proftpd-dfsg 1.3.5e+r1.3.5b-4+deb9u2
+[24 Aug 2020] DLA-2344-1 mongodb - security update
+ {CVE-2020-7923}
+ [stretch] - mongodb 1:3.2.11-2+deb9u2
+[24 Aug 2020] DLA-2343-1 icingaweb2 - security update
+ {CVE-2020-24368}
+ [stretch] - icingaweb2 2.4.1-1+deb9u1
+[24 Aug 2020] DLA-2342-1 libjackson-json-java - security update
+ {CVE-2017-7525 CVE-2017-15095 CVE-2019-10172}
+ [stretch] - libjackson-json-java 1.9.2-8+deb9u1
+[24 Aug 2020] DLA-2341-1 inetutils - security update
+ {CVE-2020-10188}
+ [stretch] - inetutils 2:1.9.4-2+deb9u1
+[22 Aug 2020] DLA-2340-1 sqlite3 - security update
+ {CVE-2018-8740 CVE-2018-20346 CVE-2018-20506 CVE-2019-5827 CVE-2019-9936 CVE-2019-9937 CVE-2019-16168 CVE-2020-11655 CVE-2020-13434 CVE-2020-13630 CVE-2020-13632 CVE-2020-13871}
+ [stretch] - sqlite3 3.16.2-5+deb9u2
+[22 Aug 2020] DLA-2339-1 software-properties - security update
+ {CVE-2020-15709}
+ [stretch] - software-properties 0.96.20.2-1+deb9u1
+[22 Aug 2020] DLA-2338-1 proftpd-dfsg - security update
+ [stretch] - proftpd-dfsg 1.3.5e+r1.3.5b-4+deb9u1
+[22 Aug 2020] DLA-2337-1 python2.7 - security update
+ {CVE-2018-20852 CVE-2019-5010 CVE-2019-9636 CVE-2019-9740 CVE-2019-9947 CVE-2019-9948 CVE-2019-16056 CVE-2019-20907}
+ [stretch] - python2.7 2.7.13-2+deb9u4
+[22 Aug 2020] DLA-2336-1 firejail - security update
+ {CVE-2020-17367 CVE-2020-17368}
+ [stretch] - firejail 0.9.44.8-2+deb9u1
+[20 Aug 2020] DLA-2335-1 ghostscript - security update
+ {CVE-2020-16287 CVE-2020-16288 CVE-2020-16289 CVE-2020-16290 CVE-2020-16291 CVE-2020-16292 CVE-2020-16293 CVE-2020-16294 CVE-2020-16295 CVE-2020-16296 CVE-2020-16297 CVE-2020-16298 CVE-2020-16299 CVE-2020-16300 CVE-2020-16301 CVE-2020-16302 CVE-2020-16303 CVE-2020-16304 CVE-2020-16305 CVE-2020-16306 CVE-2020-16307 CVE-2020-16308 CVE-2020-16309 CVE-2020-16310 CVE-2020-17538}
+ [stretch] - ghostscript 9.26a~dfsg-0+deb9u7
+[19 Aug 2020] DLA-2334-1 ruby-websocket-extensions - security update
+ {CVE-2020-7663}
+ [stretch] - ruby-websocket-extensions 0.1.2-1+deb9u1
+[18 Aug 2020] DLA-2333-1 imagemagick - security update
+ {CVE-2017-12805 CVE-2017-17681 CVE-2017-18252 CVE-2018-7443 CVE-2018-8804 CVE-2018-8960 CVE-2018-9133 CVE-2018-10177 CVE-2018-14551 CVE-2018-18024 CVE-2018-20467 CVE-2019-10131 CVE-2019-11472 CVE-2019-11597 CVE-2019-12974 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13295 CVE-2019-13297 CVE-2019-11470 CVE-2019-13454 CVE-2019-14981 CVE-2019-19949}
+ [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u9
+[17 Aug 2020] DLA-2332-1 sane-backends - security update
+ {CVE-2020-12862 CVE-2020-12863 CVE-2020-12865 CVE-2020-12867}
+ [stretch] - sane-backends 1.0.25-4.1+deb9u1
+[17 Aug 2020] DLA-2331-1 postgresql-9.6 - security update
+ {CVE-2020-14350}
+ [stretch] - postgresql-9.6 9.6.19-0+deb9u1
+[16 Aug 2020] DLA-2330-1 jruby - security update
+ {CVE-2017-17742 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255}
+ [stretch] - jruby 1.7.26-1+deb9u2
+[16 Aug 2020] DLA-2329-1 libetpan - security update
+ {CVE-2020-15953}
+ [stretch] - libetpan 1.6-3+deb9u1
+[15 Aug 2020] DLA-2328-1 dovecot - security update
+ {CVE-2020-12100 CVE-2020-12673 CVE-2020-12674}
+ [stretch] - dovecot 1:2.2.27-3+deb9u6
+[15 Aug 2020] DLA-2327-1 lucene-solr - security update
+ {CVE-2019-0193}
+ [stretch] - lucene-solr 3.6.2+dfsg-10+deb9u3
+[15 Aug 2020] DLA-2326-1 htmlunit - security update
+ {CVE-2020-5529}
+ [stretch] - htmlunit 2.8-2+deb9u1
+[13 Aug 2020] DLA-2278-2 squid3 - regression update
+ [stretch] - squid3 3.5.23-5+deb9u3
+[13 Aug 2020] DLA-2325-1 openjdk-8 - security update
+ {CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621}
+ [stretch] - openjdk-8 8u265-b01-0+deb9u1
+[12 Aug 2020] DLA-2324-1 linux-latest-4.19 - new package
+ [stretch] - linux-latest-4.19 105+deb10u5~deb9u1
+[12 Aug 2020] DLA-2323-1 linux-4.19 - new package
+ {CVE-2019-18814 CVE-2019-18885 CVE-2019-20810 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-12655 CVE-2020-12771 CVE-2020-13974 CVE-2020-15393}
+ [stretch] - linux-4.19 4.19.132-1~deb9u2
+[11 Aug 2020] DLA-2322-1 roundcube - security update
+ {CVE-2020-16145}
+ [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u7
+[11 Aug 2020] DLA-2321-1 firmware-nonfree - new upstream version
+ [stretch] - firmware-nonfree 20190114-2~deb9u1
+[10 Aug 2020] DLA-2320-1 golang-github-seccomp-libseccomp-golang - security update
+ {CVE-2017-18367}
+ [stretch] - golang-github-seccomp-libseccomp-golang 0.0~git20150813.0.1b506fc-2+deb9u1
+[09 Aug 2020] DLA-2319-1 xrdp - security update
+ {CVE-2020-4044}
+ [stretch] - xrdp 0.9.1-9+deb9u4
+[09 Aug 2020] DLA-2318-1 wpa - security update
+ {CVE-2019-10064 CVE-2020-12695}
+ [stretch] - wpa 2:2.4-1+deb9u7
+[08 Aug 2020] DLA-2317-1 pillow - security update
+ {CVE-2020-10177}
+ [stretch] - pillow 4.0.0-4+deb9u2
+[08 Aug 2020] DLA-2316-1 ruby-kramdown - security update
+ {CVE-2020-14001}
+ [stretch] - ruby-kramdown 1.12.0-1+deb9u1
+[06 Aug 2020] DLA-2315-1 gupnp - security update
+ {CVE-2020-12695}
+ [stretch] - gupnp 1.0.1-1+deb9u1
+[06 Aug 2020] DLA-2314-1 clamav - security update
+ {CVE-2020-3327 CVE-2020-3350 CVE-2020-3481}
+ [stretch] - clamav 0.102.4+dfsg-0+deb9u1
+[04 Aug 2020] DLA-2313-1 net-snmp - security update
+ {CVE-2020-15861}
+ [stretch] - net-snmp 5.7.3+dfsg-1.7+deb9u3
+[04 Aug 2020] DLA-2312-1 libx11 - security update
+ {CVE-2020-14344}
+ [stretch] - libx11 2:1.6.4-3+deb9u2
+[03 Aug 2020] DLA-2311-1 zabbix - security update
+ {CVE-2020-15803}
+ [stretch] - zabbix 1:3.0.7+dfsg-3+deb9u1
+[02 Aug 2020] DLA-2310-1 thunderbird - security update
+ {CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659}
+ [stretch] - thunderbird 1:68.11.0-1~deb9u1
+[02 Aug 2020] DLA-2309-1 evolution-data-server - security update
+ {CVE-2020-16117}
+ [stretch] - evolution-data-server 3.22.7-1+deb9u2
+[02 Aug 2020] DLA-2308-1 libopenmpt - security update
+ {CVE-2019-17113}
+ [stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u4
+[02 Aug 2020] DLA-2307-1 ruby-zip - security update
+ {CVE-2018-1000544}
+ [stretch] - ruby-zip 1.2.0-1.1+deb9u1
+[01 Aug 2020] DLA-2306-1 libphp-phpmailer - security update
+ {CVE-2020-13625}
+ [stretch] - libphp-phpmailer 5.2.14+dfsg-2.3+deb9u2
+[01 Aug 2020] DLA-2305-1 transmission - security update
+ {CVE-2018-10756}
+ [stretch] - transmission 2.92-2+deb9u2
+[01 Aug 2020] DLA-2304-1 libpam-radius-auth - security update
+ {CVE-2015-9542}
+ [stretch] - libpam-radius-auth 1.3.16-5+deb9u1
+[31 Jul 2020] DLA-2303-1 libssh - security update
+ {CVE-2020-16135}
+ [stretch] - libssh 0.7.3-2+deb9u3
+[31 Jul 2020] DLA-2302-1 libjpeg-turbo - security update
+ {CVE-2018-1152 CVE-2018-14498 CVE-2020-13790 CVE-2020-14152}
+ [stretch] - libjpeg-turbo 1:1.5.1-2+deb9u1
+[30 Jul 2020] DLA-2301-1 json-c - security update
+ {CVE-2020-12762}
+ [stretch] - json-c 0.12.1-1.1+deb9u1
+[30 Jul 2020] DLA-2300-1 kdepim-runtime - security update
+ {CVE-2020-15954}
+ [stretch] - kdepim-runtime 4:16.04.2-2+deb9u1
+[30 Jul 2020] DLA-2299-1 net-snmp - security update
+ {CVE-2020-15862}
+ [stretch] - net-snmp 5.7.3+dfsg-1.7+deb9u2
+[29 Jul 2020] DLA-2298-1 libapache2-mod-auth-openidc - security update
+ {CVE-2019-14857 CVE-2019-20479 CVE-2019-1010247}
+ [stretch] - libapache2-mod-auth-openidc 2.1.6-1+deb9u1
+[29 Jul 2020] DLA-2297-1 firefox-esr - security update
+ {CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659}
+ [stretch] - firefox-esr 68.11.0esr-1~deb9u1
+[28 Jul 2020] DLA-2296-1 luajit - security update
+ {CVE-2020-15890}
+ [stretch] - luajit 2.0.4+dfsg-1+deb9u1
+[28 Jul 2020] DLA-2295-1 curl - security update
+ {CVE-2020-8177}
+ [stretch] - curl 7.52.1-5+deb9u11
+[28 Jul 2020] DLA-2294-1 salt - security update
+ {CVE-2018-15750 CVE-2018-15751}
+ [stretch] - salt 2016.11.2+ds-1+deb9u5
+[27 Jul 2020] DLA-2293-1 mercurial - security update
+ {CVE-2017-17458 CVE-2018-13346 CVE-2018-13347 CVE-2018-13348 CVE-2018-1000132 CVE-2019-3902}
+ [stretch] - mercurial 4.0-1+deb9u2
+[27 Jul 2020] DLA-2292-1 milkytracker - security update
+ {CVE-2019-14464 CVE-2019-14496 CVE-2019-14497 CVE-2020-15569}
+ [stretch] - milkytracker 0.90.86+dfsg-2+deb9u1
+[27 Jul 2020] DLA-2291-1 ffmpeg - security update
+ {CVE-2019-13390 CVE-2019-17542 CVE-2020-13904}
+ [stretch] - ffmpeg 7:3.2.15-0+deb9u1
+[26 Jul 2020] DLA-2290-1 e2fsprogs - security update
+ {CVE-2019-5188}
+ [stretch] - e2fsprogs 1.43.4-2+deb9u2
+[26 Jul 2020] DLA-2289-1 mupdf - security update
+ {CVE-2018-16647 CVE-2018-16648 CVE-2018-18662 CVE-2019-6130 CVE-2019-13290}
+ [stretch] - mupdf 1.9a+ds1-4+deb9u5
+[25 Jul 2020] DLA-2288-1 qemu - security update
+ {CVE-2017-9503 CVE-2019-12068 CVE-2019-20382 CVE-2020-1983 CVE-2020-8608 CVE-2020-10756 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13754 CVE-2020-13765 CVE-2020-15863 CVE-2020-11947}
+ [stretch] - qemu 1:2.8+dfsg-6+deb9u10
+[23 Jul 2020] DLA-2287-1 poppler - security update
+ {CVE-2017-18267 CVE-2018-16646 CVE-2018-20481 CVE-2018-21009 CVE-2019-9200 CVE-2019-9631 CVE-2019-10872 CVE-2019-12293}
+ [stretch] - poppler 0.48.0-2+deb9u3
+[22 Jul 2020] DLA-2286-1 tomcat8 - security update
+ {CVE-2020-13934 CVE-2020-13935}
+ [stretch] - tomcat8 8.5.54-0+deb9u3
+[22 Jul 2020] DLA-2285-1 librsvg - security update
+ {CVE-2017-11464 CVE-2019-20446}
+ [stretch] - librsvg 2.40.21-0+deb9u1
+[21 Jul 2020] DLA-2284-1 ksh - security update
+ {CVE-2019-14868}
+ [stretch] - ksh 93u+20120801-3.1+deb9u1
+[20 Jul 2020] DLA-2283-1 nginx - security update
+ {CVE-2020-11724}
+ [stretch] - nginx 1.10.3-1+deb9u5
+[20 Jul 2020] DLA-2282-1 rails - security update
+ {CVE-2020-8163 CVE-2020-8164 CVE-2020-8165}
+ [stretch] - rails 2:4.2.7.1-1+deb9u3
+[16 Jul 2020] DLA-2281-1 evolution-data-server - security update
+ {CVE-2020-14928}
+ [stretch] - evolution-data-server 3.22.7-1+deb9u1
+[15 Jul 2020] DLA-2280-1 python3.5 - security update
+ {CVE-2018-20406 CVE-2018-20852 CVE-2019-5010 CVE-2019-9636 CVE-2019-9740 CVE-2019-9947 CVE-2019-9948 CVE-2019-10160 CVE-2019-16056 CVE-2019-16935 CVE-2019-18348 CVE-2020-8492 CVE-2020-14422}
+ [stretch] - python3.5 3.5.3-1+deb9u2
+[12 Jul 2020] DLA-2279-1 tomcat8 - security update
+ {CVE-2020-9484 CVE-2020-11996}
+ [stretch] - tomcat8 8.5.54-0+deb9u2
+[10 Jul 2020] DLA-2278-1 squid3 - security update
+ {CVE-2018-19132 CVE-2019-12519 CVE-2019-12520 CVE-2019-12521 CVE-2019-12523 CVE-2019-12524 CVE-2019-12525 CVE-2019-12526 CVE-2019-12528 CVE-2019-12529 CVE-2019-13345 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860 CVE-2020-8449 CVE-2020-8450 CVE-2020-11945}
+ [stretch] - squid3 3.5.23-5+deb9u2
+[11 Jul 2020] DLA-2277-1 openjpeg2 - security update
+ {CVE-2019-12973 CVE-2020-6851 CVE-2020-8112 CVE-2020-15389}
+ [stretch] - openjpeg2 2.1.2-1.1+deb9u5
+[10 Jul 2020] DLA-2276-1 mailman - security update
+ {CVE-2020-12108 CVE-2020-15011}
+ [stretch] - mailman 1:2.1.23-1+deb9u6
+[10 Jul 2020] DLA-2275-1 ruby-rack - security update
+ {CVE-2020-8161 CVE-2020-8184}
+ [stretch] - ruby-rack 1.6.4-4+deb9u2
+[09 Jul 2020] DLA-2274-1 fwupd - security update
+ {CVE-2020-10759}
+ [stretch] - fwupd 0.7.4-2+deb9u1
+[08 Jul 2020] DLA-2273-1 shiro - security update
+ {CVE-2020-1957 CVE-2020-11989}
+ [stretch] - shiro 1.3.2-1+deb9u1
+[07 Jul 2020] DLA-2272-1 jessie-lts - end-of-life
+ NOTE: end of security support for jessie-lts
+[01 Jul 2020] DLA-2271-1 coturn - security update
+ {CVE-2020-4067}
+ [jessie] - coturn 4.2.1.2-1+deb8u2
+[01 Jul 2020] DLA-2270-1 jackson-databind - security update
+ {CVE-2020-14060 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195}
+ [jessie] - jackson-databind 2.4.2-2+deb8u15
+[01 Jul 2020] DLA-2269-1 wordpress - security update
+ {CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050}
+ [jessie] - wordpress 4.1.31+dfsg-0+deb8u1
+[30 Jun 2020] DLA-2268-2 mutt - regression update
+ {CVE-2020-14093 CVE-2020-14954}
+ [jessie] - mutt 1.5.23-3+deb8u3
+[30 Jun 2020] DLA-2268-1 mutt - security update
+ {CVE-2020-14093 CVE-2020-14954}
+ [jessie] - mutt 1.5.23-3+deb8u2
+[30 Jun 2020] DLA-2267-1 libmatio - security update
+ {CVE-2019-17533}
+ [jessie] - libmatio 1.5.2-3+deb8u1
+[30 Jun 2020] DLA-2266-1 nss - security update
+ {CVE-2020-12399 CVE-2020-12402}
+ [jessie] - nss 2:3.26-1+debu8u11
+[30 Jun 2020] DLA-2265-1 mailman - security update
+ {CVE-2020-15011}
+ [jessie] - mailman 1:2.1.18-2+deb8u7
+[30 Jun 2020] DLA-2264-1 libvncserver - security update
+ {CVE-2019-20839 CVE-2020-14397 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-14405}
+ [jessie] - libvncserver 0.9.9+dfsg2-6.1+deb8u8
+[29 Jun 2020] DLA-2263-1 drupal7 - security update
+ {CVE-2020-13663}
+ [jessie] - drupal7 7.32-1+deb8u19
+[29 Jun 2020] DLA-2262-1 qemu - security update
+ {CVE-2020-1983 CVE-2020-13361 CVE-2020-13362 CVE-2020-13765}
+ [jessie] - qemu 1:2.1+dfsg-12+deb8u15
+[28 Jun 2020] DLA-2261-1 php5 - security update
+ {CVE-2019-11048}
+ [jessie] - php5 5.6.40+dfsg-0+deb8u12
+[28 Jun 2020] DLA-2260-1 mcabber - security update
+ {CVE-2016-9928}
+ [jessie] - mcabber 0.10.2-1+deb8u1
+[28 Jun 2020] DLA-2259-1 picocom - security update
+ {CVE-2015-9059}
+ [jessie] - picocom 1.7-1+deb8u1
+[28 Jun 2020] DLA-2258-1 zziplib - security update
+ {CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6541 CVE-2018-6869 CVE-2018-7725 CVE-2018-7726 CVE-2018-16548}
+ [jessie] - zziplib 0.13.62-3+deb8u2
+[28 Jun 2020] DLA-2257-1 pngquant - security update
+ {CVE-2016-5735}
+ [jessie] - pngquant 2.3.0-1+deb8u1
+[28 Jun 2020] DLA-2256-1 libtirpc - security update
+ {CVE-2016-4429}
+ [jessie] - libtirpc 0.2.5-1+deb8u3
+[28 Jun 2020] DLA-2255-1 libtasn1-6 - security update
+ {CVE-2017-10790}
+ [jessie] - libtasn1-6 4.2-3+deb8u4
+[25 Jun 2020] DLA-2254-1 alpine - security update
+ {CVE-2020-14929}
+ [jessie] - alpine 2.11+dfsg1-3+deb8u1
+[21 Jun 2020] DLA-2253-1 lynis - security update
+ {CVE-2019-13033}
+ [jessie] - lynis 1.6.3-1+deb8u1
+[21 Jun 2020] DLA-2252-1 ngircd - security update
+ {CVE-2020-14148}
+ [jessie] - ngircd 22-2+deb8u1
+[19 Jun 2020] DLA-2251-1 rails - security update
+ {CVE-2020-8164 CVE-2020-8165}
+ [jessie] - rails 2:4.1.8-1+deb8u7
+[18 Jun 2020] DLA-2250-1 drupal7 - security update
+ {CVE-2020-13662}
+ [jessie] - drupal7 7.32-1+deb8u18
+[13 Jun 2020] DLA-2249-1 libexif - security update
+ {CVE-2020-0182 CVE-2020-0198}
+ [jessie] - libexif 0.6.21-2+deb8u4
+[13 Jun 2020] DLA-2248-1 intel-microcode - security update
+ {CVE-2020-0543 CVE-2020-0548 CVE-2020-0549}
+ [jessie] - intel-microcode 3.20200609.2~deb8u1
+[12 Jun 2020] DLA-2247-1 thunderbird - security update
+ {CVE-2020-12398 CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410}
+ [jessie] - thunderbird 1:68.9.0-1~deb8u2
+[12 Jun 2020] DLA-2233-2 python-django - regression update
+ [jessie] - python-django 1.7.11-1+deb8u10
+[12 Jun 2020] DLA-2246-1 xawtv - security update
+ {CVE-2020-13696}
+ [jessie] - xawtv 3.103-3+deb8u1
+[11 Jun 2020] DLA-2245-1 mysql-connector-java - security update
+ {CVE-2020-2875 CVE-2020-2933 CVE-2020-2934}
+ [jessie] - mysql-connector-java 5.1.49-0+deb8u1
+[11 Jun 2020] DLA-2244-1 libphp-phpmailer - security update
+ {CVE-2020-13625}
+ [jessie] - libphp-phpmailer 5.2.9+dfsg-2+deb8u6
+[09 Jun 2020] DLA-2243-1 firefox-esr - security update
+ {CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410}
+ [jessie] - firefox-esr 68.9.0esr-1~deb8u2
+[09 Jun 2020] DLA-2242-1 linux-4.9 - security update
+ {CVE-2019-2182 CVE-2019-5108 CVE-2019-19319 CVE-2019-19462 CVE-2019-19768 CVE-2019-20806 CVE-2019-20811 CVE-2020-0543 CVE-2020-2732 CVE-2020-8428 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9383 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-10942 CVE-2020-11494 CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12770 CVE-2020-13143}
+ [jessie] - linux-4.9 4.9.210-1+deb9u1~deb8u1
+[09 Jun 2020] DLA-2241-1 linux - security update
+ {CVE-2015-8839 CVE-2018-14610 CVE-2018-14611 CVE-2018-14612 CVE-2018-14613 CVE-2019-5108 CVE-2019-19319 CVE-2019-19447 CVE-2019-19768 CVE-2019-20636 CVE-2020-0009 CVE-2020-0543 CVE-2020-1749 CVE-2020-2732 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9383 CVE-2020-10690 CVE-2020-10751 CVE-2020-10942 CVE-2020-11494 CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12769 CVE-2020-12770 CVE-2020-12826 CVE-2020-13143}
+ [jessie] - linux 3.16.84-1
+[09 Jun 2020] DLA-2240-1 bluez - security update
+ {CVE-2020-0556}
+ [jessie] - bluez 5.43-2+deb9u2~deb8u1
+[08 Jun 2020] DLA-2239-1 libpam-tacplus - security update
+ {CVE-2020-13881}
+ [jessie] - libpam-tacplus 1.3.8-2+deb8u1
+[08 Jun 2020] DLA-2238-1 libupnp - security update
+ {CVE-2020-13848}
+ [jessie] - libupnp 1:1.6.19+git20141001-1+deb8u2
+[07 Jun 2020] DLA-2237-1 cups - security update
+ {CVE-2019-8842 CVE-2020-3898}
+ [jessie] - cups 1.7.5-11+deb8u8
+[07 Jun 2020] DLA-2236-1 graphicsmagick - security update
+ {CVE-2020-12672}
+ [jessie] - graphicsmagick 1.3.20-3+deb8u11
+[05 Jun 2020] DLA-2235-1 dbus - security update
+ {CVE-2020-12049}
+ [jessie] - dbus 1.8.22-0+deb8u3
+[04 Jun 2020] DLA-2234-1 netqmail - security update
+ {CVE-2005-1513 CVE-2005-1514 CVE-2005-1515 CVE-2020-3811 CVE-2020-3812}
+ [jessie] - netqmail 1.06-6.2~deb8u1
+[04 Jun 2020] DLA-2233-1 python-django - security update
+ {CVE-2020-13254 CVE-2020-13596}
+ [jessie] - python-django 1.7.11-1+deb8u9
[01 Jun 2020] DLA-2232-1 python-httplib2 - security update
{CVE-2020-11078}
[jessie] - python-httplib2 0.9+dfsg-2+deb8u1
@@ -406,7 +2533,7 @@
{CVE-2018-18898}
[jessie] - libemail-address-list-perl 0.05-1+deb8u1
[10 Feb 2020] DLA-2100-1 libexif - security update
- {CVE-2019-9278}
+ {CVE-2019-9278 CVE-2020-0181}
[jessie] - libexif 0.6.21-2+deb8u1
[10 Feb 2020] DLA-2099-1 checkstyle - security update
{CVE-2019-10782}
@@ -839,6 +2966,7 @@
{CVE-2019-14464 CVE-2019-14496 CVE-2019-14497}
[jessie] - milkytracker 0.90.85+dfsg-2.2+deb8u1
[16 Oct 2019] DLA-1714-2 libsdl2 - regression update
+ {CVE-2017-2888}
[jessie] - libsdl2 2.0.2+dfsg1-6+deb8u2
[16 Oct 2019] DLA-1960-1 wordpress - security update
{CVE-2019-16217 CVE-2019-16218 CVE-2019-16219 CVE-2019-16220 CVE-2019-16221 CVE-2019-16222 CVE-2019-16223}
@@ -1285,7 +3413,7 @@
{CVE-2019-9858}
[jessie] - php-horde-form 2.0.8-2+deb8u1
[16 Jun 2019] DLA-1821-1 phpmyadmin - security update
- {CVE-2016-6606 CVE-2016-6607 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613 CVE-2016-6624 CVE-2016-6626 CVE-2016-6627 CVE-2016-6628 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632 CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864 CVE-2019-12616}
+ {CVE-2016-6607 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613 CVE-2016-6624 CVE-2016-6626 CVE-2016-6627 CVE-2016-6628 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632 CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864 CVE-2019-12616}
[jessie] - phpmyadmin 4:4.2.12-2+deb8u6
[16 Jun 2019] DLA-1820-1 thunderbird - security update
{CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706}
@@ -1632,7 +3760,7 @@
{CVE-2019-0804}
[jessie] - waagent 2.2.18-3~deb8u2
[11 Mar 2019] DLA-1708-1 zabbix - security update
- {CVE-2016-10742 CVE-2017-2826}
+ {CVE-2016-10742}
[jessie] - zabbix 1:2.2.23+dfsg-0+deb8u1
[09 Mar 2019] DLA-1707-1 symfony - security update
{CVE-2017-16652 CVE-2017-16654 CVE-2018-11385 CVE-2018-11408 CVE-2018-14773 CVE-2018-19789 CVE-2018-19790}
@@ -1720,7 +3848,7 @@
{CVE-2018-17000 CVE-2018-19210 CVE-2019-7663}
[jessie] - tiff 4.0.3-12.3+deb8u8
[16 Feb 2019] DLA-1679-1 php5 - security update
- {CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024}
+ {CVE-2019-6977 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024}
[jessie] - php5 5.6.40+dfsg-0+deb8u1
[16 Feb 2019] DLA-1678-1 thunderbird - security update
{CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18509 CVE-2018-18512 CVE-2018-18513 CVE-2019-5785}
@@ -1902,7 +4030,7 @@
{CVE-2017-8361 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2018-13139 CVE-2018-19432 CVE-2018-19661 CVE-2018-19662}
[jessie] - libsndfile 1.0.25-9.1+deb8u2
[25 Dec 2018] DLA-1617-1 libvncserver - security update
- {CVE-2018-6307 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024}
+ {CVE-2018-6307 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-21247}
[jessie] - libvncserver 0.9.9+dfsg2-6.1+deb8u4
[24 Dec 2018] DLA-1616-1 libextractor - security update
{CVE-2018-20430 CVE-2018-20431}
@@ -1914,7 +4042,7 @@
{CVE-2018-6616 CVE-2018-14423}
[jessie] - openjpeg2 2.1.0-2+deb8u6
[22 Dec 2018] DLA-1613-1 sqlite3 - security update
- {CVE-2018-20346}
+ {CVE-2018-20346 CVE-2018-20506}
[jessie] - sqlite3 3.8.7.1-1+deb8u3
[21 Dec 2018] DLA-1612-1 libarchive - security update
{CVE-2018-1000877 CVE-2018-1000878}
@@ -1946,7 +4074,6 @@
{CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498}
[jessie] - firefox-esr 60.4.0esr-1~deb8u1
[10 Dec 2018] DLA-1604-1 lxml - security update
- {CVE-2018-19787}
[jessie] - lxml 3.4.0-1+deb8u1
[04 Dec 2018] DLA-1603-1 suricata - security update
{CVE-2017-7177 CVE-2017-15377 CVE-2018-6794}
@@ -3519,7 +5646,7 @@
{CVE-2017-14062}
[wheezy] - libidn 1.25-2+deb7u3
[31 Aug 2017] DLA-1083-1 openexr - security update
- {CVE-2017-9110 CVE-2017-9112 CVE-2017-9116}
+ {CVE-2017-9110 CVE-2017-9112 CVE-2017-9114 CVE-2017-9116}
[wheezy] - openexr 1.6.1-6+deb7u1
[31 Aug 2017] DLA-1082-1 graphicsmagick - security update
{CVE-2017-12935 CVE-2017-12936 CVE-2017-12937 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065 CVE-2017-13776 CVE-2017-13777}
diff --git a/data/DSA/list b/data/DSA/list
index 5ce6130b36..ebcb7e7c4e 100644
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,1277 @@
+[19 Feb 2022] DSA-5084-1 wpewebkit - security update
+ {CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22620}
+ [bullseye] - wpewebkit 2.34.6-1~deb11u1
+[19 Feb 2022] DSA-5083-1 webkit2gtk - security update
+ {CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22620}
+ [buster] - webkit2gtk 2.34.6-1~deb10u1
+ [bullseye] - webkit2gtk 2.34.6-1~deb11u1
+[18 Feb 2022] DSA-5082-1 php7.4 - security update
+ {CVE-2021-21707 CVE-2021-21708}
+ [bullseye] - php7.4 7.4.28-1+deb11u1
+[18 Feb 2022] DSA-5081-1 redis - security update
+ {CVE-2022-0543}
+ [buster] - redis 5:5.0.14-1+deb10u2
+ [bullseye] - redis 5:6.0.16-1+deb11u2
+[18 Feb 2022] DSA-5080-1 snapd - security update
+ {CVE-2021-44730 CVE-2021-44731}
+ [buster] - snapd 2.37.4-1+deb10u1
+ [bullseye] - snapd 2.49-1+deb11u1
+[17 Feb 2022] DSA-5079-1 chromium - security update
+ {CVE-2022-0603 CVE-2022-0604 CVE-2022-0605 CVE-2022-0606 CVE-2022-0607 CVE-2022-0608 CVE-2022-0609 CVE-2022-0610}
+ [bullseye] - chromium 98.0.4758.102-1~deb11u1
+[16 Feb 2022] DSA-5078-1 zsh - security update
+ {CVE-2021-45444}
+ [buster] - zsh 5.7.1-1+deb10u1
+ [bullseye] - zsh 5.8-6+deb11u1
+[15 Feb 2022] DSA-5077-1 librecad - security update
+ {CVE-2021-21898 CVE-2021-21899 CVE-2021-21900 CVE-2021-45341 CVE-2021-45342 CVE-2021-45343}
+ [buster] - librecad 2.1.3-1.2+deb10u1
+ [bullseye] - librecad 2.1.3-1.3+deb11u1
+[15 Feb 2022] DSA-5076-1 h2database - security update
+ {CVE-2021-42392 CVE-2022-23221}
+ [buster] - h2database 1.4.197-4+deb10u1
+ [bullseye] - h2database 1.4.197-4+deb11u1
+[13 Feb 2022] DSA-5075-1 minetest - security update
+ {CVE-2022-24300 CVE-2022-24301}
+ [buster] - minetest 0.4.17.1+repack-1+deb10u1
+ [bullseye] - minetest 5.3.0+repack-2.1+deb11u1
+[13 Feb 2022] DSA-5074-1 thunderbird - security update
+ {CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764}
+ [buster] - thunderbird 1:91.6.0-1~deb10u1
+ [bullseye] - thunderbird 1:91.6.0-1~deb11u1
+[12 Feb 2022] DSA-5073-1 expat - security update
+ {CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990}
+ [buster] - expat 2.2.6-2+deb10u2
+ [bullseye] - expat 2.2.10-2+deb11u1
+[11 Feb 2022] DSA-5072-1 debian-edu-config - security update
+ {CVE-2021-20001}
+ [buster] - debian-edu-config 2.10.65+deb10u8
+ [bullseye] - debian-edu-config 2.11.56+deb11u3
+[11 Feb 2022] DSA-5071-1 samba - security update
+ {CVE-2021-44142}
+ [buster] - samba 2:4.9.5+dfsg-5+deb10u3
+ [bullseye] - samba 2:4.13.13+dfsg-1~deb11u3
+[10 Feb 2022] DSA-5070-1 cryptsetup - security update
+ {CVE-2021-4122}
+ [bullseye] - cryptsetup 2:2.3.7-1+deb11u1
+[09 Feb 2022] DSA-5069-1 firefox-esr - security update
+ {CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764}
+ [buster] - firefox-esr 91.6.0esr-1~deb10u1
+ [bullseye] - firefox-esr 91.6.0esr-1~deb11u1
+[07 Feb 2022] DSA-5068-1 chromium - security update
+ {CVE-2022-0452 CVE-2022-0453 CVE-2022-0454 CVE-2022-0455 CVE-2022-0456 CVE-2022-0457 CVE-2022-0458 CVE-2022-0459 CVE-2022-0460 CVE-2022-0461 CVE-2022-0462 CVE-2022-0463 CVE-2022-0464 CVE-2022-0465 CVE-2022-0466 CVE-2022-0467 CVE-2022-0468 CVE-2022-0469 CVE-2022-0470}
+ [bullseye] - chromium 98.0.4758.80-1~deb11u1
+[03 Feb 2022] DSA-5067-1 ruby2.7 - security update
+ {CVE-2021-41816 CVE-2021-41817 CVE-2021-41819}
+ [bullseye] - ruby2.7 2.7.4-1+deb11u1
+[03 Feb 2022] DSA-5066-1 ruby2.5 - security update
+ {CVE-2021-28965 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-41817 CVE-2021-41819}
+ [buster] - ruby2.5 2.5.5-3+deb10u4
+[31 Jan 2022] DSA-5065-1 ipython - security update
+ {CVE-2022-21699}
+ [buster] - ipython 5.8.0-1+deb10u1
+ [bullseye] - ipython 7.20.0-1+deb11u1
+[29 Jan 2022] DSA-5064-1 python-nbxmpp - security update
+ {CVE-2021-41055}
+ [bullseye] - python-nbxmpp 2.0.2-1+deb11u1
+[29 Jan 2022] DSA-5047-2 prosody - regression update
+ [buster] - prosody 0.11.2-1+deb10u4
+ [bullseye] - prosody 0.11.9-2+deb11u2
+[26 Jan 2022] DSA-5063-1 uriparser - security update
+ {CVE-2021-46141 CVE-2021-46142}
+ [buster] - uriparser 0.9.1-1+deb10u1
+ [bullseye] - uriparser 0.9.4+dfsg-1+deb11u1
+[25 Jan 2022] DSA-5062-1 nss - security update
+ {CVE-2022-22747}
+ [buster] - nss 2:3.42.1-1+deb10u5
+ [bullseye] - nss 2:3.61-1+deb11u2
+[25 Jan 2022] DSA-5061-1 wpewebkit - security update
+ {CVE-2022-22594 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984}
+ [bullseye] - wpewebkit 2.34.4-1~deb11u1
+[25 Jan 2022] DSA-5060-1 webkit2gtk - security update
+ {CVE-2022-22594 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984}
+ [buster] - webkit2gtk 2.34.4-1~deb10u1
+ [bullseye] - webkit2gtk 2.34.4-1~deb11u1
+[25 Jan 2022] DSA-5059-1 policykit-1 - security update
+ {CVE-2021-4034}
+ [buster] - policykit-1 0.105-25+deb10u1
+ [bullseye] - policykit-1 0.105-31+deb11u1
+[25 Jan 2022] DSA-5058-1 openjdk-17 - security update
+ {CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366}
+ [bullseye] - openjdk-17 17.0.2+8-1~deb11u1
+[24 Jan 2022] DSA-5057-1 openjdk-11 - security update
+ {CVE-2022-21248 CVE-2022-21277 CVE-2022-21282 CVE-2022-21283 CVE-2022-21291 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 CVE-2022-21366}
+ [buster] - openjdk-11 11.0.14+9-1~deb10u1
+ [bullseye] - openjdk-11 11.0.14+9-1~deb11u1
+[24 Jan 2022] DSA-5056-1 strongswan - security update
+ {CVE-2021-45079}
+ [buster] - strongswan 5.7.2-1+deb10u2
+ [bullseye] - strongswan 5.9.1-1+deb11u2
+[24 Jan 2022] DSA-5055-1 util-linux - security update
+ {CVE-2021-3995 CVE-2021-3996}
+ [bullseye] - util-linux 2.36.1-8+deb11u1
+[23 Jan 2022] DSA-5054-1 chromium - security update
+ {CVE-2022-0289 CVE-2022-0290 CVE-2022-0291 CVE-2022-0292 CVE-2022-0293 CVE-2022-0294 CVE-2022-0295 CVE-2022-0296 CVE-2022-0297 CVE-2022-0298 CVE-2022-0300 CVE-2022-0301 CVE-2022-0302 CVE-2022-0303 CVE-2022-0304 CVE-2022-0305 CVE-2022-0306 CVE-2022-0307 CVE-2022-0308 CVE-2022-0309 CVE-2022-0310 CVE-2022-0311}
+ [bullseye] - chromium 97.0.4692.99-1~deb11u2
+[21 Jan 2022] DSA-5053-1 pillow - security update
+ {CVE-2022-22815 CVE-2022-22816 CVE-2022-22817}
+ [buster] - pillow 5.4.1-2+deb10u3
+ [bullseye] - pillow 8.1.2+dfsg-0.3+deb11u1
+[21 Jan 2022] DSA-5052-1 usbview - security update
+ {CVE-2022-23220}
+ [buster] - usbview 2.0-21-g6fe2f4f-2+deb10u1
+ [bullseye] - usbview 2.0-21-g6fe2f4f-2+deb11u1
+[20 Jan 2022] DSA-5051-1 aide - security update
+ {CVE-2021-45417}
+ [buster] - aide 0.16.1-1+deb10u1
+ [bullseye] - aide 0.17.3-4+deb11u1
+[20 Jan 2022] DSA-5050-1 linux - security update
+ {CVE-2021-4155 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-45095 CVE-2021-45469 CVE-2021-45480 CVE-2022-0185 CVE-2022-23222}
+ [bullseye] - linux 5.10.92-1
+[20 Jan 2022] DSA-5049-1 flatpak - security update
+ {CVE-2021-43860 CVE-2022-21682}
+ [bullseye] - flatpak 1.10.7-0+deb11u1
+[15 Jan 2022] DSA-5048-1 libreswan - security update
+ {CVE-2022-23094}
+ [bullseye] - libreswan 4.3-1+deb11u1
+[15 Jan 2022] DSA-5047-1 prosody - security update
+ {CVE-2022-0217}
+ [buster] - prosody 0.11.2-1+deb10u3
+ [bullseye] - prosody 0.11.9-2+deb11u1
+[14 Jan 2022] DSA-5046-1 chromium - security update
+ {CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2021-37956 CVE-2021-37957 CVE-2021-37958 CVE-2021-37959 CVE-2021-37961 CVE-2021-37962 CVE-2021-37963 CVE-2021-37964 CVE-2021-37965 CVE-2021-37966 CVE-2021-37967 CVE-2021-37968 CVE-2021-37969 CVE-2021-37970 CVE-2021-37971 CVE-2021-37972 CVE-2021-37973 CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 CVE-2021-37977 CVE-2021-37978 CVE-2021-37979 CVE-2021-37980 CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989 CVE-2021-37990 CVE-2021-37991 CVE-2021-37992 CVE-2021-37993 CVE-2021-37994 CVE-2021-37995 CVE-2021-37996 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38000 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38018 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120}
+ [bullseye] - chromium 97.0.4692.71-0.1~deb11u1
+[14 Jan 2022] DSA-5045-1 thunderbird - security update
+ {CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751}
+ [buster] - thunderbird 1:91.5.0-2~deb10u1
+ [bullseye] - thunderbird 1:91.5.0-2~deb11u1
+[13 Jan 2022] DSA-5044-1 firefox-esr - security update
+ {CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22745 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751}
+ [buster] - firefox-esr 91.5.0esr-1~deb10u1
+ [bullseye] - firefox-esr 91.5.0esr-1~deb11u1
+[12 Jan 2022] DSA-5043-1 lxml - security update
+ {CVE-2021-43818}
+ [buster] - lxml 4.3.2-1+deb10u4
+ [bullseye] - lxml 4.6.3+dfsg-0.1+deb11u1
+[12 Jan 2022] DSA-5042-1 epiphany-browser - security update
+ {CVE-2021-45085 CVE-2021-45086 CVE-2021-45087 CVE-2021-45088}
+ [bullseye] - epiphany-browser 3.38.2-1+deb11u1
+[11 Jan 2022] DSA-5041-1 cfrpki - security update
+ {CVE-2021-3761 CVE-2021-3907 CVE-2021-3908 CVE-2021-3909 CVE-2021-3910 CVE-2021-3911 CVE-2021-3912 CVE-2021-43173 CVE-2021-43174}
+ [bullseye] - cfrpki 1.4.2-1~deb11u1
+[11 Jan 2022] DSA-5040-1 lighttpd - security update
+ {CVE-2022-22707}
+ [buster] - lighttpd 1.4.53-4+deb10u2
+ [bullseye] - lighttpd 1.4.59-1+deb11u1
+[11 Jan 2022] DSA-5039-1 wordpress - security update
+ {CVE-2022-21661 CVE-2022-21662 CVE-2022-21663 CVE-2022-21664}
+ [buster] - wordpress 5.0.15+dfsg1-0+deb10u1
+ [bullseye] - wordpress 5.7.5+dfsg1-0+deb11u1
+[08 Jan 2022] DSA-5038-1 ghostscript - security update
+ {CVE-2021-45944 CVE-2021-45949}
+ [buster] - ghostscript 9.27~dfsg-2+deb10u5
+ [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u2
+[08 Jan 2022] DSA-5037-1 roundcube - security update
+ {CVE-2021-46144}
+ [buster] - roundcube 1.3.17+dfsg.1-1~deb10u2
+ [bullseye] - roundcube 1.4.13+dfsg.1-1~deb11u1
+[06 Jan 2022] DSA-5036-1 sphinxsearch - security update
+ {CVE-2020-29050}
+ [buster] - sphinxsearch 2.2.11-2+deb10u1
+[04 Jan 2022] DSA-5035-1 apache2 - security update
+ {CVE-2021-44224 CVE-2021-44790}
+ [buster] - apache2 2.4.38-3+deb10u7
+ [bullseye] - apache2 2.4.52-1~deb11u2
+[02 Jan 2022] DSA-5034-1 thunderbird - security update
+ {CVE-2021-4126 CVE-2021-38496 CVE-2021-38500 CVE-2021-38502 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509 CVE-2021-43528 CVE-2021-43529 CVE-2021-43534 CVE-2021-43535 CVE-2021-43536 CVE-2021-43537 CVE-2021-43538 CVE-2021-43539 CVE-2021-43541 CVE-2021-43542 CVE-2021-43543 CVE-2021-43545 CVE-2021-43546 CVE-2021-44538}
+ [buster] - thunderbird 1:91.4.1-1~deb10u1
+ [bullseye] - thunderbird 1:91.4.1-1~deb11u1
+[30 Dec 2021] DSA-5033-1 fort-validator - security update
+ {CVE-2021-3907 CVE-2021-3909 CVE-2021-43173 CVE-2021-43114}
+ [bullseye] - fort-validator 1.5.3-1~deb11u1
+[28 Dec 2021] DSA-5032-1 djvulibre - security update
+ {CVE-2019-15142 CVE-2019-15143 CVE-2019-15144 CVE-2019-15145 CVE-2019-18804 CVE-2021-3500 CVE-2021-3630 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493}
+ [buster] - djvulibre 3.5.27.1-10+deb10u1
+[23 Dec 2021] DSA-5031-1 wpewebkit - security update
+ {CVE-2021-30887 CVE-2021-30890}
+ [bullseye] - wpewebkit 2.34.3-1~deb11u1
+[23 Dec 2021] DSA-5030-1 webkit2gtk - security update
+ {CVE-2021-30887 CVE-2021-30890}
+ [buster] - webkit2gtk 2.34.3-1~deb10u1
+ [bullseye] - webkit2gtk 2.34.3-1~deb11u1
+[22 Dec 2021] DSA-5000-2 openjdk-11 - security update
+ {CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603}
+ [buster] - openjdk-11 11.0.13+8-1~deb10u1
+[22 Dec 2021] DSA-5029-1 sogo - security update
+ {CVE-2021-33054}
+ [buster] - sogo 4.0.7-1+deb10u2
+ [bullseye] - sogo 5.0.1-4+deb11u1
+[22 Dec 2021] DSA-5028-1 spip - security update
+ {CVE-2021-44118 CVE-2021-44120 CVE-2021-44122 CVE-2021-44123}
+ [buster] - spip 3.2.4-1+deb10u5
+ [bullseye] - spip 3.2.11-3+deb11u1
+[21 Dec 2021] DSA-5027-1 xorg-server - security update
+ {CVE-2021-4008 CVE-2021-4009 CVE-2021-4010 CVE-2021-4011}
+ [buster] - xorg-server 2:1.20.4-1+deb10u4
+ [bullseye] - xorg-server 2:1.20.11-1+deb11u1
+[19 Dec 2021] DSA-5026-1 firefox-esr - security update
+ {CVE-2021-43546 CVE-2021-43545 CVE-2021-43543 CVE-2021-43542 CVE-2021-43541 CVE-2021-43539 CVE-2021-43538 CVE-2021-43537 CVE-2021-43536 CVE-2021-43535 CVE-2021-43534 CVE-2021-38509 CVE-2021-38508 CVE-2021-38507 CVE-2021-38506 CVE-2021-38504 CVE-2021-38503}
+ [bullseye] - firefox-esr 91.4.1esr-1~deb11u1
+[19 Dec 2021] DSA-5025-1 tang - security update
+ {CVE-2021-4076}
+ [bullseye] - tang 8-3+deb11u1
+[18 Dec 2021] DSA-5024-1 apache-log4j2 - security update
+ {CVE-2021-45105}
+ [buster] - apache-log4j2 2.17.0-1~deb10u1
+ [bullseye] - apache-log4j2 2.17.0-1~deb11u1
+[18 Dec 2021] DSA-5023-1 modsecurity-apache - security update
+ {CVE-2021-42717}
+ [buster] - modsecurity-apache 2.9.3-1+deb10u1
+ [bullseye] - modsecurity-apache 2.9.3-3+deb11u1
+[16 Dec 2021] DSA-5022-1 apache-log4j2 - security update
+ {CVE-2021-45046}
+ [buster] - apache-log4j2 2.16.0-1~deb10u1
+ [bullseye] - apache-log4j2 2.16.0-1~deb11u1
+[15 Dec 2021] DSA-5021-1 mediawiki - security update
+ {CVE-2021-44857 CVE-2021-44858 CVE-2021-45038}
+ [bullseye] - mediawiki 1:1.35.4-1+deb11u2
+[11 Dec 2021] DSA-5020-1 apache-log4j2 - security update
+ {CVE-2021-44228}
+ [buster] - apache-log4j2 2.15.0-1~deb10u1
+ [bullseye] - apache-log4j2 2.15.0-1~deb11u1
+[10 Dec 2021] DSA-5019-1 wireshark - security update
+ {CVE-2021-22207 CVE-2021-22222 CVE-2021-22235 CVE-2021-39920 CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 CVE-2021-39926 CVE-2021-39928 CVE-2021-39929}
+ [bullseye] - wireshark 3.4.10-0+deb11u1
+[09 Dec 2021] DSA-5018-1 python-babel - security update
+ {CVE-2021-42771}
+ [buster] - python-babel 2.6.0+dfsg.1-1+deb10u1
+[05 Dec 2021] DSA-5017-1 xen - security update
+ {CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709}
+ [bullseye] - xen 4.14.3+32-g9de3671772-1~deb11u1
+[01 Dec 2021] DSA-5016-1 nss - security update
+ {CVE-2021-43527}
+ [buster] - nss 2:3.42.1-1+deb10u4
+ [bullseye] - nss 2:3.61-1+deb11u1
+[30 Nov 2021] DSA-5015-1 samba - security update
+ {CVE-2020-25717}
+ [buster] - samba 2:4.9.5+dfsg-5+deb10u2
+[28 Nov 2021] DSA-5014-1 icu - security update
+ {CVE-2020-21913}
+ [buster] - icu 63.1-6+deb10u2
+[27 Nov 2021] DSA-5013-1 roundcube - security update
+ {CVE-2021-44025 CVE-2021-44026}
+ [buster] - roundcube 1.3.17+dfsg.1-1~deb10u1
+ [bullseye] - roundcube 1.4.12+dfsg.1-1~deb11u1
+[23 Nov 2021] DSA-5012-1 openjdk-17 - security update
+ {CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603}
+ [bullseye] - openjdk-17 17.0.1+12-1+deb11u2
+[19 Nov 2021] DSA-5011-1 salt - security update
+ {CVE-2021-21996}
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u3
+ [bullseye] - salt 3002.6+dfsg1-4+deb11u1
+[15 Nov 2021] DSA-5010-1 libxml-security-java - security update
+ {CVE-2021-40690}
+ [buster] - libxml-security-java 2.0.10-2+deb10u1
+ [bullseye] - libxml-security-java 2.0.10-2+deb11u1
+[12 Nov 2021] DSA-5009-1 tomcat9 - security update
+ {CVE-2021-42340}
+ [bullseye] - tomcat9 9.0.43-2~deb11u3
+[11 Nov 2021] DSA-5008-1 node-tar - security update
+ {CVE-2021-37701 CVE-2021-37712}
+ [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u2
+[11 Nov 2021] DSA-5007-1 postgresql-13 - security update
+ {CVE-2021-23214 CVE-2021-23222}
+ [bullseye] - postgresql-13 13.5-0+deb11u1
+[11 Nov 2021] DSA-5006-1 postgresql-11 - security update
+ {CVE-2021-23214 CVE-2021-23222}
+ [buster] - postgresql-11 11.14-0+deb10u1
+[10 Nov 2021] DSA-5005-1 ruby-kaminari - security update
+ {CVE-2020-11082}
+ [buster] - ruby-kaminari 1.0.1-4+deb10u1
+[10 Nov 2021] DSA-5004-1 libxstream-java - security update
+ {CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154}
+ [buster] - libxstream-java 1.4.11.1-1+deb10u3
+ [bullseye] - libxstream-java 1.4.15-3+deb11u1
+[09 Nov 2021] DSA-5003-1 samba - security update
+ {CVE-2016-2124 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2021-3738 CVE-2021-23192}
+ [bullseye] - samba 2:4.13.13+dfsg-1~deb11u2
+[06 Nov 2021] DSA-5002-1 containerd - security update
+ {CVE-2021-41103}
+ [bullseye] - containerd 1.4.5~ds1-2+deb11u1
+[05 Nov 2021] DSA-5001-1 redis - security update
+ {CVE-2021-32626 CVE-2021-32627 CVE-2021-32628 CVE-2021-32672 CVE-2021-32675 CVE-2021-32687 CVE-2021-32762 CVE-2021-41099}
+ [buster] - redis 5:5.0.14-1+deb10u1
+ [bullseye] - redis 5:6.0.16-1+deb11u1
+[01 Nov 2021] DSA-5000-1 openjdk-11 - security update
+ {CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603}
+ [bullseye] - openjdk-11 11.0.13+8-1~deb11u1
+[01 Nov 2021] DSA-4999-1 asterisk - security update
+ {CVE-2021-32558 CVE-2021-32686}
+ [bullseye] - asterisk 1:16.16.1~dfsg-1+deb11u1
+[31 Oct 2021] DSA-4998-1 ffmpeg - security update
+ {CVE-2020-20446 CVE-2020-20450 CVE-2020-20453 CVE-2020-22037 CVE-2020-22042 CVE-2021-38114 CVE-2021-38171 CVE-2021-38291 CVE-2020-21697 CVE-2020-21688 CVE-2020-20445}
+ [bullseye] - ffmpeg 7:4.3.3-0+deb11u1
+[31 Oct 2021] DSA-4997-1 tiff - security update
+ {CVE-2020-19143}
+ [buster] - tiff 4.1.0+git191117-2~deb10u3
+[29 Oct 2021] DSA-4996-1 wpewebkit - security update
+ {CVE-2021-30818 CVE-2021-30823 CVE-2021-30846 CVE-2021-30851 CVE-2021-30884 CVE-2021-30888 CVE-2021-30889 CVE-2021-42762 CVE-2021-45481 CVE-2021-45483}
+ [bullseye] - wpewebkit 2.34.1-1~deb11u1
+[29 Oct 2021] DSA-4995-1 webkit2gtk - security update
+ {CVE-2021-30818 CVE-2021-30823 CVE-2021-30846 CVE-2021-30851 CVE-2021-30884 CVE-2021-30888 CVE-2021-30889 CVE-2021-42762 CVE-2021-45481 CVE-2021-45483}
+ [buster] - webkit2gtk 2.34.1-1~deb10u1
+ [bullseye] - webkit2gtk 2.34.1-1~deb11u1
+[28 Oct 2021] DSA-4994-1 bind9 - security update
+ {CVE-2021-25219}
+ [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u6
+ [bullseye] - bind9 1:9.16.22-1~deb11u1
+[25 Oct 2021] DSA-4993-1 php7.3 - security update
+ {CVE-2021-21703}
+ [buster] - php7.3 7.3.31-1~deb10u1
+[25 Oct 2021] DSA-4992-1 php7.4 - security update
+ {CVE-2021-21703}
+ [bullseye] - php7.4 7.4.25-1+deb11u1
+[22 Oct 2021] DSA-4991-1 mailman - security update
+ {CVE-2020-12108 CVE-2020-15011 CVE-2021-42096 CVE-2021-42097}
+ [buster] - mailman 1:2.1.29-1+deb10u2
+[19 Oct 2021] DSA-4990-1 ffmpeg - security update
+ {CVE-2020-20445 CVE-2020-20446 CVE-2020-20453 CVE-2020-21041 CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22027 CVE-2020-22028 CVE-2020-22029 CVE-2020-22030 CVE-2020-22031 CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22035 CVE-2020-22036 CVE-2020-22037 CVE-2020-22049 CVE-2020-22054 CVE-2020-35965 CVE-2021-38114 CVE-2021-38171 CVE-2021-38291}
+ [buster] - ffmpeg 7:4.1.8-0+deb10u1
+[18 Oct 2021] DSA-4989-1 strongswan - security update
+ {CVE-2021-41990 CVE-2021-41991}
+ [buster] - strongswan 5.7.2-1+deb10u1
+ [bullseye] - strongswan 5.9.1-1+deb11u1
+[16 Oct 2021] DSA-4988-1 libreoffice - security update
+ {CVE-2021-25633 CVE-2021-25634}
+ [bullseye] - libreoffice 1:7.0.4-4+deb11u1
+[15 Oct 2021] DSA-4987-1 squashfs-tools - security update
+ {CVE-2021-41072}
+ [buster] - squashfs-tools 1:4.3-12+deb10u2
+ [bullseye] - squashfs-tools 1:4.4-2+deb11u2
+[14 Oct 2021] DSA-4986-1 tomcat9 - security update
+ {CVE-2021-41079}
+ [buster] - tomcat9 9.0.31-1~deb10u6
+ [bullseye] - tomcat9 9.0.43-2~deb11u2
+[14 Oct 2021] DSA-4985-1 wordpress - security update
+ {CVE-2021-39201}
+ [buster] - wordpress 5.0.14+dfsg1-0+deb10u1
+ [bullseye] - wordpress 5.7.3+dfsg1-0+deb11u1
+[12 Oct 2021] DSA-4984-1 flatpak - security update
+ {CVE-2021-41133}
+ [bullseye] - flatpak 1.10.5-0+deb11u1
+[10 Oct 2021] DSA-4983-1 neutron - security update
+ {CVE-2021-40085}
+ [buster] - neutron 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1
+ [bullseye] - neutron 2:17.2.1-0+deb11u1
+[08 Oct 2021] DSA-4982-1 apache2 - security update
+ {CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-40438}
+ [buster] - apache2 2.4.38-3+deb10u6
+ [bullseye] - apache2 2.4.51-1~deb11u1
+[06 Oct 2021] DSA-4981-1 firefox-esr - security update
+ {CVE-2021-38496 CVE-2021-38500}
+ [buster] - firefox-esr 78.15.0esr-1~deb10u1
+ [bullseye] - firefox-esr 78.15.0esr-1~deb11u1
+[03 Oct 2021] DSA-4980-1 qemu - security update
+ {CVE-2021-3544 CVE-2021-3545 CVE-2021-3546 CVE-2021-3638 CVE-2021-3682 CVE-2021-3713 CVE-2021-3748}
+ [bullseye] - qemu 1:5.2+dfsg-11+deb11u1
+[01 Oct 2021] DSA-4979-1 mediawiki - security update
+ {CVE-2021-35197 CVE-2021-41798 CVE-2021-41799 CVE-2021-41800 CVE-2021-41801}
+ [buster] - mediawiki 1:1.31.16-1~deb10u1
+ [bullseye] - mediawiki 1:1.35.4-1~deb11u1
+[25 Sep 2021] DSA-4978-1 linux - security update
+ {CVE-2020-3702 CVE-2020-16119 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-37576 CVE-2021-38160 CVE-2021-38166 CVE-2021-38199 CVE-2021-40490 CVE-2021-41073}
+ [bullseye] - linux 5.10.46-5
+[20 Sep 2021] DSA-4977-1 xen - security update
+ {CVE-2021-28694 CVE-2021-28695 CVE-2021-28696 CVE-2021-28697 CVE-2021-28698 CVE-2021-28699 CVE-2021-28700 CVE-2021-28701}
+ [bullseye] - xen 4.14.3-1~deb11u1
+[20 Sep 2021] DSA-4976-1 wpewebkit - security update
+ {CVE-2021-30809 CVE-2021-30836 CVE-2021-30848 CVE-2021-30849 CVE-2021-30858 CVE-2021-45482}
+ [bullseye] - wpewebkit 2.32.4-1~deb11u1
+[20 Sep 2021] DSA-4975-1 webkit2gtk - security update
+ {CVE-2021-30809 CVE-2021-30836 CVE-2021-30848 CVE-2021-30849 CVE-2021-30858 CVE-2021-45482}
+ [buster] - webkit2gtk 2.32.4-1~deb10u1
+ [bullseye] - webkit2gtk 2.32.4-1~deb11u1
+[19 Sep 2021] DSA-4974-1 nextcloud-desktop - security update
+ {CVE-2021-22895 CVE-2021-32728}
+ [buster] - nextcloud-desktop 2.5.1-3+deb10u2
+ [bullseye] - nextcloud-desktop 3.1.1-2+deb11u1
+[10 Sep 2021] DSA-4973-1 thunderbird - security update
+ {CVE-2021-38493}
+ [buster] - thunderbird 1:78.14.0-1~deb10u1
+ [bullseye] - thunderbird 1:78.14.0-1~deb11u1
+[10 Sep 2021] DSA-4972-1 ghostscript - security update
+ {CVE-2021-3781}
+ [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u1
+[09 Sep 2021] DSA-4971-1 ntfs-3g - security update
+ {CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39254 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263}
+ [buster] - ntfs-3g 1:2017.3.23AR.3-3+deb10u1
+ [bullseye] - ntfs-3g 1:2017.3.23AR.3-4+deb11u1
+[09 Sep 2021] DSA-4970-1 postorius - security update
+ {CVE-2021-40347}
+ [buster] - postorius 1.2.4-1+deb10u1
+ [bullseye] - postorius 1.3.4-2+deb11u1
+[09 Sep 2021] DSA-4969-1 firefox-esr - security update
+ {CVE-2021-38493}
+ [buster] - firefox-esr 78.14.0esr-1~deb10u1
+ [bullseye] - firefox-esr 78.14.0esr-1~deb11u1
+[07 Sep 2021] DSA-4968-1 haproxy - security update
+ {CVE-2021-40346}
+ [bullseye] - haproxy 2.2.9-2+deb11u2
+[04 Sep 2021] DSA-4967-1 squashfs-tools - security update
+ {CVE-2021-40153}
+ [buster] - squashfs-tools 1:4.3-12+deb10u1
+ [bullseye] - squashfs-tools 1:4.4-2+deb11u1
+[31 Aug 2021] DSA-4966-1 gpac - security update
+ {CVE-2021-21834 CVE-2021-21836 CVE-2021-21837 CVE-2021-21838 CVE-2021-21839 CVE-2021-21840 CVE-2021-21841 CVE-2021-21842 CVE-2021-21843 CVE-2021-21844 CVE-2021-21845 CVE-2021-21846 CVE-2021-21847 CVE-2021-21848 CVE-2021-21849 CVE-2021-21850 CVE-2021-21853 CVE-2021-21854 CVE-2021-21855 CVE-2021-21857 CVE-2021-21858 CVE-2021-21859 CVE-2021-21860 CVE-2021-21861}
+ [bullseye] - gpac 1.0.1+dfsg1-4+deb11u1
+[31 Aug 2021] DSA-4965-1 libssh - security update
+ {CVE-2021-3634}
+ [bullseye] - libssh 0.9.5-1+deb11u1
+[31 Aug 2021] DSA-4962-2 ledgersmb - regression update
+ [buster] - ledgersmb 1.6.9+ds-1+deb10u3
+ [bullseye] - ledgersmb 1.6.9+ds-2+deb11u3
+[27 Aug 2021] DSA-4964-1 grilo - security update
+ {CVE-2021-39365}
+ [buster] - grilo 0.3.7-1+deb10u1
+ [bullseye] - grilo 0.3.13-1+deb11u1
+[24 Aug 2021] DSA-4963-1 openssl - security update
+ {CVE-2021-3711 CVE-2021-3712}
+ [buster] - openssl 1.1.1d-0+deb10u7
+ [bullseye] - openssl 1.1.1k-1+deb11u1
+[23 Aug 2021] DSA-4962-1 ledgersmb - security update
+ {CVE-2021-3731 CVE-2021-3693 CVE-2021-3694}
+ [buster] - ledgersmb 1.6.9+ds-1+deb10u2
+ [bullseye] - ledgersmb 1.6.9+ds-2+deb11u2
+[23 Aug 2021] DSA-4961-1 tor - security update
+ {CVE-2021-38385}
+ [buster] - tor 0.3.5.16-1
+ [bullseye] - tor 0.4.5.10-1~deb11u1
+[17 Aug 2021] DSA-4960-1 haproxy - security update
+ {CVE-2021-39240 CVE-2021-39241 CVE-2021-39242}
+ [bullseye] - haproxy 2.2.9-2+deb11u1
+[15 Aug 2021] DSA-4959-1 thunderbird - security update
+ {CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989}
+ [bullseye] - thunderbird 1:78.13.0-1~deb11u1
+ [buster] - thunderbird 1:78.13.0-1~deb10u1
+[13 Aug 2021] DSA-4958-1 exiv2 - security update
+ {CVE-2019-20421 CVE-2021-3482 CVE-2021-29457 CVE-2021-29473 CVE-2021-31292}
+ [buster] - exiv2 0.25-4+deb10u2
+[13 Aug 2021] DSA-4957-1 trafficserver - security update
+ {CVE-2021-27577 CVE-2021-32565 CVE-2021-32566 CVE-2021-32567 CVE-2021-35474}
+ [buster] - trafficserver 8.0.2+ds-1+deb10u5
+[11 Aug 2021] DSA-4956-1 firefox-esr - security update
+ {CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989}
+ [bullseye] - firefox-esr 78.13.0esr-1~deb11u1
+ [buster] - firefox-esr 78.13.0esr-1~deb10u1
+[11 Aug 2021] DSA-4955-1 libspf2 - security update
+ {CVE-2021-20314}
+ [buster] - libspf2 1.2.10-7.1~deb10u1
+[10 Aug 2021] DSA-4954-1 c-ares - security update
+ {CVE-2021-3672}
+ [buster] - c-ares 1.14.0-1+deb10u1
+[10 Aug 2021] DSA-4953-1 lynx - security update
+ {CVE-2021-38165}
+ [buster] - lynx 2.8.9rel.1-3+deb10u1
+[09 Aug 2021] DSA-4952-1 tomcat9 - security update
+ {CVE-2021-30640 CVE-2021-33037}
+ [buster] - tomcat9 9.0.31-1~deb10u5
+[07 Aug 2021] DSA-4951-1 bluez - security update
+ {CVE-2020-26558 CVE-2020-27153 CVE-2021-0129}
+ [buster] - bluez 5.50-1.2~deb10u2
+[07 Aug 2021] DSA-4950-1 ansible - security update
+ {CVE-2019-10156 CVE-2019-10206 CVE-2019-14846 CVE-2019-14864 CVE-2019-14904 CVE-2020-1733 CVE-2020-1735 CVE-2020-1739 CVE-2020-1740 CVE-2020-1746 CVE-2020-1753 CVE-2020-10684 CVE-2020-10685 CVE-2020-10729 CVE-2020-14330 CVE-2020-14332 CVE-2020-14365 CVE-2021-20228}
+ [buster] - ansible 2.7.7+dfsg-1+deb10u1
+[05 Aug 2021] DSA-4949-1 jetty9 - security update
+ {CVE-2019-10241 CVE-2019-10247 CVE-2020-27216 CVE-2020-27223 CVE-2021-28165 CVE-2021-28169 CVE-2021-34428}
+ [buster] - jetty9 9.4.16-0+deb10u1
+[01 Aug 2021] DSA-4948-1 aspell - security update
+ {CVE-2019-17544 CVE-2019-25051}
+ [buster] - aspell 0.60.7~20110707-6+deb10u1
+[30 Jul 2021] DSA-4947-1 libsndfile - security update
+ {CVE-2021-3246}
+ [buster] - libsndfile 1.0.28-6+deb10u1
+[29 Jul 2021] DSA-4946-1 openjdk-11 - security update
+ {CVE-2021-2341 CVE-2021-2369 CVE-2021-2388}
+ [buster] - openjdk-11 11.0.12+7-2~deb10u1
+[28 Jul 2021] DSA-4945-1 webkit2gtk - security update
+ {CVE-2021-21775 CVE-2021-21779 CVE-2021-30663 CVE-2021-30665 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799}
+ [buster] - webkit2gtk 2.32.3-1~deb10u1
+[25 Jul 2021] DSA-4944-1 krb5 - security update
+ {CVE-2021-36222}
+ [buster] - krb5 1.17-3+deb10u2
+[23 Jul 2021] DSA-4943-1 lemonldap-ng - security update
+ {CVE-2021-35472}
+ [buster] - lemonldap-ng 2.0.2+ds-7+deb10u6
+[20 Jul 2021] DSA-4942-1 systemd - security update
+ {CVE-2021-33910}
+ [buster] - systemd 241-7~deb10u8
+[20 Jul 2021] DSA-4941-1 linux - security update
+ {CVE-2020-36311 CVE-2021-3609 CVE-2021-33909 CVE-2021-34693}
+ [buster] - linux 4.19.194-3
+[18 Jul 2021] DSA-4940-1 thunderbird - security update
+ {CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547}
+ [buster] - thunderbird 1:78.12.0-1~deb10u1
+[14 Jul 2021] DSA-4939-1 firefox-esr - security update
+ {CVE-2021-29970 CVE-2021-29976 CVE-2021-30547}
+ [buster] - firefox-esr 78.12.0esr-1~deb10u1
+[13 Jul 2021] DSA-4938-1 linuxptp - security update
+ {CVE-2021-3570}
+ [buster] - linuxptp 1.9.2-1+deb10u1
+[08 Jul 2021] DSA-4937-1 apache2 - security update
+ {CVE-2020-35452 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 CVE-2021-31618}
+ [buster] - apache2 2.4.38-3+deb10u5
+[05 Jul 2021] DSA-4936-1 libuv1 - security update
+ {CVE-2021-22918}
+ [buster] - libuv1 1.24.1-1+deb10u1
+[05 Jul 2021] DSA-4935-1 php7.3 - security update
+ {CVE-2021-21704 CVE-2021-21705}
+ [buster] - php7.3 7.3.29-1~deb10u1
+[26 Jun 2021] DSA-4934-1 intel-microcode - security update
+ {CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513}
+ [buster] - intel-microcode 3.20210608.2~deb10u1
+[18 Jun 2021] DSA-4933-1 nettle - security update
+ {CVE-2021-3580 CVE-2021-20305}
+ [buster] - nettle 3.4.1-1+deb10u1
+[18 Jun 2021] DSA-4932-1 tor - security update
+ {CVE-2021-34548 CVE-2021-34549 CVE-2021-34550}
+ [buster] - tor 0.3.5.15-1
+[15 Jun 2021] DSA-4931-1 xen - security update
+ {CVE-2021-0089 CVE-2021-26313 CVE-2021-28690 CVE-2021-28692}
+ [buster] - xen 4.11.4+107-gef32c7afa2-1
+[10 Jun 2021] DSA-4930-1 libwebp - security update
+ {CVE-2018-25009 CVE-2018-25010 CVE-2018-25011 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 }
+ [buster] - libwebp 0.6.1-2+deb10u1
+[09 Jun 2021] DSA-4929-1 rails - security update
+ {CVE-2021-22880 CVE-2021-22885 CVE-2021-22904}
+ [buster] - rails 2:5.2.2.1+dfsg-1+deb10u3
+[09 Jun 2021] DSA-4928-1 htmldoc - security update
+ {CVE-2021-23158 CVE-2021-23165 CVE-2021-23180 CVE-2021-23191 CVE-2021-23206 CVE-2021-26252 CVE-2021-26259 CVE-2021-26948}
+ [buster] - htmldoc 1.9.3-1+deb10u2
+[05 Jun 2021] DSA-4927-1 thunderbird - security update
+ {CVE-2021-29956 CVE-2021-29957 CVE-2021-29967}
+ [buster] - thunderbird 1:78.11.0-1~deb10u1
+[03 Jun 2021] DSA-4926-1 lasso - security update
+ {CVE-2021-28091}
+ [buster] - lasso 2.6.0-2+deb10u1
+[02 Jun 2021] DSA-4925-1 firefox-esr - security update
+ {CVE-2021-29967}
+ [buster] - firefox-esr 78.11.0esr-1~deb10u1
+[01 Jun 2021] DSA-4924-1 squid - security update
+ {CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620}
+ [buster] - squid 4.6-1+deb10u6
+[30 May 2021] DSA-4923-1 webkit2gtk - security update
+ {CVE-2021-1788 CVE-2021-1844 CVE-2021-1871 CVE-2021-30682}
+ [buster] - webkit2gtk 2.32.1-1~deb10u1
+[29 May 2021] DSA-4922-1 hyperkitty - security update
+ {CVE-2021-33038}
+ [buster] - hyperkitty 1.2.2-1+deb10u1
+[28 May 2021] DSA-4921-1 nginx - security update
+ {CVE-2021-23017}
+ [buster] - nginx 1.14.2-2+deb10u4
+[24 May 2021] DSA-4920-1 libx11 - security update
+ {CVE-2021-31535}
+ [buster] - libx11 2:1.6.7-1+deb10u2
+[21 May 2021] DSA-4916-2 prosody - regression update
+ [buster] - prosody 0.11.2-1+deb10u2
+[21 May 2021] DSA-4919-1 lz4 - security update
+ {CVE-2021-3520}
+ [buster] - lz4 1.8.3-1+deb10u1
+[18 May 2021] DSA-4918-1 ruby-rack-cors - security update
+ {CVE-2019-18978}
+ [buster] - ruby-rack-cors 1.0.2-1+deb10u1
+[18 May 2021] DSA-4917-1 chromium - security update
+ {CVE-2021-30506 CVE-2021-30507 CVE-2021-30508 CVE-2021-30509 CVE-2021-30510 CVE-2021-30511 CVE-2021-30512 CVE-2021-30513 CVE-2021-30514 CVE-2021-30515 CVE-2021-30516 CVE-2021-30517 CVE-2021-30518 CVE-2021-30519 CVE-2021-30520}
+ [buster] - chromium 90.0.4430.212-1~deb10u1
+[17 May 2021] DSA-4916-1 prosody - security update
+ {CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921}
+ [buster] - prosody 0.11.2-1+deb10u1
+[13 May 2021] DSA-4915-1 postgresql-11 - security update
+ {CVE-2021-32027 CVE-2021-32028 CVE-2021-32029}
+ [buster] - postgresql-11 11.12-0+deb10u1
+[12 May 2021] DSA-4914-1 graphviz - security update
+ {CVE-2020-18032}
+ [buster] - graphviz 2.40.1-6+deb10u1
+[10 May 2021] DSA-4913-1 hivex - security update
+ {CVE-2021-3504}
+ [buster] - hivex 1.3.18-1+deb10u1
+[04 May 2021] DSA-4912-1 exim4 - security update
+ {CVE-2020-28007 CVE-2020-28008 CVE-2020-28009 CVE-2020-28010 CVE-2020-28011 CVE-2020-28012 CVE-2020-28013 CVE-2020-28014 CVE-2020-28015 CVE-2020-28017 CVE-2020-28019 CVE-2020-28021 CVE-2020-28022 CVE-2020-28023 CVE-2020-28024 CVE-2020-28025 CVE-2020-28026}
+ [buster] - exim4 4.92-8+deb10u6
+[03 May 2021] DSA-4911-1 chromium - security update
+ {CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 CVE-2021-21232 CVE-2021-21233}
+ [buster] - chromium 90.0.4430.93-1~deb10u1
+[02 May 2021] DSA-4910-1 libimage-exiftool-perl - security update
+ {CVE-2021-22204}
+ [buster] - libimage-exiftool-perl 11.16-1+deb10u1
+[01 May 2021] DSA-4909-1 bind9 - security update
+ {CVE-2021-25214 CVE-2021-25215 CVE-2021-25216}
+ [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u5
+[29 Apr 2021] DSA-4908-1 libhibernate3-java - security update
+ {CVE-2020-25638}
+ [buster] - libhibernate3-java 3.6.10.Final-9+deb10u1
+[29 Apr 2021] DSA-4907-1 composer - security update
+ {CVE-2021-29472}
+ [buster] - composer 1.8.4-1+deb10u1
+[27 Apr 2021] DSA-4906-1 chromium - security update
+ {CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21205 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219 CVE-2021-21221 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226}
+ [buster] - chromium 90.0.4430.85-1~deb10u1
+[27 Apr 2021] DSA-4905-1 shibboleth-sp - security update
+ {CVE-2021-31826}
+ [buster] - shibboleth-sp 3.0.4+dfsg1-1+deb10u2
+[24 Apr 2021] DSA-4904-1 gst-plugins-ugly1.0 - security update
+ [buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u1
+[24 Apr 2021] DSA-4903-1 gst-plugins-base1.0 - security update
+ {CVE-2021-3522}
+ [buster] - gst-plugins-base1.0 1.14.4-2+deb10u1
+[24 Apr 2021] DSA-4902-1 gst-plugins-bad1.0 - security update
+ [buster] - gst-plugins-bad1.0 1.14.4-1+deb10u2
+[24 Apr 2021] DSA-4901-1 gst-libav1.0 - security update
+ [buster] - gst-libav1.0 1.15.0.1+git20180723+db823502-2+deb10u1
+[24 Apr 2021] DSA-4900-1 gst-plugins-good1.0 - security update
+ {CVE-2021-3497 CVE-2021-3498}
+ [buster] - gst-plugins-good1.0 1.14.4-1+deb10u1
+[23 Apr 2021] DSA-4899-1 openjdk-11 - security update
+ {CVE-2021-2163}
+ [buster] - openjdk-11 11.0.11+9-1~deb10u1
+[22 Apr 2021] DSA-4898-1 wpa - security update
+ {CVE-2020-12695 CVE-2021-0326 CVE-2021-27803}
+ [buster] - wpa 2:2.7+git20190128+0c1e29f-6+deb10u3
+[22 Apr 2021] DSA-4897-1 thunderbird - security update
+ {CVE-2021-23961 CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 CVE-2021-29949}
+ [buster] - thunderbird 1:78.10.0-1~deb10u1
+[22 Apr 2021] DSA-4896-1 wordpress - security update
+ {CVE-2021-29447 CVE-2021-29450}
+ [buster] - wordpress 5.0.12+dfsg1-0+deb10u1
+[20 Apr 2021] DSA-4895-1 firefox-esr - security update
+ {CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946}
+ [buster] - firefox-esr 78.10.0esr-1~deb10u1
+[20 Apr 2021] DSA-4894-1 php-pear - security update
+ {CVE-2020-36193}
+ [buster] - php-pear 1:1.10.6+submodules+notgz-1.1+deb10u2
+[19 Apr 2021] DSA-4893-1 xorg-server - security update
+ {CVE-2021-3472}
+ [buster] - xorg-server 2:1.20.4-1+deb10u3
+[18 Apr 2021] DSA-4892-1 python-bleach - security update
+ {CVE-2021-23980}
+ [buster] - python-bleach 3.1.2-0+deb10u2
+[13 Apr 2021] DSA-4891-1 tomcat9 - security update
+ {CVE-2021-25122 CVE-2021-25329}
+ [buster] - tomcat9 9.0.31-1~deb10u4
+[12 Apr 2021] DSA-4890-1 ruby-kramdown - security update
+ {CVE-2021-28834}
+ [buster] - ruby-kramdown 1.17.0-1+deb10u2
+[10 Apr 2021] DSA-4889-1 mediawiki - security update
+ {CVE-2021-20270 CVE-2021-27291 CVE-2021-30152 CVE-2021-30154 CVE-2021-30155 CVE-2021-30157 CVE-2021-30158 CVE-2021-30159}
+ [buster] - mediawiki 1:1.31.14-1~deb10u1
+[10 Apr 2021] DSA-4888-1 xen - security update
+ {CVE-2021-26933 CVE-2021-27379}
+ [buster] - xen 4.11.4+99-g8bce4698f6-1
+[08 Apr 2021] DSA-4887-1 lib3mf - security update
+ {CVE-2021-21772}
+ [buster] - lib3mf 1.8.1+ds-3+deb10u1
+[06 Apr 2021] DSA-4886-1 chromium - security update
+ {CVE-2021-21159 CVE-2021-21160 CVE-2021-21161 CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166 CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170 CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174 CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178 CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182 CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186 CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190 CVE-2021-21191 CVE-2021-21192 CVE-2021-21193 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199}
+ [buster] - chromium 89.0.4389.114-1~deb10u1
+[05 Apr 2021] DSA-4885-1 netty - security update
+ {CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 CVE-2020-11612 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409}
+ [buster] - netty 1:4.1.33-1+deb10u2
+[02 Apr 2021] DSA-4884-1 ldb - security update
+ {CVE-2020-10730 CVE-2020-27840 CVE-2021-20277}
+ [buster] - ldb 2:1.5.1+really1.4.6-3+deb10u1
+[01 Apr 2021] DSA-4883-1 underscore - security update
+ {CVE-2021-23358}
+ [buster] - underscore 1.9.1~dfsg-1+deb10u1
+[01 Apr 2021] DSA-4882-1 openjpeg2 - security update
+ {CVE-2020-6851 CVE-2020-8112 CVE-2020-15389 CVE-2020-27814 CVE-2020-27823 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845}
+ [buster] - openjpeg2 2.3.0-2+deb10u2
+[30 Mar 2021] DSA-4881-1 curl - security update
+ {CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22890}
+ [buster] - curl 7.64.0-4+deb10u2
+[29 Mar 2021] DSA-4880-1 lxml - security update
+ {CVE-2021-28957}
+ [buster] - lxml 4.3.2-1+deb10u3
+[27 Mar 2021] DSA-4879-1 spamassassin - security update
+ {CVE-2020-1946}
+ [buster] - spamassassin 3.4.2-1+deb10u3
+[27 Mar 2021] DSA-4878-1 pygments - security update
+ {CVE-2021-27291}
+ [buster] - pygments 2.3.1+dfsg-1+deb10u2
+[27 Mar 2021] DSA-4877-1 webkit2gtk - security update
+ {CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1870 CVE-2021-21806}
+ [buster] - webkit2gtk 2.30.6-1~deb10u1
+[25 Mar 2021] DSA-4876-1 thunderbird - security update
+ {CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-29950}
+ [buster] - thunderbird 1:78.9.0-1~deb10u1
+[25 Mar 2021] DSA-4875-1 openssl - security update
+ {CVE-2021-3449}
+ [buster] - openssl 1.1.1d-0+deb10u6
+[24 Mar 2021] DSA-4874-1 firefox-esr - security update
+ {CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 CVE-2021-29955}
+ [buster] - firefox-esr 78.9.0esr-1~deb10u1
+[23 Mar 2021] DSA-4873-1 squid - security update
+ {CVE-2020-25097}
+ [buster] - squid 4.6-1+deb10u5
+[18 Mar 2021] DSA-4872-1 shibboleth-sp - security update
+ {CVE-2021-28963}
+ [buster] - shibboleth-sp 3.0.4+dfsg1-1+deb10u1
+[16 Mar 2021] DSA-4871-1 tor - security update
+ {CVE-2021-28089 CVE-2021-28090}
+ [buster] - tor 0.3.5.14-1
+[12 Mar 2021] DSA-4870-1 pygments - security update
+ {CVE-2021-20270}
+ [buster] - pygments 2.3.1+dfsg-1+deb10u1
+[12 Mar 2021] DSA-4869-1 tiff - security update
+ {CVE-2020-35523 CVE-2020-35524}
+ [buster] - tiff 4.1.0+git191117-2~deb10u2
+[12 Mar 2021] DSA-4868-1 flatpak - security update
+ {CVE-2021-21381}
+ [buster] - flatpak 1.2.5-0+deb10u4
+[02 Mar 2021] DSA-4867-1 grub2 - security update
+ {CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233}
+ [buster] - grub2 2.02+dfsg1-20+deb10u4
+[28 Feb 2021] DSA-4866-1 thunderbird - security update
+ {CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978}
+ [buster] - thunderbird 1:78.8.0-1~deb10u1
+[27 Feb 2021] DSA-4865-1 docker.io - security update
+ {CVE-2020-15157 CVE-2020-15257 CVE-2021-21284 CVE-2021-21285}
+ [buster] - docker.io 18.09.1+dfsg1-7.1+deb10u3
+[27 Feb 2021] DSA-4864-1 python-aiohttp - security update
+ {CVE-2021-21330}
+ [buster] - python-aiohttp 3.5.1-1+deb10u1
+[24 Feb 2021] DSA-4863-1 nodejs - security update
+ {CVE-2021-22883 CVE-2021-22884}
+ [buster] - nodejs 10.24.0~dfsg-1~deb10u1
+[24 Feb 2021] DSA-4862-1 firefox-esr - security update
+ {CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978}
+ [buster] - firefox-esr 78.8.0esr-1~deb10u1
+[21 Feb 2021] DSA-4861-1 screen - security update
+ {CVE-2021-26937}
+ [buster] - screen 4.6.2-3+deb10u1
+[20 Feb 2021] DSA-4860-1 openldap - security update
+ {CVE-2021-27212}
+ [buster] - openldap 2.4.47+dfsg-3+deb10u6
+[20 Feb 2021] DSA-4859-1 libzstd - security update
+ {CVE-2021-24032}
+ [buster] - libzstd 1.3.8+dfsg-3+deb10u2
+[19 Feb 2021] DSA-4858-1 chromium - security update
+ {CVE-2021-21148 CVE-2021-21149 CVE-2021-21150 CVE-2021-21151 CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156 CVE-2021-21157}
+ [buster] - chromium 88.0.4324.182-1~deb10u1
+[18 Feb 2021] DSA-4857-1 bind9 - security update
+ {CVE-2020-8625}
+ [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u3
+[17 Feb 2021] DSA-4856-1 php7.3 - security update
+ {CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702}
+ [buster] - php7.3 7.3.27-1~deb10u1
+[17 Feb 2021] DSA-4855-1 openssl - security update
+ {CVE-2019-1551 CVE-2021-23840 CVE-2021-23841}
+ [buster] - openssl 1.1.1d-0+deb10u5
+[17 Feb 2021] DSA-4854-1 webkit2gtk - security update
+ {CVE-2020-13558}
+ [buster] - webkit2gtk 2.30.5-1~deb10u1
+[16 Feb 2021] DSA-4853-1 spip - security update
+ [buster] - spip 3.2.4-1+deb10u4
+[15 Feb 2021] DSA-4852-1 openvswitch - security update
+ {CVE-2020-35498}
+ [buster] - openvswitch 2.10.7+ds1-0+deb10u1
+[13 Feb 2021] DSA-4851-1 subversion - security update
+ {CVE-2020-17525}
+ [buster] - subversion 1.10.4-1+deb10u2
+[10 Feb 2021] DSA-4850-1 libzstd - security update
+ {CVE-2021-24031}
+ [buster] - libzstd 1.3.8+dfsg-3+deb10u1
+[09 Feb 2021] DSA-4849-1 firejail - security update
+ {CVE-2021-26910}
+ [buster] - firejail 0.9.58.2-2+deb10u2
+[08 Feb 2021] DSA-4848-1 golang-1.11 - security update
+ {CVE-2020-7919 CVE-2020-15586 CVE-2020-16845 CVE-2021-3114}
+ [buster] - golang-1.11 1.11.6-1+deb10u4
+[08 Feb 2021] DSA-4847-1 connman - security update
+ {CVE-2021-26675 CVE-2021-26676}
+ [buster] - connman 1.36-2.1~deb10u1
+[07 Feb 2021] DSA-4846-1 chromium - security update
+ {CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21128 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 CVE-2021-21142 CVE-2021-21143 CVE-2021-21144 CVE-2021-21145 CVE-2021-21146 CVE-2021-21147}
+ [buster] - chromium 88.0.4324.146-1~deb10u1
+[03 Feb 2021] DSA-4845-1 openldap - security update
+ {CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230}
+ [buster] - openldap 2.4.47+dfsg-3+deb10u5
+[02 Feb 2021] DSA-4844-1 dnsmasq - security update
+ {CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687}
+ [buster] - dnsmasq 2.80-1+deb10u1
+[01 Feb 2021] DSA-4843-1 linux - security update
+ {CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3347 CVE-2021-20177}
+ [buster] - linux 4.19.171-2
+[31 Jan 2021] DSA-4842-1 thunderbird - security update
+ {CVE-2020-15685 CVE-2020-16044 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964}
+ [buster] - thunderbird 1:78.7.0-1~deb10u1
+[27 Jan 2021] DSA-4841-1 slurm-llnl - security update
+ {CVE-2019-19728 CVE-2020-12693 CVE-2020-27745 CVE-2020-27746}
+ [buster] - slurm-llnl 18.08.5.2-1+deb10u2
+[27 Jan 2021] DSA-4840-1 firefox-esr - security update
+ {CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964}
+ [buster] - firefox-esr 78.7.0esr-1~deb10u1
+[26 Jan 2021] DSA-4839-1 sudo - security update
+ {CVE-2021-3156}
+ [buster] - sudo 1.8.27-1+deb10u3
+[25 Jan 2021] DSA-4838-1 mutt - security update
+ {CVE-2021-3181}
+ [buster] - mutt 1.10.1-2.1+deb10u5
+[24 Jan 2021] DSA-4833-2 gst-plugins-bad1.0 - regression update
+ [buster] - gst-plugins-bad1.0 1.14.4-1+deb10u1
+[24 Jan 2021] DSA-4837-1 salt - security update
+ {CVE-2020-16846 CVE-2020-17490 CVE-2020-25592}
+ [buster] - salt 2018.3.4+dfsg1-6+deb10u2
+[22 Jan 2021] DSA-4830-2 flatpak - regression update
+ [buster] - flatpak 1.2.5-0+deb10u3
+[22 Jan 2021] DSA-4836-1 openvswitch - security update
+ {CVE-2015-8011 CVE-2020-27827}
+ [buster] - openvswitch 2.10.6+ds1-0+deb10u1
+[22 Jan 2021] DSA-4835-1 tomcat9 - security update
+ {CVE-2020-13943 CVE-2020-17527}
+ [buster] - tomcat9 9.0.31-1~deb10u3
+[22 Jan 2021] DSA-4834-1 vlc - security update
+ {CVE-2020-26664 CVE-2021-25801 CVE-2021-25802 CVE-2021-25803 CVE-2021-25804}
+ [buster] - vlc 3.0.12-0+deb10u1
+[18 Jan 2021] DSA-4833-1 gst-plugins-bad1.0 - security update
+ {CVE-2021-3185}
+ [buster] - gst-plugins-bad1.0 1.14.4-1deb10u1
+[16 Jan 2021] DSA-4832-1 chromium - security update
+ {CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115 CVE-2021-21116}
+ [buster] - chromium 87.0.4280.141-0.1~deb10u1
+[15 Jan 2021] DSA-4831-1 ruby-redcarpet - security update
+ {CVE-2020-26298}
+ [buster] - ruby-redcarpet 3.4.0-4+deb10u1
+[14 Jan 2021] DSA-4830-1 flatpak - security update
+ {CVE-2021-21261}
+ [buster] - flatpak 1.2.5-0+deb10u2
+[11 Jan 2021] DSA-4829-1 coturn - security update
+ {CVE-2020-26262}
+ [buster] - coturn 4.5.1.1-1.1+deb10u2
+[07 Jan 2021] DSA-4828-1 libxstream-java - security update
+ {CVE-2020-26258 CVE-2020-26259}
+ [buster] - libxstream-java 1.4.11.1-1+deb10u2
+[07 Jan 2021] DSA-4827-1 firefox-esr - security update
+ {CVE-2020-16044}
+ [buster] - firefox-esr 78.6.1esr-1~deb10u1
+[06 Jan 2021] DSA-4826-1 nodejs - security update
+ {CVE-2020-8265 CVE-2020-8287}
+ [buster] - nodejs 10.23.1~dfsg-1~deb10u1
+[05 Jan 2021] DSA-4806-2 minidlna - regression update
+ [buster] - minidlna 1.2.1+dfsg-2+deb10u2
+[04 Jan 2021] DSA-4825-1 dovecot - security update
+ {CVE-2020-24386 CVE-2020-25275}
+ [buster] - dovecot 1:2.3.4.1-5+deb10u5
+[01 Jan 2021] DSA-4824-1 chromium - security update
+ {CVE-2020-6510 CVE-2020-6511 CVE-2020-6512 CVE-2020-6513 CVE-2020-6514 CVE-2020-6515 CVE-2020-6516 CVE-2020-6517 CVE-2020-6518 CVE-2020-6519 CVE-2020-6520 CVE-2020-6521 CVE-2020-6522 CVE-2020-6523 CVE-2020-6524 CVE-2020-6525 CVE-2020-6526 CVE-2020-6527 CVE-2020-6528 CVE-2020-6529 CVE-2020-6530 CVE-2020-6531 CVE-2020-6532 CVE-2020-6533 CVE-2020-6534 CVE-2020-6535 CVE-2020-6536 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 CVE-2020-6556 CVE-2020-6557 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 CVE-2020-6573 CVE-2020-6575 CVE-2020-6576 CVE-2020-15959 CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 CVE-2020-15967 CVE-2020-15968 CVE-2020-15969 CVE-2020-15970 CVE-2020-15971 CVE-2020-15972 CVE-2020-15973 CVE-2020-15974 CVE-2020-15975 CVE-2020-15976 CVE-2020-15977 CVE-2020-15978 CVE-2020-15979 CVE-2020-15980 CVE-2020-15981 CVE-2020-15982 CVE-2020-15983 CVE-2020-15984 CVE-2020-15985 CVE-2020-15986 CVE-2020-15987 CVE-2020-15988 CVE-2020-15989 CVE-2020-15990 CVE-2020-15991 CVE-2020-15992 CVE-2020-15999 CVE-2020-16000 CVE-2020-16001 CVE-2020-16002 CVE-2020-16003 CVE-2020-16004 CVE-2020-16005 CVE-2020-16006 CVE-2020-16008 CVE-2020-16009 CVE-2020-16011 CVE-2020-16012 CVE-2020-16013 CVE-2020-16014 CVE-2020-16015 CVE-2020-16016 CVE-2020-16017 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036 CVE-2020-16037 CVE-2020-16038 CVE-2020-16039 CVE-2020-16040 CVE-2020-16041 CVE-2020-16042}
+ [buster] - chromium 87.0.4280.88-0.4~deb10u1
+[01 Jan 2021] DSA-4823-1 influxdb - security update
+ {CVE-2019-20933}
+ [buster] - influxdb 1.6.4-1+deb10u1
+[01 Jan 2021] DSA-4822-1 p11-kit - security update
+ {CVE-2020-29361 CVE-2020-29362 CVE-2020-29363}
+ [buster] - p11-kit 0.23.15-2+deb10u1
+[28 Dec 2020] DSA-4821-1 roundcube - security update
+ {CVE-2020-35730}
+ [buster] - roundcube 1.3.16+dfsg.1-1~deb10u1
+[27 Dec 2020] DSA-4820-1 horizon - security update
+ {CVE-2020-29565}
+ [buster] - horizon 3:14.0.2-3+deb10u2
+[27 Dec 2020] DSA-4809-2 python-apt - regression update
+ [buster] - python-apt 1.8.4.3
+[26 Dec 2020] DSA-4819-1 kitty - security update
+ {CVE-2020-35605}
+ [buster] - kitty 0.13.3-1+deb10u1
+[23 Dec 2020] DSA-4818-1 sympa - security update
+ {CVE-2020-9369 CVE-2020-10936 CVE-2020-26932 CVE-2020-29668}
+ [buster] - sympa 6.2.40~dfsg-1+deb10u1
+[22 Dec 2020] DSA-4797-2 webkit2gtk - regression update
+ [buster] - webkit2gtk 2.30.4-1~deb10u1
+[19 Dec 2020] DSA-4817-1 php-pear - security update
+ {CVE-2020-28948 CVE-2020-28949}
+ [buster] - php-pear 1:1.10.6+submodules+notgz-1.1+deb10u1
+[19 Dec 2020] DSA-4810-2 lxml - regression update
+ [buster] - lxml 4.3.2-1+deb10u2
+[18 Dec 2020] DSA-4816-1 mediawiki - security update
+ {CVE-2020-35475 CVE-2020-35477 CVE-2020-35479 CVE-2020-35480}
+ [buster] - mediawiki 1:1.31.12-1~deb10u1
+[17 Dec 2020] DSA-4815-1 thunderbird - security update
+ {CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113}
+ [buster] - thunderbird 1:78.6.0-1~deb10u1
+[17 Dec 2020] DSA-4814-1 xerces-c - security update
+ {CVE-2018-1311}
+ [buster] - xerces-c 3.2.2+debian-1+deb10u1
+[16 Dec 2020] DSA-4813-1 firefox-esr - security update
+ {CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113}
+ [buster] - firefox-esr 78.6.0esr-1~deb10u1
+[15 Dec 2020] DSA-4812-1 xen - security update
+ {CVE-2020-29479 CVE-2020-29480 CVE-2020-29481 CVE-2020-29482 CVE-2020-29483 CVE-2020-29484 CVE-2020-29485 CVE-2020-29486 CVE-2020-29566 CVE-2020-29570 CVE-2020-29571}
+ [buster] - xen 4.11.4+57-g41a822c392-2
+[15 Dec 2020] DSA-4811-1 libxstream-java - security update
+ {CVE-2020-26217}
+ [buster] - libxstream-java 1.4.11.1-1+deb10u1
+[13 Dec 2020] DSA-4810-1 lxml - security update
+ {CVE-2020-27783}
+ [buster] - lxml 4.3.2-1+deb10u1
+[09 Dec 2020] DSA-4809-1 python-apt - security update
+ {CVE-2020-27351}
+ [buster] - python-apt 1.8.4.2
+[09 Dec 2020] DSA-4808-1 apt - security update
+ {CVE-2020-27350}
+ [buster] - apt 1.8.2.2
+[08 Dec 2020] DSA-4807-1 openssl - security update
+ {CVE-2020-1971}
+ [buster] - openssl 1.1.1d-0+deb10u4
+[07 Dec 2020] DSA-4806-1 minidlna - security update
+ {CVE-2020-12695 CVE-2020-28926}
+ [buster] - minidlna 1.2.1+dfsg-2+deb10u1
+[07 Dec 2020] DSA-4805-1 trafficserver - security update
+ {CVE-2020-17508 CVE-2020-17509}
+ [buster] - trafficserver 8.0.2+ds-1+deb10u4
+[04 Dec 2020] DSA-4804-1 xen - security update
+ {CVE-2020-27670 CVE-2020-27671 CVE-2020-27672 CVE-2020-27674 CVE-2020-28368}
+ [buster] - xen 4.11.4+57-g41a822c392-1
+[04 Dec 2020] DSA-4803-1 xorg-server - security update
+ {CVE-2020-14360 CVE-2020-25712}
+ [buster] - xorg-server 2:1.20.4-1+deb10u2
+[03 Dec 2020] DSA-4802-1 thunderbird - security update
+ {CVE-2020-26970}
+ [buster] - thunderbird 1:78.5.1-1~deb10u1
+[01 Dec 2020] DSA-4801-1 brotli - security update
+ {CVE-2020-8927}
+ [buster] - brotli 1.0.7-2+deb10u1
+[28 Nov 2020] DSA-4800-1 libproxy - security update
+ {CVE-2020-25219 CVE-2020-26154}
+ [buster] - libproxy 0.4.15-5+deb10u1
+[28 Nov 2020] DSA-4799-1 x11vnc - security update
+ {CVE-2020-29074}
+ [buster] - x11vnc 0.9.13-6+deb10u1
+[25 Nov 2020] DSA-4798-1 spip - security update
+ {CVE-2020-28984}
+ [buster] - spip 3.2.4-1+deb10u3
+[23 Nov 2020] DSA-4797-1 webkit2gtk - security update
+ {CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13543 CVE-2020-13584 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-30661}
+ [buster] - webkit2gtk 2.30.3-1~deb10u1
+[21 Nov 2020] DSA-4796-1 thunderbird - security update
+ {CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968}
+ [buster] - thunderbird 1:78.5.0-1~deb10u1
+[21 Nov 2020] DSA-4795-1 krb5 - security update
+ {CVE-2020-28196}
+ [buster] - krb5 1.17-3+deb10u1
+[21 Nov 2020] DSA-4794-1 mupdf - security update
+ {CVE-2020-26519}
+ [buster] - mupdf 1.14.0+ds1-4+deb10u2
+[18 Nov 2020] DSA-4793-1 firefox-esr - security update
+ {CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968}
+ [buster] - firefox-esr 78.5.0esr-1~deb10u1
+[17 Nov 2020] DSA-4792-1 openldap - security update
+ {CVE-2020-25709 CVE-2020-25710}
+ [buster] - openldap 2.4.47+dfsg-3+deb10u4
+[13 Nov 2020] DSA-4791-1 pacemaker - security update
+ {CVE-2020-25654}
+ [buster] - pacemaker 2.0.1-5+deb10u1
+[12 Nov 2020] DSA-4790-1 thunderbird - security update
+ {CVE-2020-26950}
+ [buster] - thunderbird 1:78.4.2-1~deb10u1
+[12 Nov 2020] DSA-4789-1 codemirror-js - security update
+ {CVE-2020-7760}
+ [buster] - codemirror-js 5.43.0-1+deb10u1
+[10 Nov 2020] DSA-4788-1 firefox-esr - security update
+ {CVE-2020-26950}
+ [buster] - firefox-esr 78.4.1esr-1~deb10u1
+[09 Nov 2020] DSA-4787-1 moin - security update
+ {CVE-2020-15275 CVE-2020-25074}
+ [buster] - moin 1.9.9-1+deb10u1
+[08 Nov 2020] DSA-4786-1 libexif - security update
+ {CVE-2020-0452}
+ [buster] - libexif 0.6.21-5.1+deb10u5
+[07 Nov 2020] DSA-4785-1 raptor2 - security update
+ {CVE-2017-18926}
+ [buster] - raptor2 2.0.14-1.1~deb10u1
+[06 Nov 2020] DSA-4784-1 wordpress - security update
+ {CVE-2020-28032 CVE-2020-28033 CVE-2020-28034 CVE-2020-28035 CVE-2020-28036 CVE-2020-28037 CVE-2020-28038 CVE-2020-28039 CVE-2020-28040}
+ [buster] - wordpress 5.0.11+dfsg1-0+deb10u1
+[05 Nov 2020] DSA-4783-1 sddm - security update
+ {CVE-2020-28049}
+ [buster] - sddm 0.18.0-1+deb10u1
+[30 Oct 2020] DSA-4782-1 openldap - security update
+ {CVE-2020-25692}
+ [buster] - openldap 2.4.47+dfsg-3+deb10u3
+[27 Oct 2020] DSA-4781-1 blueman - security update
+ {CVE-2020-15238}
+ [buster] - blueman 2.0.8-1+deb10u1
+[25 Oct 2020] DSA-4780-1 thunderbird - security update
+ {CVE-2020-15683 CVE-2020-15969}
+ [buster] - thunderbird 1:78.4.0-1~deb10u1
+[25 Oct 2020] DSA-4779-1 openjdk-11 - security update
+ {CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14798 CVE-2020-14803}
+ [buster] - openjdk-11 11.0.9+11-1~deb10u1
+[21 Oct 2020] DSA-4778-1 firefox-esr - security update
+ {CVE-2020-15683 CVE-2020-15969}
+ [buster] - firefox-esr 78.4.0esr-1~deb10u2
+[21 Oct 2020] DSA-4777-1 freetype - security update
+ {CVE-2020-15999}
+ [buster] - freetype 2.9.1-3+deb10u2
+[20 Oct 2020] DSA-4776-1 mariadb-10.3 - security update
+ {CVE-2020-15180}
+ [buster] - mariadb-10.3 1:10.3.25-0+deb10u1
+[19 Oct 2020] DSA-4775-1 python-flask-cors - security update
+ {CVE-2020-25032}
+ [buster] - python-flask-cors 3.0.7-1+deb10u1
+[19 Oct 2020] DSA-4774-1 linux - security update
+ {CVE-2020-12351 CVE-2020-12352 CVE-2020-25211 CVE-2020-25643 CVE-2020-25645}
+ [buster] - linux 4.19.152-1
+[16 Oct 2020] DSA-4773-1 yaws - security update
+ {CVE-2020-24379 CVE-2020-24916}
+ [buster] - yaws 2.0.6+dfsg-1+deb10u1
+[14 Oct 2020] DSA-4772-1 httpcomponents-client - security update
+ {CVE-2020-13956}
+ [buster] - httpcomponents-client 4.5.7-1+deb10u1
+[11 Oct 2020] DSA-4771-1 spice - security update
+ {CVE-2020-14355}
+ [buster] - spice 0.14.0-1.3+deb10u1
+[06 Oct 2020] DSA-4770-1 thunderbird - security update
+ {CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678}
+ [buster] - thunderbird 1:78.3.1-2~deb10u2
+[02 Oct 2020] DSA-4769-1 xen - security update
+ {CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604}
+ [buster] - xen 4.11.4+37-g3263f257ca-1
+[28 Sep 2020] DSA-4768-1 firefox-esr - security update
+ {CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678}
+ [buster] - firefox-esr 78.3.0esr-1~deb10u1
+[25 Sep 2020] DSA-4767-1 mediawiki - security update
+ {CVE-2020-15005 CVE-2020-17367 CVE-2020-17368 CVE-2020-25812 CVE-2020-25813 CVE-2020-25814 CVE-2020-25827 CVE-2020-25828}
+ [buster] - mediawiki 1:1.31.10-1~deb10u1
+[24 Sep 2020] DSA-4766-1 rails - security update
+ {CVE-2020-8162 CVE-2020-8164 CVE-2020-8165 CVE-2020-8166 CVE-2020-8167 CVE-2020-15169}
+ [buster] - rails 2:5.2.2.1+dfsg-1+deb10u2
+[18 Sep 2020] DSA-4765-1 modsecurity - security update
+ {CVE-2020-15598}
+ [buster] - modsecurity 3.0.3-1+deb10u2
+[18 Sep 2020] DSA-4764-1 inspircd - security update
+ {CVE-2019-20917 CVE-2020-25269}
+ [buster] - inspircd 2.0.27-1+deb10u1
+[14 Sep 2020] DSA-4763-1 teeworlds - security update
+ {CVE-2020-12066}
+ [buster] - teeworlds 0.7.2-5+deb10u1
+[07 Sep 2020] DSA-4762-1 lemonldap-ng - security update
+ {CVE-2020-24660}
+ [buster] - lemonldap-ng 2.0.2+ds-7+deb10u5
+[07 Sep 2020] DSA-4761-1 zeromq3 - security update
+ {CVE-2020-15166}
+ [buster] - zeromq3 4.3.1-4+deb10u2
+[06 Sep 2020] DSA-4760-1 qemu - security update
+ {CVE-2020-12829 CVE-2020-14364 CVE-2020-15863 CVE-2020-16092}
+ [buster] - qemu 1:3.1+dfsg-8+deb10u8
+[04 Sep 2020] DSA-4759-1 ark - security update
+ {CVE-2020-24654}
+ [buster] - ark 4:18.08.3-1+deb10u2
+[04 Sep 2020] DSA-4758-1 xorg-server - security update
+ {CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14361 CVE-2020-14362}
+ [buster] - xorg-server 2:1.20.4-1+deb10u1
+[31 Aug 2020] DSA-4757-1 apache2 - security update
+ {CVE-2020-1927 CVE-2020-1934 CVE-2020-9490 CVE-2020-11984 CVE-2020-11993}
+ [buster] - apache2 2.4.38-3+deb10u4
+[29 Aug 2020] DSA-4756-1 lilypond - security update
+ {CVE-2020-17353}
+ [buster] - lilypond 2.19.81+really-2.18.2-13+deb10u1
+[29 Aug 2020] DSA-4755-1 openexr - security update
+ {CVE-2017-9111 CVE-2017-9113 CVE-2017-9115 CVE-2018-18444 CVE-2020-11758 CVE-2020-11759 CVE-2020-11760 CVE-2020-11761 CVE-2020-11762 CVE-2020-11763 CVE-2020-11764 CVE-2020-11765 CVE-2020-15305 CVE-2020-15306}
+ [buster] - openexr 2.2.1-4.1+deb10u1
+[29 Aug 2020] DSA-4754-1 thunderbird - security update
+ {CVE-2020-15664 CVE-2020-15669}
+ [buster] - thunderbird 1:68.12.0-1~deb10u1
+[29 Aug 2020] DSA-4753-1 mupdf - security update
+ {CVE-2019-13290}
+ [buster] - mupdf 1.14.0+ds1-4+deb10u1
+[27 Aug 2020] DSA-4752-1 bind9 - security update
+ {CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624}
+ [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u2
+[27 Aug 2020] DSA-4751-1 squid - security update
+ {CVE-2020-15810 CVE-2020-15811 CVE-2020-24606}
+ [buster] - squid 4.6-1+deb10u4
+[26 Aug 2020] DSA-4750-1 nginx - security update
+ {CVE-2020-11724}
+ [buster] - nginx 1.14.2-2+deb10u3
+[26 Aug 2020] DSA-4749-1 firefox-esr - security update
+ {CVE-2020-15664 CVE-2020-15669}
+ [buster] - firefox-esr 68.12.0esr-1~deb10u1
+[25 Aug 2020] DSA-4748-1 ghostscript - security update
+ {CVE-2020-16287 CVE-2020-16288 CVE-2020-16289 CVE-2020-16290 CVE-2020-16291 CVE-2020-16292 CVE-2020-16293 CVE-2020-16294 CVE-2020-16295 CVE-2020-16296 CVE-2020-16297 CVE-2020-16298 CVE-2020-16299 CVE-2020-16300 CVE-2020-16301 CVE-2020-16302 CVE-2020-16303 CVE-2020-16304 CVE-2020-16305 CVE-2020-16306 CVE-2020-16307 CVE-2020-16308 CVE-2020-16309 CVE-2020-16310 CVE-2020-17538}
+ [buster] - ghostscript 9.27~dfsg-2+deb10u4
+[23 Aug 2020] DSA-4747-1 icingaweb2 - security update
+ {CVE-2020-24368}
+ [buster] - icingaweb2 2.6.2-3+deb10u1
+[15 Aug 2020] DSA-4746-1 net-snmp - security update
+ {CVE-2020-15861 CVE-2020-15862}
+ [buster] - net-snmp 5.7.3+dfsg-5+deb10u1
+[12 Aug 2020] DSA-4745-1 dovecot - security update
+ {CVE-2020-12100 CVE-2020-12673 CVE-2020-12674}
+ [buster] - dovecot 1:2.3.4.1-5+deb10u3
+[12 Aug 2020] DSA-4744-1 roundcube - security update
+ {CVE-2020-16145}
+ [buster] - roundcube 1.3.15+dfsg.1-1~deb10u1
+[10 Aug 2020] DSA-4743-1 ruby-kramdown - security update
+ {CVE-2020-14001}
+ [buster] - ruby-kramdown 1.17.0-1+deb10u1
+[06 Aug 2020] DSA-4742-1 firejail - security update
+ {CVE-2020-17367 CVE-2020-17368}
+ [buster] - firejail 0.9.58.2-2+deb10u1
+[05 Aug 2020] DSA-4741-1 json-c - security update
+ {CVE-2020-12762}
+ [buster] - json-c 0.12.1+ds-2+deb10u1
+[02 Aug 2020] DSA-4740-1 thunderbird - security update
+ {CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659}
+ [buster] - thunderbird 1:68.11.0-1~deb10u1
+[03 Aug 2020] DSA-4739-1 webkit2gtk - security update
+ {CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952}
+ [buster] - webkit2gtk 2.28.4-1~deb10u1
+[31 Jul 2020] DSA-4738-1 ark - security update
+ {CVE-2020-16116}
+ [buster] - ark 4:18.08.3-1+deb10u1
+[30 Jul 2020] DSA-4735-2 grub2 - regression update
+ [buster] - grub2 2.02+dfsg1-20+deb10u2
+[29 Jul 2020] DSA-4737-1 xrdp - security update
+ {CVE-2020-4044}
+ [buster] - xrdp 0.9.9-1+deb10u1
+[29 Jul 2020] DSA-4736-1 firefox-esr - security update
+ {CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659}
+ [buster] - firefox-esr 68.11.0esr-1~deb10u1
+[29 Jul 2020] DSA-4735-1 grub2 - security update
+ {CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707}
+ [buster] - grub2 2.02+dfsg1-20+deb10u1
+[26 Jul 2020] DSA-4734-1 openjdk-11 - security update
+ {CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621}
+ [buster] - openjdk-11 11.0.8+10-1~deb10u1
+[24 Jul 2020] DSA-4733-1 qemu - security update
+ {CVE-2020-8608}
+ [buster] - qemu 1:3.1+dfsg-8+deb10u7
+[21 Jul 2020] DSA-4732-1 squid - security update
+ {CVE-2019-18860 CVE-2020-15049}
+ [buster] - squid 4.6-1+deb10u3
+[19 Jul 2020] DSA-4731-1 redis - security update
+ {CVE-2020-14147}
+ [buster] - redis 5:5.0.3-4+deb10u2
+[19 Jul 2020] DSA-4730-1 ruby-sanitize - security update
+ {CVE-2020-4054}
+ [buster] - ruby-sanitize 4.6.6-2.1~deb10u1
+[19 Jul 2020] DSA-4729-1 libopenmpt - security update
+ {CVE-2019-14380 CVE-2019-17113}
+ [buster] - libopenmpt 0.4.3-1+deb10u1
+[19 Jul 2020] DSA-4728-1 qemu - security update
+ {CVE-2020-10756 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13754 CVE-2020-13765}
+ [buster] - qemu 1:3.1+dfsg-8+deb10u6
+[17 Jul 2020] DSA-4727-1 tomcat9 - security update
+ {CVE-2020-9484 CVE-2020-11996 CVE-2020-13934 CVE-2020-13935}
+ [buster] - tomcat9 9.0.31-1~deb10u2
+[17 Jul 2020] DSA-4726-1 nss - security update
+ {CVE-2019-17006 CVE-2019-17023 CVE-2020-12399 CVE-2020-12402}
+ [buster] - nss 2:3.42.1-1+deb10u3
+[15 Jul 2020] DSA-4725-1 evolution-data-server - security update
+ {CVE-2020-14928}
+ [buster] - evolution-data-server 3.30.5-1+deb10u1
+[15 Jul 2020] DSA-4724-1 webkit2gtk - security update
+ {CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-13753}
+ [buster] - webkit2gtk 2.28.3-2~deb10u1
+[13 Jul 2020] DSA-4714-3 chromium - regression update
+ [buster] - chromium 83.0.4103.116-1~deb10u3
+[12 Jul 2020] DSA-4723-1 xen - security update
+ {CVE-2020-11739 CVE-2020-11740 CVE-2020-11741 CVE-2020-11742 CVE-2020-11743 CVE-2020-15563 CVE-2020-15564 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567}
+ [buster] - xen 4.11.4+24-gddaaccbbab-1~deb10u1
+[08 Jul 2020] DSA-4722-1 ffmpeg - security update
+ {CVE-2019-13390 CVE-2019-17539 CVE-2019-17542 CVE-2020-12284 CVE-2020-13904 CVE-2020-20902 CVE-2020-20448}
+ [buster] - ffmpeg 7:4.1.6-1~deb10u1
+[08 Jul 2020] DSA-4721-1 ruby2.5 - security update
+ {CVE-2020-10663 CVE-2020-10933}
+ [buster] - ruby2.5 2.5.5-3+deb10u2
+[08 Jul 2020] DSA-4720-1 roundcube - security update
+ {CVE-2020-15562}
+ [buster] - roundcube 1.3.14+dfsg.1-1~deb10u1
+[06 Jul 2020] DSA-4719-1 php7.3 - security update
+ {CVE-2019-11048 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066 CVE-2020-7067}
+ [buster] - php7.3 7.3.19-1~deb10u1
+[05 Jul 2020] DSA-4718-1 thunderbird - security update
+ {CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-15646}
+ [stretch] - thunderbird 1:68.10.0-1~deb9u1
+ [buster] - thunderbird 1:68.10.0-1~deb10u1
+[05 Jul 2020] DSA-4717-1 php7.0 - security update
+ {CVE-2019-11048 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7066 CVE-2020-7067}
+ [stretch] - php7.0 7.0.33-0+deb9u8
+[04 Jul 2020] DSA-4714-2 chromium - regression update
+ [buster] - chromium 83.0.4103.116-1~deb10u2
+[02 Jul 2020] DSA-4716-1 docker.io - security update
+ {CVE-2020-13401}
+ [buster] - docker.io 18.09.1+dfsg1-7.1+deb10u2
+[02 Jul 2020] DSA-4715-1 imagemagick - security update
+ {CVE-2019-13300 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-15140 CVE-2019-19948}
+ [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u8
+[01 Jul 2020] DSA-4714-1 chromium - security update
+ {CVE-2020-6423 CVE-2020-6430 CVE-2020-6431 CVE-2020-6432 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436 CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441 CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446 CVE-2020-6447 CVE-2020-6448 CVE-2020-6454 CVE-2020-6455 CVE-2020-6456 CVE-2020-6457 CVE-2020-6458 CVE-2020-6459 CVE-2020-6460 CVE-2020-6461 CVE-2020-6462 CVE-2020-6463 CVE-2020-6464 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6492 CVE-2020-6493 CVE-2020-6494 CVE-2020-6495 CVE-2020-6496 CVE-2020-6497 CVE-2020-6498 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 CVE-2020-6509 CVE-2020-6831}
+ [buster] - chromium 83.0.4103.116-1~deb10u1
+[01 Jul 2020] DSA-4713-1 firefox-esr - security update
+ {CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421}
+ [stretch] - firefox-esr 68.10.0esr-1~deb9u1
+ [buster] - firefox-esr 68.10.0esr-1~deb10u1
+[30 Jun 2020] DSA-4712-1 imagemagick - security update
+ {CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949 CVE-2019-13391 CVE-2019-16712}
+ [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u1
+[29 Jun 2020] DSA-4711-1 coturn - security update
+ {CVE-2020-4067 CVE-2020-6061 CVE-2020-6062}
+ [stretch] - coturn 4.5.0.5-1+deb9u2
+ [buster] - coturn 4.5.1.1-1.1+deb10u1
+[27 Jun 2020] DSA-4710-1 trafficserver - security update
+ {CVE-2020-9494}
+ [buster] - trafficserver 8.0.2+ds-1+deb10u3
+[23 Jun 2020] DSA-4709-1 wordpress - security update
+ {CVE-2020-4047 CVE-2020-4048 CVE-2020-4049 CVE-2020-4050 CVE-2020-25286}
+ [buster] - wordpress 5.0.10+dfsg1-0+deb10u1
+[21 Jun 2020] DSA-4708-1 neomutt - security update
+ {CVE-2020-14093 CVE-2020-14954}
+ [buster] - neomutt 20180716+dfsg.1-1+deb10u1
+[19 Jun 2020] DSA-4707-1 mutt - security update
+ {CVE-2020-14093 CVE-2020-14954}
+ [stretch] - mutt 1.7.2-1+deb9u3
+ [buster] - mutt 1.10.1-2.1+deb10u2
+[18 Jun 2020] DSA-4706-1 drupal7 - security update
+ {CVE-2020-13663}
+ [stretch] - drupal7 7.52-2+deb9u11
+[18 Jun 2020] DSA-4705-1 python-django - security update
+ {CVE-2020-13254 CVE-2020-13596}
+ [stretch] - python-django 1:1.10.7-2+deb9u9
+ [buster] - python-django 1:1.11.29-1~deb10u1
+[16 Jun 2020] DSA-4704-1 vlc - security update
+ {CVE-2020-13428}
+ [stretch] - vlc 3.0.11-0+deb9u1
+ [buster] - vlc 3.0.11-0+deb10u1
+[11 Jun 2020] DSA-4703-1 mysql-connector-java - security update
+ {CVE-2020-2875 CVE-2020-2933 CVE-2020-2934}
+ [stretch] - mysql-connector-java 5.1.49-0+deb9u1
+[11 Jun 2020] DSA-4702-1 thunderbird - security update
+ {CVE-2020-12410 CVE-2020-12406 CVE-2020-12405 CVE-2020-12399 CVE-2020-12398}
+ [stretch] - thunderbird 1:68.9.0-1~deb9u1
+ [buster] - thunderbird 1:68.9.0-1~deb10u1
+[11 Jun 2020] DSA-4701-1 intel-microcode - security update
+ {CVE-2020-0543 CVE-2020-0548 CVE-2020-0549}
+ [stretch] - intel-microcode 3.20200609.2~deb9u1
+ [buster] - intel-microcode 3.20200609.2~deb10u1
+[11 Jun 2020] DSA-4700-1 roundcube - security update
+ {CVE-2020-13964 CVE-2020-13965}
+ [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u5
+ [buster] - roundcube 1.3.13+dfsg.1-1~deb10u1
+[09 Jun 2020] DSA-4699-1 linux - security update
+ {CVE-2019-3016 CVE-2019-19462 CVE-2020-0543 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-12114 CVE-2020-12464 CVE-2020-12768 CVE-2020-12770 CVE-2020-13143}
+ [buster] - linux 4.19.118-2+deb10u1
+[09 Jun 2020] DSA-4698-1 linux - security update
+ {CVE-2019-2182 CVE-2019-5108 CVE-2019-19319 CVE-2019-19462 CVE-2019-19768 CVE-2019-20806 CVE-2019-20811 CVE-2020-0543 CVE-2020-2732 CVE-2020-8428 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9383 CVE-2020-10711 CVE-2020-10732 CVE-2020-10751 CVE-2020-10757 CVE-2020-10942 CVE-2020-11494 CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 CVE-2020-12114 CVE-2020-12464 CVE-2020-12652 CVE-2020-12653 CVE-2020-12654 CVE-2020-12770 CVE-2020-13143}
+ [stretch] - linux 4.9.210-1+deb9u1
+[06 Jun 2020] DSA-4697-1 gnutls28 - security update
+ {CVE-2020-13777}
+ [buster] - gnutls28 3.6.7-4+deb10u4
+[06 Jun 2020] DSA-4696-1 nodejs - security update
+ {CVE-2020-8174 CVE-2020-11080}
+ [buster] - nodejs 10.21.0~dfsg-1~deb10u1
+[03 Jun 2020] DSA-4695-1 firefox-esr - security update
+ {CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410}
+ [stretch] - firefox-esr 68.9.0esr-1~deb9u1
+ [buster] - firefox-esr 68.9.0esr-1~deb10u1
[26 May 2020] DSA-4694-1 unbound - security update
{CVE-2020-12662 CVE-2020-12663}
[buster] - unbound 1.9.0-2+deb10u2
@@ -48,7 +1322,7 @@
{CVE-2020-11651 CVE-2020-11652}
[stretch] - salt 2016.11.2+ds-1+deb9u4
[07 May 2020] DSA-4681-1 webkit2gtk - security update
- {CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902}
+ {CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2021-30762}
[buster] - webkit2gtk 2.28.2-2~deb10u1
[06 May 2020] DSA-4680-1 tomcat9 - security update
{CVE-2019-10072 CVE-2019-12418 CVE-2019-17563 CVE-2019-17569 CVE-2020-1935 CVE-2020-1938}
@@ -103,7 +1377,7 @@
[stretch] - openldap 2.4.44+dfsg-5+deb9u4
[buster] - openldap 2.4.47+dfsg-3+deb10u2
[27 Apr 2020] DSA-4665-1 qemu - security update
- {CVE-2019-12068 CVE-2019-15034 CVE-2019-20382 CVE-2020-1983}
+ {CVE-2019-12068 CVE-2019-15034 CVE-2019-20382 CVE-2020-1983 CVE-2020-11947}
[buster] - qemu 1:3.1+dfsg-8+deb10u5
[26 Apr 2020] DSA-4664-1 mailman - security update
{CVE-2020-12137}
@@ -143,7 +1417,7 @@
[stretch] - firefox-esr 68.7.0esr-1~deb9u1
[buster] - firefox-esr 68.7.0esr-1~deb10u1
[07 Apr 2020] DSA-4654-1 chromium - security update
- {CVE-2020-6450 CVE-2020-6451 CVE-2020-6452}
+ {CVE-2020-6453 CVE-2020-6450 CVE-2020-6451 CVE-2020-6452}
[buster] - chromium 80.0.3987.162-1~deb10u1
[04 Apr 2020] DSA-4653-1 firefox-esr - security update
{CVE-2020-6819 CVE-2020-6820}
@@ -199,7 +1473,7 @@
[stretch] - firefox-esr 68.6.0esr-1~deb9u1
[buster] - firefox-esr 68.6.0esr-1~deb10u1
[10 Mar 2020] DSA-4638-1 chromium - security update
- {CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 CVE-2020-6382 CVE-2020-6383 CVE-2020-6384 CVE-2020-6385 CVE-2020-6386 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406 CVE-2020-6407 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416 CVE-2020-6418 CVE-2020-6420}
+ {CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 CVE-2020-6382 CVE-2020-6383 CVE-2020-6384 CVE-2020-6385 CVE-2020-6386 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406 CVE-2020-6407 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416 CVE-2020-6418 CVE-2020-6420 CVE-2020-6499 CVE-2020-6500 CVE-2020-6501 CVE-2020-6502}
[buster] - chromium 80.0.3987.132-1~deb10u1
[09 Mar 2020] DSA-4637-1 network-manager-ssh - security update
{CVE-2020-9355}
@@ -270,11 +1544,11 @@
[stretch] - libxmlrpc3-java 3.1.3-8+deb9u1
[buster] - libxmlrpc3-java 3.1.3-9+deb10u1
[06 Feb 2020] DSA-4618-1 libexif - security update
- {CVE-2019-9278}
+ {CVE-2019-9278 CVE-2020-0181}
[stretch] - libexif 0.6.21-2+deb9u1
[buster] - libexif 0.6.21-5.1+deb10u1
[03 Feb 2020] DSA-4617-1 qtbase-opensource-src - security update
- {CVE-2020-0569}
+ {CVE-2020-0569 CVE-2020-24742}
[stretch] - qtbase-opensource-src 5.7.1+dfsg-3+deb9u2
[buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3
[02 Feb 2020] DSA-4616-1 qemu - security update
@@ -476,7 +1750,7 @@
{CVE-2019-8812 CVE-2019-8814}
[buster] - webkit2gtk 2.26.2-1~deb10+1
[10 Nov 2019] DSA-4562-1 chromium - security update
- {CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685 CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13691 CVE-2019-13692 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721 CVE-2019-13672 CVE-2019-13765 CVE-2019-13766}
+ {CVE-2019-5869 CVE-2019-5870 CVE-2019-5871 CVE-2019-5872 CVE-2019-5874 CVE-2019-5875 CVE-2019-5876 CVE-2019-5877 CVE-2019-5878 CVE-2019-5879 CVE-2019-5880 CVE-2019-13659 CVE-2019-13660 CVE-2019-13661 CVE-2019-13662 CVE-2019-13663 CVE-2019-13664 CVE-2019-13665 CVE-2019-13666 CVE-2019-13667 CVE-2019-13668 CVE-2019-13669 CVE-2019-13670 CVE-2019-13671 CVE-2019-13673 CVE-2019-13674 CVE-2019-13675 CVE-2019-13676 CVE-2019-13677 CVE-2019-13678 CVE-2019-13679 CVE-2019-13680 CVE-2019-13681 CVE-2019-13682 CVE-2019-13683 CVE-2019-13685 CVE-2019-13686 CVE-2019-13687 CVE-2019-13688 CVE-2019-13691 CVE-2019-13692 CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696 CVE-2019-13697 CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13713 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13717 CVE-2019-13718 CVE-2019-13719 CVE-2019-13720 CVE-2019-13721 CVE-2019-13672 CVE-2019-13765 CVE-2019-13766}
[buster] - chromium 78.0.3904.97-1~deb10u1
[08 Nov 2019] DSA-4561-1 fribidi - security update
{CVE-2019-18397}
@@ -490,7 +1764,7 @@
[stretch] - proftpd-dfsg 1.3.5b-4+deb9u2
[buster] - proftpd-dfsg 1.3.6-4+deb10u2
[04 Nov 2019] DSA-4558-1 webkit2gtk - security update
- {CVE-2019-8625 CVE-2019-8720 CVE-2019-8769 CVE-2019-8771 CVE-2019-8710 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2019-8783 CVE-2019-8811 CVE-2019-8813 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823}
+ {CVE-2019-8625 CVE-2019-8720 CVE-2019-8769 CVE-2019-8771 CVE-2019-8710 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2019-8783 CVE-2019-8811 CVE-2019-8813 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2021-30666 CVE-2021-30761}
[buster] - webkit2gtk 2.26.1-3~deb10u1
[31 Oct 2019] DSA-4557-1 libarchive - security update
{CVE-2019-18408}
@@ -602,13 +1876,13 @@
[stretch] - expat 2.2.0-2+deb9u3
[buster] - expat 2.2.6-2+deb10u1
[20 Sep 2019] DSA-4529-1 php7.0 - security update
- {CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042}
+ {CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11038 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-13224}
[stretch] - php7.0 7.0.33-0+deb9u5
[19 Sep 2019] DSA-4528-1 bird - security update
[stretch] - bird 1.6.3-2+deb9u1
[buster] - bird 1.6.6-1+deb10u1
[19 Sep 2019] DSA-4527-1 php7.3 - security update
- {CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042}
+ {CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-13224}
[buster] - php7.3 7.3.9-1~deb10u1
[19 Sep 2019] DSA-4526-1 opendmarc - security update
{CVE-2019-16378}
@@ -702,7 +1976,7 @@
[stretch] - libreoffice 1:5.2.7-1+deb9u10
[buster] - libreoffice 1:6.1.5-3+deb10u3
[12 Aug 2019] DSA-4500-1 chromium - security update
- {CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5841 CVE-2019-5842 CVE-2019-5843 CVE-2019-5847 CVE-2019-5848 CVE-2019-5849 CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853 CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857 CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861 CVE-2019-5862 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867 CVE-2019-5868 CVE-2019-13698}
+ {CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 CVE-2019-5824 CVE-2019-5825 CVE-2019-5826 CVE-2019-5827 CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 CVE-2019-5841 CVE-2019-5842 CVE-2019-5843 CVE-2019-5847 CVE-2019-5848 CVE-2019-5849 CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853 CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857 CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861 CVE-2019-5862 CVE-2019-5864 CVE-2019-5865 CVE-2019-5867 CVE-2019-5868 CVE-2019-13698 CVE-2020-6503 CVE-2020-6504}
[buster] - chromium 76.0.3809.100-1~deb10u1
[12 Aug 2019] DSA-4499-1 ghostscript - security update
{CVE-2019-10216}
@@ -1087,7 +2361,7 @@
{CVE-2019-6977 CVE-2019-6978}
[stretch] - libgd2 2.2.4-2+deb9u4
[03 Feb 2019] DSA-4383-1 libvncserver - security update
- {CVE-2018-6307 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024}
+ {CVE-2018-6307 CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-21247}
[stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u1
[02 Feb 2019] DSA-4382-1 rssh - security update
{CVE-2019-3463 CVE-2019-3464}
@@ -1477,7 +2751,7 @@
{CVE-2018-10906}
[stretch] - fuse 2.9.7-1+deb9u1
[26 Jul 2018] DSA-4256-1 chromium-browser - security update
- {CVE-2018-4117 CVE-2018-6044 CVE-2018-6150 CVE-2018-6151 CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164 CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168 CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172 CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176 CVE-2018-6177 CVE-2018-6178 CVE-2018-6179 CVE-2018-17461 CVE-2018-17460 CVE-2018-16064}
+ {CVE-2018-4117 CVE-2018-6150 CVE-2018-6151 CVE-2018-6152 CVE-2018-6153 CVE-2018-6154 CVE-2018-6155 CVE-2018-6156 CVE-2018-6157 CVE-2018-6158 CVE-2018-6159 CVE-2018-6161 CVE-2018-6162 CVE-2018-6163 CVE-2018-6164 CVE-2018-6165 CVE-2018-6166 CVE-2018-6167 CVE-2018-6168 CVE-2018-6169 CVE-2018-6170 CVE-2018-6171 CVE-2018-6172 CVE-2018-6173 CVE-2018-6174 CVE-2018-6175 CVE-2018-6176 CVE-2018-6177 CVE-2018-6178 CVE-2018-6179 CVE-2018-17461 CVE-2018-17460 CVE-2018-16064}
[stretch] - chromium-browser 68.0.3440.75-1~deb9u1
[24 Jul 2018] DSA-4255-1 ant - security update
{CVE-2018-10886}
@@ -2017,7 +3291,7 @@
{CVE-2017-15420 CVE-2017-15429 CVE-2018-6031 CVE-2018-6032 CVE-2018-6033 CVE-2018-6034 CVE-2018-6035 CVE-2018-6036 CVE-2018-6037 CVE-2018-6038 CVE-2018-6039 CVE-2018-6040 CVE-2018-6041 CVE-2018-6042 CVE-2018-6043 CVE-2018-6045 CVE-2018-6046 CVE-2018-6047 CVE-2018-6048 CVE-2018-6049 CVE-2018-6050 CVE-2018-6051 CVE-2018-6052 CVE-2018-6053 CVE-2018-6054 CVE-2018-6119 CVE-2018-6055}
[stretch] - chromium-browser 64.0.3282.119-1~deb9u1
[30 Jan 2018] DSA-4102-1 thunderbird - security update
- {CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117}
+ {CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117}
[jessie] - thunderbird 1:52.6.0-1~deb8u1
[stretch] - thunderbird 1:52.6.0-1~deb9u1
[30 Jan 2018] DSA-4094-2 smarty3 - regression update
diff --git a/data/DTSA/dtsa b/data/DTSA/dtsa
index 68fae53f3e..91d150e376 100755
--- a/data/DTSA/dtsa
+++ b/data/DTSA/dtsa
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
import sys, getopt, os, glob
diff --git a/data/config.json b/data/config.json
index 524f31de8d..e0dbaad3b5 100644
--- a/data/config.json
+++ b/data/config.json
@@ -58,8 +58,7 @@
"optional": [
"jessie-proposed-updates"
]
- },
- "release": "oldoldstable"
+ }
},
"stretch": {
"members": {
@@ -71,7 +70,8 @@
"stretch-proposed-updates"
]
},
- "release": "oldstable"
+ "architectures": [ "amd64", "arm64", "armel", "armhf", "i386" ],
+ "release": "oldoldstable"
},
"buster": {
"members": {
@@ -83,7 +83,8 @@
"buster-proposed-updates"
]
},
- "release": "stable"
+ "architectures": [ "amd64", "arm64", "armel", "armhf", "i386", "mips", "mips64el", "mipsel", "ppc64el", "s390x" ],
+ "release": "oldstable"
},
"bullseye": {
"members": {
@@ -95,7 +96,8 @@
"bullseye-proposed-updates"
]
},
- "release": "testing"
+ "architectures": [ "amd64", "arm64", "armel", "armhf", "i386", "mips64el", "mipsel", "ppc64el", "s390x" ],
+ "release": "stable"
},
"bookworm": {
"members": {
@@ -106,6 +108,19 @@
"optional": [
"bookworm-proposed-updates"
]
+ },
+ "architectures": [ "amd64", "arm64", "armel", "armhf", "i386", "mips64el", "mipsel", "ppc64el", "s390x" ],
+ "release": "testing"
+ },
+ "trixie": {
+ "members": {
+ "supported": [
+ "trixie",
+ "trixie-security"
+ ],
+ "optional": [
+ "trixie-proposed-updates"
+ ]
}
},
"sid": {
@@ -114,6 +129,7 @@
"sid"
]
},
+ "architectures": [ "amd64", "arm64", "armel", "armhf", "i386", "mips64el", "mipsel", "ppc64el", "s390x" ],
"release": "unstable"
}
},
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index f02d62db96..3718f8e769 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -9,123 +9,91 @@ To pick an issue, simply add your name behind it. To learn more about how
this list is updated have a look at
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
+To make it easier to see the entire history of an update, please append notes
+rather than remove/replace existing ones.
+
--
ansible
- NOTE: 20200506: CVE-2020-1736: The version in jessie does not use the
- NOTE: 20200506: `_DEFAULT_PERM` global variable but hardcodes 0666
- NOTE: 20200506: in the atomic_move code in basic.py, so is likely vulnerable.
- NOTE: 20200506: (lamby)
- NOTE: 20200508: bam: Problem exists with new files only. Existing files
- NOTE: 20200508: bam: code resets permissions to same value, should be fine.
- NOTE: 20200508: bam: Upstream fix was to use 660 - https://github.com/ansible/ansible/pull/68970
- NOTE: 20200508: bam: Upstream fix was reverted - https://github.com/ansible/ansible/pull/68983
- NOTE: 20200508: bam: See https://github.com/ansible/ansible/issues/67794
---
-apache2 (Utkarsh Gupta)
- NOTE: 20200501: The problem to solve is this: https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 (Ola)
- NOTE: 20200501: No CVE yet. (Ola)
- NOTE: 20200531: Asking upstream for CVE assignment. (utkarsh)
---
-bluez (Roberto C. Sánchez)
- NOTE: 20200521: Uploaded backport (version 5.43-2+deb8u1), which now must go through NEW (roberto)
---
-cacti (Abhijith PA)
- NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for jessie version (abhijith)
---
-condor
- NOTE: 20200502: Upstream has only released workarounds; complete fix is still embargoed (roberto)
- NOTE: 20200521: Still embargoed (eg. https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html). (lamby)
- NOTE: 20200525: Fix: https://github.com/htcondor/htcondor/compare/V8_8_7...V8_8_8 (utkarsh)
- NOTE: 20200531: Patches are linked from https://security-tracker.debian.org/tracker/CVE-2019-18823 (bunk)
---
-cups (Utkarsh Gupta)
- NOTE: 20200514: Two open <no-dsa> issues. Added on request from Anton Gladky. (sunweaver)
---
-drupal7
---
-freerdp (Mike Gabriel)
- NOTE: 20200510: Vulnerable to at least CVE-2020-11042. (lamby)
- NOTE: 20200531: Discussing if EOL'ing of freerdp (1.1) makes sense (sunweaver)
---
-graphicsmagick (Roberto C. Sánchez)
- NOTE: 20200514: no upstream patch available, yet, for CVE-2020-12672 (sunweaver)
- NOTE: 20200529: still no upstream patch available, yet, for CVE-2020-12672 (roberto)
---
-imagemagick (Markus Koschany)
---
-libdatetime-timezone-perl
- NOTE: 20200514: LTS update must wait on oldstable update first to prevent newer version in LTS (roberto)
---
-libmatio (Adrian Bunk)
- NOTE: fairly high number of open issues. Not sure why we never had a look at them.
- NOTE: triage work needed, help security team for fixes if needed.
- NOTE: 20190428: most patches can be applied after context adaption
- NOTE: 20190428: all CVEs are from one fuzzing attempt
- NOTE: 20190428: some CVE testcases pass on the unpatched version,
- NOTE: 20190428: but since the fixes can be made applied the code
- NOTE: 20190428: is likely vulnerable
- NOTE: 20190428: some CVE testcases still fail after applying the fix,
- NOTE: 20190428: older changes seem to also be required for them
- NOTE: 20200518: work is ongoing (bunk)
+ NOTE: 20210411: As discussed with the maintainer I will update Buster first and
+ NOTE: 20210411: after that LTS. (apo)
+ NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
--
-linux (Ben Hutchings)
+asterisk (Abhijith PA)
+--
+debian-archive-keyring (Anton)
+ NOTE: https://lists.debian.org/debian-lts/2021/08/msg00037.html
+ NOTE: 20210920: Raphael answered. will backport today. (utkarsh)
+ NOTE: 20211003: waiting for Jonathan to get back as his keys
+ NOTE: 20211003: seemed to have expired and the build is thus
+ NOTE: 20211003: failing. Or at least appears to be. :( (utkarsh)
+ NOTE: 20211018: Jonathan is prepping the branch; will work
+ NOTE: 20211018: with him and upload and publish the DLA. (utkarsh)
+--
+expat (Emilio)
+ NOTE: 20220221: please wait for DSA first. (Anton)
+--
+firmware-nonfree
+ NOTE: 20210731: WIP: https://salsa.debian.org/lts-team/packages/firmware-nonfree
+ NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag
+ NOTE: 20211207: Intend to release this week.
--
-linux-4.9 (Ben Hutchings)
+freecad (Emilio)
+ NOTE: 20220221: please wait for DSA first. (Anton)
--
-mumble
- NOTE: 20200325: Regression in last upload, forgot to follow up.
- NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith)
- NOTE: 20200420: Upstream patch is incomplete. Version in stretch is also vulnerable (abhijith)
- NOTE: 20200504: discussion going on with team@security.debian.org and mumble maintainer (abhijith)
+gif2apng (Anton)
+ NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate with Debian QA to write our own patches (Beuc)
+ NOTE: 20220114: CVEs unrelated to apng2gif's (Beuc)
+ NOTE: 20220221: WIP (Anton)
--
-netqmail (Utkarsh Gupta)
- NOTE: 20200531: Work ongoing. Probably should backport the version. (utkarsh)
+gpac (Roberto C. Sánchez)
+ NOTE: 20211101: coordinating with secteam for s-p-u since stretch/buster versions match (roberto)
+ NOTE: 20211120: received OK from secteam for buster update, working on stretch/buster in parallel (roberto)
+ NOTE: 20211228: Returning to active work on this now that llvm/rustc update is complete (roberto)
--
-nginx
- NOTE: 20200505: Patch for CVE-2020-11724 appears to be fairly invasive and, alas, no tests. (lamby)
+htmldoc (Thorsten Alteholz)
--
-nss (Adrian Bunk)
+intel-microcode
+ NOTE: 20220213: please recheck
+--
+libarchive (Thorsten Alteholz)
+ NOTE: 20220213: testing package
+--
+libgit2 (Utkarsh)
+ NOTE: 20220208: got clearance. will upload this week. (utkarsh)
+ NOTE: 20220221: had been severely ill the past week. shall get it done soon. (utkarsh)
+--
+linux (Ben Hutchings)
--
-opendmarc (Thorsten Alteholz)
- NOTE: 20200511: new CVEs arrived (thorsten)
- NOTE: 20200524: testing package
+linux-4.19 (Ben Hutchings)
--
-php5 (Thorsten Alteholz)
- NOTE: 20200427: embedded software "file" needs fix for CVE-2019-18218
- NOTE: 20200511: still trying to determine how this CVE affects php
- NOTE: 20200524: new CVE arrived (thorsten)
+mariadb-10.1
+ NOTE: 20220222: Can be risky. Please consider backporting mariadb-10.3. See discussion https://lists.debian.org/debian-lts/2022/02/msg00005.html and coordinate with maintainer (Anton)
--
-qemu (Adrian Bunk)
- NOTE: 20200531: waiting for CVE-2020-13362 fix to be applied upstream (bunk)
+nvidia-graphics-drivers
+ NOTE: 20220203: package is in non-free but also in packages-to-support (Beuc)
+ NOTE: 20220209: monitor nvidia-graphics-drivers-legacy-390xx for a potential
+ NOTE: 20220209: backport (apo)
--
-sqlite3 (Abhijith PA)
+pjproject (Abhijith PA)
+ NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu)
+ NOTE: 20220215: Asterisk and ring have embedded copy of pjproject (abhijith)
--
-squid3 (Markus Koschany)
- NOTE: 20200531: Ongoing work on squid3 in Stretch which will be used for Jessie
- NOTE: 20200531: and Stretch.
+ring (Abhijith PA)
--
-sympa (Utkarsh Gupta)
- NOTE: 20200525: Incomplete patch. Not the complete patch is made public. (utkarsh)
- NOTE: 20200525: But that is weird, given their announcement. (utkarsh)
- NOTE: 20200525: More discussion about this has been shared on the list. (utkarsh)
- NOTE: 20200525: Anyway, the patch that is made public so far has been uploaded to
- NOTE: 20200525: https://people.debian.org/~utkarsh/jessie-lts/sympa/ (utkarsh)
- NOTE: 20200531: non-public patch received but don't think it should applied (utkarsh)
+samba
+ NOTE: 20211128: WIP https://salsa.debian.org/lts-team/packages/samba/
+ NOTE: 20211212: Fix is too large, coordination with ELTS-upload (anton)
+ NOTE: 20220110: fix applied, but will need a second opinion. (utkarsh)
+ NOTE: 20220125: ftbfs, wip. (utkarsh)
--
-tzdata
- NOTE: 20200514: LTS update must wait on oldstable update first to prevent newer version in LTS (roberto)
+thunderbird (Emilio)
--
-unbound (Anton Gladky)
+tiff (Thorsten Alteholz)
--
-xcftools (Anton Gladky)
- NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for upstream review (hle)
- NOTE: 20200414: Flurry of activity on/around 20200401 essentially rejecting original patch
- NOTE: 20200414: from 20200111 as incomplete, but with suggestion on improvement. (lamby)
- NOTE: 20200517: work is ongoing. (gladk)
- NOTE: 20200523: Proposed fix https://github.com/j-jorge/xcftools/pull/15 (gladk)
+ujson (Anton)
+ NOTE: 20220121: please reheck, at least the mentioned function is available in Stretch
+ NOTE: 20220206: https://salsa.debian.org/lts-team/packages/ujson Investigating, whether affected or not (Anton)
+ NOTE: 20220221: WIP (Anton)
--
-xen
- NOTE: 20200414: debian-security-support has been updated with EOL status
- NOTE: 20200414: and will be uploaded concurrent with next stretch/buster point releases
- NOTE: 20200414: c.f., https://lists.debian.org/debian-lts/2020/04/msg00026.html (roberto)
+vim
--
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 0966921790..29d7c49154 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -12,35 +12,36 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source package.
--
-chromium
+asterisk/oldstable
--
-ffmpeg (jmm)
+condor
--
-jruby/oldstable
+expat (carnil)
+ Waiting for final fix upstream and first exposure in unstable
--
-libopenmpt
+faad2/oldstable (jmm)
--
-knot-resolver/stable
- Santiago Ruano Rincón proposed a debdiff for review
+freecad (aron)
--
linux (carnil)
- Wait until more issues have piled up
+ Wait until more issues have piled up, though try to regulary rebase for point
+ releases to more recent v4.19.y versions.
--
-mercurial/oldstable
+ndpi/oldstable
--
-nss/oldstable (jmm)
- Roberto proposed an update including fixes for CVE-2018-12404 and CVE-2018-18508
+nodejs (jmm)
--
-php7.0/oldstable
+python-pysaml2 (jmm)
--
-php7.3/stable
+rpki-client/stable
+ new 7.6 release required libretls, which isn't in Bullseye
--
-poppler (jmm)
+runc
--
-squid3/oldstable
+thunderbird (jmm)
--
-teeworlds/stable (jmm)
+trafficserver (jmm)
+ wait until status for CVE-2021-38161 is clarified (upstream patch got reverted)
--
-xcftools
- Hugo proposed to work on this update
+varnish (fw)
--
diff --git a/data/embedded-code-copies b/data/embedded-code-copies
index 28505d99fc..17822518b9 100644
--- a/data/embedded-code-copies
+++ b/data/embedded-code-copies
@@ -79,6 +79,8 @@ php-htmlpurifier
fuse
- mergerfs <unfixable> (embed)
NOTE: Used and maintained by mergerfs upstream
+ - ntfs-3g <unfixed> (embed)
+ NOTE: Since 1:2013.1.13AR.3-2 builds with internal fuse copy
peercast
- gnome-peercast <removed> (embed)
@@ -137,7 +139,7 @@ zlib (lots of apps embed a copy, but link dynamically, but there are a few excep
- zsync <unfixed>
- tra <unfixed>
- sash <unfixed>
- - nsis <unfixed>
+ - nsis <unfixed> (embed)
- pyfits 1:2.3.1-1
- mseide-msegui <unfixed>
NOTE: mseide
@@ -191,6 +193,7 @@ libbz2
NOTE: has code, by the maint, to use the system version but links against the internal copy
- clamav <unfixed> (embed)
NOTE: libclamav/nsis/bzlib*
+ - nsis <unfixed> (modified-embed)
- pristine-tar <unfixable> (modified-embed)
NOTE: compression code only, not uncompression
- r-base-core-ra 1.2.8 (static)
@@ -332,7 +335,6 @@ tiff
NOTE: there are two copies, one under tiff/ other under libtiff/
- gdal <unfixed>
- ia32-libs <removed> (embed)
- - tiff3 <unfixable> (old-version)
- ghostscript 8.71~dfsg-1 (embed)
- povray <unfixed> (embed)
- insighttoolkit4 <unfixed> (embed)
@@ -587,7 +589,7 @@ tinyxml
- xmoto <unfixed> (embed)
- mapnik <unknown> (embed)
NOTE: uses a different XML parser by default
- - rrootage 0.23a-6 <embed>
+ - rrootage 0.23a-6 (embed)
NOTE: links to libbulltetml
- boson <not-affected> (embed)
NOTE: the embedded code is unused
@@ -703,6 +705,7 @@ lzma
- r-base <unfixed> (embed)
NOTE: lzma support not yet in lenny or in r-base-core-ra 1.2.8
- mame <unknown> (embed)
+ - nsis <unfixed> (embed)
lzo2
- ia32-libs <removed> (embed)
@@ -1396,7 +1399,7 @@ expat
- tdom 0.8.3~20080525-1 (embed)
- udunits 2.1.8-4 (embed)
- apr-util 1.2 (embed)
- - ayttm <unfxed> (embed; bug #561006)
+ - ayttm <unfixed> (embed; bug #561006)
- cableswig <removed> (embed)
- cadaver <unfixed> (embed)
- cmake 2.6.0-6 (embed)
@@ -1510,6 +1513,10 @@ pyparsing
- matplotlib 1.3.0-1 (embed; bug #531024; bug #555369)
- zhpy 1.7.3.1-1 (embed; bug #555370)
- polybori <unknown> (embed)
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
- python-whoosh <unknown> (embed)
- twill <unknown> (embed)
- zope-textindexng3 <unknown> (embed)
@@ -1645,11 +1652,19 @@ python2.7
NOTE: core functionality based on Python difflib code with changed output format
- zodbpickle <unfixable> (fork)
NOTE: embeds outdated stdlib modules: pickle, cpickle
+ - pypy <unfixable> (fork)
+ NOTE: embeds stdlib
python3.6
- zodbpickle <unfixable> (fork)
NOTE: embeds outdated stdlib modules: pickle, cpickle
+python3.7
+ - pypy3 <unfixable> (fork)
+ NOTE: embeds stdlib
+ - python2-pip <unfixable> (embed)
+ NOTE: embeds contextlib - https://lists.debian.org/debian-python/2021/09/msg00031.html
+
argparse
- twill <unfixed> (embed; bug #555347)
- ipython <unfixed> (embed; bug #555348)
@@ -1752,6 +1767,8 @@ unicode-data
- boost1.62 <unfixed> (embed; bug #852764)
- boost1.63 <unfixed> (embed; bug #852763)
- boost1.67 <unfixed> (embed; bug #920319)
+ - boost1.71 <unfixed> (embed; bug #963587)
+ - boost1.74 <unfixed> (embed; bug #1005201)
- glibc <unfixed> (modified-embed)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21533
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=14095
@@ -1837,14 +1854,19 @@ yui
- otrs2 2.4.7+dfsg1-1 (embed; bug #592146)
quake3 (vanilla source not packaged in debian)
- - openarena <unfixable> (fork)
+ - ioquake3 <unfixable> (fork)
+ - iortcw <unfixable> (fork)
+ - openarena <unfixable> (partial fork)
+ - openjk <unfixable> (fork)
quake2 (vanilla source not packaged in debian)
- alien-arena <unfixable> (fork)
- warsow <unfixable> (fork)
+ - yquake2 <unfixable> (fork)
quake (vanilla source not packaged in debian)
- darkplaces <unfixable> (fork)
+ - ezquake <unfixable> (fork)
- quakespasm <unfixable> (fork)
- nexuiz 2.5.2+dp-1 (old-version)
NOTE: before 2.5.2+dp this was an outdated version of darkplaces
@@ -2144,7 +2166,7 @@ iepngfix (not packaged in Debian; http://www.twinhelix.com/css/iepngfix/)
- s5 <unfixed> (embed)
- zope2.10 <unfixed> (embed)
- zope2.11 <removed> (embed)
- - cython <not-affcted> (embed)
+ - cython <not-affected> (embed)
NOTE: part of documentation, which is not installed into the binary package
python-docutils
@@ -2233,9 +2255,10 @@ ca-certificates
- nss <not-affected> (certificates are in source, but not included in any of the binary packages)
- websocket-client <unfixed> (embed; bug #810123)
NOTE: Mozilla CA bundle only: /usr/lib/python3/dist-packages/websocket/cacert.pem
+ - rust-webpki-roots <removed> (embed; bug #972802)
openexr
- - freeimage <unfixed> (embed)
+ - freeimage 3.17.0+ds1-1 (embed)
libmng
- freeimage <unfixed> (embed)
@@ -2865,7 +2888,7 @@ dcraw
libraw
- libkdcraw 4:4.12.3-1
- - darktable <unfixed> (modified-embed; bug #682980)
+ - darktable <unfixed> (modified-embed; bug #1002876)
- shotwell <unfixed>
NOTE: possibly fixed in wheezy and greater
@@ -2901,9 +2924,6 @@ automysqlbackup
- autopostgresqlbackup <unfixed>
NOTE: fork
-python-pip
- - python-virtualenv <unfixed>
-
scrypt
- python-scrypt <unfixed> (embed; wontfix; package in NEW)
NOTE: upstream scrypt does not provide a shared library/API
@@ -2973,10 +2993,6 @@ libjs-jquery-bbq (not packaged in Debian; RFP bug #741586; http://benalman.com/p
- ganglia-web <unfixed> (embed)
- jqapi <unfixed> (embed)
-lame
- - mp3gain <removed> (modified-embed)
- NOTE: ancient copy, part of mpglib which was probably part of mpg123 at some point
-
zopfli
- pigz <unfixed> (embed)
- advancecomp <unfixed> (embed)
@@ -3152,7 +3168,7 @@ libsquish
- mame <unfixed> (modified-embed; bug #838052)
- nvidia-texture-tools <unfixed> (modified-embed; bug #838056)
- openimageio <unfixed> (modified-embed; bug #838053)
- - spring <unfixed> (embed; bug #838054)
+ - spring 105.0.1+dfsg-1 (embed; bug #838054)
- xbmc <unfixed> (modified-embed)
node-ms
@@ -3469,17 +3485,17 @@ ttmath (not packaged, https://www.ttmath.org/)
- freebayes <unfixed> (embed)
- geos <unfixed> (modified-embed)
-ezxml (not packaged)
- - mapcache <unfixed> (embed)
- - scilab <unfixed> (embed)
- - navit <unfixed> (embed)
- - netcdf <unfixed> (embed)
- - netcdf-parallel <unfixed> (embed)
+ezxml (not packaged in Debian; no ITP)
+ - netcdf <unfixed> (embed; bug #989360)
+ - netcdf-parallel <unfixed> (embed; bug #989361)
+ - navit <not-affected> (embed; bug #989362)
+ - mapcache <unfixed> (embed; bug #989363)
+ - scilab <unfixed> (embed; bug #989364)
libstb
- - goxel <unfixed> (embed; bug #949552)
- - renderdoc <unfixed> (embed; bug #949633)
- - love <unfixed> (embed; bug #949634)
+ - goxel 0.10.6-2 (embed; bug #949552)
+ - renderdoc 1.7+dfsg-1 (embed; bug #949633)
+ - love 11.3-1 (embed; bug #949634)
- libsixel <unfixed> (embed; bug #949707)
- retroarch <unfixed> (embed; bug #949708)
- libsfml <unfixed> (embed; bug #949709)
@@ -3536,3 +3552,189 @@ libdvdread
libdvdnav
- kodi <unfixed> (modified-embed)
+
+libsass
+ - node-node-sass <unfixed> (embed; bug #963764)
+
+photoswipe (itp: #891978)
+ - darktable <unfixed> (embed; bug #969159)
+
+libbpf
+ - bpfcc 0.17.0+ds-1 (embed)
+ - dwarves-dfsg 1.18-1 (embed; bug #979105)
+ - v4l-utils <unfixed> (embed; bug #979610)
+
+python-py
+ - pypy <unfixed> (embed)
+ - pypy3 <unfixed> (embed)
+
+pytest
+ - pypy <unfixed> (modified-embed)
+ - pypy3 <unfixed> (modified-embed)
+
+python-cffi
+ - pypy <unfixed> (embed)
+ - pypy3 <unfixed> (embed)
+
+python-cryptography:
+ - pypy <unfixed> (embed)
+ - pypy3 <unfixed> (embed)
+
+chezscheme
+ - racket <unfixable> (fork)
+
+ccextractor
+ - gpac 0.93+ds2-1 (modified-embed; bug #994754)
+
+xorg-server
+ - xwayland <unfixable> (fork)
+
+python-cachecontrol
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-certifi
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+chardet
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-colorama
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+distlib
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-distro
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+html5lib
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-idna
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-msgpack
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-packaging
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+pep517
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+setuptools
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+platformdirs
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-progress
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+requests
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-resolvelib
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+six
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-tenacity
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-tomli
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-urllib3
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-webencodings
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+appdirs
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-ipaddress
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-retrying
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+python-toml
+ - python2-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+pygments
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+rich
+ - python-pip <unfixable> (embed)
+ NOTE: https://lists.debian.org/debian-python/2021/09/msg00031.html
+
+asterisk
+ - pjproject <unfixed> (embed)
+
+ring
+ - pjproject <unfixed> (embed)
diff --git a/data/next-oldstable-point-update.txt b/data/next-oldstable-point-update.txt
index 22f3ae450c..544f62dcf4 100644
--- a/data/next-oldstable-point-update.txt
+++ b/data/next-oldstable-point-update.txt
@@ -1,108 +1,240 @@
-CVE-2015-9261 [busybox: pointer misuse unziping files]
- [stretch] - busybox 1:1.22.0-19+deb9u1
-CVE-2016-2148
- [stretch] - busybox 1:1.22.0-19+deb9u1
-CVE-2016-2147
- [stretch] - busybox 1:1.22.0-19+deb9u1
-CVE-2011-5325
- [stretch] - busybox 1:1.22.0-19+deb9u1
-CVE-2017-15873
- [stretch] - busybox 1:1.22.0-19+deb9u1
-CVE-2017-16544
- [stretch] - busybox 1:1.22.0-19+deb9u1
-CVE-2017-17840
- [stretch] - open-iscsi 2.0.874-3~deb9u2
-CVE-2018-16336
- [stretch] - exiv2 0.25-3.1+deb9u2
-CVE-2019-8907
- [stretch] - file 1:5.30-1+deb9u3
-CVE-2019-8905
- [stretch] - file 1:5.30-1+deb9u3
-CVE-2018-3774
- [stretch] - node-url-parse 1.0.5-2+deb9u1
-CVE-2019-14267
- [stretch] - pdfresurrect 0.12-6+deb9u1
-CVE-2019-11187
- [stretch] - gosa 2.7.4+reloaded2-13+deb9u2
-CVE-2019-14466
- [stretch] - gosa 2.7.4+reloaded2-13+deb9u3
-CVE-2018-7260
- [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
-CVE-2018-19968
- [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
-CVE-2018-19970
- [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
-CVE-2019-6799
- [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
-CVE-2019-6798
- [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
-CVE-2019-11768
- [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
-CVE-2019-12616
- [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
-CVE-2020-5504
- [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
-CVE-2020-10802
- [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
-CVE-2020-10803
- [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
-CVE-2020-10804
- [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
-CVE-2019-20372
- [stretch] - nginx 1.10.3-1+deb9u4
-CVE-2016-10894
- [stretch] - xtrlock 2.8+deb9u1
-CVE-2019-16275
- [stretch] - wpa 2:2.4-1+deb9u5
-CVE-2020-3123
- [stretch] - clamav 0.102.2+dfsg-0~deb9u1
-CVE-2020-8130
- [stretch] - rake 10.5.0-2+deb9u1
-CVE-2017-5715
- [stretch] - amd64-microcode 3.20181128.1~deb9u1
-CVE-2020-5267
- [stretch] - rails 2:4.2.7.1-1+deb9u2
-CVE-2019-9658
- [stretch] - checkstyle 6.15-1+deb9u1
-CVE-2019-15522
- [stretch] - csync2 2.0-8-g175a01c-4+deb9u1
-CVE-2017-11747
- [stretch] - tinyproxy 1.8.4-3~deb9u2
-CVE-2019-15690
- [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4
-CVE-2019-20788
- [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4
-CVE-2020-8518
- [stretch] - php-horde-data 2.1.4-3+deb9u1
-CVE-2020-8866
- [stretch] - php-horde-form 2.0.15-1+deb9u2
-CVE-2020-8865
- [stretch] - php-horde-trean 1.1.7-1+deb9u1
-CVE-2020-3898
- [stretch] - cups 2.2.1-8+deb9u6
-CVE-2019-8842
- [stretch] - cups 2.2.1-8+deb9u6
-CVE-2020-XXXX
- [stretch] - fex 20160919-2~deb9u1
-CVE-2016-6328
- [stretch] - libexif 0.6.21-2+deb9u2
-CVE-2017-7544
- [stretch] - libexif 0.6.21-2+deb9u2
-CVE-2018-20030
- [stretch] - libexif 0.6.21-2+deb9u2
-CVE-2020-12767
- [stretch] - libexif 0.6.21-2+deb9u2
-CVE-2020-0093
- [stretch] - libexif 0.6.21-2+deb9u2
-CVE-2020-8034
- [stretch] - php-horde-gollem 3.0.10-1+deb9u1
-CVE-2018-20020
- [stretch] - ssvnc 1.0.29-3+deb9u1
-CVE-2018-20021
- [stretch] - ssvnc 1.0.29-3+deb9u1
-CVE-2018-20022
- [stretch] - ssvnc 1.0.29-3+deb9u1
-CVE-2018-20024
- [stretch] - ssvnc 1.0.29-3+deb9u1
-CVE-2020-8035
- [stretch] - php-horde 5.2.13+debian0-1+deb9u2
+CVE-2019-20807
+ [buster] - vim 2:8.1.0875-5+deb10u1
+CVE-2021-3770
+ [buster] - vim 2:8.1.0875-5+deb10u1
+CVE-2021-3778
+ [buster] - vim 2:8.1.0875-5+deb10u1
+CVE-2021-3796
+ [buster] - vim 2:8.1.0875-5+deb10u1
+CVE-2019-20446
+ [buster] - librsvg 2.44.10-2.1+deb10u1
+CVE-2019-17134
+ [buster] - octavia 3.0.0-3+deb10u1
+CVE-2019-14433
+ [buster] - nova 2:18.1.0-6+deb10u1
+CVE-2019-14857
+ [buster] - libapache2-mod-auth-openidc 2.3.10.2-1+deb10u1
+CVE-2020-8492
+ [buster] - python2.7 2.7.16-2+deb10u2
+CVE-2019-20907
+ [buster] - python2.7 2.7.16-2+deb10u2
+CVE-2021-3177
+ [buster] - python2.7 2.7.16-2+deb10u2
+CVE-2020-24583
+ [buster] - python-django 1:1.11.29-1~deb10u2
+CVE-2020-24584
+ [buster] - python-django 1:1.11.29-1~deb10u2
+CVE-2021-3281
+ [buster] - python-django 1:1.11.29-1~deb10u2
+CVE-2021-23336
+ [buster] - python-django 1:1.11.29-1~deb10u2
+CVE-2020-4051
+ [buster] - dojo 1.14.2+dfsg1-1+deb10u3
+CVE-2020-36277
+ [buster] - leptonlib 1.76.0-1+deb10u1
+CVE-2020-36278
+ [buster] - leptonlib 1.76.0-1+deb10u1
+CVE-2020-36279
+ [buster] - leptonlib 1.76.0-1+deb10u1
+CVE-2020-36280
+ [buster] - leptonlib 1.76.0-1+deb10u1
+CVE-2020-36281
+ [buster] - leptonlib 1.76.0-1+deb10u1
+CVE-2021-32062
+ [buster] - mapserver 7.2.2-1+deb10u1
+CVE-2020-35572
+ [buster] - adminer 4.7.1-1+deb10u1
+CVE-2021-21311
+ [buster] - adminer 4.7.1-1+deb10u1
+CVE-2021-29625
+ [buster] - adminer 4.7.1-1+deb10u1
+CVE-2021-35525
+ [buster] - postsrsd 1.5-2+deb10u2
+CVE-2020-35653
+ [buster] - pillow 5.4.1-2+deb10u3
+CVE-2020-35655
+ [buster] - pillow 5.4.1-2+deb10u3
+CVE-2021-27921
+ [buster] - pillow 5.4.1-2+deb10u3
+CVE-2021-27922
+ [buster] - pillow 5.4.1-2+deb10u3
+CVE-2021-27923
+ [buster] - pillow 5.4.1-2+deb10u3
+CVE-2021-25290
+ [buster] - pillow 5.4.1-2+deb10u3
+CVE-2021-25292
+ [buster] - pillow 5.4.1-2+deb10u3
+CVE-2021-28677
+ [buster] - pillow 5.4.1-2+deb10u3
+CVE-2021-28678
+ [buster] - pillow 5.4.1-2+deb10u3
+CVE-2021-34552
+ [buster] - pillow 5.4.1-2+deb10u3
+CVE-2021-3801
+ [buster] - node-prismjs 1.11.0+dfsg-3+deb10u1
+CVE-2020-28600
+ [buster] - openscad 2019.01~RC2-2+deb10u1
+CVE-2020-28599
+ [buster] - openscad 2019.01~RC2-2+deb10u1
+CVE-2020-28282
+ [buster] - node-getobject 0.1.0-2+deb10u1
+CVE-2021-38714
+ [buster] - plib 1.8.5-8+deb10u1
+CVE-2020-12268
+ [buster] - jbig2dec 0.16-1+deb10u1
+CVE-2019-1010317
+ [buster] - wavpack 5.1.0-6+deb10u1
+CVE-2019-1010319
+ [buster] - wavpack 5.1.0-6+deb10u1
+CVE-2021-35604
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46662
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46667
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46659
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2022-24048
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2022-24050
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2022-24051
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2022-24052
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46661
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46663
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46664
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46665
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-46668
+ [buster] - mariadb-10.3 1:10.3.34-0+deb10u1
+CVE-2021-43331
+ [buster] - mailman 1:2.1.29-1+deb10u3
+CVE-2021-43332
+ [buster] - mailman 1:2.1.29-1+deb10u3
+CVE-2021-44227
+ [buster] - mailman 1:2.1.29-1+deb10u4
+CVE-2019-14462
+ [buster] - libmodbus 3.1.4-2+deb10u1
+CVE-2019-14463
+ [buster] - libmodbus 3.1.4-2+deb10u1
+CVE-2021-43618
+ [buster] - gmp 2:6.1.2+dfsg-4+deb10u1
+CVE-2021-37146
+ [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u3
+CVE-2021-40391
+ [buster] - gerbv 2.7.0-1+deb10u1
+CVE-2021-44540
+ [buster] - privoxy 3.0.28-2+deb10u2
+CVE-2021-44543
+ [buster] - privoxy 3.0.28-2+deb10u2
+CVE-2020-12672
+ [buster] - graphicsmagick 1.4+really1.3.35-1~deb10u2
+CVE-2020-16117
+ [buster] - evolution-data-server 3.30.5-1+deb10u2
+CVE-2020-15953
+ [buster] - libetpan 1.9.3-2+deb10u1
+CVE-2019-10172
+ [buster] - libjackson-json-java 1.9.13-2~deb10u1
+CVE-2017-15095
+ [buster] - libjackson-json-java 1.9.13-2~deb10u1
+CVE-2017-7525
+ [buster] - libjackson-json-java 1.9.13-2~deb10u1
+CVE-2021-22207
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-22235
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-39921
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-39922
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-39923
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-39924
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-39928
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2021-39929
+ [buster] - wireshark 2.6.20-0+deb10u3
+CVE-2020-25693
+ [buster] - cimg 2.4.5+dfsg-1+deb10u1
+CVE-2020-0499
+ [buster] - flac 1.3.2-3+deb10u1
+CVE-2022-20698
+ [buster] - clamav 0.103.5+dfsg-0+deb10u1
+CVE-2020-25713
+ [buster] - raptor2 2.0.14-1.1~deb10u2
+CVE-2019-7572
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7573
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7574
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7575
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7576
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7577
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7578
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7635
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7636
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7637
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-7638
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2019-13616
+ [buster] - libsdl1.2 1.2.15+dfsg2-4+deb10u1
+CVE-2020-18442
+ [buster] - zziplib 0.13.62-3.2+deb10u1
+CVE-2020-8955
+ [buster] - weechat 2.3-1+deb10u1
+CVE-2020-9759
+ [buster] - weechat 2.3-1+deb10u1
+CVE-2020-9760
+ [buster] - weechat 2.3-1+deb10u1
+CVE-2021-40516
+ [buster] - weechat 2.3-1+deb10u1
+CVE-2019-15945
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2019-15946
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2019-19479
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2019-20792
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2020-26570
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2020-26571
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2020-26572
+ [buster] - opensc 0.19.0-1+deb10u1
+CVE-2019-17041
+ [buster] - rsyslog 8.1901.0-1+deb10u1
+CVE-2019-17042
+ [buster] - rsyslog 8.1901.0-1+deb10u1
+CVE-2019-15165
+ [buster] - libpcap 1.8.1-6+deb10u1
+CVE-2019-15531
+ [buster] - libextractor 1:1.8-2+deb10u1
+CVE-2021-46671
+ [buster] - atftp 0.7.git20120829-3.2~deb10u3
+CVE-2022-24130
+ [buster] - xterm 344-1+deb10u2
+CVE-2021-4104
+ [buster] - apache-log4j1.2 1.2.17-8+deb10u2
+CVE-2022-23302
+ [buster] - apache-log4j1.2 1.2.17-8+deb10u2
+CVE-2022-23305
+ [buster] - apache-log4j1.2 1.2.17-8+deb10u2
+CVE-2022-23307
+ [buster] - apache-log4j1.2 1.2.17-8+deb10u2
+CVE-2021-44832
+ [buster] - apache-log4j2 2.17.1-1~deb10u1
diff --git a/data/next-point-update.txt b/data/next-point-update.txt
index 76c0f6fdbf..66b78763c0 100644
--- a/data/next-point-update.txt
+++ b/data/next-point-update.txt
@@ -1,56 +1,120 @@
-CVE-2019-19919
- [buster] - node-handlebars 3:4.1.0-1+deb10u1
-CVE-2019-18277
- [buster] - haproxy 1.8.19-1+deb10u3
-CVE-2019-14267
- [buster] - pdfresurrect 0.15-2+deb10u1
-CVE-2019-1020014
- [buster] - golang-github-docker-docker-credential-helpers 0.6.1-2+deb10u1
-CVE-2019-17134
- [buster] - octavia 3.0.0-3+deb10u1
-CVE-2019-14433
- [buster] - nova 2:18.1.0-6+deb10u1
-CVE-2019-14857
- [buster] - libapache2-mod-auth-openidc 2.3.10.2-1+deb10u1
-CVE-2019-20372
- [buster] - nginx 1.14.2-2+deb10u2
-CVE-2020-5258
- [buster] - dojo 1.15.0+dfsg1-1+deb10u2
-CVE-2020-5259
- [buster] - dojo 1.15.0+dfsg1-1+deb10u2
-CVE-2020-7598
- [buster] - node-minimist 1.2.0-1+deb10u1
-CVE-2019-13453
- [buster] - zipios++ 0.1.5.9+cvs.2007.04.28-10+deb10u1
-CVE-2019-19333
- [buster] - libyang 0.16.105-1+deb10u1
-CVE-2019-19334
- [buster] - libyang 0.16.105-1+deb10u1
-CVE-2020-12767
- [buster] - libexif 0.6.21-5.1+deb10u2
-CVE-2020-0093
- [buster] - libexif 0.6.21-5.1+deb10u2
-CVE-2020-8034
- [buster] - php-horde-gollem 3.0.12-3+deb10u1
-CVE-2018-20020
- [buster] - ssvnc 1.0.29-4+deb10u1
-CVE-2018-20021
- [buster] - ssvnc 1.0.29-4+deb10u1
-CVE-2018-20022
- [buster] - ssvnc 1.0.29-4+deb10u1
-CVE-2018-20024
- [buster] - ssvnc 1.0.29-4+deb10u1
-CVE-2020-8035
- [buster] - php-horde 5.2.20+debian0-1+deb10u2
-CVE-2020-11525
- [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
-CVE-2020-11526
- [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
-CVE-2020-11523
- [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
-CVE-2020-11524
- [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
-CVE-2020-11522
- [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
-CVE-2020-11521
- [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2
+CVE-2021-42343
+ [bullseye] - dask.distributed 2021.01.0+ds.1-2.1+deb11u1
+CVE-2021-3654
+ [bullseye] - nova 2:22.2.2-1+deb11u1
+CVE-2021-40083
+ [bullseye] - knot-resolver 5.3.1-1+deb11u1
+CVE-2021-41270
+ [bullseye] - symfony 4.4.19+dfsg-2+deb11u1
+CVE-2021-35604
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46667
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46662
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46659
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2022-24048
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2022-24050
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2022-24051
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2022-24052
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46661
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46663
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46664
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46665
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-46668
+ [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1
+CVE-2021-44917
+ [bullseye] - gnuplot 5.4.1+dfsg1-1+deb11u1
+CVE-2021-45379
+ [bullseye] - glewlwyd 2.5.2-2+deb11u2
+CVE-2021-23177
+ [bullseye] - libarchive 3.4.3-2+deb11u1
+CVE-2021-31566
+ [bullseye] - libarchive 3.4.3-2+deb11u1
+CVE-2021-43808
+ [bullseye] - php-laravel-framework 6.20.14+dfsg-2+deb11u1
+CVE-2021-43617
+ [bullseye] - php-laravel-framework 6.20.14+dfsg-2+deb11u1
+CVE-2021-32718
+ [bullseye] - rabbitmq-server 3.8.9-3+deb11u1
+CVE-2021-32719
+ [bullseye] - rabbitmq-server 3.8.9-3+deb11u1
+CVE-2021-22116
+ [bullseye] - rabbitmq-server 3.8.9-3+deb11u1
+CVE-2018-1279
+ [bullseye] - rabbitmq-server 3.8.9-3+deb11u1
+CVE-2021-36980
+ [bullseye] - openvswitch 2.15.0+ds1-2+deb11u1
+CVE-2022-0155
+ [bullseye] - node-follow-redirects 1.13.1-1+deb11u1
+CVE-2022-0536
+ [bullseye] - node-follow-redirects 1.13.1-1+deb11u1
+CVE-2021-45115
+ [bullseye] - python-django 2:2.2.26-1~deb11u1
+CVE-2021-45116
+ [bullseye] - python-django 2:2.2.26-1~deb11u1
+CVE-2021-45452
+ [bullseye] - python-django 2:2.2.26-1~deb11u1
+CVE-2022-21670
+ [bullseye] - node-markdown-it 10.0.0+dfsg-2+deb11u1
+CVE-2022-20698
+ [bullseye] - clamav 0.103.5+dfsg-0+deb11u1
+CVE-2021-3997
+ [bullseye] - systemd 247.3-7
+CVE-2020-18442
+ [bullseye] - zziplib 0.13.62-3.3+deb11u1
+CVE-2022-0235
+ [bullseye] - node-fetch 2.6.1-5+deb11u1
+CVE-2021-40516
+ [bullseye] - weechat 3.0-1+deb11u1
+CVE-2021-23518
+ [bullseye] - node-cached-path-relative 1.0.2-1+deb11u1
+CVE-2021-44273
+ [bullseye] - e2guardian 5.3.4-1+deb11u1
+CVE-2021-46671
+ [bullseye] - atftp 0.7.git20120829-3.3+deb11u2
+CVE-2022-24130
+ [bullseye] - xterm 366-1+deb11u1
+CVE-2022-21814
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.172.01-1~deb11u1
+ [bullseye] - nvidia-graphics-drivers 470.103.01-1~deb11u1
+CVE-2022-21813
+ [bullseye] - nvidia-graphics-drivers-tesla-450 450.172.01-1~deb11u1
+ [bullseye] - nvidia-graphics-drivers 470.103.01-1~deb11u1
+CVE-2021-3803
+ [bullseye] - node-nth-check 2.0.0-1+deb11u1
+CVE-2021-33623
+ [bullseye] - node-trim-newlines 3.0.0-1+deb11u1
+CVE-2022-23806
+ [bullseye] - golang-1.15 1.15.15-1~deb11u3
+CVE-2022-23772
+ [bullseye] - golang-1.15 1.15.15-1~deb11u3
+CVE-2022-23773
+ [bullseye] - golang-1.15 1.15.15-1~deb11u3
+CVE-2021-4104
+ [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1
+CVE-2022-23302
+ [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1
+CVE-2022-23305
+ [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1
+CVE-2022-23307
+ [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1
+CVE-2021-44832
+ [bullseye] - apache-log4j2 2.17.1-1~deb11u1
+CVE-2021-43396
+ [bullseye] - glibc 2.31-13+deb11u3
+CVE-2022-23218
+ [bullseye] - glibc 2.31-13+deb11u3
+CVE-2022-23219
+ [bullseye] - glibc 2.31-13+deb11u3
+CVE-2021-33574
+ [bullseye] - glibc 2.31-13+deb11u3
diff --git a/data/packages/removed-packages b/data/packages/removed-packages
index faca8c4bd9..210993b454 100644
--- a/data/packages/removed-packages
+++ b/data/packages/removed-packages
@@ -249,7 +249,6 @@ rageircd
postgresql-9.0
mysql-5.1
libpam-rsa
-passenger
juju
peercast
ipmasq
@@ -587,7 +586,6 @@ php-smb
webgui
llvm-toolchain-3.6
php-suhosin
-shaarli
postgresql-9.5
openslp-dfsg
jspwiki
@@ -707,3 +705,118 @@ ruby-simple-form
ruby-openssl
koji
golang-1.13
+denyhosts
+vte3
+exaile
+fusionforge
+aegis
+cyrus-imapd-2.4
+uqwk
+iscsitarget
+mountall
+fglrx-driver
+jailer
+vala-0.26
+zendframework
+emesene
+imms
+w3af
+htcheck
+kon2
+openoffice.org-dictionaries
+linux-4.9
+linux-latest-4.9
+php-openid
+attic
+cvstrac
+libguac
+jenkins-winstone
+aptdaemon
+jakarta-taglibs-standard
+enemies-of-carlotta
+scratchbox2
+libxp
+libzrtpcpp
+vxl
+insighttoolkit
+pdnsd
+libpam-usb
+raptor
+dirmngr
+albatross
+pennmush
+icinga-web
+auth2db
+linux-patch-grsecurity2
+wv2
+gnome-schedule
+icedove
+arora
+php-auth
+amsn
+falconpl
+aws-sdk-for-php
+ilohamail
+jffnms
+libdigest-perl
+zeromq
+heirloom-mailx
+vftool
+letodms
+upstart
+gccxml
+redhat-cluster
+tomcat6
+jenkins-executable-war
+realtimebattle
+softhsm
+zope2.13
+mr
+tidy
+freevo
+conntrack
+licq
+linux-tools
+aptoncd
+gstreamer0.10
+llvm-toolchain-3.5
+xview
+smsclient
+kaya
+dwb
+kde-workspace
+gfax
+xhprof
+netmrg
+balazar3
+readline6
+ack-grep
+qutecom
+pgfouine
+dnsval
+ayttm
+php-dropbox
+udisks
+libuv
+yui3
+ksh93
+weboob
+libperlspeak-perl
+golang-github-unknwon-cae
+am-utils
+flashplugin-nonfree
+golang-1.14
+postgresql-12
+python3.8
+llvm-toolchain-10
+openjdk-13
+openjdk-14
+mysql-5.7
+rkt
+ruby-rexml
+openjdk-15
+nvidia-graphics-drivers-tesla-440
+opentmpfiles
+php8.0
+rust-rand-core-0.3
+ansible-base
diff --git a/doc/DLA.template b/doc/DLA.template
index c0110ea398..ce4ddd0740 100644
--- a/doc/DLA.template
+++ b/doc/DLA.template
@@ -2,19 +2,28 @@ From: $DEBFULLNAME <$DEBEMAIL>
To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA $DLAID] $PACKAGE security update
+-------------------------------------------------------------------------
+Debian LTS Advisory DLA-$DLAID debian-lts@lists.debian.org
+https://www.debian.org/lts/security/ $SPACEDDEBFULLNAME
+$SPACEDDATE https://wiki.debian.org/LTS
+-------------------------------------------------------------------------
+
Package : $PACKAGE
-Version : $jessie_VERSION
+Version : $stretch_VERSION
CVE ID : $CVE
Debian Bug : $BUGNUM
-
$TEXT
-For Debian 8 "Jessie", this problem has been fixed in version
-$jessie_VERSION.
+For Debian 9 stretch, this problem has been fixed in version
+$stretch_VERSION.
We recommend that you upgrade your $PACKAGE packages.
+For the detailed security status of $PACKAGE please refer to
+its security tracker page at:
+https://security-tracker.debian.org/tracker/$PACKAGE
+
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
diff --git a/doc/README.releases b/doc/README.releases
index 995fdd8a20..3305f3d7bc 100644
--- a/doc/README.releases
+++ b/doc/README.releases
@@ -1,24 +1,16 @@
Checklist to perform when a new stable release is announced
===========================================================
+See https://bugs.debian.org/783491
+
General
-------
[ ] Update doc/DSA.template
-[ ] Update bin/gen-DSA
[ ] bin/add-dsa-needed.sh
-[ ] bin/tracker_data.py
+[ ] data/config.json
[ ] Update security-team.debian.org pages
[ ] Update support information in static/distributions.json
-Security Tracker code
----------------------
-See https://bugs.debian.org/783491
-[ ] bin/tracker_service.py
-[ ] lib/python/debian_support.py
-[ ] lib/python/dist_config.py
-[ ] lib/python/security_db.py
-[ ] Makefile
-
Security Tracker host
---------------------
[ ] Check /srv/security-tracker.debian.org/website/bin
diff --git a/doc/security-team.d.o/Makefile b/doc/security-team.d.o/Makefile
index fab4bc85b5..6d618a9850 100644
--- a/doc/security-team.d.o/Makefile
+++ b/doc/security-team.d.o/Makefile
@@ -1,6 +1,6 @@
# to be executed on dillon.debian.org
MD=/usr/bin/markdown_py
-SOURCES=security_tracker glossary index contact dsa_release organization tasks tips
+SOURCES=security_tracker glossary index contact dsa_release organization tasks tips triage
HTMLS=$(patsubst %,$(DEST)/%.html,$(SOURCES))
EXTENSIONS=tables def_list toc
diff --git a/doc/security-team.d.o/glossary b/doc/security-team.d.o/glossary
index deb8cd39fa..80ea387ddf 100644
--- a/doc/security-team.d.o/glossary
+++ b/doc/security-team.d.o/glossary
@@ -1,15 +1,25 @@
# Glossary
-TODO: DSA, DLA, SPU, embargo, etc...
-
<a id="CVE">CVE id</a>
: *Common Vulnerabilities and Exposures* id.
In order to refer to a vulnerability, an id provided by [MITRE](#mitre) is used.
This id is unique for each public vulnerability.
[Website](https://cve.mitre.org/)
+<a id="dla">DLA</a>
+: A Security Advisory from the Debian Long Term Support team that affects older versions of Debian. [Example DLA](https://lists.debian.org/debian-lts-announce/2021/10/msg00033.html)
+
+<a id="dsa">DSA</a>
+: An official Debian Security Advisory is called a DSA for short. [Example DSA](https://www.debian.org/security/2021/dsa-5014)
+
+<a id="dtsa">DTSA</a>
+: An official Debian Security Advisory for the testing suite (historic, no longer in use)
+
<a id="mitre">MITRE</a>
: The MITRE Corporation, a US based not-for-profit company, best known for maintaining the [CVE](#CVE) id system. [Website](https://www.mitre.org/)
+<a id="nfu">NFU</a>
+: Not For Us. This designation is placed on a CVE that does not directly affect Debian. [More info on NFU](https://security-team.debian.org/security_tracker.html#issues-not-for-us-nfu)
+
<a id="oss-sec">oss-security</a>
: *Open Source Software Security*. Community for open source software security research, best known for its equally named mailing list. [Website](http://oss-security.openwall.org/)
diff --git a/doc/security-team.d.o/index b/doc/security-team.d.o/index
index 536b638955..b956e1677d 100644
--- a/doc/security-team.d.o/index
+++ b/doc/security-team.d.o/index
@@ -1,8 +1,10 @@
<table style="margin: 0 auto 0 auto;width: 100%;text-align:center;">
<tbody>
- <tr><th>Stretch 9</th><th>Buster</th><th>Sid</th></tr>
- <tr><th>stretch-security</th><th>testing</th><th>unstable</th></tr>
+ <tr><th>buster 10</th><th>bullseye 11</th><th>bookworm 12</th><th>sid</th></tr>
+ <tr><th>buster-security</th><th>bullseye-security</th><th>testing</th><th>unstable</th></tr>
<tr>
+ <td valign="top">
+ <a href="https://security-tracker.debian.org/tracker/status/release/oldstable">Vulnerable Packages</a><br\>
</td><td valign="top">
<a href="https://security-tracker.debian.org/tracker/status/release/stable">Vulnerable Packages</a><br\>
</td><td valign="top">
@@ -11,13 +13,14 @@
<a href="https://security-tracker.debian.org/tracker/status/release/unstable">Vulnerable Packages</a><br\>
</td></tr>
<tr><td valign="top">
+ <a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-oldstable-point-update.txt">Next (oldstable) point update</a><br\>
+ </td><td valign="top">
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/next-point-update.txt">Next point update</a><br\>
</td><td valign="top">
Next point update<br\>
</td><td valign="top">
Next point update<br\>
</td></tr>
-
</tbody></table>
Security team documentation
@@ -41,5 +44,6 @@ Please, feel free to [contribute with this document](https://salsa.debian.org/se
- [DSA release](dsa_release.html)
* [How to interact with the Security Tracker](security_tracker.html)
- How to contribute to the security tracker code
+* [Triage "low severity" issues](triage.html)
* [Troubleshooting tips](tips.html)
* [Glossary](glossary.html)
diff --git a/doc/security-team.d.o/security_tracker b/doc/security-team.d.o/security_tracker
index c8e1c36ccc..74d3687271 100644
--- a/doc/security-team.d.o/security_tracker
+++ b/doc/security-team.d.o/security_tracker
@@ -16,6 +16,18 @@ online. Everything is designed to be very simple to use, transparent and
easy to see what other people are working on so you can work on other
things.
+The Debian Security Tracker is only concerned with how specific vulnerabilities affect
+Debian. Many vulnerabilities are triaged as NFU (`NOT-FOR-US`) simply because the
+vulnerable software is not (yet) packaged for Debian. Triage comments on any specific
+vulnerability only reflect the possible impact on a system running Debian.
+
+For example, systems with some additional or modified packages compared to Debian need
+a separate triage process for every NFU to find ones which are relevant to what has
+been added as well as a triage on packages which differ from Debian.
+
+Entries in the Debian Security Tracker do not imply anything about how a vulnerability
+may affect systems other than Debian.
+
Gentle Introduction
-------------------
@@ -421,6 +433,11 @@ assess these levels.
Certain packages may get higher or lower rating than usual, based on
their importance.
+Assessments of severity are made against the binaries as provided by Debian. For each
+vulnerability, the severity assigned within the Debian Security Tracker only relates to
+how Debian views that vulnerability and how quickly the fix may need to be applied to
+the specified package(s) within Debian.
+
### Vulnerabilities without an assigned CVE id
If you learn of a vulnerability to which no CVE id has been assigned yet, you can
@@ -541,22 +558,65 @@ cross-reference will be added automatically by the cron job. However,
you do need to add `[lenny]` or `[squeeze]` entries to `CVE/list` when there
is a `no-dsa` or `not-affected` condition.
+Summary of tracker syntax
+-------------------------
+
+For a vulnerability in a package in Debian or proposed for introduction into Debian,
+the syntax should contain at least the `PKG_NAME` tabbed line and a `NOTE:` providing a
+URL to useful references, like commit references, bug tracker entries and advisories.
+Other lines are added, where relevant, within the general syntax.
+
+ CVE-YYYY-NNNNNN [(description)]
+ \t RESERVED
+ \t - PKG_NAME [PKG_TAG | PKG_FIX_VERSION] SEVERITY_LEVEL (free text comment)
+ \t [codename] - PKG_NAME [PKG_TAG | PKG_FIX_VERSION] (free text comment)
+ \t NOTE:
+ \t TODO:
+
+- Each tabbed line, except `RESERVED`, can be repeated, e.g. for code embedded in
+ multiple packages and/or to cover multiple suites. Codenames are listed in order of
+ the release date.
+- PKG_NAME is the source package name in the archive.
+- PKG_TAG : `<no-dsa>` | `<unfixed>` | `<undetermined>` | `<not-affected>` | `<itp>`
+- SEVERITY_LEVEL : `(unimportant)` | `(low)` | `(medium)` | `(high)`
+- The pre-commit hook will check the syntax of each entry.
+
+The description of the CVE is not edited in the security tracker but it will be
+shortened in the tracker page for the vulnerability. A temporary description can be
+added with the `[description]` syntax, for example for clarification. This will not be
+overridden by an automatic update unless there is a change in the description of the
+CVE in the MITRE feed.
+
+For `<itp>`, the comment needs to include the bug number as `(bug #NNNNNNNNNN)`. (The
+`<itp>` package tag is used for both ITP and RFP bugs -
+see [ITP/RFP packages](#issues-in-itp-andor-rfp-packages))
+
+`NOTE:` annotations are often used for URLs for more information but can also be
+used for descriptive comments.
+
Checking in your changes
------------------------
After thoroughly researching each issue (as described above) and editing
the relevant files, commit your changes. Peer review is (hopefully) done via the
mailing list and IRC notifications (see [Automatic issue updates](#automatic-issue-updates) above).
-However, changes to the tracker website itself (e.g., the files in lib/*
-and bin/tracker_service.py) should be vetted and approved before being
+However, changes to the tracker website itself (e.g., the files in `lib/*`
+and `bin/tracker_service.py`) should be vetted and approved before being
committed. The preferred way to do this is to send a patch to the
-debian-security-tracker@lists.debian.org mailing list.
+`debian-security-tracker@lists.debian.org` mailing list or a merge request in Salsa.
+
+- [Salsa](https://salsa.debian.org/security-tracker-team/security-tracker/)
+- [https://lists.debian.org/debian-security-tracker/](https://lists.debian.org/debian-security-tracker/)
Commits are checked for syntax errors before they are actually committed,
and you'll receive an error and your commit is aborted if it is in error.
To check your changes yourself beforehand, use `make check-syntax` from
the root of the Git directory.
+Note: It can be useful to use `git worktree` support for merging changes to master and
+ease issues that can occur when someone else has committed in between. See [git
+worktree (1)](https://manpages.debian.org/unstable/git-man/git-worktree.1.en.html).
+
Following up on security issues
-------------------------------
@@ -573,7 +633,7 @@ Tracking of security bugs in the BTS and linking them to a user tag by CVE
--------------------------------------------------------------------------
There's an automated tagging of security-related bugs to CVE IDs through
-the user tag security for the user debian-security@lists.debian.org.
+the user tag security for the user `debian-security@lists.debian.org`.
All bugs added to the tracker are automatically tagged. You can use
the search
@@ -594,21 +654,104 @@ with the following content:
Contributing with the security tracker code
-------------------------------------------
-Either fill a bug against the security-tracker pseudo-package attaching the patch
-to be reviewed or create a merge request for the security-tracker project.
+Either file a bug against the `security-tracker` pseudo-package attaching the patch
+to be reviewed or create a merge request for the security-tracker project in Salsa.
+
+### Helper scripts for one-off updates
+
+On success, scripts output a snippet of the main CVE list showing the new CVE
+information. Make sure to check for warnings and errors reported by the script. The
+output file needs to be manually reviewed and can then be merged using
+`./bin/merge-cve-files` or sent for review by the security team by email.
+
+##### Updating a vulnerability
+
+* Mark a given released suite as not affected for a specific CVE and source package:
+
+ `./bin/update-vuln --cve CVE --src SRC --suite SUITE`
+
+* Add a bug number to an existing CVE entry
+
+ `./bin/update-vuln --cve CVE --number 1000000`
+
+* Add a note to a specific CVE entry
+
+ `./bin/update-vuln --cve CVE --note "quoted note string"`
+
+Example workflow:
+
+ ./bin/update-vuln --cve CVE-YYYY-NNNNN ...
+
+check for error and warning messages & merge into the main CVE list:
+
+ ./bin/merge-cve-files ./CVE-YYYY-NNNNN.list
+
+review change to data/CVE/list
+
+ git diff data/CVE/list
+ rm ./CVE-YYYY-NNNNN.list
+
+.. repeat for additional entries to this or other CVEs.
+
+ git add data/CVE/list
+ git commit
+
+#### Retrieve fixes in uploads to unstable
+
+`./bin/grab-cve-in-fix` supports different ways to retrieve one or more CVEs as fixed in unstable:
+
+- Using information directly from the upload into unstable:
+
+ `cat changes | ./bin/grab-cve-in-fix --input`
+
+- Using information in the lists.debian.org archive:
+
+ `./bin/grab-cve-in-fix --archive https://lists.debian.org/debian-devel-changes/2021/12/msg01280.html`
+
+- Using information in the package tracker:
+
+ `./bin/grab-cve-in-fix --tracker https://tracker.debian.org/news/1285227/accepted-freerdp2-241dfsg1-1-source-into-unstable/`
+
+- Using local caches in the security-tracker:
+
+ `./bin/grab-cve-in-fix --src SRC --cves [CVES...]`
+
+Note: to use `STDIN` with the --input option, the changes content must be signed - i.e.
+as it would appear in notifications after the upload. This can be used to double-check
+your CVE list before uploading to ftp-master. `./bin/grab-cve-in-fix` will report if a
+CVE does not exist or if the CVE is attributed to a different package.
**TODO** (further details)
+### Contributing ongoing triage work
+
+Some familiarity with the tooling and syntax will be needed for this, as with any development
+project.
+
+* `./bin/check-new-issues` - use the -h option to see the help output.
+
+* `./bin/report-vuln` - generate the correct email body to report a bug against a source package
+ relating to an unfixed CVE(s).
+
+### Useful search support for checking new CVEs
+
+- [https://www.debian.org/distrib/packages#search_packages](https://www.debian.org/distrib/packages#search_packages)
+- [https://wnpp.debian.net/](https://wnpp.debian.net/) (Be aware, forwarded ITPs might
+ not be found, so check the [WNPP bug list](https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=wnpp;dist=unstable) also)
+- [https://tracker.debian.org/](https://tracker.debian.org/)
+- [https://codesearch.debian.net/](https://codesearch.debian.net/)
+
Setting up a local testing instance
-----------------------------------
It is possible to set up an instance of the security tracker in your own machine for testing purposes.
The following packages are needed:
+ jq
make
- python
- python-apt
- python-apsw
+ python3
+ python3-apt
+ python3-apsw
The following commands build the databases for stable and run a python local server in port 10605:
diff --git a/doc/security-team.d.o/style.css b/doc/security-team.d.o/style.css
index c869719102..97f1a4a7de 100644
--- a/doc/security-team.d.o/style.css
+++ b/doc/security-team.d.o/style.css
@@ -194,7 +194,7 @@ a.feedlink { /* Little orange RSS button */
/* Without !important, inherets from td.titlecell a:* */
}
-ul { list-style-type: none; padding: 0; }
+ul { padding: 0; }
li { margin-top: 0.2em;
margin-left: 20px;
}
diff --git a/doc/security-team.d.o/triage b/doc/security-team.d.o/triage
new file mode 100644
index 0000000000..828c919eca
--- /dev/null
+++ b/doc/security-team.d.o/triage
@@ -0,0 +1,30 @@
+Security updates affecting a released Debian suite can fall under three types:
+
+- The security issue(s) are important enough to warrant an out-of-band update released via [security.debian.org](https://www.debian.org/security/) which gets announced as a DSA.
+ These are getting announced via [debian-security-announce](https://www.debian.org/security/) and also redistributed via other sources (news feeds etc).
+
+- Low severity updates can be included in [point releases](https://wiki.debian.org/DebianReleases/PointReleases), which are getting released every 2-3 months (any user using the [proposed-updates mechanism](https://www.debian.org/releases/proposed-updates) can also use them before they get released). This provides a good balance between fixing low impact issues before the next stable
+ release, which can simply be installed in one go when a point release happens.
+
+- Some issues are simply not worth fixing in a stable release (for multiple reasons, e.g. because they are mostly a PR hype, or because they
+ are mitigated in Debian via a different config or toolchain hardening or because the impact is so marginal that it doesn't warrant an update).
+
+Every incoming security issue gets triaged. Security issues which are being flagged for the second category are being displayed in the [Debian Package Tracker](https://tracker.debian.org), in fact you might have been redirected from the PTS to this page.
+
+For every CVE listed there, there are three possible options:
+
+- Prepare an update for the next point release following the developers reference [instructions](https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-uploads-to-the-stable-and-oldstable-distributions)
+If you CC team@security.debian.org for the release.debian.org bug, the fixed version will get recorded in the [Debian Security Tracker](https://security-tracker.debian.org).
+
+- Some packages have a steady flow of security issues and there's also the option to postpone an update to a later time, in other words
+to get piggybacked onto a future DSA dedicated to a more severe security issue, or held back until a few more low severity issues are known. In the
+Security Tracker these are tracked with the `<postponed>` state, often this means that a fix has been committed to e.g. a buster branch
+in salsa, but no upload has been made yet. You can either send a mail to team@security.debian.org and we'll update the state, or
+you can also make the change yourself if you're familiar with the [Security Tracker](https://security-team.debian.org/security_tracker.html).
+
+- Some packages should rather not be fixed at all, e.g. because the possible benefit does not outweigh the risk/costs of an update,
+or because an update is not possible (e.g. as it would introduce behavioural changes not appropriate for a stable release). In the
+Security Tracker these are tracked with the `<ignored>` state. You can either send a mail to team@security.debian.org and we'll update
+the state, or you can also make the change yourself if you're familiar with the Security Tracker.
+
+Any of the three actions above will make the CVE ID disappear from the "low severity" entry in the PTS.
diff --git a/doc/setup.txt b/doc/setup.txt
new file mode 100644
index 0000000000..c6d1653bb2
--- /dev/null
+++ b/doc/setup.txt
@@ -0,0 +1,109 @@
+Tracker setup on soriano.debian.org
+===================================
+
+(This is internal documentation, in case things need to be fixed.
+It is not relevant to day-to-day editing tasks.)
+
+The code and data is organized via
+https://salsa.debian.org/security-tracker-team/
+
+Required packages for running the security-tracker are pulled in via the
+debian.org-security-tracker.debian.org . A mirror for to the packaging
+repository is at https://salsa.debian.org/dsa-team/mirror/debian.org,
+which creates the debian.org-security-tracker.debian.org binary package.
+
+Relevant files and directories
+------------------------------
+
+The tracker runs under the user ID "sectracker". Most of its files
+are stored in the directory /srv/security-tracker.debian.org/website:
+
+ bin/cron invoked by cron once every minute
+ bin/cron-hourly invoked by cron once every hour
+ bin/cron-daily invoked by cron once every day
+ bin/read-and-touch invoked by ~/.procmailrc
+ bin/start-daemon invoked by cron at reboot
+
+ security-tracker Git checkout
+ security-tracker/bin/* main entry points, called bin bin/cron
+ security-tracker/stamps/* files which trigger processing by bin/cron
+
+~sectracker/.procmailrc invokes bin/read-and-touch to create stamp
+files, which are then picked up by bin/cron. This is done to serialize
+change events in batches (e.g., commits originated from git).
+<sectracker@soriano.debian.org> is subscribed to these mailing lists to
+be notified of changes:
+
+ <debian-security-announce@lists.debian.org>
+ <debian-lts-announce@lists.debian.org>
+ <debian-security-tracker-commits.alioth-lists.debian.net>
+
+The crontab of the "sectracker" user is set up such that the scripts
+are invoked as specified above.
+
+~sectracker/.wgetrc contains the path to the bundle of certificate
+authorities to verify peers for the data fetched via wget:
+
+ca-certificate=/etc/ssl/ca-global/ca-certificates.crt
+
+~sectracker/.curlrc contains a similar setting:
+
+capath=/etc/ssl/ca-global
+
+Web server
+----------
+
+80/TCP is handled by Apache. The Apache configuration is here:
+
+ /srv/security-tracker.debian.org/etc/apache.conf
+
+mod_proxy is used to forward requests to the actual server which
+listens on 127.0.0.1:25648 and is started by a user systemd unit
+/srv/security-tracker.debian.org/website/systemd/tracker_service.service
+
+The user systemd unit needs to be activated and started once at initial
+setup of the host (including requesting DSA to activate lingering for
+the sectracker user):
+
+As the sectracker running user:
+
+systemctl --user enable --now /srv/security-tracker.debian.org/website/systemd/tracker_service.service
+
+To restart the security tracker service, restart the user systemd unit.
+
+Logging
+-------
+
+Apache logs are stored in:
+
+ /var/log/apache2/security-tracker.debian.org.access.log
+ /var/log/apache2/security-tracker.debian.org.error.log
+
+The Python daemon writes logs to a separate file, too:
+
+ /srv/security-tracker.debian.org/website/log/daemon.log
+
+This also contains the exception traces.
+
+debsecan metadata
+-----------------
+
+/srv/security-tracker.debian.org/website/bin/cron contains code which
+pushes updates to secure-testing-master, using rsync.
+
+PTS interface
+-------------
+
+The PTS fetches bug counts from this URL:
+
+ https://security-tracker.debian.org/tracker/data/pts/1
+
+Code updates
+------------
+
+Updates to the Git checkout only affect the directory
+/srv/security-tracker.debian.org/website/security-tracker/data. Code
+changes need to be applied manually by inspecting the changes done in
+the security-tracker.git.
+
+After that a service restart is needed (see above)
diff --git a/doc/soriano.txt b/doc/soriano.txt
index 02fae77784..a3bfe270ba 100644..120000
--- a/doc/soriano.txt
+++ b/doc/soriano.txt
@@ -1,104 +1 @@
-Tracker setup on soriano.debian.org
-===================================
-
-(This is internal documentation, in case things need to be fixed.
-It is not relevant to day-to-day editing tasks.)
-
-The code and data is organized via
-https://salsa.debian.org/security-tracker-team/
-
-Required packages for running the security-tracker are pulled in via the
-debian.org-security-tracker.debian.org . A mirror for to the packaging
-repository is at https://salsa.debian.org/dsa-team/mirror/debian.org,
-which creates the debian.org-security-tracker.debian.org binary package.
-
-Relevant files and directories
-------------------------------
-
-The tracker runs under the user ID "sectracker". Most of its files
-are stored in the directory /srv/security-tracker.debian.org/website:
-
- bin/cron invoked by cron once every minute
- bin/cron-hourly invoked by cron once every hour
- bin/cron-daily invoked by cron once every day
- bin/read-and-touch invoked by ~/.procmailrc
- bin/start-daemon invoked by cron at reboot
-
- security-tracker Git checkout
- security-tracker/bin/* main entry points, called bin bin/cron
- security-tracker/stamps/* files which trigger processing by bin/cron
-
-~sectracker/.procmailrc invokes bin/read-and-touch to create stamp
-files, which are then picked up by bin/cron. This is done to serialize
-change events in batches (e.g., commits originated from git).
-<sectracker@soriano.debian.org> is subscribed to these mailing lists to
-be notified of changes:
-
- <debian-security-announce@lists.debian.org>
- <debian-lts-announce@lists.debian.org>
- <debian-security-tracker-commits.alioth-lists.debian.net>
-
-The crontab of the "sectracker" user is set up such that the scripts
-are invoked as specified above.
-
-~sectracker/.wgetrc contains the path to the bundle of certificate
-authorities to verify peers for the data fetched via wget:
-
-ca-certificate=/etc/ssl/ca-global/ca-certificates.crt
-
-~sectracker/.curlrc contains a similar setting:
-
-capath=/etc/ssl/ca-global
-
-Web server
-----------
-
-80/TCP is handled by Apache. The Apache configuration is here:
-
- /srv/security-tracker.debian.org/etc/apache.conf
-
-mod_proxy is used to forward requests to the actual server which
-listens on 127.0.0.1:25648 and is started by the
-/srv/security-tracker.debian.org/website/bin/start-daemon script
-(using a @reboot action in sectracker's crontab).
-
-To restart the security tracker service, kill the tracker_service.py
-Python process and invoke the start-daemon process as the sectracker
-user.
-
-Logging
--------
-
-Apache logs are stored in:
-
- /var/log/apache2/security-tracker.debian.org.access.log
- /var/log/apache2/security-tracker.debian.org.error.log
-
-The Python daemon writes logs to a separate file, too:
-
- /srv/security-tracker.debian.org/website/log/daemon.log
-
-This also contains the exception traces.
-
-debsecan metadata
------------------
-
-/srv/security-tracker.debian.org/website/bin/cron contains code which
-pushes updates to secure-testing-master, using rsync.
-
-PTS interface
--------------
-
-The PTS fetches bug counts from this URL:
-
- https://security-tracker.debian.org/tracker/data/pts/1
-
-Code updates
-------------
-
-Updates to the Git checkout only affect the directory
-/srv/security-tracker.debian.org/website/security-tracker/data. Code
-changes need to be applied manually by inspecting the changes done in
-the security-tracker.git.
-
-After that a service restart is needed (see above)
+setup.txt \ No newline at end of file
diff --git a/lib/debian-releases.mk b/lib/debian-releases.mk
index c868d6edfd..eb03a874da 100644
--- a/lib/debian-releases.mk
+++ b/lib/debian-releases.mk
@@ -1,18 +1,19 @@
# This file defines the variables describing all Debian repositories
# that need to be fetched in the "update-packages" process
-# backports suites only have Sources.xz and respective Packages.xz
-# available.
-# Cf. as well https://bugs.debian.org/664866
-#BACKPORT_RELEASES := $(OLDSTABLE) $(STABLE)
-SECURITY_RELEASES := $(OLDOLDSTABLE) $(OLDSTABLE) $(STABLE) $(TESTING)
-MAIN_RELEASES := $(SECURITY_RELEASES) sid
+define get_config =
+$(shell jq -r $(1) 'data/config.json')
+endef
+
+MAIN_RELEASES = $(call get_config, '.distributions | to_entries[] | select(.value.release) | .key')
+SECURITY_RELEASES = $(filter-out sid, $(MAIN_RELEASES))
+BACKPORT_RELEASES = $(SECURITY_RELEASES)
# Define the variables for the release on the main mirror
define add_main_release =
$(1)_MIRROR = $$(MIRROR)
$(1)_DIST = $(1)
-$(1)_ARCHS ?= amd64 arm64 armel armhf i386 mips64el mipsel ppc64el s390x
+$(1)_ARCHS = $(call get_config, '.distributions.$(1).architectures[]')
$(1)_RELEASE = $(1)
$(1)_SUBRELEASE =
RELEASES += $(1)
diff --git a/lib/python/bugs.py b/lib/python/bugs.py
index 0ef8266e42..e09a2db55b 100644
--- a/lib/python/bugs.py
+++ b/lib/python/bugs.py
@@ -19,9 +19,10 @@ import debian_support
import functools
import os
import re
-import types
import hashlib
+from helpers import isstring
+
class Urgency(debian_support.PseudoEnum): pass
def listUrgencies():
@@ -55,20 +56,19 @@ class PackageNote:
def __init__(self, package, fixed_version, release, urgency):
self.id = None
self.package = package
- if (fixed_version is not None
- and type(fixed_version) in types.StringTypes):
+ if (isstring(fixed_version)):
self.fixed_version = debian_support.Version(fixed_version)
else:
self.fixed_version = fixed_version
if release == '':
self.release = None
else:
- if type(release) == types.StringType:
+ if isstring(release):
release = debian_support.internRelease(release)
if release is None:
raise ValueError("invalid release")
self.release = release
- if type(urgency) == types.StringType:
+ if isstring(urgency):
urgency = internUrgency(urgency)
if urgency is None:
raise ValueError("invalid urgency")
@@ -166,14 +166,17 @@ class PackageNoteParsed(PackageNote):
class PackageNoteNoDSA:
def __init__(self, package, release, comment, reason=None):
- assert type(package) == types.StringType and package != ''
- assert type(release) == types.StringType and release != ''
- assert type(comment) == types.StringType
+ assert isstring(package) and package != ''
+ assert isstring(release) and release != ''
+ assert isstring(comment)
if not reason:
reason = ''
else:
- assert type(reason) == types.StringType
+ assert isstring(reason)
self.package = package
+ release = debian_support.internRelease(release)
+ if release is None:
+ raise ValueError("invalid release")
self.release = release
self.comment = comment
self.reason = reason
@@ -182,7 +185,7 @@ class PackageNoteNoDSA:
cursor.execute("""INSERT INTO package_notes_nodsa
(bug_name, package, release, comment, reason)
VALUES (?, ?, ?, ?, ?)""",
- (bug_name, self.package, self.release,
+ (bug_name, self.package, str(self.release),
self.comment, self.reason))
class BugBase:
@@ -191,7 +194,7 @@ class BugBase:
re_cve_name = re.compile(r'^CVE-\d{4}-\d{4,}$')
def __init__(self, fname, lineno, date, name, description, comments):
- assert type(fname) in types.StringTypes
+ assert isstring(fname)
lineno = to_integer(lineno)
self.source_file = fname
self.source_line = lineno
@@ -266,8 +269,8 @@ class Bug(BugBase):
for n in notes:
assert isinstance(n, PackageNote) \
or isinstance(n, PackageNoteNoDSA)
- assert len(xref) == 0 or type(xref[0]) == types.StringType
- assert type(not_for_us) == types.BooleanType
+ assert len(xref) == 0 or isstring(xref[0])
+ assert isinstance(not_for_us, bool)
BugBase.__init__(self, fname, lineno, date, name,
description, comments)
self.notes = notes
@@ -287,19 +290,12 @@ class Bug(BugBase):
notes[key].merge(n)
else:
notes[key] = n
- l = notes.keys()
+ l = list(notes.keys())
# The release part of a key can be None, so we have to deal
# with that when sorting.
- def compare(a, b):
- r = cmp(a[0], b[0])
- if r:
- return r
- ar = str(a[1] or '')
- br = str(b[1] or '')
- return cmp(ar, br)
- l.sort(key=functools.cmp_to_key(compare))
-
+ l.sort(key=lambda n: (n[0], n[1] or debian_support.internRelease('sid')))
+
nts = []
for key in l:
nts.append(notes[key])
@@ -307,7 +303,7 @@ class Bug(BugBase):
class BugFromDB(Bug):
def __init__(self, cursor, name):
- assert type(name) in types.StringTypes
+ assert isstring(name)
def lookup(bug):
for r in cursor.execute('SELECT * FROM bugs WHERE name = ?',
@@ -407,7 +403,7 @@ def temp_bug_name(bug_number, description):
"""Build a unique temporary name from the bug number and a
truncated hash of the description."""
digest = hashlib.md5()
- digest.update(description)
+ digest.update(description.encode('utf-8'))
hexdigest = digest.hexdigest()[0:6].upper()
return 'TEMP-%07d-%s' % (bug_number, hexdigest)
@@ -561,20 +557,23 @@ class FileBase(debian_support.PackageFile):
if handle_xref(self.re_xref_required, self.re_xref,
self.re_xref_entry, xref):
continue
-
+
+ def addPackageNote(note):
+ self.checkPackageNote(pkg_notes, note, lineno)
+ pkg_notes.append(note)
+
if self.re_package_required.match(r):
match = self.re_package_version.match(r)
if match:
(release, p, v, d) = match.groups()
- pkg_notes.append(
- PackageNoteParsed(p, v, d, release=release))
+ addPackageNote(PackageNoteParsed(p, v, d, release=release))
continue
match = self.re_package_no_version.match(r)
if match:
(release, p, v, d) = match.groups()
if v == 'not-affected':
- pkg_notes.append(PackageNoteParsed
+ addPackageNote(PackageNoteParsed
(p, '0', 'unimportant',
release=release))
if d:
@@ -585,7 +584,7 @@ class FileBase(debian_support.PackageFile):
r = r[:-1]
comments.append(('NOTE', r))
elif v == 'end-of-life':
- pkg_notes.append(PackageNoteParsed
+ addPackageNote(PackageNoteParsed
(p, None, 'end-of-life',
release=release))
if d:
@@ -608,7 +607,7 @@ class FileBase(debian_support.PackageFile):
reason = v
else:
reason = None
- pkg_notes.append(PackageNoteNoDSA(
+ addPackageNote(PackageNoteNoDSA(
release=release,
package=p,
comment=d,
@@ -627,16 +626,16 @@ class FileBase(debian_support.PackageFile):
self.raiseSyntaxError(
"ITP note needs Debian bug reference",
lineno)
- pkg_notes.append(x)
+ addPackageNote(x)
elif v == 'unfixed':
- pkg_notes.append(PackageNoteParsed
+ addPackageNote(PackageNoteParsed
(p, None, d, release=release))
elif v == 'removed':
- pkg_notes.append(PackageNoteParsed
+ addPackageNote(PackageNoteParsed
(p, None, d, release=release))
self.removed_packages[p] = True
elif v == 'undetermined':
- pkg_notes.append(PackageNoteParsed
+ addPackageNote(PackageNoteParsed
(p, 'undetermined', d, release=release))
else:
self.raiseSyntaxError(
@@ -745,6 +744,22 @@ class FileBase(debian_support.PackageFile):
parsed, or adds some additional checking."""
return bug
+ def checkPackageNote(self, notes, note, lineno):
+ if not notes:
+ return
+
+ prev_note = notes[-1]
+ if prev_note.package != note.package:
+ if prev_note.release and prev_note.release == debian_support.internRelease('experimental'):
+ #self.raiseSyntaxError("experimental release note must come before the package note")
+ pass
+ elif note.release and note.release != debian_support.internRelease('experimental'):
+ self.raiseSyntaxError("release note must follow its package note", lineno)
+ else:
+ if prev_note.release and note.release and prev_note.release < note.release:
+ self.raiseSyntaxError("release notes not ordered properly", lineno)
+
+
class CVEFile(FileBase):
"""A CVE file, as used by the Debian testing security team."""
@@ -781,6 +796,14 @@ class CVEFile(FileBase):
bug.mergeNotes()
return bug
+ def checkPackageNote(self, notes, note, lineno):
+ # dont check old entries for now
+ if self.lineno >= 100000:
+ return
+
+ super().checkPackageNote(notes, note, lineno)
+
+
class CVEExtendFile(CVEFile):
# This is an extend file. The main CVEFile can have a 'CVE-2018-XXXX' (sic)
# identifier, which will get converted to TEMP-* automatically. However to
@@ -799,6 +822,10 @@ class CVEExtendFile(CVEFile):
return CVEFile.isUniqueName(self, name)
+ def checkPackageNote(self, notes, note, lineno):
+ pass
+
+
class DSAFile(FileBase):
"""A DSA file.
@@ -844,6 +871,9 @@ class DSAFile(FileBase):
bug.mergeNotes()
return bug
+ def checkPackageNote(self, notes, note, lineno):
+ pass
+
class DTSAFile(FileBase):
"""A DTSA file.
@@ -888,6 +918,10 @@ class DTSAFile(FileBase):
lineno=bug.source_line)
return bug
+ def checkPackageNote(self, notes, note, lineno):
+ pass
+
+
def test():
assert internUrgency("high") > internUrgency("medium")
diff --git a/lib/python/config.py b/lib/python/config.py
new file mode 100644
index 0000000000..ac674105e9
--- /dev/null
+++ b/lib/python/config.py
@@ -0,0 +1,59 @@
+# config.py -- methods to read global configuration from data/config.json
+# Copyright (C) 2019 Emilio Pozuelo Monfort <pochu@debian.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+# TODO: the OrderedDict use can be dropped once we use Python 3 (>= 3.7)
+from collections import OrderedDict
+import json
+import os
+
+_config = None
+
+def get_config():
+ global _config
+ if not _config:
+ d = os.path.dirname(os.path.abspath(__file__))
+
+ with open(d + '/../../data/config.json') as f:
+ config = json.load(f, object_pairs_hook=OrderedDict)
+
+ _config = config['distributions']
+
+ return _config
+
+def get_supported_releases():
+ config = get_config()
+
+ return [d for d in config.keys() if 'release' in config[d]]
+
+def get_all_releases():
+ config = get_config()
+
+ return list(config.keys())
+
+def get_release_codename(release, suffix=''):
+ config = get_config()
+
+ for r in config.keys():
+ if 'release' in config[r] and config[r]['release'] == release:
+ return r + suffix
+
+ raise ValueError("invalid release name: " + repr(release))
+
+def get_release_alias(codename):
+ config = get_config()
+
+ return config[codename]['release']
diff --git a/lib/python/debian_support.py b/lib/python/debian_support.py
index 84f66815c1..59d68a8865 100644
--- a/lib/python/debian_support.py
+++ b/lib/python/debian_support.py
@@ -18,15 +18,27 @@ from __future__ import print_function
"""This module implements facilities to deal with Debian-specific metadata."""
-import gzip
+import gzip, lzma
+import io
import json
import os.path
import re
import sys
import tempfile
-import types
-import urllib2
-from cStringIO import StringIO
+
+try:
+ from urllib.request import urlopen
+ from urllib.error import URLError
+except ImportError:
+ from urllib2 import urlopen
+ from urllib2.error import URLError
+
+try:
+ from cStringIO import StringIO as streamIO
+except ImportError:
+ from io import BytesIO as streamIO
+
+from helpers import isstring
try:
from hashlib import sha1
@@ -37,6 +49,8 @@ except ImportError:
import apt_pkg
apt_pkg.init()
+import config
+
# Timeout for downloads.
TIMEOUT = 30
@@ -52,7 +66,7 @@ class ParseError(Exception):
"""
def __init__(self, filename, lineno, msg):
- assert type(lineno) == types.IntType
+ assert isinstance(lineno, int)
self.filename = filename
self.lineno = lineno
self.msg = msg
@@ -81,11 +95,13 @@ class Version:
def __init__(self, version):
"""Creates a new Version object."""
- t = type(version)
- if t == types.UnicodeType:
- version = version.encode('UTF-8')
- else:
- assert t == types.StringType, repr(version)
+ try:
+ if isinstance(version, unicode):
+ version = version.encode('UTF-8')
+ except:
+ pass
+
+ assert isstring(version), repr(version)
assert version != ""
self.__asString = version
self.__forCompare = _version_normalize_regexp.sub("", version)
@@ -97,10 +113,22 @@ class Version:
return 'Version(%r)' % self.__asString
def __cmp__(self, other):
- try:
- return apt_pkg.version_compare(self.__forCompare, other.__forCompare)
- except AttributeError:
- return apt_pkg.VersionCompare(self.__forCompare, other.__forCompare)
+ return apt_pkg.version_compare(self.__forCompare, other.__forCompare)
+
+ def __lt__(self, other):
+ return self.__cmp__(other) < 0
+
+ def __le__(self, other):
+ return self.__cmp__(other) <= 0
+
+ def __eq__(self, other):
+ return self.__cmp__(other) == 0
+
+ def __gt__(self, other):
+ return self.__cmp__(other) > 0
+
+ def __ge__(self, other):
+ return self.__cmp__(other) >= 0
def version_compare(a, b):
"""Compares two versions according to the Debian algorithm.
@@ -108,11 +136,8 @@ def version_compare(a, b):
~bpo and ~volatile suffixes are ignored."""
a = _version_normalize_regexp.sub("", a)
b = _version_normalize_regexp.sub("", b)
- try:
- vc = apt_pkg.version_compare
- except AttributeError:
- vc = apt_pkg.VersionCompare
- return vc(a, b)
+
+ return apt_pkg.version_compare(a, b)
class PackageFile:
"""A Debian package file.
@@ -136,8 +161,16 @@ class PackageFile:
self.file = fileObj
self.lineno = 0
- def __iter__(self):
+ def readline(self):
line = self.file.readline()
+
+ if line != None and not isstring(line):
+ line = line.decode('utf-8')
+
+ return line
+
+ def __iter__(self):
+ line = self.readline()
self.lineno += 1
pkg = []
while line:
@@ -146,7 +179,7 @@ class PackageFile:
self.raiseSyntaxError('expected package record')
yield pkg
pkg = []
- line = self.file.readline()
+ line = self.readline()
self.lineno += 1
continue
@@ -157,7 +190,7 @@ class PackageFile:
contents = contents or ''
while True:
- line = self.file.readline()
+ line = self.readline()
self.lineno += 1
match = self.re_continuation.match(line)
if match:
@@ -185,17 +218,24 @@ class PseudoEnum:
return '%s(%r)'% (self.__class__.__name__, self._name)
def __str__(self):
return self._name
- def __cmp__(self, other):
- return cmp(self._order, other._order)
def __hash__(self):
return hash(self._order)
+ def __lt__(self, other):
+ return self._order < other._order
+ def __le__(self, other):
+ return self._order <= other._order
+ def __eq__(self, other):
+ return self._order == other._order
+ def __gt__(self, other):
+ return self._order > other._order
+ def __ge__(self, other):
+ return self._order >= other._order
class Release(PseudoEnum): pass
def listReleases():
releases = {}
- rels = ("experimental", # For use in [brackets] in the list files.
- "potato", "woody", "sarge", "etch", "lenny", "squeeze", "wheezy", "jessie", "stretch", "buster", "bullseye", "sid")
+ rels = ["experimental"] + config.get_all_releases()
for r in range(len(rels)):
releases[rels[r]] = Release(rels[r], r)
Release.releases = releases
@@ -210,6 +250,8 @@ del listReleases
def readLinesSHA1(lines):
m = sha1()
for l in lines:
+ if sys.version_info.major == 3:
+ l = l.encode('utf-8')
m.update(l)
return m.hexdigest()
@@ -270,9 +312,6 @@ def patchLines(lines, patches):
lines[first:last] = args
def replaceFile(lines, local):
-
- import os.path
-
local_new = local + '.new'
new_file = open(local_new, 'w+')
@@ -285,29 +324,41 @@ def replaceFile(lines, local):
if os.path.exists(local_new):
os.unlink(local_new)
-def downloadGunzipLines(remote):
- """Downloads a file from a remote location and gunzips it.
+def downloadCompressedLines(remote):
+ """Downloads a file from a remote location and uncompresses it.
Returns the lines in the file."""
- data = urllib2.urlopen(remote, timeout=TIMEOUT)
+ if remote.endswith('.gz'):
+ cls = gzip
+ elif remote.endswith('.xz'):
+ cls = lzma
+ else:
+ raise ValueError('file format not supported: %s' % remote)
+
+ data = urlopen(remote, timeout=TIMEOUT)
try:
- gfile = gzip.GzipFile(fileobj=StringIO(data.read()))
- try:
- return gfile.readlines()
- finally:
- gfile.close()
+ b = io.BytesIO(cls.decompress(data.read()))
+ t = io.TextIOWrapper(b, 'utf-8')
+ return t.readlines()
finally:
data.close()
-
+
+def downloadLines(remote):
+ try:
+ return downloadCompressedLines(remote + '.xz')
+ except URLError:
+ return downloadCompressedLines(remote + '.gz')
+
def downloadFile(remote, local):
- """Copies a gzipped remote file to the local system.
+ """Copies a compressed remote file to the local system.
- remote - URL, without the .gz suffix
+ remote - URL, without compression suffix
local - name of the local file
"""
-
- lines = downloadGunzipLines(remote + '.gz')
+
+ lines = downloadLines(remote)
+
replaceFile(lines, local)
return lines
@@ -335,7 +386,7 @@ def updateFile(remote, local, verbose=None):
re_whitespace=re.compile('\s+')
try:
- index_url = urllib2.urlopen(index_name, timeout=TIMEOUT)
+ index_url = urlopen(index_name, timeout=TIMEOUT)
index_fields = list(PackageFile(index_name, index_url))
except ParseError:
if verbose:
@@ -391,8 +442,10 @@ def updateFile(remote, local, verbose=None):
if verbose:
print("updateFile: downloading patch " + repr(patch_name))
try:
- patch_contents = downloadGunzipLines(remote + '.diff/' + patch_name
- + '.gz')
+ # We could remove the extension here and call downloadLines
+ # when diff files come with another compression
+ patch_contents = downloadCompressedLines(remote + '.diff/'
+ + patch_name + '.gz')
except IOError:
return downloadFile(remote, local)
if readLinesSHA1(patch_contents ) != patch_hashes[patch_name]:
@@ -418,7 +471,7 @@ def mergeAsSets(*args):
for x in args:
for y in x:
s[y] = True
- l = s.keys()
+ l = list(s.keys())
l.sort()
return l
@@ -524,6 +577,46 @@ def getconfig():
_config = json.load(open(findresource("data", "config.json")))
return _config
+class PointUpdateParser:
+ @staticmethod
+ def parseNextPointUpdateStable():
+ """ Reads data/next-point-update.txt and returns a dictionary such as:
+
+ {'CVE-2014-10402': {'libdbi-perl': '1.642-1+deb10u2'},
+ 'CVE-2019-10203': {'pdns': '4.1.6-3+deb10u1'}
+ }
+ """
+ return PointUpdateParser._parsePointUpdateFile(
+ findresource("data", "next-point-update.txt")
+ )
+
+ @staticmethod
+ def parseNextOldstablePointUpdate():
+ """ Returns a dictionary with the same structure as
+ PointUpdateParser.parseNextPointUpdateStable() for the file
+ data/next-oldstable-point-update.txt
+ """
+ return PointUpdateParser._parsePointUpdateFile(
+ findresource("data", "next-oldstable-point-update.txt")
+ )
+
+ @staticmethod
+ def _parsePointUpdateFile(file_path):
+ CVE_RE = 'CVE-[0-9]{4}-[0-9X]{4,}'
+ result = {}
+
+ with open(file_path) as f:
+ for line in f:
+ res = re.match(CVE_RE, line)
+ if res:
+ cve = res.group(0)
+ result[cve] = {}
+ continue
+ elif line.startswith('\t['):
+ dist, _, pkg, ver = line.split()
+ result[cve][pkg] = ver
+ return result
+
_releasecodename = None
def releasecodename(dist):
"""Converts a release name to the code name.
@@ -571,7 +664,7 @@ def test():
assert readLinesSHA1(['1\n', '23\n']) \
== '14293c9bd646a15dc656eaf8fba95124020dfada'
- file_a = map(lambda x: "%d\n" % x, range(1, 18))
+ file_a = list(map(lambda x: "%d\n" % x, range(1, 18)))
file_b = ['0\n', '1\n', '<2>\n', '<3>\n', '4\n', '5\n', '7\n', '8\n',
'11\n', '12\n', '<13>\n', '14\n', '15\n', 'A\n', 'B\n', 'C\n',
'16\n', '17\n',]
diff --git a/lib/python/dist_config.py b/lib/python/dist_config.py
deleted file mode 100644
index 107f63a088..0000000000
--- a/lib/python/dist_config.py
+++ /dev/null
@@ -1,97 +0,0 @@
-# dist_config.py -- describe how the Debian package database is assembled
-# Copyright (C) 2008 Florian Weimer <fw@deneb.enyo.de>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-
-"""
-This Python moule describes how different views of the Debian package
-database are assembled from a set of on-disk files.
-
-Each view is labeled by a purpose. Currently defined purposes are:
-
- overview: Used to generate the release overview web page. This
- should not contain vulnerabilities which the security team
- considers processed.
-
- debsecan: Used to generate the "fix is available" data for debsecan.
- This should reflect the recommended set of sources.list
- entries for the release.
-"""
-
-######################################################################
-# Configuration section
-######################################################################
-
-def apply_config():
- # Invoked at the end of the file. Edit this to suit your needs.
-
- common_archs = 'amd64,armel,i386,mips,mipsel,powerpc'.split(',')
- squeeze_archs = common_archs + ['s390','ia64','kfreebsd-amd64','kfreebsd-i386','sparc' ]
- wheezy_archs = [ 'amd64','armel','armhf','i386' ]
- jessie_archs = [ 'amd64','armel','armhf','i386' ]
- stretch_archs = [ 'amd64','arm64','armel','armhf','i386','mips','mips64el','mipsel','ppc64el','s390x' ]
- buster_archs = [ 'amd64','arm64','armel','armhf','i386','mips','mips64el','mipsel','ppc64el','s390x' ]
- bullseye_archs = [ 'amd64','arm64','armel','armhf','i386','mips64el','mipsel','ppc64el','s390x' ]
- sid_archs = [ 'amd64','arm64','armel','armhf','i386','mips64el','mipsel','ppc64el','s390x' ]
-
- add_release(name='squeeze',
- architectures=squeeze_archs,
- )
-
- add_release(name='wheezy',
- architectures=wheezy_archs,
- )
-
- add_release(name='jessie',
- architectures=jessie_archs,
- )
-
- add_release(name='stretch',
- architectures=stretch_archs,
- )
-
- add_release(name='buster',
- architectures=buster_archs,
- )
-
- add_release(name='bullseye',
- architectures=bullseye_archs,
- )
-
- add_release(name='sid',
- architectures=sid_archs,
- )
-
-######################################################################
-# Support routines
-######################################################################
-
-releases = {}
-
-def add_release(name, architectures,
- debsecan_part=('', 'security'),
- overview_part=('', 'security', 'proposed-updates')):
- import debian_support
- name = debian_support.internRelease(name)
- if name in releases:
- raise ValueError("duplicate release", name)
- releases[name] = {'architectures' : architectures,
- 'purpose' : {'debsecan' : debsecan_part,
- 'overview' : overview_part}}
-
-# Run the code in the configuration section
-
-apply_config()
-del apply_config
diff --git a/lib/python/helpers.py b/lib/python/helpers.py
new file mode 100644
index 0000000000..1bfcf94375
--- /dev/null
+++ b/lib/python/helpers.py
@@ -0,0 +1,7 @@
+# helpers.py -- utility functions that don't belong elsewhere
+
+def isstring(s):
+ try:
+ return isinstance(s, basestring)
+ except NameError:
+ return isinstance(s, str)
diff --git a/lib/python/sectracker/analyzers.py b/lib/python/sectracker/analyzers.py
index 5b8eb28ee7..386af47974 100644
--- a/lib/python/sectracker/analyzers.py
+++ b/lib/python/sectracker/analyzers.py
@@ -20,12 +20,8 @@ import re as _re
from collections import namedtuple as _namedtuple
-# vercmp is the Debian version comparison algorithm
+# _apt_pkg.version_compare is the Debian version comparison algorithm
_apt_pkg.init()
-try:
- vercmp = _apt_pkg.version_compare
-except AttributeError:
- vercmp = _apt_pkg.VersionCompare
def mergelists(listfiles, diag):
"""Merge the (already parsed) list files in listfiles.
@@ -208,7 +204,7 @@ def fixedversions(bugdb, copysrc, versions, diag):
other_versions = set()
for rel, ver in getversions(pname):
if unstable_fixed is not None \
- and vercmp(ver, unstable_fixed) >= 0:
+ and _apt_pkg.version_compare(ver, unstable_fixed) >= 0:
# This version is already covered by the
# unstable fix.
continue
@@ -220,7 +216,7 @@ def fixedversions(bugdb, copysrc, versions, diag):
# Annotations like <not-affected>.
other_versions.add(ver)
continue
- if vercmp(ver, refver) >= 0:
+ if _apt_pkg.version_compare(ver, refver) >= 0:
other_versions.add(ver)
result.append(Vulnerability(bug.header.name, pname,
unstable_fixed, other_versions))
@@ -240,7 +236,7 @@ def bestversion(config, codename, pkg, requested_members=None):
if pkg in comp:
curpkg = comp[pkg]
curver = curpkg.version
- if bestver is None or vercmp(curver, bestver) > 0:
+ if bestver is None or _apt_pkg.version_compare(curver, bestver) > 0:
bestver = curver
bestpkg = curpkg
return bestpkg
diff --git a/lib/python/sectracker/diagnostics.py b/lib/python/sectracker/diagnostics.py
index 9a498cedca..b0caea9c0b 100644
--- a/lib/python/sectracker/diagnostics.py
+++ b/lib/python/sectracker/diagnostics.py
@@ -17,10 +17,12 @@
from collections import namedtuple as _namedtuple
+from helpers import isstring
+
Message = _namedtuple("Message", "file line level message")
def _checkfile(file):
- if not isinstance(file, basestring):
+ if not isstring(file):
raise ValueError("file name is not a string: " + repr(file))
return file
diff --git a/lib/python/sectracker/parsers.py b/lib/python/sectracker/parsers.py
index 44589a850f..26bf59bf10 100644
--- a/lib/python/sectracker/parsers.py
+++ b/lib/python/sectracker/parsers.py
@@ -1,5 +1,7 @@
# sectracker.parsers -- various text file parsers
# Copyright (C) 2010 Florian Weimer <fw@deneb.enyo.de>
+# Copyright (C) 2019 Brian May <bam@debian.org>
+# Copyright (C) 2020 Emilio Pozuelo Monfort <pochu@debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,6 +18,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
import re
+from sys import intern
import debian_support
import sectracker.regexpcase as _regexpcase
@@ -35,9 +38,7 @@ def binarypackages(name, f):
"""Returns a sequence of binary package names"""
obj = set(v for p in debian_support.PackageFile(name, f)
for k, v in p if k == "Package")
- obj = list(obj)
- obj.sort()
- return tuple(obj)
+ return _sortedtuple(obj)
SourcePackage = _namedtuple("SourcePackage", "name version binary")
@@ -76,54 +77,43 @@ StringAnnotation = _namedtuple("StringAnnotation",
XrefAnnotation = _namedtuple("XrefAnnotation", "line type bugs")
PackageAnnotation = _namedtuple(
"PackageAnnotation",
- "line type release package kind version description "
- + "urgency debian_bugs bug_filed")
+ "line type release package kind version description flags")
+PackageBugAnnotation = _namedtuple("PackageBugAnnotation", "bug")
+PackageUrgencyAnnotation = _namedtuple("PackageUrgencyAnnotation", "severity")
def _annotationdispatcher():
# Parser for inner annotations, like (bug #1345; low)
- urgencies=set("unimportant low medium high".split())
- @_regexpcase.rule('(bug filed|%s)' % '|'.join(urgencies))
- def innerflag(groups, diag, flags, bugs):
+ @_regexpcase.rule('(unimportant|low|medium|high)')
+ def innerflag(groups, diag, flags):
f = groups[0]
- if f in flags:
- diag.error("duplicate flag: " + repr(f))
+ if PackageUrgencyAnnotation(f) in flags:
+ diag.error("duplicate urgency: " + repr(f))
else:
- flags.add(f)
+ flags.append(PackageUrgencyAnnotation(f))
@_regexpcase.rule(r'bug #(\d+)')
- def innerbug(groups, diag, flags, bugs):
+ def innerbug(groups, diag, flags):
no = int(groups[0])
- if no in bugs:
+ if PackageBugAnnotation(no) in flags:
diag.error("duplicate bug number: " + groups[0])
else:
- bugs.add(no)
- def innerdefault(text, diag, flags, bugs):
+ flags.append(PackageBugAnnotation(no))
+ def innerdefault(text, diag, flags):
diag.error("invalid inner annotation: " + repr(text))
innerdispatch = _regexpcase.RegexpCase((innerflag, innerbug),
default=innerdefault)
def parseinner(diag, inner):
if not inner:
- return (None, (), False)
- flags = set()
- bugs = set()
+ return []
+ flags = []
for innerann in inner.split(";"):
- innerdispatch(innerann.strip(), diag, flags, bugs)
+ innerdispatch(innerann.strip(), diag, flags)
- urgency = urgencies.intersection(flags)
- if urgency:
- if len(urgency) > 1:
- diag.error("multiple urgencies: " + ", ".join(urgency))
- else:
- urgency = urgency.pop()
- else:
- urgency = None
-
- bug_filed = "bug filed" in flags
- if bugs and bug_filed:
- diag.error("'bug filed' and bug numbers listed")
- bug_filed = False
+ urgencies = [f for f in flags if isinstance(f, PackageUrgencyAnnotation)]
+ if len(urgencies) > 1:
+ diag.error("multiple urgencies: " + ", ".join(urgency))
- return (urgency, _sortedtuple(bugs), bug_filed)
+ return flags
# Parsers for indented annotations (NOT-FOR-US:, " - foo <unfixed>" etc.)
@@ -131,39 +121,60 @@ def _annotationdispatcher():
+ r'(?:\s([A-Za-z0-9:.+~-]+)\s*)?(?:\s\((.*)\))?')
def package_version(groups, diag):
release, package, version, inner = groups
- inner = parseinner(diag, inner)
+ flags = parseinner(diag, inner)
if version is None:
kind = "unfixed"
else:
kind = "fixed"
return PackageAnnotation(
- *((diag.line(), "package", release, package, kind,
- version, None) + inner))
+ line=diag.line(),
+ type="package",
+ release=release,
+ package=package,
+ kind=kind,
+ version=version,
+ description=None,
+ flags=flags,
+ )
pseudo_freetext = "no-dsa not-affected end-of-life ignored postponed".split()
pseudo_struct = set("unfixed removed itp undetermined".split())
@_regexpcase.rule(r'(?:\[([a-z]+)\]\s)?-\s([A-Za-z0-9:.+-]+)'
+ r'\s+<([a-z-]+)>\s*(?:\s\((.*)\))?')
def package_pseudo(groups, diag):
- release, package, version, inner = groups
- if version in pseudo_freetext:
+ release, package, kind, inner = groups
+ if kind in pseudo_freetext:
return PackageAnnotation(
- diag.line(), "package", release, package, version,
- None, inner, None, (), False)
- elif version in pseudo_struct:
- inner = parseinner(diag, inner)
- if version == "itp" and not inner[1]:
+ line=diag.line(),
+ type="package",
+ release=release,
+ package=package,
+ kind=kind,
+ version=None,
+ description=inner,
+ flags=[],
+ )
+ elif kind in pseudo_struct:
+ flags = parseinner(diag, inner)
+ if kind == "itp" and not inner[1]:
diag.error("<itp> needs Debian bug reference")
return PackageAnnotation(
- *((diag.line(), "package", release, package, version,
- None, None) + inner))
+ line=diag.line(),
+ type="package",
+ release=release,
+ package=package,
+ kind=kind,
+ version=None,
+ description=None,
+ flags=flags,
+ )
else:
diag.error("invalid pseudo-version: " + repr(version))
return None
@_regexpcase.rule(r'\{(.*)\}')
def xref(groups, diag):
- x = _sortedtuple(groups[0].strip().split())
+ x = tuple(groups[0].strip().split())
if x:
return XrefAnnotation(diag.line(), "xref", x)
else:
@@ -241,7 +252,7 @@ def _parselist(path, f, parseheader, finish):
@_xpickle.loader("CVE" + FORMAT)
def cvelist(path, f):
- re_header = re.compile(r'^(CVE-\d{4}-(?:\d{4,}|XXXX))\s+(.*?)\s*$')
+ re_header = re.compile(r'^((?:CVE-\d{4}-(?:\d{4,}|XXXX)|TEMP-\d+-\S+))\s+(.*?)\s*$')
def parseheader(line):
match = re_header.match(line)
if match is None:
@@ -251,30 +262,73 @@ def cvelist(path, f):
if desc[0] == '(':
if desc[-1] != ')':
diag.error("error", "missing ')'")
- else:
- desc = desc[1:-1]
elif desc[0] == '[':
if desc[-1] != ']':
diag.error("missing ']'")
- else:
- desc = desc[1:-1]
return (name, desc)
- def cveuniquename(line, anns):
- bug = 0
- for ann in anns:
- if ann.type == "package" and ann.debian_bugs:
- bug = ann.debian_bugs[0]
- break
- return "TEMP-%07d-%06d" % (bug, line)
def finish(header, headerlineno, anns, diag):
name, desc = header
- if name[-1] == "X":
- name1 = cveuniquename(headerlineno, anns)
- else:
- name1 = name
- return Bug(path, Header(headerlineno, name1, desc), tuple(anns))
+ return Bug(path, Header(headerlineno, name, desc), tuple(anns))
return _parselist(path, f, parseheader, finish)
+def writecvelist(data, f):
+ for bug in data:
+ if isinstance(bug, Bug):
+ f.write(bug.header.name)
+ if bug.header.description:
+ f.write(" ")
+ f.write(bug.header.description)
+ f.write("\n")
+ for annotation in bug.annotations:
+ if isinstance(annotation, FlagAnnotation):
+ f.write("\t")
+ f.write(annotation.type)
+ f.write("\n")
+ elif isinstance(annotation, StringAnnotation):
+ f.write("\t")
+ f.write(annotation.type)
+ f.write(": ")
+ f.write(annotation.description)
+ f.write("\n")
+ elif isinstance(annotation, PackageAnnotation):
+ f.write("\t")
+ if annotation.release:
+ f.write("[")
+ f.write(str(annotation.release))
+ f.write("] ")
+ f.write("- ")
+ f.write(annotation.package + " ")
+ if annotation.version:
+ f.write(annotation.version)
+ elif annotation.kind:
+ f.write("<")
+ f.write(annotation.kind)
+ f.write(">")
+ items = []
+ for flag in annotation.flags:
+ if isinstance(flag, PackageBugAnnotation):
+ items.append("bug #%s" % flag.bug)
+ elif isinstance(flag, PackageUrgencyAnnotation):
+ items.append(flag.severity)
+ else:
+ raise RuntimeError("Got unexpected package flag type %s" % type(flag))
+ if annotation.description:
+ items.append(str(annotation.description))
+ if items:
+ f.write(" (")
+ f.write("; ".join(items))
+ f.write(")")
+ f.write("\n")
+ elif isinstance(annotation, XrefAnnotation):
+ if annotation.bugs:
+ f.write("\t{")
+ f.write(" ".join(annotation.bugs))
+ f.write("}\n")
+ else:
+ raise RuntimeError("Got unexpected annotation type %s" % type(annotation))
+ else:
+ raise RuntimeError("Got unexpected bug type %s" % type(bug))
+
def _checkrelease(anns, diag, kind):
for ann in anns:
if ann.type == "package" and ann.release is None:
@@ -329,3 +383,19 @@ def dlalist(path, f):
_checkrelease(anns, diag, "DLA")
return Bug(path, Header(headerlineno, name, None), tuple(anns))
return _parselist(path, f, parseheader, finish)
+
+@_xpickle.loader("EXT" + FORMAT)
+def extadvlist(path, f):
+ re_header = re.compile(r'^\[(\d\d) ([A-Z][a-z][a-z]) (\d{4})\] '
+ + r'([A-Z]+-\d+(?:-\d+)?)\s+'
+ + r'(.*?)\s*$')
+ def parseheader(line):
+ match = re_header.match(line)
+ if match is None:
+ return None
+ return match.groups()
+ def finish(header, headerlineno, anns, diag):
+ d, m, y, name, desc = header
+ _checkrelease(anns, diag, "EXT")
+ return Bug(path, Header(headerlineno, name, None), tuple(anns))
+ return _parselist(path, f, parseheader, finish)
diff --git a/lib/python/sectracker/repo.py b/lib/python/sectracker/repo.py
index bbe25822f6..66ce016c83 100644
--- a/lib/python/sectracker/repo.py
+++ b/lib/python/sectracker/repo.py
@@ -15,12 +15,10 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-from __future__ import with_statement
-
import bz2 as _bz2
-import cjson as _cjson
import hashlib as _hashlib
import gzip as _gzip
+import json
import os as _os
import re as _re
import tempfile as _tempfile
@@ -63,7 +61,6 @@ def _parserelease(path, f):
_splitfield(data, "components")
_splitfield(data, "architectures")
_splithashes(path, data, "md5sum")
- _splithashes(path, data, "sha1")
_splithashes(path, data, "sha256")
return data
@@ -81,7 +78,7 @@ def _unbzip2hash(src, dst):
def _downloadbz2(url, target, expecteddigest):
try:
- bz2src = _urllib.urlopen(url)
+ bz2src = _urllib.request.urlopen(url)
try:
dgst = _xpickle.replacefile(
target, lambda fname, f: _unbzip2hash(bz2src, f))
@@ -96,7 +93,7 @@ def _downloadbz2(url, target, expecteddigest):
def _downloadgz(url, target, expecteddigest):
with _tempfile.NamedTemporaryFile() as t:
try:
- (filename, headers) = _urllib.urlretrieve(url, t.name)
+ (filename, headers) = _urllib.request.urlretrieve(url, t.name)
except IOError:
return False
gfile = _gzip.GzipFile(t.name)
@@ -105,7 +102,7 @@ def _downloadgz(url, target, expecteddigest):
digest = _hashlib.sha256()
while True:
data = gfile.read(8192)
- if data == "":
+ if data == b'':
break
f.write(data)
digest.update(data)
@@ -182,7 +179,7 @@ class RepoCollection(object):
self._markused(relname)
try:
def download(fname, f):
- _urllib.urlretrieve(url + 'Release', fname)
+ _urllib.request.urlretrieve(url + 'Release', fname)
_xpickle.replacefile(relname, download)
return True
except IOError:
@@ -256,7 +253,7 @@ class RepoCollection(object):
class Config(object):
def __init__(self, config, root):
with open(config) as f:
- self.config = _cjson.decode(f.read())
+ self.config = json.load(f)
self.repositories = self.config["repositories"]
self.distributions = self.config["distributions"]
self.releases = {}
diff --git a/lib/python/sectracker/xpickle.py b/lib/python/sectracker/xpickle.py
index 78a8e95075..d3324825ce 100644
--- a/lib/python/sectracker/xpickle.py
+++ b/lib/python/sectracker/xpickle.py
@@ -15,11 +15,9 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-from __future__ import with_statement
-
import errno as _errno
import os as _os
-import cPickle as _pickle
+import pickle as _pickle
import tempfile as _tempfile
EXTENSION = '.xpck'
@@ -42,7 +40,7 @@ def replacefile(path, action):
replacing it. The return value is the value returned by the action."""
t_fd, t_name = _tempfile.mkstemp(suffix='.tmp', dir=_os.path.dirname(path))
try:
- t = _os.fdopen(t_fd, "w")
+ t = _os.fdopen(t_fd, "wb")
try:
result = action(t_name, t)
finally:
diff --git a/lib/python/sectracker_test/run.py b/lib/python/sectracker_test/run.py
index 44fa675fcb..717fa17166 100644
--- a/lib/python/sectracker_test/run.py
+++ b/lib/python/sectracker_test/run.py
@@ -14,7 +14,6 @@
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-from __future__ import print_function
if __name__ != "__main__":
raise Exception("run must be executed directly")
@@ -47,7 +46,7 @@ for name in files:
continue
fullpath = "%s/%s" % (ourpath, name)
print("* Running", name)
- p = subprocess.Popen(("python", "--", fullpath), env=env)
+ p = subprocess.Popen(("python3", "--", fullpath), env=env)
ret = p.wait()
if ret != 0:
print("Test exited with status", ret)
diff --git a/lib/python/sectracker_test/test_analyzers.py b/lib/python/sectracker_test/test_analyzers.py
index e192945e2b..9b3bf6d820 100644
--- a/lib/python/sectracker_test/test_analyzers.py
+++ b/lib/python/sectracker_test/test_analyzers.py
@@ -14,7 +14,6 @@
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-from __future__ import print_function
import os
diff --git a/lib/python/sectracker_test/test_parsers.py b/lib/python/sectracker_test/test_parsers.py
index 970e9f4177..8cdd141a47 100644
--- a/lib/python/sectracker_test/test_parsers.py
+++ b/lib/python/sectracker_test/test_parsers.py
@@ -20,7 +20,7 @@ import sectracker.parsers as p
from sectracker.xpickle import safeunlink, EXTENSION
o = sourcepackages("../../data/packages/sid__main_Sources")
-assert type(o) == type({})
+assert isinstance(o, dict)
assert "bash" in o
assert o["bash"].name == "bash"
assert "bash" in o["bash"].binary
diff --git a/lib/python/sectracker_test/test_regexpcase.py b/lib/python/sectracker_test/test_regexpcase.py
index c043d5f969..e4a9083364 100644
--- a/lib/python/sectracker_test/test_regexpcase.py
+++ b/lib/python/sectracker_test/test_regexpcase.py
@@ -38,7 +38,7 @@ class TestRegexpCase(unittest.TestCase):
self.assertEqual(3, rc["three"])
self.assertEqual(5, rc["five"])
self.assertEqual(None, rc["seven"])
- self.assertEquals((None, None), rc.match("seven"))
+ self.assertEqual((None, None), rc.match("seven"))
self.assertRaises(TypeError, rc.__call__, ())
def testcallstrings(self):
diff --git a/lib/python/sectracker_test/test_xpickle.py b/lib/python/sectracker_test/test_xpickle.py
index e0dd1bfc35..b333cbfe59 100644
--- a/lib/python/sectracker_test/test_xpickle.py
+++ b/lib/python/sectracker_test/test_xpickle.py
@@ -15,21 +15,19 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-from __future__ import with_statement
-
import tempfile
import sectracker.xpickle as x
with tempfile.NamedTemporaryFile() as t:
try:
data = "foo bar baz\n"
- t.write(data)
+ t.write(data.encode())
t.flush()
l = x._wraploader("foo", lambda p, f: f.read())
assert l(t.name) == data
assert l(t.name) == data
- t.write(data)
+ t.write(data.encode())
t.flush()
assert l(t.name) == (data + data)
finally:
diff --git a/lib/python/security_db.py b/lib/python/security_db.py
index 2c5a3ba58a..c4f163cb7a 100644
--- a/lib/python/security_db.py
+++ b/lib/python/security_db.py
@@ -32,19 +32,20 @@ import apsw
import base64
import bugs
from collections import namedtuple
-import cPickle
-import cStringIO
+import pickle
import glob
import itertools
import os
import os.path
import re
import sys
-import types
import zlib
+import config
import debian_support
-import dist_config
+from debian_support import PointUpdateParser
+
+from helpers import isstring
class InsertError(Exception):
"""Class for capturing insert errors.
@@ -54,7 +55,7 @@ class InsertError(Exception):
def __init__(self, errors):
assert len(errors) > 0, errors
- assert type(errors) == types.ListType, errors
+ assert isinstance(errors, list), errors
self.errors = errors
def __str__(self):
@@ -62,12 +63,12 @@ class InsertError(Exception):
def mergeLists(a, b):
"""Merges two lists."""
- if type(a) == types.UnicodeType:
+ if isstring(a):
if a == "":
a = []
else:
a = a.split(',')
- if type(b) == types.UnicodeType:
+ if isstring(b):
if b == "":
b = []
else:
@@ -77,7 +78,7 @@ def mergeLists(a, b):
result[x] = 1
for x in b:
result[x] = 1
- result = result.keys()
+ result = list(result.keys())
result.sort()
return result
@@ -137,7 +138,7 @@ BugsForSourcePackage_query = \
JOIN source_packages sp ON (st.package = sp.rowid)
WHERE sp.name = ?
AND (bugs.name LIKE 'CVE-%' OR bugs.name LIKE 'TEMP-%')
- ORDER BY bugs.name DESC, sp.release"""
+ ORDER BY bugs.name COLLATE version DESC, sp.release"""
# Sort order is important for the groupby operation below.
def getBugsForSourcePackage(cursor, pkg):
@@ -250,7 +251,7 @@ class DB:
# Enable WAL. This means that updates will not block readers.
c.execute("PRAGMA journal_mode = WAL")
- self.schema_version = 22
+ self.schema_version = 23
self._initFunctions()
for (v,) in c.execute("PRAGMA user_version"):
@@ -267,6 +268,8 @@ class DB:
except apsw.SQLError:
pass
c.execute("PRAGMA user_version = 22")
+ elif v == 22:
+ self._initSchema22()
elif v != self.schema_version:
if self.verbose:
print("DB: schema version mismatch: expected %d, got %d"
@@ -441,6 +444,8 @@ class DB:
self._initNoDSA(cursor)
+ self._initNextPointRelease(cursor)
+
cursor.execute("PRAGMA user_version = %d" % self.schema_version)
def _initSchema20(self):
@@ -463,7 +468,23 @@ class DB:
PRIMARY KEY (bug_name, package, release))
""")
+ def _initSchema22(self):
+ cursor = self.db.cursor()
+
+ cursor.execute("PRAGMA user_version = 1")
+ self._initNextPointRelease(cursor)
+ cursor.execute("PRAGMA user_version = %d" % self.schema_version)
+
+ def _initNextPointRelease(self, cursor):
+ cursor.execute(
+ """CREATE TABLE next_point_update
+ (cve_name TEXT NOT NULL,
+ release TEXT NOT NULL,
+ PRIMARY KEY (cve_name, release))
+ """)
+
def _initViews(self, cursor):
+ testing = config.get_release_codename('testing')
cursor.execute(
"""CREATE TEMPORARY VIEW testing_status AS
SELECT DISTINCT sp.name AS package, st.bug_name AS bug,
@@ -479,7 +500,7 @@ class DB:
COALESCE((SELECT NOT vulnerable
FROM source_packages AS tsecp, source_package_status AS tsecst
WHERE tsecp.name = sp.name
- AND tsecp.release = 'bullseye' AND tsecp.subrelease = 'security'
+ AND tsecp.release = '%s' AND tsecp.subrelease = 'security'
AND tsecp.archive = sp.archive
AND tsecst.bug_name = st.bug_name
AND tsecst.package = tsecp.rowid), 0) AS testing_security_fixed,
@@ -488,13 +509,19 @@ class DB:
(EXISTS (SELECT * FROM package_notes_nodsa AS pnd
WHERE pnd.bug_name = st.bug_name
AND pnd.package = sp.name
- AND pnd.release = 'bullseye')) AS no_dsa
+ AND pnd.release = '%s')) AS no_dsa
FROM source_package_status AS st, source_packages AS sp
WHERE st.vulnerable > 0 AND sp.rowid = st.package
- AND sp.release = 'bullseye' AND sp.subrelease = ''
- ORDER BY sp.name, st.urgency, st.bug_name""")
+ AND sp.release = '%s' AND sp.subrelease = ''
+ ORDER BY sp.name, st.urgency, st.bug_name"""
+ % (testing, testing, testing))
+
+ releases = config.get_supported_releases()
+ releases.remove(config.get_release_codename('testing'))
+ releases.remove('sid')
- for (name, nickname) in (('stable', 'buster'), ('oldstable', 'stretch'), ('oldoldstable', 'jessie'),):
+ for release in releases:
+ alias = config.get_release_alias(release)
cursor.execute(
"""CREATE TEMPORARY VIEW %s_status AS
SELECT DISTINCT sp.name AS package, st.bug_name AS bug,
@@ -521,7 +548,7 @@ class DB:
AND secst.bug_name = st.bug_name
AND secst.package = secp.rowid), 0)
ORDER BY sp.name, urgency_to_number(urgency), st.bug_name"""
- % (name, nickname, nickname, nickname, nickname))
+ % (alias, release, release, release, release))
cursor.execute(
"""CREATE TEMPORARY VIEW debian_cve AS
@@ -547,7 +574,7 @@ class DB:
for arch in arg.split(','):
lst[arch] = True
def string_set_to_archs(lst):
- l = lst.keys()
+ l = list(lst.keys())
l.sort()
return ','.join(l)
def string_set_factory():
@@ -565,7 +592,10 @@ class DB:
def releasepart_to_number(r):
# expects a string in the form "codename (security)"
try:
+ # split the (optional) subrelease
u=r.split()[0]
+ # split the (optional) component
+ u=u.split('/')[0]
return release_to_number(u)
except ValueError:
return -1
@@ -582,7 +612,7 @@ class DB:
return -1
self.db.createscalarfunction("subreleasepart_to_number", subreleasepart_to_number, 1)
- releases = ['potato', 'woody', 'sarge', 'etch', 'lenny', 'squeeze', 'wheezy', 'jessie', 'stretch', 'buster', 'bullseye', 'sid']
+ releases = config.get_all_releases()
def release_to_number(u):
try:
return releases.index(u)
@@ -690,15 +720,13 @@ class DB:
return data
def toString(data):
- result = cStringIO.StringIO()
- cPickle.dump(data, result)
- return buffer(result.getvalue())
+ return pickle.dumps(data)
for (old_print, contents) in cursor.execute(
"SELECT inodeprint, parsed FROM inodeprints WHERE file = ?",
(filename,)):
if old_print == current_print:
- return (True, cPickle.load(cStringIO.StringIO(contents)))
+ return (True, pickle.loads(contents))
result = do_parse(debian_support.PackageFile(filename))
cursor.execute("""UPDATE inodeprints SET inodeprint = ?, parsed = ?
WHERE file = ?""", (current_print, toString(result), filename))
@@ -740,9 +768,6 @@ class DB:
if unchanged:
continue
- if release == 'squeeze-lts':
- release = 'squeeze'
- subrelease = 'lts'
cursor.execute(
"""DELETE FROM source_packages
WHERE release = ? AND subrelease = ? AND archive = ?""",
@@ -803,9 +828,6 @@ class DB:
raise ValueError("invalid file name: " + repr(filename))
(release, subrelease, archive, architecture) = match.groups()
- if release == 'squeeze-lts':
- release = 'squeeze'
- subrelease = 'lts'
(unch, parsed) = self._parseFile(cursor, filename)
unchanged = unchanged and unch
for name in parsed.keys():
@@ -834,7 +856,7 @@ class DB:
cursor.execute("DELETE FROM binary_packages")
self._clearVersions(cursor)
- l = packages.keys()
+ l = list(packages.keys())
if len(l) == 0:
raise ValueError("no binary packages found")
@@ -842,7 +864,7 @@ class DB:
l.sort()
def gen():
for key in l:
- archs = packages[key].keys()
+ archs = list(packages[key].keys())
archs.sort()
archs = ','.join(archs)
yield key + (archs,)
@@ -897,6 +919,7 @@ class DB:
cursor.execute("DELETE FROM bugs_xref")
cursor.execute("DELETE FROM package_notes_nodsa")
cursor.execute("DELETE FROM removed_packages")
+ cursor.execute("DELETE FROM next_point_update")
# The *_status tables are regenerated anyway, no need to
# delete them here.
@@ -1034,6 +1057,24 @@ class DB:
if not present:
n.writeDB(cursor, target, bug_origin=source)
+ def insert_next_point_update(cve_names, code_name):
+ for cve_name in cve_names:
+ cursor.execute(
+ """INSERT OR REPLACE INTO next_point_update (cve_name, release)
+ VALUES (?, ?)""", (cve_name, code_name))
+
+ def read_next_point_update():
+ if self.verbose:
+ print(" insert next-point-update.txt/next-oldstable-point-update.txt")
+
+ insert_next_point_update(PointUpdateParser.parseNextPointUpdateStable(),
+ config.get_release_codename('stable'))
+
+ insert_next_point_update(PointUpdateParser.parseNextOldstablePointUpdate(),
+ config.get_release_codename('oldstable'))
+
+ read_next_point_update()
+
if errors:
raise InsertError(errors)
@@ -1140,7 +1181,7 @@ class DB:
"""Calculate vulnerable packages.
To each package note, a release-specific vulnerability status
- is attached. Currently, only bullseye/testing is processed.
+ is attached. Currently, only testing is processed.
Returns a list strings describing inconsistencies.
"""
@@ -1156,17 +1197,18 @@ class DB:
# The following does not work because stable->security ->
# testing -> unstable propagation is no longer available.
if False:
- # Ignore bullseye/testing because stable issues may be
+ # Ignore testing because stable issues may be
# fast-tracked into testing, bypassing unstable.
+ testing = config.get_release_codename('testing')
for (bug_name, pkg_name, rel, unstable_ver, rel_ver) \
in list(cursor.execute(
"""SELECT a.bug_name, a.package, b.release,
a.fixed_version, b.fixed_version
FROM package_notes a, package_notes b
WHERE a.bug_name = b.bug_name AND a.package = b.package
- AND a.release = '' AND b.release NOT IN ('', 'bullseye')
+ AND a.release = '' AND b.release NOT IN ('', '%s')
AND a.fixed_version IS NOT NULL
- AND a.fixed_version_id < b.fixed_version_id""")):
+ AND a.fixed_version_id < b.fixed_version_id""" % (testing,))):
b = bugs.BugFromDB(cursor, bug_name)
result.append("%s:%d: inconsistent versions for package %s"
% (b.source_file, b.source_line, pkg_name))
@@ -1280,10 +1322,13 @@ class DB:
"SELECT name FROM bugs WHERE NOT not_for_us"):
self._calcUnstable(c, bug_name)
- self._calcTesting(c, bug_name, 'testing', 'bullseye')
- self._calcTesting(c, bug_name, 'stable', 'buster')
- self._calcTesting(c, bug_name, 'oldstable', 'stretch')
- self._calcTesting(c, bug_name, 'oldoldstable', 'jessie')
+
+ for release in config.get_supported_releases():
+ if release == 'sid':
+ continue
+
+ alias = config.get_release_alias(release)
+ self._calcTesting(c, bug_name, alias, release)
return result
@@ -1356,7 +1401,7 @@ class DB:
# note/release/subrelease triple, but we should check that
# here.
- status = {'' : {}, 'security' : {}, 'lts' : {}}
+ status = {'' : {}, 'security' : {}, 'lts' : {}}
for (package, note, subrelease, vulnerable, urgency) in cursor.execute(
"""SELECT DISTINCT sp.name, n.id, sp.subrelease,
st.vulnerable, n.urgency
@@ -1388,11 +1433,11 @@ class DB:
elif vulnerable == 2:
undet_pkgs[package] = True
- unfixed_pkgs = unfixed_pkgs.keys()
+ unfixed_pkgs = list(unfixed_pkgs.keys())
unfixed_pkgs.sort()
- undet_pkgs = undet_pkgs.keys()
+ undet_pkgs = list(undet_pkgs.keys())
undet_pkgs.sort()
- unimp_pkgs = unimp_pkgs.keys()
+ unimp_pkgs = list(unimp_pkgs.keys())
unimp_pkgs.sort()
pkgs = ""
@@ -1452,12 +1497,10 @@ class DB:
c.execute("""INSERT INTO vulnlist
SELECT bug_name, package, id FROM package_notes WHERE release = ''""")
- if release:
+ if release != 'sid':
c.execute("""INSERT OR REPLACE INTO vulnlist
SELECT bug_name, package, id FROM package_notes
WHERE release = ?""", (release,))
- else:
- release = 'sid'
urgency_to_flag = {'low' : 'L', 'medium' : 'M', 'high' : 'H',
'not yet assigned' : ' '}
@@ -1531,7 +1574,7 @@ class DB:
kind, urgency_to_flag[urgency], remote,
fix_available,
package, fixed_version, description))
- result = base64.encodestring(zlib.compress(''.join(result), 9))
+ result = base64.encodebytes(zlib.compress(''.join(result).encode('utf-8'), 9))
c.execute(
"INSERT OR REPLACE INTO debsecan_data (name, data) VALUES (?, ?)",
@@ -1686,7 +1729,7 @@ class DB:
elif is_unknown:
bs_flag = ' '
- other_versions = other_versions.keys()
+ other_versions = list(other_versions.keys())
other_versions.sort()
other_versions = ' '.join(other_versions)
@@ -1698,11 +1741,11 @@ class DB:
",%s,%s"
% (unstable_fixed, other_versions)))
fill_vuln_list()
- source_packages = source_packages.keys()
+ source_packages = list(source_packages.keys())
source_packages.sort()
def store_value(name, value):
- value = base64.encodestring(zlib.compress(value, 9))
+ value = base64.encodebytes(zlib.compress(value.encode('utf-8'), 9))
c.execute("""INSERT OR REPLACE INTO debsecan_data
VALUES (?, ?)""", (name, value))
@@ -1732,7 +1775,7 @@ class DB:
store_value('release/1/' + release, '\n'.join(result))
- for release in ('sid', 'jessie', 'stretch', 'buster', 'bullseye'):
+ for release in config.get_supported_releases():
gen_release(release)
result = result_start
@@ -1745,7 +1788,7 @@ class DB:
def calculateDebsecan(self):
"""Calculate all debsecan data."""
- for release in ('', 'jessie', 'stretch', 'buster', 'bullseye'):
+ for release in config.get_supported_releases():
self.calculateDebsecan0(release)
self.calculateDebsecan1()
@@ -1753,7 +1796,7 @@ class DB:
"""Returns the debsecan data item NAME."""
for (data,) in self.cursor().execute(
"SELECT data FROM debsecan_data WHERE name = ?", (name,)):
- return base64.decodestring(data)
+ return base64.decodebytes(data)
else:
return None
@@ -1778,13 +1821,16 @@ class DB:
"""A generator which returns tuples (RELEASE-LIST, VERSION),
the available versions of the source package pkg."""
+ releases = config.get_supported_releases()
+ values = [pkg] + releases
+
for (release, version) in cursor.execute(
"""SELECT release_name(release, subrelease, archive)
AS release, version FROM source_packages
WHERE name = ?
- AND release IN ('jessie', 'stretch', 'buster', 'bullseye', 'sid')
+ AND release IN (""" + ",".join("?" * len(releases)) + """)
GROUP BY release, version
- ORDER BY release_to_number(release), subrelease_to_number(subrelease), version COLLATE version""", (pkg,)):
+ ORDER BY release_to_number(release), subrelease_to_number(subrelease), version COLLATE version""", values):
yield release, version
def getBinaryPackageVersions(self, cursor, pkg):
@@ -1830,6 +1876,9 @@ class DB:
RELEASE-LIST, VERSION, VULNERABLE-FLAG) of source packages
which are related to the given bug."""
+ releases = config.get_supported_releases()
+ values = [bug] + releases
+
for (package, releases, version, vulnerable) in cursor.execute(
"""SELECT package, string_list(release), version, vulnerable
FROM (SELECT p.name AS package,
@@ -1837,10 +1886,10 @@ class DB:
p.version AS version, s.vulnerable AS vulnerable
FROM source_package_status AS s, source_packages AS p
WHERE s.bug_name = ? AND p.rowid = s.package
- AND release in ('jessie', 'stretch', 'buster', 'bullseye', 'sid'))
+ AND release in (""" + ",".join("?" * len(releases)) + """))
GROUP BY package, version, vulnerable
ORDER BY package, releasepart_to_number(release), subreleasepart_to_number(release), version COLLATE version""",
- (bug,)):
+ values):
yield package, releases.split(', '), version, vulnerable
def getBugsFromDebianBug(self, cursor, number):
@@ -1892,14 +1941,14 @@ class DB:
WHERE bugs_notes.typ = 'TODO'
AND bugs_notes.comment <> 'check'
AND bugs.name = bugs_notes.bug_name
- ORDER BY name """)
+ ORDER BY name COLLATE version""")
else:
return cursor.execute(
"""SELECT DISTINCT bugs.name, bugs.description, bugs_notes.comment
FROM bugs_notes, bugs
WHERE bugs_notes.typ = 'TODO'
AND bugs.name = bugs_notes.bug_name
- ORDER BY name """)
+ ORDER BY name COLLATE version""")
def getBugXrefs(self, cursor, bug):
"""Returns a generator for a list of bug names. The listed
@@ -2026,59 +2075,6 @@ class DB:
ORDER BY n.package"""):
yield (package, bugs.split(','), map(int, debian_bugs.split(',')))
- def getEffectiveVersion(self, release, pkg, purpose, cache=None, cursor=None):
- """Retrieve the effective version of a source package in a release.
-
- The effective version is the version that matches the recommended
- sources.list file for the intended purpose. For suitable values
- of purpose, see dist_config.
- """
- # The cache is structured as a (RELEASE, PACKAGE) => VAL
- # dict, where VAL is either a dict PURPOSE => VERSION,
- # a VERSION, or None.
- if cache is not None:
- sp = (release, pkg)
- if sp in cache:
- d = cache[sp]
- if d.__class__ == dict:
- return d.get(purpose, None)
- else:
- return d
-
- if cursor is None:
- cursor = self.cursor()
-
- rel = dist_config.releases[release]
- purposes = rel['purpose']
- results = {}
-
- Version = debian_support.Version
- for (part, ver) in cursor.execute(
- """SELECT DISTINCT subrelease, version FROM source_packages
- WHERE release = ? AND name = ?""", (str(release), pkg)):
- ver = Version(ver)
- for (purpose, permitted) in purposes.items():
- if part not in permitted:
- continue
- if purpose in results:
- oldver = results[purpose]
- if ver <= oldver:
- continue
- results[purpose] = ver
-
- if cache is not None:
- vers = set(map(str, results.values()))
- l = len(vers)
- if l == 1:
- for r in vers:
- cache[sp] = Version(r)
- elif l == 0:
- cache[sp] = None
- else:
- cache[sp] = results
-
- return results.get(purpose, None)
-
def check(self, cursor=None):
"""Runs a simple consistency check and prints the results."""
@@ -2115,10 +2111,8 @@ class DB:
AND sp.release = binary_packages.release
AND sp.archive = binary_packages.archive
AND sp.version <> binary_packages.source_version"""):
- relation = cmp(debian_support.Version(version),
- debian_support.Version(source_version))
- assert relation != 0
- if relation <= 0:
+ assert debian_support.Version(version) != debian_support.Version(source_version)
+ if debian_support.Version(version) <= debian_support.Version(source_version):
print("error: binary package is older than source package")
else:
print("warning: binary package is newer than source package")
diff --git a/lib/python/web_support.py b/lib/python/web_support.py
index 116cbec2be..8d3573c1dc 100644
--- a/lib/python/web_support.py
+++ b/lib/python/web_support.py
@@ -16,7 +16,6 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
import cgi
-import cStringIO
import os
import re
import socket
@@ -24,11 +23,31 @@ import struct
import sys
import grp
import traceback
-import types
-import urllib
import threading
-import SocketServer
-import BaseHTTPServer
+
+try:
+ from urllib import quote as urllib_quote
+except ImportError:
+ from urllib.parse import quote as urllib_quote
+
+try:
+ from cgi import parse_qs
+except ImportError:
+ from urllib.parse import parse_qs
+
+try:
+ from SocketServer import ThreadingMixIn
+ from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
+except ImportError:
+ from socketserver import ThreadingMixIn
+ from http.server import HTTPServer, BaseHTTPRequestHandler
+
+try:
+ from cStringIO import StringIO
+except ImportError:
+ from io import StringIO
+
+from helpers import isstring
class ServinvokeError(Exception):
pass
@@ -66,7 +85,7 @@ class Service:
gid = os.stat(self.socket_name).st_gid
grpent = grp.getgrgid(gid)
if grpent[0] == 'www-data':
- os.chmod(self.socket_name, 0660)
+ os.chmod(self.socket_name, 0o660)
def log(self, msg, *args):
sys.stderr.write((msg % args) + "\n")
@@ -110,7 +129,7 @@ class Service:
else:
break
data = ''.join(data)
- result = cStringIO.StringIO()
+ result = StringIO()
self.handle(cli, env, data, result)
client.sendall(result.getvalue())
client.close()
@@ -123,7 +142,7 @@ class Service:
raise
except:
client.close()
- target = cStringIO.StringIO()
+ target = StringIO()
traceback.print_exc(None, target)
self.log("%s", target.getvalue())
@@ -164,11 +183,11 @@ class URLFactory:
for (key, value) in args.items():
if value is None:
continue
- if type(value) not in (types.ListType, types.TupleType):
+ if not isinstance(value, (list, tuple)):
value = (value,)
for v in value:
- arglist.append("%s=%s" % (urllib.quote(key),
- urllib.quote(v)))
+ arglist.append("%s=%s" % (urllib_quote(key),
+ urllib_quote(v)))
if arglist:
return "?" + '&'.join(arglist)
else:
@@ -251,7 +270,7 @@ class HTMLBase:
def toString(self):
"""Invokes flatten to create a new string object."""
- r = cStringIO.StringIO()
+ r = StringIO()
self.flatten(r.write)
return r.getvalue()
@@ -268,8 +287,6 @@ class VerbatimHTML(HTMLBase):
def flatten(self, write):
write(self.__contents)
-_string_types = (types.StringType, types.UnicodeType)
-
class Compose(HTMLBase):
"""Glues a sequence of HTML snippets together, without enclosing it in
a tag."""
@@ -278,7 +295,7 @@ class Compose(HTMLBase):
def flatten(self, write):
for x in self.__contents:
- if type(x) in _string_types:
+ if isstring(x):
write(escapeHTML(x))
else:
x.flatten(write)
@@ -325,7 +342,7 @@ class Tag(HTMLBase):
closing = "</%s>" % self.__name
try:
for x in self.contents:
- if type(x) in _string_types:
+ if isstring(x):
write(escapeHTML(x))
else:
x.flatten(write)
@@ -347,7 +364,7 @@ class Tag(HTMLBase):
return "<websupport.Tag instance, name=%s>" % repr(self.__name)
def toString(self):
- r = cStringIO.StringIO()
+ r = StringIO()
self.flatten(r.write)
return r.getvalue()
@@ -456,7 +473,7 @@ def make_table(contents, title=None, caption=None, replacement=None, introductio
cols.append(TD(col))
rows.append(Tag('tr', cols))
if rows:
- if not introduction:
+ if not introduction:
introduction=''
if not title:
title=''
@@ -494,7 +511,7 @@ def make_menu(convert, *entries):
ul = []
append = ul.append
for e in entries:
- if type(e) == types.TupleType:
+ if isinstance(e, tuple):
(relurl, label) = e
append(LI(A(convert(relurl), label)))
else:
@@ -512,14 +529,14 @@ def make_numbered_list(entries):
def make_list(lst, separator=", "):
"""Creates a list of HTML elements."""
- assert type(lst) != types.StringType
+ assert isinstance(lst, list)
c = []
if lst:
- append = c.append
- for e in lst[:-1]:
- append(e)
- append(separator)
- append(lst[-1])
+ for e in lst:
+ c.append(e)
+ c.append(separator)
+ # pop the final separator
+ c.pop()
return Compose(c)
class InvalidPath(Exception):
@@ -635,6 +652,12 @@ class RedirectResult(Result):
self.status = 302
self.headers['Location'] = str(url)
+def maybe_encode(obj):
+ try:
+ return obj.encode()
+ except:
+ return obj
+
class HTMLResult(Result):
"""An object of this class combines a status code with HTML contents."""
def __init__(self, contents, doctype='', status=200):
@@ -653,16 +676,20 @@ class HTMLResult(Result):
def flatten_later(self):
headers_later = super(HTMLResult, self).flatten_later()
- buf = cStringIO.StringIO()
+ buf = StringIO()
buf.write(self.doctype)
buf.write('\n')
def write_both(s):
- if type(s) == types.UnicodeType:
- buf.write(s.encode('UTF-8'))
- else:
+ try:
+ if isinstance(s, unicode):
+ s = s.encode('UTF-8')
+ except:
+ pass
+ finally:
buf.write(s)
self.contents.flatten(write_both)
buf = buf.getvalue()
+ buf = maybe_encode(buf)
self.headers['Content-Length'] = str(len(buf))
def later(req):
headers_later(req)
@@ -690,7 +717,7 @@ class BinaryResult(Result):
def later(req):
headers_later(req)
if req.command != 'HEAD':
- req.wfile.write(self.contents)
+ req.wfile.write(maybe_encode(self.contents))
return later
class WebServiceBase:
@@ -773,9 +800,8 @@ class WebService(Service, WebServiceBase):
assert isinstance(r, Result), repr(r)
r.flatten(result.write)
-class ThreadingHTTPServer(SocketServer.ThreadingMixIn,
- BaseHTTPServer.HTTPServer):
- pass
+class ThreadingHTTPServer(ThreadingMixIn, HTTPServer):
+ daemon_threads = True
RE_BASE_URL = re.compile(r'^(https?)://([^/]+)(.*)')
@@ -788,7 +814,7 @@ class WebServiceHTTP(WebServiceBase):
self.__parse_base_url(base_url)
service_self = self
- class Handler(BaseHTTPServer.BaseHTTPRequestHandler):
+ class Handler(BaseHTTPRequestHandler):
def do_GET(self):
(method, path, remaining, params) = self.route()
if path is None:
@@ -817,7 +843,7 @@ class WebServiceHTTP(WebServiceBase):
path = self.path[:pos]
if path[:1] != '/':
path = '/' + path
- params = cgi.parse_qs(self.path[pos + 1:])
+ params = parse_qs(self.path[pos + 1:])
return (path, params)
def route(self):
@@ -893,7 +919,7 @@ def __test():
== '<td><a href="http://www.example.net/">example</a></td>'
#assert make_pre(['a', 'b']).toString() == '<pre>a\nb\n</pre>'
- s = cStringIO.StringIO()
+ s = StringIO()
RedirectResult(u.scriptRelativeFull("123")).flatten(s.write)
assert s.getvalue() == '''Location: http://localhost.localdomain/cgi-bin/test.cgi/123
diff --git a/org/TODO b/org/TODO
deleted file mode 100644
index 94e65e14e9..0000000000
--- a/org/TODO
+++ /dev/null
@@ -1,74 +0,0 @@
-To Do List of the Security Team
-===============================
-Items which are not related to preparing security updates, e.g. work on
-infrastructure
-
-Category
- - task (who is on it)
-
---BEGIN
-Infrastructure
- - remove all reference to Security Audit
- https://www.debian.org/security/audit/
- - svnsync setup on soler to back up alioth in near-realtime (fw)
- - sec-private Subversion or Git repository on seger (fw, carnil)
- - check for using git-remote-gcrypt (carnil)
- - notify DSA and verify it is part of the backup
- - Disable RT queues for Security; clarify with DSA if a 'autoresponder
- not including the mailtext can be activated for a transitional period
- to redirect to request to be resent to the team alias
- - Clarify with ftp-masters status of unembargoed and embargoed queues
- on security-master
- - Plan for renaming alioth project from secure-testing ->
- security-tracker. Contact alioth admins.
-
-Security Tracker
- - ask Jon Wiltshire if new status to differentiate between "no-dsa, if
- the maintainer wants to fix in a point update go ahead" and "no-dsa,
- was ignored because it's possible to backport" is still needed. (fw)
-
-Security Tracker svn to git conversion
- - svn author list generation and conversion of svn repository to git
- repository:
- * Guide: https://git-scm.com/book/en/Git-and-Other-Systems-Migrating-to-Git
- - joeyh's commit script needs to be adopted to git
- * When fixing the joeyh one, I think it makes sense to move it to a
- role account on alioth (as previously discussed), rather than this
- personal account, at the same time.
- - External check cronjob from Raphael
- * When fixing it, also migrate to the role account
- - Daily DSA status report to team alias
- * Should also move to role account
- - the tracker itself needs to be adopted
- - Checkout on moszumanska in /home/groups/secure-testing (See
- README.repo there)
- - There's also a very useful pre-commit hook that checks syntax of
- commits to data/*. This is something that also would need a place
- somewhere/in the git repository.
- - the sectracker user is subscribed to the commits mailinglists, and
- the commit messages trigger updates of the tracker.
- - https://security-team.debian.org (on dillon.debian.org) is updated from svn,
- needs to be switched (simple)
- - https://contributors.debian.org/source/Debian%20Security%20Tracker
- - Allocating DSA's + DLA's: svn guarantees we do not race on DSA+DLA
- allocations via DSA/DLA files. Having distributed VCS we would need
- to avoid races on DSA+DLA allocations.
-
-Organisation
- - Compile a list of packages for which helpers with test setups are
- wanted (jmm)
-
-
-Web pages
- - rename "Mitre CVE database" to "CVE IDs" (fw)
- - replace CVE cross-reference with links to approrate security tracker
- information
- - check if the developers-reference (https://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security)
- still holds updated information.
- - check if the security related information in wiki.debian.org is updated. (luciano)
- - Teams/TestingSecurity (tagged as deprecated)
- - http://testing-security.debian.net/
- - https://www.debian.org/doc/manuals/securing-debian-howto/ch10.en.html#s-security-support-testing
- - Create webpage like release team has (https://release.debian.org) e.g. pointing
- to https://security-team.debian.org holding all relevant entry points for tasks,
- relevant information on workflows, etc ... (luciano)
diff --git a/org/lts-frontdesk.2020.txt b/org/lts-frontdesk.2020.txt
index f78e6b335a..3477bd344a 100644
--- a/org/lts-frontdesk.2020.txt
+++ b/org/lts-frontdesk.2020.txt
@@ -40,26 +40,26 @@ From 29-06 to 05-07:Utkarsh Gupta <guptautkarsh2102@gmail.com>
From 06-07 to 12-07:Chris Lamb <chris@chris-lamb.co.uk>
From 13-07 to 19-07:Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
From 20-07 to 26-07:Thorsten Alteholz <debian@alteholz.de>
-From 27-07 to 02-08:Anton Gladky <gladk@debian.org>
+From 27-07 to 02-08:Abhijith PA <abhijith@debian.org>
From 03-08 to 09-08:Abhijith PA <abhijith@debian.org>
From 10-08 to 16-08:Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
From 17-08 to 23-08:Chris Lamb <chris@chris-lamb.co.uk>
From 24-08 to 30-08:Thorsten Alteholz <debian@alteholz.de>
-From 31-08 to 06-09:Anton Gladky <gladk@debian.org>
+From 31-08 to 06-09:Utkarsh Gupta <guptautkarsh2102@gmail.com>
From 07-09 to 13-09:Chris Lamb <chris@chris-lamb.co.uk>
From 14-09 to 20-09:Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
From 21-09 to 27-09:Thorsten Alteholz <debian@alteholz.de>
-From 28-09 to 04-10:Abhijith PA <abhijith@debian.org>
-From 05-10 to 11-10:Chris Lamb <chris@chris-lamb.co.uk>
-From 12-10 to 18-10:Abhijith PA <abhijith@debian.org>
+From 28-09 to 04-10:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 05-10 to 11-10:Abhijith PA <abhijith@debian.org>
+From 12-10 to 18-10:Chris Lamb <chris@chris-lamb.co.uk>
From 19-10 to 25-10:Thorsten Alteholz <debian@alteholz.de>
From 26-10 to 01-11:Utkarsh Gupta <guptautkarsh2102@gmail.com>
From 02-11 to 08-11:Chris Lamb <chris@chris-lamb.co.uk>
From 09-11 to 15-11:Thorsten Alteholz <debian@alteholz.de>
-From 16-11 to 22-11:Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
-From 23-11 to 29-11:
+From 16-11 to 22-11:Roberto C. Sánchez <roberto@debian.org>
+From 23-11 to 29-11:Abhijith PA <abhijith@debian.org>
From 30-11 to 06-12:Thorsten Alteholz <debian@alteholz.de>
From 07-12 to 13-12:Chris Lamb <chris@chris-lamb.co.uk>
-From 14-12 to 20-12:Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+From 14-12 to 20-12:Roberto C. Sánchez <roberto@debian.org>
From 21-12 to 27-12:Utkarsh Gupta <guptautkarsh2102@gmail.com>
-From 28-12 to 03-01:
+From 28-12 to 03-01:Utkarsh Gupta <guptautkarsh2102@gmail.com>
diff --git a/org/lts-frontdesk.2021.txt b/org/lts-frontdesk.2021.txt
new file mode 100644
index 0000000000..72c4fcd2c2
--- /dev/null
+++ b/org/lts-frontdesk.2021.txt
@@ -0,0 +1,65 @@
+Presentation
+------------
+
+The LTS frontdesk handles:
+
+ * CVE triaging:
+ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
+
+ * Making sure that queries on debian-lts@lists.debian.org get an answer.
+
+Who is in charge ?
+------------------
+
+From 04-01 to 10-01:Chris Lamb <chris@chris-lamb.co.uk>
+From 11-01 to 17-01:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 18-01 to 24-01:Thorsten Alteholz <debian@alteholz.de>
+From 25-01 to 31-01:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 01-02 to 07-02:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 08-02 to 14-02:Thorsten Alteholz <debian@alteholz.de>
+From 15-02 to 21-02:Chris Lamb <chris@chris-lamb.co.uk>
+From 22-02 to 28-02:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 01-03 to 07-03:Abhijith PA <abhijith@debian.org>
+From 08-03 to 14-03:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 15-03 to 21-03:Chris Lamb <chris@chris-lamb.co.uk>
+From 22-03 to 28-03:Thorsten Alteholz <debian@alteholz.de>
+From 29-03 to 04-04:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 05-04 to 11-04:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 12-04 to 18-04:Chris Lamb <chris@chris-lamb.co.uk>
+From 19-04 to 25-04:Thorsten Alteholz <debian@alteholz.de>
+From 26-04 to 02-05:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 03-05 to 09-05:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 10-05 to 16-05:Chris Lamb <chris@chris-lamb.co.uk>
+From 17-05 to 23-05:Thorsten Alteholz <debian@alteholz.de>
+From 24-05 to 30-05:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 31-05 to 06-06:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 07-06 to 13-06:Chris Lamb <chris@chris-lamb.co.uk>
+From 14-06 to 20-06:Abhijith PA <abhijith@debian.org>
+From 21-06 to 27-06:Thorsten Alteholz <debian@alteholz.de>
+From 28-06 to 04-07:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 05-07 to 11-07:Chris Lamb <chris@chris-lamb.co.uk>
+From 12-07 to 18-07:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 19-07 to 25-07:Thorsten Alteholz <debian@alteholz.de>
+From 26-07 to 01-08:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 02-08 to 08-08:Chris Lamb <chris@chris-lamb.co.uk>
+From 09-08 to 15-08:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 16-08 to 22-08:Anton Gladky <gladk@debian.org>
+From 23-08 to 29-08:Thorsten Alteholz <debian@alteholz.de>
+From 30-08 to 05-09:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 06-09 to 12-09:Chris Lamb <chris@chris-lamb.co.uk>
+From 13-09 to 19-09:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 20-09 to 26-09:Thorsten Alteholz <debian@alteholz.de>
+From 27-09 to 03-10:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 04-10 to 10-10:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 11-10 to 17-10:Chris Lamb <chris@chris-lamb.co.uk>
+From 18-10 to 24-10:Thorsten Alteholz <debian@alteholz.de>
+From 25-10 to 31-10:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 01-11 to 07-11:Anton Gladky <gladk@debian.org>
+From 08-11 to 14-11:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 15-11 to 21-11:Chris Lamb <chris@chris-lamb.co.uk>
+From 22-11 to 28-11:Thorsten Alteholz <debian@alteholz.de>
+From 29-11 to 05-12:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 06-12 to 12-12:Chris Lamb <chris@chris-lamb.co.uk>
+From 13-12 to 19-12:Thorsten Alteholz <debian@alteholz.de>
+From 20-12 to 26-12:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 27-12 to 02-01:Emilio Pozuelo Monfort <pochu27@gmail.com>
diff --git a/org/lts-frontdesk.2022.txt b/org/lts-frontdesk.2022.txt
new file mode 100644
index 0000000000..c9ee8c5572
--- /dev/null
+++ b/org/lts-frontdesk.2022.txt
@@ -0,0 +1,65 @@
+Presentation
+------------
+
+The LTS frontdesk handles:
+
+ * CVE triaging:
+ https://wiki.debian.org/LTS/Development#Triage_new_security_issues
+
+ * Making sure that queries on debian-lts@lists.debian.org get an answer.
+
+Who is in charge ?
+------------------
+
+From 03-01 to 09-01:Chris Lamb <chris@chris-lamb.co.uk>
+From 10-01 to 16-01:Sylvain Beucler <beuc@beuc.net>
+From 17-01 to 23-01:Thorsten Alteholz <debian@alteholz.de>
+From 24-01 to 30-01:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 31-01 to 06-02:Sylvain Beucler <beuc@beuc.net>
+From 07-02 to 13-02:Thorsten Alteholz <squeeze-lts@alteholz.de>
+From 14-02 to 20-02:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 21-02 to 27-02:Anton Gladky <gladky.anton@gmail.com>
+From 28-02 to 06-03:Chris Lamb <chris@chris-lamb.co.uk>
+From 07-03 to 13-03:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 14-03 to 20-03:Markus Koschany <markus@koschany.net>
+From 21-03 to 27-03:Ola Lundqvist <ola@inguza.com>
+From 28-03 to 03-04:Sylvain Beucler <beuc@beuc.net>
+From 04-04 to 10-04:Thorsten Alteholz <squeeze-lts@alteholz.de>
+From 11-04 to 17-04:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 18-04 to 24-04:Anton Gladky <gladky.anton@gmail.com>
+From 25-04 to 01-05:Chris Lamb <chris@chris-lamb.co.uk>
+From 02-05 to 08-05:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 09-05 to 15-05:Markus Koschany <markus@koschany.net>
+From 16-05 to 22-05:Ola Lundqvist <ola@inguza.com>
+From 23-05 to 29-05:Sylvain Beucler <beuc@beuc.net>
+From 30-05 to 05-06:Thorsten Alteholz <squeeze-lts@alteholz.de>
+From 06-06 to 12-06:Utkarsh Gupta <guptautkarsh2102@gmail.com>
+From 13-06 to 19-06:Anton Gladky <gladky.anton@gmail.com>
+From 20-06 to 26-06:Chris Lamb <chris@chris-lamb.co.uk>
+From 27-06 to 03-07:Emilio Pozuelo Monfort <pochu27@gmail.com>
+From 04-07 to 10-07:
+From 11-07 to 17-07:
+From 18-07 to 24-07:
+From 25-07 to 31-07:
+From 01-08 to 07-08:
+From 08-08 to 14-08:
+From 15-08 to 21-08:
+From 22-08 to 28-08:
+From 29-08 to 04-09:
+From 05-09 to 11-09:
+From 12-09 to 18-09:
+From 19-09 to 25-09:
+From 26-09 to 02-10:
+From 03-10 to 09-10:
+From 10-10 to 16-10:
+From 17-10 to 23-10:
+From 24-10 to 30-10:
+From 31-10 to 06-11:
+From 07-11 to 13-11:
+From 14-11 to 20-11:
+From 21-11 to 27-11:
+From 28-11 to 04-12:
+From 05-12 to 11-12:
+From 12-12 to 18-12:
+From 19-12 to 25-12:
+From 26-12 to 01-01: \ No newline at end of file
diff --git a/static/distributions.json b/static/distributions.json
index 0d2960df52..b0497a7fd4 100644
--- a/static/distributions.json
+++ b/static/distributions.json
@@ -1,18 +1,18 @@
{
"wheezy": {
"major-version": "7",
- "support": "none",
+ "support": "end-of-life",
"contact": ""
},
"jessie": {
"major-version": "8",
- "support": "lts",
- "contact": "debian-lts@lists.debian.org"
+ "support": "end-of-life",
+ "contact": ""
},
"stretch": {
"major-version": "9",
- "support": "security",
- "contact": "team@security.debian.org"
+ "support": "lts",
+ "contact": "debian-lts@lists.debian.org"
},
"buster": {
"major-version": "10",
@@ -21,12 +21,22 @@
},
"bullseye": {
"major-version": "11",
- "support": "none",
- "contact": ""
+ "support": "security",
+ "contact": "team@security.debian.org"
},
"bookworm": {
"major-version": "12",
"support": "none",
"contact": ""
+ },
+ "trixie": {
+ "major-version": "13",
+ "support": "none",
+ "contact": ""
+ },
+ "sid": {
+ "major-version": "",
+ "support": "none",
+ "contact": ""
}
}
diff --git a/templates/lts-no-dsa.txt b/templates/lts-no-dsa.txt
index 923d6fff4d..dfc2bc5881 100644
--- a/templates/lts-no-dsa.txt
+++ b/templates/lts-no-dsa.txt
@@ -1,12 +1,12 @@
Content-Type: text/plain; charset=utf-8
To: {{ to }}
Cc: {{ cc }}
-Subject: About the security issues affecting {{ package }} in Jessie
+Subject: About the security issues affecting {{ package }} in Stretch
Dear maintainer(s),
The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Jessie:
+package in Stretch:
{%- if cve -%}
{% for entry in cve %}
https://security-tracker.debian.org/tracker/{{ entry }}
@@ -15,10 +15,10 @@ https://security-tracker.debian.org/tracker/{{ entry }}
https://security-tracker.debian.org/tracker/source-package/{{ package }}
{%- endif %}
-We decided that we would not prepare a jessie security update (usually
+We decided that we would not prepare a stretch security update (usually
because the security impact is low and that we concentrate our limited
resources on higher severity issues and on the most widely used packages).
-That said the jessie users would most certainly benefit from a fixed
+That said the stretch users would most certainly benefit from a fixed
package.
If you want to work on such an update, you're welcome to do so. Please
diff --git a/templates/lts-update-planned-minor.txt b/templates/lts-update-planned-minor.txt
index b564e6634f..61b704418f 100644
--- a/templates/lts-update-planned-minor.txt
+++ b/templates/lts-update-planned-minor.txt
@@ -1,10 +1,10 @@
Content-Type: text/plain; charset=utf-8
To: {{ to }}
Cc: {{ cc }}
-Subject: Jessie update of {{ package }} (minor security issues)?
+Subject: Stretch update of {{ package }} (minor security issues)?
The Debian LTS team recently reviewed the security issue(s) affecting your
-package in Jessie:
+package in Stretch:
{%- if cve -%}
{% for entry in cve %}
https://security-tracker.debian.org/tracker/{{ entry }}
@@ -17,7 +17,7 @@ We decided that a member of the LTS team should take a look at this
package, although the security impact of still open issues is low. When
resources are available on our side, one of the LTS team members will
start working on fixes for those minor security issues, as we think that
-the jessie users would most certainly benefit from a fixed package.
+the stretch users would most certainly benefit from a fixed package.
If you'd rather want to work on such an update yourself, you're welcome
to do so. Please send us a short notification to the debian-lts mailing
diff --git a/templates/lts-update-planned.txt b/templates/lts-update-planned.txt
index c8257af4b8..21f820755b 100644
--- a/templates/lts-update-planned.txt
+++ b/templates/lts-update-planned.txt
@@ -1,12 +1,12 @@
Content-Type: text/plain; charset=utf-8
To: {{ to }}
Cc: {{ cc }}
-Subject: Jessie update of {{ package }}?
+Subject: Stretch update of {{ package }}?
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
-currently open in the Jessie version of {{ package }}:
+currently open in the Stretch version of {{ package }}:
{%- if cve -%}
{% for entry in cve %}
https://security-tracker.debian.org/tracker/{{ entry }}

© 2014-2024 Faster IT GmbH | imprint | privacy policy